[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jun 25 08:13:24 BST 2026



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
703f6602 by security tracker role at 2026-06-25T07:13:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,6 +1,332 @@
-CVE-2026-13201
+CVE-2026-9787 (Quest NetVault Backup NVBULogDaemon Command Injection Remote Code Exec ...)
+	TODO: check
+CVE-2026-9786 (Quest NetVault Backup NVBUDashboard SQL Injection Remote Code Executio ...)
+	TODO: check
+CVE-2026-9785 (Quest NetVault Backup NVBULibrarySlot SQL Injection Remote Code Execut ...)
+	TODO: check
+CVE-2026-9784 (Quest NetVault Backup NVBULibraryPort SQL Injection Remote Code Execut ...)
+	TODO: check
+CVE-2026-9783 (Quest NetVault Backup NVBURemovableMedia SQL Injection Remote Code Exe ...)
+	TODO: check
+CVE-2026-9782 (Quest NetVault Backup NVBUDeviceDrive SQL Injection Remote Code Execut ...)
+	TODO: check
+CVE-2026-9781 (Quest NetVault Backup NVBURASDevice SQL Injection Remote Code Executio ...)
+	TODO: check
+CVE-2026-9780 (Quest NetVault Backup addclient3 Cross-Site Scripting Authentication B ...)
+	TODO: check
+CVE-2026-9779 (ATEN Unizon doCryptoHugeFileToFile Improper Verification of Cryptograp ...)
+	TODO: check
+CVE-2026-9778 (ATEN Unizon ImportDeviceList Directory Traversal Remote Code Execution ...)
+	TODO: check
+CVE-2026-9777 (ATEN Unizon restoreDB Directory Traversal Remote Code Execution Vulner ...)
+	TODO: check
+CVE-2026-9776 (ATEN Unizon writeFileToHttpServletResponse Directory Traversal Informa ...)
+	TODO: check
+CVE-2026-9775 (ATEN Unizon uploadSSL Directory Traversal Arbitrary File Deletion Vuln ...)
+	TODO: check
+CVE-2026-9774 (ATEN Unizon updateLicense Directory Traversal Arbitrary File Deletion  ...)
+	TODO: check
+CVE-2026-9773 (Unraid Web Server ToggleState Command Injection Remote Code Execution  ...)
+	TODO: check
+CVE-2026-9772 (Unraid Web Server FileUpload Command Injection Remote Code Execution V ...)
+	TODO: check
+CVE-2026-9702 (The InPost PL WordPress plugin before 1.9.1 does not verify that the r ...)
+	TODO: check
+CVE-2026-9155 (OS Command Injection vulnerability in Rapid7 InsightConnect Sed Plugin ...)
+	TODO: check
+CVE-2026-9154 (Arbitrary File Write vulnerability in Rapid7 InsightConnect Sed Plugin ...)
+	TODO: check
+CVE-2026-9153 (Arbitrary File Read vulnerability in Rapid7 InsightConnect Sed Plugin  ...)
+	TODO: check
+CVE-2026-8666 (OS Command Injection vulnerability in the traceroute action of Rapid7  ...)
+	TODO: check
+CVE-2026-8665 (OS Command Injection vulnerability in the TR action of Rapid7 InsightC ...)
+	TODO: check
+CVE-2026-8664 (OS Command Injection vulnerability in Rapid7 InsightConnect Finger Plu ...)
+	TODO: check
+CVE-2026-8663 (OS Command Injection vulnerability in Rapid7 InsightConnect RPM Plugin ...)
+	TODO: check
+CVE-2026-8662 (Path Traversal vulnerability in the create_archive function of Rapid7  ...)
+	TODO: check
+CVE-2026-8660 (OS Command Injection vulnerability in the ping action of Rapid7 Insigh ...)
+	TODO: check
+CVE-2026-8659 (OS Command Injection vulnerability in Rapid7 InsightConnect SQLmap Plu ...)
+	TODO: check
+CVE-2026-8658 (OS Command Injection vulnerability in Rapid7 InsightConnect Tcpdump Pl ...)
+	TODO: check
+CVE-2026-8592 (OS Command Injection vulnerability in the process_string action of Rap ...)
+	TODO: check
+CVE-2026-8330 (GitLab has remediated an issue in GitLab CE/EE affecting all versions  ...)
+	TODO: check
+CVE-2026-7570 (Quest NetVault Backup NVBUDashboard SQL Injection Remote Code Executio ...)
+	TODO: check
+CVE-2026-7569 (Quest NetVault Backup viewclient Cross-Site Scripting Authentication B ...)
+	TODO: check
+CVE-2026-7539 (A potential security vulnerability has been identified in the HP Acces ...)
+	TODO: check
+CVE-2026-5952 (GitLab has remediated an issue in GitLab CE/EE affecting all versions  ...)
+	TODO: check
+CVE-2026-5796 (GitLab has remediated an issue in GitLab CE/EE affecting all versions  ...)
+	TODO: check
+CVE-2026-5309 (GitLab has remediated an issue in GitLab EE affecting all versions fro ...)
+	TODO: check
+CVE-2026-5305 (The Email Address Encoder WordPress plugin before 1.0.25, email-encode ...)
+	TODO: check
+CVE-2026-57589 (sys/kern/sysv_sem.c in OpenBSD through 7.9 has a use-after-free allowi ...)
+	TODO: check
+CVE-2026-55762 (Rocket.Chat is an open-source, secure, fully customizable communicatio ...)
+	TODO: check
+CVE-2026-55759 (Rocket.Chat is an open-source, secure, fully customizable communicatio ...)
+	TODO: check
+CVE-2026-55666 (Rocket.Chat is an open-source, secure, fully customizable communicatio ...)
+	TODO: check
+CVE-2026-55583 (Twenty is an open-source CRM (customer relationship management) platfo ...)
+	TODO: check
+CVE-2026-55570 (SiYuan is an open-source personal knowledge management system. Prior t ...)
+	TODO: check
+CVE-2026-55455 (Appsmith is a platform to build admin panels, internal tools, and dash ...)
+	TODO: check
+CVE-2026-55454 (Appsmith is a platform to build admin panels, internal tools, and dash ...)
+	TODO: check
+CVE-2026-54759 (SiYuan is an open-source personal knowledge management system. Prior t ...)
+	TODO: check
+CVE-2026-54158 (SiYuan is an open-source personal knowledge management system. Prior t ...)
+	TODO: check
+CVE-2026-54070 (SiYuan is an open-source personal knowledge management system. Prior t ...)
+	TODO: check
+CVE-2026-54069 (SiYuan is an open-source personal knowledge management system. Prior t ...)
+	TODO: check
+CVE-2026-54068 (SiYuan is an open-source personal knowledge management system. Prior t ...)
+	TODO: check
+CVE-2026-54067 (SiYuan is an open-source personal knowledge management system. Prior t ...)
+	TODO: check
+CVE-2026-54066 (SiYuan is an open-source personal knowledge management system. Prior t ...)
+	TODO: check
+CVE-2026-53766 (Chrome DevTools for agents (chrome-devtools-mcp) lets your coding agen ...)
+	TODO: check
+CVE-2026-53765 (Chrome DevTools for agents (chrome-devtools-mcp) lets your coding agen ...)
+	TODO: check
+CVE-2026-52816 (Gogs is an open source self-hosted Git service. Prior to 0.14.3, the J ...)
+	TODO: check
+CVE-2026-52815 (Gogs is an open source self-hosted Git service. Prior to 0.14.3, Gogs  ...)
+	TODO: check
+CVE-2026-52814 (Gogs is an open source self-hosted Git service. Prior to 0.14.3, the G ...)
+	TODO: check
+CVE-2026-52813 (Gogs is an open source self-hosted Git service. Prior to 0.14.3, organ ...)
+	TODO: check
+CVE-2026-52812 (Gogs is an open source self-hosted Git service. Prior to 0.14.3, Git L ...)
+	TODO: check
+CVE-2026-52811 (Gogs is an open source self-hosted Git service. Prior to 0.14.3, (*Rep ...)
+	TODO: check
+CVE-2026-52810 (Gogs is an open source self-hosted Git service. Prior to 0.14.3, Git s ...)
+	TODO: check
+CVE-2026-52809 (Gogs is an open source self-hosted Git service. Prior to 0.14.3, passw ...)
+	TODO: check
+CVE-2026-52808 (Gogs is an open source self-hosted Git service. Prior to 0.14.3, three ...)
+	TODO: check
+CVE-2026-52807 (Gogs is an open source self-hosted Git service. Prior to 0.14.3, in ne ...)
+	TODO: check
+CVE-2026-52806 (Gogs is an open source self-hosted Git service. Prior to 0.14.3, Gogs  ...)
+	TODO: check
+CVE-2026-52805 (Gogs is an open source self-hosted Git service. Prior to 0.14.3, a Ser ...)
+	TODO: check
+CVE-2026-52804 (Gogs is an open source self-hosted Git service. Prior to 0.14.3, a rep ...)
+	TODO: check
+CVE-2026-52802 (Gogs is an open source self-hosted Git service. Prior to 0.14.3, an op ...)
+	TODO: check
+CVE-2026-52801 (Gogs is an open source self-hosted Git service. Prior to 0.14.3, the G ...)
+	TODO: check
+CVE-2026-52800 (Gogs is an open source self-hosted Git service. Prior to 0.14.3, organ ...)
+	TODO: check
+CVE-2026-52799 (Gogs is an open source self-hosted Git service. Prior to 0.14.3, GET / ...)
+	TODO: check
+CVE-2026-52798 (Gogs is an open source self-hosted Git service. Prior to 0.14.3, altho ...)
+	TODO: check
+CVE-2026-52797 (Gogs is an open source self-hosted Git service. Prior to 0.14.0, as an ...)
+	TODO: check
+CVE-2026-52796 (Gogs is an open source self-hosted Git service. Prior to 0.14.3, speci ...)
+	TODO: check
+CVE-2026-52795 (Gogs is an open source self-hosted Git service. In 0.14.3 and earlier, ...)
+	TODO: check
+CVE-2026-52794 (Sentry is an error tracking and performance monitoring tool. From 24.4 ...)
+	TODO: check
+CVE-2026-50551 (SiYuan is an open-source personal knowledge management system. Prior t ...)
+	TODO: check
+CVE-2026-50189 (Appsmith is a platform to build admin panels, internal tools, and dash ...)
+	TODO: check
+CVE-2026-50129 (Mastodon is a free, open-source social network server based on Activit ...)
+	TODO: check
+CVE-2026-50128 (Mastodon is a free, open-source social network server based on Activit ...)
+	TODO: check
+CVE-2026-49979 (Appsmith is a platform to build admin panels, internal tools, and dash ...)
+	TODO: check
+CVE-2026-49278 (Rocket.Chat is an open-source, secure, fully customizable communicatio ...)
+	TODO: check
+CVE-2026-49277 (Rocket.Chat is an open-source, secure, fully customizable communicatio ...)
+	TODO: check
+CVE-2026-48028 (Mastodon is a free, open-source social network server based on Activit ...)
+	TODO: check
+CVE-2026-47733 (Rocket.Chat is an open-source, secure, fully customizable communicatio ...)
+	TODO: check
+CVE-2026-47389 (Mastodon is a free, open-source social network server based on Activit ...)
+	TODO: check
+CVE-2026-47267 (Gogs is an open source self-hosted Git service. Prior to 0.14.3, the f ...)
+	TODO: check
+CVE-2026-47110 (Tiptap for PHP before version 2.1.1 contains an input validation vulne ...)
+	TODO: check
+CVE-2026-47093
+	REJECTED
+CVE-2026-46423 (Rocket.Chat is an open-source, secure, fully customizable communicatio ...)
+	TODO: check
+CVE-2026-46349 (Mastodon is a free, open-source social network server based on Activit ...)
+	TODO: check
+CVE-2026-46348 (Mastodon is a free, open-source social network server based on Activit ...)
+	TODO: check
+CVE-2026-45757 (Rocket.Chat is an open-source, secure, fully customizable communicatio ...)
+	TODO: check
+CVE-2026-45689 (Rocket.Chat is an open-source, secure, fully customizable communicatio ...)
+	TODO: check
+CVE-2026-45688 (Rocket.Chat is an open-source, secure, fully customizable communicatio ...)
+	TODO: check
+CVE-2026-45687 (Rocket.Chat is an open-source, secure, fully customizable communicatio ...)
+	TODO: check
+CVE-2026-45677 (Rocket.Chat is an open-source, secure, fully customizable communicatio ...)
+	TODO: check
+CVE-2026-40079 (Cacti is an open source performance and fault management framework. Ve ...)
+	TODO: check
+CVE-2026-3176 (GitLab has remediated an issue in GitLab EE affecting all versions fro ...)
+	TODO: check
+CVE-2026-39955 (Cacti is an open source performance and fault management framework. Ve ...)
+	TODO: check
+CVE-2026-39951 (Cacti is an open source performance and fault management framework. Ve ...)
+	TODO: check
+CVE-2026-39948 (Cacti is an open source performance and fault management framework. In ...)
+	TODO: check
+CVE-2026-39938 (Cacti is an open source performance and fault management framework. Ve ...)
+	TODO: check
+CVE-2026-39900 (Cacti is an open source performance and fault management framework. Ve ...)
+	TODO: check
+CVE-2026-39899 (Cacti is an open source performance and fault management framework. Ve ...)
+	TODO: check
+CVE-2026-39897 (Cacti is an open source performance and fault management framework. Ve ...)
+	TODO: check
+CVE-2026-39894 (Cacti is an open source performance and fault management framework. In ...)
+	TODO: check
+CVE-2026-39893 (Cacti is an open source performance and fault management framework. In ...)
+	TODO: check
+CVE-2026-33543 (FOSSBilling is a free, open-source billing and client management syste ...)
+	TODO: check
+CVE-2026-33235 (AutoGPT is a workflow automation platform for creating, deploying, and ...)
+	TODO: check
+CVE-2026-32315 (motionEye (mEye) is an online interface for motion software, a video s ...)
+	TODO: check
+CVE-2026-31978 (motionEye (mEye) is an online interface for motion software, which is  ...)
+	TODO: check
+CVE-2026-2508 (The Gravity Forms Booking plugin for WordPress is vulnerable to time-b ...)
+	TODO: check
+CVE-2026-2238 (GitLab has remediated an issue in GitLab CE/EE affecting all versions  ...)
+	TODO: check
+CVE-2026-27708 (FOSSBilling is a free, open-source billing and client management syste ...)
+	TODO: check
+CVE-2026-25119 (Gogs is an open source self-hosted Git service. Prior to 0.14.3, when  ...)
+	TODO: check
+CVE-2026-23879 (py7zr is a Python-based library and utility to support 7zip archive co ...)
+	TODO: check
+CVE-2026-1840 (The Aclara Metrum Cellular Web Interface is vulnerable to unauthorized ...)
+	TODO: check
+CVE-2026-1606 (GitLab has remediated an issue in GitLab CE/EE affecting all versions  ...)
+	TODO: check
+CVE-2026-13311 (shell-quote prior to 1.8.5 finalizes parsed tokens in parse() using Ar ...)
+	TODO: check
+CVE-2026-13038 (Use after free in Autofill in Google Chrome on Windows prior to 149.0. ...)
+	TODO: check
+CVE-2026-13037 (Use after free in WebView in Google Chrome on Android prior to 149.0.7 ...)
+	TODO: check
+CVE-2026-13036 (Use after free in Blink in Google Chrome prior to 149.0.7827.197 allow ...)
+	TODO: check
+CVE-2026-13035 (Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.782 ...)
+	TODO: check
+CVE-2026-13034 (Inappropriate implementation in Passwords in Google Chrome prior to 14 ...)
+	TODO: check
+CVE-2026-13033 (Out of bounds read and write in Blink>InterestGroups in Google Chrome  ...)
+	TODO: check
+CVE-2026-13032 (Use after free in WebGL in Google Chrome on Android prior to 149.0.782 ...)
+	TODO: check
+CVE-2026-13031 (Use after free in Blink in Google Chrome prior to 149.0.7827.197 allow ...)
+	TODO: check
+CVE-2026-13030 (Uninitialized Use in GPU in Google Chrome on Android prior to 149.0.78 ...)
+	TODO: check
+CVE-2026-13029 (Use after free in Web Authentication in Google Chrome prior to 149.0.7 ...)
+	TODO: check
+CVE-2026-13028 (Use after free in WebGL in Google Chrome on Android prior to 149.0.782 ...)
+	TODO: check
+CVE-2026-13027 (Use after free in FileSystem in Google Chrome prior to 149.0.7827.197  ...)
+	TODO: check
+CVE-2026-13026 (Use after free in Digital Credentials in Google Chrome on Mac prior to ...)
+	TODO: check
+CVE-2026-13025 (Race in DevTools in Google Chrome prior to 149.0.7827.197 allowed a re ...)
+	TODO: check
+CVE-2026-13024 (Insufficient validation of untrusted input in Navigation in Google Chr ...)
+	TODO: check
+CVE-2026-13023 (Uninitialized Use in GPU in Google Chrome prior to 149.0.7827.197 allo ...)
+	TODO: check
+CVE-2026-13022 (Inappropriate implementation in Autofill in Google Chrome prior to 149 ...)
+	TODO: check
+CVE-2026-13021 (Inappropriate implementation in DeviceBoundSessionCredentials in Googl ...)
+	TODO: check
+CVE-2026-12635 (GitLab has remediated an issue in GitLab CE/EE affecting all versions  ...)
+	TODO: check
+CVE-2026-12490 (When a provide-xfr is given with a tls-auth-name, a secondary requesti ...)
+	TODO: check
+CVE-2026-12246 (NSD version 4.14.0 introduced a bug where a specially crafted APL RR,  ...)
+	TODO: check
+CVE-2026-12245 (NSD from version 4.13.0 has a heap use-after-free bug in logging error ...)
+	TODO: check
+CVE-2026-12244 (If NSD is configured as secondary for a zone, the primary of that zone ...)
+	TODO: check
+CVE-2026-12079 (The Dokan Pro plugin for WordPress is vulnerable to time-based SQL Inj ...)
+	TODO: check
+CVE-2026-12077 (The Dokan Pro plugin for WordPress is vulnerable to time-based SQL Inj ...)
+	TODO: check
+CVE-2026-12053 (GitLab has remediated an issue in GitLab EE affecting all versions fro ...)
+	TODO: check
+CVE-2026-11998 (A flaw in AngularJS' Strict Contextual Escaping (SCE) logic allows byp ...)
+	TODO: check
+CVE-2026-11379 (GitLab has remediated an issue in GitLab EE affecting all versions fro ...)
+	TODO: check
+CVE-2026-10833 (The Gutenberg Essential Blocks \u2013 Page Builder for Gutenberg Block ...)
+	TODO: check
+CVE-2026-10824 (The Masteriyo LMS  WordPress plugin before 2.2.1 does not perform auth ...)
+	TODO: check
+CVE-2026-10712 (GitLab has remediated an issue in GitLab CE/EE affecting all versions  ...)
+	TODO: check
+CVE-2026-10642 (The Zephyr PL011 UART driver (drivers/serial/uart_pl011.c) contains an ...)
+	TODO: check
+CVE-2026-10086 (GitLab has remediated an issue in GitLab EE affecting all versions fro ...)
+	TODO: check
+CVE-2026-10043 (MosaicML Composer Deserialization of Untrusted Data Remote Code Execut ...)
+	TODO: check
+CVE-2026-0934 (GitLab has remediated an issue in GitLab EE affecting all versions fro ...)
+	TODO: check
+CVE-2025-8106
+	REJECTED
+CVE-2025-64719 (Gogs is an open source self-hosted Git service. Prior to 0.14.3, a mal ...)
+	TODO: check
+CVE-2025-60474 (A buffer overflow in the gf_media_import function (/media_tools/av_par ...)
+	TODO: check
+CVE-2025-60473 (A NULL pointer dereference in the gf_filter_in_parent_chain function ( ...)
+	TODO: check
+CVE-2025-60471 (A use-after-free in the gf_filter_pid_reconfigure_task_discard functio ...)
+	TODO: check
+CVE-2025-60468 (GPAC Multimedia Open Source Project GPAC Project/MP4Box 2.5-DEV-rev159 ...)
+	TODO: check
+CVE-2025-60467 (A use-after-free in the gf_filter_pid_inst_swap_delete_task function ( ...)
+	TODO: check
+CVE-2025-60466 (A use-after-free in the gf_filter_pid_get_packet function (/filter_cor ...)
+	TODO: check
+CVE-2026-13201 (A flaw was found in KubeVirt's safepath package. The OpenAtNoFollow fu ...)
 	NOT-FOR-US: KubeVirt
-CVE-2026-13208
+CVE-2026-13208 (A flaw was found in KubeVirt's virt-handler domain notify server. The  ...)
 	NOT-FOR-US: KubeVirt
 CVE-2026-7761 (The Ultimate Member plugin for WordPress is vulnerable to Account Take ...)
 	NOT-FOR-US: WordPress plugin
@@ -76182,7 +76508,7 @@ CVE-2019-25379 (Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains stored
 	NOT-FOR-US: Smoothwall Express
 CVE-2019-25378 (Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple cros ...)
 	NOT-FOR-US: Smoothwall Express
-CVE-2026-2050 [ZDI-CAN-28266: New Vulnerability Report at rgbe.c]
+CVE-2026-2050 (GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution ...)
 	{DSA-6142-1 DLA-4487-1}
 	- gegl 1:0.4.66-1
 	NOTE: https://gitlab.gnome.org/GNOME/gegl/-/issues/446



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/703f6602bef1d2af3590bd8f566c0a617dd2e838

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/703f6602bef1d2af3590bd8f566c0a617dd2e838
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260625/78ebac42/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list