Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
263cd956 by security tracker role at 2026-06-08T19:13:47+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,207 +1,456 @@
-CVE-2026-46313 [media: intel/ipu6: fix error pointer dereference]
+CVE-2026-9549 (Stored cross-site scripting in the service discovery active
check outp ...)
+ TODO: check
+CVE-2026-9506 (This vulnerability exists in Bagisto due to improper validation
of use ...)
+ TODO: check
+CVE-2026-8913 (A command Injection vulnerability exists in the WireGuard
client confi ...)
+ TODO: check
+CVE-2026-8833 (Improper neutralization of HTML-encoded characters in the URL
validati ...)
+ TODO: check
+CVE-2026-8078 (Stored cross-site scripting in the global settings change log
in Check ...)
+ TODO: check
+CVE-2026-7765 (Incorrect authorization in the User Messages dashboard widget
in Check ...)
+ TODO: check
+CVE-2026-7186 (Stored cross-site scripting in the URL dashboard widget in
Checkmk <2. ...)
+ TODO: check
+CVE-2026-52778 (YesWiki is a wiki system written in PHP. Prior to version
4.6.6, an un ...)
+ TODO: check
+CVE-2026-50752 (A weakness in the certificate validation logic of the
deprecated IKEv1 ...)
+ TODO: check
+CVE-2026-50751 (A logic flow weakness in Remote Access and Mobile Access
certificate v ...)
+ TODO: check
+CVE-2026-49756 (Improper Neutralization of CRLF Sequences ('CRLF Injection')
vulnerabi ...)
+ TODO: check
+CVE-2026-49755 (Improper Handling of Highly Compressed Data (Data
Amplification) vulne ...)
+ TODO: check
+CVE-2026-49235 (When Routinator encounters a file via RRDP using a
specifically crafte ...)
+ TODO: check
+CVE-2026-49234 (When sending a specifically crafted non-UTF-8 string as
select-asn que ...)
+ TODO: check
+CVE-2026-49233 (Routinator does not properly check the module component of
rsync URIs, ...)
+ TODO: check
+CVE-2026-49232 (Routinator exits on any error when accepting incoming HTTP or
RTR conn ...)
+ TODO: check
+CVE-2026-48913 (Use After Free vulnerability in Apache HTTP Server module
mod_http2 wh ...)
+ TODO: check
+CVE-2026-48507 (Snipe-IT is an IT asset/license management system. A
vulnerability in ...)
+ TODO: check
+CVE-2026-48488 (phpMyFAQ is an open source FAQ web application. Prior to
version 4.1.4 ...)
+ TODO: check
+CVE-2026-46657 (Bludit is a content management system. Versions prior to
3.22.0 have a ...)
+ TODO: check
+CVE-2026-46656 (Bludit is a content management system. Versions prior to
3.22.0 have a ...)
+ TODO: check
+CVE-2026-46490 (samlify is a Node.js library for SAML single sign-on. Prior to
version ...)
+ TODO: check
+CVE-2026-46486 (MVT (Mobile Verification Toolkit) helps with conducting
forensics of m ...)
+ TODO: check
+CVE-2026-46481 (OpenMetadata is a unified metadata platform. Prior to version
1.12.4, ...)
+ TODO: check
+CVE-2026-46480 (Flowise is a drag & drop user interface to build a customized
large la ...)
+ TODO: check
+CVE-2026-46479 (Flowise is a drag & drop user interface to build a customized
large la ...)
+ TODO: check
+CVE-2026-46478 (Flowise is a drag & drop user interface to build a customized
large la ...)
+ TODO: check
+CVE-2026-46477 (Flowise is a drag & drop user interface to build a customized
large la ...)
+ TODO: check
+CVE-2026-46476 (Flowise is a drag & drop user interface to build a customized
large la ...)
+ TODO: check
+CVE-2026-46475 (Flowise is a drag & drop user interface to build a customized
large la ...)
+ TODO: check
+CVE-2026-46444 (Flowise is a drag & drop user interface to build a customized
large la ...)
+ TODO: check
+CVE-2026-46443 (Flowise is a drag & drop user interface to build a customized
large la ...)
+ TODO: check
+CVE-2026-46442 (Flowise is a drag & drop user interface to build a customized
large la ...)
+ TODO: check
+CVE-2026-46441 (Flowise is a drag & drop user interface to build a customized
large la ...)
+ TODO: check
+CVE-2026-46440 (Flowise is a drag & drop user interface to build a customized
large la ...)
+ TODO: check
+CVE-2026-45581 (fabric-chaincode-java is a Java based implementation of
Hyperledger Fa ...)
+ TODO: check
+CVE-2026-44631 (Buffer Underwrite vulnerability in Apache HTTP Server on
crafted regul ...)
+ TODO: check
+CVE-2026-44186 (Loop with Unreachable Exit Condition ('Infinite Loop')
vulnerability i ...)
+ TODO: check
+CVE-2026-44185 (Buffer Over-read vulnerability in Apache HTTP Server via
outbound OCSP ...)
+ TODO: check
+CVE-2026-44119 (Improper Privilege Management vulnerability in Apache HTTP
Server 2.4. ...)
+ TODO: check
+CVE-2026-43974 (Unexpected Status Code or Return Value vulnerability in
ninenines gun ...)
+ TODO: check
+CVE-2026-43973 (Uncontrolled Resource Consumption vulnerability in ninenines
gun (gun_ ...)
+ TODO: check
+CVE-2026-43972 (Origin Validation Error vulnerability in ninenines gun
(gun_http2 modu ...)
+ TODO: check
+CVE-2026-43966 (Improper Neutralization of CRLF Sequences in HTTP Headers
('HTTP Reque ...)
+ TODO: check
+CVE-2026-43951 (Out-of-bounds Read vulnerability in Apache HTTP Server with
mod_header ...)
+ TODO: check
+CVE-2026-42863 (Flowise is a drag & drop user interface to build a customized
large la ...)
+ TODO: check
+CVE-2026-42862 (Flowise is a drag & drop user interface to build a customized
large la ...)
+ TODO: check
+CVE-2026-42861 (Flowise is a drag & drop user interface to build a customized
large la ...)
+ TODO: check
+CVE-2026-42536 (Heap-based Buffer Overflow vulnerability in Apache HTTP Server
withmod ...)
+ TODO: check
+CVE-2026-42535 (A path handling issue in mod_dav_fs in Apache 2.4.67 and
earlierallows ...)
+ TODO: check
+CVE-2026-41724 (VMware Cloud Foundation Operations contains multiple stored
cross-site ...)
+ TODO: check
+CVE-2026-41723 (VMware Cloud Foundation Operations contains multiple stored
cross-site ...)
+ TODO: check
+CVE-2026-41722 (VMware Cloud Foundation Operations contains multiple stored
cross-site ...)
+ TODO: check
+CVE-2026-41448 (AdGuard Home, when started with the --glinet flag, contains an
authent ...)
+ TODO: check
+CVE-2026-3011 (The Recipe Card Blocks Lite plugin for WordPress is vulnerable
to Stor ...)
+ TODO: check
+CVE-2026-39910 (STACKIT IaaS API contains a missing authorization check
vulnerability ...)
+ TODO: check
+CVE-2026-39908 (OpenBullet2 through version 0.3.2 on Windows contains a
credential dis ...)
+ TODO: check
+CVE-2026-36789 (Shenzhen Tenda Technology Co., Ltd Tenda AC1206 v15.03.06.23
was disco ...)
+ TODO: check
+CVE-2026-36786 (Shenzhen Tenda Technology Co., Ltd Tenda FH451 V1.0.0.9 was
discovered ...)
+ TODO: check
+CVE-2026-34356 (Heap-based Buffer Overflow vulnerability in Apache HTTP Server
with ma ...)
+ TODO: check
+CVE-2026-34355 (A buffer overflow in mod_proxy_html in Apache HTTP Server
2.4.67 and e ...)
+ TODO: check
+CVE-2026-34194 (Software installed and run as a non-privileged user may
conduct improp ...)
+ TODO: check
+CVE-2026-29170 (A cross-site scripting vulnerability exists in mod_proxy_ftp's
HTML di ...)
+ TODO: check
+CVE-2026-29167 (Use After Free vulnerability in Apache HTTP Server with
mod_ldap in pe ...)
+ TODO: check
+CVE-2026-25856 (OpenBullet2 through version 0.3.2 contains an authenticated
remote cod ...)
+ TODO: check
+CVE-2026-25855 (OpenBullet2 through version 0.3.2 contains a remote code
execution vul ...)
+ TODO: check
+CVE-2026-25559 (OpenBullet2 through version 0.3.2 contains a path traversal
vulnerabil ...)
+ TODO: check
+CVE-2026-25558 (QloApps through 1.7.0 contains a stored cross-site scripting
vulnerabi ...)
+ TODO: check
+CVE-2026-25555 (OpenBullet2 through version 0.3.2 contains an authentication
bypass vu ...)
+ TODO: check
+CVE-2026-22164 (Software installed and run as a non-privileged user may
conduct improp ...)
+ TODO: check
+CVE-2026-11611 (A flaw was found in 389 Directory Server. The Content
Synchronization ...)
+ TODO: check
+CVE-2026-11577 (A flaw was found in Keycloak. A limited administrator can
exploit an i ...)
+ TODO: check
+CVE-2026-11569 (A flaw was found in Quay. The filedrop endpoint accepts any
mime type ...)
+ TODO: check
+CVE-2026-11559 (A vulnerability was detected in CodeAstro Payroll System 1.0.
This aff ...)
+ TODO: check
+CVE-2026-11558 (A security vulnerability has been detected in CodeAstro
Payroll System ...)
+ TODO: check
+CVE-2026-11557 (A weakness has been identified in Tenda F451 1.0.0.7/1.0.0.9.
The affe ...)
+ TODO: check
+CVE-2026-11556 (A security flaw has been discovered in Tenda F451
1.0.0.7/1.0.0.9. Imp ...)
+ TODO: check
+CVE-2026-11555 (A vulnerability was identified in D-Link DGS-1100-08PD
1.00.006. This ...)
+ TODO: check
+CVE-2026-11554 (A vulnerability was determined in TOTOLINK CP450 4.1.0cu.747.
This vul ...)
+ TODO: check
+CVE-2026-11553 (A vulnerability was found in Tenda HG7HG9 and HG10
300001138_en_xpon. ...)
+ TODO: check
+CVE-2026-11552 (A vulnerability has been found in SourceCodester Onlne
Examination & L ...)
+ TODO: check
+CVE-2026-11534 (A vulnerability was detected in imvks786
student_management_system up ...)
+ TODO: check
+CVE-2026-11533 (A security vulnerability has been detected in imvks786
student_managem ...)
+ TODO: check
+CVE-2026-11532 (A weakness has been identified in imvks786
student_management_system u ...)
+ TODO: check
+CVE-2026-11531 (A security flaw has been discovered in imvks786
student_management_sys ...)
+ TODO: check
+CVE-2026-11530 (A vulnerability was identified in imvks786
student_management_system u ...)
+ TODO: check
+CVE-2026-11529 (A vulnerability was determined in designcomputer
mysql-mcp-server up t ...)
+ TODO: check
+CVE-2026-11528 (A vulnerability was found in Tenda AC18 15.03.05.05. The
affected elem ...)
+ TODO: check
+CVE-2026-11524 (A vulnerability has been found in Tenda W20E 15.11.0.6.
Impacted is th ...)
+ TODO: check
+CVE-2026-11523 (A flaw has been found in Tenda W20E 15.11.0.6. This issue
affects the ...)
+ TODO: check
+CVE-2026-11522 (A vulnerability was detected in Tenda W20E 15.11.0.6. This
vulnerabili ...)
+ TODO: check
+CVE-2026-11521 (A security vulnerability has been detected in Mohammed-eid35
bank-mana ...)
+ TODO: check
+CVE-2026-11520 (A weakness has been identified in SourceCodester Inventory
System 1.0. ...)
+ TODO: check
+CVE-2026-11519 (A security flaw has been discovered in SourceCodester
Inventory System ...)
+ TODO: check
+CVE-2026-11518 (A vulnerability was identified in SourceCodester Inventory
System 1.0. ...)
+ TODO: check
+CVE-2026-11517 (A vulnerability was determined in UTT HiPER 2610G up to
3.0.0-171107. ...)
+ TODO: check
+CVE-2026-11516 (A vulnerability was found in UTT HiPER 2610G up to
3.0.0-171107. This ...)
+ TODO: check
+CVE-2026-11515 (A vulnerability has been found in SourceCodester Barangay
Resident Pro ...)
+ TODO: check
+CVE-2026-11514 (A flaw has been found in itsourcecode Hospital Management
System 1.0. ...)
+ TODO: check
+CVE-2026-11513 (A vulnerability was detected in itsourcecode Hospital
Management Syste ...)
+ TODO: check
+CVE-2026-11512 (A security vulnerability has been detected in itsourcecode
Hospital Ma ...)
+ TODO: check
+CVE-2026-11511 (A weakness has been identified in Bolt CMS up to 3.7.5. This
vulnerabi ...)
+ TODO: check
+CVE-2026-11510 (A security flaw has been discovered in CodeAstro Leave
Management Syst ...)
+ TODO: check
+CVE-2026-11509 (A vulnerability was identified in CodeAstro Leave Management
System 1. ...)
+ TODO: check
+CVE-2026-11508 (A vulnerability was determined in CodeAstro Leave Management
System 1. ...)
+ TODO: check
+CVE-2026-11507 (A vulnerability was found in CodeAstro Leave Management System
1.0. Af ...)
+ TODO: check
+CVE-2026-11506 (A vulnerability has been found in CodeAstro Leave Management
System 1. ...)
+ TODO: check
+CVE-2026-11505 (A flaw has been found in GL.iNet A1300, AX1800, AXT1800,
MT2500, MT300 ...)
+ TODO: check
+CVE-2026-11504 (A vulnerability was detected in Tenda CX12L 16.03.53.12. The
impacted ...)
+ TODO: check
+CVE-2026-11503 (A security vulnerability has been detected in Tenda CX12L
16.03.53.12. ...)
+ TODO: check
+CVE-2026-11502 (A weakness has been identified in JeecgBoot up to 3.9.2.
Impacted is t ...)
+ TODO: check
+CVE-2026-11501 (A security flaw has been discovered in SourceCodester
Hospitals Patien ...)
+ TODO: check
+CVE-2026-11500 (A vulnerability was identified in Weaviate up to 1.37.7. This
vulnerab ...)
+ TODO: check
+CVE-2026-11499 (A vulnerability was determined in Tenda HG7HG9 and HG10
300001138_en_x ...)
+ TODO: check
+CVE-2026-11498 (A vulnerability was found in Tenda HG7HG9 and HG10
300001138_en_xpon. ...)
+ TODO: check
+CVE-2026-11497 (A vulnerability has been found in D-Link DCS-5615 1.01.00.
Affected by ...)
+ TODO: check
+CVE-2026-11393 (Improper neutralization of triple-quote characters during
Python code ...)
+ TODO: check
+CVE-2026-10787 (Missing authorization in the deleted user groups API in
Devolutions Se ...)
+ TODO: check
+CVE-2026-10786 (Improper access control in the ticketing integration settings
in Devol ...)
+ TODO: check
+CVE-2026-10544 (Improper neutralization of special elements in the built-in
PAM provid ...)
+ TODO: check
+CVE-2024-56123
+ REJECTED
+CVE-2024-56122
+ REJECTED
+CVE-2024-56121
+ REJECTED
+CVE-2024-56120
+ REJECTED
+CVE-2026-46313 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
- linux 7.0.9-1
[trixie] - linux 6.12.90-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/8dd088b8b106f7b119664f965b691785998edcfb (7.1-rc1)
-CVE-2026-46310 [media: renesas: vsp1: Fix NULL pointer deref on module unload]
+CVE-2026-46310 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
- linux 7.0.9-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/58b1e9664d8f74d55d8411cc7a7b275a76a6f24f (7.1-rc1)
-CVE-2026-46309 [drm/xe/uapi: Reject coh_none PAT index for CPU cached memory
in madvise]
+CVE-2026-46309 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 7.0.9-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/4e5591c2fc1b30f4ea5e2eab4c3a695acc404e39 (7.1-rc2)
-CVE-2026-46314 [drm/v3d: Reject empty multisync extension to prevent infinite
loop]
+CVE-2026-46314 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 7.0.9-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/fb44d589bf3148e13452185a6e772a7efbf2d684 (7.1-rc1)
-CVE-2026-46312 [media: videobuf2: Set vma_flags in vb2_dma_sg_mmap]
+CVE-2026-46312 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
- linux 7.0.9-1
[trixie] - linux 6.12.90-1
NOTE:
https://git.kernel.org/linus/7254b31a13aaa0c2c0f9ffbc335b718656117ff4 (7.1-rc1)
-CVE-2026-46311 [drm/amdgpu/userq: fix access to stale wptr mapping]
+CVE-2026-46311 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 7.0.9-1
NOTE:
https://git.kernel.org/linus/6da7b1242da4455b11c24ce667d1cab1a348c8ea (7.1-rc3)
-CVE-2026-46308 [pmdomain: mediatek: fix use-after-free in
scpsys_get_bus_protection_legacy()]
+CVE-2026-46308 (In the Linux kernel, the following vulnerability has been
resolved: p ...)
- linux 7.0.7-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/ec1fcddb3117d9452210e838fd37389ee61e10e8 (7.1-rc3)
-CVE-2026-46305 [staging: rtl8723bs: os_dep: avoid NULL pointer dereference in
rtw_cbuf_alloc]
+CVE-2026-46305 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
- linux 7.0.7-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/bc851db06045a40c18233dd76ef0562d7f8bb6db (7.1-rc3)
-CVE-2026-46297 [net: libwx: use request_irq for VF misc interrupt]
+CVE-2026-46297 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 7.0.7-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/7a33345153eeeda195c55f15be27074e4c3b5109 (7.1-rc3)
-CVE-2026-46295 [KVM: x86: Do IRR scan in __kvm_apic_update_irr even if PIR is
empty]
+CVE-2026-46295 (In the Linux kernel, the following vulnerability has been
resolved: K ...)
- linux 7.0.7-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/33fd0ccd2590b470b65adcca288615ad3b5e3e06 (7.1-rc3)
-CVE-2026-46290 [x86/efi: Fix graceful fault handling after FPU softirq changes]
+CVE-2026-46290 (In the Linux kernel, the following vulnerability has been
resolved: x ...)
- linux 7.0.7-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/088f65e206087bf903743bd18417261d7a4c9644 (7.1-rc3)
-CVE-2026-46289 [lib/scatterlist: fix length calculations in extract_kvec_to_sg]
+CVE-2026-46289 (In the Linux kernel, the following vulnerability has been
resolved: l ...)
- linux 7.0.7-1
[trixie] - linux 6.12.88-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/07b7d66e65d9cfe6b9c2c34aa22cfcaac37a5c45 (7.1-rc1)
-CVE-2026-46307 [wifi: ath5k: do not access array OOB]
+CVE-2026-46307 (In the Linux kernel, the following vulnerability has been
resolved: w ...)
- linux 7.0.7-1
[trixie] - linux 6.12.88-1
NOTE:
https://git.kernel.org/linus/d748603f12baff112caa3ab7d39f50100f010dbd (7.1-rc3)
-CVE-2026-46306 [flow_dissector: do not dissect PPPoE PFC frames]
+CVE-2026-46306 (In the Linux kernel, the following vulnerability has been
resolved: f ...)
- linux 7.0.7-1
[trixie] - linux 6.12.88-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/d6c19b31a3c1d519fabdcf0aa239e6b6109b9473 (7.1-rc1)
-CVE-2026-46304 [nvmet: avoid recursive nvmet-wq flush in nvmet_ctrl_free]
+CVE-2026-46304 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 7.0.7-1
[trixie] - linux 6.12.88-1
NOTE:
https://git.kernel.org/linus/aade8abd8b868b6ffa9697aadaea28ec7f65bee6 (7.1-rc2)
-CVE-2026-46303 [isofs: validate Rock Ridge CE continuation extent against
volume size]
+CVE-2026-46303 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
- linux 7.0.7-1
[trixie] - linux 6.12.88-1
NOTE:
https://git.kernel.org/linus/a36d990f591320e9dd379ab30063ebfe91d47e1f (7.1-rc2)
-CVE-2026-46302 [selinux: allow multiple opens of /sys/fs/selinux/policy]
+CVE-2026-46302 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
- linux 7.0.7-1
NOTE:
https://git.kernel.org/linus/a02cd6805562305f936e807da83e253b719dd965 (7.1-rc3)
-CVE-2026-46301 [spi: topcliff-pch: fix use-after-free on unbind]
+CVE-2026-46301 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
- linux 7.0.7-1
[trixie] - linux 6.12.88-1
NOTE:
https://git.kernel.org/linus/9d72732fe70c11424bc90ed466c7ccfa58b42a9a (7.1-rc1)
-CVE-2026-46299 [hfsplus: fix held lock freed on hfsplus_fill_super()]
+CVE-2026-46299 (In the Linux kernel, the following vulnerability has been
resolved: h ...)
- linux 7.0.7-1
[trixie] - linux 6.12.88-1
NOTE:
https://git.kernel.org/linus/90c500e4fd83fa33c09bc7ee23b6d9cc487ac733 (7.1-rc1)
-CVE-2026-46298 [pseries/papr-hvpipe: Fix race with interrupt handler]
+CVE-2026-46298 (In the Linux kernel, the following vulnerability has been
resolved: p ...)
- linux 7.0.7-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/7a4f0846ee6cc8cf44ae0046ed42e3259d1dd45b (7.1-rc3)
-CVE-2026-46296 [spi: s3c64xx: fix NULL-deref on driver unbind]
+CVE-2026-46296 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
- linux 7.0.7-1
[trixie] - linux 6.12.88-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/45daacbead8a009844bd5dba6cfa731332184d17 (7.1-rc1)
-CVE-2026-46294 [dm: fix a buffer overflow in ioctl processing]
+CVE-2026-46294 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 7.0.7-1
[trixie] - linux 6.12.88-1
NOTE:
https://git.kernel.org/linus/2fa49cc884f6496a915c35621ba4da35649bf159 (7.1-rc1)
-CVE-2026-46293 [clk: microchip: mpfs-ccc: fix out of bounds access during
output registration]
+CVE-2026-46293 (In the Linux kernel, the following vulnerability has been
resolved: c ...)
- linux 7.0.7-1
[trixie] - linux 6.12.88-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/2f7ae8ab6aa73daaf080d5332110357c29df9c36 (7.1-rc1)
-CVE-2026-46292 [pmdomain: core: Fix detach procedure for virtual devices in
genpd]
+CVE-2026-46292 (In the Linux kernel, the following vulnerability has been
resolved: p ...)
- linux 7.0.7-1
[trixie] - linux 6.12.88-1
NOTE:
https://git.kernel.org/linus/26735dfdd8930d9ef1fa92e590a9bf77726efdf6 (7.1-rc3)
-CVE-2026-46291 [crypto: caam - guard HMAC key hex dumps in hash_digest_key]
+CVE-2026-46291 (In the Linux kernel, the following vulnerability has been
resolved: c ...)
- linux 7.0.7-1
[trixie] - linux 6.12.88-1
NOTE:
https://git.kernel.org/linus/177730a273b18e195263ed953853273e901b5064 (7.1-rc1)
-CVE-2026-46288 [of: unittest: fix use-after-free in of_unittest_changeset()]
+CVE-2026-46288 (In the Linux kernel, the following vulnerability has been
resolved: o ...)
- linux 7.0.4-1
[trixie] - linux 6.12.86-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/faecdd423c27f0d6090156a435ba9dbbac0eaddb (7.1-rc1)
-CVE-2026-46287 [net: txgbe: fix RTNL assertion warning when remove module]
+CVE-2026-46287 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 7.0.4-1
[trixie] - linux 6.12.88-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/e159f05e12cc1111a3103b99375ddf0dfd0e7d63 (7.1-rc1)
-CVE-2026-46284 [mm/hugetlb: fix early boot crash on parameters without '='
separator]
+CVE-2026-46284 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
- linux 7.0.4-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/c45b354911d01565156e38d7f6bc07edb51fc34c (7.1-rc1)
-CVE-2026-46283 [tpm: Use kfree_sensitive() to free auth session in
tpm_dev_release()]
+CVE-2026-46283 (In the Linux kernel, the following vulnerability has been
resolved: t ...)
- linux 7.0.4-1
[trixie] - linux 6.12.86-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/c424d2664f08c77f08b4580b5f0cbaabf7c229b2 (7.1-rc1)
-CVE-2026-46281 [vmalloc: fix buffer overflow in vrealloc_node_align()]
+CVE-2026-46281 (In the Linux kernel, the following vulnerability has been
resolved: v ...)
- linux 7.0.4-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/82d1f01292d3f09bf063f829f8ab8de12b4280a1 (7.1-rc2)
-CVE-2026-46278 [drm/imagination: Fix segfault when updating ftrace mask]
+CVE-2026-46278 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 7.0.4-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/5dfd429591f8d7185bf63a08b5c30863fb605611 (7.1-rc2)
-CVE-2026-46277 [mm/zone_device: do not touch device folio after calling
->folio_free()]
+CVE-2026-46277 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
- linux 7.0.4-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/39928984956037cabd304321cb8f342e47421db5 (7.1-rc1)
-CVE-2026-46286 [leds: qcom-lpg: Check for array overflow when selecting the
high resolution]
+CVE-2026-46286 (In the Linux kernel, the following vulnerability has been
resolved: l ...)
- linux 7.0.4-1
[trixie] - linux 6.12.86-1
NOTE:
https://git.kernel.org/linus/d45963a93c1495e9f1338fde91d0ebba8fd22474 (7.1-rc1)
-CVE-2026-46285 [mtd: docg3: fix use-after-free in docg3_release()]
+CVE-2026-46285 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
- linux 7.0.4-1
[trixie] - linux 6.12.86-1
NOTE:
https://git.kernel.org/linus/ca19808bc6fac7e29420d8508df569b346b3e339 (7.1-rc1)
-CVE-2026-46282 [iio: frequency: admv1013: fix NULL pointer dereference on str]
+CVE-2026-46282 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
- linux 7.0.4-1
[trixie] - linux 6.12.86-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/aac0a51b16700b403a55b67ba495de021db78763 (7.1-rc1)
-CVE-2026-46280 [lib: test_hmm: evict device pages on file close to avoid
use-after-free]
+CVE-2026-46280 (In the Linux kernel, the following vulnerability has been
resolved: l ...)
- linux 7.0.4-1
[trixie] - linux 6.12.86-1
NOTE:
https://git.kernel.org/linus/744dd97752ef1076a8d8672bb0d8aa2c7abc1144 (7.1-rc1)
-CVE-2026-46279 [mm/alloc_tag: clear codetag for pages allocated before
page_ext initialization]
+CVE-2026-46279 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
- linux 7.0.4-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/6b1842775a460245e97d36d3a67d0cfba7c4ff79 (7.1-rc1)
-CVE-2026-46276 [drm/amdgpu: fix zero-size GDS range init on RDNA4]
+CVE-2026-46276 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 7.0.4-1
[trixie] - linux 6.12.86-1
NOTE:
https://git.kernel.org/linus/095a8b0ad3c3b5cdc3850d961adb8a8f735220bb (7.1-rc2)
-CVE-2020-37248
+CVE-2020-37248 (OfflineIMAP before 8.0.3 trusts the server with their STARTTLS
capabil ...)
- offlineimap3 <unfixed> (bug #1139329)
NOTE: https://github.com/OfflineIMAP/offlineimap3/issues/222
NOTE: https://github.com/OfflineIMAP/offlineimap/issues/669
NOTE: Fixed by:
https://github.com/OfflineIMAP/offlineimap3/commit/46505c53ef995455d66c685f9ec3ff6ea93dbb74
(v8.0.3)
-CVE-2026-46275 [Bluetooth: hci_uart: fix UAFs and race conditions in close and
init paths]
+CVE-2026-46275 (In the Linux kernel, the following vulnerability has been
resolved: B ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/c1bb9336ae6b54a5f6a353c4bd4ed9a4307e429b (7.1-rc5)
-CVE-2026-46274 [io-wq: check that the predecessor is hashed in
io_wq_remove_pending()]
+CVE-2026-46274 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
- linux 7.0.10-1
NOTE:
https://git.kernel.org/linus/d6a2d7b04b5a093021a7a0e2e69e9d5237dfa8cc (7.1-rc4)
-CVE-2025-71315 [drm/vkms: Convert to DRM's vblank timer]
+CVE-2025-71315 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 6.19.6-1
NOTE:
https://git.kernel.org/linus/02e2681ffe1addde1fc8c35d05657b16bfa79613 (6.19-rc1)
CVE-2026-47895
+ {DSA-6330-1}
- strongswan 6.0.7-1
NOTE:
https://www.strongswan.org/blog/2026/06/08/strongswan-vulnerability-(cve-2026-47895).html
CVE-2026-48977
@@ -578,7 +827,8 @@ CVE-2026-50589 (In OpenStack Ironic 32 before 37.0.0, an
unauthenticated malicio
[bookworm] - ironic <not-affected> (Vulnerable code not present,
introduced in 32.x)
[bullseye] - ironic <not-affected> (Vulnerable code not present,
introduced in 32.x)
NOTE: https://bugs.launchpad.net/ironic/+bug/2154288
-CVE-2026-50265 (A flaw was found in libinput. A local attacker with access to
/dev/uin ...)
+CVE-2026-50265
+ REJECTED
NOTE: Duplicate assignment for CVE-2026-50292
TODO: clarifying with the involved CNAs which to keep
CVE-2026-50235 (Lyrion Music Server 9.2.0 contains a reflected cross-site
scripting vu ...)
@@ -3721,7 +3971,7 @@ CVE-2026-XXXX [HTTP/2 Bomb denial of service]
[bookworm] - nginx 1.22.1-9+deb12u8
NOTE: https://blog.calif.io/p/codex-discovered-a-hidden-http2-bomb
NOTE:
https://github.com/nginx/nginx/commit/365694160a85229a7cb006738de9260d49ff5fa2
(release-1.29.8)
-CVE-2026-49975
+CVE-2026-49975 (Memory Allocation with Excessive Size Value vulnerability in
Apache HT ...)
{DSA-6323-1 DLA-4620-1}
- apache2 2.4.67-2 (bug #1138750)
NOTE: https://blog.calif.io/p/codex-discovered-a-hidden-http2-bomb
@@ -6987,7 +7237,7 @@ CVE-2026-44462 (Zed is a code editor. Prior to 0.229.0,
Zed's terminal tool perm
CVE-2026-44461 (Zed is a code editor. Prior to 0.227.1, Zed builds SSH/WSL
remote comm ...)
- zed-editor <itp> (bug #1076165)
CVE-2026-44394 (An issue was discovered in OpenStack Keystone before 29.0.2.
The Keyst ...)
- {DLA-4611-1}
+ {DSA-6331-1 DLA-4611-1}
- keystone 2:29.0.1-2
NOTE: https://bugs.launchpad.net/keystone/+bug/2150379
NOTE: https://security.openstack.org/ossa/OSSA-2026-015.html
@@ -6998,17 +7248,17 @@ CVE-2026-43979 (Local Deep Research is an AI-powered
research assistant for deep
CVE-2026-43898 (SandboxJS is a JavaScript sandboxing library. Prior to 0.9.6,
sandbox- ...)
NOT-FOR-US: SandboxJS Node module
CVE-2026-43000 (An issue was discovered in OpenStack Keystone before 29.0.2.
When comb ...)
- {DLA-4611-1}
+ {DSA-6331-1 DLA-4611-1}
- keystone 2:29.0.1-2
NOTE: https://bugs.launchpad.net/keystone/+bug/2148477
NOTE: https://security.openstack.org/ossa/OSSA-2026-015.html
CVE-2026-42999 (An issue was discovered in OpenStack Keystone before 29.0.2.
The Keyst ...)
- {DLA-4611-1}
+ {DSA-6331-1 DLA-4611-1}
- keystone 2:29.0.1-2
NOTE: https://bugs.launchpad.net/keystone/+bug/2148398
NOTE: https://security.openstack.org/ossa/OSSA-2026-015.html
CVE-2026-42998 (An issue was discovered in OpenStack Keystone before 29.0.2.
The Keyst ...)
- {DLA-4611-1}
+ {DSA-6331-1 DLA-4611-1}
- keystone 2:29.0.1-2
NOTE: https://bugs.launchpad.net/keystone/+bug/2148477
NOTE: https://security.openstack.org/ossa/OSSA-2026-015.html
@@ -10903,7 +11153,7 @@ CVE-2026-3012 (A flaw was found in Samba\u2019s
certificate auto-enrollment Grou
{DSA-6297-1}
- samba 2:4.24.3+dfsg-1
NOTE: https://www.samba.org/samba/security/CVE-2026-3012.html
-CVE-2026-3238 [unauthenticated udp packet crashes AD DC nbt server]
+CVE-2026-3238 (A flaw was found in Samba\u2019s WINS server component when
running as ...)
{DSA-6297-1}
- samba 2:4.24.3+dfsg-1
NOTE: https://www.samba.org/samba/security/CVE-2026-3238.html
@@ -17373,7 +17623,7 @@ CVE-2026-43892 (AntSword is a cross-platform website
management toolkit. Prior t
CVE-2026-43891 (changedetection.io is a free open source web page change
detection too ...)
NOT-FOR-US: changedetection.io
CVE-2026-43515 (Improper Authorization vulnerability when multiple method
constraints ...)
- {DLA-4619-1}
+ {DSA-6329-1 DSA-6328-1 DLA-4619-1}
- tomcat11 11.0.22-1
- tomcat10 10.1.55-1
- tomcat9 9.0.70-2
@@ -17383,7 +17633,7 @@ CVE-2026-43515 (Improper Authorization vulnerability
when multiple method constr
NOTE: Fixed by:
https://github.com/apache/tomcat/commit/db919ff9912b4d61d1b702a1342b8bde39270031
(9.0.118)
NOTE: https://lists.apache.org/thread/746nxfxod0wsocxtmv8pb8nkgmwpc6bb
CVE-2026-43514 (Observable Timing Discrepancy vulnerabilitywhen comparing AJP
secret i ...)
- {DLA-4619-1}
+ {DSA-6329-1 DSA-6328-1 DLA-4619-1}
- tomcat11 11.0.22-1
- tomcat10 10.1.55-1
- tomcat9 9.0.70-2
@@ -17393,7 +17643,7 @@ CVE-2026-43514 (Observable Timing Discrepancy
vulnerabilitywhen comparing AJP se
NOTE: Fixed by:
https://github.com/apache/tomcat/commit/933dcdbf2515972280002929e7e597dead2e9ffa
(9.0.118)
NOTE: https://lists.apache.org/thread/2k654v5cq123npfsd1b2kk1y30owqb1m
CVE-2026-43513 (Improper Handling of Case Sensitivity vulnerability in
LockOutRealm in ...)
- {DLA-4619-1}
+ {DSA-6329-1 DSA-6328-1 DLA-4619-1}
- tomcat11 11.0.22-1
- tomcat10 10.1.55-1
- tomcat9 9.0.70-2
@@ -17403,7 +17653,7 @@ CVE-2026-43513 (Improper Handling of Case Sensitivity
vulnerability in LockOutRe
NOTE: Fixed by:
https://github.com/apache/tomcat/commit/6dd75beb55bd42fc5f78e929596b25018cd17717
(9.0.118)
NOTE: https://lists.apache.org/thread/ytjcgldshj73lcnd1sh95od5hrghwogp
CVE-2026-43512 (DEPRECATED: Authentication Bypass Issues vulnerability in
digest authe ...)
- {DLA-4619-1}
+ {DSA-6329-1 DSA-6328-1 DLA-4619-1}
- tomcat11 11.0.22-1
- tomcat10 10.1.55-1
- tomcat9 9.0.70-2
@@ -17443,7 +17693,7 @@ CVE-2026-42741 (Improper Neutralization of Special
Elements used in an SQL Comma
CVE-2026-42541 (Kubewarden is a policy engine for Kubernetes. Prior to , An
attacker w ...)
NOT-FOR-US: Kubewarden
CVE-2026-42498 (Exposure of HTTP Authentication Header to unexpected hosts
during WebS ...)
- {DLA-4619-1}
+ {DSA-6329-1 DSA-6328-1 DLA-4619-1}
- tomcat11 11.0.22-1
- tomcat10 10.1.55-1
- tomcat9 9.0.70-2
@@ -17497,7 +17747,7 @@ CVE-2026-41551 (A vulnerability has been identified in
ROS# (All versions < V2.2
CVE-2026-41513 (Horilla is an HR and CRM software. In 1.5.0, the notification
endpoint ...)
NOT-FOR-US: Horilla
CVE-2026-41293 (Improper Input Validation vulnerability in Apache Tomcat.
This issue ...)
- {DLA-4619-1}
+ {DSA-6329-1 DSA-6328-1 DLA-4619-1}
- tomcat11 11.0.22-1
- tomcat10 10.1.55-1
- tomcat9 9.0.70-2
@@ -17513,7 +17763,7 @@ CVE-2026-41293 (Improper Input Validation vulnerability
in Apache Tomcat. This
NOTE: Fixed by: (9.0.118)
NOTE: https://lists.apache.org/thread/qwg0q16z7xkb2qrr853wdll5531mvl1r
CVE-2026-41284 (Allocation of Resources Without Limits or Throttling
vulnerability in ...)
- {DLA-4619-1}
+ {DSA-6329-1 DSA-6328-1 DLA-4619-1}
- tomcat11 11.0.22-1
- tomcat10 10.1.55-1
- tomcat9 9.0.70-2
@@ -25155,7 +25405,7 @@ CVE-2026-43003 (An issue was discovered in OpenStack
ironic-python-agent 1.0.0 t
- ironic-python-agent <unfixed> (bug #1135646)
NOTE: https://bugs.launchpad.net/ironic-python-agent/+bug/2148310
CVE-2026-43001 (An issue was discovered in OpenStack Keystone before 29.0.2.
POST /v3/ ...)
- {DLA-4611-1}
+ {DSA-6331-1 DLA-4611-1}
- keystone 2:29.0.1-2 (bug #1135645)
NOTE: https://bugs.launchpad.net/keystone/+bug/2149775
NOTE: https://review.opendev.org/c/openstack/keystone/+/985804
@@ -37080,7 +37330,7 @@ CVE-2026-34734 (HDF5 is software for managing data. In
1.14.1-2 and earlier, a h
CVE-2026-34512 (OpenClaw before 2026.3.25 contains an improper access control
vulnerab ...)
NOT-FOR-US: OpenClaw
CVE-2026-34500 (CLIENT_CERT authentication does not fail as expected for some
scenario ...)
- {DLA-4619-1}
+ {DSA-6329-1 DSA-6328-1 DLA-4619-1}
- tomcat11 11.0.21-1 (bug #1133357)
- tomcat10 10.1.54-1 (bug #1133356)
- tomcat9 9.0.70-2
@@ -37090,7 +37340,7 @@ CVE-2026-34500 (CLIENT_CERT authentication does not
fail as expected for some sc
NOTE: Fixed by:
https://github.com/apache/tomcat/commit/ff589ab26e8250a2ca4286d986305318c033ff9f
(9.0.117)
NOTE: https://www.openwall.com/lists/oss-security/2026/04/09/29
CVE-2026-34487 (Insertion of Sensitive Information into Log File vulnerability
in the ...)
- {DLA-4619-1}
+ {DSA-6329-1 DSA-6328-1 DLA-4619-1}
- tomcat11 11.0.21-1 (bug #1133357)
- tomcat10 10.1.54-1 (bug #1133356)
- tomcat9 9.0.70-2
@@ -37107,7 +37357,7 @@ CVE-2026-34486 (Missing Encryption of Sensitive Data
vulnerability in Apache Tom
NOTE: Fixed by:
https://github.com/apache/tomcat/commit/55f3eb9148233054fccfdf761141c6894a050be1
(10.1.54)
NOTE: Fixed by:
https://github.com/apache/tomcat/commit/776e12b3e2b0b4507b8a3b62c187ceb0b74bf418
(9.0.117)
CVE-2026-34483 (Improper Encoding or Escaping of Output vulnerability in the
JsonAcces ...)
- {DLA-4619-1}
+ {DSA-6329-1 DSA-6328-1 DLA-4619-1}
- tomcat11 11.0.21-1 (bug #1133357)
- tomcat10 10.1.54-1 (bug #1133356)
- tomcat9 9.0.70-2
@@ -37159,7 +37409,7 @@ CVE-2026-33773 (An Incorrect Initialization of Resource
vulnerability in the pac
CVE-2026-33771 (A Weak Password Requirements vulnerability in the password
management ...)
NOT-FOR-US: Juniper
CVE-2026-32990 (Improper Input Validation vulnerability in Apache Tomcat due
to an inc ...)
- {DLA-4619-1}
+ {DSA-6329-1 DSA-6328-1 DLA-4619-1}
- tomcat11 11.0.21-1 (bug #1133357)
- tomcat10 10.1.54-1 (bug #1133356)
- tomcat9 9.0.70-2
@@ -37175,7 +37425,7 @@ CVE-2026-2305 (The AddFunc Head & Footer Code plugin
for WordPress is vulnerable
CVE-2026-29923 (The pstrip64.sys driver in EnTech Taiwan PowerStrip <=3.90.736
allows ...)
NOT-FOR-US: EnTech Taiwan PowerStrip
CVE-2026-29146 (Padding Oracle vulnerability in Apache Tomcat's
EncryptInterceptor wit ...)
- {DLA-4619-1}
+ {DSA-6329-1 DSA-6328-1 DLA-4619-1}
- tomcat11 11.0.21-1 (bug #1133357)
- tomcat10 10.1.54-1 (bug #1133356)
- tomcat9 9.0.70-2
@@ -37190,7 +37440,7 @@ CVE-2026-29146 (Padding Oracle vulnerability in Apache
Tomcat's EncryptIntercept
NOTE:
https://github.com/apache/tomcat/commit/776e12b3e2b0b4507b8a3b62c187ceb0b74bf418
(9.0.117)
NOTE: https://www.openwall.com/lists/oss-security/2026/04/09/24
CVE-2026-29145 (CLIENT_CERT authentication does not fail as expected for some
scenario ...)
- {DLA-4619-1}
+ {DSA-6329-1 DSA-6328-1 DLA-4619-1}
- tomcat11 11.0.21-1 (bug #1133357)
- tomcat10 10.1.54-1 (bug #1133356)
- tomcat9 9.0.70-2
@@ -37200,7 +37450,7 @@ CVE-2026-29145 (CLIENT_CERT authentication does not
fail as expected for some sc
NOTE: Fixed by:
https://github.com/apache/tomcat/commit/d1406df5ae0326f39f54c3f64ac30d8fca55cd5b
(9.0.116)
NOTE: https://www.openwall.com/lists/oss-security/2026/04/09/23
CVE-2026-29129 (Configured cipher preference order not preserved vulnerability
in Apac ...)
- {DLA-4619-1}
+ {DSA-6329-1 DSA-6328-1 DLA-4619-1}
- tomcat11 11.0.21-1 (bug #1133357)
- tomcat10 10.1.54-1 (bug #1133356)
- tomcat9 9.0.70-2
@@ -37212,7 +37462,7 @@ CVE-2026-29129 (Configured cipher preference order not
preserved vulnerability i
CVE-2026-28704 (Emocheck insecurely loads Dynamic Link Libraries (DLLs). If a
crafted ...)
NOT-FOR-US: Emocheck
CVE-2026-25854 (Occasional URL redirection to untrusted Site ('Open Redirect')
vulnera ...)
- {DLA-4619-1}
+ {DSA-6329-1 DSA-6328-1 DLA-4619-1}
- tomcat11 11.0.21-1 (bug #1133357)
- tomcat10 10.1.54-1 (bug #1133356)
- tomcat9 9.0.70-2
@@ -37224,7 +37474,7 @@ CVE-2026-25854 (Occasional URL redirection to untrusted
Site ('Open Redirect') v
CVE-2026-25203 (Samsung MagicINFO 9 Server Incorrect Default Permissions Local
Privile ...)
NOT-FOR-US: Samsung
CVE-2026-24880 (Inconsistent Interpretation of HTTP Requests ('HTTP
Request/Response S ...)
- {DLA-4619-1}
+ {DSA-6329-1 DSA-6328-1 DLA-4619-1}
- tomcat11 11.0.21-1 (bug #1133357)
- tomcat10 10.1.54-1 (bug #1133356)
- tomcat9 9.0.70-2
@@ -48085,7 +48335,7 @@ CVE-2026-4745 (Improper Control of Generation of Code
('Code Injection') vulnera
NOT-FOR-US: perf-ninja
CVE-2026-4744 (Out-of-bounds Read vulnerability in rizonesoft Notepad3
(scintilla/oni ...)
NOT-FOR-US: rizonesoft Notepad3
-CVE-2026-47430
+CVE-2026-47430 (## Summary The iOS implementation of
`cordova-plugin-inappbrowser` pa ...)
NOT-FOR-US: Cordova Plugin InAppBrowser (cordova-plugin-inappbrowser)
CVE-2026-4743 (NULL Pointer Dereference vulnerability in taurusxin ncmdump
(src/utils ...)
NOT-FOR-US: taurusxin ncmdump
@@ -64410,7 +64660,7 @@ CVE-2026-26731 (TOTOLINK A3002RU V2.1.1-B20211108.1455
was discovered to contain
CVE-2026-25903 (Apache NiFi 1.1.0 through 2.7.2 are missing authorization when
updatin ...)
NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-24734 (Improper Input Validation vulnerability in Apache Tomcat
Native, Apach ...)
- {DSA-6120-1}
+ {DSA-6329-1 DSA-6120-1}
- tomcat11 11.0.18-1
- tomcat10 10.1.52-1
- tomcat9 9.0.70-2
@@ -70649,6 +70899,7 @@ CVE-2026-1760 (A flaw was found in SoupServer. This
HTTP request smuggling vulne
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/issues/475
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/libsoup/-/commit/6224df5a471e9040a99dd3dc2e91817a701b1bf6
CVE-2026-1757 (A flaw was identified in the interactive shell of the xmllint
utility, ...)
+ {DLA-4622-1}
- libxml2 2.15.2+dfsg-0.1 (unimportant)
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/1009
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/libxml2/-/commit/160c8a43ba37dfb07ebe6446fbad9d0973d9279d
@@ -77013,6 +77264,7 @@ CVE-2026-20075 (A vulnerability in the web-based
management interface of Cisco E
CVE-2026-20047 (A vulnerability in the web-based management interface of Cisco
Identit ...)
NOT-FOR-US: Cisco
CVE-2026-0992 (A flaw was found in the libxml2 library. This uncontrolled
resource co ...)
+ {DLA-4622-1}
- libxml2 2.15.2+dfsg-0.1 (bug #1125696)
[trixie] - libxml2 <no-dsa> (Minor issue)
[bookworm] - libxml2 <no-dsa> (Minor issue)
@@ -77024,6 +77276,7 @@ CVE-2026-0992 (A flaw was found in the libxml2 library.
This uncontrolled resour
NOTE: Follow-up:
https://gitlab.gnome.org/GNOME/libxml2/-/commit/096402c942e9d9a049f283eb4e6da431289900e1
(v2.15.2)
NOTE: Tests:
https://gitlab.gnome.org/GNOME/libxml2/-/commit/f14c733327f163b49a632f03d05a58c119ed7e57
(v2.15.2)
CVE-2026-0990 (A flaw was found in libxml2, an XML parsing library. This
uncontrolled ...)
+ {DLA-4622-1}
- libxml2 2.15.2+dfsg-0.1 (bug #1125695)
[trixie] - libxml2 <no-dsa> (Minor issue)
[bookworm] - libxml2 <no-dsa> (Minor issue)
@@ -77033,6 +77286,7 @@ CVE-2026-0990 (A flaw was found in libxml2, an XML
parsing library. This uncontr
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/libxml2/-/commit/ac6f0fde1476c41f59ad0c68ada3394599ebf2ae
(v2.15.2)
NOTE: Tests:
https://gitlab.gnome.org/GNOME/libxml2/-/commit/f14c733327f163b49a632f03d05a58c119ed7e57
(v2.15.2)
CVE-2026-0989 (A flaw was identified in the RelaxNG parser of libxml2 related
to how ...)
+ {DLA-4622-1}
- libxml2 2.15.2+dfsg-0.1 (bug #1125691)
[trixie] - libxml2 <no-dsa> (Minor issue)
[bookworm] - libxml2 <no-dsa> (Minor issue)
@@ -137119,6 +137373,7 @@ CVE-2025-8734
CVE-2025-8733
REJECTED
CVE-2025-8732 (A vulnerability was found in libxml2 up to 2.14.5. It has been
declare ...)
+ {DLA-4622-1}
- libxml2 2.15.2+dfsg-0.1 (unimportant)
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/958
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/958#note_2505853
@@ -150041,6 +150296,7 @@ CVE-2025-5822 (Autel MaxiCharger AC Wallbox
Commercial Technician API Incorrect
CVE-2025-5015 (A cross-site scripting vulnerability exists in the AccuWeather
and Cus ...)
NOT-FOR-US: Parsons
CVE-2025-52999 (jackson-core contains core low-level incremental ("streaming")
parser ...)
+ {DLA-4623-1}
- jackson-core 2.14.1-2 (bug #1108367)
NOTE:
https://github.com/FasterXML/jackson-core/security/advisories/GHSA-h46c-h94j-95f3
NOTE: https://github.com/FasterXML/jackson-core/pull/943
@@ -156009,6 +156265,7 @@ CVE-2024-55585 (In the moPS App through 1.8.618, all
users can access administra
CVE-2025-5814 (The Profiler \u2013 What Slowing Down Your WP plugin for
WordPress is ...)
NOT-FOR-US: WordPress plugin
CVE-2025-49128 (Jackson-core contains core low-level incremental ("streaming")
parser ...)
+ {DLA-4623-1}
- jackson-core 2.13.0-1
NOTE:
https://github.com/FasterXML/jackson-core/security/advisories/GHSA-wf8f-6423-gfxg
NOTE: https://github.com/FasterXML/jackson-core/pull/652
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/263cd9568edb099b6ccf98e1db756f60b6da668a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/263cd9568edb099b6ccf98e1db756f60b6da668a
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
