[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Jun 15 08:45:03 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1e2a457c by security tracker role at 2026-06-15T07:44:56+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,78 @@
-CVE-2026-11527
+CVE-2026-54413 (driftregion iso14229 through 0.9.0 contains an integer underflow and d ...)
+ TODO: check
+CVE-2026-54412 (LiamBindle MQTT-C through version 1.1.6 contains a heap-based out-of-b ...)
+ TODO: check
+CVE-2026-54411 (Linux-PAM through 1.7.2 contains an observable timing discrepancy (CWE ...)
+ TODO: check
+CVE-2026-54410 (nanoMODBUS through v1.23.0 contains an off-by-one buffer overflow in t ...)
+ TODO: check
+CVE-2026-12223 (A vulnerability was identified in Yealink SIP-T46U 108.86.0.118. Affec ...)
+ TODO: check
+CVE-2026-12222 (A vulnerability was determined in Yealink SIP-T46U 108.86.0.118. Affec ...)
+ TODO: check
+CVE-2026-12221 (A vulnerability was found in Yealink SIP-T46U 108.86.0.118. This impac ...)
+ TODO: check
+CVE-2026-12220 (A vulnerability has been found in Yealink SIP-T46U 108.86.0.118. This ...)
+ TODO: check
+CVE-2026-12219 (A flaw has been found in Yealink SIP-T46U 108.86.0.118. The impacted e ...)
+ TODO: check
+CVE-2026-12218 (A vulnerability was detected in Yealink SIP-T46U 108.87.50.1. The affe ...)
+ TODO: check
+CVE-2026-12217 (A security vulnerability has been detected in DVDFab Virtual Drive 2.0 ...)
+ TODO: check
+CVE-2026-12216 (A weakness has been identified in svaarala duktape up to 2.99.99. This ...)
+ TODO: check
+CVE-2026-12214 (A security flaw has been discovered in Qihoo 360 Total Security 6.0. T ...)
+ TODO: check
+CVE-2026-12213 (A vulnerability was found in hcengineering Huly Platform up to 0.7.0. ...)
+ TODO: check
+CVE-2026-12212 (A vulnerability has been found in hcengineering Huly Platform up to 0. ...)
+ TODO: check
+CVE-2026-12211 (A flaw has been found in Intelbras iNVU 7016 FT 3.004.00IB000.0.T Buil ...)
+ TODO: check
+CVE-2026-12210 (A vulnerability was detected in universal-tool-calling-protocol python ...)
+ TODO: check
+CVE-2026-12209 (A security vulnerability has been detected in RubyLouvre avalon up to ...)
+ TODO: check
+CVE-2026-12208 (A weakness has been identified in jsonata-js jsonata up to 2.2.0. The ...)
+ TODO: check
+CVE-2026-12207 (A security flaw has been discovered in medkey-org medkey up to fc09b7b ...)
+ TODO: check
+CVE-2026-12206 (A vulnerability was identified in Grit42 Grit up to 0.11.0. This issue ...)
+ TODO: check
+CVE-2026-12204 (A vulnerability was determined in ShopXO up to 6.7.1. This vulnerabili ...)
+ TODO: check
+CVE-2026-12203 (A vulnerability was found in HKUDS AI-Trader up to 74caf996f78dcc0c657 ...)
+ TODO: check
+CVE-2026-12202 (A vulnerability has been found in Intelliants Subrion CMS up to 4.0.3. ...)
+ TODO: check
+CVE-2026-12201 (A flaw has been found in IObit Malware Fighter up to 13.2.0. Affected ...)
+ TODO: check
+CVE-2026-12200 (A security vulnerability has been detected in Ritlabs TinyWeb Server u ...)
+ TODO: check
+CVE-2026-12198 (A weakness has been identified in Microweber up to 2.0.20. This affect ...)
+ TODO: check
+CVE-2026-12197 (A security flaw has been discovered in Ruijie EG105G-P 2.340. The impa ...)
+ TODO: check
+CVE-2026-12193 (A vulnerability was identified in VS Revo RevoUninstaller 2.5.x/2.6.x. ...)
+ TODO: check
+CVE-2026-12192 (A vulnerability was determined in GALAYOU Y4 1.0.0. Impacted is an unk ...)
+ TODO: check
+CVE-2026-12191 (A vulnerability was found in Comma AI Openpilot 0.11. This issue affec ...)
+ TODO: check
+CVE-2026-12190 (A vulnerability has been found in Genspark AI Workspace App 2.8.4 on A ...)
+ TODO: check
+CVE-2026-12189 (A flaw has been found in Moovit Bus & Public Transit App 1.18 on Andro ...)
+ TODO: check
+CVE-2026-12188 (A vulnerability was detected in Grit42 Grit up to 0.11.0. Affected by ...)
+ TODO: check
+CVE-2026-12187 (A security vulnerability has been detected in GL.iNet GL-MT3000 up to ...)
+ TODO: check
+CVE-2026-12186 (A weakness has been identified in GL.iNet GL-MT3000 up to 4.4.5. Affec ...)
+ TODO: check
+CVE-2025-15546 (The Iptanus File Upload WordPress plugin before 5.1.7 does not impleme ...)
+ TODO: check
+CVE-2026-11527 (Config::IniFiles versions before 3.001000 for Perl allow OS command in ...)
- libconfig-inifiles-perl 3.000003-5
NOTE: Fixed by: https://github.com/shlomif/perl-Config-IniFiles/commit/3e48f9627fbba4dae5de35be1f735cdeb7e47fb8 (releases/3.001000)
CVE-2026-XXXX [RUSTSEC-2026-0178]
@@ -2065,7 +2139,7 @@ CVE-2025-59382 (QTS, QuTS hero, QuTScloud are not affected. We have already fix
NOT-FOR-US: QNAP
CVE-2025-58468 (A cross-site request forgery (CSRF) vulnerability has been reported to ...)
NOT-FOR-US: QNAP
-CVE-2026-11526
+CVE-2026-11526 (GD versions before 2.86 for Perl allow OS command injection and file o ...)
- libgd-perl 2.84-3
NOTE: Fixed by: https://github.com/lstein/Perl-GD/commit/67b163713c6c78dfeb693da0978ae934e5cd8210 (v2.86)
CVE-2026-52903
@@ -3094,7 +3168,7 @@ CVE-2026-42767 (Issue summary: An attacker-controlled CMP (Certificate Managemen
NOTE: Fixed by: https://github.com/openssl/openssl/commit/61a86a8cd73546c9fea916f3d304c1293e05c046 (openssl-3.0.21)
NOTE: Introduced with: https://github.com/openssl/openssl/commit/a61b7f2fa6de3bf8d5b1436e66c52d6bf7150ae4
CVE-2026-42766 (Issue summary: A specially crafted password-encrypted CMS message can ...)
- {DSA-6335-1}
+ {DSA-6335-1 DLA-4630-1}
- openssl 3.6.3-1 (bug #1139674)
NOTE: https://openssl-library.org/news/secadv/20260609.txt
NOTE: Fixed by: https://github.com/openssl/openssl/commit/3ff64913615d648cfbb6a6f1cf5529ae7ea829d7 (openssl-3.0.21)
@@ -3112,17 +3186,17 @@ CVE-2026-34181 (Issue Summary: The PKCS#12 file processing fails to perform suff
[bullseye] - openssl <not-affected> (Vulnerable code not present)
NOTE: https://openssl-library.org/news/secadv/20260609.txt
CVE-2026-34180 (Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a pr ...)
- {DSA-6335-1}
+ {DSA-6335-1 DLA-4630-1}
- openssl 3.6.3-1 (bug #1139674)
NOTE: https://openssl-library.org/news/secadv/20260609.txt
NOTE: Fixed by: https://github.com/openssl/openssl/commit/cbe418ae978539cf14a398a207dba834c0e93e83 (openssl-3.0.21)
CVE-2026-9076 (Issue summary: When CMS password-based decryption (RFC 3211 / PWRI key ...)
- {DSA-6335-1}
+ {DSA-6335-1 DLA-4630-1}
- openssl 3.6.3-1 (bug #1139674)
NOTE: https://openssl-library.org/news/secadv/20260609.txt
NOTE: Fixed by: https://github.com/openssl/openssl/commit/eecbe330977e8d023aae1ca2d9bdbe983ef3fdc6 (openssl-3.0.21)
CVE-2026-7383 (Issue summary: A signed integer overflow when sizing the destination b ...)
- {DSA-6335-1}
+ {DSA-6335-1 DLA-4630-1}
- openssl 3.6.3-1 (bug #1139674)
NOTE: https://openssl-library.org/news/secadv/20260609.txt
NOTE: Fixed by: https://github.com/openssl/openssl/commit/bd17511070fb39a67bfa19682affb765e706a974 (openssl-3.0.21)
@@ -3162,7 +3236,7 @@ CVE-2026-34182 (Issue Summary: Cryptographic Message Services (CMS) processing f
NOTE: Fixed by: https://github.com/openssl/openssl/commit/f48adad79a21fed9bfc31ea3ef65bee810e12ddd (openssl-3.0.21)
NOTE: Introduced with: https://github.com/openssl/openssl/commit/924663c36d47066d5307937da77fed7e872730c7
CVE-2026-45447 (Issue summary: A specially crafted PKCS#7 or S/MIME signed message cou ...)
- {DSA-6335-1}
+ {DSA-6335-1 DLA-4630-1}
- openssl 3.6.3-1 (bug #1139674)
NOTE: https://openssl-library.org/news/secadv/20260609.txt
NOTE: Fixed by: https://github.com/openssl/openssl/commit/9dfd688ad2290fc5075cacbc9bf0c9a93eefed54 (openssl-3.0.21)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1e2a457cc91ba0a20070135f2c3b376584d653c4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1e2a457cc91ba0a20070135f2c3b376584d653c4
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260615/7a876ac8/attachment.htm>
More information about the debian-security-tracker-commits
mailing list