Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
22bf5273 by security tracker role at 2026-07-15T19:13:58+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,379 @@
+CVE-2026-9007 (Improper neutralization of input during web page generation 
('cross-si ...)
+       TODO: check
+CVE-2026-8281
+       REJECTED
+CVE-2026-8055
+       REJECTED
+CVE-2026-62948 (OpenWrt is a Linux operating system targeting embedded 
devices. Prior  ...)
+       TODO: check
+CVE-2026-62947 (OpenWrt is a Linux operating system targeting embedded 
devices. Prior  ...)
+       TODO: check
+CVE-2026-62843 (File Browser is a file managing interface for uploading, 
deleting, pre ...)
+       TODO: check
+CVE-2026-62685 (File Browser is a file managing interface for uploading, 
deleting, pre ...)
+       TODO: check
+CVE-2026-62683 (File Browser is a file managing interface for uploading, 
deleting, pre ...)
+       TODO: check
+CVE-2026-62389 (ws before 8.21.1 contains a memory exhaustion vulnerability in 
lib/rec ...)
+       TODO: check
+CVE-2026-62378 (RustFS Console is a web management console for the RustFS 
distributed  ...)
+       TODO: check
+CVE-2026-62294 (Flameshot is powerful yet simple to use screenshot software. 
Prior to  ...)
+       TODO: check
+CVE-2026-62287
+       REJECTED
+CVE-2026-62248
+       REJECTED
+CVE-2026-62180
+       REJECTED
+CVE-2026-62178
+       REJECTED
+CVE-2026-62177
+       REJECTED
+CVE-2026-62175
+       REJECTED
+CVE-2026-62174
+       REJECTED
+CVE-2026-62173
+       REJECTED
+CVE-2026-62172
+       REJECTED
+CVE-2026-62169
+       REJECTED
+CVE-2026-62168
+       REJECTED
+CVE-2026-62165
+       REJECTED
+CVE-2026-62164
+       REJECTED
+CVE-2026-61873 (Grav before 9.1.8 contains an arbitrary file write 
vulnerability in th ...)
+       TODO: check
+CVE-2026-61872 (ImageMagick before 7.1.2-26 and 6.9.13-51 contains a memory 
leak in th ...)
+       TODO: check
+CVE-2026-61871 (ImageMagick before 7.1.2-26 and 6.9.13-51 contains a memory 
leak in th ...)
+       TODO: check
+CVE-2026-61869 (ImageMagick before 7.1.2-26 and 6.9.13-51 contains a memory 
leak in th ...)
+       TODO: check
+CVE-2026-61868 (ImageMagick before 7.1.2-26 and 6.9.x before 6.9.13-51 
contains a memo ...)
+       TODO: check
+CVE-2026-61867 (ImageMagick before 7.1.2-26 contains a memory leak 
vulnerability in th ...)
+       TODO: check
+CVE-2026-61866 (ImageMagick before 7.1.2-26 contains a memory leak 
vulnerability in th ...)
+       TODO: check
+CVE-2026-61865 (ImageMagick before 7.1.2-26 and 6.9.13-51 contains a memory 
leak in th ...)
+       TODO: check
+CVE-2026-61864 (ImageMagick before 7.1.2-26 and 6.9.13-51 contains a memory 
leak in co ...)
+       TODO: check
+CVE-2026-61863 (ImageMagick before 7.1.2-26 (and 6.x before 6.9.13-51) 
contains a memo ...)
+       TODO: check
+CVE-2026-61862 (ImageMagick before 7.1.2-26 and 6.9.13-51 contains an 
information disc ...)
+       TODO: check
+CVE-2026-61860 (ImageMagick before 7.1.2-26 and 6.9.13-51 contains a 
use-after-free vu ...)
+       TODO: check
+CVE-2026-61859 (ImageMagick before 7.1.2-26 and 6.9.13-x before 6.9.13-51 
contains a p ...)
+       TODO: check
+CVE-2026-61841
+       REJECTED
+CVE-2026-61839
+       REJECTED
+CVE-2026-61836 (Directus is a real-time API and App dashboard for managing SQL 
databas ...)
+       TODO: check
+CVE-2026-61835 (Directus is a real-time API and App dashboard for managing SQL 
databas ...)
+       TODO: check
+CVE-2026-61829
+       REJECTED
+CVE-2026-61828 (Nixpkgs is a collection of software packages that can be 
installed wit ...)
+       TODO: check
+CVE-2026-61740 (LightRAG provides simple and fast retrieval-augmented 
generation. Prio ...)
+       TODO: check
+CVE-2026-61736 (LightRAG provides simple and fast retrieval-augmented 
generation. Prio ...)
+       TODO: check
+CVE-2026-61710
+       REJECTED
+CVE-2026-61684 (FastGPT is a knowledge-based AI application platform. In 
4.15.0-beta4, ...)
+       TODO: check
+CVE-2026-61646 (FastGPT is a knowledge-based AI application platform. Prior to 
4.15.0- ...)
+       TODO: check
+CVE-2026-61644 (FastGPT is a knowledge-based AI application platform. From 
4.14.17 unt ...)
+       TODO: check
+CVE-2026-61643 (FastGPT is a knowledge-based AI application platform. From 
4.14.17 unt ...)
+       TODO: check
+CVE-2026-61613 (Cursor is a code editor built for programming with AI. Prior 
to the Cl ...)
+       TODO: check
+CVE-2026-61606
+       REJECTED
+CVE-2026-61605
+       REJECTED
+CVE-2026-61464 (ImageMagick before 7.1.2-26 and 6.9.13-51 contains a 
heap-based buffer ...)
+       TODO: check
+CVE-2026-61457 (The Grav API plugin (getgrav/grav-plugin-api) before 1.0.3 
contains a  ...)
+       TODO: check
+CVE-2026-61453 (Grav v2.0.0 contains a cross-site scripting vulnerability 
(fixed in 2. ...)
+       TODO: check
+CVE-2026-61452 (The Grav API plugin (getgrav/grav-plugin-api) before 2.0.4 
contains an ...)
+       TODO: check
+CVE-2026-61451 (The Grav API plugin (grav-plugin-api) before 1.0.4 does not 
validate t ...)
+       TODO: check
+CVE-2026-61449 (Grav 2.0.1 contains a decompression-bomb size-cap bypass in 
ZipArchive ...)
+       TODO: check
+CVE-2026-61446 (PraisonAI (praisonaiagents) before 1.6.78 contains a remote 
code execu ...)
+       TODO: check
+CVE-2026-61443 (PraisonAI before 1.6.78 contains a remote code execution 
vulnerability ...)
+       TODO: check
+CVE-2026-61440 (PraisonAI Platform before 0.1.9 fails to properly authorize 
label and  ...)
+       TODO: check
+CVE-2026-61438 (PraisonAI before 4.6.78 contains a remote code execution 
vulnerability ...)
+       TODO: check
+CVE-2026-61436 (PraisonAI before 4.6.78 fails to verify Svix webhook 
signatures in Age ...)
+       TODO: check
+CVE-2026-61435 (PraisonAI before 4.6.78 contains an authentication bypass in 
the Call  ...)
+       TODO: check
+CVE-2026-61433 (PraisonAI before 4.6.78 fails to safely encode deployment 
configuratio ...)
+       TODO: check
+CVE-2026-61430 (PraisonAI before 1.6.78 contains a server-side request forgery 
vulnera ...)
+       TODO: check
+CVE-2026-61427 (PraisonAI before 4.6.78 exposes the MCP HTTP-stream transport 
without  ...)
+       TODO: check
+CVE-2026-61371 (Microsoft AVML before 0.17.0 could follow a symlink when 
opening a des ...)
+       TODO: check
+CVE-2026-60087 (PraisonAI before 1.6.78 caches tool approval decisions by tool 
name on ...)
+       TODO: check
+CVE-2026-60085 (PraisonAI before 4.6.78 contains an unenforced security policy 
vulnera ...)
+       TODO: check
+CVE-2026-60065 (When NGINX Plus is configured to use the Message Queuing 
Telemetry Tra ...)
+       TODO: check
+CVE-2026-60062 (The NGINX Agent config_dirsdirective allows a low-privileged 
attacker  ...)
+       TODO: check
+CVE-2026-60005 (NGINX Plus and NGINX Open Source have a vulnerability in the 
ngx_http_ ...)
+       TODO: check
+CVE-2026-59955 (Apollo is a reliable configuration management system suitable 
for micr ...)
+       TODO: check
+CVE-2026-59954 (Apollo is a reliable configuration management system suitable 
for micr ...)
+       TODO: check
+CVE-2026-59838 (A improper neutralization of script-related html tags in a web 
page (b ...)
+       TODO: check
+CVE-2026-59762 (When an HTTP/2 profile is configured on a virtual server, 
undisclosed  ...)
+       TODO: check
+CVE-2026-59259 (n8n before versions 1.123.61, 2.27.4, and 2.28.1 contains a 
permission ...)
+       TODO: check
+CVE-2026-59258 (immich before 3.0.3 contains a broken access control 
vulnerability in  ...)
+       TODO: check
+CVE-2026-59255 (BloodHound through 9.4.0, fixed in commit 8f79035, contains a 
missing  ...)
+       TODO: check
+CVE-2026-59254 (n8n before 2.28.1 contains an information disclosure 
vulnerability whe ...)
+       TODO: check
+CVE-2026-59236 (Authorization Bypass Through User-Controlled Key (CWE-639) in 
the Exce ...)
+       TODO: check
+CVE-2026-59235 (Missing Authorization (CWE-862) in BankAccountListController 
(app/Http ...)
+       TODO: check
+CVE-2026-58660 (Kanboard through 1.2.52, fixed in commit 564cc30, 
BoardAjaxController  ...)
+       TODO: check
+CVE-2026-58659 (PyTorch Lightning through 2.6.5, fixed in commit d710d68, 
contains a r ...)
+       TODO: check
+CVE-2026-58658 (GPUStack through 2.2.1, fixed in commit 4e20551, contains an 
unauthent ...)
+       TODO: check
+CVE-2026-58655 (The bundled Grav Flex Objects plugin 
(getgrav/grav-plugin-flex-objects ...)
+       TODO: check
+CVE-2026-58559 (DoS vulnerability in the vibration service.Impact: Successful 
exploita ...)
+       TODO: check
+CVE-2026-58558 (Permission control vulnerability in the file system.Impact: 
Successful ...)
+       TODO: check
+CVE-2026-58557 (Design defect vulnerability in Expedition mode.Impact: 
Successful expl ...)
+       TODO: check
+CVE-2026-58556 (Permission control vulnerability in the Bluetooth 
module.Impact: Succe ...)
+       TODO: check
+CVE-2026-58555 (Permission bypass vulnerability in the card module.Impact: 
Successful  ...)
+       TODO: check
+CVE-2026-58554 (Permission control vulnerability in the Settings 
module.Impact: Succes ...)
+       TODO: check
+CVE-2026-58553 (Out-of-bounds read vulnerability in the image codec 
module.Impact: Suc ...)
+       TODO: check
+CVE-2026-58552 (Out-of-bounds read vulnerability in the image codec 
module.Impact: Suc ...)
+       TODO: check
+CVE-2026-58551 (Out-of-bounds read vulnerability in the image codec 
module.Impact: Suc ...)
+       TODO: check
+CVE-2026-58550 (Out-of-bounds read vulnerability in the image codec module. 
Impact: Su ...)
+       TODO: check
+CVE-2026-58549 (Out-of-bounds read vulnerability in the image codec module. 
Impact: Su ...)
+       TODO: check
+CVE-2026-58077 (The Joomla extension 4Analytics is vulnerable to an 
unauthenticated st ...)
+       TODO: check
+CVE-2026-57996 (phpMyFAQ before 4.1.5 contains a privilege escalation 
vulnerability in ...)
+       TODO: check
+CVE-2026-57833 (The Joomla extension 4Analytics is vulnerable to an 
unauthenticated st ...)
+       TODO: check
+CVE-2026-57832 (The Joomla extension EDocman is vulnerable to an 
unauthenticated SQL i ...)
+       TODO: check
+CVE-2026-57831 (The Joomla extension DP Calendar is vulnerable to an 
unauthenticated S ...)
+       TODO: check
+CVE-2026-57821 (A SQL Injection vulnerability exists in Apache Fineract's 
Office Searc ...)
+       TODO: check
+CVE-2026-56764 (Hono before 4.11.10 contains a timing attack vulnerability in 
the basi ...)
+       TODO: check
+CVE-2026-56699 (Wazuh Manager before 5.0.0-beta3 fails to escape the 
DataValue.index f ...)
+       TODO: check
+CVE-2026-56687 (Dell ThinOS 10, versions prior to 2605_10.2100, contain an 
Obsolete Fe ...)
+       TODO: check
+CVE-2026-56434 (NGINX Plus and NGINX Open Source have a vulnerability in the 
ngx_http_ ...)
+       TODO: check
+CVE-2026-56400 (open-webui before 0.3.14 contains a cross-origin resource 
sharing misc ...)
+       TODO: check
+CVE-2026-56398 (Open WebUI before 0.9.5 contains a stored cross-site scripting 
vulnera ...)
+       TODO: check
+CVE-2026-56375 (ImageMagick through 7.1.2-18 contains a memory leak 
vulnerability in t ...)
+       TODO: check
+CVE-2026-56353 (n8n contains an authentication bypass in the Chat Trigger node 
when co ...)
+       TODO: check
+CVE-2026-56352 (n8n before 2.19.3 contains a file path restriction bypass in 
the legac ...)
+       TODO: check
+CVE-2026-56349 (n8n before version 2.10.0 contains an input validation 
vulnerability i ...)
+       TODO: check
+CVE-2026-56339 (Capgo (Cap-go/capgo) before 12.128.2 contains an information 
disclosur ...)
+       TODO: check
+CVE-2026-56287 (A boolean-based SQL Injection vulnerability exists in Apache 
Fineract' ...)
+       TODO: check
+CVE-2026-56087 (Dell ThinOS 10, versions prior to 2605_10.2100 contain a 
Protection Me ...)
+       TODO: check
+CVE-2026-55723 (When NGINX Ingress Controller is configured with Custom 
Resource Defin ...)
+       TODO: check
+CVE-2026-55242 (ERPNext is a free and open source Enterprise Resource Planning 
tool. P ...)
+       TODO: check
+CVE-2026-54563 (Cloudreve is a self-hosted file management and sharing system. 
Prior t ...)
+       TODO: check
+CVE-2026-54562 (Cloudreve is a self-hosted file management and sharing system. 
Prior t ...)
+       TODO: check
+CVE-2026-54560 (Cloudreve is a self-hosted file management and sharing system. 
From 4. ...)
+       TODO: check
+CVE-2026-54443 (Dashy is a self-hostable personal dashboard. From 1.9.4 until 
3.2.0, t ...)
+       TODO: check
+CVE-2026-53518 (Better Auth is an authentication and authorization library for 
TypeScr ...)
+       TODO: check
+CVE-2026-53517 (Better Auth is an authentication and authorization library for 
TypeScr ...)
+       TODO: check
+CVE-2026-53516 (Better Auth is an authentication and authorization library for 
TypeScr ...)
+       TODO: check
+CVE-2026-53515 (Better Auth is an authentication and authorization library for 
TypeScr ...)
+       TODO: check
+CVE-2026-53514 (Better Auth is an authentication and authorization library for 
TypeScr ...)
+       TODO: check
+CVE-2026-53513 (Better Auth is an authentication and authorization library for 
TypeScr ...)
+       TODO: check
+CVE-2026-53512 (Better Auth is an authentication and authorization library for 
TypeScr ...)
+       TODO: check
+CVE-2026-52865 (When NGINX Ingress Controller processes Ingress or 
TransportServer res ...)
+       TODO: check
+CVE-2026-52843 (Lightpanda is a headless browser designed for AI and 
automation. Prior ...)
+       TODO: check
+CVE-2026-52842 (Lightpanda is a headless browser designed for AI and 
automation. Prior ...)
+       TODO: check
+CVE-2026-50562 (FastGPT is a knowledge-based AI application platform. At 
commit 22ebfa ...)
+       TODO: check
+CVE-2026-50148 (Metabase is an open-source business intelligence and embedded 
analytic ...)
+       TODO: check
+CVE-2026-50147 (Metabase is an open-source business intelligence and embedded 
analytic ...)
+       TODO: check
+CVE-2026-49997 (SurrealDB is a scalable, distributed, collaborative, 
document-graph da ...)
+       TODO: check
+CVE-2026-49988 (Repomix is a tool that packs repositories into AI-friendly 
files. Prio ...)
+       TODO: check
+CVE-2026-49987 (Repomix is a tool that packs repositories into AI-friendly 
files. Prio ...)
+       TODO: check
+CVE-2026-49501 (Dell PowerScale OneFS versions 9.5.0.0 through 9.10.1.7, and 
versions  ...)
+       TODO: check
+CVE-2026-48799 (Postiz is an AI social media scheduling tool. Prior to 2.21.8, 
Postiz  ...)
+       TODO: check
+CVE-2026-47703 (AdGuard Home is a network-wide software for blocking ads and 
tracking. ...)
+       TODO: check
+CVE-2026-47164 (Vaultwarden is a Bitwarden-compatible server written in Rust. 
Prior to ...)
+       TODO: check
+CVE-2026-47160 (Vaultwarden is a Bitwarden-compatible server written in Rust. 
Prior to ...)
+       TODO: check
+CVE-2026-47159 (Vaultwarden is a Bitwarden-compatible server written in Rust. 
Prior to ...)
+       TODO: check
+CVE-2026-47158 (Vaultwarden is a Bitwarden-compatible server written in Rust. 
Prior to ...)
+       TODO: check
+CVE-2026-46709 (Tabby (formerly Terminus) is a highly configurable terminal 
emulator.  ...)
+       TODO: check
+CVE-2026-46485 (Dashy is a self-hostable personal dashboard. Prior to 4.0.8, 
Dashy dep ...)
+       TODO: check
+CVE-2026-46459 (ICU Scandinavia Boomerang is vulnerable to a missing 
authentication fl ...)
+       TODO: check
+CVE-2026-46458 (ICU Scandinavia Boomerang is vulnerable to an information 
disclosure f ...)
+       TODO: check
+CVE-2026-45806 (Penpot is an open-source design tool for design and code 
collaboration ...)
+       TODO: check
+CVE-2026-45805 (Penpot is an open-source design tool for design and code 
collaboration ...)
+       TODO: check
+CVE-2026-45804 (Diffusers is the a library for pretrained diffusion models. 
Prior to 0 ...)
+       TODO: check
+CVE-2026-45337 (Better Auth is an authentication and authorization library for 
TypeScr ...)
+       TODO: check
+CVE-2026-45150 (Zen is a firefox-based browser. Prior to 1.19.13b, Zen Browser 
did not ...)
+       TODO: check
+CVE-2026-44986 (Penpot is an open-source design tool for design and code 
collaboration ...)
+       TODO: check
+CVE-2026-43637 (Cornac before 2.6.0 contains a path traversal (Tar Slip) 
vulnerability ...)
+       TODO: check
+CVE-2026-42533 (A vulnerability exists in NGINX Plus and NGINX Open Source 
when a mapd ...)
+       TODO: check
+CVE-2026-41580 (Stirling-PDF is a locally hosted web application that 
facilitates vari ...)
+       TODO: check
+CVE-2026-40633 (Dell PowerScale OneFS versions 9.5.0.0 through 9.10.1.7, 
versions 9.11 ...)
+       TODO: check
+CVE-2026-40501 (Cherry Studio versions 1.2.2 through 1.9.12, fixed in commit 
1518530,  ...)
+       TODO: check
+CVE-2026-35152 (A SQL Injection vulnerability exists in Apache Fineract's 
Report Execu ...)
+       TODO: check
+CVE-2026-33213 (Redash is a package for data visualization and sharing. From 
5.0.2 to  ...)
+       TODO: check
+CVE-2026-20298 (In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, 
and 9.4.13 ...)
+       TODO: check
+CVE-2026-20297 (In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, 
9.4.13, an ...)
+       TODO: check
+CVE-2026-20296 (In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, 
and 9.4.13 ...)
+       TODO: check
+CVE-2026-20187 (As part of Cisco's ongoing commitment to proactive security 
and produc ...)
+       TODO: check
+CVE-2026-20158 (As part of Cisco's ongoing commitment to proactive security 
and produc ...)
+       TODO: check
+CVE-2026-20157 (As part of Cisco's ongoing commitment to proactive security 
and produc ...)
+       TODO: check
+CVE-2026-20156 (As part of Cisco's ongoing commitment to proactive security 
and produc ...)
+       TODO: check
+CVE-2026-20153 (As part of Cisco's ongoing commitment to proactive security 
and produc ...)
+       TODO: check
+CVE-2026-20150 (As part of Cisco's ongoing commitment to proactive security 
and produc ...)
+       TODO: check
+CVE-2026-20146 (A vulnerability in Cisco Identity Services Engine (ISE) and 
Cisco ISE  ...)
+       TODO: check
+CVE-2026-1563 (Pega Platform versions 8.1.0 through 25.1.2 are affected by an 
Reflect ...)
+       TODO: check
+CVE-2026-1562 (Pega Platform versions 8.1.0 through 25.1.2 are affected by an 
Stored  ...)
+       TODO: check
+CVE-2026-15809 (A flaw was found in CRI-O. The fix for a previous 
vulnerability (CVE-2 ...)
+       TODO: check
+CVE-2026-15804 (The HCM developed by MetaGuru has a SQL Injection 
vulnerability. Authe ...)
+       TODO: check
+CVE-2026-15779 (A flaw was found in samba's pam_winbind. When mkhomedir is 
enabled, pa ...)
+       TODO: check
+CVE-2026-15746 (Strands Agents is an open-source Python SDK for building and 
running A ...)
+       TODO: check
+CVE-2026-15583 (A confused-deputy flaw in Grafana MCP Server allows an 
unauthenticated ...)
+       TODO: check
+CVE-2026-14961 (Pegatron `Tdelo64.sys` exposes a privileged device interface, 
`\\.\Tde ...)
+       TODO: check
+CVE-2026-14960 (Pegatron `Tdelo64.sys` improperly exposes privileged hardware 
access f ...)
+       TODO: check
+CVE-2026-14251 (A flaw was found in the OpenShift GitOps operator. The 
ClusterRole rec ...)
+       TODO: check
+CVE-2026-12997 (The Gravity Forms plugin for WordPress is vulnerable to 
Directory Trav ...)
+       TODO: check
+CVE-2026-12382 (A flaw was found in the AAP Gateway Envoy proxy configuration. 
The non ...)
+       TODO: check
+CVE-2026-10673 (The Zephyr ADIN2111/ADIN1110 10BASE-T1S/T1L Ethernet driver 
(drivers/e ...)
+       TODO: check
+CVE-2025-32781 (Apollo is a reliable configuration management system suitable 
for micr ...)
+       TODO: check
 CVE-2026-56136
        - ntfs-3g <unfixed>
        NOTE: 
https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-r66g-c39x-cw95
@@ -5087,7 +5463,8 @@ CVE-2026-56776 (n8n before 1.123.55, 2.25.7, and 2.26.2 
contains an authorizatio
        NOT-FOR-US: n8n
 CVE-2026-56775 (n8n before 1.123.55, 2.25.7, and 2.26.2 contains an 
authorization vuln ...)
        NOT-FOR-US: n8n
-CVE-2026-56401 (Wazuh wazuh-modulesd before 5.0.0-beta3 contains a null 
pointer derefe ...)
+CVE-2026-56401
+       REJECTED
        NOT-FOR-US: Wazuh
 CVE-2026-56374 (ImageMagick before 7.1.2-19 contains a heap buffer overflow 
vulnerabil ...)
        - imagemagick 8:7.1.2.19+dfsg1-1
@@ -17350,6 +17727,7 @@ CVE-2026-56116 (dhcpcd through 10.3.2, fixed in commit 
708b4a5, contains a memor
 CVE-2026-56115 (Bootimus through 0.1.70 contains a broken access control 
vulnerability ...)
        NOT-FOR-US: Bootimus
 CVE-2026-56114 (dhcpcd through 10.3.2, fixed in commit 2f00c7b, contains a 
one-byte st ...)
+       {DLA-4686-1}
        - dhcpcd 1:10.3.2-4 (bug #1140767)
        [trixie] - dhcpcd 1:10.1.0-11+deb13u3
        - dhcpcd5 <removed>
@@ -22427,6 +22805,7 @@ CVE-2026-10780 (The Static Block plugin for WordPress 
is vulnerable to Insecure
 CVE-2026-10635 (On Xtensa targets with CONFIG_USERSPACE and CONFIG_XTENSA_MMU, 
the pag ...)
        NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2025-70102 (A NULL pointer dereference occurs in Roy Marples 
NetworkConfiguration/ ...)
+       {DLA-4686-1}
        - dhcpcd 1:10.3.1-1
        [trixie] - dhcpcd 1:10.1.0-11+deb13u3
        - dhcpcd5 <removed>
@@ -43438,7 +43817,7 @@ CVE-2026-6637 (Stack buffer overflow in PostgreSQL 
module "refint" allows an unp
        - postgresql-15 <removed>
        - postgresql-13 <removed>
        NOTE: 
https://www.postgresql.org/about/news/postgresql-184-1710-1614-1518-and-1423-released-3297/
-CVE-2026-45793 [Github Actions issued GITHUB_TOKEN disclosure in GitHub 
Actions logs]
+CVE-2026-45793 (Composer is a dependency Manager for the PHP language. Prior 
to 1.10.2 ...)
        - composer 0.9.1+dfsg-1
        [trixie] - composer 2.8.8-1+deb13u3
        [bookworm] - composer 2.5.5-1+deb12u5
@@ -144941,7 +145320,7 @@ CVE-2025-40990 (Stored Cross Site Scripting 
vulnerability in Ekushey CRM v5.0 by
        NOT-FOR-US: Ekushey CRM
 CVE-2025-40989 (Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 
by Creat ...)
        NOT-FOR-US: Ekushey CRM
-CVE-2025-40646 (Stored Cross-Site Scripting (XSS) vulnerability in Energy CRM 
v2025 by ...)
+CVE-2025-40646 (Exposure of sensitive information in Viday. This vulnerability 
could a ...)
        NOT-FOR-US: Viday
 CVE-2025-40645 (Exposure of sensitive information in Viday. This vulnerability 
could a ...)
        NOT-FOR-US: Viday
@@ -221616,106 +221995,127 @@ CVE-2024-13316 (The Scratch & Win \u2013 
Giveaways and Contests. Boost subscribe
 CVE-2024-12860 (The CarSpot \u2013 Dealership Wordpress Classified Theme theme 
for Wor ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-1125 (When reading data from a hfs filesystem, grub's hfs filesystem 
module  ...)
+       {DLA-4685-1}
        - grub2 2.12-6 (bug #1098319)
        [bookworm] - grub2 2.06-13+deb12u2
        NOTE: 
https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
        NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
 CVE-2025-1118 (A flaw was found in grub2. Grub's dump command is not blocked 
when gru ...)
+       {DLA-4685-1}
        - grub2 2.12-6 (bug #1098319)
        [bookworm] - grub2 2.06-13+deb12u2
        NOTE: 
https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
        NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
 CVE-2025-0690 (The read command is used to read the keyboard input from the 
user, whi ...)
+       {DLA-4685-1}
        - grub2 2.12-6 (bug #1098319)
        [bookworm] - grub2 2.06-13+deb12u2
        NOTE: 
https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
        NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
 CVE-2025-0689 (When reading data from disk, the grub's UDF filesystem module 
utilizes ...)
+       {DLA-4685-1}
        - grub2 2.12-6 (bug #1098319)
        [bookworm] - grub2 2.06-13+deb12u2
        NOTE: 
https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
        NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
 CVE-2025-0686 (A flaw was found in grub2. When performing a symlink lookup 
from a rom ...)
+       {DLA-4685-1}
        - grub2 2.12-6 (bug #1098319)
        [bookworm] - grub2 2.06-13+deb12u2
        NOTE: 
https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
        NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
 CVE-2025-0685 (A flaw was found in grub2. When reading data from a jfs 
filesystem, gr ...)
+       {DLA-4685-1}
        - grub2 2.12-6 (bug #1098319)
        [bookworm] - grub2 2.06-13+deb12u2
        NOTE: 
https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
        NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
 CVE-2025-0684 (A flaw was found in grub2. When performing a symlink lookup 
from a rei ...)
+       {DLA-4685-1}
        - grub2 2.12-6 (bug #1098319)
        [bookworm] - grub2 2.06-13+deb12u2
        NOTE: 
https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
        NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
 CVE-2025-0678 (A flaw was found in grub2. When reading data from a squash4 
filesystem ...)
+       {DLA-4685-1}
        - grub2 2.12-6 (bug #1098319)
        [bookworm] - grub2 2.06-13+deb12u2
        NOTE: 
https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
        NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
 CVE-2025-0677 (A flaw was found in grub2. When performing a symlink lookup, 
the grub' ...)
+       {DLA-4685-1}
        - grub2 2.12-6 (bug #1098319)
        [bookworm] - grub2 2.06-13+deb12u2
        NOTE: 
https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
        NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
 CVE-2025-0624 (A flaw was found in grub2. During the network boot process, 
when tryin ...)
+       {DLA-4685-1}
        - grub2 2.12-6 (bug #1098319)
        [bookworm] - grub2 2.06-13+deb12u2
        NOTE: 
https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
        NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
 CVE-2025-0622 (A flaw was found in command/gpg. In some scenarios, hooks 
created by l ...)
+       {DLA-4685-1}
        - grub2 2.12-6 (bug #1098319)
        [bookworm] - grub2 2.06-13+deb12u2
        NOTE: 
https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
        NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
 CVE-2024-45783 (A flaw was found in grub2. When failing to mount an HFS+ grub, 
the hfs ...)
+       {DLA-4685-1}
        - grub2 2.12-6 (bug #1098319)
        [bookworm] - grub2 2.06-13+deb12u2
        NOTE: 
https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
        NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
 CVE-2024-45782 (A flaw was found in the HFS filesystem. When reading an HFS 
volume's n ...)
+       {DLA-4685-1}
        - grub2 2.12-6 (bug #1098319)
        [bookworm] - grub2 2.06-13+deb12u2
        NOTE: 
https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
        NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
 CVE-2024-45781 (A flaw was found in grub2. When reading a symbolic link's name 
from a  ...)
+       {DLA-4685-1}
        - grub2 2.12-6 (bug #1098319)
        [bookworm] - grub2 2.06-13+deb12u2
        NOTE: 
https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
        NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
 CVE-2024-45780 (A flaw was found in grub2. When reading tar files, grub2 
allocates an  ...)
+       {DLA-4685-1}
        - grub2 2.12-6 (bug #1098319)
        [bookworm] - grub2 2.06-13+deb12u2
        NOTE: 
https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
        NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
 CVE-2024-45779 (An integer overflow flaw was found in the BFS file system 
driver in gr ...)
+       {DLA-4685-1}
        - grub2 2.12-6 (bug #1098319)
        [bookworm] - grub2 2.06-13+deb12u2
        NOTE: 
https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
        NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
 CVE-2024-45778 (A stack overflow flaw was found when reading a BFS file 
system. A craf ...)
+       {DLA-4685-1}
        - grub2 2.12-6 (bug #1098319)
        [bookworm] - grub2 2.06-13+deb12u2
        NOTE: 
https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
        NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
 CVE-2024-45777 (A flaw was found in grub2. The calculation of the translation 
buffer w ...)
+       {DLA-4685-1}
        - grub2 2.12-6 (bug #1098319)
        [bookworm] - grub2 2.06-13+deb12u2
        NOTE: 
https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
        NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
 CVE-2024-45776 (When reading the language .mo file in grub_mofile_open(), 
grub2 fails  ...)
+       {DLA-4685-1}
        - grub2 2.12-6 (bug #1098319)
        [bookworm] - grub2 2.06-13+deb12u2
        NOTE: 
https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
        NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
 CVE-2024-45775 (A flaw was found in grub2 where the grub_extcmd_dispatcher() 
function  ...)
+       {DLA-4685-1}
        - grub2 2.12-6 (bug #1098319)
        [bookworm] - grub2 2.06-13+deb12u2
        NOTE: 
https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
        NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
 CVE-2024-45774 (A flaw was found in grub2. A specially crafted JPEG file can 
cause the ...)
+       {DLA-4685-1}
        - grub2 2.12-6 (bug #1098319)
        [bookworm] - grub2 2.06-13+deb12u2
        NOTE: 
https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/22bf5273c551be181a709505ee2899e8bba10690

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/22bf5273c551be181a709505ee2899e8bba10690
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to