Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1ee62803 by security tracker role at 2026-06-22T19:13:34+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,6 +1,278 @@
-CVE-2026-11373
+CVE-2026-9610 (IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator
9.1.7, 9 ...)
+ TODO: check
+CVE-2026-9320 (IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere
Applic ...)
+ TODO: check
+CVE-2026-9162 (Mattermost versions 11.7.x <= 11.7.0, 11.6.x <= 11.6.2, 11.5.x
<= 11.5 ...)
+ TODO: check
+CVE-2026-9072 (IBM i 7.6, 7.5, 7.4, and 7.3, IBM WebSphere Application Server,
and IB ...)
+ TODO: check
+CVE-2026-9071 (IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere
Applic ...)
+ TODO: check
+CVE-2026-9029 (The geomap panel's XYZ tile layer has a
sanitize-then-interpolate orde ...)
+ TODO: check
+CVE-2026-9006 (IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to
server- ...)
+ TODO: check
+CVE-2026-8934 (A Missing Authorization vulnerability in a GraphQL private API
operati ...)
+ TODO: check
+CVE-2026-8858 (IBM i 7.6, 7.5, 7.4, and 7.3, IBM WebSphere Application Server
and IBM ...)
+ TODO: check
+CVE-2026-8823 (Mattermost versions 11.7.x <= 11.7.0, 10.11.x <= 10.11.17 fail
to vali ...)
+ TODO: check
+CVE-2026-8646 (IBM WebSphere Application Server 9.0 and 8.5 and IBM WebSphere
Applica ...)
+ TODO: check
+CVE-2026-8636 (IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator
9.1.7, 9 ...)
+ TODO: check
+CVE-2026-8074 (Mattermost versions 11.7.x <= 11.7.0, 10.11.x <= 10.11.17 fail
to enfo ...)
+ TODO: check
+CVE-2026-8059 (IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator
9.1.7, 9 ...)
+ TODO: check
+CVE-2026-7664 (IBM Langflow OSS 1.0.0 through 1.8.4 could allow
unauthenticated attac ...)
+ TODO: check
+CVE-2026-7253 (IBM Watson Speech Services Cartridge is vulnerable to
Server-Side Requ ...)
+ TODO: check
+CVE-2026-7167 (The vulnerability arises when the system fails to properly
validate th ...)
+ TODO: check
+CVE-2026-7166 (Vulnerability involving the exposure of sensitive data provided
withou ...)
+ TODO: check
+CVE-2026-7165 (The vulnerability is present in the \u2018/addJugador\u2019
endpoint: ...)
+ TODO: check
+CVE-2026-6673 (Mattermost versions 11.7.x <= 11.7.0, 11.6.x <= 11.6.2, 11.5.x
<= 11.5 ...)
+ TODO: check
+CVE-2026-6062 (Mattermost versions 11.7.x <= 11.7.0, 11.6.x <= 11.6.2, 11.5.x
<= 11.5 ...)
+ TODO: check
+CVE-2026-5139 (Mattermost versions 11.7.x <= 11.7.0, 11.6.x <= 11.6.2, 11.5.x
<= 11.5 ...)
+ TODO: check
+CVE-2026-56450 (AIL did not restrict repeated failed attempts to verify a
two-factor a ...)
+ TODO: check
+CVE-2026-56448 (A path traversal vulnerability exists in AIL Framework before
the rele ...)
+ TODO: check
+CVE-2026-56447 (MISP allowed an authenticated site administrator to set the
Kafka_rdka ...)
+ TODO: check
+CVE-2026-56446 (MISP allowed a site administrator to configure an arbitrary
filesystem ...)
+ TODO: check
+CVE-2026-56425 (The Azure Active Directory (AAD) authentication implementation
contain ...)
+ TODO: check
+CVE-2026-56424 (MISP core contained multiple broken access-control flaws where
authori ...)
+ TODO: check
+CVE-2026-56423 (MISP Core contained broken access-control checks in the bulk
deletion ...)
+ TODO: check
+CVE-2026-56422 (Multiple MISP core controllers and model capture paths
accepted client ...)
+ TODO: check
+CVE-2026-56109 (The Advanced Linux Sound Architecture (ALSA) library before
1.2.16.1 c ...)
+ TODO: check
+CVE-2026-56104 (Chainlit before 2.10.1 contains a session hijacking
vulnerability that ...)
+ TODO: check
+CVE-2026-55602 (http-proxy-middleware is node.js http-proxy middleware. From
0.16.0 un ...)
+ TODO: check
+CVE-2026-55443 (LangChain is a framework for building agents and LLM-powered
applicati ...)
+ TODO: check
+CVE-2026-55388 (piscina is a node.js worker pool implementation. Prior to
6.0.0-rc.2, ...)
+ TODO: check
+CVE-2026-54665 (Apache NiFi 0.0.1 through 2.9.0 support building qualified
URLs from o ...)
+ TODO: check
+CVE-2026-54300 (@astrojs/netlify is an adapter that allows Astro to deploy
your hybrid ...)
+ TODO: check
+CVE-2026-54299 (Astro is a web framework. Prior to 6.4.6, Astro SSR apps with
prerende ...)
+ TODO: check
+CVE-2026-54298 (Astro is a web framework. Prior to 6.4.6, the spreadAttributes
functio ...)
+ TODO: check
+CVE-2026-54293 (NLTK (Natural Language Toolkit) is a suite of open source
Python modul ...)
+ TODO: check
+CVE-2026-54290 (Hono is a Web application framework that provides support for
any Java ...)
+ TODO: check
+CVE-2026-54289 (Hono is a Web application framework that provides support for
any Java ...)
+ TODO: check
+CVE-2026-54288 (Hono is a Web application framework that provides support for
any Java ...)
+ TODO: check
+CVE-2026-54287 (Hono is a Web application framework that provides support for
any Java ...)
+ TODO: check
+CVE-2026-54286 (Hono is a Web application framework that provides support for
any Java ...)
+ TODO: check
+CVE-2026-54285 (opentelemetry-js is the OpenTelemetry JavaScript Client. Prior
to 2.8. ...)
+ TODO: check
+CVE-2026-54283 (Starlette is a lightweight ASGI framework/toolkit. From 0.4.1
until 1. ...)
+ TODO: check
+CVE-2026-54282 (Starlette is a lightweight ASGI framework/toolkit. Prior to
1.3.0, the ...)
+ TODO: check
+CVE-2026-54280 (AIOHTTP is an asynchronous HTTP client/server framework for
asyncio an ...)
+ TODO: check
+CVE-2026-54279 (AIOHTTP is an asynchronous HTTP client/server framework for
asyncio an ...)
+ TODO: check
+CVE-2026-54278 (AIOHTTP is an asynchronous HTTP client/server framework for
asyncio an ...)
+ TODO: check
+CVE-2026-54277 (AIOHTTP is an asynchronous HTTP client/server framework for
asyncio an ...)
+ TODO: check
+CVE-2026-54276 (AIOHTTP is an asynchronous HTTP client/server framework for
asyncio an ...)
+ TODO: check
+CVE-2026-54275 (AIOHTTP is an asynchronous HTTP client/server framework for
asyncio an ...)
+ TODO: check
+CVE-2026-54274 (AIOHTTP is an asynchronous HTTP client/server framework for
asyncio an ...)
+ TODO: check
+CVE-2026-54273 (AIOHTTP is an asynchronous HTTP client/server framework for
asyncio an ...)
+ TODO: check
+CVE-2026-54271 (protobufjs-cli is the command line add-on for protobuf.js.
Prior to 1. ...)
+ TODO: check
+CVE-2026-54270 (protobufjs compiles protobuf definitions into JavaScript (JS)
function ...)
+ TODO: check
+CVE-2026-54269 (protobufjs compiles protobuf definitions into JavaScript (JS)
function ...)
+ TODO: check
+CVE-2026-54268 (Angular is a development platform for building mobile and
desktop web ...)
+ TODO: check
+CVE-2026-54267 (Angular is a development platform for building mobile and
desktop web ...)
+ TODO: check
+CVE-2026-54266 (Angular is a development platform for building mobile and
desktop web ...)
+ TODO: check
+CVE-2026-54265 (Angular is a development platform for building mobile and
desktop web ...)
+ TODO: check
+CVE-2026-54264 (Angular is a development platform for building mobile and
desktop web ...)
+ TODO: check
+CVE-2026-54100 (A flaw was found in the Windows Machine Config Operator (WMCO)
for Red ...)
+ TODO: check
+CVE-2026-54099 (A flaw was found in the Windows Machine Config Operator (WMCO)
for Red ...)
+ TODO: check
+CVE-2026-53779 (WebP Server Go through 0.14.4 contains a path traversal
vulnerability ...)
+ TODO: check
+CVE-2026-53778
+ REJECTED
+CVE-2026-53663 (React Router is a router for React. From 7.12.0 until 7.15.1,
certain ...)
+ TODO: check
+CVE-2026-53655 (node-tar is a full-featured Tar for Node.js. Prior to 7.5.16,
tar (nod ...)
+ TODO: check
+CVE-2026-53632 (launch-editor allows users to open files with line numbers in
editor f ...)
+ TODO: check
+CVE-2026-53571 (Vite is a frontend tooling framework for JavaScript. Prior to
8.0.16, ...)
+ TODO: check
+CVE-2026-53550 (js-yaml is a JavaScript YAML parser and dumper. Prior to
4.2.0, a craf ...)
+ TODO: check
+CVE-2026-53540 (Python-Multipart is a streaming multipart parser for Python.
Prior to ...)
+ TODO: check
+CVE-2026-53539 (Python-Multipart is a streaming multipart parser for Python.
Prior to ...)
+ TODO: check
+CVE-2026-53538 (Python-Multipart is a streaming multipart parser for Python.
Prior to ...)
+ TODO: check
+CVE-2026-53537 (Python-Multipart is a streaming multipart parser for Python.
Prior to ...)
+ TODO: check
+CVE-2026-52725 (Angular is a development platform for building mobile and
desktop web ...)
+ TODO: check
+CVE-2026-50557 (Angular is a development platform for building mobile and
desktop web ...)
+ TODO: check
+CVE-2026-50556 (Angular is a development platform for building mobile and
desktop web ...)
+ TODO: check
+CVE-2026-50555 (Angular is a development platform for building mobile and
desktop web ...)
+ TODO: check
+CVE-2026-50269 (AIOHTTP is an asynchronous HTTP client/server framework for
asyncio an ...)
+ TODO: check
+CVE-2026-50184 (Angular is a development platform for building mobile and
desktop web ...)
+ TODO: check
+CVE-2026-50178 (The Angular Language Service VS Code Extension provides a rich
editing ...)
+ TODO: check
+CVE-2026-50171 (Angular is a development platform for building mobile and
desktop web ...)
+ TODO: check
+CVE-2026-50170 (Angular is a development platform for building mobile and
desktop web ...)
+ TODO: check
+CVE-2026-50169 (Angular is a development platform for building mobile and
desktop web ...)
+ TODO: check
+CVE-2026-50168 (Angular is a development platform for building mobile and
desktop web ...)
+ TODO: check
+CVE-2026-50146 (Astro is a web framework. Prior to 6.3.3, when a component
uses a clie ...)
+ TODO: check
+CVE-2026-49356 (Babel is a compiler for writing next generation JavaScript.
Prior to 8 ...)
+ TODO: check
+CVE-2026-49241 (The Angular Language Service VS Code Extension provides a rich
editing ...)
+ TODO: check
+CVE-2026-48712 (protobufjs compiles protobuf definitions into JavaScript (JS)
function ...)
+ TODO: check
+CVE-2026-46417 (Angular is a development platform for building mobile and
desktop web ...)
+ TODO: check
+CVE-2026-44914 (Apache NiFi 1.12.0 through 2.9.0 are missing authorization
when replac ...)
+ TODO: check
+CVE-2026-44913 (Improper escaping of database table names in the
CaptureChangeMySQL Pr ...)
+ TODO: check
+CVE-2026-44911 (Authorization handling for component configuration
verification reques ...)
+ TODO: check
+CVE-2026-42129 (The Loki datasource plugin's callResource handler contains a
path trav ...)
+ TODO: check
+CVE-2026-42127 (The public dashboard query endpoint does not limit request
body size b ...)
+ TODO: check
+CVE-2026-41049 (Incorrect caching of authentication between different users of
the qSn ...)
+ TODO: check
+CVE-2026-41048 (Incorrect caching of authentication between different polkit
methods i ...)
+ TODO: check
+CVE-2026-41047 (Lack of authentication when using the "snapshot diff"
functions in qSn ...)
+ TODO: check
+CVE-2026-41046 (A path traversal attack when using a "configName" parameter in
qSnappe ...)
+ TODO: check
+CVE-2026-41045 (A time-to-check-time-of-use in polkit authentication of
qSnapper befor ...)
+ TODO: check
+CVE-2026-28381 (The Snowflake datasource allows for GET/PUT commands, which
can allow ...)
+ TODO: check
+CVE-2026-12888 (An HTML injection vulnerability exists in the Google Chat
webhook noti ...)
+ TODO: check
+CVE-2026-12863 (An unvalidated redirect was contained in Venueless' social
login funct ...)
+ TODO: check
+CVE-2026-12862 (Untrusted user data was passed verbatim to Excel exports for
administr ...)
+ TODO: check
+CVE-2026-12725 (A heap-based buffer overflow was found in dnsmasq. When DNSSEC
validat ...)
+ TODO: check
+CVE-2026-12628 (IBM Storage Protect Client 8.1.0.0 through 8.2.1.0 and IBM
Storage Pro ...)
+ TODO: check
+CVE-2026-12602 (Incorrect default permissions in ArubaSign, affecting versions
prior t ...)
+ TODO: check
+CVE-2026-12581 (EasyFlow .NET developed by Digiwin has a Session Fixation
vulnerabilit ...)
+ TODO: check
+CVE-2026-12580 (EasyFlow .NET developed by Digiwin has a Stored Cross-Site
Scripting v ...)
+ TODO: check
+CVE-2026-12549 (The fix for CVE-2026-2443 was regressed by a subsequent rework
commit ...)
+ TODO: check
+CVE-2026-12479 (A path traversal vulnerability exists in keras-team/keras
version 3.14 ...)
+ TODO: check
+CVE-2026-12249 (An issue was discovered in Canonical ADSys upstream versions
through v ...)
+ TODO: check
+CVE-2026-11994 (Akaunting 3.1.21 contains an authenticated stored Cross-Site
Scripting ...)
+ TODO: check
+CVE-2026-11943 (Akaunting 3.1.21 contains an authenticated stored cross-site
scripting ...)
+ TODO: check
+CVE-2026-11942 (Akaunting 3.1.21 contains an authenticated stored cross-site
scripting ...)
+ TODO: check
+CVE-2026-11834 (A command injection vulnerability has been identified in the
DHCP opti ...)
+ TODO: check
+CVE-2026-11825
+ REJECTED
+CVE-2026-11372 (IBM TRIRIGA Application Platform 5.0.2 through 5.0.3 is
vulnerable to ...)
+ TODO: check
+CVE-2026-10845 (IBM WebSphere Application Server 8.5 and 9.0could allow a
remote attac ...)
+ TODO: check
+CVE-2026-10789 (A maliciously crafted webpage, when visited by a user with
Autodesk Fu ...)
+ TODO: check
+CVE-2026-10601 (The Tempo and Loki datasource plugins construct backend HTTP
requests ...)
+ TODO: check
+CVE-2026-10561 (IBM Langflow OSS 1.0.0 through 1.9.3 has an vulnerability due
to an im ...)
+ TODO: check
+CVE-2025-66389 (GitHub Copilot 1.372.0 allows filesystem access outside of a
workspace ...)
+ TODO: check
+CVE-2025-66336 (Apache Doris MCP Server contains a SQL injection vulnerability
in a me ...)
+ TODO: check
+CVE-2025-62198 (An authenticated user can perform XSS. This issue affects
Apache Atla ...)
+ TODO: check
+CVE-2025-4994 (The SafeLine SL6 and SL6+ devices integrated into elevator
emergency i ...)
+ TODO: check
+CVE-2025-33128 (IBM Engineering Workflow Management 7.0.3 through 7.0.3
Interim Fix 02 ...)
+ TODO: check
+CVE-2025-2669 (IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak
for Data ...)
+ TODO: check
+CVE-2024-54178 (IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak
for Data ...)
+ TODO: check
+CVE-2024-51454 (IBM Engineering Workflow Management 7.0.2 through 7.0.2
Interim Fix 03 ...)
+ TODO: check
+CVE-2023-45796 (A stored cross-site scripting vulnerability in the Runtime
component o ...)
+ TODO: check
+CVE-2023-45795 (A cross-site scripting vulnerability in the Builder Component
of Pilz ...)
+ TODO: check
+CVE-2023-33854 (IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak
for Data ...)
+ TODO: check
+CVE-2026-11373 (Net::Statsite::Client versions through 1.1.0 for Perl allow
metric inj ...)
NOT-FOR-US: Net::Statsite::Client Perl module
-CVE-2026-6653
+CVE-2026-6653 (Use After Free in libxml2's xmlParseInternalSubset from GNOME
libxml2 ...)
- libxml2 2.14.5+dfsg-0.1
NOTE: https://www.openwall.com/lists/oss-security/2026/06/22/3
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/work_items/1058
@@ -65549,11 +65821,12 @@ CVE-2026-30798 (Insufficient Verification of Data
Authenticity, Improper Handlin
NOT-FOR-US: RustDesk Client
CVE-2026-30797 (Missing Authorization vulnerability in rustdesk-client
RustDesk Client ...)
NOT-FOR-US: RustDesk Client
-CVE-2026-30796 (Cleartext Transmission of Sensitive Information vulnerability
in rustd ...)
+CVE-2026-30796 (Cleartext Transmission of Sensitive Information,
Insufficiently Protec ...)
NOT-FOR-US: RustDesk Server Pro (not same as src:rustdesk, itp'ed
#1038942)
CVE-2026-30795 (Cleartext Transmission of Sensitive Information vulnerability
in rustd ...)
NOT-FOR-US: RustDesk Client
-CVE-2026-30794 (Improper Certificate Validation vulnerability in
rustdesk-client RustD ...)
+CVE-2026-30794
+ REJECTED
NOT-FOR-US: RustDesk Client
CVE-2026-30793 (Cross-Site Request Forgery (CSRF) vulnerability in
rustdesk-client Rus ...)
NOT-FOR-US: RustDesk Client
@@ -65561,13 +65834,15 @@ CVE-2026-30792 (A vulnerability in rustdesk-client
RustDesk Client rustdesk-clie
NOT-FOR-US: RustDesk Client
CVE-2026-30791 (Use of a Broken or Risky Cryptographic Algorithm vulnerability
in rust ...)
NOT-FOR-US: RustDesk Client
-CVE-2026-30790 (Improper Restriction of Excessive Authentication Attempts, Use
of Pass ...)
+CVE-2026-30790
+ REJECTED
- rustdesk <itp> (bug #1038942)
-CVE-2026-30789 (Authentication Bypass by Capture-replay, Use of Password Hash
With Ins ...)
+CVE-2026-30789 (Use of Password Hash With Insufficient Computational Effort,
Improper ...)
NOT-FOR-US: RustDesk Client
CVE-2026-30785 (Improperly Controlled Modification of Object Prototype
Attributes ('Pr ...)
NOT-FOR-US: RustDesk Client
-CVE-2026-30784 (Missing Authorization, Missing Authentication for Critical
Function vu ...)
+CVE-2026-30784
+ REJECTED
- rustdesk <itp> (bug #1038942)
CVE-2026-30783 (A vulnerability in rustdesk-client RustDesk Client
rustdesk-client on ...)
NOT-FOR-US: RustDesk Client
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1ee628032fa5aa9aafe625c5a88da416a09f6596
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1ee628032fa5aa9aafe625c5a88da416a09f6596
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
