Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 4ca774ab by security tracker role at 2026-06-02T07:13:20+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,317 @@ +CVE-2026-9050 (The Slider Revolution plugin for WordPress in versions 6.0.0-6.7.55 an ...) + TODO: check +CVE-2026-9048 (The Slider Revolution plugin for WordPress is vulnerable to Sensitive ...) + TODO: check +CVE-2026-8293 (The Really Simple Security WordPress plugin before 9.5.10.1 does not ...) + TODO: check +CVE-2026-8206 (The Kirki \u2013 Freeform Page Builder, Website Builder & Customizer p ...) + TODO: check +CVE-2026-49491 (Pixa Bank 2.0 contains an SQL injection vulnerability that allows unau ...) + TODO: check +CVE-2026-49433 (The DeepAI endpoint 'https://api.deepai.org/change_user_email' accepts ...) + TODO: check +CVE-2026-49140 (Nanobot prior to version 0.2.1 contains a denial of service vulnerabil ...) + TODO: check +CVE-2026-49139 (Nanobot prior to version 0.2.1 contains a server-side request forgery ...) + TODO: check +CVE-2026-49138 (Nanobot prior to version 0.2.1 contains a server-side request forgery ...) + TODO: check +CVE-2026-49136 (Banana Slides through 0.4.0, patched in commit e8bc490, contains a pat ...) + TODO: check +CVE-2026-49135 (CodexBar prior to 0.32.0 contains an insecure temporary file handling ...) + TODO: check +CVE-2026-49134 (CodexBar prior to 0.32.0 contains a privilege escalation vulnerability ...) + TODO: check +CVE-2026-40965 (Cloud Foundry UAA versions v76.12.0 through v78.12.0 are vulnerable to ...) + TODO: check +CVE-2026-40964 (Authentication Bypass in cf-auth-proxy in Cloud Foundry Foundation all ...) + TODO: check +CVE-2026-3871 (A buffer overflow vulnerability in the UPnP DeletePortMapping() comman ...) + TODO: check +CVE-2026-3870 (A buffer overflow vulnerability in the UPnP AddPortMapping() command i ...) + TODO: check +CVE-2026-3722 (The Auto Image Attributes From Filename With Bulk Updater (Add Alt Tex ...) + TODO: check +CVE-2026-3198 (MLflow 3.9.0 with basic-auth (`--app-name basic-auth`) fails to enforc ...) + TODO: check +CVE-2026-37234 (FlexRIC v2.0.0 allows a single SCTP connection to bind multiple xapp_i ...) + TODO: check +CVE-2026-28586 (In multiple functions of AppOpsService.java, there is a possible missi ...) + TODO: check +CVE-2026-28581 (In fixInitiatingUserIfNecessary of CallIntentProcessor.java, there is ...) + TODO: check +CVE-2026-28580 (In multiple functions, there is a possible desync in persistence due t ...) + TODO: check +CVE-2026-28578 (In multiple functions of DevicePolicyManagerService.java, there is a p ...) + TODO: check +CVE-2026-28577 (In addWindow of WindowManagerService.java, there is a possible tapjack ...) + TODO: check +CVE-2026-28511 (eLabFTW is an open source electronic lab notebook. Prior to version 5. ...) + TODO: check +CVE-2026-25879 (Langroid is a framework for building large-language-model-powered appl ...) + TODO: check +CVE-2026-25277 (Memory corruption while using Strongbox due to buffer overflow.) + TODO: check +CVE-2026-25276 (Memory corruption while using Strongbox due to missing bounds check.) + TODO: check +CVE-2026-25260 (Memory Corruption when accessing shared buffers without validation of ...) + TODO: check +CVE-2026-25259 (Memory corruption while processing multiple IOCTL command for escape o ...) + TODO: check +CVE-2026-25258 (Memory corruption while processing IOCTL calls for escape operations.) + TODO: check +CVE-2026-24782 (Kiteworks is a private data network (PDN). Prior to version 9.3.0,ulti ...) + TODO: check +CVE-2026-24761 (Kiteworks is a private data network (PDN). Prior to version 9.3.0, an ...) + TODO: check +CVE-2026-24756 (Kiteworks is a private data network (PDN). Prior to version 9.3.0, an ...) + TODO: check +CVE-2026-24755 (Kiteworks is a private data network (PDN). Prior to version 9.3.0, an ...) + TODO: check +CVE-2026-24754 (Kiteworks is a private data network (PDN). Prior to version 9.3.0, a s ...) + TODO: check +CVE-2026-24753 (Kiteworks is a private data network (PDN). Prior to version 9.3.0, an ...) + TODO: check +CVE-2026-24752 (Kiteworks is a private data network (PDN). Prior to version 9.3.0, a r ...) + TODO: check +CVE-2026-24751 (Kiteworks is a private data network (PDN). Prior to version 9.3.0, a r ...) + TODO: check +CVE-2026-24092 (Memory Corruption when processing fastboot commands to set display mod ...) + TODO: check +CVE-2026-24091 (Memory corruption while processing fastboot commands with improperly f ...) + TODO: check +CVE-2026-24090 (Cryptographic issue while processing partition table entries allows un ...) + TODO: check +CVE-2026-24089 (Memory corruption while processing fastboot commands with invalid inpu ...) + TODO: check +CVE-2026-24088 (Cryptographic Issue while processing a specific partition which allows ...) + TODO: check +CVE-2026-24087 (Memory corruption while processing fastboot OEM commands.) + TODO: check +CVE-2026-24085 (Memory Corruption when processing display command line information due ...) + TODO: check +CVE-2026-10583 (A security vulnerability has been detected in nextlevelbuilder GoClaw ...) + TODO: check +CVE-2026-10581 (A flaw has been found in DedeCMS 5.7.88. Affected by this vulnerabilit ...) + TODO: check +CVE-2026-10568 (A vulnerability was detected in itsourcecode Fees Management System 1. ...) + TODO: check +CVE-2026-10567 (A security vulnerability has been detected in 1Panel-dev CordysCRM up ...) + TODO: check +CVE-2026-10566 (A weakness has been identified in FoundationAgents MetaGPT up to 0.8.2 ...) + TODO: check +CVE-2026-10565 (A security flaw has been discovered in Open5GS up to 2.7.6. The impact ...) + TODO: check +CVE-2026-10559 (A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. ...) + TODO: check +CVE-2026-10558 (A vulnerability was detected in SourceCodester Pizzafy Ecommerce Syste ...) + TODO: check +CVE-2026-10550 (A weakness has been identified in elunez eladmin up to 2.7. This vulne ...) + TODO: check +CVE-2026-10548 (A security flaw has been discovered in NousResearch hermes-agent up to ...) + TODO: check +CVE-2026-10529 (A weakness has been identified in westboy CicadasCMS up to 2431154dac8 ...) + TODO: check +CVE-2026-10528 (A security flaw has been discovered in Orthanc DICOM Server up to 1.12 ...) + TODO: check +CVE-2026-10514 (A vulnerability has been found in 1Panel-dev CordysCRM up to 1.6.2. Th ...) + TODO: check +CVE-2026-10510 (Cross-Site Scripting (XSS) in GeniexWebView component in Transsion AI ...) + TODO: check +CVE-2026-10302 (A flaw has been found in itsourcecode Fees Management System 1.0. The ...) + TODO: check +CVE-2026-10301 (A vulnerability was detected in itsourcecode Fees Management System 1. ...) + TODO: check +CVE-2026-10300 (A security vulnerability has been detected in SGLang 0.5.10.post1. Imp ...) + TODO: check +CVE-2026-10299 (A weakness has been identified in code-projects Online Hospital Manage ...) + TODO: check +CVE-2026-10298 (A security flaw has been discovered in ggml-org whisper.cpp up to 1.8. ...) + TODO: check +CVE-2026-10297 (A vulnerability was identified in itsourcecode Fees Management System ...) + TODO: check +CVE-2026-10296 (A vulnerability was determined in itsourcecode Fees Management System ...) + TODO: check +CVE-2026-10295 (A vulnerability was found in SourceCodester Customer Review App 1.0. A ...) + TODO: check +CVE-2026-10294 (A vulnerability has been found in PackageKit up to 1.3.5. Affected is ...) + TODO: check +CVE-2026-10293 (A flaw has been found in UTT HiPER 1200GW up to 2.5.3-170306. This imp ...) + TODO: check +CVE-2026-10292 (A vulnerability was detected in UTT HiPER 1200GW up to 2.5.3-170306. T ...) + TODO: check +CVE-2026-10291 (A security vulnerability has been detected in Enderfga claw-orchestrat ...) + TODO: check +CVE-2026-10290 (A weakness has been identified in code-projects Hotel and Tourism Rese ...) + TODO: check +CVE-2026-10289 (A security flaw has been discovered in code-projects Hotel and Tourism ...) + TODO: check +CVE-2026-10288 (A vulnerability was identified in code-projects Hotel and Tourism Rese ...) + TODO: check +CVE-2026-10287 (A vulnerability was determined in SourceCodester SEO Meta Tag Extracto ...) + TODO: check +CVE-2026-10286 (A vulnerability was found in CodeAstro Payroll System 1.0. This affect ...) + TODO: check +CVE-2026-10285 (A vulnerability has been found in DevaslanPHP project-management up to ...) + TODO: check +CVE-2026-10284 (A flaw has been found in DevaslanPHP project-management up to 2.0.0-be ...) + TODO: check +CVE-2026-10100 (The Simple Custom Login Page plugin for WordPress is vulnerable to Sto ...) + TODO: check +CVE-2026-0100 (In Load of LoadedArsc.cpp, there is a possible out of bounds write due ...) + TODO: check +CVE-2026-0099 (In onNullBinding of HostEmulationManager.java, there is a possible way ...) + TODO: check +CVE-2026-0098 (In getCallingPackageName of Shared.java, there is a possible way to by ...) + TODO: check +CVE-2026-0097 (In multiple locations, there is a possible way to bypass user interact ...) + TODO: check +CVE-2026-0096 (In getAppLabel of ForgetDeviceDialogFragment.java, there is a possible ...) + TODO: check +CVE-2026-0095 (In l2c_fcr_clone_buf of l2c_fcr.cc, there is a possible way to trigger ...) + TODO: check +CVE-2026-0094 (In getApplicationLabel of KeyChainActivity.java, there is a possible w ...) + TODO: check +CVE-2026-0093 (In multiple locations, there is a possible misleading UI due to obfusc ...) + TODO: check +CVE-2026-0091 (In multiple locations, there is a possible way to execute code in the ...) + TODO: check +CVE-2026-0089 (In multiple functions of PackageInstallerService.java, there is a poss ...) + TODO: check +CVE-2026-0088 (In getCallingAppLabel of CertInstaller.java, there is a possible way t ...) + TODO: check +CVE-2026-0087 (In approvalLevelForDomainInternal of DomainVerificationService.java, t ...) + TODO: check +CVE-2026-0086 (In onCreate of DisableSupervisionActivity.kt, there is a possible way ...) + TODO: check +CVE-2026-0085 (In applySimpleFieldMaxSize of DataRowHandler.java, there is a possible ...) + TODO: check +CVE-2026-0080 (In multiple functions of ubsan_throwing_runtime.cpp, there is a possib ...) + TODO: check +CVE-2026-0079 (In multiple functions of ubsan_throwing_runtime.cpp, there is a possib ...) + TODO: check +CVE-2026-0078 (In setGlobalProxy of DevicePolicyManagerService.java, there is a possi ...) + TODO: check +CVE-2026-0077 (In resumeConfigurationDispatch of ActivityRecord.java, there is a poss ...) + TODO: check +CVE-2026-0076 (In validateNode of ResourceTypes.cpp, there is a possible out of bound ...) + TODO: check +CVE-2026-0075 (In multiple functions, there is a possible way to access the contacts ...) + TODO: check +CVE-2026-0074 (In getPreferredSize of LauncherProcessImageListener.kt, there is a pos ...) + TODO: check +CVE-2026-0070 (In multiple functions of DevicePolicyManagerService.java, there is a p ...) + TODO: check +CVE-2026-0069 (In verifySignature of ApkChecksums.java, there is a possible way to ca ...) + TODO: check +CVE-2026-0067 (In multiple functions of ubsan_throwing_runtime.cpp, there is a possib ...) + TODO: check +CVE-2026-0061 (In multiple functions of WindowState.java, there is a possible way to ...) + TODO: check +CVE-2026-0060 (In updateState of GraphicsDriverEnableAngleAsSystemDriverController.ja ...) + TODO: check +CVE-2026-0059 (In multiple functions of sdp_discovery.cc, there is a possible way to ...) + TODO: check +CVE-2026-0056 (In setTo of ResourceTypes.cpp, there is a possible read out of bounds ...) + TODO: check +CVE-2026-0055 (In createSessionInternal of PackageInstallerService.java, there is a p ...) + TODO: check +CVE-2026-0052 (In multiple functions of ubsan_throwing_runtime.cpp, there is a possib ...) + TODO: check +CVE-2026-0051 (In multiple functions of ubsan_throwing_runtime.cpp, there is a possib ...) + TODO: check +CVE-2026-0050 (In handleBondStateChanged of AdapterService.java, there is a possible ...) + TODO: check +CVE-2026-0048 (In hide of WindowState.java, there is a possible way to trick the user ...) + TODO: check +CVE-2026-0046 (In InputInterceptor of Letterbox.java, there is a possible way to tric ...) + TODO: check +CVE-2026-0045 (In bta_jv_rfcomm_connect of bta_jv_act.cc, there is a possible bypass ...) + TODO: check +CVE-2026-0044 (In multiple functions of ubsan_throwing_runtime.cpp, there is a possib ...) + TODO: check +CVE-2026-0043 (In multiple functions of ubsan_throwing_runtime.cpp, there is a possib ...) + TODO: check +CVE-2026-0042 (In multiple functions of ubsan_throwing_runtime.cpp, there is a possib ...) + TODO: check +CVE-2026-0041 (In multiple functions of ubsan_throwing_runtime.cpp, there is a possib ...) + TODO: check +CVE-2026-0040 (In multiple functions of ubsan_throwing_runtime.cpp, there is a possib ...) + TODO: check +CVE-2026-0039 (In multiple functions of ubsan_throwing_runtime.cpp, there is a possib ...) + TODO: check +CVE-2026-0036 (In startAnimation of StageCoordinator.java, there is a possible tapjac ...) + TODO: check +CVE-2026-0018 (In multiple functions of AccessibilityManagerService.java, there is a ...) + TODO: check +CVE-2026-0016 (In updateProvidersWhenServiceRemoved of CredentialManagerService.java, ...) + TODO: check +CVE-2026-0009 (In multiple locations, there is a possible tapjacking due to a logic e ...) + TODO: check +CVE-2025-70099 (A NULL pointer dereference in the ext4_dir_en_get_name_len function in ...) + TODO: check +CVE-2025-59614 (Memory Corruption when sending random number generator command with in ...) + TODO: check +CVE-2025-59613 (Memory Corruption when output buffer size is smaller than input buffer ...) + TODO: check +CVE-2025-59612 (Memory corruption in windows drivers while sending incorrect trusted a ...) + TODO: check +CVE-2025-59611 (Memory corruption in diagnostic services due to absence of input valid ...) + TODO: check +CVE-2025-59610 (Memory Corruption when processing IOCTL requests with mismatched API v ...) + TODO: check +CVE-2025-59609 (Information Disclosure when processing advertisement frames with malfo ...) + TODO: check +CVE-2025-59606 (Memory Corruption when writing to invalid memory locations occurs due ...) + TODO: check +CVE-2025-59605 (Memory Corruption when processing device identifier strings that excee ...) + TODO: check +CVE-2025-59604 (Memory Corruption when running a memory copy operation due to invalid ...) + TODO: check +CVE-2025-59601 (Information Disclosure when resetting device to factory default settin ...) + TODO: check +CVE-2025-48652 (In performPreInstallChecks of InstallRepository.kt, there is a possibl ...) + TODO: check +CVE-2025-48649 (In multiple locations, there is a possible way to reset user-selected ...) + TODO: check +CVE-2025-48648 (In isSameApp of NotificationManagerService.java, there is a possible p ...) + TODO: check +CVE-2025-48616 (In multiple functions of KeyguardViewMediator.java , there is a possib ...) + TODO: check +CVE-2025-48595 (In multiple locations, there is a possible way to achieve code executi ...) + TODO: check +CVE-2025-48570 (In multiple functions of PipTaskOrganizer.java, there is a possible wa ...) + TODO: check +CVE-2025-32348 (In multiple locations, there is a possible background activity launch ...) + TODO: check +CVE-2025-26418 (In setUserDisclaimerAcknowledged of CarDevicePolicyService.java, there ...) + TODO: check +CVE-2025-22426 (In many functions of ComputerEngine.java, there is a possible way to a ...) + TODO: check +CVE-2025-22424 (In multiple locations, there is a possible way to reveal images across ...) + TODO: check +CVE-2019-25718 (Dr\xe4ger Infinity Explorer C700 contains a privilege escalation vulne ...) + TODO: check +CVE-2019-25716 (Dr\xe4ger Infinity Delta, Delta XL, and Kappa patient monitors contain ...) + TODO: check +CVE-2018-25435 (ZeusCart 4.0 contains a cross-site request forgery vulnerability that ...) + TODO: check +CVE-2018-25434 (WP AutoSuggest 0.24 contains an SQL injection vulnerability that allow ...) + TODO: check +CVE-2018-25433 (Joomla Component JE Photo Gallery 1.1 contains an SQL injection vulner ...) + TODO: check +CVE-2018-25432 (Arm Whois 3.11 contains a buffer overflow vulnerability that allows lo ...) + TODO: check +CVE-2018-25431 (No-Cms 1.0 contains an SQL injection vulnerability in the order_by par ...) + TODO: check +CVE-2018-25430 (Paroiciel 11.20 contains an SQL injection vulnerability that allows au ...) + TODO: check +CVE-2018-25429 (Paroiciel 11.20 contains an SQL injection vulnerability that allows au ...) + TODO: check +CVE-2018-25428 (Paroiciel 11.20 contains an SQL injection vulnerability that allows un ...) + TODO: check +CVE-2018-25427 (Arm Whois 3.11 contains a stack-based buffer overflow vulnerability th ...) + TODO: check CVE-2026-XXXX [Font Alias Stack-based Buffer Overflow] - xorg-server <unfixed> - xwayland <unfixed> @@ -22286,7 +22600,7 @@ CVE-2018-25299 (Prime95 29.4b8 contains a local buffer overflow vulnerability th NOT-FOR-US: Prime95 CVE-2018-25298 (Merge PACS 7.0 contains a cross-site request forgery vulnerability tha ...) NOT-FOR-US: Merge PACS -CVE-2026-5419 +CVE-2026-5419 (A flaw was found in gnutls. The PKCS#7 padding check, performed during ...) {DSA-6281-1} - gnutls28 3.8.13-1 (bug #1135319) [bullseye] - gnutls28 <not-affected> (Vulnerable code introduced later) @@ -91234,7 +91548,7 @@ CVE-2025-48615 (In getComponentName of MediaButtonReceiverHolder.java, there is NOT-FOR-US: Android CVE-2025-48614 (In rebootWipeUserData of RecoverySystem.java, there is a possible way ...) NOT-FOR-US: Android -CVE-2025-48612 (In multiple locations, there is a possible way for an application on a ...) +CVE-2025-48612 (In setDefaultKey of DefaultPaymentSettings.java, there is a possible w ...) NOT-FOR-US: Android CVE-2025-48610 (In __pkvm_guest_relinquish_to_host of mem_protect.c, there is a possib ...) NOT-FOR-US: Android @@ -429923,8 +430237,8 @@ CVE-2021-46749 (Insufficient bounds checking in ASP (AMD Secure Processor) may a NOT-FOR-US: AMD CVE-2021-46748 (Insufficient bounds checking in the ASP (AMD Secure Processor) may all ...) NOT-FOR-US: AMD -CVE-2021-46747 - RESERVED +CVE-2021-46747 (Insufficient granularity of access control in ASP (AMD Secure Processo ...) + TODO: check CVE-2021-46746 (Lack of stack protection exploit mechanisms in ASP Secure OS Trusted E ...) NOT-FOR-US: AMD CVE-2021-46745 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4ca774ab81bb5949884ff1f0040f1f549551eeb2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4ca774ab81bb5949884ff1f0040f1f549551eeb2 You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
