Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d7836221 by security tracker role at 2026-05-18T19:13:24+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,122 @@
-CVE-2026-8788
+CVE-2026-8843 (Creating a "2dsphere_bucket" index on a non-timeseries bucket
collecti ...)
+ TODO: check
+CVE-2026-8836 (A vulnerability was found in lwIP up to 2.2.1. Affected is the
functio ...)
+ TODO: check
+CVE-2026-8803 (A flaw has been found in opensourcepos Open Source Point of
Sale up to ...)
+ TODO: check
+CVE-2026-8802 (A vulnerability was detected in opensourcepos Open Source Point
of Sal ...)
+ TODO: check
+CVE-2026-7498 (Improper neutralization of input during web page generation
('cross-si ...)
+ TODO: check
+CVE-2026-7304 (SGLangs multimodal generation runtime is vulnerable to
unauthenticated ...)
+ TODO: check
+CVE-2026-7302 (SGLangs multimodal generation runtime is vulnerable to an
unauthentica ...)
+ TODO: check
+CVE-2026-7301 (SGLangs multimodal generation runtime scheduler's ROUTER socket
binds ...)
+ TODO: check
+CVE-2026-6902 (A vulnerability in Command-Line Client in P4 Server prior to
the 2025. ...)
+ TODO: check
+CVE-2026-6347 (Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13,
11.4.x <= 1 ...)
+ TODO: check
+CVE-2026-6346 (Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13,
11.4.x <= 1 ...)
+ TODO: check
+CVE-2026-6345 (Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13,
11.4.x <= 1 ...)
+ TODO: check
+CVE-2026-6343 (Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13,
11.4.x <= 1 ...)
+ TODO: check
+CVE-2026-6342 (Mattermost Plugins versions <=11.5 11.1.5 10.13.11 11.3.4.0
fail to ap ...)
+ TODO: check
+CVE-2026-6341 (Mattermost Plugins versions <=11.5 11.1.5 10.13.11 11.3.4.0
fail to ha ...)
+ TODO: check
+CVE-2026-6340 (Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13,
11.4.x <= 1 ...)
+ TODO: check
+CVE-2026-6339 (Mattermost versions 11.5.x <= 11.5.1, 11.4.x <= 11.4.3 fail to
validat ...)
+ TODO: check
+CVE-2026-6334 (Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail
to enfo ...)
+ TODO: check
+CVE-2026-6333 (Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail
to vali ...)
+ TODO: check
+CVE-2026-5163 (Mattermost versions 11.5.x <= 11.5.1 fail to verify channel
membership ...)
+ TODO: check
+CVE-2026-4643 (Mattermost Desktop App versions <=6.1 6.0.1 5.4.13.0 fail to
prevent s ...)
+ TODO: check
+CVE-2026-4320 (Authorization Bypass vulnerability in Creartia's ICMS software
could a ...)
+ TODO: check
+CVE-2026-4286 (Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail
to chec ...)
+ TODO: check
+CVE-2026-4273 (Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail
to vali ...)
+ TODO: check
+CVE-2026-45829 (A pre-authentication, code injection vulnerability in version
1.0.0 or ...)
+ TODO: check
+CVE-2026-45495 (Microsoft Edge (Chromium-based) Remote Code Execution
Vulnerability)
+ TODO: check
+CVE-2026-45494 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
+ TODO: check
+CVE-2026-45492 (Improper input validation in Microsoft Edge (Chromium-based)
allows an ...)
+ TODO: check
+CVE-2026-45243 (Summarize prior to 0.15.1 contains a missing authorization
vulnerabili ...)
+ TODO: check
+CVE-2026-45242 (Summarize prior to 0.15.1 contains a path traversal
vulnerability in t ...)
+ TODO: check
+CVE-2026-45231 (DumbAssets through 1.0.11 contains a stored cross-site
scripting vulne ...)
+ TODO: check
+CVE-2026-45230 (DumbAssets through 1.0.11 contains a path traversal
vulnerability in t ...)
+ TODO: check
+CVE-2026-42822 (Improper authentication in Azure Local Disconnected Operations
allows ...)
+ TODO: check
+CVE-2026-41949 (Dify version 1.14.1 and prior contain an authorization bypass
vulnerab ...)
+ TODO: check
+CVE-2026-41948 (Dify version 1.14.1 and prior contain a path traversal
vulnerability t ...)
+ TODO: check
+CVE-2026-41947 (Dify version 1.14.1 and prior contains an authorization bypass
vulnera ...)
+ TODO: check
+CVE-2026-41119 (Dell Live Optics Windows and Personal Edition collectors
contain an im ...)
+ TODO: check
+CVE-2026-41085 (Thermo Fisher Scientific Torrent Suite Dx through 5.14.2 has a
privile ...)
+ TODO: check
+CVE-2026-3637 (Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13,
11.4.x <= 1 ...)
+ TODO: check
+CVE-2026-3495 (Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail
to esca ...)
+ TODO: check
+CVE-2026-3471 (Mattermost Desktop App versions <=6.1 6.0.1 5.4.13.0 fail to
prevent a ...)
+ TODO: check
+CVE-2026-3117 (Mattermost Plugins versions <=11.5 11.1.5 10.13.11 11.3.4.0
fail to pr ...)
+ TODO: check
+CVE-2026-39079 (An issue in prestashop upsshipping all versions through at
least 2.4.0 ...)
+ TODO: check
+CVE-2026-38719 (OpENer v2.3-558-g1e99582 contains an out-of-bounds read
vulnerability ...)
+ TODO: check
+CVE-2026-36438 (An issue in Intelbras VIP-1230-D-G4 Version V2.800.00IB00C.0.T
allows ...)
+ TODO: check
+CVE-2026-32849 (NetBSD prior to commit ec8451e contains a signed integer
overflow vuln ...)
+ TODO: check
+CVE-2026-32848 (NetBSD prior to commit ec8451e contains a race condition
vulnerability ...)
+ TODO: check
+CVE-2026-2325 (Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13,
11.4.x <= 1 ...)
+ TODO: check
+CVE-2026-29965 (HSC MailInspector 5.3.3-7 is vulnerable to Cross Site
Scripting (XSS) ...)
+ TODO: check
+CVE-2026-29964 (HSC MailInspector v5.3.3-7 contains a Cross-Site Scripting
(XSS) vulne ...)
+ TODO: check
+CVE-2026-29963 (HSC MailInspector 5.3.3-7 has a Path Traversal vulnerability
due to im ...)
+ TODO: check
+CVE-2026-29962 (HSC MailInspector v5.3.3-7 contains a Local File Inclusion
(LFI) vulne ...)
+ TODO: check
+CVE-2026-28759 (Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13,
11.4.x <= 1 ...)
+ TODO: check
+CVE-2026-28732 (Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13,
11.4.x <= 1 ...)
+ TODO: check
+CVE-2026-26462 (Offline Hospital Management System 5.3.0 allows remote code
execution ...)
+ TODO: check
+CVE-2026-20685 (An attacker in a privileged network position may be able to
leak sensi ...)
+ TODO: check
+CVE-2026-0983 (Denial-of-service condition in M-Files Server versions before
26.5.160 ...)
+ TODO: check
+CVE-2025-57282 (ngrok v4.3.3 and 5.0.0-beta.2 is vulnerable to Command
Injection.)
+ TODO: check
+CVE-2025-56352 (In tinyMQTT commit 6226ade15bd4f97be2d196352e64dd10937c1962
(2024-02-1 ...)
+ TODO: check
+CVE-2026-8788 (Net::Statsd::Lite versions through 0.10.0 for Perl allowed
metric inje ...)
NOT-FOR-US: Net::Statsd::Lite Perl module
CVE-2026-8786 (A vulnerability has been found in Tencent WeKnora up to 0.3.6.
Affecte ...)
NOT-FOR-US: Tencent
@@ -874,45 +992,59 @@ CVE-2023-31316 (Improperly preserved integrity of
hardware configuration state d
CVE-2023-31309 (Improper validation in Power Management Firmware (PMFW) may
allow an a ...)
TODO: check
CVE-2026-44068
+ {DSA-6280-1}
- netatalk <unfixed>
NOTE: https://netatalk.io/security/CVE-2026-44068
CVE-2026-44066
+ {DSA-6280-1}
- netatalk <unfixed>
NOTE: https://netatalk.io/security/CVE-2026-44066
CVE-2026-44064
+ {DSA-6280-1}
- netatalk <unfixed>
NOTE: https://netatalk.io/security/CVE-2026-44064
CVE-2026-44062
+ {DSA-6280-1}
- netatalk <unfixed>
NOTE: https://netatalk.io/security/CVE-2026-44062
CVE-2026-44060
+ {DSA-6280-1}
- netatalk <unfixed>
NOTE: https://netatalk.io/security/CVE-2026-44060
CVE-2026-44057
+ {DSA-6280-1}
- netatalk <unfixed>
NOTE: https://netatalk.io/security/CVE-2026-44057
CVE-2026-44055
+ {DSA-6280-1}
- netatalk <unfixed>
NOTE: https://netatalk.io/security/CVE-2026-44055
CVE-2026-44054
+ {DSA-6280-1}
- netatalk <unfixed>
NOTE: https://netatalk.io/security/CVE-2026-44054
CVE-2026-44052
+ {DSA-6280-1}
- netatalk <unfixed>
NOTE: https://netatalk.io/security/CVE-2026-44052
CVE-2026-44051
+ {DSA-6280-1}
- netatalk <unfixed>
NOTE: https://netatalk.io/security/CVE-2026-44051
CVE-2026-44050
+ {DSA-6280-1}
- netatalk <unfixed>
NOTE: https://netatalk.io/security/CVE-2026-44050
CVE-2026-44049
+ {DSA-6280-1}
- netatalk <unfixed>
NOTE: https://netatalk.io/security/CVE-2026-44049
CVE-2026-44048
+ {DSA-6280-1}
- netatalk <unfixed>
NOTE: https://netatalk.io/security/CVE-2026-44048
CVE-2026-44047
+ {DSA-6280-1}
- netatalk <unfixed>
NOTE: https://netatalk.io/security/CVE-2026-44047
CVE-2026-7837
@@ -988,21 +1120,27 @@ CVE-2026-44073
NOTE: https://netatalk.io/security/CVE-2026-44073
NOTE: No security impact per upstream assessment
CVE-2026-44076
+ {DSA-6280-1}
- netatalk <unfixed>
NOTE: https://netatalk.io/security/CVE-2026-44076
CVE-2026-45356
+ {DSA-6280-1}
- netatalk <unfixed>
NOTE: https://netatalk.io/security/CVE-2026-45356
CVE-2026-45355
+ {DSA-6280-1}
- netatalk <unfixed>
NOTE: https://netatalk.io/security/CVE-2026-45355
CVE-2026-45354
+ {DSA-6280-1}
- netatalk <unfixed>
NOTE: https://netatalk.io/security/CVE-2026-45354
CVE-2026-45699
+ {DSA-6280-1}
- netatalk <unfixed>
NOTE: https://netatalk.io/security/CVE-2026-45699
CVE-2026-45698
+ {DSA-6280-1}
- netatalk <unfixed>
NOTE: https://netatalk.io/security/CVE-2026-45698
CVE-2026-8509 (Heap buffer overflow in WebML in Google Chrome prior to
148.0.7778.168 ...)
@@ -2398,7 +2536,7 @@ CVE-2020-37168 (Ecommerce Systempay 1.0 contains a weak
cryptographic implementa
CVE-2026-8500 (Web::Passwd versions through 0.03 for Perl is vulnerable to
RCE. Web: ...)
NOT-FOR-US: Web::Passwd Perl module
CVE-2026-42945 (NGINX Plus and NGINX Open Source have a vulnerability in the
ngx_http_ ...)
- {DSA-6278-1}
+ {DSA-6278-1 DLA-4589-1}
- nginx 1.30.0-3
NOTE: https://www.openwall.com/lists/oss-security/2026/05/13/7
NOTE:
https://depthfirst.com/research/nginx-rift-achieving-nginx-rce-via-an-18-year-old-vulnerability
@@ -2406,7 +2544,7 @@ CVE-2026-42945 (NGINX Plus and NGINX Open Source have a
vulnerability in the ngx
NOTE: https://nginx.org/en/security_advisories.html
NOTE:
https://github.com/nginx/nginx/commit/524977e7c534e87e5b55739fa74601c9f1102686
(release-1.30.1)
CVE-2026-42946 (A vulnerability exists in the ngx_http_scgi_moduleand
ngx_http_uwsgi_m ...)
- {DSA-6278-1}
+ {DSA-6278-1 DLA-4589-1}
- nginx 1.30.0-4
NOTE: https://my.f5.com/manage/s/article/K000161027
NOTE: https://nginx.org/en/security_advisories.html
@@ -2430,13 +2568,13 @@ CVE-2026-42926 (When NGINX Open Source is configured to
proxy HTTP/2 traffic by
NOTE:
https://github.com/nginx/nginx/commit/ce3362cfd5c3e1434a6151cfa585b89114389da7
(release-1.30.1)
NOTE:
https://github.com/nginx/nginx/commit/a0e742944db64d8a547cc2e7a0ba4c2e85cd4b98
(release-1.30.1)
CVE-2026-40701 (NGINX Plus and NGINX Open Source have a vulnerability in the
ngx_http_ ...)
- {DSA-6278-1}
+ {DSA-6278-1 DLA-4589-1}
- nginx 1.30.0-4
NOTE: https://my.f5.com/manage/s/article/K000161021
NOTE: https://nginx.org/en/security_advisories.html
NOTE:
https://github.com/nginx/nginx/commit/d2b8d47741820c9fb134c6731ecb40b21f3085b1
(release-1.30.1)
CVE-2026-42934 (NGINX Plus and NGINX Open Source have a vulnerability in the
ngx_http_ ...)
- {DSA-6278-1}
+ {DSA-6278-1 DLA-4589-1}
- nginx 1.30.0-4
NOTE: https://my.f5.com/manage/s/article/K000161028
NOTE: https://nginx.org/en/security_advisories.html
@@ -3076,7 +3214,8 @@ CVE-2026-4859 (The SP Blog Designer plugin for WordPress
is vulnerable to Stored
NOT-FOR-US: WordPress plugin
CVE-2026-4827 (CWE\u2011331: Insufficient Entropy vulnerability exists that
could lea ...)
NOT-FOR-US: Schneider Electric
-CVE-2026-4663 (The iPOSpays Gateways WC plugin for WordPress is vulnerable to
Missing ...)
+CVE-2026-4663
+ REJECTED
NOT-FOR-US: WordPress plugin
CVE-2026-4301 (The Rate Star Review Vote - AJAX Reviews, Votes, Star Ratings
plugin f ...)
NOT-FOR-US: WordPress plugin
@@ -6897,10 +7036,10 @@ CVE-2026-8094 (Other issue in the WebRTC component.
This vulnerability was fixed
- thunderbird 1:140.10.2esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-41/#CVE-2026-8094
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-44/#CVE-2026-8094
-CVE-2026-8093 (Memory safety bugs present in Thunderbird 150.0.1. Some of
these bugs ...)
+CVE-2026-8093 (Memory safety bugs present in Firefox 150.0.1. Some of these
bugs show ...)
- firefox 150.0.2-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-40/#CVE-2026-8093
-CVE-2026-8092 (Memory safety bugs present in Thunderbird ESR 140.10.1 and
Thunderbird ...)
+CVE-2026-8092 (Memory safety bugs present in Firefox ESR 115.35.1, Firefox ESR
140.10 ...)
{DSA-6267-1 DSA-6254-1 DLA-4582-1 DLA-4575-1}
- firefox 150.0.2-1
- firefox-esr 140.10.2esr-1
@@ -12343,7 +12482,7 @@ CVE-2026-33845 (A flaw in GnuTLS DTLS handshake parsing
allows malformed fragmen
NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-3
NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1811
NOTE: Fixed by:
https://gitlab.com/gnutls/gnutls/-/commit/e5b72c53c7d789d19d1d1cd10b275e87d0415413
(3.8.13)
-CVE-2026-42009
+CVE-2026-42009 (A flaw was found in gnutls. A remote attacker could exploit an
issue i ...)
- gnutls28 3.8.13-1 (bug #1135319)
NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-2
NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1848
@@ -32880,6 +33019,7 @@ CVE-2026-32853 (LibVNCServer versions 0.9.15 and prior
(fixed incommit 009008e)
NOTE:
https://github.com/LibVNC/libvncserver/security/advisories/GHSA-87q7-v983-qwcj
NOTE: Fixed by:
https://github.com/LibVNC/libvncserver/commit/009008e2f4d5a54dd71f422070df3af7b3dbc931
CVE-2026-32647 (NGINX Open Source and NGINX Plus have a vulnerability in the
ngx_http_ ...)
+ {DLA-4589-1}
- nginx 1.28.3-1
[trixie] - nginx 1.26.3-3+deb13u3
[bookworm] - nginx 1.22.1-9+deb12u5
@@ -32910,24 +33050,28 @@ CVE-2026-28755 (NGINX Plus and NGINX Open Source have
a vulnerability in the ngx
NOTE: https://my.f5.com/manage/s/article/K000160368
NOTE: Fixed by:
https://github.com/nginx/nginx/commit/78f581487706f2e43eea5a060c516fc4d98090e8
(release-1.28.3)
CVE-2026-28753 (NGINX Plus and NGINX Open Source have a vulnerability in the
ngx_mail_ ...)
+ {DLA-4589-1}
- nginx 1.28.3-1
[trixie] - nginx 1.26.3-3+deb13u3
[bookworm] - nginx 1.22.1-9+deb12u5
NOTE: https://my.f5.com/manage/s/article/K000160367
NOTE: Fixed by:
https://github.com/nginx/nginx/commit/6a8513761fb327f67fcc6cfcf1ad216887e2589f
(release-1.28.3)
CVE-2026-27784 (The 32-bit implementation of NGINX Open Source has a
vulnerability in ...)
+ {DLA-4589-1}
- nginx 1.28.3-1
[trixie] - nginx 1.26.3-3+deb13u3
[bookworm] - nginx 1.22.1-9+deb12u5
NOTE: https://my.f5.com/manage/s/article/K000160364
NOTE: Fixed by:
https://github.com/nginx/nginx/commit/b23ac73b00313d159a99636c21ef71b828781018
(release-1.28.3)
CVE-2026-27654 (NGINX Open Source and NGINX Plus have a vulnerability in the
ngx_http_ ...)
+ {DLA-4589-1}
- nginx 1.28.3-1
[trixie] - nginx 1.26.3-3+deb13u3
[bookworm] - nginx 1.22.1-9+deb12u5
NOTE: https://my.f5.com/manage/s/article/K000160382
NOTE: Fixed by:
https://github.com/nginx/nginx/commit/a1d18284e0a173c4ef2b28425535d0f640ae0a82
(release-1.28.3)
CVE-2026-27651 (When the ngx_mail_auth_http_modulemodule is enabled on NGINX
Plus or N ...)
+ {DLA-4589-1}
- nginx 1.28.3-1
[trixie] - nginx 1.26.3-3+deb13u3
[bookworm] - nginx 1.22.1-9+deb12u5
@@ -54507,7 +54651,7 @@ CVE-2026-20098 (A vulnerability in the Certificate
Management feature of Cisco M
CVE-2026-20056 (A vulnerability in the Dynamic Vectoring and Streaming (DVS)
Engine im ...)
NOT-FOR-US: Cisco
CVE-2026-1642 (A vulnerability exists in NGINX OSS and NGINX Plus when
configured to ...)
- {DSA-6131-1}
+ {DSA-6131-1 DLA-4589-1}
- nginx 1.28.1-3 (bug #1127053)
NOTE: https://www.openwall.com/lists/oss-security/2026/02/05/1
NOTE: https://my.f5.com/manage/s/article/K000159824
@@ -121031,6 +121175,7 @@ CVE-2024-12303 (An issue has been discovered in
GitLab CE/EE affecting all versi
CVE-2024-10219 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- gitlab <unfixed>
CVE-2025-53859 (NGINX Open Source and NGINX Plus have a vulnerability in the
ngx_mail_ ...)
+ {DLA-4589-1}
[experimental] - nginx 1.28.0-2
- nginx 1.28.0-3 (bug #1111138)
[trixie] - nginx 1.26.3-3+deb13u1
@@ -352280,8 +352425,8 @@ CVE-2023-24217 (AgileBio Electronic Lab Notebook
v4.234 was discovered to contai
NOT-FOR-US: AgileBio Electronic Lab Notebook
CVE-2023-24216
RESERVED
-CVE-2023-24215
- RESERVED
+CVE-2023-24215 (Incorrect access control in the /uci/get/ endpoint of NOVUS
AirGate 4G ...)
+ TODO: check
CVE-2023-24214
RESERVED
CVE-2023-24213
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d783622123c2ad5b12ff1c12047cadfb419b63fd
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d783622123c2ad5b12ff1c12047cadfb419b63fd
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
