Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1156a753 by security tracker role at 2026-05-05T07:13:14+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,15 +1,363 @@
+CVE-2026-7824 (An issue was discovered in the PaperCut Hive Ricoh embedded
applicatio ...)
+ TODO: check
+CVE-2026-7823 (A security flaw has been discovered in Totolink A8000RU
7.1cu.643_b202 ...)
+ TODO: check
+CVE-2026-7822 (A vulnerability was identified in itsourcecode Courier
Management Syst ...)
+ TODO: check
+CVE-2026-7812 (A vulnerability was found in 54yyyu code-mcp up to
4cfc4643541a110c906 ...)
+ TODO: check
+CVE-2026-7811 (A vulnerability has been found in 54yyyu code-mcp up to
4cfc4643541a11 ...)
+ TODO: check
+CVE-2026-7810 (A flaw has been found in UsamaK98 python-notebook-mcp up to
a05a232815 ...)
+ TODO: check
+CVE-2026-7791 (Improper privilege management in the log rotation mechanism of
the Sky ...)
+ TODO: check
+CVE-2026-7788 (A security flaw has been discovered in Axle-Bucamp
MCP-Docusaurus up t ...)
+ TODO: check
+CVE-2026-7785 (A security flaw has been discovered in A-G-U-P-T-A
wireshark-mcp edaf6 ...)
+ TODO: check
+CVE-2026-7784 (A vulnerability has been found in RTGS2017 NagaAgent up to
5.1.0. This ...)
+ TODO: check
+CVE-2026-7783 (A flaw has been found in CodeCanyon Perfex CRM up to 3.4.1.
This vulne ...)
+ TODO: check
+CVE-2026-7782 (A vulnerability was detected in CodeCanyon Perfex CRM up to
3.4.1. Thi ...)
+ TODO: check
+CVE-2026-7781 (A security vulnerability has been detected in Open5GS up to
2.7.7. Aff ...)
+ TODO: check
+CVE-2026-7780 (A weakness has been identified in Open5GS up to 2.7.7. Affected
by thi ...)
+ TODO: check
+CVE-2026-7779 (A security flaw has been discovered in Open5GS up to 2.7.7.
Affected i ...)
+ TODO: check
+CVE-2026-7776 (Boundary Community Edition and Boundary Enterprise
(\u201cBoundary\u20 ...)
+ TODO: check
+CVE-2026-7768 (@fastify/accepts-serializer cached serializer-selection results
keyed ...)
+ TODO: check
+CVE-2026-7750 (A vulnerability was detected in Totolink N300RH
3.2.4-B20220812. This ...)
+ TODO: check
+CVE-2026-7749 (A security vulnerability has been detected in Totolink N300RH
3.2.4-B2 ...)
+ TODO: check
+CVE-2026-7748 (A weakness has been identified in Totolink N300RH
3.2.4-B20220812. Aff ...)
+ TODO: check
+CVE-2026-7747 (A security flaw has been discovered in Totolink N300RH
3.2.4-B20220812 ...)
+ TODO: check
+CVE-2026-7746 (A vulnerability was identified in SourceCodester Web-based
Pharmacy Pr ...)
+ TODO: check
+CVE-2026-7745 (A vulnerability was determined in CodeAstro Online Classroom
1.0. This ...)
+ TODO: check
+CVE-2026-7744 (A vulnerability was found in CodeAstro Online Classroom 1.0.
This affe ...)
+ TODO: check
+CVE-2026-7743 (A vulnerability has been found in CodeAstro Online Classroom
1.0. The ...)
+ TODO: check
+CVE-2026-7742 (A flaw has been found in CodeAstro Online Classroom 1.0. The
affected ...)
+ TODO: check
+CVE-2026-7741 (A vulnerability was detected in CodeAstro Online Classroom 1.0.
Impact ...)
+ TODO: check
+CVE-2026-7482 (Ollama before 0.17.1 contains a heap out-of-bounds read
vulnerability ...)
+ TODO: check
+CVE-2026-6704 (The Blog Settings plugin for WordPress is vulnerable to
Reflected Cros ...)
+ TODO: check
+CVE-2026-6702 (The Publish 2 Ping.fm plugin for WordPress is vulnerable to
Cross-Site ...)
+ TODO: check
+CVE-2026-6701 (The addfreespace plugin for WordPress is vulnerable to
Cross-Site Requ ...)
+ TODO: check
+CVE-2026-6700 (The DX Sources plugin for WordPress is vulnerable to Cross-Site
Reques ...)
+ TODO: check
+CVE-2026-6696 (The Zingaya Click-to-Call plugin for WordPress is vulnerable to
Reflec ...)
+ TODO: check
+CVE-2026-6501 (Improper restriction of XML external entity reference
vulnerability in ...)
+ TODO: check
+CVE-2026-6500 (Plaintext storage of a password vulnerability in ILM
Informatique Open ...)
+ TODO: check
+CVE-2026-6499 (Incorrect Permission Assignment for Critical Resource
vulnerability in ...)
+ TODO: check
+CVE-2026-6418 (An issue was discovered in the Shared Account Synchronization
componen ...)
+ TODO: check
+CVE-2026-6321 (fast-uri decoded percent-encoded path separators and dot
segments befo ...)
+ TODO: check
+CVE-2026-6266 (A flaw was found in the AAP gateway. The user auto-link
strategy, intr ...)
+ TODO: check
+CVE-2026-6255 (The Simple Owl Shortcodes plugin for WordPress is vulnerable to
Stored ...)
+ TODO: check
+CVE-2026-6180 (A race condition exists in PaperCut MF when processing
badge-swipe dat ...)
+ TODO: check
+CVE-2026-5957 (The EmailKit plugin for WordPress is vulnerable to Arbitrary
File Read ...)
+ TODO: check
+CVE-2026-5722 (The MoreConvert Pro plugin for WordPress is vulnerable to
Authenticati ...)
+ TODO: check
+CVE-2026-5505 (The WP-Clippy plugin for WordPress is vulnerable to Stored
Cross-Site ...)
+ TODO: check
+CVE-2026-5294 (The Geeky Bot plugin for WordPress is vulnerable to Missing
Authorizat ...)
+ TODO: check
+CVE-2026-5247 (The Schedule Post Changes With PublishPress Future plugin for
WordPres ...)
+ TODO: check
+CVE-2026-5192 (The Forminator Forms \u2013 Contact Form, Payment Form & Custom
Form B ...)
+ TODO: check
+CVE-2026-5159 (The Royal Addons for Elementor plugin for WordPress is
vulnerable to S ...)
+ TODO: check
+CVE-2026-5100 (The AWP Classifieds plugin for WordPress is vulnerable to SQL
Injectio ...)
+ TODO: check
+CVE-2026-4928
+ REJECTED
+CVE-2026-4803 (The Royal Elementor Addons plugin for WordPress is vulnerable
to Store ...)
+ TODO: check
+CVE-2026-4730 (The Charts Ninja: Create Beautiful Graphs & Charts and Easily
Add Them ...)
+ TODO: check
+CVE-2026-4665 (The WP Carousel Free plugin for WordPress is vulnerable to
Stored Cros ...)
+ TODO: check
+CVE-2026-4409 (The Subscribe To Comments Reloaded plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2026-4362 (The ElementsKit Elementor Addons plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2026-44029 (An issue was discovered in Nix before 2.34.7. Writing to
arbitrary fil ...)
+ TODO: check
+CVE-2026-44028 (An issue was discovered in Nix before 2.34.7 and Lix before
2.95.2. Un ...)
+ TODO: check
+CVE-2026-43616 (Detect-It-Easy prior to 3.21 contains a path traversal
vulnerability t ...)
+ TODO: check
+CVE-2026-42812 (In Apache Iceberg, the table's metadata files are control
files: they ...)
+ TODO: check
+CVE-2026-42811 (In plain terms, Apache Polaris is supposed to issue
short-lived GCS cr ...)
+ TODO: check
+CVE-2026-42810 (Apache Polaris accepts literal `*` characters in namespace and
table n ...)
+ TODO: check
+CVE-2026-42809 (Apache Polaris can issue broad temporary ("vended") storage
credential ...)
+ TODO: check
+CVE-2026-42796 (Arelle before 2.39.10 contains an unauthenticated remote code
executio ...)
+ TODO: check
+CVE-2026-42440 (OOM Denial of Service via Unbounded Array Allocation in Apache
OpenNLP ...)
+ TODO: check
+CVE-2026-42376 (D-Link DIR-456U Hardware Revision A1 (End-of-Life, EOL)
contains a har ...)
+ TODO: check
+CVE-2026-42375 (D-Link DIR-600L Hardware Revision A1 (End-of-Life) contains a
hardcode ...)
+ TODO: check
+CVE-2026-42374 (D-Link DIR-600L Hardware Revision B1 (End-of-Life) contains a
hardcode ...)
+ TODO: check
+CVE-2026-42373 (D-Link DIR-605L Hardware Revision B2 (End-of-Life, EOL)
contains a har ...)
+ TODO: check
+CVE-2026-42372 (D-Link DIR-605L Hardware Revision A1 (End-of-Life, EOL)
contains a har ...)
+ TODO: check
+CVE-2026-42238 (Nginx UI is a web user interface for the Nginx web server.
Prior to ve ...)
+ TODO: check
+CVE-2026-42237 (n8n is an open source workflow automation platform. Prior to
versions ...)
+ TODO: check
+CVE-2026-42236 (n8n is an open source workflow automation platform. Prior to
versions ...)
+ TODO: check
+CVE-2026-42235 (n8n is an open source workflow automation platform. Prior to
versions ...)
+ TODO: check
+CVE-2026-42234 (n8n is an open source workflow automation platform. Prior to
versions ...)
+ TODO: check
+CVE-2026-42233 (n8n is an open source workflow automation platform. Prior to
versions ...)
+ TODO: check
+CVE-2026-42232 (n8n is an open source workflow automation platform. Prior to
versions ...)
+ TODO: check
+CVE-2026-42231 (n8n is an open source workflow automation platform. Prior to
versions ...)
+ TODO: check
+CVE-2026-42230 (n8n is an open source workflow automation platform. Prior to
versions ...)
+ TODO: check
+CVE-2026-42229 (n8n is an open source workflow automation platform. Prior to
versions ...)
+ TODO: check
+CVE-2026-42228 (n8n is an open source workflow automation platform. Prior to
versions ...)
+ TODO: check
+CVE-2026-42227 (n8n is an open source workflow automation platform. Prior to
versions ...)
+ TODO: check
+CVE-2026-42226 (n8n is an open source workflow automation platform. Prior to
versions ...)
+ TODO: check
+CVE-2026-42223 (Nginx UI is a web user interface for the Nginx web server.
Prior to ve ...)
+ TODO: check
+CVE-2026-42222 (Nginx UI is a web user interface for the Nginx web server. In
version ...)
+ TODO: check
+CVE-2026-42221 (Nginx UI is a web user interface for the Nginx web server.
From versio ...)
+ TODO: check
+CVE-2026-42220 (Nginx UI is a web user interface for the Nginx web server.
Prior to ve ...)
+ TODO: check
+CVE-2026-42154 (Prometheus is an open-source monitoring system and time series
databas ...)
+ TODO: check
+CVE-2026-42151 (Prometheus is an open-source monitoring system and time series
databas ...)
+ TODO: check
+CVE-2026-42146 (CImg Library is a C++ library for image processing. Prior to
commit c3 ...)
+ TODO: check
+CVE-2026-42144 (CImg Library is a C++ library for image processing. Prior to
commit 4c ...)
+ TODO: check
+CVE-2026-42140 (PlantUML Macro is a macro for rendering UML diagrams from
simple textu ...)
+ TODO: check
+CVE-2026-42138 (Dify is an open-source LLM app development platform. Prior to
version ...)
+ TODO: check
+CVE-2026-42092 (titra is an open source time tracking project. In version
0.99.52, the ...)
+ TODO: check
+CVE-2026-42091 (goshs is a SimpleHTTPServer written in Go. Prior to version
2.0.2, the ...)
+ TODO: check
+CVE-2026-42090 (Notesnook is a note-taking app focused on user privacy & ease
of use. ...)
+ TODO: check
+CVE-2026-42088 (OpenC3 COSMOS provides the functionality needed to send
commands to an ...)
+ TODO: check
+CVE-2026-42087 (OpenC3 COSMOS provides the functionality needed to send
commands to an ...)
+ TODO: check
+CVE-2026-42086 (OpenC3 COSMOS provides the functionality needed to send
commands to an ...)
+ TODO: check
+CVE-2026-42085 (OpenC3 COSMOS provides the functionality needed to send
commands to an ...)
+ TODO: check
+CVE-2026-42084 (OpenC3 COSMOS provides the functionality needed to send
commands to an ...)
+ TODO: check
+CVE-2026-42080 (PPTAgent is an agentic framework for reflective PowerPoint
generation. ...)
+ TODO: check
+CVE-2026-42079 (PPTAgent is an agentic framework for reflective PowerPoint
generation. ...)
+ TODO: check
+CVE-2026-42078 (PPTAgent is an agentic framework for reflective PowerPoint
generation. ...)
+ TODO: check
+CVE-2026-42077 (Evolver is a GEP-powered self-evolving engine for AI agents.
Prior to ...)
+ TODO: check
+CVE-2026-42076 (Evolver is a GEP-powered self-evolving engine for AI agents.
Prior to ...)
+ TODO: check
+CVE-2026-42075 (Evolver is a GEP-powered self-evolving engine for AI agents.
Prior to ...)
+ TODO: check
+CVE-2026-42052 (Beets is the media library management system. Prior to version
2.10.0, ...)
+ TODO: check
+CVE-2026-42027 (Arbitrary Class Instantiation via Model Manifest in Apache
OpenNLP Ext ...)
+ TODO: check
+CVE-2026-41927 (WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02)
contains a stac ...)
+ TODO: check
+CVE-2026-41926 (WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02)
contains an OS ...)
+ TODO: check
+CVE-2026-41925 (WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02)
contains an OS ...)
+ TODO: check
+CVE-2026-41924 (WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02)
contains an OS ...)
+ TODO: check
+CVE-2026-41923 (WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02)
contains an OS ...)
+ TODO: check
+CVE-2026-41922 (WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02)
contains an OS ...)
+ TODO: check
+CVE-2026-41686 (Claude SDK for TypeScript provides access to the Claude API
from serve ...)
+ TODO: check
+CVE-2026-41572 (Note Mark is an open-source note-taking application. Prior to
version ...)
+ TODO: check
+CVE-2026-41571 (Note Mark is an open-source note-taking application. In
version 0.19.2 ...)
+ TODO: check
+CVE-2026-41471 (Easy PayPal Events & Tickets plugin for WordPress versions 1.3
and ear ...)
+ TODO: check
+CVE-2026-40797 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2026-40682 (XML External Entity (XXE) via Unsanitized Dictionary Parsing
in Apache ...)
+ TODO: check
+CVE-2026-40563 (Description: Improper Control of Generation of Code ('Code
Injection') ...)
+ TODO: check
+CVE-2026-3456 (The GeekyBot \u2014 Generate AI Content Without Prompt, Chatbot
and Le ...)
+ TODO: check
+CVE-2026-3454 (The GenerateBlocks plugin for WordPress is vulnerable to
Insecure Dire ...)
+ TODO: check
+CVE-2026-3120 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
+ TODO: check
+CVE-2026-38751 (OpenSTAManager version 2.10 and earlier contains an arbitrary
file upl ...)
+ TODO: check
+CVE-2026-38669 (wCMS v.1.4 is vulnerable to Cross Site Scripting (XSS) when
creating a ...)
+ TODO: check
+CVE-2026-37461 (An out-of-bounds read in the ParseIP6Extended function
(/bgp/bgp.go) o ...)
+ TODO: check
+CVE-2026-37459 (An integer underflow in FRRouting (FRR) stable/10.0 to
stable/10.6 all ...)
+ TODO: check
+CVE-2026-37458 (Missing input validation in the MP_REACH_NLRI component of
FRRouting ( ...)
+ TODO: check
+CVE-2026-36365 (An issue in Lymphatus caesium-image-compressor All versions up
to and ...)
+ TODO: check
+CVE-2026-35228 (Vulnerability in the Oracle MCP Server Helper Tool product of
Oracle O ...)
+ TODO: check
+CVE-2026-34882
+ REJECTED
+CVE-2026-34059 (Buffer Over-read vulnerability in Apache HTTP Server. This
issue affe ...)
+ TODO: check
+CVE-2026-34032 (Improper Null Termination, Out-of-bounds Read vulnerability in
Apache ...)
+ TODO: check
+CVE-2026-33857 (Out-of-bounds Read vulnerability in mod_proxy_ajp of Apache
HTTP Ser ...)
+ TODO: check
+CVE-2026-33523 (HTTP response splitting vulnerability in multiple Apache HTTP
Server m ...)
+ TODO: check
+CVE-2026-33007 (A NULL pointer dereference in the mod_authn_socache in Apache
HTTP Ser ...)
+ TODO: check
+CVE-2026-33006 (A timing attack against mod_auth_digest in Apache HTTP Server
2.4.66 a ...)
+ TODO: check
+CVE-2026-32834 (Easy PayPal Events & Tickets plugin for WordPress version 1.3
and earl ...)
+ TODO: check
+CVE-2026-31205 (Cross Site Scripting vulnerability in Pluck CMS before
v.4.7.21dev all ...)
+ TODO: check
+CVE-2026-2948 (The Gutenverse \u2013 Ultimate WordPress FSE Blocks Addons &
Ecosystem ...)
+ TODO: check
+CVE-2026-2868 (The Gutenverse \u2013 Ultimate WordPress FSE Blocks Addons &
Ecosystem ...)
+ TODO: check
+CVE-2026-2828
+ REJECTED
+CVE-2026-2729 (The Forminator plugin for WordPress is vulnerable to
authorization byp ...)
+ TODO: check
+CVE-2026-29514 (NetBox versions 4.3.5 through 4.5.4 contain a remote code
execution vu ...)
+ TODO: check
+CVE-2026-29169 (A NULL pointer dereference in mod_dav_lock in Apache HTTP
Server 2.4.6 ...)
+ TODO: check
+CVE-2026-29004 (BusyBox before commit 42202bf contains a heap buffer overflow
vulnerab ...)
+ TODO: check
+CVE-2026-26956 (vm2 is an open source vm/sandbox for Node.js. In version
3.10.4, vm2 i ...)
+ TODO: check
+CVE-2026-26332 (vm2 is an open source vm/sandbox for Node.js. Prior to version
3.11.0, ...)
+ TODO: check
+CVE-2026-25863 (Conditional Fields for Contact Form 7 WordPress plugin through
version ...)
+ TODO: check
+CVE-2026-25293 (Buffer overflow due to incorrect authorization in PLC FW)
+ TODO: check
+CVE-2026-25266 (Memory corruption while processing IOCTL command when device
is in pow ...)
+ TODO: check
+CVE-2026-24781 (vm2 is an open source vm/sandbox for Node.js. Prior to version
3.11.0, ...)
+ TODO: check
+CVE-2026-24120 (vm2 is an open source vm/sandbox for Node.js. Prior to version
3.10.5, ...)
+ TODO: check
+CVE-2026-24118 (vm2 is an open source vm/sandbox for Node.js. Prior to version
3.11.0, ...)
+ TODO: check
+CVE-2026-24082 (Memory Corruption when copying data from a freed source while
executin ...)
+ TODO: check
+CVE-2026-24072 (An escalation of privilege bug in various modules in Apache
HTTP 2.4.6 ...)
+ TODO: check
+CVE-2026-23918 (Double Free and possible RCE vulnerability in Apache HTTP
Server with ...)
+ TODO: check
+CVE-2026-1921 (The Loco Translate plugin for WordPress is vulnerable to Path
Traversa ...)
+ TODO: check
+CVE-2026-0073 (In adbd_tls_verify_cert of auth.cpp, there is a possible bypass
of wir ...)
+ TODO: check
+CVE-2025-70072 (An issue in Assimp v.6.0.2 allows a remote attacker to cause a
denial ...)
+ TODO: check
+CVE-2025-70071 (An issue in Assimp v.6.0.2 allows a remote attacker to cause a
denial ...)
+ TODO: check
+CVE-2025-67796 (IKUS Rdiffweb before 2.10.5 has an improper authorization flaw
that al ...)
+ TODO: check
+CVE-2025-58074 (A privilege escalation vulnerability exists during the
installation of ...)
+ TODO: check
+CVE-2025-47408 (Memory corruption when another driver calls an IOCTL with
invalid inpu ...)
+ TODO: check
+CVE-2025-47407 (Memory corruption while creating a process on the digital
signal proce ...)
+ TODO: check
+CVE-2025-47406 (Information Disclosure while processing IOCTL handler
callbacks withou ...)
+ TODO: check
+CVE-2025-47405 (Memory corruption when processing camera sensor input/output
control c ...)
+ TODO: check
+CVE-2025-47404 (Memory corruption when dynamically changing the size of a
previously a ...)
+ TODO: check
+CVE-2025-47403 (Transient DOS when processing a malformed Fast Transition
response fra ...)
+ TODO: check
+CVE-2025-47401 (Transient DOS when processing target power rate tables during
channel ...)
+ TODO: check
+CVE-2025-14320 (Improper neutralization of input during web page generation
('cross-si ...)
+ TODO: check
+CVE-2025-13618 (The Mentoring plugin for WordPress is vulnerable to privilege
escalati ...)
+ TODO: check
+CVE-2025-13605 (3onedata modbus gateway device modelGW1101-1D(RS-485)-TB-P
(hardware v ...)
+ TODO: check
CVE-2026-43870
[experimental] - thrift 0.23.0-1
- thrift <unfixed> (unimportant)
NOTE: https://www.openwall.com/lists/oss-security/2026/05/05/4
NOTE: nodejs bindings not built in Debian package
-CVE-2025-70070
+CVE-2025-70070 (An issue in Assimp v.6.0.2 allows a remote attacker to cause a
denial ...)
- assimp <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2465295
-CVE-2025-70069
+CVE-2025-70069 (An issue in Assimp v.6.0.2 allows a remote attacker to cause a
denial ...)
- assimp <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2465306
-CVE-2025-70067
+CVE-2025-70067 (Buffer Overflow vulnerability exists in Assimp versions up to
6.0.2 in ...)
- assimp <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2465308
CVE-2026-43868
@@ -17,7 +365,7 @@ CVE-2026-43868
- thrift <unfixed> (unimportant)
NOTE: https://www.openwall.com/lists/oss-security/2026/05/05/2
NOTE: rust bindings not built in Debian package
-CVE-2026-43964 [buffer over-read when Postfix an enhanced status code is not
followed by other text]
+CVE-2026-43964 (Postfix before 3.8.16, 3.9 before 3.9.10, and 3.10 before
3.10.9 somet ...)
- postfix <unfixed> (bug #1135718)
NOTE:
https://www.mail-archive.com/[email protected]/msg00110.html
NOTE: https://www.openwall.com/lists/oss-security/2026/05/04/25
@@ -656,19 +1004,19 @@ CVE-2026-XXXX [RUSTSEC-2026-0115]
- rust-imageproc <unfixed> (bug #1135371)
NOTE: https://rustsec.org/advisories/RUSTSEC-2026-0115.html
CVE-2026-41685
- {DSA-6244-1}
+ {DSA-6247-1 DSA-6244-1}
- incus <unfixed> (bug #1135644)
- lxd <removed>
NOTE:
https://github.com/lxc/incus/security/advisories/GHSA-98vh-x9cx-9cfp
NOTE: https://github.com/lxc/incus/pull/3273
CVE-2026-41684
- {DSA-6244-1}
+ {DSA-6247-1 DSA-6244-1}
- incus <unfixed> (bug #1135644)
- lxd <removed>
NOTE:
https://github.com/lxc/incus/security/advisories/GHSA-x5r6-jr56-89pv
NOTE: https://github.com/lxc/incus/pull/3273
CVE-2026-41648
- {DSA-6244-1}
+ {DSA-6247-1 DSA-6244-1}
- incus <unfixed> (bug #1135644)
- lxd <removed>
NOTE:
https://github.com/lxc/incus/security/advisories/GHSA-67wx-r9xr-x75x
@@ -679,7 +1027,7 @@ CVE-2026-41647
NOTE:
https://github.com/lxc/incus/security/advisories/GHSA-fwj8-62r8-8p8m
NOTE: https://github.com/lxc/incus/pull/3273
CVE-2026-40251
- {DSA-6244-1}
+ {DSA-6247-1 DSA-6244-1}
- incus <unfixed> (bug #1135644)
- lxd <removed>
NOTE:
https://github.com/lxc/incus/security/advisories/GHSA-4m88-wxj4-9qj6
@@ -690,7 +1038,7 @@ CVE-2026-40243
NOTE:
https://github.com/lxc/incus/security/advisories/GHSA-c839-4qxr-j4x3
NOTE: https://github.com/lxc/incus/pull/3273
CVE-2026-40197
- {DSA-6244-1}
+ {DSA-6247-1 DSA-6244-1}
- incus <unfixed> (bug #1135644)
- lxd <removed>
NOTE:
https://github.com/lxc/incus/security/advisories/GHSA-r7w7-mmxr-47r9
@@ -2182,7 +2530,7 @@ CVE-2026-42009
NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1848
NOTE: Fixed by:
https://gitlab.com/gnutls/gnutls/-/commit/f01e21441e29052a6f0963840794c41d3b3ee66d
(3.8.13)
NOTE: Fixed by:
https://gitlab.com/gnutls/gnutls/-/commit/f341441fad91142897d83b44a175ffc8f925b76f
(3.8.13)
-CVE-2026-33846
+CVE-2026-33846 (A heap buffer overflow vulnerability exists in the DTLS
handshake frag ...)
- gnutls28 3.8.13-1 (bug #1135319)
NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-1
NOTE: https://gitlab.com/gnutls/gnutls/-/work_items/1816
@@ -2782,7 +3130,7 @@ CVE-2026-7324 (Memory safety bugs present in Thunderbird
150.0.0. Some of these
- firefox 150.0.1-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-35/#CVE-2026-7324
CVE-2026-7323 (Memory safety bugs present in Thunderbird ESR 140.10.0 and
Thunderbird ...)
- {DSA-6242-1 DSA-6236-1 DLA-4555-1}
+ {DSA-6242-1 DSA-6236-1 DLA-4562-1 DLA-4555-1}
- firefox 150.0.1-1
- firefox-esr 140.10.1esr-1
- thunderbird 1:140.10.1esr-1
@@ -2790,7 +3138,7 @@ CVE-2026-7323 (Memory safety bugs present in Thunderbird
ESR 140.10.0 and Thunde
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-36/#CVE-2026-7323
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-39/#CVE-2026-7323
CVE-2026-7322 (Memory safety bugs present in Thunderbird ESR 140.10.0 and
Thunderbird ...)
- {DSA-6242-1 DSA-6236-1 DLA-4555-1}
+ {DSA-6242-1 DSA-6236-1 DLA-4562-1 DLA-4555-1}
- firefox 150.0.1-1
- firefox-esr 140.10.1esr-1
- thunderbird 1:140.10.1esr-1
@@ -2798,13 +3146,13 @@ CVE-2026-7322 (Memory safety bugs present in
Thunderbird ESR 140.10.0 and Thunde
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-36/#CVE-2026-7322
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-39/#CVE-2026-7322
CVE-2026-7321 (Sandbox escape due to incorrect boundary conditions in the
WebRTC: Net ...)
- {DSA-6242-1 DSA-6236-1 DLA-4555-1}
+ {DSA-6242-1 DSA-6236-1 DLA-4562-1 DLA-4555-1}
- firefox-esr 140.10.1esr-1
- thunderbird 1:140.10.1esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-36/#CVE-2026-7321
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-39/#CVE-2026-7321
CVE-2026-7320 (Information disclosure due to incorrect boundary conditions in
the Aud ...)
- {DSA-6242-1 DSA-6236-1 DLA-4555-1}
+ {DSA-6242-1 DSA-6236-1 DLA-4562-1 DLA-4555-1}
- firefox 150.0.1-1
- firefox-esr 140.10.1esr-1
- thunderbird 1:140.10.1esr-1
@@ -5084,7 +5432,7 @@ CVE-2026-6886 (Borg SPM 2007 (Sales Ended in
2008)developed by BorG Technology C
NOT-FOR-US: Borg SPM
CVE-2026-6885 (Borg SPM 2007 (Sales Ended in 2008) developed by BorG
Technology Corpo ...)
NOT-FOR-US: Borg SPM
-CVE-2026-6074 (A path traversal condition in Intrado 911 Emergency Gateway
could allo ...)
+CVE-2026-6074 (Intrado 911 Emergency Gateway (EGW) 5.x, 6.x, and 7.x contain a
path t ...)
NOT-FOR-US: Intrado 911 Emergency Gateway
CVE-2026-5464 (The ExactMetrics \u2013 Google Analytics Dashboard for
WordPress (Webs ...)
NOT-FOR-US: WordPress plugin
@@ -18731,6 +19079,7 @@ CVE-2026-5122 (A security flaw has been discovered in
osrg GoBGP up to 4.3.0. Th
NOTE: https://github.com/osrg/gobgp/pull/3343
NOTE: Fixed by:
https://github.com/osrg/gobgp/commit/2b09db390a3d455808363c53e409afe6b1b86d2d
(v4.4.0)
CVE-2026-5121 (A flaw was found in libarchive. On 32-bit systems, an integer
overflow ...)
+ {DLA-4563-1}
- libarchive 3.8.7-1 (bug #1133002)
[trixie] - libarchive <no-dsa> (Minor issue)
[bookworm] - libarchive <no-dsa> (Minor issue)
@@ -25447,12 +25796,14 @@ CVE-2026-3842
CVE-2026-4427
REJECTED
CVE-2026-4426 (A flaw was found in libarchive. An Undefined Behavior
vulnerability ex ...)
+ {DLA-4563-1}
- libarchive 3.8.7-1 (bug #1131444)
[trixie] - libarchive <postponed> (Minor issue, revisit when fixed
upstream)
[bookworm] - libarchive <postponed> (Minor issue, revisit when fixed
upstream)
NOTE: https://github.com/libarchive/libarchive/pull/2897
NOTE: Fixed by:
https://github.com/libarchive/libarchive/commit/c3cb1c568ebf9e8f7f478cfc0356ae54e99712b0
CVE-2026-4424 (A flaw was found in libarchive. This heap out-of-bounds read
vulnerabi ...)
+ {DLA-4563-1}
- libarchive 3.8.7-1 (bug #1131446)
[trixie] - libarchive <no-dsa> (Minor issue)
[bookworm] - libarchive <no-dsa> (Minor issue)
@@ -27394,6 +27745,7 @@ CVE-2026-0385 (Microsoft Edge (Chromium-based) for
Android Spoofing Vulnerabilit
CVE-2025-15060 (claude-hovercraft executeClaudeCode Command Injection Remote
Code Exec ...)
NOT-FOR-US: claude-hovercraft executeClaudeCode
CVE-2026-4111 (A flaw was identified in the RAR5 archive decompression logic
of the l ...)
+ {DLA-4563-1}
- libarchive 3.8.6-1 (bug #1130753)
[trixie] - libarchive <no-dsa> (Minor issue)
[bookworm] - libarchive <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1156a753ff1a094e7f14d2e8fa1c1078eb63f6a3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1156a753ff1a094e7f14d2e8fa1c1078eb63f6a3
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
