Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
39130f32 by security tracker role at 2026-07-01T19:13:58+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,155 +1,475 @@
-CVE-2026-53351 [riscv/ptrace: Use USER_REGSET_NOTE_TYPE for REGSET_CFI]
+CVE-2026-8857 (A vulnerability in Wikimedia Foundation timeline.   This 
vulnerability ...)
+       TODO: check
+CVE-2026-8480 (A vulnerability was discovered on Stormshield Network Security 
4.3.0 t ...)
+       TODO: check
+CVE-2026-8387 (A vulnerability in allegroai/clearml versions up to and 
including 1.16 ...)
+       TODO: check
+CVE-2026-6688 (FatFs R0.16 and earlier contains a downstream-caller 
vulnerability pat ...)
+       TODO: check
+CVE-2026-6687 (FatFs R0.16 and earlier contains a stack overflow bug in 
f_getlabel()  ...)
+       TODO: check
+CVE-2026-6686 (FatFs R0.16 and earlier contains an uninitialized cluster 
exposure whe ...)
+       TODO: check
+CVE-2026-6685 (FatFs R0.16 and earlier exhibits a stale dirty-cache skip via 
unsigned ...)
+       TODO: check
+CVE-2026-6684 (FatFs prior to R0.16 that use GPT scanning with 'FF_LBA64 = 1' 
contain ...)
+       TODO: check
+CVE-2026-6683 (FatFs R0.16 and earlier contains a divide-by-zero in exFAT sync 
logic  ...)
+       TODO: check
+CVE-2026-6682 (In FatFS R0.16 and earlier contains a FAT32 integer overflow 
bug in mo ...)
+       TODO: check
+CVE-2026-6283 (Improper neutralization of input during web page generation 
('cross-si ...)
+       TODO: check
+CVE-2026-5220 (Improper neutralization of input during web page generation 
('cross-si ...)
+       TODO: check
+CVE-2026-5142 (A flaw was found in foreman. Authenticated users with 
'view_keypairs'  ...)
+       TODO: check
+CVE-2026-5138 (A flaw was found in Foreman. An authenticated user with 
host-edit perm ...)
+       TODO: check
+CVE-2026-5136 (A flaw was found in Foreman. The Usergroup model in Foreman 
does not p ...)
+       TODO: check
+CVE-2026-5135 (A flaw was found in Foreman. This broken access control 
vulnerability  ...)
+       TODO: check
+CVE-2026-5120 (A Race Condition vulnerability affecting BIOVIA Workbook from 
Release  ...)
+       TODO: check
+CVE-2026-5051 (HashiCorp Vault and Vault Enterprise prior to 2.0.1 audit 
device valid ...)
+       TODO: check
+CVE-2026-58521 (Improper neutralization of special elements used in an SQL 
command ('S ...)
+       TODO: check
+CVE-2026-58520 (URL redirection to untrusted site ('open redirect') 
vulnerability in T ...)
+       TODO: check
+CVE-2026-58517 (Improper neutralization of input terminators vulnerability in 
The Wiki ...)
+       TODO: check
+CVE-2026-58454 (JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 
4.8.30.57701411 c ...)
+       TODO: check
+CVE-2026-58453 (JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 
4.8.30.57701411 c ...)
+       TODO: check
+CVE-2026-58452 (JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 
4.8.30.57701411 c ...)
+       TODO: check
+CVE-2026-58451 (Horde IMP before 7.0.1 contains a path traversal vulnerability 
in lib/ ...)
+       TODO: check
+CVE-2026-58399 (@acastellon/auth is an authentication control system for 
microservices ...)
+       TODO: check
+CVE-2026-58127 (PACSgear MediaWriter 5.2.1 exposes a .NET Remoting TCP service 
on port ...)
+       TODO: check
+CVE-2026-58126 (PACSgear PACS Scan 5.2.1 contains an unauthenticated remote 
code execu ...)
+       TODO: check
+CVE-2026-58038 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
+       TODO: check
+CVE-2026-58035 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
+       TODO: check
+CVE-2026-58034 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
+       TODO: check
+CVE-2026-58031 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
+       TODO: check
+CVE-2026-57737 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2026-57736 (Insertion of Sensitive Information Into Sent Data 
vulnerability in Hub ...)
+       TODO: check
+CVE-2026-57723 (Cross-Site Request Forgery (CSRF) vulnerability in e4jvikwp 
VikBooking ...)
+       TODO: check
+CVE-2026-57722 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2026-57721 (Missing Authorization vulnerability in WP Reloaded ApplyOnline 
allows  ...)
+       TODO: check
+CVE-2026-57720 (Missing Authorization vulnerability in Codexpert Inc 
ThumbPress allows ...)
+       TODO: check
+CVE-2026-57692 (Incorrect Privilege Assignment vulnerability in LCweb 
PrivateContent a ...)
+       TODO: check
+CVE-2026-57517 (Control Web Panel before 0.9.8.1225 contains a blind SQL 
injection vul ...)
+       TODO: check
+CVE-2026-57516 (Ray prior to 2.56.0 contains an unsafe deserialization 
vulnerability i ...)
+       TODO: check
+CVE-2026-56152 (Incorrect Authorization (CWE-863) in Elastic Defend can lead 
to unauth ...)
+       TODO: check
+CVE-2026-56151 (Improper Input Validation (CWE-20) in Kibana can lead to a 
denial of s ...)
+       TODO: check
+CVE-2026-56150 (Allocation of Resources Without Limits or Throttling (CWE-770) 
in Flee ...)
+       TODO: check
+CVE-2026-56149 (Allocation of Resources Without Limits or Throttling (CWE-770) 
in Elas ...)
+       TODO: check
+CVE-2026-56148 (Uncontrolled Recursion (CWE-674) in Elasticsearch can lead to 
a denial ...)
+       TODO: check
+CVE-2026-55628 (In versions prior to 7.1.2-26he, the `-concatenate` operation 
is missi ...)
+       TODO: check
+CVE-2026-55597 (ImageMagick is free and open-source software used for editing 
and mani ...)
+       TODO: check
+CVE-2026-55595 (ImageMagick is free and open-source software used for editing 
and mani ...)
+       TODO: check
+CVE-2026-55594 (ImageMagick is free and open-source software used for editing 
and mani ...)
+       TODO: check
+CVE-2026-55577 (ImageMagick is free and open-source software used for editing 
and mani ...)
+       TODO: check
+CVE-2026-55510 (ImageMagick is free and open-source software used for editing 
and mani ...)
+       TODO: check
+CVE-2026-54428 (Allocation of resources without limits or throttling in the 
HTTP/2 HPA ...)
+       TODO: check
+CVE-2026-54399 (Uncontrolled Resource Consumption vulnerability in the 
HTTP/1.1 messag ...)
+       TODO: check
+CVE-2026-53909 (MCO does not correctly validate types of uploaded files. File 
upload v ...)
+       TODO: check
+CVE-2026-53908 (MCO is vulnerable to User Enumeration through 
authentication-related f ...)
+       TODO: check
+CVE-2026-53907 (MCO is vulnerable to Stored Cross\u2011Site Scripting (XSS) 
via the ap ...)
+       TODO: check
+CVE-2026-53906 (MCO is vulnerable to Path Disclosure and Path Traversal in 
file handli ...)
+       TODO: check
+CVE-2026-53905 (MCO does not properly enforce authorization checks in the 
/customer/se ...)
+       TODO: check
+CVE-2026-53904 (MCO is vulnerable to Account Denial of Service due to improper 
impleme ...)
+       TODO: check
+CVE-2026-53903 (MCO is vulnerable to an Insecure Direct Object Reference 
(IDOR) vulner ...)
+       TODO: check
+CVE-2026-53902 (MCO does not properly enforce authorization checks in the 
/customer/se ...)
+       TODO: check
+CVE-2026-53467 (ImageMagick is free and open-source software used for editing 
and mani ...)
+       TODO: check
+CVE-2026-53466 (ImageMagick is free and open-source software used for editing 
and mani ...)
+       TODO: check
+CVE-2026-51947 (An issue in Pivotal CRM 6.6.4.08 and systems using 
patch-ghi-15381-cwe ...)
+       TODO: check
+CVE-2026-51946 (SQL Injection vulnerability in GoAdminGroup GoAdmin (last 
release v1.2 ...)
+       TODO: check
+CVE-2026-50043 (Improper neutralization of special elements used in an OS 
command ('OS ...)
+       TODO: check
+CVE-2026-49119 (Gradio before 6.16.0 contain a path traversal vulnerability in 
the Fil ...)
+       TODO: check
+CVE-2026-49091 (Improper Output Neutralization for Logs (CWE-117) in Kibana 
can lead t ...)
+       TODO: check
+CVE-2026-49090 (Uncontrolled Resource Consumption (CWE-400) in Elasticsearch 
can lead  ...)
+       TODO: check
+CVE-2026-49088 (Insertion of Sensitive Information into Log File (CWE-532) in 
Kibana c ...)
+       TODO: check
+CVE-2026-49087 (Allocation of Resources Without Limits or Throttling (CWE-770) 
in Kiba ...)
+       TODO: check
+CVE-2026-46680 (containerd is an open-source container runtime. In versions 
prior to 1 ...)
+       TODO: check
+CVE-2026-41121 (Dell Device Management Agent, versions prior to DDMA 26.05, 
contain an ...)
+       TODO: check
+CVE-2026-38142 (An unauthenticated command injection vulnerability in the 
/goform/fast ...)
+       TODO: check
+CVE-2026-34117 (Guardian language-system passes the id GET parameter directly 
into a P ...)
+       TODO: check
+CVE-2026-34116 (Guardian language-system passes the id GET parameter directly 
into a P ...)
+       TODO: check
+CVE-2026-34115 (Guardian language-system passes the id GET parameter directly 
into a P ...)
+       TODO: check
+CVE-2026-34114 (Guardian language-system passes the id GET parameter directly 
into a P ...)
+       TODO: check
+CVE-2026-34113 (Guardian language-system passes the id GET parameter directly 
into a P ...)
+       TODO: check
+CVE-2026-34112 (Guardian language-system passes the id GET parameter directly 
into a P ...)
+       TODO: check
+CVE-2026-34111 (Guardian language-system passes the id GET parameter directly 
into a P ...)
+       TODO: check
+CVE-2026-34110 (Guardian language-system passes the id GET parameter directly 
into a P ...)
+       TODO: check
+CVE-2026-34109 (Guardian language-system passes the id GET parameter directly 
into a P ...)
+       TODO: check
+CVE-2026-34108 (Guardian language-system passes the id GET parameter directly 
into a P ...)
+       TODO: check
+CVE-2026-34107 (Guardian language-system passes the id GET parameter directly 
into a P ...)
+       TODO: check
+CVE-2026-34106 (Guardian language-system passes the id GET parameter directly 
into a P ...)
+       TODO: check
+CVE-2026-34105 (Guardian language-system passes the id GET parameter directly 
into an  ...)
+       TODO: check
+CVE-2026-34104 (Guardian language-system passes the name GET parameter 
directly into a ...)
+       TODO: check
+CVE-2026-34103 (Guardian language-system passes the id GET parameter directly 
into an  ...)
+       TODO: check
+CVE-2026-34102 (Guardian language-system passes the id GET parameter directly 
into an  ...)
+       TODO: check
+CVE-2026-34101 (Guardian language-system passes the id GET parameter directly 
into an  ...)
+       TODO: check
+CVE-2026-34100 (Guardian language-system passes the id GET parameter directly 
into an  ...)
+       TODO: check
+CVE-2026-34099 (Guardian language-system passes the id GET parameter directly 
into an  ...)
+       TODO: check
+CVE-2026-34098 (Guardian language-system fails to sanitize the id GET 
parameter before ...)
+       TODO: check
+CVE-2026-34097 (Guardian language-system fails to sanitize the id GET 
parameter before ...)
+       TODO: check
+CVE-2026-34096 (Guardian language-system fails to sanitize the name GET 
parameter befo ...)
+       TODO: check
+CVE-2026-2891 (The following Poly Voice IP devices, CCX, Trio, and Edge E, 
might be i ...)
+       TODO: check
+CVE-2026-27435 (Missing Authorization vulnerability in WofficeIO Woffice 
allows Exploi ...)
+       TODO: check
+CVE-2026-27409 (Missing Authorization vulnerability in Webba Plugins Webba 
Booking all ...)
+       TODO: check
+CVE-2026-24270 (NVIDIA AIStore framework contains a vulnerability where an 
attacker co ...)
+       TODO: check
+CVE-2026-24266 (NVIDIA Triton Inference Server for Linux contains a 
vulnerability wher ...)
+       TODO: check
+CVE-2026-24264 (NVIDIA Triton Inference Server for Linux contains a 
vulnerability wher ...)
+       TODO: check
+CVE-2026-24260 (NVIDIA Container Toolkit for Linux contains a vulnerability 
where an a ...)
+       TODO: check
+CVE-2026-24251 (NVIDIA Megatron Bridge for Linux contains a vulnerability 
where an att ...)
+       TODO: check
+CVE-2026-24250 (NVIDIA Megatron Bridge for Linux contains a vulnerability 
where an att ...)
+       TODO: check
+CVE-2026-24249 (NVIDIA Megatron Bridge for Linux contains a vulnerability 
where an att ...)
+       TODO: check
+CVE-2026-24248 (NVIDIA Megatron Bridge for Linux contains a vulnerability 
where an att ...)
+       TODO: check
+CVE-2026-24247 (NVIDIA Megatron Bridge for Linux contains a vulnerability 
where an att ...)
+       TODO: check
+CVE-2026-24246 (NVIDIA Megatron Bridge for Linux contains a vulnerability 
where an att ...)
+       TODO: check
+CVE-2026-24245 (NVIDIA Megatron Bridge for Linux contains a vulnerability 
where an att ...)
+       TODO: check
+CVE-2026-24244 (NVIDIA Megatron Bridge for Linux contains a vulnerability 
where an att ...)
+       TODO: check
+CVE-2026-24243 (NVIDIA Megatron Bridge for Linux contains a vulnerability 
where an att ...)
+       TODO: check
+CVE-2026-24242 (NVIDIA Megatron Bridge for Linux contains a vulnerability 
where an att ...)
+       TODO: check
+CVE-2026-24240 (NVIDIA Megatron Bridge for Linux contains a vulnerability 
where an att ...)
+       TODO: check
+CVE-2026-20244 (A vulnerability in the DMG file format parser of ClamAV could 
allow an ...)
+       TODO: check
+CVE-2026-20243 (A vulnerability in the ALZ file format parser of ClamAV could 
allow an ...)
+       TODO: check
+CVE-2026-20217 (A vulnerability in the PESpin file format parser of ClamAV 
could allow ...)
+       TODO: check
+CVE-2026-20216 (A vulnerability in the InstallShield file format parser of 
ClamAV coul ...)
+       TODO: check
+CVE-2026-20215 (A vulnerability in the 7z file format parser of ClamAV could 
allow an  ...)
+       TODO: check
+CVE-2026-20214 (A vulnerability in the FSG file format parser of ClamAV could 
allow an ...)
+       TODO: check
+CVE-2026-20213 (A vulnerability in the PE file format parser of ClamAV could 
allow an  ...)
+       TODO: check
+CVE-2026-20191 (A vulnerability in Cisco Catalyst Center could allow an 
unauthenticate ...)
+       TODO: check
+CVE-2026-14358 (Improper neutralization of input during web page generation 
('cross-si ...)
+       TODO: check
+CVE-2026-14330 (Multiple unbounded alloca() calls in the PulseAudio protocol 
server.)
+       TODO: check
+CVE-2026-14324 (RAOP module accepts unbounded Content-Length values and does 
not check ...)
+       TODO: check
+CVE-2026-14258 (A flaw was found in dhcpcd's IPv6 Neighbor Discovery Router 
Advertisem ...)
+       TODO: check
+CVE-2026-14198 (@fastify/middie versions 9.1.0 through 9.3.2 decode the 
encoded slash  ...)
+       TODO: check
+CVE-2026-14181 (@fastify/middie versions 9.1.0 through 9.3.2 fail to guard the 
URL nor ...)
+       TODO: check
+CVE-2026-13769 (Overly permissive file permissions in AWS CLI before 1.44.78 
(v1) and  ...)
+       TODO: check
+CVE-2026-13760 (OS command injection in the NodejsFunction Docker bundling 
pipeline (O ...)
+       TODO: check
+CVE-2026-13733 (The Download Manager plugin for WordPress is vulnerable to 
Stored Cros ...)
+       TODO: check
+CVE-2026-13707 (Session fixation vulnerability in Wikimedia Foundation OAuth.  
 This v ...)
+       TODO: check
+CVE-2026-13706 (Improper input validation vulnerability in Wikimedia 
Foundation UrlSho ...)
+       TODO: check
+CVE-2026-13603 (The payment integration pretix-oppwa provides support  for the 
payment ...)
+       TODO: check
+CVE-2026-13602 (We found a chain of combining multiple weaknesses in the 
product that  ...)
+       TODO: check
+CVE-2026-13454 (The MotoPress Appointment Booking plugin for WordPress is 
vulnerable t ...)
+       TODO: check
+CVE-2026-13323 (In Open VSX Registry before 1.0.2, the /vscode/unpkg/ endpoint 
serves  ...)
+       TODO: check
+CVE-2026-13228 (The LatePoint \u2013 Calendar Booking Plugin for Appointments 
and Even ...)
+       TODO: check
+CVE-2026-13211 (The genucenter web interface before version 8.0p11 
unnecessarily expos ...)
+       TODO: check
+CVE-2026-12754 (The VikBooking Hotel Booking Engine & PMS plugin for WordPress 
is vuln ...)
+       TODO: check
+CVE-2026-12732 (The LearnPress plugin for WordPress is vulnerable to Stored 
Cross-Site ...)
+       TODO: check
+CVE-2026-12577 (DVP80ES3 with Improperly Implemented Security Check for 
Standard vulne ...)
+       TODO: check
+CVE-2026-12576 (DVP80ES3 with Improper Enforcement of Message Integrity During 
Transmi ...)
+       TODO: check
+CVE-2026-12575 (DVP80ES3 with Improper Resource Shutdown or Release 
vulnerability.)
+       TODO: check
+CVE-2026-12480 (Keras versions up to and including 3.13.2 are vulnerable to an 
arbitra ...)
+       TODO: check
+CVE-2026-12435 (The Motors \u2013 Car Dealership & Classified Listings Plugin 
plugin f ...)
+       TODO: check
+CVE-2026-12408 (The Slim SEO \u2013 A Fast & Automated SEO Plugin For 
WordPress plugin ...)
+       TODO: check
+CVE-2026-12374 (Improper certificate validation and a time-of-check 
time-of-use (TOCTO ...)
+       TODO: check
+CVE-2026-12224 (The Dokan Pro plugin for WordPress is vulnerable to privilege 
escalati ...)
+       TODO: check
+CVE-2026-12158 (The RegistrationMagic \u2013 User Registration Forms Plugin 
plugin for ...)
+       TODO: check
+CVE-2026-12142 (The NEX-Forms \u2013 Ultimate Forms Plugin for WordPress 
plugin for Wo ...)
+       TODO: check
+CVE-2026-11387 (The SMS Alert \u2013 SMS & OTP for WooCommerce, Order 
Notifications &  ...)
+       TODO: check
+CVE-2026-10540 (The Control-M/Enterprise Manager uses weak protections for 
stored hash ...)
+       TODO: check
+CVE-2026-10539 (A Control-M/Server communication command does not sufficiently 
filter  ...)
+       TODO: check
+CVE-2026-10538 (Messaging consumer functionality allows deserialization of 
user-contro ...)
+       TODO: check
+CVE-2026-10096 (The Qi Blocks plugin for WordPress is vulnerable to Insecure 
Direct Ob ...)
+       TODO: check
+CVE-2026-10095 (The WP Photo Album Plus plugin for WordPress is vulnerable to 
Stored C ...)
+       TODO: check
+CVE-2025-23351 (NVIDIA ConnectX and BlueField contain a vulnerability in the 
command i ...)
+       TODO: check
+CVE-2025-23350 (NVIDIA ConnectX and BlueField contain a vulnerability in the 
command i ...)
+       TODO: check
+CVE-2026-53351 (In the Linux kernel, the following vulnerability has been 
resolved:  r ...)
        - linux 7.0.13-1
        [trixie] - linux <not-affected> (Vulnerable code not present)
        [bookworm] - linux <not-affected> (Vulnerable code not present)
        [bullseye] - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/e3573f739e3dadab57ec80488d07e05c8f6e82d3 (7.1)
-CVE-2026-53348 [ASoC: SDCA: fix NULL pointer dereference in 
sdca_dev_unregister_functions]
+CVE-2026-53348 (In the Linux kernel, the following vulnerability has been 
resolved:  A ...)
        - linux 7.0.13-1
        [trixie] - linux <not-affected> (Vulnerable code not present)
        [bookworm] - linux <not-affected> (Vulnerable code not present)
        [bullseye] - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/e4c60a1d4b6ccc66aefb3789cd908d4f9482eefd (7.1)
-CVE-2026-53347 [drm/virtio: Fix driver removal with disabled KMS]
+CVE-2026-53347 (In the Linux kernel, the following vulnerability has been 
resolved:  d ...)
        - linux 7.0.13-1
        [trixie] - linux 6.12.94-1
        [bookworm] - linux <not-affected> (Vulnerable code not present)
        [bullseye] - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/f329e8325e054bd6d84d10904f8dd51137281b92 (7.1)
-CVE-2026-53346 [rust: arm64: set uwtable llvm module flag for 
CONFIG_UNWIND_TABLES]
+CVE-2026-53346 (In the Linux kernel, the following vulnerability has been 
resolved:  r ...)
        - linux 7.0.13-1
        [trixie] - linux 6.12.94-1
        [bookworm] - linux <not-affected> (Vulnerable code not present)
        [bullseye] - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/ac35b5580ace12e5d0a0b5e61e36d2c4e1ffa29c (7.1-rc7)
-CVE-2026-53344 [pinctrl: mcp23s08: Initialize mcp->dev and mcp->addr before 
regmap init]
+CVE-2026-53344 (In the Linux kernel, the following vulnerability has been 
resolved:  p ...)
        - linux 7.0.13-1
        [trixie] - linux <not-affected> (Vulnerable code not present)
        [bookworm] - linux <not-affected> (Vulnerable code not present)
        [bullseye] - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/8473c3a197b57ff01396f7a2ec6ddf65383820d4 (7.1)
-CVE-2026-53342 [arm64: mm: call pagetable dtor when freeing hot-removed page 
tables]
+CVE-2026-53342 (In the Linux kernel, the following vulnerability has been 
resolved:  a ...)
        - linux 7.0.13-1
        [trixie] - linux <not-affected> (Vulnerable code not present)
        [bookworm] - linux <not-affected> (Vulnerable code not present)
        [bullseye] - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/c594b83457ccdee76d458416fb3bc9348a37592f (7.1)
-CVE-2026-53340 [i2c: imx: fix clock and pinctrl state inconsistency in runtime 
PM]
+CVE-2026-53340 (In the Linux kernel, the following vulnerability has been 
resolved:  i ...)
        - linux 7.0.13-1
        [trixie] - linux <not-affected> (Vulnerable code not present)
        [bookworm] - linux <not-affected> (Vulnerable code not present)
        [bullseye] - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/8783fb8031799f1230997c16df8c8dce9fcd1841 (7.1)
-CVE-2026-53338 [net: airoha: Add NULL check for of_reserved_mem_lookup() in 
airoha_qdma_init_hfwd_queues()]
+CVE-2026-53338 (In the Linux kernel, the following vulnerability has been 
resolved:  n ...)
        - linux 7.0.13-1
        [trixie] - linux <not-affected> (Vulnerable code not present)
        [bookworm] - linux <not-affected> (Vulnerable code not present)
        [bullseye] - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/f9f25118faa4dd2b6e3d14a03d123bbdbd59925d (7.1)
-CVE-2026-53336 [nvmem: layouts: onie-tlv: fix hang on unknown types]
+CVE-2026-53336 (In the Linux kernel, the following vulnerability has been 
resolved:  n ...)
        - linux 7.0.13-1
        [trixie] - linux 6.12.94-1
        [bookworm] - linux <not-affected> (Vulnerable code not present)
        [bullseye] - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/ea41020b9018e31c2ea7e9d89021e3e6d7470883 (7.1)
-CVE-2026-53335 [mm/damon/lru_sort: handle ctx allocation failure]
+CVE-2026-53335 (In the Linux kernel, the following vulnerability has been 
resolved:  m ...)
        - linux 7.0.13-1
        [trixie] - linux <not-affected> (Vulnerable code not present)
        [bookworm] - linux <not-affected> (Vulnerable code not present)
        [bullseye] - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/ab04340b5ae5d52c1d46b750538febcde9d889e7 (7.1)
-CVE-2026-53334 [mm/damon/reclaim: handle ctx allocation failure]
+CVE-2026-53334 (In the Linux kernel, the following vulnerability has been 
resolved:  m ...)
        - linux 7.0.13-1
        [trixie] - linux <not-affected> (Vulnerable code not present)
        [bookworm] - linux <not-affected> (Vulnerable code not present)
        [bullseye] - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/7e2ed8a29427af534bf2cb9b8bc51762b8b6e654 (7.1)
-CVE-2026-53333 [mm/mincore: handle non-swap entries before !CONFIG_SWAP guard]
+CVE-2026-53333 (In the Linux kernel, the following vulnerability has been 
resolved:  m ...)
        - linux 7.0.13-1
        [trixie] - linux <not-affected> (Vulnerable code not present)
        [bookworm] - linux <not-affected> (Vulnerable code not present)
        [bullseye] - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/0c25b8734367574e21aeb8468c2e522713134da7 (7.1)
-CVE-2026-53328 [sched_ext: Don't warn on NULL cgrp_moving_from in 
scx_cgroup_move_task()]
+CVE-2026-53328 (In the Linux kernel, the following vulnerability has been 
resolved:  s ...)
        - linux 7.0.13-1
        [trixie] - linux 6.12.94-1
        [bookworm] - linux <not-affected> (Vulnerable code not present)
        [bullseye] - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/02e545c4297a26dbbc41df81b831e7f605bcd306 (7.1-rc7)
-CVE-2026-53326 [debugobjects: Don't call fill_pool() in early boot hardirq 
context]
+CVE-2026-53326 (In the Linux kernel, the following vulnerability has been 
resolved:  d ...)
        - linux 7.0.13-1
        [trixie] - linux <not-affected> (Vulnerable code not present)
        [bookworm] - linux <not-affected> (Vulnerable code not present)
        [bullseye] - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/0d046ae106255cba5eb83b23f78ee93f3620247d (7.1)
-CVE-2026-53356 [drm/i915/gem: Fix phys BO pread/pwrite with offset]
+CVE-2026-53356 (In the Linux kernel, the following vulnerability has been 
resolved:  d ...)
        - linux 7.0.13-1
        [trixie] - linux 6.12.94-1
        NOTE: 
https://git.kernel.org/linus/d21ad938398bca695a511307de38a65889e3b354 (7.1)
-CVE-2026-53355 [net: rds: clear i_sends on setup unwind]
+CVE-2026-53355 (In the Linux kernel, the following vulnerability has been 
resolved:  n ...)
        - linux 7.0.13-1
        [trixie] - linux 6.12.94-1
        NOTE: 
https://git.kernel.org/linus/20cf0fb715c41111469577e85e35d15f099473e0 (7.1-rc7)
-CVE-2026-53354 [arm64: errata: Mitigate TLBI errata on various Arm CPUs]
+CVE-2026-53354 (In the Linux kernel, the following vulnerability has been 
resolved:  a ...)
        - linux 7.0.13-1
        [trixie] - linux 6.12.94-1
        NOTE: 
https://git.kernel.org/linus/cfd391e74134db664feb499d43af286380b10ba8 (7.2-rc1)
-CVE-2026-53353 [hsr: Remove WARN_ONCE() in hsr_addr_is_self().]
+CVE-2026-53353 (In the Linux kernel, the following vulnerability has been 
resolved:  h ...)
        - linux 7.0.13-1
        [trixie] - linux 6.12.94-1
        NOTE: 
https://git.kernel.org/linus/afd0f17ca46258cec3a5cc48b8df9327fe772490 (7.1-rc7)
-CVE-2026-53352 [signal: clear JOBCTL_PENDING_MASK for caller in 
zap_other_threads()]
+CVE-2026-53352 (In the Linux kernel, the following vulnerability has been 
resolved:  s ...)
        - linux 7.0.13-1
        [trixie] - linux 6.12.94-1
        NOTE: 
https://git.kernel.org/linus/90918794a4e2c3b440f8fcf3847765a8b1d81b25 (7.1-rc7)
-CVE-2026-53350 [ASoC: wm_adsp: Fix NULL dereference when removing firmware 
controls]
+CVE-2026-53350 (In the Linux kernel, the following vulnerability has been 
resolved:  A ...)
        - linux 7.0.13-1
        [trixie] - linux 6.12.94-1
        [bullseye] - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/7d3fb78b550301e43fdc60312aed733069694426 (7.1)
-CVE-2026-53349 [netfilter: nf_conntrack: destroy stale expectfn expectations 
on unregister]
+CVE-2026-53349 (In the Linux kernel, the following vulnerability has been 
resolved:  n ...)
        - linux 7.0.13-1
        [trixie] - linux 6.12.94-1
        NOTE: 
https://git.kernel.org/linus/c3009418f9fa1dcb3eb86f4d8c92583537b5faa3 (7.1)
-CVE-2026-53345 [KVM: Don't WARN if memory is dirtied without a vCPU when the 
VM is dying]
+CVE-2026-53345 (In the Linux kernel, the following vulnerability has been 
resolved:  K ...)
        - linux 7.0.13-1
        [trixie] - linux 6.12.94-1
        NOTE: 
https://git.kernel.org/linus/8618004d3e897c0f1b71d9a9ab860461289bb89a (7.1-rc7)
-CVE-2026-53343 [ARM: 9475/1: entry: use byte load for KASAN VMAP stack shadow]
+CVE-2026-53343 (In the Linux kernel, the following vulnerability has been 
resolved:  A ...)
        - linux 7.0.13-1
        [trixie] - linux 6.12.94-1
        [bullseye] - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/77a1f6883dc6e837bb2cb30b9b02e2f94338e2c6 (7.1)
-CVE-2026-53341 [fhandle: fix UAF due to unlocked ->mnt_ns read in 
may_decode_fh()]
+CVE-2026-53341 (In the Linux kernel, the following vulnerability has been 
resolved:  f ...)
        - linux 7.0.13-1
        [bookworm] - linux <not-affected> (Vulnerable code not present)
        [bullseye] - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/40ab6644b99685755f740b872c00ef40d9aa870e (7.1-rc7)
-CVE-2026-53339 [i2c: qcom-cci: Fix NULL pointer dereference in cci_remove()]
+CVE-2026-53339 (In the Linux kernel, the following vulnerability has been 
resolved:  i ...)
        - linux 7.0.13-1
        [trixie] - linux 6.12.94-1
        NOTE: 
https://git.kernel.org/linus/729ac5a4b966aac42e08a94dea966f4429008548 (7.1)
-CVE-2026-53337 [net: bonding: fix NULL pointer dereference in bond_do_ioctl()]
+CVE-2026-53337 (In the Linux kernel, the following vulnerability has been 
resolved:  n ...)
        - linux 7.0.13-1
        [trixie] - linux 6.12.94-1
        NOTE: 
https://git.kernel.org/linus/a764b0e8317a863006e05732e1aefe821b9d8c2d (7.1-rc7)
-CVE-2026-53332 [slimbus: qcom-ngd-ctrl: Register callbacks after creating the 
ngd]
+CVE-2026-53332 (In the Linux kernel, the following vulnerability has been 
resolved:  s ...)
        - linux 7.0.13-1
        [trixie] - linux 6.12.94-1
        NOTE: 
https://git.kernel.org/linus/2a9d50e9ea406e0c8735938484adc20515ef1b47 (7.1)
-CVE-2026-53331 [slimbus: qcom-ngd-ctrl: Avoid ABBA on tx_lock/ctrl->lock]
+CVE-2026-53331 (In the Linux kernel, the following vulnerability has been 
resolved:  s ...)
        - linux 7.0.13-1
        [trixie] - linux 6.12.94-1
        [bullseye] - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/55f2ea9ff83cc27a85526b14bc9b32f96a08d6ec (7.1)
-CVE-2026-53330 [drm/amd/display: Fix out-of-bounds read in 
dp_get_eq_aux_rd_interval()]
+CVE-2026-53330 (In the Linux kernel, the following vulnerability has been 
resolved:  d ...)
        - linux 7.0.13-1
        NOTE: 
https://git.kernel.org/linus/e8b4d37eba05141ee01794fc6b7f2da808cee83b (7.1-rc7)
-CVE-2026-53329 [drm/amd/display: Use krealloc_array() in dal_vector_reserve()]
+CVE-2026-53329 (In the Linux kernel, the following vulnerability has been 
resolved:  d ...)
        - linux 7.0.13-1
        [trixie] - linux 6.12.94-1
        NOTE: 
https://git.kernel.org/linus/da48bc4461b8a5ebfb9264c9b191a701d8e99009 (7.1-rc7)
-CVE-2026-53327 [debugobjects: Do not fill_pool() if pi_blocked_on]
+CVE-2026-53327 (In the Linux kernel, the following vulnerability has been 
resolved:  d ...)
        - linux 7.0.13-1
        [bullseye] - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/5f41161059fd0f1bbf18c90f3180e38cc45a14eb (7.1-rc5)
@@ -552,7 +872,7 @@ CVE-2025-15666 (A security vulnerability has been detected 
in Open Asset Import
        TODO: check
 CVE-2025-12530 (IBM watsonx.data intelligence 5.2.2, 5.3.0, 5.3.1, 5.3.1 
through patch ...)
        NOT-FOR-US: IBM
-CVE-2026-56016
+CVE-2026-56016 (CGI::Session::ID::md5 versions before 4.49 for Perl generate 
predictab ...)
        - libcgi-session-perl 4.49-1 (bug #1141197)
        [trixie] - libcgi-session-perl <no-dsa> (Minor issue)
        NOTE: https://lists.security.metacpan.org/cve-announce/msg/41439279/
@@ -1982,59 +2302,59 @@ CVE-2025-24816 (Nokia MantaRay is subject to an 
Improper Access Control vulnerab
        NOT-FOR-US: Nokia
 CVE-2025-24815 (Nokia MantaRay NM is subject to an unrestricted file upload 
vulnerabil ...)
        NOT-FOR-US: Nokia
-CVE-2026-58030 [Escape linelinks argument before passing it on to Pygments]
+CVE-2026-58030 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
        - mediawiki <unfixed>
        NOTE: https://phabricator.wikimedia.org/T427167
        NOTE: 
https://gerrit.wikimedia.org/r/c/mediawiki/extensions/SyntaxHighlight_GeSHi/+/1306180
 (master)
        NOTE: 
https://gerrit.wikimedia.org/r/c/mediawiki/extensions/SyntaxHighlight_GeSHi/+/1306191
 (REL1_43)
-CVE-2026-58027 [Hide hit count for private/protected filters in API]
+CVE-2026-58027 (Exposure of Sensitive Information to an Unauthorized Actor 
vulnerabili ...)
        - mediawiki <unfixed>
        NOTE: https://phabricator.wikimedia.org/T406954
        NOTE: 
https://gerrit.wikimedia.org/r/c/mediawiki/extensions/AbuseFilter/+/1306182 
(master)
        NOTE: 
https://gerrit.wikimedia.org/r/c/mediawiki/extensions/AbuseFilter/+/1306181 
(REL1_43)
-CVE-2026-58025 [Safely unserialize log entry parameters]
+CVE-2026-58025 (Deserialization of untrusted data vulnerability in Wikimedia 
Foundatio ...)
        - mediawiki <unfixed>
        NOTE: https://phabricator.wikimedia.org/T422244
        NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1306343 (master)
        NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1306363 
(REL1_43)
-CVE-2026-58037 [LogFormatter: 'raw' parameter format is no longer raw HTML]
+CVE-2026-58037 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
        - mediawiki <unfixed>
        NOTE: https://phabricator.wikimedia.org/T422995
        NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1306232 (master)
        NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1306314 
(REL1_43)
-CVE-2026-58029 [Check for editmyprivateinfo right in more places]
+CVE-2026-58029 (Vulnerability in Wikimedia Foundation MediaWiki.   This 
vulnerability  ...)
        - mediawiki <unfixed>
        NOTE: http://phabricator.wikimedia.org/T422676
        NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1306215 (master)
        NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1306313 
(REL1_43)
-CVE-2026-58024 [Restrict interwiki user lookup in ApiUserrights]
+CVE-2026-58024 (Exposure of Sensitive Information to an Unauthorized Actor 
vulnerabili ...)
        - mediawiki <unfixed>
        NOTE: https://phabricator.wikimedia.org/T422085
        NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1268588 (master)
        NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1306312 
(REL1_43)
-CVE-2026-58026 [Make sure the actual title that's being transcluded is 
includable]
+CVE-2026-58026 (Exposure of Sensitive Information to an Unauthorized Actor 
vulnerabili ...)
        - mediawiki <unfixed>
        NOTE: http://phabricator.wikimedia.org/T299359
        NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1306214 (master)
        NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1306311 
(REL1_43)
-CVE-2026-58032 [mw.Api.getErrorMessage: Treat formatversion=1 as text]
+CVE-2026-58032 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
        - mediawiki <unfixed>
        NOTE: https://phabricator.wikimedia.org/T426867
        NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1306213 (master)
        NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1306310 
(REL1_43)
-CVE-2026-58033 [Exclude rev-deleted usernames from distinct authors query]
+CVE-2026-58033 (Exposure of Sensitive Information to an Unauthorized Actor 
vulnerabili ...)
        - mediawiki <unfixed>
        NOTE: https://phabricator.wikimedia.org/T427235
        NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1306212 (master)
        NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1306309 
(REL1_43)
-CVE-2026-58028 [Disallow user JS in pretty-print api.php responses]
+CVE-2026-58028 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
        - mediawiki <unfixed>
        NOTE: http://phabricator.wikimedia.org/T422306
        NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1306211 (master)
        NOTE: 
https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CentralAuth/+/1306216 
(master)
        NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1306308 
(REL1_43)
        NOTE: 
https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CentralAuth/+/1306320 
(REL1_43)
-CVE-2026-58036 [Fix ApiQueryUsers leaking status ofprivate user conditions for 
user]
+CVE-2026-58036 (Exposure of Sensitive Information to an Unauthorized Actor 
vulnerabili ...)
        - mediawiki <not-affected> (Only affects 1.46 and later)
        NOTE: https://phabricator.wikimedia.org/T425406
        NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1306035 (master)
@@ -2710,7 +3030,7 @@ CVE-2025-2902 (Improper Authorization Vulnerability of 
Maintenance Utility in Hi
        NOT-FOR-US: Hitachi
 CVE-2025-0824 (Lack of validation for firmware updatein Hitachi Hitachi 
Virtual Stora ...)
        NOT-FOR-US: Hitachi
-CVE-2026-50160
+CVE-2026-50160 (Hoppscotch is an API development ecosystem. In self-hosted 
deployments ...)
        NOT-FOR-US: Hoppscotch
 CVE-2026-53325 (In the Linux kernel, the following vulnerability has been 
resolved:  a ...)
        - linux <unfixed>
@@ -4407,6 +4727,7 @@ CVE-2026-54822 (Subscriber SQL Injection in SALESmanago & 
Leadoo <= 3.11.2 versi
 CVE-2026-54821 (Subscriber Sensitive Data Exposure in Visual Link Preview <= 
2.3.1 ver ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2026-54679 (jq is a command-line JSON processor. Prior to 1.8.2, on 32bit 
system,  ...)
+       {DLA-4662-1 DLA-4661-1}
        - jq 1.8.2-1
        NOTE: 
https://github.com/jqlang/jq/security/advisories/GHSA-29gj-222p-j7vx
 CVE-2026-54573 (Outline is a service that allows for collaborative 
documentation. Prio ...)
@@ -9245,16 +9566,16 @@ CVE-2026-52908 (In the Linux kernel, the following 
vulnerability has been resolv
        [bookworm] - linux <not-affected> (Vulnerable code not present)
        [bullseye] - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/badad6fad60def1b9805559dd81dbab3d97b82aa (7.1)
-CVE-2026-47262
+CVE-2026-47262 (containerd is an open-source container runtime. Versions prior 
to 1.7. ...)
        - containerd 2.1.9+ds1-1 (bug #1140385)
        NOTE: 
https://github.com/containerd/containerd/security/advisories/GHSA-jpcc-p29g-p8mq
-CVE-2026-53489
+CVE-2026-53489 (containerd is an open-source container runtime. Versions prior 
to 2.3. ...)
        - containerd 2.1.9+ds1-1 (bug #1140385)
        [trixie] - containerd <not-affected> (Vulnerable code not present, only 
affects 2.x)
        [bookworm] - containerd <not-affected> (Vulnerable code not present, 
only affects 2.x)
        [bullseye] - containerd <not-affected> (Vulnerable code not present, 
only affects 2.x)
        NOTE: 
https://github.com/containerd/containerd/security/advisories/GHSA-rgh6-rfwx-v388
-CVE-2026-53492
+CVE-2026-53492 (containerd is an open-source container runtime. In Versions 
prior to 2 ...)
        - containerd 2.1.9+ds1-1 (bug #1140385)
        [trixie] - containerd <not-affected> (Vulnerable code not present, only 
affects 2.x)
        [bookworm] - containerd <not-affected> (Vulnerable code not present, 
only affects 2.x)
@@ -9263,7 +9584,7 @@ CVE-2026-53492
 CVE-2026-53488 (containerd is an open-source container runtime. In versions 
prior to 1 ...)
        - containerd 2.1.9+ds1-1 (bug #1140385)
        NOTE: 
https://github.com/containerd/containerd/security/advisories/GHSA-xhf5-7wjv-pqxp
-CVE-2026-50195
+CVE-2026-50195 (containerd is an open-source container runtime. Versions prior 
to 2.3. ...)
        - containerd 2.1.9+ds1-1 (bug #1140385)
        [trixie] - containerd <not-affected> (Vulnerable code not present, only 
affects 2.x)
        [bookworm] - containerd <not-affected> (Vulnerable code not present, 
only affects 2.x)
@@ -15043,6 +15364,7 @@ CVE-2026-11791 (A flaw was found in 389 Directory 
Server. During schema reload,
        - 389-ds-base <unfixed> (bug #1139816)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2485414
 CVE-2026-49839 (jq is a command-line JSON processor. Prior to 1.8.2,` jq 
--rawfile` ca ...)
+       {DLA-4662-1 DLA-4661-1}
        - jq 1.8.1-8
        NOTE: 
https://github.com/jqlang/jq/security/advisories/GHSA-cfh2-vwfq-qfmm
 CVE-2026-44236
@@ -17518,7 +17840,7 @@ CVE-2026-49261 (MariaDB server is a community developed 
fork of MySQL server. Ve
        NOTE: 
https://mariadb.com/docs/release-notes/community-server/11.8/11.8.8
        NOTE: 
https://github.com/MariaDB/server/security/advisories/GHSA-3p3m-4x7c-p4pw
        NOTE: https://jira.mariadb.org/browse/MDEV-39721
-CVE-2025-15646
+CVE-2025-15646 (HTML::Gumbo versions before 0.19 for Perl disclose heap memory 
via typ ...)
        - libhtml-gumbo-perl 0.18-5 (bug #1104789)
        [bookworm] - libhtml-gumbo-perl <no-dsa> (Minor issue; to be fixed in 
point release)
        [bullseye] - libhtml-gumbo-perl <postponed> (Minor issue)
@@ -25994,6 +26316,7 @@ CVE-2026-48805
        [bookworm] - php-twig <ignored> (Minor issue, too intrusive to backport)
        NOTE: 
https://symfony.com/blog/cve-2026-48805-sandbox-state-regression-in-deprecated-internal-wrappers-in-src-resources-core-php
 CVE-2026-47770 (jq is a command-line JSON processor. Prior to 1.8.2, comparing 
two suf ...)
+       {DLA-4662-1 DLA-4661-1}
        - jq 1.8.1-7
        NOTE: 
https://github.com/jqlang/jq/commit/7122866869960b55cea3646bc91334ef55787831
        NOTE: https://github.com/jqlang/jq/pull/3539
@@ -35945,7 +36268,7 @@ CVE-2026-44992 (OpenClaw versions 2026.4.5 before 
2026.4.20 contain an environme
 CVE-2026-44991 (OpenClaw before 2026.4.21 contains an authorization bypass 
vulnerabili ...)
        NOT-FOR-US: OpenClaw
 CVE-2026-44777 (jq is a command-line JSON processor. In 1.8.2rc1 and earlier, 
the ordi ...)
-       {DLA-4599-1}
+       {DLA-4662-1 DLA-4599-1}
        - jq 1.8.1-6 (bug #1136445)
        [trixie] - jq <no-dsa> (Minor issue)
        NOTE: 
https://github.com/jqlang/jq/security/advisories/GHSA-rmpv-jgvr-wpr9
@@ -35986,15 +36309,16 @@ CVE-2026-43968 (Improper Neutralization of CRLF 
Sequences ('CRLF Injection') vul
        NOTE: https://osv.dev/vulnerability/EEF-CVE-2026-43968
        NOTE: 
https://github.com/ninenines/cowlib/commit/6165fc40efa159ba1cceee7e7981e790acba5d9c
 CVE-2026-43896 (jq is a command-line JSON processor. In 1.8.1 and earlier, 
unbounded r ...)
-       {DLA-4599-1}
+       {DLA-4662-1 DLA-4599-1}
        - jq 1.8.1-6 (bug #1136445)
        [trixie] - jq <no-dsa> (Minor issue)
        NOTE: 
https://github.com/jqlang/jq/security/advisories/GHSA-mg96-6h3q-g846
 CVE-2026-43895 (jq is a command-line JSON processor. In 1.8.1 and earlier, jq 
accepts  ...)
-       {DLA-4599-1}
+       {DLA-4662-1 DLA-4599-1}
        - jq 1.8.1-6 (bug #1136445)
        NOTE: 
https://github.com/jqlang/jq/security/advisories/GHSA-7q7g-mrq3-phxr
 CVE-2026-43894 (jq is a command-line JSON processor. In 1.8.1 and earlier, 
when decNum ...)
+       {DLA-4662-1 DLA-4661-1}
        - jq 1.8.1-6 (bug #1136445)
        NOTE: 
https://github.com/jqlang/jq/security/advisories/GHSA-5v7p-2r57-2g4g
 CVE-2026-43826 (The OpenSearch logging provider, when configured with a `host` 
URL tha ...)
@@ -36069,12 +36393,12 @@ CVE-2026-41951 (Path traversal vulnerability exists 
in GROWI v7.5.0 and earlier,
 CVE-2026-41431 (Zen is a firefox-based browser. Prior to 1.19.9b, Zen Browser 
ships a  ...)
        NOT-FOR-US: Zen
 CVE-2026-41257 (jq is a command-line JSON processor. In 1.8.1 and earlier, the 
jq byte ...)
-       {DLA-4599-1}
+       {DLA-4662-1 DLA-4599-1}
        - jq 1.8.1-6 (bug #1136445)
        [trixie] - jq <no-dsa> (Minor issue)
        NOTE: 
https://github.com/jqlang/jq/security/advisories/GHSA-4jm8-m363-4539
 CVE-2026-41256 (jq is a command-line JSON processor. In 1.8.1 and earlier, 
Top-level j ...)
-       {DLA-4599-1}
+       {DLA-4662-1 DLA-4599-1}
        - jq 1.8.1-6 (bug #1136445)
        [trixie] - jq <no-dsa> (Minor issue)
        NOTE: 
https://github.com/jqlang/jq/security/advisories/GHSA-vf2h-chrj-q3fg
@@ -52830,7 +53154,7 @@ CVE-2026-40169 (ImageMagick is free and open-source 
software used for editing an
        NOTE: 
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5592-p365-24xh
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/f86452a8aea37bf2b4bd36127f836dcc5f138b38
 (7.1.2-19)
 CVE-2026-40164 (jq is a command-line JSON processor. Before commit 
0c7d133c3c7e37c00b6 ...)
-       {DLA-4599-1}
+       {DLA-4662-1 DLA-4599-1}
        - jq 1.8.1-5 (bug #1133921)
        [trixie] - jq 1.7.1-6+deb13u2
        NOTE: 
https://github.com/jqlang/jq/security/advisories/GHSA-wwj8-gxm6-jc29
@@ -52838,13 +53162,13 @@ CVE-2026-40164 (jq is a command-line JSON processor. 
Before commit 0c7d133c3c7e3
 CVE-2026-3017 (The Smart Post Show \u2013 Post Grid, Post Carousel & Slider, 
and List ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-39979 (jq is a command-line JSON processor. In commits before 
2f09060afab23fe ...)
-       {DLA-4599-1}
+       {DLA-4662-1 DLA-4599-1}
        - jq 1.8.1-5 (bug #1133921)
        [trixie] - jq 1.7.1-6+deb13u2
        NOTE: 
https://github.com/jqlang/jq/security/advisories/GHSA-2hhh-px8h-355p
        NOTE: Fixed by: 
https://github.com/jqlang/jq/commit/2f09060afab23fe9390cce7cb860b10416e1bf5f
 CVE-2026-39956 (jq is a command-line JSON processor. In commits after 
69785bf77f86e2ea ...)
-       {DLA-4599-1}
+       {DLA-4662-1 DLA-4599-1}
        - jq 1.8.1-5 (bug #1133921)
        [trixie] - jq 1.7.1-6+deb13u2
        NOTE: 
https://github.com/jqlang/jq/security/advisories/GHSA-6gc3-3g9p-xx28
@@ -52892,13 +53216,13 @@ CVE-2026-34225 (Open WebUI is a self-hosted 
artificial intelligence platform des
 CVE-2026-34069 (nimiq/core-rs-albatross is a Rust implementation of the Nimiq 
Proof-of ...)
        NOT-FOR-US: nimiq/core-rs-albatross
 CVE-2026-33948 (jq is a command-line JSON processor. Commits before 
6374ae0bcdfe33a18e ...)
-       {DLA-4599-1}
+       {DLA-4662-1 DLA-4599-1}
        - jq 1.8.1-5 (bug #1133921)
        [trixie] - jq 1.7.1-6+deb13u2
        NOTE: 
https://github.com/jqlang/jq/security/advisories/GHSA-32cx-cvvh-2wj9
        NOTE: Fixed by: 
https://github.com/jqlang/jq/commit/6374ae0bcdfe33a18eb0ae6db28493b1f34a0a5b
 CVE-2026-33947 (jq is a command-line JSON processor. In versions 1.8.1 and 
below, func ...)
-       {DLA-4599-1}
+       {DLA-4662-1 DLA-4599-1}
        - jq 1.8.1-5 (bug #1133921)
        [trixie] - jq 1.7.1-6+deb13u2
        NOTE: 
https://github.com/jqlang/jq/security/advisories/GHSA-xwrw-4f8h-rjvg
@@ -53164,7 +53488,7 @@ CVE-2026-33555 (An issue was discovered in HAProxy 
before 3.3.6. The HTTP/3 pars
        NOTE: Fixed by: 
https://git.haproxy.org/?p=haproxy-3.0.git;a=commit;h=425b969d6ea4114f4ae260f57802c65ccafc319c
 (v3.0.19)
        NOTE: Fixed by: 
https://git.haproxy.org/?p=haproxy-2.6.git;a=commit;h=3d8388d089170f8544c4a43bf0575f296c885f94
 (v2.6.25)
 CVE-2026-32316 (jq is a command-line JSON processor. An integer overflow 
vulnerability ...)
-       {DLA-4599-1}
+       {DLA-4662-1 DLA-4599-1}
        - jq 1.8.1-5 (bug #1133921)
        [trixie] - jq 1.7.1-6+deb13u2
        NOTE: 
https://github.com/jqlang/jq/security/advisories/GHSA-q3h9-m34w-h76f
@@ -66342,7 +66666,7 @@ CVE-2026-33306 (bcrypt-ruby is a Ruby binding for the 
OpenBSD bcrypt() password
        NOTE: Fixed by: 
https://github.com/bcrypt-ruby/bcrypt-ruby/commit/5faa2748331d3edc661c127ef2fbb3afcb6b02a4
 (v3.1.22)
 CVE-2026-23538
        NOT-FOR-US: Feast
-CVE-2026-23537
+CVE-2026-23537 (A vulnerability has been identified in the Feast Feature 
Server\u2019s ...)
        NOT-FOR-US: Feast
 CVE-2026-4540 (A vulnerability was detected in projectworlds Online Notes 
Sharing Sys ...)
        NOT-FOR-US: Project Worlds



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/39130f32e9a0643c327c8cabb170b7393848e285

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/39130f32e9a0643c327c8cabb170b7393848e285
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to