Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
39130f32 by security tracker role at 2026-07-01T19:13:58+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,155 +1,475 @@
-CVE-2026-53351 [riscv/ptrace: Use USER_REGSET_NOTE_TYPE for REGSET_CFI]
+CVE-2026-8857 (A vulnerability in Wikimedia Foundation timeline. This
vulnerability ...)
+ TODO: check
+CVE-2026-8480 (A vulnerability was discovered on Stormshield Network Security
4.3.0 t ...)
+ TODO: check
+CVE-2026-8387 (A vulnerability in allegroai/clearml versions up to and
including 1.16 ...)
+ TODO: check
+CVE-2026-6688 (FatFs R0.16 and earlier contains a downstream-caller
vulnerability pat ...)
+ TODO: check
+CVE-2026-6687 (FatFs R0.16 and earlier contains a stack overflow bug in
f_getlabel() ...)
+ TODO: check
+CVE-2026-6686 (FatFs R0.16 and earlier contains an uninitialized cluster
exposure whe ...)
+ TODO: check
+CVE-2026-6685 (FatFs R0.16 and earlier exhibits a stale dirty-cache skip via
unsigned ...)
+ TODO: check
+CVE-2026-6684 (FatFs prior to R0.16 that use GPT scanning with 'FF_LBA64 = 1'
contain ...)
+ TODO: check
+CVE-2026-6683 (FatFs R0.16 and earlier contains a divide-by-zero in exFAT sync
logic ...)
+ TODO: check
+CVE-2026-6682 (In FatFS R0.16 and earlier contains a FAT32 integer overflow
bug in mo ...)
+ TODO: check
+CVE-2026-6283 (Improper neutralization of input during web page generation
('cross-si ...)
+ TODO: check
+CVE-2026-5220 (Improper neutralization of input during web page generation
('cross-si ...)
+ TODO: check
+CVE-2026-5142 (A flaw was found in foreman. Authenticated users with
'view_keypairs' ...)
+ TODO: check
+CVE-2026-5138 (A flaw was found in Foreman. An authenticated user with
host-edit perm ...)
+ TODO: check
+CVE-2026-5136 (A flaw was found in Foreman. The Usergroup model in Foreman
does not p ...)
+ TODO: check
+CVE-2026-5135 (A flaw was found in Foreman. This broken access control
vulnerability ...)
+ TODO: check
+CVE-2026-5120 (A Race Condition vulnerability affecting BIOVIA Workbook from
Release ...)
+ TODO: check
+CVE-2026-5051 (HashiCorp Vault and Vault Enterprise prior to 2.0.1 audit
device valid ...)
+ TODO: check
+CVE-2026-58521 (Improper neutralization of special elements used in an SQL
command ('S ...)
+ TODO: check
+CVE-2026-58520 (URL redirection to untrusted site ('open redirect')
vulnerability in T ...)
+ TODO: check
+CVE-2026-58517 (Improper neutralization of input terminators vulnerability in
The Wiki ...)
+ TODO: check
+CVE-2026-58454 (JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware
4.8.30.57701411 c ...)
+ TODO: check
+CVE-2026-58453 (JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware
4.8.30.57701411 c ...)
+ TODO: check
+CVE-2026-58452 (JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware
4.8.30.57701411 c ...)
+ TODO: check
+CVE-2026-58451 (Horde IMP before 7.0.1 contains a path traversal vulnerability
in lib/ ...)
+ TODO: check
+CVE-2026-58399 (@acastellon/auth is an authentication control system for
microservices ...)
+ TODO: check
+CVE-2026-58127 (PACSgear MediaWriter 5.2.1 exposes a .NET Remoting TCP service
on port ...)
+ TODO: check
+CVE-2026-58126 (PACSgear PACS Scan 5.2.1 contains an unauthenticated remote
code execu ...)
+ TODO: check
+CVE-2026-58038 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2026-58035 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2026-58034 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2026-58031 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2026-57737 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-57736 (Insertion of Sensitive Information Into Sent Data
vulnerability in Hub ...)
+ TODO: check
+CVE-2026-57723 (Cross-Site Request Forgery (CSRF) vulnerability in e4jvikwp
VikBooking ...)
+ TODO: check
+CVE-2026-57722 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-57721 (Missing Authorization vulnerability in WP Reloaded ApplyOnline
allows ...)
+ TODO: check
+CVE-2026-57720 (Missing Authorization vulnerability in Codexpert Inc
ThumbPress allows ...)
+ TODO: check
+CVE-2026-57692 (Incorrect Privilege Assignment vulnerability in LCweb
PrivateContent a ...)
+ TODO: check
+CVE-2026-57517 (Control Web Panel before 0.9.8.1225 contains a blind SQL
injection vul ...)
+ TODO: check
+CVE-2026-57516 (Ray prior to 2.56.0 contains an unsafe deserialization
vulnerability i ...)
+ TODO: check
+CVE-2026-56152 (Incorrect Authorization (CWE-863) in Elastic Defend can lead
to unauth ...)
+ TODO: check
+CVE-2026-56151 (Improper Input Validation (CWE-20) in Kibana can lead to a
denial of s ...)
+ TODO: check
+CVE-2026-56150 (Allocation of Resources Without Limits or Throttling (CWE-770)
in Flee ...)
+ TODO: check
+CVE-2026-56149 (Allocation of Resources Without Limits or Throttling (CWE-770)
in Elas ...)
+ TODO: check
+CVE-2026-56148 (Uncontrolled Recursion (CWE-674) in Elasticsearch can lead to
a denial ...)
+ TODO: check
+CVE-2026-55628 (In versions prior to 7.1.2-26he, the `-concatenate` operation
is missi ...)
+ TODO: check
+CVE-2026-55597 (ImageMagick is free and open-source software used for editing
and mani ...)
+ TODO: check
+CVE-2026-55595 (ImageMagick is free and open-source software used for editing
and mani ...)
+ TODO: check
+CVE-2026-55594 (ImageMagick is free and open-source software used for editing
and mani ...)
+ TODO: check
+CVE-2026-55577 (ImageMagick is free and open-source software used for editing
and mani ...)
+ TODO: check
+CVE-2026-55510 (ImageMagick is free and open-source software used for editing
and mani ...)
+ TODO: check
+CVE-2026-54428 (Allocation of resources without limits or throttling in the
HTTP/2 HPA ...)
+ TODO: check
+CVE-2026-54399 (Uncontrolled Resource Consumption vulnerability in the
HTTP/1.1 messag ...)
+ TODO: check
+CVE-2026-53909 (MCO does not correctly validate types of uploaded files. File
upload v ...)
+ TODO: check
+CVE-2026-53908 (MCO is vulnerable to User Enumeration through
authentication-related f ...)
+ TODO: check
+CVE-2026-53907 (MCO is vulnerable to Stored Cross\u2011Site Scripting (XSS)
via the ap ...)
+ TODO: check
+CVE-2026-53906 (MCO is vulnerable to Path Disclosure and Path Traversal in
file handli ...)
+ TODO: check
+CVE-2026-53905 (MCO does not properly enforce authorization checks in the
/customer/se ...)
+ TODO: check
+CVE-2026-53904 (MCO is vulnerable to Account Denial of Service due to improper
impleme ...)
+ TODO: check
+CVE-2026-53903 (MCO is vulnerable to an Insecure Direct Object Reference
(IDOR) vulner ...)
+ TODO: check
+CVE-2026-53902 (MCO does not properly enforce authorization checks in the
/customer/se ...)
+ TODO: check
+CVE-2026-53467 (ImageMagick is free and open-source software used for editing
and mani ...)
+ TODO: check
+CVE-2026-53466 (ImageMagick is free and open-source software used for editing
and mani ...)
+ TODO: check
+CVE-2026-51947 (An issue in Pivotal CRM 6.6.4.08 and systems using
patch-ghi-15381-cwe ...)
+ TODO: check
+CVE-2026-51946 (SQL Injection vulnerability in GoAdminGroup GoAdmin (last
release v1.2 ...)
+ TODO: check
+CVE-2026-50043 (Improper neutralization of special elements used in an OS
command ('OS ...)
+ TODO: check
+CVE-2026-49119 (Gradio before 6.16.0 contain a path traversal vulnerability in
the Fil ...)
+ TODO: check
+CVE-2026-49091 (Improper Output Neutralization for Logs (CWE-117) in Kibana
can lead t ...)
+ TODO: check
+CVE-2026-49090 (Uncontrolled Resource Consumption (CWE-400) in Elasticsearch
can lead ...)
+ TODO: check
+CVE-2026-49088 (Insertion of Sensitive Information into Log File (CWE-532) in
Kibana c ...)
+ TODO: check
+CVE-2026-49087 (Allocation of Resources Without Limits or Throttling (CWE-770)
in Kiba ...)
+ TODO: check
+CVE-2026-46680 (containerd is an open-source container runtime. In versions
prior to 1 ...)
+ TODO: check
+CVE-2026-41121 (Dell Device Management Agent, versions prior to DDMA 26.05,
contain an ...)
+ TODO: check
+CVE-2026-38142 (An unauthenticated command injection vulnerability in the
/goform/fast ...)
+ TODO: check
+CVE-2026-34117 (Guardian language-system passes the id GET parameter directly
into a P ...)
+ TODO: check
+CVE-2026-34116 (Guardian language-system passes the id GET parameter directly
into a P ...)
+ TODO: check
+CVE-2026-34115 (Guardian language-system passes the id GET parameter directly
into a P ...)
+ TODO: check
+CVE-2026-34114 (Guardian language-system passes the id GET parameter directly
into a P ...)
+ TODO: check
+CVE-2026-34113 (Guardian language-system passes the id GET parameter directly
into a P ...)
+ TODO: check
+CVE-2026-34112 (Guardian language-system passes the id GET parameter directly
into a P ...)
+ TODO: check
+CVE-2026-34111 (Guardian language-system passes the id GET parameter directly
into a P ...)
+ TODO: check
+CVE-2026-34110 (Guardian language-system passes the id GET parameter directly
into a P ...)
+ TODO: check
+CVE-2026-34109 (Guardian language-system passes the id GET parameter directly
into a P ...)
+ TODO: check
+CVE-2026-34108 (Guardian language-system passes the id GET parameter directly
into a P ...)
+ TODO: check
+CVE-2026-34107 (Guardian language-system passes the id GET parameter directly
into a P ...)
+ TODO: check
+CVE-2026-34106 (Guardian language-system passes the id GET parameter directly
into a P ...)
+ TODO: check
+CVE-2026-34105 (Guardian language-system passes the id GET parameter directly
into an ...)
+ TODO: check
+CVE-2026-34104 (Guardian language-system passes the name GET parameter
directly into a ...)
+ TODO: check
+CVE-2026-34103 (Guardian language-system passes the id GET parameter directly
into an ...)
+ TODO: check
+CVE-2026-34102 (Guardian language-system passes the id GET parameter directly
into an ...)
+ TODO: check
+CVE-2026-34101 (Guardian language-system passes the id GET parameter directly
into an ...)
+ TODO: check
+CVE-2026-34100 (Guardian language-system passes the id GET parameter directly
into an ...)
+ TODO: check
+CVE-2026-34099 (Guardian language-system passes the id GET parameter directly
into an ...)
+ TODO: check
+CVE-2026-34098 (Guardian language-system fails to sanitize the id GET
parameter before ...)
+ TODO: check
+CVE-2026-34097 (Guardian language-system fails to sanitize the id GET
parameter before ...)
+ TODO: check
+CVE-2026-34096 (Guardian language-system fails to sanitize the name GET
parameter befo ...)
+ TODO: check
+CVE-2026-2891 (The following Poly Voice IP devices, CCX, Trio, and Edge E,
might be i ...)
+ TODO: check
+CVE-2026-27435 (Missing Authorization vulnerability in WofficeIO Woffice
allows Exploi ...)
+ TODO: check
+CVE-2026-27409 (Missing Authorization vulnerability in Webba Plugins Webba
Booking all ...)
+ TODO: check
+CVE-2026-24270 (NVIDIA AIStore framework contains a vulnerability where an
attacker co ...)
+ TODO: check
+CVE-2026-24266 (NVIDIA Triton Inference Server for Linux contains a
vulnerability wher ...)
+ TODO: check
+CVE-2026-24264 (NVIDIA Triton Inference Server for Linux contains a
vulnerability wher ...)
+ TODO: check
+CVE-2026-24260 (NVIDIA Container Toolkit for Linux contains a vulnerability
where an a ...)
+ TODO: check
+CVE-2026-24251 (NVIDIA Megatron Bridge for Linux contains a vulnerability
where an att ...)
+ TODO: check
+CVE-2026-24250 (NVIDIA Megatron Bridge for Linux contains a vulnerability
where an att ...)
+ TODO: check
+CVE-2026-24249 (NVIDIA Megatron Bridge for Linux contains a vulnerability
where an att ...)
+ TODO: check
+CVE-2026-24248 (NVIDIA Megatron Bridge for Linux contains a vulnerability
where an att ...)
+ TODO: check
+CVE-2026-24247 (NVIDIA Megatron Bridge for Linux contains a vulnerability
where an att ...)
+ TODO: check
+CVE-2026-24246 (NVIDIA Megatron Bridge for Linux contains a vulnerability
where an att ...)
+ TODO: check
+CVE-2026-24245 (NVIDIA Megatron Bridge for Linux contains a vulnerability
where an att ...)
+ TODO: check
+CVE-2026-24244 (NVIDIA Megatron Bridge for Linux contains a vulnerability
where an att ...)
+ TODO: check
+CVE-2026-24243 (NVIDIA Megatron Bridge for Linux contains a vulnerability
where an att ...)
+ TODO: check
+CVE-2026-24242 (NVIDIA Megatron Bridge for Linux contains a vulnerability
where an att ...)
+ TODO: check
+CVE-2026-24240 (NVIDIA Megatron Bridge for Linux contains a vulnerability
where an att ...)
+ TODO: check
+CVE-2026-20244 (A vulnerability in the DMG file format parser of ClamAV could
allow an ...)
+ TODO: check
+CVE-2026-20243 (A vulnerability in the ALZ file format parser of ClamAV could
allow an ...)
+ TODO: check
+CVE-2026-20217 (A vulnerability in the PESpin file format parser of ClamAV
could allow ...)
+ TODO: check
+CVE-2026-20216 (A vulnerability in the InstallShield file format parser of
ClamAV coul ...)
+ TODO: check
+CVE-2026-20215 (A vulnerability in the 7z file format parser of ClamAV could
allow an ...)
+ TODO: check
+CVE-2026-20214 (A vulnerability in the FSG file format parser of ClamAV could
allow an ...)
+ TODO: check
+CVE-2026-20213 (A vulnerability in the PE file format parser of ClamAV could
allow an ...)
+ TODO: check
+CVE-2026-20191 (A vulnerability in Cisco Catalyst Center could allow an
unauthenticate ...)
+ TODO: check
+CVE-2026-14358 (Improper neutralization of input during web page generation
('cross-si ...)
+ TODO: check
+CVE-2026-14330 (Multiple unbounded alloca() calls in the PulseAudio protocol
server.)
+ TODO: check
+CVE-2026-14324 (RAOP module accepts unbounded Content-Length values and does
not check ...)
+ TODO: check
+CVE-2026-14258 (A flaw was found in dhcpcd's IPv6 Neighbor Discovery Router
Advertisem ...)
+ TODO: check
+CVE-2026-14198 (@fastify/middie versions 9.1.0 through 9.3.2 decode the
encoded slash ...)
+ TODO: check
+CVE-2026-14181 (@fastify/middie versions 9.1.0 through 9.3.2 fail to guard the
URL nor ...)
+ TODO: check
+CVE-2026-13769 (Overly permissive file permissions in AWS CLI before 1.44.78
(v1) and ...)
+ TODO: check
+CVE-2026-13760 (OS command injection in the NodejsFunction Docker bundling
pipeline (O ...)
+ TODO: check
+CVE-2026-13733 (The Download Manager plugin for WordPress is vulnerable to
Stored Cros ...)
+ TODO: check
+CVE-2026-13707 (Session fixation vulnerability in Wikimedia Foundation OAuth.
This v ...)
+ TODO: check
+CVE-2026-13706 (Improper input validation vulnerability in Wikimedia
Foundation UrlSho ...)
+ TODO: check
+CVE-2026-13603 (The payment integration pretix-oppwa provides support for the
payment ...)
+ TODO: check
+CVE-2026-13602 (We found a chain of combining multiple weaknesses in the
product that ...)
+ TODO: check
+CVE-2026-13454 (The MotoPress Appointment Booking plugin for WordPress is
vulnerable t ...)
+ TODO: check
+CVE-2026-13323 (In Open VSX Registry before 1.0.2, the /vscode/unpkg/ endpoint
serves ...)
+ TODO: check
+CVE-2026-13228 (The LatePoint \u2013 Calendar Booking Plugin for Appointments
and Even ...)
+ TODO: check
+CVE-2026-13211 (The genucenter web interface before version 8.0p11
unnecessarily expos ...)
+ TODO: check
+CVE-2026-12754 (The VikBooking Hotel Booking Engine & PMS plugin for WordPress
is vuln ...)
+ TODO: check
+CVE-2026-12732 (The LearnPress plugin for WordPress is vulnerable to Stored
Cross-Site ...)
+ TODO: check
+CVE-2026-12577 (DVP80ES3 with Improperly Implemented Security Check for
Standard vulne ...)
+ TODO: check
+CVE-2026-12576 (DVP80ES3 with Improper Enforcement of Message Integrity During
Transmi ...)
+ TODO: check
+CVE-2026-12575 (DVP80ES3 with Improper Resource Shutdown or Release
vulnerability.)
+ TODO: check
+CVE-2026-12480 (Keras versions up to and including 3.13.2 are vulnerable to an
arbitra ...)
+ TODO: check
+CVE-2026-12435 (The Motors \u2013 Car Dealership & Classified Listings Plugin
plugin f ...)
+ TODO: check
+CVE-2026-12408 (The Slim SEO \u2013 A Fast & Automated SEO Plugin For
WordPress plugin ...)
+ TODO: check
+CVE-2026-12374 (Improper certificate validation and a time-of-check
time-of-use (TOCTO ...)
+ TODO: check
+CVE-2026-12224 (The Dokan Pro plugin for WordPress is vulnerable to privilege
escalati ...)
+ TODO: check
+CVE-2026-12158 (The RegistrationMagic \u2013 User Registration Forms Plugin
plugin for ...)
+ TODO: check
+CVE-2026-12142 (The NEX-Forms \u2013 Ultimate Forms Plugin for WordPress
plugin for Wo ...)
+ TODO: check
+CVE-2026-11387 (The SMS Alert \u2013 SMS & OTP for WooCommerce, Order
Notifications & ...)
+ TODO: check
+CVE-2026-10540 (The Control-M/Enterprise Manager uses weak protections for
stored hash ...)
+ TODO: check
+CVE-2026-10539 (A Control-M/Server communication command does not sufficiently
filter ...)
+ TODO: check
+CVE-2026-10538 (Messaging consumer functionality allows deserialization of
user-contro ...)
+ TODO: check
+CVE-2026-10096 (The Qi Blocks plugin for WordPress is vulnerable to Insecure
Direct Ob ...)
+ TODO: check
+CVE-2026-10095 (The WP Photo Album Plus plugin for WordPress is vulnerable to
Stored C ...)
+ TODO: check
+CVE-2025-23351 (NVIDIA ConnectX and BlueField contain a vulnerability in the
command i ...)
+ TODO: check
+CVE-2025-23350 (NVIDIA ConnectX and BlueField contain a vulnerability in the
command i ...)
+ TODO: check
+CVE-2026-53351 (In the Linux kernel, the following vulnerability has been
resolved: r ...)
- linux 7.0.13-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/e3573f739e3dadab57ec80488d07e05c8f6e82d3 (7.1)
-CVE-2026-53348 [ASoC: SDCA: fix NULL pointer dereference in
sdca_dev_unregister_functions]
+CVE-2026-53348 (In the Linux kernel, the following vulnerability has been
resolved: A ...)
- linux 7.0.13-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/e4c60a1d4b6ccc66aefb3789cd908d4f9482eefd (7.1)
-CVE-2026-53347 [drm/virtio: Fix driver removal with disabled KMS]
+CVE-2026-53347 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 7.0.13-1
[trixie] - linux 6.12.94-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/f329e8325e054bd6d84d10904f8dd51137281b92 (7.1)
-CVE-2026-53346 [rust: arm64: set uwtable llvm module flag for
CONFIG_UNWIND_TABLES]
+CVE-2026-53346 (In the Linux kernel, the following vulnerability has been
resolved: r ...)
- linux 7.0.13-1
[trixie] - linux 6.12.94-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/ac35b5580ace12e5d0a0b5e61e36d2c4e1ffa29c (7.1-rc7)
-CVE-2026-53344 [pinctrl: mcp23s08: Initialize mcp->dev and mcp->addr before
regmap init]
+CVE-2026-53344 (In the Linux kernel, the following vulnerability has been
resolved: p ...)
- linux 7.0.13-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/8473c3a197b57ff01396f7a2ec6ddf65383820d4 (7.1)
-CVE-2026-53342 [arm64: mm: call pagetable dtor when freeing hot-removed page
tables]
+CVE-2026-53342 (In the Linux kernel, the following vulnerability has been
resolved: a ...)
- linux 7.0.13-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/c594b83457ccdee76d458416fb3bc9348a37592f (7.1)
-CVE-2026-53340 [i2c: imx: fix clock and pinctrl state inconsistency in runtime
PM]
+CVE-2026-53340 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
- linux 7.0.13-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/8783fb8031799f1230997c16df8c8dce9fcd1841 (7.1)
-CVE-2026-53338 [net: airoha: Add NULL check for of_reserved_mem_lookup() in
airoha_qdma_init_hfwd_queues()]
+CVE-2026-53338 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 7.0.13-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/f9f25118faa4dd2b6e3d14a03d123bbdbd59925d (7.1)
-CVE-2026-53336 [nvmem: layouts: onie-tlv: fix hang on unknown types]
+CVE-2026-53336 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 7.0.13-1
[trixie] - linux 6.12.94-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/ea41020b9018e31c2ea7e9d89021e3e6d7470883 (7.1)
-CVE-2026-53335 [mm/damon/lru_sort: handle ctx allocation failure]
+CVE-2026-53335 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
- linux 7.0.13-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/ab04340b5ae5d52c1d46b750538febcde9d889e7 (7.1)
-CVE-2026-53334 [mm/damon/reclaim: handle ctx allocation failure]
+CVE-2026-53334 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
- linux 7.0.13-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/7e2ed8a29427af534bf2cb9b8bc51762b8b6e654 (7.1)
-CVE-2026-53333 [mm/mincore: handle non-swap entries before !CONFIG_SWAP guard]
+CVE-2026-53333 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
- linux 7.0.13-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/0c25b8734367574e21aeb8468c2e522713134da7 (7.1)
-CVE-2026-53328 [sched_ext: Don't warn on NULL cgrp_moving_from in
scx_cgroup_move_task()]
+CVE-2026-53328 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
- linux 7.0.13-1
[trixie] - linux 6.12.94-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/02e545c4297a26dbbc41df81b831e7f605bcd306 (7.1-rc7)
-CVE-2026-53326 [debugobjects: Don't call fill_pool() in early boot hardirq
context]
+CVE-2026-53326 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 7.0.13-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/0d046ae106255cba5eb83b23f78ee93f3620247d (7.1)
-CVE-2026-53356 [drm/i915/gem: Fix phys BO pread/pwrite with offset]
+CVE-2026-53356 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 7.0.13-1
[trixie] - linux 6.12.94-1
NOTE:
https://git.kernel.org/linus/d21ad938398bca695a511307de38a65889e3b354 (7.1)
-CVE-2026-53355 [net: rds: clear i_sends on setup unwind]
+CVE-2026-53355 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 7.0.13-1
[trixie] - linux 6.12.94-1
NOTE:
https://git.kernel.org/linus/20cf0fb715c41111469577e85e35d15f099473e0 (7.1-rc7)
-CVE-2026-53354 [arm64: errata: Mitigate TLBI errata on various Arm CPUs]
+CVE-2026-53354 (In the Linux kernel, the following vulnerability has been
resolved: a ...)
- linux 7.0.13-1
[trixie] - linux 6.12.94-1
NOTE:
https://git.kernel.org/linus/cfd391e74134db664feb499d43af286380b10ba8 (7.2-rc1)
-CVE-2026-53353 [hsr: Remove WARN_ONCE() in hsr_addr_is_self().]
+CVE-2026-53353 (In the Linux kernel, the following vulnerability has been
resolved: h ...)
- linux 7.0.13-1
[trixie] - linux 6.12.94-1
NOTE:
https://git.kernel.org/linus/afd0f17ca46258cec3a5cc48b8df9327fe772490 (7.1-rc7)
-CVE-2026-53352 [signal: clear JOBCTL_PENDING_MASK for caller in
zap_other_threads()]
+CVE-2026-53352 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
- linux 7.0.13-1
[trixie] - linux 6.12.94-1
NOTE:
https://git.kernel.org/linus/90918794a4e2c3b440f8fcf3847765a8b1d81b25 (7.1-rc7)
-CVE-2026-53350 [ASoC: wm_adsp: Fix NULL dereference when removing firmware
controls]
+CVE-2026-53350 (In the Linux kernel, the following vulnerability has been
resolved: A ...)
- linux 7.0.13-1
[trixie] - linux 6.12.94-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/7d3fb78b550301e43fdc60312aed733069694426 (7.1)
-CVE-2026-53349 [netfilter: nf_conntrack: destroy stale expectfn expectations
on unregister]
+CVE-2026-53349 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 7.0.13-1
[trixie] - linux 6.12.94-1
NOTE:
https://git.kernel.org/linus/c3009418f9fa1dcb3eb86f4d8c92583537b5faa3 (7.1)
-CVE-2026-53345 [KVM: Don't WARN if memory is dirtied without a vCPU when the
VM is dying]
+CVE-2026-53345 (In the Linux kernel, the following vulnerability has been
resolved: K ...)
- linux 7.0.13-1
[trixie] - linux 6.12.94-1
NOTE:
https://git.kernel.org/linus/8618004d3e897c0f1b71d9a9ab860461289bb89a (7.1-rc7)
-CVE-2026-53343 [ARM: 9475/1: entry: use byte load for KASAN VMAP stack shadow]
+CVE-2026-53343 (In the Linux kernel, the following vulnerability has been
resolved: A ...)
- linux 7.0.13-1
[trixie] - linux 6.12.94-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/77a1f6883dc6e837bb2cb30b9b02e2f94338e2c6 (7.1)
-CVE-2026-53341 [fhandle: fix UAF due to unlocked ->mnt_ns read in
may_decode_fh()]
+CVE-2026-53341 (In the Linux kernel, the following vulnerability has been
resolved: f ...)
- linux 7.0.13-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/40ab6644b99685755f740b872c00ef40d9aa870e (7.1-rc7)
-CVE-2026-53339 [i2c: qcom-cci: Fix NULL pointer dereference in cci_remove()]
+CVE-2026-53339 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
- linux 7.0.13-1
[trixie] - linux 6.12.94-1
NOTE:
https://git.kernel.org/linus/729ac5a4b966aac42e08a94dea966f4429008548 (7.1)
-CVE-2026-53337 [net: bonding: fix NULL pointer dereference in bond_do_ioctl()]
+CVE-2026-53337 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 7.0.13-1
[trixie] - linux 6.12.94-1
NOTE:
https://git.kernel.org/linus/a764b0e8317a863006e05732e1aefe821b9d8c2d (7.1-rc7)
-CVE-2026-53332 [slimbus: qcom-ngd-ctrl: Register callbacks after creating the
ngd]
+CVE-2026-53332 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
- linux 7.0.13-1
[trixie] - linux 6.12.94-1
NOTE:
https://git.kernel.org/linus/2a9d50e9ea406e0c8735938484adc20515ef1b47 (7.1)
-CVE-2026-53331 [slimbus: qcom-ngd-ctrl: Avoid ABBA on tx_lock/ctrl->lock]
+CVE-2026-53331 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
- linux 7.0.13-1
[trixie] - linux 6.12.94-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/55f2ea9ff83cc27a85526b14bc9b32f96a08d6ec (7.1)
-CVE-2026-53330 [drm/amd/display: Fix out-of-bounds read in
dp_get_eq_aux_rd_interval()]
+CVE-2026-53330 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 7.0.13-1
NOTE:
https://git.kernel.org/linus/e8b4d37eba05141ee01794fc6b7f2da808cee83b (7.1-rc7)
-CVE-2026-53329 [drm/amd/display: Use krealloc_array() in dal_vector_reserve()]
+CVE-2026-53329 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 7.0.13-1
[trixie] - linux 6.12.94-1
NOTE:
https://git.kernel.org/linus/da48bc4461b8a5ebfb9264c9b191a701d8e99009 (7.1-rc7)
-CVE-2026-53327 [debugobjects: Do not fill_pool() if pi_blocked_on]
+CVE-2026-53327 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 7.0.13-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/5f41161059fd0f1bbf18c90f3180e38cc45a14eb (7.1-rc5)
@@ -552,7 +872,7 @@ CVE-2025-15666 (A security vulnerability has been detected
in Open Asset Import
TODO: check
CVE-2025-12530 (IBM watsonx.data intelligence 5.2.2, 5.3.0, 5.3.1, 5.3.1
through patch ...)
NOT-FOR-US: IBM
-CVE-2026-56016
+CVE-2026-56016 (CGI::Session::ID::md5 versions before 4.49 for Perl generate
predictab ...)
- libcgi-session-perl 4.49-1 (bug #1141197)
[trixie] - libcgi-session-perl <no-dsa> (Minor issue)
NOTE: https://lists.security.metacpan.org/cve-announce/msg/41439279/
@@ -1982,59 +2302,59 @@ CVE-2025-24816 (Nokia MantaRay is subject to an
Improper Access Control vulnerab
NOT-FOR-US: Nokia
CVE-2025-24815 (Nokia MantaRay NM is subject to an unrestricted file upload
vulnerabil ...)
NOT-FOR-US: Nokia
-CVE-2026-58030 [Escape linelinks argument before passing it on to Pygments]
+CVE-2026-58030 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- mediawiki <unfixed>
NOTE: https://phabricator.wikimedia.org/T427167
NOTE:
https://gerrit.wikimedia.org/r/c/mediawiki/extensions/SyntaxHighlight_GeSHi/+/1306180
(master)
NOTE:
https://gerrit.wikimedia.org/r/c/mediawiki/extensions/SyntaxHighlight_GeSHi/+/1306191
(REL1_43)
-CVE-2026-58027 [Hide hit count for private/protected filters in API]
+CVE-2026-58027 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
- mediawiki <unfixed>
NOTE: https://phabricator.wikimedia.org/T406954
NOTE:
https://gerrit.wikimedia.org/r/c/mediawiki/extensions/AbuseFilter/+/1306182
(master)
NOTE:
https://gerrit.wikimedia.org/r/c/mediawiki/extensions/AbuseFilter/+/1306181
(REL1_43)
-CVE-2026-58025 [Safely unserialize log entry parameters]
+CVE-2026-58025 (Deserialization of untrusted data vulnerability in Wikimedia
Foundatio ...)
- mediawiki <unfixed>
NOTE: https://phabricator.wikimedia.org/T422244
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1306343 (master)
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1306363
(REL1_43)
-CVE-2026-58037 [LogFormatter: 'raw' parameter format is no longer raw HTML]
+CVE-2026-58037 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- mediawiki <unfixed>
NOTE: https://phabricator.wikimedia.org/T422995
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1306232 (master)
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1306314
(REL1_43)
-CVE-2026-58029 [Check for editmyprivateinfo right in more places]
+CVE-2026-58029 (Vulnerability in Wikimedia Foundation MediaWiki. This
vulnerability ...)
- mediawiki <unfixed>
NOTE: http://phabricator.wikimedia.org/T422676
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1306215 (master)
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1306313
(REL1_43)
-CVE-2026-58024 [Restrict interwiki user lookup in ApiUserrights]
+CVE-2026-58024 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
- mediawiki <unfixed>
NOTE: https://phabricator.wikimedia.org/T422085
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1268588 (master)
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1306312
(REL1_43)
-CVE-2026-58026 [Make sure the actual title that's being transcluded is
includable]
+CVE-2026-58026 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
- mediawiki <unfixed>
NOTE: http://phabricator.wikimedia.org/T299359
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1306214 (master)
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1306311
(REL1_43)
-CVE-2026-58032 [mw.Api.getErrorMessage: Treat formatversion=1 as text]
+CVE-2026-58032 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- mediawiki <unfixed>
NOTE: https://phabricator.wikimedia.org/T426867
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1306213 (master)
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1306310
(REL1_43)
-CVE-2026-58033 [Exclude rev-deleted usernames from distinct authors query]
+CVE-2026-58033 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
- mediawiki <unfixed>
NOTE: https://phabricator.wikimedia.org/T427235
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1306212 (master)
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1306309
(REL1_43)
-CVE-2026-58028 [Disallow user JS in pretty-print api.php responses]
+CVE-2026-58028 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- mediawiki <unfixed>
NOTE: http://phabricator.wikimedia.org/T422306
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1306211 (master)
NOTE:
https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CentralAuth/+/1306216
(master)
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1306308
(REL1_43)
NOTE:
https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CentralAuth/+/1306320
(REL1_43)
-CVE-2026-58036 [Fix ApiQueryUsers leaking status ofprivate user conditions for
user]
+CVE-2026-58036 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
- mediawiki <not-affected> (Only affects 1.46 and later)
NOTE: https://phabricator.wikimedia.org/T425406
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1306035 (master)
@@ -2710,7 +3030,7 @@ CVE-2025-2902 (Improper Authorization Vulnerability of
Maintenance Utility in Hi
NOT-FOR-US: Hitachi
CVE-2025-0824 (Lack of validation for firmware updatein Hitachi Hitachi
Virtual Stora ...)
NOT-FOR-US: Hitachi
-CVE-2026-50160
+CVE-2026-50160 (Hoppscotch is an API development ecosystem. In self-hosted
deployments ...)
NOT-FOR-US: Hoppscotch
CVE-2026-53325 (In the Linux kernel, the following vulnerability has been
resolved: a ...)
- linux <unfixed>
@@ -4407,6 +4727,7 @@ CVE-2026-54822 (Subscriber SQL Injection in SALESmanago &
Leadoo <= 3.11.2 versi
CVE-2026-54821 (Subscriber Sensitive Data Exposure in Visual Link Preview <=
2.3.1 ver ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-54679 (jq is a command-line JSON processor. Prior to 1.8.2, on 32bit
system, ...)
+ {DLA-4662-1 DLA-4661-1}
- jq 1.8.2-1
NOTE:
https://github.com/jqlang/jq/security/advisories/GHSA-29gj-222p-j7vx
CVE-2026-54573 (Outline is a service that allows for collaborative
documentation. Prio ...)
@@ -9245,16 +9566,16 @@ CVE-2026-52908 (In the Linux kernel, the following
vulnerability has been resolv
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/badad6fad60def1b9805559dd81dbab3d97b82aa (7.1)
-CVE-2026-47262
+CVE-2026-47262 (containerd is an open-source container runtime. Versions prior
to 1.7. ...)
- containerd 2.1.9+ds1-1 (bug #1140385)
NOTE:
https://github.com/containerd/containerd/security/advisories/GHSA-jpcc-p29g-p8mq
-CVE-2026-53489
+CVE-2026-53489 (containerd is an open-source container runtime. Versions prior
to 2.3. ...)
- containerd 2.1.9+ds1-1 (bug #1140385)
[trixie] - containerd <not-affected> (Vulnerable code not present, only
affects 2.x)
[bookworm] - containerd <not-affected> (Vulnerable code not present,
only affects 2.x)
[bullseye] - containerd <not-affected> (Vulnerable code not present,
only affects 2.x)
NOTE:
https://github.com/containerd/containerd/security/advisories/GHSA-rgh6-rfwx-v388
-CVE-2026-53492
+CVE-2026-53492 (containerd is an open-source container runtime. In Versions
prior to 2 ...)
- containerd 2.1.9+ds1-1 (bug #1140385)
[trixie] - containerd <not-affected> (Vulnerable code not present, only
affects 2.x)
[bookworm] - containerd <not-affected> (Vulnerable code not present,
only affects 2.x)
@@ -9263,7 +9584,7 @@ CVE-2026-53492
CVE-2026-53488 (containerd is an open-source container runtime. In versions
prior to 1 ...)
- containerd 2.1.9+ds1-1 (bug #1140385)
NOTE:
https://github.com/containerd/containerd/security/advisories/GHSA-xhf5-7wjv-pqxp
-CVE-2026-50195
+CVE-2026-50195 (containerd is an open-source container runtime. Versions prior
to 2.3. ...)
- containerd 2.1.9+ds1-1 (bug #1140385)
[trixie] - containerd <not-affected> (Vulnerable code not present, only
affects 2.x)
[bookworm] - containerd <not-affected> (Vulnerable code not present,
only affects 2.x)
@@ -15043,6 +15364,7 @@ CVE-2026-11791 (A flaw was found in 389 Directory
Server. During schema reload,
- 389-ds-base <unfixed> (bug #1139816)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2485414
CVE-2026-49839 (jq is a command-line JSON processor. Prior to 1.8.2,` jq
--rawfile` ca ...)
+ {DLA-4662-1 DLA-4661-1}
- jq 1.8.1-8
NOTE:
https://github.com/jqlang/jq/security/advisories/GHSA-cfh2-vwfq-qfmm
CVE-2026-44236
@@ -17518,7 +17840,7 @@ CVE-2026-49261 (MariaDB server is a community developed
fork of MySQL server. Ve
NOTE:
https://mariadb.com/docs/release-notes/community-server/11.8/11.8.8
NOTE:
https://github.com/MariaDB/server/security/advisories/GHSA-3p3m-4x7c-p4pw
NOTE: https://jira.mariadb.org/browse/MDEV-39721
-CVE-2025-15646
+CVE-2025-15646 (HTML::Gumbo versions before 0.19 for Perl disclose heap memory
via typ ...)
- libhtml-gumbo-perl 0.18-5 (bug #1104789)
[bookworm] - libhtml-gumbo-perl <no-dsa> (Minor issue; to be fixed in
point release)
[bullseye] - libhtml-gumbo-perl <postponed> (Minor issue)
@@ -25994,6 +26316,7 @@ CVE-2026-48805
[bookworm] - php-twig <ignored> (Minor issue, too intrusive to backport)
NOTE:
https://symfony.com/blog/cve-2026-48805-sandbox-state-regression-in-deprecated-internal-wrappers-in-src-resources-core-php
CVE-2026-47770 (jq is a command-line JSON processor. Prior to 1.8.2, comparing
two suf ...)
+ {DLA-4662-1 DLA-4661-1}
- jq 1.8.1-7
NOTE:
https://github.com/jqlang/jq/commit/7122866869960b55cea3646bc91334ef55787831
NOTE: https://github.com/jqlang/jq/pull/3539
@@ -35945,7 +36268,7 @@ CVE-2026-44992 (OpenClaw versions 2026.4.5 before
2026.4.20 contain an environme
CVE-2026-44991 (OpenClaw before 2026.4.21 contains an authorization bypass
vulnerabili ...)
NOT-FOR-US: OpenClaw
CVE-2026-44777 (jq is a command-line JSON processor. In 1.8.2rc1 and earlier,
the ordi ...)
- {DLA-4599-1}
+ {DLA-4662-1 DLA-4599-1}
- jq 1.8.1-6 (bug #1136445)
[trixie] - jq <no-dsa> (Minor issue)
NOTE:
https://github.com/jqlang/jq/security/advisories/GHSA-rmpv-jgvr-wpr9
@@ -35986,15 +36309,16 @@ CVE-2026-43968 (Improper Neutralization of CRLF
Sequences ('CRLF Injection') vul
NOTE: https://osv.dev/vulnerability/EEF-CVE-2026-43968
NOTE:
https://github.com/ninenines/cowlib/commit/6165fc40efa159ba1cceee7e7981e790acba5d9c
CVE-2026-43896 (jq is a command-line JSON processor. In 1.8.1 and earlier,
unbounded r ...)
- {DLA-4599-1}
+ {DLA-4662-1 DLA-4599-1}
- jq 1.8.1-6 (bug #1136445)
[trixie] - jq <no-dsa> (Minor issue)
NOTE:
https://github.com/jqlang/jq/security/advisories/GHSA-mg96-6h3q-g846
CVE-2026-43895 (jq is a command-line JSON processor. In 1.8.1 and earlier, jq
accepts ...)
- {DLA-4599-1}
+ {DLA-4662-1 DLA-4599-1}
- jq 1.8.1-6 (bug #1136445)
NOTE:
https://github.com/jqlang/jq/security/advisories/GHSA-7q7g-mrq3-phxr
CVE-2026-43894 (jq is a command-line JSON processor. In 1.8.1 and earlier,
when decNum ...)
+ {DLA-4662-1 DLA-4661-1}
- jq 1.8.1-6 (bug #1136445)
NOTE:
https://github.com/jqlang/jq/security/advisories/GHSA-5v7p-2r57-2g4g
CVE-2026-43826 (The OpenSearch logging provider, when configured with a `host`
URL tha ...)
@@ -36069,12 +36393,12 @@ CVE-2026-41951 (Path traversal vulnerability exists
in GROWI v7.5.0 and earlier,
CVE-2026-41431 (Zen is a firefox-based browser. Prior to 1.19.9b, Zen Browser
ships a ...)
NOT-FOR-US: Zen
CVE-2026-41257 (jq is a command-line JSON processor. In 1.8.1 and earlier, the
jq byte ...)
- {DLA-4599-1}
+ {DLA-4662-1 DLA-4599-1}
- jq 1.8.1-6 (bug #1136445)
[trixie] - jq <no-dsa> (Minor issue)
NOTE:
https://github.com/jqlang/jq/security/advisories/GHSA-4jm8-m363-4539
CVE-2026-41256 (jq is a command-line JSON processor. In 1.8.1 and earlier,
Top-level j ...)
- {DLA-4599-1}
+ {DLA-4662-1 DLA-4599-1}
- jq 1.8.1-6 (bug #1136445)
[trixie] - jq <no-dsa> (Minor issue)
NOTE:
https://github.com/jqlang/jq/security/advisories/GHSA-vf2h-chrj-q3fg
@@ -52830,7 +53154,7 @@ CVE-2026-40169 (ImageMagick is free and open-source
software used for editing an
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5592-p365-24xh
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/f86452a8aea37bf2b4bd36127f836dcc5f138b38
(7.1.2-19)
CVE-2026-40164 (jq is a command-line JSON processor. Before commit
0c7d133c3c7e37c00b6 ...)
- {DLA-4599-1}
+ {DLA-4662-1 DLA-4599-1}
- jq 1.8.1-5 (bug #1133921)
[trixie] - jq 1.7.1-6+deb13u2
NOTE:
https://github.com/jqlang/jq/security/advisories/GHSA-wwj8-gxm6-jc29
@@ -52838,13 +53162,13 @@ CVE-2026-40164 (jq is a command-line JSON processor.
Before commit 0c7d133c3c7e3
CVE-2026-3017 (The Smart Post Show \u2013 Post Grid, Post Carousel & Slider,
and List ...)
NOT-FOR-US: WordPress plugin
CVE-2026-39979 (jq is a command-line JSON processor. In commits before
2f09060afab23fe ...)
- {DLA-4599-1}
+ {DLA-4662-1 DLA-4599-1}
- jq 1.8.1-5 (bug #1133921)
[trixie] - jq 1.7.1-6+deb13u2
NOTE:
https://github.com/jqlang/jq/security/advisories/GHSA-2hhh-px8h-355p
NOTE: Fixed by:
https://github.com/jqlang/jq/commit/2f09060afab23fe9390cce7cb860b10416e1bf5f
CVE-2026-39956 (jq is a command-line JSON processor. In commits after
69785bf77f86e2ea ...)
- {DLA-4599-1}
+ {DLA-4662-1 DLA-4599-1}
- jq 1.8.1-5 (bug #1133921)
[trixie] - jq 1.7.1-6+deb13u2
NOTE:
https://github.com/jqlang/jq/security/advisories/GHSA-6gc3-3g9p-xx28
@@ -52892,13 +53216,13 @@ CVE-2026-34225 (Open WebUI is a self-hosted
artificial intelligence platform des
CVE-2026-34069 (nimiq/core-rs-albatross is a Rust implementation of the Nimiq
Proof-of ...)
NOT-FOR-US: nimiq/core-rs-albatross
CVE-2026-33948 (jq is a command-line JSON processor. Commits before
6374ae0bcdfe33a18e ...)
- {DLA-4599-1}
+ {DLA-4662-1 DLA-4599-1}
- jq 1.8.1-5 (bug #1133921)
[trixie] - jq 1.7.1-6+deb13u2
NOTE:
https://github.com/jqlang/jq/security/advisories/GHSA-32cx-cvvh-2wj9
NOTE: Fixed by:
https://github.com/jqlang/jq/commit/6374ae0bcdfe33a18eb0ae6db28493b1f34a0a5b
CVE-2026-33947 (jq is a command-line JSON processor. In versions 1.8.1 and
below, func ...)
- {DLA-4599-1}
+ {DLA-4662-1 DLA-4599-1}
- jq 1.8.1-5 (bug #1133921)
[trixie] - jq 1.7.1-6+deb13u2
NOTE:
https://github.com/jqlang/jq/security/advisories/GHSA-xwrw-4f8h-rjvg
@@ -53164,7 +53488,7 @@ CVE-2026-33555 (An issue was discovered in HAProxy
before 3.3.6. The HTTP/3 pars
NOTE: Fixed by:
https://git.haproxy.org/?p=haproxy-3.0.git;a=commit;h=425b969d6ea4114f4ae260f57802c65ccafc319c
(v3.0.19)
NOTE: Fixed by:
https://git.haproxy.org/?p=haproxy-2.6.git;a=commit;h=3d8388d089170f8544c4a43bf0575f296c885f94
(v2.6.25)
CVE-2026-32316 (jq is a command-line JSON processor. An integer overflow
vulnerability ...)
- {DLA-4599-1}
+ {DLA-4662-1 DLA-4599-1}
- jq 1.8.1-5 (bug #1133921)
[trixie] - jq 1.7.1-6+deb13u2
NOTE:
https://github.com/jqlang/jq/security/advisories/GHSA-q3h9-m34w-h76f
@@ -66342,7 +66666,7 @@ CVE-2026-33306 (bcrypt-ruby is a Ruby binding for the
OpenBSD bcrypt() password
NOTE: Fixed by:
https://github.com/bcrypt-ruby/bcrypt-ruby/commit/5faa2748331d3edc661c127ef2fbb3afcb6b02a4
(v3.1.22)
CVE-2026-23538
NOT-FOR-US: Feast
-CVE-2026-23537
+CVE-2026-23537 (A vulnerability has been identified in the Feast Feature
Server\u2019s ...)
NOT-FOR-US: Feast
CVE-2026-4540 (A vulnerability was detected in projectworlds Online Notes
Sharing Sys ...)
NOT-FOR-US: Project Worlds
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/39130f32e9a0643c327c8cabb170b7393848e285
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/39130f32e9a0643c327c8cabb170b7393848e285
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits