Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
304be280 by security tracker role at 2026-05-20T07:13:05+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,22 +1,424 @@
+CVE-2026-9057 (A broken access control issue has been identified in the Talend
Admini ...)
+ TODO: check
+CVE-2026-9056 (A stored cross-site scripting vulnerability has been found in
the Tale ...)
+ TODO: check
+CVE-2026-9010 (The Boost plugin for WordPress is vulnerable to time-based SQL
Injecti ...)
+ TODO: check
+CVE-2026-9003 (E-LAN Hybrid Recording System developed by TONNET has a SQL
Injection ...)
+ TODO: check
+CVE-2026-8922 (A flaw was found in Keycloak. When both realm-level and
client-level ` ...)
+ TODO: check
+CVE-2026-8912 (The Contest Gallery plugin for WordPress is vulnerable to SQL
Injectio ...)
+ TODO: check
+CVE-2026-8827 (The AddressRepository::getSqlQuery() method constructs a
database quer ...)
+ TODO: check
+CVE-2026-8727 (The Crawler extension passes the X-T3Crawler-Meta response
header from ...)
+ TODO: check
+CVE-2026-8726 (The extension fails to properly sanitize user input before
using it in ...)
+ TODO: check
+CVE-2026-8711 (NGINX JavaScript has a vulnerability when the
js_fetch_proxydirective ...)
+ TODO: check
+CVE-2026-8706 (Firefox for iOS hosted Reader mode on an unauthenticated local
web ser ...)
+ TODO: check
+CVE-2026-8685 (The Infility Global plugin for WordPress is vulnerable to SQL
Injectio ...)
+ TODO: check
+CVE-2026-8627 (The Correct Prices plugin for WordPress is vulnerable to
Reflected Cro ...)
+ TODO: check
+CVE-2026-8626 (The SponsorMe plugin for WordPress is vulnerable to Reflected
Cross-Si ...)
+ TODO: check
+CVE-2026-8624 (The LJ comments import: reloaded plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2026-8610 (The TypeSquare Webfonts for ConoHa plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2026-8605 (In ScadaBR version 1.2.0, a Use of Hard-Coded Credentials
vulnerabilit ...)
+ TODO: check
+CVE-2026-8604 (In ScadaBR version 1.2.0, a CSRF vulnerability could allow an
attacker ...)
+ TODO: check
+CVE-2026-8603 (In ScadaBR version 1.2.0, an OS Command Injection vulnerability
could ...)
+ TODO: check
+CVE-2026-8602 (In ScadaBR version 1.2.0, a Missing Authentication for Critical
Functi ...)
+ TODO: check
+CVE-2026-8495 (Missing Authorization vulnerability in Drupal Date iCal allows
Forcefu ...)
+ TODO: check
+CVE-2026-8493 (Improper Neutralization of Input During Web Page Generation
("Cross-si ...)
+ TODO: check
+CVE-2026-8492 (Modification of Assumed-Immutable Data (MAID) vulnerability in
Drupal ...)
+ TODO: check
+CVE-2026-8491 (Improper Check for Unusual or Exceptional Conditions
vulnerability in ...)
+ TODO: check
+CVE-2026-8424 (The Remove Yellow BGBOX plugin for WordPress is vulnerable to
Cross-Si ...)
+ TODO: check
+CVE-2026-8423 (The JaviBola Custom Theme Test plugin for WordPress is
vulnerable to C ...)
+ TODO: check
+CVE-2026-8420 (The BLOGCHAT Chat System plugin for WordPress is vulnerable to
Cross-S ...)
+ TODO: check
+CVE-2026-8419 (The Amazon Scraper plugin for WordPress is vulnerable to
Cross-Site Re ...)
+ TODO: check
+CVE-2026-8418 (The Games Catalog plugin for WordPress is vulnerable to
Cross-Site Req ...)
+ TODO: check
+CVE-2026-8370 (Execution with unnecessary privileges vulnerability in Broadcom
Automi ...)
+ TODO: check
+CVE-2026-8096 (The Kirki \u2013 Freeform Page Builder, Website Builder &
Customizer p ...)
+ TODO: check
+CVE-2026-8073 (The Kirki \u2013 Freeform Page Builder, Website Builder &
Customizer p ...)
+ TODO: check
+CVE-2026-8038 (The Faces of Users plugin for WordPress is vulnerable to Stored
Cross- ...)
+ TODO: check
+CVE-2026-7860 (A possible information disclosure vulnerability exists in the
Vaadin M ...)
+ TODO: check
+CVE-2026-7637 (The Boost plugin for WordPress is vulnerable to PHP Object
Injection i ...)
+ TODO: check
+CVE-2026-7571 (A flaw was found in Keycloak. A low-privilege user, with
knowledge of ...)
+ TODO: check
+CVE-2026-7522 (The Advanced Database Cleaner \u2013 Premium plugin for
WordPress is v ...)
+ TODO: check
+CVE-2026-7507 (A session fixation vulnerability was found in Keycloak's
login-actions ...)
+ TODO: check
+CVE-2026-7504 (A flaw was found in Keycloak's URL validation logic during
redirect op ...)
+ TODO: check
+CVE-2026-7472 (The Read More & Accordion plugin for WordPress is vulnerable to
time-b ...)
+ TODO: check
+CVE-2026-7467 (The Read More & Accordion plugin for WordPress is vulnerable to
Privil ...)
+ TODO: check
+CVE-2026-7462 (The VatanSMS WP SMS plugin for WordPress is vulnerable to
Reflected Cr ...)
+ TODO: check
+CVE-2026-7460 (mailcow-dockerized contains a stored cross-site scripting
vulnerabilit ...)
+ TODO: check
+CVE-2026-7385 (The Decent Comments WordPress plugin before 3.0.2 does not
restrict ac ...)
+ TODO: check
+CVE-2026-7307 (A flaw was found in Keycloak. A remote, unauthenticated
attacker can s ...)
+ TODO: check
+CVE-2026-7284 (The Easy Elements for Elementor \u2013 Addons & Website
Templates plug ...)
+ TODO: check
+CVE-2026-6871 (Improper Neutralization of Input During Web Page Generation
("Cross-si ...)
+ TODO: check
+CVE-2026-6566 (The Photo Gallery, Sliders, Proofing and Themes \u2013 NextGEN
Gallery ...)
+ TODO: check
+CVE-2026-6555 (The ProSolution WP Client plugin for WordPress is vulnerable to
Arbitr ...)
+ TODO: check
+CVE-2026-6549 (The Logo Manager For Enamad plugin for WordPress is vulnerable
to Stor ...)
+ TODO: check
+CVE-2026-6456 (The Account Switcher plugin for WordPress is vulnerable to
Privilege E ...)
+ TODO: check
+CVE-2026-6452 (The Bigfishgames Syndicate plugin for WordPress is vulnerable
to Cross ...)
+ TODO: check
+CVE-2026-6404 (The Anomify AI \u2013 Anomaly Detection and Alerting plugin for
WordPr ...)
+ TODO: check
+CVE-2026-6401 (The Bottom Bar plugin for WordPress is vulnerable to Cross-Site
Reques ...)
+ TODO: check
+CVE-2026-6400 (The Child Height Predictor by Ostheimer plugin for WordPress is
vulner ...)
+ TODO: check
+CVE-2026-6399 (The General Options plugin for WordPress is vulnerable to
Stored Cross ...)
+ TODO: check
+CVE-2026-6397 (The Sticky plugin for WordPress is vulnerable to Stored
Cross-Site Scr ...)
+ TODO: check
+CVE-2026-6395 (The Word 2 Cash plugin for WordPress is vulnerable to
Cross-Site Reque ...)
+ TODO: check
+CVE-2026-6394 (The Nexa Blocks \u2013 Gutenberg Blocks, Page Builder for
Gutenberg Ed ...)
+ TODO: check
+CVE-2026-6391 (The Sentence To SEO (keywords, description and tags) plugin for
WordPr ...)
+ TODO: check
+CVE-2026-6367 (Improper Neutralization of Input During Web Page Generation
("Cross-si ...)
+ TODO: check
+CVE-2026-6366 (Improperly Controlled Modification of Dynamically-Determined
Object At ...)
+ TODO: check
+CVE-2026-6365 (Improper Neutralization of Input During Web Page Generation
("Cross-si ...)
+ TODO: check
+CVE-2026-6354
+ REJECTED
+CVE-2026-6095 (Improper Neutralization of Input During Web Page Generation
("Cross-si ...)
+ TODO: check
+CVE-2026-6072 (The Oliver POS \u2013 A WooCommerce Point of Sale (POS) plugin
for Wor ...)
+ TODO: check
+CVE-2026-6009 (Java Deserialisation Vulnerability in Jaspersoft Reports
Library leads ...)
+ TODO: check
+CVE-2026-5804 (An improper authentication vulnerability was discovered in the
Motorol ...)
+ TODO: check
+CVE-2026-5776 (The Email Encoder WordPress plugin before 2.4.7 does not
escape email ...)
+ TODO: check
+CVE-2026-5511 (In the web management interface of Archer AX72 (SG) v1, the
network di ...)
+ TODO: check
+CVE-2026-5293 (The
\u8a3a\u65ad\u30b8\u30a7\u30cd\u30ec\u30fc\u30bf\u4f5c\u6210\u30d7 ...)
+ TODO: check
+CVE-2026-5075 (The All in One SEO plugin for WordPress is vulnerable to
Sensitive Inf ...)
+ TODO: check
+CVE-2026-4885 (The Piotnet Addons for Elementor Pro plugin for WordPress is
vulnerabl ...)
+ TODO: check
+CVE-2026-4883 (The Piotnet Forms plugin for WordPress is vulnerable to
arbitrary file ...)
+ TODO: check
+CVE-2026-4630 (A flaw was found in Keycloak. An authenticated client could
exploit an ...)
+ TODO: check
+CVE-2026-47784 (In memcached before 1.6.42, password data for SASL password
database a ...)
+ TODO: check
+CVE-2026-47783 (In memcached before 1.6.42, username data for SASL password
database a ...)
+ TODO: check
+CVE-2026-47358 (Terrascan v1.18.3 and prior are vulnerable to Server-Side
Request Forg ...)
+ TODO: check
+CVE-2026-47357 (Terrascan v1.18.3 and prior are vulnerable to Server-Side
Request Forg ...)
+ TODO: check
+CVE-2026-47356 (Terrascan v1.18.3 and prior are vulnerable to Server-Side
Request Forg ...)
+ TODO: check
+CVE-2026-47323 (Camel-CXF and Camel-Knative Message Header Injection via
Missing Inbou ...)
+ TODO: check
+CVE-2026-47317 (Uncontrolled Recursion vulnerability in Samsung Open Source
Escargot a ...)
+ TODO: check
+CVE-2026-47316 (Improper Check or Handling of Exceptional Conditions
vulnerability in ...)
+ TODO: check
+CVE-2026-47315 (Improper Check for Unusual or Exceptional Conditions
vulnerability in ...)
+ TODO: check
+CVE-2026-47314 (Out-of-bounds write vulnerability in Samsung Open Source
Escargot allo ...)
+ TODO: check
+CVE-2026-47313 (Memory allocation with excessive size value vulnerability in
Samsung O ...)
+ TODO: check
+CVE-2026-47312 (Release of invalid pointer or reference vulnerability in
Samsung Open ...)
+ TODO: check
+CVE-2026-47107 (Windmill prior to 1.703.2 contains an incorrect default
permissions vu ...)
+ TODO: check
+CVE-2026-47100 (Funnel Builder for WooCommerce Checkout prior to 3.15.0.3
contains a m ...)
+ TODO: check
+CVE-2026-46725 (The extension passes an attacker-controlled cookie directly to
PHP's u ...)
+ TODO: check
+CVE-2026-46724 (The file indexer does not normalize the configured directory
path. A b ...)
+ TODO: check
+CVE-2026-46723 (The additional_tables configuration of the page and tt_content
indexer ...)
+ TODO: check
+CVE-2026-46722 (The OOXML parsing of the file indexer does not disable
external entity ...)
+ TODO: check
+CVE-2026-46721 (The create and edit flows do not restrict which user
properties may be ...)
+ TODO: check
+CVE-2026-46586 (Improper Control of Generation of Code ('Code Injection'),
Improper Ne ...)
+ TODO: check
+CVE-2026-45585 (Microsoft is aware of a security feature bypass vulnerability
in Windo ...)
+ TODO: check
+CVE-2026-45557 (Technitium DNS Server aggressively tries to fetch missing
RRSIG record ...)
+ TODO: check
+CVE-2026-45442 (Missing Authorization vulnerability in Brainstorm Force Presto
Player ...)
+ TODO: check
+CVE-2026-45434 (Improper Authentication vulnerability in Apache OFBiz via
Password-Cha ...)
+ TODO: check
+CVE-2026-45187 (Improper Authorization vulnerability in Apache OFBiz Webtools.
This i ...)
+ TODO: check
+CVE-2026-44408 (There is an unauthorized access vulnerability in ZTE MU5250.
Due to im ...)
+ TODO: check
+CVE-2026-44392 (Missing authorization vulnerability exists in Movable Type.
Under cert ...)
+ TODO: check
+CVE-2026-44159 (Tyler Identity Local (TID-L) uses documented, default
administrative c ...)
+ TODO: check
+CVE-2026-43634 (HestiaCP versions 1.2.0 through 1.9.4 contain an IP spoofing
vulnerabi ...)
+ TODO: check
+CVE-2026-43633 (HestiaCP versions 1.9.0 through 1.9.4 contain a
deserialization vulner ...)
+ TODO: check
+CVE-2026-42526 (In the AWS Secrets Manager and SSM Parameter Store secrets
backends of ...)
+ TODO: check
+CVE-2026-42100 (Improper Handling of Syntactically Invalid Structure in Sparx
Pro Clou ...)
+ TODO: check
+CVE-2026-42099 (Sparx Pro Cloud Server is vulnerable to a Race Condition in
the /data_ ...)
+ TODO: check
+CVE-2026-42098 (Sparx Enterprise Architect software has a security feature
that limits ...)
+ TODO: check
+CVE-2026-42097 (Sparx Pro Cloud Serverrequires authentication based on
requested URL. ...)
+ TODO: check
+CVE-2026-42096 (Sparx Pro Cloud Server is vulnerable to Broken Access Control
within c ...)
+ TODO: check
+CVE-2026-41919 (Improper Neutralization of Special Elements used in an LDAP
Query ('LD ...)
+ TODO: check
+CVE-2026-41470 (LIVE555 before 2026.04.22 contains an authorization bypass
vulnerabili ...)
+ TODO: check
+CVE-2026-3985 (The Creative Mail \u2013 Easier WordPress & WooCommerce Email
Marketin ...)
+ TODO: check
+CVE-2026-39309 (Trilium Notes is a cross-platform, hierarchical note taking
applicatio ...)
+ TODO: check
+CVE-2026-39250 (An authorization vulnerability exists in Innoshop 0.6.0. After
logging ...)
+ TODO: check
+CVE-2026-37982 (A flaw was found in Keycloak. This authentication
vulnerability allows ...)
+ TODO: check
+CVE-2026-37981 (A flaw was found in Keycloak. A broken access control
vulnerability in ...)
+ TODO: check
+CVE-2026-37979 (A flaw was found in Keycloak. This access control
vulnerability in Key ...)
+ TODO: check
+CVE-2026-37978 (A flaw was found in Keycloak. A low-privilege administrator
with the ' ...)
+ TODO: check
+CVE-2026-37281 (An OS command injection vulnerability in the /stream-to-vlc
Express ro ...)
+ TODO: check
+CVE-2026-36829 (An authentication bypass vulnerability exists in the embedded
HTTP ser ...)
+ TODO: check
+CVE-2026-36828 (A command injection vulnerability exists in the
/cgi-bin/tools/ajax_cm ...)
+ TODO: check
+CVE-2026-36827 (A command injection vulnerability exists in Panabit PAP-XM320
up to an ...)
+ TODO: check
+CVE-2026-35593 (Trilium Notes is an open-source, cross-platform hierarchical
note taki ...)
+ TODO: check
+CVE-2026-35086 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
+ TODO: check
+CVE-2026-34970 (Mantis Bug Tracker (MantisBT) is an open source issue tracker.
Version ...)
+ TODO: check
+CVE-2026-34883 (An issue was discovered in the Portrait Dell Color Management
applicat ...)
+ TODO: check
+CVE-2026-34754 (Mantis Bug Tracker (MantisBT) is an open source issue tracker.
Version ...)
+ TODO: check
+CVE-2026-34744 (Mantis Bug Tracker (MantisBT) is an open source issue tracker.
Version ...)
+ TODO: check
+CVE-2026-34600 (Joplin is an open source note-taking and to-do application
that organi ...)
+ TODO: check
+CVE-2026-34579 (Mantis Bug Tracker (MantisBT) is an open source issue tracker.
Version ...)
+ TODO: check
+CVE-2026-34463 (Mantis Bug Tracker (MantisBT) is an open source issue tracker.
Version ...)
+ TODO: check
+CVE-2026-34390 (Mantis Bug Tracker (MantisBT) is an open source issue tracker.
Version ...)
+ TODO: check
+CVE-2026-34358 (CtrlPanel is open-source billing software for hosting
providers. Versi ...)
+ TODO: check
+CVE-2026-34246 (CtrlPanel is open-source billing software for hosting
providers. Versi ...)
+ TODO: check
+CVE-2026-34241 (CtrlPanel is open-source billing software for hosting
providers. Versi ...)
+ TODO: check
+CVE-2026-34234 (CtrlPanel is open-source billing software for hosting
providers. In ve ...)
+ TODO: check
+CVE-2026-34233 (CtrlPanel is open-source billing software for hosting
providers. In ve ...)
+ TODO: check
+CVE-2026-34216 (CtrlPanel is open-source billing software for hosting
providers. In ve ...)
+ TODO: check
+CVE-2026-34154 (Discourse is an open-source discussion platform. In versions
prior to ...)
+ TODO: check
+CVE-2026-33741 (EspoCRM is an open source customer relationship management
application ...)
+ TODO: check
+CVE-2026-33642 (Kitty is a cross-platform GPU based terminal. In versions
0.46.2 and b ...)
+ TODO: check
+CVE-2026-33637 (Faraday is an HTTP client library abstraction layer that
provides a co ...)
+ TODO: check
+CVE-2026-33633 (Kitty is a cross-platform GPU based terminal. Versions 0.46.2
and belo ...)
+ TODO: check
+CVE-2026-32882 (libheif is a HEIF and AVIF file format decoder and encoder.
Versions 1 ...)
+ TODO: check
+CVE-2026-32814 (libheif is a HEIF and AVIF file format decoder and encoder. In
version ...)
+ TODO: check
+CVE-2026-32741 (libheif is a HEIF and AVIF file format decoder and encoder.
Versions 1 ...)
+ TODO: check
+CVE-2026-32740 (libheif is a HEIF and AVIF file format decoder and encoder.
Versions 1 ...)
+ TODO: check
+CVE-2026-32739 (libheif is a HEIF and AVIF file format decoder and encoder. In
version ...)
+ TODO: check
+CVE-2026-32738 (libheif is a HEIF and AVIF file format decoder and encoder. In
version ...)
+ TODO: check
+CVE-2026-32134 (NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging
Platform. ...)
+ TODO: check
+CVE-2026-31986 (Use of Hard-coded Cryptographic Key vulnerability in Apache
OFBiz. Th ...)
+ TODO: check
+CVE-2026-31910 (Server-Side Request Forgery (SSRF) vulnerability in Apache
OFBiz. Thi ...)
+ TODO: check
+CVE-2026-31909 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
+CVE-2026-31906 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-31388 (Improper Access Control vulnerability in Apache OFBiz in
multi-tenant ...)
+ TODO: check
+CVE-2026-31387 (Improper Authentication vulnerability in Apache OFBiz. This
issue aff ...)
+ TODO: check
+CVE-2026-31380 (Improper Neutralization of Special Elements used in an
Expression Lang ...)
+ TODO: check
+CVE-2026-31379 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-31378 (Improper Input Validation vulnerability in Apache OFBiz. This
issue a ...)
+ TODO: check
+CVE-2026-31072 (The JSONSerializer and CBORSerializer in APScheduler (all
versions inc ...)
+ TODO: check
+CVE-2026-31071 (API endpoints in LalanaChami Pharmacy Management System
(commit 5c3d02 ...)
+ TODO: check
+CVE-2026-31070 (The LalanaChami Pharmacy Management System (commit 5c3d028)
allows una ...)
+ TODO: check
+CVE-2026-31069 (BillaBear (all versions prior to Jan 2026) contains a SQL
Injection vu ...)
+ TODO: check
+CVE-2026-30118 (scalar/astro v0.1.13 was discovered to contain a Server-Side
Request F ...)
+ TODO: check
+CVE-2026-30117 (scalar/astro v0.1.13 was discovered to contain an arbitrary
file uploa ...)
+ TODO: check
+CVE-2026-2955 (The AI Chatbot & Workflow Automation by AIWU plugin for
WordPress is v ...)
+ TODO: check
+CVE-2026-2611 (In MLflow version 3.9.0, the MLflow Assistant feature
introduced impro ...)
+ TODO: check
+CVE-2026-2587 (A critical Remote Code Execution (RCE) vulnerability was
identified in ...)
+ TODO: check
+CVE-2026-2586 (An authenticated Remote Code Execution (RCE) vulnerability was
identif ...)
+ TODO: check
+CVE-2026-29226 (Server-Side Request Forgery (SSRF) vulnerability in Apache
OFBiz via C ...)
+ TODO: check
+CVE-2026-29220 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2026-29207 (Improper Neutralization of Special Elements Used in a Template
Engine ...)
+ TODO: check
+CVE-2026-27173 (JWT tokens that were used by workers in Kubernetes Executors
have been ...)
+ TODO: check
+CVE-2026-24215 (NVIDIA Triton Inference Server contains a vulnerability in the
DALI ba ...)
+ TODO: check
+CVE-2026-24214 (NVIDIA Triton Inference Server contains a vulnerability in the
DALI ba ...)
+ TODO: check
+CVE-2026-24213 (NVIDIA Triton Inference Server contains a vulnerability in the
DALI ba ...)
+ TODO: check
+CVE-2026-24210 (NVIDIA Triton Inference Server contains a vulnerability where
an attac ...)
+ TODO: check
+CVE-2026-24209 (NVIDIA Triton Inference Server contains a vulnerability where
an attac ...)
+ TODO: check
+CVE-2026-24208 (NVIDIA Triton Inference Server contains a vulnerability where
an attac ...)
+ TODO: check
+CVE-2026-24207 (NVIDIA Triton Inference Server contains a vulnerability where
an attac ...)
+ TODO: check
+CVE-2026-24206 (NVIDIA Triton Inference Server contains a vulnerability where
an attac ...)
+ TODO: check
+CVE-2026-24163 (NVIDIA TRT-LLM for any platform contains a vulnerability in
RPC testin ...)
+ TODO: check
+CVE-2026-24160 (NVIDIA TRT-LLM for any platform contains a vulnerability where
an atta ...)
+ TODO: check
+CVE-2026-24142 (NVIDIA TRT-LLM for any platform contains a deserialization
vulnerabili ...)
+ TODO: check
+CVE-2025-70950 (An issue in gohttp commit 34ea51 allows attackers to execute a
directo ...)
+ TODO: check
+CVE-2025-61081 (In BYD Atto3, an attacker can obtain an authentication key
through Bru ...)
+ TODO: check
+CVE-2025-57798 (Joplin is an open source note-taking and to-do application
that organi ...)
+ TODO: check
+CVE-2025-51427 (An issue was discovered in ModelScope 1.25.0 allowing
attackers to exe ...)
+ TODO: check
+CVE-2025-40904 (A Stored HTML Injection vulnerability was discovered in the
Smart Poll ...)
+ TODO: check
+CVE-2025-40903 (A Stored HTML Injection vulnerability was discovered in the
Schedule R ...)
+ TODO: check
+CVE-2025-40902 (A Stored HTML Injection vulnerability was discovered in the
Users func ...)
+ TODO: check
+CVE-2025-40901 (A Stored HTML Injection vulnerability was discovered in the
Credential ...)
+ TODO: check
+CVE-2025-40900 (An Angular template injection vulnerability was discovered in
the Repo ...)
+ TODO: check
+CVE-2025-33255 (NVIDIA TRT-LLM for any platform contains a vulnerability in
MPI server ...)
+ TODO: check
+CVE-2025-15645 (Ledger Nano X, Flex, and Stax devices contain a denial of
service vuln ...)
+ TODO: check
+CVE-2025-15369 (The Xpro Addons \u2014 140+ Widgets for Elementor plugin for
WordPress ...)
+ TODO: check
+CVE-2025-14575 (An Uncontrolled Search Path Element vulnerability in the
OpenSSL TLS b ...)
+ TODO: check
+CVE-2024-36343 (Improper input validation in the System Management Mode (SMM)
communic ...)
+ TODO: check
+CVE-2023-7345 (Ledger Live with vulnerable versions of ledgerhq/hw-app-eth
prior to 6 ...)
+ TODO: check
CVE-2026-29518
- rsync 3.4.3+ds1-1
NOTE: https://download.samba.org/pub/rsync/NEWS#3.4.3
-CVE-2026-43617
+CVE-2026-43617 (Rsync version3.4.2 and prior contain an authorization bypass
vulnerabi ...)
- rsync 3.4.3+ds1-1
NOTE: https://download.samba.org/pub/rsync/NEWS#3.4.3
-CVE-2026-43618
+CVE-2026-43618 (Rsync version3.4.2 and prior contain an integer overflow
vulnerability ...)
- rsync 3.4.3+ds1-1
NOTE: https://download.samba.org/pub/rsync/NEWS#3.4.3
-CVE-2026-43619
+CVE-2026-43619 (Rsync version3.4.2 and prior contain symlink race condition
vulnerabil ...)
- rsync 3.4.3+ds1-1
NOTE: https://download.samba.org/pub/rsync/NEWS#3.4.3
-CVE-2026-43620
+CVE-2026-43620 (Rsync version3.4.2 and prior contain a receiver-side
out-of-bounds arr ...)
- rsync 3.4.3+ds1-1
NOTE: https://download.samba.org/pub/rsync/NEWS#3.4.3
-CVE-2026-45232
+CVE-2026-45232 (Rsync versions before 3.4.3 contain an off-by-one
out-of-bounds stack ...)
- rsync 3.4.3+ds1-1
NOTE: https://download.samba.org/pub/rsync/NEWS#3.4.3
-CVE-2026-5090
+CVE-2026-5090 (Template::Plugin::HTML versions through 3.102 for Perl allows
HTML and ...)
- libtemplate-perl <unfixed>
NOTE: https://lists.security.metacpan.org/cve-announce/msg/40218729/
NOTE: https://github.com/abw/Template2/issues/327
@@ -32,165 +434,165 @@ CVE-2026-46529
NOTE: Fixed by:
https://github.com/mate-desktop/atril/commit/b989b7922a454ed81f8bb14786a958828513f576
(1.28.4)
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/papers/-/commit/1b82bf627b4d8b414a57b55a9095e6d361799d6c
NOTE: No security impact in evince-gtk3 since affected code not built
in binary package.
-CVE-2026-8975
+CVE-2026-8975 (Memory safety bugs present in Thunderbird 140.10 and
Thunderbird 150. ...)
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8975
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8975
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8975
-CVE-2026-8974
+CVE-2026-8974 (Memory safety bugs present in Thunderbird 140.10 and
Thunderbird 150. ...)
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8974
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8974
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8974
-CVE-2026-8973
+CVE-2026-8973 (Memory safety bugs present in Thunderbird 150. Some of these
bugs show ...)
- firefox 151.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8973
-CVE-2026-8972
+CVE-2026-8972 (Privilege escalation in the WebRTC: Audio/Video component. This
vulner ...)
- firefox 151.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8972
-CVE-2026-8971
+CVE-2026-8971 (Same-origin policy bypass in the Networking: JAR component.
This vulne ...)
- firefox 151.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8971
-CVE-2026-8970
+CVE-2026-8970 (Privilege escalation in the Security component. This
vulnerability was ...)
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8970
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8970
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8970
-CVE-2026-8969
+CVE-2026-8969 (Mitigation bypass in the DOM: Security component. This
vulnerability w ...)
- firefox 151.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8969
-CVE-2026-8968
+CVE-2026-8968 (Denial-of-service due to invalid pointer in the Audio/Video:
Web Codec ...)
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8968
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8968
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8968
-CVE-2026-8967
+CVE-2026-8967 (Information disclosure in the Graphics: WebGPU component. This
vulnera ...)
- firefox 151.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8967
-CVE-2026-8966
+CVE-2026-8966 (Information disclosure in the IP Protection component. This
vulnerabil ...)
- firefox 151.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8966
-CVE-2026-8965
+CVE-2026-8965 (Information disclosure in the DOM: Security component. This
vulnerabil ...)
- firefox 151.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8965
-CVE-2026-8964
+CVE-2026-8964 (Spoofing issue in the Popup Blocker component. This
vulnerability was ...)
- firefox 151.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8964
-CVE-2026-8963
+CVE-2026-8963 (Spoofing issue in the Web Speech component. This vulnerability
was fix ...)
- firefox 151.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8963
-CVE-2026-8962
+CVE-2026-8962 (Mitigation bypass in the DOM: Security component. This
vulnerability w ...)
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8962
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8962
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8962
-CVE-2026-8961
+CVE-2026-8961 (Spoofing issue in the Form Autofill component. This
vulnerability was ...)
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8961
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8961
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8961
-CVE-2026-8960
+CVE-2026-8960 (Spoofing issue in WebExtensions. This vulnerability was fixed
in Firef ...)
- firefox 151.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8960
-CVE-2026-8959
+CVE-2026-8959 (Sandbox escape due to incorrect boundary conditions in the
Widget: Win ...)
- firefox <not-affected> (Only affects Firefox on Windows)
- firefox-esr <not-affected> (Only affects Firefox ESR on Windows)
- thunderbird <not-affected> (Only affects Thunderbird on Windows)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8959
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8959
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8959
-CVE-2026-8958
+CVE-2026-8958 (Information disclosure, sandbox escape in the Security: Process
Sandbo ...)
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8958
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8958
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8958
-CVE-2026-8957
+CVE-2026-8957 (Privilege escalation in the Enterprise Policies component. This
vulner ...)
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8957
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8957
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8957
-CVE-2026-8956
+CVE-2026-8956 (Integer overflow in the Networking: JAR component. This
vulnerability ...)
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8956
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8956
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8956
-CVE-2026-8955
+CVE-2026-8955 (Privilege escalation in the DOM: Workers component. This
vulnerability ...)
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8955
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8955
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8955
-CVE-2026-8954
+CVE-2026-8954 (Incorrect boundary conditions, integer overflow in the
Audio/Video com ...)
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8954
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8954
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8954
-CVE-2026-8953
+CVE-2026-8953 (Sandbox escape due to use-after-free in the Disability Access
APIs com ...)
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8953
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8953
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8953
-CVE-2026-8952
+CVE-2026-8952 (Privilege escalation in the Application Update component. This
vulnera ...)
- firefox 151.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8952
-CVE-2026-8951
+CVE-2026-8951 (Spoofing issue in the Toolbar component in Firefox for Android.
This v ...)
- firefox <not-affected> (Only affects Firefox on Android)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8951
-CVE-2026-8950
+CVE-2026-8950 (Same-origin policy bypass in the Networking: HTTP component.
This vuln ...)
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8950
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8950
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8950
-CVE-2026-8949
+CVE-2026-8949 (Integer overflow in the Widget: Win32 component. This
vulnerability wa ...)
- firefox <not-affected> (Only affects Firefox on Windows)
- firefox-esr <not-affected> (Only affects Firefox ESR on Windows)
- thunderbird <not-affected> (Only affects Thunderbird on Windows)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8949
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8949
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8949
-CVE-2026-8948
+CVE-2026-8948 (Same-origin policy bypass in the DOM: Networking component.
This vulne ...)
- firefox 151.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8948
-CVE-2026-8947
+CVE-2026-8947 (Use-after-free in the DOM: Bindings (WebIDL) component. This
vulnerabi ...)
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8947
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8947
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8947
-CVE-2026-8946
+CVE-2026-8946 (Incorrect boundary conditions in the Audio/Video: Web Codecs
component ...)
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8946
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8946
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8946
-CVE-2026-8945
+CVE-2026-8945 (Sandbox escape in Firefox and Firefox Focus for Android. This
vulnerab ...)
- firefox <not-affected> (Only affects Firefox on Android)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8945
CVE-2026-XXXX [VSV00019]
@@ -204,19 +606,19 @@ CVE-2026-41054 [haveged: missing exit out of permission
check could lead to root
NOTE: Introduced with:
https://github.com/jirka-h/haveged/commit/a2496c5de9af7e3ac3ef82a2257d14d8a0ac37fb
(1.9.3)
NOTE: Fixed by:
https://github.com/jirka-h/haveged/commit/3870de0270d3fa2067490ffa47491abde4ad69c6
(v1.9.21)
NOTE: Fixed by:
https://github.com/jirka-h/haveged/commit/bcd7e52bcf0068225b7ee84a1f85c9d72a787b54
(v1.9.21)
-CVE-2026-43493 [crypto: pcrypt - Fix handling of MAY_BACKLOG requests]
+CVE-2026-43493 (In the Linux kernel, the following vulnerability has been
resolved: c ...)
- linux 7.0.4-1
[trixie] - linux 6.12.86-1
NOTE:
https://git.kernel.org/linus/915b692e6cb723aac658c25eb82c58fd81235110 (7.1-rc1)
-CVE-2026-43492 [lib/crypto: mpi: Fix integer underflow in
mpi_read_raw_from_sgl()]
+CVE-2026-43492 (In the Linux kernel, the following vulnerability has been
resolved: l ...)
- linux 7.0.7-1
[trixie] - linux 6.12.88-1
NOTE:
https://git.kernel.org/linus/8c2f1288250a90a4b5cabed5d888d7e3aeed4035 (7.1-rc1)
-CVE-2026-43491 [net: qrtr: ns: Limit the maximum server registration per node]
+CVE-2026-43491 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 7.0.4-1
[trixie] - linux 6.12.86-1
NOTE:
https://git.kernel.org/linus/d5ee2ff98322337951c56398e79d51815acbf955 (7.1-rc1)
-CVE-2026-8851 (SOGo 5.12.7 contains a SQL injection vulnerability in the
Access Contr ...)
+CVE-2026-8851 (SOGo versions 5.12.7 and prior contains a SQL injection
vulnerability ...)
- sogo 5.12.8-1
NOTE:
https://github.com/Alinto/sogo/commit/f9b71059f4f382d7b337d16ce1257443ade43d02
(SOGo-5.12.8)
TODO: check correctness
@@ -339,7 +741,7 @@ CVE-2026-7302 (SGLangs multimodal generation runtime is
vulnerable to an unauthe
NOT-FOR-US: SGLang
CVE-2026-7301 (SGLangs multimodal generation runtime scheduler's ROUTER socket
binds ...)
NOT-FOR-US: SGLang
-CVE-2026-6902 (A vulnerability in Command-Line Client in P4 Server prior to
the 2025. ...)
+CVE-2026-6902 (A Remote Code Execution vulnerability in P4 (Helix Core)
Server's Comm ...)
NOT-FOR-US: Command-Line Client in P4 Server
CVE-2026-6347 (Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13,
11.4.x <= 1 ...)
- mattermost-server <itp> (bug #823556)
@@ -12792,6 +13194,7 @@ CVE-2018-25299 (Prime95 29.4b8 contains a local buffer
overflow vulnerability th
CVE-2018-25298 (Merge PACS 7.0 contains a cross-site request forgery
vulnerability tha ...)
NOT-FOR-US: Merge PACS
CVE-2026-5419
+ {DSA-6281-1}
- gnutls28 3.8.13-1 (bug #1135319)
NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-13
NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1815
@@ -12808,38 +13211,45 @@ CVE-2026-3832 (A flaw was found in gnutls. A remote
attacker could exploit this
NOTE: Fixed by:
https://gitlab.com/gnutls/gnutls/-/commit/731861b9de8dccaf7d3b0c1446833051e48670c2
(3.8.13)
NOTE: Test:
https://gitlab.com/gnutls/gnutls/-/commit/d52d5f4f383e8c5d8e9a03334f2421ff35d37d2e
(3.8.13)
CVE-2026-42015
+ {DSA-6281-1}
- gnutls28 3.8.13-1 (bug #1135319)
NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-11
NOTE: https://gitlab.com/gnutls/gnutls/-/work_items/1840
NOTE: Fixed by:
https://gitlab.com/gnutls/gnutls/-/commit/a3e7c50d3e1761e5ef1d4b225507cab8f2b2c3ca
(3.8.13)
CVE-2026-5260
+ {DSA-6281-1}
- gnutls28 3.8.13-1 (bug #1135319)
NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-10
NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1814
NOTE: Fixed by:
https://gitlab.com/gnutls/gnutls/-/commit/77228f2d1ac207d2f894e5a168fbb47e5378e42f
(3.8.13)
NOTE: Fixed by:
https://gitlab.com/gnutls/gnutls/-/commit/cf6bdc5e4df49e5583d3fb4d2296779785f10683
(3.8.13)
CVE-2026-42014
+ {DSA-6281-1}
- gnutls28 3.8.13-1 (bug #1135319)
NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-9
NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1766
NOTE: Fixed by:
https://gitlab.com/gnutls/gnutls/-/commit/3957f136e2ed23caf176a594b54b3827f5cef701
(3.8.13)
CVE-2026-42013
+ {DSA-6281-1}
- gnutls28 3.8.13-1 (bug #1135319)
NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-8
NOTE: https://gitlab.com/gnutls/gnutls/-/work_items/1825
NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1849
NOTE: Fixed by:
https://gitlab.com/gnutls/gnutls/-/commit/29801bef00ecc0f23c0bac4cd333b269cd2c1af4
(3.8.13)
CVE-2026-42012
+ {DSA-6281-1}
- gnutls28 3.8.13-1 (bug #1135319)
NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-7
NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1802
NOTE: Fixed by:
https://gitlab.com/gnutls/gnutls/-/commit/8dcc6a1f48945997666ac9f10896819edd01a03b
(3.8.13)
CVE-2026-42011 (A flaw was found in gnutls. This vulnerability occurs because
permitte ...)
+ {DSA-6281-1}
- gnutls28 3.8.13-1 (bug #1135319)
NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-6
NOTE: https://gitlab.com/gnutls/gnutls/-/work_items/1824
NOTE: Fixed by:
https://gitlab.com/gnutls/gnutls/-/commit/1dead2faec6320aaba321eb56f20d442df192b83
(3.8.13)
CVE-2026-3833 (A flaw was found in gnutls. This vulnerability occurs because
gnutls p ...)
+ {DSA-6281-1}
- gnutls28 3.8.13-1 (bug #1135319)
NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-5
NOTE: https://gitlab.com/gnutls/gnutls/-/work_items/1223
@@ -12847,22 +13257,26 @@ CVE-2026-3833 (A flaw was found in gnutls. This
vulnerability occurs because gnu
NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1852
NOTE: Fixed by:
https://gitlab.com/gnutls/gnutls/-/commit/19f6508647bdcd3ce21130201e484d7ca6d962c5
(3.8.13)
CVE-2026-42010 (A flaw was found in gnutls. Servers configured with RSA-PSK
(Rivest\u2 ...)
+ {DSA-6281-1}
- gnutls28 3.8.13-1 (bug #1135319)
NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-4
NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1850
NOTE: Fixed by:
https://gitlab.com/gnutls/gnutls/-/commit/cb1833afd9b6309563211b1c0a7c291f52ca98d5
(3.8.13)
CVE-2026-33845 (A flaw in GnuTLS DTLS handshake parsing allows malformed
fragments wit ...)
+ {DSA-6281-1}
- gnutls28 3.8.13-1 (bug #1135319)
NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-3
NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1811
NOTE: Fixed by:
https://gitlab.com/gnutls/gnutls/-/commit/e5b72c53c7d789d19d1d1cd10b275e87d0415413
(3.8.13)
CVE-2026-42009 (A flaw was found in gnutls. A remote attacker could exploit an
issue i ...)
+ {DSA-6281-1}
- gnutls28 3.8.13-1 (bug #1135319)
NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-2
NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1848
NOTE: Fixed by:
https://gitlab.com/gnutls/gnutls/-/commit/f01e21441e29052a6f0963840794c41d3b3ee66d
(3.8.13)
NOTE: Fixed by:
https://gitlab.com/gnutls/gnutls/-/commit/f341441fad91142897d83b44a175ffc8f925b76f
(3.8.13)
CVE-2026-33846 (A heap buffer overflow vulnerability exists in the DTLS
handshake frag ...)
+ {DSA-6281-1}
- gnutls28 3.8.13-1 (bug #1135319)
NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-1
NOTE: https://gitlab.com/gnutls/gnutls/-/work_items/1816
@@ -13689,7 +14103,7 @@ CVE-2026-23556
[bookworm] - xen <no-dsa> (Minor issue)
[bullseye] - xen <end-of-life> (EOLed in Bullseye)
NOTE: https://xenbits.xen.org/xsa/advisory-483.html
-CVE-2026-23557
+CVE-2026-23557 (Any guest can cause xenstored to crash by issuing a
XS_RESET_WATCHES c ...)
- xen <unfixed> (unimportant)
NOTE: https://xenbits.xen.org/xsa/advisory-484.html
NOTE: Debian uses the ocaml-based xenstored
@@ -13697,7 +14111,7 @@ CVE-2026-31786 (In the Linux kernel, the following
vulnerability has been resolv
{DSA-6243-1 DSA-6238-1 DLA-4561-1}
- linux 7.0.3-1
NOTE: https://xenbits.xen.org/xsa/advisory-485.html
-CVE-2026-23558
+CVE-2026-23558 (The adjustments made for XSA-379 as well as those subsequently
becomin ...)
- xen <unfixed>
[trixie] - xen <no-dsa> (Minor issue)
[bookworm] - xen <no-dsa> (Minor issue)
@@ -22176,7 +22590,7 @@ CVE-2026-40178 (ajenti.plugin.core defines all
necessary core elements to allow
- ajenti <itp> (bug #792019)
CVE-2026-40177 (ajenti.plugin.core defines all necessary core elements to
allow Ajenti ...)
- ajenti <itp> (bug #792019)
-CVE-2026-40175 (Axios is a promise based HTTP client for the browser and
Node.js. Prio ...)
+CVE-2026-40175 (Axios is a promise based HTTP client for the browser and
Node.js. Vers ...)
- node-axios 1.15.0-1
[trixie] - node-axios <no-dsa> (Minor issue)
[bookworm] - node-axios <no-dsa> (Minor issue)
@@ -38002,7 +38416,7 @@ CVE-2026-20996 (Use of a broken or risky cryptographic
algorithm in Smart Switch
NOT-FOR-US: Samsung Mobile
CVE-2026-20995 (Exposure of sensitive functionality to an unauthorized actor
in Smart ...)
NOT-FOR-US: Samsung Mobile
-CVE-2026-20994 (URL redirection in Samsung Account prior to version 15.5.01.1
allows r ...)
+CVE-2026-20994 (URL redirection in Samsung Account prior to version 15.5.01.1
allows l ...)
NOT-FOR-US: Samsung Mobile
CVE-2026-20993 (Improper export of android application components in Samsung
Assistant ...)
NOT-FOR-US: Samsung Mobile
@@ -676367,7 +676781,7 @@ CVE-2018-10628 (AVEVA InTouch 2014 R2 SP1 and prior,
InTouch 2017, InTouch 2017
NOT-FOR-US: AVEVA
CVE-2018-10627 (Echelon SmartServer 1 all versions, SmartServer 2 all versions
prior t ...)
NOT-FOR-US: Echelon
-CVE-2018-10626 (Medtronic MyCareLink Patient Monitor\u2019s update service
does not su ...)
+CVE-2018-10626 (Medtronic MyCareLink Patient Monitor\u2019s update servicedoes
not suf ...)
NOT-FOR-US: Medtronic
CVE-2018-10625
RESERVED
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/304be2803f9a1ad96a0bc4a0581629a5835cbc00
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/304be2803f9a1ad96a0bc4a0581629a5835cbc00
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
