[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Jun 8 20:13:53 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
263cd956 by security tracker role at 2026-06-08T19:13:47+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,207 +1,456 @@
-CVE-2026-46313 [media: intel/ipu6: fix error pointer dereference]
+CVE-2026-9549 (Stored cross-site scripting in the service discovery active check outp ...)
+ TODO: check
+CVE-2026-9506 (This vulnerability exists in Bagisto due to improper validation of use ...)
+ TODO: check
+CVE-2026-8913 (A command Injection vulnerability exists in the WireGuard client confi ...)
+ TODO: check
+CVE-2026-8833 (Improper neutralization of HTML-encoded characters in the URL validati ...)
+ TODO: check
+CVE-2026-8078 (Stored cross-site scripting in the global settings change log in Check ...)
+ TODO: check
+CVE-2026-7765 (Incorrect authorization in the User Messages dashboard widget in Check ...)
+ TODO: check
+CVE-2026-7186 (Stored cross-site scripting in the URL dashboard widget in Checkmk <2. ...)
+ TODO: check
+CVE-2026-52778 (YesWiki is a wiki system written in PHP. Prior to version 4.6.6, an un ...)
+ TODO: check
+CVE-2026-50752 (A weakness in the certificate validation logic of the deprecated IKEv1 ...)
+ TODO: check
+CVE-2026-50751 (A logic flow weakness in Remote Access and Mobile Access certificate v ...)
+ TODO: check
+CVE-2026-49756 (Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerabi ...)
+ TODO: check
+CVE-2026-49755 (Improper Handling of Highly Compressed Data (Data Amplification) vulne ...)
+ TODO: check
+CVE-2026-49235 (When Routinator encounters a file via RRDP using a specifically crafte ...)
+ TODO: check
+CVE-2026-49234 (When sending a specifically crafted non-UTF-8 string as select-asn que ...)
+ TODO: check
+CVE-2026-49233 (Routinator does not properly check the module component of rsync URIs, ...)
+ TODO: check
+CVE-2026-49232 (Routinator exits on any error when accepting incoming HTTP or RTR conn ...)
+ TODO: check
+CVE-2026-48913 (Use After Free vulnerability in Apache HTTP Server module mod_http2 wh ...)
+ TODO: check
+CVE-2026-48507 (Snipe-IT is an IT asset/license management system. A vulnerability in ...)
+ TODO: check
+CVE-2026-48488 (phpMyFAQ is an open source FAQ web application. Prior to version 4.1.4 ...)
+ TODO: check
+CVE-2026-46657 (Bludit is a content management system. Versions prior to 3.22.0 have a ...)
+ TODO: check
+CVE-2026-46656 (Bludit is a content management system. Versions prior to 3.22.0 have a ...)
+ TODO: check
+CVE-2026-46490 (samlify is a Node.js library for SAML single sign-on. Prior to version ...)
+ TODO: check
+CVE-2026-46486 (MVT (Mobile Verification Toolkit) helps with conducting forensics of m ...)
+ TODO: check
+CVE-2026-46481 (OpenMetadata is a unified metadata platform. Prior to version 1.12.4, ...)
+ TODO: check
+CVE-2026-46480 (Flowise is a drag & drop user interface to build a customized large la ...)
+ TODO: check
+CVE-2026-46479 (Flowise is a drag & drop user interface to build a customized large la ...)
+ TODO: check
+CVE-2026-46478 (Flowise is a drag & drop user interface to build a customized large la ...)
+ TODO: check
+CVE-2026-46477 (Flowise is a drag & drop user interface to build a customized large la ...)
+ TODO: check
+CVE-2026-46476 (Flowise is a drag & drop user interface to build a customized large la ...)
+ TODO: check
+CVE-2026-46475 (Flowise is a drag & drop user interface to build a customized large la ...)
+ TODO: check
+CVE-2026-46444 (Flowise is a drag & drop user interface to build a customized large la ...)
+ TODO: check
+CVE-2026-46443 (Flowise is a drag & drop user interface to build a customized large la ...)
+ TODO: check
+CVE-2026-46442 (Flowise is a drag & drop user interface to build a customized large la ...)
+ TODO: check
+CVE-2026-46441 (Flowise is a drag & drop user interface to build a customized large la ...)
+ TODO: check
+CVE-2026-46440 (Flowise is a drag & drop user interface to build a customized large la ...)
+ TODO: check
+CVE-2026-45581 (fabric-chaincode-java is a Java based implementation of Hyperledger Fa ...)
+ TODO: check
+CVE-2026-44631 (Buffer Underwrite vulnerability in Apache HTTP Server on crafted regul ...)
+ TODO: check
+CVE-2026-44186 (Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability i ...)
+ TODO: check
+CVE-2026-44185 (Buffer Over-read vulnerability in Apache HTTP Server via outbound OCSP ...)
+ TODO: check
+CVE-2026-44119 (Improper Privilege Management vulnerability in Apache HTTP Server 2.4. ...)
+ TODO: check
+CVE-2026-43974 (Unexpected Status Code or Return Value vulnerability in ninenines gun ...)
+ TODO: check
+CVE-2026-43973 (Uncontrolled Resource Consumption vulnerability in ninenines gun (gun_ ...)
+ TODO: check
+CVE-2026-43972 (Origin Validation Error vulnerability in ninenines gun (gun_http2 modu ...)
+ TODO: check
+CVE-2026-43966 (Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Reque ...)
+ TODO: check
+CVE-2026-43951 (Out-of-bounds Read vulnerability in Apache HTTP Server with mod_header ...)
+ TODO: check
+CVE-2026-42863 (Flowise is a drag & drop user interface to build a customized large la ...)
+ TODO: check
+CVE-2026-42862 (Flowise is a drag & drop user interface to build a customized large la ...)
+ TODO: check
+CVE-2026-42861 (Flowise is a drag & drop user interface to build a customized large la ...)
+ TODO: check
+CVE-2026-42536 (Heap-based Buffer Overflow vulnerability in Apache HTTP Server withmod ...)
+ TODO: check
+CVE-2026-42535 (A path handling issue in mod_dav_fs in Apache 2.4.67 and earlierallows ...)
+ TODO: check
+CVE-2026-41724 (VMware Cloud Foundation Operations contains multiple stored cross-site ...)
+ TODO: check
+CVE-2026-41723 (VMware Cloud Foundation Operations contains multiple stored cross-site ...)
+ TODO: check
+CVE-2026-41722 (VMware Cloud Foundation Operations contains multiple stored cross-site ...)
+ TODO: check
+CVE-2026-41448 (AdGuard Home, when started with the --glinet flag, contains an authent ...)
+ TODO: check
+CVE-2026-3011 (The Recipe Card Blocks Lite plugin for WordPress is vulnerable to Stor ...)
+ TODO: check
+CVE-2026-39910 (STACKIT IaaS API contains a missing authorization check vulnerability ...)
+ TODO: check
+CVE-2026-39908 (OpenBullet2 through version 0.3.2 on Windows contains a credential dis ...)
+ TODO: check
+CVE-2026-36789 (Shenzhen Tenda Technology Co., Ltd Tenda AC1206 v15.03.06.23 was disco ...)
+ TODO: check
+CVE-2026-36786 (Shenzhen Tenda Technology Co., Ltd Tenda FH451 V1.0.0.9 was discovered ...)
+ TODO: check
+CVE-2026-34356 (Heap-based Buffer Overflow vulnerability in Apache HTTP Server with ma ...)
+ TODO: check
+CVE-2026-34355 (A buffer overflow in mod_proxy_html in Apache HTTP Server 2.4.67 and e ...)
+ TODO: check
+CVE-2026-34194 (Software installed and run as a non-privileged user may conduct improp ...)
+ TODO: check
+CVE-2026-29170 (A cross-site scripting vulnerability exists in mod_proxy_ftp's HTML di ...)
+ TODO: check
+CVE-2026-29167 (Use After Free vulnerability in Apache HTTP Server with mod_ldap in pe ...)
+ TODO: check
+CVE-2026-25856 (OpenBullet2 through version 0.3.2 contains an authenticated remote cod ...)
+ TODO: check
+CVE-2026-25855 (OpenBullet2 through version 0.3.2 contains a remote code execution vul ...)
+ TODO: check
+CVE-2026-25559 (OpenBullet2 through version 0.3.2 contains a path traversal vulnerabil ...)
+ TODO: check
+CVE-2026-25558 (QloApps through 1.7.0 contains a stored cross-site scripting vulnerabi ...)
+ TODO: check
+CVE-2026-25555 (OpenBullet2 through version 0.3.2 contains an authentication bypass vu ...)
+ TODO: check
+CVE-2026-22164 (Software installed and run as a non-privileged user may conduct improp ...)
+ TODO: check
+CVE-2026-11611 (A flaw was found in 389 Directory Server. The Content Synchronization ...)
+ TODO: check
+CVE-2026-11577 (A flaw was found in Keycloak. A limited administrator can exploit an i ...)
+ TODO: check
+CVE-2026-11569 (A flaw was found in Quay. The filedrop endpoint accepts any mime type ...)
+ TODO: check
+CVE-2026-11559 (A vulnerability was detected in CodeAstro Payroll System 1.0. This aff ...)
+ TODO: check
+CVE-2026-11558 (A security vulnerability has been detected in CodeAstro Payroll System ...)
+ TODO: check
+CVE-2026-11557 (A weakness has been identified in Tenda F451 1.0.0.7/1.0.0.9. The affe ...)
+ TODO: check
+CVE-2026-11556 (A security flaw has been discovered in Tenda F451 1.0.0.7/1.0.0.9. Imp ...)
+ TODO: check
+CVE-2026-11555 (A vulnerability was identified in D-Link DGS-1100-08PD 1.00.006. This ...)
+ TODO: check
+CVE-2026-11554 (A vulnerability was determined in TOTOLINK CP450 4.1.0cu.747. This vul ...)
+ TODO: check
+CVE-2026-11553 (A vulnerability was found in Tenda HG7HG9 and HG10 300001138_en_xpon. ...)
+ TODO: check
+CVE-2026-11552 (A vulnerability has been found in SourceCodester Onlne Examination & L ...)
+ TODO: check
+CVE-2026-11534 (A vulnerability was detected in imvks786 student_management_system up ...)
+ TODO: check
+CVE-2026-11533 (A security vulnerability has been detected in imvks786 student_managem ...)
+ TODO: check
+CVE-2026-11532 (A weakness has been identified in imvks786 student_management_system u ...)
+ TODO: check
+CVE-2026-11531 (A security flaw has been discovered in imvks786 student_management_sys ...)
+ TODO: check
+CVE-2026-11530 (A vulnerability was identified in imvks786 student_management_system u ...)
+ TODO: check
+CVE-2026-11529 (A vulnerability was determined in designcomputer mysql-mcp-server up t ...)
+ TODO: check
+CVE-2026-11528 (A vulnerability was found in Tenda AC18 15.03.05.05. The affected elem ...)
+ TODO: check
+CVE-2026-11524 (A vulnerability has been found in Tenda W20E 15.11.0.6. Impacted is th ...)
+ TODO: check
+CVE-2026-11523 (A flaw has been found in Tenda W20E 15.11.0.6. This issue affects the ...)
+ TODO: check
+CVE-2026-11522 (A vulnerability was detected in Tenda W20E 15.11.0.6. This vulnerabili ...)
+ TODO: check
+CVE-2026-11521 (A security vulnerability has been detected in Mohammed-eid35 bank-mana ...)
+ TODO: check
+CVE-2026-11520 (A weakness has been identified in SourceCodester Inventory System 1.0. ...)
+ TODO: check
+CVE-2026-11519 (A security flaw has been discovered in SourceCodester Inventory System ...)
+ TODO: check
+CVE-2026-11518 (A vulnerability was identified in SourceCodester Inventory System 1.0. ...)
+ TODO: check
+CVE-2026-11517 (A vulnerability was determined in UTT HiPER 2610G up to 3.0.0-171107. ...)
+ TODO: check
+CVE-2026-11516 (A vulnerability was found in UTT HiPER 2610G up to 3.0.0-171107. This ...)
+ TODO: check
+CVE-2026-11515 (A vulnerability has been found in SourceCodester Barangay Resident Pro ...)
+ TODO: check
+CVE-2026-11514 (A flaw has been found in itsourcecode Hospital Management System 1.0. ...)
+ TODO: check
+CVE-2026-11513 (A vulnerability was detected in itsourcecode Hospital Management Syste ...)
+ TODO: check
+CVE-2026-11512 (A security vulnerability has been detected in itsourcecode Hospital Ma ...)
+ TODO: check
+CVE-2026-11511 (A weakness has been identified in Bolt CMS up to 3.7.5. This vulnerabi ...)
+ TODO: check
+CVE-2026-11510 (A security flaw has been discovered in CodeAstro Leave Management Syst ...)
+ TODO: check
+CVE-2026-11509 (A vulnerability was identified in CodeAstro Leave Management System 1. ...)
+ TODO: check
+CVE-2026-11508 (A vulnerability was determined in CodeAstro Leave Management System 1. ...)
+ TODO: check
+CVE-2026-11507 (A vulnerability was found in CodeAstro Leave Management System 1.0. Af ...)
+ TODO: check
+CVE-2026-11506 (A vulnerability has been found in CodeAstro Leave Management System 1. ...)
+ TODO: check
+CVE-2026-11505 (A flaw has been found in GL.iNet A1300, AX1800, AXT1800, MT2500, MT300 ...)
+ TODO: check
+CVE-2026-11504 (A vulnerability was detected in Tenda CX12L 16.03.53.12. The impacted ...)
+ TODO: check
+CVE-2026-11503 (A security vulnerability has been detected in Tenda CX12L 16.03.53.12. ...)
+ TODO: check
+CVE-2026-11502 (A weakness has been identified in JeecgBoot up to 3.9.2. Impacted is t ...)
+ TODO: check
+CVE-2026-11501 (A security flaw has been discovered in SourceCodester Hospitals Patien ...)
+ TODO: check
+CVE-2026-11500 (A vulnerability was identified in Weaviate up to 1.37.7. This vulnerab ...)
+ TODO: check
+CVE-2026-11499 (A vulnerability was determined in Tenda HG7HG9 and HG10 300001138_en_x ...)
+ TODO: check
+CVE-2026-11498 (A vulnerability was found in Tenda HG7HG9 and HG10 300001138_en_xpon. ...)
+ TODO: check
+CVE-2026-11497 (A vulnerability has been found in D-Link DCS-5615 1.01.00. Affected by ...)
+ TODO: check
+CVE-2026-11393 (Improper neutralization of triple-quote characters during Python code ...)
+ TODO: check
+CVE-2026-10787 (Missing authorization in the deleted user groups API in Devolutions Se ...)
+ TODO: check
+CVE-2026-10786 (Improper access control in the ticketing integration settings in Devol ...)
+ TODO: check
+CVE-2026-10544 (Improper neutralization of special elements in the built-in PAM provid ...)
+ TODO: check
+CVE-2024-56123
+ REJECTED
+CVE-2024-56122
+ REJECTED
+CVE-2024-56121
+ REJECTED
+CVE-2024-56120
+ REJECTED
+CVE-2026-46313 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 7.0.9-1
[trixie] - linux 6.12.90-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/8dd088b8b106f7b119664f965b691785998edcfb (7.1-rc1)
-CVE-2026-46310 [media: renesas: vsp1: Fix NULL pointer deref on module unload]
+CVE-2026-46310 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 7.0.9-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/58b1e9664d8f74d55d8411cc7a7b275a76a6f24f (7.1-rc1)
-CVE-2026-46309 [drm/xe/uapi: Reject coh_none PAT index for CPU cached memory in madvise]
+CVE-2026-46309 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 7.0.9-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/4e5591c2fc1b30f4ea5e2eab4c3a695acc404e39 (7.1-rc2)
-CVE-2026-46314 [drm/v3d: Reject empty multisync extension to prevent infinite loop]
+CVE-2026-46314 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 7.0.9-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/fb44d589bf3148e13452185a6e772a7efbf2d684 (7.1-rc1)
-CVE-2026-46312 [media: videobuf2: Set vma_flags in vb2_dma_sg_mmap]
+CVE-2026-46312 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 7.0.9-1
[trixie] - linux 6.12.90-1
NOTE: https://git.kernel.org/linus/7254b31a13aaa0c2c0f9ffbc335b718656117ff4 (7.1-rc1)
-CVE-2026-46311 [drm/amdgpu/userq: fix access to stale wptr mapping]
+CVE-2026-46311 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 7.0.9-1
NOTE: https://git.kernel.org/linus/6da7b1242da4455b11c24ce667d1cab1a348c8ea (7.1-rc3)
-CVE-2026-46308 [pmdomain: mediatek: fix use-after-free in scpsys_get_bus_protection_legacy()]
+CVE-2026-46308 (In the Linux kernel, the following vulnerability has been resolved: p ...)
- linux 7.0.7-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/ec1fcddb3117d9452210e838fd37389ee61e10e8 (7.1-rc3)
-CVE-2026-46305 [staging: rtl8723bs: os_dep: avoid NULL pointer dereference in rtw_cbuf_alloc]
+CVE-2026-46305 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 7.0.7-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/bc851db06045a40c18233dd76ef0562d7f8bb6db (7.1-rc3)
-CVE-2026-46297 [net: libwx: use request_irq for VF misc interrupt]
+CVE-2026-46297 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 7.0.7-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/7a33345153eeeda195c55f15be27074e4c3b5109 (7.1-rc3)
-CVE-2026-46295 [KVM: x86: Do IRR scan in __kvm_apic_update_irr even if PIR is empty]
+CVE-2026-46295 (In the Linux kernel, the following vulnerability has been resolved: K ...)
- linux 7.0.7-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/33fd0ccd2590b470b65adcca288615ad3b5e3e06 (7.1-rc3)
-CVE-2026-46290 [x86/efi: Fix graceful fault handling after FPU softirq changes]
+CVE-2026-46290 (In the Linux kernel, the following vulnerability has been resolved: x ...)
- linux 7.0.7-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/088f65e206087bf903743bd18417261d7a4c9644 (7.1-rc3)
-CVE-2026-46289 [lib/scatterlist: fix length calculations in extract_kvec_to_sg]
+CVE-2026-46289 (In the Linux kernel, the following vulnerability has been resolved: l ...)
- linux 7.0.7-1
[trixie] - linux 6.12.88-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/07b7d66e65d9cfe6b9c2c34aa22cfcaac37a5c45 (7.1-rc1)
-CVE-2026-46307 [wifi: ath5k: do not access array OOB]
+CVE-2026-46307 (In the Linux kernel, the following vulnerability has been resolved: w ...)
- linux 7.0.7-1
[trixie] - linux 6.12.88-1
NOTE: https://git.kernel.org/linus/d748603f12baff112caa3ab7d39f50100f010dbd (7.1-rc3)
-CVE-2026-46306 [flow_dissector: do not dissect PPPoE PFC frames]
+CVE-2026-46306 (In the Linux kernel, the following vulnerability has been resolved: f ...)
- linux 7.0.7-1
[trixie] - linux 6.12.88-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/d6c19b31a3c1d519fabdcf0aa239e6b6109b9473 (7.1-rc1)
-CVE-2026-46304 [nvmet: avoid recursive nvmet-wq flush in nvmet_ctrl_free]
+CVE-2026-46304 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 7.0.7-1
[trixie] - linux 6.12.88-1
NOTE: https://git.kernel.org/linus/aade8abd8b868b6ffa9697aadaea28ec7f65bee6 (7.1-rc2)
-CVE-2026-46303 [isofs: validate Rock Ridge CE continuation extent against volume size]
+CVE-2026-46303 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 7.0.7-1
[trixie] - linux 6.12.88-1
NOTE: https://git.kernel.org/linus/a36d990f591320e9dd379ab30063ebfe91d47e1f (7.1-rc2)
-CVE-2026-46302 [selinux: allow multiple opens of /sys/fs/selinux/policy]
+CVE-2026-46302 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 7.0.7-1
NOTE: https://git.kernel.org/linus/a02cd6805562305f936e807da83e253b719dd965 (7.1-rc3)
-CVE-2026-46301 [spi: topcliff-pch: fix use-after-free on unbind]
+CVE-2026-46301 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 7.0.7-1
[trixie] - linux 6.12.88-1
NOTE: https://git.kernel.org/linus/9d72732fe70c11424bc90ed466c7ccfa58b42a9a (7.1-rc1)
-CVE-2026-46299 [hfsplus: fix held lock freed on hfsplus_fill_super()]
+CVE-2026-46299 (In the Linux kernel, the following vulnerability has been resolved: h ...)
- linux 7.0.7-1
[trixie] - linux 6.12.88-1
NOTE: https://git.kernel.org/linus/90c500e4fd83fa33c09bc7ee23b6d9cc487ac733 (7.1-rc1)
-CVE-2026-46298 [pseries/papr-hvpipe: Fix race with interrupt handler]
+CVE-2026-46298 (In the Linux kernel, the following vulnerability has been resolved: p ...)
- linux 7.0.7-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/7a4f0846ee6cc8cf44ae0046ed42e3259d1dd45b (7.1-rc3)
-CVE-2026-46296 [spi: s3c64xx: fix NULL-deref on driver unbind]
+CVE-2026-46296 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 7.0.7-1
[trixie] - linux 6.12.88-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/45daacbead8a009844bd5dba6cfa731332184d17 (7.1-rc1)
-CVE-2026-46294 [dm: fix a buffer overflow in ioctl processing]
+CVE-2026-46294 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 7.0.7-1
[trixie] - linux 6.12.88-1
NOTE: https://git.kernel.org/linus/2fa49cc884f6496a915c35621ba4da35649bf159 (7.1-rc1)
-CVE-2026-46293 [clk: microchip: mpfs-ccc: fix out of bounds access during output registration]
+CVE-2026-46293 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux 7.0.7-1
[trixie] - linux 6.12.88-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/2f7ae8ab6aa73daaf080d5332110357c29df9c36 (7.1-rc1)
-CVE-2026-46292 [pmdomain: core: Fix detach procedure for virtual devices in genpd]
+CVE-2026-46292 (In the Linux kernel, the following vulnerability has been resolved: p ...)
- linux 7.0.7-1
[trixie] - linux 6.12.88-1
NOTE: https://git.kernel.org/linus/26735dfdd8930d9ef1fa92e590a9bf77726efdf6 (7.1-rc3)
-CVE-2026-46291 [crypto: caam - guard HMAC key hex dumps in hash_digest_key]
+CVE-2026-46291 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux 7.0.7-1
[trixie] - linux 6.12.88-1
NOTE: https://git.kernel.org/linus/177730a273b18e195263ed953853273e901b5064 (7.1-rc1)
-CVE-2026-46288 [of: unittest: fix use-after-free in of_unittest_changeset()]
+CVE-2026-46288 (In the Linux kernel, the following vulnerability has been resolved: o ...)
- linux 7.0.4-1
[trixie] - linux 6.12.86-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/faecdd423c27f0d6090156a435ba9dbbac0eaddb (7.1-rc1)
-CVE-2026-46287 [net: txgbe: fix RTNL assertion warning when remove module]
+CVE-2026-46287 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 7.0.4-1
[trixie] - linux 6.12.88-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/e159f05e12cc1111a3103b99375ddf0dfd0e7d63 (7.1-rc1)
-CVE-2026-46284 [mm/hugetlb: fix early boot crash on parameters without '=' separator]
+CVE-2026-46284 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 7.0.4-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/c45b354911d01565156e38d7f6bc07edb51fc34c (7.1-rc1)
-CVE-2026-46283 [tpm: Use kfree_sensitive() to free auth session in tpm_dev_release()]
+CVE-2026-46283 (In the Linux kernel, the following vulnerability has been resolved: t ...)
- linux 7.0.4-1
[trixie] - linux 6.12.86-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/c424d2664f08c77f08b4580b5f0cbaabf7c229b2 (7.1-rc1)
-CVE-2026-46281 [vmalloc: fix buffer overflow in vrealloc_node_align()]
+CVE-2026-46281 (In the Linux kernel, the following vulnerability has been resolved: v ...)
- linux 7.0.4-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/82d1f01292d3f09bf063f829f8ab8de12b4280a1 (7.1-rc2)
-CVE-2026-46278 [drm/imagination: Fix segfault when updating ftrace mask]
+CVE-2026-46278 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 7.0.4-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/5dfd429591f8d7185bf63a08b5c30863fb605611 (7.1-rc2)
-CVE-2026-46277 [mm/zone_device: do not touch device folio after calling ->folio_free()]
+CVE-2026-46277 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 7.0.4-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/39928984956037cabd304321cb8f342e47421db5 (7.1-rc1)
-CVE-2026-46286 [leds: qcom-lpg: Check for array overflow when selecting the high resolution]
+CVE-2026-46286 (In the Linux kernel, the following vulnerability has been resolved: l ...)
- linux 7.0.4-1
[trixie] - linux 6.12.86-1
NOTE: https://git.kernel.org/linus/d45963a93c1495e9f1338fde91d0ebba8fd22474 (7.1-rc1)
-CVE-2026-46285 [mtd: docg3: fix use-after-free in docg3_release()]
+CVE-2026-46285 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 7.0.4-1
[trixie] - linux 6.12.86-1
NOTE: https://git.kernel.org/linus/ca19808bc6fac7e29420d8508df569b346b3e339 (7.1-rc1)
-CVE-2026-46282 [iio: frequency: admv1013: fix NULL pointer dereference on str]
+CVE-2026-46282 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 7.0.4-1
[trixie] - linux 6.12.86-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/aac0a51b16700b403a55b67ba495de021db78763 (7.1-rc1)
-CVE-2026-46280 [lib: test_hmm: evict device pages on file close to avoid use-after-free]
+CVE-2026-46280 (In the Linux kernel, the following vulnerability has been resolved: l ...)
- linux 7.0.4-1
[trixie] - linux 6.12.86-1
NOTE: https://git.kernel.org/linus/744dd97752ef1076a8d8672bb0d8aa2c7abc1144 (7.1-rc1)
-CVE-2026-46279 [mm/alloc_tag: clear codetag for pages allocated before page_ext initialization]
+CVE-2026-46279 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 7.0.4-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/6b1842775a460245e97d36d3a67d0cfba7c4ff79 (7.1-rc1)
-CVE-2026-46276 [drm/amdgpu: fix zero-size GDS range init on RDNA4]
+CVE-2026-46276 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 7.0.4-1
[trixie] - linux 6.12.86-1
NOTE: https://git.kernel.org/linus/095a8b0ad3c3b5cdc3850d961adb8a8f735220bb (7.1-rc2)
-CVE-2020-37248
+CVE-2020-37248 (OfflineIMAP before 8.0.3 trusts the server with their STARTTLS capabil ...)
- offlineimap3 <unfixed> (bug #1139329)
NOTE: https://github.com/OfflineIMAP/offlineimap3/issues/222
NOTE: https://github.com/OfflineIMAP/offlineimap/issues/669
NOTE: Fixed by: https://github.com/OfflineIMAP/offlineimap3/commit/46505c53ef995455d66c685f9ec3ff6ea93dbb74 (v8.0.3)
-CVE-2026-46275 [Bluetooth: hci_uart: fix UAFs and race conditions in close and init paths]
+CVE-2026-46275 (In the Linux kernel, the following vulnerability has been resolved: B ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/c1bb9336ae6b54a5f6a353c4bd4ed9a4307e429b (7.1-rc5)
-CVE-2026-46274 [io-wq: check that the predecessor is hashed in io_wq_remove_pending()]
+CVE-2026-46274 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 7.0.10-1
NOTE: https://git.kernel.org/linus/d6a2d7b04b5a093021a7a0e2e69e9d5237dfa8cc (7.1-rc4)
-CVE-2025-71315 [drm/vkms: Convert to DRM's vblank timer]
+CVE-2025-71315 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.19.6-1
NOTE: https://git.kernel.org/linus/02e2681ffe1addde1fc8c35d05657b16bfa79613 (6.19-rc1)
CVE-2026-47895
+ {DSA-6330-1}
- strongswan 6.0.7-1
NOTE: https://www.strongswan.org/blog/2026/06/08/strongswan-vulnerability-(cve-2026-47895).html
CVE-2026-48977
@@ -578,7 +827,8 @@ CVE-2026-50589 (In OpenStack Ironic 32 before 37.0.0, an unauthenticated malicio
[bookworm] - ironic <not-affected> (Vulnerable code not present, introduced in 32.x)
[bullseye] - ironic <not-affected> (Vulnerable code not present, introduced in 32.x)
NOTE: https://bugs.launchpad.net/ironic/+bug/2154288
-CVE-2026-50265 (A flaw was found in libinput. A local attacker with access to /dev/uin ...)
+CVE-2026-50265
+ REJECTED
NOTE: Duplicate assignment for CVE-2026-50292
TODO: clarifying with the involved CNAs which to keep
CVE-2026-50235 (Lyrion Music Server 9.2.0 contains a reflected cross-site scripting vu ...)
@@ -3721,7 +3971,7 @@ CVE-2026-XXXX [HTTP/2 Bomb denial of service]
[bookworm] - nginx 1.22.1-9+deb12u8
NOTE: https://blog.calif.io/p/codex-discovered-a-hidden-http2-bomb
NOTE: https://github.com/nginx/nginx/commit/365694160a85229a7cb006738de9260d49ff5fa2 (release-1.29.8)
-CVE-2026-49975
+CVE-2026-49975 (Memory Allocation with Excessive Size Value vulnerability in Apache HT ...)
{DSA-6323-1 DLA-4620-1}
- apache2 2.4.67-2 (bug #1138750)
NOTE: https://blog.calif.io/p/codex-discovered-a-hidden-http2-bomb
@@ -6987,7 +7237,7 @@ CVE-2026-44462 (Zed is a code editor. Prior to 0.229.0, Zed's terminal tool perm
CVE-2026-44461 (Zed is a code editor. Prior to 0.227.1, Zed builds SSH/WSL remote comm ...)
- zed-editor <itp> (bug #1076165)
CVE-2026-44394 (An issue was discovered in OpenStack Keystone before 29.0.2. The Keyst ...)
- {DLA-4611-1}
+ {DSA-6331-1 DLA-4611-1}
- keystone 2:29.0.1-2
NOTE: https://bugs.launchpad.net/keystone/+bug/2150379
NOTE: https://security.openstack.org/ossa/OSSA-2026-015.html
@@ -6998,17 +7248,17 @@ CVE-2026-43979 (Local Deep Research is an AI-powered research assistant for deep
CVE-2026-43898 (SandboxJS is a JavaScript sandboxing library. Prior to 0.9.6, sandbox- ...)
NOT-FOR-US: SandboxJS Node module
CVE-2026-43000 (An issue was discovered in OpenStack Keystone before 29.0.2. When comb ...)
- {DLA-4611-1}
+ {DSA-6331-1 DLA-4611-1}
- keystone 2:29.0.1-2
NOTE: https://bugs.launchpad.net/keystone/+bug/2148477
NOTE: https://security.openstack.org/ossa/OSSA-2026-015.html
CVE-2026-42999 (An issue was discovered in OpenStack Keystone before 29.0.2. The Keyst ...)
- {DLA-4611-1}
+ {DSA-6331-1 DLA-4611-1}
- keystone 2:29.0.1-2
NOTE: https://bugs.launchpad.net/keystone/+bug/2148398
NOTE: https://security.openstack.org/ossa/OSSA-2026-015.html
CVE-2026-42998 (An issue was discovered in OpenStack Keystone before 29.0.2. The Keyst ...)
- {DLA-4611-1}
+ {DSA-6331-1 DLA-4611-1}
- keystone 2:29.0.1-2
NOTE: https://bugs.launchpad.net/keystone/+bug/2148477
NOTE: https://security.openstack.org/ossa/OSSA-2026-015.html
@@ -10903,7 +11153,7 @@ CVE-2026-3012 (A flaw was found in Samba\u2019s certificate auto-enrollment Grou
{DSA-6297-1}
- samba 2:4.24.3+dfsg-1
NOTE: https://www.samba.org/samba/security/CVE-2026-3012.html
-CVE-2026-3238 [unauthenticated udp packet crashes AD DC nbt server]
+CVE-2026-3238 (A flaw was found in Samba\u2019s WINS server component when running as ...)
{DSA-6297-1}
- samba 2:4.24.3+dfsg-1
NOTE: https://www.samba.org/samba/security/CVE-2026-3238.html
@@ -17373,7 +17623,7 @@ CVE-2026-43892 (AntSword is a cross-platform website management toolkit. Prior t
CVE-2026-43891 (changedetection.io is a free open source web page change detection too ...)
NOT-FOR-US: changedetection.io
CVE-2026-43515 (Improper Authorization vulnerability when multiple method constraints ...)
- {DLA-4619-1}
+ {DSA-6329-1 DSA-6328-1 DLA-4619-1}
- tomcat11 11.0.22-1
- tomcat10 10.1.55-1
- tomcat9 9.0.70-2
@@ -17383,7 +17633,7 @@ CVE-2026-43515 (Improper Authorization vulnerability when multiple method constr
NOTE: Fixed by: https://github.com/apache/tomcat/commit/db919ff9912b4d61d1b702a1342b8bde39270031 (9.0.118)
NOTE: https://lists.apache.org/thread/746nxfxod0wsocxtmv8pb8nkgmwpc6bb
CVE-2026-43514 (Observable Timing Discrepancy vulnerabilitywhen comparing AJP secret i ...)
- {DLA-4619-1}
+ {DSA-6329-1 DSA-6328-1 DLA-4619-1}
- tomcat11 11.0.22-1
- tomcat10 10.1.55-1
- tomcat9 9.0.70-2
@@ -17393,7 +17643,7 @@ CVE-2026-43514 (Observable Timing Discrepancy vulnerabilitywhen comparing AJP se
NOTE: Fixed by: https://github.com/apache/tomcat/commit/933dcdbf2515972280002929e7e597dead2e9ffa (9.0.118)
NOTE: https://lists.apache.org/thread/2k654v5cq123npfsd1b2kk1y30owqb1m
CVE-2026-43513 (Improper Handling of Case Sensitivity vulnerability in LockOutRealm in ...)
- {DLA-4619-1}
+ {DSA-6329-1 DSA-6328-1 DLA-4619-1}
- tomcat11 11.0.22-1
- tomcat10 10.1.55-1
- tomcat9 9.0.70-2
@@ -17403,7 +17653,7 @@ CVE-2026-43513 (Improper Handling of Case Sensitivity vulnerability in LockOutRe
NOTE: Fixed by: https://github.com/apache/tomcat/commit/6dd75beb55bd42fc5f78e929596b25018cd17717 (9.0.118)
NOTE: https://lists.apache.org/thread/ytjcgldshj73lcnd1sh95od5hrghwogp
CVE-2026-43512 (DEPRECATED: Authentication Bypass Issues vulnerability in digest authe ...)
- {DLA-4619-1}
+ {DSA-6329-1 DSA-6328-1 DLA-4619-1}
- tomcat11 11.0.22-1
- tomcat10 10.1.55-1
- tomcat9 9.0.70-2
@@ -17443,7 +17693,7 @@ CVE-2026-42741 (Improper Neutralization of Special Elements used in an SQL Comma
CVE-2026-42541 (Kubewarden is a policy engine for Kubernetes. Prior to , An attacker w ...)
NOT-FOR-US: Kubewarden
CVE-2026-42498 (Exposure of HTTP Authentication Header to unexpected hosts during WebS ...)
- {DLA-4619-1}
+ {DSA-6329-1 DSA-6328-1 DLA-4619-1}
- tomcat11 11.0.22-1
- tomcat10 10.1.55-1
- tomcat9 9.0.70-2
@@ -17497,7 +17747,7 @@ CVE-2026-41551 (A vulnerability has been identified in ROS# (All versions < V2.2
CVE-2026-41513 (Horilla is an HR and CRM software. In 1.5.0, the notification endpoint ...)
NOT-FOR-US: Horilla
CVE-2026-41293 (Improper Input Validation vulnerability in Apache Tomcat. This issue ...)
- {DLA-4619-1}
+ {DSA-6329-1 DSA-6328-1 DLA-4619-1}
- tomcat11 11.0.22-1
- tomcat10 10.1.55-1
- tomcat9 9.0.70-2
@@ -17513,7 +17763,7 @@ CVE-2026-41293 (Improper Input Validation vulnerability in Apache Tomcat. This
NOTE: Fixed by: (9.0.118)
NOTE: https://lists.apache.org/thread/qwg0q16z7xkb2qrr853wdll5531mvl1r
CVE-2026-41284 (Allocation of Resources Without Limits or Throttling vulnerability in ...)
- {DLA-4619-1}
+ {DSA-6329-1 DSA-6328-1 DLA-4619-1}
- tomcat11 11.0.22-1
- tomcat10 10.1.55-1
- tomcat9 9.0.70-2
@@ -25155,7 +25405,7 @@ CVE-2026-43003 (An issue was discovered in OpenStack ironic-python-agent 1.0.0 t
- ironic-python-agent <unfixed> (bug #1135646)
NOTE: https://bugs.launchpad.net/ironic-python-agent/+bug/2148310
CVE-2026-43001 (An issue was discovered in OpenStack Keystone before 29.0.2. POST /v3/ ...)
- {DLA-4611-1}
+ {DSA-6331-1 DLA-4611-1}
- keystone 2:29.0.1-2 (bug #1135645)
NOTE: https://bugs.launchpad.net/keystone/+bug/2149775
NOTE: https://review.opendev.org/c/openstack/keystone/+/985804
@@ -37080,7 +37330,7 @@ CVE-2026-34734 (HDF5 is software for managing data. In 1.14.1-2 and earlier, a h
CVE-2026-34512 (OpenClaw before 2026.3.25 contains an improper access control vulnerab ...)
NOT-FOR-US: OpenClaw
CVE-2026-34500 (CLIENT_CERT authentication does not fail as expected for some scenario ...)
- {DLA-4619-1}
+ {DSA-6329-1 DSA-6328-1 DLA-4619-1}
- tomcat11 11.0.21-1 (bug #1133357)
- tomcat10 10.1.54-1 (bug #1133356)
- tomcat9 9.0.70-2
@@ -37090,7 +37340,7 @@ CVE-2026-34500 (CLIENT_CERT authentication does not fail as expected for some sc
NOTE: Fixed by: https://github.com/apache/tomcat/commit/ff589ab26e8250a2ca4286d986305318c033ff9f (9.0.117)
NOTE: https://www.openwall.com/lists/oss-security/2026/04/09/29
CVE-2026-34487 (Insertion of Sensitive Information into Log File vulnerability in the ...)
- {DLA-4619-1}
+ {DSA-6329-1 DSA-6328-1 DLA-4619-1}
- tomcat11 11.0.21-1 (bug #1133357)
- tomcat10 10.1.54-1 (bug #1133356)
- tomcat9 9.0.70-2
@@ -37107,7 +37357,7 @@ CVE-2026-34486 (Missing Encryption of Sensitive Data vulnerability in Apache Tom
NOTE: Fixed by: https://github.com/apache/tomcat/commit/55f3eb9148233054fccfdf761141c6894a050be1 (10.1.54)
NOTE: Fixed by: https://github.com/apache/tomcat/commit/776e12b3e2b0b4507b8a3b62c187ceb0b74bf418 (9.0.117)
CVE-2026-34483 (Improper Encoding or Escaping of Output vulnerability in the JsonAcces ...)
- {DLA-4619-1}
+ {DSA-6329-1 DSA-6328-1 DLA-4619-1}
- tomcat11 11.0.21-1 (bug #1133357)
- tomcat10 10.1.54-1 (bug #1133356)
- tomcat9 9.0.70-2
@@ -37159,7 +37409,7 @@ CVE-2026-33773 (An Incorrect Initialization of Resource vulnerability in the pac
CVE-2026-33771 (A Weak Password Requirements vulnerability in the password management ...)
NOT-FOR-US: Juniper
CVE-2026-32990 (Improper Input Validation vulnerability in Apache Tomcat due to an inc ...)
- {DLA-4619-1}
+ {DSA-6329-1 DSA-6328-1 DLA-4619-1}
- tomcat11 11.0.21-1 (bug #1133357)
- tomcat10 10.1.54-1 (bug #1133356)
- tomcat9 9.0.70-2
@@ -37175,7 +37425,7 @@ CVE-2026-2305 (The AddFunc Head & Footer Code plugin for WordPress is vulnerable
CVE-2026-29923 (The pstrip64.sys driver in EnTech Taiwan PowerStrip <=3.90.736 allows ...)
NOT-FOR-US: EnTech Taiwan PowerStrip
CVE-2026-29146 (Padding Oracle vulnerability in Apache Tomcat's EncryptInterceptor wit ...)
- {DLA-4619-1}
+ {DSA-6329-1 DSA-6328-1 DLA-4619-1}
- tomcat11 11.0.21-1 (bug #1133357)
- tomcat10 10.1.54-1 (bug #1133356)
- tomcat9 9.0.70-2
@@ -37190,7 +37440,7 @@ CVE-2026-29146 (Padding Oracle vulnerability in Apache Tomcat's EncryptIntercept
NOTE: https://github.com/apache/tomcat/commit/776e12b3e2b0b4507b8a3b62c187ceb0b74bf418 (9.0.117)
NOTE: https://www.openwall.com/lists/oss-security/2026/04/09/24
CVE-2026-29145 (CLIENT_CERT authentication does not fail as expected for some scenario ...)
- {DLA-4619-1}
+ {DSA-6329-1 DSA-6328-1 DLA-4619-1}
- tomcat11 11.0.21-1 (bug #1133357)
- tomcat10 10.1.54-1 (bug #1133356)
- tomcat9 9.0.70-2
@@ -37200,7 +37450,7 @@ CVE-2026-29145 (CLIENT_CERT authentication does not fail as expected for some sc
NOTE: Fixed by: https://github.com/apache/tomcat/commit/d1406df5ae0326f39f54c3f64ac30d8fca55cd5b (9.0.116)
NOTE: https://www.openwall.com/lists/oss-security/2026/04/09/23
CVE-2026-29129 (Configured cipher preference order not preserved vulnerability in Apac ...)
- {DLA-4619-1}
+ {DSA-6329-1 DSA-6328-1 DLA-4619-1}
- tomcat11 11.0.21-1 (bug #1133357)
- tomcat10 10.1.54-1 (bug #1133356)
- tomcat9 9.0.70-2
@@ -37212,7 +37462,7 @@ CVE-2026-29129 (Configured cipher preference order not preserved vulnerability i
CVE-2026-28704 (Emocheck insecurely loads Dynamic Link Libraries (DLLs). If a crafted ...)
NOT-FOR-US: Emocheck
CVE-2026-25854 (Occasional URL redirection to untrusted Site ('Open Redirect') vulnera ...)
- {DLA-4619-1}
+ {DSA-6329-1 DSA-6328-1 DLA-4619-1}
- tomcat11 11.0.21-1 (bug #1133357)
- tomcat10 10.1.54-1 (bug #1133356)
- tomcat9 9.0.70-2
@@ -37224,7 +37474,7 @@ CVE-2026-25854 (Occasional URL redirection to untrusted Site ('Open Redirect') v
CVE-2026-25203 (Samsung MagicINFO 9 Server Incorrect Default Permissions Local Privile ...)
NOT-FOR-US: Samsung
CVE-2026-24880 (Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response S ...)
- {DLA-4619-1}
+ {DSA-6329-1 DSA-6328-1 DLA-4619-1}
- tomcat11 11.0.21-1 (bug #1133357)
- tomcat10 10.1.54-1 (bug #1133356)
- tomcat9 9.0.70-2
@@ -48085,7 +48335,7 @@ CVE-2026-4745 (Improper Control of Generation of Code ('Code Injection') vulnera
NOT-FOR-US: perf-ninja
CVE-2026-4744 (Out-of-bounds Read vulnerability in rizonesoft Notepad3 (scintilla/oni ...)
NOT-FOR-US: rizonesoft Notepad3
-CVE-2026-47430
+CVE-2026-47430 (## Summary The iOS implementation of `cordova-plugin-inappbrowser` pa ...)
NOT-FOR-US: Cordova Plugin InAppBrowser (cordova-plugin-inappbrowser)
CVE-2026-4743 (NULL Pointer Dereference vulnerability in taurusxin ncmdump (src/utils ...)
NOT-FOR-US: taurusxin ncmdump
@@ -64410,7 +64660,7 @@ CVE-2026-26731 (TOTOLINK A3002RU V2.1.1-B20211108.1455 was discovered to contain
CVE-2026-25903 (Apache NiFi 1.1.0 through 2.7.2 are missing authorization when updatin ...)
NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-24734 (Improper Input Validation vulnerability in Apache Tomcat Native, Apach ...)
- {DSA-6120-1}
+ {DSA-6329-1 DSA-6120-1}
- tomcat11 11.0.18-1
- tomcat10 10.1.52-1
- tomcat9 9.0.70-2
@@ -70649,6 +70899,7 @@ CVE-2026-1760 (A flaw was found in SoupServer. This HTTP request smuggling vulne
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/issues/475
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libsoup/-/commit/6224df5a471e9040a99dd3dc2e91817a701b1bf6
CVE-2026-1757 (A flaw was identified in the interactive shell of the xmllint utility, ...)
+ {DLA-4622-1}
- libxml2 2.15.2+dfsg-0.1 (unimportant)
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/1009
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/160c8a43ba37dfb07ebe6446fbad9d0973d9279d
@@ -77013,6 +77264,7 @@ CVE-2026-20075 (A vulnerability in the web-based management interface of Cisco E
CVE-2026-20047 (A vulnerability in the web-based management interface of Cisco Identit ...)
NOT-FOR-US: Cisco
CVE-2026-0992 (A flaw was found in the libxml2 library. This uncontrolled resource co ...)
+ {DLA-4622-1}
- libxml2 2.15.2+dfsg-0.1 (bug #1125696)
[trixie] - libxml2 <no-dsa> (Minor issue)
[bookworm] - libxml2 <no-dsa> (Minor issue)
@@ -77024,6 +77276,7 @@ CVE-2026-0992 (A flaw was found in the libxml2 library. This uncontrolled resour
NOTE: Follow-up: https://gitlab.gnome.org/GNOME/libxml2/-/commit/096402c942e9d9a049f283eb4e6da431289900e1 (v2.15.2)
NOTE: Tests: https://gitlab.gnome.org/GNOME/libxml2/-/commit/f14c733327f163b49a632f03d05a58c119ed7e57 (v2.15.2)
CVE-2026-0990 (A flaw was found in libxml2, an XML parsing library. This uncontrolled ...)
+ {DLA-4622-1}
- libxml2 2.15.2+dfsg-0.1 (bug #1125695)
[trixie] - libxml2 <no-dsa> (Minor issue)
[bookworm] - libxml2 <no-dsa> (Minor issue)
@@ -77033,6 +77286,7 @@ CVE-2026-0990 (A flaw was found in libxml2, an XML parsing library. This uncontr
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/ac6f0fde1476c41f59ad0c68ada3394599ebf2ae (v2.15.2)
NOTE: Tests: https://gitlab.gnome.org/GNOME/libxml2/-/commit/f14c733327f163b49a632f03d05a58c119ed7e57 (v2.15.2)
CVE-2026-0989 (A flaw was identified in the RelaxNG parser of libxml2 related to how ...)
+ {DLA-4622-1}
- libxml2 2.15.2+dfsg-0.1 (bug #1125691)
[trixie] - libxml2 <no-dsa> (Minor issue)
[bookworm] - libxml2 <no-dsa> (Minor issue)
@@ -137119,6 +137373,7 @@ CVE-2025-8734
CVE-2025-8733
REJECTED
CVE-2025-8732 (A vulnerability was found in libxml2 up to 2.14.5. It has been declare ...)
+ {DLA-4622-1}
- libxml2 2.15.2+dfsg-0.1 (unimportant)
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/958
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/958#note_2505853
@@ -150041,6 +150296,7 @@ CVE-2025-5822 (Autel MaxiCharger AC Wallbox Commercial Technician API Incorrect
CVE-2025-5015 (A cross-site scripting vulnerability exists in the AccuWeather and Cus ...)
NOT-FOR-US: Parsons
CVE-2025-52999 (jackson-core contains core low-level incremental ("streaming") parser ...)
+ {DLA-4623-1}
- jackson-core 2.14.1-2 (bug #1108367)
NOTE: https://github.com/FasterXML/jackson-core/security/advisories/GHSA-h46c-h94j-95f3
NOTE: https://github.com/FasterXML/jackson-core/pull/943
@@ -156009,6 +156265,7 @@ CVE-2024-55585 (In the moPS App through 1.8.618, all users can access administra
CVE-2025-5814 (The Profiler \u2013 What Slowing Down Your WP plugin for WordPress is ...)
NOT-FOR-US: WordPress plugin
CVE-2025-49128 (Jackson-core contains core low-level incremental ("streaming") parser ...)
+ {DLA-4623-1}
- jackson-core 2.13.0-1
NOTE: https://github.com/FasterXML/jackson-core/security/advisories/GHSA-wf8f-6423-gfxg
NOTE: https://github.com/FasterXML/jackson-core/pull/652
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/263cd9568edb099b6ccf98e1db756f60b6da668a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/263cd9568edb099b6ccf98e1db756f60b6da668a
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260608/4694a824/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list