Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ee3dec84 by security tracker role at 2026-06-06T19:13:31+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,29 @@
+CVE-2026-11441 (A vulnerability was identified in theonedev onedev up to
15.0.5. This ...)
+ TODO: check
+CVE-2026-11440 (A vulnerability was determined in theonedev onedev up to
15.0.5. This ...)
+ TODO: check
+CVE-2026-11439 (A vulnerability was found in theonedev onedev up to 15.0.5.
Affected b ...)
+ TODO: check
+CVE-2026-11438 (A vulnerability has been found in theonedev onedev up to
15.0.5. Affec ...)
+ TODO: check
+CVE-2026-11437 (A flaw has been found in perfree go-fastdfs-web up to 1.3.7.
Affected ...)
+ TODO: check
+CVE-2026-11436 (A vulnerability was detected in Mage AI up to 0.9.79. This
impacts the ...)
+ TODO: check
+CVE-2026-11435 (A security vulnerability has been detected in Jinher OA 1.0.
This affe ...)
+ TODO: check
+CVE-2026-11434 (A weakness has been identified in FluentCMS 0.0.5. The
impacted elemen ...)
+ TODO: check
+CVE-2026-11413 (A security vulnerability has been detected in JingDong JD
Cloud Box AX ...)
+ TODO: check
+CVE-2026-11412 (A weakness has been identified in Jinher OA C6. The affected
element i ...)
+ TODO: check
+CVE-2026-11411 (A security flaw has been discovered in iAI Lab PDF AI App
4.21.0 on An ...)
+ TODO: check
+CVE-2026-11408 (A vulnerability was identified in vertex-app vertex up to
2026.02.12. ...)
+ TODO: check
+CVE-2026-11406 (A vulnerability was determined in GL.iNet MT3000 up to 4.4.5.
This vul ...)
+ TODO: check
CVE-2026-9851 (The Booking Package plugin for WordPress is vulnerable to
Privilege Es ...)
NOT-FOR-US: WordPress plugin
CVE-2026-9829 (The Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery
plugin ...)
@@ -2806,7 +2832,7 @@ CVE-2026-42504 (Decoding a maliciously-crafted MIME
header containing many inval
NOTE: https://github.com/golang/go/issues/79217
NOTE:
https://github.com/golang/go/commit/7f24db453a60faf6a3546d60bb02917a0a7aace0
(go1.26.4)
NOTE:
https://github.com/golang/go/commit/b79e0339290e14b3b2de1dc4942b8a88701ddb02
(go1.25.11)
-CVE-2026-10725 [vulnerable to a HTTP/2 Bomb]
+CVE-2026-10725 (Protocol::HTTP2 versions through 1.12 for Perl is vulnerable
to a HTTP ...)
- libprotocol-http2-perl 1.12-2
NOTE: https://lists.security.metacpan.org/cve-announce/msg/40751319/
NOTE:
https://security.metacpan.org/patches/P/Protocol-HTTP2/1.12/CVE-2026-10725-r1.patch
@@ -2818,6 +2844,7 @@ CVE-2026-XXXX [HTTP/2 Bomb denial of service]
NOTE: https://blog.calif.io/p/codex-discovered-a-hidden-http2-bomb
NOTE:
https://github.com/nginx/nginx/commit/365694160a85229a7cb006738de9260d49ff5fa2
(release-1.29.8)
CVE-2026-49975
+ {DSA-6323-1}
- apache2 2.4.67-2 (bug #1138750)
NOTE: https://blog.calif.io/p/codex-discovered-a-hidden-http2-bomb
NOTE: https://github.com/icing/mod_h2/pull/324
@@ -12064,11 +12091,13 @@ CVE-2025-11954 (Cross-Site request forgery (CSRF)
vulnerability in Sitemio Infor
CVE-2023-7346 (Ledger Bitcoin app versions 2.1.0 and 2.1.1 contain an address
derivat ...)
NOT-FOR-US: Ledger Bitcoin app
CVE-2026-41073 (RT is an open source, enterprise-grade issue and ticket
tracking syste ...)
+ {DSA-6324-1}
- request-tracker5 5.0.10+dfsg-1
- request-tracker4 <removed>
NOTE: https://github.com/bestpractical/rt/releases/tag/rt-5.0.10
NOTE: Fixed by:
https://github.com/bestpractical/rt/commit/dce7ff6799d930d09c10a50539325f1290440d4b
(rt-5.0.10)
CVE-2026-44229
+ {DSA-6324-1}
- request-tracker5 5.0.10+dfsg-1
- request-tracker4 <removed>
NOTE: https://github.com/bestpractical/rt/releases/tag/rt-5.0.10
@@ -12085,21 +12114,25 @@ CVE-2026-44227
- request-tracker4 <not-affected> (Only affects RT6)
NOTE: https://github.com/bestpractical/rt/releases/tag/rt-6.0.3
CVE-2026-6841 (Request Tracker is vulnerable to a reflected cross-site
scripting (XSS ...)
+ {DSA-6324-1}
- request-tracker5 5.0.10+dfsg-1
- request-tracker4 <removed>
NOTE: https://github.com/bestpractical/rt/releases/tag/rt-5.0.10
NOTE: Fixed by:
https://github.com/bestpractical/rt/commit/d7abb692a5ab7a7738a08be3debb92b1c6ab8215
(rt-5.0.10)
CVE-2026-41076 (RT is an open source, enterprise-grade issue and ticket
tracking syste ...)
+ {DSA-6324-1}
- request-tracker5 5.0.10+dfsg-1
- request-tracker4 <removed>
NOTE: https://github.com/bestpractical/rt/releases/tag/rt-5.0.10
NOTE: Fixed by:
https://github.com/bestpractical/rt/commit/c8120898d92adf1adae6fce11e0816d08afb395f
(rt-5.0.10)
CVE-2026-41075 (RT is an open source, enterprise-grade issue and ticket
tracking syste ...)
+ {DSA-6324-1}
- request-tracker5 5.0.10+dfsg-1
- request-tracker4 <removed>
NOTE: https://github.com/bestpractical/rt/releases/tag/rt-5.0.10
NOTE: Fixed by:
https://github.com/bestpractical/rt/commit/9ed06dadc29a75e17b25017f929edeff62d224bc
(rt-5.0.10)
CVE-2026-44231
+ {DSA-6324-1}
- request-tracker5 5.0.10+dfsg-1
- request-tracker4 <removed>
NOTE: https://github.com/bestpractical/rt/releases/tag/rt-5.0.10
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee3dec845c56e97cc7a93bc1986fb59ff1bdf2b9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee3dec845c56e97cc7a93bc1986fb59ff1bdf2b9
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
