[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu May 7 08:13:14 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ae94436f by security tracker role at 2026-05-07T07:13:07+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,183 @@
+CVE-2026-8063 (An authenticated user can crash mongod when running $rankFusion or $sc ...)
+ TODO: check
+CVE-2026-8033 (A vulnerability has been found in PicoTronica e-Clinic Healthcare Syst ...)
+ TODO: check
+CVE-2026-8032 (A flaw has been found in PicoTronica e-Clinic Healthcare System ECHS 5 ...)
+ TODO: check
+CVE-2026-7252 (The WP-Optimize \u2013 Cache, Compress images, Minify & Clean database ...)
+ TODO: check
+CVE-2026-6692 (The Slider Revolution plugin for WordPress is vulnerable to Arbitrary ...)
+ TODO: check
+CVE-2026-6278
+ REJECTED
+CVE-2026-6222 (The Forminator Forms plugin for WordPress is vulnerable to Missing Aut ...)
+ TODO: check
+CVE-2026-6214 (The Forminator Forms plugin for WordPress is vulnerable to Missing Aut ...)
+ TODO: check
+CVE-2026-4807 (The Appointment Booking Calendar plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2026-4348 (The BetterDocs Pro plugin for WordPress is vulnerable to SQL Injection ...)
+ TODO: check
+CVE-2026-44603 (Tor before 0.4.9.7 has an out-of-bounds read by one byte via a malform ...)
+ TODO: check
+CVE-2026-44602 (Tor before 0.4.9.7 has a NULL pointer dereference when a CERT cell is ...)
+ TODO: check
+CVE-2026-44601 (Tor before 0.4.9.7, when circuit queue memory pressure exists, can exp ...)
+ TODO: check
+CVE-2026-44600 (Tor before 0.4.9.7 mishandles accounting of the conflux out-of-order q ...)
+ TODO: check
+CVE-2026-44599 (Tor before 0.4.9.7 can attempt or accept BEGIN_DIR via conflux legs, a ...)
+ TODO: check
+CVE-2026-44597 (Tor before 0.4.9.7 has an out-of-bounds read when an END, a TRUNCATE, ...)
+ TODO: check
+CVE-2026-44118 (OpenClaw before 2026.4.22 derives loopback MCP owner context from spoo ...)
+ TODO: check
+CVE-2026-44117 (OpenClaw before 2026.4.20 contains a server-side request forgery vulne ...)
+ TODO: check
+CVE-2026-44116 (OpenClaw before 2026.4.22 contains a server-side request forgery vulne ...)
+ TODO: check
+CVE-2026-44115 (OpenClaw before 2026.4.22 contains an exec allowlist analysis vulnerab ...)
+ TODO: check
+CVE-2026-44114 (OpenClaw before 2026.4.20 fails to properly reserve the OPENCLAW_ runt ...)
+ TODO: check
+CVE-2026-44113 (OpenClaw before 2026.4.22 contains a time-of-check/time-of-use race co ...)
+ TODO: check
+CVE-2026-44112 (OpenClaw before 2026.4.22 contains a time-of-check/time-of-use race co ...)
+ TODO: check
+CVE-2026-44111 (OpenClaw before 2026.4.15 contains an arbitrary file read vulnerabilit ...)
+ TODO: check
+CVE-2026-44110 (OpenClaw before 2026.4.15 contains an authorization bypass vulnerabili ...)
+ TODO: check
+CVE-2026-44109 (OpenClaw before 2026.4.15 contains an authentication bypass vulnerabil ...)
+ TODO: check
+CVE-2026-43585 (OpenClaw before 2026.4.15 captures resolved bearer-auth configuration ...)
+ TODO: check
+CVE-2026-43584 (OpenClaw before 2026.4.10 contains an insufficient environment variabl ...)
+ TODO: check
+CVE-2026-43583 (OpenClaw versions 2026.4.10 before 2026.4.14 fail to persist session c ...)
+ TODO: check
+CVE-2026-43582 (OpenClaw before 2026.4.10 contains a server-side request forgery vulne ...)
+ TODO: check
+CVE-2026-43581 (OpenClaw before 2026.4.10 contains an improper network binding vulnera ...)
+ TODO: check
+CVE-2026-43580 (OpenClaw before 2026.4.10 contains an incomplete navigation guard vuln ...)
+ TODO: check
+CVE-2026-43579 (OpenClaw before 2026.4.10 contains an insufficient access control vuln ...)
+ TODO: check
+CVE-2026-43578 (OpenClaw versions 2026.3.31 before 2026.4.10 contain a privilege escal ...)
+ TODO: check
+CVE-2026-43577 (OpenClaw before 2026.4.9 contains a file read vulnerability allowing a ...)
+ TODO: check
+CVE-2026-43576 (OpenClaw before 2026.4.5 contains a server-side request forgery vulner ...)
+ TODO: check
+CVE-2026-43575 (OpenClaw versions 2026.2.21 before 2026.4.10 contain an authentication ...)
+ TODO: check
+CVE-2026-42217 (OpenEXR provides the specification and reference implementation of the ...)
+ TODO: check
+CVE-2026-42216 (OpenEXR provides the specification and reference implementation of the ...)
+ TODO: check
+CVE-2026-42194 (Admidio is an open-source user management solution. Prior to version 5 ...)
+ TODO: check
+CVE-2026-41891 (CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production ...)
+ TODO: check
+CVE-2026-41890 (CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production ...)
+ TODO: check
+CVE-2026-41675 (xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) ...)
+ TODO: check
+CVE-2026-41674 (xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) ...)
+ TODO: check
+CVE-2026-41673 (xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) ...)
+ TODO: check
+CVE-2026-41672 (xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) ...)
+ TODO: check
+CVE-2026-41671 (Admidio is an open-source user management solution. Prior to version 5 ...)
+ TODO: check
+CVE-2026-41670 (Admidio is an open-source user management solution. Prior to version 5 ...)
+ TODO: check
+CVE-2026-41669 (Admidio is an open-source user management solution. Prior to version 5 ...)
+ TODO: check
+CVE-2026-41663 (Admidio is an open-source user management solution. Prior to version 5 ...)
+ TODO: check
+CVE-2026-41662 (Admidio is an open-source user management solution. Prior to version 5 ...)
+ TODO: check
+CVE-2026-41661 (Admidio is an open-source user management solution. Prior to version 5 ...)
+ TODO: check
+CVE-2026-41660 (Admidio is an open-source user management solution. Prior to version 5 ...)
+ TODO: check
+CVE-2026-41659 (Admidio is an open-source user management solution. Prior to version 5 ...)
+ TODO: check
+CVE-2026-41658 (Admidio is an open-source user management solution. Prior to version 5 ...)
+ TODO: check
+CVE-2026-41657 (Admidio is an open-source user management solution. Prior to version 5 ...)
+ TODO: check
+CVE-2026-41656 (Admidio is an open-source user management solution. Prior to version 5 ...)
+ TODO: check
+CVE-2026-41655 (Admidio is an open-source user management solution. Prior to version 5 ...)
+ TODO: check
+CVE-2026-41641 (NocoBase is an AI-powered no-code/low-code platform for building busin ...)
+ TODO: check
+CVE-2026-41640 (NocoBase is an AI-powered no-code/low-code platform for building busin ...)
+ TODO: check
+CVE-2026-41587 (CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production ...)
+ TODO: check
+CVE-2026-41586 (Hyperledger Fabric is an enterprise-grade permissioned distributed led ...)
+ TODO: check
+CVE-2026-41484 (OpenTelemetry.Exporter.OneCollector is a .NET exporter that sends tele ...)
+ TODO: check
+CVE-2026-41483 (OpenTelemetry.Resources.Azure is the .NET resource detector for Azure ...)
+ TODO: check
+CVE-2026-41417 (Netty allows request-line validation to be bypassed when a `DefaultHtt ...)
+ TODO: check
+CVE-2026-41413 (Istio is an open platform to connect, manage, and secure microservices ...)
+ TODO: check
+CVE-2026-41310 (OpenTelemetry.Exporter.Zipkin is the .NET Zipkin exporter for OpenTele ...)
+ TODO: check
+CVE-2026-41203 (CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production ...)
+ TODO: check
+CVE-2026-41202 (CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production ...)
+ TODO: check
+CVE-2026-41201 (CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production ...)
+ TODO: check
+CVE-2026-41143 (YesWiki is a wiki system written in PHP. Prior to version 4.6.1, YesWi ...)
+ TODO: check
+CVE-2026-41142 (OpenEXR provides the specification and reference implementation of the ...)
+ TODO: check
+CVE-2026-41139 (Math.js is an extensive math library for JavaScript and Node.js. From ...)
+ TODO: check
+CVE-2026-41004 (When enabling trace logging in Spring Cloud Config Server sensitive in ...)
+ TODO: check
+CVE-2026-41002 (The base directory (`spring.cloud.config.server.git.basedir`) used by ...)
+ TODO: check
+CVE-2026-40982 (Spring Cloud Config allows applications to serve arbitrary text and bi ...)
+ TODO: check
+CVE-2026-40981 (When using Google Secrets Manager as a backend for the Spring Cloud Co ...)
+ TODO: check
+CVE-2026-40332 (Masa CMS is affected by an Open Redirect vulnerability due to improper ...)
+ TODO: check
+CVE-2026-40326 (Masa CMS is a content management system forked from Mura CMS. In versi ...)
+ TODO: check
+CVE-2026-40325 (Masa CMS is a content management system forked from Mura CMS. In versi ...)
+ TODO: check
+CVE-2026-40309 (Masa CMS is a content management system forked from Mura CMS. In versi ...)
+ TODO: check
+CVE-2026-40296 (PhpSpreadsheet is a pure PHP library for reading and writing spreadshe ...)
+ TODO: check
+CVE-2026-40281 (Gotenberg is a Docker-powered stateless API for PDF files. In versions ...)
+ TODO: check
+CVE-2026-40174 (Masa CMS is a content management system forked from Mura CMS. In versi ...)
+ TODO: check
+CVE-2026-40171 (In Jupyter Notebook versions 7.0.0 through 7.5.5, JupyterLab versions ...)
+ TODO: check
+CVE-2026-40076 (OpenMRS Core is an open source electronic medical record system platfo ...)
+ TODO: check
+CVE-2026-40004 (There exists an openssl.cnf privilege escalation vulnerability in ZTE ...)
+ TODO: check
+CVE-2026-40003 (ZTE ZX297520V3 BootROM contains a vulnerability that allows arbitrary ...)
+ TODO: check
+CVE-2026-3291 (Samsung Print Service Plugin for Android is potentially vulnerable to ...)
+ TODO: check
+CVE-2026-33441
+ REJECTED
CVE-2026-44353
- streamlink 8.4.0-1
NOTE: https://github.com/streamlink/streamlink/security/advisories/GHSA-hgqw-6m45-hw5f
@@ -3173,18 +3353,18 @@ CVE-2026-41647
- incus 7.0.0-1 (bug #1135644)
NOTE: https://github.com/lxc/incus/security/advisories/GHSA-fwj8-62r8-8p8m
NOTE: https://github.com/lxc/incus/pull/3273
-CVE-2026-40251
+CVE-2026-40251 (Incus is a system container and virtual machine manager. In versions b ...)
{DSA-6247-1 DSA-6244-1}
- incus 7.0.0-1 (bug #1135644)
- lxd <removed>
NOTE: https://github.com/lxc/incus/security/advisories/GHSA-4m88-wxj4-9qj6
NOTE: https://github.com/lxc/incus/pull/3273
-CVE-2026-40243
+CVE-2026-40243 (Incus is a system container and virtual machine manager. In versions b ...)
{DSA-6244-1}
- incus 7.0.0-1 (bug #1135644)
NOTE: https://github.com/lxc/incus/security/advisories/GHSA-c839-4qxr-j4x3
NOTE: https://github.com/lxc/incus/pull/3273
-CVE-2026-40197
+CVE-2026-40197 (Incus is a system container and virtual machine manager. In versions b ...)
{DSA-6247-1 DSA-6244-1}
- incus 7.0.0-1 (bug #1135644)
- lxd <removed>
@@ -3195,7 +3375,7 @@ CVE-2026-35527 (Incus is an open source container and virtual machine manager. I
[trixie] - incus <not-affected> (Vulnerable code not present, introduced in 6.22/6.0.6)
NOTE: https://github.com/lxc/incus/security/advisories/GHSA-8gw4-p4wq-4hcv
NOTE: https://github.com/lxc/incus/pull/3273
-CVE-2026-40195
+CVE-2026-40195 (Incus is a system container and virtual machine manager. In versions b ...)
{DSA-6244-1}
- incus 7.0.0-1 (bug #1135644)
NOTE: https://github.com/lxc/incus/security/advisories/GHSA-gc7j-g665-rxr9
@@ -4020,21 +4200,25 @@ CVE-2026-6389 (IBM Turbonomic prometurbo agent 8.16.0 through 8.17.6 IBM Turbono
CVE-2026-6127 (The Elementor Website Builder plugin for WordPress is vulnerable to St ...)
NOT-FOR-US: WordPress plugin
CVE-2026-5656 (Profile import path traversal in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to ...)
+ {DSA-6249-1}
- wireshark 4.6.5-1 (bug #1135323)
[bookworm] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2026-21.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/21115
CVE-2026-5405 (RDP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to ...)
+ {DSA-6249-1}
- wireshark 4.6.5-1 (bug #1135323)
[bookworm] - wireshark 4.0.17-0+deb12u3
NOTE: https://www.wireshark.org/security/wnpa-sec-2026-17.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/21105
CVE-2026-5404 (K12 RF5 file parser crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4 ...)
+ {DSA-6249-1}
- wireshark 4.6.5-1 (bug #1135323)
[bookworm] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2026-15.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/21094
CVE-2026-5403 (SBC codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows ...)
+ {DSA-6249-1}
- wireshark 4.6.5-1 (bug #1135323)
[bookworm] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2026-16.html
@@ -4322,51 +4506,61 @@ CVE-2026-7401 (A vulnerability was detected in SourceCodester CET Automated Grad
CVE-2026-7400 (A security vulnerability has been detected in geekgod382 filesystem-mc ...)
NOT-FOR-US: filesystem-mcp-server
CVE-2026-7379 (Memory leak in sharkd 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial ...)
+ {DSA-6249-1}
- wireshark 4.6.5-1 (bug #1135323)
[bookworm] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2026-47.html
NOTE: https://gitlab.com/wireshark/wireshark/-/work_items/21214
CVE-2026-7378 (Crash in sharkd 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of se ...)
+ {DSA-6249-1}
- wireshark 4.6.5-1 (bug #1135323)
[bookworm] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2026-49.html
NOTE: https://gitlab.com/wireshark/wireshark/-/work_items/21207
CVE-2026-7376 (Crash in sharkd 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of se ...)
+ {DSA-6249-1}
- wireshark 4.6.5-1 (bug #1135323)
[bookworm] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2026-48.html
NOTE: https://gitlab.com/wireshark/wireshark/-/work_items/21206
CVE-2026-7375 (UDS protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4 ...)
+ {DSA-6249-1}
- wireshark 4.6.5-1 (bug #1135323)
[bookworm] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2026-50.html
NOTE: https://gitlab.com/wireshark/wireshark/-/work_items/21225
CVE-2026-6870 (GSM RP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 ...)
+ {DSA-6249-1}
- wireshark 4.6.5-1 (bug #1135323)
[bookworm] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2026-43.html
NOTE: https://gitlab.com/wireshark/wireshark/-/work_items/21189
CVE-2026-6869 (WebSocket protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4 ...)
+ {DSA-6249-1}
- wireshark 4.6.5-1 (bug #1135323)
[bookworm] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2026-44.html
NOTE: https://gitlab.com/wireshark/wireshark/-/work_items/21190
CVE-2026-6868 (HTTP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to ...)
+ {DSA-6249-1}
- wireshark 4.6.5-1 (bug #1135323)
[bookworm] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2026-46.html
NOTE: https://gitlab.com/wireshark/wireshark/-/work_items/21185
CVE-2026-6867 (SMB2 protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to ...)
+ {DSA-6249-1}
- wireshark 4.6.5-1 (bug #1135323)
[bookworm] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2026-45.html
NOTE: https://gitlab.com/wireshark/wireshark/-/work_items/21191
CVE-2026-6538 (BEEP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to ...)
+ {DSA-6249-1}
- wireshark 4.6.5-1 (bug #1135323)
[bookworm] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2026-23.html
NOTE: https://gitlab.com/wireshark/wireshark/-/work_items/21120
CVE-2026-6537 (ZigBee protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 ...)
+ {DSA-6249-1}
- wireshark 4.6.5-1 (bug #1135323)
[bookworm] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2026-24.html
@@ -4378,35 +4572,42 @@ CVE-2026-6536 (DLMS/COSEM protocol dissector infinite loop in Wireshark 4.6.0 to
NOTE: https://www.wireshark.org/security/wnpa-sec-2026-25.html
NOTE: https://gitlab.com/wireshark/wireshark/-/work_items/21065
CVE-2026-6535 (Dissection engine zlib decompression crash in Wireshark 4.6.0 to 4.6.4 ...)
+ {DSA-6249-1}
- wireshark 4.6.5-1 (bug #1135323)
[bookworm] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2026-26.html
CVE-2026-6534 (USB HID protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 a ...)
+ {DSA-6249-1}
- wireshark 4.6.5-1 (bug #1135323)
[bookworm] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2026-27.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/21121
CVE-2026-6533 (Dissection engine LZ77 decompression crash in Wireshark 4.6.0 to 4.6.4 ...)
+ {DSA-6249-1}
- wireshark 4.6.5-1 (bug #1135323)
[bookworm] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2026-28.html
NOTE: https://gitlab.com/wireshark/wireshark/-/work_items/21127
CVE-2026-6532 (Kismet protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 ...)
+ {DSA-6249-1}
- wireshark 4.6.5-1 (bug #1135323)
[bookworm] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2026-29.html
NOTE: https://gitlab.com/wireshark/wireshark/-/work_items/21129
CVE-2026-6531 (SANE protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and ...)
+ {DSA-6249-1}
- wireshark 4.6.5-1 (bug #1135323)
[bookworm] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2026-30.html
NOTE: https://gitlab.com/wireshark/wireshark/-/work_items/21139
CVE-2026-6530 (DCP-ETSI protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4. ...)
+ {DSA-6249-1}
- wireshark 4.6.5-1 (bug #1135323)
[bookworm] - wireshark 4.0.17-0+deb12u3
NOTE: https://www.wireshark.org/security/wnpa-sec-2026-31.html
NOTE: https://gitlab.com/wireshark/wireshark/-/work_items/21144
CVE-2026-6529 (iLBC audio codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 ...)
+ {DSA-6249-1}
- wireshark 4.6.5-1 (bug #1135323)
[bookworm] - wireshark 4.0.17-0+deb12u3
NOTE: https://www.wireshark.org/security/wnpa-sec-2026-32.html
@@ -4419,6 +4620,7 @@ CVE-2026-6528 (TLS protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4
NOTE: https://gitlab.com/wireshark/wireshark/-/work_items/21151
NOTE: https://gitlab.com/wireshark/wireshark/-/work_items/21147
CVE-2026-6527 (ASN.1 PER protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4 ...)
+ {DSA-6249-1}
- wireshark 4.6.5-1 (bug #1135323)
[bookworm] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2026-34.html
@@ -4437,32 +4639,38 @@ CVE-2026-6525 (IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.4)
NOTE: https://www.wireshark.org/security/wnpa-sec-2026-36.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/21008
CVE-2026-6524 (MySQL protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 t ...)
+ {DSA-6249-1}
- wireshark 4.6.5-1 (bug #1135323)
[bookworm] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2026-37.html
NOTE: https://gitlab.com/wireshark/wireshark/-/work_items/21172
CVE-2026-6523 (GNW protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4 ...)
+ {DSA-6249-1}
- wireshark 4.6.5-1 (bug #1135323)
[bookworm] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2026-38.html
NOTE: https://gitlab.com/wireshark/wireshark/-/work_items/21177
CVE-2026-6522 (RPKI-Router protocol dissector infinite loop in Wireshark 4.6.0 to 4.6 ...)
+ {DSA-6249-1}
- wireshark 4.6.5-1 (bug #1135323)
[bookworm] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2026-42.html
NOTE: https://gitlab.com/wireshark/wireshark/-/work_items/21186
CVE-2026-6521 (OpenFlow v5 protocol dissector infinite loops in Wireshark 4.6.0 to 4. ...)
+ {DSA-6249-1}
- wireshark 4.6.5-1 (bug #1135323)
[bookworm] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2026-39.html
NOTE: https://gitlab.com/wireshark/wireshark/-/work_items/21182
NOTE: https://gitlab.com/wireshark/wireshark/-/work_items/21188
CVE-2026-6520 (OpenFlow v6 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6 ...)
+ {DSA-6249-1}
- wireshark 4.6.5-1 (bug #1135323)
[bookworm] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2026-40.html
NOTE: https://gitlab.com/wireshark/wireshark/-/work_items/21181
CVE-2026-6519 (MBIM protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and ...)
+ {DSA-6249-1}
- wireshark 4.6.5-1 (bug #1135323)
[bookworm] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2026-41.html
@@ -4470,6 +4678,7 @@ CVE-2026-6519 (MBIM protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4
CVE-2026-6221
REJECTED
CVE-2026-5657 (iLBC codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allow ...)
+ {DSA-6249-1}
- wireshark 4.6.5-1 (bug #1135323)
[bookworm] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2026-20.html
@@ -4481,31 +4690,37 @@ CVE-2026-5655 (SDP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 allows d
NOTE: https://www.wireshark.org/security/wnpa-sec-2026-19.html
NOTE: https://gitlab.com/wireshark/wireshark/-/work_items/21112
CVE-2026-5654 (AMR-NB codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 all ...)
+ {DSA-6249-1}
- wireshark 4.6.5-1 (bug #1135323)
[bookworm] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2026-18.html
NOTE: https://gitlab.com/wireshark/wireshark/-/work_items/21111
CVE-2026-5653 (DCP-ETSI protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4. ...)
+ {DSA-6249-1}
- wireshark 4.6.5-1 (bug #1135323)
[bookworm] - wireshark 4.0.17-0+deb12u3
NOTE: https://www.wireshark.org/security/wnpa-sec-2026-22.html
NOTE: https://gitlab.com/wireshark/wireshark/-/work_items/21122
CVE-2026-5409 (Monero protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 ...)
+ {DSA-6249-1}
- wireshark 4.6.5-1 (bug #1135323)
[bookworm] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2026-08.html
NOTE: https://gitlab.com/wireshark/wireshark/-/work_items/21066
CVE-2026-5408 (BT-DHT protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 ...)
+ {DSA-6249-1}
- wireshark 4.6.5-1 (bug #1135323)
[bookworm] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2026-09.html
NOTE: https://gitlab.com/wireshark/wireshark/-/work_items/21067
CVE-2026-5407 (SMB2 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and ...)
+ {DSA-6249-1}
- wireshark 4.6.5-1 (bug #1135323)
[bookworm] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2026-11.html
NOTE: https://gitlab.com/wireshark/wireshark/-/work_items/21073
CVE-2026-5406 (FC-SWILS protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4. ...)
+ {DSA-6249-1}
- wireshark 4.6.5-1 (bug #1135323)
[bookworm] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2026-10.html
@@ -4517,11 +4732,13 @@ CVE-2026-5402 (TLS protocol dissector heap overflow in Wireshark 4.6.0 to 4.6.4
NOTE: https://www.wireshark.org/security/wnpa-sec-2026-14.html
NOTE: https://gitlab.com/wireshark/wireshark/-/work_items/21090
CVE-2026-5401 (AFP Spotlight protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and ...)
+ {DSA-6249-1}
- wireshark 4.6.5-1 (bug #1135323)
[bookworm] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2026-13.html
NOTE: https://gitlab.com/wireshark/wireshark/-/work_items/21088
CVE-2026-5299 (ICMPv6 PvD protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4. ...)
+ {DSA-6249-1}
- wireshark 4.6.5-1 (bug #1135323)
[bookworm] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2026-12.html
@@ -9725,9 +9942,9 @@ CVE-2026-6553 (Changing backend users' passwords via the user settings module re
NOT-FOR-US: TYPO3 (core or extensions)
CVE-2026-6550 (Cryptographic algorithm downgrade in the caching layer of Amazon AWS E ...)
NOT-FOR-US: Amazon
-CVE-2026-6257 (Vvveb CMS v1.0.8 contains a remote code execution vulnerability in its ...)
+CVE-2026-6257 (Vvveb CMS prior to v1.0.8.2 contains a remote code execution vulnerabi ...)
NOT-FOR-US: Vvveb CMS
-CVE-2026-6249 (Vvveb CMS 1.0.8 contains a remote code execution vulnerability in its ...)
+CVE-2026-6249 (Vvveb CMS 1.0.8.2 contains a remote code execution vulnerability in it ...)
NOT-FOR-US: Vvveb CMS
CVE-2026-6058 (** UNSUPPORTED WHEN ASSIGNED ** An improper encoding or escaping vulne ...)
NOT-FOR-US: Zyxel
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ae94436f54341b5018723726bae79f1e07e4a610
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ae94436f54341b5018723726bae79f1e07e4a610
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260507/d88b6dbe/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list