Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d35a39bc by Salvatore Bonaccorso at 2026-05-12T21:44:10+02:00
Add new dovecot issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -255,7 +255,8 @@ CVE-2026-42048 (Langflow is a tool for building and
deploying AI-powered agents
CVE-2026-42045 (LobeHub is a work-and-lifestyle space to find, build, and
collaborate ...)
TODO: check
CVE-2026-42006 (An attacker can cause uncontrolled memory usage with excessive
bracing ...)
- TODO: check
+ - dovecot <unfixed>
+ NOTE: https://www.openwall.com/lists/oss-security/2026/05/12/6
CVE-2026-41895 (changedetection.io is a free open source web page change
detection too ...)
TODO: check
CVE-2026-41713 (A malicious user could craft input that is stored in
conversation memo ...)
@@ -393,9 +394,11 @@ CVE-2026-40357 (Deserialization of untrusted data in
Microsoft Office SharePoint
CVE-2026-40300 (Zulip is an open-source team collaboration tool. Prior to
12.0, With m ...)
TODO: check
CVE-2026-40020 (Attacker can use the IMAP SETACL command to inject the anyone
permissi ...)
- TODO: check
+ - dovecot <unfixed>
+ NOTE: https://www.openwall.com/lists/oss-security/2026/05/12/6
CVE-2026-40016 (Attacker can upload a malicious Sieve script over ManageSieve
service ...)
- TODO: check
+ - dovecot <unfixed>
+ NOTE: https://www.openwall.com/lists/oss-security/2026/05/12/6
CVE-2026-3604 (The WP SEO Structured Data Schema plugin for WordPress is
vulnerable t ...)
NOT-FOR-US: WordPress plugin
CVE-2026-39432 (Missing Authorization vulnerability in Arraytics Timetics
allows Explo ...)
@@ -541,7 +544,8 @@ CVE-2026-33833 (Improper neutralization of special elements
in output used by a
CVE-2026-33821 (Improper privilege management in Microsoft Dynamics 365
Customer Insig ...)
NOT-FOR-US: Microsoft
CVE-2026-33603 (Attacker can use a specially crafted base64 exchange between
Dovecot a ...)
- TODO: check
+ - dovecot <unfixed>
+ NOTE: https://www.openwall.com/lists/oss-security/2026/05/12/6
CVE-2026-33117 (Improper authentication in Azure SDK allows an unauthorized
attacker t ...)
NOT-FOR-US: Microsoft
CVE-2026-33112 (Deserialization of untrusted data in Microsoft Office
SharePoint allow ...)
@@ -645,7 +649,8 @@ CVE-2026-2300 (The BJ Lazy Load plugin for WordPress is
vulnerable to Stored Cro
CVE-2026-29204 (Insufficient ownership checks in `clientarea.php` allow an
authenticat ...)
TODO: check
CVE-2026-27851 (When safe filter is used with variable expansion, all
following pipeli ...)
- TODO: check
+ - dovecot <unfixed>
+ NOTE: https://www.openwall.com/lists/oss-security/2026/05/12/6
CVE-2026-27662 (Affected devices do not properly restrict access to the web
browser vi ...)
NOT-FOR-US: Siemens
CVE-2026-26083 (A missing authorization vulnerability in Fortinet FortiSandbox
5.0.0 t ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d35a39bc39e187a9227c9fc6c0d10c9ab228d133
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d35a39bc39e187a9227c9fc6c0d10c9ab228d133
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
