[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue May 5 08:13:20 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1156a753 by security tracker role at 2026-05-05T07:13:14+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,15 +1,363 @@
+CVE-2026-7824 (An issue was discovered in the PaperCut Hive Ricoh embedded applicatio ...)
+ TODO: check
+CVE-2026-7823 (A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b202 ...)
+ TODO: check
+CVE-2026-7822 (A vulnerability was identified in itsourcecode Courier Management Syst ...)
+ TODO: check
+CVE-2026-7812 (A vulnerability was found in 54yyyu code-mcp up to 4cfc4643541a110c906 ...)
+ TODO: check
+CVE-2026-7811 (A vulnerability has been found in 54yyyu code-mcp up to 4cfc4643541a11 ...)
+ TODO: check
+CVE-2026-7810 (A flaw has been found in UsamaK98 python-notebook-mcp up to a05a232815 ...)
+ TODO: check
+CVE-2026-7791 (Improper privilege management in the log rotation mechanism of the Sky ...)
+ TODO: check
+CVE-2026-7788 (A security flaw has been discovered in Axle-Bucamp MCP-Docusaurus up t ...)
+ TODO: check
+CVE-2026-7785 (A security flaw has been discovered in A-G-U-P-T-A wireshark-mcp edaf6 ...)
+ TODO: check
+CVE-2026-7784 (A vulnerability has been found in RTGS2017 NagaAgent up to 5.1.0. This ...)
+ TODO: check
+CVE-2026-7783 (A flaw has been found in CodeCanyon Perfex CRM up to 3.4.1. This vulne ...)
+ TODO: check
+CVE-2026-7782 (A vulnerability was detected in CodeCanyon Perfex CRM up to 3.4.1. Thi ...)
+ TODO: check
+CVE-2026-7781 (A security vulnerability has been detected in Open5GS up to 2.7.7. Aff ...)
+ TODO: check
+CVE-2026-7780 (A weakness has been identified in Open5GS up to 2.7.7. Affected by thi ...)
+ TODO: check
+CVE-2026-7779 (A security flaw has been discovered in Open5GS up to 2.7.7. Affected i ...)
+ TODO: check
+CVE-2026-7776 (Boundary Community Edition and Boundary Enterprise (\u201cBoundary\u20 ...)
+ TODO: check
+CVE-2026-7768 (@fastify/accepts-serializer cached serializer-selection results keyed ...)
+ TODO: check
+CVE-2026-7750 (A vulnerability was detected in Totolink N300RH 3.2.4-B20220812. This ...)
+ TODO: check
+CVE-2026-7749 (A security vulnerability has been detected in Totolink N300RH 3.2.4-B2 ...)
+ TODO: check
+CVE-2026-7748 (A weakness has been identified in Totolink N300RH 3.2.4-B20220812. Aff ...)
+ TODO: check
+CVE-2026-7747 (A security flaw has been discovered in Totolink N300RH 3.2.4-B20220812 ...)
+ TODO: check
+CVE-2026-7746 (A vulnerability was identified in SourceCodester Web-based Pharmacy Pr ...)
+ TODO: check
+CVE-2026-7745 (A vulnerability was determined in CodeAstro Online Classroom 1.0. This ...)
+ TODO: check
+CVE-2026-7744 (A vulnerability was found in CodeAstro Online Classroom 1.0. This affe ...)
+ TODO: check
+CVE-2026-7743 (A vulnerability has been found in CodeAstro Online Classroom 1.0. The ...)
+ TODO: check
+CVE-2026-7742 (A flaw has been found in CodeAstro Online Classroom 1.0. The affected ...)
+ TODO: check
+CVE-2026-7741 (A vulnerability was detected in CodeAstro Online Classroom 1.0. Impact ...)
+ TODO: check
+CVE-2026-7482 (Ollama before 0.17.1 contains a heap out-of-bounds read vulnerability ...)
+ TODO: check
+CVE-2026-6704 (The Blog Settings plugin for WordPress is vulnerable to Reflected Cros ...)
+ TODO: check
+CVE-2026-6702 (The Publish 2 Ping.fm plugin for WordPress is vulnerable to Cross-Site ...)
+ TODO: check
+CVE-2026-6701 (The addfreespace plugin for WordPress is vulnerable to Cross-Site Requ ...)
+ TODO: check
+CVE-2026-6700 (The DX Sources plugin for WordPress is vulnerable to Cross-Site Reques ...)
+ TODO: check
+CVE-2026-6696 (The Zingaya Click-to-Call plugin for WordPress is vulnerable to Reflec ...)
+ TODO: check
+CVE-2026-6501 (Improper restriction of XML external entity reference vulnerability in ...)
+ TODO: check
+CVE-2026-6500 (Plaintext storage of a password vulnerability in ILM Informatique Open ...)
+ TODO: check
+CVE-2026-6499 (Incorrect Permission Assignment for Critical Resource vulnerability in ...)
+ TODO: check
+CVE-2026-6418 (An issue was discovered in the Shared Account Synchronization componen ...)
+ TODO: check
+CVE-2026-6321 (fast-uri decoded percent-encoded path separators and dot segments befo ...)
+ TODO: check
+CVE-2026-6266 (A flaw was found in the AAP gateway. The user auto-link strategy, intr ...)
+ TODO: check
+CVE-2026-6255 (The Simple Owl Shortcodes plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2026-6180 (A race condition exists in PaperCut MF when processing badge-swipe dat ...)
+ TODO: check
+CVE-2026-5957 (The EmailKit plugin for WordPress is vulnerable to Arbitrary File Read ...)
+ TODO: check
+CVE-2026-5722 (The MoreConvert Pro plugin for WordPress is vulnerable to Authenticati ...)
+ TODO: check
+CVE-2026-5505 (The WP-Clippy plugin for WordPress is vulnerable to Stored Cross-Site ...)
+ TODO: check
+CVE-2026-5294 (The Geeky Bot plugin for WordPress is vulnerable to Missing Authorizat ...)
+ TODO: check
+CVE-2026-5247 (The Schedule Post Changes With PublishPress Future plugin for WordPres ...)
+ TODO: check
+CVE-2026-5192 (The Forminator Forms \u2013 Contact Form, Payment Form & Custom Form B ...)
+ TODO: check
+CVE-2026-5159 (The Royal Addons for Elementor plugin for WordPress is vulnerable to S ...)
+ TODO: check
+CVE-2026-5100 (The AWP Classifieds plugin for WordPress is vulnerable to SQL Injectio ...)
+ TODO: check
+CVE-2026-4928
+ REJECTED
+CVE-2026-4803 (The Royal Elementor Addons plugin for WordPress is vulnerable to Store ...)
+ TODO: check
+CVE-2026-4730 (The Charts Ninja: Create Beautiful Graphs & Charts and Easily Add Them ...)
+ TODO: check
+CVE-2026-4665 (The WP Carousel Free plugin for WordPress is vulnerable to Stored Cros ...)
+ TODO: check
+CVE-2026-4409 (The Subscribe To Comments Reloaded plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2026-4362 (The ElementsKit Elementor Addons plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2026-44029 (An issue was discovered in Nix before 2.34.7. Writing to arbitrary fil ...)
+ TODO: check
+CVE-2026-44028 (An issue was discovered in Nix before 2.34.7 and Lix before 2.95.2. Un ...)
+ TODO: check
+CVE-2026-43616 (Detect-It-Easy prior to 3.21 contains a path traversal vulnerability t ...)
+ TODO: check
+CVE-2026-42812 (In Apache Iceberg, the table's metadata files are control files: they ...)
+ TODO: check
+CVE-2026-42811 (In plain terms, Apache Polaris is supposed to issue short-lived GCS cr ...)
+ TODO: check
+CVE-2026-42810 (Apache Polaris accepts literal `*` characters in namespace and table n ...)
+ TODO: check
+CVE-2026-42809 (Apache Polaris can issue broad temporary ("vended") storage credential ...)
+ TODO: check
+CVE-2026-42796 (Arelle before 2.39.10 contains an unauthenticated remote code executio ...)
+ TODO: check
+CVE-2026-42440 (OOM Denial of Service via Unbounded Array Allocation in Apache OpenNLP ...)
+ TODO: check
+CVE-2026-42376 (D-Link DIR-456U Hardware Revision A1 (End-of-Life, EOL) contains a har ...)
+ TODO: check
+CVE-2026-42375 (D-Link DIR-600L Hardware Revision A1 (End-of-Life) contains a hardcode ...)
+ TODO: check
+CVE-2026-42374 (D-Link DIR-600L Hardware Revision B1 (End-of-Life) contains a hardcode ...)
+ TODO: check
+CVE-2026-42373 (D-Link DIR-605L Hardware Revision B2 (End-of-Life, EOL) contains a har ...)
+ TODO: check
+CVE-2026-42372 (D-Link DIR-605L Hardware Revision A1 (End-of-Life, EOL) contains a har ...)
+ TODO: check
+CVE-2026-42238 (Nginx UI is a web user interface for the Nginx web server. Prior to ve ...)
+ TODO: check
+CVE-2026-42237 (n8n is an open source workflow automation platform. Prior to versions ...)
+ TODO: check
+CVE-2026-42236 (n8n is an open source workflow automation platform. Prior to versions ...)
+ TODO: check
+CVE-2026-42235 (n8n is an open source workflow automation platform. Prior to versions ...)
+ TODO: check
+CVE-2026-42234 (n8n is an open source workflow automation platform. Prior to versions ...)
+ TODO: check
+CVE-2026-42233 (n8n is an open source workflow automation platform. Prior to versions ...)
+ TODO: check
+CVE-2026-42232 (n8n is an open source workflow automation platform. Prior to versions ...)
+ TODO: check
+CVE-2026-42231 (n8n is an open source workflow automation platform. Prior to versions ...)
+ TODO: check
+CVE-2026-42230 (n8n is an open source workflow automation platform. Prior to versions ...)
+ TODO: check
+CVE-2026-42229 (n8n is an open source workflow automation platform. Prior to versions ...)
+ TODO: check
+CVE-2026-42228 (n8n is an open source workflow automation platform. Prior to versions ...)
+ TODO: check
+CVE-2026-42227 (n8n is an open source workflow automation platform. Prior to versions ...)
+ TODO: check
+CVE-2026-42226 (n8n is an open source workflow automation platform. Prior to versions ...)
+ TODO: check
+CVE-2026-42223 (Nginx UI is a web user interface for the Nginx web server. Prior to ve ...)
+ TODO: check
+CVE-2026-42222 (Nginx UI is a web user interface for the Nginx web server. In version ...)
+ TODO: check
+CVE-2026-42221 (Nginx UI is a web user interface for the Nginx web server. From versio ...)
+ TODO: check
+CVE-2026-42220 (Nginx UI is a web user interface for the Nginx web server. Prior to ve ...)
+ TODO: check
+CVE-2026-42154 (Prometheus is an open-source monitoring system and time series databas ...)
+ TODO: check
+CVE-2026-42151 (Prometheus is an open-source monitoring system and time series databas ...)
+ TODO: check
+CVE-2026-42146 (CImg Library is a C++ library for image processing. Prior to commit c3 ...)
+ TODO: check
+CVE-2026-42144 (CImg Library is a C++ library for image processing. Prior to commit 4c ...)
+ TODO: check
+CVE-2026-42140 (PlantUML Macro is a macro for rendering UML diagrams from simple textu ...)
+ TODO: check
+CVE-2026-42138 (Dify is an open-source LLM app development platform. Prior to version ...)
+ TODO: check
+CVE-2026-42092 (titra is an open source time tracking project. In version 0.99.52, the ...)
+ TODO: check
+CVE-2026-42091 (goshs is a SimpleHTTPServer written in Go. Prior to version 2.0.2, the ...)
+ TODO: check
+CVE-2026-42090 (Notesnook is a note-taking app focused on user privacy & ease of use. ...)
+ TODO: check
+CVE-2026-42088 (OpenC3 COSMOS provides the functionality needed to send commands to an ...)
+ TODO: check
+CVE-2026-42087 (OpenC3 COSMOS provides the functionality needed to send commands to an ...)
+ TODO: check
+CVE-2026-42086 (OpenC3 COSMOS provides the functionality needed to send commands to an ...)
+ TODO: check
+CVE-2026-42085 (OpenC3 COSMOS provides the functionality needed to send commands to an ...)
+ TODO: check
+CVE-2026-42084 (OpenC3 COSMOS provides the functionality needed to send commands to an ...)
+ TODO: check
+CVE-2026-42080 (PPTAgent is an agentic framework for reflective PowerPoint generation. ...)
+ TODO: check
+CVE-2026-42079 (PPTAgent is an agentic framework for reflective PowerPoint generation. ...)
+ TODO: check
+CVE-2026-42078 (PPTAgent is an agentic framework for reflective PowerPoint generation. ...)
+ TODO: check
+CVE-2026-42077 (Evolver is a GEP-powered self-evolving engine for AI agents. Prior to ...)
+ TODO: check
+CVE-2026-42076 (Evolver is a GEP-powered self-evolving engine for AI agents. Prior to ...)
+ TODO: check
+CVE-2026-42075 (Evolver is a GEP-powered self-evolving engine for AI agents. Prior to ...)
+ TODO: check
+CVE-2026-42052 (Beets is the media library management system. Prior to version 2.10.0, ...)
+ TODO: check
+CVE-2026-42027 (Arbitrary Class Instantiation via Model Manifest in Apache OpenNLP Ext ...)
+ TODO: check
+CVE-2026-41927 (WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains a stac ...)
+ TODO: check
+CVE-2026-41926 (WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains an OS ...)
+ TODO: check
+CVE-2026-41925 (WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains an OS ...)
+ TODO: check
+CVE-2026-41924 (WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains an OS ...)
+ TODO: check
+CVE-2026-41923 (WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains an OS ...)
+ TODO: check
+CVE-2026-41922 (WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains an OS ...)
+ TODO: check
+CVE-2026-41686 (Claude SDK for TypeScript provides access to the Claude API from serve ...)
+ TODO: check
+CVE-2026-41572 (Note Mark is an open-source note-taking application. Prior to version ...)
+ TODO: check
+CVE-2026-41571 (Note Mark is an open-source note-taking application. In version 0.19.2 ...)
+ TODO: check
+CVE-2026-41471 (Easy PayPal Events & Tickets plugin for WordPress versions 1.3 and ear ...)
+ TODO: check
+CVE-2026-40797 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2026-40682 (XML External Entity (XXE) via Unsanitized Dictionary Parsing in Apache ...)
+ TODO: check
+CVE-2026-40563 (Description: Improper Control of Generation of Code ('Code Injection') ...)
+ TODO: check
+CVE-2026-3456 (The GeekyBot \u2014 Generate AI Content Without Prompt, Chatbot and Le ...)
+ TODO: check
+CVE-2026-3454 (The GenerateBlocks plugin for WordPress is vulnerable to Insecure Dire ...)
+ TODO: check
+CVE-2026-3120 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
+ TODO: check
+CVE-2026-38751 (OpenSTAManager version 2.10 and earlier contains an arbitrary file upl ...)
+ TODO: check
+CVE-2026-38669 (wCMS v.1.4 is vulnerable to Cross Site Scripting (XSS) when creating a ...)
+ TODO: check
+CVE-2026-37461 (An out-of-bounds read in the ParseIP6Extended function (/bgp/bgp.go) o ...)
+ TODO: check
+CVE-2026-37459 (An integer underflow in FRRouting (FRR) stable/10.0 to stable/10.6 all ...)
+ TODO: check
+CVE-2026-37458 (Missing input validation in the MP_REACH_NLRI component of FRRouting ( ...)
+ TODO: check
+CVE-2026-36365 (An issue in Lymphatus caesium-image-compressor All versions up to and ...)
+ TODO: check
+CVE-2026-35228 (Vulnerability in the Oracle MCP Server Helper Tool product of Oracle O ...)
+ TODO: check
+CVE-2026-34882
+ REJECTED
+CVE-2026-34059 (Buffer Over-read vulnerability in Apache HTTP Server. This issue affe ...)
+ TODO: check
+CVE-2026-34032 (Improper Null Termination, Out-of-bounds Read vulnerability in Apache ...)
+ TODO: check
+CVE-2026-33857 (Out-of-bounds Read vulnerability in mod_proxy_ajp of Apache HTTP Ser ...)
+ TODO: check
+CVE-2026-33523 (HTTP response splitting vulnerability in multiple Apache HTTP Server m ...)
+ TODO: check
+CVE-2026-33007 (A NULL pointer dereference in the mod_authn_socache in Apache HTTP Ser ...)
+ TODO: check
+CVE-2026-33006 (A timing attack against mod_auth_digest in Apache HTTP Server 2.4.66 a ...)
+ TODO: check
+CVE-2026-32834 (Easy PayPal Events & Tickets plugin for WordPress version 1.3 and earl ...)
+ TODO: check
+CVE-2026-31205 (Cross Site Scripting vulnerability in Pluck CMS before v.4.7.21dev all ...)
+ TODO: check
+CVE-2026-2948 (The Gutenverse \u2013 Ultimate WordPress FSE Blocks Addons & Ecosystem ...)
+ TODO: check
+CVE-2026-2868 (The Gutenverse \u2013 Ultimate WordPress FSE Blocks Addons & Ecosystem ...)
+ TODO: check
+CVE-2026-2828
+ REJECTED
+CVE-2026-2729 (The Forminator plugin for WordPress is vulnerable to authorization byp ...)
+ TODO: check
+CVE-2026-29514 (NetBox versions 4.3.5 through 4.5.4 contain a remote code execution vu ...)
+ TODO: check
+CVE-2026-29169 (A NULL pointer dereference in mod_dav_lock in Apache HTTP Server 2.4.6 ...)
+ TODO: check
+CVE-2026-29004 (BusyBox before commit 42202bf contains a heap buffer overflow vulnerab ...)
+ TODO: check
+CVE-2026-26956 (vm2 is an open source vm/sandbox for Node.js. In version 3.10.4, vm2 i ...)
+ TODO: check
+CVE-2026-26332 (vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, ...)
+ TODO: check
+CVE-2026-25863 (Conditional Fields for Contact Form 7 WordPress plugin through version ...)
+ TODO: check
+CVE-2026-25293 (Buffer overflow due to incorrect authorization in PLC FW)
+ TODO: check
+CVE-2026-25266 (Memory corruption while processing IOCTL command when device is in pow ...)
+ TODO: check
+CVE-2026-24781 (vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, ...)
+ TODO: check
+CVE-2026-24120 (vm2 is an open source vm/sandbox for Node.js. Prior to version 3.10.5, ...)
+ TODO: check
+CVE-2026-24118 (vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, ...)
+ TODO: check
+CVE-2026-24082 (Memory Corruption when copying data from a freed source while executin ...)
+ TODO: check
+CVE-2026-24072 (An escalation of privilege bug in various modules in Apache HTTP 2.4.6 ...)
+ TODO: check
+CVE-2026-23918 (Double Free and possible RCE vulnerability in Apache HTTP Server with ...)
+ TODO: check
+CVE-2026-1921 (The Loco Translate plugin for WordPress is vulnerable to Path Traversa ...)
+ TODO: check
+CVE-2026-0073 (In adbd_tls_verify_cert of auth.cpp, there is a possible bypass of wir ...)
+ TODO: check
+CVE-2025-70072 (An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial ...)
+ TODO: check
+CVE-2025-70071 (An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial ...)
+ TODO: check
+CVE-2025-67796 (IKUS Rdiffweb before 2.10.5 has an improper authorization flaw that al ...)
+ TODO: check
+CVE-2025-58074 (A privilege escalation vulnerability exists during the installation of ...)
+ TODO: check
+CVE-2025-47408 (Memory corruption when another driver calls an IOCTL with invalid inpu ...)
+ TODO: check
+CVE-2025-47407 (Memory corruption while creating a process on the digital signal proce ...)
+ TODO: check
+CVE-2025-47406 (Information Disclosure while processing IOCTL handler callbacks withou ...)
+ TODO: check
+CVE-2025-47405 (Memory corruption when processing camera sensor input/output control c ...)
+ TODO: check
+CVE-2025-47404 (Memory corruption when dynamically changing the size of a previously a ...)
+ TODO: check
+CVE-2025-47403 (Transient DOS when processing a malformed Fast Transition response fra ...)
+ TODO: check
+CVE-2025-47401 (Transient DOS when processing target power rate tables during channel ...)
+ TODO: check
+CVE-2025-14320 (Improper neutralization of input during web page generation ('cross-si ...)
+ TODO: check
+CVE-2025-13618 (The Mentoring plugin for WordPress is vulnerable to privilege escalati ...)
+ TODO: check
+CVE-2025-13605 (3onedata modbus gateway device modelGW1101-1D(RS-485)-TB-P (hardware v ...)
+ TODO: check
CVE-2026-43870
[experimental] - thrift 0.23.0-1
- thrift <unfixed> (unimportant)
NOTE: https://www.openwall.com/lists/oss-security/2026/05/05/4
NOTE: nodejs bindings not built in Debian package
-CVE-2025-70070
+CVE-2025-70070 (An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial ...)
- assimp <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2465295
-CVE-2025-70069
+CVE-2025-70069 (An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial ...)
- assimp <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2465306
-CVE-2025-70067
+CVE-2025-70067 (Buffer Overflow vulnerability exists in Assimp versions up to 6.0.2 in ...)
- assimp <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2465308
CVE-2026-43868
@@ -17,7 +365,7 @@ CVE-2026-43868
- thrift <unfixed> (unimportant)
NOTE: https://www.openwall.com/lists/oss-security/2026/05/05/2
NOTE: rust bindings not built in Debian package
-CVE-2026-43964 [buffer over-read when Postfix an enhanced status code is not followed by other text]
+CVE-2026-43964 (Postfix before 3.8.16, 3.9 before 3.9.10, and 3.10 before 3.10.9 somet ...)
- postfix <unfixed> (bug #1135718)
NOTE: https://www.mail-archive.com/postfix-announce@postfix.org/msg00110.html
NOTE: https://www.openwall.com/lists/oss-security/2026/05/04/25
@@ -656,19 +1004,19 @@ CVE-2026-XXXX [RUSTSEC-2026-0115]
- rust-imageproc <unfixed> (bug #1135371)
NOTE: https://rustsec.org/advisories/RUSTSEC-2026-0115.html
CVE-2026-41685
- {DSA-6244-1}
+ {DSA-6247-1 DSA-6244-1}
- incus <unfixed> (bug #1135644)
- lxd <removed>
NOTE: https://github.com/lxc/incus/security/advisories/GHSA-98vh-x9cx-9cfp
NOTE: https://github.com/lxc/incus/pull/3273
CVE-2026-41684
- {DSA-6244-1}
+ {DSA-6247-1 DSA-6244-1}
- incus <unfixed> (bug #1135644)
- lxd <removed>
NOTE: https://github.com/lxc/incus/security/advisories/GHSA-x5r6-jr56-89pv
NOTE: https://github.com/lxc/incus/pull/3273
CVE-2026-41648
- {DSA-6244-1}
+ {DSA-6247-1 DSA-6244-1}
- incus <unfixed> (bug #1135644)
- lxd <removed>
NOTE: https://github.com/lxc/incus/security/advisories/GHSA-67wx-r9xr-x75x
@@ -679,7 +1027,7 @@ CVE-2026-41647
NOTE: https://github.com/lxc/incus/security/advisories/GHSA-fwj8-62r8-8p8m
NOTE: https://github.com/lxc/incus/pull/3273
CVE-2026-40251
- {DSA-6244-1}
+ {DSA-6247-1 DSA-6244-1}
- incus <unfixed> (bug #1135644)
- lxd <removed>
NOTE: https://github.com/lxc/incus/security/advisories/GHSA-4m88-wxj4-9qj6
@@ -690,7 +1038,7 @@ CVE-2026-40243
NOTE: https://github.com/lxc/incus/security/advisories/GHSA-c839-4qxr-j4x3
NOTE: https://github.com/lxc/incus/pull/3273
CVE-2026-40197
- {DSA-6244-1}
+ {DSA-6247-1 DSA-6244-1}
- incus <unfixed> (bug #1135644)
- lxd <removed>
NOTE: https://github.com/lxc/incus/security/advisories/GHSA-r7w7-mmxr-47r9
@@ -2182,7 +2530,7 @@ CVE-2026-42009
NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1848
NOTE: Fixed by: https://gitlab.com/gnutls/gnutls/-/commit/f01e21441e29052a6f0963840794c41d3b3ee66d (3.8.13)
NOTE: Fixed by: https://gitlab.com/gnutls/gnutls/-/commit/f341441fad91142897d83b44a175ffc8f925b76f (3.8.13)
-CVE-2026-33846
+CVE-2026-33846 (A heap buffer overflow vulnerability exists in the DTLS handshake frag ...)
- gnutls28 3.8.13-1 (bug #1135319)
NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-1
NOTE: https://gitlab.com/gnutls/gnutls/-/work_items/1816
@@ -2782,7 +3130,7 @@ CVE-2026-7324 (Memory safety bugs present in Thunderbird 150.0.0. Some of these
- firefox 150.0.1-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-35/#CVE-2026-7324
CVE-2026-7323 (Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunderbird ...)
- {DSA-6242-1 DSA-6236-1 DLA-4555-1}
+ {DSA-6242-1 DSA-6236-1 DLA-4562-1 DLA-4555-1}
- firefox 150.0.1-1
- firefox-esr 140.10.1esr-1
- thunderbird 1:140.10.1esr-1
@@ -2790,7 +3138,7 @@ CVE-2026-7323 (Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunde
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-36/#CVE-2026-7323
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-39/#CVE-2026-7323
CVE-2026-7322 (Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunderbird ...)
- {DSA-6242-1 DSA-6236-1 DLA-4555-1}
+ {DSA-6242-1 DSA-6236-1 DLA-4562-1 DLA-4555-1}
- firefox 150.0.1-1
- firefox-esr 140.10.1esr-1
- thunderbird 1:140.10.1esr-1
@@ -2798,13 +3146,13 @@ CVE-2026-7322 (Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunde
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-36/#CVE-2026-7322
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-39/#CVE-2026-7322
CVE-2026-7321 (Sandbox escape due to incorrect boundary conditions in the WebRTC: Net ...)
- {DSA-6242-1 DSA-6236-1 DLA-4555-1}
+ {DSA-6242-1 DSA-6236-1 DLA-4562-1 DLA-4555-1}
- firefox-esr 140.10.1esr-1
- thunderbird 1:140.10.1esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-36/#CVE-2026-7321
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-39/#CVE-2026-7321
CVE-2026-7320 (Information disclosure due to incorrect boundary conditions in the Aud ...)
- {DSA-6242-1 DSA-6236-1 DLA-4555-1}
+ {DSA-6242-1 DSA-6236-1 DLA-4562-1 DLA-4555-1}
- firefox 150.0.1-1
- firefox-esr 140.10.1esr-1
- thunderbird 1:140.10.1esr-1
@@ -5084,7 +5432,7 @@ CVE-2026-6886 (Borg SPM 2007 (Sales Ended in 2008)developed by BorG Technology C
NOT-FOR-US: Borg SPM
CVE-2026-6885 (Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corpo ...)
NOT-FOR-US: Borg SPM
-CVE-2026-6074 (A path traversal condition in Intrado 911 Emergency Gateway could allo ...)
+CVE-2026-6074 (Intrado 911 Emergency Gateway (EGW) 5.x, 6.x, and 7.x contain a path t ...)
NOT-FOR-US: Intrado 911 Emergency Gateway
CVE-2026-5464 (The ExactMetrics \u2013 Google Analytics Dashboard for WordPress (Webs ...)
NOT-FOR-US: WordPress plugin
@@ -18731,6 +19079,7 @@ CVE-2026-5122 (A security flaw has been discovered in osrg GoBGP up to 4.3.0. Th
NOTE: https://github.com/osrg/gobgp/pull/3343
NOTE: Fixed by: https://github.com/osrg/gobgp/commit/2b09db390a3d455808363c53e409afe6b1b86d2d (v4.4.0)
CVE-2026-5121 (A flaw was found in libarchive. On 32-bit systems, an integer overflow ...)
+ {DLA-4563-1}
- libarchive 3.8.7-1 (bug #1133002)
[trixie] - libarchive <no-dsa> (Minor issue)
[bookworm] - libarchive <no-dsa> (Minor issue)
@@ -25447,12 +25796,14 @@ CVE-2026-3842
CVE-2026-4427
REJECTED
CVE-2026-4426 (A flaw was found in libarchive. An Undefined Behavior vulnerability ex ...)
+ {DLA-4563-1}
- libarchive 3.8.7-1 (bug #1131444)
[trixie] - libarchive <postponed> (Minor issue, revisit when fixed upstream)
[bookworm] - libarchive <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://github.com/libarchive/libarchive/pull/2897
NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/c3cb1c568ebf9e8f7f478cfc0356ae54e99712b0
CVE-2026-4424 (A flaw was found in libarchive. This heap out-of-bounds read vulnerabi ...)
+ {DLA-4563-1}
- libarchive 3.8.7-1 (bug #1131446)
[trixie] - libarchive <no-dsa> (Minor issue)
[bookworm] - libarchive <no-dsa> (Minor issue)
@@ -27394,6 +27745,7 @@ CVE-2026-0385 (Microsoft Edge (Chromium-based) for Android Spoofing Vulnerabilit
CVE-2025-15060 (claude-hovercraft executeClaudeCode Command Injection Remote Code Exec ...)
NOT-FOR-US: claude-hovercraft executeClaudeCode
CVE-2026-4111 (A flaw was identified in the RAR5 archive decompression logic of the l ...)
+ {DLA-4563-1}
- libarchive 3.8.6-1 (bug #1130753)
[trixie] - libarchive <no-dsa> (Minor issue)
[bookworm] - libarchive <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1156a753ff1a094e7f14d2e8fa1c1078eb63f6a3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1156a753ff1a094e7f14d2e8fa1c1078eb63f6a3
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260505/1e590c71/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list