Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 3876feea by security tracker role at 2026-06-10T07:13:04+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,323 @@ +CVE-2026-9754 (An authenticated user with the read role may read limited amounts of u ...) + TODO: check +CVE-2026-9753 (The $_internalApplyOplogUpdate aggregation pipeline stage can be used ...) + TODO: check +CVE-2026-9752 (An authorized user could trigger a server crash by running a query wit ...) + TODO: check +CVE-2026-9751 (The ldapQueryPassword parameter, when set through the runtime setParam ...) + TODO: check +CVE-2026-9750 (An authenticated user can cause a MongoDB server to crash or return in ...) + TODO: check +CVE-2026-9749 (This issue can occur when running an aggregation pipeline that uses th ...) + TODO: check +CVE-2026-9748 (The $_internalConvertBucketIndexStats stage used PauseExecution as a w ...) + TODO: check +CVE-2026-9747 (Adding fromRouter:true and runtimeConstants.userRoles could cause aggr ...) + TODO: check +CVE-2026-9746 (When using $changestreams and $_requestReshardingResumeToken with the ...) + TODO: check +CVE-2026-9743 (In MongoDB Server 8.0, an aggregation stage can leave its _subPipeline ...) + TODO: check +CVE-2026-9742 (When OIDC authentication is enabled in configuration, clients may set ...) + TODO: check +CVE-2026-9741 (A bug in query analysis processing of the $vectorSearch aggregation st ...) + TODO: check +CVE-2026-9740 (A vulnerability in MongoDB Server's BSON validation logic allows an un ...) + TODO: check +CVE-2026-9735 (MongoDB server may log authentication parameters, including credential ...) + TODO: check +CVE-2026-9067 (The Schema & Structured Data for WP & AMP WordPress plugin before 1.60 ...) + TODO: check +CVE-2026-9060 (The Store Locator WordPress plugin before 1.6.6 does not sanitize and ...) + TODO: check +CVE-2026-8071 (The Anti-Spam by CleanTalk. Spam protection WordPress plugin before 6. ...) + TODO: check +CVE-2026-6445 (A flaw exists in FlashArray Purity where insufficient filtering of cer ...) + TODO: check +CVE-2026-6444 (A flaw exists in the FlashArray Purity management interface where an a ...) + TODO: check +CVE-2026-53675 (BuddyPress 14.4.0 contains an insecure direct object reference vulnera ...) + TODO: check +CVE-2026-53674 (BuddyPress 14.4.0 contains a regular expression injection vulnerabilit ...) + TODO: check +CVE-2026-53673 (BuddyPress 14.4.0 contains an insecure direct object reference vulnera ...) + TODO: check +CVE-2026-48306 (Substance3D - Sampler versions 6.0.0 and earlier are affected by an ou ...) + TODO: check +CVE-2026-48305 (Substance3D - Sampler versions 6.0.0 and earlier are affected by an ou ...) + TODO: check +CVE-2026-48303 (Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier are ...) + TODO: check +CVE-2026-48292 (Format Plugins versions 1.1.2 and earlier are affected by a Heap-based ...) + TODO: check +CVE-2026-48291 (Format Plugins versions 1.1.2 and earlier are affected by a Heap-based ...) + TODO: check +CVE-2026-47961 (Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are aff ...) + TODO: check +CVE-2026-47960 (ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Imp ...) + TODO: check +CVE-2026-47959 (Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are aff ...) + TODO: check +CVE-2026-47955 (Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are aff ...) + TODO: check +CVE-2026-47952 (Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are aff ...) + TODO: check +CVE-2026-47938 (Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier are ...) + TODO: check +CVE-2026-47937 (Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are aff ...) + TODO: check +CVE-2026-47933 (ColdFusion versions 2023.19, 2025.8 and earlier are affected by a stor ...) + TODO: check +CVE-2026-47932 (ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Imp ...) + TODO: check +CVE-2026-47931 (ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Imp ...) + TODO: check +CVE-2026-47930 (ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Imp ...) + TODO: check +CVE-2026-47929 (ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Inc ...) + TODO: check +CVE-2026-47928 (ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Imp ...) + TODO: check +CVE-2026-47926 (Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are aff ...) + TODO: check +CVE-2026-47925 (Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are aff ...) + TODO: check +CVE-2026-47924 (Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are aff ...) + TODO: check +CVE-2026-47923 (Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are aff ...) + TODO: check +CVE-2026-47921 (Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are aff ...) + TODO: check +CVE-2026-47920 (Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are aff ...) + TODO: check +CVE-2026-47919 (Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are aff ...) + TODO: check +CVE-2026-47918 (Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are aff ...) + TODO: check +CVE-2026-47917 (Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are aff ...) + TODO: check +CVE-2026-47916 (Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are aff ...) + TODO: check +CVE-2026-47915 (Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are aff ...) + TODO: check +CVE-2026-47914 (Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are aff ...) + TODO: check +CVE-2026-47913 (Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are aff ...) + TODO: check +CVE-2026-47912 (Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are aff ...) + TODO: check +CVE-2026-47911 (Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are aff ...) + TODO: check +CVE-2026-47910 (Dreamweaver Desktop versions 21.7 and earlier are affected by an Incor ...) + TODO: check +CVE-2026-47909 (Dreamweaver Desktop versions 21.7 and earlier are affected by an Impro ...) + TODO: check +CVE-2026-47908 (Dreamweaver Desktop versions 21.7 and earlier are affected by an Acces ...) + TODO: check +CVE-2026-47907 (Dreamweaver Desktop versions 21.7 and earlier are affected by an Impro ...) + TODO: check +CVE-2026-47906 (Dreamweaver Desktop versions 21.7 and earlier are affected by a Depend ...) + TODO: check +CVE-2026-47905 (CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earl ...) + TODO: check +CVE-2026-47904 (CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earl ...) + TODO: check +CVE-2026-47903 (CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earl ...) + TODO: check +CVE-2026-47902 (CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earl ...) + TODO: check +CVE-2026-47838 (SubjectDnX509PrincipalExtractor does not correctly handle certain malf ...) + TODO: check +CVE-2026-47106 (Ellucian Banner Self-Service before the April T2 release (2025-04-23) ...) + TODO: check +CVE-2026-46546 (Frappe Learning Management System (LMS) is a learning system that help ...) + TODO: check +CVE-2026-46545 (Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol ba ...) + TODO: check +CVE-2026-46543 (Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol ba ...) + TODO: check +CVE-2026-46542 (Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol ba ...) + TODO: check +CVE-2026-46541 (Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol ba ...) + TODO: check +CVE-2026-46540 (Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol ba ...) + TODO: check +CVE-2026-46539 (Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol ba ...) + TODO: check +CVE-2026-46532 (ESF-IDF is the Espressif Internet of Things (IOT) Development Framewor ...) + TODO: check +CVE-2026-46518 (OpenEMR is a free and open source electronic health records and medica ...) + TODO: check +CVE-2026-46517 (LMDeploy is a toolkit for compressing, deploying, and serving large la ...) + TODO: check +CVE-2026-46491 (SimpleSAMLphp-casserver is a CAS 1.0 and 2.0 compliant CAS server in t ...) + TODO: check +CVE-2026-46432 (LMDeploy is a toolkit for compressing, deploying, and serving large la ...) + TODO: check +CVE-2026-46411 (FlashMQ is a MQTT broker/server, designed for multi-CPU environments. ...) + TODO: check +CVE-2026-46374 (SQLFluff is a modular SQL linter and auto-formatter with support for m ...) + TODO: check +CVE-2026-46373 (SQLFluff is a modular SQL linter and auto-formatter with support for m ...) + TODO: check +CVE-2026-45782 (Cloud Hypervisor is a Virtual Machine Monitor for Cloud workloads. Fro ...) + TODO: check +CVE-2026-45542 (ESF-IDF is the Espressif Internet of Things (IOT) Development Framewor ...) + TODO: check +CVE-2026-45541 (ESF-IDF is the Espressif Internet of Things (IOT) Development Framewor ...) + TODO: check +CVE-2026-45329 (ESF-IDF is the Espressif Internet of Things (IOT) Development Framewor ...) + TODO: check +CVE-2026-45328 (ESF-IDF is the Espressif Internet of Things (IOT) Development Framewor ...) + TODO: check +CVE-2026-45160 (ESF-IDF is the Espressif Internet of Things (IOT) Development Framewor ...) + TODO: check +CVE-2026-44963 (A vulnerability allowing remote code execution (RCE) on the Backup Ser ...) + TODO: check +CVE-2026-44716 (Pipecat is an open-source Python framework for building real-time voic ...) + TODO: check +CVE-2026-44634 (SimpleBLE is a cross-platform library and bindings for Bluetooth Low E ...) + TODO: check +CVE-2026-44505 (Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol ba ...) + TODO: check +CVE-2026-41837 (Spring Data REST's Querydsl integration accepts arbitrary persistent p ...) + TODO: check +CVE-2026-41732 (JsonPulsarHeaderMapper matched type headers against trusted packages u ...) + TODO: check +CVE-2026-41731 (JsonKafkaHeaderMapper and the deprecated DefaultKafkaHeaderMapper matc ...) + TODO: check +CVE-2026-41730 (Spring Data REST serializes the full exception cause chain into HTTP e ...) + TODO: check +CVE-2026-41729 (Spring Data REST is vulnerable to SpEL expression injection through ma ...) + TODO: check +CVE-2026-41728 (Spring Data REST's JSON Patch (application/json-patch+json) implementa ...) + TODO: check +CVE-2026-41727 (Spring Kafka's retry topic infrastructure did not sufficiently validat ...) + TODO: check +CVE-2026-41726 (When an application opts into DelegatingDeserializer, a producer can g ...) + TODO: check +CVE-2026-41721 (Spring Data Commons contains a vulnerability that can lead to a Denial ...) + TODO: check +CVE-2026-41719 (A SpEL Injection vulnerability exists in the Spring Data KeyValue if u ...) + TODO: check +CVE-2026-41717 (Spring Data MongoDB contains a SpEL (Spring Expression Language) expre ...) + TODO: check +CVE-2026-41716 (Spring Data's internal property-lookup cache accepts and permanently r ...) + TODO: check +CVE-2026-41714 (Applications that configure their broker connection via RabbitConnecti ...) + TODO: check +CVE-2026-41711 (Applications using Spring Data Commons may be vulnerable to a Denial o ...) + TODO: check +CVE-2026-41706 (Spring Security's CookieRequestCache and CookieServerRequestCache stor ...) + TODO: check +CVE-2026-41701 (Correlation IDs for replies in the RabbitTemplate.sendAndReceive() wit ...) + TODO: check +CVE-2026-41697 (Spring Data Relational does not properly escape binding values of exte ...) + TODO: check +CVE-2026-41696 (Spring Data MongoDB repository query methods annotated with @Query tha ...) + TODO: check +CVE-2026-41695 (Spring Data Commons applications may be vulnerable to denial of servic ...) + TODO: check +CVE-2026-41694 (Since Spring Security SAML decrypts SAML Responses as well as elements ...) + TODO: check +CVE-2026-41008 (Spring Security Authorization Server's authorization endpoint performs ...) + TODO: check +CVE-2026-41003 (An attacker able to influence values in RelyingPartyRegistration may b ...) + TODO: check +CVE-2026-40993 (An attacker with write permissions to the database table managed by Jd ...) + TODO: check +CVE-2026-40991 (When using spring-restdocs-webtestclient or spring-restdocs-restassure ...) + TODO: check +CVE-2026-40988 (An application using spring-security-saml2-service-provider and the RE ...) + TODO: check +CVE-2026-3326 (The Xstore WordPress theme before 9.7.3 does not properly sanitise and ...) + TODO: check +CVE-2026-34713 (CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earl ...) + TODO: check +CVE-2026-34712 (CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earl ...) + TODO: check +CVE-2026-34711 (CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earl ...) + TODO: check +CVE-2026-34710 (Substance3D - Sampler versions 6.0.0 and earlier are affected by an ou ...) + TODO: check +CVE-2026-34709 (Substance3D - Sampler versions 6.0.0 and earlier are affected by an ou ...) + TODO: check +CVE-2026-34657 (CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earl ...) + TODO: check +CVE-2026-34417 (OSCAL-GUI contains a reflected cross-site scripting vulnerability that ...) + TODO: check +CVE-2026-34416 (OSCAL-GUI contains a reflected cross-site scripting vulnerability that ...) + TODO: check +CVE-2026-32856 (Ellucian Banner Self-Service before the April T2 release (2025-04-23) ...) + TODO: check +CVE-2026-29116 (A vulnerability has been found in some Dahua products could allow an u ...) + TODO: check +CVE-2026-29115 (A vulnerability has been found in some Dahua products could allow an a ...) + TODO: check +CVE-2026-29114 (A vulnerability has been found in some Dahua products. An attacker may ...) + TODO: check +CVE-2026-26241 (A buffer overflow vulnerability has been reported to affect File Stati ...) + TODO: check +CVE-2026-26240 (A buffer overflow vulnerability has been reported to affect File Stati ...) + TODO: check +CVE-2026-26239 (A buffer overflow vulnerability has been reported to affect File Stati ...) + TODO: check +CVE-2026-26237 (A missing authorization vulnerability has been reported to affect QuMa ...) + TODO: check +CVE-2026-25860 (OpenClinic GA 5.351.19 contains a reflected cross-site scripting vulne ...) + TODO: check +CVE-2026-25557 (Evoluted PHP Directory Listing Script through 4.0.5 contains a reflect ...) + TODO: check +CVE-2026-24724 (An incorrect authorization vulnerability has been reported to affect F ...) + TODO: check +CVE-2026-24720 (An allocation of resources without limits or throttling vulnerability ...) + TODO: check +CVE-2026-24719 (A command injection vulnerability has been reported to affect several ...) + TODO: check +CVE-2026-24717 (A path traversal vulnerability has been reported to affect several QNA ...) + TODO: check +CVE-2026-24716 (A NULL pointer dereference vulnerability has been reported to affect s ...) + TODO: check +CVE-2026-22899 (A NULL pointer dereference vulnerability has been reported to affect F ...) + TODO: check +CVE-2026-22893 (A command injection vulnerability has been reported to affect several ...) + TODO: check +CVE-2026-11837 (A local privilege escalation vulnerability was found in the ansible.po ...) + TODO: check +CVE-2026-11824 (SQLite before 3.53.2 contains a heap-based buffer overflow vulnerabili ...) + TODO: check +CVE-2026-11822 (SQLite before 3.53.2 contains memory corruption vulnerabilities in the ...) + TODO: check +CVE-2026-11815 (An attacker who intercepts and tampers with traffic between the client ...) + TODO: check +CVE-2026-11799 (UXSS in Focus for iOS / Klar Webkit navigation. This vulnerability was ...) + TODO: check +CVE-2026-10846 (NLnet Labs ldns 1.2.0 up to and including versions 1.9.0, when used in ...) + TODO: check +CVE-2026-10238 + REJECTED +CVE-2025-8444 (The Animation Addons for Elementor \u2013 GSAP Powered Elementor Addon ...) + TODO: check +CVE-2025-71319 (image-size 1.1.0 before 1.2.1 and 2.0.0 before 2.0.2 contain a denial ...) + TODO: check +CVE-2025-66281 (A NULL pointer dereference vulnerability has been reported to affect s ...) + TODO: check +CVE-2025-66280 (An integer overflow or wraparound vulnerability has been reported to a ...) + TODO: check +CVE-2025-66279 (A command injection vulnerability has been reported to affect several ...) + TODO: check +CVE-2025-66276 (QuTS hero is not affected. We have already fixed the vulnerability in ...) + TODO: check +CVE-2025-66273 (A command injection vulnerability has been reported to affect several ...) + TODO: check +CVE-2025-62851 (A path traversal vulnerability has been reported to affect License Cen ...) + TODO: check +CVE-2025-62850 (A NULL pointer dereference vulnerability has been reported to affect s ...) + TODO: check +CVE-2025-59382 (QTS, QuTS hero, QuTScloud are not affected. We have already fixed the ...) + TODO: check +CVE-2025-58468 (A cross-site request forgery (CSRF) vulnerability has been reported to ...) + TODO: check CVE-2026-11526 - libgd-perl <unfixed> NOTE: Fixed by: https://github.com/lstein/Perl-GD/commit/67b163713c6c78dfeb693da0978ae934e5cd8210 (v2.86) @@ -25,7 +345,7 @@ CVE-2026-9211 (An unauthenticated user on the local network can gain control of NOT-FOR-US: Netgear CVE-2026-9210 (Insufficient input validation vulnerability in thelisted NETGEAR model ...) NOT-FOR-US: Netgear -CVE-2026-8863 (Multiple version of UEFI SHIM bootloaders are vulnerable to SecureBoo ...) +CVE-2026-8863 (Multiple Microsoft-sigend UEFI SHIM bootloaders are vulnerable to Secu ...) TODO: check CVE-2026-8677 (The Prime Elementor Addons \u2013 Lightweight Elementor Widgets for Fa ...) NOT-FOR-US: WordPress plugin @@ -51,7 +371,7 @@ CVE-2026-50636 (The RemoteControl API methods invite_participants and remind_par - limesurvey <itp> (bug #472802) CVE-2026-50635 (LimeSurvey constructs account password-reset links from the client-sup ...) - limesurvey <itp> (bug #472802) -CVE-2026-50512 (Missing authentication for critical function in Microsoft PC Manager a ...) +CVE-2026-50512 (Improper link resolution before file access ('link following') in Micr ...) NOT-FOR-US: Microsoft CVE-2026-50511 (Improper link resolution before file access ('link following') in Micr ...) NOT-FOR-US: Microsoft @@ -422,11 +742,11 @@ CVE-2026-45583 (Improper control of generation of code ('code injection') in Mic NOT-FOR-US: Microsoft CVE-2026-45504 (Server-side request forgery (ssrf) in Microsoft Exchange Server allows ...) NOT-FOR-US: Microsoft -CVE-2026-45503 (Improper authorization in Microsoft Exchange Server allows an authoriz ...) +CVE-2026-45503 (Server-side request forgery (ssrf) in Microsoft Exchange Server allows ...) NOT-FOR-US: Microsoft CVE-2026-45502 (Server-side request forgery (ssrf) in Microsoft Exchange Server allows ...) NOT-FOR-US: Microsoft -CVE-2026-45501 (Server-side request forgery (ssrf) in Microsoft Exchange Server allows ...) +CVE-2026-45501 (Improper neutralization of input during web page generation ('cross-si ...) NOT-FOR-US: Microsoft CVE-2026-45500 (Improper neutralization of input during web page generation ('cross-si ...) NOT-FOR-US: Microsoft @@ -987,12 +1307,14 @@ CVE-2016-20063 (Single Personal Message 1.0.3 contains an SQL injection vulnerab CVE-2016-20062 (Simply Poll 1.4.1 plugin for WordPress contains an SQL injection vulne ...) NOT-FOR-US: WordPress plugin CVE-2026-45446 (Issue summary: The implementations of AES-SIV (RFC 5297) and AES-GCM-S ...) + {DSA-6335-1} - openssl <unfixed> NOTE: https://openssl-library.org/news/secadv/20260609.txt CVE-2026-42771 (Issue summary: When the X509_VERIFY_PARAM_set1_email is called by an a ...) - openssl <not-affected> (Vulnerable code not present) NOTE: https://openssl-library.org/news/secadv/20260609.txt CVE-2026-42770 (Issue summary: When EVP_PKEY_derive_set_peer() is called with a DHX (X ...) + {DSA-6335-1} - openssl <unfixed> NOTE: https://openssl-library.org/news/secadv/20260609.txt CVE-2026-42769 (Issue Summary: An error in the callback used to verify the certificate ...) @@ -1013,6 +1335,7 @@ CVE-2026-42767 (Issue summary: An attacker-controlled CMP (Certificate Managemen [bookworm] - openssl <no-dsa> (Minor issue; can be fixed in next update) NOTE: https://openssl-library.org/news/secadv/20260609.txt CVE-2026-42766 (Issue summary: A specially crafted password-encrypted CMS message can ...) + {DSA-6335-1} - openssl <unfixed> NOTE: https://openssl-library.org/news/secadv/20260609.txt CVE-2026-42765 (Issue summary: When a partial-chain certificate verification is enable ...) @@ -1028,15 +1351,19 @@ CVE-2026-34181 (Issue Summary: The PKCS#12 file processing fails to perform suff [bullseye] - openssl <not-affected> (Vulnerable code not present) NOTE: https://openssl-library.org/news/secadv/20260609.txt CVE-2026-34180 (Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a pr ...) + {DSA-6335-1} - openssl <unfixed> NOTE: https://openssl-library.org/news/secadv/20260609.txt CVE-2026-9076 (Issue summary: When CMS password-based decryption (RFC 3211 / PWRI key ...) + {DSA-6335-1} - openssl <unfixed> NOTE: https://openssl-library.org/news/secadv/20260609.txt CVE-2026-7383 (Issue summary: A signed integer overflow when sizing the destination b ...) + {DSA-6335-1} - openssl <unfixed> NOTE: https://openssl-library.org/news/secadv/20260609.txt CVE-2026-45445 (Issue summary: When an application drives an AES-OCB context through t ...) + {DSA-6335-1} - openssl <unfixed> NOTE: https://openssl-library.org/news/secadv/20260609.txt CVE-2026-42764 (Issue summary: Receiving a QUIC initial packet with an invalid token m ...) @@ -1058,9 +1385,11 @@ CVE-2026-34183 (Issue summary: Remote peer may exhaust heap memory of the QUIC s [bullseye] - openssl <not-affected> (Vulnerable code not present) NOTE: https://openssl-library.org/news/secadv/20260609.txt CVE-2026-34182 (Issue Summary: Cryptographic Message Services (CMS) processing fails t ...) + {DSA-6335-1} - openssl <unfixed> NOTE: https://openssl-library.org/news/secadv/20260609.txt CVE-2026-45447 (Issue summary: A specially crafted PKCS#7 or S/MIME signed message cou ...) + {DSA-6335-1} - openssl <unfixed> NOTE: https://openssl-library.org/news/secadv/20260609.txt CVE-2026-42488 @@ -2619,7 +2948,7 @@ CVE-2026-21025 (Incorrect privilege assignment in Telephony prior to SMR Jun-202 NOT-FOR-US: Samsung Mobile CVE-2026-21017 (Improper handling of insufficient privileges in SecTelephonyProvider p ...) NOT-FOR-US: Samsung Mobile -CVE-2026-20245 (A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly ...) +CVE-2026-20245 (A vulnerability in the CLI of Cisco Catalyst SD-WAN Controller, former ...) NOT-FOR-US: Cisco CVE-2026-11369 (The Comment API (GET /api/Comment and POST /api/Comment) in the affect ...) NOT-FOR-US: linqi @@ -5192,6 +5521,7 @@ CVE-2026-50266 (In OpenStack Neutron before 28.0.1, a project manager can create NOTE: https://security.openstack.org/ossa/OSSA-2026-021.html NOTE: https://launchpad.net/bugs/2152115 CVE-2026-41283 (OpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Executio ...) + {DSA-6333-1} - mistral <unfixed> (bug #1138843) NOTE: https://www.openwall.com/lists/oss-security/2026/06/03/14 NOTE: https://launchpad.net/bugs/2147178 @@ -6798,6 +7128,7 @@ CVE-2026-10197 (A vulnerability was detected in Assimp up to 6.0.4. Affected is NOTE: https://github.com/assimp/assimp/pull/6645 NOTE: https://github.com/assimp/assimp/commit/24bd7ee6f6721b34854dc232b253c71ecc66e457 CVE-2026-10118 (A flaw was found in Poppler's Splash backend. A remote attacker could ...) + {DSA-6334-1} - poppler 26.01.0-4.1 (bug #1138708) NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/work_items/1715 NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/commit/8352264766652b98336e92359a70b3161a9ab97a @@ -16481,7 +16812,7 @@ CVE-2026-40930 (LIBPNG is a reference library for use in applications that proce NOTE: so marking 1.6.37-4 as the fixed version NOTE: https://github.com/pnggroup/libpng/security/advisories/GHSA-c4v6-gxrq-6g2x NOTE: https://github.com/pnggroup/libpng/commit/faf06924688b62d7c1654b5ceddedbde66ffadb4 -CVE-2026-46433 [Heap OOB Read in VLAN Decapsulation memmove] +CVE-2026-46433 (lldpd is an implementation of IEEE 802.1ab (LLDP). Prior to version 1. ...) - lldpd 1.0.22-1 [trixie] - lldpd <no-dsa> (Minor issue) [bookworm] - lldpd <no-dsa> (Minor issue) @@ -18950,37 +19281,37 @@ CVE-2026-35504 (PowerSYSTEM Center email notification service is affected by a C NOT-FOR-US: PowerSYSTEM Center CVE-2026-34690 (After Effects versions 26.0, 25.6.4 and earlier are affected by a Stac ...) NOT-FOR-US: Adobe -CVE-2026-34688 (CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affecte ...) +CVE-2026-34688 (CAI Content Credentials versions [email protected], c2pa-v0.78.2 and earl ...) NOT-FOR-US: Adobe CVE-2026-34686 (Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2. ...) NOT-FOR-US: Adobe CVE-2026-34685 (Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2. ...) NOT-FOR-US: Adobe -CVE-2026-34680 (CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affecte ...) +CVE-2026-34680 (CAI Content Credentials versions [email protected], c2pa-v0.78.2 and earl ...) NOT-FOR-US: Adobe -CVE-2026-34679 (CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affecte ...) +CVE-2026-34679 (CAI Content Credentials versions [email protected], c2pa-v0.78.2 and earl ...) NOT-FOR-US: Adobe -CVE-2026-34678 (CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affecte ...) +CVE-2026-34678 (CAI Content Credentials versions [email protected], c2pa-v0.78.2 and earl ...) NOT-FOR-US: Adobe -CVE-2026-34677 (CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affecte ...) +CVE-2026-34677 (CAI Content Credentials versions [email protected], c2pa-v0.78.2 and earl ...) NOT-FOR-US: Adobe -CVE-2026-34673 (CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affecte ...) +CVE-2026-34673 (CAI Content Credentials versions [email protected], c2pa-v0.78.2 and earl ...) NOT-FOR-US: Adobe -CVE-2026-34672 (CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affecte ...) +CVE-2026-34672 (CAI Content Credentials versions [email protected], c2pa-v0.78.2 and earl ...) NOT-FOR-US: Adobe -CVE-2026-34671 (CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affecte ...) +CVE-2026-34671 (CAI Content Credentials versions [email protected], c2pa-v0.78.2 and earl ...) NOT-FOR-US: Adobe -CVE-2026-34670 (CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affecte ...) +CVE-2026-34670 (CAI Content Credentials versions [email protected], c2pa-v0.78.2 and earl ...) NOT-FOR-US: Adobe -CVE-2026-34669 (CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affecte ...) +CVE-2026-34669 (CAI Content Credentials versions [email protected], c2pa-v0.78.2 and earl ...) NOT-FOR-US: Adobe -CVE-2026-34668 (CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affecte ...) +CVE-2026-34668 (CAI Content Credentials versions [email protected], c2pa-v0.78.2 and earl ...) NOT-FOR-US: Adobe -CVE-2026-34667 (CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affecte ...) +CVE-2026-34667 (CAI Content Credentials versions [email protected], c2pa-v0.78.2 and earl ...) NOT-FOR-US: Adobe -CVE-2026-34666 (CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affecte ...) +CVE-2026-34666 (CAI Content Credentials versions [email protected], c2pa-v0.78.2 and earl ...) NOT-FOR-US: Adobe -CVE-2026-34665 (CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affecte ...) +CVE-2026-34665 (CAI Content Credentials versions [email protected], c2pa-v0.78.2 and earl ...) NOT-FOR-US: Adobe CVE-2026-34658 (Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2. ...) NOT-FOR-US: Adobe @@ -19710,7 +20041,7 @@ CVE-2026-33862 (A vulnerability has been identified in Teamcenter V2312 (All ver NOT-FOR-US: Siemens CVE-2026-33841 (Heap-based buffer overflow in Windows Kernel allows an authorized atta ...) NOT-FOR-US: Microsoft -CVE-2026-33840 (Concurrent execution using shared resource with improper synchronizati ...) +CVE-2026-33840 (Use after free in Windows Win32K - ICOMP allows an authorized attacker ...) NOT-FOR-US: Microsoft CVE-2026-33839 (Concurrent execution using shared resource with improper synchronizati ...) NOT-FOR-US: Microsoft @@ -33503,7 +33834,8 @@ CVE-2026-5398 (The implementation of TIOCNOTTY failed to clear a back-pointer fr NOT-FOR-US: FreeBSD CVE-2026-4872 REJECTED -CVE-2026-4821 (An improper neutralization of special elements vulnerability was ident ...) +CVE-2026-4821 + REJECTED NOT-FOR-US: Github Enterprise Server CVE-2026-4296 (An incorrect regular expression vulnerability was identified in GitHub ...) NOT-FOR-US: Github Enterprise Server @@ -115122,6 +115454,7 @@ CVE-2025-58277 (Permission verification bypass vulnerability in the Camera app.S CVE-2025-54654 (Permission control vulnerability in the Gallery module. Successful exp ...) NOT-FOR-US: Huawei CVE-2025-52885 (Poppler ia a library for rendering PDF files, and examining or modifyi ...) + {DSA-6334-1} - poppler 25.03.0-11.1 (bug #1117853) [bullseye] - poppler <postponed> (Minor issue; only affeccts CLI tools run with non-default CLI options) NOTE: https://securitylab.github.com/advisories/GHSL-2025-042_poppler/ @@ -119196,6 +119529,7 @@ CVE-2025-46205 (A heap-use-after free in the PdfTokenizer::ReadDictionary functi CVE-2025-43826 (Stored cross-site scripting (XSS) vulnerabilities in Web Content trans ...) NOT-FOR-US: Liferay CVE-2025-43718 (Poppler 24.06.1 through 25.x before 25.04.0 allows stack consumption a ...) + {DSA-6334-1} - poppler 25.03.0-10 (bug #1117046) [bullseye] - poppler <postponed> (minor issue) NOTE: Fixed by: https://gitlab.freedesktop.org/poppler/poppler/-/commit/f54b815672117c250420787c8c006de98e8c7408 (poppler-25.04.0) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3876feea6a25a7fa516b83eea4b66b5ed5e97991 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3876feea6a25a7fa516b83eea4b66b5ed5e97991 You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
