Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2a24d501 by security tracker role at 2026-04-02T19:13:05+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,34 +1,446 @@
+CVE-2026-5429 (Unsanitized input during web page generation in the Kiro Agent
webview ...)
+ TODO: check
+CVE-2026-5418 (A vulnerability was identified in appsmithorg appsmith up to
1.97. Imp ...)
+ TODO: check
+CVE-2026-5417 (A vulnerability was determined in Dataease SQLbot up to 1.6.0.
This is ...)
+ TODO: check
+CVE-2026-5414 (A security flaw has been discovered in Newgen OmniDocs up to
12.0.00. ...)
+ TODO: check
+CVE-2026-5413 (A vulnerability was identified in Newgen OmniDocs up to
12.0.00. Affec ...)
+ TODO: check
+CVE-2026-5370 (A vulnerability was identified in krayin laravel-crm up to 2.2.
Impact ...)
+ TODO: check
+CVE-2026-5368 (A vulnerability was determined in projectworlds Car Rental
Project 1.0 ...)
+ TODO: check
+CVE-2026-5360 (A vulnerability has been found in Free5GC 4.2.0. The affected
element ...)
+ TODO: check
+CVE-2026-5355 (A vulnerability has been found in Trendnet TEW-657BRM 1.00.1.
Affected ...)
+ TODO: check
+CVE-2026-5354 (A flaw has been found in Trendnet TEW-657BRM 1.00.1. Affected
by this ...)
+ TODO: check
+CVE-2026-5353 (A vulnerability was detected in Trendnet TEW-657BRM 1.00.1.
Affected i ...)
+ TODO: check
+CVE-2026-5352 (A security vulnerability has been detected in Trendnet
TEW-657BRM 1.00 ...)
+ TODO: check
+CVE-2026-5351 (A weakness has been identified in Trendnet TEW-657BRM 1.00.1.
This aff ...)
+ TODO: check
+CVE-2026-5350 (A security flaw has been discovered in Trendnet TEW-657BRM
1.00.1. The ...)
+ TODO: check
+CVE-2026-5349 (A vulnerability was identified in Trendnet TEW-657BRM 1.00.1.
The affe ...)
+ TODO: check
+CVE-2026-5346 (A vulnerability was determined in huimeicloud hm_editor up to
2.2.3. I ...)
+ TODO: check
+CVE-2026-5344 (A security vulnerability has been detected in Textpattern up to
4.9.1. ...)
+ TODO: check
+CVE-2026-5342 (A flaw has been found in LibRaw up to 0.22.0. This affects the
functio ...)
+ TODO: check
+CVE-2026-5339 (A vulnerability was detected in Tenda G103 1.0.0.5. The
impacted eleme ...)
+ TODO: check
+CVE-2026-5338 (A security vulnerability has been detected in Tenda G103
1.0.0.5. The ...)
+ TODO: check
+CVE-2026-5334 (A weakness has been identified in itsourcecode Online
Enrollment Syste ...)
+ TODO: check
+CVE-2026-5333 (A security flaw has been discovered in DefaultFuction
Content-Manageme ...)
+ TODO: check
+CVE-2026-5332 (A vulnerability was identified in Xiaopi Panel 1.0.0. This
vulnerabili ...)
+ TODO: check
+CVE-2026-5331 (A vulnerability was determined in OpenCart 4.1.0.3. This
affects an un ...)
+ TODO: check
+CVE-2026-5330 (A vulnerability was found in SourceCodester/mayuri_k Best
Courier Mana ...)
+ TODO: check
+CVE-2026-5328 (A weakness has been identified in shsuishang modulithshop up to
829bac ...)
+ TODO: check
+CVE-2026-5327 (A security flaw has been discovered in efforthye
fast-filesystem-mcp u ...)
+ TODO: check
+CVE-2026-5326 (A vulnerability was identified in SourceCodester Leave
Application Sys ...)
+ TODO: check
+CVE-2026-5246 (A vulnerability was determined in Cesanta Mongoose up to 7.20.
Affecte ...)
+ TODO: check
+CVE-2026-5245 (A vulnerability was found in Cesanta Mongoose up to 7.20. This
impacts ...)
+ TODO: check
+CVE-2026-5244 (A vulnerability has been found in Cesanta Mongoose up to 7.20.
This af ...)
+ TODO: check
+CVE-2026-5032 (The W3 Total Cache plugin for WordPress is vulnerable to
information e ...)
+ TODO: check
+CVE-2026-4636 (A flaw was found in Keycloak. An authenticated user with the
uma_prote ...)
+ TODO: check
+CVE-2026-4634 (A flaw was found in Keycloak. An unauthenticated attacker can
exploit ...)
+ TODO: check
+CVE-2026-4325 (A flaw was found in Keycloak. The SingleUseObjectProvider, a
global ke ...)
+ TODO: check
+CVE-2026-4282 (A flaw was found in Keycloak. The SingleUseObjectProvider, a
global ke ...)
+ TODO: check
+CVE-2026-3872 (A flaw was found in Keycloak. This issue allows an attacker,
who contr ...)
+ TODO: check
+CVE-2026-3692 (In Progress Flowmon versions prior to 12.5.8, a vulnerability
exists w ...)
+ TODO: check
+CVE-2026-35414 (OpenSSH before 10.3 mishandles the authorized_keys principals
option i ...)
+ TODO: check
+CVE-2026-35388 (OpenSSH before 10.3 omits connection multiplexing confirmation
for pro ...)
+ TODO: check
+CVE-2026-35387 (OpenSSH before 10.3 can use unintended ECDSA algorithms.
Listing of an ...)
+ TODO: check
+CVE-2026-35386 (In OpenSSH before 10.3, command execution can occur via shell
metachar ...)
+ TODO: check
+CVE-2026-35385 (In OpenSSH before 10.3, a file downloaded by scp may be
installed setu ...)
+ TODO: check
+CVE-2026-35168 (OpenSTAManager is an open source management software for
technical ass ...)
+ TODO: check
+CVE-2026-35038 (Signal K Server is a server application that runs on a central
hub in ...)
+ TODO: check
+CVE-2026-35002 (Agno versions prior to 2.3.24 contain an arbitrary code
execution vuln ...)
+ TODO: check
+CVE-2026-34974 (phpMyFAQ is an open source FAQ web application. Prior to
version 4.1.1 ...)
+ TODO: check
+CVE-2026-34973 (phpMyFAQ is an open source FAQ web application. Prior to
version 4.1.1 ...)
+ TODO: check
+CVE-2026-34890 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-34877 (An issue was discovered in Mbed TLS versions from 2.19.0 up to
3.6.5, ...)
+ TODO: check
+CVE-2026-34876 (An issue was discovered in Mbed TLS 3.x before 3.6.6. An
out-of-bounds ...)
+ TODO: check
+CVE-2026-34835 (Rack is a modular Ruby web server interface. From versions
3.0.0.beta1 ...)
+ TODO: check
+CVE-2026-34831 (Rack is a modular Ruby web server interface. Prior to versions
2.2.23, ...)
+ TODO: check
+CVE-2026-34830 (Rack is a modular Ruby web server interface. Prior to versions
2.2.23, ...)
+ TODO: check
+CVE-2026-34829 (Rack is a modular Ruby web server interface. Prior to versions
2.2.23, ...)
+ TODO: check
+CVE-2026-34828 (listmonk is a standalone, self-hosted, newsletter and mailing
list man ...)
+ TODO: check
+CVE-2026-34827 (Rack is a modular Ruby web server interface. From versions
3.0.0.beta1 ...)
+ TODO: check
+CVE-2026-34826 (Rack is a modular Ruby web server interface. Prior to versions
2.2.23, ...)
+ TODO: check
+CVE-2026-34823 (Endian Firewall version 3.3.25 and prior allow stored
cross-site scrip ...)
+ TODO: check
+CVE-2026-34822 (Endian Firewall version 3.3.25 and prior allow stored
cross-site scrip ...)
+ TODO: check
+CVE-2026-34821 (Endian Firewall version 3.3.25 and prior allow stored
cross-site scrip ...)
+ TODO: check
+CVE-2026-34820 (Endian Firewall version 3.3.25 and prior allow stored
cross-site scrip ...)
+ TODO: check
+CVE-2026-34819 (Endian Firewall version 3.3.25 and prior allow stored
cross-site scrip ...)
+ TODO: check
+CVE-2026-34818 (Endian Firewall version 3.3.25 and prior allow stored
cross-site scrip ...)
+ TODO: check
+CVE-2026-34817 (Endian Firewall version 3.3.25 and prior allow stored
cross-site scrip ...)
+ TODO: check
+CVE-2026-34816 (Endian Firewall version 3.3.25 and prior allow stored
cross-site scrip ...)
+ TODO: check
+CVE-2026-34815 (Endian Firewall version 3.3.25 and prior allow stored
cross-site scrip ...)
+ TODO: check
+CVE-2026-34814 (Endian Firewall version 3.3.25 and prior allow stored
cross-site scrip ...)
+ TODO: check
+CVE-2026-34813 (Endian Firewall version 3.3.25 and prior allow stored
cross-site scrip ...)
+ TODO: check
+CVE-2026-34812 (Endian Firewall version 3.3.25 and prior allow stored
cross-site scrip ...)
+ TODO: check
+CVE-2026-34811 (Endian Firewall version 3.3.25 and prior allow stored
cross-site scrip ...)
+ TODO: check
+CVE-2026-34810 (Endian Firewall version 3.3.25 and prior allow stored
cross-site scrip ...)
+ TODO: check
+CVE-2026-34809 (Endian Firewall version 3.3.25 and prior allow stored
cross-site scrip ...)
+ TODO: check
+CVE-2026-34808 (Endian Firewall version 3.3.25 and prior allow stored
cross-site scrip ...)
+ TODO: check
+CVE-2026-34807 (Endian Firewall version 3.3.25 and prior allow stored
cross-site scrip ...)
+ TODO: check
+CVE-2026-34806 (Endian Firewall version 3.3.25 and prior allow stored
cross-site scrip ...)
+ TODO: check
+CVE-2026-34805 (Endian Firewall version 3.3.25 and prior allow stored
cross-site scrip ...)
+ TODO: check
+CVE-2026-34804 (Endian Firewall version 3.3.25 and prior allow stored
cross-site scrip ...)
+ TODO: check
+CVE-2026-34803 (Endian Firewall version 3.3.25 and prior allow stored
cross-site scrip ...)
+ TODO: check
+CVE-2026-34802 (Endian Firewall version 3.3.25 and prior allow stored
cross-site scrip ...)
+ TODO: check
+CVE-2026-34801 (Endian Firewall version 3.3.25 and prior allow stored
cross-site scrip ...)
+ TODO: check
+CVE-2026-34800 (Endian Firewall version 3.3.25 and prior allow stored
cross-site scrip ...)
+ TODO: check
+CVE-2026-34799 (Endian Firewall version 3.3.25 and prior allow stored
cross-site scrip ...)
+ TODO: check
+CVE-2026-34798 (Endian Firewall version 3.3.25 and prior allow stored
cross-site scrip ...)
+ TODO: check
+CVE-2026-34797 (Endian Firewall version 3.3.25 and prior allow authenticated
users to ...)
+ TODO: check
+CVE-2026-34796 (Endian Firewall version 3.3.25 and prior allow authenticated
users to ...)
+ TODO: check
+CVE-2026-34795 (Endian Firewall version 3.3.25 and prior allow authenticated
users to ...)
+ TODO: check
+CVE-2026-34794 (Endian Firewall version 3.3.25 and prior allow authenticated
users to ...)
+ TODO: check
+CVE-2026-34793 (Endian Firewall version 3.3.25 and prior allow authenticated
users to ...)
+ TODO: check
+CVE-2026-34792 (Endian Firewall version 3.3.25 and prior allow authenticated
users to ...)
+ TODO: check
+CVE-2026-34791 (Endian Firewall version 3.3.25 and prior allow authenticated
users to ...)
+ TODO: check
+CVE-2026-34790 (Endian Firewall version 3.3.25 and prior allow authenticated
users to ...)
+ TODO: check
+CVE-2026-34786 (Rack is a modular Ruby web server interface. Prior to versions
2.2.23, ...)
+ TODO: check
+CVE-2026-34785 (Rack is a modular Ruby web server interface. Prior to versions
2.2.23, ...)
+ TODO: check
+CVE-2026-34763 (Rack is a modular Ruby web server interface. Prior to versions
2.2.23, ...)
+ TODO: check
+CVE-2026-34759 (OneUptime is an open-source monitoring and observability
platform. Pri ...)
+ TODO: check
+CVE-2026-34758 (OneUptime is an open-source monitoring and observability
platform. Pri ...)
+ TODO: check
+CVE-2026-34752 (Haraka is a Node.js mail server. Prior to version 3.1.4,
sending an em ...)
+ TODO: check
+CVE-2026-34745 (Fireshare facilitates self-hosted media and link sharing.
Prior to ver ...)
+ TODO: check
+CVE-2026-34742 (The Go MCP SDK used Go's standard encoding/json. Prior to
version 1.4. ...)
+ TODO: check
+CVE-2026-34736 (Open edX Platform enables the authoring and delivery of online
learnin ...)
+ TODO: check
+CVE-2026-34735 (The Hytale Modding Wiki is a free service for Hytale mods to
host thei ...)
+ TODO: check
+CVE-2026-34730 (Copier is a library and CLI app for rendering project
templates. Prior ...)
+ TODO: check
+CVE-2026-34729 (phpMyFAQ is an open source FAQ web application. Prior to
version 4.1.1 ...)
+ TODO: check
+CVE-2026-34728 (phpMyFAQ is an open source FAQ web application. Prior to
version 4.1.1 ...)
+ TODO: check
+CVE-2026-34726 (Copier is a library and CLI app for rendering project
templates. Prior ...)
+ TODO: check
+CVE-2026-34725 (DbGate is cross-platform database manager. From version 7.0.0
to befor ...)
+ TODO: check
+CVE-2026-34717 (OpenProject is an open-source, web-based project management
software. ...)
+ TODO: check
+CVE-2026-34715 (ewe is a Gleam web server. Prior to version 3.0.6, the
encode_headers ...)
+ TODO: check
+CVE-2026-34610 (The leancrypto library is a cryptographic library that
exclusively con ...)
+ TODO: check
+CVE-2026-34608 (NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging
Platform. ...)
+ TODO: check
+CVE-2026-34606 (Frappe Learning Management System (LMS) is a learning system
that help ...)
+ TODO: check
+CVE-2026-34601 (xmldom is a pure JavaScript W3C standard-based (XML DOM Level
2 Core) ...)
+ TODO: check
+CVE-2026-34598 (YesWiki is a wiki system written in PHP. Prior to version
4.6.0, a sto ...)
+ TODO: check
+CVE-2026-34593 (Ash Framework is a declarative, extensible framework for
building Elix ...)
+ TODO: check
+CVE-2026-34591 (Poetry is a dependency manager for Python. From version 1.4.0
to befor ...)
+ TODO: check
+CVE-2026-34590 (Postiz is an AI social media scheduling tool. Prior to version
2.21.4, ...)
+ TODO: check
+CVE-2026-34584 (listmonk is a standalone, self-hosted, newsletter and mailing
list man ...)
+ TODO: check
+CVE-2026-34581 (goshs is a SimpleHTTPServer written in Go. From version 1.1.0
to befor ...)
+ TODO: check
+CVE-2026-34577 (Postiz is an AI social media scheduling tool. Prior to version
2.21.3, ...)
+ TODO: check
+CVE-2026-34576 (Postiz is an AI social media scheduling tool. Prior to version
2.21.3, ...)
+ TODO: check
+CVE-2026-34526 (SillyTavern is a locally installed user interface that allows
users to ...)
+ TODO: check
+CVE-2026-34524 (SillyTavern is a locally installed user interface that allows
users to ...)
+ TODO: check
+CVE-2026-34523 (SillyTavern is a locally installed user interface that allows
users to ...)
+ TODO: check
+CVE-2026-34522 (SillyTavern is a locally installed user interface that allows
users to ...)
+ TODO: check
+CVE-2026-34426 (OpenClaw versions prior to commit b57b680contain an approval
bypass vu ...)
+ TODO: check
+CVE-2026-34425 (OpenClaw versions prior to commit 8aceaf5 contain a preflight
validati ...)
+ TODO: check
+CVE-2026-34230 (Rack is a modular Ruby web server interface. Prior to versions
2.2.23, ...)
+ TODO: check
+CVE-2026-34124 (A denial-of-service vulnerability was identified in TP-Link
Tapo C520W ...)
+ TODO: check
+CVE-2026-34122 (A stack-based buffer overflow vulnerability was identified in
TP-Link ...)
+ TODO: check
+CVE-2026-34121 (An authentication bypass vulnerability within the HTTP
handling of the ...)
+ TODO: check
+CVE-2026-34120 (A heap-based buffer overflow vulnerability was identified in
TP-Link T ...)
+ TODO: check
+CVE-2026-34119 (A heap-based buffer overflow vulnerability was identified in
TP-Link T ...)
+ TODO: check
+CVE-2026-34118 (A heap-based buffer overflow vulnerability was identified in
TP-Link T ...)
+ TODO: check
+CVE-2026-34083 (Signal K Server is a server application that runs on a central
hub in ...)
+ TODO: check
+CVE-2026-33951 (Signal K Server is a server application that runs on a central
hub in ...)
+ TODO: check
+CVE-2026-33950 (Signal K Server is a server application that runs on a central
hub in ...)
+ TODO: check
+CVE-2026-33746 (Convoy is a KVM server management panel for hosting
businesses. From v ...)
+ TODO: check
+CVE-2026-33641 (Glances is an open-source system cross-platform monitoring
tool. Prior ...)
+ TODO: check
+CVE-2026-33617 (An unauthenticated remote attacker can access a configuration
file con ...)
+ TODO: check
+CVE-2026-33616 (An unauthenticated remote attacker can exploit an
unauthenticated blin ...)
+ TODO: check
+CVE-2026-33615 (An unauthenticated remote attacker can exploit an
unauthenticated SQL ...)
+ TODO: check
+CVE-2026-33614 (An unauthenticated remote attacker can exploit an
unauthenticated SQL ...)
+ TODO: check
+CVE-2026-33613 (Due to the improper neutralisation of special elements used in
an OS c ...)
+ TODO: check
+CVE-2026-33544 (Tinyauth is an authentication and authorization server. Prior
to versi ...)
+ TODO: check
+CVE-2026-33533 (Glances is an open-source system cross-platform monitoring
tool. Prior ...)
+ TODO: check
+CVE-2026-33271 (Local privilege escalation due to insecure folder permissions.
The fol ...)
+ TODO: check
+CVE-2026-32871 (FastMCP is a Pythonic way to build MCP servers and clients.
Prior to v ...)
+ TODO: check
+CVE-2026-32762 (Rack is a modular Ruby web server interface. From versions
3.0.0.beta1 ...)
+ TODO: check
+CVE-2026-32629 (phpMyFAQ is an open source FAQ web application. Prior to
version 4.1.1 ...)
+ TODO: check
+CVE-2026-32145 (Allocation of Resources Without Limits or Throttling
vulnerability in ...)
+ TODO: check
+CVE-2026-31937 (Suricata is a network IDS, IPS and NSM engine. Prior to
version 7.0.15 ...)
+ TODO: check
+CVE-2026-31935 (Suricata is a network IDS, IPS and NSM engine. Prior to
versions 7.0.1 ...)
+ TODO: check
+CVE-2026-31934 (Suricata is a network IDS, IPS and NSM engine. From version
8.0.0 to b ...)
+ TODO: check
+CVE-2026-31933 (Suricata is a network IDS, IPS and NSM engine. Prior to
versions 7.0.1 ...)
+ TODO: check
+CVE-2026-31932 (Suricata is a network IDS, IPS and NSM engine. Prior to
versions 7.0.1 ...)
+ TODO: check
+CVE-2026-31931 (Suricata is a network IDS, IPS and NSM engine. From version
8.0.0 to b ...)
+ TODO: check
+CVE-2026-30867 (CocoaMQTT is a MQTT 5.0 client library for iOS and macOS
written in Sw ...)
+ TODO: check
+CVE-2026-30603 (An issue in the firmware update mechanism of Qianniao
QN-L23PA0904 v20 ...)
+ TODO: check
+CVE-2026-30332 (A Time-of-Check to Time-of-Use (TOCTOU) race condition
vulnerability i ...)
+ TODO: check
+CVE-2026-2737 (A vulnerability exists in Progress Flowmon versions prior to
12.5.8 an ...)
+ TODO: check
+CVE-2026-2701 (Authenticated user can upload a malicious file to the server
and execu ...)
+ TODO: check
+CVE-2026-2699 (Customer Managed ShareFile Storage Zones Controller (SZC)
allows an un ...)
+ TODO: check
+CVE-2026-29782 (OpenSTAManager is an open source management software for
technical ass ...)
+ TODO: check
+CVE-2026-29144 (SEPPmail Secure Email Gateway before version 15.0.3 allows an
attacker ...)
+ TODO: check
+CVE-2026-29143 (SEPPmail Secure Email Gateway before version 15.0.3 does not
properly ...)
+ TODO: check
+CVE-2026-29142 (SEPPmail Secure Email Gateway before version 15.0.3 allows an
attacker ...)
+ TODO: check
+CVE-2026-29141 (SEPPmail Secure Email Gateway before version 15.0.3 allows an
attacker ...)
+ TODO: check
+CVE-2026-29140 (SEPPmail Secure Email Gateway before version 15.0.3 allows an
attacker ...)
+ TODO: check
+CVE-2026-29139 (SEPPmail Secure Email Gateway before version 15.0.3 allows
account tak ...)
+ TODO: check
+CVE-2026-29138 (SEPPmail Secure Email Gateway before version 15.0.3 allows
attackers w ...)
+ TODO: check
+CVE-2026-29137 (SEPPmail Secure Email Gateway before version 15.0.3 allows an
attacker ...)
+ TODO: check
+CVE-2026-29136 (SEPPmail Secure Email Gateway before version 15.0.3 allows an
attacker ...)
+ TODO: check
+CVE-2026-29135 (SEPPmail Secure Email Gateway before version 15.0.3 allows an
attacker ...)
+ TODO: check
+CVE-2026-29134 (SEPPmail Secure Email Gateway before version 15.0.3 allows an
external ...)
+ TODO: check
+CVE-2026-29133 (SEPPmail Secure Email Gateway before version 15.0.3 allows an
attacker ...)
+ TODO: check
+CVE-2026-29132 (SEPPmail Secure Email Gateway before version 15.0.3 allows an
attacker ...)
+ TODO: check
+CVE-2026-29131 (SEPPmail Secure Email Gateway before version 15.0.3 allows
attackers w ...)
+ TODO: check
+CVE-2026-28805 (OpenSTAManager is an open source management software for
technical ass ...)
+ TODO: check
+CVE-2026-28728 (Local privilege escalation due to DLL hijacking vulnerability.
The fol ...)
+ TODO: check
+CVE-2026-27774 (Local privilege escalation due to DLL hijacking vulnerability.
The fol ...)
+ TODO: check
+CVE-2026-26962 (Rack is a modular Ruby web server interface. From version
3.2.0 to bef ...)
+ TODO: check
+CVE-2026-26961 (Rack is a modular Ruby web server interface. Prior to versions
2.2.23, ...)
+ TODO: check
+CVE-2026-26928 (SzafirHostdownloads necessary files in the context of the
initiating w ...)
+ TODO: check
+CVE-2026-26927 (Szafir SDK Web is a browser plug-in that can run SzafirHost
applicatio ...)
+ TODO: check
+CVE-2026-26895 (User enumeration vulnerability in /pwreset.php in osTicket
v1.18.2 all ...)
+ TODO: check
+CVE-2026-25212 (An issue was discovered in Percona PMM before 3.7. Because an
internal ...)
+ TODO: check
+CVE-2026-0688 (The Webmention plugin for WordPress is vulnerable to
Server-Side Reque ...)
+ TODO: check
+CVE-2026-0686 (The Webmention plugin for WordPress is vulnerable to
Server-Side Reque ...)
+ TODO: check
+CVE-2026-0634 (Code execution in AssistFeedbackService of TECNO Pova7 Pro 5G
on Andro ...)
+ TODO: check
+CVE-2025-65114 (Apache Traffic Server allows request smuggling if chunked
messages are ...)
+ TODO: check
+CVE-2025-58136 (A bug in POST request handling causes a crash under a certain
conditio ...)
+ TODO: check
+CVE-2025-43264 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2025-43257 (This issue was addressed with improved handling of symlinks.
This issu ...)
+ TODO: check
+CVE-2025-43238 (An integer overflow was addressed with improved input
validation. This ...)
+ TODO: check
+CVE-2025-43236 (A type confusion issue was addressed with improved memory
handling. Th ...)
+ TODO: check
+CVE-2025-43219 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2025-43210 (An out-of-bounds access issue was addressed with improved
bounds check ...)
+ TODO: check
+CVE-2025-43202 (This issue was addressed with improved memory handling. This
issue is ...)
+ TODO: check
+CVE-2024-44303 (The issue was addressed with improved checks. This issue is
fixed in m ...)
+ TODO: check
+CVE-2024-44286 (This issue was addressed through improved state management.
This issue ...)
+ TODO: check
+CVE-2024-44250 (A permissions issue was addressed with additional
restrictions. This i ...)
+ TODO: check
+CVE-2024-44219 (A permissions issue was addressed with additional
restrictions. This i ...)
+ TODO: check
+CVE-2024-40858 (A permissions issue was addressed with additional
restrictions. This i ...)
+ TODO: check
+CVE-2024-40849 (A race condition was addressed with additional validation.
This issue ...)
+ TODO: check
+CVE-2023-7342 (HiSecOS web server contains a privilege escalation
vulnerability that ...)
+ TODO: check
CVE-2026-27456 [util-linux: mount(8) TOCTOU symlink attack via loop device]
- util-linux 2.42-1
NOTE:
https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g
NOTE: Fixed by:
https://github.com/util-linux/util-linux/commit/0ba0f14caa812349424df0da00ac2d97fee9d972
(v2.42)
-CVE-2026-23417 [bpf: Fix constant blinding for PROBE_MEM32 stores]
+CVE-2026-23417 (In the Linux kernel, the following vulnerability has been
resolved: b ...)
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/2321a9596d2260310267622e0ad8fbfa6f95378f (7.0-rc5)
-CVE-2026-23416 [mm/mseal: update VMA end correctly on merge]
+CVE-2026-23416 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
- linux <unfixed>
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/2697dd8ae721db4f6a53d4f4cbd438212a80f8dc (7.0-rc6)
-CVE-2026-23415 [futex: Fix UaF between futex_key_to_node_opt() and
vma_replace_policy()]
+CVE-2026-23415 (In the Linux kernel, the following vulnerability has been
resolved: f ...)
- linux <unfixed>
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/190a8c48ff623c3d67cb295b4536a660db2012aa (7.0-rc6)
-CVE-2026-23414 [tls: Purge async_hold in tls_decrypt_async_wait()]
+CVE-2026-23414 (In the Linux kernel, the following vulnerability has been
resolved: t ...)
- linux <unfixed>
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/84a8335d8300576f1b377ae24abca1d9f197807f (7.0-rc6)
-CVE-2026-23413 [clsact: Fix use-after-free in init/destroy rollback asymmetry]
+CVE-2026-23413 (In the Linux kernel, the following vulnerability has been
resolved: c ...)
- linux 6.19.10-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/a0671125d4f55e1e98d9bde8a0b671941987e208 (7.0-rc5)
-CVE-2026-23412 [netfilter: bpf: defer hook memory release until rcu readers
are done]
+CVE-2026-23412 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.19.10-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -1131,7 +1543,7 @@ CVE-2026-5291 (Inappropriate implementation in WebGL in
Google Chrome prior to 1
CVE-2026-5292 (Out of bounds read in WebCodecs in Google Chrome prior to
146.0.7680.1 ...)
- chromium 146.0.7680.177-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-34743 [liblzma: Fix a buffer overflow in lzma_index_append()]
+CVE-2026-34743 (XZ Utils provide a general-purpose data-compression library
plus comma ...)
- xz-utils <unfixed> (bug #1132497)
[trixie] - xz-utils <no-dsa> (Minor issue)
[bookworm] - xz-utils <no-dsa> (Minor issue)
@@ -1605,7 +2017,7 @@ CVE-2025-7741 (Hardcoded Password Vulnerability have been
found in CENTUM.Affect
NOT-FOR-US: Yokogawa
CVE-2025-15036 (A path traversal vulnerability exists in the
`extract_archive_to_dir` ...)
NOT-FOR-US: mlflow
-CVE-2026-33691 [Whitespace padding in filenames bypasses file upload extension
checks]
+CVE-2026-33691 (The OWASP core rule set (CRS) is a set of generic attack
detection rul ...)
- modsecurity-crs 3.3.9-1
[trixie] - modsecurity-crs <no-dsa> (Minor issue)
[bookworm] - modsecurity-crs <no-dsa> (Minor issue)
@@ -2931,7 +3343,7 @@ CVE-2026-23396 (In the Linux kernel, the following
vulnerability has been resolv
- linux 6.19.10-1
NOTE:
https://git.kernel.org/linus/c73bb9a2d33bf81f6eecaa0f474b6c6dbe9855bd (7.0-rc5)
CVE-2026-33416 (LIBPNG is a reference library for use in applications that
read, creat ...)
- {DSA-6189-1}
+ {DSA-6189-1 DLA-4521-1}
- libpng1.6 1.6.56-1 (bug #1132012)
NOTE:
https://github.com/pnggroup/libpng/security/advisories/GHSA-m4pc-p4q3-4c7j
NOTE: https://github.com/pnggroup/libpng/pull/824
@@ -2940,7 +3352,7 @@ CVE-2026-33416 (LIBPNG is a reference library for use in
applications that read,
NOTE: Fixed by:
https://github.com/pnggroup/libpng/commit/7ea9eea884a2328cc7fdcb3c0c00246a50d90667
(v1.6.56)
NOTE: Fixed by:
https://github.com/pnggroup/libpng/commit/c1b0318b393c90679e6fa5bc1d329fd5d5012ec1
(v1.6.56)
CVE-2026-33636 (LIBPNG is a reference library for use in applications that
read, creat ...)
- {DSA-6189-1}
+ {DSA-6189-1 DLA-4521-1}
- libpng1.6 1.6.56-1 (bug #1132013)
NOTE:
https://github.com/pnggroup/libpng/security/advisories/GHSA-wjr5-c57x-95m2
NOTE: Introduced with:
https://github.com/pnggroup/libpng/commit/7734cda20cf1236aef60f3bbd2267c97bbb40869
(v1.6.36)
@@ -7742,7 +8154,7 @@ CVE-2026-4439 (Out of bounds memory access in WebGL in
Google Chrome on Android
{DSA-6171-1}
- chromium 146.0.7680.153-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-34881 (OpenStack Glance <29.1.1, >=30.0.0 <30.1.1, ==31.0.0 is
affected by Se ...)
+CVE-2026-34881 (OpenStack Glance before 29.1.1, 30.x before 30.1.1, and 31.0.0
is affe ...)
- glance 2:31.0.0-3 (bug #1131274)
[trixie] - glance <no-dsa> (Minor issue)
[bookworm] - glance <no-dsa> (Minor issue)
@@ -23900,7 +24312,7 @@ CVE-2026-1231 (The Beaver Builder Page Builder \u2013
Drag and Drop Website Buil
NOT-FOR-US: WordPress plugin
CVE-2025-15524 (The Gallery by FooGallery plugin for WordPress is vulnerable
to unauth ...)
NOT-FOR-US: WordPress plugin
-CVE-2025-15400 (The Pix para Woocommerce WordPress plugin through 2.13.3
allows any a ...)
+CVE-2025-15400 (The OpenPix for WooCommerce WordPress plugin through 2.13.3
allows any ...)
NOT-FOR-US: WordPress plugin
CVE-2025-14541 (The Lucky Wheel Giveaway plugin for WordPress is vulnerable to
Remote ...)
NOT-FOR-US: WordPress plugin
@@ -24247,7 +24659,7 @@ CVE-2026-0653 (On TP-Link Tapo C260 v1 and D235 v1,
aguest\u2011level authentica
NOT-FOR-US: TP-Link
CVE-2026-0652 (On TP-Link Tapo C260 v1, command injection vulnerability exists
due to ...)
NOT-FOR-US: TP-Link
-CVE-2026-0651 (On TP-Link Tapo C260 v1 and D235 v1, path traversal is possible
due to ...)
+CVE-2026-0651 (A path traversal vulnerability was identified TP-Link Tapo C260
v1, D2 ...)
NOT-FOR-US: TP-Link
CVE-2025-7636 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: ZEUS PDKS
@@ -45399,7 +45811,7 @@ CVE-2025-12492 (The Ultimate Member \u2013 User
Profile, Registration, Login, Me
NOT-FOR-US: WordPress plugin
CVE-2025-14969 (A flaw was found in Hibernate Reactive. When an HTTP endpoint
is expos ...)
NOT-FOR-US: Quarkus
-CVE-2025-8065 (A buffer overflow vulnerability exists in the ONVIF XML parser
of Tapo ...)
+CVE-2025-8065 (A stack-based buffer overflow vulnerability was identified in
the ONVI ...)
NOT-FOR-US: Tp-Link
CVE-2025-68613 (n8n is an open source workflow automation platform. Versions
starting ...)
NOT-FOR-US: n8n
@@ -46653,7 +47065,7 @@ CVE-2025-46278 (The issue was addressed with improved
handling of caches. This i
NOT-FOR-US: Apple
CVE-2025-46277 (A logging issue was addressed with improved data redaction.
This issue ...)
NOT-FOR-US: Apple
-CVE-2025-43533 (Multiple memory corruption issues were addressed with improved
input v ...)
+CVE-2025-43533 (The issue was addressed with improved bounds checks. This
issue is fix ...)
NOT-FOR-US: Apple
CVE-2025-43526 (This issue was addressed with improved URL validation. This
issue is f ...)
NOT-FOR-US: Apple
@@ -48881,7 +49293,7 @@ CVE-2025-9218 (The rtMedia for WordPress, BuddyPress
and bbPress plugin for Word
NOT-FOR-US: WordPress plugin
CVE-2025-9207 (The TI WooCommerce Wishlist plugin for WordPress is vulnerable
to HTML ...)
NOT-FOR-US: WordPress plugin
-CVE-2025-9116 (The WPS Visitor Counter Plugin WordPress plugin through 1.4.8
does not ...)
+CVE-2025-9116 (The WPS Visitor Counter WordPress plugin through 1.4.8 does not
escape ...)
NOT-FOR-US: WordPress plugin
CVE-2025-8779 (The All-in-One Addons for Elementor \u2013 WidgetKit plugin for
WordPr ...)
NOT-FOR-US: WordPress plugin
@@ -62388,11 +62800,11 @@ CVE-2025-43496 (The issue was addressed by adding
additional logic. This issue i
NOT-FOR-US: Apple
CVE-2025-43495 (The issue was addressed with improved checks. This issue is
fixed in i ...)
NOT-FOR-US: Apple
-CVE-2025-43493 (The issue was addressed with improved checks. This issue is
fixed in m ...)
+CVE-2025-43493 (The issue was addressed with improved checks. This issue is
fixed in S ...)
NOT-FOR-US: Apple
CVE-2025-43481 (This issue was addressed with improved checks. This issue is
fixed in ...)
NOT-FOR-US: Apple
-CVE-2025-43480 (The issue was addressed with improved checks. This issue is
fixed in t ...)
+CVE-2025-43480 (The issue was addressed with improved checks. This issue is
fixed in S ...)
{DSA-5792-1}
- webkit2gtk 2.46.0-1
- wpewebkit 2.46.0-1
@@ -62475,7 +62887,7 @@ CVE-2025-43441 (The issue was addressed with improved
memory handling. This issu
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
[bullseye] - wpewebkit <end-of-life> (see #1035997)
NOTE: https://webkitgtk.org/security/WSA-2026-0001.html
-CVE-2025-43440 (This issue was addressed with improved checks This issue is
fixed in t ...)
+CVE-2025-43440 (This issue was addressed with improved checks. This issue is
fixed in ...)
{DSA-6070-1 DLA-4394-1}
- webkit2gtk 2.50.2-1
- wpewebkit 2.50.2-1
@@ -68225,7 +68637,7 @@ CVE-2025-43282 (A double free issue was addressed with
improved memory managemen
NOT-FOR-US: Apple
CVE-2025-43281 (The issue was addressed with improved authentication. This
issue is fi ...)
NOT-FOR-US: Apple
-CVE-2025-43280 (The issue was resolved by not loading remote images This issue
is fixe ...)
+CVE-2025-43280 (The issue was resolved by not loading remote images. This
issue is fix ...)
NOT-FOR-US: Apple
CVE-2025-41021 (Stored Cross-Site Scripting (XSS) in Sergestec's Exito v8.0,
consistin ...)
NOT-FOR-US: Sergestec
@@ -96267,7 +96679,7 @@ CVE-2025-43230 (The issue was addressed with additional
permissions checks. This
NOT-FOR-US: Apple
CVE-2025-43229 (This issue was addressed through improved state management.
This issue ...)
NOT-FOR-US: Apple
-CVE-2025-43228 (The issue was addressed with improved UI. This issue is fixed
in iOS 1 ...)
+CVE-2025-43228 (The issue was addressed with improved UI. This issue is fixed
in Safar ...)
{DSA-5978-1 DLA-4276-1}
- webkit2gtk 2.48.5-1
- wpewebkit 2.48.5-1
@@ -96416,7 +96828,7 @@ CVE-2025-31229 (A logic issue was addressed with
improved checks. This issue is
NOT-FOR-US: Apple
CVE-2025-25011 (An uncontrolled search path element vulnerability can lead to
local pr ...)
NOT-FOR-US: Beats (Windows Installer)
-CVE-2025-24224 (The issue was addressed with improved checks. This issue is
fixed in t ...)
+CVE-2025-24224 (The issue was addressed with improved checks. This issue is
fixed in i ...)
NOT-FOR-US: Apple
CVE-2025-24188 (A logic issue was addressed with improved checks. This issue
is fixed ...)
NOT-FOR-US: Apple
@@ -120443,7 +120855,7 @@ CVE-2025-31329 (SAP NetWeaver is vulnerable to an
Information Disclosure vulnera
NOT-FOR-US: SAP
CVE-2025-31260 (A permissions issue was addressed with additional
restrictions. This i ...)
NOT-FOR-US: Apple
-CVE-2025-31259 (The issue was addressed with improved input sanitization. This
issue i ...)
+CVE-2025-31259 (A privacy issue was addressed with improved checks. This issue
is fixe ...)
NOT-FOR-US: Apple
CVE-2025-31258 (This issue was addressed by removing the vulnerable code. This
issue i ...)
NOT-FOR-US: Apple
@@ -120468,7 +120880,7 @@ CVE-2025-31247 (A logic issue was addressed with
improved state management. This
NOT-FOR-US: Apple
CVE-2025-31246 (The issue was addressed with improved memory handling. This
issue is f ...)
NOT-FOR-US: Apple
-CVE-2025-31245 (The issue was addressed with improved checks. This issue is
fixed in m ...)
+CVE-2025-31245 (The issue was addressed with improved checks. This issue is
fixed in i ...)
NOT-FOR-US: Apple
CVE-2025-31244 (A file quarantine bypass was addressed with additional checks.
This is ...)
NOT-FOR-US: Apple
@@ -120480,7 +120892,7 @@ CVE-2025-31240 (This issue was addressed with
improved checks. This issue is fix
NOT-FOR-US: Apple
CVE-2025-31239 (A use-after-free issue was addressed with improved memory
management. ...)
NOT-FOR-US: Apple
-CVE-2025-31238 (The issue was addressed with improved checks. This issue is
fixed in w ...)
+CVE-2025-31238 (The issue was addressed with improved checks. This issue is
fixed in S ...)
NOT-FOR-US: Apple
CVE-2025-31237 (This issue was addressed with improved checks. This issue is
fixed in ...)
NOT-FOR-US: Apple
@@ -120504,7 +120916,7 @@ CVE-2025-31225 (A privacy issue was addressed by
removing sensitive data. This i
NOT-FOR-US: Apple
CVE-2025-31224 (A logic issue was addressed with improved checks. This issue
is fixed ...)
NOT-FOR-US: Apple
-CVE-2025-31223 (The issue was addressed with improved checks. This issue is
fixed in w ...)
+CVE-2025-31223 (The issue was addressed with improved checks. This issue is
fixed in S ...)
{DSA-6042-1}
- webkit2gtk 2.50.0-1
- wpewebkit 2.50.0-1
@@ -120524,7 +120936,7 @@ CVE-2025-31218 (This issue was addressed by removing
the vulnerable code. This i
NOT-FOR-US: Apple
CVE-2025-31217 (The issue was addressed with improved input validation. This
issue is ...)
NOT-FOR-US: Apple
-CVE-2025-31215 (The issue was addressed with improved checks. This issue is
fixed in w ...)
+CVE-2025-31215 (The issue was addressed with improved checks. This issue is
fixed in S ...)
{DSA-5937-1 DLA-4218-1}
- webkit2gtk 2.48.2-1
- wpewebkit 2.48.2-1
@@ -120537,11 +120949,11 @@ CVE-2025-31213 (A logging issue was addressed with
improved data redaction. This
NOT-FOR-US: Apple
CVE-2025-31212 (This issue was addressed through improved state management.
This issue ...)
NOT-FOR-US: Apple
-CVE-2025-31210 (The issue was addressed with improved UI. This issue is fixed
in iPadO ...)
+CVE-2025-31210 (The issue was addressed with improved UI. This issue is fixed
in iOS 1 ...)
NOT-FOR-US: Apple
CVE-2025-31209 (An out-of-bounds read was addressed with improved bounds
checking. Thi ...)
NOT-FOR-US: Apple
-CVE-2025-31208 (The issue was addressed with improved checks. This issue is
fixed in w ...)
+CVE-2025-31208 (The issue was addressed with improved checks. This issue is
fixed in i ...)
NOT-FOR-US: Apple
CVE-2025-31207 (A logic issue was addressed with improved checks. This issue
is fixed ...)
NOT-FOR-US: Apple
@@ -120552,7 +120964,7 @@ CVE-2025-31206 (A type confusion issue was addressed
with improved state handlin
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
[bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be
sensibly backported)
NOTE: https://webkitgtk.org/security/WSA-2025-0004.html
-CVE-2025-31205 (The issue was addressed with improved checks. This issue is
fixed in w ...)
+CVE-2025-31205 (The issue was addressed with improved checks. This issue is
fixed in S ...)
{DSA-5937-1 DLA-4218-1}
- webkit2gtk 2.48.2-1
- wpewebkit 2.48.2-1
@@ -125661,7 +126073,7 @@ CVE-2025-31203 (An integer overflow was addressed
with improved input validation
NOT-FOR-US: Apple
CVE-2025-31202 (A null pointer dereference was addressed with improved input
validatio ...)
NOT-FOR-US: Apple
-CVE-2025-31197 (The issue was addressed with improved checks. This issue is
fixed in m ...)
+CVE-2025-31197 (The issue was addressed with improved checks. This issue is
fixed in i ...)
NOT-FOR-US: Apple
CVE-2025-30445 (A type confusion issue was addressed with improved checks.
This issue ...)
NOT-FOR-US: Apple
@@ -125673,7 +126085,7 @@ CVE-2025-24270 (This issue was addressed by removing
the vulnerable code. This i
NOT-FOR-US: Apple
CVE-2025-24252 (A use-after-free issue was addressed with improved memory
management. ...)
NOT-FOR-US: Apple
-CVE-2025-24251 (The issue was addressed with improved checks. This issue is
fixed in m ...)
+CVE-2025-24251 (The issue was addressed with improved checks. This issue is
fixed in i ...)
NOT-FOR-US: Apple
CVE-2025-24206 (An authentication issue was addressed with improved state
management. ...)
NOT-FOR-US: Apple
@@ -135093,7 +135505,7 @@ CVE-2025-30450 (This issue was addressed with
improved validation of symlinks. T
NOT-FOR-US: Apple
CVE-2025-30449 (A permissions issue was addressed with additional
restrictions. This i ...)
NOT-FOR-US: Apple
-CVE-2025-30447 (The issue was resolved by sanitizing logging This issue is
fixed in vi ...)
+CVE-2025-30447 (The issue was resolved by sanitizing logging. This issue is
fixed in i ...)
NOT-FOR-US: Apple
CVE-2025-30446 (A permissions issue was addressed with additional
restrictions. This i ...)
NOT-FOR-US: Apple
@@ -135103,7 +135515,7 @@ CVE-2025-30443 (A privacy issue was addressed by
removing the vulnerable code. T
NOT-FOR-US: Apple
CVE-2025-30441 (This issue was addressed through improved state management.
This issue ...)
NOT-FOR-US: Apple
-CVE-2025-30439 (The issue was addressed with improved checks. This issue is
fixed in v ...)
+CVE-2025-30439 (The issue was addressed with improved checks. This issue is
fixed in i ...)
NOT-FOR-US: Apple
CVE-2025-30438 (This issue was addressed with improved access restrictions.
This issue ...)
NOT-FOR-US: Apple
@@ -135262,7 +135674,7 @@ CVE-2025-24216 (The issue was addressed with improved
memory handling. This issu
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
[bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be
sensibly backported)
NOTE: https://webkitgtk.org/security/WSA-2025-0003.html
-CVE-2025-24215 (The issue was addressed with improved checks. This issue is
fixed in m ...)
+CVE-2025-24215 (The issue was addressed with improved checks. This issue is
fixed in i ...)
NOT-FOR-US: Apple
CVE-2025-24214 (A privacy issue was addressed by not logging contents of text
fields. ...)
NOT-FOR-US: Apple
@@ -135299,7 +135711,7 @@ CVE-2025-24205 (An authorization issue was addressed
with improved state managem
NOT-FOR-US: Apple
CVE-2025-24204 (The issue was addressed with improved checks. This issue is
fixed in m ...)
NOT-FOR-US: Apple
-CVE-2025-24203 (The issue was addressed with improved checks. This issue is
fixed in m ...)
+CVE-2025-24203 (The issue was addressed with improved checks. This issue is
fixed in i ...)
NOT-FOR-US: Apple
CVE-2025-24202 (A logging issue was addressed with improved data redaction.
This issue ...)
NOT-FOR-US: Apple
@@ -142106,7 +142518,7 @@ CVE-2024-54546 (The issue was addressed with improved
memory handling. This issu
NOT-FOR-US: Apple
CVE-2024-54473 (This issue was addressed with improved redaction of sensitive
informat ...)
NOT-FOR-US: Apple
-CVE-2024-54469 (The issue was addressed with improved checks. This issue is
fixed in m ...)
+CVE-2024-54469 (The issue was addressed with improved checks. This issue is
fixed in i ...)
NOT-FOR-US: Apple
CVE-2024-54467 (A cookie management issue was addressed with improved state
management ...)
{DSA-5885-1 DLA-4218-1}
@@ -142127,7 +142539,7 @@ CVE-2024-47109 (IBM Sterling File Gateway 6.0.0.0
through 6.1.2.6 and 6.2.0.0 th
NOT-FOR-US: IBM
CVE-2024-44227 (The issue was addressed with improved memory handling. This
issue is f ...)
NOT-FOR-US: Apple
-CVE-2024-44192 (The issue was addressed with improved checks. This issue is
fixed in w ...)
+CVE-2024-44192 (The issue was addressed with improved checks. This issue is
fixed in S ...)
{DSA-5885-1 DLA-4218-1}
- webkit2gtk 2.48.0-1
- wpewebkit 2.48.0-1
@@ -155876,7 +156288,7 @@ CVE-2025-24128 (The issue was addressed by adding
additional logic. This issue i
NOT-FOR-US: Apple
CVE-2025-24127 (The issue was addressed with improved checks. This issue is
fixed in i ...)
NOT-FOR-US: Apple
-CVE-2025-24126 (An input validation issue was addressed. This issue is fixed
in vision ...)
+CVE-2025-24126 (An input validation issue was addressed. This issue is fixed
in iOS 18 ...)
NOT-FOR-US: Apple
CVE-2025-24124 (The issue was addressed with improved checks. This issue is
fixed in i ...)
NOT-FOR-US: Apple
@@ -155898,7 +156310,7 @@ CVE-2025-24115 (A path handling issue was addressed
with improved validation. Th
NOT-FOR-US: Apple
CVE-2025-24114 (A permissions issue was addressed with additional
restrictions. This i ...)
NOT-FOR-US: Apple
-CVE-2025-24113 (The issue was addressed with improved UI. This issue is fixed
in macOS ...)
+CVE-2025-24113 (The issue was addressed with improved UI. This issue is fixed
in Safar ...)
NOT-FOR-US: Apple
CVE-2025-24112 (The issue was addressed with improved checks. This issue is
fixed in m ...)
NOT-FOR-US: Apple
@@ -155908,7 +156320,7 @@ CVE-2025-24108 (An access issue was addressed with
additional sandbox restrictio
NOT-FOR-US: Apple
CVE-2025-24107 (A permissions issue was addressed with additional
restrictions. This i ...)
NOT-FOR-US: Apple
-CVE-2025-24106 (The issue was addressed with improved checks. This issue is
fixed in m ...)
+CVE-2025-24106 (This issue was addressed with additional entitlement checks.
This issu ...)
NOT-FOR-US: Apple
CVE-2025-24104 (This issue was addressed with improved handling of symlinks.
This issu ...)
NOT-FOR-US: Apple
@@ -155992,7 +156404,7 @@ CVE-2024-54537 (This issue was addressed with
additional entitlement checks. Thi
NOT-FOR-US: Apple
CVE-2024-54536 (The issue was addressed with improved validation of
environment variab ...)
NOT-FOR-US: Apple
-CVE-2024-54530 (The issue was addressed with improved checks. This issue is
fixed in m ...)
+CVE-2024-54530 (The issue was addressed with improved checks. This issue is
fixed in i ...)
NOT-FOR-US: Apple
CVE-2024-54523 (The issue was addressed with improved bounds checks. This
issue is fix ...)
NOT-FOR-US: Apple
@@ -156024,7 +156436,7 @@ CVE-2024-54478 (An out-of-bounds access issue was
addressed with improved bounds
NOT-FOR-US: Apple
CVE-2024-54475 (A privacy issue was addressed with improved private data
redaction for ...)
NOT-FOR-US: Apple
-CVE-2024-54468 (The issue was addressed with improved checks. This issue is
fixed in m ...)
+CVE-2024-54468 (The issue was addressed with improved checks. This issue is
fixed in i ...)
NOT-FOR-US: Apple
CVE-2024-53881 (NVIDIA vGPU software contains a vulnerability in the host
driver, wher ...)
NOT-FOR-US: NVIDIA vGPU software
@@ -160045,7 +160457,7 @@ CVE-2024-36476 (In the Linux kernel, the following
vulnerability has been resolv
NOTE:
https://git.kernel.org/linus/fb514b31395946022f13a08e06a435f53cf9e8b3 (6.13-rc6)
CVE-2024-35280 (A improper neutralization of input during web page generation
('cross- ...)
NOT-FOR-US: FortiGuard
-CVE-2024-27856 (The issue was addressed with improved checks. This issue is
fixed in m ...)
+CVE-2024-27856 (The issue was addressed with improved checks. This issue is
fixed in S ...)
{DSA-5792-1}
- webkit2gtk 2.46.0-1
- wpewebkit 2.46.0-1
@@ -169697,13 +170109,13 @@ CVE-2024-54528 (A logic issue was addressed with
improved restrictions. This iss
NOT-FOR-US: Apple
CVE-2024-54527 (This issue was addressed with improved checks. This issue is
fixed in ...)
NOT-FOR-US: Apple
-CVE-2024-54526 (The issue was addressed with improved checks. This issue is
fixed in w ...)
+CVE-2024-54526 (The issue was addressed with improved checks. This issue is
fixed in i ...)
NOT-FOR-US: Apple
CVE-2024-54524 (A logic issue was addressed with improved file handling. This
issue is ...)
NOT-FOR-US: Apple
CVE-2024-54515 (A logic issue was addressed with improved restrictions. This
issue is ...)
NOT-FOR-US: Apple
-CVE-2024-54514 (The issue was addressed with improved checks. This issue is
fixed in w ...)
+CVE-2024-54514 (The issue was addressed with improved checks. This issue is
fixed in i ...)
NOT-FOR-US: Apple
CVE-2024-54513 (A permissions issue was addressed with additional
restrictions. This i ...)
NOT-FOR-US: Apple
@@ -169729,7 +170141,7 @@ CVE-2024-54504 (A privacy issue was addressed with
improved private data redacti
NOT-FOR-US: Apple
CVE-2024-54503 (An inconsistent user interface issue was addressed with
improved state ...)
NOT-FOR-US: Apple
-CVE-2024-54502 (The issue was addressed with improved checks. This issue is
fixed in w ...)
+CVE-2024-54502 (The issue was addressed with improved checks. This issue is
fixed in S ...)
{DSA-5835-1 DLA-4009-1}
- webkit2gtk 2.46.5-1
- wpewebkit 2.46.5-1
@@ -169751,7 +170163,7 @@ CVE-2024-54493 (This issue was addressed through
improved state management. This
NOT-FOR-US: Apple
CVE-2024-54492 (This issue was addressed by using HTTPS when sending
information over ...)
NOT-FOR-US: Apple
-CVE-2024-54491 (The issue was resolved by sanitizing logging This issue is
fixed in ma ...)
+CVE-2024-54491 (The issue was resolved by sanitizing logging. This issue is
fixed in m ...)
NOT-FOR-US: Apple
CVE-2024-54490 (This issue was addressed by enabling hardened runtime. This
issue is f ...)
NOT-FOR-US: Apple
@@ -169763,7 +170175,7 @@ CVE-2024-54485 (The issue was addressed by adding
additional logic. This issue i
NOT-FOR-US: Apple
CVE-2024-54484 (The issue was resolved by sanitizing logging. This issue is
fixed in m ...)
NOT-FOR-US: Apple
-CVE-2024-54479 (The issue was addressed with improved checks. This issue is
fixed in i ...)
+CVE-2024-54479 (The issue was addressed with improved checks. This issue is
fixed in S ...)
{DSA-5835-1 DLA-4009-1}
- webkit2gtk 2.46.5-1
- wpewebkit 2.46.5-1
@@ -183451,13 +183863,13 @@ CVE-2024-48107 (SparkShop <=1.1.7 is vulnerable to
server-side request forgery (
NOT-FOR-US: SparkShop
CVE-2024-45656 (IBM Flexible Service Processor (FSP) FW860.00 through
FW860.B3, FW950. ...)
NOT-FOR-US: IBM Flexible Service Processor
-CVE-2024-44302 (The issue was addressed with improved checks. This issue is
fixed in t ...)
+CVE-2024-44302 (The issue was addressed with improved checks. This issue is
fixed in i ...)
NOT-FOR-US: Apple
CVE-2024-44301 (The issue was addressed with improved checks. This issue is
fixed in m ...)
NOT-FOR-US: Apple
CVE-2024-44297 (The issue was addressed with improved bounds checks. This
issue is fix ...)
NOT-FOR-US: Apple
-CVE-2024-44296 (The issue was addressed with improved checks. This issue is
fixed in t ...)
+CVE-2024-44296 (The issue was addressed with improved checks. This issue is
fixed in S ...)
{DSA-5804-1 DLA-3961-1}
- webkit2gtk 2.46.3-1
[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
@@ -183543,7 +183955,7 @@ CVE-2024-44244 (A memory corruption issue was
addressed with improved input vali
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
[bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be
sensibly backported)
NOTE: https://webkitgtk.org/security/WSA-2024-0006.html
-CVE-2024-44240 (The issue was addressed with improved checks. This issue is
fixed in t ...)
+CVE-2024-44240 (The issue was addressed with improved checks. This issue is
fixed in i ...)
NOT-FOR-US: Apple
CVE-2024-44239 (An information disclosure issue was addressed with improved
private da ...)
NOT-FOR-US: Apple
@@ -183595,7 +184007,7 @@ CVE-2024-44144 (A buffer overflow was addressed with
improved size validation. T
NOT-FOR-US: Apple
CVE-2024-44137 (The issue was addressed with improved checks. This issue is
fixed in m ...)
NOT-FOR-US: Apple
-CVE-2024-44126 (The issue was addressed with improved checks. This issue is
fixed in m ...)
+CVE-2024-44126 (The issue was addressed with improved checks. This issue is
fixed in i ...)
NOT-FOR-US: Apple
CVE-2024-44123 (A permissions issue was addressed with additional
restrictions. This i ...)
NOT-FOR-US: Apple
@@ -184626,7 +185038,7 @@ CVE-2024-44206 (An issue in the handling of URL
protocols was addressed with imp
NOT-FOR-US: Apple
CVE-2024-44205 (A privacy issue was addressed with improved private data
redaction for ...)
NOT-FOR-US: Apple
-CVE-2024-44185 (The issue was addressed with improved checks. This issue is
fixed in t ...)
+CVE-2024-44185 (The issue was addressed with improved checks. This issue is
fixed in S ...)
{DSA-5792-1 DLA-3961-1}
- webkit2gtk 2.46.0-1
[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
@@ -194567,7 +194979,7 @@ CVE-2024-40830 (This issue was addressed with
improved data protection. This iss
NOT-FOR-US: Apple
CVE-2024-40826 (A privacy issue was addressed with improved handling of files.
This is ...)
NOT-FOR-US: Apple
-CVE-2024-40825 (The issue was addressed with improved checks. This issue is
fixed in v ...)
+CVE-2024-40825 (The issue was addressed with improved checks. This issue is
fixed in m ...)
NOT-FOR-US: Apple
CVE-2024-40801 (A permissions issue was addressed with additional
restrictions. This i ...)
NOT-FOR-US: Apple
@@ -205999,7 +206411,7 @@ CVE-2024-40833 (A logic issue was addressed with
improved checks. This issue is
NOT-FOR-US: Apple
CVE-2024-40832 (The issue was addressed with improved checks. This issue is
fixed in m ...)
NOT-FOR-US: Apple
-CVE-2024-40829 (The issue was addressed with improved checks. This issue is
fixed in w ...)
+CVE-2024-40829 (The issue was addressed with improved checks. This issue is
fixed in i ...)
NOT-FOR-US: Apple
CVE-2024-40828 (The issue was addressed with improved checks. This issue is
fixed in m ...)
NOT-FOR-US: Apple
@@ -219000,7 +219412,7 @@ CVE-2024-27885 (This issue was addressed with
improved validation of symlinks. T
NOT-FOR-US: Apple
CVE-2024-27857 (An out-of-bounds access issue was addressed with improved
bounds check ...)
NOT-FOR-US: Apple
-CVE-2024-27855 (The issue was addressed with improved checks. This issue is
fixed in m ...)
+CVE-2024-27855 (The issue was addressed with improved checks. This issue is
fixed in i ...)
NOT-FOR-US: Apple
CVE-2024-27851 (The issue was addressed with improved bounds checks. This
issue is fix ...)
{DSA-5762-1}
@@ -219016,7 +219428,7 @@ CVE-2024-27848 (This issue was addressed with
improved permissions checking. Thi
NOT-FOR-US: Apple
CVE-2024-27845 (A privacy issue was addressed with improved handling of
temporary file ...)
NOT-FOR-US: Apple
-CVE-2024-27844 (The issue was addressed with improved checks. This issue is
fixed in v ...)
+CVE-2024-27844 (The issue was addressed with improved checks. This issue is
fixed in S ...)
NOT-FOR-US: Apple
CVE-2024-27840 (The issue was addressed with improved memory handling. This
issue is f ...)
NOT-FOR-US: Apple
@@ -219028,7 +219440,7 @@ CVE-2024-27838 (The issue was addressed by adding
additional logic. This issue i
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
[bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be
sensibly backported)
NOTE: https://webkitgtk.org/security/WSA-2024-0005.html
-CVE-2024-27836 (The issue was addressed with improved checks. This issue is
fixed in v ...)
+CVE-2024-27836 (The issue was addressed with improved checks. This issue is
fixed in i ...)
NOT-FOR-US: Apple
CVE-2024-27833 (An integer overflow was addressed with improved input
validation. This ...)
{DSA-5695-1}
@@ -219038,7 +219450,7 @@ CVE-2024-27833 (An integer overflow was addressed
with improved input validation
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
[bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be
sensibly backported)
NOTE: https://webkitgtk.org/security/WSA-2024-0005.html
-CVE-2024-27832 (The issue was addressed with improved checks. This issue is
fixed in t ...)
+CVE-2024-27832 (The issue was addressed with improved checks. This issue is
fixed in i ...)
NOT-FOR-US: Apple
CVE-2024-27831 (An out-of-bounds write issue was addressed with improved input
validat ...)
NOT-FOR-US: Apple
@@ -219056,15 +219468,15 @@ CVE-2024-27820 (The issue was addressed with
improved memory handling. This issu
NOTE: https://webkitgtk.org/security/WSA-2024-0005.html
CVE-2024-27819 (The issue was addressed by restricting options offered on a
locked dev ...)
NOT-FOR-US: Apple
-CVE-2024-27817 (The issue was addressed with improved checks. This issue is
fixed in m ...)
+CVE-2024-27817 (The issue was addressed with improved checks. This issue is
fixed in i ...)
NOT-FOR-US: Apple
CVE-2024-27815 (An out-of-bounds write issue was addressed with improved input
validat ...)
NOT-FOR-US: Apple
CVE-2024-27814 (This issue was addressed through improved state management.
This issue ...)
NOT-FOR-US: Apple
-CVE-2024-27812 (The issue was addressed with improvements to the file handling
protoco ...)
+CVE-2024-27812 (A logic issue was addressed with improved file handling. This
issue is ...)
NOT-FOR-US: Apple
-CVE-2024-27811 (The issue was addressed with improved checks. This issue is
fixed in t ...)
+CVE-2024-27811 (The issue was addressed with improved checks. This issue is
fixed in i ...)
NOT-FOR-US: Apple
CVE-2024-27808 (The issue was addressed with improved memory handling. This
issue is f ...)
{DSA-5695-1}
@@ -219082,13 +219494,13 @@ CVE-2024-27805 (An issue was addressed with
improved validation of environment v
NOT-FOR-US: Apple
CVE-2024-27802 (An out-of-bounds read was addressed with improved input
validation. Th ...)
NOT-FOR-US: Apple
-CVE-2024-27801 (The issue was addressed with improved checks. This issue is
fixed in t ...)
+CVE-2024-27801 (The issue was addressed with improved checks. This issue is
fixed in i ...)
NOT-FOR-US: Apple
CVE-2024-27800 (This issue was addressed by removing the vulnerable code. This
issue i ...)
NOT-FOR-US: Apple
CVE-2024-27799 (This issue was addressed with additional entitlement checks.
This issu ...)
NOT-FOR-US: Apple
-CVE-2024-23282 (The issue was addressed with improved checks. This issue is
fixed in m ...)
+CVE-2024-23282 (The issue was addressed with improved checks. This issue is
fixed in i ...)
NOT-FOR-US: Apple
CVE-2024-23251 (An authentication issue was addressed with improved state
management. ...)
NOT-FOR-US: Apple
@@ -229698,7 +230110,7 @@ CVE-2024-28165 (SAP Business Objects Business
Intelligence Platform is vulnerabl
NOT-FOR-US: SAP
CVE-2024-27852 (A privacy issue was addressed with improved client ID handling
for alt ...)
NOT-FOR-US: Apple
-CVE-2024-27847 (This issue was addressed with improved checks This issue is
fixed in i ...)
+CVE-2024-27847 (This issue was addressed with improved checks. This issue is
fixed in ...)
NOT-FOR-US: Apple
CVE-2024-27843 (A logic issue was addressed with improved checks. This issue
is fixed ...)
NOT-FOR-US: Apple
@@ -229712,7 +230124,7 @@ CVE-2024-27837 (A downgrade issue was addressed with
additional code-signing res
NOT-FOR-US: Apple
CVE-2024-27835 (This issue was addressed through improved state management.
This issue ...)
NOT-FOR-US: Apple
-CVE-2024-27834 (The issue was addressed with improved checks. This issue is
fixed in i ...)
+CVE-2024-27834 (The issue was addressed with improved checks. This issue is
fixed in S ...)
{DSA-5695-1}
- webkit2gtk 2.44.2-1
[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
@@ -249208,7 +249620,7 @@ CVE-2024-24156 (Cross Site Scripting (XSS)
vulnerability in Gnuboard g6 before G
NOT-FOR-US: Gnuboard
CVE-2024-23523 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-23298 (A logic issue was addressed with improved state management.)
+CVE-2024-23298 (A logic issue was addressed with improved state management.
This issue ...)
NOT-FOR-US: Apple
CVE-2024-22513 (djangorestframework-simplejwt version 5.3.1 and before is
vulnerable t ...)
- python-djangorestframework-simplejwt <unfixed> (unimportant; bug
#1067641)
@@ -251054,7 +251466,7 @@ CVE-2024-25327 (Cross Site Scripting (XSS)
vulnerability in Justice Systems Full
NOT-FOR-US: Justice Systems FullCourt Enterprise
CVE-2024-24035 (Cross Site Scripting (XSS) vulnerability in Setor Informatica
SIL 3.1 ...)
NOT-FOR-US: Setor Informatica SIL
-CVE-2024-23297 (The issue was addressed with improved checks. This issue is
fixed in t ...)
+CVE-2024-23297 (The issue was addressed with improved checks. This issue is
fixed in i ...)
NOT-FOR-US: Apple
CVE-2024-23295 (A permissions issue was addressed to help ensure Personas are
always p ...)
NOT-FOR-US: Apple
@@ -251100,9 +251512,9 @@ CVE-2024-23280 (An injection issue was addressed with
improved validation. This
NOTE: https://webkitgtk.org/security/WSA-2024-0002.html
CVE-2024-23279 (A privacy issue was addressed with improved private data
redaction for ...)
NOT-FOR-US: Apple
-CVE-2024-23278 (The issue was addressed with improved checks. This issue is
fixed in m ...)
+CVE-2024-23278 (The issue was addressed with improved checks. This issue is
fixed in i ...)
NOT-FOR-US: Apple
-CVE-2024-23277 (The issue was addressed with improved checks. This issue is
fixed in m ...)
+CVE-2024-23277 (The issue was addressed with improved checks. This issue is
fixed in i ...)
NOT-FOR-US: Apple
CVE-2024-23276 (A logic issue was addressed with improved checks. This issue
is fixed ...)
NOT-FOR-US: Apple
@@ -420855,11 +421267,11 @@ CVE-2021-43577 (Jenkins OWASP Dependency-Check
Plugin 5.1.1 and earlier does not
NOT-FOR-US: Jenkins plugin
CVE-2021-43576 (Jenkins pom2config Plugin 1.2 and earlier does not configure
its XML p ...)
NOT-FOR-US: Jenkins plugin
-CVE-2021-42744 (Philips MRI 1.5T and MRI 3T Version 5.x.x exposes sensitive
informatio ...)
+CVE-2021-42744 (Philips MRI 1.5T and MRI 3T Version 5.3 through 5.8.1 does not
restric ...)
NOT-FOR-US: Philips
-CVE-2021-26262 (Philips MRI 1.5T and MRI 3T Version 5.x.x does not restrict or
incorre ...)
+CVE-2021-26262 (Philips MRI 1.5T and MRI 3T Version 5.3 through 5.8.1 does not
restric ...)
NOT-FOR-US: Philips
-CVE-2021-26248 (Philips MRI 1.5T and MRI 3T Version 5.x.x assigns an owner who
is outs ...)
+CVE-2021-26248 (Philips MRI 1.5T and MRI 3T Version 5.3 through 5.8.1 does not
restric ...)
NOT-FOR-US: Philips
CVE-2021-3949
RESERVED
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2a24d5015a983094a7e593d29738b36314b3261e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2a24d5015a983094a7e593d29738b36314b3261e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
