Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
cb6fa90c by security tracker role at 2026-05-22T19:20:25+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,173 @@
+CVE-2026-9291 (Insecure deserialization in the job results processing
component in Am ...)
+ TODO: check
+CVE-2026-9277 (shell-quote's `quote()` function did not validate object-token
inputs ...)
+ TODO: check
+CVE-2026-9256 (NGINX Plus and NGINX Open Source have a vulnerability in the
ngx_http_ ...)
+ TODO: check
+CVE-2026-9255 (Missing input source validation in the tool authorization
prompt in Ki ...)
+ TODO: check
+CVE-2026-9251 (Missing authorization in the entry status management feature in
Devolu ...)
+ TODO: check
+CVE-2026-9249 (Unverified password change in Devolutions Server allows an
attacker to ...)
+ TODO: check
+CVE-2026-9248 (Authorization bypass in the entry duplication feature in
Devolutions S ...)
+ TODO: check
+CVE-2026-9247 (Insufficient logging in the entry export feature in Devolutions
Server ...)
+ TODO: check
+CVE-2026-9246 (Improper access control in the entry documentation and
attachment feat ...)
+ TODO: check
+CVE-2026-9245 (Improper input validation in the external authentication
provider flow ...)
+ TODO: check
+CVE-2026-9224 (Missing authorization in the user profile update feature in
Devolution ...)
+ TODO: check
+CVE-2026-9223 (Missing authorization in the vault import feature in
Devolutions Serve ...)
+ TODO: check
+CVE-2026-9047 (Improper handling of factor key state in the multi-factor
authenticati ...)
+ TODO: check
+CVE-2026-9011 (The Ditty \u2013 Responsive News Tickers, Sliders, and Lists
plugin fo ...)
+ TODO: check
+CVE-2026-8997 (vifm is vulnerable to a heap buffer overflow during the history
merge ...)
+ TODO: check
+CVE-2026-8992 (An improper certificate validation vulnerability in Ivanti
Secure Acce ...)
+ TODO: check
+CVE-2026-8692 (The Vedrixa Forms \u2013 User Registration Form, Signup Form &
Drag & ...)
+ TODO: check
+CVE-2026-8684 (The MotoPress Hotel Booking plugin for WordPress is vulnerable
to auth ...)
+ TODO: check
+CVE-2026-8679 (The AudioIgniter plugin for WordPress is vulnerable to Insecure
Direct ...)
+ TODO: check
+CVE-2026-8673 (Unprotected transport of credentials vulnerability in syslink
software ...)
+ TODO: check
+CVE-2026-8672 (Use of default password vulnerability in syslink software AG
Avantra o ...)
+ TODO: check
+CVE-2026-8671 (Insertion of sensitive information into log file vulnerability
in sysl ...)
+ TODO: check
+CVE-2026-8670 (Insufficient session expiration vulnerability in syslink
software AG A ...)
+ TODO: check
+CVE-2026-8477 (Improper enforcement of the sealed-entry workflow in the entry
sensiti ...)
+ TODO: check
+CVE-2026-8381 (A broken access control vulnerability exists in the TeamViewer
DEX Pla ...)
+ TODO: check
+CVE-2026-8353 (Concrete CMS version 9.0 to 9.5.0 is vulnerable to Stored XSS
via page ...)
+ TODO: check
+CVE-2026-8347 (Concrete CMS 9.5.0 and below is vulnerable to IDOR +
wrong-authorizati ...)
+ TODO: check
+CVE-2026-8340 (Concrete CMS 9.5.0 and below is vulnerable to CSRF via
Backend\File::a ...)
+ TODO: check
+CVE-2026-7798 (The FluentCRM \u2013 Email Newsletter, Automation, Email
Marketing, Em ...)
+ TODO: check
+CVE-2026-7636 (The Slider by Soliloquy \u2013 Responsive Image Slider for
WordPress p ...)
+ TODO: check
+CVE-2026-7615 (The Widget Context plugin for WordPress is vulnerable to
Cross-Site Re ...)
+ TODO: check
+CVE-2026-7325 (Improper authorization in the Active Directory browsing feature
in Dev ...)
+ TODO: check
+CVE-2026-6406 (The Docker CLI --use-api-socket flag bypasses Enhanced
Container Isola ...)
+ TODO: check
+CVE-2026-5755 (Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.2, 11.5.x
<= 11.5 ...)
+ TODO: check
+CVE-2026-5740 (Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x
<= 11.4 ...)
+ TODO: check
+CVE-2026-5308 (Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x
<= 11.4 ...)
+ TODO: check
+CVE-2026-5171 (Improper access control in the entry activity log feature in
Devolutio ...)
+ TODO: check
+CVE-2026-5072 (A bitwise shift vulnerability in Zephyr's PTP subsystem allows
a remot ...)
+ TODO: check
+CVE-2026-4646 (Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x
<= 11.4 ...)
+ TODO: check
+CVE-2026-4635 (Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x
<= 11.4 ...)
+ TODO: check
+CVE-2026-48700 (An issue was discovered in all versions of PCManFM-Qt starting
from 1. ...)
+ TODO: check
+CVE-2026-46727 (An issue was discovered in Ruby 4 before 4.0.5. A race
condition leadi ...)
+ TODO: check
+CVE-2026-44930 (An LDAP injection vulnerability in the LDAP Certificate
repository of ...)
+ TODO: check
+CVE-2026-44618 (Insecure XML parser configuration in Apache CXF's WS-Transfer
module m ...)
+ TODO: check
+CVE-2026-44417 (The fix forCVE-2025-48913: Apache CXF: Untrusted JMS
configuration can ...)
+ TODO: check
+CVE-2026-42627 (In Arm ArmNN through 2026-03-27, an integer overflow in
TensorShape::G ...)
+ TODO: check
+CVE-2026-42626 (HP ENVY 5000 series printers VERBASPP1N003.2237A.00 do not
properly ma ...)
+ TODO: check
+CVE-2026-42506 (Parsing arbitrary HTML which is then rendered using Render can
result ...)
+ TODO: check
+CVE-2026-42502 (Parsing arbitrary HTML which is then rendered using Render can
result ...)
+ TODO: check
+CVE-2026-40172 (authentik is an open-source identity provider. In versions
prior to 20 ...)
+ TODO: check
+CVE-2026-40166 (authentik is an open-source identity provider. In versions
prior to 20 ...)
+ TODO: check
+CVE-2026-3636 (Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x
<= 11.4 ...)
+ TODO: check
+CVE-2026-3473 (Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x
<= 11.4 ...)
+ TODO: check
+CVE-2026-39970 (TypeBot is a chatbot builder tool. Versions 3.15.2 and prior
contain a ...)
+ TODO: check
+CVE-2026-39969 (TypeBot is a chatbot builder tool. In versions 3.16.0 and
prior, the W ...)
+ TODO: check
+CVE-2026-39968 (TypeBot is a chatbot builder tool. In versions 3.15.2 and
prior, the f ...)
+ TODO: check
+CVE-2026-39967 (TypeBot is a chatbot builder tool. In versions 3.15.2 and
prior, the b ...)
+ TODO: check
+CVE-2026-39966 (TypeBot is a chatbot builder tool. In versions 3.15.2, the
getLinkedTy ...)
+ TODO: check
+CVE-2026-39965 (TypeBot is a chatbot builder tool. Versions 3.15.2 and prior
contain a ...)
+ TODO: check
+CVE-2026-39964 (TypeBot is a chatbot builder tool. In versions prior to
3.16.0, the Ty ...)
+ TODO: check
+CVE-2026-39821 (The ToASCII and ToUnicode functions incorrectly accept
Punycode-encode ...)
+ TODO: check
+CVE-2026-37470 (An issue in ClipBucket v5 v.5.5.2 allows an attacker to
execute arbitr ...)
+ TODO: check
+CVE-2026-36228 (Buffer Overflow vulnerability in Easy Chat Server 3.1 allows a
remote ...)
+ TODO: check
+CVE-2026-36227 (Directory Traversal vulnerability in Easy Chat Server 3.1
allows a rem ...)
+ TODO: check
+CVE-2026-36226 (Cross Site Scripting vulnerability in Advantech
WebAccess/SCADA 8.0-20 ...)
+ TODO: check
+CVE-2026-34207 (TypeBot is a chatbot builder tool. In versions prior to
3.16.0, SSRF p ...)
+ TODO: check
+CVE-2026-33712 (Typebot is a chatbot builder tool. In versions 3.15.2 and
prior, the p ...)
+ TODO: check
+CVE-2026-32253 (Sunshine is a self-hosted game stream host for Moonlight. In
versions ...)
+ TODO: check
+CVE-2026-28735 (Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x
<= 11.4 ...)
+ TODO: check
+CVE-2026-28445 (Typebot is a chatbot builder tool. In versions 3.15.2 and
prior, the R ...)
+ TODO: check
+CVE-2026-28444 (Typebot is a chatbot builder tool. In versions 3.15.2 and
prior, the g ...)
+ TODO: check
+CVE-2026-27136 (Parsing arbitrary HTML which is then rendered using Render can
result ...)
+ TODO: check
+CVE-2026-25681 (Parsing arbitrary HTML which is then rendered using Render can
result ...)
+ TODO: check
+CVE-2026-25680 (Parsing arbitrary HTML can consume excessive CPU time,
possibly leadin ...)
+ TODO: check
+CVE-2026-25608 (STER uses unencrypted TCP traffic to transmit data over the
network. I ...)
+ TODO: check
+CVE-2026-25607 (Use of a weak password encoding algorithm in STER software
allows the ...)
+ TODO: check
+CVE-2026-25606 (A SQL injection vulnerability has been identified in STER.
Improper ne ...)
+ TODO: check
+CVE-2025-46371 (Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) a Use
of a Brok ...)
+ TODO: check
+CVE-2025-45145 (Directory traversal in Follett Software's Destiny Library
Manager 22_0 ...)
+ TODO: check
+CVE-2025-32751 (Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an
Insecure Sto ...)
+ TODO: check
+CVE-2025-32749 (Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an
Exposure of ...)
+ TODO: check
+CVE-2025-32747 (Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an
Incorrect Pr ...)
+ TODO: check
+CVE-2025-32746 (Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an
Insecure Sto ...)
+ TODO: check
+CVE-2025-32745 (Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an
Improper Cer ...)
+ TODO: check
+CVE-2025-26483 (Dell PowerFlex Manager, versions 4.6.2 and prior, contains an
Open Red ...)
+ TODO: check
CVE-2026-XXXX [starlette Ignore malformed Host header when constructing
request.url]
- starlette <unfixed>
NOTE: https://x41-dsec.de/lab/advisories/x41-2026-002-starlette/
@@ -1586,7 +1756,7 @@ CVE-2026-46529
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/papers/-/commit/1b82bf627b4d8b414a57b55a9095e6d361799d6c
NOTE: No security impact in evince-gtk3 since affected code not built
in binary package.
CVE-2026-8975 (Memory safety bugs present in Thunderbird 140.10 and
Thunderbird 150. ...)
- {DSA-6288-1 DSA-6283-1 DLA-4592-1}
+ {DSA-6288-1 DSA-6283-1 DLA-4594-1 DLA-4592-1}
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird 1:140.11.0esr-1
@@ -1594,7 +1764,7 @@ CVE-2026-8975 (Memory safety bugs present in Thunderbird
140.10 and Thunderbird
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8975
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8975
CVE-2026-8974 (Memory safety bugs present in Thunderbird 140.10 and
Thunderbird 150. ...)
- {DSA-6288-1 DSA-6283-1 DLA-4592-1}
+ {DSA-6288-1 DSA-6283-1 DLA-4594-1 DLA-4592-1}
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird 1:140.11.0esr-1
@@ -1611,7 +1781,7 @@ CVE-2026-8971 (Same-origin policy bypass in the
Networking: JAR component. This
- firefox 151.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8971
CVE-2026-8970 (Privilege escalation in the Security component. This
vulnerability was ...)
- {DSA-6288-1 DSA-6283-1 DLA-4592-1}
+ {DSA-6288-1 DSA-6283-1 DLA-4594-1 DLA-4592-1}
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird 1:140.11.0esr-1
@@ -1622,7 +1792,7 @@ CVE-2026-8969 (Mitigation bypass in the DOM: Security
component. This vulnerabil
- firefox 151.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8969
CVE-2026-8968 (Denial-of-service due to invalid pointer in the Audio/Video:
Web Codec ...)
- {DSA-6288-1 DSA-6283-1 DLA-4592-1}
+ {DSA-6288-1 DSA-6283-1 DLA-4594-1 DLA-4592-1}
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird 1:140.11.0esr-1
@@ -1645,7 +1815,7 @@ CVE-2026-8963 (Spoofing issue in the Web Speech
component. This vulnerability wa
- firefox 151.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8963
CVE-2026-8962 (Mitigation bypass in the DOM: Security component. This
vulnerability w ...)
- {DSA-6288-1 DSA-6283-1 DLA-4592-1}
+ {DSA-6288-1 DSA-6283-1 DLA-4594-1 DLA-4592-1}
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird 1:140.11.0esr-1
@@ -1653,7 +1823,7 @@ CVE-2026-8962 (Mitigation bypass in the DOM: Security
component. This vulnerabil
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8962
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8962
CVE-2026-8961 (Spoofing issue in the Form Autofill component. This
vulnerability was ...)
- {DSA-6288-1 DSA-6283-1 DLA-4592-1}
+ {DSA-6288-1 DSA-6283-1 DLA-4594-1 DLA-4592-1}
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird 1:140.11.0esr-1
@@ -1671,7 +1841,7 @@ CVE-2026-8959 (Sandbox escape due to incorrect boundary
conditions in the Widget
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8959
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8959
CVE-2026-8958 (Information disclosure, sandbox escape in the Security: Process
Sandbo ...)
- {DSA-6288-1 DSA-6283-1 DLA-4592-1}
+ {DSA-6288-1 DSA-6283-1 DLA-4594-1 DLA-4592-1}
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird 1:140.11.0esr-1
@@ -1679,7 +1849,7 @@ CVE-2026-8958 (Information disclosure, sandbox escape in
the Security: Process S
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8958
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8958
CVE-2026-8957 (Privilege escalation in the Enterprise Policies component. This
vulner ...)
- {DSA-6288-1 DSA-6283-1 DLA-4592-1}
+ {DSA-6288-1 DSA-6283-1 DLA-4594-1 DLA-4592-1}
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird 1:140.11.0esr-1
@@ -1687,7 +1857,7 @@ CVE-2026-8957 (Privilege escalation in the Enterprise
Policies component. This v
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8957
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8957
CVE-2026-8956 (Integer overflow in the Networking: JAR component. This
vulnerability ...)
- {DSA-6288-1 DSA-6283-1 DLA-4592-1}
+ {DSA-6288-1 DSA-6283-1 DLA-4594-1 DLA-4592-1}
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird 1:140.11.0esr-1
@@ -1695,7 +1865,7 @@ CVE-2026-8956 (Integer overflow in the Networking: JAR
component. This vulnerabi
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8956
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8956
CVE-2026-8955 (Privilege escalation in the DOM: Workers component. This
vulnerability ...)
- {DSA-6288-1 DSA-6283-1 DLA-4592-1}
+ {DSA-6288-1 DSA-6283-1 DLA-4594-1 DLA-4592-1}
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird 1:140.11.0esr-1
@@ -1703,7 +1873,7 @@ CVE-2026-8955 (Privilege escalation in the DOM: Workers
component. This vulnerab
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8955
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8955
CVE-2026-8954 (Incorrect boundary conditions, integer overflow in the
Audio/Video com ...)
- {DSA-6288-1 DSA-6283-1 DLA-4592-1}
+ {DSA-6288-1 DSA-6283-1 DLA-4594-1 DLA-4592-1}
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird 1:140.11.0esr-1
@@ -1711,7 +1881,7 @@ CVE-2026-8954 (Incorrect boundary conditions, integer
overflow in the Audio/Vide
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8954
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8954
CVE-2026-8953 (Sandbox escape due to use-after-free in the Disability Access
APIs com ...)
- {DSA-6288-1 DSA-6283-1 DLA-4592-1}
+ {DSA-6288-1 DSA-6283-1 DLA-4594-1 DLA-4592-1}
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird 1:140.11.0esr-1
@@ -1725,7 +1895,7 @@ CVE-2026-8951 (Spoofing issue in the Toolbar component in
Firefox for Android. T
- firefox <not-affected> (Only affects Firefox on Android)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8951
CVE-2026-8950 (Same-origin policy bypass in the Networking: HTTP component.
This vuln ...)
- {DSA-6288-1 DSA-6283-1 DLA-4592-1}
+ {DSA-6288-1 DSA-6283-1 DLA-4594-1 DLA-4592-1}
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird 1:140.11.0esr-1
@@ -1743,7 +1913,7 @@ CVE-2026-8948 (Same-origin policy bypass in the DOM:
Networking component. This
- firefox 151.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8948
CVE-2026-8947 (Use-after-free in the DOM: Bindings (WebIDL) component. This
vulnerabi ...)
- {DSA-6288-1 DSA-6283-1 DLA-4592-1}
+ {DSA-6288-1 DSA-6283-1 DLA-4594-1 DLA-4592-1}
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird 1:140.11.0esr-1
@@ -1751,7 +1921,7 @@ CVE-2026-8947 (Use-after-free in the DOM: Bindings
(WebIDL) component. This vuln
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8947
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8947
CVE-2026-8946 (Incorrect boundary conditions in the Audio/Video: Web Codecs
component ...)
- {DSA-6288-1 DSA-6283-1 DLA-4592-1}
+ {DSA-6288-1 DSA-6283-1 DLA-4594-1 DLA-4592-1}
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird 1:140.11.0esr-1
@@ -5012,7 +5182,7 @@ CVE-2026-8429 (SPIP versions prior to 4.4.14 contain a
remote code execution vul
CVE-2026-8407 (Missing authorization in the PAM module in Devolutions Server
allows a ...)
NOT-FOR-US: Devolutions
CVE-2026-8401 (Sandbox escape in the Profile Backup component. This
vulnerability was ...)
- {DSA-6288-1 DSA-6283-1 DLA-4592-1}
+ {DSA-6288-1 DSA-6283-1 DLA-4594-1 DLA-4592-1}
- firefox 150.0.3-1
- firefox-esr 140.11.0esr-1
- thunderbird 1:140.11.0esr-1
@@ -5020,7 +5190,7 @@ CVE-2026-8401 (Sandbox escape in the Profile Backup
component. This vulnerabilit
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8401
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8401
CVE-2026-8391 (Other issue in the JavaScript Engine component. This
vulnerability was ...)
- {DSA-6288-1 DSA-6283-1 DLA-4592-1}
+ {DSA-6288-1 DSA-6283-1 DLA-4594-1 DLA-4592-1}
- firefox 150.0.3-1
- firefox-esr 140.11.0esr-1
- thunderbird 1:140.11.0esr-1
@@ -5034,7 +5204,7 @@ CVE-2026-8389 (JIT miscompilation in the JavaScript
Engine: JIT component. This
- firefox 150.0.3-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-45/#CVE-2026-8389
CVE-2026-8388 (Incorrect boundary conditions in the JavaScript Engine: JIT
component. ...)
- {DSA-6288-1 DSA-6283-1 DLA-4592-1}
+ {DSA-6288-1 DSA-6283-1 DLA-4594-1 DLA-4592-1}
- firefox 150.0.3-1
- firefox-esr 140.11.0esr-1
- thunderbird 1:140.11.0esr-1
@@ -14465,45 +14635,45 @@ CVE-2026-3832 (A flaw was found in gnutls. A remote
attacker could exploit this
NOTE: Fixed by:
https://gitlab.com/gnutls/gnutls/-/commit/731861b9de8dccaf7d3b0c1446833051e48670c2
(3.8.13)
NOTE: Test:
https://gitlab.com/gnutls/gnutls/-/commit/d52d5f4f383e8c5d8e9a03334f2421ff35d37d2e
(3.8.13)
CVE-2026-42015
- {DSA-6281-1}
+ {DSA-6281-1 DLA-4595-1}
- gnutls28 3.8.13-1 (bug #1135319)
NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-11
NOTE: https://gitlab.com/gnutls/gnutls/-/work_items/1840
NOTE: Fixed by:
https://gitlab.com/gnutls/gnutls/-/commit/a3e7c50d3e1761e5ef1d4b225507cab8f2b2c3ca
(3.8.13)
CVE-2026-5260
- {DSA-6281-1}
+ {DSA-6281-1 DLA-4595-1}
- gnutls28 3.8.13-1 (bug #1135319)
NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-10
NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1814
NOTE: Fixed by:
https://gitlab.com/gnutls/gnutls/-/commit/77228f2d1ac207d2f894e5a168fbb47e5378e42f
(3.8.13)
NOTE: Fixed by:
https://gitlab.com/gnutls/gnutls/-/commit/cf6bdc5e4df49e5583d3fb4d2296779785f10683
(3.8.13)
CVE-2026-42014
- {DSA-6281-1}
+ {DSA-6281-1 DLA-4595-1}
- gnutls28 3.8.13-1 (bug #1135319)
NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-9
NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1766
NOTE: Fixed by:
https://gitlab.com/gnutls/gnutls/-/commit/3957f136e2ed23caf176a594b54b3827f5cef701
(3.8.13)
CVE-2026-42013
- {DSA-6281-1}
+ {DSA-6281-1 DLA-4595-1}
- gnutls28 3.8.13-1 (bug #1135319)
NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-8
NOTE: https://gitlab.com/gnutls/gnutls/-/work_items/1825
NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1849
NOTE: Fixed by:
https://gitlab.com/gnutls/gnutls/-/commit/29801bef00ecc0f23c0bac4cd333b269cd2c1af4
(3.8.13)
CVE-2026-42012
- {DSA-6281-1}
+ {DSA-6281-1 DLA-4595-1}
- gnutls28 3.8.13-1 (bug #1135319)
NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-7
NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1802
NOTE: Fixed by:
https://gitlab.com/gnutls/gnutls/-/commit/8dcc6a1f48945997666ac9f10896819edd01a03b
(3.8.13)
CVE-2026-42011 (A flaw was found in gnutls. This vulnerability occurs because
permitte ...)
- {DSA-6281-1}
+ {DSA-6281-1 DLA-4595-1}
- gnutls28 3.8.13-1 (bug #1135319)
NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-6
NOTE: https://gitlab.com/gnutls/gnutls/-/work_items/1824
NOTE: Fixed by:
https://gitlab.com/gnutls/gnutls/-/commit/1dead2faec6320aaba321eb56f20d442df192b83
(3.8.13)
CVE-2026-3833 (A flaw was found in gnutls. This vulnerability occurs because
gnutls p ...)
- {DSA-6281-1}
+ {DSA-6281-1 DLA-4595-1}
- gnutls28 3.8.13-1 (bug #1135319)
NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-5
NOTE: https://gitlab.com/gnutls/gnutls/-/work_items/1223
@@ -14511,27 +14681,27 @@ CVE-2026-3833 (A flaw was found in gnutls. This
vulnerability occurs because gnu
NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1852
NOTE: Fixed by:
https://gitlab.com/gnutls/gnutls/-/commit/19f6508647bdcd3ce21130201e484d7ca6d962c5
(3.8.13)
CVE-2026-42010 (A flaw was found in gnutls. Servers configured with RSA-PSK
(Rivest\u2 ...)
- {DSA-6281-1}
+ {DSA-6281-1 DLA-4595-1}
- gnutls28 3.8.13-1 (bug #1135319)
NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-4
NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1850
NOTE: Fixed by:
https://gitlab.com/gnutls/gnutls/-/commit/cb1833afd9b6309563211b1c0a7c291f52ca98d5
(3.8.13)
NOTE: Introduced with:
https://gitlab.com/gnutls/gnutls/-/commit/d00638997fa269a975095d852633b48b2b64fbf9
(3.6.13)
CVE-2026-33845 (A flaw in GnuTLS DTLS handshake parsing allows malformed
fragments wit ...)
- {DSA-6281-1}
+ {DSA-6281-1 DLA-4595-1}
- gnutls28 3.8.13-1 (bug #1135319)
NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-3
NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1811
NOTE: Fixed by:
https://gitlab.com/gnutls/gnutls/-/commit/e5b72c53c7d789d19d1d1cd10b275e87d0415413
(3.8.13)
CVE-2026-42009 (A flaw was found in gnutls. A remote attacker could exploit an
issue i ...)
- {DSA-6281-1}
+ {DSA-6281-1 DLA-4595-1}
- gnutls28 3.8.13-1 (bug #1135319)
NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-2
NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1848
NOTE: Fixed by:
https://gitlab.com/gnutls/gnutls/-/commit/f01e21441e29052a6f0963840794c41d3b3ee66d
(3.8.13)
NOTE: Fixed by:
https://gitlab.com/gnutls/gnutls/-/commit/f341441fad91142897d83b44a175ffc8f925b76f
(3.8.13)
CVE-2026-33846 (A heap buffer overflow vulnerability exists in the DTLS
handshake frag ...)
- {DSA-6281-1}
+ {DSA-6281-1 DLA-4595-1}
- gnutls28 3.8.13-1 (bug #1135319)
NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-1
NOTE: https://gitlab.com/gnutls/gnutls/-/work_items/1816
@@ -404463,8 +404633,8 @@ CVE-2022-34365 (WMS 3.7 contains a Path Traversal
Vulnerability in Device API. A
NOT-FOR-US: Dell
CVE-2022-34364 (Dell BSAFE SSL-J, versions before 6.5 and version 7.0 contain
a debug ...)
NOT-FOR-US: Dell
-CVE-2022-34363
- RESERVED
+CVE-2022-34363 (Dell Unisphere for PowerMax vApp version prior to 10.0.0.2,
contains a ...)
+ TODO: check
CVE-2022-2193 (Insecure Direct Object Reference vulnerability in HYPR Server
before v ...)
NOT-FOR-US: HYPR
CVE-2022-2192 (Forced Browsing vulnerability in HYPR Server version 6.10 to
6.15.1 al ...)
@@ -413092,8 +413262,8 @@ CVE-2022-31233 (Unisphere for PowerMax versions
before 9.2.3.15 contain a privil
NOT-FOR-US: Dell
CVE-2022-31232 (SmartFabric storage software version 1.0.0 contains a
Command-Injectio ...)
NOT-FOR-US: SmartFabric storage software
-CVE-2022-31231
- RESERVED
+CVE-2022-31231 (Dell ECS, versions 3.5 and 3.6, contain an Improper Access
Control in ...)
+ TODO: check
CVE-2022-31230 (Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain broken or
risky c ...)
NOT-FOR-US: Dell
CVE-2022-31229 (Dell PowerScale OneFS, 8.2.x through 9.3.0.x, contain an error
message ...)
@@ -509953,8 +510123,8 @@ CVE-2021-21510 (Dell iDRAC8 versions prior to
2.75.100.75 contain a host header
NOT-FOR-US: Dell iDRAC8
CVE-2021-21509
RESERVED
-CVE-2021-21508
- RESERVED
+CVE-2021-21508 (Dell VxRail versions before 7.0.200 contain a Plain-text
Password Stor ...)
+ TODO: check
CVE-2021-21507 (Dell EMC Networking X-Series firmware versions prior to
3.0.1.8 and De ...)
NOT-FOR-US: EMC
CVE-2021-21506 (PowerScale OneFS 8.1.2,8.2.2 and 9.1.0 contains an improper
input sani ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cb6fa90c6ddc7396c0b6cc310891e9013144f0ae
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cb6fa90c6ddc7396c0b6cc310891e9013144f0ae
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
