Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
cbef361d by security tracker role at 2026-07-02T19:13:49+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,8 +1,360 @@
-CVE-2026-53358 [Bluetooth: L2CAP: use chan timer to close channels in 
cleanup_listen()]
+CVE-2026-9834 (The WP Database Backup \u2013 Unlimited Database & Files Backup 
by Bac ...)
+       TODO: check
+CVE-2026-9563 (In Eclipse Parsson published Maven Central artifacts before 
version 1. ...)
+       TODO: check
+CVE-2026-9272 (In Progress Flowmon ADS versions prior to 12.5.6 and 13.0.5, a 
vulnera ...)
+       TODO: check
+CVE-2026-9188 (The Appointment Bookings for Zoom GoogleMeet and more \u2013 
Wappointm ...)
+       TODO: check
+CVE-2026-9145 (The Database for Contact Form 7, WPforms, Elementor forms 
plugin for W ...)
+       TODO: check
+CVE-2026-8699 (A stored Cross-Site Scripting (XSS) vulnerability has been 
identified  ...)
+       TODO: check
+CVE-2026-8482 (A vulnerability was discovered on StormShield Network Security 
4.3.0 t ...)
+       TODO: check
+CVE-2026-8441 (The WP Review Slider Pro plugin for WordPress is vulnerable to 
SQL Inj ...)
+       TODO: check
+CVE-2026-8147 (In MLflow versions prior to 3.14.0, when running with 
authentication e ...)
+       TODO: check
+CVE-2026-8079 (In Progress Flowmon versions prior to 12.5.9 and 13.0.11, a 
vulnerabil ...)
+       TODO: check
+CVE-2026-7311 (The TinyPNG \u2013 JPEG, PNG & WebP image compression plugin 
for WordP ...)
+       TODO: check
+CVE-2026-5524 (The Divi Form Builder plugin for WordPress is vulnerable to 
Arbitrary  ...)
+       TODO: check
+CVE-2026-58653 (PraisonAI before 0.1.7 fails to validate that project_id in 
issue crea ...)
+       TODO: check
+CVE-2026-58652 (luci-app-travelmate (and the travelmate package) contain a 
privilege-e ...)
+       TODO: check
+CVE-2026-58465 (Eclipse Wakaama before snapshot/2026-05-26 contains an 
unbounded memor ...)
+       TODO: check
+CVE-2026-58455 (Dockwatch through 0.6.567 contains an unauthenticated OS 
command injec ...)
+       TODO: check
+CVE-2026-57766 (Unauthenticated Cross Site Request Forgery (CSRF) in WPIDE 
\u2013 File ...)
+       TODO: check
+CVE-2026-57765 (Contributor SQL Injection in WP EasyCart <= 5.9.0 versions.)
+       TODO: check
+CVE-2026-57764 (Contributor Cross Site Scripting (XSS) in Surbma | Yoast SEO 
Breadcrum ...)
+       TODO: check
+CVE-2026-57763 (Contributor Cross Site Scripting (XSS) in Structured Content 
<= 1.7.0  ...)
+       TODO: check
+CVE-2026-57762 (Author Cross Site Scripting (XSS) in Simple URLs <= 151 
versions.)
+       TODO: check
+CVE-2026-57761 (Unauthenticated Cross Site Request Forgery (CSRF) in SEOWP <= 
3.12.2 v ...)
+       TODO: check
+CVE-2026-57760 (Missing Authorization vulnerability in Sendcloud Sendcloud 
Shipping al ...)
+       TODO: check
+CVE-2026-57759 (Unauthenticated Cross Site Request Forgery (CSRF) in 
ProfileGrid  <= 5 ...)
+       TODO: check
+CVE-2026-57758 (Unauthenticated Cross Site Request Forgery (CSRF) in Permalink 
Manager ...)
+       TODO: check
+CVE-2026-57757 (Unauthenticated Cross Site Request Forgery (CSRF) in pCloud WP 
Backup  ...)
+       TODO: check
+CVE-2026-57756 (Contributor SQL Injection in nicen-localize-image <= 1.4.9 
versions.)
+       TODO: check
+CVE-2026-57755 (Contributor Cross Site Scripting (XSS) in Mosaic Gallery 
&#8211; Advan ...)
+       TODO: check
+CVE-2026-57754 (Contributor Cross Site Scripting (XSS) in Livemesh Addons for 
WPBakery ...)
+       TODO: check
+CVE-2026-57753 (Unauthenticated Sensitive Data Exposure in Kit (formerly 
ConvertKit) f ...)
+       TODO: check
+CVE-2026-57752 (Contributor SQL Injection in iNET Webkit 1.2.4 versions.)
+       TODO: check
+CVE-2026-57751 (Unauthenticated Cross Site Request Forgery (CSRF) in Heateor 
Social Lo ...)
+       TODO: check
+CVE-2026-57750 (Unauthenticated Broken Access Control in ez Form Calculator 
Premium <= ...)
+       TODO: check
+CVE-2026-57749 (Contributor Local File Inclusion in SportsPress Pro <= 2.7.29 
versions ...)
+       TODO: check
+CVE-2026-57748 (Contributor Local File Inclusion in Shopify <= 1.0.0 versions.)
+       TODO: check
+CVE-2026-57747 (Unauthenticated Cross Site Request Forgery (CSRF) in Booked <= 
3.0.0 v ...)
+       TODO: check
+CVE-2026-57746 (Subscriber Broken Access Control in Booked <= 3.0.0 versions.)
+       TODO: check
+CVE-2026-57731 (Contributor Broken Access Control in Flatsome <= 3.20.5 
versions.)
+       TODO: check
+CVE-2026-57730 (Subscriber Broken Access Control in Flatsome <= 3.20.5 
versions.)
+       TODO: check
+CVE-2026-57690 (Unauthenticated Cross Site Request Forgery (CSRF) in Werkstatt 
<= 4.7. ...)
+       TODO: check
+CVE-2026-57689 (Subscriber Broken Access Control in Werkstatt <= 4.7.2 
versions.)
+       TODO: check
+CVE-2026-57688 (Unauthenticated Broken Access Control in POS Entegrat\xf6r <= 
3.7.103  ...)
+       TODO: check
+CVE-2026-57687 (Contributor SQL Injection in Custom Field Template <= 2.7.8 
versions.)
+       TODO: check
+CVE-2026-57686 (Unauthenticated Cross Site Scripting (XSS) in WowAddons <= 
1.6.14 vers ...)
+       TODO: check
+CVE-2026-57685 (Subscriber Broken Access Control in Martfury - WooCommerce 
Marketplace ...)
+       TODO: check
+CVE-2026-57684 (Contributor Cross Site Scripting (XSS) in TheFox <= 3.9.70 
versions.)
+       TODO: check
+CVE-2026-57683 (Unauthenticated SQL Injection in WP Fast Total Search <= 
1.80.280 vers ...)
+       TODO: check
+CVE-2026-57682 (Unauthenticated Cross Site Scripting (XSS) in Simple Link 
Directory <= ...)
+       TODO: check
+CVE-2026-57681 (Subscriber Server Side Request Forgery (SSRF) in GeoDirectory 
<= 2.8.1 ...)
+       TODO: check
+CVE-2026-57680 (Unauthenticated Insecure Direct Object References (IDOR) in 
Kirki <= 6 ...)
+       TODO: check
+CVE-2026-57679 (Unauthenticated SQL Injection in GeekyBot <= 1.2.5 versions.)
+       TODO: check
+CVE-2026-57678 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2026-57677 (Unauthenticated PHP Object Injection in Novalnet Payment 
Gateway for W ...)
+       TODO: check
+CVE-2026-57675 (Unauthenticated Cross Site Scripting (XSS) in WP Photo Album 
Plus <= 9 ...)
+       TODO: check
+CVE-2026-57674 (Unauthenticated Cross Site Scripting (XSS) in Timetics <= 
1.0.58 versi ...)
+       TODO: check
+CVE-2026-57673 (Unauthenticated Cross Site Scripting (XSS) in Optimole <= 
4.2.7 versio ...)
+       TODO: check
+CVE-2026-57672 (Unauthenticated Cross Site Scripting (XSS) in wpDataTables <= 
6.5.1.1  ...)
+       TODO: check
+CVE-2026-57671 (Unauthenticated Cross Site Scripting (XSS) in perfmatters <= 
2.6.4 ver ...)
+       TODO: check
+CVE-2026-57670 (Unauthenticated Cross Site Scripting (XSS) in Google Maps CP 
<= 1.2.5  ...)
+       TODO: check
+CVE-2026-57669 (Subscriber Broken Access Control in Advanced Contact form 7 DB 
<= 2.0. ...)
+       TODO: check
+CVE-2026-57625 (Unauthenticated Cross Site Scripting (XSS) in Admin and Site 
Enhanceme ...)
+       TODO: check
+CVE-2026-57624 (Unauthenticated Remote Code Execution (RCE) in Blocksy 
Companion Pro < ...)
+       TODO: check
+CVE-2026-57623 (Unauthenticated Arbitrary Code Execution in W3 Total Cache <= 
2.9.4 ve ...)
+       TODO: check
+CVE-2026-57621 (Unauthenticated PHP Object Injection in Booktics <= 1.0.21 
versions.)
+       TODO: check
+CVE-2026-57426 (Unauthenticated Cross Site Scripting (XSS) in Modula - PRO <= 
2.10.8 v ...)
+       TODO: check
+CVE-2026-57366 (Unauthenticated Cross Site Scripting (XSS) in WPAdverts <= 
2.3.1 versi ...)
+       TODO: check
+CVE-2026-57362 (Unauthenticated Cross Site Scripting (XSS) in ChatBot <= 8.3.2 
version ...)
+       TODO: check
+CVE-2026-57361 (Unauthenticated Cross Site Scripting (XSS) in Survey Maker <= 
5.2.2.5  ...)
+       TODO: check
+CVE-2026-57360 (Unauthenticated Cross Site Scripting (XSS) in eCommerce 
Product Catalo ...)
+       TODO: check
+CVE-2026-57359 (Unauthenticated Cross Site Scripting (XSS) in ReviewX <= 
2.3.10 versio ...)
+       TODO: check
+CVE-2026-57358 (Unauthenticated Cross Site Scripting (XSS) in Customize My 
Account for ...)
+       TODO: check
+CVE-2026-57357 (Unauthenticated Cross Site Scripting (XSS) in Search Atlas SEO 
<= 2.6. ...)
+       TODO: check
+CVE-2026-57356 (Unauthenticated Cross Site Scripting (XSS) in MC Woocommerce 
Wishlist  ...)
+       TODO: check
+CVE-2026-57355 (Subscriber Broken Access Control in Classified Listing <= 
5.4.2 versio ...)
+       TODO: check
+CVE-2026-57354 (Subscriber Cross Site Scripting (XSS) in JetReviews <= 3.0.0.1 
version ...)
+       TODO: check
+CVE-2026-57353 (Subscriber Broken Access Control in Link Whisper Premium <= 
2.9.0 vers ...)
+       TODO: check
+CVE-2026-57352 (Unauthenticated Broken Authentication in ALD \u2013 
Dropshipping and F ...)
+       TODO: check
+CVE-2026-57351 (Unauthenticated Cross Site Scripting (XSS) in HandL UTM 
Grabber <= 2.9 ...)
+       TODO: check
+CVE-2026-57350 (Unauthenticated Cross Site Scripting (XSS) in WP Debugging <= 
2.12.2 v ...)
+       TODO: check
+CVE-2026-57349 (Unauthenticated Cross Site Scripting (XSS) in WPeMatico RSS 
Feed Fetch ...)
+       TODO: check
+CVE-2026-57348 (Unauthenticated Server Side Request Forgery (SSRF) in Paid 
Member Subs ...)
+       TODO: check
+CVE-2026-57347 (Subscriber Sensitive Data Exposure in Hotel Booking Lite <= 
6.0.3 vers ...)
+       TODO: check
+CVE-2026-57345 (Unauthenticated Cross Site Scripting (XSS) in Internal Links 
Manager < ...)
+       TODO: check
+CVE-2026-57344 (Unauthenticated Cross Site Scripting (XSS) in Classified 
Listing <= 5. ...)
+       TODO: check
+CVE-2026-57343 (Unauthenticated Cross Site Scripting (XSS) in Real Estate 7 <= 
3.5.9 v ...)
+       TODO: check
+CVE-2026-57342 (Subscriber Cross Site Scripting (XSS) in ShortPixel Adaptive 
Images <= ...)
+       TODO: check
+CVE-2026-56842 (A malicious actor with access to the network and under certain 
conditi ...)
+       TODO: check
+CVE-2026-56841 (A malicious actor with access to the network and low 
privileges could  ...)
+       TODO: check
+CVE-2026-56037 (Deserialization of Untrusted Data vulnerability in Themify 
Themify Pop ...)
+       TODO: check
+CVE-2026-56004 (A shellcode injection in the mercurial handler of the obs 
tar_scm sour ...)
+       TODO: check
+CVE-2026-55952 (The Erlang/OTP ssl application does not validate that the PSK 
identity ...)
+       TODO: check
+CVE-2026-55950 (Time-of-check Time-of-use (TOCTOU) race condition 
vulnerability in Erl ...)
+       TODO: check
+CVE-2026-55119 (A malicious actor with access to the network and low 
privileges could  ...)
+       TODO: check
+CVE-2026-55118 (A malicious actor with access to the network,low privileges 
and under  ...)
+       TODO: check
+CVE-2026-55117 (A malicious actor with access to the network could exploit a 
Path Trav ...)
+       TODO: check
+CVE-2026-55116 (A malicious actor with access to the network and under certain 
network ...)
+       TODO: check
+CVE-2026-55115 (A malicious actor with access to the network and low 
privileges could  ...)
+       TODO: check
+CVE-2026-55114 (A malicious actor with access to the network and low 
privileges could  ...)
+       TODO: check
+CVE-2026-55113 (A malicious actor with access to the network could exploit a 
Server-Si ...)
+       TODO: check
+CVE-2026-55112 (A malicious actor with access to the network and low 
privileges and un ...)
+       TODO: check
+CVE-2026-55111 (A malicious actor with access to the network could exploit a 
Path Trav ...)
+       TODO: check
+CVE-2026-55110 (A malicious actor who lures an authenticated user to a 
malicious page  ...)
+       TODO: check
+CVE-2026-54891 (Improper Enforcement of Message Integrity During Transmission 
in a Com ...)
+       TODO: check
+CVE-2026-54887 (Use of Default Cryptographic Key vulnerability in Erlang/OTP 
ssl (DTLS ...)
+       TODO: check
+CVE-2026-54886 (Loop with Unreachable Exit Condition ('Infinite Loop') 
vulnerability i ...)
+       TODO: check
+CVE-2026-54431 (In liboauth2 the Demonstrating Proof-of-Possession (DPoP) 
verifier acc ...)
+       TODO: check
+CVE-2026-54430 (liboauth2 is vulnerable to Server-Side Request Forgery 
inoauth2_jose_j ...)
+       TODO: check
+CVE-2026-54409 (A malicious actor with access to the network and under certain 
conditi ...)
+       TODO: check
+CVE-2026-54408 (A malicious actor with access to the network could exploit an 
Improper ...)
+       TODO: check
+CVE-2026-54407 (A malicious actor with access to the network could exploit an 
Improper ...)
+       TODO: check
+CVE-2026-54406 (A malicious actor with access to the network and high 
privileges could ...)
+       TODO: check
+CVE-2026-54405 (A malicious actor with access to the network could exploit an 
Improper ...)
+       TODO: check
+CVE-2026-54404 (A malicious actor with access to the network and low 
privileges could  ...)
+       TODO: check
+CVE-2026-54403 (A malicious actor with access to the network could exploit a 
Path Trav ...)
+       TODO: check
+CVE-2026-54402 (A malicious actor with access to the network and low 
privileges could  ...)
+       TODO: check
+CVE-2026-54401 (A malicious actor with access to the network and low 
privileges could  ...)
+       TODO: check
+CVE-2026-54400 (A malicious actor with access to the network and high 
privileges could ...)
+       TODO: check
+CVE-2026-53422 (Observable Response Discrepancy vulnerability in Erlang OTP 
ssh (ssh_s ...)
+       TODO: check
+CVE-2026-50748 (A malicious actor with access to the network and low 
privileges could  ...)
+       TODO: check
+CVE-2026-50747 (A malicious actor with access to the network and low 
privileges could  ...)
+       TODO: check
+CVE-2026-50746 (A malicious actor with access to the network could exploit an 
Improper ...)
+       TODO: check
+CVE-2026-50282 (Craft CMS is a content management system (CMS). Versions 
5.0.0-RC1 and ...)
+       TODO: check
+CVE-2026-50281 (Craft CMS is a content management system (CMS). Versions 5.7.0 
and abo ...)
+       TODO: check
+CVE-2026-4772 (Improper neutralization of input during web page generation 
('cross-si ...)
+       TODO: check
+CVE-2026-4770 (Improper neutralization of input during web page generation 
('cross-si ...)
+       TODO: check
+CVE-2026-4767 (Missing authentication for critical function vulnerability in 
TR7 Cybe ...)
+       TODO: check
+CVE-2026-49779 (Customer Path Traversal in Tax Exempt for WooCommerce <= 1.9.3 
version ...)
+       TODO: check
+CVE-2026-44941 (A relative path traversal in the "keyhint" option in 
repomd.xml parsin ...)
+       TODO: check
+CVE-2026-44935 (Missing validation of "valuesFrom" references in Helm Deployer 
of SUSE ...)
+       TODO: check
+CVE-2026-42382 (Unauthenticated Local File Inclusion in Audrey <= 1.5 
versions.)
+       TODO: check
+CVE-2026-39448 (Unauthenticated Broken Access Control in NOWPayments for 
WooCommerce < ...)
+       TODO: check
+CVE-2026-33592 (An unauthenticated remote attacker can exhaust server memory 
via the F ...)
+       TODO: check
+CVE-2026-27436 (Editor Arbitrary Code Execution in Five Star Business Profile 
and Sche ...)
+       TODO: check
+CVE-2026-27433 (Unauthenticated Broken Access Control in Motors <= 5.6.80 
versions.)
+       TODO: check
+CVE-2026-27430 (Unauthenticated Cross Site Scripting (XSS) in TheFox <= 3.9.76 
version ...)
+       TODO: check
+CVE-2026-27426 (Unauthenticated Cross Site Scripting (XSS) in Automotive Car 
Dealershi ...)
+       TODO: check
+CVE-2026-27425 (Unauthenticated Cross Site Scripting (XSS) in Automotive 
Listings <= 1 ...)
+       TODO: check
+CVE-2026-27419 (Subscriber Arbitrary File Upload in Zegen <= 1.1.9 versions.)
+       TODO: check
+CVE-2026-27414 (Contributor PHP Object Injection in Werkstatt <= 4.8.3 
versions.)
+       TODO: check
+CVE-2026-27412 (Unauthenticated Local File Inclusion in Pearl - Corporate 
Business <=  ...)
+       TODO: check
+CVE-2026-27408 (Unauthenticated Cross Site Scripting (XSS) in NativeChurch <= 
4.8.8.2  ...)
+       TODO: check
+CVE-2026-27404 (Unauthenticated Cross Site Scripting (XSS) in LMS <= 9.7 
versions.)
+       TODO: check
+CVE-2026-27402 (Unauthenticated Cross Site Scripting (XSS) in Kids Life | 
Children Sch ...)
+       TODO: check
+CVE-2026-27060 (Contributor PHP Object Injection in ARMember Premium <= 7.0 
versions.)
+       TODO: check
+CVE-2026-14449 (u5CMSthroughv12.8.8 is vulnerable to reflected XSS via the 
\u2018thank ...)
+       TODO: check
+CVE-2026-14336 (PIA's OIDC issuer allowlist for Jenkins tokens uses a bare 
string-pref ...)
+       TODO: check
+CVE-2026-14029 (The Groundhogg \u2014 CRM, Newsletters, and Marketing 
Automation plugi ...)
+       TODO: check
+CVE-2026-13743 (CubeSpace CW0057 Reaction Wheel firmware versions prior to 
5.0.20 are  ...)
+       TODO: check
+CVE-2026-13459 (The JetFormBuilder \u2014 Dynamic Blocks Form Builder plugin 
for WordP ...)
+       TODO: check
+CVE-2026-13369 (The Ninja Forms - File Uploads plugin for WordPress is 
vulnerable to A ...)
+       TODO: check
+CVE-2026-13252 (The RSS Aggregator by Feedzy \u2013 Feed to Post, 
Autoblogging, News & ...)
+       TODO: check
+CVE-2026-13251 (The Perfmatters plugin for WordPress is vulnerable to 
Directory Traver ...)
+       TODO: check
+CVE-2026-12657 (The LatePoint \u2013 Calendar Booking Plugin for Appointments 
and Even ...)
+       TODO: check
+CVE-2026-12472 (The Kirki \u2013 Freeform Page Builder, Website Builder & 
Customizer p ...)
+       TODO: check
+CVE-2026-12168 (An improper validation vulnerability for driver 
`GFAC_Sys_x64.sys` in  ...)
+       TODO: check
+CVE-2026-12167 (The Minifilter communication port for driver 
`GFAC_Sys_x64.sys` in Lit ...)
+       TODO: check
+CVE-2026-12166 (A NULL pointer dereference vulnerability for driver 
`GFAC_Sys_x64.sys` ...)
+       TODO: check
+CVE-2026-12134 (The JoomSport \u2013 for Sports: Team & League, Football, 
Hockey & mor ...)
+       TODO: check
+CVE-2026-12122 (The Kirki \u2013 Freeform Page Builder, Website Builder & 
Customizer p ...)
+       TODO: check
+CVE-2026-11946 (An unauthenticated remote attacker can exhaust server memory 
via the G ...)
+       TODO: check
+CVE-2026-11896 (The My Calendar \u2013 Accessible Event Manager plugin for 
WordPress i ...)
+       TODO: check
+CVE-2026-10104 (The Product Video Gallery for Woocommerce plugin for WordPress 
is vuln ...)
+       TODO: check
+CVE-2025-69156 (Unauthenticated Cross Site Scripting (XSS) in Kids Zone - 
Children Wor ...)
+       TODO: check
+CVE-2025-69155 (Unauthenticated Cross Site Scripting (XSS) in Fitness Zone 
WordPress T ...)
+       TODO: check
+CVE-2025-69154 (Unauthenticated Cross Site Scripting (XSS) in SpaLab | Beauty 
Salon Wo ...)
+       TODO: check
+CVE-2025-69153 (Unauthenticated Cross Site Scripting (XSS) in Trendy Travel <= 
6.7 ver ...)
+       TODO: check
+CVE-2025-69152 (Unauthenticated Cross Site Scripting (XSS) in Artale | Wedding 
Photogr ...)
+       TODO: check
+CVE-2025-69134 (Unauthenticated Arbitrary Content Deletion in OpenAI Chatbot 
for WordP ...)
+       TODO: check
+CVE-2025-69133 (Subscriber Local File Inclusion in Tourmaster <= 5.4.5 
versions.)
+       TODO: check
+CVE-2025-69132 (Subscriber Sensitive Data Exposure in Corpkit <= 1.0.5 
versions.)
+       TODO: check
+CVE-2025-69094 (Subscriber SQL Injection in Unicamp <= 2.2.2 versions.)
+       TODO: check
+CVE-2025-66076 (Unauthenticated Broken Access Control in Woostify Sites 
Library <= 1.6 ...)
+       TODO: check
+CVE-2025-58902 (Unauthenticated Local File Inclusion in Lighthouse <= 1.2.12 
versions.)
+       TODO: check
+CVE-2024-58352 (Landray OA contains an unauthenticated HQL injection 
vulnerability tha ...)
+       TODO: check
+CVE-2024-14037 (Redsea Cloud eHR contains an arbitrary file upload 
vulnerability that  ...)
+       TODO: check
+CVE-2022-50973 (Yonyou KSOA 9.0 contains an unauthenticated arbitrary file 
upload vuln ...)
+       TODO: check
+CVE-2026-53358 (In the Linux kernel, the following vulnerability has been 
resolved:  B ...)
        - linux 7.0.12-1
        [trixie] - linux 6.12.94-1
        NOTE: 
https://git.kernel.org/linus/8c8e620467a7b51562dbcefbd1f09f288d7d710d (7.1-rc6)
-CVE-2026-53357 [Bluetooth: fix UAF in l2cap_sock_cleanup_listen() vs 
l2cap_conn_del()]
+CVE-2026-53357 (In the Linux kernel, the following vulnerability has been 
resolved:  B ...)
        - linux 7.0.12-1
        [trixie] - linux 6.12.94-1
        NOTE: 
https://git.kernel.org/linus/ab1513597c6cf17cd1ad2a21e3b045421b48e022 (7.1-rc5)
@@ -176847,7 +177199,7 @@ CVE-2025-27463
 CVE-2025-27462
        NOT-FOR-US: Windows XenCons WinPVDriver
        NOTE: https://xenbits.xen.org/xsa/advisory-468.html
-CVE-2025-5276 (All versions of the package mcp-markdownify-server are 
vulnerable to S ...)
+CVE-2025-5276 (Versions of the package mcp-markdownify-server before 1.0.0 are 
vulner ...)
        NOT-FOR-US: mcp-markdownify-server
 CVE-2025-5273 (All versions of the package mcp-markdownify-server are 
vulnerable to F ...)
        NOT-FOR-US: mcp-markdownify-server
@@ -508026,7 +508378,7 @@ CVE-2021-34434 (In Eclipse Mosquitto versions 2.0 to 
2.0.11, when using the dyna
        NOTE: Fixed by: 
https://github.com/eclipse/mosquitto/commit/32af599c81e63fa38e834b8f1c1f108c49328e95
 (v2.0.12)
 CVE-2021-34433 (In Eclipse Californium version 2.0.0 to 2.6.4 and 3.0.0-M1 to 
3.0.0-M3 ...)
        NOT-FOR-US: Eclipse Californium
-CVE-2021-34432 (In Eclipse Mosquitto versions 2.07 and earlier, the server 
will crash  ...)
+CVE-2021-34432 (In Eclipse Mosquitto versions 2.0.7 and earlier, the server 
will crash ...)
        - mosquitto 2.0.8-1
        [buster] - mosquitto <ignored> (Vulnerable code is not accessible in 
version 1.x)
        [stretch] - mosquitto <ignored> (Vulnerable code is not accessible in 
version 1.x)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cbef361db2f7666178c47d434de15ee8786f281e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cbef361db2f7666178c47d434de15ee8786f281e
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to