[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Apr 29 08:12:22 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
330e6f94 by security tracker role at 2026-04-29T07:12:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,100 +1,268 @@
+CVE-2026-7319 (A flaw has been found in elinsky execution-system-mcp 0.1.0. The impac ...)
+ TODO: check
+CVE-2026-7318 (A vulnerability was detected in elie mcp-project 0.1.0. The affected e ...)
+ TODO: check
+CVE-2026-7317 (A vulnerability was found in Grav CMS up to 1.7.49.5/2.0.0-beta.1. Aff ...)
+ TODO: check
+CVE-2026-7316 (A vulnerability has been found in eiliyaabedini aider-mcp up to 667b91 ...)
+ TODO: check
+CVE-2026-7315 (A flaw has been found in eiceblue spire-pdf-mcp-server 0.1.1. This imp ...)
+ TODO: check
+CVE-2026-7314 (A vulnerability was detected in eiceblue spire-doc-mcp-server 1.0.0. T ...)
+ TODO: check
+CVE-2026-7306 (A security vulnerability has been detected in Xuxueli xxl-job up to 3. ...)
+ TODO: check
+CVE-2026-7305 (A weakness has been identified in Xuxueli xxl-job up to 3.3.2. The aff ...)
+ TODO: check
+CVE-2026-7303 (A security flaw has been discovered in Xuxueli xxl-job up to 3.3.2. Im ...)
+ TODO: check
+CVE-2026-7297 (A vulnerability was determined in SourceCodester Pizzafy Ecommerce Sys ...)
+ TODO: check
+CVE-2026-7296 (A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1 ...)
+ TODO: check
+CVE-2026-7295 (A vulnerability has been found in SourceCodester Pizzafy Ecommerce Sys ...)
+ TODO: check
+CVE-2026-7294 (A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. ...)
+ TODO: check
+CVE-2026-7293 (A vulnerability was detected in SourceCodester Pizzafy Ecommerce Syste ...)
+ TODO: check
+CVE-2026-7292 (A security vulnerability has been detected in o2oa up to 10.0. This im ...)
+ TODO: check
+CVE-2026-6807 (A vulnerability in GRASSMARLIN v3.2.1 allows crafted session data to ...)
+ TODO: check
+CVE-2026-5822
+ REJECTED
+CVE-2026-42615 (GCHQ CyberChef before 11.0.0 allows XSS via Show Base64 offsets, as de ...)
+ TODO: check
+CVE-2026-42432 (OpenClaw before 2026.4.8 contains a privilege escalation vulnerability ...)
+ TODO: check
+CVE-2026-42431 (OpenClaw before 2026.4.8 contains a security bypass vulnerability in n ...)
+ TODO: check
+CVE-2026-42430 (OpenClaw before 2026.4.8 contains a server-side request forgery vulner ...)
+ TODO: check
+CVE-2026-42429 (OpenClaw before 2026.4.8 contains a privilege escalation vulnerability ...)
+ TODO: check
+CVE-2026-42428 (OpenClaw versions before 2026.4.8 fail to enforce integrity verificati ...)
+ TODO: check
+CVE-2026-42427 (OpenClaw before 2026.4.8 contains a remote code execution vulnerabilit ...)
+ TODO: check
+CVE-2026-42426 (OpenClaw before 2026.4.8 contains an improper authorization vulnerabil ...)
+ TODO: check
+CVE-2026-42424 (OpenClaw before 2026.4.8 treats shared reply MEDIA paths as trusted, a ...)
+ TODO: check
+CVE-2026-42423 (OpenClaw before 2026.4.8 contains an approval-timeout fallback mechani ...)
+ TODO: check
+CVE-2026-42422 (OpenClaw before 2026.4.8 contains a role bypass vulnerability in the d ...)
+ TODO: check
+CVE-2026-42421 (OpenClaw before 2026.4.8 contains a session management vulnerability w ...)
+ TODO: check
+CVE-2026-42420 (OpenClaw before 2026.4.8 contains improper input validation in base64 ...)
+ TODO: check
+CVE-2026-41916 (OpenClaw before 2026.4.8 contains an authentication state management v ...)
+ TODO: check
+CVE-2026-41915 (OpenClaw before 2026.4.8 fails to remove git plumbing environment vari ...)
+ TODO: check
+CVE-2026-41914 (OpenClaw before 2026.4.8 contains a server-side request forgery vulner ...)
+ TODO: check
+CVE-2026-41913 (OpenClaw before 2026.4.4 contains a race condition vulnerability in sh ...)
+ TODO: check
+CVE-2026-41912 (OpenClaw before 2026.4.8 contains a server-side request forgery policy ...)
+ TODO: check
+CVE-2026-41911 (OpenClaw before 2026.4.8 contains a filesystem policy bypass vulnerabi ...)
+ TODO: check
+CVE-2026-41910 (OpenClaw before 2026.4.8 omits owner-only enforcement for cross-channe ...)
+ TODO: check
+CVE-2026-41649 (Outline is a service that allows for collaborative documentation. The ...)
+ TODO: check
+CVE-2026-41446 (Snap One WattBox 800 and 820 series firmware versions prior to 2.10.0. ...)
+ TODO: check
+CVE-2026-41408 (OpenClaw before 2026.3.31 contains a resource exhaustion vulnerability ...)
+ TODO: check
+CVE-2026-41407 (OpenClaw before 2026.4.2 contains a timing side channel vulnerability ...)
+ TODO: check
+CVE-2026-41406 (OpenClaw before 2026.3.31 contains a sender allowlist bypass vulnerabi ...)
+ TODO: check
+CVE-2026-41405 (OpenClaw before 2026.3.31 parses MS Teams webhook request bodies befor ...)
+ TODO: check
+CVE-2026-41404 (OpenClaw before 2026.3.31 contains an incomplete scope-clearing vulner ...)
+ TODO: check
+CVE-2026-41403 (OpenClaw before 2026.3.31 misclassifies proxied remote requests as loo ...)
+ TODO: check
+CVE-2026-41402 (OpenClaw before 2026.3.31 contains a scope bypass vulnerability in web ...)
+ TODO: check
+CVE-2026-41400 (OpenClaw before 2026.3.31 contains an incomplete fix for CVE-2026-3206 ...)
+ TODO: check
+CVE-2026-41399 (OpenClaw before 2026.3.28 accepts unbounded concurrent unauthenticated ...)
+ TODO: check
+CVE-2026-41398 (OpenClaw before 2026.4.2 contains an improper access control vulnerabi ...)
+ TODO: check
+CVE-2026-41397 (OpenClaw before 2026.3.31 contains a sandbox escape vulnerability allo ...)
+ TODO: check
+CVE-2026-41396 (OpenClaw before 2026.3.31 allows workspace .env files to override the ...)
+ TODO: check
+CVE-2026-41395 (OpenClaw before 2026.3.28 contains a webhook replay vulnerability in P ...)
+ TODO: check
+CVE-2026-41394 (OpenClaw before 2026.3.31 contains an authentication bypass vulnerabil ...)
+ TODO: check
+CVE-2026-41393 (OpenClaw before 2026.3.31 contains a wide-area discovery vulnerability ...)
+ TODO: check
+CVE-2026-41392 (OpenClaw before 2026.3.31 contains an exec allowlist bypass vulnerabil ...)
+ TODO: check
+CVE-2026-41391 (OpenClaw before 2026.3.31 fails to properly sanitize PIP_INDEX_URL and ...)
+ TODO: check
+CVE-2026-41390 (OpenClaw before 2026.3.28 contains an exec allowlist bypass vulnerabil ...)
+ TODO: check
+CVE-2026-41388 (OpenClaw before 2026.3.31 contains a configuration management vulnerab ...)
+ TODO: check
+CVE-2026-41387 (OpenClaw before 2026.3.22 contains an incomplete host environment vari ...)
+ TODO: check
+CVE-2026-41386 (OpenClaw before 2026.3.22 contains a privilege escalation vulnerabilit ...)
+ TODO: check
+CVE-2026-41385 (OpenClaw before 2026.3.31 stores Nostr privateKey as plaintext in conf ...)
+ TODO: check
+CVE-2026-41384 (OpenClaw before 2026.3.24 contains an environment variable injection v ...)
+ TODO: check
+CVE-2026-41383 (OpenClaw before 2026.4.2 contains an arbitrary directory deletion vuln ...)
+ TODO: check
+CVE-2026-41382 (OpenClaw before 2026.3.31 contains an authorization bypass vulnerabili ...)
+ TODO: check
+CVE-2026-41381 (OpenClaw before 2026.3.31 contains an access control bypass vulnerabil ...)
+ TODO: check
+CVE-2026-41380 (OpenClaw before 2026.3.28 contains an execution approval vulnerability ...)
+ TODO: check
+CVE-2026-41379 (OpenClaw before 2026.3.28 contains a privilege escalation vulnerabilit ...)
+ TODO: check
+CVE-2026-41378 (OpenClaw before 2026.3.31 contains a privilege escalation vulnerabilit ...)
+ TODO: check
+CVE-2026-41377 (OpenClaw before 2026.3.31 contains a fail-open vulnerability in the pl ...)
+ TODO: check
+CVE-2026-41376 (OpenClaw before 2026.3.31 contains an allowlist bypass vulnerability i ...)
+ TODO: check
+CVE-2026-41375 (OpenClaw before 2026.3.28 contains an authorization bypass vulnerabili ...)
+ TODO: check
+CVE-2026-41374 (OpenClaw before 2026.3.31 performs Discord audio preflight transcripti ...)
+ TODO: check
+CVE-2026-41373 (OpenClaw before 2026.3.31 contains an incomplete host-env-security-pol ...)
+ TODO: check
+CVE-2026-3893 (The Carlson VASCO-B GNSS Receiver lacks an authentication mechanism, ...)
+ TODO: check
+CVE-2026-37750 (A reflected Cross-Site Scripting (XSS) vulnerability in School Managem ...)
+ TODO: check
+CVE-2026-35155 (Dell iDRAC10, versions 1.20.70.50 and 1.30.05.10, contains an Insuffic ...)
+ TODO: check
+CVE-2026-33467 (Improper Verification of Cryptographic Signature (CWE-347) in Elastic ...)
+ TODO: check
+CVE-2026-24231 (NVIDIA NemoClaw contains a vulnerability in the validateEndpointUrl() ...)
+ TODO: check
+CVE-2026-24222 (NVIDIA NeMoClaw contains a vulnerability in the sandbox environment in ...)
+ TODO: check
+CVE-2026-24204 (NVIDIA Flare SDK contains a vulnerability where an Attacker may cause ...)
+ TODO: check
+CVE-2026-24186 (NVIDIA FLARE SDK contains a vulnerability in FOBS, where an attacker ...)
+ TODO: check
+CVE-2026-24178 (NVIDIA NVFlare Dashboard contains a vulnerability in the user manageme ...)
+ TODO: check
+CVE-2026-23773 (Dell Disk Library for Mainframe, version(s) DLm 8700/2700 contain(s) a ...)
+ TODO: check
+CVE-2026-21023 (Insufficient verification of data authenticity in PackageManagerServic ...)
+ TODO: check
CVE-2026-42215
- python-git <unfixed>
NOTE: https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-rpm5-65cw-6hj4
CVE-2026-42284
- python-git <unfixed>
NOTE: https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-x2qx-6953-8485
-CVE-2026-7363
+CVE-2026-7363 (Use after free in Canvas in Google Chrome on Linux, ChromeOS prior to ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-7361
+CVE-2026-7361 (Use after free in iOS in Google Chrome prior to 147.0.7727.138 allowed ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-7344
+CVE-2026-7344 (Use after free in Accessibility in Google Chrome on Windows prior to 1 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-7343
+CVE-2026-7343 (Use after free in Views in Google Chrome on Windows prior to 147.0.772 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-7333
+CVE-2026-7333 (Use after free in GPU in Google Chrome prior to 147.0.7727.138 allowed ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-7360
+CVE-2026-7360 (Insufficient validation of untrusted input. in Compositing in Google C ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-7359
+CVE-2026-7359 (Use after free in ANGLE in Google Chrome prior to 147.0.7727.138 allow ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-7358
+CVE-2026-7358 (Use after free in Animation in Google Chrome prior to 147.0.7727.138 a ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-7334
+CVE-2026-7334 (Use after free in Views in Google Chrome on Mac prior to 147.0.7727.13 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-7357
+CVE-2026-7357 (Use after free in GPU in Google Chrome prior to 147.0.7727.138 allowed ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-7356
+CVE-2026-7356 (Use after free in Navigation in Google Chrome prior to 147.0.7727.138 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-7354
+CVE-2026-7354 (Out of bounds read and write in Angle in Google Chrome prior to 147.0. ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-7353
+CVE-2026-7353 (Heap buffer overflow in Skia in Google Chrome prior to 147.0.7727.138 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-7352
+CVE-2026-7352 (Use after free in Media in Google Chrome on Android prior to 147.0.772 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-7351
+CVE-2026-7351 (Race in MHTML in Google Chrome prior to 147.0.7727.138 allowed an atta ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-7350
+CVE-2026-7350 (Use after free in WebMIDI in Google Chrome prior to 147.0.7727.138 all ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-7349
+CVE-2026-7349 (Use after free in Cast in Google Chrome prior to 147.0.7727.138 allowe ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-7348
+CVE-2026-7348 (Use after free in Codecs in Google Chrome prior to 147.0.7727.138 allo ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-7335
+CVE-2026-7335 (Use after free in media in Google Chrome prior to 147.0.7727.138 allow ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-7336
+CVE-2026-7336 (Use after free in WebRTC in Google Chrome prior to 147.0.7727.138 allo ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-7337
+CVE-2026-7337 (Type Confusion in V8 in Google Chrome prior to 147.0.7727.138 allowed ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-7347
+CVE-2026-7347 (Use after free in Chromoting in Google Chrome prior to 147.0.7727.138 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-7346
+CVE-2026-7346 (Inappropriate implementation in Tint in Google Chrome prior to 147.0.7 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-7345
+CVE-2026-7345 (Insufficient validation of untrusted input in Feedback in Google Chrom ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-7338
+CVE-2026-7338 (Use after free in Cast in Google Chrome prior to 147.0.7727.138 allowe ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-7342
+CVE-2026-7342 (Use after free in WebView in Google Chrome on Android prior to 147.0.7 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-7341
+CVE-2026-7341 (Use after free in WebRTC in Google Chrome prior to 147.0.7727.138 allo ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-7339
+CVE-2026-7339 (Heap buffer overflow in WebRTC in Google Chrome prior to 147.0.7727.13 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-7340
+CVE-2026-7340 (Integer overflow in ANGLE in Google Chrome on Windows prior to 147.0.7 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-7355
+CVE-2026-7355 (Use after free in Media in Google Chrome prior to 147.0.7727.138 allow ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-40560 [HTTP Request Smuggling via Improper Header Precedence]
+CVE-2026-40560 (Starman versions before 0.4018 for Perl allows HTTP Request Smuggling ...)
- starman <unfixed>
[trixie] - starman <no-dsa> (Minor issue; can be fixed via point release)
[bookworm] - starman <no-dsa> (Minor issue; can be fixed via point release)
@@ -115,10 +283,10 @@ CVE-2026-23560
CVE-2026-23559
- xen-api <removed>
NOTE: https://xenbits.xen.org/xsa/advisory-489.html
-CVE-2026-7324 (Memory safety bugs present in Firefox 150.0.0 and Thunderbird 150.0.0. ...)
+CVE-2026-7324 (Memory safety bugs present in Firefox 150.0.0. Some of these bugs show ...)
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-35/#CVE-2026-7324
-CVE-2026-7323 (Memory safety bugs present in Firefox ESR 140.10.0, Thunderbird ESR 14 ...)
+CVE-2026-7323 (Memory safety bugs present in Firefox ESR 140.10.0 and Firefox 150.0.0 ...)
- firefox <unfixed>
- firefox-esr 140.10.1esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-35/#CVE-2026-7323
@@ -516,7 +684,7 @@ CVE-2025-69428 (An issue in Pro-Bit before v1.77.4 allows unauthenticated attack
TODO: check
CVE-2024-46636 (NASA Earth Observing System Data and Information System (EOSDIS) MODAP ...)
TODO: check
-CVE-2026-42167 [SQL injection possible via mod_sql because of is_escaped_text() logic]
+CVE-2026-42167 (mod_sql in ProFTPD before 1.3.10rc1 allows remote attackers to execute ...)
- proftpd-dfsg 1.3.9~dfsg-5 (bug #1135119)
NOTE: https://github.com/proftpd/proftpd/issues/2052
CVE-2026-7148 (A flaw has been found in CodeAstro Online Classroom 1.0. This affects ...)
@@ -26870,6 +27038,7 @@ CVE-2026-3585 (The The Events Calendar plugin for WordPress is vulnerable to Pat
CVE-2026-31816 (Budibase is a low code platform for creating internal tools, workflows ...)
NOT-FOR-US: Budibase
CVE-2026-31802 (node-tar is a full-featured Tar for Node.js. Prior to version 7.5.11, ...)
+ {DLA-4552-1}
- node-tar 6.2.1+ds1+~cs6.1.13-10
[trixie] - node-tar <not-affected> (Fix for CVE-2026-23745 not yet applied; vulnerable code not present)
[bookworm] - node-tar <not-affected> (Fix for CVE-2026-23745 not yet applied; vulnerable code not present)
@@ -27616,6 +27785,7 @@ CVE-2026-2671 (A vulnerability was detected in Mendi Neurofeedback Headset V4. A
CVE-2026-29787 (mcp-memory-service is an open-source memory backend for multi-agent sy ...)
NOT-FOR-US: mcp-memory-service
CVE-2026-29786 (node-tar is a full-featured Tar for Node.js. Prior to version 7.5.10, ...)
+ {DLA-4552-1}
- node-tar 6.2.1+ds1+~cs6.1.13-8
[trixie] - node-tar <no-dsa> (Minor issue)
[bookworm] - node-tar <no-dsa> (Minor issue)
@@ -34477,6 +34647,7 @@ CVE-2026-26964 (Windmill is an open-source developer platform for internal code:
CVE-2026-26963 (Cilium is a networking, observability, and security solution with an e ...)
- cilium <itp> (bug #858303)
CVE-2026-26960 (node-tar is a full-featured Tar for Node.js. When using default option ...)
+ {DLA-4552-1}
- node-tar 6.2.1+ds1+~cs6.1.13-8 (bug #1129378)
[trixie] - node-tar <no-dsa> (Minor issue)
[bookworm] - node-tar <no-dsa> (Minor issue)
@@ -43703,6 +43874,7 @@ CVE-2026-24852 (iccDEV provides a set of libraries and tools that allow for the
CVE-2026-24850 (The ML-DSA crate is a Rust implementation of the Module-Lattice-Based ...)
NOT-FOR-US: Rust signatures crate
CVE-2026-24842 (node-tar,a Tar for Node.js, contains a vulnerability in versions prior ...)
+ {DLA-4552-1}
- node-tar 6.2.1+ds1+~cs6.1.13-10
[trixie] - node-tar <not-affected> (Fix for CVE-2026-23745 not yet applied; vulnerable code not present)
[bookworm] - node-tar <not-affected> (Fix for CVE-2026-23745 not yet applied; vulnerable code not present)
@@ -44121,7 +44293,7 @@ CVE-2026-1213 (All versions of askbot before and including 0.12.2 allow an attac
NOT-FOR-US: askbot
CVE-2026-0919 (The HTTP parser of Tapo C220 v1 and C520WS v2 cameras improperly handl ...)
NOT-FOR-US: TP-Link
-CVE-2026-0918 (The Tapo C220 v1 and C520WS v2 cameras\u2019 HTTP service does not saf ...)
+CVE-2026-0918 (The Tapo C100 v5, C220 v1 and C520WS v2 cameras\u2019 HTTP service doe ...)
NOT-FOR-US: TP-Link
CVE-2026-0746 (The AI Engine plugin for WordPress is vulnerable to Server-Side Reques ...)
NOT-FOR-US: WordPress plugin
@@ -47890,6 +48062,7 @@ CVE-2025-10484 (The Registration & Login with Mobile Phone Number for WooCommerc
CVE-2026-23800 (Incorrect Privilege Assignment vulnerability in Modular DS modular-con ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-23745 (node-tar is a Tar for Node.js. The node-tar library (<= 7.5.2) fails t ...)
+ {DLA-4552-1}
- node-tar 6.2.1+ds1+~cs6.1.13-6
[trixie] - node-tar <no-dsa> (Minor issue)
[bookworm] - node-tar <no-dsa> (Minor issue)
@@ -262153,6 +262326,7 @@ CVE-2024-29031 (Meshery is an open source, cloud native manager that enables the
CVE-2024-28891 (SQL injection vulnerability exists in the script Handler_CFG.ashx.)
NOT-FOR-US: Delta Electronics
CVE-2024-28863 (node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no ...)
+ {DLA-4552-1}
- node-tar 6.1.13+~cs7.0.5-2
[bookworm] - node-tar <no-dsa> (Minor issue)
[buster] - node-tar <no-dsa> (Minor issue)
@@ -890718,7 +890892,7 @@ CVE-2009-4141 (Use-after-free vulnerability in the fasync_helper function in fs/
NOTE: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=53281b6d3
CVE-2009-4140 (Unrestricted file upload vulnerability in ofc_upload_image.php in Open ...)
- matomo <not-affected> (Fixed before initial upload to Debian)
-CVE-2009-4139 (Cross-site request forgery (CSRF) vulnerability in the Spacewalk Java ...)
+CVE-2009-4139 (A flaw was found in Spacewalk Java site packages. This cross-site requ ...)
NOT-FOR-US: spacewalk-java
CVE-2009-4138 (drivers/firewire/ohci.c in the Linux kernel before 2.6.32-git9, when p ...)
{DSA-2005-1}
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/330e6f943f06b74930cb8f1dd82855f4e60469ae
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/330e6f943f06b74930cb8f1dd82855f4e60469ae
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260429/4256c700/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list