[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Jun 30 20:17:59 BST 2026



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
face9692 by security tracker role at 2026-06-30T19:17:53+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,227 @@
+CVE-2026-9711 (The EventON - WordPress Virtual Event Calendar Plugin plugin for WordP ...)
+	TODO: check
+CVE-2026-9263 (The Zephyr Bluetooth controller ISO Adaptation Layer (subsys/bluetooth ...)
+	TODO: check
+CVE-2026-8864 (The HP Fan Control App might allow local escalation of privileges. An  ...)
+	TODO: check
+CVE-2026-8655 (Multiple Memory overflow vulnerabilities inNetScaler ADC and NetScaler ...)
+	TODO: check
+CVE-2026-8452 (Memory overflow vulnerabilityNetScaler ADC and NetScaler Gatewayleadin ...)
+	TODO: check
+CVE-2026-8451 (Insufficient input validation inNetScaler ADC and NetScaler Gatewaylea ...)
+	TODO: check
+CVE-2026-8403 (Improper neutralization of input during web page generation ('cross-si ...)
+	TODO: check
+CVE-2026-8402 (Improper neutralization of special elements used in an SQL command ('S ...)
+	TODO: check
+CVE-2026-8141 (The Ajax Load More - Filters plugin for WordPress is vulnerable to Sto ...)
+	TODO: check
+CVE-2026-6954 (Cross-Site Scripting (XSS) vulnerability in Intermark IT's WebControl  ...)
+	TODO: check
+CVE-2026-6953 (HTML injection vulnerability in Intermark IT's WebControl CMS v3.5. Th ...)
+	TODO: check
+CVE-2026-6556 (@fastify/express versions 4.0.6 and earlier only rewrite the plugin pr ...)
+	TODO: check
+CVE-2026-58377 (JeecgBoot through 3.9.2 contains a broken access control vulnerability ...)
+	TODO: check
+CVE-2026-58376 (Dolibarr through 23.0.3, fixed in commit 14db36e, contains a sql injec ...)
+	TODO: check
+CVE-2026-58375 (JimuReport through 2.5.0 exposes the POST /jmreport/auto/export endpoi ...)
+	TODO: check
+CVE-2026-58374 (In hostapd before 2.12, a missing bounds check in AP-mode Wi-Fi 7 (IEE ...)
+	TODO: check
+CVE-2026-58373 (CVAT before 2.69.0 contains an improper authorization vulnerability in ...)
+	TODO: check
+CVE-2026-58372 (SeaweedFS before 4.34 contains a path traversal vulnerability in the S ...)
+	TODO: check
+CVE-2026-58371 (SeaweedFS before 4.30 reflects the callback query parameter verbatim i ...)
+	TODO: check
+CVE-2026-58370 (Woodpecker before 3.15.0 matches the ApprovalAllowedUsers bypass list  ...)
+	TODO: check
+CVE-2026-58369 (Woodpecker before 3.15.0 registers the /api/orgs/lookup/*org_full_name ...)
+	TODO: check
+CVE-2026-58176 (RuoYi-Vue-Plus through 5.6.2, fixed in commit 88d03d9, exposes workflo ...)
+	TODO: check
+CVE-2026-58174 (Hermes WebUI before 0.51.521 validates the workspace of an imported se ...)
+	TODO: check
+CVE-2026-58173 (Vibe-Trading before 0.1.10 contains a path traversal vulnerability tha ...)
+	TODO: check
+CVE-2026-58172 (Ocelot through 24.1.0, fixed in commit f156fd4, contains a security co ...)
+	TODO: check
+CVE-2026-58171 (Vibe-Trading before 0.1.10 constructs the swarm run directory by joini ...)
+	TODO: check
+CVE-2026-58170 (Vibe-Trading before 0.1.10 builds the proposal file path by joining a  ...)
+	TODO: check
+CVE-2026-58169 (Vibe-Trading before 0.1.10 contains a DNS rebinding authentication byp ...)
+	TODO: check
+CVE-2026-58168 (DeepTutor before version 1.4.10 contains an authorization bypass vulne ...)
+	TODO: check
+CVE-2026-58167 (Nightingale (n9e) before 9.0.0-beta.2 exposes full datasource configur ...)
+	TODO: check
+CVE-2026-58166 (OpenBMB ChatDev through 2.2.0, fixed in commit 4fd4da6, contains a pat ...)
+	TODO: check
+CVE-2026-58165 (OpenZiti through 2.0.0, fixed in commit 3027fdf, contains a privilege  ...)
+	TODO: check
+CVE-2026-58138 (Orkes Conductor 3.21.21 before 3.30.2 contains an unauthenticated remo ...)
+	TODO: check
+CVE-2026-58116 (LLaMA-Factory through 0.9.5 contains a remote code execution vulnerabi ...)
+	TODO: check
+CVE-2026-58016 (A flaw was found in GLib. A state confusion issue exists in g_dbus_nod ...)
+	TODO: check
+CVE-2026-58015 (A flaw was found in GLib. The D-Bus client-side implementation of the  ...)
+	TODO: check
+CVE-2026-58014 (A flaw was found in GLib. An off-by-one error can occur in the g_key_f ...)
+	TODO: check
+CVE-2026-58013 (A flaw was found in GLib. A buffer over-read can occur in g_io_channel ...)
+	TODO: check
+CVE-2026-58012 (A flaw was found in GLib. A buffer over-read can occur in the g_regex_ ...)
+	TODO: check
+CVE-2026-58011 (A flaw was found in GLib. An out-of-bounds read of only 2 bytes can oc ...)
+	TODO: check
+CVE-2026-58010 (A flaw was found in GLib. An off-by-one error can occur in the gvs_tup ...)
+	TODO: check
+CVE-2026-54475 (Missing Authorization vulnerability in Apache ActiveMQ Broker, Apache  ...)
+	TODO: check
+CVE-2026-53917 (Memory Allocation with Excessive Size Value vulnerability in Apache Ac ...)
+	TODO: check
+CVE-2026-53916 (Memory Allocation with Excessive Size Value vulnerability in Apache Ac ...)
+	TODO: check
+CVE-2026-53692 (Redeight CMS version 1.0 uses the MD5 algorithm without a salt to stor ...)
+	TODO: check
+CVE-2026-53691 (An Unrestricted File Upload vulnerability in Redeight CMS version 1.0  ...)
+	TODO: check
+CVE-2026-53690 (An SQL Injection vulnerability exists in Redeight CMS version 1.0 via  ...)
+	TODO: check
+CVE-2026-53433 (fzf is vulnerable to a Denial of Service (DoS) due to inefficient HTTP ...)
+	TODO: check
+CVE-2026-53432 (fzf is vulnerable toInteger Overflow leading to crash in FuzzyMatchV2  ...)
+	TODO: check
+CVE-2026-52760 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2026-50750 (Denial of Service via Out of Memory vulnerability in Apache ActiveMQ B ...)
+	TODO: check
+CVE-2026-50734 (Memory Allocation with Excessive Size Value vulnerability in Apache Ac ...)
+	TODO: check
+CVE-2026-4629 (A flaw was found in Keycloak. A highly privileged user with `manage-cl ...)
+	TODO: check
+CVE-2026-4360 (In the Tarfile.extract() function, the filter parameter is not passed  ...)
+	TODO: check
+CVE-2026-49877 (Improper Authorization vulnerability in Apache ActiveMQ.  An authentic ...)
+	TODO: check
+CVE-2026-49451 (The OpenAPI.NET SDK contains a useful object model for OpenAPI documen ...)
+	TODO: check
+CVE-2026-49434 (Improper Input Validation vulnerability in Apache ActiveMQ Broker, Apa ...)
+	TODO: check
+CVE-2026-49432 (Improper Input Validation vulnerability in Apache ActiveMQ, Apache Act ...)
+	TODO: check
+CVE-2026-48315 (ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Imp ...)
+	TODO: check
+CVE-2026-48314 (ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Imp ...)
+	TODO: check
+CVE-2026-48313 (ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Imp ...)
+	TODO: check
+CVE-2026-48307 (ColdFusion versions 2025.9, 2023.20 and earlier are affected by a refl ...)
+	TODO: check
+CVE-2026-48286 (Adobe Campaign Classic (ACC) versions 7.4.3 build 9396 and earlier are ...)
+	TODO: check
+CVE-2026-48285 (ColdFusion versions 2025.9, 2023.20 and earlier are affected by a Serv ...)
+	TODO: check
+CVE-2026-48283 (ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Unr ...)
+	TODO: check
+CVE-2026-48282 (ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Imp ...)
+	TODO: check
+CVE-2026-48281 (ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Imp ...)
+	TODO: check
+CVE-2026-48277 (ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Imp ...)
+	TODO: check
+CVE-2026-48276 (ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Unr ...)
+	TODO: check
+CVE-2026-48192 (A vulnerability has been identified in Mendix Studio Pro 10.11 (All ve ...)
+	TODO: check
+CVE-2026-47105
+	REJECTED
+CVE-2026-45822 (decode-uri-component through 0.4.1 is vulnerable to denial of service. ...)
+	TODO: check
+CVE-2026-44949 (A Rancher FleetWorkspace admission path allowed side effects to occur  ...)
+	TODO: check
+CVE-2026-44948 (A path traversal vulnerability was found in Fleet's ImageScan subsyste ...)
+	TODO: check
+CVE-2026-44947 (A missing clean-up in the legacy Project Role Template Binding (PRTB)  ...)
+	TODO: check
+CVE-2026-44946 (A SAML authentication replay vulnerability in Rancher's Assertion  Con ...)
+	TODO: check
+CVE-2026-41053 (Incorrect authentication caching in the team member ship expansion of  ...)
+	TODO: check
+CVE-2026-35098 (KTM System e-BOK does not implement any limit or timeout on consecutiv ...)
+	TODO: check
+CVE-2026-35097 (KTM System e-BOK enforces a maximum password length of six numeric dig ...)
+	TODO: check
+CVE-2026-35096 (KTM System e-BOK is vulnerable to Cross\u2011Site Request Forgery (CSR ...)
+	TODO: check
+CVE-2026-35095 (KTM System e-BOK allows the session identifier to be set by the client ...)
+	TODO: check
+CVE-2026-27957 (Coolify is an open-source and self-hostable tool for managing servers, ...)
+	TODO: check
+CVE-2026-27956 (Coolify is an open-source and self-hostable tool for managing servers, ...)
+	TODO: check
+CVE-2026-27955 (Coolify is an open-source and self-hostable tool for managing servers, ...)
+	TODO: check
+CVE-2026-27883 (Coolify is an open-source and self-hostable tool for managing servers, ...)
+	TODO: check
+CVE-2026-27882 (Coolify is an open-source and self-hostable tool for managing servers, ...)
+	TODO: check
+CVE-2026-27881 (Coolify is an open-source and self-hostable tool for managing servers, ...)
+	TODO: check
+CVE-2026-14241 (Memory safety bugs present in Firefox 152.0.3. Some of these bugs show ...)
+	TODO: check
+CVE-2026-14209 (A vulnerability was discovered in Keycloak's Admin UI extension that a ...)
+	TODO: check
+CVE-2026-14178 (openGauss \u5728\u5904\u7406\u5e26 NLS \u53c2\u6570\u7684 to_timestamp ...)
+	TODO: check
+CVE-2026-14162 (Hospital Queuing Management developed by Advantech has a Sensitive Dat ...)
+	TODO: check
+CVE-2026-14161 (Hospital Quening Management developed by Advantech has a Sensitive Dat ...)
+	TODO: check
+CVE-2026-13474 (Denial of service via malformed HTTP/2 requests inNetScaler ADC and Ne ...)
+	TODO: check
+CVE-2026-13455 (PostgreSQL Anonymizer contains a vulnerability that allows unprivilege ...)
+	TODO: check
+CVE-2026-13316 (A flaw has been found in foreman when HTTP parameters are modified in  ...)
+	TODO: check
+CVE-2026-13149 (brace-expansion through 5.0.6 is vulnerable to denial of service. The  ...)
+	TODO: check
+CVE-2026-12610 (A flaw was found in sssd. When authenticating with a YubiKey, the SSSD ...)
+	TODO: check
+CVE-2026-12578 (The affected product is vulnerable to a deserialization of untrusted d ...)
+	TODO: check
+CVE-2026-12388 (A flaw was found in the Identity Provider (IdP) mapper component of Ke ...)
+	TODO: check
+CVE-2026-12076 (Raytha CMS is vulnerable to SQL Injection within the OData filter pars ...)
+	TODO: check
+CVE-2026-10817 (Insufficient input validation leading to memory overread inNetScaler A ...)
+	TODO: check
+CVE-2026-10816 (Arbitrary File Read (Unauthenticated) inNetScaler ADC and NetScaler Ga ...)
+	TODO: check
+CVE-2026-10763 (PROMOD V is using insecure HTTP communication instead of HTTPS. The vu ...)
+	TODO: check
+CVE-2026-10655 (The asynchronous SNTP client in Zephyr (subsys/net/lib/sntp/sntp.c, sn ...)
+	TODO: check
+CVE-2026-10654 (A race condition in the Zephyr Bluetooth Classic RFCOMM host stack (su ...)
+	TODO: check
+CVE-2026-10653 (The Zephyr net_buf library (lib/net_buf/buf.c) manipulated both of its ...)
+	TODO: check
+CVE-2026-10652 (Zephyr's DNS resolver (subsys/net/lib/dns) parses resource records fro ...)
+	TODO: check
+CVE-2026-10513 (The Webmention plugin for WordPress is vulnerable to Stored Cross-Site ...)
+	TODO: check
+CVE-2025-7406 (Nokia MantaRay NM is vulnerable to a sudo privilege escalation vulnera ...)
+	TODO: check
+CVE-2025-53648 (SQL misconfiguration in the Gravitino UI, in versions 1.0.0 and below, ...)
+	TODO: check
+CVE-2025-24816 (Nokia MantaRay is subject to an Improper Access Control vulnerability  ...)
+	TODO: check
+CVE-2025-24815 (Nokia MantaRay NM is subject to an unrestricted file upload vulnerabil ...)
+	TODO: check
 CVE-2026-58030 [Escape linelinks argument before passing it on to Pygments]
 	- mediawiki <unfixed>
 	NOTE: https://phabricator.wikimedia.org/T427167
@@ -54,15 +278,15 @@ CVE-2026-58036 [Fix ApiQueryUsers leaking status ofprivate user conditions for u
 	- mediawiki <not-affected> (Only affects 1.46 and later)
 	NOTE: https://phabricator.wikimedia.org/T425406
 	NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1306035 (master)
-CVE-2026-13766
+CVE-2026-13766 (DBIx::QuickORM versions before 0.000026 for Perl allow SQL injection v ...)
 	NOT-FOR-US: DBIx::QuickORM Perl module
-CVE-2026-57082
+CVE-2026-57082 (Net::BitTorrent versions through 2.0.1 for Perl generate the MSE Diffi ...)
 	NOT-FOR-US: Net::BitTorrent Perl module
-CVE-2026-57081
+CVE-2026-57081 (Net::BitTorrent versions through 2.0.1 for Perl allow remote memory ex ...)
 	NOT-FOR-US: Net::BitTorrent Perl module
-CVE-2026-57080
+CVE-2026-57080 (Net::BitTorrent versions through 2.0.1 for Perl allow remote memory ex ...)
 	NOT-FOR-US: Net::BitTorrent Perl module
-CVE-2026-57079
+CVE-2026-57079 (Net::BitTorrent versions through 2.0.1 for Perl write files outside th ...)
 	NOT-FOR-US: Net::BitTorrent Perl module
 CVE-2026-57964
 	- spice-vdagent <not-affected> (MacOS/BSD specific)
@@ -13026,11 +13250,11 @@ CVE-2026-49839 (jq is a command-line JSON processor. Prior to 1.8.2,` jq --rawfi
 	- jq 1.8.1-8
 	NOTE: https://github.com/jqlang/jq/security/advisories/GHSA-cfh2-vwfq-qfmm
 CVE-2026-44236
-	{DSA-6343-1}
+	{DSA-6343-1 DLA-4658-1}
 	- librabbitmq 0.16.0-1
 	NOTE: https://github.com/alanxz/rabbitmq-c/security/advisories/GHSA-jh48-qjf5-fx5v
 CVE-2026-44235
-	{DSA-6343-1}
+	{DSA-6343-1 DLA-4658-1}
 	- librabbitmq 0.16.0-1
 	NOTE: https://github.com/alanxz/rabbitmq-c/security/advisories/GHSA-9mmv-r8g3-qp46
 CVE-2026-9279 (Logseq exposes an IPC handler that allows the renderer process to exec ...)
@@ -71417,7 +71641,8 @@ CVE-2026-29076 (cpp-httplib is a C++11 single-file header-only cross platform HT
 	NOTE: Fixed by: https://github.com/yhirose/cpp-httplib/commit/de296af3eb5b0d5c116470e033db900e4812c5e6 (v0.37.0)
 CVE-2026-29067 (ZITADEL is an open source identity management platform. From version 4 ...)
 	NOT-FOR-US: Zitadel
-CVE-2026-28678 (DSA Study Hub is an interactive educational web application. Prior to  ...)
+CVE-2026-28678
+	REJECTED
 	NOT-FOR-US: DSA Study Hub
 CVE-2026-24308 (Improper handling of configuration values in ZKConfig in Apache ZooKee ...)
 	- zookeeper 3.9.5-1 (bug #1130497)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/face96920e82d0c375691d0428c27c41eca994e6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/face96920e82d0c375691d0428c27c41eca994e6
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260630/93c36291/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list