[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed May 20 08:13:11 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
304be280 by security tracker role at 2026-05-20T07:13:05+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,22 +1,424 @@
+CVE-2026-9057 (A broken access control issue has been identified in the Talend Admini ...)
+ TODO: check
+CVE-2026-9056 (A stored cross-site scripting vulnerability has been found in the Tale ...)
+ TODO: check
+CVE-2026-9010 (The Boost plugin for WordPress is vulnerable to time-based SQL Injecti ...)
+ TODO: check
+CVE-2026-9003 (E-LAN Hybrid Recording System developed by TONNET has a SQL Injection ...)
+ TODO: check
+CVE-2026-8922 (A flaw was found in Keycloak. When both realm-level and client-level ` ...)
+ TODO: check
+CVE-2026-8912 (The Contest Gallery plugin for WordPress is vulnerable to SQL Injectio ...)
+ TODO: check
+CVE-2026-8827 (The AddressRepository::getSqlQuery() method constructs a database quer ...)
+ TODO: check
+CVE-2026-8727 (The Crawler extension passes the X-T3Crawler-Meta response header from ...)
+ TODO: check
+CVE-2026-8726 (The extension fails to properly sanitize user input before using it in ...)
+ TODO: check
+CVE-2026-8711 (NGINX JavaScript has a vulnerability when the js_fetch_proxydirective ...)
+ TODO: check
+CVE-2026-8706 (Firefox for iOS hosted Reader mode on an unauthenticated local web ser ...)
+ TODO: check
+CVE-2026-8685 (The Infility Global plugin for WordPress is vulnerable to SQL Injectio ...)
+ TODO: check
+CVE-2026-8627 (The Correct Prices plugin for WordPress is vulnerable to Reflected Cro ...)
+ TODO: check
+CVE-2026-8626 (The SponsorMe plugin for WordPress is vulnerable to Reflected Cross-Si ...)
+ TODO: check
+CVE-2026-8624 (The LJ comments import: reloaded plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2026-8610 (The TypeSquare Webfonts for ConoHa plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2026-8605 (In ScadaBR version 1.2.0, a Use of Hard-Coded Credentials vulnerabilit ...)
+ TODO: check
+CVE-2026-8604 (In ScadaBR version 1.2.0, a CSRF vulnerability could allow an attacker ...)
+ TODO: check
+CVE-2026-8603 (In ScadaBR version 1.2.0, an OS Command Injection vulnerability could ...)
+ TODO: check
+CVE-2026-8602 (In ScadaBR version 1.2.0, a Missing Authentication for Critical Functi ...)
+ TODO: check
+CVE-2026-8495 (Missing Authorization vulnerability in Drupal Date iCal allows Forcefu ...)
+ TODO: check
+CVE-2026-8493 (Improper Neutralization of Input During Web Page Generation ("Cross-si ...)
+ TODO: check
+CVE-2026-8492 (Modification of Assumed-Immutable Data (MAID) vulnerability in Drupal ...)
+ TODO: check
+CVE-2026-8491 (Improper Check for Unusual or Exceptional Conditions vulnerability in ...)
+ TODO: check
+CVE-2026-8424 (The Remove Yellow BGBOX plugin for WordPress is vulnerable to Cross-Si ...)
+ TODO: check
+CVE-2026-8423 (The JaviBola Custom Theme Test plugin for WordPress is vulnerable to C ...)
+ TODO: check
+CVE-2026-8420 (The BLOGCHAT Chat System plugin for WordPress is vulnerable to Cross-S ...)
+ TODO: check
+CVE-2026-8419 (The Amazon Scraper plugin for WordPress is vulnerable to Cross-Site Re ...)
+ TODO: check
+CVE-2026-8418 (The Games Catalog plugin for WordPress is vulnerable to Cross-Site Req ...)
+ TODO: check
+CVE-2026-8370 (Execution with unnecessary privileges vulnerability in Broadcom Automi ...)
+ TODO: check
+CVE-2026-8096 (The Kirki \u2013 Freeform Page Builder, Website Builder & Customizer p ...)
+ TODO: check
+CVE-2026-8073 (The Kirki \u2013 Freeform Page Builder, Website Builder & Customizer p ...)
+ TODO: check
+CVE-2026-8038 (The Faces of Users plugin for WordPress is vulnerable to Stored Cross- ...)
+ TODO: check
+CVE-2026-7860 (A possible information disclosure vulnerability exists in the Vaadin M ...)
+ TODO: check
+CVE-2026-7637 (The Boost plugin for WordPress is vulnerable to PHP Object Injection i ...)
+ TODO: check
+CVE-2026-7571 (A flaw was found in Keycloak. A low-privilege user, with knowledge of ...)
+ TODO: check
+CVE-2026-7522 (The Advanced Database Cleaner \u2013 Premium plugin for WordPress is v ...)
+ TODO: check
+CVE-2026-7507 (A session fixation vulnerability was found in Keycloak's login-actions ...)
+ TODO: check
+CVE-2026-7504 (A flaw was found in Keycloak's URL validation logic during redirect op ...)
+ TODO: check
+CVE-2026-7472 (The Read More & Accordion plugin for WordPress is vulnerable to time-b ...)
+ TODO: check
+CVE-2026-7467 (The Read More & Accordion plugin for WordPress is vulnerable to Privil ...)
+ TODO: check
+CVE-2026-7462 (The VatanSMS WP SMS plugin for WordPress is vulnerable to Reflected Cr ...)
+ TODO: check
+CVE-2026-7460 (mailcow-dockerized contains a stored cross-site scripting vulnerabilit ...)
+ TODO: check
+CVE-2026-7385 (The Decent Comments WordPress plugin before 3.0.2 does not restrict ac ...)
+ TODO: check
+CVE-2026-7307 (A flaw was found in Keycloak. A remote, unauthenticated attacker can s ...)
+ TODO: check
+CVE-2026-7284 (The Easy Elements for Elementor \u2013 Addons & Website Templates plug ...)
+ TODO: check
+CVE-2026-6871 (Improper Neutralization of Input During Web Page Generation ("Cross-si ...)
+ TODO: check
+CVE-2026-6566 (The Photo Gallery, Sliders, Proofing and Themes \u2013 NextGEN Gallery ...)
+ TODO: check
+CVE-2026-6555 (The ProSolution WP Client plugin for WordPress is vulnerable to Arbitr ...)
+ TODO: check
+CVE-2026-6549 (The Logo Manager For Enamad plugin for WordPress is vulnerable to Stor ...)
+ TODO: check
+CVE-2026-6456 (The Account Switcher plugin for WordPress is vulnerable to Privilege E ...)
+ TODO: check
+CVE-2026-6452 (The Bigfishgames Syndicate plugin for WordPress is vulnerable to Cross ...)
+ TODO: check
+CVE-2026-6404 (The Anomify AI \u2013 Anomaly Detection and Alerting plugin for WordPr ...)
+ TODO: check
+CVE-2026-6401 (The Bottom Bar plugin for WordPress is vulnerable to Cross-Site Reques ...)
+ TODO: check
+CVE-2026-6400 (The Child Height Predictor by Ostheimer plugin for WordPress is vulner ...)
+ TODO: check
+CVE-2026-6399 (The General Options plugin for WordPress is vulnerable to Stored Cross ...)
+ TODO: check
+CVE-2026-6397 (The Sticky plugin for WordPress is vulnerable to Stored Cross-Site Scr ...)
+ TODO: check
+CVE-2026-6395 (The Word 2 Cash plugin for WordPress is vulnerable to Cross-Site Reque ...)
+ TODO: check
+CVE-2026-6394 (The Nexa Blocks \u2013 Gutenberg Blocks, Page Builder for Gutenberg Ed ...)
+ TODO: check
+CVE-2026-6391 (The Sentence To SEO (keywords, description and tags) plugin for WordPr ...)
+ TODO: check
+CVE-2026-6367 (Improper Neutralization of Input During Web Page Generation ("Cross-si ...)
+ TODO: check
+CVE-2026-6366 (Improperly Controlled Modification of Dynamically-Determined Object At ...)
+ TODO: check
+CVE-2026-6365 (Improper Neutralization of Input During Web Page Generation ("Cross-si ...)
+ TODO: check
+CVE-2026-6354
+ REJECTED
+CVE-2026-6095 (Improper Neutralization of Input During Web Page Generation ("Cross-si ...)
+ TODO: check
+CVE-2026-6072 (The Oliver POS \u2013 A WooCommerce Point of Sale (POS) plugin for Wor ...)
+ TODO: check
+CVE-2026-6009 (Java Deserialisation Vulnerability in Jaspersoft Reports Library leads ...)
+ TODO: check
+CVE-2026-5804 (An improper authentication vulnerability was discovered in the Motorol ...)
+ TODO: check
+CVE-2026-5776 (The Email Encoder WordPress plugin before 2.4.7 does not escape email ...)
+ TODO: check
+CVE-2026-5511 (In the web management interface of Archer AX72 (SG) v1, the network di ...)
+ TODO: check
+CVE-2026-5293 (The \u8a3a\u65ad\u30b8\u30a7\u30cd\u30ec\u30fc\u30bf\u4f5c\u6210\u30d7 ...)
+ TODO: check
+CVE-2026-5075 (The All in One SEO plugin for WordPress is vulnerable to Sensitive Inf ...)
+ TODO: check
+CVE-2026-4885 (The Piotnet Addons for Elementor Pro plugin for WordPress is vulnerabl ...)
+ TODO: check
+CVE-2026-4883 (The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file ...)
+ TODO: check
+CVE-2026-4630 (A flaw was found in Keycloak. An authenticated client could exploit an ...)
+ TODO: check
+CVE-2026-47784 (In memcached before 1.6.42, password data for SASL password database a ...)
+ TODO: check
+CVE-2026-47783 (In memcached before 1.6.42, username data for SASL password database a ...)
+ TODO: check
+CVE-2026-47358 (Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forg ...)
+ TODO: check
+CVE-2026-47357 (Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forg ...)
+ TODO: check
+CVE-2026-47356 (Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forg ...)
+ TODO: check
+CVE-2026-47323 (Camel-CXF and Camel-Knative Message Header Injection via Missing Inbou ...)
+ TODO: check
+CVE-2026-47317 (Uncontrolled Recursion vulnerability in Samsung Open Source Escargot a ...)
+ TODO: check
+CVE-2026-47316 (Improper Check or Handling of Exceptional Conditions vulnerability in ...)
+ TODO: check
+CVE-2026-47315 (Improper Check for Unusual or Exceptional Conditions vulnerability in ...)
+ TODO: check
+CVE-2026-47314 (Out-of-bounds write vulnerability in Samsung Open Source Escargot allo ...)
+ TODO: check
+CVE-2026-47313 (Memory allocation with excessive size value vulnerability in Samsung O ...)
+ TODO: check
+CVE-2026-47312 (Release of invalid pointer or reference vulnerability in Samsung Open ...)
+ TODO: check
+CVE-2026-47107 (Windmill prior to 1.703.2 contains an incorrect default permissions vu ...)
+ TODO: check
+CVE-2026-47100 (Funnel Builder for WooCommerce Checkout prior to 3.15.0.3 contains a m ...)
+ TODO: check
+CVE-2026-46725 (The extension passes an attacker-controlled cookie directly to PHP's u ...)
+ TODO: check
+CVE-2026-46724 (The file indexer does not normalize the configured directory path. A b ...)
+ TODO: check
+CVE-2026-46723 (The additional_tables configuration of the page and tt_content indexer ...)
+ TODO: check
+CVE-2026-46722 (The OOXML parsing of the file indexer does not disable external entity ...)
+ TODO: check
+CVE-2026-46721 (The create and edit flows do not restrict which user properties may be ...)
+ TODO: check
+CVE-2026-46586 (Improper Control of Generation of Code ('Code Injection'), Improper Ne ...)
+ TODO: check
+CVE-2026-45585 (Microsoft is aware of a security feature bypass vulnerability in Windo ...)
+ TODO: check
+CVE-2026-45557 (Technitium DNS Server aggressively tries to fetch missing RRSIG record ...)
+ TODO: check
+CVE-2026-45442 (Missing Authorization vulnerability in Brainstorm Force Presto Player ...)
+ TODO: check
+CVE-2026-45434 (Improper Authentication vulnerability in Apache OFBiz via Password-Cha ...)
+ TODO: check
+CVE-2026-45187 (Improper Authorization vulnerability in Apache OFBiz Webtools. This i ...)
+ TODO: check
+CVE-2026-44408 (There is an unauthorized access vulnerability in ZTE MU5250. Due to im ...)
+ TODO: check
+CVE-2026-44392 (Missing authorization vulnerability exists in Movable Type. Under cert ...)
+ TODO: check
+CVE-2026-44159 (Tyler Identity Local (TID-L) uses documented, default administrative c ...)
+ TODO: check
+CVE-2026-43634 (HestiaCP versions 1.2.0 through 1.9.4 contain an IP spoofing vulnerabi ...)
+ TODO: check
+CVE-2026-43633 (HestiaCP versions 1.9.0 through 1.9.4 contain a deserialization vulner ...)
+ TODO: check
+CVE-2026-42526 (In the AWS Secrets Manager and SSM Parameter Store secrets backends of ...)
+ TODO: check
+CVE-2026-42100 (Improper Handling of Syntactically Invalid Structure in Sparx Pro Clou ...)
+ TODO: check
+CVE-2026-42099 (Sparx Pro Cloud Server is vulnerable to a Race Condition in the /data_ ...)
+ TODO: check
+CVE-2026-42098 (Sparx Enterprise Architect software has a security feature that limits ...)
+ TODO: check
+CVE-2026-42097 (Sparx Pro Cloud Serverrequires authentication based on requested URL. ...)
+ TODO: check
+CVE-2026-42096 (Sparx Pro Cloud Server is vulnerable to Broken Access Control within c ...)
+ TODO: check
+CVE-2026-41919 (Improper Neutralization of Special Elements used in an LDAP Query ('LD ...)
+ TODO: check
+CVE-2026-41470 (LIVE555 before 2026.04.22 contains an authorization bypass vulnerabili ...)
+ TODO: check
+CVE-2026-3985 (The Creative Mail \u2013 Easier WordPress & WooCommerce Email Marketin ...)
+ TODO: check
+CVE-2026-39309 (Trilium Notes is a cross-platform, hierarchical note taking applicatio ...)
+ TODO: check
+CVE-2026-39250 (An authorization vulnerability exists in Innoshop 0.6.0. After logging ...)
+ TODO: check
+CVE-2026-37982 (A flaw was found in Keycloak. This authentication vulnerability allows ...)
+ TODO: check
+CVE-2026-37981 (A flaw was found in Keycloak. A broken access control vulnerability in ...)
+ TODO: check
+CVE-2026-37979 (A flaw was found in Keycloak. This access control vulnerability in Key ...)
+ TODO: check
+CVE-2026-37978 (A flaw was found in Keycloak. A low-privilege administrator with the ' ...)
+ TODO: check
+CVE-2026-37281 (An OS command injection vulnerability in the /stream-to-vlc Express ro ...)
+ TODO: check
+CVE-2026-36829 (An authentication bypass vulnerability exists in the embedded HTTP ser ...)
+ TODO: check
+CVE-2026-36828 (A command injection vulnerability exists in the /cgi-bin/tools/ajax_cm ...)
+ TODO: check
+CVE-2026-36827 (A command injection vulnerability exists in Panabit PAP-XM320 up to an ...)
+ TODO: check
+CVE-2026-35593 (Trilium Notes is an open-source, cross-platform hierarchical note taki ...)
+ TODO: check
+CVE-2026-35086 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
+ TODO: check
+CVE-2026-34970 (Mantis Bug Tracker (MantisBT) is an open source issue tracker. Version ...)
+ TODO: check
+CVE-2026-34883 (An issue was discovered in the Portrait Dell Color Management applicat ...)
+ TODO: check
+CVE-2026-34754 (Mantis Bug Tracker (MantisBT) is an open source issue tracker. Version ...)
+ TODO: check
+CVE-2026-34744 (Mantis Bug Tracker (MantisBT) is an open source issue tracker. Version ...)
+ TODO: check
+CVE-2026-34600 (Joplin is an open source note-taking and to-do application that organi ...)
+ TODO: check
+CVE-2026-34579 (Mantis Bug Tracker (MantisBT) is an open source issue tracker. Version ...)
+ TODO: check
+CVE-2026-34463 (Mantis Bug Tracker (MantisBT) is an open source issue tracker. Version ...)
+ TODO: check
+CVE-2026-34390 (Mantis Bug Tracker (MantisBT) is an open source issue tracker. Version ...)
+ TODO: check
+CVE-2026-34358 (CtrlPanel is open-source billing software for hosting providers. Versi ...)
+ TODO: check
+CVE-2026-34246 (CtrlPanel is open-source billing software for hosting providers. Versi ...)
+ TODO: check
+CVE-2026-34241 (CtrlPanel is open-source billing software for hosting providers. Versi ...)
+ TODO: check
+CVE-2026-34234 (CtrlPanel is open-source billing software for hosting providers. In ve ...)
+ TODO: check
+CVE-2026-34233 (CtrlPanel is open-source billing software for hosting providers. In ve ...)
+ TODO: check
+CVE-2026-34216 (CtrlPanel is open-source billing software for hosting providers. In ve ...)
+ TODO: check
+CVE-2026-34154 (Discourse is an open-source discussion platform. In versions prior to ...)
+ TODO: check
+CVE-2026-33741 (EspoCRM is an open source customer relationship management application ...)
+ TODO: check
+CVE-2026-33642 (Kitty is a cross-platform GPU based terminal. In versions 0.46.2 and b ...)
+ TODO: check
+CVE-2026-33637 (Faraday is an HTTP client library abstraction layer that provides a co ...)
+ TODO: check
+CVE-2026-33633 (Kitty is a cross-platform GPU based terminal. Versions 0.46.2 and belo ...)
+ TODO: check
+CVE-2026-32882 (libheif is a HEIF and AVIF file format decoder and encoder. Versions 1 ...)
+ TODO: check
+CVE-2026-32814 (libheif is a HEIF and AVIF file format decoder and encoder. In version ...)
+ TODO: check
+CVE-2026-32741 (libheif is a HEIF and AVIF file format decoder and encoder. Versions 1 ...)
+ TODO: check
+CVE-2026-32740 (libheif is a HEIF and AVIF file format decoder and encoder. Versions 1 ...)
+ TODO: check
+CVE-2026-32739 (libheif is a HEIF and AVIF file format decoder and encoder. In version ...)
+ TODO: check
+CVE-2026-32738 (libheif is a HEIF and AVIF file format decoder and encoder. In version ...)
+ TODO: check
+CVE-2026-32134 (NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. ...)
+ TODO: check
+CVE-2026-31986 (Use of Hard-coded Cryptographic Key vulnerability in Apache OFBiz. Th ...)
+ TODO: check
+CVE-2026-31910 (Server-Side Request Forgery (SSRF) vulnerability in Apache OFBiz. Thi ...)
+ TODO: check
+CVE-2026-31909 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+ TODO: check
+CVE-2026-31906 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2026-31388 (Improper Access Control vulnerability in Apache OFBiz in multi-tenant ...)
+ TODO: check
+CVE-2026-31387 (Improper Authentication vulnerability in Apache OFBiz. This issue aff ...)
+ TODO: check
+CVE-2026-31380 (Improper Neutralization of Special Elements used in an Expression Lang ...)
+ TODO: check
+CVE-2026-31379 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2026-31378 (Improper Input Validation vulnerability in Apache OFBiz. This issue a ...)
+ TODO: check
+CVE-2026-31072 (The JSONSerializer and CBORSerializer in APScheduler (all versions inc ...)
+ TODO: check
+CVE-2026-31071 (API endpoints in LalanaChami Pharmacy Management System (commit 5c3d02 ...)
+ TODO: check
+CVE-2026-31070 (The LalanaChami Pharmacy Management System (commit 5c3d028) allows una ...)
+ TODO: check
+CVE-2026-31069 (BillaBear (all versions prior to Jan 2026) contains a SQL Injection vu ...)
+ TODO: check
+CVE-2026-30118 (scalar/astro v0.1.13 was discovered to contain a Server-Side Request F ...)
+ TODO: check
+CVE-2026-30117 (scalar/astro v0.1.13 was discovered to contain an arbitrary file uploa ...)
+ TODO: check
+CVE-2026-2955 (The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is v ...)
+ TODO: check
+CVE-2026-2611 (In MLflow version 3.9.0, the MLflow Assistant feature introduced impro ...)
+ TODO: check
+CVE-2026-2587 (A critical Remote Code Execution (RCE) vulnerability was identified in ...)
+ TODO: check
+CVE-2026-2586 (An authenticated Remote Code Execution (RCE) vulnerability was identif ...)
+ TODO: check
+CVE-2026-29226 (Server-Side Request Forgery (SSRF) vulnerability in Apache OFBiz via C ...)
+ TODO: check
+CVE-2026-29220 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2026-29207 (Improper Neutralization of Special Elements Used in a Template Engine ...)
+ TODO: check
+CVE-2026-27173 (JWT tokens that were used by workers in Kubernetes Executors have been ...)
+ TODO: check
+CVE-2026-24215 (NVIDIA Triton Inference Server contains a vulnerability in the DALI ba ...)
+ TODO: check
+CVE-2026-24214 (NVIDIA Triton Inference Server contains a vulnerability in the DALI ba ...)
+ TODO: check
+CVE-2026-24213 (NVIDIA Triton Inference Server contains a vulnerability in the DALI ba ...)
+ TODO: check
+CVE-2026-24210 (NVIDIA Triton Inference Server contains a vulnerability where an attac ...)
+ TODO: check
+CVE-2026-24209 (NVIDIA Triton Inference Server contains a vulnerability where an attac ...)
+ TODO: check
+CVE-2026-24208 (NVIDIA Triton Inference Server contains a vulnerability where an attac ...)
+ TODO: check
+CVE-2026-24207 (NVIDIA Triton Inference Server contains a vulnerability where an attac ...)
+ TODO: check
+CVE-2026-24206 (NVIDIA Triton Inference Server contains a vulnerability where an attac ...)
+ TODO: check
+CVE-2026-24163 (NVIDIA TRT-LLM for any platform contains a vulnerability in RPC testin ...)
+ TODO: check
+CVE-2026-24160 (NVIDIA TRT-LLM for any platform contains a vulnerability where an atta ...)
+ TODO: check
+CVE-2026-24142 (NVIDIA TRT-LLM for any platform contains a deserialization vulnerabili ...)
+ TODO: check
+CVE-2025-70950 (An issue in gohttp commit 34ea51 allows attackers to execute a directo ...)
+ TODO: check
+CVE-2025-61081 (In BYD Atto3, an attacker can obtain an authentication key through Bru ...)
+ TODO: check
+CVE-2025-57798 (Joplin is an open source note-taking and to-do application that organi ...)
+ TODO: check
+CVE-2025-51427 (An issue was discovered in ModelScope 1.25.0 allowing attackers to exe ...)
+ TODO: check
+CVE-2025-40904 (A Stored HTML Injection vulnerability was discovered in the Smart Poll ...)
+ TODO: check
+CVE-2025-40903 (A Stored HTML Injection vulnerability was discovered in the Schedule R ...)
+ TODO: check
+CVE-2025-40902 (A Stored HTML Injection vulnerability was discovered in the Users func ...)
+ TODO: check
+CVE-2025-40901 (A Stored HTML Injection vulnerability was discovered in the Credential ...)
+ TODO: check
+CVE-2025-40900 (An Angular template injection vulnerability was discovered in the Repo ...)
+ TODO: check
+CVE-2025-33255 (NVIDIA TRT-LLM for any platform contains a vulnerability in MPI server ...)
+ TODO: check
+CVE-2025-15645 (Ledger Nano X, Flex, and Stax devices contain a denial of service vuln ...)
+ TODO: check
+CVE-2025-15369 (The Xpro Addons \u2014 140+ Widgets for Elementor plugin for WordPress ...)
+ TODO: check
+CVE-2025-14575 (An Uncontrolled Search Path Element vulnerability in the OpenSSL TLS b ...)
+ TODO: check
+CVE-2024-36343 (Improper input validation in the System Management Mode (SMM) communic ...)
+ TODO: check
+CVE-2023-7345 (Ledger Live with vulnerable versions of ledgerhq/hw-app-eth prior to 6 ...)
+ TODO: check
CVE-2026-29518
- rsync 3.4.3+ds1-1
NOTE: https://download.samba.org/pub/rsync/NEWS#3.4.3
-CVE-2026-43617
+CVE-2026-43617 (Rsync version3.4.2 and prior contain an authorization bypass vulnerabi ...)
- rsync 3.4.3+ds1-1
NOTE: https://download.samba.org/pub/rsync/NEWS#3.4.3
-CVE-2026-43618
+CVE-2026-43618 (Rsync version3.4.2 and prior contain an integer overflow vulnerability ...)
- rsync 3.4.3+ds1-1
NOTE: https://download.samba.org/pub/rsync/NEWS#3.4.3
-CVE-2026-43619
+CVE-2026-43619 (Rsync version3.4.2 and prior contain symlink race condition vulnerabil ...)
- rsync 3.4.3+ds1-1
NOTE: https://download.samba.org/pub/rsync/NEWS#3.4.3
-CVE-2026-43620
+CVE-2026-43620 (Rsync version3.4.2 and prior contain a receiver-side out-of-bounds arr ...)
- rsync 3.4.3+ds1-1
NOTE: https://download.samba.org/pub/rsync/NEWS#3.4.3
-CVE-2026-45232
+CVE-2026-45232 (Rsync versions before 3.4.3 contain an off-by-one out-of-bounds stack ...)
- rsync 3.4.3+ds1-1
NOTE: https://download.samba.org/pub/rsync/NEWS#3.4.3
-CVE-2026-5090
+CVE-2026-5090 (Template::Plugin::HTML versions through 3.102 for Perl allows HTML and ...)
- libtemplate-perl <unfixed>
NOTE: https://lists.security.metacpan.org/cve-announce/msg/40218729/
NOTE: https://github.com/abw/Template2/issues/327
@@ -32,165 +434,165 @@ CVE-2026-46529
NOTE: Fixed by: https://github.com/mate-desktop/atril/commit/b989b7922a454ed81f8bb14786a958828513f576 (1.28.4)
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/papers/-/commit/1b82bf627b4d8b414a57b55a9095e6d361799d6c
NOTE: No security impact in evince-gtk3 since affected code not built in binary package.
-CVE-2026-8975
+CVE-2026-8975 (Memory safety bugs present in Thunderbird 140.10 and Thunderbird 150. ...)
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8975
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8975
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8975
-CVE-2026-8974
+CVE-2026-8974 (Memory safety bugs present in Thunderbird 140.10 and Thunderbird 150. ...)
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8974
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8974
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8974
-CVE-2026-8973
+CVE-2026-8973 (Memory safety bugs present in Thunderbird 150. Some of these bugs show ...)
- firefox 151.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8973
-CVE-2026-8972
+CVE-2026-8972 (Privilege escalation in the WebRTC: Audio/Video component. This vulner ...)
- firefox 151.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8972
-CVE-2026-8971
+CVE-2026-8971 (Same-origin policy bypass in the Networking: JAR component. This vulne ...)
- firefox 151.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8971
-CVE-2026-8970
+CVE-2026-8970 (Privilege escalation in the Security component. This vulnerability was ...)
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8970
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8970
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8970
-CVE-2026-8969
+CVE-2026-8969 (Mitigation bypass in the DOM: Security component. This vulnerability w ...)
- firefox 151.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8969
-CVE-2026-8968
+CVE-2026-8968 (Denial-of-service due to invalid pointer in the Audio/Video: Web Codec ...)
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8968
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8968
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8968
-CVE-2026-8967
+CVE-2026-8967 (Information disclosure in the Graphics: WebGPU component. This vulnera ...)
- firefox 151.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8967
-CVE-2026-8966
+CVE-2026-8966 (Information disclosure in the IP Protection component. This vulnerabil ...)
- firefox 151.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8966
-CVE-2026-8965
+CVE-2026-8965 (Information disclosure in the DOM: Security component. This vulnerabil ...)
- firefox 151.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8965
-CVE-2026-8964
+CVE-2026-8964 (Spoofing issue in the Popup Blocker component. This vulnerability was ...)
- firefox 151.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8964
-CVE-2026-8963
+CVE-2026-8963 (Spoofing issue in the Web Speech component. This vulnerability was fix ...)
- firefox 151.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8963
-CVE-2026-8962
+CVE-2026-8962 (Mitigation bypass in the DOM: Security component. This vulnerability w ...)
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8962
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8962
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8962
-CVE-2026-8961
+CVE-2026-8961 (Spoofing issue in the Form Autofill component. This vulnerability was ...)
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8961
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8961
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8961
-CVE-2026-8960
+CVE-2026-8960 (Spoofing issue in WebExtensions. This vulnerability was fixed in Firef ...)
- firefox 151.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8960
-CVE-2026-8959
+CVE-2026-8959 (Sandbox escape due to incorrect boundary conditions in the Widget: Win ...)
- firefox <not-affected> (Only affects Firefox on Windows)
- firefox-esr <not-affected> (Only affects Firefox ESR on Windows)
- thunderbird <not-affected> (Only affects Thunderbird on Windows)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8959
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8959
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8959
-CVE-2026-8958
+CVE-2026-8958 (Information disclosure, sandbox escape in the Security: Process Sandbo ...)
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8958
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8958
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8958
-CVE-2026-8957
+CVE-2026-8957 (Privilege escalation in the Enterprise Policies component. This vulner ...)
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8957
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8957
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8957
-CVE-2026-8956
+CVE-2026-8956 (Integer overflow in the Networking: JAR component. This vulnerability ...)
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8956
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8956
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8956
-CVE-2026-8955
+CVE-2026-8955 (Privilege escalation in the DOM: Workers component. This vulnerability ...)
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8955
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8955
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8955
-CVE-2026-8954
+CVE-2026-8954 (Incorrect boundary conditions, integer overflow in the Audio/Video com ...)
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8954
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8954
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8954
-CVE-2026-8953
+CVE-2026-8953 (Sandbox escape due to use-after-free in the Disability Access APIs com ...)
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8953
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8953
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8953
-CVE-2026-8952
+CVE-2026-8952 (Privilege escalation in the Application Update component. This vulnera ...)
- firefox 151.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8952
-CVE-2026-8951
+CVE-2026-8951 (Spoofing issue in the Toolbar component in Firefox for Android. This v ...)
- firefox <not-affected> (Only affects Firefox on Android)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8951
-CVE-2026-8950
+CVE-2026-8950 (Same-origin policy bypass in the Networking: HTTP component. This vuln ...)
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8950
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8950
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8950
-CVE-2026-8949
+CVE-2026-8949 (Integer overflow in the Widget: Win32 component. This vulnerability wa ...)
- firefox <not-affected> (Only affects Firefox on Windows)
- firefox-esr <not-affected> (Only affects Firefox ESR on Windows)
- thunderbird <not-affected> (Only affects Thunderbird on Windows)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8949
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8949
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8949
-CVE-2026-8948
+CVE-2026-8948 (Same-origin policy bypass in the DOM: Networking component. This vulne ...)
- firefox 151.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8948
-CVE-2026-8947
+CVE-2026-8947 (Use-after-free in the DOM: Bindings (WebIDL) component. This vulnerabi ...)
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8947
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8947
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8947
-CVE-2026-8946
+CVE-2026-8946 (Incorrect boundary conditions in the Audio/Video: Web Codecs component ...)
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8946
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8946
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8946
-CVE-2026-8945
+CVE-2026-8945 (Sandbox escape in Firefox and Firefox Focus for Android. This vulnerab ...)
- firefox <not-affected> (Only affects Firefox on Android)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8945
CVE-2026-XXXX [VSV00019]
@@ -204,19 +606,19 @@ CVE-2026-41054 [haveged: missing exit out of permission check could lead to root
NOTE: Introduced with: https://github.com/jirka-h/haveged/commit/a2496c5de9af7e3ac3ef82a2257d14d8a0ac37fb (1.9.3)
NOTE: Fixed by: https://github.com/jirka-h/haveged/commit/3870de0270d3fa2067490ffa47491abde4ad69c6 (v1.9.21)
NOTE: Fixed by: https://github.com/jirka-h/haveged/commit/bcd7e52bcf0068225b7ee84a1f85c9d72a787b54 (v1.9.21)
-CVE-2026-43493 [crypto: pcrypt - Fix handling of MAY_BACKLOG requests]
+CVE-2026-43493 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux 7.0.4-1
[trixie] - linux 6.12.86-1
NOTE: https://git.kernel.org/linus/915b692e6cb723aac658c25eb82c58fd81235110 (7.1-rc1)
-CVE-2026-43492 [lib/crypto: mpi: Fix integer underflow in mpi_read_raw_from_sgl()]
+CVE-2026-43492 (In the Linux kernel, the following vulnerability has been resolved: l ...)
- linux 7.0.7-1
[trixie] - linux 6.12.88-1
NOTE: https://git.kernel.org/linus/8c2f1288250a90a4b5cabed5d888d7e3aeed4035 (7.1-rc1)
-CVE-2026-43491 [net: qrtr: ns: Limit the maximum server registration per node]
+CVE-2026-43491 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 7.0.4-1
[trixie] - linux 6.12.86-1
NOTE: https://git.kernel.org/linus/d5ee2ff98322337951c56398e79d51815acbf955 (7.1-rc1)
-CVE-2026-8851 (SOGo 5.12.7 contains a SQL injection vulnerability in the Access Contr ...)
+CVE-2026-8851 (SOGo versions 5.12.7 and prior contains a SQL injection vulnerability ...)
- sogo 5.12.8-1
NOTE: https://github.com/Alinto/sogo/commit/f9b71059f4f382d7b337d16ce1257443ade43d02 (SOGo-5.12.8)
TODO: check correctness
@@ -339,7 +741,7 @@ CVE-2026-7302 (SGLangs multimodal generation runtime is vulnerable to an unauthe
NOT-FOR-US: SGLang
CVE-2026-7301 (SGLangs multimodal generation runtime scheduler's ROUTER socket binds ...)
NOT-FOR-US: SGLang
-CVE-2026-6902 (A vulnerability in Command-Line Client in P4 Server prior to the 2025. ...)
+CVE-2026-6902 (A Remote Code Execution vulnerability in P4 (Helix Core) Server's Comm ...)
NOT-FOR-US: Command-Line Client in P4 Server
CVE-2026-6347 (Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 1 ...)
- mattermost-server <itp> (bug #823556)
@@ -12792,6 +13194,7 @@ CVE-2018-25299 (Prime95 29.4b8 contains a local buffer overflow vulnerability th
CVE-2018-25298 (Merge PACS 7.0 contains a cross-site request forgery vulnerability tha ...)
NOT-FOR-US: Merge PACS
CVE-2026-5419
+ {DSA-6281-1}
- gnutls28 3.8.13-1 (bug #1135319)
NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-13
NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1815
@@ -12808,38 +13211,45 @@ CVE-2026-3832 (A flaw was found in gnutls. A remote attacker could exploit this
NOTE: Fixed by: https://gitlab.com/gnutls/gnutls/-/commit/731861b9de8dccaf7d3b0c1446833051e48670c2 (3.8.13)
NOTE: Test: https://gitlab.com/gnutls/gnutls/-/commit/d52d5f4f383e8c5d8e9a03334f2421ff35d37d2e (3.8.13)
CVE-2026-42015
+ {DSA-6281-1}
- gnutls28 3.8.13-1 (bug #1135319)
NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-11
NOTE: https://gitlab.com/gnutls/gnutls/-/work_items/1840
NOTE: Fixed by: https://gitlab.com/gnutls/gnutls/-/commit/a3e7c50d3e1761e5ef1d4b225507cab8f2b2c3ca (3.8.13)
CVE-2026-5260
+ {DSA-6281-1}
- gnutls28 3.8.13-1 (bug #1135319)
NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-10
NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1814
NOTE: Fixed by: https://gitlab.com/gnutls/gnutls/-/commit/77228f2d1ac207d2f894e5a168fbb47e5378e42f (3.8.13)
NOTE: Fixed by: https://gitlab.com/gnutls/gnutls/-/commit/cf6bdc5e4df49e5583d3fb4d2296779785f10683 (3.8.13)
CVE-2026-42014
+ {DSA-6281-1}
- gnutls28 3.8.13-1 (bug #1135319)
NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-9
NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1766
NOTE: Fixed by: https://gitlab.com/gnutls/gnutls/-/commit/3957f136e2ed23caf176a594b54b3827f5cef701 (3.8.13)
CVE-2026-42013
+ {DSA-6281-1}
- gnutls28 3.8.13-1 (bug #1135319)
NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-8
NOTE: https://gitlab.com/gnutls/gnutls/-/work_items/1825
NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1849
NOTE: Fixed by: https://gitlab.com/gnutls/gnutls/-/commit/29801bef00ecc0f23c0bac4cd333b269cd2c1af4 (3.8.13)
CVE-2026-42012
+ {DSA-6281-1}
- gnutls28 3.8.13-1 (bug #1135319)
NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-7
NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1802
NOTE: Fixed by: https://gitlab.com/gnutls/gnutls/-/commit/8dcc6a1f48945997666ac9f10896819edd01a03b (3.8.13)
CVE-2026-42011 (A flaw was found in gnutls. This vulnerability occurs because permitte ...)
+ {DSA-6281-1}
- gnutls28 3.8.13-1 (bug #1135319)
NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-6
NOTE: https://gitlab.com/gnutls/gnutls/-/work_items/1824
NOTE: Fixed by: https://gitlab.com/gnutls/gnutls/-/commit/1dead2faec6320aaba321eb56f20d442df192b83 (3.8.13)
CVE-2026-3833 (A flaw was found in gnutls. This vulnerability occurs because gnutls p ...)
+ {DSA-6281-1}
- gnutls28 3.8.13-1 (bug #1135319)
NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-5
NOTE: https://gitlab.com/gnutls/gnutls/-/work_items/1223
@@ -12847,22 +13257,26 @@ CVE-2026-3833 (A flaw was found in gnutls. This vulnerability occurs because gnu
NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1852
NOTE: Fixed by: https://gitlab.com/gnutls/gnutls/-/commit/19f6508647bdcd3ce21130201e484d7ca6d962c5 (3.8.13)
CVE-2026-42010 (A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest\u2 ...)
+ {DSA-6281-1}
- gnutls28 3.8.13-1 (bug #1135319)
NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-4
NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1850
NOTE: Fixed by: https://gitlab.com/gnutls/gnutls/-/commit/cb1833afd9b6309563211b1c0a7c291f52ca98d5 (3.8.13)
CVE-2026-33845 (A flaw in GnuTLS DTLS handshake parsing allows malformed fragments wit ...)
+ {DSA-6281-1}
- gnutls28 3.8.13-1 (bug #1135319)
NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-3
NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1811
NOTE: Fixed by: https://gitlab.com/gnutls/gnutls/-/commit/e5b72c53c7d789d19d1d1cd10b275e87d0415413 (3.8.13)
CVE-2026-42009 (A flaw was found in gnutls. A remote attacker could exploit an issue i ...)
+ {DSA-6281-1}
- gnutls28 3.8.13-1 (bug #1135319)
NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-2
NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1848
NOTE: Fixed by: https://gitlab.com/gnutls/gnutls/-/commit/f01e21441e29052a6f0963840794c41d3b3ee66d (3.8.13)
NOTE: Fixed by: https://gitlab.com/gnutls/gnutls/-/commit/f341441fad91142897d83b44a175ffc8f925b76f (3.8.13)
CVE-2026-33846 (A heap buffer overflow vulnerability exists in the DTLS handshake frag ...)
+ {DSA-6281-1}
- gnutls28 3.8.13-1 (bug #1135319)
NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-1
NOTE: https://gitlab.com/gnutls/gnutls/-/work_items/1816
@@ -13689,7 +14103,7 @@ CVE-2026-23556
[bookworm] - xen <no-dsa> (Minor issue)
[bullseye] - xen <end-of-life> (EOLed in Bullseye)
NOTE: https://xenbits.xen.org/xsa/advisory-483.html
-CVE-2026-23557
+CVE-2026-23557 (Any guest can cause xenstored to crash by issuing a XS_RESET_WATCHES c ...)
- xen <unfixed> (unimportant)
NOTE: https://xenbits.xen.org/xsa/advisory-484.html
NOTE: Debian uses the ocaml-based xenstored
@@ -13697,7 +14111,7 @@ CVE-2026-31786 (In the Linux kernel, the following vulnerability has been resolv
{DSA-6243-1 DSA-6238-1 DLA-4561-1}
- linux 7.0.3-1
NOTE: https://xenbits.xen.org/xsa/advisory-485.html
-CVE-2026-23558
+CVE-2026-23558 (The adjustments made for XSA-379 as well as those subsequently becomin ...)
- xen <unfixed>
[trixie] - xen <no-dsa> (Minor issue)
[bookworm] - xen <no-dsa> (Minor issue)
@@ -22176,7 +22590,7 @@ CVE-2026-40178 (ajenti.plugin.core defines all necessary core elements to allow
- ajenti <itp> (bug #792019)
CVE-2026-40177 (ajenti.plugin.core defines all necessary core elements to allow Ajenti ...)
- ajenti <itp> (bug #792019)
-CVE-2026-40175 (Axios is a promise based HTTP client for the browser and Node.js. Prio ...)
+CVE-2026-40175 (Axios is a promise based HTTP client for the browser and Node.js. Vers ...)
- node-axios 1.15.0-1
[trixie] - node-axios <no-dsa> (Minor issue)
[bookworm] - node-axios <no-dsa> (Minor issue)
@@ -38002,7 +38416,7 @@ CVE-2026-20996 (Use of a broken or risky cryptographic algorithm in Smart Switch
NOT-FOR-US: Samsung Mobile
CVE-2026-20995 (Exposure of sensitive functionality to an unauthorized actor in Smart ...)
NOT-FOR-US: Samsung Mobile
-CVE-2026-20994 (URL redirection in Samsung Account prior to version 15.5.01.1 allows r ...)
+CVE-2026-20994 (URL redirection in Samsung Account prior to version 15.5.01.1 allows l ...)
NOT-FOR-US: Samsung Mobile
CVE-2026-20993 (Improper export of android application components in Samsung Assistant ...)
NOT-FOR-US: Samsung Mobile
@@ -676367,7 +676781,7 @@ CVE-2018-10628 (AVEVA InTouch 2014 R2 SP1 and prior, InTouch 2017, InTouch 2017
NOT-FOR-US: AVEVA
CVE-2018-10627 (Echelon SmartServer 1 all versions, SmartServer 2 all versions prior t ...)
NOT-FOR-US: Echelon
-CVE-2018-10626 (Medtronic MyCareLink Patient Monitor\u2019s update service does not su ...)
+CVE-2018-10626 (Medtronic MyCareLink Patient Monitor\u2019s update servicedoes not suf ...)
NOT-FOR-US: Medtronic
CVE-2018-10625
RESERVED
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/304be2803f9a1ad96a0bc4a0581629a5835cbc00
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/304be2803f9a1ad96a0bc4a0581629a5835cbc00
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260520/75d7a501/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list