Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
682bda6d by security tracker role at 2026-06-03T19:12:57+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,174 @@
-CVE-2026-3276
+CVE-2026-8889 (Version 3.0.7 of the Securly Chrome Extension uses deprecated
SHA-1 ha ...)
+ TODO: check
+CVE-2026-8888 (Version 3.0.7 of the Securly Chrome Extension downloads
config.json ov ...)
+ TODO: check
+CVE-2026-8881 (Version 3.0.7 of the Securly Chrome Extension uses
EVP_BytesToKey key ...)
+ TODO: check
+CVE-2026-8879 (Version 3.0.7 of the Securly Chrome Extension dynamically
registers co ...)
+ TODO: check
+CVE-2026-8878 (Version 3.0.7 of the Securly Chrome Extension exposes multiple
publicl ...)
+ TODO: check
+CVE-2026-8876 (Version 3.0.7 of the Securly Chrome Extension contains
hardcoded, plai ...)
+ TODO: check
+CVE-2026-8874 (Version 3.0.7 of the Securly Chrome Extension downloads JSON
files con ...)
+ TODO: check
+CVE-2026-7888 (Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection
via uns ...)
+ TODO: check
+CVE-2026-6657 (A vulnerability in jupyter-server versions 1.12.0 through
2.17.0 allow ...)
+ TODO: check
+CVE-2026-5241 (A vulnerability in the LightGlue model loading path of
huggingface/tra ...)
+ TODO: check
+CVE-2026-5078 (Impact: The morgan logging middleware's :remote-user token
extracts th ...)
+ TODO: check
+CVE-2026-4035 (A vulnerability in mlflow/mlflow versions prior to 3.11.0
allows for t ...)
+ TODO: check
+CVE-2026-47325 (ProjectsAndPrograms school-management-systemuses predictable
credentia ...)
+ TODO: check
+CVE-2026-47324 (ProjectsAndPrograms school-management-system is vulnerable to
Stored C ...)
+ TODO: check
+CVE-2026-47065 (ZDRES-232: resolveProxyClass Not Overridden - acceptMatchers
Filter By ...)
+ TODO: check
+CVE-2026-45702 (OP-TEE is a Trusted Execution Environment (TEE) designed as
companion ...)
+ TODO: check
+CVE-2026-45614 (OP-TEE is a Trusted Execution Environment (TEE) designed as
companion ...)
+ TODO: check
+CVE-2026-44546 (daphne before 4.2.2 reconstructs a raw HTTP request from
Twisted's par ...)
+ TODO: check
+CVE-2026-44545 (daphne before 4.2.2 did not pass maxFramePayloadSize or
maxMessagePayl ...)
+ TODO: check
+CVE-2026-44281 (GLPI is a free asset and IT management software package.
Starting in v ...)
+ TODO: check
+CVE-2026-42840 (An authenticated user can persist arbitrary HTML/JavaScript in
the ema ...)
+ TODO: check
+CVE-2026-42839 (An authenticated ERPNext user with Item record edit
permissions can pe ...)
+ TODO: check
+CVE-2026-42321 (GLPI is a free asset and IT management software package.
Starting in v ...)
+ TODO: check
+CVE-2026-42320 (GLPI is a free asset and IT management software package.
Starting in v ...)
+ TODO: check
+CVE-2026-42318 (GLPI is a free asset and IT management software package.
Starting in v ...)
+ TODO: check
+CVE-2026-42317 (GLPI is a free asset and IT management software package.
Starting in v ...)
+ TODO: check
+CVE-2026-41032 (It is possible for an unauthenticated adjacent attacker to
download lo ...)
+ TODO: check
+CVE-2026-40290 (OP-TEE is a Trusted Execution Environment (TEE) designed as
companion ...)
+ TODO: check
+CVE-2026-39107 (A Cross Site Scripting vulnerability exists in the Kimi AI
v1.0 web in ...)
+ TODO: check
+CVE-2026-37462 (An integer underflow in the BGPUpdate.DecodeFromBytes function
(/bgp/b ...)
+ TODO: check
+CVE-2026-37460 (Missing input validation in the rfapiRibBi2Ri() function
(rfapi_rib.c) ...)
+ TODO: check
+CVE-2026-36748 (RockRMS v16.13 and before v.17.7.0 is vulnerable to Cross Site
Scripti ...)
+ TODO: check
+CVE-2026-36618 (Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909
responds to v ...)
+ TODO: check
+CVE-2026-36616 (Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909
contains hard ...)
+ TODO: check
+CVE-2026-36615 (Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909
exposes an un ...)
+ TODO: check
+CVE-2026-36613 (Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909
returns 128 b ...)
+ TODO: check
+CVE-2026-36612 (Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909
enables WPS 2 ...)
+ TODO: check
+CVE-2026-36611 (Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909
returns 128 b ...)
+ TODO: check
+CVE-2026-36610 (Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909
transmits DDN ...)
+ TODO: check
+CVE-2026-36609 (Mercusys AC12G (EU) V1 router with firmware
AC12G(EU)_V1_200909 uses a ...)
+ TODO: check
+CVE-2026-36608 (Mercusys AC12G (EU) V1 router with firmware
AC12G(EU)_V1_200909 allows ...)
+ TODO: check
+CVE-2026-36607 (Mercusys AC12G (EU) V1 router with firmware
AC12G(EU)_V1_200909 allows ...)
+ TODO: check
+CVE-2026-36606 (Mercusys AC12G (EU) V1 router with firmware
AC12G(EU)_V1_200909 encryp ...)
+ TODO: check
+CVE-2026-36605 (Mercusys AC12G (EU) V1 router with firmware
AC12G(EU)_V1_200909 is vul ...)
+ TODO: check
+CVE-2026-36604 (Mercusys AC12G (EU) V1 router with firmware
AC12G(EU)_V1_200909 does n ...)
+ TODO: check
+CVE-2026-36603 (Mercusys AC12G (EU) V1 router with firmware
AC12G(EU)_V1_200909 expose ...)
+ TODO: check
+CVE-2026-36602 (Mercusys AC12G (EU) V1 router with firmware
AC12G(EU)_V1_200909 disclo ...)
+ TODO: check
+CVE-2026-36576 (An OS command injection vulnerability in the app.py component
of openl ...)
+ TODO: check
+CVE-2026-36574 (A DLL hijacking vulnerability in Wassimulator (GitHub)
CactusViewer v2 ...)
+ TODO: check
+CVE-2026-36460 (Dovestones Softwares ADPhonebook before v4.0.1.1 is vulnerable
to a Cr ...)
+ TODO: check
+CVE-2026-35085 (A remote attacker with user privileges can exploit a stack
buffer over ...)
+ TODO: check
+CVE-2026-35084 (A remote attacker with user privileges can exploit a stack
buffer over ...)
+ TODO: check
+CVE-2026-35083 (A remote attacker with user privileges can exploit a stack
buffer over ...)
+ TODO: check
+CVE-2026-35082 (The ugw-logread method allows a remote attacker with user
privileges t ...)
+ TODO: check
+CVE-2026-35081 (The ugw-logstop method allows a remote attacker with user
privileges t ...)
+ TODO: check
+CVE-2026-35080 (The ugw-restoreinfo method allows a remote attacker with user
privileg ...)
+ TODO: check
+CVE-2026-35079 (The ugw-restore method allows a remote attacker with user
privileges t ...)
+ TODO: check
+CVE-2026-35078 (The ugw-logstop method allows a remote attacker with user
privileges ...)
+ TODO: check
+CVE-2026-35077 (The ugw-delete-file method allows a remote attacker with user
privileg ...)
+ TODO: check
+CVE-2026-35076 (The bac-scanresult method allows a remote attacker with user
privilege ...)
+ TODO: check
+CVE-2026-35075 (An unauthenticated remote attacker can recover a default, hard
coded p ...)
+ TODO: check
+CVE-2026-26379 (An issue in Koha v.25.11 and before allows a remote attacker
to execut ...)
+ TODO: check
+CVE-2026-26378 (Cross Site Scripting vulnerability in Koha 25.11 and before
allows a r ...)
+ TODO: check
+CVE-2026-20233 (A vulnerability in the web-based user interface of Cisco Webex
Meeting ...)
+ TODO: check
+CVE-2026-20230 (A vulnerability in Cisco Unified Communications Manager
(Unified CM) a ...)
+ TODO: check
+CVE-2026-20175 (A vulnerability in Cisco Finesse could allow an
unauthenticated, remot ...)
+ TODO: check
+CVE-2026-10729 (An HTML injection vulnerability in the notification email for
"Slow Re ...)
+ TODO: check
+CVE-2026-10722 (A vulnerability has been found in cilium ebpf up to 0.21.0.
This affec ...)
+ TODO: check
+CVE-2025-70101 (An out-of-bounds read in the ext4_ext_binsearch_idx function
in src/ex ...)
+ TODO: check
+CVE-2025-70100 (A divide-by-zero vulnerability in the ext4_block_set_lb_size
function ...)
+ TODO: check
+CVE-2025-60477 (A NULL pointer dereference in the
gf_filter_pid_resolve_file_template_ ...)
+ TODO: check
+CVE-2025-41259 (SWUpdate before 2026.05 is affected by a time-of-check
time-of-use (TO ...)
+ TODO: check
+CVE-2025-15656 (Incorrect Privilege Assignment vulnerability in Mojoomla
School Manage ...)
+ TODO: check
+CVE-2025-15655 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-15654 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-14774 (Incorrect Authorization vulnerability in ABB T-MAC Plus. This
issue a ...)
+ TODO: check
+CVE-2025-14773 (Improper neutralization of input during web page generation
('cross-si ...)
+ TODO: check
+CVE-2025-14772 (Authorization bypass through User-Controlled key vulnerability
in ABB ...)
+ TODO: check
+CVE-2025-14771 (Files or directories accessible to external parties
vulnerability in A ...)
+ TODO: check
+CVE-2024-47273 (An improper limitation of a pathname to a restricted directory
('Path ...)
+ TODO: check
+CVE-2024-47263 (An improper limitation of a pathname to a restricted directory
('Path ...)
+ TODO: check
+CVE-2023-52951 (A cleartext transmission of sensitive information
vulnerability in Syn ...)
+ TODO: check
+CVE-2022-49042 (An inclusion of functionality from untrusted control sphere
vulnerabil ...)
+ TODO: check
+CVE-2022-49036 (An inclusion of functionality from untrusted control sphere
vulnerabil ...)
+ TODO: check
+CVE-2019-25720 (Dr\xe4ger SC Monitoring devices (SC 6002XL, SC 6802XL, SC
7000, SC 800 ...)
+ TODO: check
+CVE-2026-3276 (unicodedata.normalize() can take excessive CPU time when
processing sp ...)
- python3.14 <unfixed>
- python3.13 <unfixed>
- python3.11 <removed>
@@ -27,165 +197,165 @@ CVE-2026-46447
- ironic <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2026/06/03/11
NOTE: https://bugs.launchpad.net/ironic/+bug/2150624
-CVE-2026-46273 [ibmveth: Disable GSO for packets with small MSS]
+CVE-2026-46273 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
- linux 7.0.7-1
[trixie] - linux 6.12.88-1
NOTE:
https://git.kernel.org/linus/cc427d24ac6442ffdeafd157a63c7c5b73ed4de4 (7.1-rc2)
-CVE-2026-46271 [wifi: ath12k: do WoW offloads only on primary link]
+CVE-2026-46271 (In the Linux kernel, the following vulnerability has been
resolved: w ...)
- linux 6.18.14-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/e62102ac9b773bdb08475aa9ca24dea61ae98708 (7.0-rc1)
-CVE-2026-46270 [power: supply: rt9455: Fix use-after-free in
power_supply_changed()]
+CVE-2026-46270 (In the Linux kernel, the following vulnerability has been
resolved: p ...)
- linux 6.18.14-1
[trixie] - linux 6.12.85-1
[bookworm] - linux 6.1.170-1
[bullseye] - linux 5.10.257-1
NOTE:
https://git.kernel.org/linus/e2febe375e5ea5afed92f4cd9711bde8f24ee6d2 (7.0-rc1)
-CVE-2026-46269 [pinctrl: canaan: k230: Fix NULL pointer dereference when
parsing devicetree]
+CVE-2026-46269 (In the Linux kernel, the following vulnerability has been
resolved: p ...)
- linux 6.18.14-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/d8c128fb6c2277d95f3f6a4ce28b82c8370031f6 (7.0-rc1)
-CVE-2026-46268 [PCI/P2PDMA: Fix p2pmem_alloc_mmap() warning condition]
+CVE-2026-46268 (In the Linux kernel, the following vulnerability has been
resolved: P ...)
- linux 6.18.14-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/cb500023a75246f60b79af9f7321d6e75330c5b5 (7.0-rc1)
-CVE-2026-46264 [drm/xe/pf: Fix sysfs initialization]
+CVE-2026-46264 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/bf7172cd25ed182f30af2cbb9f80c730dc717d8e (7.0-rc1)
-CVE-2026-46263 [drm/amd/display: Fix out-of-bounds stream encoder index v3]
+CVE-2026-46263 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 6.18.14-1
[trixie] - linux 6.12.85-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/abde491143e4e12eecc41337910aace4e8d59603 (7.0-rc1)
-CVE-2026-46262 [ASoC: fsl_xcvr: Revert fix missing lock in fsl_xcvr_mode_put()]
+CVE-2026-46262 (In the Linux kernel, the following vulnerability has been
resolved: A ...)
- linux 6.18.14-1
[trixie] - linux 6.12.85-1
[bookworm] - linux 6.1.170-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/9f16d96e1222391a6b996a1b676bec14fb91e3b2 (7.0-rc1)
-CVE-2026-46261 [spi: wpcm-fiu: Fix potential NULL pointer dereference in
wpcm_fiu_probe()]
+CVE-2026-46261 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
- linux 6.18.14-1
[trixie] - linux 6.12.85-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/888a0a802c467bbe34a42167bdf9d7331333440a (7.0-rc1)
-CVE-2026-46260 [ipv6: Fix out-of-bound access in fib6_add_rt2node().]
+CVE-2026-46260 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
- linux 6.18.14-1
[trixie] - linux 6.12.85-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/8244f959e2c125c849e569f5b23ed49804cce695 (7.0-rc1)
-CVE-2026-46259 [procfs: fix missing RCU protection when reading real_parent in
do_task_stat()]
+CVE-2026-46259 (In the Linux kernel, the following vulnerability has been
resolved: p ...)
- linux 6.18.14-1
[trixie] - linux 6.12.85-1
[bookworm] - linux 6.1.170-1
[bullseye] - linux 5.10.257-1
NOTE:
https://git.kernel.org/linus/76149d53502cf17ef3ae454ff384551236fba867 (7.0-rc1)
-CVE-2026-46258 [gpio: cdev: Avoid NULL dereference in linehandle_create()]
+CVE-2026-46258 (In the Linux kernel, the following vulnerability has been
resolved: g ...)
- linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/6af6be278e3ba2ffb6af5b796c89dfb3f5d9063e (7.0-rc1)
-CVE-2026-46257 [clocksource/drivers/timer-sp804: Fix an Oops when
read_current_timer is called on ARM32 platforms where the SP804 is not
registered as the sched_clock.]
+CVE-2026-46257 (In the Linux kernel, the following vulnerability has been
resolved: c ...)
- linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/694921a93f3e3621e067afc545cedf6fe3b234a9 (7.0-rc1)
-CVE-2026-46255 [dmaengine: fsl-edma: don't explicitly disable clocks in
.remove()]
+CVE-2026-46255 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 6.18.14-1
[trixie] - linux 6.12.85-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/666c53e94c1d0bf0bdf14c49505ece9ddbe725bc (7.0-rc1)
-CVE-2026-46253 [pstore/ram: fix buffer overflow in persistent_ram_save_old()]
+CVE-2026-46253 (In the Linux kernel, the following vulnerability has been
resolved: p ...)
- linux 6.18.14-1
[trixie] - linux 6.12.85-1
[bookworm] - linux 6.1.170-1
[bullseye] - linux 5.10.257-1
NOTE:
https://git.kernel.org/linus/5669645c052f235726a85f443769b6fc02f66762 (7.0-rc1)
-CVE-2026-46251 [btrfs: fix block_group_tree dirty_list corruption]
+CVE-2026-46251 (In the Linux kernel, the following vulnerability has been
resolved: b ...)
- linux 6.18.14-1
[trixie] - linux 6.12.85-1
[bookworm] - linux 6.1.170-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/3a1f4264daed4b419c325a7fe35e756cada3cf82 (7.0-rc1)
-CVE-2026-46250 [MIPS: Work around LLVM bug when gp is used as global register
variable]
+CVE-2026-46250 (In the Linux kernel, the following vulnerability has been
resolved: M ...)
- linux 6.18.14-1
[trixie] - linux 6.12.85-1
[bookworm] - linux 6.1.170-1
[bullseye] - linux 5.10.257-1
NOTE:
https://git.kernel.org/linus/30bfc2d6a1132a89a5f1c3b96c59cf3e4d076ea3 (7.0-rc1)
-CVE-2026-46249 [octeontx2-af: Fix PF driver crash with kexec kernel booting]
+CVE-2026-46249 (In the Linux kernel, the following vulnerability has been
resolved: o ...)
- linux 6.18.14-1
[trixie] - linux 6.12.85-1
[bookworm] - linux 6.1.170-1
[bullseye] - linux 5.10.257-1
NOTE:
https://git.kernel.org/linus/2d2d574309e3ae84ee794869a5da8b4c38753a94 (7.0-rc1)
-CVE-2026-46248 [wifi: ath12k: clear stale link mapping of ahvif->links_map]
+CVE-2026-46248 (In the Linux kernel, the following vulnerability has been
resolved: w ...)
- linux 6.18.14-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/2c1ba9c2adf0fda96eaaebd8799268a7506a8fc9 (7.0-rc1)
-CVE-2026-46246 [power: supply: pm8916_lbc: Fix use-after-free for extcon in
IRQ handler]
+CVE-2026-46246 (In the Linux kernel, the following vulnerability has been
resolved: p ...)
- linux 6.18.14-1
[trixie] - linux 6.12.85-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/23067259919663580c6f81801847cfc7bd54fd1f (7.0-rc1)
-CVE-2025-71314 [drm/panthor: Recover from panthor_gpu_flush_caches() failures]
+CVE-2025-71314 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 6.18.14-1
[trixie] - linux 6.12.85-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/3c0a60195b37af83bbbaf223cd3a78945bace49e (7.0-rc1)
-CVE-2026-46272 [coresight: tmc-etr: Fix race condition between sysfs and perf
mode]
+CVE-2026-46272 (In the Linux kernel, the following vulnerability has been
resolved: c ...)
- linux 6.18.14-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/e6e43e82c79c97917cbe356c07e8a6f3f982ab53 (7.0-rc1)
-CVE-2026-46267 [nfc: hci: shdlc: Stop timers and work before freeing context]
+CVE-2026-46267 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.18.14-1
[trixie] - linux 6.12.85-1
[bookworm] - linux 6.1.170-1
NOTE:
https://git.kernel.org/linus/c9efde1e537baed7648a94022b43836a348a074f (7.0-rc1)
-CVE-2026-46266 [inet: RAW sockets using IPPROTO_RAW MUST drop incoming ICMP]
+CVE-2026-46266 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
- linux 6.18.14-1
[trixie] - linux 6.12.85-1
NOTE:
https://git.kernel.org/linus/c89477ad79446867394360b29bb801010fc3ff22 (7.0-rc1)
-CVE-2026-46265 [RDMA/hns: Fix WQ_MEM_RECLAIM warning]
+CVE-2026-46265 (In the Linux kernel, the following vulnerability has been
resolved: R ...)
- linux 6.18.14-1
[trixie] - linux 6.12.85-1
[bookworm] - linux 6.1.170-1
NOTE:
https://git.kernel.org/linus/c0a26bbd3f99b7b03f072e3409aff4e6ec8af6f6 (7.0-rc1)
-CVE-2026-46256 [NFS/localio: prevent direct reclaim recursion into NFS via
nfs_writepages]
+CVE-2026-46256 (In the Linux kernel, the following vulnerability has been
resolved: N ...)
- linux 6.18.14-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/67435d2d8a33a75f9647724952cb1b18279d2e95 (7.0-rc1)
-CVE-2026-46254 [AppArmor: Allow apparmor to handle unaligned dfa tables]
+CVE-2026-46254 (In the Linux kernel, the following vulnerability has been
resolved: A ...)
- linux 6.18.14-1
[trixie] - linux 6.12.85-1
NOTE:
https://git.kernel.org/linus/64802f731214a51dfe3c6c27636b3ddafd003eb0 (7.0-rc1)
-CVE-2026-46252 [regulator: core: fix locking in regulator_resolve_supply()
error path]
+CVE-2026-46252 (In the Linux kernel, the following vulnerability has been
resolved: r ...)
- linux 6.19.6-1
NOTE:
https://git.kernel.org/linus/497330b203d2c59c5ff3fa4c34d14494d7203bc3 (7.0-rc1)
-CVE-2026-46247 [clk: qcom: gfx3d: add parent to parent request map]
+CVE-2026-46247 (In the Linux kernel, the following vulnerability has been
resolved: c ...)
- linux 6.18.14-1
[trixie] - linux 6.12.85-1
[bookworm] - linux 6.1.170-1
NOTE:
https://git.kernel.org/linus/2583cb925ca1ce450aa5d74a05a67448db970193 (7.0-rc1)
-CVE-2026-46245 [drm/amd/display: Fix dc_link NULL handling in HPD init]
+CVE-2026-46245 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 6.19.6-1
NOTE:
https://git.kernel.org/linus/226a40c06a183abaeb7529a4f54d6c203bd14407 (7.0-rc1)
-CVE-2025-71313 [PCI: endpoint: Add missing NULL check for alloc_workqueue()]
+CVE-2025-71313 (In the Linux kernel, the following vulnerability has been
resolved: P ...)
- linux 6.19.6-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/03f336a869b3a3f119d3ae52ac9723739c7fb7b6 (7.0-rc1)
-CVE-2026-46244 [netfilter: nft_inner: Fix IPv6 inner_thoff desync]
+CVE-2026-46244 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -193,23 +363,23 @@ CVE-2026-46244 [netfilter: nft_inner: Fix IPv6
inner_thoff desync]
CVE-2026-48019 [CRLF injection in default email rule]
- php-laravel-framework <unfixed>
NOTE:
https://github.com/laravel/framework/security/advisories/GHSA-5vg9-5847-vvmq
-CVE-2026-48587
+CVE-2026-48587 (An issue was discovered in Django 5.2 before 5.2.15 and 6.0
before 6.0 ...)
- python-django 3:5.2.15-1 (bug #1138775)
NOTE:
https://www.djangoproject.com/weblog/2026/jun/03/security-releases/
NOTE: Fixed by:
https://github.com/django/django/commit/9b62b0af71a14c657d19d95371630ba839e83d9a
(5.2.15)
-CVE-2026-35193
+CVE-2026-35193 (An issue was discovered in Django 5.2 before 5.2.15 and 6.0
before 6.0 ...)
- python-django 3:5.2.15-1 (bug #1138775)
NOTE:
https://www.djangoproject.com/weblog/2026/jun/03/security-releases/
NOTE: Fixed by:
https://github.com/django/django/commit/050a3dc276f9142067260e990e4d8d42d5e32863
(5.2.15)
-CVE-2026-8404
+CVE-2026-8404 (An issue was discovered in Django 5.2 before 5.2.15 and 6.0
before 6.0 ...)
- python-django 3:5.2.15-1 (bug #1138775)
NOTE:
https://www.djangoproject.com/weblog/2026/jun/03/security-releases/
NOTE: Fixed by:
https://github.com/django/django/commit/366d9ae6e8d1469c04e9ebdc1bcd098fc14a3b1e
(5.2.15)
-CVE-2026-7666
+CVE-2026-7666 (An issue was discovered in Django 6.0 before 6.0.6 and 5.2
before 5.2. ...)
- python-django 3:5.2.15-1 (bug #1138775)
NOTE:
https://www.djangoproject.com/weblog/2026/jun/03/security-releases/
NOTE: Fixed by:
https://github.com/django/django/commit/4e47d2b800435bcbfd1301ef3250b9c7fb8fa670
(5.2.15)
-CVE-2026-6873
+CVE-2026-6873 (An issue was discovered in Django 6.0 before 6.0.6 and 5.2
before 5.2. ...)
- python-django 3:5.2.15-1 (bug #1138775)
NOTE:
https://www.djangoproject.com/weblog/2026/jun/03/security-releases/
NOTE: Fixed by:
https://github.com/django/django/commit/594360cbf58be7f56eb6da96d58644297c99ef85
(5.2.15)
@@ -6735,7 +6905,8 @@ CVE-2026-45839 (In the Linux kernel, the following
vulnerability has been resolv
CVE-2026-45838 (In the Linux kernel, the following vulnerability has been
resolved: b ...)
- linux 7.0.10-1
NOTE:
https://git.kernel.org/linus/5828b9e5b272ecff7cf5d345128d3de7324117f7 (7.1-rc1)
-CVE-2026-9642 (There is a mitigation bypass / (incomplete fix) for
CVE-2025-62582 (Un ...)
+CVE-2026-9642
+ REJECTED
NOT-FOR-US: Delta Electronics
CVE-2026-9632 (A flaw has been found in UTT HiPER 1250GW up to
3.2.7-210907-180535. A ...)
NOT-FOR-US: UTT
@@ -10440,7 +10611,8 @@ CVE-2026-8946 (Incorrect boundary conditions in the
Audio/Video: Web Codecs comp
CVE-2026-8945 (Sandbox escape in Firefox and Firefox Focus for Android. This
vulnerab ...)
- firefox <not-affected> (Only affects Firefox on Android)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8945
-CVE-2026-50052 [VSV00019]
+CVE-2026-50052 (In Vinyl Cache before 9.0.1 and Varnish Cache before 9.0.3, a
deficien ...)
+ {DSA-6303-1}
- varnish <unfixed> (bug #1138778)
[bookworm] - varnish <not-affected> (Vulnerable code not present,
introduced in 7.6)
[bullseye] - varnish <not-affected> (Vulnerable code not present,
introduced in 7.6)
@@ -422437,8 +422609,8 @@ CVE-2022-31116 (UltraJSON is a fast JSON encoder and
decoder written in pure C w
NOTE:
https://github.com/ultrajson/ultrajson/commit/67ec07183342589d602e0fcf7bb1ff3e19272687
(5.4.0)
CVE-2022-31115 (opensearch-ruby is a community-driven, open source fork of
elasticsear ...)
NOT-FOR-US: opensearch-ruby
-CVE-2022-31114
- RESERVED
+CVE-2022-31114 (backpack/crud provides Create, Read, Update & Delete (CRUD)
functions ...)
+ TODO: check
CVE-2022-31113 (Canarytokens is an open source tool which helps track activity
and act ...)
NOT-FOR-US: thinkst/canarytokens
CVE-2022-31112 (Parse Server is an open source backend that can be deployed to
any inf ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/682bda6dace31dc5a610d42d980b822b62cc1335
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/682bda6dace31dc5a610d42d980b822b62cc1335
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
