Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
cc9855a6 by security tracker role at 2026-05-13T07:13:08+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,357 @@
+CVE-2026-8449 (Linux ksmbd contains a remote memory corruption vulnerability
in the A ...)
+ TODO: check
+CVE-2026-8336 (After invoking $_internalJsEmit, which is not intended to be
directly ...)
+ TODO: check
+CVE-2026-8202 (Using a densely populated chars mask and a large input string
in the M ...)
+ TODO: check
+CVE-2026-8201 (A use-after-free vulnerability exists in MongoDB's Field-Level
Encrypt ...)
+ TODO: check
+CVE-2026-8200 (When schema validation is enabled on a collection and an update
or ins ...)
+ TODO: check
+CVE-2026-8199 (An authenticated user can cause excess memory usage via bitwise
match ...)
+ TODO: check
+CVE-2026-8108 (The installation of Fuji Tellus adds a driver to the kernel
which gran ...)
+ TODO: check
+CVE-2026-8053 (An issue in MongoDB Server's time-series collection
implementation all ...)
+ TODO: check
+CVE-2026-8052 (HashiCorp Nomad\u2019s exec2 task driver prior to 0.1.2 is
vulnerable ...)
+ TODO: check
+CVE-2026-7635 (The coreActivity: Activity Logging for WordPress plugin for
WordPress ...)
+ TODO: check
+CVE-2026-7619 (The Charitable \u2013 Donation Plugin for WordPress \u2013
Fundraising ...)
+ TODO: check
+CVE-2026-7474 (HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are
vulnerable to ...)
+ TODO: check
+CVE-2026-7051 (The Blog2Social: Social Media Auto Post & Scheduler plugin for
WordPre ...)
+ TODO: check
+CVE-2026-6965 (The Tutor LMS \u2013 eLearning and online course solution
plugin for W ...)
+ TODO: check
+CVE-2026-6962 (The Cost of Goods: Product Cost & Profit Calculator for
WooCommerce pl ...)
+ TODO: check
+CVE-2026-6959 (HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are
vulnerable to ...)
+ TODO: check
+CVE-2026-6929 (The JoomSport \u2013 for Sports: Team & League, Football,
Hockey & mor ...)
+ TODO: check
+CVE-2026-6888 (Successful exploitation of the SQL injection vulnerability
could allow ...)
+ TODO: check
+CVE-2026-6828 (The Fluent Forms \u2013 Customizable Contact Forms, Survey,
Quiz, & Co ...)
+ TODO: check
+CVE-2026-5371 (The MonsterInsights \u2013 Google Analytics Dashboard for
WordPress (W ...)
+ TODO: check
+CVE-2026-45227 (Heym before 0.0.21 contains a sandbox escape vulnerability in
the cust ...)
+ TODO: check
+CVE-2026-45226 (Heym before 0.0.21 contains an authorization bypass
vulnerability in w ...)
+ TODO: check
+CVE-2026-45225 (Heym before 0.0.21 contains a path traversal vulnerability in
the file ...)
+ TODO: check
+CVE-2026-44874 (A vulnerability exists in the web-based management interface
of an AOS ...)
+ TODO: check
+CVE-2026-44873 (A session management vulnerability in AOS-8 allows previously
authenti ...)
+ TODO: check
+CVE-2026-44872 (A command injection vulnerability exists in the web-based
management i ...)
+ TODO: check
+CVE-2026-44871 (Command injection vulnerabilities exist in the command line
interface ...)
+ TODO: check
+CVE-2026-44870 (Command injection vulnerabilities exist in the command line
interface ...)
+ TODO: check
+CVE-2026-44869 (Command injection vulnerabilities exist in the web-based
management in ...)
+ TODO: check
+CVE-2026-44868 (Command injection vulnerabilities exist in the web-based
management in ...)
+ TODO: check
+CVE-2026-44867 (Command injection vulnerabilities exist in the web-based
management in ...)
+ TODO: check
+CVE-2026-44866 (Command injection vulnerabilities exist in the web-based
management in ...)
+ TODO: check
+CVE-2026-44865 (Command injection vulnerabilities exist in the web-based
management in ...)
+ TODO: check
+CVE-2026-44864 (SQL injection vulnerabilities exist in several underlying
service comp ...)
+ TODO: check
+CVE-2026-44863 (SQL injection vulnerabilities exist in several underlying
service comp ...)
+ TODO: check
+CVE-2026-44862 (SQL injection vulnerabilities exist in several underlying
service comp ...)
+ TODO: check
+CVE-2026-44861 (SQL injection vulnerabilities exist in several underlying
service comp ...)
+ TODO: check
+CVE-2026-44860 (SQL injection vulnerabilities exist in several underlying
service comp ...)
+ TODO: check
+CVE-2026-44859 (Stack-based buffer overflow vulnerabilities exist in several
underlyin ...)
+ TODO: check
+CVE-2026-44858 (Stack-based buffer overflow vulnerabilities exist in several
underlyin ...)
+ TODO: check
+CVE-2026-44857 (Stack-based buffer overflow vulnerabilities exist in several
underlyin ...)
+ TODO: check
+CVE-2026-44856 (Stack-based buffer overflow vulnerabilities exist in several
underlyin ...)
+ TODO: check
+CVE-2026-44855 (Stack-based buffer overflow vulnerabilities exist in several
underlyin ...)
+ TODO: check
+CVE-2026-44854 (Command injection vulnerabilities exist in the web-based
management in ...)
+ TODO: check
+CVE-2026-44853 (Command injection vulnerabilities exist in the web-based
management in ...)
+ TODO: check
+CVE-2026-44852 (An authenticated remote code execution vulnerability exists in
the AOS ...)
+ TODO: check
+CVE-2026-44612 (Bytello Share (Windows Edition) installer executable provided
by Bytel ...)
+ TODO: check
+CVE-2026-44548 (ChurchCRM is an open-source church management system. Prior to
7.3.2, ...)
+ TODO: check
+CVE-2026-44547 (ChurchCRM is an open-source church management system. From
7.2.0 to 7. ...)
+ TODO: check
+CVE-2026-44403 (Wing FTP Server 8.1.2 contains an authenticated remote code
execution ...)
+ TODO: check
+CVE-2026-44352 (Flowsint is an open-source OSINT graph exploration tool
designed for c ...)
+ TODO: check
+CVE-2026-44347 (Warpgate is an open source SSH, HTTPS and MySQL bastion host
for Linux ...)
+ TODO: check
+CVE-2026-44341 (GoJobs is a REST API for a Job Board platform. The application
exposes ...)
+ TODO: check
+CVE-2026-44307 (Mako is a template library written in Python. Prior to 1.3.12,
on Wind ...)
+ TODO: check
+CVE-2026-44306 (Statamic is a Laravel and Git powered content management
system (CMS). ...)
+ TODO: check
+CVE-2026-44305 (Lemur manages TLS certificate creation. Prior to 1.9.0, when
LDAP TLS ...)
+ TODO: check
+CVE-2026-44304 (Lemur manages TLS certificate creation. Prior to 1.9.0,
Lemur's LDAP a ...)
+ TODO: check
+CVE-2026-44302 (Snappier is a high performance C# implementation of the Snappy
compres ...)
+ TODO: check
+CVE-2026-44301 (Hugo is a static site generator. From 0.43 to before 0.161.0,
when bui ...)
+ TODO: check
+CVE-2026-44296 (Deskflow is a keyboard and mouse sharing app. Prior to
1.26.0.167, a r ...)
+ TODO: check
+CVE-2026-44262 (Scramble generates API documentation for Laravel project. From
0.13.2 ...)
+ TODO: check
+CVE-2026-44260 (efw4.X is an Enterprise Framework for Web. Prior to 4.08.010,
the read ...)
+ TODO: check
+CVE-2026-44259 (efw4.X is an Enterprise Framework for Web. Prior to 4.08.010,
the prev ...)
+ TODO: check
+CVE-2026-44258 (efw4.X is an Enterprise Framework for Web. Prior to 4.08.010,
the elfi ...)
+ TODO: check
+CVE-2026-44257 (efw4.X is an Enterprise Framework for Web. Prior to 4.08.010,
efw.file ...)
+ TODO: check
+CVE-2026-44246 (nnU-Net is a semantic segmentation framework that
automatically adapts ...)
+ TODO: check
+CVE-2026-44245 (Kyverno is a policy engine designed for cloud native platform
engineer ...)
+ TODO: check
+CVE-2026-44242 (Micronaut Framework is a JVM-based full stack Java framework
designed ...)
+ TODO: check
+CVE-2026-44241 (Micronaut Framework is a JVM-based full stack Java framework
designed ...)
+ TODO: check
+CVE-2026-44240 (basic-ftp is an FTP client for Node.js. Prior to 5.3.1,
basic-ftp is v ...)
+ TODO: check
+CVE-2026-44232 (DSSRF is a Node.js library that provides a wide range of
utilities and ...)
+ TODO: check
+CVE-2026-44225 (Pulpy is a lightweight, cross-platform desktop application
packager fo ...)
+ TODO: check
+CVE-2026-44224 (Wiki.js is an open source wiki app built on Node.js. Prior to
2.5.313, ...)
+ TODO: check
+CVE-2026-44223 (vLLM is an inference and serving engine for large language
models (LLM ...)
+ TODO: check
+CVE-2026-44222 (vLLM is an inference and serving engine for large language
models (LLM ...)
+ TODO: check
+CVE-2026-44221 (ArcadeDB is a Multi-Model DBMS. Prior to 2.6.4, authenticated
users an ...)
+ TODO: check
+CVE-2026-44220 (ciguard is a static security auditor for CI/CD pipelines. From
0.8.0 t ...)
+ TODO: check
+CVE-2026-44219 (ciguard is a static security auditor for CI/CD pipelines. From
0.6.0 t ...)
+ TODO: check
+CVE-2026-44218 (ciguard is a static security auditor for CI/CD pipelines. From
0.1.0 t ...)
+ TODO: check
+CVE-2026-44217 (sse-channel is an SSE-implementation which can be used to any
node.js ...)
+ TODO: check
+CVE-2026-44215 (NanaZip is an open source file archive. From 5.0.1252.0 to
before 6.0. ...)
+ TODO: check
+CVE-2026-44015 (Nginx UI is a web user interface for the Nginx web server. In
2.3.4 an ...)
+ TODO: check
+CVE-2026-44012 (Craft CMS is a content management system (CMS). From 5.0.0-RC1
to befo ...)
+ TODO: check
+CVE-2026-44011 (Craft CMS is a content management system (CMS). From 4.0.0 to
before 4 ...)
+ TODO: check
+CVE-2026-44010 (Craft CMS is a content management system (CMS). From 4.0.0 to
before 4 ...)
+ TODO: check
+CVE-2026-43948 (wger is a free, open-source workout and fitness manager. Prior
to 2.6, ...)
+ TODO: check
+CVE-2026-43685 (A Remote Code Execution vulnerability in Claris FileMaker
Cloud allowe ...)
+ TODO: check
+CVE-2026-43680 (A Remote Code Execution vulnerability in Claris FileMaker
Cloud allowe ...)
+ TODO: check
+CVE-2026-42889 (Relay adds real-time collaboration to Obsidian. Relay Server
versions ...)
+ TODO: check
+CVE-2026-42855 (arduino-esp32 is an Arduino core for the ESP32, ESP32-S2,
ESP32-S3, ES ...)
+ TODO: check
+CVE-2026-42854 (arduino-esp32 is an Arduino core for the ESP32, ESP32-S2,
ESP32-S3, ES ...)
+ TODO: check
+CVE-2026-42844 (Grav is a file-based Web platform. In Grav 2.0.0-beta.2, a
low-privile ...)
+ TODO: check
+CVE-2026-42545 (Granian is a Rust HTTP server for Python applications. From
0.2.0 to 2 ...)
+ TODO: check
+CVE-2026-42544 (Granian is a Rust HTTP server for Python applications. From
1.2.0 to 2 ...)
+ TODO: check
+CVE-2026-42446 (NanaZip is an open source file archive. From 5.0.1252.0 to
before 6.0. ...)
+ TODO: check
+CVE-2026-42445 (NanaZip is an open source file archive. From 5.0.1252.0 to
before 6.0. ...)
+ TODO: check
+CVE-2026-42444 (NanaZip is an open source file archive. From 5.0.1252.0 to
before 6.0. ...)
+ TODO: check
+CVE-2026-42443 (NanaZip is an open source file archive. From 5.0.1252.0 to
before 6.0. ...)
+ TODO: check
+CVE-2026-42442 (NanaZip is an open source file archive. From 5.0.1252.0 to
before 6.0. ...)
+ TODO: check
+CVE-2026-42355 (NanaZip is an open source file archive. From 5.0.1252.0 to
before 6.0. ...)
+ TODO: check
+CVE-2026-42338 (ip-address is a library for parsing and manipulating IPv4 and
IPv6 add ...)
+ TODO: check
+CVE-2026-42289 (ChurchCRM is an open-source church management system. Prior to
7.3.2, ...)
+ TODO: check
+CVE-2026-42288 (ChurchCRM is an open-source church management system. Prior to
7.3.2, ...)
+ TODO: check
+CVE-2026-42196 (django-s3file is a lightweight file upload input for Django
and Amazon ...)
+ TODO: check
+CVE-2026-42191 (OpenTelemetry.Exporter.OpenTelemetryProtocol is the OTLP
(OpenTelemetr ...)
+ TODO: check
+CVE-2026-42158 (Flowsint is an open-source OSINT graph exploration tool
designed for c ...)
+ TODO: check
+CVE-2026-42157 (Flowsint is an open-source OSINT graph exploration tool
designed for c ...)
+ TODO: check
+CVE-2026-42156 (Flowsint is an open-source OSINT graph exploration tool
designed for c ...)
+ TODO: check
+CVE-2026-41901 (Thymeleaf is a server-side Java template engine for web and
standalone ...)
+ TODO: check
+CVE-2026-41195 (mosparo is the modern solution to protect your online forms
from spam. ...)
+ TODO: check
+CVE-2026-40902 (PhpSpreadsheet is a pure PHP library for reading and writing
spreadshe ...)
+ TODO: check
+CVE-2026-40863 (PhpSpreadsheet is a pure PHP library for reading and writing
spreadshe ...)
+ TODO: check
+CVE-2026-35555 (PowerSYSTEM Center feature for device project groups allows an
authent ...)
+ TODO: check
+CVE-2026-35504 (PowerSYSTEM Center email notification service is affected by a
CRLF in ...)
+ TODO: check
+CVE-2026-34690 (After Effects versions 26.0, 25.6.4 and earlier are affected
by a Stac ...)
+ TODO: check
+CVE-2026-34688 (CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are
affecte ...)
+ TODO: check
+CVE-2026-34686 (Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9,
2.4.6-p14, 2. ...)
+ TODO: check
+CVE-2026-34685 (Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9,
2.4.6-p14, 2. ...)
+ TODO: check
+CVE-2026-34680 (CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are
affecte ...)
+ TODO: check
+CVE-2026-34679 (CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are
affecte ...)
+ TODO: check
+CVE-2026-34678 (CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are
affecte ...)
+ TODO: check
+CVE-2026-34677 (CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are
affecte ...)
+ TODO: check
+CVE-2026-34673 (CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are
affecte ...)
+ TODO: check
+CVE-2026-34672 (CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are
affecte ...)
+ TODO: check
+CVE-2026-34671 (CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are
affecte ...)
+ TODO: check
+CVE-2026-34670 (CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are
affecte ...)
+ TODO: check
+CVE-2026-34669 (CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are
affecte ...)
+ TODO: check
+CVE-2026-34668 (CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are
affecte ...)
+ TODO: check
+CVE-2026-34667 (CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are
affecte ...)
+ TODO: check
+CVE-2026-34666 (CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are
affecte ...)
+ TODO: check
+CVE-2026-34665 (CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are
affecte ...)
+ TODO: check
+CVE-2026-34658 (Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9,
2.4.6-p14, 2. ...)
+ TODO: check
+CVE-2026-34656 (Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9,
2.4.6-p14, 2. ...)
+ TODO: check
+CVE-2026-34655 (Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9,
2.4.6-p14, 2. ...)
+ TODO: check
+CVE-2026-34654 (Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9,
2.4.6-p14, 2. ...)
+ TODO: check
+CVE-2026-34653 (Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9,
2.4.6-p14, 2. ...)
+ TODO: check
+CVE-2026-34652 (Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9,
2.4.6-p14, 2. ...)
+ TODO: check
+CVE-2026-34651 (Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9,
2.4.6-p14, 2. ...)
+ TODO: check
+CVE-2026-34650 (Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9,
2.4.6-p14, 2. ...)
+ TODO: check
+CVE-2026-34649 (Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9,
2.4.6-p14, 2. ...)
+ TODO: check
+CVE-2026-34648 (Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9,
2.4.6-p14, 2. ...)
+ TODO: check
+CVE-2026-34647 (Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9,
2.4.6-p14, 2. ...)
+ TODO: check
+CVE-2026-34646 (Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9,
2.4.6-p14, 2. ...)
+ TODO: check
+CVE-2026-34645 (Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9,
2.4.6-p14, 2. ...)
+ TODO: check
+CVE-2026-33570 (PowerSYSTEM Center REST API endpoint for devices allows a low
privileg ...)
+ TODO: check
+CVE-2026-32661 (Stack-based buffer overflow vulnerability exists in
GUARDIANWALL MailS ...)
+ TODO: check
+CVE-2026-2725 (Incorrect authorization in the "submitted together" feature in
Gerrit ...)
+ TODO: check
+CVE-2026-26289 (PowerSYSTEM Center REST API endpoint for device account export
allows ...)
+ TODO: check
+CVE-2026-23827 (A heap-based buffer overflow vulnerability exists in a Network
managem ...)
+ TODO: check
+CVE-2026-23826 (A vulnerability in a network management service of AOS-8
Operating Sys ...)
+ TODO: check
+CVE-2026-23825 (Vulnerabilities exist in a protocol-handling component of
AOS-8 and AO ...)
+ TODO: check
+CVE-2026-23824 (Vulnerabilities exist in a protocol-handling component of
AOS-8 and AO ...)
+ TODO: check
+CVE-2026-21024 (Improper privilege management in Samsung System Support
Service prior ...)
+ TODO: check
+CVE-2026-21022 (Improper handling of insufficient permissions in Routines
prior to SMR ...)
+ TODO: check
+CVE-2026-21021 (Improper input validation in Routines prior to SMR May-2026
Release 1 ...)
+ TODO: check
+CVE-2026-21020 (Improper export of android application components in OmaCP
prior to SM ...)
+ TODO: check
+CVE-2026-21019 (Improper input validation in FacAtFunction in Galaxy Watch
prior to SM ...)
+ TODO: check
+CVE-2026-21018 (Out-of-bounds write in SveService prior to SMR May-2026
Release 1 allo ...)
+ TODO: check
+CVE-2026-21016 (Incorrect privilege assignment in LocationManager prior to SMR
May-202 ...)
+ TODO: check
+CVE-2026-21015 (Incorrect default permissions in FactoryCamera prior to SMR
May-2026 R ...)
+ TODO: check
+CVE-2026-1250 (The Court Reservation \u2013 Manage Your Court Bookings Online
plugin ...)
+ TODO: check
+CVE-2025-9989 (The Broadstreet plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
+ TODO: check
+CVE-2025-9988 (The Broadstreet plugin for WordPress is vulnerable to
unauthorized acc ...)
+ TODO: check
+CVE-2025-9987 (The Broadstreet plugin for WordPress is vulnerable to Sensitive
Inform ...)
+ TODO: check
+CVE-2025-65088 (An Out-of-Bounds Read vulnerability is present in
Ashlar-Vellum Cobalt ...)
+ TODO: check
+CVE-2025-65087 (An Out-of-Bounds Read vulnerability is present in
Ashlar-Vellum Cobalt ...)
+ TODO: check
+CVE-2025-65086 (An Out-of-Bounds Write vulnerability is present in
Ashlar-Vellum Cobal ...)
+ TODO: check
+CVE-2025-62627 (An untrusted pointer dereference in the ionic cloud driver for
VMWare ...)
+ TODO: check
+CVE-2025-62624 (A heap-based buffer overflow in the ionic cloud driver for
VMware ESXi ...)
+ TODO: check
+CVE-2025-62623 (A heap-based buffer overflow in the ionic cloud driver for
VMware ESXi ...)
+ TODO: check
+CVE-2025-61972 (Missing lock bit protection for NBIO registers could allow a
local adm ...)
+ TODO: check
+CVE-2025-61971 (Missing lock bit protection for NBIO registers could allow a
local adm ...)
+ TODO: check
+CVE-2025-15463 (The The Advanced Custom Fields: Extended plugin for WordPress
is vulne ...)
+ TODO: check
+CVE-2025-14755 (The Cost Calculator Builder plugin for WordPress is vulnerable
to Unau ...)
+ TODO: check
+CVE-2025-14033 (The ilGhera Support System for WooCommerce plugin for
WordPress is vul ...)
+ TODO: check
+CVE-2025-11159 (Hitachi Vantara Pentaho Data Integration & Analytics of all
versions c ...)
+ TODO: check
+CVE-2024-36315 (Improper enforcement of the LFENCE serialization property may
allow an ...)
+ TODO: check
CVE-2026-44378
[experimental] - botan3 3.12.0+dfsg-1
- botan3 <unfixed>
@@ -652,7 +1006,7 @@ CVE-2026-2465 (Incorrect Authorization vulnerability in
E-Kalite Software Hardwa
TODO: check
CVE-2026-2300 (The BJ Lazy Load plugin for WordPress is vulnerable to Stored
Cross-Si ...)
NOT-FOR-US: WordPress plugin
-CVE-2026-29204 (Insufficient ownership checks in `clientarea.php` allow an
authenticat ...)
+CVE-2026-29204 (Insufficient ownership check in `clientarea.php` allows an
authenticat ...)
TODO: check
CVE-2026-27851 (When safe filter is used with variable expansion, all
following pipeli ...)
- dovecot <unfixed>
@@ -786,7 +1140,8 @@ CVE-2026-5089 (YAML::Syck versions before 1.38 for Perl
has an out-of-bounds re
NOTE: https://github.com/cpan-authors/YAML-Syck/issues/132
NOTE: https://github.com/cpan-authors/YAML-Syck/pull/133
NOTE: Fixed by:
https://github.com/cpan-authors/YAML-Syck/commit/208a4d3bd1b5cdb4a791a6e3905bd6bd45e9d005
(1.38)
-CVE-2026-45185 [Exim-Security-2026-05-01.1: TLS: on rxd close with CHUNKING
active, clean the input processing stack]
+CVE-2026-45185 (Exim before 4.99.3, in certain GnuTLS configurations, has a
remotely r ...)
+ {DSA-6265-1 DLA-4580-1}
- exim4 4.99.2-2
NOTE:
https://code.exim.org/exim/exim/commit/040c1ce6889f435206677ed532c9a4185cf0bcaf
NOTE: https://www.openwall.com/lists/oss-security/2026/05/12/4
@@ -6354,7 +6709,7 @@ CVE-2026-31196 (The traceroute diagnostic handler in
/bin/httpd_clientside for A
NOT-FOR-US: ALTICE
CVE-2026-31195 (The ping diagnostic handler in /bin/httpd_clientside for
ALTICE LABS / ...)
NOT-FOR-US: ALTICE
-CVE-2026-42268 [Unsigned integer underflow in @verifySSN / @verifyCPF /
@verifySVNR operators ]
+CVE-2026-42268 (ModSecurity is an open source, cross platform web application
firewall ...)
- modsecurity 3.0.15-1
NOTE:
https://github.com/owasp-modsecurity/ModSecurity/security/advisories/GHSA-vwr3-7x7g-7p9w
CVE-2026-30923 (ModSecurity is an open source, cross platform web application
firewall ...)
@@ -27703,7 +28058,7 @@ CVE-2025-15488 (The Responsive Plus WordPress plugin
before 3.4.3 is vulnerable
NOT-FOR-US: WordPress plugin
CVE-2025-15433 (The Shared Files WordPress plugin before 1.7.58 allows users
with a r ...)
NOT-FOR-US: WordPress plugin
-CVE-2025-15101 (A Cross-Site Request Forgery (CSRF) vulnerability has been
identified ...)
+CVE-2025-15101 (An OS command injection vulnerability in the web management
interface ...)
NOT-FOR-US: ASUS
CVE-2025-14974 (IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is
vulnera ...)
NOT-FOR-US: IBM
@@ -279719,7 +280074,7 @@ CVE-2024-27354 (An issue was discovered in phpseclib
1.x before 1.0.23, 2.x befo
- php-phpseclib3 3.0.36-1
[bookworm] - php-phpseclib3 3.0.19-1+deb12u3
NOTE:
https://github.com/phpseclib/phpseclib/commit/ad5dbdf2129f5e0fb644637770b7f33de8ca8575
-CVE-2026-44167 [Bypass of CVE-2024-27355 mitigations]
+CVE-2026-44167 (phpseclib is a PHP secure communications library. Prior to
1.0.29, 2.0 ...)
- phpseclib 1.0.29-1
[trixie] - phpseclib <no-dsa> (Minor issue, will be fixed via point
update)
[bookworm] - phpseclib <no-dsa> (Minor issue, will be fixed via point
update)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc9855a6b11b948f3b98e3de2759cdb9d12e2829
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc9855a6b11b948f3b98e3de2759cdb9d12e2829
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
