Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
9205b57c by security tracker role at 2026-07-18T19:13:27+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,125 @@
+CVE-2026-9323 (The urwid web display backend (urwid/display/web.py) generates 
web ses ...)
+       TODO: check
+CVE-2026-9147 (uproot dynamically generates Python class source code from ROOT 
TStrea ...)
+       TODO: check
+CVE-2026-47871 (VMware Avi Load Balancer contains a directory traversal 
vulnerability. ...)
+       TODO: check
+CVE-2026-47870 (VMware Avi Load Balancer contains a privilege escalation 
vulnerability ...)
+       TODO: check
+CVE-2026-47869 (VMware Avi Load Balancer contains a remote code execution 
vulnerabilit ...)
+       TODO: check
+CVE-2026-47868 (VMware Avi Load Balancer contains a local privilege escalation 
vulnera ...)
+       TODO: check
+CVE-2026-47867 (VMware Avi Load Balancer contains a remote code execution 
vulnerabilit ...)
+       TODO: check
+CVE-2026-47866 (VMware Avi Load Balancer contains an authorization bypass 
vulnerabilit ...)
+       TODO: check
+CVE-2026-47865 (VMware Avi Load Balancer contains an authentication bypass 
vulnerabili ...)
+       TODO: check
+CVE-2026-16158 (Impact: @fastify/reply-from versions from 8.3.1 up to but not 
includin ...)
+       TODO: check
+CVE-2026-16133 (A flaw has been found in LiuMengxuan04 MiniCode 0.1.0. 
Affected by thi ...)
+       TODO: check
+CVE-2026-16131 (A weakness has been identified in itsourcecode Hospital 
Management Sys ...)
+       TODO: check
+CVE-2026-16130 (A vulnerability was identified in nearai ironclaw up to 
0.29.1. The af ...)
+       TODO: check
+CVE-2026-16129 (A vulnerability has been found in princezuda SafestClaw up to 
4.2.4. T ...)
+       TODO: check
+CVE-2026-16128 (A security flaw has been discovered in zevorn rt-claw up to 
0.2.0. Thi ...)
+       TODO: check
+CVE-2026-16127 (A vulnerability was identified in zevorn rt-claw up to 0.2.0. 
This aff ...)
+       TODO: check
+CVE-2026-16126 (A vulnerability was determined in zevorn rt-claw up to 0.2.0. 
The impa ...)
+       TODO: check
+CVE-2026-16125 (A vulnerability was found in zevorn rt-claw up to 0.2.0. The 
affected  ...)
+       TODO: check
+CVE-2026-16124 (A security vulnerability has been detected in nextlevelbuilder 
GoClaw  ...)
+       TODO: check
+CVE-2026-16123 (A weakness has been identified in nextlevelbuilder GoClaw up 
to 3.13.2 ...)
+       TODO: check
+CVE-2026-16122 (A security flaw has been discovered in nextlevelbuilder GoClaw 
up to 3 ...)
+       TODO: check
+CVE-2026-16121 (A vulnerability was identified in nextlevelbuilder GoClaw up 
to 3.13.2 ...)
+       TODO: check
+CVE-2026-16120 (A vulnerability was determined in nextlevelbuilder GoClaw up 
to 3.13.3 ...)
+       TODO: check
+CVE-2026-16119 (A vulnerability was found in nextlevelbuilder GoClaw up to 
3.13.2. Thi ...)
+       TODO: check
+CVE-2026-16117 (Impact: @fastify/http-proxy versions up to and including 
11.5.0 fail t ...)
+       TODO: check
+CVE-2026-16097 (A vulnerability was found in Shibby Tomato 1.28. This 
vulnerability af ...)
+       TODO: check
+CVE-2026-16096 (A vulnerability has been found in Shibby Tomato 1.28 RT-N5x 
MIPSR2 Bui ...)
+       TODO: check
+CVE-2026-16095 (A flaw has been found in Shibby Tomato 1.28 RT-N5x MIPSR2 
Build 124. A ...)
+       TODO: check
+CVE-2026-16088 (A vulnerability was detected in halo-dev halo up to 2.24.2. 
Affected b ...)
+       TODO: check
+CVE-2026-16085 (A security vulnerability has been detected in Sipeed PicoClaw 
up to 0. ...)
+       TODO: check
+CVE-2026-16084 (A weakness has been identified in Sipeed PicoClaw up to 0.2.9. 
This im ...)
+       TODO: check
+CVE-2026-16083 (A security flaw has been discovered in Sipeed PicoClaw up to 
0.2.9. Th ...)
+       TODO: check
+CVE-2026-16082 (A vulnerability was identified in Sipeed PicoClaw up to 0.2.9. 
The imp ...)
+       TODO: check
+CVE-2026-16081 (A vulnerability was determined in Sipeed PicoClaw up to 0.2.9. 
The aff ...)
+       TODO: check
+CVE-2026-16077 (A vulnerability was found in AstrBotDevs AstrBot up to 4.25.5. 
Impacte ...)
+       TODO: check
+CVE-2026-15631 (Impact: @fastify/http-proxy versions from 9.4.0 up to and 
including 11 ...)
+       TODO: check
+CVE-2026-11826 (OpenPLC_v3 contains a heap-based buffer overflow in the 
getData() func ...)
+       TODO: check
+CVE-2025-71398 (SurrealDB before 2.2.2 fails to validate HTTP redirects in 
http functi ...)
+       TODO: check
+CVE-2025-71397 (SurrealDB before 2.0.5, 2.1.x before 2.1.5, and 2.2.x before 
2.2.2 all ...)
+       TODO: check
+CVE-2025-71396 (SurrealDB before 2.0.5, 2.1.x before 2.1.5, and 2.2.x before 
2.2.2 doe ...)
+       TODO: check
+CVE-2025-71395 (SurrealDB versions before 2.2.2 contain a memory exhaustion 
vulnerabil ...)
+       TODO: check
+CVE-2025-71394 (SurrealDB versions before 2.2.2 contain a local file read 
vulnerabilit ...)
+       TODO: check
+CVE-2025-71393 (SurrealDB before 2.2.2 with scripting enabled fails to 
properly enforc ...)
+       TODO: check
+CVE-2025-71392 (SurrealDB before 2.0.5, 2.1.x before 2.1.5, and 2.2.x before 
2.2.2 fai ...)
+       TODO: check
+CVE-2025-71391 (SurrealDB versions before 2.2.2 contain an uncaught exception 
vulnerab ...)
+       TODO: check
+CVE-2025-71390 (SurrealDB before 2.2.6, 2.3.6, and 2.1.8 (and 3.0.0-alpha.7 
and earlie ...)
+       TODO: check
+CVE-2024-58370 (SurrealDB versions before 1.1.0 fail to enforce recursion 
depth limits ...)
+       TODO: check
+CVE-2024-58369 (SurrealDB versions before 1.1.1 fail to properly validate 
invocation o ...)
+       TODO: check
+CVE-2024-58368 (SurrealDB versions before 1.1.0 fail to properly parse the ID, 
DB, and ...)
+       TODO: check
+CVE-2024-58367 (SurrealDB versions before 2.0.4 fail to properly enforce field 
permiss ...)
+       TODO: check
+CVE-2024-58366 (SurrealDB before 1.1.1 contains a format string vulnerability 
in the r ...)
+       TODO: check
+CVE-2024-58365 (SurrealDB versions before 1.2.0 contain an uncaught exception 
vulnerab ...)
+       TODO: check
+CVE-2024-58364 (SurrealDB versions before 1.2.1 contain an uncaught exception 
handling ...)
+       TODO: check
+CVE-2024-58363 (SurrealDB before 1.5.4 fails to properly validate 
authentication when  ...)
+       TODO: check
+CVE-2024-58362 (SurrealDB before 1.5.5 (and 2.0.0-beta before 2.0.0-beta.3) 
accepts an ...)
+       TODO: check
+CVE-2024-58361 (SurrealDB versions before 2.0.4 contain an uncaught exception 
handling ...)
+       TODO: check
+CVE-2024-58359 (SurrealDB versions before 2.1.0 contain a denial of service 
vulnerabil ...)
+       TODO: check
+CVE-2024-58358 (SurrealDB versions before 2.1.0 contain a denial of service 
vulnerabil ...)
+       TODO: check
+CVE-2024-58357 (SurrealDB versions before 2.1.0 contain an uncaught exception 
vulnerab ...)
+       TODO: check
+CVE-2024-58356 (SurrealDB before 2.1.4 silently fails to overwrite table 
definitions w ...)
+       TODO: check
+CVE-2023-54366 (SurrealDB before 1.0.1 sets default table permissions to FULL 
instead  ...)
+       TODO: check
 CVE-2026-9734 (The W3SC Elementor to Zoho CRM plugin for WordPress is 
vulnerable to C ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-8861 (IBM Security Verify could allow a remote attacker to obtain 
sensitive  ...)
@@ -546,7 +668,7 @@ CVE-2026-15904
 CVE-2026-15905
        - chromium <unfixed>
        [bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-59173
+CVE-2026-59173 (Uncontrolled Resource Consumption vulnerability in Apache 
Traffic Serv ...)
        - trafficserver <unfixed>
        [bookworm] - trafficserver <postponed> (Minor issue, DoS)
        [bullseye] - trafficserver <postponed> (Minor issue, DoS)
@@ -1392,6 +1514,7 @@ CVE-2026-11371 (The BetterDocs  WordPress plugin before 
4.5.5 does not sanitise
 CVE-2025-65720 (An issue in Open Source GPT Researcher v3.3.7 allows attackers 
to exec ...)
        TODO: check
 CVE-2026-53366 (In the Linux kernel, the following vulnerability has been 
resolved:  i ...)
+       {DLA-4688-1}
        - linux 7.1.3-1
        [trixie] - linux 6.12.95-1
        [bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -8941,7 +9064,7 @@ CVE-2026-53360 (In the Linux kernel, the following 
vulnerability has been resolv
        [bullseye] - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/db3f2195d29344a3cf1e9dd9ab7f21ced7308cf7 (7.1-rc6)
 CVE-2026-53362 (In the Linux kernel, the following vulnerability has been 
resolved:  i ...)
-       {DSA-6381-1}
+       {DSA-6381-1 DLA-4688-1}
        - linux 7.1.3-1
        [bullseye] - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/736b380e28d0480c7bc3e022f1950f31fe53a7c5 (7.2-rc1)
@@ -8951,7 +9074,7 @@ CVE-2026-53361 (In the Linux kernel, the following 
vulnerability has been resolv
        [bullseye] - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/d82ba05263c69fa2437fe93e4e561cc40f4c03af (7.1-rc3)
 CVE-2026-53359 (In the Linux kernel, the following vulnerability has been 
resolved:  K ...)
-       {DSA-6381-1}
+       {DSA-6381-1 DLA-4688-1}
        - linux 7.1.3-1
        NOTE: 
https://git.kernel.org/linus/81ccda30b4e83d8f5cc4fd50503c44e3a33abfeb (7.2-rc1)
        NOTE: https://github.com/V4bel/Januscape
@@ -10979,7 +11102,7 @@ CVE-2026-53329 (In the Linux kernel, the following 
vulnerability has been resolv
        [trixie] - linux 6.12.94-1
        NOTE: 
https://git.kernel.org/linus/da48bc4461b8a5ebfb9264c9b191a701d8e99009 (7.1-rc7)
 CVE-2026-53327 (In the Linux kernel, the following vulnerability has been 
resolved:  d ...)
-       {DSA-6381-1}
+       {DSA-6381-1 DLA-4688-1}
        - linux 7.0.13-1
        [bullseye] - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/5f41161059fd0f1bbf18c90f3180e38cc45a14eb (7.1-rc5)
@@ -14231,7 +14354,7 @@ CVE-2025-0824 (Lack of validation for firmware updatein 
Hitachi Hitachi Virtual
 CVE-2026-50160 (Hoppscotch is an API development ecosystem. In self-hosted 
deployments ...)
        NOT-FOR-US: Hoppscotch
 CVE-2026-53325 (In the Linux kernel, the following vulnerability has been 
resolved:  a ...)
-       {DSA-6381-1}
+       {DSA-6381-1 DLA-4688-1}
        - linux 7.0.14-1
        NOTE: 
https://git.kernel.org/linus/b08472db93b1ccff84a7adec5779d47f0e9d3a30 (7.2-rc1)
 CVE-2026-58302 (rtapi_app in linuxcnc-uspace in LinuxCNC before 2.9.9 allows 
privilege ...)
@@ -16993,13 +17116,13 @@ CVE-2026-53168 (In the Linux kernel, the following 
vulnerability has been resolv
        [trixie] - linux 6.12.94-1
        NOTE: 
https://git.kernel.org/linus/9c954499d43aefac01c5dfb57a82b13d2dcf4b94 (7.1-rc7)
 CVE-2026-53167 (In the Linux kernel, the following vulnerability has been 
resolved:  f ...)
-       {DSA-6381-1}
+       {DSA-6381-1 DLA-4688-1}
        - linux 7.0.13-1
        NOTE: 
https://git.kernel.org/linus/4e3d1b2c48ca6c55f1e9ca7f8dccc76f120f276c (7.1-rc7)
 CVE-2026-53166
        REJECTED
 CVE-2026-53163 (In the Linux kernel, the following vulnerability has been 
resolved:  l ...)
-       {DSA-6381-1}
+       {DSA-6381-1 DLA-4688-1}
        - linux 7.0.13-1
        [bullseye] - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/40a25d59e85b3c8709ac2424d44f65610467871e (7.1-rc7)
@@ -17020,11 +17143,12 @@ CVE-2026-53159 (In the Linux kernel, the following 
vulnerability has been resolv
        [trixie] - linux 6.12.94-1
        NOTE: 
https://git.kernel.org/linus/464c6ad2aa16e1e1df9d559289199356493d1e00 (7.1)
 CVE-2026-53158 (In the Linux kernel, the following vulnerability has been 
resolved:  m ...)
+       {DLA-4688-1}
        - linux 7.0.13-1
        [trixie] - linux 6.12.94-1
        NOTE: 
https://git.kernel.org/linus/5401fb4fe10fac6134c308495df18ed74aebb9c4 (7.1)
 CVE-2026-53157 (In the Linux kernel, the following vulnerability has been 
resolved:  n ...)
-       {DSA-6381-1}
+       {DSA-6381-1 DLA-4688-1}
        - linux 7.0.13-1
        NOTE: 
https://git.kernel.org/linus/71de0177b28da751f407581a4515cf4d762f6296 (7.1)
 CVE-2026-53156 (In the Linux kernel, the following vulnerability has been 
resolved:  n ...)
@@ -17074,10 +17198,11 @@ CVE-2026-53142 (In the Linux kernel, the following 
vulnerability has been resolv
        [bullseye] - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/68938cc08e23a94fd881e845837ff918de005ce7 (7.1)
 CVE-2026-53139 (In the Linux kernel, the following vulnerability has been 
resolved:  d ...)
-       {DSA-6381-1}
+       {DSA-6381-1 DLA-4688-1}
        - linux 7.0.13-1
        NOTE: 
https://git.kernel.org/linus/7f93fad5ea0affc9e1505dd0f7596c0fdb496213 (7.1-rc7)
 CVE-2026-53138 (In the Linux kernel, the following vulnerability has been 
resolved:  d ...)
+       {DLA-4688-1}
        - linux 7.0.13-1
        [trixie] - linux 6.12.94-1
        NOTE: 
https://git.kernel.org/linus/ff287df16a1a58aca78b08d1f3ee09fc44da0351 (7.1-rc7)
@@ -18850,6 +18975,7 @@ CVE-2026-52929 (In the Linux kernel, the following 
vulnerability has been resolv
        [trixie] - linux 6.12.94-1
        NOTE: 
https://git.kernel.org/linus/a5f8a90ac9f77c678a9781c0a464b635e0d63e49 (7.1)
 CVE-2026-52928 (In the Linux kernel, the following vulnerability has been 
resolved:  a ...)
+       {DLA-4688-1}
        - linux 7.0.7-1
        [trixie] - linux 6.12.88-1
        [bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -32743,7 +32869,7 @@ CVE-2026-46254 (In the Linux kernel, the following 
vulnerability has been resolv
        [trixie] - linux 6.12.85-1
        NOTE: 
https://git.kernel.org/linus/64802f731214a51dfe3c6c27636b3ddafd003eb0 (7.0-rc1)
 CVE-2026-46252 (In the Linux kernel, the following vulnerability has been 
resolved:  r ...)
-       {DSA-6381-1}
+       {DSA-6381-1 DLA-4688-1}
        - linux 6.19.6-1
        NOTE: 
https://git.kernel.org/linus/497330b203d2c59c5ff3fa4c34d14494d7203bc3 (7.0-rc1)
 CVE-2026-46247 (In the Linux kernel, the following vulnerability has been 
resolved:  c ...)
@@ -61056,7 +61182,7 @@ CVE-2026-31452 (In the Linux kernel, the following 
vulnerability has been resolv
        - linux 6.19.11-1
        NOTE: 
https://git.kernel.org/linus/ed9356a30e59c7cc3198e7fc46cfedf3767b9b17 (7.0-rc6)
 CVE-2026-31451 (In the Linux kernel, the following vulnerability has been 
resolved:  e ...)
-       {DSA-6238-1}
+       {DSA-6238-1 DLA-4688-1}
        - linux 6.19.11-1
        NOTE: 
https://git.kernel.org/linus/356227096eb66e41b23caf7045e6304877322edf (7.0-rc6)
 CVE-2026-31450 (In the Linux kernel, the following vulnerability has been 
resolved:  e ...)
@@ -76945,7 +77071,7 @@ CVE-2026-23303 (In the Linux kernel, the following 
vulnerability has been resolv
        - linux 6.19.8-1
        NOTE: 
https://git.kernel.org/linus/2f37dc436d4e61ff7ae0b0353cf91b8c10396e4d (7.0-rc2)
 CVE-2026-23302 (In the Linux kernel, the following vulnerability has been 
resolved:  n ...)
-       {DSA-6238-1}
+       {DSA-6238-1 DLA-4688-1}
        - linux 6.19.8-1
        NOTE: 
https://git.kernel.org/linus/2ef2b20cf4e04ac8a6ba68493f8780776ff84300 (7.0-rc3)
 CVE-2026-23300 (In the Linux kernel, the following vulnerability has been 
resolved:  n ...)
@@ -79754,7 +79880,7 @@ CVE-2024-32537 (Cross-Site request forgery (CSRF) 
vulnerability in joshuae1974 F
 CVE-2024-31119 (Improper neutralization of input during web page generation 
('cross-si ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2026-23278 (In the Linux kernel, the following vulnerability has been 
resolved:  n ...)
-       {DSA-6238-1}
+       {DSA-6238-1 DLA-4688-1}
        - linux 6.19.10-1
        NOTE: 
https://git.kernel.org/linus/7cb9a23d7ae40a702577d3d8bacb7026f04ac2a9 (7.0-rc4)
 CVE-2026-23277 (In the Linux kernel, the following vulnerability has been 
resolved:  n ...)
@@ -79780,7 +79906,7 @@ CVE-2026-23273 (In the Linux kernel, the following 
vulnerability has been resolv
        - linux 6.18.14-1
        NOTE: 
https://git.kernel.org/linus/e3f000f0dee1bfab52e2e61ca6a3835d9e187e35 (7.0-rc1)
 CVE-2026-23272 (In the Linux kernel, the following vulnerability has been 
resolved:  n ...)
-       {DSA-6355-1}
+       {DSA-6355-1 DLA-4688-1}
        - linux 6.19.8-1
        NOTE: 
https://git.kernel.org/linus/def602e498a4f951da95c95b1b8ce8ae68aa733a (7.0-rc3)
 CVE-2026-23271 (In the Linux kernel, the following vulnerability has been 
resolved:  p ...)
@@ -202146,7 +202272,7 @@ CVE-2025-23132 (In the Linux kernel, the following 
vulnerability has been resolv
        - linux 6.16.3-1
        NOTE: 
https://git.kernel.org/linus/eb85c2410d6f581e957cd03a644ff6ddbe592af9 (6.15-rc1)
 CVE-2025-23131 (In the Linux kernel, the following vulnerability has been 
resolved:  d ...)
-       {DSA-6381-1}
+       {DSA-6381-1 DLA-4688-1}
        - linux 6.16.3-1
        NOTE: 
https://git.kernel.org/linus/8e2bad543eca5c25cd02cbc63d72557934d45f13 (6.15-rc1)
 CVE-2025-23130 (In the Linux kernel, the following vulnerability has been 
resolved:  f ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9205b57c8a50870d51b5643d9e9ec53b92430498

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9205b57c8a50870d51b5643d9e9ec53b92430498
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to