Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
81c3853d by security tracker role at 2026-02-04T20:13:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,315 +1,469 @@
-CVE-2026-23109 [fs/writeback: skip AS_NO_DATA_INTEGRITY mappings in
wait_sb_inodes()]
+CVE-2026-25532 (ESF-IDF is the Espressif Internet of Things (IOT) Development
Framewor ...)
+ TODO: check
+CVE-2026-25508 (ESF-IDF is the Espressif Internet of Things (IOT) Development
Framewor ...)
+ TODO: check
+CVE-2026-25507 (ESF-IDF is the Espressif Internet of Things (IOT) Development
Framewor ...)
+ TODO: check
+CVE-2026-25475 (OpenClaw is a personal AI assistant. Prior to version
2026.1.30, the i ...)
+ TODO: check
+CVE-2026-25161 (Alist is a file list program that supports multiple storages,
powered ...)
+ TODO: check
+CVE-2026-25160 (Alist is a file list program that supports multiple storages,
powered ...)
+ TODO: check
+CVE-2026-25157 (OpenClaw is a personal AI assistant. Prior to version
2026.1.29, there ...)
+ TODO: check
+CVE-2026-25145 (melange allows users to build apk packages using declarative
pipelines ...)
+ TODO: check
+CVE-2026-25143 (melange allows users to build apk packages using declarative
pipelines ...)
+ TODO: check
+CVE-2026-25140 (apko allows users to build and publish OCI container images
built from ...)
+ TODO: check
+CVE-2026-25139 (RIOT is an open-source microcontroller operating system,
designed to m ...)
+ TODO: check
+CVE-2026-25122 (apko allows users to build and publish OCI container images
built from ...)
+ TODO: check
+CVE-2026-25121 (apko allows users to build and publish OCI container images
built from ...)
+ TODO: check
+CVE-2026-25115 (n8n is an open source workflow automation platform. Prior to
version 2 ...)
+ TODO: check
+CVE-2026-25056 (n8n is an open source workflow automation platform. Prior to
versions ...)
+ TODO: check
+CVE-2026-25055 (n8n is an open source workflow automation platform. Prior to
versions ...)
+ TODO: check
+CVE-2026-25054 (n8n is an open source workflow automation platform. Prior to
versions ...)
+ TODO: check
+CVE-2026-25053 (n8n is an open source workflow automation platform. Prior to
versions ...)
+ TODO: check
+CVE-2026-25052 (n8n is an open source workflow automation platform. Prior to
versions ...)
+ TODO: check
+CVE-2026-25051 (n8n is an open source workflow automation platform. Prior to
version 1 ...)
+ TODO: check
+CVE-2026-25049 (n8n is an open source workflow automation platform. Prior to
versions ...)
+ TODO: check
+CVE-2026-24884 (Compressing is a compressing and uncompressing lib for node.
In versio ...)
+ TODO: check
+CVE-2026-24844 (melange allows users to build apk packages using declarative
pipelines ...)
+ TODO: check
+CVE-2026-24843 (melange allows users to build apk packages using declarative
pipelines ...)
+ TODO: check
+CVE-2026-24735 (Exposure of Private Personal Information to an Unauthorized
Actor vuln ...)
+ TODO: check
+CVE-2026-23897 (Apollo Server is an open-source, spec-compliant GraphQL server
that's ...)
+ TODO: check
+CVE-2026-23624 (GLPI is a free asset and IT management software package. In
versions s ...)
+ TODO: check
+CVE-2026-22549 (A vulnerability exists in F5 BIG-IP Container Ingress Services
that ma ...)
+ TODO: check
+CVE-2026-22548 (When a BIG-IP Advanced WAF or ASM security policy is
configured on a v ...)
+ TODO: check
+CVE-2026-22247 (GLPI is a free asset and IT management software package. From
version ...)
+ TODO: check
+CVE-2026-22044 (GLPI is a free asset and IT management software package. From
version ...)
+ TODO: check
+CVE-2026-21893 (n8n is an open source workflow automation platform. From
version 0.187 ...)
+ TODO: check
+CVE-2026-20732 (A vulnerability exists in an undisclosed BIG-IP Configuration
utility ...)
+ TODO: check
+CVE-2026-20730 (A vulnerability exists in BIG-IP Edge Client and browser VPN
clients o ...)
+ TODO: check
+CVE-2026-20123 (A vulnerability in the web-based management interface of Cisco
Evolved ...)
+ TODO: check
+CVE-2026-20119 (A vulnerability in the text rendering subsystem of Cisco
TelePresence ...)
+ TODO: check
+CVE-2026-20111 (A vulnerability in the web-based management interface of Cisco
Prime I ...)
+ TODO: check
+CVE-2026-20098 (A vulnerability in the Certificate Management feature of Cisco
Meeting ...)
+ TODO: check
+CVE-2026-20056 (A vulnerability in the Dynamic Vectoring and Streaming (DVS)
Engine im ...)
+ TODO: check
+CVE-2026-1642 (A vulnerability exists in NGINX OSS and NGINX Plus when
configured to ...)
+ TODO: check
+CVE-2026-1622 (Neo4j Enterprise and Community editions versions prior to
2026.01.3 an ...)
+ TODO: check
+CVE-2026-1370 (The SIBS woocommerce payment gateway plugin for WordPress is
vulnerabl ...)
+ TODO: check
+CVE-2026-0873 (On a Cryptobox platform where administrator segregation based
on entit ...)
+ TODO: check
+CVE-2026-0816 (The All push notification for WP plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2026-0743 (The WP Content Permission plugin for WordPress is vulnerable to
Stored ...)
+ TODO: check
+CVE-2026-0742 (The Smart Appointment & Booking plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2026-0681 (The Extended Random Number Generator plugin for WordPress is
vulnerabl ...)
+ TODO: check
+CVE-2026-0679 (The Fortis for WooCommerce plugin for WordPress is vulnerable
to autho ...)
+ TODO: check
+CVE-2026-0662 (A maliciously crafted project directory, when opening a max
file in Au ...)
+ TODO: check
+CVE-2026-0661 (A maliciously crafted RGB file, when parsed through Autodesk
3ds Max, ...)
+ TODO: check
+CVE-2026-0660 (A maliciously crafted GIF file, when parsed through Autodesk
3ds Max, ...)
+ TODO: check
+CVE-2026-0659 (A maliciously crafted USD file, when loaded or imported into
Autodesk ...)
+ TODO: check
+CVE-2026-0572 (The WebPurify Profanity Filter plugin for WordPress is
vulnerable to u ...)
+ TODO: check
+CVE-2026-0538 (A maliciously crafted GIF file, when parsed through Autodesk
3ds Max, ...)
+ TODO: check
+CVE-2026-0537 (A maliciously crafted RGB file, when parsed through Autodesk
3ds Max, ...)
+ TODO: check
+CVE-2026-0536 (A maliciously crafted GIF file, when parsed through Autodesk
3ds Max, ...)
+ TODO: check
+CVE-2025-70997 (A vulnerability has been discovered in eladmin v2.7 and
before. This v ...)
+ TODO: check
+CVE-2025-70545 (A stored cross-site scripting (XSS) vulnerability exists in
the web ma ...)
+ TODO: check
+CVE-2025-69618 (An arbitrary file overwrite vulnerability in the file import
process o ...)
+ TODO: check
+CVE-2025-69215 (OpenSTAManager is an open source management software for
technical ass ...)
+ TODO: check
+CVE-2025-69213 (OpenSTAManager is an open source management software for
technical ass ...)
+ TODO: check
+CVE-2025-68699 (NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging
Platform. ...)
+ TODO: check
+CVE-2025-64712 (The unstructured library provides open-source components for
ingesting ...)
+ TODO: check
+CVE-2025-61917 (n8n is an open source workflow automation platform. From
version 1.65. ...)
+ TODO: check
+CVE-2025-5329 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-59818 (This vulnerability allows authenticated attackers to execute
arbitrary ...)
+ TODO: check
+CVE-2025-41085 (Stored Cross-Site Scripting (XSS) vulnerability type in Apidog
in the ...)
+ TODO: check
+CVE-2025-15508 (The Magic Import Document Extractor plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2025-15507 (The Magic Import Document Extractor plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2025-15487 (The Code Explorer plugin for WordPress is vulnerable to Path
Traversal ...)
+ TODO: check
+CVE-2025-15482 (The Chapa Payment Gateway Plugin for WooCommerce plugin for
WordPress ...)
+ TODO: check
+CVE-2025-15368 (The SportsPress plugin for WordPress is vulnerable to Local
File Inclu ...)
+ TODO: check
+CVE-2025-15285 (The SEO Flow by LupsOnline plugin for WordPress is vulnerable
to unaut ...)
+ TODO: check
+CVE-2025-15268 (The Infility Global plugin for WordPress is vulnerable to
unauthentica ...)
+ TODO: check
+CVE-2025-15260 (The MyRewards \u2013 Loyalty Points and Rewards for
WooCommerce plugin ...)
+ TODO: check
+CVE-2025-14740 (Docker Desktop for Windows contains multiple incorrect
permission assi ...)
+ TODO: check
+CVE-2025-14461 (The Xendit Payment plugin for WordPress is vulnerable to
unauthorized ...)
+ TODO: check
+CVE-2026-23109 (In the Linux kernel, the following vulnerability has been
resolved: f ...)
- linux 6.18.8-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/f9a49aa302a05e91ca01f69031cb79a0ea33031f (6.19-rc7)
-CVE-2026-23106 [timekeeping: Adjust the leap state for the correct auxiliary
timekeeper]
+CVE-2026-23106 (In the Linux kernel, the following vulnerability has been
resolved: t ...)
- linux 6.18.8-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/e806f7dde8ba28bc72a7a0898589cac79f6362ac (6.19-rc7)
-CVE-2026-23092 [iio: dac: ad3552r-hs: fix out-of-bound write in
ad3552r_hs_write_data_source]
+CVE-2026-23092 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
- linux 6.18.8-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/978d28136c53df38f8f0b747191930e2f95e9084 (6.19-rc7)
-CVE-2026-23082 [can: gs_usb: gs_usb_receive_bulk_callback(): unanchor URL on
usb_submit_urb() error]
+CVE-2026-23082 (In the Linux kernel, the following vulnerability has been
resolved: c ...)
- linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/79a6d1bfe1148bc921b8d7f3371a7fbce44e30f7 (6.19-rc7)
-CVE-2026-23081 [net: phy: intel-xway: fix OF node refcount leakage]
+CVE-2026-23081 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.18.8-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/79912b256e14054e6ba177d7e7e631485ce23dbe (6.19-rc7)
-CVE-2026-23079 [gpio: cdev: Fix resource leaks on errors in
lineinfo_changed_notify()]
+CVE-2026-23079 (In the Linux kernel, the following vulnerability has been
resolved: g ...)
- linux 6.18.8-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/70b3c280533167749a8f740acaa8ef720f78f984 (6.19-rc7)
-CVE-2026-23077 [mm/vma: fix anon_vma UAF on mremap() faulted, unfaulted merge]
+CVE-2026-23077 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
- linux 6.18.8-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/61f67c230a5e7c741c352349ea80147fbe65bfae (6.19-rc6)
-CVE-2026-23067 [iommu/io-pgtable-arm: fix size_t signedness bug in unmap path]
+CVE-2026-23067 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
- linux 6.18.8-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/374e7af67d9d9d6103c2cfc8eb32abfecf3a2fd8 (6.19-rc7)
-CVE-2026-23110 [scsi: core: Wake up the error handler when final completions
race against each other]
+CVE-2026-23110 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
- linux 6.18.8-1
NOTE:
https://git.kernel.org/linus/fe2f8ad6f0999db3b318359a01ee0108c703a8c3 (6.19-rc7)
-CVE-2026-23108 [can: usb_8dev: usb_8dev_read_bulk_callback(): fix URB memory
leak]
+CVE-2026-23108 (In the Linux kernel, the following vulnerability has been
resolved: c ...)
- linux 6.18.8-1
NOTE:
https://git.kernel.org/linus/f7a980b3b8f80fe367f679da376cf76e800f9480 (6.19-rc7)
-CVE-2026-23107 [arm64/fpsimd: signal: Allocate SSVE storage when restoring ZA]
+CVE-2026-23107 (In the Linux kernel, the following vulnerability has been
resolved: a ...)
- linux 6.18.8-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/ea8ccfddbce0bee6310da4f3fc560ad520f5e6b4 (6.19-rc7)
-CVE-2026-23105 [net/sched: qfq: Use cl_is_active to determine whether class is
active in qfq_rm_from_ag]
+CVE-2026-23105 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.18.8-1
NOTE:
https://git.kernel.org/linus/d837fbee92453fbb829f950c8e7cf76207d73f33 (6.19-rc7)
-CVE-2026-23104 [ice: fix devlink reload call trace]
+CVE-2026-23104 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
- linux 6.18.8-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/d3f867e7a04678640ebcbfb81893c59f4af48586 (6.19-rc7)
-CVE-2026-23103 [ipvlan: Make the addrs_lock be per port]
+CVE-2026-23103 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
- linux 6.18.8-1
NOTE:
https://git.kernel.org/linus/d3ba32162488283c0a4c5bedd8817aec91748802 (6.19-rc7)
-CVE-2026-23102 [arm64/fpsimd: signal: Fix restoration of SVE context]
+CVE-2026-23102 (In the Linux kernel, the following vulnerability has been
resolved: a ...)
- linux 6.18.8-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/d2907cbe9ea0a54cbe078076f9d089240ee1e2d9 (6.19-rc7)
-CVE-2026-23101 [leds: led-class: Only Add LED to leds_list when it is fully
ready]
+CVE-2026-23101 (In the Linux kernel, the following vulnerability has been
resolved: l ...)
- linux 6.18.8-1
NOTE:
https://git.kernel.org/linus/d1883cefd31752f0504b94c3bcfa1f6d511d6e87 (6.19-rc7)
-CVE-2026-23100 [mm/hugetlb: fix hugetlb_pmd_shared()]
+CVE-2026-23100 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
- linux 6.18.8-1
NOTE:
https://git.kernel.org/linus/ca1a47cd3f5f4c46ca188b1c9a27af87d1ab2216 (6.19-rc7)
-CVE-2026-23099 [bonding: limit BOND_MODE_8023AD to Ethernet devices]
+CVE-2026-23099 (In the Linux kernel, the following vulnerability has been
resolved: b ...)
- linux 6.18.8-1
NOTE:
https://git.kernel.org/linus/c84fcb79e5dbde0b8d5aeeaf04282d2149aebcf6 (6.19-rc7)
-CVE-2026-23098 [netrom: fix double-free in nr_route_frame()]
+CVE-2026-23098 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.18.8-1
NOTE:
https://git.kernel.org/linus/ba1096c315283ee3292765f6aea4cca15816c4f7 (6.19-rc7)
-CVE-2026-23097 [migrate: correct lock ordering for hugetlb file folios]
+CVE-2026-23097 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
- linux 6.18.8-1
NOTE:
https://git.kernel.org/linus/b7880cb166ab62c2409046b2347261abf701530e (6.19-rc7)
-CVE-2026-23096 [uacce: fix cdev handling in the cleanup path]
+CVE-2026-23096 (In the Linux kernel, the following vulnerability has been
resolved: u ...)
- linux 6.18.8-1
NOTE:
https://git.kernel.org/linus/a3bece3678f6c88db1f44c602b2a63e84b4040ac (6.19-rc7)
-CVE-2026-23095 [gue: Fix skb memleak with inner IP protocol 0.]
+CVE-2026-23095 (In the Linux kernel, the following vulnerability has been
resolved: g ...)
- linux 6.18.8-1
NOTE:
https://git.kernel.org/linus/9a56796ad258786d3624eef5aefba394fc9bdded (6.19-rc7)
-CVE-2026-23094 [uacce: fix isolate sysfs check condition]
+CVE-2026-23094 (In the Linux kernel, the following vulnerability has been
resolved: u ...)
- linux 6.18.8-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/98eec349259b1fd876f350b1c600403bcef8f85d (6.19-rc7)
-CVE-2026-23093 [ksmbd: smbd: fix dma_unmap_sg() nents]
+CVE-2026-23093 (In the Linux kernel, the following vulnerability has been
resolved: k ...)
- linux 6.18.8-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/98e3e2b561bc88f4dd218d1c05890672874692f6 (6.19-rc7)
-CVE-2026-23091 [intel_th: fix device leak on output open()]
+CVE-2026-23091 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
- linux 6.18.8-1
NOTE:
https://git.kernel.org/linus/95fc36a234da24bbc5f476f8104a5a15f99ed3e3 (6.19-rc7)
-CVE-2026-23090 [slimbus: core: fix device reference leak on report present]
+CVE-2026-23090 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
- linux 6.18.8-1
NOTE:
https://git.kernel.org/linus/9391380eb91ea5ac792aae9273535c8da5b9aa01 (6.19-rc7)
-CVE-2026-23089 [ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free()]
+CVE-2026-23089 (In the Linux kernel, the following vulnerability has been
resolved: A ...)
- linux 6.18.8-1
NOTE:
https://git.kernel.org/linus/930e69757b74c3ae083b0c3c7419bfe7f0edc7b2 (6.19-rc7)
-CVE-2026-23088 [tracing: Fix crash on synthetic stacktrace field usage]
+CVE-2026-23088 (In the Linux kernel, the following vulnerability has been
resolved: t ...)
- linux 6.18.8-1
NOTE:
https://git.kernel.org/linus/90f9f5d64cae4e72defd96a2a22760173cb3c9ec (6.19-rc7)
-CVE-2026-23087 [scsi: xen: scsiback: Fix potential memory leak in
scsiback_remove()]
+CVE-2026-23087 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
- linux 6.18.8-1
NOTE:
https://git.kernel.org/linus/901a5f309daba412e2a30364d7ec1492fa11c32c (6.19-rc7)
-CVE-2026-23086 [vsock/virtio: cap TX credit to local buffer size]
+CVE-2026-23086 (In the Linux kernel, the following vulnerability has been
resolved: v ...)
- linux 6.18.8-1
NOTE:
https://git.kernel.org/linus/8ee784fdf006cbe8739cfa093f54d326cbf54037 (6.19-rc7)
-CVE-2026-23085 [irqchip/gic-v3-its: Avoid truncating memory addresses]
+CVE-2026-23085 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
- linux 6.18.8-1
NOTE:
https://git.kernel.org/linus/8d76a7d89c12d08382b66e2f21f20d0627d14859 (6.19-rc7)
-CVE-2026-23084 [be2net: Fix NULL pointer dereference in
be_cmd_get_mac_from_list]
+CVE-2026-23084 (In the Linux kernel, the following vulnerability has been
resolved: b ...)
- linux 6.18.8-1
NOTE:
https://git.kernel.org/linus/8215794403d264739cc676668087512950b2ff31 (6.19-rc7)
-CVE-2026-23083 [fou: Don't allow 0 for FOU_ATTR_IPPROTO.]
+CVE-2026-23083 (In the Linux kernel, the following vulnerability has been
resolved: f ...)
- linux 6.18.8-1
NOTE:
https://git.kernel.org/linus/7a9bc9e3f42391e4c187e099263cf7a1c4b69ff5 (6.19-rc7)
-CVE-2026-23080 [can: mcba_usb: mcba_usb_read_bulk_callback(): fix URB memory
leak]
+CVE-2026-23080 (In the Linux kernel, the following vulnerability has been
resolved: c ...)
- linux 6.18.8-1
NOTE:
https://git.kernel.org/linus/710a7529fb13c5a470258ff5508ed3c498d54729 (6.19-rc7)
-CVE-2026-23078 [ALSA: scarlett2: Fix buffer overflow in config retrieval]
+CVE-2026-23078 (In the Linux kernel, the following vulnerability has been
resolved: A ...)
- linux 6.18.8-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/6f5c69f72e50d51be3a8c028ae7eda42c82902cb (6.19-rc7)
-CVE-2026-23076 [ALSA: ctxfi: Fix potential OOB access in audio mixer handling]
+CVE-2026-23076 (In the Linux kernel, the following vulnerability has been
resolved: A ...)
- linux 6.18.8-1
NOTE:
https://git.kernel.org/linus/61006c540cbdedea83b05577dc7fb7fa18fe1276 (6.19-rc7)
-CVE-2026-23075 [can: esd_usb: esd_usb_read_bulk_callback(): fix URB memory
leak]
+CVE-2026-23075 (In the Linux kernel, the following vulnerability has been
resolved: c ...)
- linux 6.18.8-1
NOTE:
https://git.kernel.org/linus/5a4391bdc6c8357242f62f22069c865b792406b3 (6.19-rc7)
-CVE-2026-23074 [net/sched: Enforce that teql can only be used as root qdisc]
+CVE-2026-23074 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.18.8-1
NOTE:
https://git.kernel.org/linus/50da4b9d07a7a463e2cfb738f3ad4cff6b2c9c3b (6.19-rc7)
-CVE-2026-23073 [wifi: rsi: Fix memory corruption due to not set vif driver
data size]
+CVE-2026-23073 (In the Linux kernel, the following vulnerability has been
resolved: w ...)
- linux 6.18.8-1
NOTE:
https://git.kernel.org/linus/4f431d88ea8093afc7ba55edf4652978c5a68f33 (6.19-rc7)
-CVE-2026-23072 [l2tp: Fix memleak in l2tp_udp_encap_recv().]
+CVE-2026-23072 (In the Linux kernel, the following vulnerability has been
resolved: l ...)
- linux 6.18.8-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/4d10edfd1475b69dbd4c47f34b61a3772ece83ca (6.19-rc7)
-CVE-2026-23071 [regmap: Fix race condition in hwspinlock irqsave routine]
+CVE-2026-23071 (In the Linux kernel, the following vulnerability has been
resolved: r ...)
- linux 6.18.8-1
NOTE:
https://git.kernel.org/linus/4b58aac989c1e3fafb1c68a733811859df388250 (6.19-rc7)
-CVE-2026-23070 [Octeontx2-af: Add proper checks for fwdata]
+CVE-2026-23070 (In the Linux kernel, the following vulnerability has been
resolved: O ...)
- linux 6.18.8-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/4a3dba48188208e4f66822800e042686784d29d1 (6.19-rc7)
-CVE-2026-23069 [vsock/virtio: fix potential underflow in
virtio_transport_get_credit()]
+CVE-2026-23069 (In the Linux kernel, the following vulnerability has been
resolved: v ...)
- linux 6.18.8-1
NOTE:
https://git.kernel.org/linus/3ef3d52a1a9860d094395c7a3e593f3aa26ff012 (6.19-rc7)
-CVE-2026-23068 [spi: spi-sprd-adi: Fix double free in probe error path]
+CVE-2026-23068 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
- linux 6.18.8-1
NOTE:
https://git.kernel.org/linus/383d4f5cffcc8df930d95b06518a9d25a6d74aac (6.19-rc7)
-CVE-2026-23066 [rxrpc: Fix recvmsg() unconditional requeue]
+CVE-2026-23066 (In the Linux kernel, the following vulnerability has been
resolved: r ...)
- linux 6.18.8-1
NOTE:
https://git.kernel.org/linus/2c28769a51deb6022d7fbd499987e237a01dd63a (6.19-rc7)
-CVE-2026-23065 [platform/x86/amd: Fix memory leak in wbrf_record()]
+CVE-2026-23065 (In the Linux kernel, the following vulnerability has been
resolved: p ...)
- linux 6.18.8-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/2bf1877b7094c684e1d652cac6912cfbc507ad3e (6.19-rc7)
-CVE-2026-23064 [net/sched: act_ife: avoid possible NULL deref]
+CVE-2026-23064 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.18.8-1
NOTE:
https://git.kernel.org/linus/27880b0b0d35ad1c98863d09788254e36f874968 (6.19-rc7)
-CVE-2026-23063 [uacce: ensure safe queue release with state management]
+CVE-2026-23063 (In the Linux kernel, the following vulnerability has been
resolved: u ...)
- linux 6.18.8-1
NOTE:
https://git.kernel.org/linus/26c08dabe5475d99a13f353d8dd70e518de45663 (6.19-rc7)
-CVE-2026-23062 [platform/x86: hp-bioscfg: Fix kernel panic in GET_INSTANCE_ID
macro]
+CVE-2026-23062 (In the Linux kernel, the following vulnerability has been
resolved: p ...)
- linux 6.18.8-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/25150715e0b049b99df664daf05dab12f41c3e13 (6.19-rc7)
-CVE-2026-23061 [can: kvaser_usb: kvaser_usb_read_bulk_callback(): fix URB
memory leak]
+CVE-2026-23061 (In the Linux kernel, the following vulnerability has been
resolved: c ...)
- linux 6.18.8-1
NOTE:
https://git.kernel.org/linus/248e8e1a125fa875158df521b30f2cc7e27eeeaa (6.19-rc7)
-CVE-2026-23060 [crypto: authencesn - reject too-short AAD (assoclen<8) to
match ESP/ESN spec]
+CVE-2026-23060 (In the Linux kernel, the following vulnerability has been
resolved: c ...)
- linux 6.18.8-1
NOTE:
https://git.kernel.org/linus/2397e9264676be7794f8f7f1e9763d90bd3c7335 (6.19-rc7)
-CVE-2026-23059 [scsi: qla2xxx: Sanitize payload size to prevent member
overflow]
+CVE-2026-23059 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
- linux 6.18.8-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/19bc5f2a6962dfaa0e32d0e0bc2271993d85d414 (6.19-rc7)
-CVE-2026-23058 [can: ems_usb: ems_usb_read_bulk_callback(): fix URB memory
leak]
+CVE-2026-23058 (In the Linux kernel, the following vulnerability has been
resolved: c ...)
- linux 6.18.8-1
NOTE:
https://git.kernel.org/linus/0ce73a0eb5a27070957b67fd74059b6da89cc516 (6.19-rc7)
-CVE-2026-23057 [vsock/virtio: Coalesce only linear skb]
+CVE-2026-23057 (In the Linux kernel, the following vulnerability has been
resolved: v ...)
- linux 6.18.8-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/0386bd321d0f95d041a7b3d7b07643411b044a96 (6.19-rc7)
-CVE-2026-23056 [uacce: implement mremap in uacce_vm_ops to return -EPERM]
+CVE-2026-23056 (In the Linux kernel, the following vulnerability has been
resolved: u ...)
- linux 6.18.8-1
NOTE:
https://git.kernel.org/linus/02695347be532b628f22488300d40c4eba48b9b7 (6.19-rc7)
-CVE-2025-71199 [iio: adc: at91-sama5d2_adc: Fix potential use-after-free in
sama5d2_adc driver]
+CVE-2025-71199 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
- linux 6.18.8-1
NOTE:
https://git.kernel.org/linus/dbdb442218cd9d613adeab31a88ac973f22c4873 (6.19-rc7)
-CVE-2025-71198 [iio: imu: st_lsm6dsx: fix iio_chan_spec for sensors without
event detection]
+CVE-2025-71198 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
- linux 6.18.8-1
NOTE:
https://git.kernel.org/linus/c34e2e2d67b3bb8d5a6d09b0d6dac845cdd13fb3 (6.19-rc7)
-CVE-2025-71197 [w1: therm: Fix off-by-one buffer overflow in alarms_store]
+CVE-2025-71197 (In the Linux kernel, the following vulnerability has been
resolved: w ...)
- linux 6.18.8-1
NOTE:
https://git.kernel.org/linus/761fcf46a1bd797bd32d23f3ea0141ffd437668a (6.19-rc7)
-CVE-2026-23052 [ftrace: Do not over-allocate ftrace memory]
+CVE-2026-23052 (In the Linux kernel, the following vulnerability has been
resolved: f ...)
- linux 6.18.8-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/be55257fab181b93af38f8c4b1b3cb453a78d742 (6.19-rc6)
-CVE-2026-23051 [drm/amdgpu: fix drm panic null pointer when driver not support
atomic]
+CVE-2026-23051 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 6.18.8-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/9cb6278b44c38899961b36d303d7b18b38be2a6e (6.19-rc6)
-CVE-2026-23055 [i2c: riic: Move suspend handling to NOIRQ phase]
+CVE-2026-23055 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
- linux 6.18.8-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/e383f0961422f983451ac4dd6aed1a3d3311f2be (6.19-rc6)
-CVE-2026-23054 [net: hv_netvsc: reject RSS hash key programming without RX
indirection table]
+CVE-2026-23054 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.18.8-1
NOTE:
https://git.kernel.org/linus/d23564955811da493f34412d7de60fa268c8cb50 (6.19-rc6)
-CVE-2026-23053 [NFS: Fix a deadlock involving nfs_release_folio()]
+CVE-2026-23053 (In the Linux kernel, the following vulnerability has been
resolved: N ...)
- linux 6.18.8-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/cce0be6eb4971456b703aaeafd571650d314bcca (6.19-rc6)
-CVE-2026-23050 [pNFS: Fix a deadlock when returning a delegation during open()]
+CVE-2026-23050 (In the Linux kernel, the following vulnerability has been
resolved: p ...)
- linux 6.18.8-1
NOTE:
https://git.kernel.org/linus/857bf9056291a16785ae3be1d291026b2437fc48 (6.19-rc6)
-CVE-2026-23049 [drm/panel-simple: fix connector type for DataImage
SCF0700C48GGU18 panel]
+CVE-2026-23049 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 6.18.8-1
NOTE:
https://git.kernel.org/linus/6ab3d4353bf75005eaa375677c9fed31148154d6 (6.19-rc6)
-CVE-2025-71196 [phy: stm32-usphyc: Fix off by one in probe()]
+CVE-2025-71196 (In the Linux kernel, the following vulnerability has been
resolved: p ...)
- linux 6.18.8-1
NOTE:
https://git.kernel.org/linus/cabd25b57216ddc132efbcc31f972baa03aad15a (6.19-rc6)
-CVE-2025-71195 [dmaengine: xilinx: xdma: Fix regmap max_register]
+CVE-2025-71195 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 6.18.8-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/c7d436a6c1a274c1ac28d5fb3b8eb8f03b6d0e10 (6.19-rc6)
-CVE-2025-71194 [btrfs: fix deadlock in wait_current_trans() due to ignored
transaction type]
+CVE-2025-71194 (In the Linux kernel, the following vulnerability has been
resolved: b ...)
- linux 6.18.8-1
NOTE:
https://git.kernel.org/linus/5037b342825df7094a4906d1e2a9674baab50cb2 (6.19-rc5)
-CVE-2025-71193 [phy: qcom-qusb2: Fix NULL pointer dereference on early suspend]
+CVE-2025-71193 (In the Linux kernel, the following vulnerability has been
resolved: p ...)
- linux 6.18.8-1
NOTE:
https://git.kernel.org/linus/1ca52c0983c34fca506921791202ed5bdafd5306 (6.19-rc6)
-CVE-2026-23048 [udp: call skb_orphan() before skb_attempt_defer_free()]
+CVE-2026-23048 (In the Linux kernel, the following vulnerability has been
resolved: u ...)
- linux 6.18.8-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/e5c8eda39a9fc1547d1398d707aa06c1d080abdd (6.19-rc5)
-CVE-2026-23046 [virtio_net: fix device mismatch in devm_kzalloc/devm_kfree]
+CVE-2026-23046 (In the Linux kernel, the following vulnerability has been
resolved: v ...)
- linux 6.18.8-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/acb4bc6e1ba34ae1a34a9334a1ce8474c909466e (6.19-rc5)
-CVE-2026-23045 [net/ena: fix missing lock when update devlink params]
+CVE-2026-23045 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.18.8-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/8da901ffe497a53fa4ecc3ceed0e6d771586f88e (6.19-rc5)
-CVE-2026-23044 [PM: hibernate: Fix crash when freeing invalid crypto
compressor]
+CVE-2026-23044 (In the Linux kernel, the following vulnerability has been
resolved: P ...)
- linux 6.18.8-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/7966cf0ebe32c981bfa3db252cb5fc3bb1bf2e77 (6.19-rc5)
-CVE-2026-23043 [btrfs: fix NULL pointer dereference in do_abort_log_replay()]
+CVE-2026-23043 (In the Linux kernel, the following vulnerability has been
resolved: b ...)
- linux 6.18.8-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/530e3d4af566ca44807d79359b90794dea24c4f3 (6.19-rc5)
-CVE-2026-23042 [idpf: fix aux device unplugging when rdma is not supported by
vport]
+CVE-2026-23042 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
- linux 6.18.8-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/4648fb2f2e7210c53b85220ee07d42d1e4bae3f9 (6.19-rc5)
-CVE-2026-23041 [bnxt_en: Fix NULL pointer crash in bnxt_ptp_enable during
error cleanup]
+CVE-2026-23041 (In the Linux kernel, the following vulnerability has been
resolved: b ...)
- linux 6.18.8-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/3358995b1a7f9dcb52a56ec8251570d71024dad0 (6.19-rc5)
-CVE-2026-23040 [wifi: mac80211_hwsim: fix typo in frequency notification]
+CVE-2026-23040 (In the Linux kernel, the following vulnerability has been
resolved: w ...)
- linux 6.18.8-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/333418872bfecf4843f1ded7a4151685dfcf07d5 (6.19-rc5)
-CVE-2026-23047 [libceph: make calc_target() set t->paused, not just clear it]
+CVE-2026-23047 (In the Linux kernel, the following vulnerability has been
resolved: l ...)
- linux 6.18.8-1
NOTE:
https://git.kernel.org/linus/c0fe2994f9a9d0a2ec9e42441ea5ba74b6a16176 (6.19-rc5)
-CVE-2025-71192 [ALSA: ac97: fix a double free in
snd_ac97_controller_register()]
+CVE-2025-71192 (In the Linux kernel, the following vulnerability has been
resolved: A ...)
- linux 6.18.8-1
NOTE:
https://git.kernel.org/linus/830988b6cf197e6dcffdfe2008c5738e6c6c3c0f (6.19-rc5)
CVE-2025-12805
@@ -685,7 +839,7 @@ CVE-2026-21862 (RustFS is a distributed object storage
system built in Rust. Pri
NOT-FOR-US: RustFS
CVE-2026-1846
REJECTED
-CVE-2026-1814 (Rapid7 Nexpose versions 6.4.50 and later are vulnerable to an
insuffic ...)
+CVE-2026-1814 (A security vulnerability has been identified in Rapid7 Nexpose.
Remedi ...)
NOT-FOR-US: Rapid7 Nexpose
CVE-2026-1803 (A weakness has been identified in Ziroom ZHOME A0101 1.0.1.0.
Impacted ...)
NOT-FOR-US: Ziroom ZHOME A0101
@@ -809,7 +963,7 @@ CVE-2025-59487 (Heap-based Buffer Overflow vulnerability in
TP-Link Archer AX53
NOT-FOR-US: TP-Link
CVE-2025-59482 (Heap-based Buffer Overflow vulnerability in TP-Link Archer
AX53 v1.0 ( ...)
NOT-FOR-US: TP-Link
-CVE-2025-59439 (An issue was discovered in Samsung Modem Exynos through
2025-08-29. In ...)
+CVE-2025-59439 (An issue was discovered in Samsung Mobile Processor, Wearable
Processo ...)
NOT-FOR-US: Samsung
CVE-2025-58455 (Heap-based Buffer Overflow vulnerability in TP-Link Archer
AX53 v1.0 ( ...)
NOT-FOR-US: TP-Link
@@ -1592,9 +1746,9 @@ CVE-2025-36442 (IBM Db2 for Linux, UNIX and Windows
(includes Db2 Connect Server
NOT-FOR-US: IBM
CVE-2025-36428 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect
Server) 11.5 ...)
NOT-FOR-US: IBM
-CVE-2025-36427 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect
Server) 11.5 ...)
+CVE-2025-36427 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect
Server) coul ...)
NOT-FOR-US: IBM
-CVE-2025-36424 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect
Server) 11.5 ...)
+CVE-2025-36424 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect
Server) coul ...)
NOT-FOR-US: IBM
CVE-2025-36423 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect
Server) 12.1 ...)
NOT-FOR-US: IBM
@@ -1618,7 +1772,7 @@ CVE-2025-36098 (IBM Db2 for Linux, UNIX and Windows
(includes Db2 Connect Server
NOT-FOR-US: IBM
CVE-2025-36070 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect
Server)11.5. ...)
NOT-FOR-US: IBM
-CVE-2025-36009 (IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect
Server) 11.5 ...)
+CVE-2025-36009 (IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect
Server) coul ...)
NOT-FOR-US: IBM
CVE-2025-36001 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect
Server) 11.5 ...)
NOT-FOR-US: IBM
@@ -3774,7 +3928,8 @@ CVE-2026-24604 (Missing Authorization vulnerability in
themebeez Simple GDPR Coo
NOT-FOR-US: WordPress plugin or theme
CVE-2026-24603 (Missing Authorization vulnerability in themebeez Universal
Google Adse ...)
NOT-FOR-US: WordPress plugin or theme
-CVE-2026-24602 (Missing Authorization vulnerability in Raptive Raptive Ads
adthrive-ad ...)
+CVE-2026-24602
+ REJECTED
NOT-FOR-US: WordPress plugin or theme
CVE-2026-24601 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
@@ -133778,7 +133933,7 @@ CVE-2024-45627 (In Apache Linkis <1.7.0, due to the
lack of effective filtering
NOT-FOR-US: Apache Linkis
CVE-2024-45385 (A vulnerability has been identified in Industrial Edge
Management OS ( ...)
NOT-FOR-US: Siemens
-CVE-2024-45326 (AnImproper Access Control vulnerability [CWE-284] in
FortiDeceptor ver ...)
+CVE-2024-45326 (AnImproper Access Control vulnerability [CWE-284]
vulnerability in For ...)
NOT-FOR-US: Fortinet
CVE-2024-42444 (APTIOV contains a vulnerability in BIOS where an attacker may
cause a ...)
NOT-FOR-US: AMI
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/81c3853db3a93948de3a61715a2dae3ccb693bbd
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/81c3853db3a93948de3a61715a2dae3ccb693bbd
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
