[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun Jun 28 20:16:12 BST 2026



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
81042852 by security tracker role at 2026-06-28T19:16:04+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,43 @@
+CVE-2026-49048 (The Joomla extension JoomCCK exposes a front-end controller task, that ...)
+	TODO: check
+CVE-2026-13504 (A vulnerability has been found in code-projects Project Management Sys ...)
+	TODO: check
+CVE-2026-13503 (A vulnerability was detected in antlr ANTLR4 up to 4.13.2. Affected by ...)
+	TODO: check
+CVE-2026-13502 (A flaw has been found in antlr ANTLR4 up to 4.13.2. This affects the f ...)
+	TODO: check
+CVE-2026-13501 (A security vulnerability has been detected in antlr ANTLR4 up to 4.13. ...)
+	TODO: check
+CVE-2026-13500 (A weakness has been identified in antlr ANTLR4 up to 4.13.2. Affected  ...)
+	TODO: check
+CVE-2026-13499 (A security flaw has been discovered in yashpokharna2555 restaurent-man ...)
+	TODO: check
+CVE-2026-13498 (A vulnerability was identified in yashpokharna2555 restaurent-manageme ...)
+	TODO: check
+CVE-2026-13497 (A vulnerability was determined in itsourcecode Hospital Management Sys ...)
+	TODO: check
+CVE-2026-13496 (A vulnerability was found in itsourcecode Hospital Management System 1 ...)
+	TODO: check
+CVE-2026-13495 (A vulnerability has been found in itsourcecode Hospital Management Sys ...)
+	TODO: check
+CVE-2026-13493 (A flaw has been found in AIDC-AI ComfyUI-Copilot up to 2.0.28. This is ...)
+	TODO: check
+CVE-2026-13491 (A vulnerability was detected in 78 xiaozhi-esp32 up to 2.2.6. This vul ...)
+	TODO: check
+CVE-2026-13490 (A security vulnerability has been detected in glpi-project glpi 11.0.5 ...)
+	TODO: check
+CVE-2026-13489 (A weakness has been identified in 78 xiaozhi-esp32 up to 2.2.6. Affect ...)
+	TODO: check
+CVE-2026-13488 (A security flaw has been discovered in SourceCodester Class and Exam T ...)
+	TODO: check
+CVE-2026-13487 (A vulnerability was identified in SourceCodester Class and Exam Timeta ...)
+	TODO: check
+CVE-2026-13486 (A vulnerability was determined in SourceCodester Class and Exam Timeta ...)
+	TODO: check
+CVE-2026-13485 (A vulnerability was found in SourceCodester Class and Exam Timetabling ...)
+	TODO: check
+CVE-2026-13484 (A vulnerability has been found in MLflow up to 4666cffc7912ea606d592fc ...)
+	TODO: check
 CVE-2026-8095 (The Frontend File Manager Plugin plugin for WordPress is vulnerable to ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-58058 (Nmap through 7.99 does not keep the IPv6 extension-header walk within  ...)
@@ -567,12 +607,14 @@ CVE-2026-53279 (In the Linux kernel, the following vulnerability has been resolv
 CVE-2026-9699 (Mattermost Plugins versions <=11.6 10.18.11 11.3.6 11.6.5.0 fail to sa ...)
 	NOT-FOR-US: Mattermost Plugins
 CVE-2026-9640 (A privilege escalation vulnerability exists in LXD from 6.0 before 6.9 ...)
+	{DSA-6373-1}
 	- lxd <removed>
 	NOTE: https://github.com/canonical/lxd/security/advisories/GHSA-ppq7-4492-5552
 	NOTE: https://github.com/canonical/lxd/pull/18301
 	NOTE: https://github.com/canonical/lxd/pull/18303
 	NOTE: https://github.com/canonical/lxd/pull/18304
 CVE-2026-9639 (Nil-pointer dereference in CreateCustomVolumeFromBackup in LXD up to v ...)
+	{DSA-6373-1}
 	- lxd <removed>
 	NOTE: https://github.com/canonical/lxd/security/advisories/GHSA-j93m-3j9p-m5m8
 	NOTE: https://github.com/canonical/lxd/pull/18320
@@ -1275,54 +1317,54 @@ CVE-2021-47986 (Parse Server before 4.10.0 contains a supply chain vulnerability
 CVE-2020-37256 (Grav before 1.6.30 contains a cross-site scripting vulnerability in th ...)
 	NOT-FOR-US: Grav CMS
 CVE-2026-48750
-	{DSA-6370-1}
+	{DSA-6373-1 DSA-6370-1}
 	- incus 7.0.0-5
 	- lxd <removed>
 	NOTE: https://github.com/lxc/incus/security/advisories/GHSA-73hr-m85f-64v9
 	NOTE: https://github.com/canonical/lxd/pull/18590
 CVE-2026-48751
-	{DSA-6370-1}
+	{DSA-6373-1 DSA-6370-1}
 	- incus 7.0.0-5
 	- lxd <removed>
 	NOTE: https://github.com/lxc/incus/security/advisories/GHSA-48q5-w887-33wv
 	NOTE: https://github.com/canonical/lxd/pull/18604
 CVE-2026-48752
-	{DSA-6370-1}
+	{DSA-6373-1 DSA-6370-1}
 	- incus 7.0.0-5
 	- lxd <removed>
 	NOTE: https://github.com/lxc/incus/security/advisories/GHSA-vxp5-584q-c479
 	NOTE: https://github.com/lxc/incus/commit/cbefa31ae0da8fd96361178aed3a3c631e098fef (v7.2.0)
 	NOTE: https://github.com/canonical/lxd/pull/18590
 CVE-2026-48755
-	{DSA-6370-1}
+	{DSA-6373-1 DSA-6370-1}
 	- incus 7.0.0-5
 	- lxd <removed>
 	NOTE: https://github.com/lxc/incus/security/advisories/GHSA-v6mj-8pf4-hhw4
 	NOTE: https://github.com/lxc/incus/commit/873a032a461df6b09b7586435b592873863a4e88 (v7.2.0)
 	NOTE: https://github.com/canonical/lxd/pull/18597
 CVE-2026-48769
-	{DSA-6370-1}
+	{DSA-6373-1 DSA-6370-1}
 	- incus 7.0.0-5
 	- lxd <removed>
 	NOTE: https://github.com/lxc/incus/security/advisories/GHSA-f6m5-xw2g-xc4x
 	NOTE: https://github.com/lxc/incus/commit/46d6ef232186df5535c49ca9f3597cab381f9b86 (v7.2.0)
 	NOTE: https://github.com/canonical/lxd/pull/18594
 CVE-2026-55621
-	{DSA-6370-1}
+	{DSA-6373-1 DSA-6370-1}
 	- incus 7.0.0-5
 	- lxd <removed>
 	NOTE: https://github.com/lxc/incus/security/advisories/GHSA-64f3-v33m-w89f
 	NOTE: https://github.com/lxc/incus/commit/2e01078366e2653712719dec82318e51c6d21b28 (v7.2.0)
 	NOTE: https://github.com/canonical/lxd/pull/18603
 CVE-2026-55622
-	{DSA-6370-1}
+	{DSA-6373-1 DSA-6370-1}
 	- incus 7.0.0-5
 	- lxd <removed>
 	NOTE: https://github.com/lxc/incus/security/advisories/GHSA-c9f5-j9c3-mhrg
 	NOTE: https://github.com/lxc/incus/commit/1e3ffc53a10950e55de62ac1e0d612be597b84eb (v7.2.0)
 	NOTE: https://github.com/canonical/lxd/pull/18603
 CVE-2026-48749
-	{DSA-6370-1}
+	{DSA-6373-1 DSA-6370-1}
 	- incus 7.0.0-5
 	- lxd <removed>
 	NOTE: https://github.com/lxc/incus/security/advisories/GHSA-2q3f-q5pq-g8wv
@@ -17238,6 +17280,7 @@ CVE-2026-50219 (libexpat before 2.8.2 lacks handler call depth tracking for call
 	- expat 2.8.2-1 (bug #1138862)
 	NOTE: https://github.com/libexpat/libexpat/pull/1246
 CVE-2026-8829 (HTML::Entities versions before 3.84 for Perl read freed heap memory in ...)
+	{DLA-4655-1}
 	- libhtml-parser-perl 3.83-2
 	[trixie] - libhtml-parser-perl <no-dsa> (Minor issue)
 	[bookworm] - libhtml-parser-perl <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8104285283b0e0dc947a83c699e161762e9bc96e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8104285283b0e0dc947a83c699e161762e9bc96e
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260628/4435f33d/attachment.htm>


More information about the debian-security-tracker-commits mailing list