Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
81042852 by security tracker role at 2026-06-28T19:16:04+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,43 @@
+CVE-2026-49048 (The Joomla extension JoomCCK exposes a front-end controller
task, that ...)
+ TODO: check
+CVE-2026-13504 (A vulnerability has been found in code-projects Project
Management Sys ...)
+ TODO: check
+CVE-2026-13503 (A vulnerability was detected in antlr ANTLR4 up to 4.13.2.
Affected by ...)
+ TODO: check
+CVE-2026-13502 (A flaw has been found in antlr ANTLR4 up to 4.13.2. This
affects the f ...)
+ TODO: check
+CVE-2026-13501 (A security vulnerability has been detected in antlr ANTLR4 up
to 4.13. ...)
+ TODO: check
+CVE-2026-13500 (A weakness has been identified in antlr ANTLR4 up to 4.13.2.
Affected ...)
+ TODO: check
+CVE-2026-13499 (A security flaw has been discovered in yashpokharna2555
restaurent-man ...)
+ TODO: check
+CVE-2026-13498 (A vulnerability was identified in yashpokharna2555
restaurent-manageme ...)
+ TODO: check
+CVE-2026-13497 (A vulnerability was determined in itsourcecode Hospital
Management Sys ...)
+ TODO: check
+CVE-2026-13496 (A vulnerability was found in itsourcecode Hospital Management
System 1 ...)
+ TODO: check
+CVE-2026-13495 (A vulnerability has been found in itsourcecode Hospital
Management Sys ...)
+ TODO: check
+CVE-2026-13493 (A flaw has been found in AIDC-AI ComfyUI-Copilot up to 2.0.28.
This is ...)
+ TODO: check
+CVE-2026-13491 (A vulnerability was detected in 78 xiaozhi-esp32 up to 2.2.6.
This vul ...)
+ TODO: check
+CVE-2026-13490 (A security vulnerability has been detected in glpi-project
glpi 11.0.5 ...)
+ TODO: check
+CVE-2026-13489 (A weakness has been identified in 78 xiaozhi-esp32 up to
2.2.6. Affect ...)
+ TODO: check
+CVE-2026-13488 (A security flaw has been discovered in SourceCodester Class
and Exam T ...)
+ TODO: check
+CVE-2026-13487 (A vulnerability was identified in SourceCodester Class and
Exam Timeta ...)
+ TODO: check
+CVE-2026-13486 (A vulnerability was determined in SourceCodester Class and
Exam Timeta ...)
+ TODO: check
+CVE-2026-13485 (A vulnerability was found in SourceCodester Class and Exam
Timetabling ...)
+ TODO: check
+CVE-2026-13484 (A vulnerability has been found in MLflow up to
4666cffc7912ea606d592fc ...)
+ TODO: check
CVE-2026-8095 (The Frontend File Manager Plugin plugin for WordPress is
vulnerable to ...)
NOT-FOR-US: WordPress plugin
CVE-2026-58058 (Nmap through 7.99 does not keep the IPv6 extension-header walk
within ...)
@@ -567,12 +607,14 @@ CVE-2026-53279 (In the Linux kernel, the following
vulnerability has been resolv
CVE-2026-9699 (Mattermost Plugins versions <=11.6 10.18.11 11.3.6 11.6.5.0
fail to sa ...)
NOT-FOR-US: Mattermost Plugins
CVE-2026-9640 (A privilege escalation vulnerability exists in LXD from 6.0
before 6.9 ...)
+ {DSA-6373-1}
- lxd <removed>
NOTE:
https://github.com/canonical/lxd/security/advisories/GHSA-ppq7-4492-5552
NOTE: https://github.com/canonical/lxd/pull/18301
NOTE: https://github.com/canonical/lxd/pull/18303
NOTE: https://github.com/canonical/lxd/pull/18304
CVE-2026-9639 (Nil-pointer dereference in CreateCustomVolumeFromBackup in LXD
up to v ...)
+ {DSA-6373-1}
- lxd <removed>
NOTE:
https://github.com/canonical/lxd/security/advisories/GHSA-j93m-3j9p-m5m8
NOTE: https://github.com/canonical/lxd/pull/18320
@@ -1275,54 +1317,54 @@ CVE-2021-47986 (Parse Server before 4.10.0 contains a
supply chain vulnerability
CVE-2020-37256 (Grav before 1.6.30 contains a cross-site scripting
vulnerability in th ...)
NOT-FOR-US: Grav CMS
CVE-2026-48750
- {DSA-6370-1}
+ {DSA-6373-1 DSA-6370-1}
- incus 7.0.0-5
- lxd <removed>
NOTE:
https://github.com/lxc/incus/security/advisories/GHSA-73hr-m85f-64v9
NOTE: https://github.com/canonical/lxd/pull/18590
CVE-2026-48751
- {DSA-6370-1}
+ {DSA-6373-1 DSA-6370-1}
- incus 7.0.0-5
- lxd <removed>
NOTE:
https://github.com/lxc/incus/security/advisories/GHSA-48q5-w887-33wv
NOTE: https://github.com/canonical/lxd/pull/18604
CVE-2026-48752
- {DSA-6370-1}
+ {DSA-6373-1 DSA-6370-1}
- incus 7.0.0-5
- lxd <removed>
NOTE:
https://github.com/lxc/incus/security/advisories/GHSA-vxp5-584q-c479
NOTE:
https://github.com/lxc/incus/commit/cbefa31ae0da8fd96361178aed3a3c631e098fef
(v7.2.0)
NOTE: https://github.com/canonical/lxd/pull/18590
CVE-2026-48755
- {DSA-6370-1}
+ {DSA-6373-1 DSA-6370-1}
- incus 7.0.0-5
- lxd <removed>
NOTE:
https://github.com/lxc/incus/security/advisories/GHSA-v6mj-8pf4-hhw4
NOTE:
https://github.com/lxc/incus/commit/873a032a461df6b09b7586435b592873863a4e88
(v7.2.0)
NOTE: https://github.com/canonical/lxd/pull/18597
CVE-2026-48769
- {DSA-6370-1}
+ {DSA-6373-1 DSA-6370-1}
- incus 7.0.0-5
- lxd <removed>
NOTE:
https://github.com/lxc/incus/security/advisories/GHSA-f6m5-xw2g-xc4x
NOTE:
https://github.com/lxc/incus/commit/46d6ef232186df5535c49ca9f3597cab381f9b86
(v7.2.0)
NOTE: https://github.com/canonical/lxd/pull/18594
CVE-2026-55621
- {DSA-6370-1}
+ {DSA-6373-1 DSA-6370-1}
- incus 7.0.0-5
- lxd <removed>
NOTE:
https://github.com/lxc/incus/security/advisories/GHSA-64f3-v33m-w89f
NOTE:
https://github.com/lxc/incus/commit/2e01078366e2653712719dec82318e51c6d21b28
(v7.2.0)
NOTE: https://github.com/canonical/lxd/pull/18603
CVE-2026-55622
- {DSA-6370-1}
+ {DSA-6373-1 DSA-6370-1}
- incus 7.0.0-5
- lxd <removed>
NOTE:
https://github.com/lxc/incus/security/advisories/GHSA-c9f5-j9c3-mhrg
NOTE:
https://github.com/lxc/incus/commit/1e3ffc53a10950e55de62ac1e0d612be597b84eb
(v7.2.0)
NOTE: https://github.com/canonical/lxd/pull/18603
CVE-2026-48749
- {DSA-6370-1}
+ {DSA-6373-1 DSA-6370-1}
- incus 7.0.0-5
- lxd <removed>
NOTE:
https://github.com/lxc/incus/security/advisories/GHSA-2q3f-q5pq-g8wv
@@ -17238,6 +17280,7 @@ CVE-2026-50219 (libexpat before 2.8.2 lacks handler
call depth tracking for call
- expat 2.8.2-1 (bug #1138862)
NOTE: https://github.com/libexpat/libexpat/pull/1246
CVE-2026-8829 (HTML::Entities versions before 3.84 for Perl read freed heap
memory in ...)
+ {DLA-4655-1}
- libhtml-parser-perl 3.83-2
[trixie] - libhtml-parser-perl <no-dsa> (Minor issue)
[bookworm] - libhtml-parser-perl <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8104285283b0e0dc947a83c699e161762e9bc96e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8104285283b0e0dc947a83c699e161762e9bc96e
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits