Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9205b57c by security tracker role at 2026-07-18T19:13:27+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,125 @@
+CVE-2026-9323 (The urwid web display backend (urwid/display/web.py) generates
web ses ...)
+ TODO: check
+CVE-2026-9147 (uproot dynamically generates Python class source code from ROOT
TStrea ...)
+ TODO: check
+CVE-2026-47871 (VMware Avi Load Balancer contains a directory traversal
vulnerability. ...)
+ TODO: check
+CVE-2026-47870 (VMware Avi Load Balancer contains a privilege escalation
vulnerability ...)
+ TODO: check
+CVE-2026-47869 (VMware Avi Load Balancer contains a remote code execution
vulnerabilit ...)
+ TODO: check
+CVE-2026-47868 (VMware Avi Load Balancer contains a local privilege escalation
vulnera ...)
+ TODO: check
+CVE-2026-47867 (VMware Avi Load Balancer contains a remote code execution
vulnerabilit ...)
+ TODO: check
+CVE-2026-47866 (VMware Avi Load Balancer contains an authorization bypass
vulnerabilit ...)
+ TODO: check
+CVE-2026-47865 (VMware Avi Load Balancer contains an authentication bypass
vulnerabili ...)
+ TODO: check
+CVE-2026-16158 (Impact: @fastify/reply-from versions from 8.3.1 up to but not
includin ...)
+ TODO: check
+CVE-2026-16133 (A flaw has been found in LiuMengxuan04 MiniCode 0.1.0.
Affected by thi ...)
+ TODO: check
+CVE-2026-16131 (A weakness has been identified in itsourcecode Hospital
Management Sys ...)
+ TODO: check
+CVE-2026-16130 (A vulnerability was identified in nearai ironclaw up to
0.29.1. The af ...)
+ TODO: check
+CVE-2026-16129 (A vulnerability has been found in princezuda SafestClaw up to
4.2.4. T ...)
+ TODO: check
+CVE-2026-16128 (A security flaw has been discovered in zevorn rt-claw up to
0.2.0. Thi ...)
+ TODO: check
+CVE-2026-16127 (A vulnerability was identified in zevorn rt-claw up to 0.2.0.
This aff ...)
+ TODO: check
+CVE-2026-16126 (A vulnerability was determined in zevorn rt-claw up to 0.2.0.
The impa ...)
+ TODO: check
+CVE-2026-16125 (A vulnerability was found in zevorn rt-claw up to 0.2.0. The
affected ...)
+ TODO: check
+CVE-2026-16124 (A security vulnerability has been detected in nextlevelbuilder
GoClaw ...)
+ TODO: check
+CVE-2026-16123 (A weakness has been identified in nextlevelbuilder GoClaw up
to 3.13.2 ...)
+ TODO: check
+CVE-2026-16122 (A security flaw has been discovered in nextlevelbuilder GoClaw
up to 3 ...)
+ TODO: check
+CVE-2026-16121 (A vulnerability was identified in nextlevelbuilder GoClaw up
to 3.13.2 ...)
+ TODO: check
+CVE-2026-16120 (A vulnerability was determined in nextlevelbuilder GoClaw up
to 3.13.3 ...)
+ TODO: check
+CVE-2026-16119 (A vulnerability was found in nextlevelbuilder GoClaw up to
3.13.2. Thi ...)
+ TODO: check
+CVE-2026-16117 (Impact: @fastify/http-proxy versions up to and including
11.5.0 fail t ...)
+ TODO: check
+CVE-2026-16097 (A vulnerability was found in Shibby Tomato 1.28. This
vulnerability af ...)
+ TODO: check
+CVE-2026-16096 (A vulnerability has been found in Shibby Tomato 1.28 RT-N5x
MIPSR2 Bui ...)
+ TODO: check
+CVE-2026-16095 (A flaw has been found in Shibby Tomato 1.28 RT-N5x MIPSR2
Build 124. A ...)
+ TODO: check
+CVE-2026-16088 (A vulnerability was detected in halo-dev halo up to 2.24.2.
Affected b ...)
+ TODO: check
+CVE-2026-16085 (A security vulnerability has been detected in Sipeed PicoClaw
up to 0. ...)
+ TODO: check
+CVE-2026-16084 (A weakness has been identified in Sipeed PicoClaw up to 0.2.9.
This im ...)
+ TODO: check
+CVE-2026-16083 (A security flaw has been discovered in Sipeed PicoClaw up to
0.2.9. Th ...)
+ TODO: check
+CVE-2026-16082 (A vulnerability was identified in Sipeed PicoClaw up to 0.2.9.
The imp ...)
+ TODO: check
+CVE-2026-16081 (A vulnerability was determined in Sipeed PicoClaw up to 0.2.9.
The aff ...)
+ TODO: check
+CVE-2026-16077 (A vulnerability was found in AstrBotDevs AstrBot up to 4.25.5.
Impacte ...)
+ TODO: check
+CVE-2026-15631 (Impact: @fastify/http-proxy versions from 9.4.0 up to and
including 11 ...)
+ TODO: check
+CVE-2026-11826 (OpenPLC_v3 contains a heap-based buffer overflow in the
getData() func ...)
+ TODO: check
+CVE-2025-71398 (SurrealDB before 2.2.2 fails to validate HTTP redirects in
http functi ...)
+ TODO: check
+CVE-2025-71397 (SurrealDB before 2.0.5, 2.1.x before 2.1.5, and 2.2.x before
2.2.2 all ...)
+ TODO: check
+CVE-2025-71396 (SurrealDB before 2.0.5, 2.1.x before 2.1.5, and 2.2.x before
2.2.2 doe ...)
+ TODO: check
+CVE-2025-71395 (SurrealDB versions before 2.2.2 contain a memory exhaustion
vulnerabil ...)
+ TODO: check
+CVE-2025-71394 (SurrealDB versions before 2.2.2 contain a local file read
vulnerabilit ...)
+ TODO: check
+CVE-2025-71393 (SurrealDB before 2.2.2 with scripting enabled fails to
properly enforc ...)
+ TODO: check
+CVE-2025-71392 (SurrealDB before 2.0.5, 2.1.x before 2.1.5, and 2.2.x before
2.2.2 fai ...)
+ TODO: check
+CVE-2025-71391 (SurrealDB versions before 2.2.2 contain an uncaught exception
vulnerab ...)
+ TODO: check
+CVE-2025-71390 (SurrealDB before 2.2.6, 2.3.6, and 2.1.8 (and 3.0.0-alpha.7
and earlie ...)
+ TODO: check
+CVE-2024-58370 (SurrealDB versions before 1.1.0 fail to enforce recursion
depth limits ...)
+ TODO: check
+CVE-2024-58369 (SurrealDB versions before 1.1.1 fail to properly validate
invocation o ...)
+ TODO: check
+CVE-2024-58368 (SurrealDB versions before 1.1.0 fail to properly parse the ID,
DB, and ...)
+ TODO: check
+CVE-2024-58367 (SurrealDB versions before 2.0.4 fail to properly enforce field
permiss ...)
+ TODO: check
+CVE-2024-58366 (SurrealDB before 1.1.1 contains a format string vulnerability
in the r ...)
+ TODO: check
+CVE-2024-58365 (SurrealDB versions before 1.2.0 contain an uncaught exception
vulnerab ...)
+ TODO: check
+CVE-2024-58364 (SurrealDB versions before 1.2.1 contain an uncaught exception
handling ...)
+ TODO: check
+CVE-2024-58363 (SurrealDB before 1.5.4 fails to properly validate
authentication when ...)
+ TODO: check
+CVE-2024-58362 (SurrealDB before 1.5.5 (and 2.0.0-beta before 2.0.0-beta.3)
accepts an ...)
+ TODO: check
+CVE-2024-58361 (SurrealDB versions before 2.0.4 contain an uncaught exception
handling ...)
+ TODO: check
+CVE-2024-58359 (SurrealDB versions before 2.1.0 contain a denial of service
vulnerabil ...)
+ TODO: check
+CVE-2024-58358 (SurrealDB versions before 2.1.0 contain a denial of service
vulnerabil ...)
+ TODO: check
+CVE-2024-58357 (SurrealDB versions before 2.1.0 contain an uncaught exception
vulnerab ...)
+ TODO: check
+CVE-2024-58356 (SurrealDB before 2.1.4 silently fails to overwrite table
definitions w ...)
+ TODO: check
+CVE-2023-54366 (SurrealDB before 1.0.1 sets default table permissions to FULL
instead ...)
+ TODO: check
CVE-2026-9734 (The W3SC Elementor to Zoho CRM plugin for WordPress is
vulnerable to C ...)
NOT-FOR-US: WordPress plugin
CVE-2026-8861 (IBM Security Verify could allow a remote attacker to obtain
sensitive ...)
@@ -546,7 +668,7 @@ CVE-2026-15904
CVE-2026-15905
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-59173
+CVE-2026-59173 (Uncontrolled Resource Consumption vulnerability in Apache
Traffic Serv ...)
- trafficserver <unfixed>
[bookworm] - trafficserver <postponed> (Minor issue, DoS)
[bullseye] - trafficserver <postponed> (Minor issue, DoS)
@@ -1392,6 +1514,7 @@ CVE-2026-11371 (The BetterDocs WordPress plugin before
4.5.5 does not sanitise
CVE-2025-65720 (An issue in Open Source GPT Researcher v3.3.7 allows attackers
to exec ...)
TODO: check
CVE-2026-53366 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
+ {DLA-4688-1}
- linux 7.1.3-1
[trixie] - linux 6.12.95-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -8941,7 +9064,7 @@ CVE-2026-53360 (In the Linux kernel, the following
vulnerability has been resolv
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/db3f2195d29344a3cf1e9dd9ab7f21ced7308cf7 (7.1-rc6)
CVE-2026-53362 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
- {DSA-6381-1}
+ {DSA-6381-1 DLA-4688-1}
- linux 7.1.3-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/736b380e28d0480c7bc3e022f1950f31fe53a7c5 (7.2-rc1)
@@ -8951,7 +9074,7 @@ CVE-2026-53361 (In the Linux kernel, the following
vulnerability has been resolv
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/d82ba05263c69fa2437fe93e4e561cc40f4c03af (7.1-rc3)
CVE-2026-53359 (In the Linux kernel, the following vulnerability has been
resolved: K ...)
- {DSA-6381-1}
+ {DSA-6381-1 DLA-4688-1}
- linux 7.1.3-1
NOTE:
https://git.kernel.org/linus/81ccda30b4e83d8f5cc4fd50503c44e3a33abfeb (7.2-rc1)
NOTE: https://github.com/V4bel/Januscape
@@ -10979,7 +11102,7 @@ CVE-2026-53329 (In the Linux kernel, the following
vulnerability has been resolv
[trixie] - linux 6.12.94-1
NOTE:
https://git.kernel.org/linus/da48bc4461b8a5ebfb9264c9b191a701d8e99009 (7.1-rc7)
CVE-2026-53327 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- {DSA-6381-1}
+ {DSA-6381-1 DLA-4688-1}
- linux 7.0.13-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/5f41161059fd0f1bbf18c90f3180e38cc45a14eb (7.1-rc5)
@@ -14231,7 +14354,7 @@ CVE-2025-0824 (Lack of validation for firmware updatein
Hitachi Hitachi Virtual
CVE-2026-50160 (Hoppscotch is an API development ecosystem. In self-hosted
deployments ...)
NOT-FOR-US: Hoppscotch
CVE-2026-53325 (In the Linux kernel, the following vulnerability has been
resolved: a ...)
- {DSA-6381-1}
+ {DSA-6381-1 DLA-4688-1}
- linux 7.0.14-1
NOTE:
https://git.kernel.org/linus/b08472db93b1ccff84a7adec5779d47f0e9d3a30 (7.2-rc1)
CVE-2026-58302 (rtapi_app in linuxcnc-uspace in LinuxCNC before 2.9.9 allows
privilege ...)
@@ -16993,13 +17116,13 @@ CVE-2026-53168 (In the Linux kernel, the following
vulnerability has been resolv
[trixie] - linux 6.12.94-1
NOTE:
https://git.kernel.org/linus/9c954499d43aefac01c5dfb57a82b13d2dcf4b94 (7.1-rc7)
CVE-2026-53167 (In the Linux kernel, the following vulnerability has been
resolved: f ...)
- {DSA-6381-1}
+ {DSA-6381-1 DLA-4688-1}
- linux 7.0.13-1
NOTE:
https://git.kernel.org/linus/4e3d1b2c48ca6c55f1e9ca7f8dccc76f120f276c (7.1-rc7)
CVE-2026-53166
REJECTED
CVE-2026-53163 (In the Linux kernel, the following vulnerability has been
resolved: l ...)
- {DSA-6381-1}
+ {DSA-6381-1 DLA-4688-1}
- linux 7.0.13-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/40a25d59e85b3c8709ac2424d44f65610467871e (7.1-rc7)
@@ -17020,11 +17143,12 @@ CVE-2026-53159 (In the Linux kernel, the following
vulnerability has been resolv
[trixie] - linux 6.12.94-1
NOTE:
https://git.kernel.org/linus/464c6ad2aa16e1e1df9d559289199356493d1e00 (7.1)
CVE-2026-53158 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
+ {DLA-4688-1}
- linux 7.0.13-1
[trixie] - linux 6.12.94-1
NOTE:
https://git.kernel.org/linus/5401fb4fe10fac6134c308495df18ed74aebb9c4 (7.1)
CVE-2026-53157 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- {DSA-6381-1}
+ {DSA-6381-1 DLA-4688-1}
- linux 7.0.13-1
NOTE:
https://git.kernel.org/linus/71de0177b28da751f407581a4515cf4d762f6296 (7.1)
CVE-2026-53156 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
@@ -17074,10 +17198,11 @@ CVE-2026-53142 (In the Linux kernel, the following
vulnerability has been resolv
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/68938cc08e23a94fd881e845837ff918de005ce7 (7.1)
CVE-2026-53139 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- {DSA-6381-1}
+ {DSA-6381-1 DLA-4688-1}
- linux 7.0.13-1
NOTE:
https://git.kernel.org/linus/7f93fad5ea0affc9e1505dd0f7596c0fdb496213 (7.1-rc7)
CVE-2026-53138 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
+ {DLA-4688-1}
- linux 7.0.13-1
[trixie] - linux 6.12.94-1
NOTE:
https://git.kernel.org/linus/ff287df16a1a58aca78b08d1f3ee09fc44da0351 (7.1-rc7)
@@ -18850,6 +18975,7 @@ CVE-2026-52929 (In the Linux kernel, the following
vulnerability has been resolv
[trixie] - linux 6.12.94-1
NOTE:
https://git.kernel.org/linus/a5f8a90ac9f77c678a9781c0a464b635e0d63e49 (7.1)
CVE-2026-52928 (In the Linux kernel, the following vulnerability has been
resolved: a ...)
+ {DLA-4688-1}
- linux 7.0.7-1
[trixie] - linux 6.12.88-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -32743,7 +32869,7 @@ CVE-2026-46254 (In the Linux kernel, the following
vulnerability has been resolv
[trixie] - linux 6.12.85-1
NOTE:
https://git.kernel.org/linus/64802f731214a51dfe3c6c27636b3ddafd003eb0 (7.0-rc1)
CVE-2026-46252 (In the Linux kernel, the following vulnerability has been
resolved: r ...)
- {DSA-6381-1}
+ {DSA-6381-1 DLA-4688-1}
- linux 6.19.6-1
NOTE:
https://git.kernel.org/linus/497330b203d2c59c5ff3fa4c34d14494d7203bc3 (7.0-rc1)
CVE-2026-46247 (In the Linux kernel, the following vulnerability has been
resolved: c ...)
@@ -61056,7 +61182,7 @@ CVE-2026-31452 (In the Linux kernel, the following
vulnerability has been resolv
- linux 6.19.11-1
NOTE:
https://git.kernel.org/linus/ed9356a30e59c7cc3198e7fc46cfedf3767b9b17 (7.0-rc6)
CVE-2026-31451 (In the Linux kernel, the following vulnerability has been
resolved: e ...)
- {DSA-6238-1}
+ {DSA-6238-1 DLA-4688-1}
- linux 6.19.11-1
NOTE:
https://git.kernel.org/linus/356227096eb66e41b23caf7045e6304877322edf (7.0-rc6)
CVE-2026-31450 (In the Linux kernel, the following vulnerability has been
resolved: e ...)
@@ -76945,7 +77071,7 @@ CVE-2026-23303 (In the Linux kernel, the following
vulnerability has been resolv
- linux 6.19.8-1
NOTE:
https://git.kernel.org/linus/2f37dc436d4e61ff7ae0b0353cf91b8c10396e4d (7.0-rc2)
CVE-2026-23302 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- {DSA-6238-1}
+ {DSA-6238-1 DLA-4688-1}
- linux 6.19.8-1
NOTE:
https://git.kernel.org/linus/2ef2b20cf4e04ac8a6ba68493f8780776ff84300 (7.0-rc3)
CVE-2026-23300 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
@@ -79754,7 +79880,7 @@ CVE-2024-32537 (Cross-Site request forgery (CSRF)
vulnerability in joshuae1974 F
CVE-2024-31119 (Improper neutralization of input during web page generation
('cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-23278 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- {DSA-6238-1}
+ {DSA-6238-1 DLA-4688-1}
- linux 6.19.10-1
NOTE:
https://git.kernel.org/linus/7cb9a23d7ae40a702577d3d8bacb7026f04ac2a9 (7.0-rc4)
CVE-2026-23277 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
@@ -79780,7 +79906,7 @@ CVE-2026-23273 (In the Linux kernel, the following
vulnerability has been resolv
- linux 6.18.14-1
NOTE:
https://git.kernel.org/linus/e3f000f0dee1bfab52e2e61ca6a3835d9e187e35 (7.0-rc1)
CVE-2026-23272 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- {DSA-6355-1}
+ {DSA-6355-1 DLA-4688-1}
- linux 6.19.8-1
NOTE:
https://git.kernel.org/linus/def602e498a4f951da95c95b1b8ce8ae68aa733a (7.0-rc3)
CVE-2026-23271 (In the Linux kernel, the following vulnerability has been
resolved: p ...)
@@ -202146,7 +202272,7 @@ CVE-2025-23132 (In the Linux kernel, the following
vulnerability has been resolv
- linux 6.16.3-1
NOTE:
https://git.kernel.org/linus/eb85c2410d6f581e957cd03a644ff6ddbe592af9 (6.15-rc1)
CVE-2025-23131 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- {DSA-6381-1}
+ {DSA-6381-1 DLA-4688-1}
- linux 6.16.3-1
NOTE:
https://git.kernel.org/linus/8e2bad543eca5c25cd02cbc63d72557934d45f13 (6.15-rc1)
CVE-2025-23130 (In the Linux kernel, the following vulnerability has been
resolved: f ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9205b57c8a50870d51b5643d9e9ec53b92430498
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9205b57c8a50870d51b5643d9e9ec53b92430498
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits