[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed May 27 08:13:17 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3e269398 by security tracker role at 2026-05-27T07:13:10+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,37 +1,325 @@
+CVE-2026-9642 (There is a mitigation bypass / (incomplete fix) for CVE-2025-62582 (Un ...)
+ TODO: check
+CVE-2026-9632 (A flaw has been found in UTT HiPER 1250GW up to 3.2.7-210907-180535. A ...)
+ TODO: check
+CVE-2026-9631 (A vulnerability was detected in UTT HiPER 1250GW up to 3.2.7-210907-18 ...)
+ TODO: check
+CVE-2026-9628 (A weakness has been identified in UTT HiPER 1200GW up to 2.5.3-170306. ...)
+ TODO: check
+CVE-2026-9627 (A security flaw has been discovered in UTT HiPER 1200GW up to 2.5.3-17 ...)
+ TODO: check
+CVE-2026-9609 (A vulnerability was identified in QianFox FoxCMS up to 1.2.6. This aff ...)
+ TODO: check
+CVE-2026-9608 (A vulnerability was determined in QianFox FoxCMS up to 1.2.6. The impa ...)
+ TODO: check
+CVE-2026-9607 (A vulnerability was found in itsourcecode Courier Management System 1. ...)
+ TODO: check
+CVE-2026-9606 (A vulnerability has been found in itsourcecode Courier Management Syst ...)
+ TODO: check
+CVE-2026-9605 (A flaw has been found in GNU libredwg up to 0.13.4.8160. This issue af ...)
+ TODO: check
+CVE-2026-9604 (A vulnerability was detected in JeecgBoot up to 3.9.1. This vulnerabil ...)
+ TODO: check
+CVE-2026-9603 (A security vulnerability has been detected in SourceCodester eDoc Doct ...)
+ TODO: check
+CVE-2026-9584 (A security vulnerability has been detected in code-projects Project Ma ...)
+ TODO: check
+CVE-2026-9583 (A weakness has been identified in SourceCodester CET Automated Grading ...)
+ TODO: check
+CVE-2026-9582 (A security flaw has been discovered in SourceCodester CET Automated Gr ...)
+ TODO: check
+CVE-2026-9581 (A vulnerability was identified in JeecgBoot up to 3.9.1. The impacted ...)
+ TODO: check
+CVE-2026-9580 (A vulnerability was determined in JeecgBoot up to 3.9.1. The affected ...)
+ TODO: check
+CVE-2026-9579 (A vulnerability was found in JeecgBoot up to 3.9.1. Impacted is the fu ...)
+ TODO: check
+CVE-2026-9575 (A vulnerability has been found in itsourcecode Student Transcript Proc ...)
+ TODO: check
+CVE-2026-9574 (A flaw has been found in itsourcecode Student Transcript Processing Sy ...)
+ TODO: check
+CVE-2026-9573 (A vulnerability was detected in itsourcecode Student Transcript Proces ...)
+ TODO: check
+CVE-2026-9312 (A server-side request forgery (SSRF) vulnerability was identified in G ...)
+ TODO: check
+CVE-2026-9236 (The CM Ad Changer \u2013 A simple tool to control and optimize your si ...)
+ TODO: check
+CVE-2026-9207 (Tanium addressed an unauthorized code execution vulnerability in Conne ...)
+ TODO: check
+CVE-2026-9200 (The Query Shortcode plugin for WordPress is vulnerable to Local File I ...)
+ TODO: check
+CVE-2026-9156 (Tanium addressed a denial of service vulnerability in Tanium Server.)
+ TODO: check
+CVE-2026-9022 (The Splide Carousel Block plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2026-9014 (The WP Promoter plugin for WordPress is vulnerable to unauthorized mod ...)
+ TODO: check
+CVE-2026-8994 (The Login with NEAR plugin for WordPress is vulnerable to Authenticati ...)
+ TODO: check
+CVE-2026-8943 (The GoStats for WordPress plugin for WordPress is vulnerable to Cross- ...)
+ TODO: check
+CVE-2026-8941 (The CDN Linker lite plugin for WordPress is vulnerable to Cross-Site R ...)
+ TODO: check
+CVE-2026-8939 (The Search Simple Fields plugin for WordPress is vulnerable to Cross-S ...)
+ TODO: check
+CVE-2026-8938 (The auto making JSON-LD plugin for WordPress is vulnerable to Cross-Si ...)
+ TODO: check
+CVE-2026-8911 (The WP AutoBuzz plugin for WordPress is vulnerable to Cross-Site Reque ...)
+ TODO: check
+CVE-2026-8903 (The Two-factor authentication (formerly IP Vault) plugin for WordPress ...)
+ TODO: check
+CVE-2026-8899 (The Auto Thumbnail plugin for WordPress is vulnerable to Stored Cross- ...)
+ TODO: check
+CVE-2026-8898 (The Events In City plugin for WordPress is vulnerable to Stored Cross- ...)
+ TODO: check
+CVE-2026-8897 (The Shortcode Buddy plugin for WordPress is vulnerable to Stored Cross ...)
+ TODO: check
+CVE-2026-8894 (The iWR Tooltip plugin for WordPress is vulnerable to Stored Cross-Sit ...)
+ TODO: check
+CVE-2026-8891 (The BitForm plugin for WordPress is vulnerable to Stored Cross-Site Sc ...)
+ TODO: check
+CVE-2026-8887 (The Listen Shortcode plugin for WordPress is vulnerable to Stored Cros ...)
+ TODO: check
+CVE-2026-8886 (The hk_shortcode plugin for WordPress is vulnerable to Stored Cross-Si ...)
+ TODO: check
+CVE-2026-8884 (The Instant-Quote.co Quotation Page plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2026-8877 (The Responsive Video Embedder plugin for WordPress is vulnerable to St ...)
+ TODO: check
+CVE-2026-8875 (The Easy Prism Syntax Highlighter plugin for WordPress is vulnerable t ...)
+ TODO: check
+CVE-2026-8873 (The Content Slideshow plugin for WordPress is vulnerable to Stored Cro ...)
+ TODO: check
+CVE-2026-8872 (The Animate Your Content plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2026-8871 (The Formidable Kinetic plugin for WordPress is vulnerable to Stored Cr ...)
+ TODO: check
+CVE-2026-8870 (The Team Master \u2013 A Modern WordPress Team Showcase plugin for Wor ...)
+ TODO: check
+CVE-2026-8869 (The Mutual Funds Data plugin for WordPress is vulnerable to Stored Cro ...)
+ TODO: check
+CVE-2026-8868 (The Single Mailchimp plugin for WordPress is vulnerable to Stored Cros ...)
+ TODO: check
+CVE-2026-8867 (The Post Category Gallery plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2026-8866 (The jQuery googleslides plugin for WordPress is vulnerable to Stored C ...)
+ TODO: check
+CVE-2026-8847 (The Dideo plugin for WordPress is vulnerable to Stored Cross-Site Scri ...)
+ TODO: check
+CVE-2026-8846 (The Tuxquote plugin for WordPress is vulnerable to Stored Cross-Site S ...)
+ TODO: check
+CVE-2026-8845 (The Islamic Database plugin for WordPress is vulnerable to Stored Cros ...)
+ TODO: check
+CVE-2026-8844 (The Responsive Check plugin for WordPress is vulnerable to Stored Cros ...)
+ TODO: check
+CVE-2026-8842 (The Google+ Link Name plugin for WordPress is vulnerable to Stored Cro ...)
+ TODO: check
+CVE-2026-8837 (The WP Iframe Geo Style for Amazon affiliates plugin for WordPress is ...)
+ TODO: check
+CVE-2026-8787 (The Firebase Support & Chat Management plugin for WordPress is vulnera ...)
+ TODO: check
+CVE-2026-8760 (The Login with OTP plugin for WordPress is vulnerable to authenticatio ...)
+ TODO: check
+CVE-2026-8708 (The Genzel breadcrumbs plugin for WordPress is vulnerable to Cross-Sit ...)
+ TODO: check
+CVE-2026-8707 (The NS Product icon badge plugin for WordPress is vulnerable to Reflec ...)
+ TODO: check
+CVE-2026-8703 (The Endless Scroll plugin for WordPress is vulnerable to Stored Cross- ...)
+ TODO: check
+CVE-2026-8702 (The GBI To Print plugin for WordPress is vulnerable to Stored Cross-Si ...)
+ TODO: check
+CVE-2026-8701 (The GNTT Post Title Ticker plugin for WordPress is vulnerable to Store ...)
+ TODO: check
+CVE-2026-8698 (The Cryptocurrency Prijsvergelijking Widget plugin for WordPress is vu ...)
+ TODO: check
+CVE-2026-8680
+ REJECTED
+CVE-2026-8676 (An attacker is able to downgrade the security of a Bluetooth LE connec ...)
+ TODO: check
+CVE-2026-8606 (A Server-Side Request Forgery (SSRF) vulnerability was identified in G ...)
+ TODO: check
+CVE-2026-8453
+ REJECTED
+CVE-2026-8048 (The My Email Shortcode plugin for WordPress is vulnerable to Stored Cr ...)
+ TODO: check
+CVE-2026-8040 (The faq shortocde plugin for WordPress is vulnerable to Stored Cross-S ...)
+ TODO: check
+CVE-2026-7614 (The Old Posts Highlighter plugin for WordPress is vulnerable to Cross- ...)
+ TODO: check
+CVE-2026-7493 (The Appointment Booking Calendar \u2014 Simply Schedule Appointments B ...)
+ TODO: check
+CVE-2026-6565 (The Style Kits \u2013 Advanced Theme Styles for Elementor, Elementor K ...)
+ TODO: check
+CVE-2026-6287 (The ShopLentor - WooCommerce Builder for Elementor & Gutenberg plugin ...)
+ TODO: check
+CVE-2026-6268 (The EventPress WordPress theme before 22.2 does not sanitize or escape ...)
+ TODO: check
+CVE-2026-49017 (In OpenStack Swift before 2.36.2 and 2.37.2, s3api middleware enters a ...)
+ TODO: check
+CVE-2026-49014 (In GDAL 3.1.0 through 3.13.0, scanForGeometryContainers in the netCDF ...)
+ TODO: check
+CVE-2026-49000 (An insecure password scheme refers to vulnerabilities arising from imp ...)
+ TODO: check
+CVE-2026-48999 (Attackers carefully craft malicious scripts, such as JavaScript, and i ...)
+ TODO: check
+CVE-2026-48593 (Uncontrolled Resource Consumption vulnerability in oban-bg oban_web (' ...)
+ TODO: check
+CVE-2026-48592 (Missing Authorization vulnerability in oban-bg oban_web ('Elixir.Oban. ...)
+ TODO: check
+CVE-2026-47672 (epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telemat ...)
+ TODO: check
+CVE-2026-45575 (epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telemat ...)
+ TODO: check
+CVE-2026-45574 (epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telemat ...)
+ TODO: check
+CVE-2026-45413 (MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.1, u ...)
+ TODO: check
+CVE-2026-45412 (MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.1, S ...)
+ TODO: check
+CVE-2026-45298 (Dozzle is a realtime log viewer for docker containers. Prior to 10.5.2 ...)
+ TODO: check
+CVE-2026-44985 (Dozzle is a realtime log viewer for docker containers. Prior to 10.5.2 ...)
+ TODO: check
+CVE-2026-44983 (smallbitvec is a growable bit-vector for Rust, optimized for size. Fro ...)
+ TODO: check
+CVE-2026-44966 (Velocity.js is a JavaScript implementation of the Apache Velocity temp ...)
+ TODO: check
+CVE-2026-44905 (Vanetza is an open-source implementation of the ETSI C-ITS protocol su ...)
+ TODO: check
+CVE-2026-44903 (Prometheus is an open-source monitoring system and time series databas ...)
+ TODO: check
+CVE-2026-44900 (epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telemat ...)
+ TODO: check
+CVE-2026-44899 (Mistune is a Python Markdown parser with renderers and plugins. Prior ...)
+ TODO: check
+CVE-2026-44898 (Mistune is a Python Markdown parser with renderers and plugins. Prior ...)
+ TODO: check
+CVE-2026-44897 (Mistune is a Python Markdown parser with renderers and plugins. Prior ...)
+ TODO: check
+CVE-2026-44896 (Mistune is a Python Markdown parser with renderers and plugins. In 3.2 ...)
+ TODO: check
+CVE-2026-44895 (GitLab MCP Server lets an AI agent talk directly to GitLab. Prior to 0 ...)
+ TODO: check
+CVE-2026-44847 (MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.0, M ...)
+ TODO: check
+CVE-2026-44844 (eml_parser serves as a python module for parsing eml files and returni ...)
+ TODO: check
+CVE-2026-44843 (LangChain is a framework for building agents and LLM-powered applicati ...)
+ TODO: check
+CVE-2026-44837 (view_component is a framework for building reusable, testable, and enc ...)
+ TODO: check
+CVE-2026-44836 (view_component is a framework for building reusable, testable, and enc ...)
+ TODO: check
+CVE-2026-44833 (Snipe-IT is an IT asset/license management system. Prior to 8.4.1, an ...)
+ TODO: check
+CVE-2026-44832 (Snipe-IT is an IT asset/license management system. Prior to 8.4.1, aAn ...)
+ TODO: check
+CVE-2026-44831 (Snipe-IT is an IT asset/license management system. Prior to 8.4.1, use ...)
+ TODO: check
+CVE-2026-44788 (SharpCompress is a fully managed C# library to deal with many compress ...)
+ TODO: check
+CVE-2026-44708 (Mistune is a Python Markdown parser with renderers and plugins. Prior ...)
+ TODO: check
+CVE-2026-44451 (Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the ...)
+ TODO: check
+CVE-2026-44450 (Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the ...)
+ TODO: check
+CVE-2026-44449 (Lumiverse is a full-featured AI chat application. Prior to 0.9.7, when ...)
+ TODO: check
+CVE-2026-44444 (Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the ...)
+ TODO: check
+CVE-2026-44443 (Lumiverse is a full-featured AI chat application. Prior to 0.9.7, cons ...)
+ TODO: check
+CVE-2026-44214 (eventsource-encoder encodes events as well-formed EventSource/Server S ...)
+ TODO: check
+CVE-2026-44213 (The OpenTelemetry.Exporter.Instana exports telemetry to Instana backen ...)
+ TODO: check
+CVE-2026-44209 (Banks generates meaningful LLM prompts using a template language that ...)
+ TODO: check
+CVE-2026-43988 (Vanetza is an open-source implementation of the ETSI C-ITS protocol su ...)
+ TODO: check
+CVE-2026-42337 (MaxKB is an open-source AI assistant for enterprise. MaxKB 2.8.0 and p ...)
+ TODO: check
+CVE-2026-42336 (MaxKB is an open-source AI assistant for enterprise. MaxKB 2.8.0 and p ...)
+ TODO: check
+CVE-2026-42335 (MaxKB is an open-source AI assistant for enterprise. Prior to 2.8.1, M ...)
+ TODO: check
+CVE-2026-36239 (PbootCMS v.3.2.11 contains a code injection vulnerability in its site ...)
+ TODO: check
+CVE-2026-2255 (Hitachi Vantara Pentaho Data Integration & Analytics versions before 1 ...)
+ TODO: check
+CVE-2026-2254 (Hitachi Vantara Pentaho Data Integration & Analytics versions before 1 ...)
+ TODO: check
+CVE-2026-2253 (Hitachi Vantara Pentaho Data Integration & Analytics versions before 1 ...)
+ TODO: check
+CVE-2026-27331 (Missing Authorization vulnerability in Magepeople inc. WpTravelly allo ...)
+ TODO: check
+CVE-2026-25444 (Missing Authorization vulnerability in Magepeople inc. WpBookingly all ...)
+ TODO: check
+CVE-2026-25426 (Missing Authorization vulnerability in Magepeople inc. Taxi Booking Ma ...)
+ TODO: check
+CVE-2026-24520 (Missing Authorization vulnerability in bPlugins Tiktok Feed allows Exp ...)
+ TODO: check
+CVE-2025-68711 (AppLockZ App Lock and Fingerprint Lock (applock.passwordfingerprint.ap ...)
+ TODO: check
+CVE-2025-68710 (Easyelife App lock (aka Fingerprint,Applock or locker.app.safe.applock ...)
+ TODO: check
+CVE-2025-68709 (SailingLab AppLock (aka com.alpha.applock) 4.3.8 for Android allows a ...)
+ TODO: check
+CVE-2025-68708 (SailingLab AppLock (aka com.alpha.applock) 4.3.8 for Android allows a ...)
+ TODO: check
+CVE-2025-46307 (A logic issue was addressed with improved restrictions. This issue is ...)
+ TODO: check
+CVE-2025-46284 (A race condition was addressed with additional validation. This issue ...)
+ TODO: check
+CVE-2025-46280 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ TODO: check
+CVE-2025-43451 (A permissions issue was addressed by removing the vulnerable code. Thi ...)
+ TODO: check
+CVE-2025-43306 (A logic issue was addressed with improved checks. This issue is fixed ...)
+ TODO: check
+CVE-2025-43290 (A permissions issue was addressed with additional restrictions. This i ...)
+ TODO: check
+CVE-2025-43289 (A logic issue was addressed with improved validation. This issue is fi ...)
+ TODO: check
+CVE-2025-14481 (The Yoast SEO plugin for WordPress is vulnerable to Insecure Direct Ob ...)
+ TODO: check
+CVE-2025-14361 (Missing Authorization vulnerability in AA-Team Woocommerce Envato Affi ...)
+ TODO: check
CVE-2026-46644 [insecure equivalence in symfony/polyfill-intl-idn for ASCII-only xn-- labels]
- php-symfony-polyfill <unfixed>
[bookworm] - php-symfony-polyfill <no-dsa> (Minor issue)
NOTE: https://symfony.com/blog/cve-2026-46644-insecure-equivalence-in-symfony-polyfill-intl-idn-for-ascii-only-xn-labels
NOTE: https://github.com/symfony/polyfill/security/advisories/GHSA-2xf4-cg6j-vhgq
-CVE-2026-48962 [Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output]
+CVE-2026-48962 (IO::Compress versions before 2.220 for Perl can execute arbitrary code ...)
- libio-compress-perl <unfixed>
- perl <unfixed>
NOTE: https://lists.security.metacpan.org/cve-announce/msg/40434385/
NOTE: Fixed by: https://github.com/pmqs/IO-Compress/commit/f2db247bf90d4cc7ee2710be384946081f3b4610 (v2.220)
-CVE-2026-48961 [zipdetails CLI tool crashes with undefined subroutine on Info-ZIP Unix Extra Field with 8-byte UID or GID]
+CVE-2026-48961 (IO::Compress versions from 2.207 before 2.220 for Perl ship a zipdetai ...)
- libio-compress-perl <unfixed>
- perl <unfixed>
NOTE: https://lists.security.metacpan.org/cve-announce/msg/40434383/
NOTE: Fixed by: https://github.com/pmqs/IO-Compress/commit/33c89d03d6e746ed2ead4f2f6570d47864c61bc7 (v2.220)
-CVE-2026-48959 [CPU exhaustion via per-byte read loop in fastForward]
+CVE-2026-48959 (IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaust ...)
- libio-compress-perl <unfixed>
- perl <unfixed>
NOTE: https://lists.security.metacpan.org/cve-announce/msg/40434381/
NOTE: Fixed by: https://github.com/pmqs/IO-Compress/commit/68db44076f4c1a86a2ffe53a958eac6cabaf72e2 (v2.220)
-CVE-2025-15649 [propagate uncaught exception when parsing zip header with malformed DOS date]
+CVE-2025-15649 (IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaugh ...)
- libio-compress-perl 2.217-1
- perl <unfixed>
NOTE: https://lists.security.metacpan.org/cve-announce/msg/40434380/
NOTE: https://github.com/pmqs/IO-Compress/issues/65
NOTE: Fixed by: https://github.com/pmqs/IO-Compress/commit/fd28c1d2374eee9811f6d0c5bddc0957abdf1da8 (v2.215)
-CVE-2026-8450 [OS command injection via send_file()]
+CVE-2026-8450 (HTTP::Daemon versions before 6.17 for Perl allow OS command injection ...)
- libhttp-daemon-perl <unfixed>
NOTE: https://lists.security.metacpan.org/cve-announce/msg/40435207/
NOTE: https://github.com/libwww-perl/HTTP-Daemon/pull/89
NOTE: Fixed by: https://github.com/libwww-perl/HTTP-Daemon/commit/945d35141d94490f749640bd4390acd6a2193995 (v6.17)
-CVE-2026-8647
+CVE-2026-8647 (Crypt::ScryptKDF versions through 0.010 for Perl uses insecure random ...)
NOT-FOR-US: Crypt::ScryptKDF Perl module
-CVE-2026-46740
+CVE-2026-46740 (Mojolicious::Plugin::Statsd versions through 0.04 for Perl allowed met ...)
NOT-FOR-US: Mojolicious::Plugin::Statsd Perl module
CVE-2026-9572 (A security vulnerability has been detected in GPAC up to 2.4.0. Affect ...)
- gpac <removed>
@@ -116,7 +404,7 @@ CVE-2026-7310 (A heap-based buffer overflow vulnerability exists in XML parser f
NOT-FOR-US: Hitachi Energy
CVE-2026-7251 (Eppendorf BioFlo 320is vulnerable to due to VNC server using a hard-co ...)
NOT-FOR-US: Eppendorf
-CVE-2026-4051 (IBM Engineering Lifecycle Management 7.0.3 ( through ) Interim Fix 021 ...)
+CVE-2026-4051 (IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could all ...)
NOT-FOR-US: IBM
CVE-2026-48905 (Lack of input filtering leads to an XSS vector in the HTML filter code ...)
NOT-FOR-US: Joomla
@@ -286,9 +574,9 @@ CVE-2026-40034 (gix-submodule before 0.82.0 incorrectly validates the update fie
TODO: check
CVE-2026-40033 (FreeRDP before 3.26.0 contains a heap-buffer-overflow vulnerability in ...)
TODO: check
-CVE-2026-3660 (IBM Engineering Lifecycle Management 7.0.3 ( through ) Interim Fix 021 ...)
+CVE-2026-3660 (IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could all ...)
NOT-FOR-US: IBM
-CVE-2026-3603 (IBM Engineering Lifecycle Management 7.0.3 Interim Fix 001 through Int ...)
+CVE-2026-3603 (IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 is vulner ...)
NOT-FOR-US: IBM
CVE-2026-39661 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
NOT-FOR-US: WordPress plugin or theme
@@ -1187,6 +1475,7 @@ CVE-2026-23652 (Improper neutralization of special elements used in a command ('
CVE-2026-9291 (Insecure deserialization in the job results processing component in Am ...)
NOT-FOR-US: Amazon
CVE-2026-9277 (shell-quote's `quote()` function did not validate object-token inputs ...)
+ {DSA-6300-1}
- node-shell-quote 1.8.4+~1.7.5-1 (bug #1137372)
NOTE: https://github.com/ljharb/shell-quote/security/advisories/GHSA-w7jw-789q-3m8p
CVE-2026-9256 (NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_ ...)
@@ -1373,7 +1662,7 @@ CVE-2025-32745 (Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Improp
NOT-FOR-US: Dell / EMC
CVE-2025-26483 (Dell PowerFlex Manager, versions 4.6.2 and prior, contains an Open Red ...)
NOT-FOR-US: Dell / EMC
-CVE-2026-48710 [starlette Ignore malformed Host header when constructing request.url]
+CVE-2026-48710 (Starlette is a lightweight ASGI framework/toolkit. Prior to version 1. ...)
- starlette <unfixed> (bug #1137375)
NOTE: https://x41-dsec.de/lab/advisories/x41-2026-002-starlette/
NOTE: https://github.com/Kludex/starlette/security/advisories/GHSA-86qp-5c8j-p5mr
@@ -1808,31 +2097,37 @@ CVE-2026-42538
CVE-2026-42329
NOT-FOR-US: DFIR-IRIS
CVE-2026-42326
+ {DSA-6298-1}
- imagemagick 8:7.1.2.23+dfsg1-1
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-7wff-wpr6-vmhm
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/06301590988fc62e17b4ae6e937d411cc1089ef1 (7.1.2-22)
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/4bbc9cf334ec0c136d4aa8c28afab17120cc954c (6.9.13-47)
CVE-2026-45031
+ {DSA-6298-1}
- imagemagick 8:7.1.2.23+dfsg1-1
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cwpj-h54c-xjpx
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/a96763d717e27d6d136aa734d1cf4b33a91555d0 (7.1.2-23)
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/de0f3f1ee15c783d139135e93cff212ee37e89af (6.9.13-48)
CVE-2026-45359
+ {DSA-6298-1}
- imagemagick 8:7.1.2.23+dfsg1-1
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-vhrh-72hq-w8m7
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/9f18e2890088705c9a3dc867a7f2e31be50b8f41 (7.1.2-23)
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/c590530d406e7628e6f1a8d0e7429b592bfadce8 (6.9.13-49)
CVE-2026-45358
+ {DSA-6298-1}
- imagemagick 8:7.1.2.23+dfsg1-1
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cr6r-hmj8-pr7r
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/2cf3b5750bd7c96fbb92c3f02823ecd63f8dd232 (7.1.2-23)
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/1b962d30cc7ad94d18c5f24c8dbc6d48f534b99d (6.9.13-48)
CVE-2026-45624
+ {DSA-6298-1}
- imagemagick 8:7.1.2.23+dfsg1-1
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pfvh-m9xv-8966
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/a66ab7bc559f041b1434606496b5b4b0906ff9a2 (7.1.2-23)
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/7736b7c458d0c694e26023ad4bd3436fc2f951ff (6.9.13-48)
CVE-2026-45664
+ {DSA-6298-1}
- imagemagick 8:7.1.2.23+dfsg1-1
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-g5mf-wqq5-vwg6
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/10a1a2285659fe1f8978f338319727dfda19500d (7.1.2-23)
@@ -1840,21 +2135,25 @@ CVE-2026-45664
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/3d57d37907857d19b026760c47f1ac9c8c091c0d (6.9.13-48)
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/11ac03e5485a94a8c1ef06e79e8d77ded1d18d46 (6.9.13-48)
CVE-2026-46692
+ {DSA-6298-1}
- imagemagick 8:7.1.2.23+dfsg1-1
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-p93h-f2jc-477j
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/75bcc76eac8b26ce0d6900117c9b308b0aed5719 (7.1.2-23)
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/6efd2e9277e6e6f5a8171d6c67bc93f1ff1f3eb8 (6.9.13-48)
CVE-2026-46521
+ {DSA-6298-1}
- imagemagick 8:7.1.2.23+dfsg1-1
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-jcqp-6r6f-3mfx
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/188fcf538f58a60109ebd008e2c40d29cf3966d7 (7.1.2-23)
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/61adf32771284186f2fbaea220062226123ac394 (6.9.13-48)
CVE-2026-46520
+ {DSA-6298-1}
- imagemagick 8:7.1.2.23+dfsg1-1
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-36wm-hprc-mcf5
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/3aa35741316909f9e384d13cee197334dc3296d7 (7.1.2-23)
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/4095aa6144646ec6f04d254f050d7cbb04af293f (6.9.13-48)
CVE-2026-46693
+ {DSA-6298-1}
- imagemagick 8:7.1.2.23+dfsg1-1
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-4g75-9r48-jf92
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/adb4b8d7e1e4014892b71837842326c96c2a625b (7.1.2-23)
@@ -1863,21 +2162,25 @@ CVE-2026-46693
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/6b1e965f94eaf73f9ed459f86d87254e72c87156 (6.9.13-48)
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/0cde9421b635a66a42a6f23f995fbd9a325965cb (6.9.13-48)
CVE-2026-46522
+ {DSA-6298-1}
- imagemagick 8:7.1.2.23+dfsg1-1
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-7gg8-qqx7-92g5
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/e8431d4a282013851cb698fdf29b1d7ad80ad7cb (7.1.2-23)
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/466237e1116b46abde8af0f1794b42f1110e04b5 (6.9.13-48)
CVE-2026-46523
+ {DSA-6298-1}
- imagemagick 8:7.1.2.23+dfsg1-1
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5r4x-w6p5-222q
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/4d92249c84536a20e9723376ec016b4950dcb454 (7.1.2-23)
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/5ad5fdcc45871bdeeca414a883acb880532accce (6.9.13-48)
CVE-2026-46559
+ {DSA-6298-1}
- imagemagick 8:7.1.2.23+dfsg1-1
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-533m-3wf6-c33v
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/ff2f155f2874737380a80195c5849a2f06cb6ff7 (7.1.2-23)
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/7d68aec1d02aaaeb513a1778e9702fa0d9ba9dcd (6.9.13-48)
CVE-2026-46557
+ {DSA-6298-1}
- imagemagick 8:7.1.2.23+dfsg1-1
[bookworm] - imagemagick <not-affected> (vulnerable code introduced later)
[bullseye] - imagemagick <not-affected> (vulnerable code introduced later)
@@ -1885,11 +2188,13 @@ CVE-2026-46557
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/06fb1aa7589f4eec363b33c2bbda5986a92bb259 (7.1.2-23)
NOTE: ImageMagick6 not affected: https://github.com/ImageMagick/ImageMagick6/issues/430
CVE-2026-47166
+ {DSA-6298-1}
- imagemagick 8:7.1.2.23+dfsg1-1
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-6gxq-f64p-5w6f
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/bb79e91155127dd6c3c18a01c8761e9c2ea82d70 (7.1.2-23)
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/2ca87784a434899067b8408e5f8a7f0165a8f884 (6.9.13-48)
CVE-2026-47165
+ {DSA-6298-1}
- imagemagick 8:7.1.2.23+dfsg1-1
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-2rgj-gx5x-f62w
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/bb79e91155127dd6c3c18a01c8761e9c2ea82d70 (7.1.2-23)
@@ -8406,6 +8711,7 @@ CVE-2026-45186 (In libexpat before 2.8.1, the computational complexity of attrib
NOTE: https://github.com/libexpat/libexpat/pull/1216
NOTE: https://blog.hartwork.org/posts/expat-2-8-1-released/
CVE-2026-45184 (Kdenlive before 26.04.1 allows dangerous proxy parameters when an atta ...)
+ {DSA-6299-1}
- kdenlive 26.04.1-1 (bug #1136172)
[trixie] - kdenlive <no-dsa> (Minor issue)
[bookworm] - kdenlive <no-dsa> (Minor issue)
@@ -14169,6 +14475,7 @@ CVE-2025-14726 (The Widgets for Social Photo Feed plugin for WordPress is vulner
CVE-2025-12993
REJECTED
CVE-2026-42050 (ImageMagick is free and open-source software used for editing and mani ...)
+ {DSA-6298-1}
- imagemagick 8:7.1.2.21+dfsg1-1
[bookworm] - imagemagick <postponed> (Minor issue, fix along with future update)
[bullseye] - imagemagick <postponed> (Minor issue; can be fixed in next update)
@@ -15923,13 +16230,13 @@ CVE-2026-3832 (A flaw was found in gnutls. A remote attacker could exploit this
NOTE: Introduced with: https://gitlab.com/gnutls/gnutls/-/commit/ae404fe8488dee424876b5963c00d7e041672415 (3.8.8)
NOTE: Fixed by: https://gitlab.com/gnutls/gnutls/-/commit/731861b9de8dccaf7d3b0c1446833051e48670c2 (3.8.13)
NOTE: Test: https://gitlab.com/gnutls/gnutls/-/commit/d52d5f4f383e8c5d8e9a03334f2421ff35d37d2e (3.8.13)
-CVE-2026-42015
+CVE-2026-42015 (A flaw was found in gnutls. An off-by-one error exists in the PKCS#12 ...)
{DSA-6281-1 DLA-4595-1}
- gnutls28 3.8.13-1 (bug #1135319)
NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-11
NOTE: https://gitlab.com/gnutls/gnutls/-/work_items/1840
NOTE: Fixed by: https://gitlab.com/gnutls/gnutls/-/commit/a3e7c50d3e1761e5ef1d4b225507cab8f2b2c3ca (3.8.13)
-CVE-2026-5260
+CVE-2026-5260 (A flaw was found in libgnutls. A remote attacker, by sending an extrem ...)
{DSA-6281-1 DLA-4595-1}
- gnutls28 3.8.13-1 (bug #1135319)
NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-10
@@ -15944,14 +16251,14 @@ CVE-2026-42014
NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1766
NOTE: Fixed by: https://gitlab.com/gnutls/gnutls/-/commit/3957f136e2ed23caf176a594b54b3827f5cef701 (3.8.13)
NOTE: Introduced with: https://gitlab.com/gnutls/gnutls/-/commit/f68a86202bd1aaeb3988566def4374359b211875 (gnutls_3_6_5)
-CVE-2026-42013
+CVE-2026-42013 (A flaw was found in gnutls. When validating certificates, an oversized ...)
{DSA-6281-1 DLA-4595-1}
- gnutls28 3.8.13-1 (bug #1135319)
NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-8
NOTE: https://gitlab.com/gnutls/gnutls/-/work_items/1825
NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1849
NOTE: Fixed by: https://gitlab.com/gnutls/gnutls/-/commit/29801bef00ecc0f23c0bac4cd333b269cd2c1af4 (3.8.13)
-CVE-2026-42012
+CVE-2026-42012 (A flaw was found in gnutls. A remote attacker could exploit this vulne ...)
{DSA-6281-1 DLA-4595-1}
- gnutls28 3.8.13-1 (bug #1135319)
NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-7
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e26939809cd214d13729d0b98bcb84e27e14cad
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e26939809cd214d13729d0b98bcb84e27e14cad
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260527/e9a15958/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list