[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri May 22 20:20:32 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
cb6fa90c by security tracker role at 2026-05-22T19:20:25+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,173 @@
+CVE-2026-9291 (Insecure deserialization in the job results processing component in Am ...)
+ TODO: check
+CVE-2026-9277 (shell-quote's `quote()` function did not validate object-token inputs ...)
+ TODO: check
+CVE-2026-9256 (NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_ ...)
+ TODO: check
+CVE-2026-9255 (Missing input source validation in the tool authorization prompt in Ki ...)
+ TODO: check
+CVE-2026-9251 (Missing authorization in the entry status management feature in Devolu ...)
+ TODO: check
+CVE-2026-9249 (Unverified password change in Devolutions Server allows an attacker to ...)
+ TODO: check
+CVE-2026-9248 (Authorization bypass in the entry duplication feature in Devolutions S ...)
+ TODO: check
+CVE-2026-9247 (Insufficient logging in the entry export feature in Devolutions Server ...)
+ TODO: check
+CVE-2026-9246 (Improper access control in the entry documentation and attachment feat ...)
+ TODO: check
+CVE-2026-9245 (Improper input validation in the external authentication provider flow ...)
+ TODO: check
+CVE-2026-9224 (Missing authorization in the user profile update feature in Devolution ...)
+ TODO: check
+CVE-2026-9223 (Missing authorization in the vault import feature in Devolutions Serve ...)
+ TODO: check
+CVE-2026-9047 (Improper handling of factor key state in the multi-factor authenticati ...)
+ TODO: check
+CVE-2026-9011 (The Ditty \u2013 Responsive News Tickers, Sliders, and Lists plugin fo ...)
+ TODO: check
+CVE-2026-8997 (vifm is vulnerable to a heap buffer overflow during the history merge ...)
+ TODO: check
+CVE-2026-8992 (An improper certificate validation vulnerability in Ivanti Secure Acce ...)
+ TODO: check
+CVE-2026-8692 (The Vedrixa Forms \u2013 User Registration Form, Signup Form & Drag & ...)
+ TODO: check
+CVE-2026-8684 (The MotoPress Hotel Booking plugin for WordPress is vulnerable to auth ...)
+ TODO: check
+CVE-2026-8679 (The AudioIgniter plugin for WordPress is vulnerable to Insecure Direct ...)
+ TODO: check
+CVE-2026-8673 (Unprotected transport of credentials vulnerability in syslink software ...)
+ TODO: check
+CVE-2026-8672 (Use of default password vulnerability in syslink software AG Avantra o ...)
+ TODO: check
+CVE-2026-8671 (Insertion of sensitive information into log file vulnerability in sysl ...)
+ TODO: check
+CVE-2026-8670 (Insufficient session expiration vulnerability in syslink software AG A ...)
+ TODO: check
+CVE-2026-8477 (Improper enforcement of the sealed-entry workflow in the entry sensiti ...)
+ TODO: check
+CVE-2026-8381 (A broken access control vulnerability exists in the TeamViewer DEX Pla ...)
+ TODO: check
+CVE-2026-8353 (Concrete CMS version 9.0 to 9.5.0 is vulnerable to Stored XSS via page ...)
+ TODO: check
+CVE-2026-8347 (Concrete CMS 9.5.0 and below is vulnerable to IDOR + wrong-authorizati ...)
+ TODO: check
+CVE-2026-8340 (Concrete CMS 9.5.0 and below is vulnerable to CSRF via Backend\File::a ...)
+ TODO: check
+CVE-2026-7798 (The FluentCRM \u2013 Email Newsletter, Automation, Email Marketing, Em ...)
+ TODO: check
+CVE-2026-7636 (The Slider by Soliloquy \u2013 Responsive Image Slider for WordPress p ...)
+ TODO: check
+CVE-2026-7615 (The Widget Context plugin for WordPress is vulnerable to Cross-Site Re ...)
+ TODO: check
+CVE-2026-7325 (Improper authorization in the Active Directory browsing feature in Dev ...)
+ TODO: check
+CVE-2026-6406 (The Docker CLI --use-api-socket flag bypasses Enhanced Container Isola ...)
+ TODO: check
+CVE-2026-5755 (Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.2, 11.5.x <= 11.5 ...)
+ TODO: check
+CVE-2026-5740 (Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4 ...)
+ TODO: check
+CVE-2026-5308 (Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4 ...)
+ TODO: check
+CVE-2026-5171 (Improper access control in the entry activity log feature in Devolutio ...)
+ TODO: check
+CVE-2026-5072 (A bitwise shift vulnerability in Zephyr's PTP subsystem allows a remot ...)
+ TODO: check
+CVE-2026-4646 (Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4 ...)
+ TODO: check
+CVE-2026-4635 (Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4 ...)
+ TODO: check
+CVE-2026-48700 (An issue was discovered in all versions of PCManFM-Qt starting from 1. ...)
+ TODO: check
+CVE-2026-46727 (An issue was discovered in Ruby 4 before 4.0.5. A race condition leadi ...)
+ TODO: check
+CVE-2026-44930 (An LDAP injection vulnerability in the LDAP Certificate repository of ...)
+ TODO: check
+CVE-2026-44618 (Insecure XML parser configuration in Apache CXF's WS-Transfer module m ...)
+ TODO: check
+CVE-2026-44417 (The fix forCVE-2025-48913: Apache CXF: Untrusted JMS configuration can ...)
+ TODO: check
+CVE-2026-42627 (In Arm ArmNN through 2026-03-27, an integer overflow in TensorShape::G ...)
+ TODO: check
+CVE-2026-42626 (HP ENVY 5000 series printers VERBASPP1N003.2237A.00 do not properly ma ...)
+ TODO: check
+CVE-2026-42506 (Parsing arbitrary HTML which is then rendered using Render can result ...)
+ TODO: check
+CVE-2026-42502 (Parsing arbitrary HTML which is then rendered using Render can result ...)
+ TODO: check
+CVE-2026-40172 (authentik is an open-source identity provider. In versions prior to 20 ...)
+ TODO: check
+CVE-2026-40166 (authentik is an open-source identity provider. In versions prior to 20 ...)
+ TODO: check
+CVE-2026-3636 (Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4 ...)
+ TODO: check
+CVE-2026-3473 (Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4 ...)
+ TODO: check
+CVE-2026-39970 (TypeBot is a chatbot builder tool. Versions 3.15.2 and prior contain a ...)
+ TODO: check
+CVE-2026-39969 (TypeBot is a chatbot builder tool. In versions 3.16.0 and prior, the W ...)
+ TODO: check
+CVE-2026-39968 (TypeBot is a chatbot builder tool. In versions 3.15.2 and prior, the f ...)
+ TODO: check
+CVE-2026-39967 (TypeBot is a chatbot builder tool. In versions 3.15.2 and prior, the b ...)
+ TODO: check
+CVE-2026-39966 (TypeBot is a chatbot builder tool. In versions 3.15.2, the getLinkedTy ...)
+ TODO: check
+CVE-2026-39965 (TypeBot is a chatbot builder tool. Versions 3.15.2 and prior contain a ...)
+ TODO: check
+CVE-2026-39964 (TypeBot is a chatbot builder tool. In versions prior to 3.16.0, the Ty ...)
+ TODO: check
+CVE-2026-39821 (The ToASCII and ToUnicode functions incorrectly accept Punycode-encode ...)
+ TODO: check
+CVE-2026-37470 (An issue in ClipBucket v5 v.5.5.2 allows an attacker to execute arbitr ...)
+ TODO: check
+CVE-2026-36228 (Buffer Overflow vulnerability in Easy Chat Server 3.1 allows a remote ...)
+ TODO: check
+CVE-2026-36227 (Directory Traversal vulnerability in Easy Chat Server 3.1 allows a rem ...)
+ TODO: check
+CVE-2026-36226 (Cross Site Scripting vulnerability in Advantech WebAccess/SCADA 8.0-20 ...)
+ TODO: check
+CVE-2026-34207 (TypeBot is a chatbot builder tool. In versions prior to 3.16.0, SSRF p ...)
+ TODO: check
+CVE-2026-33712 (Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the p ...)
+ TODO: check
+CVE-2026-32253 (Sunshine is a self-hosted game stream host for Moonlight. In versions ...)
+ TODO: check
+CVE-2026-28735 (Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4 ...)
+ TODO: check
+CVE-2026-28445 (Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the R ...)
+ TODO: check
+CVE-2026-28444 (Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the g ...)
+ TODO: check
+CVE-2026-27136 (Parsing arbitrary HTML which is then rendered using Render can result ...)
+ TODO: check
+CVE-2026-25681 (Parsing arbitrary HTML which is then rendered using Render can result ...)
+ TODO: check
+CVE-2026-25680 (Parsing arbitrary HTML can consume excessive CPU time, possibly leadin ...)
+ TODO: check
+CVE-2026-25608 (STER uses unencrypted TCP traffic to transmit data over the network. I ...)
+ TODO: check
+CVE-2026-25607 (Use of a weak password encoding algorithm in STER software allows the ...)
+ TODO: check
+CVE-2026-25606 (A SQL injection vulnerability has been identified in STER. Improper ne ...)
+ TODO: check
+CVE-2025-46371 (Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) a Use of a Brok ...)
+ TODO: check
+CVE-2025-45145 (Directory traversal in Follett Software's Destiny Library Manager 22_0 ...)
+ TODO: check
+CVE-2025-32751 (Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Insecure Sto ...)
+ TODO: check
+CVE-2025-32749 (Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Exposure of ...)
+ TODO: check
+CVE-2025-32747 (Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Incorrect Pr ...)
+ TODO: check
+CVE-2025-32746 (Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Insecure Sto ...)
+ TODO: check
+CVE-2025-32745 (Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Improper Cer ...)
+ TODO: check
+CVE-2025-26483 (Dell PowerFlex Manager, versions 4.6.2 and prior, contains an Open Red ...)
+ TODO: check
CVE-2026-XXXX [starlette Ignore malformed Host header when constructing request.url]
- starlette <unfixed>
NOTE: https://x41-dsec.de/lab/advisories/x41-2026-002-starlette/
@@ -1586,7 +1756,7 @@ CVE-2026-46529
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/papers/-/commit/1b82bf627b4d8b414a57b55a9095e6d361799d6c
NOTE: No security impact in evince-gtk3 since affected code not built in binary package.
CVE-2026-8975 (Memory safety bugs present in Thunderbird 140.10 and Thunderbird 150. ...)
- {DSA-6288-1 DSA-6283-1 DLA-4592-1}
+ {DSA-6288-1 DSA-6283-1 DLA-4594-1 DLA-4592-1}
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird 1:140.11.0esr-1
@@ -1594,7 +1764,7 @@ CVE-2026-8975 (Memory safety bugs present in Thunderbird 140.10 and Thunderbird
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8975
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8975
CVE-2026-8974 (Memory safety bugs present in Thunderbird 140.10 and Thunderbird 150. ...)
- {DSA-6288-1 DSA-6283-1 DLA-4592-1}
+ {DSA-6288-1 DSA-6283-1 DLA-4594-1 DLA-4592-1}
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird 1:140.11.0esr-1
@@ -1611,7 +1781,7 @@ CVE-2026-8971 (Same-origin policy bypass in the Networking: JAR component. This
- firefox 151.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8971
CVE-2026-8970 (Privilege escalation in the Security component. This vulnerability was ...)
- {DSA-6288-1 DSA-6283-1 DLA-4592-1}
+ {DSA-6288-1 DSA-6283-1 DLA-4594-1 DLA-4592-1}
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird 1:140.11.0esr-1
@@ -1622,7 +1792,7 @@ CVE-2026-8969 (Mitigation bypass in the DOM: Security component. This vulnerabil
- firefox 151.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8969
CVE-2026-8968 (Denial-of-service due to invalid pointer in the Audio/Video: Web Codec ...)
- {DSA-6288-1 DSA-6283-1 DLA-4592-1}
+ {DSA-6288-1 DSA-6283-1 DLA-4594-1 DLA-4592-1}
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird 1:140.11.0esr-1
@@ -1645,7 +1815,7 @@ CVE-2026-8963 (Spoofing issue in the Web Speech component. This vulnerability wa
- firefox 151.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8963
CVE-2026-8962 (Mitigation bypass in the DOM: Security component. This vulnerability w ...)
- {DSA-6288-1 DSA-6283-1 DLA-4592-1}
+ {DSA-6288-1 DSA-6283-1 DLA-4594-1 DLA-4592-1}
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird 1:140.11.0esr-1
@@ -1653,7 +1823,7 @@ CVE-2026-8962 (Mitigation bypass in the DOM: Security component. This vulnerabil
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8962
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8962
CVE-2026-8961 (Spoofing issue in the Form Autofill component. This vulnerability was ...)
- {DSA-6288-1 DSA-6283-1 DLA-4592-1}
+ {DSA-6288-1 DSA-6283-1 DLA-4594-1 DLA-4592-1}
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird 1:140.11.0esr-1
@@ -1671,7 +1841,7 @@ CVE-2026-8959 (Sandbox escape due to incorrect boundary conditions in the Widget
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8959
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8959
CVE-2026-8958 (Information disclosure, sandbox escape in the Security: Process Sandbo ...)
- {DSA-6288-1 DSA-6283-1 DLA-4592-1}
+ {DSA-6288-1 DSA-6283-1 DLA-4594-1 DLA-4592-1}
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird 1:140.11.0esr-1
@@ -1679,7 +1849,7 @@ CVE-2026-8958 (Information disclosure, sandbox escape in the Security: Process S
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8958
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8958
CVE-2026-8957 (Privilege escalation in the Enterprise Policies component. This vulner ...)
- {DSA-6288-1 DSA-6283-1 DLA-4592-1}
+ {DSA-6288-1 DSA-6283-1 DLA-4594-1 DLA-4592-1}
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird 1:140.11.0esr-1
@@ -1687,7 +1857,7 @@ CVE-2026-8957 (Privilege escalation in the Enterprise Policies component. This v
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8957
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8957
CVE-2026-8956 (Integer overflow in the Networking: JAR component. This vulnerability ...)
- {DSA-6288-1 DSA-6283-1 DLA-4592-1}
+ {DSA-6288-1 DSA-6283-1 DLA-4594-1 DLA-4592-1}
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird 1:140.11.0esr-1
@@ -1695,7 +1865,7 @@ CVE-2026-8956 (Integer overflow in the Networking: JAR component. This vulnerabi
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8956
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8956
CVE-2026-8955 (Privilege escalation in the DOM: Workers component. This vulnerability ...)
- {DSA-6288-1 DSA-6283-1 DLA-4592-1}
+ {DSA-6288-1 DSA-6283-1 DLA-4594-1 DLA-4592-1}
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird 1:140.11.0esr-1
@@ -1703,7 +1873,7 @@ CVE-2026-8955 (Privilege escalation in the DOM: Workers component. This vulnerab
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8955
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8955
CVE-2026-8954 (Incorrect boundary conditions, integer overflow in the Audio/Video com ...)
- {DSA-6288-1 DSA-6283-1 DLA-4592-1}
+ {DSA-6288-1 DSA-6283-1 DLA-4594-1 DLA-4592-1}
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird 1:140.11.0esr-1
@@ -1711,7 +1881,7 @@ CVE-2026-8954 (Incorrect boundary conditions, integer overflow in the Audio/Vide
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8954
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8954
CVE-2026-8953 (Sandbox escape due to use-after-free in the Disability Access APIs com ...)
- {DSA-6288-1 DSA-6283-1 DLA-4592-1}
+ {DSA-6288-1 DSA-6283-1 DLA-4594-1 DLA-4592-1}
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird 1:140.11.0esr-1
@@ -1725,7 +1895,7 @@ CVE-2026-8951 (Spoofing issue in the Toolbar component in Firefox for Android. T
- firefox <not-affected> (Only affects Firefox on Android)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8951
CVE-2026-8950 (Same-origin policy bypass in the Networking: HTTP component. This vuln ...)
- {DSA-6288-1 DSA-6283-1 DLA-4592-1}
+ {DSA-6288-1 DSA-6283-1 DLA-4594-1 DLA-4592-1}
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird 1:140.11.0esr-1
@@ -1743,7 +1913,7 @@ CVE-2026-8948 (Same-origin policy bypass in the DOM: Networking component. This
- firefox 151.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8948
CVE-2026-8947 (Use-after-free in the DOM: Bindings (WebIDL) component. This vulnerabi ...)
- {DSA-6288-1 DSA-6283-1 DLA-4592-1}
+ {DSA-6288-1 DSA-6283-1 DLA-4594-1 DLA-4592-1}
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird 1:140.11.0esr-1
@@ -1751,7 +1921,7 @@ CVE-2026-8947 (Use-after-free in the DOM: Bindings (WebIDL) component. This vuln
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8947
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8947
CVE-2026-8946 (Incorrect boundary conditions in the Audio/Video: Web Codecs component ...)
- {DSA-6288-1 DSA-6283-1 DLA-4592-1}
+ {DSA-6288-1 DSA-6283-1 DLA-4594-1 DLA-4592-1}
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird 1:140.11.0esr-1
@@ -5012,7 +5182,7 @@ CVE-2026-8429 (SPIP versions prior to 4.4.14 contain a remote code execution vul
CVE-2026-8407 (Missing authorization in the PAM module in Devolutions Server allows a ...)
NOT-FOR-US: Devolutions
CVE-2026-8401 (Sandbox escape in the Profile Backup component. This vulnerability was ...)
- {DSA-6288-1 DSA-6283-1 DLA-4592-1}
+ {DSA-6288-1 DSA-6283-1 DLA-4594-1 DLA-4592-1}
- firefox 150.0.3-1
- firefox-esr 140.11.0esr-1
- thunderbird 1:140.11.0esr-1
@@ -5020,7 +5190,7 @@ CVE-2026-8401 (Sandbox escape in the Profile Backup component. This vulnerabilit
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8401
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8401
CVE-2026-8391 (Other issue in the JavaScript Engine component. This vulnerability was ...)
- {DSA-6288-1 DSA-6283-1 DLA-4592-1}
+ {DSA-6288-1 DSA-6283-1 DLA-4594-1 DLA-4592-1}
- firefox 150.0.3-1
- firefox-esr 140.11.0esr-1
- thunderbird 1:140.11.0esr-1
@@ -5034,7 +5204,7 @@ CVE-2026-8389 (JIT miscompilation in the JavaScript Engine: JIT component. This
- firefox 150.0.3-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-45/#CVE-2026-8389
CVE-2026-8388 (Incorrect boundary conditions in the JavaScript Engine: JIT component. ...)
- {DSA-6288-1 DSA-6283-1 DLA-4592-1}
+ {DSA-6288-1 DSA-6283-1 DLA-4594-1 DLA-4592-1}
- firefox 150.0.3-1
- firefox-esr 140.11.0esr-1
- thunderbird 1:140.11.0esr-1
@@ -14465,45 +14635,45 @@ CVE-2026-3832 (A flaw was found in gnutls. A remote attacker could exploit this
NOTE: Fixed by: https://gitlab.com/gnutls/gnutls/-/commit/731861b9de8dccaf7d3b0c1446833051e48670c2 (3.8.13)
NOTE: Test: https://gitlab.com/gnutls/gnutls/-/commit/d52d5f4f383e8c5d8e9a03334f2421ff35d37d2e (3.8.13)
CVE-2026-42015
- {DSA-6281-1}
+ {DSA-6281-1 DLA-4595-1}
- gnutls28 3.8.13-1 (bug #1135319)
NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-11
NOTE: https://gitlab.com/gnutls/gnutls/-/work_items/1840
NOTE: Fixed by: https://gitlab.com/gnutls/gnutls/-/commit/a3e7c50d3e1761e5ef1d4b225507cab8f2b2c3ca (3.8.13)
CVE-2026-5260
- {DSA-6281-1}
+ {DSA-6281-1 DLA-4595-1}
- gnutls28 3.8.13-1 (bug #1135319)
NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-10
NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1814
NOTE: Fixed by: https://gitlab.com/gnutls/gnutls/-/commit/77228f2d1ac207d2f894e5a168fbb47e5378e42f (3.8.13)
NOTE: Fixed by: https://gitlab.com/gnutls/gnutls/-/commit/cf6bdc5e4df49e5583d3fb4d2296779785f10683 (3.8.13)
CVE-2026-42014
- {DSA-6281-1}
+ {DSA-6281-1 DLA-4595-1}
- gnutls28 3.8.13-1 (bug #1135319)
NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-9
NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1766
NOTE: Fixed by: https://gitlab.com/gnutls/gnutls/-/commit/3957f136e2ed23caf176a594b54b3827f5cef701 (3.8.13)
CVE-2026-42013
- {DSA-6281-1}
+ {DSA-6281-1 DLA-4595-1}
- gnutls28 3.8.13-1 (bug #1135319)
NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-8
NOTE: https://gitlab.com/gnutls/gnutls/-/work_items/1825
NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1849
NOTE: Fixed by: https://gitlab.com/gnutls/gnutls/-/commit/29801bef00ecc0f23c0bac4cd333b269cd2c1af4 (3.8.13)
CVE-2026-42012
- {DSA-6281-1}
+ {DSA-6281-1 DLA-4595-1}
- gnutls28 3.8.13-1 (bug #1135319)
NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-7
NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1802
NOTE: Fixed by: https://gitlab.com/gnutls/gnutls/-/commit/8dcc6a1f48945997666ac9f10896819edd01a03b (3.8.13)
CVE-2026-42011 (A flaw was found in gnutls. This vulnerability occurs because permitte ...)
- {DSA-6281-1}
+ {DSA-6281-1 DLA-4595-1}
- gnutls28 3.8.13-1 (bug #1135319)
NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-6
NOTE: https://gitlab.com/gnutls/gnutls/-/work_items/1824
NOTE: Fixed by: https://gitlab.com/gnutls/gnutls/-/commit/1dead2faec6320aaba321eb56f20d442df192b83 (3.8.13)
CVE-2026-3833 (A flaw was found in gnutls. This vulnerability occurs because gnutls p ...)
- {DSA-6281-1}
+ {DSA-6281-1 DLA-4595-1}
- gnutls28 3.8.13-1 (bug #1135319)
NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-5
NOTE: https://gitlab.com/gnutls/gnutls/-/work_items/1223
@@ -14511,27 +14681,27 @@ CVE-2026-3833 (A flaw was found in gnutls. This vulnerability occurs because gnu
NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1852
NOTE: Fixed by: https://gitlab.com/gnutls/gnutls/-/commit/19f6508647bdcd3ce21130201e484d7ca6d962c5 (3.8.13)
CVE-2026-42010 (A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest\u2 ...)
- {DSA-6281-1}
+ {DSA-6281-1 DLA-4595-1}
- gnutls28 3.8.13-1 (bug #1135319)
NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-4
NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1850
NOTE: Fixed by: https://gitlab.com/gnutls/gnutls/-/commit/cb1833afd9b6309563211b1c0a7c291f52ca98d5 (3.8.13)
NOTE: Introduced with: https://gitlab.com/gnutls/gnutls/-/commit/d00638997fa269a975095d852633b48b2b64fbf9 (3.6.13)
CVE-2026-33845 (A flaw in GnuTLS DTLS handshake parsing allows malformed fragments wit ...)
- {DSA-6281-1}
+ {DSA-6281-1 DLA-4595-1}
- gnutls28 3.8.13-1 (bug #1135319)
NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-3
NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1811
NOTE: Fixed by: https://gitlab.com/gnutls/gnutls/-/commit/e5b72c53c7d789d19d1d1cd10b275e87d0415413 (3.8.13)
CVE-2026-42009 (A flaw was found in gnutls. A remote attacker could exploit an issue i ...)
- {DSA-6281-1}
+ {DSA-6281-1 DLA-4595-1}
- gnutls28 3.8.13-1 (bug #1135319)
NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-2
NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1848
NOTE: Fixed by: https://gitlab.com/gnutls/gnutls/-/commit/f01e21441e29052a6f0963840794c41d3b3ee66d (3.8.13)
NOTE: Fixed by: https://gitlab.com/gnutls/gnutls/-/commit/f341441fad91142897d83b44a175ffc8f925b76f (3.8.13)
CVE-2026-33846 (A heap buffer overflow vulnerability exists in the DTLS handshake frag ...)
- {DSA-6281-1}
+ {DSA-6281-1 DLA-4595-1}
- gnutls28 3.8.13-1 (bug #1135319)
NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-1
NOTE: https://gitlab.com/gnutls/gnutls/-/work_items/1816
@@ -404463,8 +404633,8 @@ CVE-2022-34365 (WMS 3.7 contains a Path Traversal Vulnerability in Device API. A
NOT-FOR-US: Dell
CVE-2022-34364 (Dell BSAFE SSL-J, versions before 6.5 and version 7.0 contain a debug ...)
NOT-FOR-US: Dell
-CVE-2022-34363
- RESERVED
+CVE-2022-34363 (Dell Unisphere for PowerMax vApp version prior to 10.0.0.2, contains a ...)
+ TODO: check
CVE-2022-2193 (Insecure Direct Object Reference vulnerability in HYPR Server before v ...)
NOT-FOR-US: HYPR
CVE-2022-2192 (Forced Browsing vulnerability in HYPR Server version 6.10 to 6.15.1 al ...)
@@ -413092,8 +413262,8 @@ CVE-2022-31233 (Unisphere for PowerMax versions before 9.2.3.15 contain a privil
NOT-FOR-US: Dell
CVE-2022-31232 (SmartFabric storage software version 1.0.0 contains a Command-Injectio ...)
NOT-FOR-US: SmartFabric storage software
-CVE-2022-31231
- RESERVED
+CVE-2022-31231 (Dell ECS, versions 3.5 and 3.6, contain an Improper Access Control in ...)
+ TODO: check
CVE-2022-31230 (Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain broken or risky c ...)
NOT-FOR-US: Dell
CVE-2022-31229 (Dell PowerScale OneFS, 8.2.x through 9.3.0.x, contain an error message ...)
@@ -509953,8 +510123,8 @@ CVE-2021-21510 (Dell iDRAC8 versions prior to 2.75.100.75 contain a host header
NOT-FOR-US: Dell iDRAC8
CVE-2021-21509
RESERVED
-CVE-2021-21508
- RESERVED
+CVE-2021-21508 (Dell VxRail versions before 7.0.200 contain a Plain-text Password Stor ...)
+ TODO: check
CVE-2021-21507 (Dell EMC Networking X-Series firmware versions prior to 3.0.1.8 and De ...)
NOT-FOR-US: EMC
CVE-2021-21506 (PowerScale OneFS 8.1.2,8.2.2 and 9.1.0 contains an improper input sani ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cb6fa90c6ddc7396c0b6cc310891e9013144f0ae
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cb6fa90c6ddc7396c0b6cc310891e9013144f0ae
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260522/16002334/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list