[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jun 30 08:13:41 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6a14cd6a by security tracker role at 2026-06-30T07:13:35+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,164 @@
-CVE-2026-55956
+CVE-2026-9576 (The Fluent Booking WordPress plugin before 2.1.2 does not verify owne ...)
+ TODO: check
+CVE-2026-8944 (The Plugin for Google Analytics by IO technologies plugin for WordPres ...)
+ TODO: check
+CVE-2026-8023 (Zephyr's HTTP server (subsys/net/lib/http) provides a static-filesyste ...)
+ TODO: check
+CVE-2026-7656 (The IPv6 Neighbor Discovery handlers in subsys/net/ip/ipv6_nbr.c (hand ...)
+ TODO: check
+CVE-2026-57997 (Strapi users-permissions plugin fails to restrict JWT algorithms when ...)
+ TODO: check
+CVE-2026-57919 (PBackupVSS.exe in Matrix42 Empirum before 25.5 and 26.x before 26.2 cr ...)
+ TODO: check
+CVE-2026-57498 (Coolify is an open-source and self-hostable tool for managing servers, ...)
+ TODO: check
+CVE-2026-56809 (Multiple laser printers and MFPs (multifunction printers) which implem ...)
+ TODO: check
+CVE-2026-56808 (DGM3103SCT provided by AVTECH Security Corporation contains an OS comm ...)
+ TODO: check
+CVE-2026-56137 (RPG MAKER MV and MZ provided by Gotcha Gotcha Games Inc. contain an OS ...)
+ TODO: check
+CVE-2026-55957 (Missing Critical Step in Authentication vulnerability in Apache Tomcat ...)
+ TODO: check
+CVE-2026-54889 (Improper Neutralization of Input During Web Page Generation (XSS) vuln ...)
+ TODO: check
+CVE-2026-54888 (Uncontrolled Recursion vulnerability in leandrocp mdex allows denial o ...)
+ TODO: check
+CVE-2026-53429 (Missing Release of Memory after Effective Lifetime vulnerability in le ...)
+ TODO: check
+CVE-2026-53426 (Allocation of Resources Without Limits or Throttling vulnerability in ...)
+ TODO: check
+CVE-2026-51221 (A buffer overflow in the Get_Attribute_List function of EIPStackGroup ...)
+ TODO: check
+CVE-2026-51219 (A heap buffer overflow in the HighPriorityASDUQueue_hasUnconfirmedIMes ...)
+ TODO: check
+CVE-2026-51218 (A heap buffer overflow in the TS7Worker::PerformFunctionWrite() functi ...)
+ TODO: check
+CVE-2026-43746 (A use-after-free issue was addressed with improved memory management. ...)
+ TODO: check
+CVE-2026-43745 (An out-of-bounds write issue was addressed with improved input validat ...)
+ TODO: check
+CVE-2026-43743 (A race condition was addressed with improved state handling. This issu ...)
+ TODO: check
+CVE-2026-43742 (A use-after-free issue was addressed with improved memory management. ...)
+ TODO: check
+CVE-2026-43740 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2026-43735 (The issue was addressed with improved checks. This issue is fixed in S ...)
+ TODO: check
+CVE-2026-43734 (A use-after-free issue was addressed with improved memory management. ...)
+ TODO: check
+CVE-2026-43732 (A path handling issue was addressed with improved validation. This iss ...)
+ TODO: check
+CVE-2026-43731 (A use-after-free issue was addressed with improved memory management. ...)
+ TODO: check
+CVE-2026-43727 (A use-after-free issue was addressed with improved memory management. ...)
+ TODO: check
+CVE-2026-43726 (A use-after-free issue was addressed with improved memory management. ...)
+ TODO: check
+CVE-2026-43725 (The issue was addressed with improved input validation. This issue is ...)
+ TODO: check
+CVE-2026-43724 (The issue was addressed with improved input sanitization. This issue i ...)
+ TODO: check
+CVE-2026-43722 (The issue was addressed with improved input sanitization. This issue i ...)
+ TODO: check
+CVE-2026-43721 (This issue was addressed through improved state management. This issue ...)
+ TODO: check
+CVE-2026-43720 (A use-after-free issue was addressed with improved memory management. ...)
+ TODO: check
+CVE-2026-43718 (A stack overflow was addressed with improved input validation. This is ...)
+ TODO: check
+CVE-2026-43717 (A use-after-free issue was addressed with improved memory management. ...)
+ TODO: check
+CVE-2026-43716 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2026-43715 (A use-after-free issue was addressed with improved memory management. ...)
+ TODO: check
+CVE-2026-43713 (A permissions issue was addressed with additional restrictions. This i ...)
+ TODO: check
+CVE-2026-43712 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2026-43709 (A use-after-free issue was addressed with improved memory management. ...)
+ TODO: check
+CVE-2026-43708 (The issue was addressed with improved input validation. This issue is ...)
+ TODO: check
+CVE-2026-43707 (A memory corruption issue was addressed with improved memory handling. ...)
+ TODO: check
+CVE-2026-43706 (A double free issue was addressed with improved memory management. Thi ...)
+ TODO: check
+CVE-2026-43705 (A type confusion issue was addressed with improved checks. This issue ...)
+ TODO: check
+CVE-2026-43704 (A use-after-free issue was addressed with improved memory management. ...)
+ TODO: check
+CVE-2026-43703 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2026-43701 (The issue was addressed with improved checks. This issue is fixed in S ...)
+ TODO: check
+CVE-2026-43700 (A cross-origin issue was addressed with improved tracking of security ...)
+ TODO: check
+CVE-2026-43699 (A use-after-free issue was addressed with improved memory management. ...)
+ TODO: check
+CVE-2026-43676 (An out-of-bounds access issue was addressed with improved bounds check ...)
+ TODO: check
+CVE-2026-43663 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2026-41896 (Coolify is an open-source and self-hostable tool for managing servers, ...)
+ TODO: check
+CVE-2026-39872 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2026-39868 (This issue was addressed with improved input validation. This issue is ...)
+ TODO: check
+CVE-2026-37637 (An issue in Alexantr filemanager v.1.0 allows a remote attacker to exe ...)
+ TODO: check
+CVE-2026-34597 (Coolify is an open-source and self-hostable tool for managing servers, ...)
+ TODO: check
+CVE-2026-34594 (Coolify is an open-source and self-hostable tool for managing servers, ...)
+ TODO: check
+CVE-2026-34592 (Coolify is an open-source and self-hostable tool for managing servers, ...)
+ TODO: check
+CVE-2026-31016 (Cross Site Request Forgery vulnerability in Squidex.io Squidex CMS v.7 ...)
+ TODO: check
+CVE-2026-28979 (An out-of-bounds access issue was addressed with improved bounds check ...)
+ TODO: check
+CVE-2026-14164 (A double free issue has been identified in libarchive's RAR5 reader. D ...)
+ TODO: check
+CVE-2026-14160 (Time-of-check time-of-use (TOCTOU) race condition vulnerability in Sam ...)
+ TODO: check
+CVE-2026-13763 (Inconsistent interpretation of HTTP/2 requests in AWS Application Load ...)
+ TODO: check
+CVE-2026-13762 (Inconsistent interpretation of HTTP/2 requests in Amazon CloudFront wi ...)
+ TODO: check
+CVE-2026-13008
+ REJECTED
+CVE-2026-12819 (Delta Electronics DVP12SE PLC exposes a Modbus TCP service over a spec ...)
+ TODO: check
+CVE-2026-12818 (Delta Electronics DVP12SE PLCs are susceptible to a resource allocatio ...)
+ TODO: check
+CVE-2026-12560 (The Editorial Rating \u2013 Product Review & Rating System plugin for ...)
+ TODO: check
+CVE-2026-12349 (The Premium Addons for KingComposer plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2026-12243 (NLTK version 3.9.4 is vulnerable to a path traversal attack due to an ...)
+ TODO: check
+CVE-2026-12240 (The Export User Data plugin for WordPress is vulnerable to arbitrary f ...)
+ TODO: check
+CVE-2026-12114 (The Team Members \u2013 Multi Language Supported Team Plugin plugin fo ...)
+ TODO: check
+CVE-2026-12073 (The ProfileGrid \u2013 User Profiles, Groups and Communities plugin fo ...)
+ TODO: check
+CVE-2026-11590 (The WP Support Plus Responsive Ticket System WordPress plugin through ...)
+ TODO: check
+CVE-2026-11589 (The WP Support Plus Responsive Ticket System WordPress plugin through ...)
+ TODO: check
+CVE-2026-11581 (The Kali Forms \u2014 Contact Form & Drag-and-Drop Builder WordPress p ...)
+ TODO: check
+CVE-2026-11367 (The PixMagix \u2013 WordPress Image Editor plugin for WordPress is vul ...)
+ TODO: check
+CVE-2026-10648 (mcumgr_serial_process_frag() in subsys/mgmt/mcumgr/transport/src/seria ...)
+ TODO: check
+CVE-2026-10647 (The USB CDC-NCM device class (subsys/usb/device_next/class/usbd_cdc_nc ...)
+ TODO: check
+CVE-2026-55956 (Improper Authorization vulnerability in Apache Tomcat leads to securit ...)
- tomcat11 <unfixed>
- tomcat10 <unfixed>
- tomcat9 9.0.70-2
@@ -6,7 +166,7 @@ CVE-2026-55956
NOTE: https://github.com/apache/tomcat/commit/3f6bd2ba5e53d1f340bbe5ad2d42a28b29440b7a (11.0.23)
NOTE: https://github.com/apache/tomcat/commit/9c3b1efb74fd04f77639720af1d48a8f664ad9bb (10.1.56)
NOTE: https://github.com/apache/tomcat/commit/a0374c450970760efafbd8806a1db278830ba7bd (9.0.119)
-CVE-2026-55955
+CVE-2026-55955 (Improper Authentication vulnerability in Apache Tomcat allowed a repla ...)
- tomcat11 <unfixed>
- tomcat10 <unfixed>
- tomcat9 9.0.70-2
@@ -14,7 +174,7 @@ CVE-2026-55955
NOTE: https://github.com/apache/tomcat/commit/5e594400c7f6ac0eaf2526bd64442a70f5ccaace (11.0.23)
NOTE: https://github.com/apache/tomcat/commit/3a9ff01d2dfaca651edacbda3260e37b98b540d3 (10.1.56)
NOTE: https://github.com/apache/tomcat/commit/6a7a432cd7fb4ef358dc12e8da99cf3ab320f3fe (9.0.119)
-CVE-2026-55276
+CVE-2026-55276 (Always-Incorrect Control Flow Implementation vulnerability in Apache T ...)
- tomcat11 <unfixed>
- tomcat10 <unfixed>
- tomcat9 9.0.70-2
@@ -24,7 +184,7 @@ CVE-2026-55276
NOTE: https://github.com/apache/tomcat/commit/25677f90fd721c26ef0f613d34ef8275b1aafc31 (10.1.56)
NOTE: https://github.com/apache/tomcat/commit/17daf80a738d66a8e6cad05c5e32c2db81500ce1 (10.1.56)
NOTE: https://github.com/apache/tomcat/commit/3ca8cae5fd3796b1bd9759e11b0e238161e7a39c (9.0.119)
-CVE-2026-53434
+CVE-2026-53434 (Detection of Error Condition Without Action vulnerability in Apache To ...)
- tomcat11 <unfixed>
- tomcat10 <unfixed>
- tomcat9 9.0.70-2
@@ -32,7 +192,7 @@ CVE-2026-53434
NOTE: https://github.com/apache/tomcat/commit/7f8ecdbd930d8c5a7fae73aa0eec9124d919e2f5 (11.0.23)
NOTE: https://github.com/apache/tomcat/commit/feec60d6099727db6f911534f6a0f6926ebab070 (10.1.56)
NOTE: https://github.com/apache/tomcat/commit/c48ac39c27f4494f8c96b9d56a487253e362d276 (9.0.119)
-CVE-2026-53404
+CVE-2026-53404 (Always-Incorrect Control Flow Implementation vulnerability in Apache T ...)
- tomcat11 <unfixed>
- tomcat10 <unfixed>
- tomcat9 9.0.70-2
@@ -40,7 +200,7 @@ CVE-2026-53404
NOTE: https://github.com/apache/tomcat/commit/b647cb584cea8bf95e64f5d2526c59ab8fca3225 (11.0.23)
NOTE: https://github.com/apache/tomcat/commit/bbb6219fa5ac185060bef7842cee5fb90230ca00 (10.1.56)
NOTE: https://github.com/apache/tomcat/commit/fe06ae8a71997061596f54189dae1b1b5da75430 (9.0.119)
-CVE-2026-50229
+CVE-2026-50229 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...)
- tomcat11 <unfixed>
- tomcat10 <unfixed>
- tomcat9 9.0.70-2
@@ -48,18 +208,18 @@ CVE-2026-50229
NOTE: https://github.com/apache/tomcat/commit/1fe95d841e9d461a16069974142d12c3ef68819a (11.0.23)
NOTE: https://github.com/apache/tomcat/commit/0d5bdd5b0dd964e9f73e530b7d753462b9bfd1d0 (10.1.56)
NOTE: https://github.com/apache/tomcat/commit/de5a950415fc67713f17fab63d0c7809e0fca80b (9.0.119)
-CVE-2026-13758
+CVE-2026-13758 (CryptX versions before 0.088_001 for Perl compare AEAD authentication ...)
- libcryptx-perl 0.089-1
NOTE: https://lists.security.metacpan.org/cve-announce/msg/41398101/
NOTE: Fixed by: https://github.com/DCIT/perl-CryptX/commit/7e56347d420aaf43b2ee1586f4a230492ccf1642 (v0.089)
-CVE-2026-13593
+CVE-2026-13593 (CSS::Minifier::XS versions before 0.14 for Perl have a memory leak whe ...)
- libcss-minifier-xs-perl 0.14-1
NOTE: https://lists.security.metacpan.org/cve-announce/msg/41396070/
-CVE-2026-56018
+CVE-2026-56018 (JavaScript::Minifier::XS versions before 0.16 for Perl leak memory on ...)
- libjavascript-minifier-xs-perl 0.16-1
NOTE: https://lists.security.metacpan.org/cve-announce/msg/41396069/
NOTE: https://github.com/bleargh45/JavaScript-Minifier-XS/issues/10
-CVE-2026-56017
+CVE-2026-56017 (JavaScript::Minifier::XS versions before 0.16 for Perl crash with a NU ...)
- libjavascript-minifier-xs-perl 0.16-1
NOTE: https://lists.security.metacpan.org/cve-announce/msg/41396063/
CVE-2026-9267 (Eclipse tinydtls before commitb3efd41ad111a4920f599f51ffa4f5e9f1e72221 ...)
@@ -463,7 +623,7 @@ CVE-2026-50160
CVE-2026-53325 (In the Linux kernel, the following vulnerability has been resolved: a ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/b08472db93b1ccff84a7adec5779d47f0e9d3a30 (7.2-rc1)
-CVE-2026-58302
+CVE-2026-58302 (rtapi_app in linuxcnc-uspace in LinuxCNC before 2.9.9 allows privilege ...)
- linuxcnc 1:2.9.9-1 (bug #1140943)
[trixie] - linuxcnc <no-dsa> (Will be fixed via point release)
[bookworm] - linuxcnc <no-dsa> (Will be fixed via point release)
@@ -33927,7 +34087,8 @@ CVE-2026-5172 (A buffer overflow in dnsmasq\u2019s extract_addresses() function
NOTE: https://xchglabs.com/blog/dnsmasq-five-cves.html
NOTE: Fixed by: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=073082ddc0aba7b8efa15a688d6183463b65effa (v2.93rc1)
NOTE: Introduced with: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=638c7c4d20004c0f320820098e29df62a27dd2a1 (v2.90test1)
-CVE-2026-13601 [yelp: Sandbox escape]
+CVE-2026-13601 (A flaw was found in Yelp due to an overly permissive Content Security ...)
+ {DSA-6319-1 DLA-4647-1}
- yelp 49.1-1 (bug #1136299)
NOTE: https://blogs.gnome.org/mcatanzaro/2026/05/11/flatpak-sandbox-escape-via-yelp/
NOTE: https://gitlab.gnome.org/GNOME/yelp/-/work_items/238
@@ -104231,7 +104392,8 @@ CVE-2025-63757 (Integer overflow vulnerability in the yuv2ya16_X_c_template func
NOTE: https://code.ffmpeg.org/FFmpeg/FFmpeg/716cf25eb8616e8e068a7c2a5d23ae107bd117b4 (n8.0.1)
NOTE: https://code.ffmpeg.org/FFmpeg/FFmpeg/19877054e340e2babb7ef0d00e81c12bfeb19391 (n7.1.3)
NOTE: https://code.ffmpeg.org/FFmpeg/FFmpeg/ac4caa33bae5841649c61d4f8a0608dfa59c4fa1 (n5.1.8)
-CVE-2025-63391 (An authentication bypass vulnerability exists in Open-WebUI <=0.6.32 i ...)
+CVE-2025-63391
+ REJECTED
NOT-FOR-US: open-webui
CVE-2025-63390 (An authentication bypass vulnerability exists in AnythingLLM v1.8.5 in ...)
NOT-FOR-US: AnythingLLM
@@ -185553,7 +185715,8 @@ CVE-2025-29660 (A vulnerability exists in the daemon process of the Yi IOT XY-38
NOT-FOR-US: Yi IOT XY-3820
CVE-2025-29659 (Yi IOT XY-3820 6.0.24.10 is vulnerable to Remote Command Execution via ...)
NOT-FOR-US: Yi IOT XY-3820
-CVE-2025-29446 (open-webui v0.5.16 is vulnerable to SSRF in routers/ollama.py in funct ...)
+CVE-2025-29446
+ REJECTED
NOT-FOR-US: open-webui
CVE-2025-29287 (An arbitrary file upload vulnerability in the ueditor component of MCM ...)
NOT-FOR-US: MCMS
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6a14cd6aafea0798e1a0cf1fd6427245d476414b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6a14cd6aafea0798e1a0cf1fd6427245d476414b
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260630/eb3d1d2b/attachment.htm>
More information about the debian-security-tracker-commits
mailing list