[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jun 16 20:14:01 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a3002921 by security tracker role at 2026-06-16T19:13:55+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,14 +1,298 @@
+CVE-2026-9507 (A session fixation vulnerability has been identified in osTicket v1.18 ...)
+ TODO: check
+CVE-2026-9307 (A sensitive information disclosure security issue exists within the af ...)
+ TODO: check
+CVE-2026-8484 (A heap buffer overflow vulnerability exists in the Jansi JNI "ioctl()" ...)
+ TODO: check
+CVE-2026-8444 (The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Inj ...)
+ TODO: check
+CVE-2026-8442 (The WP Review Slider Pro plugin for WordPress is vulnerable to Arbitra ...)
+ TODO: check
+CVE-2026-8176 (The LatePoint \u2013 Calendar Booking Plugin for Appointments and Even ...)
+ TODO: check
+CVE-2026-5416 (Due to the improper neutralization of special elements used in a name ...)
+ TODO: check
+CVE-2026-54198 (Unauthenticated Cross Site Scripting (XSS) in Media LIbrary Assistant ...)
+ TODO: check
+CVE-2026-54197 (Unauthenticated Sensitive Data Exposure in GetGenie <= 4.4.1 versions.)
+ TODO: check
+CVE-2026-54191 (Unauthenticated Cross Site Scripting (XSS) in Pods <= 3.3.8 versions.)
+ TODO: check
+CVE-2026-54190 (Unauthenticated Broken Access Control in Envira Photo Gallery <= 1.12. ...)
+ TODO: check
+CVE-2026-53900 (Firefox for iOS preserved cookies set on the initial PDF request acros ...)
+ TODO: check
+CVE-2026-53899 (Firefox for iOS used partial domain matching when attaching cookies to ...)
+ TODO: check
+CVE-2026-53866 (OpenClaw before 2026.5.12 contains an allowlist bypass vulnerability i ...)
+ TODO: check
+CVE-2026-53865 (OpenClaw before 2026.5.2 contains a path traversal vulnerability in ma ...)
+ TODO: check
+CVE-2026-53864 (OpenClaw before 2026.5.26 contains an insufficient sanitization vulner ...)
+ TODO: check
+CVE-2026-53863 (OpenClaw before 2026.4.25 contains an input validation vulnerability i ...)
+ TODO: check
+CVE-2026-53862 (OpenClaw before 2026.5.12 contains a bootstrap token replay vulnerabil ...)
+ TODO: check
+CVE-2026-53861 (OpenClaw before 2026.5.6 contains an allowlist bypass vulnerability in ...)
+ TODO: check
+CVE-2026-53860 (OpenClaw before 2026.5.7 contains a sender policy bypass vulnerability ...)
+ TODO: check
+CVE-2026-53859 (OpenClaw before 2026.5.26 contains a hostname validation vulnerability ...)
+ TODO: check
+CVE-2026-53858 (OpenClaw before 2026.5.2 contains an environment variable injection vu ...)
+ TODO: check
+CVE-2026-53857 (OpenClaw before 2026.5.3 contains a policy enforcement vulnerability w ...)
+ TODO: check
+CVE-2026-53856 (OpenClaw before 2026.4.24 contains an insecure file permissions vulner ...)
+ TODO: check
+CVE-2026-53855 (OpenClaw before 2026.4.2 contains an inline-eval bypass vulnerability ...)
+ TODO: check
+CVE-2026-53854 (OpenClaw before 2026.4.25 contains a privilege escalation vulnerabilit ...)
+ TODO: check
+CVE-2026-53853 (OpenClaw before 2026.5.12 contains an argument pattern validation bypa ...)
+ TODO: check
+CVE-2026-53852 (OpenClaw before 2026.4.25 contains a scope containment bypass vulnerab ...)
+ TODO: check
+CVE-2026-53851 (OpenClaw before 2026.5.12 contains a notification bypass vulnerability ...)
+ TODO: check
+CVE-2026-53850 (OpenClaw before 2026.4.25 contains a control scope enforcement bypass ...)
+ TODO: check
+CVE-2026-53849 (OpenClaw before 2026.5.7 contains a privilege escalation vulnerability ...)
+ TODO: check
+CVE-2026-53848 (OpenClaw before 2026.5.26 contains an exec allowlist bypass vulnerabil ...)
+ TODO: check
+CVE-2026-53847 (OpenClaw before 2026.5.6 contains a privilege escalation vulnerability ...)
+ TODO: check
+CVE-2026-53846 (OpenClaw before 2026.4.29 contains a path traversal vulnerability in t ...)
+ TODO: check
+CVE-2026-53845 (OpenClaw before 2026.5.6 contains a hook bypass vulnerability where sk ...)
+ TODO: check
+CVE-2026-53844 (OpenClaw before 2026.4.29 contains a session visibility check bypass v ...)
+ TODO: check
+CVE-2026-53843 (OpenClaw before 2026.5.26 contains an authorization bypass vulnerabili ...)
+ TODO: check
+CVE-2026-53842 (OpenClaw before 2026.5.2 contains an environment variable injection vu ...)
+ TODO: check
+CVE-2026-53841 (OpenClaw before 2026.5.12 contains a cross-site scripting vulnerabilit ...)
+ TODO: check
+CVE-2026-53840 (OpenClaw before 2026.5.12 contains an information disclosure vulnerabi ...)
+ TODO: check
+CVE-2026-53776 (Perry before 0.5.1166 contains a JWT validation vulnerability that all ...)
+ TODO: check
+CVE-2026-52715 (Unauthenticated SQL Injection in GEO my WordPress <= 4.5.5 versions.)
+ TODO: check
+CVE-2026-52714 (Unauthenticated Broken Access Control in SEO Plugin by Squirrly SEO <= ...)
+ TODO: check
+CVE-2026-52712 (Subscriber SQL Injection in Attendance Manager <= 0.6.2 versions.)
+ TODO: check
+CVE-2026-52711 (Unauthenticated Broken Access Control in WooCommerce POS <= 1.8.14 ver ...)
+ TODO: check
+CVE-2026-50656 (Microsoft is aware of an elevation of privilege in the Microsoft Malwa ...)
+ TODO: check
+CVE-2026-49774 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
+ TODO: check
+CVE-2026-49772 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2026-48780 (Forem is open source software for building communities. Prior to commi ...)
+ TODO: check
+CVE-2026-48775 (LangGraph SQLite Checkpoint is an implementation of LangGraph Checkpoi ...)
+ TODO: check
+CVE-2026-47964 (DNG SDK versions 1.7.1 2536 and earlier are affected by a Heap-based B ...)
+ TODO: check
+CVE-2026-47963 (DNG SDK versions 1.7.1 2536 and earlier are affected by an out-of-boun ...)
+ TODO: check
+CVE-2026-47934 (DNG SDK versions 1.7.1 2536 and earlier are affected by an out-of-boun ...)
+ TODO: check
+CVE-2026-47927 (DNG SDK versions 1.7.1 2536 and earlier are affected by an out-of-boun ...)
+ TODO: check
+CVE-2026-47749 (stable-diffusion.cpp is a pure C/C++ library for running diffusion mod ...)
+ TODO: check
+CVE-2026-47748 (stable-diffusion.cpp is a pure C/C++ library for running diffusion mod ...)
+ TODO: check
+CVE-2026-47684 (Sync-in Server is a secure, open-source platform for file storage, sha ...)
+ TODO: check
+CVE-2026-44932 (Passing of unsanitized strings from DHCP replies into the wicked dhcp ...)
+ TODO: check
+CVE-2026-42089 (Yeoman Environment provides an API to discover, create, and run genera ...)
+ TODO: check
+CVE-2026-40809 (Missing Authorization vulnerability in Rara Themes Metro Magazine allo ...)
+ TODO: check
+CVE-2026-40750 (Unrestricted Upload of File with Dangerous Type vulnerability in thema ...)
+ TODO: check
+CVE-2026-39927
+ REJECTED
+CVE-2026-39926
+ REJECTED
+CVE-2026-39581 (Subscriber SQL Injection in WP Sessions Time Monitoring Full Automatic ...)
+ TODO: check
+CVE-2026-39574 (Unauthenticated SQL Injection in InPost Gallery <= 2.1.4.6 versions.)
+ TODO: check
+CVE-2026-39490 (Unauthenticated Broken Access Control in JupiterX Core <= 4.14.1 versi ...)
+ TODO: check
+CVE-2026-39437 (Unauthenticated Cross Site Scripting (XSS) in Min Max Step Quantity Li ...)
+ TODO: check
+CVE-2026-2381 (The WooCommerce Stripe Payment Gateway plugin for WordPress is vulnera ...)
+ TODO: check
+CVE-2026-24228 (NVIDIA NeMo Framework for Linux contains a vulnerability where an atta ...)
+ TODO: check
+CVE-2026-24155 (NVIDIA NeMo Framework for all platforms contains a code injection vuln ...)
+ TODO: check
+CVE-2026-12412
+ REJECTED
+CVE-2026-12398 (A command injection vulnerability was found in galaxy_ng. The do_git_c ...)
+ TODO: check
+CVE-2026-12330 (Incorrect boundary conditions in the Internationalization component. T ...)
+ TODO: check
+CVE-2026-12329 (Memory safety bug fixed in Thunderbird ESR 140.12. This vulnerability ...)
+ TODO: check
+CVE-2026-12328 (Memory safety bugs present in Firefox ESR 115.36, Firefox ESR 140.11, ...)
+ TODO: check
+CVE-2026-12327 (Memory safety bugs present in Firefox ESR 140.11, Thunderbird ESR 140. ...)
+ TODO: check
+CVE-2026-12326 (Memory safety bugs present in Firefox 151 and Thunderbird 151. Some of ...)
+ TODO: check
+CVE-2026-12325 (Denial-of-service in the Graphics: ImageLib component. This vulnerabil ...)
+ TODO: check
+CVE-2026-12324 (Incorrect boundary conditions in the Graphics: CanvasWebGL component. ...)
+ TODO: check
+CVE-2026-12323 (Spoofing issue in the DOM: Core & HTML component. This vulnerability w ...)
+ TODO: check
+CVE-2026-12322 (Clickjacking issue in the Widget: Gtk component. This vulnerability wa ...)
+ TODO: check
+CVE-2026-12321 (JIT miscompilation in the JavaScript: WebAssembly component. This vuln ...)
+ TODO: check
+CVE-2026-12320 (Information disclosure in the Password Manager component. This vulnera ...)
+ TODO: check
+CVE-2026-12319 (Denial-of-service in the Audio/Video: Playback component. This vulnera ...)
+ TODO: check
+CVE-2026-12318 (Incorrect boundary conditions in the Libraries component in NSS. This ...)
+ TODO: check
+CVE-2026-12317 (Memory safety bug fixed in Thunderbird 152. This vulnerability was fix ...)
+ TODO: check
+CVE-2026-12316 (Mitigation bypass in the DOM: Security component. This vulnerability w ...)
+ TODO: check
+CVE-2026-12315 (Mitigation bypass in the DOM: Security component. This vulnerability w ...)
+ TODO: check
+CVE-2026-12314 (Memory safety bug fixed in Thunderbird 152. This vulnerability was fix ...)
+ TODO: check
+CVE-2026-12313 (Information disclosure, sandbox escape in the Security: Process Sandbo ...)
+ TODO: check
+CVE-2026-12312 (Memory safety bug fixed in Thunderbird 152. This vulnerability was fix ...)
+ TODO: check
+CVE-2026-12311 (Information disclosure, sandbox escape in the Security: Process Sandbo ...)
+ TODO: check
+CVE-2026-12310 (Memory safety bug fixed in Thunderbird 152. This vulnerability was fix ...)
+ TODO: check
+CVE-2026-12309 (Memory safety bug fixed in Thunderbird 152. This vulnerability was fix ...)
+ TODO: check
+CVE-2026-12308 (Memory safety bug fixed in Thunderbird 152. This vulnerability was fix ...)
+ TODO: check
+CVE-2026-12307 (Memory safety bug fixed in Thunderbird 152. This vulnerability was fix ...)
+ TODO: check
+CVE-2026-12306 (Memory safety bug fixed in Thunderbird 152. This vulnerability was fix ...)
+ TODO: check
+CVE-2026-12305 (Memory safety bug fixed in Thunderbird 152. This vulnerability was fix ...)
+ TODO: check
+CVE-2026-12304 (Same-origin policy bypass in the Networking: Cookies component. This v ...)
+ TODO: check
+CVE-2026-12303 (Information disclosure due to incorrect boundary conditions in the Gra ...)
+ TODO: check
+CVE-2026-12302 (Mitigation bypass in the DOM: Security component. This vulnerability w ...)
+ TODO: check
+CVE-2026-12301 (Memory safety bug fixed in Thunderbird 152. This vulnerability was fix ...)
+ TODO: check
+CVE-2026-12300 (Memory safety bug fixed in Thunderbird 152. This vulnerability was fix ...)
+ TODO: check
+CVE-2026-12299 (JIT miscompilation in the DOM: Core & HTML component. This vulnerabili ...)
+ TODO: check
+CVE-2026-12298 (Memory safety bug fixed in Thunderbird 152. This vulnerability was fix ...)
+ TODO: check
+CVE-2026-12297 (Sandbox escape due to incorrect boundary conditions in the Networking ...)
+ TODO: check
+CVE-2026-12296 (Sandbox escape in the Security: Process Sandboxing component. This vul ...)
+ TODO: check
+CVE-2026-12295 (Sandbox escape in the DOM: Navigation component. This vulnerability wa ...)
+ TODO: check
+CVE-2026-12294 (Sandbox escape in the DOM: Workers component. This vulnerability was f ...)
+ TODO: check
+CVE-2026-12293 (Use-after-free in the Graphics: WebGPU component. This vulnerability w ...)
+ TODO: check
+CVE-2026-12292 (Incorrect boundary conditions in the Web Audio component. This vulnera ...)
+ TODO: check
+CVE-2026-12291 (Use-after-free in the Networking: HTTP component. This vulnerability w ...)
+ TODO: check
+CVE-2026-12290 (Memory safety bug fixed in Thunderbird 152. This vulnerability was fix ...)
+ TODO: check
+CVE-2026-12289 (Privilege escalation in the Graphics: WebRender component. This vulner ...)
+ TODO: check
+CVE-2026-12225 (syracom AG Secure Login (2FA) for Atlassian Jira, Confluence, and Bitb ...)
+ TODO: check
+CVE-2026-12003 (To allow builds of Python to be run from an in-tree layout (rather tha ...)
+ TODO: check
+CVE-2026-11317 (A denial of service security issue exists in the affected product. The ...)
+ TODO: check
+CVE-2026-10831 (A denial-of-service vulnerability exists in NPort devices because of i ...)
+ TODO: check
+CVE-2026-10829 (A stack-based buffer overflow vulnerability has been found in the NPor ...)
+ TODO: check
+CVE-2026-10828 (A format string vulnerability has been found in the "alias" parameter ...)
+ TODO: check
+CVE-2026-10825 (A denial-of-service vulnerability exists in the WebSocket API due to i ...)
+ TODO: check
+CVE-2026-10748 (An authenticated user with the nx-licensing-create privilege can uploa ...)
+ TODO: check
+CVE-2026-10640 (Zephyr's IPv6 Neighbor Discovery send paths (net_ipv6_send_na, net_ipv ...)
+ TODO: check
+CVE-2026-10639 (In Zephyr's native IPv4 stack, icmpv4_handle_echo_request() in subsys/ ...)
+ TODO: check
+CVE-2026-10638 (subsys/net/ip/icmpv6.c reads the network interface from a net_pkt afte ...)
+ TODO: check
+CVE-2026-10637 (subsys/net/ip/ipv6_mld.c:mld_send() read the packet interface via net_ ...)
+ TODO: check
+CVE-2026-10636 (In Zephyr's IPv4 IGMP implementation, igmp_send() in subsys/net/ip/igm ...)
+ TODO: check
+CVE-2026-10093 (The File Sharing & Download Manager \u2013 User Private Files plugin f ...)
+ TODO: check
+CVE-2026-0647 (An improper authentication security issue exists within the 1794-AENTR ...)
+ TODO: check
+CVE-2026-0646 (A denial-of-service security issue exists within the 1794-AENTR adapte ...)
+ TODO: check
+CVE-2025-9912 (Nokia SR Linux is vulnerable to a local privilege escalation vulnerabi ...)
+ TODO: check
+CVE-2025-71261 (An attacker with network-level access between the SUSE Virtualization ...)
+ TODO: check
+CVE-2025-68045 (Unauthenticated Broken Access Control in WP Event SOlution <= 4.1.12 v ...)
+ TODO: check
+CVE-2025-14272 (A security issue wasidentifiedin Pavilion due to improperauthorization ...)
+ TODO: check
+CVE-2025-13036 (An authentication bypass security issue exists within FactoryTalk Hist ...)
+ TODO: check
+CVE-2025-11694 (A security issue exists within1769 CompactLogix controllersdue to them ...)
+ TODO: check
+CVE-2024-39575 (update_disk_psu_baseline.sh requires password in plain text)
+ TODO: check
+CVE-2024-38487 (api-gateway container running with root privilege would allow an attac ...)
+ TODO: check
+CVE-2024-30476 (PowerStore contains a Stored Cross-Site Scripting Vulnerability in the ...)
+ TODO: check
+CVE-2024-24909 (Dell OpenManage Integration with Microsoft Windows Admin Center contai ...)
+ TODO: check
+CVE-2024-22451 (Dell Peripheral Manager, versions from 1.5.1 to 1.7.2, contain an unco ...)
+ TODO: check
+CVE-2024-22447 (Dell Peripheral Manager, versions prior to 1.7.3, contain an uncontrol ...)
+ TODO: check
CVE-2026-46448
- nova <unfixed> (bug #1140149)
NOTE: https://www.openwall.com/lists/oss-security/2026/06/16/5
NOTE: https://launchpad.net/bugs/2151252
-CVE-2026-10649
+CVE-2026-10649 (A flaw was found in Pacemaker. An unauthenticated remote attacker can ...)
- pacemaker <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2026/06/16/6
NOTE: https://github.com/clusterLabs/pacemaker/pull/4128
CVE-2026-50203
NOT-FOR-US: Airflow provider
-CVE-2026-46331 [net/sched: fix pedit partial COW leading to page cache corruption]
+CVE-2026-46331 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/899ee91156e57784090c5565e4f31bd7dbffbc5a (7.1-rc7)
CVE-2026-39043
@@ -26282,6 +26566,7 @@ CVE-2026-42241 (ParquetSharp is a .NET library for reading and writing Apache Pa
CVE-2026-42239 (Budibase is an open-source low-code platform. Prior to version 3.35.10 ...)
NOT-FOR-US: Budibase
CVE-2026-42225 (PJSIP is a free and open source multimedia communication library writt ...)
+ {DLA-4631-1}
- pjproject <removed>
- asterisk <unfixed> (bug #1136007)
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-x2fv-6j6c-pxmx
@@ -34046,6 +34331,7 @@ CVE-2026-41416 (PJSIP is a free and open source multimedia communication library
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-f33g-8hjq-62xr
NOTE: https://github.com/pjsip/pjproject/commit/66fe416c96e957417621b7be16e9e587d159f9bb (2.17)
CVE-2026-41415 (PJSIP is a free and open source multimedia communication library writt ...)
+ {DLA-4631-1}
- pjproject <removed>
- asterisk <unfixed> (bug #1134884)
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-935m-fmf5-j4pm
@@ -36735,7 +37021,7 @@ CVE-2026-41651 (PackageKit is a a D-Bus abstraction layer that allows the user t
NOTE: https://github.com/PackageKit/PackageKit/security/advisories/GHSA-f55j-vvr9-69xv
NOTE: https://github.security.telekom.com/2026/04/pack2theroot-linux-local-privilege-escalation.html
NOTE: Fixed by: https://github.com/PackageKit/PackageKit/commit/76cfb675fb31acc3ad5595d4380bfff56d2a8697 (v1.3.5)
-CVE-2026-4367
+CVE-2026-4367 (A flaw was found in libXpm. A local user with low privileges could exp ...)
- libxpm 1:3.5.19-1 (bug #1134690)
[trixie] - libxpm <no-dsa> (Minor issue)
[bookworm] - libxpm <no-dsa> (Minor issue)
@@ -37382,6 +37668,7 @@ CVE-2026-40866 (Horilla is a free and open source Human Resource Management Syst
CVE-2026-40865 (Horilla is a free and open source Human Resource Management System (HR ...)
NOT-FOR-US: Horilla
CVE-2026-40614 (PJSIP is a free and open source multimedia communication library writt ...)
+ {DLA-4631-1}
- pjproject <removed>
- asterisk <unfixed> (bug #1134884)
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-j59p-4xrr-fp8g
@@ -48301,6 +48588,7 @@ CVE-2026-34240 (JOSE is a Javascript Object Signing and Encryption (JOSE) librar
CVE-2026-34237 (MCP Java SDK is the official Java SDK for Model Context Protocol serve ...)
NOT-FOR-US: MCP Java SDK
CVE-2026-34235 (PJSIP is a free and open source multimedia communication library writt ...)
+ {DLA-4631-1}
- pjproject <removed>
- asterisk <unfixed> (bug #1134884)
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-pqrm-53pc-wx28
@@ -54938,6 +55226,7 @@ CVE-2026-33071 (FileRise is a self-hosted web file manager / WebDAV server. In v
CVE-2026-33070 (FileRise is a self-hosted web file manager / WebDAV server. In version ...)
NOT-FOR-US: FileRise
CVE-2026-33069 (PJSIP is a free and open source multimedia communication library writt ...)
+ {DLA-4631-1}
- pjproject <removed>
- asterisk <unfixed> (bug #1134884)
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-x5pq-qrp4-fmrj
@@ -55280,11 +55569,13 @@ CVE-2026-32947 (Harden-Runner is a CI/CD security agent that works like an EDR f
CVE-2026-32946 (Harden-Runner is a CI/CD security agent that works like an EDR for Git ...)
NOT-FOR-US: Harden-Runner
CVE-2026-32945 (PJSIP is a free and open source multimedia communication library writt ...)
+ {DLA-4631-1}
- pjproject <removed>
- asterisk <unfixed> (bug #1134884)
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-jr2p-p2w4-rr9q
NOTE: https://github.com/pjsip/pjproject/commit/5311aee398ae9d623829a6bad7b679a193c9e199
CVE-2026-32942 (PJSIP is a free and open source multimedia communication library writt ...)
+ {DLA-4631-1}
- pjproject <removed>
- asterisk <unfixed> (bug #1134884)
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-g88q-c2hm-q7p7
@@ -61716,6 +62007,7 @@ CVE-2026-29074 (SVGO, short for SVG Optimizer, is a Node.js library and command-
CVE-2026-29073 (SiYuan is a personal knowledge management system. Prior to version 3.6 ...)
NOT-FOR-US: SiYuan
CVE-2026-29068 (PJSIP is a free and open source multimedia communication library writt ...)
+ {DLA-4631-1}
- pjproject <removed>
- asterisk <unfixed> (bug #1134884)
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-pqww-jrxr-457f
@@ -61771,6 +62063,7 @@ CVE-2026-28801 (Natro Macro is an open-source Bee Swarm Simulator macro written
CVE-2026-28800 (Natro Macro is an open-source Bee Swarm Simulator macro written in Aut ...)
NOT-FOR-US: Natro Macro
CVE-2026-28799 (PJSIP is a free and open source multimedia communication library writt ...)
+ {DLA-4631-1}
- pjproject <removed>
- asterisk <unfixed> (bug #1134884)
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-8fj4-fv9f-hjpc
@@ -68069,6 +68362,7 @@ CVE-2026-26974 (Slyde is a program that creates animated presentations from XML.
CVE-2026-26972 (OpenClaw is a personal AI assistant. In versions 2026.1.12 through 202 ...)
NOT-FOR-US: OpenClaw
CVE-2026-26967 (PJSIP is a free and open source multimedia communication library writt ...)
+ {DLA-4631-1}
- pjproject <removed>
- asterisk <unfixed> (bug #1134884)
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-x2hc-6969-g8v6
@@ -68315,6 +68609,7 @@ CVE-2026-26223 (SPIP before 4.4.8 allows cross-site scripting (XSS) in the priva
CVE-2026-26205 (opa-envoy-plugun is a plugin to enforce OPA policies with Envoy. Versi ...)
NOT-FOR-US: opa-envoy-plugun
CVE-2026-26203 (PJSIP is a free and open source multimedia communication library. Vers ...)
+ {DLA-4631-1}
- pjproject <removed>
- asterisk <unfixed> (bug #1134884)
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-p965-mf7j-gwv8
@@ -71452,6 +71747,7 @@ CVE-2026-26010 (OpenMetadata is a unified metadata platform. Prior to 1.11.8, ca
CVE-2026-25999 (Klaw is a self-service Apache Kafka Topic Management/Governance tool/p ...)
NOT-FOR-US: Klaw
CVE-2026-25994 (PJSIP is a free and open source multimedia communication library writt ...)
+ {DLA-4631-1}
- pjproject <removed>
- asterisk <unfixed> (bug #1134884)
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-j29p-pvh2-pvqp
@@ -105345,6 +105641,7 @@ CVE-2025-65107 (Langfuse is an open source large language model engineering plat
CVE-2025-65106 (LangChain is a framework for building agents and LLM-powered applicati ...)
NOT-FOR-US: LangChain
CVE-2025-65102 (PJSIP is a free and open source multimedia communication library. Prio ...)
+ {DLA-4631-1}
- pjproject <removed>
- asterisk <unfixed> (bug #1135620)
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-w5vr-39x7-h8g5
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a3002921a84d3c22f6ab93cd5252f6b42ba9729d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a3002921a84d3c22f6ab93cd5252f6b42ba9729d
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260616/c7df787c/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list