[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
412106a2 by security tracker role at 2026-06-03T07:13:08+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,176 @@
-CVE-2026-27145
+CVE-2026-9732 (The EmergencyWP \u2013 Dead Man's switch & legacy deliverance plugin f ...)
+	TODO: check
+CVE-2026-8936 (Fixed a VM panic caused by unbounded recursion in the grpcfuse kernel  ...)
+	TODO: check
+CVE-2026-8036 (Improper input validation in NI-PAL may allow a local authenticated us ...)
+	TODO: check
+CVE-2026-8035 (Improper input validation in the NI-PAL kernel driver may allow a loca ...)
+	TODO: check
+CVE-2026-7421 (The Passeum Ticketing plugin for WordPress is vulnerable to Stored Cro ...)
+	TODO: check
+CVE-2026-5385 (An unauthenticated user with write access to the knowledge base can st ...)
+	TODO: check
+CVE-2026-5076 (The ARMember Premium plugin for WordPress is vulnerable to an insecure ...)
+	TODO: check
+CVE-2026-5074 (The ARMember Premium plugin for WordPress is vulnerable to SQL Injecti ...)
+	TODO: check
+CVE-2026-5073 (The ARMember Premium plugin for WordPress is vulnerable to SQL Injecti ...)
+	TODO: check
+CVE-2026-50052 (In Vinyl Cache before 9.0.1 and Varnish Cache before 9.0.3, a deficien ...)
+	TODO: check
+CVE-2026-50031 (ipmi-oem in FreeIPMI before 1.6.18 has exploitable buffer overflows on ...)
+	TODO: check
+CVE-2026-49448 (authentik is an open-source identity provider. Prior to versions 2025. ...)
+	TODO: check
+CVE-2026-49443 (authentik is an open-source identity provider. Prior to versions 2025. ...)
+	TODO: check
+CVE-2026-49144 (BrowserStack Runner through 0.9.5 contains a path traversal vulnerabil ...)
+	TODO: check
+CVE-2026-49143 (BrowserStack Runner through 0.9.5 contains a remote code execution vul ...)
+	TODO: check
+CVE-2026-49120 (Medplum before 5.1.14 contains a server-side request forgery vulnerabi ...)
+	TODO: check
+CVE-2026-48682 (FastNetMon Community Edition through 1.2.9 contains an out-of-bounds r ...)
+	TODO: check
+CVE-2026-48598 (Improper Encoding or Escaping of Output vulnerability in elixir-tesla  ...)
+	TODO: check
+CVE-2026-48597 (Allocation of Resources Without Limits or Throttling vulnerability in  ...)
+	TODO: check
+CVE-2026-48596 (Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Reque ...)
+	TODO: check
+CVE-2026-48595 (Improper Handling of Case Sensitivity vulnerability in elixir-tesla te ...)
+	TODO: check
+CVE-2026-48594 (Improper Handling of Highly Compressed Data (Data Amplification) vulne ...)
+	TODO: check
+CVE-2026-47265 (AIOHTTP is an asynchronous HTTP client/server framework for asyncio an ...)
+	TODO: check
+CVE-2026-47201 (authentik is an open-source identity provider. Prior to versions 2025. ...)
+	TODO: check
+CVE-2026-45289 (CloudburstMC Protocol is a protocol library for Minecraft Bedrock Edit ...)
+	TODO: check
+CVE-2026-44654 (LibreChat is an enhanced ChatGPT clone that supports multiple AI provi ...)
+	TODO: check
+CVE-2026-44653 (LibreChat is an enhanced ChatGPT clone that supports multiple AI provi ...)
+	TODO: check
+CVE-2026-42849 (authentik is an open-source identity provider. Prior to versions 2025. ...)
+	TODO: check
+CVE-2026-42342 (React Router is a router for React. In versions 7.0.0 through 7.14.x o ...)
+	TODO: check
+CVE-2026-42211 (React Router is a router for React. In versions 7.0.0 through 7.14.1,  ...)
+	TODO: check
+CVE-2026-42029
+	REJECTED
+CVE-2026-41577 (authentik is an open-source identity provider. Prior to versions 2025. ...)
+	TODO: check
+CVE-2026-41569 (authentik is an open-source identity provider. Prior to version 2026.2 ...)
+	TODO: check
+CVE-2026-41412 (alf.io is an open source ticket reservation system for conferences, tr ...)
+	TODO: check
+CVE-2026-40181 (React Router is a router for React. In versions 7.0.0 through 7.14.0 a ...)
+	TODO: check
+CVE-2026-40108 (GLPI is a free asset and IT management software package. In versions 1 ...)
+	TODO: check
+CVE-2026-38967 (CrowCpp Crow through v1.3.1 HTTP is vulnerable to response header inje ...)
+	TODO: check
+CVE-2026-35482 (alf.io is an open source ticket reservation system for conferences, tr ...)
+	TODO: check
+CVE-2026-35212 (OpenCTI is an open source platform for managing cyber threat intellige ...)
+	TODO: check
+CVE-2026-35202 (Pterodactyl is a free, open-source game server management panel. Prior ...)
+	TODO: check
+CVE-2026-35049 (wire-ios is an iOS client for the Wire secure messaging application. P ...)
+	TODO: check
+CVE-2026-34993 (AIOHTTP is an asynchronous HTTP client/server framework for asyncio an ...)
+	TODO: check
+CVE-2026-34077 (React Router is a router for React. In versions 7.7.0 through 7.13.1,  ...)
+	TODO: check
+CVE-2026-33553 (Northern.tech CFEngine Enterprise 3.24.3 before 3.24.4 and 3.27.0 befo ...)
+	TODO: check
+CVE-2026-33245 (React Router is a router for React. In versions 7.7.0 through 7.13.1,  ...)
+	TODO: check
+CVE-2026-32625 (LibreChat is an enhanced ChatGPT clone that supports multiple AI provi ...)
+	TODO: check
+CVE-2026-31942 (LibreChat is an enhanced ChatGPT clone that supports multiple AI provi ...)
+	TODO: check
+CVE-2026-30586 (Cross Site Scripting vulnerability in usememos Memos v.0.26.0 allows a ...)
+	TODO: check
+CVE-2026-28299 (SolarWinds Web Help Desk is found to be affected by a denial-of-servic ...)
+	TODO: check
+CVE-2026-25861 (QloApps through 1.7.0, fixed in commit 64e9722, contains a weak crypto ...)
+	TODO: check
+CVE-2026-1829 (The Content Visibility for Divi Builder plugin for WordPress is vulner ...)
+	TODO: check
+CVE-2026-10719 (Out of bounds write in openSeaChest\u2019s --showSupportedFormats in S ...)
+	TODO: check
+CVE-2026-10718 (Out of bounds write in openSeaChest\u2019s Trim/Unmap operation in Sea ...)
+	TODO: check
+CVE-2026-10717 (Out of bounds write and reads inopenSeaChest\u2019s--showSCSIDefectsin ...)
+	TODO: check
+CVE-2026-10705 (A flaw has been found in dask up to 3.0. Affected by this issue is the ...)
+	TODO: check
+CVE-2026-10704 (A vulnerability was detected in SourceCodester Pizzafy E-Commerce Syst ...)
+	TODO: check
+CVE-2026-10703 (A security vulnerability has been detected in EIPStackGroup OpENer up  ...)
+	TODO: check
+CVE-2026-10694 (A vulnerability was detected in SourceCodester Online Food Ordering Sy ...)
+	TODO: check
+CVE-2026-10693 (A security vulnerability has been detected in SourceCodester Online Bo ...)
+	TODO: check
+CVE-2026-10692 (A weakness has been identified in johnhuang316 code-index-mcp up to 2. ...)
+	TODO: check
+CVE-2026-10691 (A security flaw has been discovered in wonderwhy-er DesktopCommanderMC ...)
+	TODO: check
+CVE-2026-10690 (A vulnerability was identified in wonderwhy-er DesktopCommanderMCP 0.2 ...)
+	TODO: check
+CVE-2026-10688 (A vulnerability was determined in ahujasid blender-mcp up to 7636d13bd ...)
+	TODO: check
+CVE-2026-10662 (A vulnerability was found in ahujasid blender-mcp up to 7636d13bded82e ...)
+	TODO: check
+CVE-2026-10661 (A vulnerability has been found in ahujasid blender-mcp up to 7636d13bd ...)
+	TODO: check
+CVE-2026-10650 (A flaw has been found in warmcat libwebsockets up to 4.5.8. This issue ...)
+	TODO: check
+CVE-2026-10624 (A vulnerability has been found in SourceCodester Human Resource Manage ...)
+	TODO: check
+CVE-2026-10620 (A flaw has been found in code-projects Student Admission System 1.0. A ...)
+	TODO: check
+CVE-2026-10619 (A vulnerability was detected in sayan365 student-management-system up  ...)
+	TODO: check
+CVE-2026-10617 (A security vulnerability has been detected in nextlevelbuilder GoClaw  ...)
+	TODO: check
+CVE-2026-10616 (A weakness has been identified in nextlevelbuilder GoClaw up to 3.11.3 ...)
+	TODO: check
+CVE-2026-10608 (A security flaw has been discovered in DedeCMS 5.7.88. This affects th ...)
+	TODO: check
+CVE-2026-10607 (A vulnerability was identified in DedeCMS 5.7.88. The impacted element ...)
+	TODO: check
+CVE-2026-10584 (Proxy server in Graph Explorer before 3.0.1 falls back to HTTP when ce ...)
+	TODO: check
+CVE-2025-64390 (A privilege escalation vulnerability exists in PlayStation 4 firmware  ...)
+	TODO: check
+CVE-2025-15653 (Dr\xe4ger Zeus Infinity Empowered (Zeus IE) and Zeus RS C500 anesthesi ...)
+	TODO: check
+CVE-2024-14036 (Dr\xe4ger Core 1.0.5 and Dr\xe4ger M540 Converter Service 1.0.9 contai ...)
+	TODO: check
+CVE-2022-4992 (Dr\xe4ger Infinity Acute Care System and Standalone Infinity M540 pati ...)
+	TODO: check
+CVE-2021-4481 (Dr\xe4ger Protector Software prior to version 6.4.2 contains a local p ...)
+	TODO: check
+CVE-2021-4480 (Dr\xe4ger Protector Software prior to version 6.4.2 contains a local p ...)
+	TODO: check
+CVE-2021-4479 (Dr\xe4ger Atlan A350 software versions 1.00 through 1.01 contains an i ...)
+	TODO: check
+CVE-2021-4478 (Dr\xe4ger CC-Vision Basic before 7.5.3 and Dr\xe4ger CC-Vision E-Cal b ...)
+	TODO: check
+CVE-2019-25724 (Dr\xe4ger Infinity M300 patient worn monitors with software version VG ...)
+	TODO: check
+CVE-2019-25723 (Dr\xe4ger Perseus A500 software versions 2.00 through 2.02 contains an ...)
+	TODO: check
+CVE-2019-25722 (Dr\xe4ger SC Monitoring devices (SC 6002XL, SC 6802XL, SC 7000, SC 800 ...)
+	TODO: check
+CVE-2019-25721 (Dr\xe4ger Infinity M300 patient worn monitors with software version VG ...)
+	TODO: check
+CVE-2026-27145 ((*x509.Certificate).VerifyHostname previously called matchHostnames in ...)
 	- golang-1.26 <unfixed>
 	- golang-1.25 <unfixed>
 	- golang-1.24 <removed>
@@ -7,7 +179,7 @@ CVE-2026-27145
 	NOTE: https://github.com/golang/go/issues/79694
 	NOTE: https://github.com/golang/go/commit/ce5a3e718cac440defae617dc6ed72a6e94cd0af (go1.26.4)
 	NOTE: https://github.com/golang/go/commit/c5d18e479475e251c8593b1113fb53836117d5d3 (go1.25.11)
-CVE-2026-42507
+CVE-2026-42507 (When returning errors, functions in the net/textproto package would in ...)
 	- golang-1.26 <unfixed>
 	- golang-1.25 <unfixed>
 	- golang-1.24 <removed>
@@ -16,7 +188,7 @@ CVE-2026-42507
 	NOTE: https://github.com/golang/go/issues/79346
 	NOTE: https://github.com/golang/go/commit/ec1c380418ec6a0da28d4519872e2b81ba9152ba (go1.26.4)
 	NOTE: https://github.com/golang/go/commit/449dafea7264878e73acc58cbd330e0ee6630030 (go1.25.11)
-CVE-2026-42504
+CVE-2026-42504 (Decoding a maliciously-crafted MIME header containing many invalid enc ...)
 	- golang-1.26 <unfixed>
 	- golang-1.25 <unfixed>
 	- golang-1.24 <removed>
@@ -30,10 +202,10 @@ CVE-2026-49975
 	NOTE: https://blog.calif.io/p/codex-discovered-a-hidden-http2-bomb
 	NOTE: https://github.com/icing/mod_h2/pull/324
 	NOTE: https://github.com/icing/mod_h2/commit/35c6e405390ed361189a82acd96675401ea5947c (v2.0.41)
-CVE-2026-10702
+CVE-2026-10702 (JIT miscompilation in the JavaScript Engine: JIT component. This vulne ...)
 	- firefox 151.0.3-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-54/#CVE-2026-10702
-CVE-2026-10701
+CVE-2026-10701 (Incorrect boundary conditions in the Graphics: Text component. This vu ...)
 	- firefox 151.0.3-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-54/#CVE-2026-10701
 CVE-2026-9844 (Use of default credentials vulnerability in Roche Diagnostics navify D ...)
@@ -1511,13 +1683,13 @@ CVE-2026-47187
 	NOTE: https://github.com/libfuse/sshfs/security/advisories/GHSA-pjv6-2c3f-r357
 	NOTE: https://github.com/libfuse/sshfs/pull/361
 	NOTE: Fixed by: https://github.com/libfuse/sshfs/commit/bcd132f17ccf1b8592a229df797c9b08883fec26 (sshfs-3.7.6)
-CVE-2026-9516 [BOM-shift PV-corruption SIGABRT]
+CVE-2026-9516 (Cpanel::JSON::XS versions before 4.41 for Perl allow denial of service ...)
 	- libcpanel-json-xs-perl 4.41-1 (bug #1138273)
 	[trixie] - libcpanel-json-xs-perl <no-dsa> (Minor issue)
 	[bookworm] - libcpanel-json-xs-perl <no-dsa> (Minor issue)
 	NOTE: https://lists.security.metacpan.org/cve-announce/msg/40653165/
 	NOTE: Fixed by: https://github.com/rurban/Cpanel-JSON-XS/commit/dfe1b41a36caba51dc12a2917fe50285d1ffaa7b (4.41)
-CVE-2026-9334 [dupkeys_as_arrayref type confusion]
+CVE-2026-9334 (Cpanel::JSON::XS versions before 4.41 for Perl allow type confusion vi ...)
 	- libcpanel-json-xs-perl 4.41-1 (bug #1138273)
 	[trixie] - libcpanel-json-xs-perl <no-dsa> (Minor issue)
 	[bookworm] - libcpanel-json-xs-perl <no-dsa> (Minor issue)
@@ -13779,7 +13951,7 @@ CVE-2026-40363 (Heap-based buffer overflow in Microsoft Office allows an unautho
 	NOT-FOR-US: Microsoft
 CVE-2026-40362 (Use after free in Microsoft Office Excel allows an unauthorized attack ...)
 	NOT-FOR-US: Microsoft
-CVE-2026-40361 (Access of resource using incompatible type ('type confusion') in Micro ...)
+CVE-2026-40361 (Use after free in Microsoft Office allows an unauthorized attacker to  ...)
 	NOT-FOR-US: Microsoft
 CVE-2026-40360 (Out-of-bounds read in Microsoft Office Excel allows an unauthorized at ...)
 	NOT-FOR-US: Microsoft
@@ -43569,7 +43741,7 @@ CVE-2026-33627 (Parse Server is an open source backend that can be deployed to a
 	NOT-FOR-US: Parse Server
 CVE-2026-33624 (Parse Server is an open source backend that can be deployed to any inf ...)
 	NOT-FOR-US: Parse Server
-CVE-2026-33554 (ipmi-oem in FreeIPMI before 1.16.17 has exploitable buffer overflows o ...)
+CVE-2026-33554 (ipmi-oem in FreeIPMI before 1.6.17 has exploitable buffer overflows on ...)
 	- freeipmi 1.6.17-1 (bug #1132018)
 	[trixie] - freeipmi <no-dsa> (Minor issue)
 	[bookworm] - freeipmi <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/412106a2910d29ae7e1080b8747d84e299a798b9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/412106a2910d29ae7e1080b8747d84e299a798b9
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260603/768698c0/attachment.htm>