[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Apr 3 20:14:10 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4bdf48f9 by security tracker role at 2026-04-03T19:14:03+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,318 +1,402 @@
-CVE-2026-31404 [NFSD: Defer sub-object cleanup in export put callbacks]
+CVE-2026-5476 (A vulnerability was identified in NASA cFS up to 7.0.0 on 32-bit. Affe ...)
+ TODO: check
+CVE-2026-5475 (A vulnerability was determined in NASA cFS up to 7.0.0. This impacts t ...)
+ TODO: check
+CVE-2026-5474 (A vulnerability was found in NASA cFS up to 7.0.0. This affects the fu ...)
+ TODO: check
+CVE-2026-5473 (A vulnerability has been found in NASA cFS up to 7.0.0. The impacted e ...)
+ TODO: check
+CVE-2026-5472 (A flaw has been found in ProjectsAndPrograms School Management System ...)
+ TODO: check
+CVE-2026-5471 (A vulnerability was detected in Investory Toy Planet Trouble App up to ...)
+ TODO: check
+CVE-2026-5470 (A security vulnerability has been detected in mixelpixx Google-Researc ...)
+ TODO: check
+CVE-2026-5469 (A weakness has been identified in Casdoor 2.356.0. This vulnerability ...)
+ TODO: check
+CVE-2026-5468 (A security flaw has been discovered in Casdoor 2.356.0. This affects t ...)
+ TODO: check
+CVE-2026-5467 (A vulnerability was identified in Casdoor 2.356.0. Affected by this is ...)
+ TODO: check
+CVE-2026-5462 (A vulnerability was identified in Wahoo Fitness SYSTM App up to 7.2.1 ...)
+ TODO: check
+CVE-2026-5458 (A weakness has been identified in Noelse Individuals & Pro App up to 2 ...)
+ TODO: check
+CVE-2026-4350 (The Perfmatters plugin for WordPress is vulnerable to arbitrary file d ...)
+ TODO: check
+CVE-2026-4108 (Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are ...)
+ TODO: check
+CVE-2026-4107 (Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are ...)
+ TODO: check
+CVE-2026-3880 (Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are ...)
+ TODO: check
+CVE-2026-3879 (Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are ...)
+ TODO: check
+CVE-2026-35218 (Budibase is an open-source low-code platform. Prior to version 3.32.5, ...)
+ TODO: check
+CVE-2026-35216 (Budibase is an open-source low-code platform. Prior to version 3.33.4, ...)
+ TODO: check
+CVE-2026-35214 (Budibase is an open-source low-code platform. Prior to version 3.33.4, ...)
+ TODO: check
+CVE-2026-32186 (Microsoft Bing Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2026-31818 (Budibase is an open-source low-code platform. Prior to version 3.33.4, ...)
+ TODO: check
+CVE-2026-28756 (Zohocorp ManageEngine Exchange Reporter Plusversions before 5802 are v ...)
+ TODO: check
+CVE-2026-28754 (Zohocorp ManageEngine Exchange Reporter Plusversions before 5802 are v ...)
+ TODO: check
+CVE-2026-28736 (** UNSUPPORTED WHEN ASSIGNED ** Focalboard version 8.0 fails to valida ...)
+ TODO: check
+CVE-2026-28703 (Zohocorp ManageEngine Exchange Reporter Plusversions before 5802 are v ...)
+ TODO: check
+CVE-2026-28373 (The Stackfield Desktop App before 1.10.2 for macOS and Windows contain ...)
+ TODO: check
+CVE-2026-27655 (Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are ...)
+ TODO: check
+CVE-2026-27124 (FastMCP is the standard framework for building MCP applications. Prior ...)
+ TODO: check
+CVE-2026-26477 (An issue in Dokuwiki v.2025-05-14b 'Librarian' allows a remote attacke ...)
+ TODO: check
+CVE-2026-25773 (** UNSUPPORTED WHEN ASSIGNED ** Focalboard version 8.0 fails to saniti ...)
+ TODO: check
+CVE-2026-25118 (immich is a high performance self-hosted photo and video management so ...)
+ TODO: check
+CVE-2026-25044 (Budibase is an open-source low-code platform. Prior to version 3.33.4, ...)
+ TODO: check
+CVE-2026-25043 (Budibase is an open-source low-code platform. Prior to version 3.23.25 ...)
+ TODO: check
+CVE-2026-0545 (In mlflow/mlflow, the FastAPI job endpoints under `/ajax-api/3.0/jobs/ ...)
+ TODO: check
+CVE-2025-7024 (Incorrect Default Permissions vulnerability in AIRBUS PSS TETRA Connec ...)
+ TODO: check
+CVE-2025-68153 (Juju is an open source application orchestration engine that enables a ...)
+ TODO: check
+CVE-2025-68152 (Juju is an open source application orchestration engine that enables a ...)
+ TODO: check
+CVE-2025-64340 (FastMCP is the standard framework for building MCP applications. Prior ...)
+ TODO: check
+CVE-2025-59711 (An issue was discovered in Biztalk360 before 11.5. Because of mishandl ...)
+ TODO: check
+CVE-2025-59710 (An issue was discovered in Biztalk360 before 11.5. Because of incorrec ...)
+ TODO: check
+CVE-2025-59709 (An issue was discovered in Biztalk360 through 11.5. because of mishand ...)
+ TODO: check
+CVE-2026-31404 (In the Linux kernel, the following vulnerability has been resolved: N ...)
- linux 6.19.10-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/48db892356d6cb80f6942885545de4a6dd8d2a29 (7.0-rc5)
-CVE-2026-31398 [mm/rmap: fix incorrect pte restoration for lazyfree folios]
+CVE-2026-31398 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.19.10-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/29f40594a28114b9a9bc87f6cf7bbee9609628f2 (7.0-rc5)
-CVE-2026-31397 [mm/huge_memory: fix use of NULL folio in move_pages_huge_pmd()]
+CVE-2026-31397 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.19.10-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/fae654083bfa409bb2244f390232e2be47f05bfc (7.0-rc5)
-CVE-2026-31395 [bnxt_en: fix OOB access in DBG_BUF_PRODUCER async event handler]
+CVE-2026-31395 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.19.10-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/64dcbde7f8f870a4f2d9daf24ffb06f9748b5dd3 (7.0-rc5)
-CVE-2026-31390 [drm/xe: Fix memory leak in xe_vm_madvise_ioctl]
+CVE-2026-31390 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.19.10-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/0cfe9c4838f1147713f6b5c02094cd4dc0c598fa (7.0-rc3)
-CVE-2026-23467 [drm/i915/dmc: Fix an unlikely NULL pointer deference at probe]
+CVE-2026-23467 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.19.10-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/ac57eb3b7d2ad649025b5a0fa207315f755ac4f6 (7.0-rc5)
-CVE-2026-23453 [net: ti: icssg-prueth: Fix memory leak in XDP_DROP for non-zero-copy mode]
+CVE-2026-23453 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.19.10-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/719d3e71691db7c4f1658ba5a6d1472928121594 (7.0-rc5)
-CVE-2026-23451 [bonding: prevent potential infinite loop in bond_header_parse()]
+CVE-2026-23451 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/b7405dcf7385445e10821777143f18c3ce20fa04 (7.0-rc5)
-CVE-2026-23443 [ACPI: processor: Fix previous acpi_processor_errata_piix4() fix]
+CVE-2026-23443 (In the Linux kernel, the following vulnerability has been resolved: A ...)
- linux 6.19.10-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/bf504b229cb8d534eccbaeaa23eba34c05131e25 (7.0-rc5)
-CVE-2026-23437 [net: shaper: protect late read accesses to the hierarchy]
+CVE-2026-23437 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.19.10-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/0f9ea7141f365b4f27226898e62220fb98ef8dc6 (7.0-rc5)
-CVE-2026-23436 [net: shaper: protect from late creation of hierarchy]
+CVE-2026-23436 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.19.10-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/d75ec7e8ba1979a1eb0b9211d94d749cdce849c8 (7.0-rc5)
-CVE-2026-23435 [perf/x86: Move event pointer setup earlier in x86_pmu_enable()]
+CVE-2026-23435 (In the Linux kernel, the following vulnerability has been resolved: p ...)
- linux 6.19.10-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/8d5fae6011260de209aaf231120e8146b14bc8e0 (7.0-rc5)
-CVE-2026-23433 [arm_mpam: Fix null pointer dereference when restoring bandwidth counters]
+CVE-2026-23433 (In the Linux kernel, the following vulnerability has been resolved: a ...)
- linux 6.19.10-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/4ad79c874e53ebb7fe3b8ae7ac6c858a2121f415 (7.0-rc5)
-CVE-2026-23432 [mshv: Fix use-after-free in mshv_map_user_memory error path]
+CVE-2026-23432 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.19.10-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/6922db250422a0dfee34de322f86b7a73d713d33 (7.0-rc5)
-CVE-2026-23431 [spi: amlogic-spisg: Fix memory leak in aml_spisg_probe()]
+CVE-2026-23431 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.19.10-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/b8db9552997924b750e727a625a30eaa4603bbb9 (7.0-rc5)
-CVE-2026-23430 [drm/vmwgfx: Don't overwrite KMS surface dirty tracker]
+CVE-2026-23430 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.19.10-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/c6cb77c474a32265e21c4871c7992468bf5e7638 (7.0-rc5)
-CVE-2026-23429 [iommu/sva: Fix crash in iommu_sva_unbind_device()]
+CVE-2026-23429 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.19.10-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/06e14c36e20b48171df13d51b89fe67c594ed07a (7.0-rc5)
-CVE-2026-31403 [NFSD: Hold net reference for the lifetime of /proc/fs/nfs/exports fd]
+CVE-2026-31403 (In the Linux kernel, the following vulnerability has been resolved: N ...)
- linux 6.19.10-1
NOTE: https://git.kernel.org/linus/e7fcf179b82d3a3730fd8615da01b087cc654d0b (7.0-rc5)
-CVE-2026-31402 [nfsd: fix heap overflow in NFSv4.0 LOCK replay cache]
+CVE-2026-31402 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.19.10-1
NOTE: https://git.kernel.org/linus/5133b61aaf437e5f25b1b396b14242a6bb0508e2 (7.0-rc5)
-CVE-2026-31401 [HID: bpf: prevent buffer overflow in hid_hw_request]
+CVE-2026-31401 (In the Linux kernel, the following vulnerability has been resolved: H ...)
- linux 6.19.10-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/2b658c1c442ec1cd9eec5ead98d68662c40fe645 (7.0-rc5)
-CVE-2026-31400 [sunrpc: fix cache_request leak in cache_release]
+CVE-2026-31400 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.19.10-1
NOTE: https://git.kernel.org/linus/17ad31b3a43b72aec3a3d83605891e1397d0d065 (7.0-rc5)
-CVE-2026-31399 [nvdimm/bus: Fix potential use after free in asynchronous initialization]
+CVE-2026-31399 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.19.10-1
NOTE: https://git.kernel.org/linus/a8aec14230322ed8f1e8042b6d656c1631d41163 (7.0-rc5)
-CVE-2026-31396 [net: macb: fix use-after-free access to PTP clock]
+CVE-2026-31396 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.19.10-1
NOTE: https://git.kernel.org/linus/8da13e6d63c1a97f7302d342c89c4a56a55c7015 (7.0-rc5)
-CVE-2026-31394 [mac80211: fix crash in ieee80211_chan_bw_change for AP_VLAN stations]
+CVE-2026-31394 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.19.10-1
NOTE: https://git.kernel.org/linus/672e5229e1ecfc2a3509b53adcb914d8b024a853 (7.0-rc5)
-CVE-2026-31393 [Bluetooth: L2CAP: Validate L2CAP_INFO_RSP payload length before access]
+CVE-2026-31393 (In the Linux kernel, the following vulnerability has been resolved: B ...)
- linux 6.19.10-1
NOTE: https://git.kernel.org/linus/dd815e6e3918dc75a49aaabac36e4f024d675101 (7.0-rc5)
-CVE-2026-31392 [smb: client: fix krb5 mount with username option]
+CVE-2026-31392 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.19.10-1
NOTE: https://git.kernel.org/linus/12b4c5d98cd7ca46d5035a57bcd995df614c14e1 (7.0-rc5)
-CVE-2026-31391 [crypto: atmel-sha204a - Fix OOM ->tfm_count leak]
+CVE-2026-31391 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux 6.19.10-1
NOTE: https://git.kernel.org/linus/d240b079a37e90af03fd7dfec94930eb6c83936e (7.0-rc3)
-CVE-2026-31389 [spi: fix use-after-free on controller registration failure]
+CVE-2026-31389 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.19.10-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/8634e05b08ead636e926022f4a98416e13440df9 (7.0-rc5)
-CVE-2026-23475 [spi: fix statistics allocation]
+CVE-2026-23475 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.19.10-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/dee0774bbb2abb172e9069ce5ffef579b12b3ae9 (7.0-rc5)
-CVE-2026-23474 [mtd: Avoid boot crash in RedBoot partition table parser]
+CVE-2026-23474 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.19.10-1
NOTE: https://git.kernel.org/linus/8e2f8020270af7777d49c2e7132260983e4fc566 (7.0-rc5)
-CVE-2026-23473 [io_uring/poll: fix multishot recv missing EOF on wakeup race]
+CVE-2026-23473 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.19.10-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/a68ed2df72131447d131531a08fe4dfcf4fa4653 (7.0-rc5)
-CVE-2026-23472 [serial: core: fix infinite loop in handle_tx() for PORT_UNKNOWN]
+CVE-2026-23472 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.19.10-1
NOTE: https://git.kernel.org/linus/455ce986fa356ff43a43c0d363ba95fa152f21d5 (7.0-rc5)
-CVE-2026-23471 [drm: Fix use-after-free on framebuffers and property blobs when calling drm_dev_unplug]
+CVE-2026-23471 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.19.10-1
NOTE: https://git.kernel.org/linus/6bee098b91417654703e17eb5c1822c6dfd0c01d (7.0-rc5)
-CVE-2026-23470 [drm/imagination: Fix deadlock in soft reset sequence]
+CVE-2026-23470 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.19.10-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/a55c2a5c8d680156495b7b1e2a9f5a3e313ba524 (7.0-rc5)
-CVE-2026-23469 [drm/imagination: Synchronize interrupts before suspending the GPU]
+CVE-2026-23469 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.19.10-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/2d7f05cddf4c268cc36256a2476946041dbdd36d (7.0-rc5)
-CVE-2026-23468 [drm/amdgpu: Limit BO list entry count to prevent resource exhaustion]
+CVE-2026-23468 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.19.10-1
NOTE: https://git.kernel.org/linus/6270b1a5dab94665d7adce3dc78bc9066ed28bdd (7.0-rc5)
-CVE-2026-23466 [drm/xe: Open-code GGTT MMIO access protection]
+CVE-2026-23466 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.19.10-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/01f2557aa684e514005541e71a3d01f4cd45c170 (7.0-rc5)
-CVE-2026-23465 [btrfs: log new dentries when logging parent dir of a conflicting inode]
+CVE-2026-23465 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.19.10-1
NOTE: https://git.kernel.org/linus/9573a365ff9ff45da9222d3fe63695ce562beb24 (7.0-rc5)
-CVE-2026-23464 [soc: microchip: mpfs: Fix memory leak in mpfs_sys_controller_probe()]
+CVE-2026-23464 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.19.10-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/5a741f8cc6fe62542f955cd8d24933a1b6589cbd (7.0-rc5)
-CVE-2026-23463 [soc: fsl: qbman: fix race condition in qman_destroy_fq]
+CVE-2026-23463 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.19.10-1
NOTE: https://git.kernel.org/linus/014077044e874e270ec480515edbc1cadb976cf2 (7.0-rc5)
-CVE-2026-23462 [Bluetooth: HIDP: Fix possible UAF]
+CVE-2026-23462 (In the Linux kernel, the following vulnerability has been resolved: B ...)
- linux 6.19.10-1
NOTE: https://git.kernel.org/linus/dbf666e4fc9bdd975a61bf682b3f75cb0145eedd (7.0-rc5)
-CVE-2026-23461 [Bluetooth: L2CAP: Fix use-after-free in l2cap_unregister_user]
+CVE-2026-23461 (In the Linux kernel, the following vulnerability has been resolved: B ...)
- linux 6.19.10-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/752a6c9596dd25efd6978a73ff21f3b592668f4a (7.0-rc5)
-CVE-2026-23460 [net/rose: fix NULL pointer dereference in rose_transmit_link on reconnect]
+CVE-2026-23460 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.19.10-1
NOTE: https://git.kernel.org/linus/e1f0a18c9564cdb16523c802e2c6fe5874e3d944 (7.0-rc5)
-CVE-2026-23459 [ip_tunnel: adapt iptunnel_xmit_stats() to NETDEV_PCPU_STAT_DSTATS]
+CVE-2026-23459 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.19.10-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/8431c602f551549f082bbfa67f3003f2d8e3e132 (7.0-rc5)
-CVE-2026-23458 [netfilter: ctnetlink: fix use-after-free in ctnetlink_dump_exp_ct()]
+CVE-2026-23458 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.19.10-1
NOTE: https://git.kernel.org/linus/5cb81eeda909dbb2def209dd10636b51549a3f8a (7.0-rc5)
-CVE-2026-23457 [netfilter: nf_conntrack_sip: fix Content-Length u32 truncation in sip_help_tcp()]
+CVE-2026-23457 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.19.10-1
NOTE: https://git.kernel.org/linus/fbce58e719a17aa215c724473fd5baaa4a8dc57c (7.0-rc5)
-CVE-2026-23456 [netfilter: nf_conntrack_h323: fix OOB read in decode_int() CONS case]
+CVE-2026-23456 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.19.10-1
NOTE: https://git.kernel.org/linus/1e3a3593162c96e8a8de48b1e14f60c3b57fca8a (7.0-rc5)
-CVE-2026-23455 [netfilter: nf_conntrack_h323: check for zero length in DecodeQ931()]
+CVE-2026-23455 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.19.10-1
NOTE: https://git.kernel.org/linus/f173d0f4c0f689173f8cdac79991043a4a89bf66 (7.0-rc5)
-CVE-2026-23454 [net: mana: fix use-after-free in mana_hwc_destroy_channel() by reordering teardown]
+CVE-2026-23454 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.19.10-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/fa103fc8f56954a60699a29215cb713448a39e87 (7.0-rc5)
-CVE-2026-23452 [PM: runtime: Fix a race condition related to device removal]
+CVE-2026-23452 (In the Linux kernel, the following vulnerability has been resolved: P ...)
- linux 6.19.10-1
NOTE: https://git.kernel.org/linus/29ab768277617452d88c0607c9299cdc63b6e9ff (7.0-rc5)
-CVE-2026-23450 [net/smc: fix NULL dereference and UAF in smc_tcp_syn_recv_sock()]
+CVE-2026-23450 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.19.10-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/6d5e4538364b9ceb1ac2941a4deb86650afb3538 (7.0-rc5)
-CVE-2026-23449 [net/sched: teql: Fix double-free in teql_master_xmit]
+CVE-2026-23449 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.19.10-1
NOTE: https://git.kernel.org/linus/66360460cab63c248ca5b1070a01c0c29133b960 (7.0-rc5)
-CVE-2026-23448 [net: usb: cdc_ncm: add ndpoffset to NDP16 nframes bounds check]
+CVE-2026-23448 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.19.10-1
NOTE: https://git.kernel.org/linus/2aa8a4fa8d5b7d0e1ebcec100e1a4d80a1f4b21a (7.0-rc5)
-CVE-2026-23447 [net: usb: cdc_ncm: add ndpoffset to NDP32 nframes bounds check]
+CVE-2026-23447 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.19.10-1
NOTE: https://git.kernel.org/linus/77914255155e68a20aa41175edeecf8121dac391 (7.0-rc5)
-CVE-2026-23446 [net: usb: aqc111: Do not perform PM inside suspend callback]
+CVE-2026-23446 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.19.10-1
NOTE: https://git.kernel.org/linus/069c8f5aebe4d5224cf62acc7d4b3486091c658a (7.0-rc5)
-CVE-2026-23445 [igc: fix page fault in XDP TX timestamps handling]
+CVE-2026-23445 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.19.10-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/45b33e805bd39f615d9353a7194b2da5281332df (7.0-rc5)
-CVE-2026-23444 [wifi: mac80211: always free skb on ieee80211_tx_prepare_skb() failure]
+CVE-2026-23444 (In the Linux kernel, the following vulnerability has been resolved: w ...)
- linux 6.19.10-1
NOTE: https://git.kernel.org/linus/d5ad6ab61cbd89afdb60881f6274f74328af3ee9 (7.0-rc5)
-CVE-2026-23442 [ipv6: add NULL checks for idev in SRv6 paths]
+CVE-2026-23442 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.19.10-1
NOTE: https://git.kernel.org/linus/06413793526251870e20402c39930804f14d59c0 (7.0-rc5)
-CVE-2026-23441 [net/mlx5e: Prevent concurrent access to IPSec ASO context]
+CVE-2026-23441 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.19.10-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/99b36850d881e2d65912b2520a1c80d0fcc9429a (7.0-rc5)
-CVE-2026-23440 [net/mlx5e: Fix race condition during IPSec ESN update]
+CVE-2026-23440 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.19.10-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/beb6e2e5976a128b0cccf10d158124422210c5ef (7.0-rc5)
-CVE-2026-23439 [udp_tunnel: fix NULL deref caused by udp_sock_create6 when CONFIG_IPV6=n]
+CVE-2026-23439 (In the Linux kernel, the following vulnerability has been resolved: u ...)
- linux 6.19.10-1
NOTE: https://git.kernel.org/linus/b3a6df291fecf5f8a308953b65ca72b7fc9e015d (7.0-rc5)
-CVE-2026-23438 [net: mvpp2: guard flow control update with global_tx_fc in buffer switching]
+CVE-2026-23438 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.19.10-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/8a63baadf08453f66eb582fdb6dd234f72024723 (7.0-rc5)
-CVE-2026-23434 [mtd: rawnand: serialize lock/unlock against other NAND operations]
+CVE-2026-23434 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.19.10-1
NOTE: https://git.kernel.org/linus/bab2bc6e850a697a23b9e5f0e21bb8c187615e95 (7.0-rc5)
-CVE-2026-23428 [ksmbd: fix use-after-free of share_conf in compound request]
+CVE-2026-23428 (In the Linux kernel, the following vulnerability has been resolved: k ...)
- linux 6.19.10-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/c33615f995aee80657b9fdfbc4ee7f49c2bd733d (7.0-rc5)
-CVE-2026-23427 [ksmbd: fix use-after-free in durable v2 replay of active file handles]
+CVE-2026-23427 (In the Linux kernel, the following vulnerability has been resolved: k ...)
- linux 6.19.10-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/b425e4d0eb321a1116ddbf39636333181675d8f4 (7.0-rc5)
-CVE-2026-23425 [KVM: arm64: Fix ID register initialization for non-protected pKVM guests]
+CVE-2026-23425 (In the Linux kernel, the following vulnerability has been resolved: K ...)
- linux 6.19.8-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/7e7c2cf0024d89443a7af52e09e47b1fe634ab17 (7.0-rc2)
-CVE-2026-23424 [accel/amdxdna: Validate command buffer payload count]
+CVE-2026-23424 (In the Linux kernel, the following vulnerability has been resolved: a ...)
- linux 6.19.8-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/901ec3470994006bc8dd02399e16b675566c3416 (7.0-rc2)
-CVE-2026-23423 [btrfs: free pages on error in btrfs_uring_read_extent()]
+CVE-2026-23423 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.19.8-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/3f501412f2079ca14bf68a18d80a2b7a823f1f64 (7.0-rc3)
-CVE-2026-23421 [drm/xe/configfs: Free ctx_restore_mid_bb in release]
+CVE-2026-23421 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.19.8-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/e377182f0266f46f02d01838e6bde67b9dac0d66 (7.0-rc3)
-CVE-2026-23418 [drm/xe/reg_sr: Fix leak on xa_store failure]
+CVE-2026-23418 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.19.8-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/3091723785def05ebfe6a50866f87a044ae314ba (7.0-rc3)
-CVE-2026-23426 [drm/logicvc: Fix device node reference leak in logicvc_drm_config_parse()]
+CVE-2026-23426 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.19.8-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/fef0e649f8b42bdffe4a916dd46e1b1e9ad2f207 (7.0-rc2)
-CVE-2026-23422 [dpaa2-switch: Fix interrupt storm after receiving bad if_id in IRQ handler]
+CVE-2026-23422 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.19.8-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/74badb9c20b1a9c02a95c735c6d3cd6121679c93 (7.0-rc3)
-CVE-2026-23420 [wifi: wlcore: Fix a locking bug]
+CVE-2026-23420 (In the Linux kernel, the following vulnerability has been resolved: w ...)
- linux 6.19.8-1
NOTE: https://git.kernel.org/linus/72c6df8f284b3a49812ce2ac136727ace70acc7c (7.0-rc3)
-CVE-2026-23419 [net/rds: Fix circular locking dependency in rds_tcp_tune]
+CVE-2026-23419 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.19.8-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/6a877ececd6daa002a9a0002cd0fbca6592a9244 (7.0-rc3)
@@ -2511,7 +2595,7 @@ CVE-2026-29909 (MRCMS V3.1.2 contains an unauthenticated directory enumeration v
NOT-FOR-US: MRCMS
CVE-2026-29872 (A cross-session information disclosure vulnerability exists in the awe ...)
NOT-FOR-US: awesome-llm-apps
-CVE-2026-29597 (Incorrect access control in the file_details.asp endpoint of DDSN Inte ...)
+CVE-2026-29597 (DDSN Interactive cm3 Acora CMS version 10.7.1 contains an improper acc ...)
NOT-FOR-US: DDSN Interactive Acora CMS
CVE-2026-28528 (BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds r ...)
NOT-FOR-US: BlueKitchen BTstack
@@ -2595,7 +2679,7 @@ CVE-2018-25226 (FTPShell Server 6.83 contains a buffer overflow vulnerability th
NOT-FOR-US: FTPShell Server
CVE-2026-4981
NOT-FOR-US: Red Hat Advanced Cluster Security
-CVE-2026-35545 [SVG Animate FUNCIRI Attribute Bypass]
+CVE-2026-35545 (An issue was discovered in Roundcube Webmail before 1.5.15 and 1.6.15. ...)
{DLA-4517-1}
- roundcube 1.6.15+dfsg-1 (bug #1132268)
NOTE: https://roundcube.net/news/2026/03/29/security-updates-1.7-rc6-1.6.15-1.5.15
@@ -9458,21 +9542,21 @@ CVE-2026-2046
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/commit/b4d41182dde4a1f98431b4d5b749a5a18bed0ab3 (GIMP_3_2_0)
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/15289
NOTE: Building of optional Plug-In for Amiga IFF/ILBM not enabled.
-CVE-2026-35540 [SSRF + Information Disclosure via stylesheet links to a local network hosts]
+CVE-2026-35540 (An issue was discovered in Roundcube Webmail 1.6.0 before 1.6.14. Insu ...)
{DLA-4517-1}
- roundcube 1.6.14+dfsg-1 (bug #1131182)
NOTE: https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14
NOTE: https://i0.rs/blog/turning-a-roundcube-link-tag-into-a-zero-day-ssrf-and-data-exfiltration/
NOTE: Fixed by: https://github.com/roundcube/roundcubemail/commit/579b68eff90650a5c782e153debd66c765648942 (1.7-rc5)
NOTE: Fixed by: https://github.com/roundcube/roundcubemail/commit/27ec6cc9cb25e1ef8b4d4ef39ce76d619caa6870 (1.6.14)
-CVE-2026-35539 [XSS issue in a HTML attachment preview]
+CVE-2026-35539 (An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. ...)
{DLA-4517-1}
- roundcube 1.6.14+dfsg-1 (bug #1131182)
NOTE: https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14
NOTE: Fixed by: https://github.com/roundcube/roundcubemail/commit/1b30edf5369668c92fe91dae3d52e477c808aa4f (1.7-rc5)
NOTE: Fixed by: https://github.com/roundcube/roundcubemail/commit/10a6d1fa8acac85c727b0a6ae4a6642bfa27bea1 (1.6.14)
NOTE: fixed by: https://github.com/roundcube/roundcubemail/commit/d742954ccbcdee7020f8f2e7c49ce0fca5a0efab (1.5.14)
-CVE-2026-35544 [Fixed position mitigation bypass via use of `!important`]
+CVE-2026-35544 (An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. ...)
{DLA-4517-1}
- roundcube 1.6.14+dfsg-1 (bug #1131182)
NOTE: https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14
@@ -9480,7 +9564,7 @@ CVE-2026-35544 [Fixed position mitigation bypass via use of `!important`]
NOTE: Fixed by: https://github.com/roundcube/roundcubemail/commit/226811a1c974271dbedca72672923abaff8191c0 (1.7-rc5)
NOTE: Fixed by: https://github.com/roundcube/roundcubemail/commit/099009b9c8e1d3c636fb9a5af72f7c2596018662 (1.6.14)
NOTE: fixed by: https://github.com/roundcube/roundcubemail/commit/57dec0c127b98e0c8e3b9c26c80049b9c4bcaea7 (1.5.14)
-CVE-2026-35542 [Remote image blocking bypass via a crafted body background attribute]
+CVE-2026-35542 (An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. ...)
{DLA-4517-1}
- roundcube 1.6.14+dfsg-1 (bug #1131182)
NOTE: https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14
@@ -9490,7 +9574,7 @@ CVE-2026-35542 [Remote image blocking bypass via a crafted body background attri
NOTE: Regression fix: https://github.com/roundcube/roundcubemail/commit/5aba847cb8d5e00a52405e5cd1becb7ec0dcbe4b (1.6.15)
NOTE: Fixed by: https://github.com/roundcube/roundcubemail/commit/e052328e3dc75f13adc2e314eaa4096ac21084ad (1.5.14)
NOTE: Regression fix: https://github.com/roundcube/roundcubemail/commit/d8799ed7e869f5cfda54fb35692be3aca1bdd924 (1.5.15)
-CVE-2026-35543 [Remote image blocking bypass via various SVG animate attributes]
+CVE-2026-35543 (An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. ...)
{DLA-4517-1}
- roundcube 1.6.14+dfsg-1 (bug #1131182)
NOTE: https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14
@@ -9498,7 +9582,7 @@ CVE-2026-35543 [Remote image blocking bypass via various SVG animate attributes]
NOTE: Fixed by: https://github.com/roundcube/roundcubemail/commit/82ab5eca7b332fce7a174b2b987f0957a66377cd (1.7-rc5)
NOTE: Fixed by: https://github.com/roundcube/roundcubemail/commit/39471343ee081ce1d31696c456a2c163462daae3 (1.6.14)
NOTE: Fixed by: https://github.com/roundcube/roundcubemail/commit/1a63e01542bff42aaa71c00c4c279a09ef31f20c (1.5.14)
-CVE-2026-35538 [IMAP Injection + CSRF bypass in mail search]
+CVE-2026-35538 (An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. ...)
{DLA-4517-1}
- roundcube 1.6.14+dfsg-1 (bug #1131182)
NOTE: https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14
@@ -9507,14 +9591,14 @@ CVE-2026-35538 [IMAP Injection + CSRF bypass in mail search]
NOTE: Regression fix: https://github.com/roundcube/roundcubemail/commit/6b137adda9b042c3742b0f968692e95ed367d3d1 (1.6.15)
NOTE: Fixed by: https://github.com/roundcube/roundcubemail/commit/7daf5aa9c190ccc75bb31672d8fee9938877fd64 (1.5.14)
NOTE: Regression fix: https://github.com/roundcube/roundcubemail/commit/c360f32adc8754aea91dcc347edcf394108ca110 (1.5.15)
-CVE-2026-35541 [Bug where a password could get changed without providing the old password]
+CVE-2026-35541 (An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. ...)
{DLA-4517-1}
- roundcube 1.6.14+dfsg-1 (bug #1131182)
NOTE: https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14
NOTE: Fixed by: https://github.com/roundcube/roundcubemail/commit/6a275676a8043083c05c961914d830b79e2490d4 (1.7-rc5)
NOTE: Fixed by: https://github.com/roundcube/roundcubemail/commit/6fa2bddc59b9c9fd31cad4a9e2954a208d793dce (1.6.14)
NOTE: Fixed by: https://github.com/roundcube/roundcubemail/commit/2e6a99b2a38110907ea8d3be8e59ec3d5802c394 (1.5.14)
-CVE-2026-35537 [pre-auth arbitrary file write via unsafe deserialization in edis/memcache session handler]
+CVE-2026-35537 (An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. ...)
- roundcube 1.6.14+dfsg-1 (bug #1131182)
[bullseye] - roundcube <not-affected> (Vulnerable code introduced later, 1.4.x doesn't use Guzzle)
NOTE: https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14
@@ -9625,6 +9709,7 @@ CVE-2026-31891 (Cockpit is a headless content management system. Any Cockpit CMS
CVE-2026-31865 (Elysia is a Typescript framework for request validation, type inferenc ...)
NOT-FOR-US: Elysia
CVE-2026-30922 (pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the `pya ...)
+ {DSA-6194-1}
- pyasn1 0.6.3-1 (bug #1131371)
NOTE: https://github.com/pyasn1/pyasn1/security/advisories/GHSA-jr27-m4p2-rc6r
NOTE: https://github.com/pyasn1/pyasn1/commit/25ad481c19fdb006e20485ef3fc2e5b3eff30ef0 (main)
@@ -10606,6 +10691,7 @@ CVE-2026-3082 (GStreamer JPEG Parser Heap-based Buffer Overflow Remote Code Exec
NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/108e5a1713c2c06744cf40139900f8f7c2076485 (1.26.11)
NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/83e9225bb9e89948e7b1c9f37ef9218d2dcde354 (1.24 branch)
CVE-2026-32772 (telnet in GNU inetutils through 2.7 allows servers to read arbitrary e ...)
+ {DSA-6193-1}
- inetutils 2:2.7-5 (bug #1130741)
NOTE: https://www.openwall.com/lists/oss-security/2026/03/13/1
CVE-2026-32732 (Lean 4 VS Code Extension is a Visual Studio Code extension for the Lea ...)
@@ -10698,6 +10784,7 @@ CVE-2026-3986 (The Calculated Fields Form plugin for WordPress is vulnerable to
CVE-2026-3873 (Use of Hard-coded Credentials vulnerability in Avantra allows Accessin ...)
NOT-FOR-US: Avantra
CVE-2026-32746 (telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in ...)
+ {DSA-6193-1}
- inetutils 2:2.7-4 (bug #1130742)
NOTE: https://lists.gnu.org/archive/html/bug-inetutils/2026-03/msg00031.html
NOTE: Fixed by: https://cgit.git.savannah.gnu.org/cgit/inetutils.git/commit/?id=6864598a29b652a6b69a958f5cd1318aa2b258af
@@ -18022,7 +18109,7 @@ CVE-2026-0542 (ServiceNow has addressed a remote code execution vulnerability th
NOT-FOR-US: ServiceNow
CVE-2026-3190 (A flaw was found in Keycloak. The User-Managed Access (UMA) 2.0 Protec ...)
- keycloak <itp> (bug #1088287)
-CVE-2026-3184 [Access control bypass due to improper hostname canonicalization]
+CVE-2026-3184 (A flaw was found in util-linux. Improper hostname canonicalization in ...)
[experimental] - util-linux 2.42~rc1-1
- util-linux <unfixed> (bug #1129313)
[trixie] - util-linux <no-dsa> (Minor issue)
@@ -22199,7 +22286,7 @@ CVE-2026-23212 (In the Linux kernel, the following vulnerability has been resolv
[trixie] - linux 6.12.69-1
[bookworm] - linux 6.1.162-1
NOTE: https://git.kernel.org/linus/f6c3665b6dc53c3ab7d31b585446a953a74340ef (6.19-rc8)
-CVE-2026-2625
+CVE-2026-2625 (A flaw was found in rust-rpm-sequoia. An attacker can exploit this vul ...)
- rust-rpm-sequoia <unfixed> (bug #1128418)
[trixie] - rust-rpm-sequoia <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2440357
@@ -35107,7 +35194,7 @@ CVE-2025-13062 (The Supreme Modules Lite plugin for WordPress is vulnerable to a
NOT-FOR-US: WordPress plugin
CVE-2025-12895 (The Kalium 3 | Creative WordPress & WooCommerce Theme theme for WordPr ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-48077 (An issue in nanomq v0.22.7 allows attackers to cause a Denial of Servi ...)
+CVE-2024-48077 (NanoMQ v0.22.7 is vulnerable to Denial of Service (DoS) due to imprope ...)
NOT-FOR-US: NanoMQ
CVE-2021-47843 (Tagstoo 2.0.1 contains a stored cross-site scripting vulnerability tha ...)
NOT-FOR-US: Tagstoo
@@ -173630,7 +173717,7 @@ CVE-2024-51771 (A vulnerability in the HPE Aruba Networking ClearPass Policy Man
NOT-FOR-US: HPE
CVE-2024-51114 (An issue in Beijing Digital China Yunke Information Technology Co.Ltd ...)
NOT-FOR-US: Beijing Digital China Yunke Information Technology Co.Ltd
-CVE-2024-50948 (An issue in mochiMQTT v2.6.3 allows attackers to cause a Denial of Ser ...)
+CVE-2024-50948 (mochiMQTT v2.6.3 is vulnerable to Denial of Service (DoS) due to impro ...)
NOT-FOR-US: mochiMQTT
CVE-2024-48080 (An issue in aedes v0.51.2 allows attackers to cause a Denial of Servic ...)
NOT-FOR-US: aedes
@@ -189163,7 +189250,7 @@ CVE-2024-45216 (Improper Authentication vulnerability in Apache Solr. Solr inst
- lucene-solr <not-affected> (Only affects 5.3 and later)
CVE-2024-45085 (IBM WebSphere Application Server 8.5 is vulnerable to a denial of serv ...)
NOT-FOR-US: IBM
-CVE-2024-44775 (An issue in kmqtt v0.2.7 allows attackers to cause a Denial of Service ...)
+CVE-2024-44775 (kmqtt v0.2.7 is vulnerable to Denial of Service (DoS) due to a Null Po ...)
NOT-FOR-US: kmqtt
CVE-2024-41311 (In Libheif 1.17.6, insufficient checks in ImageOverlay::parse() decodi ...)
{DSA-5796-1 DLA-3934-1}
@@ -219435,7 +219522,7 @@ CVE-2024-3925 (The Element Pack Elementor Addons (Header Footer, Template Librar
NOT-FOR-US: WordPress plugin
CVE-2024-3559 (The Custom Field Suite plugin for WordPress is vulnerable to Stored Cr ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-36856 (RMQTT Broker 0.4.0 allows remote attackers to cause a Denial of Servic ...)
+CVE-2024-36856 (RMQTT Broker 0.4.0 is vulnerable to Denial of Service (DoS) due to imp ...)
NOT-FOR-US: RMQTT Broker
CVE-2024-36454 (Use of uninitialized resource issue exists in IPCOM EX2 Series (V01L0x ...)
NOT-FOR-US: IPCOM
@@ -232457,7 +232544,7 @@ CVE-2024-33780 (MP-SPDZ v0.3.8 was discovered to contain a segmentation violatio
NOT-FOR-US: MP-SPDZ
CVE-2024-33748 (Cross-site scripting (XSS) vulnerability in the search function in Mav ...)
NOT-FOR-US: MvnRepository MS Basic
-CVE-2024-33434 (An issue in tiagorlampert CHAOS before 1b451cf62582295b7225caf5a7b506f ...)
+CVE-2024-33434 (An issue in tiagorlampert CHAOS v5.0.1 before 1b451cf62582295b7225caf5 ...)
NOT-FOR-US: tiagorlampert CHAOS
CVE-2024-33164 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...)
NOT-FOR-US: J2EEFAST
@@ -241345,7 +241432,8 @@ CVE-2024-3622 (A flaw was found when using mirror-registry to install Quay. It u
NOT-FOR-US: mirror-registry for Quay
CVE-2024-3400 (A command injection as a result of arbitrary file creation vulnerabili ...)
NOT-FOR-US: Palo Alto Networks
-CVE-2024-30850 (An issue in tiagorlampert CHAOS v5.0.1 allows a remote attacker to exe ...)
+CVE-2024-30850
+ REJECTED
NOT-FOR-US: tiagorlampert CHAOS
CVE-2024-30614 (An issue in Ametys CMS v4.5.0 and before allows attackers to obtain se ...)
NOT-FOR-US: Ametys CMS
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4bdf48f91fb42e92b500115b2069116a63db0853
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4bdf48f91fb42e92b500115b2069116a63db0853
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260403/f1a567b4/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list