Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
703f6602 by security tracker role at 2026-06-25T07:13:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,6 +1,332 @@
-CVE-2026-13201
+CVE-2026-9787 (Quest NetVault Backup NVBULogDaemon Command Injection Remote
Code Exec ...)
+ TODO: check
+CVE-2026-9786 (Quest NetVault Backup NVBUDashboard SQL Injection Remote Code
Executio ...)
+ TODO: check
+CVE-2026-9785 (Quest NetVault Backup NVBULibrarySlot SQL Injection Remote Code
Execut ...)
+ TODO: check
+CVE-2026-9784 (Quest NetVault Backup NVBULibraryPort SQL Injection Remote Code
Execut ...)
+ TODO: check
+CVE-2026-9783 (Quest NetVault Backup NVBURemovableMedia SQL Injection Remote
Code Exe ...)
+ TODO: check
+CVE-2026-9782 (Quest NetVault Backup NVBUDeviceDrive SQL Injection Remote Code
Execut ...)
+ TODO: check
+CVE-2026-9781 (Quest NetVault Backup NVBURASDevice SQL Injection Remote Code
Executio ...)
+ TODO: check
+CVE-2026-9780 (Quest NetVault Backup addclient3 Cross-Site Scripting
Authentication B ...)
+ TODO: check
+CVE-2026-9779 (ATEN Unizon doCryptoHugeFileToFile Improper Verification of
Cryptograp ...)
+ TODO: check
+CVE-2026-9778 (ATEN Unizon ImportDeviceList Directory Traversal Remote Code
Execution ...)
+ TODO: check
+CVE-2026-9777 (ATEN Unizon restoreDB Directory Traversal Remote Code Execution
Vulner ...)
+ TODO: check
+CVE-2026-9776 (ATEN Unizon writeFileToHttpServletResponse Directory Traversal
Informa ...)
+ TODO: check
+CVE-2026-9775 (ATEN Unizon uploadSSL Directory Traversal Arbitrary File
Deletion Vuln ...)
+ TODO: check
+CVE-2026-9774 (ATEN Unizon updateLicense Directory Traversal Arbitrary File
Deletion ...)
+ TODO: check
+CVE-2026-9773 (Unraid Web Server ToggleState Command Injection Remote Code
Execution ...)
+ TODO: check
+CVE-2026-9772 (Unraid Web Server FileUpload Command Injection Remote Code
Execution V ...)
+ TODO: check
+CVE-2026-9702 (The InPost PL WordPress plugin before 1.9.1 does not verify
that the r ...)
+ TODO: check
+CVE-2026-9155 (OS Command Injection vulnerability in Rapid7 InsightConnect Sed
Plugin ...)
+ TODO: check
+CVE-2026-9154 (Arbitrary File Write vulnerability in Rapid7 InsightConnect Sed
Plugin ...)
+ TODO: check
+CVE-2026-9153 (Arbitrary File Read vulnerability in Rapid7 InsightConnect Sed
Plugin ...)
+ TODO: check
+CVE-2026-8666 (OS Command Injection vulnerability in the traceroute action of
Rapid7 ...)
+ TODO: check
+CVE-2026-8665 (OS Command Injection vulnerability in the TR action of Rapid7
InsightC ...)
+ TODO: check
+CVE-2026-8664 (OS Command Injection vulnerability in Rapid7 InsightConnect
Finger Plu ...)
+ TODO: check
+CVE-2026-8663 (OS Command Injection vulnerability in Rapid7 InsightConnect RPM
Plugin ...)
+ TODO: check
+CVE-2026-8662 (Path Traversal vulnerability in the create_archive function of
Rapid7 ...)
+ TODO: check
+CVE-2026-8660 (OS Command Injection vulnerability in the ping action of Rapid7
Insigh ...)
+ TODO: check
+CVE-2026-8659 (OS Command Injection vulnerability in Rapid7 InsightConnect
SQLmap Plu ...)
+ TODO: check
+CVE-2026-8658 (OS Command Injection vulnerability in Rapid7 InsightConnect
Tcpdump Pl ...)
+ TODO: check
+CVE-2026-8592 (OS Command Injection vulnerability in the process_string action
of Rap ...)
+ TODO: check
+CVE-2026-8330 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
+ TODO: check
+CVE-2026-7570 (Quest NetVault Backup NVBUDashboard SQL Injection Remote Code
Executio ...)
+ TODO: check
+CVE-2026-7569 (Quest NetVault Backup viewclient Cross-Site Scripting
Authentication B ...)
+ TODO: check
+CVE-2026-7539 (A potential security vulnerability has been identified in the
HP Acces ...)
+ TODO: check
+CVE-2026-5952 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
+ TODO: check
+CVE-2026-5796 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
+ TODO: check
+CVE-2026-5309 (GitLab has remediated an issue in GitLab EE affecting all
versions fro ...)
+ TODO: check
+CVE-2026-5305 (The Email Address Encoder WordPress plugin before 1.0.25,
email-encode ...)
+ TODO: check
+CVE-2026-57589 (sys/kern/sysv_sem.c in OpenBSD through 7.9 has a
use-after-free allowi ...)
+ TODO: check
+CVE-2026-55762 (Rocket.Chat is an open-source, secure, fully customizable
communicatio ...)
+ TODO: check
+CVE-2026-55759 (Rocket.Chat is an open-source, secure, fully customizable
communicatio ...)
+ TODO: check
+CVE-2026-55666 (Rocket.Chat is an open-source, secure, fully customizable
communicatio ...)
+ TODO: check
+CVE-2026-55583 (Twenty is an open-source CRM (customer relationship
management) platfo ...)
+ TODO: check
+CVE-2026-55570 (SiYuan is an open-source personal knowledge management system.
Prior t ...)
+ TODO: check
+CVE-2026-55455 (Appsmith is a platform to build admin panels, internal tools,
and dash ...)
+ TODO: check
+CVE-2026-55454 (Appsmith is a platform to build admin panels, internal tools,
and dash ...)
+ TODO: check
+CVE-2026-54759 (SiYuan is an open-source personal knowledge management system.
Prior t ...)
+ TODO: check
+CVE-2026-54158 (SiYuan is an open-source personal knowledge management system.
Prior t ...)
+ TODO: check
+CVE-2026-54070 (SiYuan is an open-source personal knowledge management system.
Prior t ...)
+ TODO: check
+CVE-2026-54069 (SiYuan is an open-source personal knowledge management system.
Prior t ...)
+ TODO: check
+CVE-2026-54068 (SiYuan is an open-source personal knowledge management system.
Prior t ...)
+ TODO: check
+CVE-2026-54067 (SiYuan is an open-source personal knowledge management system.
Prior t ...)
+ TODO: check
+CVE-2026-54066 (SiYuan is an open-source personal knowledge management system.
Prior t ...)
+ TODO: check
+CVE-2026-53766 (Chrome DevTools for agents (chrome-devtools-mcp) lets your
coding agen ...)
+ TODO: check
+CVE-2026-53765 (Chrome DevTools for agents (chrome-devtools-mcp) lets your
coding agen ...)
+ TODO: check
+CVE-2026-52816 (Gogs is an open source self-hosted Git service. Prior to
0.14.3, the J ...)
+ TODO: check
+CVE-2026-52815 (Gogs is an open source self-hosted Git service. Prior to
0.14.3, Gogs ...)
+ TODO: check
+CVE-2026-52814 (Gogs is an open source self-hosted Git service. Prior to
0.14.3, the G ...)
+ TODO: check
+CVE-2026-52813 (Gogs is an open source self-hosted Git service. Prior to
0.14.3, organ ...)
+ TODO: check
+CVE-2026-52812 (Gogs is an open source self-hosted Git service. Prior to
0.14.3, Git L ...)
+ TODO: check
+CVE-2026-52811 (Gogs is an open source self-hosted Git service. Prior to
0.14.3, (*Rep ...)
+ TODO: check
+CVE-2026-52810 (Gogs is an open source self-hosted Git service. Prior to
0.14.3, Git s ...)
+ TODO: check
+CVE-2026-52809 (Gogs is an open source self-hosted Git service. Prior to
0.14.3, passw ...)
+ TODO: check
+CVE-2026-52808 (Gogs is an open source self-hosted Git service. Prior to
0.14.3, three ...)
+ TODO: check
+CVE-2026-52807 (Gogs is an open source self-hosted Git service. Prior to
0.14.3, in ne ...)
+ TODO: check
+CVE-2026-52806 (Gogs is an open source self-hosted Git service. Prior to
0.14.3, Gogs ...)
+ TODO: check
+CVE-2026-52805 (Gogs is an open source self-hosted Git service. Prior to
0.14.3, a Ser ...)
+ TODO: check
+CVE-2026-52804 (Gogs is an open source self-hosted Git service. Prior to
0.14.3, a rep ...)
+ TODO: check
+CVE-2026-52802 (Gogs is an open source self-hosted Git service. Prior to
0.14.3, an op ...)
+ TODO: check
+CVE-2026-52801 (Gogs is an open source self-hosted Git service. Prior to
0.14.3, the G ...)
+ TODO: check
+CVE-2026-52800 (Gogs is an open source self-hosted Git service. Prior to
0.14.3, organ ...)
+ TODO: check
+CVE-2026-52799 (Gogs is an open source self-hosted Git service. Prior to
0.14.3, GET / ...)
+ TODO: check
+CVE-2026-52798 (Gogs is an open source self-hosted Git service. Prior to
0.14.3, altho ...)
+ TODO: check
+CVE-2026-52797 (Gogs is an open source self-hosted Git service. Prior to
0.14.0, as an ...)
+ TODO: check
+CVE-2026-52796 (Gogs is an open source self-hosted Git service. Prior to
0.14.3, speci ...)
+ TODO: check
+CVE-2026-52795 (Gogs is an open source self-hosted Git service. In 0.14.3 and
earlier, ...)
+ TODO: check
+CVE-2026-52794 (Sentry is an error tracking and performance monitoring tool.
From 24.4 ...)
+ TODO: check
+CVE-2026-50551 (SiYuan is an open-source personal knowledge management system.
Prior t ...)
+ TODO: check
+CVE-2026-50189 (Appsmith is a platform to build admin panels, internal tools,
and dash ...)
+ TODO: check
+CVE-2026-50129 (Mastodon is a free, open-source social network server based on
Activit ...)
+ TODO: check
+CVE-2026-50128 (Mastodon is a free, open-source social network server based on
Activit ...)
+ TODO: check
+CVE-2026-49979 (Appsmith is a platform to build admin panels, internal tools,
and dash ...)
+ TODO: check
+CVE-2026-49278 (Rocket.Chat is an open-source, secure, fully customizable
communicatio ...)
+ TODO: check
+CVE-2026-49277 (Rocket.Chat is an open-source, secure, fully customizable
communicatio ...)
+ TODO: check
+CVE-2026-48028 (Mastodon is a free, open-source social network server based on
Activit ...)
+ TODO: check
+CVE-2026-47733 (Rocket.Chat is an open-source, secure, fully customizable
communicatio ...)
+ TODO: check
+CVE-2026-47389 (Mastodon is a free, open-source social network server based on
Activit ...)
+ TODO: check
+CVE-2026-47267 (Gogs is an open source self-hosted Git service. Prior to
0.14.3, the f ...)
+ TODO: check
+CVE-2026-47110 (Tiptap for PHP before version 2.1.1 contains an input
validation vulne ...)
+ TODO: check
+CVE-2026-47093
+ REJECTED
+CVE-2026-46423 (Rocket.Chat is an open-source, secure, fully customizable
communicatio ...)
+ TODO: check
+CVE-2026-46349 (Mastodon is a free, open-source social network server based on
Activit ...)
+ TODO: check
+CVE-2026-46348 (Mastodon is a free, open-source social network server based on
Activit ...)
+ TODO: check
+CVE-2026-45757 (Rocket.Chat is an open-source, secure, fully customizable
communicatio ...)
+ TODO: check
+CVE-2026-45689 (Rocket.Chat is an open-source, secure, fully customizable
communicatio ...)
+ TODO: check
+CVE-2026-45688 (Rocket.Chat is an open-source, secure, fully customizable
communicatio ...)
+ TODO: check
+CVE-2026-45687 (Rocket.Chat is an open-source, secure, fully customizable
communicatio ...)
+ TODO: check
+CVE-2026-45677 (Rocket.Chat is an open-source, secure, fully customizable
communicatio ...)
+ TODO: check
+CVE-2026-40079 (Cacti is an open source performance and fault management
framework. Ve ...)
+ TODO: check
+CVE-2026-3176 (GitLab has remediated an issue in GitLab EE affecting all
versions fro ...)
+ TODO: check
+CVE-2026-39955 (Cacti is an open source performance and fault management
framework. Ve ...)
+ TODO: check
+CVE-2026-39951 (Cacti is an open source performance and fault management
framework. Ve ...)
+ TODO: check
+CVE-2026-39948 (Cacti is an open source performance and fault management
framework. In ...)
+ TODO: check
+CVE-2026-39938 (Cacti is an open source performance and fault management
framework. Ve ...)
+ TODO: check
+CVE-2026-39900 (Cacti is an open source performance and fault management
framework. Ve ...)
+ TODO: check
+CVE-2026-39899 (Cacti is an open source performance and fault management
framework. Ve ...)
+ TODO: check
+CVE-2026-39897 (Cacti is an open source performance and fault management
framework. Ve ...)
+ TODO: check
+CVE-2026-39894 (Cacti is an open source performance and fault management
framework. In ...)
+ TODO: check
+CVE-2026-39893 (Cacti is an open source performance and fault management
framework. In ...)
+ TODO: check
+CVE-2026-33543 (FOSSBilling is a free, open-source billing and client
management syste ...)
+ TODO: check
+CVE-2026-33235 (AutoGPT is a workflow automation platform for creating,
deploying, and ...)
+ TODO: check
+CVE-2026-32315 (motionEye (mEye) is an online interface for motion software, a
video s ...)
+ TODO: check
+CVE-2026-31978 (motionEye (mEye) is an online interface for motion software,
which is ...)
+ TODO: check
+CVE-2026-2508 (The Gravity Forms Booking plugin for WordPress is vulnerable to
time-b ...)
+ TODO: check
+CVE-2026-2238 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
+ TODO: check
+CVE-2026-27708 (FOSSBilling is a free, open-source billing and client
management syste ...)
+ TODO: check
+CVE-2026-25119 (Gogs is an open source self-hosted Git service. Prior to
0.14.3, when ...)
+ TODO: check
+CVE-2026-23879 (py7zr is a Python-based library and utility to support 7zip
archive co ...)
+ TODO: check
+CVE-2026-1840 (The Aclara Metrum Cellular Web Interface is vulnerable to
unauthorized ...)
+ TODO: check
+CVE-2026-1606 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
+ TODO: check
+CVE-2026-13311 (shell-quote prior to 1.8.5 finalizes parsed tokens in parse()
using Ar ...)
+ TODO: check
+CVE-2026-13038 (Use after free in Autofill in Google Chrome on Windows prior
to 149.0. ...)
+ TODO: check
+CVE-2026-13037 (Use after free in WebView in Google Chrome on Android prior to
149.0.7 ...)
+ TODO: check
+CVE-2026-13036 (Use after free in Blink in Google Chrome prior to
149.0.7827.197 allow ...)
+ TODO: check
+CVE-2026-13035 (Use after free in Bluetooth in Google Chrome on Mac prior to
149.0.782 ...)
+ TODO: check
+CVE-2026-13034 (Inappropriate implementation in Passwords in Google Chrome
prior to 14 ...)
+ TODO: check
+CVE-2026-13033 (Out of bounds read and write in Blink>InterestGroups in Google
Chrome ...)
+ TODO: check
+CVE-2026-13032 (Use after free in WebGL in Google Chrome on Android prior to
149.0.782 ...)
+ TODO: check
+CVE-2026-13031 (Use after free in Blink in Google Chrome prior to
149.0.7827.197 allow ...)
+ TODO: check
+CVE-2026-13030 (Uninitialized Use in GPU in Google Chrome on Android prior to
149.0.78 ...)
+ TODO: check
+CVE-2026-13029 (Use after free in Web Authentication in Google Chrome prior to
149.0.7 ...)
+ TODO: check
+CVE-2026-13028 (Use after free in WebGL in Google Chrome on Android prior to
149.0.782 ...)
+ TODO: check
+CVE-2026-13027 (Use after free in FileSystem in Google Chrome prior to
149.0.7827.197 ...)
+ TODO: check
+CVE-2026-13026 (Use after free in Digital Credentials in Google Chrome on Mac
prior to ...)
+ TODO: check
+CVE-2026-13025 (Race in DevTools in Google Chrome prior to 149.0.7827.197
allowed a re ...)
+ TODO: check
+CVE-2026-13024 (Insufficient validation of untrusted input in Navigation in
Google Chr ...)
+ TODO: check
+CVE-2026-13023 (Uninitialized Use in GPU in Google Chrome prior to
149.0.7827.197 allo ...)
+ TODO: check
+CVE-2026-13022 (Inappropriate implementation in Autofill in Google Chrome
prior to 149 ...)
+ TODO: check
+CVE-2026-13021 (Inappropriate implementation in DeviceBoundSessionCredentials
in Googl ...)
+ TODO: check
+CVE-2026-12635 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
+ TODO: check
+CVE-2026-12490 (When a provide-xfr is given with a tls-auth-name, a secondary
requesti ...)
+ TODO: check
+CVE-2026-12246 (NSD version 4.14.0 introduced a bug where a specially crafted
APL RR, ...)
+ TODO: check
+CVE-2026-12245 (NSD from version 4.13.0 has a heap use-after-free bug in
logging error ...)
+ TODO: check
+CVE-2026-12244 (If NSD is configured as secondary for a zone, the primary of
that zone ...)
+ TODO: check
+CVE-2026-12079 (The Dokan Pro plugin for WordPress is vulnerable to time-based
SQL Inj ...)
+ TODO: check
+CVE-2026-12077 (The Dokan Pro plugin for WordPress is vulnerable to time-based
SQL Inj ...)
+ TODO: check
+CVE-2026-12053 (GitLab has remediated an issue in GitLab EE affecting all
versions fro ...)
+ TODO: check
+CVE-2026-11998 (A flaw in AngularJS' Strict Contextual Escaping (SCE) logic
allows byp ...)
+ TODO: check
+CVE-2026-11379 (GitLab has remediated an issue in GitLab EE affecting all
versions fro ...)
+ TODO: check
+CVE-2026-10833 (The Gutenberg Essential Blocks \u2013 Page Builder for
Gutenberg Block ...)
+ TODO: check
+CVE-2026-10824 (The Masteriyo LMS WordPress plugin before 2.2.1 does not
perform auth ...)
+ TODO: check
+CVE-2026-10712 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
+ TODO: check
+CVE-2026-10642 (The Zephyr PL011 UART driver (drivers/serial/uart_pl011.c)
contains an ...)
+ TODO: check
+CVE-2026-10086 (GitLab has remediated an issue in GitLab EE affecting all
versions fro ...)
+ TODO: check
+CVE-2026-10043 (MosaicML Composer Deserialization of Untrusted Data Remote
Code Execut ...)
+ TODO: check
+CVE-2026-0934 (GitLab has remediated an issue in GitLab EE affecting all
versions fro ...)
+ TODO: check
+CVE-2025-8106
+ REJECTED
+CVE-2025-64719 (Gogs is an open source self-hosted Git service. Prior to
0.14.3, a mal ...)
+ TODO: check
+CVE-2025-60474 (A buffer overflow in the gf_media_import function
(/media_tools/av_par ...)
+ TODO: check
+CVE-2025-60473 (A NULL pointer dereference in the gf_filter_in_parent_chain
function ( ...)
+ TODO: check
+CVE-2025-60471 (A use-after-free in the gf_filter_pid_reconfigure_task_discard
functio ...)
+ TODO: check
+CVE-2025-60468 (GPAC Multimedia Open Source Project GPAC Project/MP4Box
2.5-DEV-rev159 ...)
+ TODO: check
+CVE-2025-60467 (A use-after-free in the gf_filter_pid_inst_swap_delete_task
function ( ...)
+ TODO: check
+CVE-2025-60466 (A use-after-free in the gf_filter_pid_get_packet function
(/filter_cor ...)
+ TODO: check
+CVE-2026-13201 (A flaw was found in KubeVirt's safepath package. The
OpenAtNoFollow fu ...)
NOT-FOR-US: KubeVirt
-CVE-2026-13208
+CVE-2026-13208 (A flaw was found in KubeVirt's virt-handler domain notify
server. The ...)
NOT-FOR-US: KubeVirt
CVE-2026-7761 (The Ultimate Member plugin for WordPress is vulnerable to
Account Take ...)
NOT-FOR-US: WordPress plugin
@@ -76182,7 +76508,7 @@ CVE-2019-25379 (Smoothwall Express
3.1-SP4-polar-x86_64-update9 contains stored
NOT-FOR-US: Smoothwall Express
CVE-2019-25378 (Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains
multiple cros ...)
NOT-FOR-US: Smoothwall Express
-CVE-2026-2050 [ZDI-CAN-28266: New Vulnerability Report at rgbe.c]
+CVE-2026-2050 (GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code
Execution ...)
{DSA-6142-1 DLA-4487-1}
- gegl 1:0.4.66-1
NOTE: https://gitlab.gnome.org/GNOME/gegl/-/issues/446
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/703f6602bef1d2af3590bd8f566c0a617dd2e838
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/703f6602bef1d2af3590bd8f566c0a617dd2e838
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits