Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
703f6602 by security tracker role at 2026-06-25T07:13:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,6 +1,332 @@
-CVE-2026-13201
+CVE-2026-9787 (Quest NetVault Backup NVBULogDaemon Command Injection Remote 
Code Exec ...)
+       TODO: check
+CVE-2026-9786 (Quest NetVault Backup NVBUDashboard SQL Injection Remote Code 
Executio ...)
+       TODO: check
+CVE-2026-9785 (Quest NetVault Backup NVBULibrarySlot SQL Injection Remote Code 
Execut ...)
+       TODO: check
+CVE-2026-9784 (Quest NetVault Backup NVBULibraryPort SQL Injection Remote Code 
Execut ...)
+       TODO: check
+CVE-2026-9783 (Quest NetVault Backup NVBURemovableMedia SQL Injection Remote 
Code Exe ...)
+       TODO: check
+CVE-2026-9782 (Quest NetVault Backup NVBUDeviceDrive SQL Injection Remote Code 
Execut ...)
+       TODO: check
+CVE-2026-9781 (Quest NetVault Backup NVBURASDevice SQL Injection Remote Code 
Executio ...)
+       TODO: check
+CVE-2026-9780 (Quest NetVault Backup addclient3 Cross-Site Scripting 
Authentication B ...)
+       TODO: check
+CVE-2026-9779 (ATEN Unizon doCryptoHugeFileToFile Improper Verification of 
Cryptograp ...)
+       TODO: check
+CVE-2026-9778 (ATEN Unizon ImportDeviceList Directory Traversal Remote Code 
Execution ...)
+       TODO: check
+CVE-2026-9777 (ATEN Unizon restoreDB Directory Traversal Remote Code Execution 
Vulner ...)
+       TODO: check
+CVE-2026-9776 (ATEN Unizon writeFileToHttpServletResponse Directory Traversal 
Informa ...)
+       TODO: check
+CVE-2026-9775 (ATEN Unizon uploadSSL Directory Traversal Arbitrary File 
Deletion Vuln ...)
+       TODO: check
+CVE-2026-9774 (ATEN Unizon updateLicense Directory Traversal Arbitrary File 
Deletion  ...)
+       TODO: check
+CVE-2026-9773 (Unraid Web Server ToggleState Command Injection Remote Code 
Execution  ...)
+       TODO: check
+CVE-2026-9772 (Unraid Web Server FileUpload Command Injection Remote Code 
Execution V ...)
+       TODO: check
+CVE-2026-9702 (The InPost PL WordPress plugin before 1.9.1 does not verify 
that the r ...)
+       TODO: check
+CVE-2026-9155 (OS Command Injection vulnerability in Rapid7 InsightConnect Sed 
Plugin ...)
+       TODO: check
+CVE-2026-9154 (Arbitrary File Write vulnerability in Rapid7 InsightConnect Sed 
Plugin ...)
+       TODO: check
+CVE-2026-9153 (Arbitrary File Read vulnerability in Rapid7 InsightConnect Sed 
Plugin  ...)
+       TODO: check
+CVE-2026-8666 (OS Command Injection vulnerability in the traceroute action of 
Rapid7  ...)
+       TODO: check
+CVE-2026-8665 (OS Command Injection vulnerability in the TR action of Rapid7 
InsightC ...)
+       TODO: check
+CVE-2026-8664 (OS Command Injection vulnerability in Rapid7 InsightConnect 
Finger Plu ...)
+       TODO: check
+CVE-2026-8663 (OS Command Injection vulnerability in Rapid7 InsightConnect RPM 
Plugin ...)
+       TODO: check
+CVE-2026-8662 (Path Traversal vulnerability in the create_archive function of 
Rapid7  ...)
+       TODO: check
+CVE-2026-8660 (OS Command Injection vulnerability in the ping action of Rapid7 
Insigh ...)
+       TODO: check
+CVE-2026-8659 (OS Command Injection vulnerability in Rapid7 InsightConnect 
SQLmap Plu ...)
+       TODO: check
+CVE-2026-8658 (OS Command Injection vulnerability in Rapid7 InsightConnect 
Tcpdump Pl ...)
+       TODO: check
+CVE-2026-8592 (OS Command Injection vulnerability in the process_string action 
of Rap ...)
+       TODO: check
+CVE-2026-8330 (GitLab has remediated an issue in GitLab CE/EE affecting all 
versions  ...)
+       TODO: check
+CVE-2026-7570 (Quest NetVault Backup NVBUDashboard SQL Injection Remote Code 
Executio ...)
+       TODO: check
+CVE-2026-7569 (Quest NetVault Backup viewclient Cross-Site Scripting 
Authentication B ...)
+       TODO: check
+CVE-2026-7539 (A potential security vulnerability has been identified in the 
HP Acces ...)
+       TODO: check
+CVE-2026-5952 (GitLab has remediated an issue in GitLab CE/EE affecting all 
versions  ...)
+       TODO: check
+CVE-2026-5796 (GitLab has remediated an issue in GitLab CE/EE affecting all 
versions  ...)
+       TODO: check
+CVE-2026-5309 (GitLab has remediated an issue in GitLab EE affecting all 
versions fro ...)
+       TODO: check
+CVE-2026-5305 (The Email Address Encoder WordPress plugin before 1.0.25, 
email-encode ...)
+       TODO: check
+CVE-2026-57589 (sys/kern/sysv_sem.c in OpenBSD through 7.9 has a 
use-after-free allowi ...)
+       TODO: check
+CVE-2026-55762 (Rocket.Chat is an open-source, secure, fully customizable 
communicatio ...)
+       TODO: check
+CVE-2026-55759 (Rocket.Chat is an open-source, secure, fully customizable 
communicatio ...)
+       TODO: check
+CVE-2026-55666 (Rocket.Chat is an open-source, secure, fully customizable 
communicatio ...)
+       TODO: check
+CVE-2026-55583 (Twenty is an open-source CRM (customer relationship 
management) platfo ...)
+       TODO: check
+CVE-2026-55570 (SiYuan is an open-source personal knowledge management system. 
Prior t ...)
+       TODO: check
+CVE-2026-55455 (Appsmith is a platform to build admin panels, internal tools, 
and dash ...)
+       TODO: check
+CVE-2026-55454 (Appsmith is a platform to build admin panels, internal tools, 
and dash ...)
+       TODO: check
+CVE-2026-54759 (SiYuan is an open-source personal knowledge management system. 
Prior t ...)
+       TODO: check
+CVE-2026-54158 (SiYuan is an open-source personal knowledge management system. 
Prior t ...)
+       TODO: check
+CVE-2026-54070 (SiYuan is an open-source personal knowledge management system. 
Prior t ...)
+       TODO: check
+CVE-2026-54069 (SiYuan is an open-source personal knowledge management system. 
Prior t ...)
+       TODO: check
+CVE-2026-54068 (SiYuan is an open-source personal knowledge management system. 
Prior t ...)
+       TODO: check
+CVE-2026-54067 (SiYuan is an open-source personal knowledge management system. 
Prior t ...)
+       TODO: check
+CVE-2026-54066 (SiYuan is an open-source personal knowledge management system. 
Prior t ...)
+       TODO: check
+CVE-2026-53766 (Chrome DevTools for agents (chrome-devtools-mcp) lets your 
coding agen ...)
+       TODO: check
+CVE-2026-53765 (Chrome DevTools for agents (chrome-devtools-mcp) lets your 
coding agen ...)
+       TODO: check
+CVE-2026-52816 (Gogs is an open source self-hosted Git service. Prior to 
0.14.3, the J ...)
+       TODO: check
+CVE-2026-52815 (Gogs is an open source self-hosted Git service. Prior to 
0.14.3, Gogs  ...)
+       TODO: check
+CVE-2026-52814 (Gogs is an open source self-hosted Git service. Prior to 
0.14.3, the G ...)
+       TODO: check
+CVE-2026-52813 (Gogs is an open source self-hosted Git service. Prior to 
0.14.3, organ ...)
+       TODO: check
+CVE-2026-52812 (Gogs is an open source self-hosted Git service. Prior to 
0.14.3, Git L ...)
+       TODO: check
+CVE-2026-52811 (Gogs is an open source self-hosted Git service. Prior to 
0.14.3, (*Rep ...)
+       TODO: check
+CVE-2026-52810 (Gogs is an open source self-hosted Git service. Prior to 
0.14.3, Git s ...)
+       TODO: check
+CVE-2026-52809 (Gogs is an open source self-hosted Git service. Prior to 
0.14.3, passw ...)
+       TODO: check
+CVE-2026-52808 (Gogs is an open source self-hosted Git service. Prior to 
0.14.3, three ...)
+       TODO: check
+CVE-2026-52807 (Gogs is an open source self-hosted Git service. Prior to 
0.14.3, in ne ...)
+       TODO: check
+CVE-2026-52806 (Gogs is an open source self-hosted Git service. Prior to 
0.14.3, Gogs  ...)
+       TODO: check
+CVE-2026-52805 (Gogs is an open source self-hosted Git service. Prior to 
0.14.3, a Ser ...)
+       TODO: check
+CVE-2026-52804 (Gogs is an open source self-hosted Git service. Prior to 
0.14.3, a rep ...)
+       TODO: check
+CVE-2026-52802 (Gogs is an open source self-hosted Git service. Prior to 
0.14.3, an op ...)
+       TODO: check
+CVE-2026-52801 (Gogs is an open source self-hosted Git service. Prior to 
0.14.3, the G ...)
+       TODO: check
+CVE-2026-52800 (Gogs is an open source self-hosted Git service. Prior to 
0.14.3, organ ...)
+       TODO: check
+CVE-2026-52799 (Gogs is an open source self-hosted Git service. Prior to 
0.14.3, GET / ...)
+       TODO: check
+CVE-2026-52798 (Gogs is an open source self-hosted Git service. Prior to 
0.14.3, altho ...)
+       TODO: check
+CVE-2026-52797 (Gogs is an open source self-hosted Git service. Prior to 
0.14.0, as an ...)
+       TODO: check
+CVE-2026-52796 (Gogs is an open source self-hosted Git service. Prior to 
0.14.3, speci ...)
+       TODO: check
+CVE-2026-52795 (Gogs is an open source self-hosted Git service. In 0.14.3 and 
earlier, ...)
+       TODO: check
+CVE-2026-52794 (Sentry is an error tracking and performance monitoring tool. 
From 24.4 ...)
+       TODO: check
+CVE-2026-50551 (SiYuan is an open-source personal knowledge management system. 
Prior t ...)
+       TODO: check
+CVE-2026-50189 (Appsmith is a platform to build admin panels, internal tools, 
and dash ...)
+       TODO: check
+CVE-2026-50129 (Mastodon is a free, open-source social network server based on 
Activit ...)
+       TODO: check
+CVE-2026-50128 (Mastodon is a free, open-source social network server based on 
Activit ...)
+       TODO: check
+CVE-2026-49979 (Appsmith is a platform to build admin panels, internal tools, 
and dash ...)
+       TODO: check
+CVE-2026-49278 (Rocket.Chat is an open-source, secure, fully customizable 
communicatio ...)
+       TODO: check
+CVE-2026-49277 (Rocket.Chat is an open-source, secure, fully customizable 
communicatio ...)
+       TODO: check
+CVE-2026-48028 (Mastodon is a free, open-source social network server based on 
Activit ...)
+       TODO: check
+CVE-2026-47733 (Rocket.Chat is an open-source, secure, fully customizable 
communicatio ...)
+       TODO: check
+CVE-2026-47389 (Mastodon is a free, open-source social network server based on 
Activit ...)
+       TODO: check
+CVE-2026-47267 (Gogs is an open source self-hosted Git service. Prior to 
0.14.3, the f ...)
+       TODO: check
+CVE-2026-47110 (Tiptap for PHP before version 2.1.1 contains an input 
validation vulne ...)
+       TODO: check
+CVE-2026-47093
+       REJECTED
+CVE-2026-46423 (Rocket.Chat is an open-source, secure, fully customizable 
communicatio ...)
+       TODO: check
+CVE-2026-46349 (Mastodon is a free, open-source social network server based on 
Activit ...)
+       TODO: check
+CVE-2026-46348 (Mastodon is a free, open-source social network server based on 
Activit ...)
+       TODO: check
+CVE-2026-45757 (Rocket.Chat is an open-source, secure, fully customizable 
communicatio ...)
+       TODO: check
+CVE-2026-45689 (Rocket.Chat is an open-source, secure, fully customizable 
communicatio ...)
+       TODO: check
+CVE-2026-45688 (Rocket.Chat is an open-source, secure, fully customizable 
communicatio ...)
+       TODO: check
+CVE-2026-45687 (Rocket.Chat is an open-source, secure, fully customizable 
communicatio ...)
+       TODO: check
+CVE-2026-45677 (Rocket.Chat is an open-source, secure, fully customizable 
communicatio ...)
+       TODO: check
+CVE-2026-40079 (Cacti is an open source performance and fault management 
framework. Ve ...)
+       TODO: check
+CVE-2026-3176 (GitLab has remediated an issue in GitLab EE affecting all 
versions fro ...)
+       TODO: check
+CVE-2026-39955 (Cacti is an open source performance and fault management 
framework. Ve ...)
+       TODO: check
+CVE-2026-39951 (Cacti is an open source performance and fault management 
framework. Ve ...)
+       TODO: check
+CVE-2026-39948 (Cacti is an open source performance and fault management 
framework. In ...)
+       TODO: check
+CVE-2026-39938 (Cacti is an open source performance and fault management 
framework. Ve ...)
+       TODO: check
+CVE-2026-39900 (Cacti is an open source performance and fault management 
framework. Ve ...)
+       TODO: check
+CVE-2026-39899 (Cacti is an open source performance and fault management 
framework. Ve ...)
+       TODO: check
+CVE-2026-39897 (Cacti is an open source performance and fault management 
framework. Ve ...)
+       TODO: check
+CVE-2026-39894 (Cacti is an open source performance and fault management 
framework. In ...)
+       TODO: check
+CVE-2026-39893 (Cacti is an open source performance and fault management 
framework. In ...)
+       TODO: check
+CVE-2026-33543 (FOSSBilling is a free, open-source billing and client 
management syste ...)
+       TODO: check
+CVE-2026-33235 (AutoGPT is a workflow automation platform for creating, 
deploying, and ...)
+       TODO: check
+CVE-2026-32315 (motionEye (mEye) is an online interface for motion software, a 
video s ...)
+       TODO: check
+CVE-2026-31978 (motionEye (mEye) is an online interface for motion software, 
which is  ...)
+       TODO: check
+CVE-2026-2508 (The Gravity Forms Booking plugin for WordPress is vulnerable to 
time-b ...)
+       TODO: check
+CVE-2026-2238 (GitLab has remediated an issue in GitLab CE/EE affecting all 
versions  ...)
+       TODO: check
+CVE-2026-27708 (FOSSBilling is a free, open-source billing and client 
management syste ...)
+       TODO: check
+CVE-2026-25119 (Gogs is an open source self-hosted Git service. Prior to 
0.14.3, when  ...)
+       TODO: check
+CVE-2026-23879 (py7zr is a Python-based library and utility to support 7zip 
archive co ...)
+       TODO: check
+CVE-2026-1840 (The Aclara Metrum Cellular Web Interface is vulnerable to 
unauthorized ...)
+       TODO: check
+CVE-2026-1606 (GitLab has remediated an issue in GitLab CE/EE affecting all 
versions  ...)
+       TODO: check
+CVE-2026-13311 (shell-quote prior to 1.8.5 finalizes parsed tokens in parse() 
using Ar ...)
+       TODO: check
+CVE-2026-13038 (Use after free in Autofill in Google Chrome on Windows prior 
to 149.0. ...)
+       TODO: check
+CVE-2026-13037 (Use after free in WebView in Google Chrome on Android prior to 
149.0.7 ...)
+       TODO: check
+CVE-2026-13036 (Use after free in Blink in Google Chrome prior to 
149.0.7827.197 allow ...)
+       TODO: check
+CVE-2026-13035 (Use after free in Bluetooth in Google Chrome on Mac prior to 
149.0.782 ...)
+       TODO: check
+CVE-2026-13034 (Inappropriate implementation in Passwords in Google Chrome 
prior to 14 ...)
+       TODO: check
+CVE-2026-13033 (Out of bounds read and write in Blink>InterestGroups in Google 
Chrome  ...)
+       TODO: check
+CVE-2026-13032 (Use after free in WebGL in Google Chrome on Android prior to 
149.0.782 ...)
+       TODO: check
+CVE-2026-13031 (Use after free in Blink in Google Chrome prior to 
149.0.7827.197 allow ...)
+       TODO: check
+CVE-2026-13030 (Uninitialized Use in GPU in Google Chrome on Android prior to 
149.0.78 ...)
+       TODO: check
+CVE-2026-13029 (Use after free in Web Authentication in Google Chrome prior to 
149.0.7 ...)
+       TODO: check
+CVE-2026-13028 (Use after free in WebGL in Google Chrome on Android prior to 
149.0.782 ...)
+       TODO: check
+CVE-2026-13027 (Use after free in FileSystem in Google Chrome prior to 
149.0.7827.197  ...)
+       TODO: check
+CVE-2026-13026 (Use after free in Digital Credentials in Google Chrome on Mac 
prior to ...)
+       TODO: check
+CVE-2026-13025 (Race in DevTools in Google Chrome prior to 149.0.7827.197 
allowed a re ...)
+       TODO: check
+CVE-2026-13024 (Insufficient validation of untrusted input in Navigation in 
Google Chr ...)
+       TODO: check
+CVE-2026-13023 (Uninitialized Use in GPU in Google Chrome prior to 
149.0.7827.197 allo ...)
+       TODO: check
+CVE-2026-13022 (Inappropriate implementation in Autofill in Google Chrome 
prior to 149 ...)
+       TODO: check
+CVE-2026-13021 (Inappropriate implementation in DeviceBoundSessionCredentials 
in Googl ...)
+       TODO: check
+CVE-2026-12635 (GitLab has remediated an issue in GitLab CE/EE affecting all 
versions  ...)
+       TODO: check
+CVE-2026-12490 (When a provide-xfr is given with a tls-auth-name, a secondary 
requesti ...)
+       TODO: check
+CVE-2026-12246 (NSD version 4.14.0 introduced a bug where a specially crafted 
APL RR,  ...)
+       TODO: check
+CVE-2026-12245 (NSD from version 4.13.0 has a heap use-after-free bug in 
logging error ...)
+       TODO: check
+CVE-2026-12244 (If NSD is configured as secondary for a zone, the primary of 
that zone ...)
+       TODO: check
+CVE-2026-12079 (The Dokan Pro plugin for WordPress is vulnerable to time-based 
SQL Inj ...)
+       TODO: check
+CVE-2026-12077 (The Dokan Pro plugin for WordPress is vulnerable to time-based 
SQL Inj ...)
+       TODO: check
+CVE-2026-12053 (GitLab has remediated an issue in GitLab EE affecting all 
versions fro ...)
+       TODO: check
+CVE-2026-11998 (A flaw in AngularJS' Strict Contextual Escaping (SCE) logic 
allows byp ...)
+       TODO: check
+CVE-2026-11379 (GitLab has remediated an issue in GitLab EE affecting all 
versions fro ...)
+       TODO: check
+CVE-2026-10833 (The Gutenberg Essential Blocks \u2013 Page Builder for 
Gutenberg Block ...)
+       TODO: check
+CVE-2026-10824 (The Masteriyo LMS  WordPress plugin before 2.2.1 does not 
perform auth ...)
+       TODO: check
+CVE-2026-10712 (GitLab has remediated an issue in GitLab CE/EE affecting all 
versions  ...)
+       TODO: check
+CVE-2026-10642 (The Zephyr PL011 UART driver (drivers/serial/uart_pl011.c) 
contains an ...)
+       TODO: check
+CVE-2026-10086 (GitLab has remediated an issue in GitLab EE affecting all 
versions fro ...)
+       TODO: check
+CVE-2026-10043 (MosaicML Composer Deserialization of Untrusted Data Remote 
Code Execut ...)
+       TODO: check
+CVE-2026-0934 (GitLab has remediated an issue in GitLab EE affecting all 
versions fro ...)
+       TODO: check
+CVE-2025-8106
+       REJECTED
+CVE-2025-64719 (Gogs is an open source self-hosted Git service. Prior to 
0.14.3, a mal ...)
+       TODO: check
+CVE-2025-60474 (A buffer overflow in the gf_media_import function 
(/media_tools/av_par ...)
+       TODO: check
+CVE-2025-60473 (A NULL pointer dereference in the gf_filter_in_parent_chain 
function ( ...)
+       TODO: check
+CVE-2025-60471 (A use-after-free in the gf_filter_pid_reconfigure_task_discard 
functio ...)
+       TODO: check
+CVE-2025-60468 (GPAC Multimedia Open Source Project GPAC Project/MP4Box 
2.5-DEV-rev159 ...)
+       TODO: check
+CVE-2025-60467 (A use-after-free in the gf_filter_pid_inst_swap_delete_task 
function ( ...)
+       TODO: check
+CVE-2025-60466 (A use-after-free in the gf_filter_pid_get_packet function 
(/filter_cor ...)
+       TODO: check
+CVE-2026-13201 (A flaw was found in KubeVirt's safepath package. The 
OpenAtNoFollow fu ...)
        NOT-FOR-US: KubeVirt
-CVE-2026-13208
+CVE-2026-13208 (A flaw was found in KubeVirt's virt-handler domain notify 
server. The  ...)
        NOT-FOR-US: KubeVirt
 CVE-2026-7761 (The Ultimate Member plugin for WordPress is vulnerable to 
Account Take ...)
        NOT-FOR-US: WordPress plugin
@@ -76182,7 +76508,7 @@ CVE-2019-25379 (Smoothwall Express 
3.1-SP4-polar-x86_64-update9 contains stored
        NOT-FOR-US: Smoothwall Express
 CVE-2019-25378 (Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains 
multiple cros ...)
        NOT-FOR-US: Smoothwall Express
-CVE-2026-2050 [ZDI-CAN-28266: New Vulnerability Report at rgbe.c]
+CVE-2026-2050 (GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code 
Execution ...)
        {DSA-6142-1 DLA-4487-1}
        - gegl 1:0.4.66-1
        NOTE: https://gitlab.gnome.org/GNOME/gegl/-/issues/446



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/703f6602bef1d2af3590bd8f566c0a617dd2e838

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/703f6602bef1d2af3590bd8f566c0a617dd2e838
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to