Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ae866f45 by security tracker role at 2026-02-18T20:13:33+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,88 +1,298 @@
-CVE-2026-23230 [smb: client: split cached_fid bitfields to avoid shared-byte
RMW races]
+CVE-2026-2663 (A security vulnerability has been detected in Alixhan
xh-admin-backend ...)
+ TODO: check
+CVE-2026-2662 (A weakness has been identified in FascinatedBox lily up to 2.3.
This v ...)
+ TODO: check
+CVE-2026-2661 (A security flaw has been discovered in Squirrel up to 3.2. This
affect ...)
+ TODO: check
+CVE-2026-2660 (A vulnerability was identified in FascinatedBox lily up to 2.3.
Affect ...)
+ TODO: check
+CVE-2026-2659 (A vulnerability was determined in Squirrel up to 3.2. Affected
by this ...)
+ TODO: check
+CVE-2026-2658 (A vulnerability was found in newbee-ltd newbee-mall up to
a069069b0702 ...)
+ TODO: check
+CVE-2026-2657 (A vulnerability has been found in wren-lang wren up to 0.4.0.
This imp ...)
+ TODO: check
+CVE-2026-2656 (A flaw has been found in ChaiScript up to 6.1.0. This affects
the func ...)
+ TODO: check
+CVE-2026-2655 (A vulnerability was detected in ChaiScript up to 6.1.0. The
impacted e ...)
+ TODO: check
+CVE-2026-2654 (A weakness has been identified in huggingface smolagents
1.24.0. Impac ...)
+ TODO: check
+CVE-2026-2653 (A security flaw has been discovered in admesh up to 0.98.5.
This issue ...)
+ TODO: check
+CVE-2026-2507 (When BIG-IP AFM or BIG-IP DDoS is provisioned, undisclosed
traffic can ...)
+ TODO: check
+CVE-2026-2495 (The WPNakama \u2013 Team and multi-Client Collaboration,
Editorial and ...)
+ TODO: check
+CVE-2026-2464 (Path traversal vulnerability in the AMR Printer Management 1.01
Beta w ...)
+ TODO: check
+CVE-2026-2426 (The WP-DownloadManager plugin for WordPress is vulnerable to
Path Trav ...)
+ TODO: check
+CVE-2026-2386 (The The Plus Addons for Elementor \u2013 Addons for Elementor,
Page Te ...)
+ TODO: check
+CVE-2026-2329 (An unauthenticated stack-based buffer overflow vulnerability
exists in ...)
+ TODO: check
+CVE-2026-2230 (The Booking Calendar plugin for WordPress is vulnerable to
Insecure Di ...)
+ TODO: check
+CVE-2026-2127 (The SiteOrigin Widgets Bundle plugin for WordPress is
vulnerable to un ...)
+ TODO: check
+CVE-2026-2126 (The User Submitted Posts \u2013 Enable Users to Submit Posts
from the ...)
+ TODO: check
+CVE-2026-27100 (Jenkins 2.550 and earlier, LTS 2.541.1 and earlier accepts Run
Paramet ...)
+ TODO: check
+CVE-2026-27099 (Jenkins 2.483 through 2.550 (both inclusive), LTS 2.492.1
through 2.54 ...)
+ TODO: check
+CVE-2026-25500 (Rack is a modular Ruby web server interface. Prior to versions
2.2.22, ...)
+ TODO: check
+CVE-2026-23491 (InvoicePlane is a self-hosted open source application for
managing inv ...)
+ TODO: check
+CVE-2026-22860 (Rack is a modular Ruby web server interface. Prior to versions
2.2.22, ...)
+ TODO: check
+CVE-2026-20144 (In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7,
9.3.8, and ...)
+ TODO: check
+CVE-2026-20142 (In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7,
9.3.9, and ...)
+ TODO: check
+CVE-2026-20141 (In Splunk Enterprise versions below 10.0.2, 10.0.3, 9.4.8, and
9.3.9, ...)
+ TODO: check
+CVE-2026-20139 (In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.8,
9.3.9, and ...)
+ TODO: check
+CVE-2026-20138 (In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7,
9.3.9, and ...)
+ TODO: check
+CVE-2026-20137 (In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.5,
9.3.7, and ...)
+ TODO: check
+CVE-2026-1942 (The Blog2Social: Social Media Auto Post & Scheduler plugin for
WordPre ...)
+ TODO: check
+CVE-2026-1941 (The WP Event Aggregator plugin for WordPress is vulnerable to
Stored C ...)
+ TODO: check
+CVE-2026-1656 (The Business Directory Plugin for WordPress is vulnerable to
authoriza ...)
+ TODO: check
+CVE-2026-1649 (The Community Events plugin for WordPress is vulnerable to
Stored Cros ...)
+ TODO: check
+CVE-2026-1582 (The WP All Export plugin for WordPress is vulnerable to
Sensitive Info ...)
+ TODO: check
+CVE-2026-1441 (Reflected Cross-Site Scripting (XSS) vulnerability in the
Graylog Web ...)
+ TODO: check
+CVE-2026-1440 (Reflected Cross-Site Scripting (XSS) vulnerability in the
Graylog Web ...)
+ TODO: check
+CVE-2026-1439 (Reflected Cross-Site Scripting (XSS) vulnerability in the
Graylog Web ...)
+ TODO: check
+CVE-2026-1438 (Reflected Cross-Site Scripting (XSS) vulnerability in the
Graylog Web ...)
+ TODO: check
+CVE-2026-1437 (Reflected Cross-Site Scripting (XSS) vulnerability in the
Graylog Web ...)
+ TODO: check
+CVE-2026-1436 (Improper Access Control (IDOR) in the Graylog API, version
2.2.3, whic ...)
+ TODO: check
+CVE-2026-1435 (Not properly invalidated session vulnerability in Graylog Web
Interfac ...)
+ TODO: check
+CVE-2026-1426 (The Advanced AJAX Product Filters plugin for WordPress is
vulnerable t ...)
+ TODO: check
+CVE-2026-1404 (The Ultimate Member \u2013 User Profile, Registration, Login,
Member D ...)
+ TODO: check
+CVE-2026-1317 (The WP Import \u2013 Ultimate CSV XML Importer for WordPress
plugin fo ...)
+ TODO: check
+CVE-2026-0875 (A maliciously crafted MODEL file, when parsed through certain
Autodesk ...)
+ TODO: check
+CVE-2026-0874 (A maliciously crafted CATPART file, when parsed through certain
Autode ...)
+ TODO: check
+CVE-2025-8781 (The Bookster \u2013 WordPress Appointment Booking Plugin plugin
for Wo ...)
+ TODO: check
+CVE-2025-8308 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2025-7630 (Improper Restriction of Excessive Authentication Attempts,
Improper Au ...)
+ TODO: check
+CVE-2025-70998 (UTT HiPER 810 / nv810v4 router firmware v1.5.0-140603 was
discovered t ...)
+ TODO: check
+CVE-2025-70152 (code-projects Community Project Scholars Tracking System 1.0
is vulner ...)
+ TODO: check
+CVE-2025-70151 (code-projects Scholars Tracking System 1.0 allows an
authenticated att ...)
+ TODO: check
+CVE-2025-70150 (CodeAstro Membership Management System 1.0 contains a missing
authenti ...)
+ TODO: check
+CVE-2025-70149 (CodeAstro Membership Management System 1.0 is vulnerable to
SQL Inject ...)
+ TODO: check
+CVE-2025-70148 (Missing authentication and authorization in
print_membership_card.php ...)
+ TODO: check
+CVE-2025-70147 (Missing authentication in /admin/student.php and
/admin/teacher.php in ...)
+ TODO: check
+CVE-2025-70146 (Missing authentication in multiple administrative action
scripts under ...)
+ TODO: check
+CVE-2025-70141 (SourceCodester Customer Support System 1.0 contains an
incorrect acces ...)
+ TODO: check
+CVE-2025-70064 (PHPGurukul Hospital Management System v4.0 contains a
Privilege Escala ...)
+ TODO: check
+CVE-2025-70063 (The 'Medical History' module in PHPGurukul Hospital Management
System ...)
+ TODO: check
+CVE-2025-70062 (PHPGurukul Hospital Management System v4.0 contains a
Cross-Site Reque ...)
+ TODO: check
+CVE-2025-69287 (The BSV Blockchain SDK is a unified TypeScript SDK for
developing scal ...)
+ TODO: check
+CVE-2025-65791 (ZoneMinder v1.36.34 is vulnerable to Command Injection in
web/views/im ...)
+ TODO: check
+CVE-2025-65519 (mayswind ezbookkeeping versions 1.2.0 and earlier contain a
critical v ...)
+ TODO: check
+CVE-2025-61982 (An arbitrary code execution vulnerability exists in the Code
Stream di ...)
+ TODO: check
+CVE-2025-60038 (A vulnerabilityhas been identified in Rexroth IndraWorks. This
flaw al ...)
+ TODO: check
+CVE-2025-60037 (A vulnerabilityhas been identified in Rexroth IndraWorks. This
flaw al ...)
+ TODO: check
+CVE-2025-60036 (A vulnerability has been identified in the UA.Testclient
utility, whic ...)
+ TODO: check
+CVE-2025-60035 (A vulnerabilityhas been identified in the OPC.Testclient
utility, whic ...)
+ TODO: check
+CVE-2025-59920 (When hours are entered in time@work, version 7.0.5, it
performs a quer ...)
+ TODO: check
+CVE-2025-33253 (NVIDIA NeMo Framework contains a vulnerability where an
attacker could ...)
+ TODO: check
+CVE-2025-33252 (NVIDIA NeMo Framework contains a vulnerability where an
attacker could ...)
+ TODO: check
+CVE-2025-33251 (NVIDIA NeMo Framework contains a vulnerability where an
attacker could ...)
+ TODO: check
+CVE-2025-33250 (NVIDIA NeMo Framework contains a vulnerability where an
attacker could ...)
+ TODO: check
+CVE-2025-33249 (NVIDIA NeMo Framework for all platforms contains a
vulnerability in a ...)
+ TODO: check
+CVE-2025-33246 (NVIDIA NeMo Framework for all platforms contains a
vulnerability in th ...)
+ TODO: check
+CVE-2025-33245 (NVIDIA NeMo Framework contains a vulnerability where malicious
data co ...)
+ TODO: check
+CVE-2025-33243 (NVIDIA NeMo Framework contains a vulnerability where an
attacker could ...)
+ TODO: check
+CVE-2025-33241 (NVIDIA NeMo Framework contains a vulnerability where an
attacker could ...)
+ TODO: check
+CVE-2025-33240 (NVIDIA Megatron Bridge contains a vulnerability in a data
shuffling tu ...)
+ TODO: check
+CVE-2025-33239 (NVIDIA Megatron Bridge contains a vulnerability in a data
merging tuto ...)
+ TODO: check
+CVE-2025-33236 (NVIDIA NeMo Framework contains a vulnerability where malicious
data cr ...)
+ TODO: check
+CVE-2025-15579 (Deserialization of Untrusted Data vulnerability in
OpenText\u2122 Dire ...)
+ TODO: check
+CVE-2025-14799 (The Brevo - Email, SMS, Web Push, Chat, and more. plugin for
WordPress ...)
+ TODO: check
+CVE-2025-14444 (The RegistrationMagic \u2013 Custom Registration Forms, User
Registrat ...)
+ TODO: check
+CVE-2025-14340 (Cross-site scripting in REST Management Interface in Payara
Server <4. ...)
+ TODO: check
+CVE-2025-14009 (A critical vulnerability exists in the NLTK downloader
component of nl ...)
+ TODO: check
+CVE-2025-13965
+ REJECTED
+CVE-2025-13933
+ REJECTED
+CVE-2025-13727 (The Video Share VOD \u2013 Turnkey Video Site Builder Script
plugin fo ...)
+ TODO: check
+CVE-2025-13602
+ REJECTED
+CVE-2025-11185 (The Complianz \u2013 GDPR/CCPA Cookie Consent plugin for
WordPress is ...)
+ TODO: check
+CVE-2026-23230 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
+ {DSA-6141-1}
- linux 6.18.12-1
-CVE-2026-23229 [crypto: virtio - Add spinlock protection with virtqueue
notification]
+CVE-2026-23229 (In the Linux kernel, the following vulnerability has been
resolved: c ...)
+ {DSA-6141-1}
- linux 6.18.12-1
-CVE-2026-23228 [smb: server: fix leak of active_num_conn in
ksmbd_tcp_new_connection()]
+CVE-2026-23228 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
+ {DSA-6141-1}
- linux 6.18.12-1
-CVE-2026-23227 [drm/exynos: vidi: use ctx->lock to protect struct vidi_context
member variables related to memory alloc/free]
+CVE-2026-23227 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 6.18.12-1
-CVE-2026-23226 [ksmbd: add chann_lock to protect ksmbd_chann_list xarray]
+CVE-2026-23226 (In the Linux kernel, the following vulnerability has been
resolved: k ...)
- linux 6.18.12-1
-CVE-2026-23225 [sched/mmcid: Don't assume CID is CPU owned on mode switch]
+CVE-2026-23225 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
- linux <unfixed>
-CVE-2026-23224 [erofs: fix UAF issue for file-backed mounts w/ directio option]
+CVE-2026-23224 (In the Linux kernel, the following vulnerability has been
resolved: e ...)
+ {DSA-6141-1}
- linux 6.18.12-1
-CVE-2026-23223 [xfs: fix UAF in xchk_btree_check_block_owner]
+CVE-2026-23223 (In the Linux kernel, the following vulnerability has been
resolved: x ...)
+ {DSA-6141-1}
- linux 6.18.12-1
-CVE-2026-23222 [crypto: omap - Allocate OMAP_CRYPTO_FORCE_COPY scatterlists
correctly]
+CVE-2026-23222 (In the Linux kernel, the following vulnerability has been
resolved: c ...)
+ {DSA-6141-1}
- linux 6.18.12-1
-CVE-2026-23221 [bus: fsl-mc: fix use-after-free in driver_override_show()]
+CVE-2026-23221 (In the Linux kernel, the following vulnerability has been
resolved: b ...)
- linux 6.18.12-1
-CVE-2026-23220 [ksmbd: fix infinite loop caused by next_smb2_rcv_hdr_off reset
in error paths]
+CVE-2026-23220 (In the Linux kernel, the following vulnerability has been
resolved: k ...)
+ {DSA-6141-1}
- linux 6.18.12-1
-CVE-2025-71237 [nilfs2: Fix potential block overflow that cause system hang]
+CVE-2025-71237 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
+ {DSA-6141-1}
- linux 6.18.12-1
-CVE-2025-71236 [scsi: qla2xxx: Validate sp before freeing associated memory]
+CVE-2025-71236 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
+ {DSA-6141-1}
- linux 6.18.12-1
-CVE-2025-71235 [scsi: qla2xxx: Delay module unload while fabric scan in
progress]
+CVE-2025-71235 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
+ {DSA-6141-1}
- linux 6.18.12-1
-CVE-2025-71234 [wifi: rtl8xxxu: fix slab-out-of-bounds in rtl8xxxu_sta_add]
+CVE-2025-71234 (In the Linux kernel, the following vulnerability has been
resolved: w ...)
+ {DSA-6141-1}
- linux 6.18.12-1
-CVE-2025-71233 [PCI: endpoint: Avoid creating sub-groups asynchronously]
+CVE-2025-71233 (In the Linux kernel, the following vulnerability has been
resolved: P ...)
+ {DSA-6141-1}
- linux 6.18.12-1
-CVE-2025-71232 [scsi: qla2xxx: Free sp in error path to fix system crash]
+CVE-2025-71232 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
+ {DSA-6141-1}
- linux 6.18.12-1
-CVE-2025-71231 [crypto: iaa - Fix out-of-bounds index in
find_empty_iaa_compression_mode]
+CVE-2025-71231 (In the Linux kernel, the following vulnerability has been
resolved: c ...)
+ {DSA-6141-1}
- linux 6.18.12-1
-CVE-2025-71230 [hfs: ensure sb->s_fs_info is always cleaned up]
+CVE-2025-71230 (In the Linux kernel, the following vulnerability has been
resolved: h ...)
- linux 6.18.12-1
-CVE-2025-71229 [wifi: rtw88: Fix alignment fault in rtw_core_enable_beacon()]
+CVE-2025-71229 (In the Linux kernel, the following vulnerability has been
resolved: w ...)
+ {DSA-6141-1}
- linux 6.18.12-1
-CVE-2026-23219 [mm/slab: Add alloc_tagging_slab_free_hook for
memcg_alloc_abort_single]
+CVE-2026-23219 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
+ {DSA-6141-1}
- linux 6.18.10-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/e6c53ead2d8fa73206e0a63e9cd9aea6bc929837 (6.19)
-CVE-2026-23218 [gpio: loongson-64bit: Fix incorrect NULL check after
devm_kcalloc()]
+CVE-2026-23218 (In the Linux kernel, the following vulnerability has been
resolved: g ...)
- linux 6.18.10-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/e34f77b09080c86c929153e2a72da26b4f8947ff (6.19)
-CVE-2026-23217 [riscv: trace: fix snapshot deadlock with sbi ecall]
+CVE-2026-23217 (In the Linux kernel, the following vulnerability has been
resolved: r ...)
- linux 6.18.10-1
NOTE:
https://git.kernel.org/linus/b0d7f5f0c9f05f1b6d4ee7110f15bef9c11f9df0 (6.19-rc5)
-CVE-2026-23216 [scsi: target: iscsi: Fix use-after-free in
iscsit_dec_conn_usage_count()]
+CVE-2026-23216 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
+ {DSA-6141-1}
- linux 6.18.10-1
NOTE:
https://git.kernel.org/linus/9411a89e9e7135cc459178fa77a3f1d6191ae903 (6.19-rc7)
-CVE-2026-23215 [x86/vmware: Fix hypercall clobbers]
+CVE-2026-23215 (In the Linux kernel, the following vulnerability has been
resolved: x ...)
+ {DSA-6141-1}
- linux 6.18.10-1
NOTE:
https://git.kernel.org/linus/2687c848e57820651b9f69d30c4710f4219f7dbf (6.19)
-CVE-2026-23214 [btrfs: reject new transactions if the fs is fully read-only]
+CVE-2026-23214 (In the Linux kernel, the following vulnerability has been
resolved: b ...)
+ {DSA-6141-1}
- linux 6.18.10-1
NOTE:
https://git.kernel.org/linus/1972f44c189c8aacde308fa9284e474c1a5cbd9f (6.19-rc7)
-CVE-2026-23213 [drm/amd/pm: Disable MMIO access during SMU Mode 1 reset]
+CVE-2026-23213 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
+ {DSA-6141-1}
- linux 6.18.10-1
NOTE:
https://git.kernel.org/linus/0de604d0357d0d22cbf03af1077d174b641707b6 (6.19-rc5)
-CVE-2025-71228 [LoongArch: Set correct protection_map[] for VM_NONE/VM_SHARED]
+CVE-2025-71228 (In the Linux kernel, the following vulnerability has been
resolved: L ...)
+ {DSA-6141-1}
- linux 6.18.10-1
NOTE:
https://git.kernel.org/linus/d5be446948b379f1d1a8e7bc6656d13f44c5c7b1 (6.19-rc4)
-CVE-2025-71227 [wifi: mac80211: don't WARN for connections on invalid channels]
+CVE-2025-71227 (In the Linux kernel, the following vulnerability has been
resolved: w ...)
- linux 6.18.10-1
NOTE:
https://git.kernel.org/linus/99067b58a408a384d2a45c105eb3dce980a862ce (6.19-rc4)
-CVE-2025-71226 [wifi: iwlwifi: Implement settime64 as stub for MVM/MLD PTP]
+CVE-2025-71226 (In the Linux kernel, the following vulnerability has been
resolved: w ...)
- linux 6.18.10-1
NOTE:
https://git.kernel.org/linus/81d90d93d22ca4f61833cba921dce9a0bd82218f (6.19-rc4)
-CVE-2025-71225 [md: suspend array while updating raid_disks via sysfs]
+CVE-2025-71225 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
+ {DSA-6141-1}
- linux 6.18.10-1
NOTE:
https://git.kernel.org/linus/2cc583653bbe050bacd1cadcc9776d39bf449740 (6.19-rc4)
-CVE-2026-23211 [mm, swap: restore swap_space attr aviod kernel panic]
+CVE-2026-23211 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
- linux 6.18.9-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/a0f3c0845a4ff68d403c568266d17e9cc553e561 (6.19-rc8)
-CVE-2026-23212 [bonding: annotate data-races around slave->last_rx]
+CVE-2026-23212 (In the Linux kernel, the following vulnerability has been
resolved: b ...)
- linux 6.18.9-1
[trixie] - linux 6.12.69-1
[bookworm] - linux 6.1.162-1
@@ -410,7 +620,7 @@ CVE-2026-25087 (Use After Free vulnerability in Apache
Arrow C++. This issue af
- apache-arrow 23.0.1-1
NOTE: https://github.com/apache/arrow/pull/48925
NOTE: https://www.openwall.com/lists/oss-security/2026/02/17/4
-CVE-2026-24708
+CVE-2026-24708 (An issue was discovered in OpenStack Nova before 30.2.2, 31
before 31. ...)
- nova 2:32.1.0-7 (bug #1128294)
NOTE: https://www.openwall.com/lists/oss-security/2026/02/17/1
NOTE: https://review.opendev.org/977100
@@ -792,6 +1002,7 @@ CVE-2026-23210 (In the Linux kernel, the following
vulnerability has been resolv
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/fc6f36eaaedcf4b81af6fe1a568f018ffd530660 (6.19)
CVE-2026-23209 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
+ {DSA-6141-1}
- linux 6.18.10-1
NOTE:
https://git.kernel.org/linus/f8db6475a83649689c087a8f52486fcc53e627e9 (6.19)
CVE-2026-23208 (In the Linux kernel, the following vulnerability has been
resolved: A ...)
@@ -802,36 +1013,44 @@ CVE-2026-23207 (In the Linux kernel, the following
vulnerability has been resolv
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/edf9088b6e1d6d88982db7eb5e736a0e4fbcc09e (6.19)
CVE-2026-23206 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
+ {DSA-6141-1}
- linux 6.18.10-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/ed48a84a72fefb20a82dd90a7caa7807e90c6f66 (6.19)
CVE-2026-23205 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
+ {DSA-6141-1}
- linux 6.18.10-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/e3a43633023e3cacaca60d4b8972d084a2b06236 (6.19)
CVE-2026-23204 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
+ {DSA-6141-1}
- linux 6.18.10-1
NOTE:
https://git.kernel.org/linus/cabd1a976375780dabab888784e356f574bbaed8 (6.19)
CVE-2026-23202 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
+ {DSA-6141-1}
- linux 6.18.10-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/bf4528ab28e2bf112c3a2cdef44fd13f007781cd (6.19)
CVE-2026-23201 (In the Linux kernel, the following vulnerability has been
resolved: c ...)
+ {DSA-6141-1}
- linux 6.18.10-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/bc8dedae022ce3058659c3addef3ec4b41d15e00 (6.19)
CVE-2026-23200 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
+ {DSA-6141-1}
- linux 6.18.10-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/bbf4a17ad9ffc4e3d7ec13d73ecd59dea149ed25 (6.19)
CVE-2026-23199 (In the Linux kernel, the following vulnerability has been
resolved: p ...)
+ {DSA-6141-1}
- linux 6.18.10-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/b5cbacd7f86f4f62b8813688c8e73be94e8e1951 (6.19)
CVE-2026-23198 (In the Linux kernel, the following vulnerability has been
resolved: K ...)
+ {DSA-6141-1}
- linux 6.18.10-1
NOTE:
https://git.kernel.org/linus/b4d37cdb77a0015f51fee083598fa227cc07aaf1 (6.19)
CVE-2026-23196 (In the Linux kernel, the following vulnerability has been
resolved: H ...)
@@ -841,29 +1060,36 @@ CVE-2026-23196 (In the Linux kernel, the following
vulnerability has been resolv
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/a9a917998d172ec117f9e9de1919174153c0ace4 (6.19-rc5)
CVE-2026-23193 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
+ {DSA-6141-1}
- linux 6.18.10-1
NOTE:
https://git.kernel.org/linus/84dc6037390b8607c5551047d3970336cb51ba9a (6.19-rc7)
CVE-2026-23191 (In the Linux kernel, the following vulnerability has been
resolved: A ...)
+ {DSA-6141-1}
- linux 6.18.10-1
NOTE:
https://git.kernel.org/linus/826af7fa62e347464b1b4e0ba2fe19a92438084f (6.19)
CVE-2026-23190 (In the Linux kernel, the following vulnerability has been
resolved: A ...)
+ {DSA-6141-1}
- linux 6.18.10-1
NOTE:
https://git.kernel.org/linus/7f67ba5413f98d93116a756e7f17cd2c1d6c2bd6 (6.19)
CVE-2026-23189 (In the Linux kernel, the following vulnerability has been
resolved: c ...)
+ {DSA-6141-1}
- linux 6.18.10-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/7987cce375ac8ce98e170a77aa2399f2cf6eb99f (6.19)
CVE-2026-23188 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
+ {DSA-6141-1}
- linux 6.18.10-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/6d06bc83a5ae8777a5f7a81c32dd75b8d9b2fe04 (6.19)
CVE-2026-23187 (In the Linux kernel, the following vulnerability has been
resolved: p ...)
+ {DSA-6141-1}
- linux 6.18.10-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/6bd8b4a92a901fae1a422e6f914801063c345e8d (6.19)
CVE-2026-23182 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
+ {DSA-6141-1}
- linux 6.18.10-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/41d9a6795b95d6ea28439ac1e9ce8c95bbca20fc (6.19)
@@ -874,50 +1100,61 @@ CVE-2026-23181 (In the Linux kernel, the following
vulnerability has been resolv
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/3f29d661e5686f3aa14e6f11537ff5c49846f2e2 (6.19-rc7)
CVE-2026-23180 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
+ {DSA-6141-1}
- linux 6.18.10-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/31a7a0bbeb006bac2d9c81a2874825025214b6d8 (6.19)
CVE-2026-23179 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
+ {DSA-6141-1}
- linux 6.18.10-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/2fa8961d3a6a1c2395d8d560ffed2c782681bade (6.19-rc6)
CVE-2026-23178 (In the Linux kernel, the following vulnerability has been
resolved: H ...)
+ {DSA-6141-1}
- linux 6.18.10-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/2497ff38c530b1af0df5130ca9f5ab22c5e92f29 (6.19-rc5)
CVE-2026-23177 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
+ {DSA-6141-1}
- linux 6.18.10-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/2030dddf95451b4e7a389f052091e7c4b7b274c6 (6.19)
CVE-2026-23176 (In the Linux kernel, the following vulnerability has been
resolved: p ...)
+ {DSA-6141-1}
- linux 6.18.10-1
NOTE:
https://git.kernel.org/linus/128497456756e1b952bd5a912cd073836465109d (6.19)
CVE-2025-71224 (In the Linux kernel, the following vulnerability has been
resolved: w ...)
+ {DSA-6141-1}
- linux 6.18.10-1
NOTE:
https://git.kernel.org/linus/ff4071c60018a668249dc6a2df7d16330543540e (6.19-rc4)
CVE-2025-71223 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
+ {DSA-6141-1}
- linux 6.18.10-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/f416c556997aa56ec4384c6b6efd6a0e6ac70aa7 (6.19-rc4)
CVE-2025-71222 (In the Linux kernel, the following vulnerability has been
resolved: w ...)
+ {DSA-6141-1}
- linux 6.18.10-1
NOTE:
https://git.kernel.org/linus/e75665dd096819b1184087ba5718bd93beafff51 (6.19-rc4)
CVE-2025-71221 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 6.18.10-1
NOTE:
https://git.kernel.org/linus/a143545855bc2c6e1330f6f57ae375ac44af00a7 (6.19-rc6)
CVE-2025-71220 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
+ {DSA-6141-1}
- linux 6.18.10-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/7c28f8eef5ac5312794d8a52918076dcd787e53b (6.19-rc4)
CVE-2025-71204 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
+ {DSA-6141-1}
- linux 6.18.10-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/3296c3012a9d9a27e81e34910384e55a6ff3cff0 (6.19-rc4)
CVE-2025-71203 (In the Linux kernel, the following vulnerability has been
resolved: r ...)
+ {DSA-6141-1}
- linux 6.18.10-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -1065,6 +1302,7 @@ CVE-2026-23171 (In the Linux kernel, the following
vulnerability has been resolv
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/e9acda52fd2ee0cdca332f996da7a95c5fd25294 (6.19-rc8)
CVE-2026-23169 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
+ {DSA-6141-1}
- linux 6.18.9-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/e2a9eeb69f7d4ca4cf4c70463af77664fdb6ab1d (6.19-rc8)
@@ -1623,9 +1861,11 @@ CVE-2026-2441 (Use after free in CSS in Google Chrome
prior to 145.0.7632.75 all
- chromium 145.0.7632.75-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-23112 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
+ {DSA-6141-1}
- linux 6.18.10-1
NOTE:
https://git.kernel.org/linus/52a0a98549344ca20ad81a4176d68d28e3c05a5c (6.19)
CVE-2026-23111 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
+ {DSA-6141-1}
- linux 6.18.10-1
NOTE:
https://git.kernel.org/linus/f41c5d151078c5348271ffaf8e7410d96f2d82f8 (6.19)
CVE-2026-26257
@@ -2774,10 +3014,12 @@ CVE-2025-12699 (The ZOLL ePCR IOS application reflects
unsanitized user input in
CVE-2025-10912 (Authorization Bypass Through User-Controlled Key vulnerability
in Saas ...)
NOT-FOR-US: TemizlikYolda
CVE-2026-2272 [ICO import integer overflow bypass leads to heap buffer
overflow]
+ {DSA-6139-1 DLA-4483-1}
- gimp 3.2.0~RC2-3.2 (bug #1127842)
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/15617
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/gimp/-/commit/058ada8f3ffc0a42b7dd1561a8817c8cc83b7d2a
CVE-2026-2271 [GIMP PSP File Parsing Integer Overflow Leading to Heap
Corruption]
+ {DSA-6139-1 DLA-4483-1}
- gimp 3.2.0~RC2-3.2 (bug #1127841)
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/15732
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/gimp/-/commit/d9d0f5b4e642dd5b101e70728042027d568bb01d
@@ -3506,6 +3748,7 @@ CVE-2025-11547 (AXIS Camera Station Pro contained a flaw
toperform a privilege e
CVE-2025-11142 (The VAPIX API mediaclip.cgi that did not have a sufficient
input valid ...)
NOT-FOR-US: Axis Communication
CVE-2026-2239 [PSD loader: heap-buffer-overflow in fread_pascal_string() (no
null terminator)]
+ {DSA-6139-1 DLA-4483-1}
- gimp 3.2.0~RC2-3.2 (bug #1127838)
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/15812
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/gimp/-/commit/8cf2772f5631719ae0e4e701bd7ef793b1f59cfa
(master)
@@ -3628,6 +3871,7 @@ CVE-2026-1584
NOTE: Introduced with:
https://gitlab.com/gnutls/gnutls/-/commit/33034a91c2c1f38bad19e747d3021885d54bfb44
(3.8.11)
NOTE: Fixed by:
https://gitlab.com/gnutls/gnutls/-/commit/acf67a4a68bc6d9ab7b882469c67f6cf28db56a0
(3.8.12)
CVE-2025-14831 (A flaw was found in GnuTLS. This vulnerability allows a denial
of serv ...)
+ {DSA-6140-1}
- gnutls28 3.8.12-1
NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1773
NOTE: Prequisite:
https://gitlab.com/gnutls/gnutls/-/commit/0b2377dfccd99be641bf3f1a0de9f0dc8dc0d4b1
(3.8.12)
@@ -9734,7 +9978,7 @@ CVE-2025-15062 (Trimble SketchUp SKP File Parsing
Use-After-Free Remote Code Exe
CVE-2025-15061 (Framelink Figma MCP Server fetchWithRetry Command Injection
Remote Cod ...)
NOT-FOR-US: Framelink Figma MCP Server
CVE-2025-15059 (GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code
Execution ...)
- {DSA-6115-1}
+ {DSA-6115-1 DLA-4483-1}
- gimp 3.2.0~RC2-3.1 (bug #1126267)
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-25-1196/
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/15284
@@ -14400,6 +14644,7 @@ CVE-2025-68779 (In the Linux kernel, the following
vulnerability has been resolv
- linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/35e93736f69963337912594eb3951ab320b77521 (6.19-rc2)
CVE-2025-68823 (In the Linux kernel, the following vulnerability has been
resolved: u ...)
+ {DSA-6141-1}
- linux 6.18.3-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/c258f5c4502c9667bccf5d76fa731ab9c96687c1 (6.19-rc2)
@@ -18873,9 +19118,9 @@ CVE-2025-67709 (There is a stored cross site scripting
issue in Esri ArcGIS Serv
NOT-FOR-US: Esri
CVE-2025-67708 (There is a stored cross site scripting issue in Esri ArcGIS
Server 11. ...)
NOT-FOR-US: Esri
-CVE-2025-67707 (ArcGIS Server version 11.5 and earlier on Windows and Linux
does not p ...)
+CVE-2025-67707 (ArcGIS Server versions 11.5 and earlier on Windows and Linux
do not su ...)
NOT-FOR-US: Esri
-CVE-2025-67706 (ArcGIS Server version 11.5 and earlier on Windows and Linux
does not p ...)
+CVE-2025-67706 (ArcGIS Server versions 11.5 and earlier on Windows and Linux
do not su ...)
NOT-FOR-US: Esri
CVE-2025-67705 (There is a stored cross site scripting issue in Esri ArcGIS
Server 11. ...)
NOT-FOR-US: Esri
@@ -19394,7 +19639,7 @@ CVE-2025-15269 (FontForge SFD File Parsing
Use-After-Free Remote Code Execution
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-25-1195/
CVE-2025-15223 (A vulnerability was found in Philipinho Simple-PHP-Blog up to
94b5d3e5 ...)
NOT-FOR-US: Philipinho Simple-PHP-Blog
-CVE-2025-15114 (Ksenia Security Lares 4.0 Home Automation version 1.6 contains
a criti ...)
+CVE-2025-15114 (Ksenia Security lares (legacy model) Home Automation version
1.6 conta ...)
NOT-FOR-US: Ksenia Security Lares
CVE-2025-15113 (Ksenia Security Lares 4.0 Home Automation version 1.6 contains
an unpr ...)
NOT-FOR-US: Ksenia Security Lares
@@ -43096,6 +43341,7 @@ CVE-2025-12380 (Starting with Firefox 142, it was
possible for a compromised chi
CVE-2025-12103 (A flaw was found in Red Hat Openshift AI Service. The TrustyAI
compone ...)
NOT-FOR-US: Red Hat Openshift AI Service
CVE-2025-40082 (In the Linux kernel, the following vulnerability has been
resolved: h ...)
+ {DSA-6141-1}
- linux 6.17.6-1
NOTE:
https://git.kernel.org/linus/bea3e1d4467bcf292c8e54f080353d556d355e26 (6.18-rc1)
CVE-2025-40081 (In the Linux kernel, the following vulnerability has been
resolved: p ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ae866f4519eccd2f1ede3bc3d1dd3aa53027be55
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ae866f4519eccd2f1ede3bc3d1dd3aa53027be55
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
