[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Apr 29 20:13:26 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e572fdce by security tracker role at 2026-04-29T19:13:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,10 +1,180 @@
+CVE-2026-7466 (AgentFlow contains an arbitrary code execution vulnerability that allo ...)
+ TODO: check
+CVE-2026-7439 (AgentFlow's local web API accepts non-JSON content types on POST /api/ ...)
+ TODO: check
+CVE-2026-7424 (Integer underflow in the DHCPv6 sub-option parser in FreeRTOS-Plus-TCP ...)
+ TODO: check
+CVE-2026-7423 (Integer underflow in the ICMP and ICMPv6 echo reply handlers in FreeRT ...)
+ TODO: check
+CVE-2026-7422 (Insufficient packet validation in FreeRTOS-Plus-TCP before V4.2.6 and ...)
+ TODO: check
+CVE-2026-7398 (A weakness has been identified in florensiawidjaja BioinfoMCP up to 7a ...)
+ TODO: check
+CVE-2026-7397 (A security flaw has been discovered in NousResearch hermes-agent 0.8.0 ...)
+ TODO: check
+CVE-2026-7396 (A vulnerability was identified in NousResearch hermes-agent 0.8.0. Aff ...)
+ TODO: check
+CVE-2026-7394 (A vulnerability was determined in SourceCodester Pizzafy Ecommerce Sys ...)
+ TODO: check
+CVE-2026-7393 (A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1 ...)
+ TODO: check
+CVE-2026-7392 (A vulnerability has been found in SourceCodester Pharmacy Sales and In ...)
+ TODO: check
+CVE-2026-7391 (A flaw has been found in SourceCodester Pharmacy Sales and Inventory S ...)
+ TODO: check
+CVE-2026-7390 (A vulnerability was detected in SourceCodester Pharmacy Sales and Inve ...)
+ TODO: check
+CVE-2026-7389 (A security vulnerability has been detected in EyouCMS up to 1.7.9. The ...)
+ TODO: check
+CVE-2026-7388 (A weakness has been identified in EyouCMS up to 1.7.9. Impacted is the ...)
+ TODO: check
+CVE-2026-7386 (A flaw has been found in fatbobman mail-mcp-bridge up to 1.3.3. Affect ...)
+ TODO: check
+CVE-2026-7384 (A vulnerability was detected in ezequiroga mcp-bases 357ca19c7a49a9b9c ...)
+ TODO: check
+CVE-2026-6915 (An authorization flaw in the user management command could allow an au ...)
+ TODO: check
+CVE-2026-6914 (Computing the MD5 checksum of a malformed BSON object under specific c ...)
+ TODO: check
+CVE-2026-6849 (Improper neutralization of special elements used in an OS command ('OS ...)
+ TODO: check
+CVE-2026-5712 (This vulnerability impacts all versions of IdentityIQ and allows an au ...)
+ TODO: check
+CVE-2026-5166 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2026-5161 (Improper link resolution before file access ('link following') vulnera ...)
+ TODO: check
+CVE-2026-5141 (Improper Privilege Management, Improper Access Control, Incorrect priv ...)
+ TODO: check
+CVE-2026-5140 (Improper neutralization of CRLF sequences ('CRLF injection') vulnerabi ...)
+ TODO: check
+CVE-2026-4019 (The Complianz \u2013 GDPR/CCPA Cookie Consent plugin for WordPress is ...)
+ TODO: check
+CVE-2026-42652 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2026-42648 (Missing Authorization vulnerability in Brainstorm Force Spectra ultima ...)
+ TODO: check
+CVE-2026-42646 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2026-42645 (Cross-Site Request Forgery (CSRF) vulnerability in Dmitry V. (CEO of " ...)
+ TODO: check
+CVE-2026-42644 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
+ TODO: check
+CVE-2026-42643 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2026-42642 (Missing Authorization vulnerability in StellarWP GiveWP give allows Ex ...)
+ TODO: check
+CVE-2026-42641 (Server-Side Request Forgery (SSRF) vulnerability in ILLID Share This I ...)
+ TODO: check
+CVE-2026-42525 (Jenkins Microsoft Entra ID (previously Azure AD) Plugin 666.v6060de32f ...)
+ TODO: check
+CVE-2026-42524 (Jenkins HTML Publisher Plugin 427 and earlier does not escape job name ...)
+ TODO: check
+CVE-2026-42523 (Jenkins GitHub Plugin 1.46.0 and earlier improperly processes the curr ...)
+ TODO: check
+CVE-2026-42522 (A missing permission check in Jenkins GitHub Branch Source Plugin 1967 ...)
+ TODO: check
+CVE-2026-42521 (Jenkins Matrix Authorization Strategy Plugin 2.0-beta-1 through 3.2.9 ...)
+ TODO: check
+CVE-2026-42520 (Jenkins Credentials Binding Plugin 719.v80e905ef14eb_ and earlier does ...)
+ TODO: check
+CVE-2026-42519 (A missing permission check in Jenkins Script Security Plugin 1399.ve6a ...)
+ TODO: check
+CVE-2026-42518 (This vulnerability exists in e-Sushrut due to disclosure of sensitive ...)
+ TODO: check
+CVE-2026-42517 (This vulnerability exists in e-Sushrut due to the use of reversible Ba ...)
+ TODO: check
+CVE-2026-42516 (This vulnerability exists in e-Sushrut due to improper authorization c ...)
+ TODO: check
+CVE-2026-42515 (This vulnerability exists in e-Sushrut due to improper access control ...)
+ TODO: check
+CVE-2026-42514 (This vulnerability exists in e-Sushrut due to exposure of OTPs in plai ...)
+ TODO: check
+CVE-2026-42513 (This vulnerability exists in e-Sushrut due to improper authentication ...)
+ TODO: check
+CVE-2026-42412 (Missing Authorization vulnerability in weDevs WP User Frontend allows ...)
+ TODO: check
+CVE-2026-42377 (Missing Authorization vulnerability in Brainstorm Force SureForms Pro ...)
+ TODO: check
+CVE-2026-42249 (Ollama for Windowscontains a Remote Code Execution vulnerability in it ...)
+ TODO: check
+CVE-2026-42248 (Ollama for Windows does not perform integrity or authenticity verifica ...)
+ TODO: check
+CVE-2026-41952 (Local privilege escalation due to improper input validation. The follo ...)
+ TODO: check
+CVE-2026-41940 (cPanel and WHM versions prior to 11.110.0.97, 11.118.0.63, 11.126.0.54 ...)
+ TODO: check
+CVE-2026-41499 (Wazuh is a free and open source platform used for threat prevention, d ...)
+ TODO: check
+CVE-2026-41220 (Local privilege escalation due to improper input validation. The follo ...)
+ TODO: check
+CVE-2026-40230 (Helpy contains a stored cross-site scripting vulnerability in the know ...)
+ TODO: check
+CVE-2026-40229 (Helpy contains a stored cross-site scripting vulnerability in the post ...)
+ TODO: check
+CVE-2026-3325 (SQL injection (SQLi) in MegaCMS v12.0.0, specifically in the \u201cid_ ...)
+ TODO: check
+CVE-2026-38993 (Cockpit 2.13.5 and earlier is vulnerable to directory traversal via th ...)
+ TODO: check
+CVE-2026-38992 (Cockpit v2.13.5 and earlier is vulnerable to arbitrary code execution ...)
+ TODO: check
+CVE-2026-38991 (Cockpit 2.13.5 and earlier is affected by a misconfiguration within th ...)
+ TODO: check
+CVE-2026-37555 (An issue was discovered in libsndfile 1.2.2 IMA ADPCM codec. The AIFF ...)
+ TODO: check
+CVE-2026-36841 (TOTOLINK N200RE V5 was discovered to contain a command injection vulne ...)
+ TODO: check
+CVE-2026-36837 (TOTOLINK A3002RU V3 <= V3.0.0-B20220304.1804 was discovered to contain ...)
+ TODO: check
+CVE-2026-30893 (Wazuh is a free and open source platform used for threat prevention, d ...)
+ TODO: check
+CVE-2026-30769 (An issue in the TVicPort64.sys component of EnTech Taiwan TVicPort Pro ...)
+ TODO: check
+CVE-2026-2902 (The WP Meteor Website Speed Optimization Addon plugin for WordPress is ...)
+ TODO: check
+CVE-2026-2810 (Netskope was notified about a potential gap in the Endpoint DLP Module ...)
+ TODO: check
+CVE-2026-28221 (Wazuh is a free and open source platform used for threat prevention, d ...)
+ TODO: check
+CVE-2026-27105 (Dell/Alienware Purchased Apps, versions prior to 1.1.31.0, contain an ...)
+ TODO: check
+CVE-2026-26206 (Wazuh is a free and open source platform used for threat prevention, d ...)
+ TODO: check
+CVE-2026-26204 (Wazuh is a free and open source platform used for threat prevention, d ...)
+ TODO: check
+CVE-2026-26015 (DocsGPT is a GPT-powered chat for documentation. From version 0.15.0 t ...)
+ TODO: check
+CVE-2026-25852 (Local privilege escalation due to DLL hijacking vulnerability. The fol ...)
+ TODO: check
+CVE-2026-22745 (Spring MVC and WebFlux applications are vulnerable to Denial of Servic ...)
+ TODO: check
+CVE-2026-22741 (Spring MVC and WebFlux applications are vulnerable to cache poisoning ...)
+ TODO: check
+CVE-2026-22740 (A WebFlux server application that processes multipart requests creates ...)
+ TODO: check
+CVE-2026-0206 (A post-authentication Stack-based Buffer Overflow vulnerabilities in S ...)
+ TODO: check
+CVE-2026-0205 (A post-authentication Path Traversal vulnerability in SonicOS allows a ...)
+ TODO: check
+CVE-2026-0204 (A vulnerability in the access control mechanism of SonicOS may allow c ...)
+ TODO: check
+CVE-2025-56537 (A stored cross-site scripting (XSS) vulnerability in opennebula v6.10. ...)
+ TODO: check
+CVE-2025-56536 (A stored cross-site scripting (XSS) vulnerability in opennebula v6.10. ...)
+ TODO: check
+CVE-2025-56535 (A cross-site scripting (XSS) vulnerability in opennebula v6.10.0.1 all ...)
+ TODO: check
+CVE-2025-56534 (A cross-site scripting (XSS) vulnerability in the custom authenticator ...)
+ TODO: check
+CVE-2025-10503 (The authentication endpoint accepts user-supplied input without enforc ...)
+ TODO: check
CVE-2026-XXXX [RUSTSEC-2026-0112]
- rust-astral-tokio-tar 0.6.1-1
NOTE: https://rustsec.org/advisories/RUSTSEC-2026-0112.html
CVE-2026-XXXX [RUSTSEC-2026-0113]
- rust-astral-tokio-tar 0.6.1-1
NOTE: https://rustsec.org/advisories/RUSTSEC-2026-0113.html
-CVE-2026-7111
+CVE-2026-7111 (Text::CSV_XS versions before 1.62 for Perl have a use-after-free when ...)
- libtext-csv-xs-perl <unfixed> (bug #1135232)
NOTE: https://lists.security.metacpan.org/cve-announce/msg/39453344/
NOTE: https://github.com/cpan-authors/Text-CSV_XS/issues/65
@@ -34,7 +204,7 @@ CVE-2026-6253
NOTE: https://curl.se/docs/CVE-2026-6253.html
NOTE: Introduced by: https://github.com/curl/curl/commit/3b60bb725913ce7339aefef0a14b12df4c24db60 (curl-7_14_1)
NOTE: Fixed by: https://github.com/curl/curl/commit/188c2f166a20fa97c2325b2da7d0e5cecc13725f (rc-8_20_0-3)
-CVE-2026-42198
+CVE-2026-42198 (pgjdbc is an open source postgresql JDBC Driver. From version 42.2.0 t ...)
- libpgjava 42.7.11-1
NOTE: https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-98qh-xjc8-98pq
NOTE: https://github.com/pgjdbc/pgjdbc/commit/c9d41d1332a7426fcef19ff89f2e6b1116429143 (REL42.7.11)
@@ -355,19 +525,23 @@ CVE-2026-7324 (Memory safety bugs present in Firefox 150.0.0. Some of these bugs
- firefox 150.0.1-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-35/#CVE-2026-7324
CVE-2026-7323 (Memory safety bugs present in Firefox ESR 140.10.0 and Firefox 150.0.0 ...)
+ {DSA-6236-1}
- firefox 150.0.1-1
- firefox-esr 140.10.1esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-35/#CVE-2026-7323
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-36/#CVE-2026-7323
CVE-2026-7322 (Memory safety bugs present in Firefox ESR 115.35.0, Firefox ESR 140.10 ...)
+ {DSA-6236-1}
- firefox 150.0.1-1
- firefox-esr 140.10.1esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-35/#CVE-2026-7322
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-36/#CVE-2026-7322
CVE-2026-7321 (Sandbox escape due to incorrect boundary conditions in the WebRTC: Net ...)
+ {DSA-6236-1}
- firefox-esr 140.10.1esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-36/#CVE-2026-7321
CVE-2026-7320 (Information disclosure due to incorrect boundary conditions in the Aud ...)
+ {DSA-6236-1}
- firefox 150.0.1-1
- firefox-esr 140.10.1esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-35/#CVE-2026-7320
@@ -485,7 +659,8 @@ CVE-2026-40968 (When an authenticated user is denied access to a gRPC method, th
TODO: check
CVE-2026-40966 (In Spring AI, an attacker can bypass conversation isolation and exfilt ...)
NOT-FOR-US: VMware
-CVE-2026-40556 (GNU nano creates the user\u2019s ~/.local directory with overly permis ...)
+CVE-2026-40556
+ REJECTED
- nano 9.0-1
[trixie] - nano <no-dsa> (Minor issue)
[bookworm] - nano <no-dsa> (Minor issue)
@@ -4365,7 +4540,7 @@ CVE-2026-34284 (Vulnerability in the Oracle Business Process Management Suite pr
CVE-2026-34283 (Vulnerability in the Oracle Identity Manager product of Oracle Fusion ...)
NOT-FOR-US: Oracle
CVE-2026-34282 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
- {DSA-6231-1}
+ {DSA-6237-1 DSA-6231-1}
- openjdk-11 11.0.31+11-1
- openjdk-17 17.0.19+10-1
- openjdk-21 21.0.11+10-1
@@ -4398,7 +4573,7 @@ CVE-2026-34270 (Vulnerability in the MySQL Server product of Oracle MySQL (compo
CVE-2026-34269 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
NOT-FOR-US: Oracle
CVE-2026-34268 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
- {DSA-6231-1}
+ {DSA-6237-1 DSA-6231-1}
- openjdk-8 <unfixed> (bug #1134894)
- openjdk-11 11.0.31+11-1
- openjdk-17 17.0.19+10-1
@@ -4445,7 +4620,7 @@ CVE-2026-22746 (Vulnerability in Spring Spring Security. If an application is us
- libspring-security-2.0-java <removed>
NOTE: https://spring.io/security/cve-2026-22746
CVE-2026-22021 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
- {DSA-6231-1}
+ {DSA-6237-1 DSA-6231-1}
- openjdk-8 <unfixed> (bug #1134894)
- openjdk-11 11.0.31+11-1
- openjdk-17 17.0.19+10-1
@@ -4455,7 +4630,7 @@ CVE-2026-22021 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Ora
CVE-2026-22019 (Vulnerability in the PeopleSoft Enterprise HCM Shared Components produ ...)
NOT-FOR-US: Oracle
CVE-2026-22018 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
- {DSA-6231-1}
+ {DSA-6237-1 DSA-6231-1}
- openjdk-8 <unfixed> (bug #1134894)
- openjdk-11 11.0.31+11-1
- openjdk-17 17.0.19+10-1
@@ -4465,7 +4640,7 @@ CVE-2026-22018 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Ora
CVE-2026-22017 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 8.0.46-1 (bug #1134614)
CVE-2026-22016 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
- {DSA-6231-1}
+ {DSA-6237-1 DSA-6231-1}
- openjdk-8 <unfixed> (bug #1134894)
- openjdk-11 11.0.31+11-1
- openjdk-17 17.0.19+10-1
@@ -4477,7 +4652,7 @@ CVE-2026-22015 (Vulnerability in the MySQL Server product of Oracle MySQL (compo
CVE-2026-22014 (Vulnerability in the Oracle User Management product of Oracle E-Busine ...)
NOT-FOR-US: Oracle
CVE-2026-22013 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
- {DSA-6231-1}
+ {DSA-6237-1 DSA-6231-1}
- openjdk-8 <unfixed> (bug #1134894)
- openjdk-11 11.0.31+11-1
- openjdk-17 17.0.19+10-1
@@ -4494,7 +4669,7 @@ CVE-2026-22008 (Vulnerability in Oracle Java SE (component: Libraries). The su
- openjdk-25 25.0.3+9-1
NOTE: https://openjdk.org/groups/vulnerability/advisories/2026-04-21
CVE-2026-22007 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
- {DSA-6231-1}
+ {DSA-6237-1 DSA-6231-1}
- openjdk-8 <unfixed> (bug #1134894)
- openjdk-11 11.0.31+11-1
- openjdk-17 17.0.19+10-1
@@ -10440,7 +10615,7 @@ CVE-2026-39715 (Missing Authorization vulnerability in AnyTrack AnyTrack Affilia
NOT-FOR-US: WordPress plugin or theme
CVE-2026-39714 (Missing Authorization vulnerability in G5Theme G5Plus April g5plus-apr ...)
NOT-FOR-US: WordPress plugin or theme
-CVE-2026-39713 (Missing Authorization vulnerability in mailercloud Mailercloud – ...)
+CVE-2026-39713 (Missing Authorization vulnerability in mailercloud Mailercloud \u2013 ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-39712 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...)
NOT-FOR-US: WordPress plugin or theme
@@ -10472,7 +10647,7 @@ CVE-2026-39699 (Missing Authorization vulnerability in massiveshift AI Workflow
NOT-FOR-US: WordPress plugin or theme
CVE-2026-39698 (Missing Authorization vulnerability in PublisherDesk The Publisher Des ...)
NOT-FOR-US: WordPress plugin or theme
-CVE-2026-39697 (Missing Authorization vulnerability in HBSS Technologies MAIO – ...)
+CVE-2026-39697 (Missing Authorization vulnerability in HBSS Technologies MAIO \u2013 T ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-39696 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
@@ -10544,7 +10719,8 @@ CVE-2026-39663 (Missing Authorization vulnerability in themetechmount TrueBooker
NOT-FOR-US: WordPress plugin or theme
CVE-2026-39662 (Missing Authorization vulnerability in ProWCPlugins Product Price by F ...)
NOT-FOR-US: WordPress plugin or theme
-CVE-2026-39660 (Missing Authorization vulnerability in Automattic WP Job Manager wp-jo ...)
+CVE-2026-39660
+ REJECTED
NOT-FOR-US: WordPress plugin or theme
CVE-2026-39659
REJECTED
@@ -17191,6 +17367,7 @@ CVE-2026-4923 (Impact: When using multiple wildcards, combined with at least on
NOTE: https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-27v5-c462-wpq7
NOTE: Fixed by: https://github.com/pillarjs/path-to-regexp/commit/48646547da685c1ccb76a95fe23373975a91e200 (v8.4.0)
CVE-2026-4897 (A flaw was found in polkit. A local user can exploit this by providing ...)
+ {DLA-4553-1}
- policykit-1 127-3 (bug #1132234)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2451739
NOTE: Fixed by: https://github.com/polkit-org/polkit/commit/7e122c8a5120c2aae2d9d44a26796dc18f5b677c
@@ -34788,12 +34965,14 @@ CVE-2026-26282 (NanaZip is an open source file archive Starting in version 5.0.1
CVE-2026-26275 (httpsig-hyper is a hyper extension for http message signatures. An iss ...)
NOT-FOR-US: httpsig-hyper
CVE-2026-26065 (calibre is a cross-platform e-book manager for viewing, converting, ed ...)
+ {DLA-4554-1}
- calibre 9.3.0+ds+~0.10.5-1
[trixie] - calibre <no-dsa> (Minor issue)
[bookworm] - calibre <no-dsa> (Minor issue)
NOTE: https://github.com/kovidgoyal/calibre/security/advisories/GHSA-vmfh-7mr7-pp2w
NOTE: Fixed by: https://github.com/kovidgoyal/calibre/commit/b6da1c3878c06eb1356cb0ec1106cb66e0e9bfb8 (v9.3.0)
CVE-2026-26064 (calibre is a cross-platform e-book manager for viewing, converting, ed ...)
+ {DLA-4554-1}
- calibre 9.3.0+ds+~0.10.5-1
[trixie] - calibre <no-dsa> (Minor issue)
[bookworm] - calibre <no-dsa> (Minor issue)
@@ -40234,12 +40413,14 @@ CVE-2026-25729 (DeepAudit is a multi-agent system for code vulnerability discove
CVE-2026-25644 (DataHub is an open-source metadata platform. Prior to version 1.3.1.8, ...)
NOT-FOR-US: DataHub
CVE-2026-25636 (calibre is an e-book manager. In 9.1.0 and earlier, a path traversal v ...)
+ {DLA-4554-1}
- calibre 9.2.0+ds+~0.10.5-1
[trixie] - calibre <no-dsa> (Will be fixed via point update)
[bookworm] - calibre <no-dsa> (Will be fixed via point update)
NOTE: https://github.com/kovidgoyal/calibre/security/advisories/GHSA-8r26-m7j5-hm29
NOTE: Fixed by: https://github.com/kovidgoyal/calibre/commit/9484ea82c6ab226c18e6ca5aa000fa16de598726 (v9.2.0)
CVE-2026-25635 (calibre is an e-book manager. Prior to 9.2.0, Calibre's CHM reader con ...)
+ {DLA-4554-1}
- calibre 9.2.0+ds+~0.10.5-1
[trixie] - calibre <no-dsa> (Will be fixed via point update)
[bookworm] - calibre <no-dsa> (Will be fixed via point update)
@@ -44364,7 +44545,7 @@ CVE-2026-1315 (By sending crafted files to the firmware update endpointof Tapo C
NOT-FOR-US: TP-Link
CVE-2026-1213 (All versions of askbot before and including 0.12.2 allow an attacker a ...)
NOT-FOR-US: askbot
-CVE-2026-0919 (The HTTP parser of Tapo C220 v1 and C520WS v2 cameras improperly handl ...)
+CVE-2026-0919 (The HTTP parser of Tapo C210 v3, C220 v1 and C520WS v2 cameras imprope ...)
NOT-FOR-US: TP-Link
CVE-2026-0918 (The Tapo C100 v5, C220 v1 and C520WS v2 cameras\u2019 HTTP service doe ...)
NOT-FOR-US: TP-Link
@@ -76100,6 +76281,7 @@ CVE-2025-64489 (SuiteCRM is an open-source, enterprise-ready Customer Relationsh
CVE-2025-64488 (SuiteCRM is an open-source, enterprise-ready Customer Relationship Man ...)
NOT-FOR-US: SuiteCRM
CVE-2025-64486 (calibre is an e-book manager. In versions 8.13.0 and prior, calibre do ...)
+ {DLA-4554-1}
- calibre 8.14.0+ds+~0.10.5-1
[trixie] - calibre 8.5.0+ds-1+deb13u1
[bookworm] - calibre 6.13.0+repack-2+deb12u5
@@ -429828,6 +430010,7 @@ CVE-2021-4117 (yetiforcecrm is vulnerable to Business Logic Errors)
CVE-2021-4116 (yetiforcecrm is vulnerable to Improper Neutralization of Input During ...)
NOT-FOR-US: yetiforcecrm
CVE-2021-4115 (There is a flaw in polkit which can allow an unprivileged user to caus ...)
+ {DLA-4553-1}
[experimental] - policykit-1 0.120-6
- policykit-1 0.105-32 (bug #1005784)
[buster] - policykit-1 <not-affected> (Vulnerable code not present, patch introducing issue not backported)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e572fdce183126808f8c0de273d5c5d28fdb5aab
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e572fdce183126808f8c0de273d5c5d28fdb5aab
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260429/a74d6ac8/attachment.htm>
More information about the debian-security-tracker-commits
mailing list