Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6a14cd6a by security tracker role at 2026-06-30T07:13:35+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,164 @@
-CVE-2026-55956
+CVE-2026-9576 (The Fluent Booking WordPress plugin before 2.1.2 does not
verify owne ...)
+ TODO: check
+CVE-2026-8944 (The Plugin for Google Analytics by IO technologies plugin for
WordPres ...)
+ TODO: check
+CVE-2026-8023 (Zephyr's HTTP server (subsys/net/lib/http) provides a
static-filesyste ...)
+ TODO: check
+CVE-2026-7656 (The IPv6 Neighbor Discovery handlers in
subsys/net/ip/ipv6_nbr.c (hand ...)
+ TODO: check
+CVE-2026-57997 (Strapi users-permissions plugin fails to restrict JWT
algorithms when ...)
+ TODO: check
+CVE-2026-57919 (PBackupVSS.exe in Matrix42 Empirum before 25.5 and 26.x before
26.2 cr ...)
+ TODO: check
+CVE-2026-57498 (Coolify is an open-source and self-hostable tool for managing
servers, ...)
+ TODO: check
+CVE-2026-56809 (Multiple laser printers and MFPs (multifunction printers)
which implem ...)
+ TODO: check
+CVE-2026-56808 (DGM3103SCT provided by AVTECH Security Corporation contains an
OS comm ...)
+ TODO: check
+CVE-2026-56137 (RPG MAKER MV and MZ provided by Gotcha Gotcha Games Inc.
contain an OS ...)
+ TODO: check
+CVE-2026-55957 (Missing Critical Step in Authentication vulnerability in
Apache Tomcat ...)
+ TODO: check
+CVE-2026-54889 (Improper Neutralization of Input During Web Page Generation
(XSS) vuln ...)
+ TODO: check
+CVE-2026-54888 (Uncontrolled Recursion vulnerability in leandrocp mdex allows
denial o ...)
+ TODO: check
+CVE-2026-53429 (Missing Release of Memory after Effective Lifetime
vulnerability in le ...)
+ TODO: check
+CVE-2026-53426 (Allocation of Resources Without Limits or Throttling
vulnerability in ...)
+ TODO: check
+CVE-2026-51221 (A buffer overflow in the Get_Attribute_List function of
EIPStackGroup ...)
+ TODO: check
+CVE-2026-51219 (A heap buffer overflow in the
HighPriorityASDUQueue_hasUnconfirmedIMes ...)
+ TODO: check
+CVE-2026-51218 (A heap buffer overflow in the
TS7Worker::PerformFunctionWrite() functi ...)
+ TODO: check
+CVE-2026-43746 (A use-after-free issue was addressed with improved memory
management. ...)
+ TODO: check
+CVE-2026-43745 (An out-of-bounds write issue was addressed with improved input
validat ...)
+ TODO: check
+CVE-2026-43743 (A race condition was addressed with improved state handling.
This issu ...)
+ TODO: check
+CVE-2026-43742 (A use-after-free issue was addressed with improved memory
management. ...)
+ TODO: check
+CVE-2026-43740 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2026-43735 (The issue was addressed with improved checks. This issue is
fixed in S ...)
+ TODO: check
+CVE-2026-43734 (A use-after-free issue was addressed with improved memory
management. ...)
+ TODO: check
+CVE-2026-43732 (A path handling issue was addressed with improved validation.
This iss ...)
+ TODO: check
+CVE-2026-43731 (A use-after-free issue was addressed with improved memory
management. ...)
+ TODO: check
+CVE-2026-43727 (A use-after-free issue was addressed with improved memory
management. ...)
+ TODO: check
+CVE-2026-43726 (A use-after-free issue was addressed with improved memory
management. ...)
+ TODO: check
+CVE-2026-43725 (The issue was addressed with improved input validation. This
issue is ...)
+ TODO: check
+CVE-2026-43724 (The issue was addressed with improved input sanitization. This
issue i ...)
+ TODO: check
+CVE-2026-43722 (The issue was addressed with improved input sanitization. This
issue i ...)
+ TODO: check
+CVE-2026-43721 (This issue was addressed through improved state management.
This issue ...)
+ TODO: check
+CVE-2026-43720 (A use-after-free issue was addressed with improved memory
management. ...)
+ TODO: check
+CVE-2026-43718 (A stack overflow was addressed with improved input validation.
This is ...)
+ TODO: check
+CVE-2026-43717 (A use-after-free issue was addressed with improved memory
management. ...)
+ TODO: check
+CVE-2026-43716 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2026-43715 (A use-after-free issue was addressed with improved memory
management. ...)
+ TODO: check
+CVE-2026-43713 (A permissions issue was addressed with additional
restrictions. This i ...)
+ TODO: check
+CVE-2026-43712 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2026-43709 (A use-after-free issue was addressed with improved memory
management. ...)
+ TODO: check
+CVE-2026-43708 (The issue was addressed with improved input validation. This
issue is ...)
+ TODO: check
+CVE-2026-43707 (A memory corruption issue was addressed with improved memory
handling. ...)
+ TODO: check
+CVE-2026-43706 (A double free issue was addressed with improved memory
management. Thi ...)
+ TODO: check
+CVE-2026-43705 (A type confusion issue was addressed with improved checks.
This issue ...)
+ TODO: check
+CVE-2026-43704 (A use-after-free issue was addressed with improved memory
management. ...)
+ TODO: check
+CVE-2026-43703 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2026-43701 (The issue was addressed with improved checks. This issue is
fixed in S ...)
+ TODO: check
+CVE-2026-43700 (A cross-origin issue was addressed with improved tracking of
security ...)
+ TODO: check
+CVE-2026-43699 (A use-after-free issue was addressed with improved memory
management. ...)
+ TODO: check
+CVE-2026-43676 (An out-of-bounds access issue was addressed with improved
bounds check ...)
+ TODO: check
+CVE-2026-43663 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2026-41896 (Coolify is an open-source and self-hostable tool for managing
servers, ...)
+ TODO: check
+CVE-2026-39872 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2026-39868 (This issue was addressed with improved input validation. This
issue is ...)
+ TODO: check
+CVE-2026-37637 (An issue in Alexantr filemanager v.1.0 allows a remote
attacker to exe ...)
+ TODO: check
+CVE-2026-34597 (Coolify is an open-source and self-hostable tool for managing
servers, ...)
+ TODO: check
+CVE-2026-34594 (Coolify is an open-source and self-hostable tool for managing
servers, ...)
+ TODO: check
+CVE-2026-34592 (Coolify is an open-source and self-hostable tool for managing
servers, ...)
+ TODO: check
+CVE-2026-31016 (Cross Site Request Forgery vulnerability in Squidex.io Squidex
CMS v.7 ...)
+ TODO: check
+CVE-2026-28979 (An out-of-bounds access issue was addressed with improved
bounds check ...)
+ TODO: check
+CVE-2026-14164 (A double free issue has been identified in libarchive's RAR5
reader. D ...)
+ TODO: check
+CVE-2026-14160 (Time-of-check time-of-use (TOCTOU) race condition
vulnerability in Sam ...)
+ TODO: check
+CVE-2026-13763 (Inconsistent interpretation of HTTP/2 requests in AWS
Application Load ...)
+ TODO: check
+CVE-2026-13762 (Inconsistent interpretation of HTTP/2 requests in Amazon
CloudFront wi ...)
+ TODO: check
+CVE-2026-13008
+ REJECTED
+CVE-2026-12819 (Delta Electronics DVP12SE PLC exposes a Modbus TCP service
over a spec ...)
+ TODO: check
+CVE-2026-12818 (Delta Electronics DVP12SE PLCs are susceptible to a resource
allocatio ...)
+ TODO: check
+CVE-2026-12560 (The Editorial Rating \u2013 Product Review & Rating System
plugin for ...)
+ TODO: check
+CVE-2026-12349 (The Premium Addons for KingComposer plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2026-12243 (NLTK version 3.9.4 is vulnerable to a path traversal attack
due to an ...)
+ TODO: check
+CVE-2026-12240 (The Export User Data plugin for WordPress is vulnerable to
arbitrary f ...)
+ TODO: check
+CVE-2026-12114 (The Team Members \u2013 Multi Language Supported Team Plugin
plugin fo ...)
+ TODO: check
+CVE-2026-12073 (The ProfileGrid \u2013 User Profiles, Groups and Communities
plugin fo ...)
+ TODO: check
+CVE-2026-11590 (The WP Support Plus Responsive Ticket System WordPress plugin
through ...)
+ TODO: check
+CVE-2026-11589 (The WP Support Plus Responsive Ticket System WordPress plugin
through ...)
+ TODO: check
+CVE-2026-11581 (The Kali Forms \u2014 Contact Form & Drag-and-Drop Builder
WordPress p ...)
+ TODO: check
+CVE-2026-11367 (The PixMagix \u2013 WordPress Image Editor plugin for
WordPress is vul ...)
+ TODO: check
+CVE-2026-10648 (mcumgr_serial_process_frag() in
subsys/mgmt/mcumgr/transport/src/seria ...)
+ TODO: check
+CVE-2026-10647 (The USB CDC-NCM device class
(subsys/usb/device_next/class/usbd_cdc_nc ...)
+ TODO: check
+CVE-2026-55956 (Improper Authorization vulnerability in Apache Tomcat leads to
securit ...)
- tomcat11 <unfixed>
- tomcat10 <unfixed>
- tomcat9 9.0.70-2
@@ -6,7 +166,7 @@ CVE-2026-55956
NOTE:
https://github.com/apache/tomcat/commit/3f6bd2ba5e53d1f340bbe5ad2d42a28b29440b7a
(11.0.23)
NOTE:
https://github.com/apache/tomcat/commit/9c3b1efb74fd04f77639720af1d48a8f664ad9bb
(10.1.56)
NOTE:
https://github.com/apache/tomcat/commit/a0374c450970760efafbd8806a1db278830ba7bd
(9.0.119)
-CVE-2026-55955
+CVE-2026-55955 (Improper Authentication vulnerability in Apache Tomcat allowed
a repla ...)
- tomcat11 <unfixed>
- tomcat10 <unfixed>
- tomcat9 9.0.70-2
@@ -14,7 +174,7 @@ CVE-2026-55955
NOTE:
https://github.com/apache/tomcat/commit/5e594400c7f6ac0eaf2526bd64442a70f5ccaace
(11.0.23)
NOTE:
https://github.com/apache/tomcat/commit/3a9ff01d2dfaca651edacbda3260e37b98b540d3
(10.1.56)
NOTE:
https://github.com/apache/tomcat/commit/6a7a432cd7fb4ef358dc12e8da99cf3ab320f3fe
(9.0.119)
-CVE-2026-55276
+CVE-2026-55276 (Always-Incorrect Control Flow Implementation vulnerability in
Apache T ...)
- tomcat11 <unfixed>
- tomcat10 <unfixed>
- tomcat9 9.0.70-2
@@ -24,7 +184,7 @@ CVE-2026-55276
NOTE:
https://github.com/apache/tomcat/commit/25677f90fd721c26ef0f613d34ef8275b1aafc31
(10.1.56)
NOTE:
https://github.com/apache/tomcat/commit/17daf80a738d66a8e6cad05c5e32c2db81500ce1
(10.1.56)
NOTE:
https://github.com/apache/tomcat/commit/3ca8cae5fd3796b1bd9759e11b0e238161e7a39c
(9.0.119)
-CVE-2026-53434
+CVE-2026-53434 (Detection of Error Condition Without Action vulnerability in
Apache To ...)
- tomcat11 <unfixed>
- tomcat10 <unfixed>
- tomcat9 9.0.70-2
@@ -32,7 +192,7 @@ CVE-2026-53434
NOTE:
https://github.com/apache/tomcat/commit/7f8ecdbd930d8c5a7fae73aa0eec9124d919e2f5
(11.0.23)
NOTE:
https://github.com/apache/tomcat/commit/feec60d6099727db6f911534f6a0f6926ebab070
(10.1.56)
NOTE:
https://github.com/apache/tomcat/commit/c48ac39c27f4494f8c96b9d56a487253e362d276
(9.0.119)
-CVE-2026-53404
+CVE-2026-53404 (Always-Incorrect Control Flow Implementation vulnerability in
Apache T ...)
- tomcat11 <unfixed>
- tomcat10 <unfixed>
- tomcat9 9.0.70-2
@@ -40,7 +200,7 @@ CVE-2026-53404
NOTE:
https://github.com/apache/tomcat/commit/b647cb584cea8bf95e64f5d2526c59ab8fca3225
(11.0.23)
NOTE:
https://github.com/apache/tomcat/commit/bbb6219fa5ac185060bef7842cee5fb90230ca00
(10.1.56)
NOTE:
https://github.com/apache/tomcat/commit/fe06ae8a71997061596f54189dae1b1b5da75430
(9.0.119)
-CVE-2026-50229
+CVE-2026-50229 (Improper Neutralization of Script-Related HTML Tags in a Web
Page (Bas ...)
- tomcat11 <unfixed>
- tomcat10 <unfixed>
- tomcat9 9.0.70-2
@@ -48,18 +208,18 @@ CVE-2026-50229
NOTE:
https://github.com/apache/tomcat/commit/1fe95d841e9d461a16069974142d12c3ef68819a
(11.0.23)
NOTE:
https://github.com/apache/tomcat/commit/0d5bdd5b0dd964e9f73e530b7d753462b9bfd1d0
(10.1.56)
NOTE:
https://github.com/apache/tomcat/commit/de5a950415fc67713f17fab63d0c7809e0fca80b
(9.0.119)
-CVE-2026-13758
+CVE-2026-13758 (CryptX versions before 0.088_001 for Perl compare AEAD
authentication ...)
- libcryptx-perl 0.089-1
NOTE: https://lists.security.metacpan.org/cve-announce/msg/41398101/
NOTE: Fixed by:
https://github.com/DCIT/perl-CryptX/commit/7e56347d420aaf43b2ee1586f4a230492ccf1642
(v0.089)
-CVE-2026-13593
+CVE-2026-13593 (CSS::Minifier::XS versions before 0.14 for Perl have a memory
leak whe ...)
- libcss-minifier-xs-perl 0.14-1
NOTE: https://lists.security.metacpan.org/cve-announce/msg/41396070/
-CVE-2026-56018
+CVE-2026-56018 (JavaScript::Minifier::XS versions before 0.16 for Perl leak
memory on ...)
- libjavascript-minifier-xs-perl 0.16-1
NOTE: https://lists.security.metacpan.org/cve-announce/msg/41396069/
NOTE: https://github.com/bleargh45/JavaScript-Minifier-XS/issues/10
-CVE-2026-56017
+CVE-2026-56017 (JavaScript::Minifier::XS versions before 0.16 for Perl crash
with a NU ...)
- libjavascript-minifier-xs-perl 0.16-1
NOTE: https://lists.security.metacpan.org/cve-announce/msg/41396063/
CVE-2026-9267 (Eclipse tinydtls before
commitb3efd41ad111a4920f599f51ffa4f5e9f1e72221 ...)
@@ -463,7 +623,7 @@ CVE-2026-50160
CVE-2026-53325 (In the Linux kernel, the following vulnerability has been
resolved: a ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/b08472db93b1ccff84a7adec5779d47f0e9d3a30 (7.2-rc1)
-CVE-2026-58302
+CVE-2026-58302 (rtapi_app in linuxcnc-uspace in LinuxCNC before 2.9.9 allows
privilege ...)
- linuxcnc 1:2.9.9-1 (bug #1140943)
[trixie] - linuxcnc <no-dsa> (Will be fixed via point release)
[bookworm] - linuxcnc <no-dsa> (Will be fixed via point release)
@@ -33927,7 +34087,8 @@ CVE-2026-5172 (A buffer overflow in dnsmasq\u2019s
extract_addresses() function
NOTE: https://xchglabs.com/blog/dnsmasq-five-cves.html
NOTE: Fixed by:
https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=073082ddc0aba7b8efa15a688d6183463b65effa
(v2.93rc1)
NOTE: Introduced with:
https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=638c7c4d20004c0f320820098e29df62a27dd2a1
(v2.90test1)
-CVE-2026-13601 [yelp: Sandbox escape]
+CVE-2026-13601 (A flaw was found in Yelp due to an overly permissive Content
Security ...)
+ {DSA-6319-1 DLA-4647-1}
- yelp 49.1-1 (bug #1136299)
NOTE:
https://blogs.gnome.org/mcatanzaro/2026/05/11/flatpak-sandbox-escape-via-yelp/
NOTE: https://gitlab.gnome.org/GNOME/yelp/-/work_items/238
@@ -104231,7 +104392,8 @@ CVE-2025-63757 (Integer overflow vulnerability in the
yuv2ya16_X_c_template func
NOTE:
https://code.ffmpeg.org/FFmpeg/FFmpeg/716cf25eb8616e8e068a7c2a5d23ae107bd117b4
(n8.0.1)
NOTE:
https://code.ffmpeg.org/FFmpeg/FFmpeg/19877054e340e2babb7ef0d00e81c12bfeb19391
(n7.1.3)
NOTE:
https://code.ffmpeg.org/FFmpeg/FFmpeg/ac4caa33bae5841649c61d4f8a0608dfa59c4fa1
(n5.1.8)
-CVE-2025-63391 (An authentication bypass vulnerability exists in Open-WebUI
<=0.6.32 i ...)
+CVE-2025-63391
+ REJECTED
NOT-FOR-US: open-webui
CVE-2025-63390 (An authentication bypass vulnerability exists in AnythingLLM
v1.8.5 in ...)
NOT-FOR-US: AnythingLLM
@@ -185553,7 +185715,8 @@ CVE-2025-29660 (A vulnerability exists in the daemon
process of the Yi IOT XY-38
NOT-FOR-US: Yi IOT XY-3820
CVE-2025-29659 (Yi IOT XY-3820 6.0.24.10 is vulnerable to Remote Command
Execution via ...)
NOT-FOR-US: Yi IOT XY-3820
-CVE-2025-29446 (open-webui v0.5.16 is vulnerable to SSRF in routers/ollama.py
in funct ...)
+CVE-2025-29446
+ REJECTED
NOT-FOR-US: open-webui
CVE-2025-29287 (An arbitrary file upload vulnerability in the ueditor
component of MCM ...)
NOT-FOR-US: MCMS
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6a14cd6aafea0798e1a0cf1fd6427245d476414b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6a14cd6aafea0798e1a0cf1fd6427245d476414b
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits