[Git][security-tracker-team/security-tracker][master] automatic update

Sat May 9 20:13:33 BST 2026


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ffdf8e92 by security tracker role at 2026-05-09T19:13:27+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,29 @@
+CVE-2026-8198 (The Activity Logs, User Activity Tracking, Multisite Activity Log from ...)
+	TODO: check
+CVE-2026-8193 (A weakness has been identified in Akaunting 3.1.21. This issue affects ...)
+	TODO: check
+CVE-2026-8192 (A security flaw has been discovered in Wavlink NU516U1 M16U1_V240425.  ...)
+	TODO: check
+CVE-2026-8191 (A vulnerability was identified in Wavlink NU516U1 M16U1_V240425. This  ...)
+	TODO: check
+CVE-2026-8190 (A vulnerability was determined in Wavlink NU516U1 M16U1_V240425. Affec ...)
+	TODO: check
+CVE-2026-8189 (A vulnerability was found in Wavlink NU516U1 M16U1_V240425. Affected b ...)
+	TODO: check
+CVE-2026-8188 (A vulnerability has been found in Wavlink NU516U1 M16U1_V240425. Affec ...)
+	TODO: check
+CVE-2026-8187 (A flaw has been found in Open5GS up to 2.7.7. This impacts the functio ...)
+	TODO: check
+CVE-2026-8186 (A vulnerability was detected in Open5GS up to 2.7.7. This affects the  ...)
+	TODO: check
+CVE-2026-8185 (A security vulnerability has been detected in UGREEN CM933 1.1.59.4319 ...)
+	TODO: check
+CVE-2026-3828 (Some Hikvision switch products (discontinued since December 2023) are  ...)
+	TODO: check
+CVE-2026-32683 (Some EZVIZ products utilize older versions of cloud feature modules wi ...)
+	TODO: check
+CVE-2026-1749 (There is an Access Control Vulnerability in some HikCentral Profession ...)
+	TODO: check
 CVE-2026-8209 (Gibbon versions before v30.0.01 are affected by a path traversal vulne ...)
 	NOT-FOR-US: Gibbon
 CVE-2026-8208 (Gibbon versions before v30.0.01 are affected by a local file inclusion ...)
@@ -1458,10 +1484,10 @@ CVE-2013-10075 (Apache::Session versions through 1.94 for Perl re-creates delete
 	- libapache-session-perl <unfixed>
 	NOTE: https://lists.security.metacpan.org/cve-announce/msg/39844719/
 CVE-2026-43500 [rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present]
-	{DSA-6253-1 DLA-4572-1}
+	{DSA-6258-1 DSA-6253-1 DLA-4574-1 DLA-4572-1}
 	- linux 7.0.4-1
 CVE-2026-43284 (In the Linux kernel, the following vulnerability has been resolved:  x ...)
-	{DSA-6253-1 DLA-4572-1}
+	{DSA-6258-1 DSA-6253-1 DLA-4574-1 DLA-4572-1}
 	- linux 7.0.4-1
 CVE-2026-7258
 	{DSA-6256-1 DSA-6255-1}
@@ -1887,7 +1913,7 @@ CVE-2023-42344 (Alkacon OpenCms before 10.5.1 allows remote unauthenticated atta
 CVE-2023-42343 (A Cross Site Scripting vulnerability in Alkacon OpenCms before 10.5.1  ...)
 	NOT-FOR-US: Alkacon OpenCms
 CVE-2026-8094 (Other issue in the WebRTC component. This vulnerability was fixed in F ...)
-	{DSA-6254-1}
+	{DSA-6254-1 DLA-4575-1}
 	- firefox-esr 140.10.2esr-1
 	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-41/#CVE-2026-8094
@@ -1896,7 +1922,7 @@ CVE-2026-8093 (Memory safety bugs present in Thunderbird 150.0.1. Some of these
 	- firefox 150.0.2-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-40/#CVE-2026-8093
 CVE-2026-8092 (Memory safety bugs present in Thunderbird ESR 140.10.1 and Thunderbird ...)
-	{DSA-6254-1}
+	{DSA-6254-1 DLA-4575-1}
 	- firefox 150.0.2-1
 	- firefox-esr 140.10.2esr-1
 	- thunderbird <unfixed>
@@ -1912,7 +1938,7 @@ CVE-2026-8091 (Incorrect boundary conditions in the Audio/Video: Playback compon
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-36/#CVE-2026-8091
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-39/#CVE-2026-8091
 CVE-2026-8090 (Use-after-free in the DOM: Networking component. This vulnerability wa ...)
-	{DSA-6254-1}
+	{DSA-6254-1 DLA-4575-1}
 	- firefox 150.0.2-1
 	- firefox-esr 140.10.2esr-1
 	- thunderbird <unfixed>
@@ -18896,6 +18922,7 @@ CVE-2025-12664 (GitLab has remediated an issue in GitLab CE/EE affecting all ver
 CVE-2023-46945 (QD 20230821 is vulnerable to Server-side request forgery (SSRF) via a  ...)
 	NOT-FOR-US: QD 20230821
 CVE-2026-34757 (LIBPNG is a reference library for use in applications that read, creat ...)
+	{DLA-4573-1}
 	- libpng1.6 1.6.57-1 (bug #1133051)
 	NOTE: https://github.com/pnggroup/libpng/security/advisories/GHSA-6fr7-g8h7-v645
 	NOTE: Fixed by: https://github.com/pnggroup/libpng/commit/398cbe3df03f4e11bb031e07f416dfdde3684e8a (v1.6.57)
@@ -33066,7 +33093,7 @@ CVE-2026-32612 (Statamic is a Laravel and Git powered content management system
 CVE-2026-32598 (OneUptime is a solution for monitoring and managing online services. P ...)
 	NOT-FOR-US: OneUptime
 CVE-2026-32597 (PyJWT is a JSON Web Token implementation in Python. Prior to 2.12.0, P ...)
-	{DLA-4564-1}
+	{DSA-6259-1 DLA-4564-1}
 	- pyjwt 2.12.1-1 (bug #1130662)
 	NOTE: https://github.com/jpadilla/pyjwt/security/advisories/GHSA-752w-5fwx-jx9f
 	NOTE: Fixed by: https://github.com/jpadilla/pyjwt/commit/051ea341b5573fe3edcd53042f347929b92c2b92 (2.12.0)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ffdf8e92a12e6ffa108942ab5803c051b4fe6e0e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ffdf8e92a12e6ffa108942ab5803c051b4fe6e0e
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260509/79e6567b/attachment.htm>
