[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue May 12 08:12:54 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6f620c8f by security tracker role at 2026-05-12T07:12:48+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,10 +1,382 @@
-CVE-2026-7010
+CVE-2026-8349 (A flaw has been found in omec-project amf up to 2.1.1. This vulnerabil ...)
+ TODO: check
+CVE-2026-8346 (A vulnerability was detected in D-Link DIR-816 1.10CNB05_R1B011D88210. ...)
+ TODO: check
+CVE-2026-8345 (A security vulnerability has been detected in D-Link DIR-816 1.10CNB05 ...)
+ TODO: check
+CVE-2026-8344 (A weakness has been identified in D-Link DIR-816 1.10CNB05_R1B011D8821 ...)
+ TODO: check
+CVE-2026-8321 (A vulnerability was detected in inkeep agents 0.58.14. This vulnerabil ...)
+ TODO: check
+CVE-2026-8320 (A security vulnerability has been detected in jishenghua jshERP up to ...)
+ TODO: check
+CVE-2026-8319 (A weakness has been identified in aiwaves-cn agents up to e8c4e3c2d197 ...)
+ TODO: check
+CVE-2026-7287 (** UNSUPPORTED WHEN ASSIGNED ** A buffer overflow vulnerability in the ...)
+ TODO: check
+CVE-2026-7257 (** UNSUPPORTED WHEN ASSIGNED ** An insecure storage of sensitive infor ...)
+ TODO: check
+CVE-2026-7256 (** UNSUPPORTED WHEN ASSIGNED ** A command injection vulnerability in t ...)
+ TODO: check
+CVE-2026-7255 (** UNSUPPORTED WHEN ASSIGNED ** An improper restriction of excessive a ...)
+ TODO: check
+CVE-2026-45430 (The Salesforce module before 1.x-1.0.1 for Backdrop CMS does not prope ...)
+ TODO: check
+CVE-2026-45393 (Reserved. Details will be published at disclosure.)
+ TODO: check
+CVE-2026-45392 (Reserved. Details will be published at disclosure.)
+ TODO: check
+CVE-2026-45391 (Reserved. Details will be published at disclosure.)
+ TODO: check
+CVE-2026-45362 (Sangoma Switchvox before 8.4 places cleartext SIP authentication crede ...)
+ TODO: check
+CVE-2026-45321 (On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious ...)
+ TODO: check
+CVE-2026-45026 (WeGIA is a web manager for charitable institutions. In versions prior ...)
+ TODO: check
+CVE-2026-45025 (WeGIA is a web manager for charitable institutions. In versions prior ...)
+ TODO: check
+CVE-2026-44695 (Outline is a service that allows for collaborative documentation. Prio ...)
+ TODO: check
+CVE-2026-43914 (Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to ...)
+ TODO: check
+CVE-2026-43913 (Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to ...)
+ TODO: check
+CVE-2026-43912 (Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to ...)
+ TODO: check
+CVE-2026-43911 (Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to ...)
+ TODO: check
+CVE-2026-43901 (Wireshark MCP is an MCP Server that turns tshark into a structured ana ...)
+ TODO: check
+CVE-2026-43900 (DeepChat is an open-source artificial intelligence agent platform that ...)
+ TODO: check
+CVE-2026-43899 (DeepChat is an open-source artificial intelligence agent platform that ...)
+ TODO: check
+CVE-2026-43897 (Link Preview JS extracts web links information. Prior to 4.0.1, the li ...)
+ TODO: check
+CVE-2026-43893 (exiftool-vendored provides cross-platform Node.js access to ExifTool. ...)
+ TODO: check
+CVE-2026-43890 (Outline is a service that allows for collaborative documentation. From ...)
+ TODO: check
+CVE-2026-43889 (Outline is a service that allows for collaborative documentation. Prio ...)
+ TODO: check
+CVE-2026-43888 (Outline is a service that allows for collaborative documentation. Prio ...)
+ TODO: check
+CVE-2026-43887 (Outline is a service that allows for collaborative documentation. From ...)
+ TODO: check
+CVE-2026-43886 (Outline is a service that allows for collaborative documentation. From ...)
+ TODO: check
+CVE-2026-43885 (WWBN AVideo is an open source video platform. In versions up to and in ...)
+ TODO: check
+CVE-2026-43884 (WWBN AVideo is an open source video platform. In versions up to and in ...)
+ TODO: check
+CVE-2026-43883 (WWBN AVideo is an open source video platform. In versions up to and in ...)
+ TODO: check
+CVE-2026-43882 (WWBN AVideo is an open source video platform. In versions up to and in ...)
+ TODO: check
+CVE-2026-43881 (WWBN AVideo is an open source video platform. In versions up to and in ...)
+ TODO: check
+CVE-2026-43880 (WWBN AVideo is an open source video platform. In versions up to and in ...)
+ TODO: check
+CVE-2026-43879 (WWBN AVideo is an open source video platform. In versions up to and in ...)
+ TODO: check
+CVE-2026-43878 (WWBN AVideo is an open source video platform. In versions up to and in ...)
+ TODO: check
+CVE-2026-43877 (WWBN AVideo is an open source video platform. In versions up to and in ...)
+ TODO: check
+CVE-2026-43876 (WWBN AVideo is an open source video platform. In versions up to and in ...)
+ TODO: check
+CVE-2026-43875 (WWBN AVideo is an open source video platform. In versions up to and in ...)
+ TODO: check
+CVE-2026-43874 (WWBN AVideo is an open source video platform. In versions up to and in ...)
+ TODO: check
+CVE-2026-43873 (WWBN AVideo is an open source video platform. In versions up to and in ...)
+ TODO: check
+CVE-2026-43668 (A use after free issue was addressed with improved memory management. ...)
+ TODO: check
+CVE-2026-43666 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+ TODO: check
+CVE-2026-43661 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ TODO: check
+CVE-2026-43660 (A validation issue was addressed with improved logic. This issue is fi ...)
+ TODO: check
+CVE-2026-43659 (A race condition was addressed with additional validation. This issue ...)
+ TODO: check
+CVE-2026-43658 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2026-43656 (An out-of-bounds write issue was addressed with improved input validat ...)
+ TODO: check
+CVE-2026-43655 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ TODO: check
+CVE-2026-43654 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2026-43653 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2026-43652 (A permissions issue was addressed with additional restrictions. This i ...)
+ TODO: check
+CVE-2026-42888 (Audiobookshelf is a self-hosted audiobook and podcast server. Prior to ...)
+ TODO: check
+CVE-2026-42887 (Audiobookshelf is a self-hosted audiobook and podcast server. Prior to ...)
+ TODO: check
+CVE-2026-42886 (Audiobookshelf is a self-hosted audiobook and podcast server. Prior to ...)
+ TODO: check
+CVE-2026-42885 (Audiobookshelf is a self-hosted audiobook and podcast server. Prior to ...)
+ TODO: check
+CVE-2026-42884 (Audiobookshelf is a self-hosted audiobook and podcast server. Prior to ...)
+ TODO: check
+CVE-2026-42883 (Audiobookshelf is a self-hosted audiobook and podcast server. Prior to ...)
+ TODO: check
+CVE-2026-42882 (oxyno-zeta/s3-proxy is an aws s3 proxy written in go. Prior to 5.0.0, ...)
+ TODO: check
+CVE-2026-42876 (External Secrets Operator reads information from a third-party service ...)
+ TODO: check
+CVE-2026-42875 (External Secrets Operator reads information from a third-party service ...)
+ TODO: check
+CVE-2026-42874 (Microdot is a minimalistic Python web framework. Prior to 2.6.1, the R ...)
+ TODO: check
+CVE-2026-42873 (WeGIA is a web manager for charitable institutions. In versions prior ...)
+ TODO: check
+CVE-2026-42872 (WeGIA is a web manager for charitable institutions. In versions prior ...)
+ TODO: check
+CVE-2026-42870 (WeGIA is a web manager for charitable institutions. In versions prior ...)
+ TODO: check
+CVE-2026-42869 (SOCFortress CoPilot focuses on providing a single pane of glass for al ...)
+ TODO: check
+CVE-2026-42600 (MinIO is a high-performance object storage system. From RELEASE.2022-0 ...)
+ TODO: check
+CVE-2026-42565 (@workos/authkit-session is a toolkit for building WorkOS AuthKit frame ...)
+ TODO: check
+CVE-2026-42564 (jotty\xb7page is a self-hosted app for your checklists and notes. Prio ...)
+ TODO: check
+CVE-2026-42554 (Fiber is a web framework for Go. Prior to 2.52.12 and 3.1.0, Cross-Sit ...)
+ TODO: check
+CVE-2026-42188 (Geyser is a bridge between Minecraft: Bedrock Edition and Minecraft: J ...)
+ TODO: check
+CVE-2026-42046 (libcaca is a colour ASCII art library. In 0.99.beta20 and earlier, an ...)
+ TODO: check
+CVE-2026-41872 ("Kura Sushi Official App" provided by EPG, Inc. is vulnerable to impro ...)
+ TODO: check
+CVE-2026-41530 (The automatic folder creation feature of Lhaz and Lhaz+ provided by Ch ...)
+ TODO: check
+CVE-2026-41489 (Pi-hole is a DNS sinkhole that protects devices from unwanted content ...)
+ TODO: check
+CVE-2026-40137 (SAP TAF_APPLAUNCHER within Business Server Pages allows an unauthentic ...)
+ TODO: check
+CVE-2026-40136 (SAP Financial Consolidation allows an authenticated attacker to discon ...)
+ TODO: check
+CVE-2026-40135 (An OS Command Injection vulnerability exists in the SAP NetWeaver Appl ...)
+ TODO: check
+CVE-2026-40134 (Due to insufficient authorization checks in the SAP Incentive and Comm ...)
+ TODO: check
+CVE-2026-40133 (Due to missing authorization check in SAP S/4HANA Condition Maintenanc ...)
+ TODO: check
+CVE-2026-40132 (Due to missing authorization check in SAP Strategic Enterprise Managem ...)
+ TODO: check
+CVE-2026-40131 (SQL injection vulnerability exists in @sap/hdi-deploy package, where S ...)
+ TODO: check
+CVE-2026-40129 (Due to a Code Injection vulnerability in SAP Application Server ABAP f ...)
+ TODO: check
+CVE-2026-39871 (A path handling issue was addressed with improved logic. This issue is ...)
+ TODO: check
+CVE-2026-39870 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2026-39869 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2026-37630 (An issue in QuickJS-NG v.0.12.1 allows an attacker to execute arbitrar ...)
+ TODO: check
+CVE-2026-36734 (EDIMAX BR-6428nS V3 1.15 is vulnerable to Command Injection. An authen ...)
+ TODO: check
+CVE-2026-34963 (barebox version prior to 2026.04.0 contains multiple memory-safety vul ...)
+ TODO: check
+CVE-2026-34962 (barebox version prior to 2026.04.0 contains a denial-of-service vulner ...)
+ TODO: check
+CVE-2026-34961 (barebox prior to version 2026.04.0 contains out-of-bounds read vulnera ...)
+ TODO: check
+CVE-2026-34960 (barebox prior to version 2026.04.0 contains an out-of-bounds read vuln ...)
+ TODO: check
+CVE-2026-34263 (Due to improper Spring Security configuration, SAP Commerce cloud allo ...)
+ TODO: check
+CVE-2026-34260 (SAP S/4HANA (SAP Enterprise Search for ABAP) contains a SQL injection ...)
+ TODO: check
+CVE-2026-34259 (Due to an OS Command Execution vulnerability in SAP Forecasting & Repl ...)
+ TODO: check
+CVE-2026-34258 (SAPUI5 (Search UI) allows an unauthenticated attacker to manipulate sp ...)
+ TODO: check
+CVE-2026-2614 (A vulnerability in the `_create_model_version()` handler of `mlflow/se ...)
+ TODO: check
+CVE-2026-28996 (A race condition was addressed with additional validation. This issue ...)
+ TODO: check
+CVE-2026-28995 (A logic issue was addressed with improved restrictions. This issue is ...)
+ TODO: check
+CVE-2026-28994 (A use after free issue was addressed with improved memory management. ...)
+ TODO: check
+CVE-2026-28993 (This issue was addressed by adding an additional prompt for user conse ...)
+ TODO: check
+CVE-2026-28992 (A memory corruption vulnerability was addressed with improved locking. ...)
+ TODO: check
+CVE-2026-28991 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ TODO: check
+CVE-2026-28990 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2026-28988 (A permissions issue was addressed with additional restrictions. This i ...)
+ TODO: check
+CVE-2026-28987 (A logging issue was addressed with improved data redaction. This issue ...)
+ TODO: check
+CVE-2026-28986 (A race condition was addressed with additional validation. This issue ...)
+ TODO: check
+CVE-2026-28985 (A null pointer dereference was addressed with improved input validatio ...)
+ TODO: check
+CVE-2026-28983 (A type confusion issue was addressed with improved checks. This issue ...)
+ TODO: check
+CVE-2026-28978 (A permissions issue was addressed with additional restrictions. This i ...)
+ TODO: check
+CVE-2026-28977 (The issue was addressed with improved bounds checks. This issue is fix ...)
+ TODO: check
+CVE-2026-28976 (An information leakage was addressed with additional validation. This ...)
+ TODO: check
+CVE-2026-28974 (This issue was addressed with improved checks to prevent unauthorized ...)
+ TODO: check
+CVE-2026-28972 (An out-of-bounds write issue was addressed with improved input validat ...)
+ TODO: check
+CVE-2026-28971 (The issue was addressed with improved UI handling. This issue is fixed ...)
+ TODO: check
+CVE-2026-28969 (A use after free issue was addressed with improved memory management. ...)
+ TODO: check
+CVE-2026-28967 (A denial-of-service issue was addressed with improved input validation ...)
+ TODO: check
+CVE-2026-28965 (A privacy issue was addressed with improved checks. This issue is fixe ...)
+ TODO: check
+CVE-2026-28964 (An inconsistent user interface issue was addressed with improved state ...)
+ TODO: check
+CVE-2026-28963 (A privacy issue was addressed by removing the vulnerable code. This is ...)
+ TODO: check
+CVE-2026-28962 (This issue was addressed with improved access restrictions. This issue ...)
+ TODO: check
+CVE-2026-28961 (This issue was addressed with improved checks. This issue is fixed in ...)
+ TODO: check
+CVE-2026-28959 (A buffer overflow was addressed with improved bounds checking. This is ...)
+ TODO: check
+CVE-2026-28958 (This issue was addressed with improved data protection. This issue is ...)
+ TODO: check
+CVE-2026-28957 (An issue with app access to camera metadata was addressed with improve ...)
+ TODO: check
+CVE-2026-28956 (A memory corruption issue was addressed with improved input validation ...)
+ TODO: check
+CVE-2026-28955 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2026-28954 (A file quarantine bypass was addressed with additional checks. This is ...)
+ TODO: check
+CVE-2026-28953 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2026-28952 (An integer overflow was addressed with improved input validation. This ...)
+ TODO: check
+CVE-2026-28951 (An authorization issue was addressed with improved state management. T ...)
+ TODO: check
+CVE-2026-28947 (A use-after-free issue was addressed with improved memory management. ...)
+ TODO: check
+CVE-2026-28946 (A use-after-free issue was addressed with improved memory management. ...)
+ TODO: check
+CVE-2026-28944 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2026-28943 (A logging issue was addressed with improved data redaction. This issue ...)
+ TODO: check
+CVE-2026-28942 (A use-after-free issue was addressed with improved memory management. ...)
+ TODO: check
+CVE-2026-28941 (The issue was addressed with improved checks. This issue is fixed in i ...)
+ TODO: check
+CVE-2026-28940 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2026-28936 (The issue was addressed with improved checks. This issue is fixed in i ...)
+ TODO: check
+CVE-2026-28930 (A permissions issue was addressed with additional restrictions. This i ...)
+ TODO: check
+CVE-2026-28929 (A logic issue was addressed with improved checks. This issue is fixed ...)
+ TODO: check
+CVE-2026-28925 (A buffer overflow was addressed with improved bounds checking. This is ...)
+ TODO: check
+CVE-2026-28924 (A race condition was addressed with improved handling of symbolic link ...)
+ TODO: check
+CVE-2026-28923 (A logging issue was addressed with improved data redaction. This issue ...)
+ TODO: check
+CVE-2026-28922 (This issue was addressed through improved state management. This issue ...)
+ TODO: check
+CVE-2026-28920 (An information leakage was addressed with additional validation. This ...)
+ TODO: check
+CVE-2026-28919 (A consistency issue was addressed with improved state handling. This i ...)
+ TODO: check
+CVE-2026-28918 (An out-of-bounds access issue was addressed with improved bounds check ...)
+ TODO: check
+CVE-2026-28917 (The issue was addressed with improved input validation. This issue is ...)
+ TODO: check
+CVE-2026-28915 (A parsing issue in the handling of directory paths was addressed with ...)
+ TODO: check
+CVE-2026-28914 (A logic issue was addressed with improved file handling. This issue is ...)
+ TODO: check
+CVE-2026-28913 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2026-28910 (This issue was addressed with improved permissions checking. This issu ...)
+ TODO: check
+CVE-2026-28908 (A denial of service issue was addressed by removing the vulnerable cod ...)
+ TODO: check
+CVE-2026-28907 (The issue was addressed with improved input validation. This issue is ...)
+ TODO: check
+CVE-2026-28906 (This issue was addressed through improved state management. This issue ...)
+ TODO: check
+CVE-2026-28905 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2026-28904 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2026-28903 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2026-28902 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2026-28901 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2026-28897 (A buffer overflow was addressed with improved input validation. This i ...)
+ TODO: check
+CVE-2026-28883 (A use-after-free issue was addressed with improved memory management. ...)
+ TODO: check
+CVE-2026-28873 (This issue was addressed with additional entitlement checks. This issu ...)
+ TODO: check
+CVE-2026-28872 (A resource exhaustion issue was addressed with improved input validati ...)
+ TODO: check
+CVE-2026-28860 (The issue was addressed with improved input validation. This issue is ...)
+ TODO: check
+CVE-2026-28848 (A buffer overflow was addressed with improved bounds checking. This is ...)
+ TODO: check
+CVE-2026-28847 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2026-28846 (A buffer overflow was addressed with improved bounds checking. This is ...)
+ TODO: check
+CVE-2026-28840 (A permissions issue was addressed with additional restrictions. This i ...)
+ TODO: check
+CVE-2026-28830 (A race condition was addressed with additional validation. This issue ...)
+ TODO: check
+CVE-2026-28819 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+ TODO: check
+CVE-2026-27682 (Due to a reflected cross-site scripting (XSS) vulnerability in SAP Net ...)
+ TODO: check
+CVE-2026-20696 (An authorization issue was addressed with improved state management. T ...)
+ TODO: check
+CVE-2026-1681 (Issuing an ICMP ping via the `net ping` shell command to a device's ow ...)
+ TODO: check
+CVE-2026-1185 (A configuration file on the local file system had improper input valid ...)
+ TODO: check
+CVE-2026-0804 (An ACAP configuration file lacked sufficient input validation, which c ...)
+ TODO: check
+CVE-2026-0802 (An ACAP configuration file lacked sufficient input validation, which c ...)
+ TODO: check
+CVE-2026-0541 (ACAP applications can gain elevated privileges due to improper input v ...)
+ TODO: check
+CVE-2026-0502 (Due to insufficient CSRF protection in SAP BusinessObjects Business In ...)
+ TODO: check
+CVE-2026-7010 (HTTP::Tiny versions before 0.093 for Perl do not validate CRLF in HTTP ...)
- libhttp-tiny-perl <unfixed>
NOTE: https://lists.security.metacpan.org/cve-announce/msg/39952806/
NOTE: Fixed by: https://github.com/Perl-Toolchain-Gang/HTTP-Tiny/commit/d73c7651e82ace02693842df55928b6c3ae7c38d (release-0.093)
-CVE-2026-6146
+CVE-2026-6146 (Amazon::Credentials versions through 1.2.0 for Perl uses rand to gener ...)
NOT-FOR-US: Amazon::Credentials Perl module
-CVE-2022-4988
+CVE-2022-4988 (Alien::FreeImage versions through 1.001 for Perl contains several vuln ...)
NOT-FOR-US: Alien::FreeImage Perl module
CVE-2026-8318 (A security flaw has been discovered in VectifyAI PageIndex up to f50e5 ...)
NOT-FOR-US: VectifyAI PageIndex
@@ -525,7 +897,7 @@ CVE-2021-47948 (WordPress GetPaid Plugin 2.4.6 contains an HTML injection vulner
NOT-FOR-US: WordPress plugin
CVE-2021-47947 (Projectsend r1295 contains a stored cross-site scripting vulnerability ...)
NOT-FOR-US: Projectsend
-CVE-2021-47946 (OpenCart 3.0.36 contains a cross-site request forgery vulnerability in ...)
+CVE-2021-47946 (OpenCart 3.0.3.6 contains a cross-site request forgery vulnerability i ...)
NOT-FOR-US: OpenCart
CVE-2021-47945 (Argus Surveillance DVR 4.0 contains an unquoted service path vulnerabi ...)
NOT-FOR-US: Argus Surveillance DVR
@@ -2338,7 +2710,7 @@ CVE-2026-6411 (This vulnerability, in the MAXHUB Pivot client application versio
NOT-FOR-US: MAXHUB Pivot
CVE-2026-4935 (The OttoKit: All-in-One Automation Platform WordPress plugin before 1. ...)
NOT-FOR-US: WordPress plugin
-CVE-2026-44916 (In OpenStack Ironic through 35.x, instance_info['ks_template'] is rend ...)
+CVE-2026-44916 (In OpenStack Ironic before 35.0.2 (in a certain non-default configurat ...)
- ironic 1:35.0.1-2 (bug #1136005)
NOTE: https://bugs.launchpad.net/ironic/+bug/2148307
NOTE: https://review.opendev.org/c/openstack/ironic/+/987514
@@ -6216,7 +6588,7 @@ CVE-2025-14726 (The Widgets for Social Photo Feed plugin for WordPress is vulner
NOT-FOR-US: WordPress plugin
CVE-2025-12993
REJECTED
-CVE-2026-42050 [Stack buffer overflow in XTileImage]
+CVE-2026-42050 (ImageMagick is free and open-source software used for editing and mani ...)
- imagemagick 8:7.1.2.21+dfsg1-1
[trixie] - imagemagick <postponed> (Minor issue, fix along with future update)
[bookworm] - imagemagick <postponed> (Minor issue, fix along with future update)
@@ -10682,7 +11054,7 @@ CVE-2026-41357 (OpenClaw before 2026.3.31 contains an environment variable leaka
NOT-FOR-US: OpenClaw
CVE-2026-41356 (OpenClaw before 2026.3.31 fails to terminate active WebSocket sessions ...)
NOT-FOR-US: OpenClaw
-CVE-2026-41355 (OpenShell before 2026.3.28 contains an arbitrary code execution vulner ...)
+CVE-2026-41355 (OpenClaw before 2026.3.28 contains an arbitrary code execution vulnera ...)
NOT-FOR-US: OpenClaw
CVE-2026-41354 (OpenClaw before 2026.4.2 contains an insufficient scope vulnerability ...)
NOT-FOR-US: OpenClaw
@@ -23443,7 +23815,7 @@ CVE-2026-34445 (Open Neural Network Exchange (ONNX) is an open standard for mach
[bullseye] - onnx <postponed> (Minor issue)
NOTE: https://github.com/onnx/onnx/security/advisories/GHSA-538c-55jv-c5g9
NOTE: https://github.com/onnx/onnx/pull/7751
-CVE-2026-34430 (ByteDance Deer-Flow versions prior to commit 92c7a20 containa sandbox ...)
+CVE-2026-34430 (ByteDance DeerFlow versions prior to commit 92c7a20 containa sandbox e ...)
NOT-FOR-US: ByteDance Deer-Flow
CVE-2026-34397 (Himmelblau is an interoperability suite for Microsoft Azure Entra ID a ...)
NOT-FOR-US: Himmelblau
@@ -25588,7 +25960,7 @@ CVE-2026-32984 (Wazuh authd contains a heap-buffer overflow vulnerability that a
NOT-FOR-US: Wazuh
CVE-2026-32983 (Wazuh Manager authd service in wazuh-manager packages through version ...)
NOT-FOR-US: Wazuh
-CVE-2026-32859 (ByteDance Deer-Flow versions prior to commit 5dbb362contain a stored c ...)
+CVE-2026-32859 (ByteDance DeerFlow versions prior to commit 5dbb362contain a stored cr ...)
NOT-FOR-US: ByteDance Deer-Flow
CVE-2026-32695 (Traefik is an HTTP reverse proxy and load balancer. Prior to versions ...)
- traefik <itp> (bug #983289)
@@ -28218,7 +28590,7 @@ CVE-2026-20664 (The issue was addressed with improved memory handling. This issu
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
[bullseye] - wpewebkit <end-of-life> (see #1035997)
NOTE: https://webkitgtk.org/security/WSA-2026-0002.html
-CVE-2026-20657 (The issue was addressed with improved memory handling. This issue is f ...)
+CVE-2026-20657 (A buffer overflow issue was addressed with improved memory handling. T ...)
NOT-FOR-US: Apple
CVE-2026-20651 (A privacy issue was addressed with improved handling of temporary file ...)
NOT-FOR-US: Apple
@@ -34660,7 +35032,7 @@ CVE-2026-32094 (Shescape is a simple shell escape library for JavaScript. Prior
NOT-FOR-US: Shescape
CVE-2026-32063 (OpenClaw version 2026.2.19-2 prior to 2026.2.21 contains a command inj ...)
NOT-FOR-US: OpenClaw
-CVE-2026-32062 (OpenClaw versions2026.2.21-2 prior to 2026.2.22 and @openclaw/voice-ca ...)
+CVE-2026-32062 (OpenClaw versions 2026.2.21-2 prior to 2026.2.22 and @openclaw/voice-c ...)
NOT-FOR-US: OpenClaw
CVE-2026-32061 (OpenClaw versions prior to 2026.2.17 contain a path traversal vulnerab ...)
NOT-FOR-US: OpenClaw
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f620c8f4201deafd06b1e9ccc64be19b63bfc18
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f620c8f4201deafd06b1e9ccc64be19b63bfc18
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260512/58be19b3/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list