[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jun 2 08:28:34 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4ca774ab by security tracker role at 2026-06-02T07:13:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,317 @@
+CVE-2026-9050 (The Slider Revolution plugin for WordPress in versions 6.0.0-6.7.55 an ...)
+ TODO: check
+CVE-2026-9048 (The Slider Revolution plugin for WordPress is vulnerable to Sensitive ...)
+ TODO: check
+CVE-2026-8293 (The Really Simple Security WordPress plugin before 9.5.10.1 does not ...)
+ TODO: check
+CVE-2026-8206 (The Kirki \u2013 Freeform Page Builder, Website Builder & Customizer p ...)
+ TODO: check
+CVE-2026-49491 (Pixa Bank 2.0 contains an SQL injection vulnerability that allows unau ...)
+ TODO: check
+CVE-2026-49433 (The DeepAI endpoint 'https://api.deepai.org/change_user_email' accepts ...)
+ TODO: check
+CVE-2026-49140 (Nanobot prior to version 0.2.1 contains a denial of service vulnerabil ...)
+ TODO: check
+CVE-2026-49139 (Nanobot prior to version 0.2.1 contains a server-side request forgery ...)
+ TODO: check
+CVE-2026-49138 (Nanobot prior to version 0.2.1 contains a server-side request forgery ...)
+ TODO: check
+CVE-2026-49136 (Banana Slides through 0.4.0, patched in commit e8bc490, contains a pat ...)
+ TODO: check
+CVE-2026-49135 (CodexBar prior to 0.32.0 contains an insecure temporary file handling ...)
+ TODO: check
+CVE-2026-49134 (CodexBar prior to 0.32.0 contains a privilege escalation vulnerability ...)
+ TODO: check
+CVE-2026-40965 (Cloud Foundry UAA versions v76.12.0 through v78.12.0 are vulnerable to ...)
+ TODO: check
+CVE-2026-40964 (Authentication Bypass in cf-auth-proxy in Cloud Foundry Foundation all ...)
+ TODO: check
+CVE-2026-3871 (A buffer overflow vulnerability in the UPnP DeletePortMapping() comman ...)
+ TODO: check
+CVE-2026-3870 (A buffer overflow vulnerability in the UPnP AddPortMapping() command i ...)
+ TODO: check
+CVE-2026-3722 (The Auto Image Attributes From Filename With Bulk Updater (Add Alt Tex ...)
+ TODO: check
+CVE-2026-3198 (MLflow 3.9.0 with basic-auth (`--app-name basic-auth`) fails to enforc ...)
+ TODO: check
+CVE-2026-37234 (FlexRIC v2.0.0 allows a single SCTP connection to bind multiple xapp_i ...)
+ TODO: check
+CVE-2026-28586 (In multiple functions of AppOpsService.java, there is a possible missi ...)
+ TODO: check
+CVE-2026-28581 (In fixInitiatingUserIfNecessary of CallIntentProcessor.java, there is ...)
+ TODO: check
+CVE-2026-28580 (In multiple functions, there is a possible desync in persistence due t ...)
+ TODO: check
+CVE-2026-28578 (In multiple functions of DevicePolicyManagerService.java, there is a p ...)
+ TODO: check
+CVE-2026-28577 (In addWindow of WindowManagerService.java, there is a possible tapjack ...)
+ TODO: check
+CVE-2026-28511 (eLabFTW is an open source electronic lab notebook. Prior to version 5. ...)
+ TODO: check
+CVE-2026-25879 (Langroid is a framework for building large-language-model-powered appl ...)
+ TODO: check
+CVE-2026-25277 (Memory corruption while using Strongbox due to buffer overflow.)
+ TODO: check
+CVE-2026-25276 (Memory corruption while using Strongbox due to missing bounds check.)
+ TODO: check
+CVE-2026-25260 (Memory Corruption when accessing shared buffers without validation of ...)
+ TODO: check
+CVE-2026-25259 (Memory corruption while processing multiple IOCTL command for escape o ...)
+ TODO: check
+CVE-2026-25258 (Memory corruption while processing IOCTL calls for escape operations.)
+ TODO: check
+CVE-2026-24782 (Kiteworks is a private data network (PDN). Prior to version 9.3.0,ulti ...)
+ TODO: check
+CVE-2026-24761 (Kiteworks is a private data network (PDN). Prior to version 9.3.0, an ...)
+ TODO: check
+CVE-2026-24756 (Kiteworks is a private data network (PDN). Prior to version 9.3.0, an ...)
+ TODO: check
+CVE-2026-24755 (Kiteworks is a private data network (PDN). Prior to version 9.3.0, an ...)
+ TODO: check
+CVE-2026-24754 (Kiteworks is a private data network (PDN). Prior to version 9.3.0, a s ...)
+ TODO: check
+CVE-2026-24753 (Kiteworks is a private data network (PDN). Prior to version 9.3.0, an ...)
+ TODO: check
+CVE-2026-24752 (Kiteworks is a private data network (PDN). Prior to version 9.3.0, a r ...)
+ TODO: check
+CVE-2026-24751 (Kiteworks is a private data network (PDN). Prior to version 9.3.0, a r ...)
+ TODO: check
+CVE-2026-24092 (Memory Corruption when processing fastboot commands to set display mod ...)
+ TODO: check
+CVE-2026-24091 (Memory corruption while processing fastboot commands with improperly f ...)
+ TODO: check
+CVE-2026-24090 (Cryptographic issue while processing partition table entries allows un ...)
+ TODO: check
+CVE-2026-24089 (Memory corruption while processing fastboot commands with invalid inpu ...)
+ TODO: check
+CVE-2026-24088 (Cryptographic Issue while processing a specific partition which allows ...)
+ TODO: check
+CVE-2026-24087 (Memory corruption while processing fastboot OEM commands.)
+ TODO: check
+CVE-2026-24085 (Memory Corruption when processing display command line information due ...)
+ TODO: check
+CVE-2026-10583 (A security vulnerability has been detected in nextlevelbuilder GoClaw ...)
+ TODO: check
+CVE-2026-10581 (A flaw has been found in DedeCMS 5.7.88. Affected by this vulnerabilit ...)
+ TODO: check
+CVE-2026-10568 (A vulnerability was detected in itsourcecode Fees Management System 1. ...)
+ TODO: check
+CVE-2026-10567 (A security vulnerability has been detected in 1Panel-dev CordysCRM up ...)
+ TODO: check
+CVE-2026-10566 (A weakness has been identified in FoundationAgents MetaGPT up to 0.8.2 ...)
+ TODO: check
+CVE-2026-10565 (A security flaw has been discovered in Open5GS up to 2.7.6. The impact ...)
+ TODO: check
+CVE-2026-10559 (A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. ...)
+ TODO: check
+CVE-2026-10558 (A vulnerability was detected in SourceCodester Pizzafy Ecommerce Syste ...)
+ TODO: check
+CVE-2026-10550 (A weakness has been identified in elunez eladmin up to 2.7. This vulne ...)
+ TODO: check
+CVE-2026-10548 (A security flaw has been discovered in NousResearch hermes-agent up to ...)
+ TODO: check
+CVE-2026-10529 (A weakness has been identified in westboy CicadasCMS up to 2431154dac8 ...)
+ TODO: check
+CVE-2026-10528 (A security flaw has been discovered in Orthanc DICOM Server up to 1.12 ...)
+ TODO: check
+CVE-2026-10514 (A vulnerability has been found in 1Panel-dev CordysCRM up to 1.6.2. Th ...)
+ TODO: check
+CVE-2026-10510 (Cross-Site Scripting (XSS) in GeniexWebView component in Transsion AI ...)
+ TODO: check
+CVE-2026-10302 (A flaw has been found in itsourcecode Fees Management System 1.0. The ...)
+ TODO: check
+CVE-2026-10301 (A vulnerability was detected in itsourcecode Fees Management System 1. ...)
+ TODO: check
+CVE-2026-10300 (A security vulnerability has been detected in SGLang 0.5.10.post1. Imp ...)
+ TODO: check
+CVE-2026-10299 (A weakness has been identified in code-projects Online Hospital Manage ...)
+ TODO: check
+CVE-2026-10298 (A security flaw has been discovered in ggml-org whisper.cpp up to 1.8. ...)
+ TODO: check
+CVE-2026-10297 (A vulnerability was identified in itsourcecode Fees Management System ...)
+ TODO: check
+CVE-2026-10296 (A vulnerability was determined in itsourcecode Fees Management System ...)
+ TODO: check
+CVE-2026-10295 (A vulnerability was found in SourceCodester Customer Review App 1.0. A ...)
+ TODO: check
+CVE-2026-10294 (A vulnerability has been found in PackageKit up to 1.3.5. Affected is ...)
+ TODO: check
+CVE-2026-10293 (A flaw has been found in UTT HiPER 1200GW up to 2.5.3-170306. This imp ...)
+ TODO: check
+CVE-2026-10292 (A vulnerability was detected in UTT HiPER 1200GW up to 2.5.3-170306. T ...)
+ TODO: check
+CVE-2026-10291 (A security vulnerability has been detected in Enderfga claw-orchestrat ...)
+ TODO: check
+CVE-2026-10290 (A weakness has been identified in code-projects Hotel and Tourism Rese ...)
+ TODO: check
+CVE-2026-10289 (A security flaw has been discovered in code-projects Hotel and Tourism ...)
+ TODO: check
+CVE-2026-10288 (A vulnerability was identified in code-projects Hotel and Tourism Rese ...)
+ TODO: check
+CVE-2026-10287 (A vulnerability was determined in SourceCodester SEO Meta Tag Extracto ...)
+ TODO: check
+CVE-2026-10286 (A vulnerability was found in CodeAstro Payroll System 1.0. This affect ...)
+ TODO: check
+CVE-2026-10285 (A vulnerability has been found in DevaslanPHP project-management up to ...)
+ TODO: check
+CVE-2026-10284 (A flaw has been found in DevaslanPHP project-management up to 2.0.0-be ...)
+ TODO: check
+CVE-2026-10100 (The Simple Custom Login Page plugin for WordPress is vulnerable to Sto ...)
+ TODO: check
+CVE-2026-0100 (In Load of LoadedArsc.cpp, there is a possible out of bounds write due ...)
+ TODO: check
+CVE-2026-0099 (In onNullBinding of HostEmulationManager.java, there is a possible way ...)
+ TODO: check
+CVE-2026-0098 (In getCallingPackageName of Shared.java, there is a possible way to by ...)
+ TODO: check
+CVE-2026-0097 (In multiple locations, there is a possible way to bypass user interact ...)
+ TODO: check
+CVE-2026-0096 (In getAppLabel of ForgetDeviceDialogFragment.java, there is a possible ...)
+ TODO: check
+CVE-2026-0095 (In l2c_fcr_clone_buf of l2c_fcr.cc, there is a possible way to trigger ...)
+ TODO: check
+CVE-2026-0094 (In getApplicationLabel of KeyChainActivity.java, there is a possible w ...)
+ TODO: check
+CVE-2026-0093 (In multiple locations, there is a possible misleading UI due to obfusc ...)
+ TODO: check
+CVE-2026-0091 (In multiple locations, there is a possible way to execute code in the ...)
+ TODO: check
+CVE-2026-0089 (In multiple functions of PackageInstallerService.java, there is a poss ...)
+ TODO: check
+CVE-2026-0088 (In getCallingAppLabel of CertInstaller.java, there is a possible way t ...)
+ TODO: check
+CVE-2026-0087 (In approvalLevelForDomainInternal of DomainVerificationService.java, t ...)
+ TODO: check
+CVE-2026-0086 (In onCreate of DisableSupervisionActivity.kt, there is a possible way ...)
+ TODO: check
+CVE-2026-0085 (In applySimpleFieldMaxSize of DataRowHandler.java, there is a possible ...)
+ TODO: check
+CVE-2026-0080 (In multiple functions of ubsan_throwing_runtime.cpp, there is a possib ...)
+ TODO: check
+CVE-2026-0079 (In multiple functions of ubsan_throwing_runtime.cpp, there is a possib ...)
+ TODO: check
+CVE-2026-0078 (In setGlobalProxy of DevicePolicyManagerService.java, there is a possi ...)
+ TODO: check
+CVE-2026-0077 (In resumeConfigurationDispatch of ActivityRecord.java, there is a poss ...)
+ TODO: check
+CVE-2026-0076 (In validateNode of ResourceTypes.cpp, there is a possible out of bound ...)
+ TODO: check
+CVE-2026-0075 (In multiple functions, there is a possible way to access the contacts ...)
+ TODO: check
+CVE-2026-0074 (In getPreferredSize of LauncherProcessImageListener.kt, there is a pos ...)
+ TODO: check
+CVE-2026-0070 (In multiple functions of DevicePolicyManagerService.java, there is a p ...)
+ TODO: check
+CVE-2026-0069 (In verifySignature of ApkChecksums.java, there is a possible way to ca ...)
+ TODO: check
+CVE-2026-0067 (In multiple functions of ubsan_throwing_runtime.cpp, there is a possib ...)
+ TODO: check
+CVE-2026-0061 (In multiple functions of WindowState.java, there is a possible way to ...)
+ TODO: check
+CVE-2026-0060 (In updateState of GraphicsDriverEnableAngleAsSystemDriverController.ja ...)
+ TODO: check
+CVE-2026-0059 (In multiple functions of sdp_discovery.cc, there is a possible way to ...)
+ TODO: check
+CVE-2026-0056 (In setTo of ResourceTypes.cpp, there is a possible read out of bounds ...)
+ TODO: check
+CVE-2026-0055 (In createSessionInternal of PackageInstallerService.java, there is a p ...)
+ TODO: check
+CVE-2026-0052 (In multiple functions of ubsan_throwing_runtime.cpp, there is a possib ...)
+ TODO: check
+CVE-2026-0051 (In multiple functions of ubsan_throwing_runtime.cpp, there is a possib ...)
+ TODO: check
+CVE-2026-0050 (In handleBondStateChanged of AdapterService.java, there is a possible ...)
+ TODO: check
+CVE-2026-0048 (In hide of WindowState.java, there is a possible way to trick the user ...)
+ TODO: check
+CVE-2026-0046 (In InputInterceptor of Letterbox.java, there is a possible way to tric ...)
+ TODO: check
+CVE-2026-0045 (In bta_jv_rfcomm_connect of bta_jv_act.cc, there is a possible bypass ...)
+ TODO: check
+CVE-2026-0044 (In multiple functions of ubsan_throwing_runtime.cpp, there is a possib ...)
+ TODO: check
+CVE-2026-0043 (In multiple functions of ubsan_throwing_runtime.cpp, there is a possib ...)
+ TODO: check
+CVE-2026-0042 (In multiple functions of ubsan_throwing_runtime.cpp, there is a possib ...)
+ TODO: check
+CVE-2026-0041 (In multiple functions of ubsan_throwing_runtime.cpp, there is a possib ...)
+ TODO: check
+CVE-2026-0040 (In multiple functions of ubsan_throwing_runtime.cpp, there is a possib ...)
+ TODO: check
+CVE-2026-0039 (In multiple functions of ubsan_throwing_runtime.cpp, there is a possib ...)
+ TODO: check
+CVE-2026-0036 (In startAnimation of StageCoordinator.java, there is a possible tapjac ...)
+ TODO: check
+CVE-2026-0018 (In multiple functions of AccessibilityManagerService.java, there is a ...)
+ TODO: check
+CVE-2026-0016 (In updateProvidersWhenServiceRemoved of CredentialManagerService.java, ...)
+ TODO: check
+CVE-2026-0009 (In multiple locations, there is a possible tapjacking due to a logic e ...)
+ TODO: check
+CVE-2025-70099 (A NULL pointer dereference in the ext4_dir_en_get_name_len function in ...)
+ TODO: check
+CVE-2025-59614 (Memory Corruption when sending random number generator command with in ...)
+ TODO: check
+CVE-2025-59613 (Memory Corruption when output buffer size is smaller than input buffer ...)
+ TODO: check
+CVE-2025-59612 (Memory corruption in windows drivers while sending incorrect trusted a ...)
+ TODO: check
+CVE-2025-59611 (Memory corruption in diagnostic services due to absence of input valid ...)
+ TODO: check
+CVE-2025-59610 (Memory Corruption when processing IOCTL requests with mismatched API v ...)
+ TODO: check
+CVE-2025-59609 (Information Disclosure when processing advertisement frames with malfo ...)
+ TODO: check
+CVE-2025-59606 (Memory Corruption when writing to invalid memory locations occurs due ...)
+ TODO: check
+CVE-2025-59605 (Memory Corruption when processing device identifier strings that excee ...)
+ TODO: check
+CVE-2025-59604 (Memory Corruption when running a memory copy operation due to invalid ...)
+ TODO: check
+CVE-2025-59601 (Information Disclosure when resetting device to factory default settin ...)
+ TODO: check
+CVE-2025-48652 (In performPreInstallChecks of InstallRepository.kt, there is a possibl ...)
+ TODO: check
+CVE-2025-48649 (In multiple locations, there is a possible way to reset user-selected ...)
+ TODO: check
+CVE-2025-48648 (In isSameApp of NotificationManagerService.java, there is a possible p ...)
+ TODO: check
+CVE-2025-48616 (In multiple functions of KeyguardViewMediator.java , there is a possib ...)
+ TODO: check
+CVE-2025-48595 (In multiple locations, there is a possible way to achieve code executi ...)
+ TODO: check
+CVE-2025-48570 (In multiple functions of PipTaskOrganizer.java, there is a possible wa ...)
+ TODO: check
+CVE-2025-32348 (In multiple locations, there is a possible background activity launch ...)
+ TODO: check
+CVE-2025-26418 (In setUserDisclaimerAcknowledged of CarDevicePolicyService.java, there ...)
+ TODO: check
+CVE-2025-22426 (In many functions of ComputerEngine.java, there is a possible way to a ...)
+ TODO: check
+CVE-2025-22424 (In multiple locations, there is a possible way to reveal images across ...)
+ TODO: check
+CVE-2019-25718 (Dr\xe4ger Infinity Explorer C700 contains a privilege escalation vulne ...)
+ TODO: check
+CVE-2019-25716 (Dr\xe4ger Infinity Delta, Delta XL, and Kappa patient monitors contain ...)
+ TODO: check
+CVE-2018-25435 (ZeusCart 4.0 contains a cross-site request forgery vulnerability that ...)
+ TODO: check
+CVE-2018-25434 (WP AutoSuggest 0.24 contains an SQL injection vulnerability that allow ...)
+ TODO: check
+CVE-2018-25433 (Joomla Component JE Photo Gallery 1.1 contains an SQL injection vulner ...)
+ TODO: check
+CVE-2018-25432 (Arm Whois 3.11 contains a buffer overflow vulnerability that allows lo ...)
+ TODO: check
+CVE-2018-25431 (No-Cms 1.0 contains an SQL injection vulnerability in the order_by par ...)
+ TODO: check
+CVE-2018-25430 (Paroiciel 11.20 contains an SQL injection vulnerability that allows au ...)
+ TODO: check
+CVE-2018-25429 (Paroiciel 11.20 contains an SQL injection vulnerability that allows au ...)
+ TODO: check
+CVE-2018-25428 (Paroiciel 11.20 contains an SQL injection vulnerability that allows un ...)
+ TODO: check
+CVE-2018-25427 (Arm Whois 3.11 contains a stack-based buffer overflow vulnerability th ...)
+ TODO: check
CVE-2026-XXXX [Font Alias Stack-based Buffer Overflow]
- xorg-server <unfixed>
- xwayland <unfixed>
@@ -22286,7 +22600,7 @@ CVE-2018-25299 (Prime95 29.4b8 contains a local buffer overflow vulnerability th
NOT-FOR-US: Prime95
CVE-2018-25298 (Merge PACS 7.0 contains a cross-site request forgery vulnerability tha ...)
NOT-FOR-US: Merge PACS
-CVE-2026-5419
+CVE-2026-5419 (A flaw was found in gnutls. The PKCS#7 padding check, performed during ...)
{DSA-6281-1}
- gnutls28 3.8.13-1 (bug #1135319)
[bullseye] - gnutls28 <not-affected> (Vulnerable code introduced later)
@@ -91234,7 +91548,7 @@ CVE-2025-48615 (In getComponentName of MediaButtonReceiverHolder.java, there is
NOT-FOR-US: Android
CVE-2025-48614 (In rebootWipeUserData of RecoverySystem.java, there is a possible way ...)
NOT-FOR-US: Android
-CVE-2025-48612 (In multiple locations, there is a possible way for an application on a ...)
+CVE-2025-48612 (In setDefaultKey of DefaultPaymentSettings.java, there is a possible w ...)
NOT-FOR-US: Android
CVE-2025-48610 (In __pkvm_guest_relinquish_to_host of mem_protect.c, there is a possib ...)
NOT-FOR-US: Android
@@ -429923,8 +430237,8 @@ CVE-2021-46749 (Insufficient bounds checking in ASP (AMD Secure Processor) may a
NOT-FOR-US: AMD
CVE-2021-46748 (Insufficient bounds checking in the ASP (AMD Secure Processor) may all ...)
NOT-FOR-US: AMD
-CVE-2021-46747
- RESERVED
+CVE-2021-46747 (Insufficient granularity of access control in ASP (AMD Secure Processo ...)
+ TODO: check
CVE-2021-46746 (Lack of stack protection exploit mechanisms in ASP Secure OS Trusted E ...)
NOT-FOR-US: AMD
CVE-2021-46745
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4ca774ab81bb5949884ff1f0040f1f549551eeb2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4ca774ab81bb5949884ff1f0040f1f549551eeb2
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260602/c300bbce/attachment.htm>
More information about the debian-security-tracker-commits
mailing list