[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Jun 8 08:13:03 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2b8d2031 by security tracker role at 2026-06-08T07:12:56+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,93 @@
+CVE-2026-11495 (A vulnerability was detected in CodeAstro Ingredients Stock Management ...)
+	TODO: check
+CVE-2026-11494 (A security vulnerability has been detected in TOTOLINK AC1200 T8 4.1.5 ...)
+	TODO: check
+CVE-2026-11493 (A weakness has been identified in Tenda AC15 15.03.05.19. The impacted ...)
+	TODO: check
+CVE-2026-11492 (A security flaw has been discovered in D-Link DIR-823G 1.0.2B05. The a ...)
+	TODO: check
+CVE-2026-11491 (A vulnerability was identified in CodeAstro Human Resource Management  ...)
+	TODO: check
+CVE-2026-11490 (A vulnerability was determined in code-projects Online Music Site 1.0. ...)
+	TODO: check
+CVE-2026-11489 (A vulnerability was found in code-projects Online Music Site 1.0. This ...)
+	TODO: check
+CVE-2026-11488 (A vulnerability has been found in code-projects Simple Flight Ticket B ...)
+	TODO: check
+CVE-2026-11487 (A flaw has been found in Neovim up to 0.12.2. Affected by this issue i ...)
+	TODO: check
+CVE-2026-11486 (A vulnerability was detected in SourceCodester Class and Exam Timetabl ...)
+	TODO: check
+CVE-2026-11485 (A security vulnerability has been detected in SourceCodester Class and ...)
+	TODO: check
+CVE-2026-11484 (A weakness has been identified in SourceCodester Class and Exam Timeta ...)
+	TODO: check
+CVE-2026-11483 (A security flaw has been discovered in SourceCodester Class and Exam T ...)
+	TODO: check
+CVE-2026-11482 (A vulnerability was identified in SourceCodester Class and Exam Timeta ...)
+	TODO: check
+CVE-2026-11481 (A vulnerability was determined in yoanbernabeu grepai up to 0.35.0. Th ...)
+	TODO: check
+CVE-2026-11480 (A vulnerability was found in Chengdu Everbrite Network Technology Beik ...)
+	TODO: check
+CVE-2026-11479 (A vulnerability has been found in yoanbernabeu grepai 0.35.0. This iss ...)
+	TODO: check
+CVE-2026-11478 (A flaw has been found in kokke tiny-regex-c up to f2632c6d9ed252729874 ...)
+	TODO: check
+CVE-2026-11477 (A vulnerability was detected in hs-web hsweb-framework up to 5.0.1. Th ...)
+	TODO: check
+CVE-2026-11476 (A security vulnerability has been detected in Kushan2k student-managem ...)
+	TODO: check
+CVE-2026-11475 (A weakness has been identified in Kushan2k student-management-system u ...)
+	TODO: check
+CVE-2026-11474 (A security flaw has been discovered in Kushan2k student-management-sys ...)
+	TODO: check
+CVE-2026-11473 (A vulnerability was identified in jflyfox jfinal_cms up to 5.1.0. This ...)
+	TODO: check
+CVE-2026-11472 (A vulnerability was determined in SourceCodester Class and Exam Timeta ...)
+	TODO: check
+CVE-2026-11471 (A vulnerability was found in SourceCodester Class and Exam Timetabling ...)
+	TODO: check
+CVE-2026-11470 (A vulnerability has been found in hs-web hsweb-framework up to 5.0.1.  ...)
+	TODO: check
+CVE-2026-11469 (A flaw has been found in jishenghua jshERP up to 3.6. Impacted is the  ...)
+	TODO: check
+CVE-2026-11468 (A vulnerability was detected in SourceCodester Hospitals Patient Recor ...)
+	TODO: check
+CVE-2026-11467 (A security vulnerability has been detected in jishenghua jshERP up to  ...)
+	TODO: check
+CVE-2026-11466 (A weakness has been identified in zilliztech deep-searcher up to 0.0.2 ...)
+	TODO: check
+CVE-2026-11465 (A security flaw has been discovered in songquanpeng one-api up to 0.6. ...)
+	TODO: check
+CVE-2026-11464 (A vulnerability was identified in JeecgBoot up to 3.9.2. Affected by t ...)
+	TODO: check
+CVE-2026-11463 (A vulnerability was determined in USCiLab Cereal up to 1.3.2. Affected ...)
+	TODO: check
+CVE-2026-11462 (A vulnerability was found in Chengdu Everbrite Network Technology Beik ...)
+	TODO: check
+CVE-2026-11461 (A vulnerability has been found in NousResearch hermes-agent up to 0.12 ...)
+	TODO: check
+CVE-2026-11460 (A flaw has been found in Boost Serialization up to 1.91. The impacted  ...)
+	TODO: check
+CVE-2024-58349 (WordPress Theme Travelscape 1.0.3 contains an arbitrary file upload vu ...)
+	TODO: check
+CVE-2024-58348 (WordPress Background Image Cropper version 1.2 contains a remote code  ...)
+	TODO: check
+CVE-2023-54352 (WordPress Seotheme contains a remote code execution vulnerability that ...)
+	TODO: check
+CVE-2023-54351 (WordPress Sonaar Music Plugin 4.7 contains a stored cross-site scripti ...)
+	TODO: check
+CVE-2023-54350 (WordPress Augmented-Reality plugin contains a remote code execution vu ...)
+	TODO: check
+CVE-2022-50953 (WordPress Plugin admin-word-count-column 2.2 contains a local file rea ...)
+	TODO: check
+CVE-2021-47984 (WordPress Plugin WP24 Domain Check 1.6.2 contains a stored cross-site  ...)
+	TODO: check
+CVE-2021-47983 (WordPress Plugin Stripe Payments 2.0.39 contains a stored cross-site s ...)
+	TODO: check
+CVE-2021-47982 (WordPress Plugin WP-Paginate 2.1.3 contains a stored cross-site script ...)
+	TODO: check
 CVE-2026-49494 (Comodo Internet Security's firewall driver Inspect.sys contains an int ...)
 	NOT-FOR-US: Comodo Internet Security
 CVE-2026-36229
@@ -12590,13 +12680,13 @@ CVE-2025-11954 (Cross-Site request forgery (CSRF) vulnerability in Sitemio Infor
 CVE-2023-7346 (Ledger Bitcoin app versions 2.1.0 and 2.1.1 contain an address derivat ...)
 	NOT-FOR-US: Ledger Bitcoin app
 CVE-2026-41073 (RT is an open source, enterprise-grade issue and ticket tracking syste ...)
-	{DSA-6324-1}
+	{DSA-6327-1 DSA-6324-1}
 	- request-tracker5 5.0.10+dfsg-1
 	- request-tracker4 <removed>
 	NOTE: https://github.com/bestpractical/rt/releases/tag/rt-5.0.10
 	NOTE: Fixed by: https://github.com/bestpractical/rt/commit/dce7ff6799d930d09c10a50539325f1290440d4b (rt-5.0.10)
 CVE-2026-44229
-	{DSA-6324-1}
+	{DSA-6327-1 DSA-6324-1}
 	- request-tracker5 5.0.10+dfsg-1
 	- request-tracker4 <removed>
 	NOTE: https://github.com/bestpractical/rt/releases/tag/rt-5.0.10
@@ -12613,25 +12703,25 @@ CVE-2026-44227
 	- request-tracker4 <not-affected> (Only affects RT6)
 	NOTE: https://github.com/bestpractical/rt/releases/tag/rt-6.0.3
 CVE-2026-6841 (Request Tracker is vulnerable to a reflected cross-site scripting (XSS ...)
-	{DSA-6324-1}
+	{DSA-6327-1 DSA-6324-1}
 	- request-tracker5 5.0.10+dfsg-1
 	- request-tracker4 <removed>
 	NOTE: https://github.com/bestpractical/rt/releases/tag/rt-5.0.10
 	NOTE: Fixed by: https://github.com/bestpractical/rt/commit/d7abb692a5ab7a7738a08be3debb92b1c6ab8215 (rt-5.0.10)
 CVE-2026-41076 (RT is an open source, enterprise-grade issue and ticket tracking syste ...)
-	{DSA-6324-1}
+	{DSA-6327-1 DSA-6324-1}
 	- request-tracker5 5.0.10+dfsg-1
 	- request-tracker4 <removed>
 	NOTE: https://github.com/bestpractical/rt/releases/tag/rt-5.0.10
 	NOTE: Fixed by: https://github.com/bestpractical/rt/commit/c8120898d92adf1adae6fce11e0816d08afb395f (rt-5.0.10)
 CVE-2026-41075 (RT is an open source, enterprise-grade issue and ticket tracking syste ...)
-	{DSA-6324-1}
+	{DSA-6327-1 DSA-6324-1}
 	- request-tracker5 5.0.10+dfsg-1
 	- request-tracker4 <removed>
 	NOTE: https://github.com/bestpractical/rt/releases/tag/rt-5.0.10
 	NOTE: Fixed by: https://github.com/bestpractical/rt/commit/9ed06dadc29a75e17b25017f929edeff62d224bc (rt-5.0.10)
 CVE-2026-44231
-	{DSA-6324-1}
+	{DSA-6327-1 DSA-6324-1}
 	- request-tracker5 5.0.10+dfsg-1
 	- request-tracker4 <removed>
 	NOTE: https://github.com/bestpractical/rt/releases/tag/rt-5.0.10
@@ -43267,6 +43357,7 @@ CVE-2026-4315 (A Cross-Site Request Forgery (CSRF) vulnerability in the WatchGua
 CVE-2026-4266 (An Insecure Deserialization vulnerability in WatchGuard Fireware OS al ...)
 	NOT-FOR-US: WatchGuard
 CVE-2026-4046 (The iconv() function in the GNU C Library versions 2.43 and earlier ma ...)
+	{DLA-4621-1}
 	- glibc 2.42-15 (bug #1132499)
 	[trixie] - glibc 2.41-12+deb13u3
 	[bookworm] - glibc 2.36-9+deb12u14
@@ -75313,6 +75404,7 @@ CVE-2025-12985 (IBM Licensing Operator incorrectly assigns privileges to securit
 CVE-2025-11743 (A denial-of-service security issue in the affected product. The securi ...)
 	NOT-FOR-US: Rockwell Automation
 CVE-2025-15281 (Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the ...)
+	{DLA-4621-1}
 	- glibc 2.42-11 (bug #1126266)
 	[trixie] - glibc 2.41-12+deb13u2
 	[bookworm] - glibc 2.36-9+deb12u14
@@ -76197,6 +76289,7 @@ CVE-2026-0939 (The Rede Ita\xfa for WooCommerce plugin for WordPress is vulnerab
 CVE-2026-0916 (The Related Posts by Taxonomy plugin for WordPress is vulnerable to St ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-0915 (Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf ...)
+	{DLA-4621-1}
 	- glibc 2.42-8 (bug #1125748)
 	[trixie] - glibc 2.41-12+deb13u2
 	[bookworm] - glibc 2.36-9+deb12u14
@@ -76815,6 +76908,7 @@ CVE-2026-0959 (IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.2
 	NOTE: Fixed by: https://gitlab.com/wireshark/wireshark/-/commit/4b48ee36f1829d6d3d009bf9871af523ce8e3ace
 	NOTE: Introduced by: https://gitlab.com/wireshark/wireshark/-/commit/23bc2d48bb8267eac471091d03b633cbab37c973 (v4.1.0)
 CVE-2026-0861 (Passing too large an alignment to the memalign suite of functions (mem ...)
+	{DLA-4621-1}
 	- glibc 2.42-8 (bug #1125678)
 	[trixie] - glibc 2.41-12+deb13u2
 	[bookworm] - glibc 2.36-9+deb12u14
@@ -140862,6 +140956,7 @@ CVE-2025-8069 (During the AWS Client VPN client installation on Windows devices,
 CVE-2025-8060 (A vulnerability has been found in Tenda AC23 16.03.07.52 and classifie ...)
 	NOT-FOR-US: Tenda
 CVE-2025-8058 (The regcomp function in the GNU C library version from 2.4 to 2.41 is  ...)
+	{DLA-4621-1}
 	- glibc 2.41-11 (bug #1109803)
 	[bookworm] - glibc 2.36-9+deb12u13
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=33185



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b8d2031e0c65f1e98f604209111978e982d8192

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b8d2031e0c65f1e98f604209111978e982d8192
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260608/d53918c8/attachment.htm>

More information about the debian-security-tracker-commits mailing list