Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
412106a2 by security tracker role at 2026-06-03T07:13:08+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,176 @@
-CVE-2026-27145
+CVE-2026-9732 (The EmergencyWP \u2013 Dead Man's switch & legacy deliverance
plugin f ...)
+ TODO: check
+CVE-2026-8936 (Fixed a VM panic caused by unbounded recursion in the grpcfuse
kernel ...)
+ TODO: check
+CVE-2026-8036 (Improper input validation in NI-PAL may allow a local
authenticated us ...)
+ TODO: check
+CVE-2026-8035 (Improper input validation in the NI-PAL kernel driver may allow
a loca ...)
+ TODO: check
+CVE-2026-7421 (The Passeum Ticketing plugin for WordPress is vulnerable to
Stored Cro ...)
+ TODO: check
+CVE-2026-5385 (An unauthenticated user with write access to the knowledge base
can st ...)
+ TODO: check
+CVE-2026-5076 (The ARMember Premium plugin for WordPress is vulnerable to an
insecure ...)
+ TODO: check
+CVE-2026-5074 (The ARMember Premium plugin for WordPress is vulnerable to SQL
Injecti ...)
+ TODO: check
+CVE-2026-5073 (The ARMember Premium plugin for WordPress is vulnerable to SQL
Injecti ...)
+ TODO: check
+CVE-2026-50052 (In Vinyl Cache before 9.0.1 and Varnish Cache before 9.0.3, a
deficien ...)
+ TODO: check
+CVE-2026-50031 (ipmi-oem in FreeIPMI before 1.6.18 has exploitable buffer
overflows on ...)
+ TODO: check
+CVE-2026-49448 (authentik is an open-source identity provider. Prior to
versions 2025. ...)
+ TODO: check
+CVE-2026-49443 (authentik is an open-source identity provider. Prior to
versions 2025. ...)
+ TODO: check
+CVE-2026-49144 (BrowserStack Runner through 0.9.5 contains a path traversal
vulnerabil ...)
+ TODO: check
+CVE-2026-49143 (BrowserStack Runner through 0.9.5 contains a remote code
execution vul ...)
+ TODO: check
+CVE-2026-49120 (Medplum before 5.1.14 contains a server-side request forgery
vulnerabi ...)
+ TODO: check
+CVE-2026-48682 (FastNetMon Community Edition through 1.2.9 contains an
out-of-bounds r ...)
+ TODO: check
+CVE-2026-48598 (Improper Encoding or Escaping of Output vulnerability in
elixir-tesla ...)
+ TODO: check
+CVE-2026-48597 (Allocation of Resources Without Limits or Throttling
vulnerability in ...)
+ TODO: check
+CVE-2026-48596 (Improper Neutralization of CRLF Sequences in HTTP Headers
('HTTP Reque ...)
+ TODO: check
+CVE-2026-48595 (Improper Handling of Case Sensitivity vulnerability in
elixir-tesla te ...)
+ TODO: check
+CVE-2026-48594 (Improper Handling of Highly Compressed Data (Data
Amplification) vulne ...)
+ TODO: check
+CVE-2026-47265 (AIOHTTP is an asynchronous HTTP client/server framework for
asyncio an ...)
+ TODO: check
+CVE-2026-47201 (authentik is an open-source identity provider. Prior to
versions 2025. ...)
+ TODO: check
+CVE-2026-45289 (CloudburstMC Protocol is a protocol library for Minecraft
Bedrock Edit ...)
+ TODO: check
+CVE-2026-44654 (LibreChat is an enhanced ChatGPT clone that supports multiple
AI provi ...)
+ TODO: check
+CVE-2026-44653 (LibreChat is an enhanced ChatGPT clone that supports multiple
AI provi ...)
+ TODO: check
+CVE-2026-42849 (authentik is an open-source identity provider. Prior to
versions 2025. ...)
+ TODO: check
+CVE-2026-42342 (React Router is a router for React. In versions 7.0.0 through
7.14.x o ...)
+ TODO: check
+CVE-2026-42211 (React Router is a router for React. In versions 7.0.0 through
7.14.1, ...)
+ TODO: check
+CVE-2026-42029
+ REJECTED
+CVE-2026-41577 (authentik is an open-source identity provider. Prior to
versions 2025. ...)
+ TODO: check
+CVE-2026-41569 (authentik is an open-source identity provider. Prior to
version 2026.2 ...)
+ TODO: check
+CVE-2026-41412 (alf.io is an open source ticket reservation system for
conferences, tr ...)
+ TODO: check
+CVE-2026-40181 (React Router is a router for React. In versions 7.0.0 through
7.14.0 a ...)
+ TODO: check
+CVE-2026-40108 (GLPI is a free asset and IT management software package. In
versions 1 ...)
+ TODO: check
+CVE-2026-38967 (CrowCpp Crow through v1.3.1 HTTP is vulnerable to response
header inje ...)
+ TODO: check
+CVE-2026-35482 (alf.io is an open source ticket reservation system for
conferences, tr ...)
+ TODO: check
+CVE-2026-35212 (OpenCTI is an open source platform for managing cyber threat
intellige ...)
+ TODO: check
+CVE-2026-35202 (Pterodactyl is a free, open-source game server management
panel. Prior ...)
+ TODO: check
+CVE-2026-35049 (wire-ios is an iOS client for the Wire secure messaging
application. P ...)
+ TODO: check
+CVE-2026-34993 (AIOHTTP is an asynchronous HTTP client/server framework for
asyncio an ...)
+ TODO: check
+CVE-2026-34077 (React Router is a router for React. In versions 7.7.0 through
7.13.1, ...)
+ TODO: check
+CVE-2026-33553 (Northern.tech CFEngine Enterprise 3.24.3 before 3.24.4 and
3.27.0 befo ...)
+ TODO: check
+CVE-2026-33245 (React Router is a router for React. In versions 7.7.0 through
7.13.1, ...)
+ TODO: check
+CVE-2026-32625 (LibreChat is an enhanced ChatGPT clone that supports multiple
AI provi ...)
+ TODO: check
+CVE-2026-31942 (LibreChat is an enhanced ChatGPT clone that supports multiple
AI provi ...)
+ TODO: check
+CVE-2026-30586 (Cross Site Scripting vulnerability in usememos Memos v.0.26.0
allows a ...)
+ TODO: check
+CVE-2026-28299 (SolarWinds Web Help Desk is found to be affected by a
denial-of-servic ...)
+ TODO: check
+CVE-2026-25861 (QloApps through 1.7.0, fixed in commit 64e9722, contains a
weak crypto ...)
+ TODO: check
+CVE-2026-1829 (The Content Visibility for Divi Builder plugin for WordPress is
vulner ...)
+ TODO: check
+CVE-2026-10719 (Out of bounds write in openSeaChest\u2019s
--showSupportedFormats in S ...)
+ TODO: check
+CVE-2026-10718 (Out of bounds write in openSeaChest\u2019s Trim/Unmap
operation in Sea ...)
+ TODO: check
+CVE-2026-10717 (Out of bounds write and reads
inopenSeaChest\u2019s--showSCSIDefectsin ...)
+ TODO: check
+CVE-2026-10705 (A flaw has been found in dask up to 3.0. Affected by this
issue is the ...)
+ TODO: check
+CVE-2026-10704 (A vulnerability was detected in SourceCodester Pizzafy
E-Commerce Syst ...)
+ TODO: check
+CVE-2026-10703 (A security vulnerability has been detected in EIPStackGroup
OpENer up ...)
+ TODO: check
+CVE-2026-10694 (A vulnerability was detected in SourceCodester Online Food
Ordering Sy ...)
+ TODO: check
+CVE-2026-10693 (A security vulnerability has been detected in SourceCodester
Online Bo ...)
+ TODO: check
+CVE-2026-10692 (A weakness has been identified in johnhuang316 code-index-mcp
up to 2. ...)
+ TODO: check
+CVE-2026-10691 (A security flaw has been discovered in wonderwhy-er
DesktopCommanderMC ...)
+ TODO: check
+CVE-2026-10690 (A vulnerability was identified in wonderwhy-er
DesktopCommanderMCP 0.2 ...)
+ TODO: check
+CVE-2026-10688 (A vulnerability was determined in ahujasid blender-mcp up to
7636d13bd ...)
+ TODO: check
+CVE-2026-10662 (A vulnerability was found in ahujasid blender-mcp up to
7636d13bded82e ...)
+ TODO: check
+CVE-2026-10661 (A vulnerability has been found in ahujasid blender-mcp up to
7636d13bd ...)
+ TODO: check
+CVE-2026-10650 (A flaw has been found in warmcat libwebsockets up to 4.5.8.
This issue ...)
+ TODO: check
+CVE-2026-10624 (A vulnerability has been found in SourceCodester Human
Resource Manage ...)
+ TODO: check
+CVE-2026-10620 (A flaw has been found in code-projects Student Admission
System 1.0. A ...)
+ TODO: check
+CVE-2026-10619 (A vulnerability was detected in sayan365
student-management-system up ...)
+ TODO: check
+CVE-2026-10617 (A security vulnerability has been detected in nextlevelbuilder
GoClaw ...)
+ TODO: check
+CVE-2026-10616 (A weakness has been identified in nextlevelbuilder GoClaw up
to 3.11.3 ...)
+ TODO: check
+CVE-2026-10608 (A security flaw has been discovered in DedeCMS 5.7.88. This
affects th ...)
+ TODO: check
+CVE-2026-10607 (A vulnerability was identified in DedeCMS 5.7.88. The impacted
element ...)
+ TODO: check
+CVE-2026-10584 (Proxy server in Graph Explorer before 3.0.1 falls back to HTTP
when ce ...)
+ TODO: check
+CVE-2025-64390 (A privilege escalation vulnerability exists in PlayStation 4
firmware ...)
+ TODO: check
+CVE-2025-15653 (Dr\xe4ger Zeus Infinity Empowered (Zeus IE) and Zeus RS C500
anesthesi ...)
+ TODO: check
+CVE-2024-14036 (Dr\xe4ger Core 1.0.5 and Dr\xe4ger M540 Converter Service
1.0.9 contai ...)
+ TODO: check
+CVE-2022-4992 (Dr\xe4ger Infinity Acute Care System and Standalone Infinity
M540 pati ...)
+ TODO: check
+CVE-2021-4481 (Dr\xe4ger Protector Software prior to version 6.4.2 contains a
local p ...)
+ TODO: check
+CVE-2021-4480 (Dr\xe4ger Protector Software prior to version 6.4.2 contains a
local p ...)
+ TODO: check
+CVE-2021-4479 (Dr\xe4ger Atlan A350 software versions 1.00 through 1.01
contains an i ...)
+ TODO: check
+CVE-2021-4478 (Dr\xe4ger CC-Vision Basic before 7.5.3 and Dr\xe4ger CC-Vision
E-Cal b ...)
+ TODO: check
+CVE-2019-25724 (Dr\xe4ger Infinity M300 patient worn monitors with software
version VG ...)
+ TODO: check
+CVE-2019-25723 (Dr\xe4ger Perseus A500 software versions 2.00 through 2.02
contains an ...)
+ TODO: check
+CVE-2019-25722 (Dr\xe4ger SC Monitoring devices (SC 6002XL, SC 6802XL, SC
7000, SC 800 ...)
+ TODO: check
+CVE-2019-25721 (Dr\xe4ger Infinity M300 patient worn monitors with software
version VG ...)
+ TODO: check
+CVE-2026-27145 ((*x509.Certificate).VerifyHostname previously called
matchHostnames in ...)
- golang-1.26 <unfixed>
- golang-1.25 <unfixed>
- golang-1.24 <removed>
@@ -7,7 +179,7 @@ CVE-2026-27145
NOTE: https://github.com/golang/go/issues/79694
NOTE:
https://github.com/golang/go/commit/ce5a3e718cac440defae617dc6ed72a6e94cd0af
(go1.26.4)
NOTE:
https://github.com/golang/go/commit/c5d18e479475e251c8593b1113fb53836117d5d3
(go1.25.11)
-CVE-2026-42507
+CVE-2026-42507 (When returning errors, functions in the net/textproto package
would in ...)
- golang-1.26 <unfixed>
- golang-1.25 <unfixed>
- golang-1.24 <removed>
@@ -16,7 +188,7 @@ CVE-2026-42507
NOTE: https://github.com/golang/go/issues/79346
NOTE:
https://github.com/golang/go/commit/ec1c380418ec6a0da28d4519872e2b81ba9152ba
(go1.26.4)
NOTE:
https://github.com/golang/go/commit/449dafea7264878e73acc58cbd330e0ee6630030
(go1.25.11)
-CVE-2026-42504
+CVE-2026-42504 (Decoding a maliciously-crafted MIME header containing many
invalid enc ...)
- golang-1.26 <unfixed>
- golang-1.25 <unfixed>
- golang-1.24 <removed>
@@ -30,10 +202,10 @@ CVE-2026-49975
NOTE: https://blog.calif.io/p/codex-discovered-a-hidden-http2-bomb
NOTE: https://github.com/icing/mod_h2/pull/324
NOTE:
https://github.com/icing/mod_h2/commit/35c6e405390ed361189a82acd96675401ea5947c
(v2.0.41)
-CVE-2026-10702
+CVE-2026-10702 (JIT miscompilation in the JavaScript Engine: JIT component.
This vulne ...)
- firefox 151.0.3-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-54/#CVE-2026-10702
-CVE-2026-10701
+CVE-2026-10701 (Incorrect boundary conditions in the Graphics: Text component.
This vu ...)
- firefox 151.0.3-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-54/#CVE-2026-10701
CVE-2026-9844 (Use of default credentials vulnerability in Roche Diagnostics
navify D ...)
@@ -1511,13 +1683,13 @@ CVE-2026-47187
NOTE:
https://github.com/libfuse/sshfs/security/advisories/GHSA-pjv6-2c3f-r357
NOTE: https://github.com/libfuse/sshfs/pull/361
NOTE: Fixed by:
https://github.com/libfuse/sshfs/commit/bcd132f17ccf1b8592a229df797c9b08883fec26
(sshfs-3.7.6)
-CVE-2026-9516 [BOM-shift PV-corruption SIGABRT]
+CVE-2026-9516 (Cpanel::JSON::XS versions before 4.41 for Perl allow denial of
service ...)
- libcpanel-json-xs-perl 4.41-1 (bug #1138273)
[trixie] - libcpanel-json-xs-perl <no-dsa> (Minor issue)
[bookworm] - libcpanel-json-xs-perl <no-dsa> (Minor issue)
NOTE: https://lists.security.metacpan.org/cve-announce/msg/40653165/
NOTE: Fixed by:
https://github.com/rurban/Cpanel-JSON-XS/commit/dfe1b41a36caba51dc12a2917fe50285d1ffaa7b
(4.41)
-CVE-2026-9334 [dupkeys_as_arrayref type confusion]
+CVE-2026-9334 (Cpanel::JSON::XS versions before 4.41 for Perl allow type
confusion vi ...)
- libcpanel-json-xs-perl 4.41-1 (bug #1138273)
[trixie] - libcpanel-json-xs-perl <no-dsa> (Minor issue)
[bookworm] - libcpanel-json-xs-perl <no-dsa> (Minor issue)
@@ -13779,7 +13951,7 @@ CVE-2026-40363 (Heap-based buffer overflow in Microsoft
Office allows an unautho
NOT-FOR-US: Microsoft
CVE-2026-40362 (Use after free in Microsoft Office Excel allows an
unauthorized attack ...)
NOT-FOR-US: Microsoft
-CVE-2026-40361 (Access of resource using incompatible type ('type confusion')
in Micro ...)
+CVE-2026-40361 (Use after free in Microsoft Office allows an unauthorized
attacker to ...)
NOT-FOR-US: Microsoft
CVE-2026-40360 (Out-of-bounds read in Microsoft Office Excel allows an
unauthorized at ...)
NOT-FOR-US: Microsoft
@@ -43569,7 +43741,7 @@ CVE-2026-33627 (Parse Server is an open source backend
that can be deployed to a
NOT-FOR-US: Parse Server
CVE-2026-33624 (Parse Server is an open source backend that can be deployed to
any inf ...)
NOT-FOR-US: Parse Server
-CVE-2026-33554 (ipmi-oem in FreeIPMI before 1.16.17 has exploitable buffer
overflows o ...)
+CVE-2026-33554 (ipmi-oem in FreeIPMI before 1.6.17 has exploitable buffer
overflows on ...)
- freeipmi 1.6.17-1 (bug #1132018)
[trixie] - freeipmi <no-dsa> (Minor issue)
[bookworm] - freeipmi <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/412106a2910d29ae7e1080b8747d84e299a798b9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/412106a2910d29ae7e1080b8747d84e299a798b9
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
