Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2fb909a8 by security tracker role at 2026-07-16T07:13:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,236 @@
-CVE-2026-53366 [ipv4: account for fraggap on the paged allocation path]
+CVE-2026-63175 (PlaywrightCapture stored capture-specific configuration and
runtime da ...)
+ TODO: check
+CVE-2026-62361 (listmonk is a standalone, self-hosted, newsletter and mailing
list man ...)
+ TODO: check
+CVE-2026-62355 (TDengine is an open source, time-series database optimized for
Interne ...)
+ TODO: check
+CVE-2026-62353 (TDengine is a time-series database optimized for Internet of
Things de ...)
+ TODO: check
+CVE-2026-62351 (TDengine is a time-series database optimized for Internet of
Things de ...)
+ TODO: check
+CVE-2026-62350 (TDengine is an open source, time-series database optimized for
Interne ...)
+ TODO: check
+CVE-2026-62349 (TDengine is an open source, time-series database optimized for
Interne ...)
+ TODO: check
+CVE-2026-62348 (TDengine is a time-series database optimized for Internet of
Things de ...)
+ TODO: check
+CVE-2026-62314 (Anubis is a Web AI Firewall Utility that challenges users'
connections ...)
+ TODO: check
+CVE-2026-62312 (9Router is an AI router & token saver. Prior to 0.5.2, 9Router
allows ...)
+ TODO: check
+CVE-2026-59950 (The MCP Python SDK, called mcp on PyPI, is a Python
implementation of ...)
+ TODO: check
+CVE-2026-56743 (Cilium is a networking, observability, and security solution.
From 1.1 ...)
+ TODO: check
+CVE-2026-56742 (Cilium is a networking, observability, and security solution.
Prior to ...)
+ TODO: check
+CVE-2026-56679 (9Router is an AI router & token saver. Prior to 0.5.4, the
PATCH /api/ ...)
+ TODO: check
+CVE-2026-56678 (9Router is an AI router & token saver. Prior to 0.5.6, the
Kiro API-ke ...)
+ TODO: check
+CVE-2026-55652 (Wekan is open source kanban built with Meteor. Prior to 9.46,
header-l ...)
+ TODO: check
+CVE-2026-55608 (n8n-MCP is an MCP server that provides AI assistants access to
n8n nod ...)
+ TODO: check
+CVE-2026-55576 (MaaAssistantArknights is a one-click tool for daily Arknights
tasks. I ...)
+ TODO: check
+CVE-2026-55445 (Qinglong is a timed task management platform supporting
Python3, JavaS ...)
+ TODO: check
+CVE-2026-55410 (NocoBase is an AI-powered no-code/low-code platform for
building busin ...)
+ TODO: check
+CVE-2026-55399 (CVE-2026-55399 is a resource exhaustion vulnerability in the
Secure Ac ...)
+ TODO: check
+CVE-2026-55398 (CVE-2026-55398 is a memory management vulnerability in Secure
Access c ...)
+ TODO: check
+CVE-2026-55234 (Wekan is open source kanban built with Meteor. Prior to 9.37,
Wekan DD ...)
+ TODO: check
+CVE-2026-54458 (WWBN AVideo is an open source video platform. Versions prior
to 29.0 c ...)
+ TODO: check
+CVE-2026-54052 (n8n-MCP is an MCP server that provides AI assistants access to
n8n nod ...)
+ TODO: check
+CVE-2026-53447 (Wekan is open source kanban built with Meteor. Prior to 9.35,
the Weka ...)
+ TODO: check
+CVE-2026-53446 (Wekan is open source kanban built with Meteor. Prior to 9.32,
Wekan we ...)
+ TODO: check
+CVE-2026-53445 (Wekan is open source kanban built with Meteor. Prior to 9.32,
the Weka ...)
+ TODO: check
+CVE-2026-53444 (Wekan is open source kanban built with Meteor. Prior to 9.32,
Wekan OI ...)
+ TODO: check
+CVE-2026-52893 (Wekan is open source kanban built with Meteor. Prior to 9.32,
the Weka ...)
+ TODO: check
+CVE-2026-52892 (Wekan is open source kanban built with Meteor. Prior to 9.32,
Wekan RE ...)
+ TODO: check
+CVE-2026-52891 (Wekan is open source kanban built with Meteor. Prior to 9.07,
Wekan av ...)
+ TODO: check
+CVE-2026-52890 (Wekan is open source kanban built with Meteor. Prior to 9.31,
Wekan al ...)
+ TODO: check
+CVE-2026-52888 (NocoBase is an AI-powered no-code/low-code platform for
building busin ...)
+ TODO: check
+CVE-2026-52887 (NocoBase is an AI-powered no-code/low-code platform for
building busin ...)
+ TODO: check
+CVE-2026-52870 (The MCP Python SDK, called mcp on PyPI, is a Python
implementation of ...)
+ TODO: check
+CVE-2026-52869 (The MCP Python SDK, called mcp on PyPI, is a Python
implementation of ...)
+ TODO: check
+CVE-2026-51380 (Buffer Overflow vulnerability in Tenda AC10 v3 (firmware
V03.03.16.09) ...)
+ TODO: check
+CVE-2026-50183 (WWBN AVideo is an open source video platform. Versions 29.0
and below ...)
+ TODO: check
+CVE-2026-50182 (WWBN AVideo is an open source video platform. Versions prior
to 29.0 c ...)
+ TODO: check
+CVE-2026-50144 (ncnn is a high-performance neural network inference framework
optimize ...)
+ TODO: check
+CVE-2026-50124 (DataEase is an open source data visualization and analysis
tool. Prior ...)
+ TODO: check
+CVE-2026-50030 (DataEase is an open source data visualization and analysis
tool. Prior ...)
+ TODO: check
+CVE-2026-49867 (DataEase is an open source data visualization and analysis
tool. Prior ...)
+ TODO: check
+CVE-2026-49445 (Cilium is a networking, observability, and security solution.
Prior to ...)
+ TODO: check
+CVE-2026-49353 (9Router is an AI router & token saver. In 0.4.45 and earlier,
9Router' ...)
+ TODO: check
+CVE-2026-49352 (9Router is an AI router & token saver. From 0.2.21 until
0.4.44, 9Rout ...)
+ TODO: check
+CVE-2026-49279 (WWBN AVideo is an open source video platform. Versions 29.0
and below ...)
+ TODO: check
+CVE-2026-48795 (AdonisJS is a TypeScript-first web framework. From 10.1.3
until 10.1.5 ...)
+ TODO: check
+CVE-2026-46684 (DataEase is an open source data visualization and analysis
tool. Prior ...)
+ TODO: check
+CVE-2026-46421 (The SAP Cloud Application Programming Model is a tool for
building ent ...)
+ TODO: check
+CVE-2026-46339 (9Router is an AI router & token saver. From 0.4.30 until
0.4.37, 9Rout ...)
+ TODO: check
+CVE-2026-45738 (Argo CD is a declarative, GitOps continuous delivery tool for
Kubernet ...)
+ TODO: check
+CVE-2026-45737 (Argo CD is a declarative, GitOps continuous delivery tool for
Kubernet ...)
+ TODO: check
+CVE-2026-45535 (DataEase is an open source data visualization and analysis
tool. Prior ...)
+ TODO: check
+CVE-2026-45534 (DataEase is an open source data visualization and analysis
tool. Prior ...)
+ TODO: check
+CVE-2026-45533 (DataEase is an open source data visualization and analysis
tool. Prior ...)
+ TODO: check
+CVE-2026-45419 (DataEase is an open source data visualization and analysis
tool. Prior ...)
+ TODO: check
+CVE-2026-45417 (DataEase is an open source data visualization and analysis
tool. Prior ...)
+ TODO: check
+CVE-2026-45320 (DataEase is an open source data visualization and analysis
tool. Prior ...)
+ TODO: check
+CVE-2026-45313 (Sandboxie-Plus is an open source sandbox-based isolation
software for ...)
+ TODO: check
+CVE-2026-40958 (CVE-2026-40958 is a input validation error in Secure Access
clients pr ...)
+ TODO: check
+CVE-2026-40957 (o CVE-2026-40957 is a frameable content vulnerability in the
Secure Ac ...)
+ TODO: check
+CVE-2026-40956 (CVE-2026-40956 is a memory disclosure vulnerability in Secure
Access c ...)
+ TODO: check
+CVE-2026-40955 (CVE-2026-40955 is an integer underflow vulnerability in the
traffic pa ...)
+ TODO: check
+CVE-2026-40954 (CVE-2026-40954 is an integer underflow vulnerability in the
traffic pa ...)
+ TODO: check
+CVE-2026-40953 (CVE-2026-40953 is a heap overflow in the certificate parsing
function ...)
+ TODO: check
+CVE-2026-40952 (CVE-2026-40952 is a privilege misconfiguration in the Secure
Access in ...)
+ TODO: check
+CVE-2026-38974 (Dulwich through 1.1.0 was found to be missing SSH host key
verificatio ...)
+ TODO: check
+CVE-2026-38755 (A heap overflow in the evalcommand() function (shell/ash.c) of
Busybox ...)
+ TODO: check
+CVE-2026-38754 (A heap overflow in the ifsbreakup() function (shell/ash.c) of
Busybox ...)
+ TODO: check
+CVE-2026-38753 (A use-after-free in the awk_sub() function (editors/awk.c) of
Busybox ...)
+ TODO: check
+CVE-2026-38752 (A stack overflow in the evaluate() function (editors/awk.c) of
BusyBox ...)
+ TODO: check
+CVE-2026-36590 (An issue in EMQ NanoMQ v.0.24.9 allows a remote attacker to
cause a de ...)
+ TODO: check
+CVE-2026-33684 (WWBN AVideo is an open source video platform. Prior to version
29.0, P ...)
+ TODO: check
+CVE-2026-33445 (CVE-2026-33445 is a memory management vulnerability in Secure
Access s ...)
+ TODO: check
+CVE-2026-33444 (CVE-2026-33444 is a memory management vulnerability in Secure
Access s ...)
+ TODO: check
+CVE-2026-33443 (CVE-2026-33443 is a memory management error in Secure Access
servers p ...)
+ TODO: check
+CVE-2026-30623 (LiteLLM 1.18.10 contains a remote code execution vulnerability
in its ...)
+ TODO: check
+CVE-2026-30618 (xszyou Fay 4.3.1 contains a remote code execution
vulnerability in its ...)
+ TODO: check
+CVE-2026-26719 (Cross Site Scripting vulnerability in xxl-job-admin v.3.0.0
allows a r ...)
+ TODO: check
+CVE-2026-26718 (A Cross-Site Request Forgery (CSRF) vulnerability exists in
the xxl-jo ...)
+ TODO: check
+CVE-2026-26032 (The PackagerResolver of Apache Ivy is able to download online
artifact ...)
+ TODO: check
+CVE-2026-21729 (Loki queries with large limits can cause large memory
allocations whic ...)
+ TODO: check
+CVE-2026-15925 (Improper TLS hostname verification in Snowflake Connector for
Python v ...)
+ TODO: check
+CVE-2026-15921 (Node Version Manager (nvm) is a POSIX-compliant shell function
for man ...)
+ TODO: check
+CVE-2026-15909 (A vulnerability has been found in RafyMrX TOKO-ONLINE-ROTI up
to ddfe1 ...)
+ TODO: check
+CVE-2026-15907 (A flaw has been found in H3C SecPath F1000-C8300 up to
20260522. This ...)
+ TODO: check
+CVE-2026-15895 (OS command injection in the npm package loading component in
AWS jsii- ...)
+ TODO: check
+CVE-2026-15652 (The Easy Accordion \u2013 AI-Powered FAQ & Accordion Blocks,
Product F ...)
+ TODO: check
+CVE-2026-15458 (The SEO Booster plugin for WordPress is vulnerable to generic
SQL Inje ...)
+ TODO: check
+CVE-2026-15445 (The SEO Booster plugin for WordPress is vulnerable to
time-based SQL I ...)
+ TODO: check
+CVE-2026-15336 (The Catch Themes Demo Import plugin for WordPress is
vulnerable to Mis ...)
+ TODO: check
+CVE-2026-15306 (The Product Feed Manager For WooCommerce \u2013 Sell on 200+
Online Ma ...)
+ TODO: check
+CVE-2026-15013 (The SAML Single Sign On \u2013 SSO Login plugin for WordPress
is vulne ...)
+ TODO: check
+CVE-2026-14987 (The GiveWP \u2013 Donation Plugin and Fundraising Platform
plugin for ...)
+ TODO: check
+CVE-2026-13042 (The RPB Chessboard plugin for WordPress is vulnerable to
Stored Cross- ...)
+ TODO: check
+CVE-2026-13005 (The MxChat \u2013 AI Chatbot & Content Generation for
WordPress plugin ...)
+ TODO: check
+CVE-2026-12979 (The FunnelKit WordPress plugin before 3.15.0.6 does not
validate a us ...)
+ TODO: check
+CVE-2026-12978 (The FunnelKit WordPress plugin before 3.15.0.6 does not
escape a user ...)
+ TODO: check
+CVE-2026-12941 (The MultiVendorX \u2013 WooCommerce Multivendor Marketplace AI
Powered ...)
+ TODO: check
+CVE-2026-12907 (The RTMKit WordPress plugin before 2.0.9 does not perform a
proper cap ...)
+ TODO: check
+CVE-2026-12906 (The RTMKit WordPress plugin before 2.0.9 does not perform a
capability ...)
+ TODO: check
+CVE-2026-12869 (The Header Footer Builder for Elementor WordPress plugin
before 1.2.1 ...)
+ TODO: check
+CVE-2026-12753 (The Advance Product Search- Voice & Ajax Search for
WooCommerce plugin ...)
+ TODO: check
+CVE-2026-12684 (The Customer Reviews for WooCommerce WordPress plugin before
5.113.0 d ...)
+ TODO: check
+CVE-2026-12585 (The Abandoned Cart Lite for WooCommerce WordPress plugin
before 6.8.2 ...)
+ TODO: check
+CVE-2026-12525 (The Redux Framework WordPress plugin before 4.5.13 does not
restrict w ...)
+ TODO: check
+CVE-2026-12510 (The AI Engine WordPress plugin before 3.5.5 does not verify
that a us ...)
+ TODO: check
+CVE-2026-12492 (The Happy Coders OTP Login for WooCommerce WordPress plugin
before 2.8 ...)
+ TODO: check
+CVE-2026-12434 (The List category posts plugin for WordPress is vulnerable to
Sensitiv ...)
+ TODO: check
+CVE-2026-12409 (The Landing Page Builder \u2013 Coming Soon page, Maintenance
Mode, Le ...)
+ TODO: check
+CVE-2026-12395 (The WP Job Portal WordPress plugin before 2.5.5 does not
properly san ...)
+ TODO: check
+CVE-2026-11866 (The Appointment Booking Plugin WordPress plugin before 5.6.3
does not ...)
+ TODO: check
+CVE-2026-11371 (The BetterDocs WordPress plugin before 4.5.5 does not
sanitise an AI- ...)
+ TODO: check
+CVE-2025-65720 (An issue in Open Source GPT Researcher v3.3.7 allows attackers
to exec ...)
+ TODO: check
+CVE-2026-53366 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
- linux 7.1.3-1
[trixie] - linux 6.12.95-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -419,38 +651,47 @@ CVE-2026-10673 (The Zephyr ADIN2111/ADIN1110
10BASE-T1S/T1L Ethernet driver (dri
CVE-2025-32781 (Apollo is a reliable configuration management system suitable
for micr ...)
TODO: check
CVE-2026-56136
+ {DSA-6389-1}
- ntfs-3g <unfixed> (bug #1142144)
NOTE:
https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-r66g-c39x-cw95
NOTE: https://www.openwall.com/lists/oss-security/2026/07/15/6
CVE-2026-56135
+ {DSA-6389-1}
- ntfs-3g <unfixed> (bug #1142144)
NOTE:
https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-c9qg-fh4v-mq8r
NOTE: https://www.openwall.com/lists/oss-security/2026/07/15/6
CVE-2026-46572
+ {DSA-6389-1}
- ntfs-3g <unfixed> (bug #1142144)
NOTE:
https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-wx5r-gc7w-9hhc
NOTE: https://www.openwall.com/lists/oss-security/2026/07/15/6
CVE-2026-46570
+ {DSA-6389-1}
- ntfs-3g <unfixed> (bug #1142144)
NOTE:
https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-m6qq-pv5j-2wxc
NOTE: https://www.openwall.com/lists/oss-security/2026/07/15/6
CVE-2026-46571
+ {DSA-6389-1}
- ntfs-3g <unfixed> (bug #1142144)
NOTE:
https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-52gr-j4pv-9pjh
NOTE: https://www.openwall.com/lists/oss-security/2026/07/15/6
CVE-2026-46569
+ {DSA-6389-1}
- ntfs-3g <unfixed> (bug #1142144)
NOTE:
https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-xxv8-9r24-hcj9
NOTE: https://www.openwall.com/lists/oss-security/2026/07/15/6
CVE-2026-42618
+ {DSA-6389-1}
- ntfs-3g <unfixed> (bug #1142144)
NOTE:
https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-6whp-3f63-97qw
NOTE: https://www.openwall.com/lists/oss-security/2026/07/15/6
CVE-2026-42617
+ {DSA-6389-1}
- ntfs-3g <unfixed> (bug #1142144)
NOTE:
https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-jv65-qqf7-f692
NOTE: https://www.openwall.com/lists/oss-security/2026/07/15/6
CVE-2026-42616
+ {DSA-6389-1}
- ntfs-3g <unfixed> (bug #1142144)
NOTE:
https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-p6mp-gp2j-7358
NOTE: https://www.openwall.com/lists/oss-security/2026/07/15/6
@@ -2122,48 +2363,63 @@ CVE-2026-23573 (An Improper Neutralization of Input
During Web Page Generation (
CVE-2026-21840 (HCL BigFix Platform is affected by a user enumeration
vulnerability wh ...)
NOT-FOR-US: HCL
CVE-2026-15778 (Insufficient validation of untrusted input in Navigation in
Google Chr ...)
+ {DSA-6390-1}
- chromium 150.0.7871.124-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-15777 (Use after free in UI in Google Chrome on Linux prior to
150.0.7871.125 ...)
+ {DSA-6390-1}
- chromium 150.0.7871.124-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-15776 (Inappropriate implementation in V8 in Google Chrome prior to
150.0.787 ...)
+ {DSA-6390-1}
- chromium 150.0.7871.124-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-15775 (Inappropriate implementation in V8 in Google Chrome prior to
150.0.787 ...)
+ {DSA-6390-1}
- chromium 150.0.7871.124-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-15774 (Use after free in Skia in Google Chrome prior to
150.0.7871.125 allowe ...)
+ {DSA-6390-1}
- chromium 150.0.7871.124-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-15773 (Use after free in Core in Google Chrome on Windows prior to
150.0.7871 ...)
+ {DSA-6390-1}
- chromium 150.0.7871.124-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-15772 (Use after free in GPU in Google Chrome on Android prior to
150.0.7871. ...)
+ {DSA-6390-1}
- chromium 150.0.7871.124-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-15771 (Insufficient validation of untrusted input in Media in Google
Chrome o ...)
+ {DSA-6390-1}
- chromium 150.0.7871.124-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-15770 (Uninitialized Use in V8 in Google Chrome prior to
150.0.7871.125 allow ...)
+ {DSA-6390-1}
- chromium 150.0.7871.124-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-15769 (Insufficient validation of untrusted input in Linux Toolkit
Theming in ...)
+ {DSA-6390-1}
- chromium 150.0.7871.124-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-15768 (Insufficient policy enforcement in HTML-in-Canvas in Google
Chrome pri ...)
+ {DSA-6390-1}
- chromium 150.0.7871.124-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-15767 (Heap buffer overflow in libyuv in Google Chrome on Windows
prior to 15 ...)
+ {DSA-6390-1}
- chromium 150.0.7871.124-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-15766 (Uninitialized Use in Skia in Google Chrome prior to
150.0.7871.125 all ...)
+ {DSA-6390-1}
- chromium 150.0.7871.124-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-15765 (Use after free in Ozone in Google Chrome prior to
150.0.7871.125 allow ...)
+ {DSA-6390-1}
- chromium 150.0.7871.124-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-15764 (Use after free in Ozone in Google Chrome on Linux prior to
150.0.7871. ...)
+ {DSA-6390-1}
- chromium 150.0.7871.124-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-15757 (A security flaw was discovered in the NETGEAR DGND3700v1 that
could al ...)
@@ -35725,7 +35981,7 @@ CVE-2026-48095 (7-Zip is a file archiver with a high
compression ratio. Versions
NOTE: Since p7zip/16.02+transitional.1 src:p7zip is only a empty source
package
NOTE: depending on 7zip. Mark this version as fixed version.
NOTE: https://securitylab.github.com/advisories/GHSL-2026-140_7-Zip/
-CVE-2026-48863
+CVE-2026-48863 (A flaw was found in libsolv. A stack-based buffer overflow
vulnerabili ...)
- libsolv 0.7.38-1
[trixie] - libsolv <no-dsa> (Minor issue)
[bookworm] - libsolv <no-dsa> (Minor issue)
@@ -77100,7 +77356,7 @@ CVE-2026-33306 (bcrypt-ruby is a Ruby binding for the
OpenBSD bcrypt() password
[bullseye] - ruby-bcrypt <postponed> (Minor issue)
NOTE:
https://github.com/bcrypt-ruby/bcrypt-ruby/security/advisories/GHSA-f27w-vcwj-c954
NOTE: Fixed by:
https://github.com/bcrypt-ruby/bcrypt-ruby/commit/5faa2748331d3edc661c127ef2fbb3afcb6b02a4
(v3.1.22)
-CVE-2026-23538
+CVE-2026-23538 (A vulnerability was identified in the Feast Feature Server's
`/ws/chat ...)
NOT-FOR-US: Feast
CVE-2026-23537 (A vulnerability has been identified in the Feast Feature
Server\u2019s ...)
NOT-FOR-US: Feast
@@ -78707,7 +78963,7 @@ CVE-2026-34881 (OpenStack Glance before 29.1.1, 30.x
before 30.1.1, and 31.0.0 i
NOTE: https://www.openwall.com/lists/oss-security/2026/03/19/3
NOTE: https://bugs.launchpad.net/glance/+bug/2138602
NOTE: https://security.openstack.org/ossa/OSSA-2026-004.html
-CVE-2026-3842
+CVE-2026-3842 (A flaw was found in QEMU. This vulnerability allows a local
attacker w ...)
- qemu 1:10.2.2+ds-1
[trixie] - qemu 1:10.0.10+ds-0+deb13u1
[bookworm] - qemu <no-dsa> (Minor issue)
@@ -96014,7 +96270,7 @@ CVE-2026-2239 (A flaw was found in GIMP.
Heap-buffer-overflow vulnerability exis
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/gimp/-/commit/51a2d65a2df403f6da582173e0ddd7904356f5ae
(gimp-3-0 branch)
NOTE: Followup (not strictly part of the CVE, but a second problem
exposed):
NOTE:
https://gitlab.gnome.org/GNOME/gimp/-/commit/02886e626df5e4c5f73f838a64fd3f21809dda09
-CVE-2026-1609
+CVE-2026-1609 (A flaw was found in Keycloak. When the JSON Web Token (JWT)
authorizat ...)
- keycloak <itp> (bug #1088287)
CVE-2025-11537 (A flaw was found in Keycloak. When the logging format is
configured to ...)
- keycloak <itp> (bug #1088287)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2fb909a870db98fe736eeb854424e8f37af08cd4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2fb909a870db98fe736eeb854424e8f37af08cd4
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits