[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Mon, 15 Jun 2026 00:45:14 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
1e2a457c by security tracker role at 2026-06-15T07:44:56+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,78 @@
-CVE-2026-11527
+CVE-2026-54413 (driftregion iso14229 through 0.9.0 contains an integer 
underflow and d ...)
+       TODO: check
+CVE-2026-54412 (LiamBindle MQTT-C through version 1.1.6 contains a heap-based 
out-of-b ...)
+       TODO: check
+CVE-2026-54411 (Linux-PAM through 1.7.2 contains an observable timing 
discrepancy (CWE ...)
+       TODO: check
+CVE-2026-54410 (nanoMODBUS through v1.23.0 contains an off-by-one buffer 
overflow in t ...)
+       TODO: check
+CVE-2026-12223 (A vulnerability was identified in Yealink SIP-T46U 
108.86.0.118. Affec ...)
+       TODO: check
+CVE-2026-12222 (A vulnerability was determined in Yealink SIP-T46U 
108.86.0.118. Affec ...)
+       TODO: check
+CVE-2026-12221 (A vulnerability was found in Yealink SIP-T46U 108.86.0.118. 
This impac ...)
+       TODO: check
+CVE-2026-12220 (A vulnerability has been found in Yealink SIP-T46U 
108.86.0.118. This  ...)
+       TODO: check
+CVE-2026-12219 (A flaw has been found in Yealink SIP-T46U 108.86.0.118. The 
impacted e ...)
+       TODO: check
+CVE-2026-12218 (A vulnerability was detected in Yealink SIP-T46U 108.87.50.1. 
The affe ...)
+       TODO: check
+CVE-2026-12217 (A security vulnerability has been detected in DVDFab Virtual 
Drive 2.0 ...)
+       TODO: check
+CVE-2026-12216 (A weakness has been identified in svaarala duktape up to 
2.99.99. This ...)
+       TODO: check
+CVE-2026-12214 (A security flaw has been discovered in Qihoo 360 Total 
Security 6.0. T ...)
+       TODO: check
+CVE-2026-12213 (A vulnerability was found in hcengineering Huly Platform up to 
0.7.0.  ...)
+       TODO: check
+CVE-2026-12212 (A vulnerability has been found in hcengineering Huly Platform 
up to 0. ...)
+       TODO: check
+CVE-2026-12211 (A flaw has been found in Intelbras iNVU 7016 FT 
3.004.00IB000.0.T Buil ...)
+       TODO: check
+CVE-2026-12210 (A vulnerability was detected in 
universal-tool-calling-protocol python ...)
+       TODO: check
+CVE-2026-12209 (A security vulnerability has been detected in RubyLouvre 
avalon up to  ...)
+       TODO: check
+CVE-2026-12208 (A weakness has been identified in jsonata-js jsonata up to 
2.2.0. The  ...)
+       TODO: check
+CVE-2026-12207 (A security flaw has been discovered in medkey-org medkey up to 
fc09b7b ...)
+       TODO: check
+CVE-2026-12206 (A vulnerability was identified in Grit42 Grit up to 0.11.0. 
This issue ...)
+       TODO: check
+CVE-2026-12204 (A vulnerability was determined in ShopXO up to 6.7.1. This 
vulnerabili ...)
+       TODO: check
+CVE-2026-12203 (A vulnerability was found in HKUDS AI-Trader up to 
74caf996f78dcc0c657 ...)
+       TODO: check
+CVE-2026-12202 (A vulnerability has been found in Intelliants Subrion CMS up 
to 4.0.3. ...)
+       TODO: check
+CVE-2026-12201 (A flaw has been found in IObit Malware Fighter up to 13.2.0. 
Affected  ...)
+       TODO: check
+CVE-2026-12200 (A security vulnerability has been detected in Ritlabs TinyWeb 
Server u ...)
+       TODO: check
+CVE-2026-12198 (A weakness has been identified in Microweber up to 2.0.20. 
This affect ...)
+       TODO: check
+CVE-2026-12197 (A security flaw has been discovered in Ruijie EG105G-P 2.340. 
The impa ...)
+       TODO: check
+CVE-2026-12193 (A vulnerability was identified in VS Revo RevoUninstaller 
2.5.x/2.6.x. ...)
+       TODO: check
+CVE-2026-12192 (A vulnerability was determined in GALAYOU Y4 1.0.0. Impacted 
is an unk ...)
+       TODO: check
+CVE-2026-12191 (A vulnerability was found in Comma AI Openpilot 0.11. This 
issue affec ...)
+       TODO: check
+CVE-2026-12190 (A vulnerability has been found in Genspark AI Workspace App 
2.8.4 on A ...)
+       TODO: check
+CVE-2026-12189 (A flaw has been found in Moovit Bus & Public Transit App 1.18 
on Andro ...)
+       TODO: check
+CVE-2026-12188 (A vulnerability was detected in Grit42 Grit up to 0.11.0. 
Affected by  ...)
+       TODO: check
+CVE-2026-12187 (A security vulnerability has been detected in GL.iNet 
GL-MT3000 up to  ...)
+       TODO: check
+CVE-2026-12186 (A weakness has been identified in GL.iNet GL-MT3000 up to 
4.4.5. Affec ...)
+       TODO: check
+CVE-2025-15546 (The Iptanus File Upload WordPress plugin before 5.1.7 does not 
impleme ...)
+       TODO: check
+CVE-2026-11527 (Config::IniFiles versions before 3.001000 for Perl allow OS 
command in ...)
        - libconfig-inifiles-perl 3.000003-5
        NOTE: Fixed by: 
https://github.com/shlomif/perl-Config-IniFiles/commit/3e48f9627fbba4dae5de35be1f735cdeb7e47fb8
 (releases/3.001000)
 CVE-2026-XXXX [RUSTSEC-2026-0178]
@@ -2065,7 +2139,7 @@ CVE-2025-59382 (QTS, QuTS hero, QuTScloud are not 
affected.  We have already fix
        NOT-FOR-US: QNAP
 CVE-2025-58468 (A cross-site request forgery (CSRF) vulnerability has been 
reported to ...)
        NOT-FOR-US: QNAP
-CVE-2026-11526
+CVE-2026-11526 (GD versions before 2.86 for Perl allow OS command injection 
and file o ...)
        - libgd-perl 2.84-3
        NOTE: Fixed by: 
https://github.com/lstein/Perl-GD/commit/67b163713c6c78dfeb693da0978ae934e5cd8210
 (v2.86)
 CVE-2026-52903
@@ -3094,7 +3168,7 @@ CVE-2026-42767 (Issue summary: An attacker-controlled CMP 
(Certificate Managemen
        NOTE: Fixed by: 
https://github.com/openssl/openssl/commit/61a86a8cd73546c9fea916f3d304c1293e05c046
 (openssl-3.0.21)
        NOTE: Introduced with: 
https://github.com/openssl/openssl/commit/a61b7f2fa6de3bf8d5b1436e66c52d6bf7150ae4
 CVE-2026-42766 (Issue summary: A specially crafted password-encrypted CMS 
message can  ...)
-       {DSA-6335-1}
+       {DSA-6335-1 DLA-4630-1}
        - openssl 3.6.3-1 (bug #1139674)
        NOTE: https://openssl-library.org/news/secadv/20260609.txt
        NOTE: Fixed by: 
https://github.com/openssl/openssl/commit/3ff64913615d648cfbb6a6f1cf5529ae7ea829d7
 (openssl-3.0.21)
@@ -3112,17 +3186,17 @@ CVE-2026-34181 (Issue Summary: The PKCS#12 file 
processing fails to perform suff
        [bullseye] - openssl <not-affected> (Vulnerable code not present)
        NOTE: https://openssl-library.org/news/secadv/20260609.txt
 CVE-2026-34180 (Issue summary: Parsing a crafted DER-encoded ASN.1 structure 
with a pr ...)
-       {DSA-6335-1}
+       {DSA-6335-1 DLA-4630-1}
        - openssl 3.6.3-1 (bug #1139674)
        NOTE: https://openssl-library.org/news/secadv/20260609.txt
        NOTE: Fixed by: 
https://github.com/openssl/openssl/commit/cbe418ae978539cf14a398a207dba834c0e93e83
 (openssl-3.0.21)
 CVE-2026-9076 (Issue summary: When CMS password-based decryption (RFC 3211 / 
PWRI key ...)
-       {DSA-6335-1}
+       {DSA-6335-1 DLA-4630-1}
        - openssl 3.6.3-1 (bug #1139674)
        NOTE: https://openssl-library.org/news/secadv/20260609.txt
        NOTE: Fixed by: 
https://github.com/openssl/openssl/commit/eecbe330977e8d023aae1ca2d9bdbe983ef3fdc6
 (openssl-3.0.21)
 CVE-2026-7383 (Issue summary: A signed integer overflow when sizing the 
destination b ...)
-       {DSA-6335-1}
+       {DSA-6335-1 DLA-4630-1}
        - openssl 3.6.3-1 (bug #1139674)
        NOTE: https://openssl-library.org/news/secadv/20260609.txt
        NOTE: Fixed by: 
https://github.com/openssl/openssl/commit/bd17511070fb39a67bfa19682affb765e706a974
 (openssl-3.0.21)
@@ -3162,7 +3236,7 @@ CVE-2026-34182 (Issue Summary: Cryptographic Message 
Services (CMS) processing f
        NOTE: Fixed by: 
https://github.com/openssl/openssl/commit/f48adad79a21fed9bfc31ea3ef65bee810e12ddd
 (openssl-3.0.21)
        NOTE: Introduced with: 
https://github.com/openssl/openssl/commit/924663c36d47066d5307937da77fed7e872730c7
 CVE-2026-45447 (Issue summary: A specially crafted PKCS#7 or S/MIME signed 
message cou ...)
-       {DSA-6335-1}
+       {DSA-6335-1 DLA-4630-1}
        - openssl 3.6.3-1 (bug #1139674)
        NOTE: https://openssl-library.org/news/secadv/20260609.txt
        NOTE: Fixed by: 
https://github.com/openssl/openssl/commit/9dfd688ad2290fc5075cacbc9bf0c9a93eefed54
 (openssl-3.0.21)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1e2a457cc91ba0a20070135f2c3b376584d653c4

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1e2a457cc91ba0a20070135f2c3b376584d653c4
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to