[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jun 10 08:13:10 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3876feea by security tracker role at 2026-06-10T07:13:04+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,323 @@
+CVE-2026-9754 (An authenticated user with the read role may read limited amounts of u ...)
+ TODO: check
+CVE-2026-9753 (The $_internalApplyOplogUpdate aggregation pipeline stage can be used ...)
+ TODO: check
+CVE-2026-9752 (An authorized user could trigger a server crash by running a query wit ...)
+ TODO: check
+CVE-2026-9751 (The ldapQueryPassword parameter, when set through the runtime setParam ...)
+ TODO: check
+CVE-2026-9750 (An authenticated user can cause a MongoDB server to crash or return in ...)
+ TODO: check
+CVE-2026-9749 (This issue can occur when running an aggregation pipeline that uses th ...)
+ TODO: check
+CVE-2026-9748 (The $_internalConvertBucketIndexStats stage used PauseExecution as a w ...)
+ TODO: check
+CVE-2026-9747 (Adding fromRouter:true and runtimeConstants.userRoles could cause aggr ...)
+ TODO: check
+CVE-2026-9746 (When using $changestreams and $_requestReshardingResumeToken with the ...)
+ TODO: check
+CVE-2026-9743 (In MongoDB Server 8.0, an aggregation stage can leave its _subPipeline ...)
+ TODO: check
+CVE-2026-9742 (When OIDC authentication is enabled in configuration, clients may set ...)
+ TODO: check
+CVE-2026-9741 (A bug in query analysis processing of the $vectorSearch aggregation st ...)
+ TODO: check
+CVE-2026-9740 (A vulnerability in MongoDB Server's BSON validation logic allows an un ...)
+ TODO: check
+CVE-2026-9735 (MongoDB server may log authentication parameters, including credential ...)
+ TODO: check
+CVE-2026-9067 (The Schema & Structured Data for WP & AMP WordPress plugin before 1.60 ...)
+ TODO: check
+CVE-2026-9060 (The Store Locator WordPress plugin before 1.6.6 does not sanitize and ...)
+ TODO: check
+CVE-2026-8071 (The Anti-Spam by CleanTalk. Spam protection WordPress plugin before 6. ...)
+ TODO: check
+CVE-2026-6445 (A flaw exists in FlashArray Purity where insufficient filtering of cer ...)
+ TODO: check
+CVE-2026-6444 (A flaw exists in the FlashArray Purity management interface where an a ...)
+ TODO: check
+CVE-2026-53675 (BuddyPress 14.4.0 contains an insecure direct object reference vulnera ...)
+ TODO: check
+CVE-2026-53674 (BuddyPress 14.4.0 contains a regular expression injection vulnerabilit ...)
+ TODO: check
+CVE-2026-53673 (BuddyPress 14.4.0 contains an insecure direct object reference vulnera ...)
+ TODO: check
+CVE-2026-48306 (Substance3D - Sampler versions 6.0.0 and earlier are affected by an ou ...)
+ TODO: check
+CVE-2026-48305 (Substance3D - Sampler versions 6.0.0 and earlier are affected by an ou ...)
+ TODO: check
+CVE-2026-48303 (Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier are ...)
+ TODO: check
+CVE-2026-48292 (Format Plugins versions 1.1.2 and earlier are affected by a Heap-based ...)
+ TODO: check
+CVE-2026-48291 (Format Plugins versions 1.1.2 and earlier are affected by a Heap-based ...)
+ TODO: check
+CVE-2026-47961 (Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are aff ...)
+ TODO: check
+CVE-2026-47960 (ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Imp ...)
+ TODO: check
+CVE-2026-47959 (Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are aff ...)
+ TODO: check
+CVE-2026-47955 (Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are aff ...)
+ TODO: check
+CVE-2026-47952 (Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are aff ...)
+ TODO: check
+CVE-2026-47938 (Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier are ...)
+ TODO: check
+CVE-2026-47937 (Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are aff ...)
+ TODO: check
+CVE-2026-47933 (ColdFusion versions 2023.19, 2025.8 and earlier are affected by a stor ...)
+ TODO: check
+CVE-2026-47932 (ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Imp ...)
+ TODO: check
+CVE-2026-47931 (ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Imp ...)
+ TODO: check
+CVE-2026-47930 (ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Imp ...)
+ TODO: check
+CVE-2026-47929 (ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Inc ...)
+ TODO: check
+CVE-2026-47928 (ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Imp ...)
+ TODO: check
+CVE-2026-47926 (Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are aff ...)
+ TODO: check
+CVE-2026-47925 (Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are aff ...)
+ TODO: check
+CVE-2026-47924 (Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are aff ...)
+ TODO: check
+CVE-2026-47923 (Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are aff ...)
+ TODO: check
+CVE-2026-47921 (Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are aff ...)
+ TODO: check
+CVE-2026-47920 (Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are aff ...)
+ TODO: check
+CVE-2026-47919 (Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are aff ...)
+ TODO: check
+CVE-2026-47918 (Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are aff ...)
+ TODO: check
+CVE-2026-47917 (Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are aff ...)
+ TODO: check
+CVE-2026-47916 (Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are aff ...)
+ TODO: check
+CVE-2026-47915 (Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are aff ...)
+ TODO: check
+CVE-2026-47914 (Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are aff ...)
+ TODO: check
+CVE-2026-47913 (Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are aff ...)
+ TODO: check
+CVE-2026-47912 (Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are aff ...)
+ TODO: check
+CVE-2026-47911 (Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are aff ...)
+ TODO: check
+CVE-2026-47910 (Dreamweaver Desktop versions 21.7 and earlier are affected by an Incor ...)
+ TODO: check
+CVE-2026-47909 (Dreamweaver Desktop versions 21.7 and earlier are affected by an Impro ...)
+ TODO: check
+CVE-2026-47908 (Dreamweaver Desktop versions 21.7 and earlier are affected by an Acces ...)
+ TODO: check
+CVE-2026-47907 (Dreamweaver Desktop versions 21.7 and earlier are affected by an Impro ...)
+ TODO: check
+CVE-2026-47906 (Dreamweaver Desktop versions 21.7 and earlier are affected by a Depend ...)
+ TODO: check
+CVE-2026-47905 (CAI Content Credentials versions c2pa-web at 0.7.1, c2pa-v0.80.1 and earl ...)
+ TODO: check
+CVE-2026-47904 (CAI Content Credentials versions c2pa-web at 0.7.1, c2pa-v0.80.1 and earl ...)
+ TODO: check
+CVE-2026-47903 (CAI Content Credentials versions c2pa-web at 0.7.1, c2pa-v0.80.1 and earl ...)
+ TODO: check
+CVE-2026-47902 (CAI Content Credentials versions c2pa-web at 0.7.1, c2pa-v0.80.1 and earl ...)
+ TODO: check
+CVE-2026-47838 (SubjectDnX509PrincipalExtractor does not correctly handle certain malf ...)
+ TODO: check
+CVE-2026-47106 (Ellucian Banner Self-Service before the April T2 release (2025-04-23) ...)
+ TODO: check
+CVE-2026-46546 (Frappe Learning Management System (LMS) is a learning system that help ...)
+ TODO: check
+CVE-2026-46545 (Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol ba ...)
+ TODO: check
+CVE-2026-46543 (Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol ba ...)
+ TODO: check
+CVE-2026-46542 (Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol ba ...)
+ TODO: check
+CVE-2026-46541 (Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol ba ...)
+ TODO: check
+CVE-2026-46540 (Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol ba ...)
+ TODO: check
+CVE-2026-46539 (Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol ba ...)
+ TODO: check
+CVE-2026-46532 (ESF-IDF is the Espressif Internet of Things (IOT) Development Framewor ...)
+ TODO: check
+CVE-2026-46518 (OpenEMR is a free and open source electronic health records and medica ...)
+ TODO: check
+CVE-2026-46517 (LMDeploy is a toolkit for compressing, deploying, and serving large la ...)
+ TODO: check
+CVE-2026-46491 (SimpleSAMLphp-casserver is a CAS 1.0 and 2.0 compliant CAS server in t ...)
+ TODO: check
+CVE-2026-46432 (LMDeploy is a toolkit for compressing, deploying, and serving large la ...)
+ TODO: check
+CVE-2026-46411 (FlashMQ is a MQTT broker/server, designed for multi-CPU environments. ...)
+ TODO: check
+CVE-2026-46374 (SQLFluff is a modular SQL linter and auto-formatter with support for m ...)
+ TODO: check
+CVE-2026-46373 (SQLFluff is a modular SQL linter and auto-formatter with support for m ...)
+ TODO: check
+CVE-2026-45782 (Cloud Hypervisor is a Virtual Machine Monitor for Cloud workloads. Fro ...)
+ TODO: check
+CVE-2026-45542 (ESF-IDF is the Espressif Internet of Things (IOT) Development Framewor ...)
+ TODO: check
+CVE-2026-45541 (ESF-IDF is the Espressif Internet of Things (IOT) Development Framewor ...)
+ TODO: check
+CVE-2026-45329 (ESF-IDF is the Espressif Internet of Things (IOT) Development Framewor ...)
+ TODO: check
+CVE-2026-45328 (ESF-IDF is the Espressif Internet of Things (IOT) Development Framewor ...)
+ TODO: check
+CVE-2026-45160 (ESF-IDF is the Espressif Internet of Things (IOT) Development Framewor ...)
+ TODO: check
+CVE-2026-44963 (A vulnerability allowing remote code execution (RCE) on the Backup Ser ...)
+ TODO: check
+CVE-2026-44716 (Pipecat is an open-source Python framework for building real-time voic ...)
+ TODO: check
+CVE-2026-44634 (SimpleBLE is a cross-platform library and bindings for Bluetooth Low E ...)
+ TODO: check
+CVE-2026-44505 (Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol ba ...)
+ TODO: check
+CVE-2026-41837 (Spring Data REST's Querydsl integration accepts arbitrary persistent p ...)
+ TODO: check
+CVE-2026-41732 (JsonPulsarHeaderMapper matched type headers against trusted packages u ...)
+ TODO: check
+CVE-2026-41731 (JsonKafkaHeaderMapper and the deprecated DefaultKafkaHeaderMapper matc ...)
+ TODO: check
+CVE-2026-41730 (Spring Data REST serializes the full exception cause chain into HTTP e ...)
+ TODO: check
+CVE-2026-41729 (Spring Data REST is vulnerable to SpEL expression injection through ma ...)
+ TODO: check
+CVE-2026-41728 (Spring Data REST's JSON Patch (application/json-patch+json) implementa ...)
+ TODO: check
+CVE-2026-41727 (Spring Kafka's retry topic infrastructure did not sufficiently validat ...)
+ TODO: check
+CVE-2026-41726 (When an application opts into DelegatingDeserializer, a producer can g ...)
+ TODO: check
+CVE-2026-41721 (Spring Data Commons contains a vulnerability that can lead to a Denial ...)
+ TODO: check
+CVE-2026-41719 (A SpEL Injection vulnerability exists in the Spring Data KeyValue if u ...)
+ TODO: check
+CVE-2026-41717 (Spring Data MongoDB contains a SpEL (Spring Expression Language) expre ...)
+ TODO: check
+CVE-2026-41716 (Spring Data's internal property-lookup cache accepts and permanently r ...)
+ TODO: check
+CVE-2026-41714 (Applications that configure their broker connection via RabbitConnecti ...)
+ TODO: check
+CVE-2026-41711 (Applications using Spring Data Commons may be vulnerable to a Denial o ...)
+ TODO: check
+CVE-2026-41706 (Spring Security's CookieRequestCache and CookieServerRequestCache stor ...)
+ TODO: check
+CVE-2026-41701 (Correlation IDs for replies in the RabbitTemplate.sendAndReceive() wit ...)
+ TODO: check
+CVE-2026-41697 (Spring Data Relational does not properly escape binding values of exte ...)
+ TODO: check
+CVE-2026-41696 (Spring Data MongoDB repository query methods annotated with @Query tha ...)
+ TODO: check
+CVE-2026-41695 (Spring Data Commons applications may be vulnerable to denial of servic ...)
+ TODO: check
+CVE-2026-41694 (Since Spring Security SAML decrypts SAML Responses as well as elements ...)
+ TODO: check
+CVE-2026-41008 (Spring Security Authorization Server's authorization endpoint performs ...)
+ TODO: check
+CVE-2026-41003 (An attacker able to influence values in RelyingPartyRegistration may b ...)
+ TODO: check
+CVE-2026-40993 (An attacker with write permissions to the database table managed by Jd ...)
+ TODO: check
+CVE-2026-40991 (When using spring-restdocs-webtestclient or spring-restdocs-restassure ...)
+ TODO: check
+CVE-2026-40988 (An application using spring-security-saml2-service-provider and the RE ...)
+ TODO: check
+CVE-2026-3326 (The Xstore WordPress theme before 9.7.3 does not properly sanitise and ...)
+ TODO: check
+CVE-2026-34713 (CAI Content Credentials versions c2pa-web at 0.7.1, c2pa-v0.80.1 and earl ...)
+ TODO: check
+CVE-2026-34712 (CAI Content Credentials versions c2pa-web at 0.7.1, c2pa-v0.80.1 and earl ...)
+ TODO: check
+CVE-2026-34711 (CAI Content Credentials versions c2pa-web at 0.7.1, c2pa-v0.80.1 and earl ...)
+ TODO: check
+CVE-2026-34710 (Substance3D - Sampler versions 6.0.0 and earlier are affected by an ou ...)
+ TODO: check
+CVE-2026-34709 (Substance3D - Sampler versions 6.0.0 and earlier are affected by an ou ...)
+ TODO: check
+CVE-2026-34657 (CAI Content Credentials versions c2pa-web at 0.7.1, c2pa-v0.80.1 and earl ...)
+ TODO: check
+CVE-2026-34417 (OSCAL-GUI contains a reflected cross-site scripting vulnerability that ...)
+ TODO: check
+CVE-2026-34416 (OSCAL-GUI contains a reflected cross-site scripting vulnerability that ...)
+ TODO: check
+CVE-2026-32856 (Ellucian Banner Self-Service before the April T2 release (2025-04-23) ...)
+ TODO: check
+CVE-2026-29116 (A vulnerability has been found in some Dahua products could allow an u ...)
+ TODO: check
+CVE-2026-29115 (A vulnerability has been found in some Dahua products could allow an a ...)
+ TODO: check
+CVE-2026-29114 (A vulnerability has been found in some Dahua products. An attacker may ...)
+ TODO: check
+CVE-2026-26241 (A buffer overflow vulnerability has been reported to affect File Stati ...)
+ TODO: check
+CVE-2026-26240 (A buffer overflow vulnerability has been reported to affect File Stati ...)
+ TODO: check
+CVE-2026-26239 (A buffer overflow vulnerability has been reported to affect File Stati ...)
+ TODO: check
+CVE-2026-26237 (A missing authorization vulnerability has been reported to affect QuMa ...)
+ TODO: check
+CVE-2026-25860 (OpenClinic GA 5.351.19 contains a reflected cross-site scripting vulne ...)
+ TODO: check
+CVE-2026-25557 (Evoluted PHP Directory Listing Script through 4.0.5 contains a reflect ...)
+ TODO: check
+CVE-2026-24724 (An incorrect authorization vulnerability has been reported to affect F ...)
+ TODO: check
+CVE-2026-24720 (An allocation of resources without limits or throttling vulnerability ...)
+ TODO: check
+CVE-2026-24719 (A command injection vulnerability has been reported to affect several ...)
+ TODO: check
+CVE-2026-24717 (A path traversal vulnerability has been reported to affect several QNA ...)
+ TODO: check
+CVE-2026-24716 (A NULL pointer dereference vulnerability has been reported to affect s ...)
+ TODO: check
+CVE-2026-22899 (A NULL pointer dereference vulnerability has been reported to affect F ...)
+ TODO: check
+CVE-2026-22893 (A command injection vulnerability has been reported to affect several ...)
+ TODO: check
+CVE-2026-11837 (A local privilege escalation vulnerability was found in the ansible.po ...)
+ TODO: check
+CVE-2026-11824 (SQLite before 3.53.2 contains a heap-based buffer overflow vulnerabili ...)
+ TODO: check
+CVE-2026-11822 (SQLite before 3.53.2 contains memory corruption vulnerabilities in the ...)
+ TODO: check
+CVE-2026-11815 (An attacker who intercepts and tampers with traffic between the client ...)
+ TODO: check
+CVE-2026-11799 (UXSS in Focus for iOS / Klar Webkit navigation. This vulnerability was ...)
+ TODO: check
+CVE-2026-10846 (NLnet Labs ldns 1.2.0 up to and including versions 1.9.0, when used in ...)
+ TODO: check
+CVE-2026-10238
+ REJECTED
+CVE-2025-8444 (The Animation Addons for Elementor \u2013 GSAP Powered Elementor Addon ...)
+ TODO: check
+CVE-2025-71319 (image-size 1.1.0 before 1.2.1 and 2.0.0 before 2.0.2 contain a denial ...)
+ TODO: check
+CVE-2025-66281 (A NULL pointer dereference vulnerability has been reported to affect s ...)
+ TODO: check
+CVE-2025-66280 (An integer overflow or wraparound vulnerability has been reported to a ...)
+ TODO: check
+CVE-2025-66279 (A command injection vulnerability has been reported to affect several ...)
+ TODO: check
+CVE-2025-66276 (QuTS hero is not affected. We have already fixed the vulnerability in ...)
+ TODO: check
+CVE-2025-66273 (A command injection vulnerability has been reported to affect several ...)
+ TODO: check
+CVE-2025-62851 (A path traversal vulnerability has been reported to affect License Cen ...)
+ TODO: check
+CVE-2025-62850 (A NULL pointer dereference vulnerability has been reported to affect s ...)
+ TODO: check
+CVE-2025-59382 (QTS, QuTS hero, QuTScloud are not affected. We have already fixed the ...)
+ TODO: check
+CVE-2025-58468 (A cross-site request forgery (CSRF) vulnerability has been reported to ...)
+ TODO: check
CVE-2026-11526
- libgd-perl <unfixed>
NOTE: Fixed by: https://github.com/lstein/Perl-GD/commit/67b163713c6c78dfeb693da0978ae934e5cd8210 (v2.86)
@@ -25,7 +345,7 @@ CVE-2026-9211 (An unauthenticated user on the local network can gain control of
NOT-FOR-US: Netgear
CVE-2026-9210 (Insufficient input validation vulnerability in thelisted NETGEAR model ...)
NOT-FOR-US: Netgear
-CVE-2026-8863 (Multiple version of UEFI SHIM bootloaders are vulnerable to SecureBoo ...)
+CVE-2026-8863 (Multiple Microsoft-sigend UEFI SHIM bootloaders are vulnerable to Secu ...)
TODO: check
CVE-2026-8677 (The Prime Elementor Addons \u2013 Lightweight Elementor Widgets for Fa ...)
NOT-FOR-US: WordPress plugin
@@ -51,7 +371,7 @@ CVE-2026-50636 (The RemoteControl API methods invite_participants and remind_par
- limesurvey <itp> (bug #472802)
CVE-2026-50635 (LimeSurvey constructs account password-reset links from the client-sup ...)
- limesurvey <itp> (bug #472802)
-CVE-2026-50512 (Missing authentication for critical function in Microsoft PC Manager a ...)
+CVE-2026-50512 (Improper link resolution before file access ('link following') in Micr ...)
NOT-FOR-US: Microsoft
CVE-2026-50511 (Improper link resolution before file access ('link following') in Micr ...)
NOT-FOR-US: Microsoft
@@ -422,11 +742,11 @@ CVE-2026-45583 (Improper control of generation of code ('code injection') in Mic
NOT-FOR-US: Microsoft
CVE-2026-45504 (Server-side request forgery (ssrf) in Microsoft Exchange Server allows ...)
NOT-FOR-US: Microsoft
-CVE-2026-45503 (Improper authorization in Microsoft Exchange Server allows an authoriz ...)
+CVE-2026-45503 (Server-side request forgery (ssrf) in Microsoft Exchange Server allows ...)
NOT-FOR-US: Microsoft
CVE-2026-45502 (Server-side request forgery (ssrf) in Microsoft Exchange Server allows ...)
NOT-FOR-US: Microsoft
-CVE-2026-45501 (Server-side request forgery (ssrf) in Microsoft Exchange Server allows ...)
+CVE-2026-45501 (Improper neutralization of input during web page generation ('cross-si ...)
NOT-FOR-US: Microsoft
CVE-2026-45500 (Improper neutralization of input during web page generation ('cross-si ...)
NOT-FOR-US: Microsoft
@@ -987,12 +1307,14 @@ CVE-2016-20063 (Single Personal Message 1.0.3 contains an SQL injection vulnerab
CVE-2016-20062 (Simply Poll 1.4.1 plugin for WordPress contains an SQL injection vulne ...)
NOT-FOR-US: WordPress plugin
CVE-2026-45446 (Issue summary: The implementations of AES-SIV (RFC 5297) and AES-GCM-S ...)
+ {DSA-6335-1}
- openssl <unfixed>
NOTE: https://openssl-library.org/news/secadv/20260609.txt
CVE-2026-42771 (Issue summary: When the X509_VERIFY_PARAM_set1_email is called by an a ...)
- openssl <not-affected> (Vulnerable code not present)
NOTE: https://openssl-library.org/news/secadv/20260609.txt
CVE-2026-42770 (Issue summary: When EVP_PKEY_derive_set_peer() is called with a DHX (X ...)
+ {DSA-6335-1}
- openssl <unfixed>
NOTE: https://openssl-library.org/news/secadv/20260609.txt
CVE-2026-42769 (Issue Summary: An error in the callback used to verify the certificate ...)
@@ -1013,6 +1335,7 @@ CVE-2026-42767 (Issue summary: An attacker-controlled CMP (Certificate Managemen
[bookworm] - openssl <no-dsa> (Minor issue; can be fixed in next update)
NOTE: https://openssl-library.org/news/secadv/20260609.txt
CVE-2026-42766 (Issue summary: A specially crafted password-encrypted CMS message can ...)
+ {DSA-6335-1}
- openssl <unfixed>
NOTE: https://openssl-library.org/news/secadv/20260609.txt
CVE-2026-42765 (Issue summary: When a partial-chain certificate verification is enable ...)
@@ -1028,15 +1351,19 @@ CVE-2026-34181 (Issue Summary: The PKCS#12 file processing fails to perform suff
[bullseye] - openssl <not-affected> (Vulnerable code not present)
NOTE: https://openssl-library.org/news/secadv/20260609.txt
CVE-2026-34180 (Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a pr ...)
+ {DSA-6335-1}
- openssl <unfixed>
NOTE: https://openssl-library.org/news/secadv/20260609.txt
CVE-2026-9076 (Issue summary: When CMS password-based decryption (RFC 3211 / PWRI key ...)
+ {DSA-6335-1}
- openssl <unfixed>
NOTE: https://openssl-library.org/news/secadv/20260609.txt
CVE-2026-7383 (Issue summary: A signed integer overflow when sizing the destination b ...)
+ {DSA-6335-1}
- openssl <unfixed>
NOTE: https://openssl-library.org/news/secadv/20260609.txt
CVE-2026-45445 (Issue summary: When an application drives an AES-OCB context through t ...)
+ {DSA-6335-1}
- openssl <unfixed>
NOTE: https://openssl-library.org/news/secadv/20260609.txt
CVE-2026-42764 (Issue summary: Receiving a QUIC initial packet with an invalid token m ...)
@@ -1058,9 +1385,11 @@ CVE-2026-34183 (Issue summary: Remote peer may exhaust heap memory of the QUIC s
[bullseye] - openssl <not-affected> (Vulnerable code not present)
NOTE: https://openssl-library.org/news/secadv/20260609.txt
CVE-2026-34182 (Issue Summary: Cryptographic Message Services (CMS) processing fails t ...)
+ {DSA-6335-1}
- openssl <unfixed>
NOTE: https://openssl-library.org/news/secadv/20260609.txt
CVE-2026-45447 (Issue summary: A specially crafted PKCS#7 or S/MIME signed message cou ...)
+ {DSA-6335-1}
- openssl <unfixed>
NOTE: https://openssl-library.org/news/secadv/20260609.txt
CVE-2026-42488
@@ -2619,7 +2948,7 @@ CVE-2026-21025 (Incorrect privilege assignment in Telephony prior to SMR Jun-202
NOT-FOR-US: Samsung Mobile
CVE-2026-21017 (Improper handling of insufficient privileges in SecTelephonyProvider p ...)
NOT-FOR-US: Samsung Mobile
-CVE-2026-20245 (A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly ...)
+CVE-2026-20245 (A vulnerability in the CLI of Cisco Catalyst SD-WAN Controller, former ...)
NOT-FOR-US: Cisco
CVE-2026-11369 (The Comment API (GET /api/Comment and POST /api/Comment) in the affect ...)
NOT-FOR-US: linqi
@@ -5192,6 +5521,7 @@ CVE-2026-50266 (In OpenStack Neutron before 28.0.1, a project manager can create
NOTE: https://security.openstack.org/ossa/OSSA-2026-021.html
NOTE: https://launchpad.net/bugs/2152115
CVE-2026-41283 (OpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Executio ...)
+ {DSA-6333-1}
- mistral <unfixed> (bug #1138843)
NOTE: https://www.openwall.com/lists/oss-security/2026/06/03/14
NOTE: https://launchpad.net/bugs/2147178
@@ -6798,6 +7128,7 @@ CVE-2026-10197 (A vulnerability was detected in Assimp up to 6.0.4. Affected is
NOTE: https://github.com/assimp/assimp/pull/6645
NOTE: https://github.com/assimp/assimp/commit/24bd7ee6f6721b34854dc232b253c71ecc66e457
CVE-2026-10118 (A flaw was found in Poppler's Splash backend. A remote attacker could ...)
+ {DSA-6334-1}
- poppler 26.01.0-4.1 (bug #1138708)
NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/work_items/1715
NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/commit/8352264766652b98336e92359a70b3161a9ab97a
@@ -16481,7 +16812,7 @@ CVE-2026-40930 (LIBPNG is a reference library for use in applications that proce
NOTE: so marking 1.6.37-4 as the fixed version
NOTE: https://github.com/pnggroup/libpng/security/advisories/GHSA-c4v6-gxrq-6g2x
NOTE: https://github.com/pnggroup/libpng/commit/faf06924688b62d7c1654b5ceddedbde66ffadb4
-CVE-2026-46433 [Heap OOB Read in VLAN Decapsulation memmove]
+CVE-2026-46433 (lldpd is an implementation of IEEE 802.1ab (LLDP). Prior to version 1. ...)
- lldpd 1.0.22-1
[trixie] - lldpd <no-dsa> (Minor issue)
[bookworm] - lldpd <no-dsa> (Minor issue)
@@ -18950,37 +19281,37 @@ CVE-2026-35504 (PowerSYSTEM Center email notification service is affected by a C
NOT-FOR-US: PowerSYSTEM Center
CVE-2026-34690 (After Effects versions 26.0, 25.6.4 and earlier are affected by a Stac ...)
NOT-FOR-US: Adobe
-CVE-2026-34688 (CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affecte ...)
+CVE-2026-34688 (CAI Content Credentials versions c2pa-web at 0.7.0, c2pa-v0.78.2 and earl ...)
NOT-FOR-US: Adobe
CVE-2026-34686 (Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2. ...)
NOT-FOR-US: Adobe
CVE-2026-34685 (Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2. ...)
NOT-FOR-US: Adobe
-CVE-2026-34680 (CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affecte ...)
+CVE-2026-34680 (CAI Content Credentials versions c2pa-web at 0.7.0, c2pa-v0.78.2 and earl ...)
NOT-FOR-US: Adobe
-CVE-2026-34679 (CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affecte ...)
+CVE-2026-34679 (CAI Content Credentials versions c2pa-web at 0.7.0, c2pa-v0.78.2 and earl ...)
NOT-FOR-US: Adobe
-CVE-2026-34678 (CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affecte ...)
+CVE-2026-34678 (CAI Content Credentials versions c2pa-web at 0.7.0, c2pa-v0.78.2 and earl ...)
NOT-FOR-US: Adobe
-CVE-2026-34677 (CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affecte ...)
+CVE-2026-34677 (CAI Content Credentials versions c2pa-web at 0.7.0, c2pa-v0.78.2 and earl ...)
NOT-FOR-US: Adobe
-CVE-2026-34673 (CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affecte ...)
+CVE-2026-34673 (CAI Content Credentials versions c2pa-web at 0.7.0, c2pa-v0.78.2 and earl ...)
NOT-FOR-US: Adobe
-CVE-2026-34672 (CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affecte ...)
+CVE-2026-34672 (CAI Content Credentials versions c2pa-web at 0.7.0, c2pa-v0.78.2 and earl ...)
NOT-FOR-US: Adobe
-CVE-2026-34671 (CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affecte ...)
+CVE-2026-34671 (CAI Content Credentials versions c2pa-web at 0.7.0, c2pa-v0.78.2 and earl ...)
NOT-FOR-US: Adobe
-CVE-2026-34670 (CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affecte ...)
+CVE-2026-34670 (CAI Content Credentials versions c2pa-web at 0.7.0, c2pa-v0.78.2 and earl ...)
NOT-FOR-US: Adobe
-CVE-2026-34669 (CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affecte ...)
+CVE-2026-34669 (CAI Content Credentials versions c2pa-web at 0.7.0, c2pa-v0.78.2 and earl ...)
NOT-FOR-US: Adobe
-CVE-2026-34668 (CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affecte ...)
+CVE-2026-34668 (CAI Content Credentials versions c2pa-web at 0.7.0, c2pa-v0.78.2 and earl ...)
NOT-FOR-US: Adobe
-CVE-2026-34667 (CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affecte ...)
+CVE-2026-34667 (CAI Content Credentials versions c2pa-web at 0.7.0, c2pa-v0.78.2 and earl ...)
NOT-FOR-US: Adobe
-CVE-2026-34666 (CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affecte ...)
+CVE-2026-34666 (CAI Content Credentials versions c2pa-web at 0.7.0, c2pa-v0.78.2 and earl ...)
NOT-FOR-US: Adobe
-CVE-2026-34665 (CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affecte ...)
+CVE-2026-34665 (CAI Content Credentials versions c2pa-web at 0.7.0, c2pa-v0.78.2 and earl ...)
NOT-FOR-US: Adobe
CVE-2026-34658 (Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2. ...)
NOT-FOR-US: Adobe
@@ -19710,7 +20041,7 @@ CVE-2026-33862 (A vulnerability has been identified in Teamcenter V2312 (All ver
NOT-FOR-US: Siemens
CVE-2026-33841 (Heap-based buffer overflow in Windows Kernel allows an authorized atta ...)
NOT-FOR-US: Microsoft
-CVE-2026-33840 (Concurrent execution using shared resource with improper synchronizati ...)
+CVE-2026-33840 (Use after free in Windows Win32K - ICOMP allows an authorized attacker ...)
NOT-FOR-US: Microsoft
CVE-2026-33839 (Concurrent execution using shared resource with improper synchronizati ...)
NOT-FOR-US: Microsoft
@@ -33503,7 +33834,8 @@ CVE-2026-5398 (The implementation of TIOCNOTTY failed to clear a back-pointer fr
NOT-FOR-US: FreeBSD
CVE-2026-4872
REJECTED
-CVE-2026-4821 (An improper neutralization of special elements vulnerability was ident ...)
+CVE-2026-4821
+ REJECTED
NOT-FOR-US: Github Enterprise Server
CVE-2026-4296 (An incorrect regular expression vulnerability was identified in GitHub ...)
NOT-FOR-US: Github Enterprise Server
@@ -115122,6 +115454,7 @@ CVE-2025-58277 (Permission verification bypass vulnerability in the Camera app.S
CVE-2025-54654 (Permission control vulnerability in the Gallery module. Successful exp ...)
NOT-FOR-US: Huawei
CVE-2025-52885 (Poppler ia a library for rendering PDF files, and examining or modifyi ...)
+ {DSA-6334-1}
- poppler 25.03.0-11.1 (bug #1117853)
[bullseye] - poppler <postponed> (Minor issue; only affeccts CLI tools run with non-default CLI options)
NOTE: https://securitylab.github.com/advisories/GHSL-2025-042_poppler/
@@ -119196,6 +119529,7 @@ CVE-2025-46205 (A heap-use-after free in the PdfTokenizer::ReadDictionary functi
CVE-2025-43826 (Stored cross-site scripting (XSS) vulnerabilities in Web Content trans ...)
NOT-FOR-US: Liferay
CVE-2025-43718 (Poppler 24.06.1 through 25.x before 25.04.0 allows stack consumption a ...)
+ {DSA-6334-1}
- poppler 25.03.0-10 (bug #1117046)
[bullseye] - poppler <postponed> (minor issue)
NOTE: Fixed by: https://gitlab.freedesktop.org/poppler/poppler/-/commit/f54b815672117c250420787c8c006de98e8c7408 (poppler-25.04.0)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3876feea6a25a7fa516b83eea4b66b5ed5e97991
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3876feea6a25a7fa516b83eea4b66b5ed5e97991
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260610/82e8e2d2/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list