Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
6a14cd6a by security tracker role at 2026-06-30T07:13:35+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,164 @@
-CVE-2026-55956
+CVE-2026-9576 (The Fluent Booking  WordPress plugin before 2.1.2 does not 
verify owne ...)
+       TODO: check
+CVE-2026-8944 (The Plugin for Google Analytics by IO technologies plugin for 
WordPres ...)
+       TODO: check
+CVE-2026-8023 (Zephyr's HTTP server (subsys/net/lib/http) provides a 
static-filesyste ...)
+       TODO: check
+CVE-2026-7656 (The IPv6 Neighbor Discovery handlers in 
subsys/net/ip/ipv6_nbr.c (hand ...)
+       TODO: check
+CVE-2026-57997 (Strapi users-permissions plugin fails to restrict JWT 
algorithms when  ...)
+       TODO: check
+CVE-2026-57919 (PBackupVSS.exe in Matrix42 Empirum before 25.5 and 26.x before 
26.2 cr ...)
+       TODO: check
+CVE-2026-57498 (Coolify is an open-source and self-hostable tool for managing 
servers, ...)
+       TODO: check
+CVE-2026-56809 (Multiple laser printers and MFPs (multifunction printers) 
which implem ...)
+       TODO: check
+CVE-2026-56808 (DGM3103SCT provided by AVTECH Security Corporation contains an 
OS comm ...)
+       TODO: check
+CVE-2026-56137 (RPG MAKER MV and MZ provided by Gotcha Gotcha Games Inc. 
contain an OS ...)
+       TODO: check
+CVE-2026-55957 (Missing Critical Step in Authentication vulnerability in 
Apache Tomcat ...)
+       TODO: check
+CVE-2026-54889 (Improper Neutralization of Input During Web Page Generation 
(XSS) vuln ...)
+       TODO: check
+CVE-2026-54888 (Uncontrolled Recursion vulnerability in leandrocp mdex allows 
denial o ...)
+       TODO: check
+CVE-2026-53429 (Missing Release of Memory after Effective Lifetime 
vulnerability in le ...)
+       TODO: check
+CVE-2026-53426 (Allocation of Resources Without Limits or Throttling 
vulnerability in  ...)
+       TODO: check
+CVE-2026-51221 (A buffer overflow in the Get_Attribute_List function of 
EIPStackGroup  ...)
+       TODO: check
+CVE-2026-51219 (A heap buffer overflow in the 
HighPriorityASDUQueue_hasUnconfirmedIMes ...)
+       TODO: check
+CVE-2026-51218 (A heap buffer overflow in the 
TS7Worker::PerformFunctionWrite() functi ...)
+       TODO: check
+CVE-2026-43746 (A use-after-free issue was addressed with improved memory 
management.  ...)
+       TODO: check
+CVE-2026-43745 (An out-of-bounds write issue was addressed with improved input 
validat ...)
+       TODO: check
+CVE-2026-43743 (A race condition was addressed with improved state handling. 
This issu ...)
+       TODO: check
+CVE-2026-43742 (A use-after-free issue was addressed with improved memory 
management.  ...)
+       TODO: check
+CVE-2026-43740 (The issue was addressed with improved memory handling. This 
issue is f ...)
+       TODO: check
+CVE-2026-43735 (The issue was addressed with improved checks. This issue is 
fixed in S ...)
+       TODO: check
+CVE-2026-43734 (A use-after-free issue was addressed with improved memory 
management.  ...)
+       TODO: check
+CVE-2026-43732 (A path handling issue was addressed with improved validation. 
This iss ...)
+       TODO: check
+CVE-2026-43731 (A use-after-free issue was addressed with improved memory 
management.  ...)
+       TODO: check
+CVE-2026-43727 (A use-after-free issue was addressed with improved memory 
management.  ...)
+       TODO: check
+CVE-2026-43726 (A use-after-free issue was addressed with improved memory 
management.  ...)
+       TODO: check
+CVE-2026-43725 (The issue was addressed with improved input validation. This 
issue is  ...)
+       TODO: check
+CVE-2026-43724 (The issue was addressed with improved input sanitization. This 
issue i ...)
+       TODO: check
+CVE-2026-43722 (The issue was addressed with improved input sanitization. This 
issue i ...)
+       TODO: check
+CVE-2026-43721 (This issue was addressed through improved state management. 
This issue ...)
+       TODO: check
+CVE-2026-43720 (A use-after-free issue was addressed with improved memory 
management.  ...)
+       TODO: check
+CVE-2026-43718 (A stack overflow was addressed with improved input validation. 
This is ...)
+       TODO: check
+CVE-2026-43717 (A use-after-free issue was addressed with improved memory 
management.  ...)
+       TODO: check
+CVE-2026-43716 (The issue was addressed with improved memory handling. This 
issue is f ...)
+       TODO: check
+CVE-2026-43715 (A use-after-free issue was addressed with improved memory 
management.  ...)
+       TODO: check
+CVE-2026-43713 (A permissions issue was addressed with additional 
restrictions. This i ...)
+       TODO: check
+CVE-2026-43712 (The issue was addressed with improved memory handling. This 
issue is f ...)
+       TODO: check
+CVE-2026-43709 (A use-after-free issue was addressed with improved memory 
management.  ...)
+       TODO: check
+CVE-2026-43708 (The issue was addressed with improved input validation. This 
issue is  ...)
+       TODO: check
+CVE-2026-43707 (A memory corruption issue was addressed with improved memory 
handling. ...)
+       TODO: check
+CVE-2026-43706 (A double free issue was addressed with improved memory 
management. Thi ...)
+       TODO: check
+CVE-2026-43705 (A type confusion issue was addressed with improved checks. 
This issue  ...)
+       TODO: check
+CVE-2026-43704 (A use-after-free issue was addressed with improved memory 
management.  ...)
+       TODO: check
+CVE-2026-43703 (The issue was addressed with improved memory handling. This 
issue is f ...)
+       TODO: check
+CVE-2026-43701 (The issue was addressed with improved checks. This issue is 
fixed in S ...)
+       TODO: check
+CVE-2026-43700 (A cross-origin issue was addressed with improved tracking of 
security  ...)
+       TODO: check
+CVE-2026-43699 (A use-after-free issue was addressed with improved memory 
management.  ...)
+       TODO: check
+CVE-2026-43676 (An out-of-bounds access issue was addressed with improved 
bounds check ...)
+       TODO: check
+CVE-2026-43663 (The issue was addressed with improved memory handling. This 
issue is f ...)
+       TODO: check
+CVE-2026-41896 (Coolify is an open-source and self-hostable tool for managing 
servers, ...)
+       TODO: check
+CVE-2026-39872 (The issue was addressed with improved memory handling. This 
issue is f ...)
+       TODO: check
+CVE-2026-39868 (This issue was addressed with improved input validation. This 
issue is ...)
+       TODO: check
+CVE-2026-37637 (An issue in Alexantr filemanager v.1.0 allows a remote 
attacker to exe ...)
+       TODO: check
+CVE-2026-34597 (Coolify is an open-source and self-hostable tool for managing 
servers, ...)
+       TODO: check
+CVE-2026-34594 (Coolify is an open-source and self-hostable tool for managing 
servers, ...)
+       TODO: check
+CVE-2026-34592 (Coolify is an open-source and self-hostable tool for managing 
servers, ...)
+       TODO: check
+CVE-2026-31016 (Cross Site Request Forgery vulnerability in Squidex.io Squidex 
CMS v.7 ...)
+       TODO: check
+CVE-2026-28979 (An out-of-bounds access issue was addressed with improved 
bounds check ...)
+       TODO: check
+CVE-2026-14164 (A double free issue has been identified in libarchive's RAR5 
reader. D ...)
+       TODO: check
+CVE-2026-14160 (Time-of-check time-of-use (TOCTOU) race condition 
vulnerability in Sam ...)
+       TODO: check
+CVE-2026-13763 (Inconsistent interpretation of HTTP/2 requests in AWS 
Application Load ...)
+       TODO: check
+CVE-2026-13762 (Inconsistent interpretation of HTTP/2 requests in Amazon 
CloudFront wi ...)
+       TODO: check
+CVE-2026-13008
+       REJECTED
+CVE-2026-12819 (Delta Electronics DVP12SE PLC exposes a Modbus TCP service 
over a spec ...)
+       TODO: check
+CVE-2026-12818 (Delta Electronics DVP12SE PLCs are susceptible to a resource 
allocatio ...)
+       TODO: check
+CVE-2026-12560 (The Editorial Rating \u2013 Product Review & Rating System 
plugin for  ...)
+       TODO: check
+CVE-2026-12349 (The Premium Addons for KingComposer plugin for WordPress is 
vulnerable ...)
+       TODO: check
+CVE-2026-12243 (NLTK version 3.9.4 is vulnerable to a path traversal attack 
due to an  ...)
+       TODO: check
+CVE-2026-12240 (The Export User Data plugin for WordPress is vulnerable to 
arbitrary f ...)
+       TODO: check
+CVE-2026-12114 (The Team Members \u2013 Multi Language Supported Team Plugin 
plugin fo ...)
+       TODO: check
+CVE-2026-12073 (The ProfileGrid \u2013 User Profiles, Groups and Communities 
plugin fo ...)
+       TODO: check
+CVE-2026-11590 (The WP Support Plus Responsive Ticket System WordPress plugin 
through  ...)
+       TODO: check
+CVE-2026-11589 (The WP Support Plus Responsive Ticket System WordPress plugin 
through  ...)
+       TODO: check
+CVE-2026-11581 (The Kali Forms \u2014 Contact Form & Drag-and-Drop Builder 
WordPress p ...)
+       TODO: check
+CVE-2026-11367 (The PixMagix \u2013 WordPress Image Editor plugin for 
WordPress is vul ...)
+       TODO: check
+CVE-2026-10648 (mcumgr_serial_process_frag() in 
subsys/mgmt/mcumgr/transport/src/seria ...)
+       TODO: check
+CVE-2026-10647 (The USB CDC-NCM device class 
(subsys/usb/device_next/class/usbd_cdc_nc ...)
+       TODO: check
+CVE-2026-55956 (Improper Authorization vulnerability in Apache Tomcat leads to 
securit ...)
        - tomcat11 <unfixed>
        - tomcat10 <unfixed>
        - tomcat9 9.0.70-2
@@ -6,7 +166,7 @@ CVE-2026-55956
        NOTE: 
https://github.com/apache/tomcat/commit/3f6bd2ba5e53d1f340bbe5ad2d42a28b29440b7a
 (11.0.23)
        NOTE: 
https://github.com/apache/tomcat/commit/9c3b1efb74fd04f77639720af1d48a8f664ad9bb
 (10.1.56)
        NOTE: 
https://github.com/apache/tomcat/commit/a0374c450970760efafbd8806a1db278830ba7bd
 (9.0.119)
-CVE-2026-55955
+CVE-2026-55955 (Improper Authentication vulnerability in Apache Tomcat allowed 
a repla ...)
        - tomcat11 <unfixed>
        - tomcat10 <unfixed>
        - tomcat9 9.0.70-2
@@ -14,7 +174,7 @@ CVE-2026-55955
        NOTE: 
https://github.com/apache/tomcat/commit/5e594400c7f6ac0eaf2526bd64442a70f5ccaace
 (11.0.23)
        NOTE: 
https://github.com/apache/tomcat/commit/3a9ff01d2dfaca651edacbda3260e37b98b540d3
 (10.1.56)
        NOTE: 
https://github.com/apache/tomcat/commit/6a7a432cd7fb4ef358dc12e8da99cf3ab320f3fe
 (9.0.119)
-CVE-2026-55276
+CVE-2026-55276 (Always-Incorrect Control Flow Implementation vulnerability in 
Apache T ...)
        - tomcat11 <unfixed>
        - tomcat10 <unfixed>
        - tomcat9 9.0.70-2
@@ -24,7 +184,7 @@ CVE-2026-55276
        NOTE: 
https://github.com/apache/tomcat/commit/25677f90fd721c26ef0f613d34ef8275b1aafc31
 (10.1.56)
        NOTE: 
https://github.com/apache/tomcat/commit/17daf80a738d66a8e6cad05c5e32c2db81500ce1
 (10.1.56)
        NOTE: 
https://github.com/apache/tomcat/commit/3ca8cae5fd3796b1bd9759e11b0e238161e7a39c
 (9.0.119)
-CVE-2026-53434
+CVE-2026-53434 (Detection of Error Condition Without Action vulnerability in 
Apache To ...)
        - tomcat11 <unfixed>
        - tomcat10 <unfixed>
        - tomcat9 9.0.70-2
@@ -32,7 +192,7 @@ CVE-2026-53434
        NOTE: 
https://github.com/apache/tomcat/commit/7f8ecdbd930d8c5a7fae73aa0eec9124d919e2f5
 (11.0.23)
        NOTE: 
https://github.com/apache/tomcat/commit/feec60d6099727db6f911534f6a0f6926ebab070
 (10.1.56)
        NOTE: 
https://github.com/apache/tomcat/commit/c48ac39c27f4494f8c96b9d56a487253e362d276
 (9.0.119)
-CVE-2026-53404
+CVE-2026-53404 (Always-Incorrect Control Flow Implementation vulnerability in 
Apache T ...)
        - tomcat11 <unfixed>
        - tomcat10 <unfixed>
        - tomcat9 9.0.70-2
@@ -40,7 +200,7 @@ CVE-2026-53404
        NOTE: 
https://github.com/apache/tomcat/commit/b647cb584cea8bf95e64f5d2526c59ab8fca3225
 (11.0.23)
        NOTE: 
https://github.com/apache/tomcat/commit/bbb6219fa5ac185060bef7842cee5fb90230ca00
 (10.1.56)
        NOTE: 
https://github.com/apache/tomcat/commit/fe06ae8a71997061596f54189dae1b1b5da75430
 (9.0.119)
-CVE-2026-50229
+CVE-2026-50229 (Improper Neutralization of Script-Related HTML Tags in a Web 
Page (Bas ...)
        - tomcat11 <unfixed>
        - tomcat10 <unfixed>
        - tomcat9 9.0.70-2
@@ -48,18 +208,18 @@ CVE-2026-50229
        NOTE: 
https://github.com/apache/tomcat/commit/1fe95d841e9d461a16069974142d12c3ef68819a
 (11.0.23)
        NOTE: 
https://github.com/apache/tomcat/commit/0d5bdd5b0dd964e9f73e530b7d753462b9bfd1d0
 (10.1.56)
        NOTE: 
https://github.com/apache/tomcat/commit/de5a950415fc67713f17fab63d0c7809e0fca80b
 (9.0.119)
-CVE-2026-13758
+CVE-2026-13758 (CryptX versions before 0.088_001 for Perl compare AEAD 
authentication  ...)
        - libcryptx-perl 0.089-1
        NOTE: https://lists.security.metacpan.org/cve-announce/msg/41398101/
        NOTE: Fixed by: 
https://github.com/DCIT/perl-CryptX/commit/7e56347d420aaf43b2ee1586f4a230492ccf1642
 (v0.089)
-CVE-2026-13593
+CVE-2026-13593 (CSS::Minifier::XS versions before 0.14 for Perl have a memory 
leak whe ...)
        - libcss-minifier-xs-perl 0.14-1
        NOTE: https://lists.security.metacpan.org/cve-announce/msg/41396070/
-CVE-2026-56018
+CVE-2026-56018 (JavaScript::Minifier::XS versions before 0.16 for Perl leak 
memory on  ...)
        - libjavascript-minifier-xs-perl 0.16-1
        NOTE: https://lists.security.metacpan.org/cve-announce/msg/41396069/
        NOTE: https://github.com/bleargh45/JavaScript-Minifier-XS/issues/10
-CVE-2026-56017
+CVE-2026-56017 (JavaScript::Minifier::XS versions before 0.16 for Perl crash 
with a NU ...)
        - libjavascript-minifier-xs-perl 0.16-1
        NOTE: https://lists.security.metacpan.org/cve-announce/msg/41396063/
 CVE-2026-9267 (Eclipse tinydtls before 
commitb3efd41ad111a4920f599f51ffa4f5e9f1e72221 ...)
@@ -463,7 +623,7 @@ CVE-2026-50160
 CVE-2026-53325 (In the Linux kernel, the following vulnerability has been 
resolved:  a ...)
        - linux <unfixed>
        NOTE: 
https://git.kernel.org/linus/b08472db93b1ccff84a7adec5779d47f0e9d3a30 (7.2-rc1)
-CVE-2026-58302
+CVE-2026-58302 (rtapi_app in linuxcnc-uspace in LinuxCNC before 2.9.9 allows 
privilege ...)
        - linuxcnc 1:2.9.9-1 (bug #1140943)
        [trixie] - linuxcnc <no-dsa> (Will be fixed via point release)
        [bookworm] - linuxcnc <no-dsa> (Will be fixed via point release)
@@ -33927,7 +34087,8 @@ CVE-2026-5172 (A buffer overflow in dnsmasq\u2019s 
extract_addresses() function
        NOTE: https://xchglabs.com/blog/dnsmasq-five-cves.html
        NOTE: Fixed by: 
https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=073082ddc0aba7b8efa15a688d6183463b65effa
 (v2.93rc1)
        NOTE: Introduced with: 
https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=638c7c4d20004c0f320820098e29df62a27dd2a1
 (v2.90test1)
-CVE-2026-13601 [yelp: Sandbox escape]
+CVE-2026-13601 (A flaw was found in Yelp due to an overly permissive Content 
Security  ...)
+       {DSA-6319-1 DLA-4647-1}
        - yelp 49.1-1 (bug #1136299)
        NOTE: 
https://blogs.gnome.org/mcatanzaro/2026/05/11/flatpak-sandbox-escape-via-yelp/
        NOTE: https://gitlab.gnome.org/GNOME/yelp/-/work_items/238
@@ -104231,7 +104392,8 @@ CVE-2025-63757 (Integer overflow vulnerability in the 
yuv2ya16_X_c_template func
        NOTE: 
https://code.ffmpeg.org/FFmpeg/FFmpeg/716cf25eb8616e8e068a7c2a5d23ae107bd117b4 
(n8.0.1)
        NOTE: 
https://code.ffmpeg.org/FFmpeg/FFmpeg/19877054e340e2babb7ef0d00e81c12bfeb19391 
(n7.1.3)
        NOTE: 
https://code.ffmpeg.org/FFmpeg/FFmpeg/ac4caa33bae5841649c61d4f8a0608dfa59c4fa1 
(n5.1.8)
-CVE-2025-63391 (An authentication bypass vulnerability exists in Open-WebUI 
<=0.6.32 i ...)
+CVE-2025-63391
+       REJECTED
        NOT-FOR-US: open-webui
 CVE-2025-63390 (An authentication bypass vulnerability exists in AnythingLLM 
v1.8.5 in ...)
        NOT-FOR-US: AnythingLLM
@@ -185553,7 +185715,8 @@ CVE-2025-29660 (A vulnerability exists in the daemon 
process of the Yi IOT XY-38
        NOT-FOR-US: Yi IOT XY-3820
 CVE-2025-29659 (Yi IOT XY-3820 6.0.24.10 is vulnerable to Remote Command 
Execution via ...)
        NOT-FOR-US: Yi IOT XY-3820
-CVE-2025-29446 (open-webui v0.5.16 is vulnerable to SSRF in routers/ollama.py 
in funct ...)
+CVE-2025-29446
+       REJECTED
        NOT-FOR-US: open-webui
 CVE-2025-29287 (An arbitrary file upload vulnerability in the ueditor 
component of MCM ...)
        NOT-FOR-US: MCMS



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6a14cd6aafea0798e1a0cf1fd6427245d476414b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6a14cd6aafea0798e1a0cf1fd6427245d476414b
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to