Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
97c175e7 by security tracker role at 2026-07-17T19:13:43+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,253 @@
+CVE-2026-9762 (IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is
vulnerable ...)
+ TODO: check
+CVE-2026-9656 (The HubSpot All-In-One Marketing \u2013 Forms, Popups, Live
Chat plugi ...)
+ TODO: check
+CVE-2026-9602 (Mattermost Desktop App versions <=6.2 6.0.2 5.6.13.0 fail to
validate ...)
+ TODO: check
+CVE-2026-9592 (SEPPmail Secure Email Gateway & SEPPmail Cloud before version
15.0.4.2 ...)
+ TODO: check
+CVE-2026-9588 (A stored cross-site scripting (XSS) vulnerability exists in
Sangoma Sw ...)
+ TODO: check
+CVE-2026-9587 (An authenticated local file inclusion vulnerability exists in
Sangoma ...)
+ TODO: check
+CVE-2026-9586 (An unauthenticated SQL injection vulnerability exists in
Sangoma Switc ...)
+ TODO: check
+CVE-2026-9585 (An unauthenticated reflected cross-site scripting (XSS)
vulnerability ...)
+ TODO: check
+CVE-2026-9537 (Mojo::JWT versions before 1.02 for Perl verify HMAC signatures
with a ...)
+ TODO: check
+CVE-2026-9202 (IBM Langflow OSS 1.0.0 through 1.10.0 allows unauthenticated
attackers ...)
+ TODO: check
+CVE-2026-9198 (IBM Langflow OSS 1.0.0 through 1.10.0 allows unauthenticated
attackers ...)
+ TODO: check
+CVE-2026-9171 (IBM PowerVM Novalink are vulnerable to a denial of service,
caused by ...)
+ TODO: check
+CVE-2026-9135 (IBM Langflow OSS 1.0.0 through 1.10.0 Langflow versions up to
1.9.2 (c ...)
+ TODO: check
+CVE-2026-9103 (IBM Langflow OSS 1.0.0 through 1.10.0 could allow a remote
attacker to ...)
+ TODO: check
+CVE-2026-8396 (Improper restriction of XML external entity reference
vulnerability in ...)
+ TODO: check
+CVE-2026-8297 (Improper neutralization of special elements used in an SQL
command ('S ...)
+ TODO: check
+CVE-2026-8075 (Mattermost Desktop App versions <=6.2 5.5.13 6.0.2.0 fail to
properly ...)
+ TODO: check
+CVE-2026-7488 (Insertion of sensitive information into sent data vulnerability
in IKA ...)
+ TODO: check
+CVE-2026-7189 (Insertion of sensitive information into sent data vulnerability
in Pro ...)
+ TODO: check
+CVE-2026-63309 (SurrealDB before 3.1.5 fail to apply field-level SELECT
permissions to ...)
+ TODO: check
+CVE-2026-63308 (Helm through 4.2.3, fixed in commit ba6c9a2, contains a denial
of serv ...)
+ TODO: check
+CVE-2026-63307 (Chat2DB before 5.3.0 contains an insecure direct object
reference vuln ...)
+ TODO: check
+CVE-2026-63101 (Open Event Server through 1.19.1 contains a missing
authentication vul ...)
+ TODO: check
+CVE-2026-63100 (Maybe through 0.6.0 contains a missing authorization
vulnerability tha ...)
+ TODO: check
+CVE-2026-63099 (TheHive through 4.1.24 contains a broken object-level
authorization vu ...)
+ TODO: check
+CVE-2026-63098 (TheHive through 4.1.24 contains an unauthenticated information
disclos ...)
+ TODO: check
+CVE-2026-63097 (Dendrite through 0.13.8 contains an improper access control
vulnerabil ...)
+ TODO: check
+CVE-2026-63096 (Dendrite through 0.13.8 contains a server-side request forgery
vulnera ...)
+ TODO: check
+CVE-2026-63095 (Dendrite through 0.13.8 contains an improper authorization
vulnerabili ...)
+ TODO: check
+CVE-2026-63094 (SigNoz through 0.133.0 contains an open redirect vulnerability
in the ...)
+ TODO: check
+CVE-2026-63093 (Cursor for Windows version 3.2.16 contains a binary planting
vulnerabi ...)
+ TODO: check
+CVE-2026-62764 (Improper Handling of Insufficient Privileges vulnerability in
Apache A ...)
+ TODO: check
+CVE-2026-60025 (The Joomla extension Events Booking prior version 5.8.0 had an
fronten ...)
+ TODO: check
+CVE-2026-60024 (The Joomla extension Events Booking prior version 5.8.0 did by
default ...)
+ TODO: check
+CVE-2026-59695 (Improper Validation of Specified Quantity in Input in ZenHive
mpp allo ...)
+ TODO: check
+CVE-2026-59694 (Improper Validation of Specified Quantity in Input in ZenHive
mpp allo ...)
+ TODO: check
+CVE-2026-59252 (Improper Validation of Specified Quantity in Input in ZenHive
mpp allo ...)
+ TODO: check
+CVE-2026-58195 (Agentic-Flow is an AI agent orchestration platform. Prior to
2.0.14, a ...)
+ TODO: check
+CVE-2026-58149 (The Joomla extension Events Booking is vulnerable to an
unauthenticate ...)
+ TODO: check
+CVE-2026-58148 (The Joomla extension ChronoForms is vulnerable to an
unauthenticated s ...)
+ TODO: check
+CVE-2026-57860 (ForgeCode (tailcallhq/forgecode), an AI pair-programming CLI,
automati ...)
+ TODO: check
+CVE-2026-54496 (ZEBRA is a Zcash node written entirely in Rust. Prior to
zebrad 5.0.0, ...)
+ TODO: check
+CVE-2026-53712 (SCRAM (Salted Challenge Response Authentication Mechanism) is
part of ...)
+ TODO: check
+CVE-2026-52746 (JSONata is a JSON query and transformation language. Prior to
2.2.0, m ...)
+ TODO: check
+CVE-2026-51083 (Incorrect access control in Proxmox Virtual Environment (PVE)
9.x qemu ...)
+ TODO: check
+CVE-2026-51082 (A race condition between the vncproxy and vncwebsocket API
calls in Pr ...)
+ TODO: check
+CVE-2026-51081 (A cross-site scripting (XSS) vulnerability in Proxmox Virtual
Environm ...)
+ TODO: check
+CVE-2026-51080 (libpvestorage-perl v9.1.1 and libpve-storage-perl v8.3.7 were
discover ...)
+ TODO: check
+CVE-2026-50273 (Datadog .NET Tracer is a client library for Datadog APM for
.NET appli ...)
+ TODO: check
+CVE-2026-50185 (RustCrypto CMOV provides conditional move CPU intrinsics which
are gua ...)
+ TODO: check
+CVE-2026-49835 (Sigstore Timestamp Authority is a service for issuing RFC 3161
timesta ...)
+ TODO: check
+CVE-2026-49216 (Symfony UX is a JavaScript ecosystem for Symfony. From 2.2.0
until 2.3 ...)
+ TODO: check
+CVE-2026-49215 (Symfony UX is a JavaScript ecosystem for Symfony. From 2.22.0
until 2. ...)
+ TODO: check
+CVE-2026-49212 (Symfony UX is a JavaScript ecosystem for Symfony. From 2.8.0
until 2.3 ...)
+ TODO: check
+CVE-2026-49211 (Symfony UX is a JavaScript ecosystem for Symfony. From 2.2.0
until 2.3 ...)
+ TODO: check
+CVE-2026-49210 (Symfony UX is a JavaScript ecosystem for Symfony. From 2.8.0
until 2.3 ...)
+ TODO: check
+CVE-2026-49209 (Symfony UX is a JavaScript ecosystem for Symfony. From 2.5.0
until 2.3 ...)
+ TODO: check
+CVE-2026-49208 (Symfony UX is a JavaScript ecosystem for Symfony. From 2.8.0
until 2.3 ...)
+ TODO: check
+CVE-2026-48487 (Zeroconf is a pure Python implementation of multicast DNS
service disc ...)
+ TODO: check
+CVE-2026-48045 (Zeroconf is a pure Python implementation of multicast DNS
service disc ...)
+ TODO: check
+CVE-2026-48016 (Shopware is an open commerce platform. Prior to 6.6.10.18 and
6.7.10.1 ...)
+ TODO: check
+CVE-2026-48015 (Shopware is an open commerce platform. Prior to 6.6.10.18 and
6.7.10.1 ...)
+ TODO: check
+CVE-2026-48014 (Shopware is an open commerce platform. Prior to 6.6.10.18 and
6.7.10.1 ...)
+ TODO: check
+CVE-2026-48010 (Shopware is an open commerce platform. Prior to 6.6.10.18 and
6.7.10.1 ...)
+ TODO: check
+CVE-2026-48009 (Shopware is an open commerce platform. Prior to 6.6.10.18 and
6.7.10.1 ...)
+ TODO: check
+CVE-2026-48008 (Shopware is an open commerce platform. Prior to 6.6.10.18 and
6.7.10.1 ...)
+ TODO: check
+CVE-2026-47184 (Zeroconf is a pure Python implementation of multicast DNS
service disc ...)
+ TODO: check
+CVE-2026-47183 (Zeroconf is a pure Python implementation of multicast DNS
service disc ...)
+ TODO: check
+CVE-2026-47180 (Zeroconf is a pure Python implementation of multicast DNS
service disc ...)
+ TODO: check
+CVE-2026-45703 (Pimcore is an Open Source Data & Experience Management
Platform. Prior ...)
+ TODO: check
+CVE-2026-45162 (Pimcore is an Open Source Data & Experience Management
Platform. Prior ...)
+ TODO: check
+CVE-2026-44722 (pyzipper is a replacement for Python's zipfile that can read
and write ...)
+ TODO: check
+CVE-2026-22104 (Improper access control in Hashtopolis server web-interface
chunk acti ...)
+ TODO: check
+CVE-2026-21764 (HCL DevOps Loop is affected by insufficient input validation
that allo ...)
+ TODO: check
+CVE-2026-21762 (HCL DevOps Loop is affected by missing HTTP security headers.
Missing ...)
+ TODO: check
+CVE-2026-21761 (HCL DevOps Loop is affected by a Cross-Origin Resource Sharing
(CORS) ...)
+ TODO: check
+CVE-2026-21760 (HCL DevOps Loop is affected by an Unauthorized Access to Admin
Functio ...)
+ TODO: check
+CVE-2026-16108 (A flaw was found in the default-groups REST endpoint and realm
represe ...)
+ TODO: check
+CVE-2026-16106 (A flaw was found in the admin REST API of Keycloak, a solution
for ide ...)
+ TODO: check
+CVE-2026-16104 (A flaw was found in the authentication configuration endpoint
of the k ...)
+ TODO: check
+CVE-2026-16103 (A flaw was found in the keycloak-services component of
Keycloak. This ...)
+ TODO: check
+CVE-2026-16093 (Keycloak provides a mechanism called Client Policies to
enforce securi ...)
+ TODO: check
+CVE-2026-16089 (A flaw was found in the keycloak-services component of Red Hat
Build o ...)
+ TODO: check
+CVE-2026-16073 (A security vulnerability has been detected in AstrBotDevs
AstrBot up t ...)
+ TODO: check
+CVE-2026-16072 (A flaw was found in the organization management component of
Keycloak. ...)
+ TODO: check
+CVE-2026-16017 (A security flaw has been discovered in mosaxiv clawlet up to
0.2.10. I ...)
+ TODO: check
+CVE-2026-16016 (A vulnerability was identified in poco-ai poco-claw up to
0.5.4. This ...)
+ TODO: check
+CVE-2026-16015 (A vulnerability was determined in poco-ai poco-claw up to
0.5.4. This ...)
+ TODO: check
+CVE-2026-16014 (A vulnerability was found in code-projects Hospital Bed
Management Sys ...)
+ TODO: check
+CVE-2026-16013 (A vulnerability has been found in liftoff-sr CIPster up to
632336d414e ...)
+ TODO: check
+CVE-2026-16009 (A vulnerability was detected in itsourcecode Hospital
Management Syste ...)
+ TODO: check
+CVE-2026-16008 (A security vulnerability has been detected in sagold
json-schema-libra ...)
+ TODO: check
+CVE-2026-15943 (A flaw was found in the Keycloak keycloak-services component,
which ha ...)
+ TODO: check
+CVE-2026-15783 (A missing authorization vulnerability was identified in GitHub
Enterpr ...)
+ TODO: check
+CVE-2026-15380 (A non-administrator interactive user can obtain full SYSTEM
code execu ...)
+ TODO: check
+CVE-2026-15379 (The Altiris WMI provider exposes a class (AltirisAgent_Stream)
that al ...)
+ TODO: check
+CVE-2026-15343 (A path traversal vulnerability was identified in GitHub
Enterprise Ser ...)
+ TODO: check
+CVE-2026-15007 (A denial of service vulnerability was identified in GitHub
Enterprise ...)
+ TODO: check
+CVE-2026-14871 (osTicket versions v1.18.3 and v1.17.7 contain a Broken Object
Level Au ...)
+ TODO: check
+CVE-2026-13410 (Dancer::Plugin::Auth::Google versions through 0.07 for Perl
have TLS v ...)
+ TODO: check
+CVE-2026-13082 (GD::SecurityImage versions through 1.75 for Perl use rand to
generate ...)
+ TODO: check
+CVE-2026-12715 (Missing Authorization in Google Cloud Firebase Studio versions
prior t ...)
+ TODO: check
+CVE-2026-12705 (Missing support for integrity check vulnerability in ABB KNX
Update To ...)
+ TODO: check
+CVE-2026-12694 (Missing Authorization vulnerability in Vimesoft Inc.
Enterprise Video ...)
+ TODO: check
+CVE-2026-12693 (Authorization bypass through User-Controlled key vulnerability
in Vime ...)
+ TODO: check
+CVE-2026-12692 (Unverified password change vulnerability in Vimesoft Inc.
Enterprise V ...)
+ TODO: check
+CVE-2026-12691 (Missing authentication for critical function vulnerability in
Vimesoft ...)
+ TODO: check
+CVE-2026-11763 (Authorization bypass through User-Controlled key vulnerability
in Gis ...)
+ TODO: check
+CVE-2025-60357 (AhnLab EPP Management v1.0.14.32-6249 was discovered to
contain a NoSQ ...)
+ TODO: check
+CVE-2025-59866 (The HCL DFMPro, DFXAnalytics and DFXServer installers are
affected by ...)
+ TODO: check
+CVE-2024-42214 (HCL Aftermarket EPC is vulnerable to attack since HTTP OPTIONS
method ...)
+ TODO: check
+CVE-2024-23578 (HCL Aftermarket EPC is vulnerable to attack as the application
impleme ...)
+ TODO: check
+CVE-2024-23577 (HCL Aftermarket EPC is vulnerable since the application does
not have ...)
+ TODO: check
+CVE-2024-23575 (HCL Aftermarket EPC is vulnerable to attack since the
application retu ...)
+ TODO: check
+CVE-2024-23574 (HCL Aftermarket EPC is vulnerable to attack since It was found
that a ...)
+ TODO: check
+CVE-2024-23573 (HCL Aftermarket EPC is vulnerable to attack since the
Application is v ...)
+ TODO: check
+CVE-2024-23572 (HCL Aftermarket EPC is vulnerable to attack as cookie appears
to conta ...)
+ TODO: check
+CVE-2024-23571 (HCL Aftermarket EPC is vulnerable to attack since the
application does ...)
+ TODO: check
+CVE-2024-23570 (HCL Aftermarket EPC is affected by clickjacking vulnerability
Cross-Fr ...)
+ TODO: check
+CVE-2024-23569 (HCL Aftermarket EPC is vulnerable to attack since the server
is not co ...)
+ TODO: check
+CVE-2024-23568 (HCL Aftermarket EPC is vulnerable to attacks since the server
software ...)
+ TODO: check
+CVE-2024-23567 (HCL Aftermarket EPC is affected by Sensitive Information in
GET method ...)
+ TODO: check
+CVE-2024-23566 (HCL Aftermarket EPC is vulnerable to brute force attacks since
applica ...)
+ TODO: check
+CVE-2024-23565 (HCL Aftermarket EPC is vulnerable to email flooding as the
application ...)
+ TODO: check
+CVE-2024-23564 (HCL Aftermarket EPC is affected by Business Logic
Vulnerability using ...)
+ TODO: check
CVE-2026-14266
- 7zip 26.02+dfsg-1 (bug #1142293)
- p7zip 16.02+transitional.1
@@ -2033,7 +2283,7 @@ CVE-2026-52100 (Cross Site Request Forgery vulnerability
in andreimarcu linux-se
NOT-FOR-US: andreimarcu linux-server
CVE-2026-51808 (Buffer Overflow vulnerability in OpenHTJ2K v.0.18.4 and before
allows ...)
NOT-FOR-US: OpenHTJ2K
-CVE-2026-51807 (Buffer Overflow vulnerability in OpenHTJ2K v.0.18.4 and before
allows ...)
+CVE-2026-51807 (Heap-based out-of-bounds write in
j2k_precinct_subband::parse_packet_h ...)
NOT-FOR-US: OpenHTJ2K
CVE-2026-51105 (Buffer Overflow vulnerability in aMULE-Project aMule v.2.3.3
allows a ...)
- amule <unfixed> (bug #1142276)
@@ -5346,7 +5596,7 @@ CVE-2026-0275 (A local privilege escalation vulnerability
in Palo Alto Networks
NOT-FOR-US: Palo Alto Networks
CVE-2025-45422 (Incorrect access control in Proximus b-box v8c.725A allows
authenticat ...)
TODO: check
-CVE-2026-14741
+CVE-2026-14741 (HTTP::Date versions before 6.08 for Perl allow CPU exhaustion
via poly ...)
- libhttp-date-perl 6.08-1
[trixie] - libhttp-date-perl <no-dsa> (Minor issue)
[bookworm] - libhttp-date-perl <postponed> (Minor issue)
@@ -5922,7 +6172,7 @@ CVE-2026-54590 (AsyncSSH is a Python package which
provides an asynchronous clie
[bullseye] - python-asyncssh <not-affected> (Incomplete fix for
CVE-2026-45309 not applied)
NOTE:
https://github.com/ronf/asyncssh/security/advisories/GHSA-qr67-gv47-xwwh
NOTE: Fixed by:
https://github.com/ronf/asyncssh/commit/3d515ba9ba0cd9990d248bdf62bcf05d51261a88
(v2.23.1)
-CVE-2026-45309
+CVE-2026-45309 (AsyncSSH is a Python package which provides an asynchronous
client and ...)
- python-asyncssh 2.23.0-1
NOTE: https://github.com/advisories/GHSA-g794-3fmp-753h
NOTE: Fixed by:
https://github.com/ronf/asyncssh/commit/2af2382cce946c959a378a62f257af253dc4ab51
(v2.23.0)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/97c175e7c3d36c53ccb9447385300ed8708c6e6e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/97c175e7c3d36c53ccb9447385300ed8708c6e6e
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits