Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
b51d8c0e by security tracker role at 2026-07-04T07:13:12+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,227 @@
+CVE-2026-58597 (Insufficient ui warning of dangerous operations in Microsoft 
Edge (Chr ...)
+       TODO: check
+CVE-2026-58524 (Improper neutralization of input during web page generation 
('cross-si ...)
+       TODO: check
+CVE-2026-58523 (Improper access control in Microsoft Edge for Android allows 
an unauth ...)
+       TODO: check
+CVE-2026-58522 (Relative path traversal in Microsoft Edge for Android allows 
an unauth ...)
+       TODO: check
+CVE-2026-58426 (Gitea Actions Artifacts V4 signed URL HMAC ambiguity allows 
cross-repo ...)
+       TODO: check
+CVE-2026-58424 (Permanent Fork PR Workflow Approval Gate Bypass)
+       TODO: check
+CVE-2026-58423 (LFS authentication bypass via malformed SSH sub-verb allows 
unauthoriz ...)
+       TODO: check
+CVE-2026-58422 (Improper authorization on OAuth sign-in callback silently 
re-enables a ...)
+       TODO: check
+CVE-2026-58421 (Unauthenticated ReDoS via CODEOWNERS pattern matching allows 
denial of ...)
+       TODO: check
+CVE-2026-58419 (Notification API leaks private issue metadata after access 
revocation)
+       TODO: check
+CVE-2026-58418 (SSRF via HTTP Redirect in Repository Migration)
+       TODO: check
+CVE-2026-58300 (Absolute path traversal in Microsoft Edge for Android allows 
an unauth ...)
+       TODO: check
+CVE-2026-58299 (Time-of-check time-of-use (toctou) race condition in Microsoft 
Edge fo ...)
+       TODO: check
+CVE-2026-58298 (Improper neutralization of input during web page generation 
('cross-si ...)
+       TODO: check
+CVE-2026-58297 (Exposure of private personal information to an unauthorized 
actor in M ...)
+       TODO: check
+CVE-2026-58296 (Exposure of private personal information to an unauthorized 
actor in M ...)
+       TODO: check
+CVE-2026-58295 (Access of resource using incompatible type ('type confusion') 
in Micro ...)
+       TODO: check
+CVE-2026-58294 (Use after free in Microsoft Edge (Chromium-based) allows an 
unauthoriz ...)
+       TODO: check
+CVE-2026-58293 (External control of file name or path in Microsoft Edge 
(Chromium-base ...)
+       TODO: check
+CVE-2026-58292 (Improper input validation in Microsoft Edge (Chromium-based) 
allows an ...)
+       TODO: check
+CVE-2026-58291 (Operation on a resource after expiration or release in 
Microsoft Edge  ...)
+       TODO: check
+CVE-2026-58290 (Access of resource using incompatible type ('type confusion') 
in Micro ...)
+       TODO: check
+CVE-2026-58289 (Access of resource using incompatible type ('type confusion') 
in Micro ...)
+       TODO: check
+CVE-2026-58288 (Use after free in Microsoft Edge (Chromium-based) allows an 
unauthoriz ...)
+       TODO: check
+CVE-2026-58287 (Use after free in Microsoft Edge (Chromium-based) allows an 
unauthoriz ...)
+       TODO: check
+CVE-2026-58286 (Improper access control in Microsoft Edge (Chromium-based) 
allows an u ...)
+       TODO: check
+CVE-2026-58285 (Access of resource using incompatible type ('type confusion') 
in Micro ...)
+       TODO: check
+CVE-2026-58284 (Improper authorization in Microsoft Edge (Chromium-based) 
allows an un ...)
+       TODO: check
+CVE-2026-58283 (Access of resource using incompatible type ('type confusion') 
in Micro ...)
+       TODO: check
+CVE-2026-58282 (Improper access control in Microsoft Edge (Chromium-based) 
allows an u ...)
+       TODO: check
+CVE-2026-58278 (Server-side request forgery (ssrf) in Microsoft Edge 
(Chromium-based)  ...)
+       TODO: check
+CVE-2026-58276 (Use after free in Microsoft Edge (Chromium-based) allows an 
unauthoriz ...)
+       TODO: check
+CVE-2026-57993 (Server-side request forgery (ssrf) in Microsoft Edge 
(Chromium-based)  ...)
+       TODO: check
+CVE-2026-57992 (Use after free in Microsoft Edge (Chromium-based) allows an 
unauthoriz ...)
+       TODO: check
+CVE-2026-57991 (Improper link resolution before file access ('link following') 
in Micr ...)
+       TODO: check
+CVE-2026-57988 (Relative path traversal in Microsoft Edge (Chromium-based) 
allows an u ...)
+       TODO: check
+CVE-2026-57987 (Server-side request forgery (ssrf) in Microsoft Edge 
(Chromium-based)  ...)
+       TODO: check
+CVE-2026-57986 (Use after free in Microsoft Edge (Chromium-based) allows an 
unauthoriz ...)
+       TODO: check
+CVE-2026-57985 (Improper input validation in Microsoft Edge (Chromium-based) 
allows an ...)
+       TODO: check
+CVE-2026-57984 (Use after free in Microsoft Edge (Chromium-based) allows an 
unauthoriz ...)
+       TODO: check
+CVE-2026-57983 (Improper authorization in Microsoft Edge (Chromium-based) 
allows an un ...)
+       TODO: check
+CVE-2026-57981 (Use after free in Microsoft Edge (Chromium-based) allows an 
unauthoriz ...)
+       TODO: check
+CVE-2026-57977 (Improper neutralization of input during web page generation 
('cross-si ...)
+       TODO: check
+CVE-2026-57975 (Access of resource using incompatible type ('type confusion') 
in Micro ...)
+       TODO: check
+CVE-2026-57974 (Integer overflow or wraparound in Microsoft Edge 
(Chromium-based) allo ...)
+       TODO: check
+CVE-2026-56646 (Exposure of sensitive information to an unauthorized actor in 
Microsof ...)
+       TODO: check
+CVE-2026-56645 (Heap-based buffer overflow in Microsoft Edge (Chromium-based) 
allows a ...)
+       TODO: check
+CVE-2026-55945 (Concurrent execution using shared resource with improper 
synchronizati ...)
+       TODO: check
+CVE-2026-54424 (An Incorrect Use of Privileged APIs vulnerability in Unity 
Parsec on W ...)
+       TODO: check
+CVE-2026-45489 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
+       TODO: check
+CVE-2026-45488 (User interface (ui) misrepresentation of critical information 
in Micro ...)
+       TODO: check
+CVE-2026-28744 (Gitea versions up to and including 1.26.1 allow Git smart HTTP 
request ...)
+       TODO: check
+CVE-2026-28740 (Gitea versions up to and including 1.26.2 allow Git LFS object 
reuse t ...)
+       TODO: check
+CVE-2026-28737 (Gitea versions from 1.25.0 before 1.26.0 allow stored 
cross-site scrip ...)
+       TODO: check
+CVE-2026-28705 (Gitea versions before 1.25.5 use release tag names and asset 
names as  ...)
+       TODO: check
+CVE-2026-28699 (Gitea versions up to and including 1.26.1 allow OAuth2 access 
token sc ...)
+       TODO: check
+CVE-2026-27783 (Gitea versions up to and including 1.26.1 do not enforce 
repository-un ...)
+       TODO: check
+CVE-2026-27780 (Gitea versions before 1.26.0 do not fail closed on 
bufio.Scanner error ...)
+       TODO: check
+CVE-2026-27779 (Gitea versions before 1.25.5 accept malformed or injected 
forwarded-pr ...)
+       TODO: check
+CVE-2026-27775 (Gitea 1.25.5 caches a branch-specific write-permission result 
across m ...)
+       TODO: check
+CVE-2026-27771 (Gitea versions up to and including 1.26.1 have insufficient 
permission ...)
+       TODO: check
+CVE-2026-27761 (Gitea versions up to and including 1.26.2 allow repository RSS 
and Ato ...)
+       TODO: check
+CVE-2026-27660 (Gitea versions before 1.25.5 allow draft release data or 
attachments t ...)
+       TODO: check
+CVE-2026-27657 (Gitea versions before 1.25.5 allow a user to change another 
user's pri ...)
+       TODO: check
+CVE-2026-26307 (Gitea versions before 1.25.5 do not enforce a timeout on git 
grep sear ...)
+       TODO: check
+CVE-2026-26292 (Gitea versions before 1.25.5 do not use the migration HTTP 
transport f ...)
+       TODO: check
+CVE-2026-26247 (Gitea versions before 1.25.5 do not persist the OAuth2 PKCE 
S256 chall ...)
+       TODO: check
+CVE-2026-26232 (Gitea versions before 1.25.5 do not consistently enforce 
OAuth2 author ...)
+       TODO: check
+CVE-2026-26231 (Gitea versions up to and including 1.26.1 allow the Allow 
edits from m ...)
+       TODO: check
+CVE-2026-25782 (Gitea versions before 1.25.5 look up tracked-time entries by 
time ID w ...)
+       TODO: check
+CVE-2026-25779 (Gitea versions up to and including 1.25.4 allow redirect 
bypasses thro ...)
+       TODO: check
+CVE-2026-25718 (Gitea versions before 1.25.5 mishandle path resolution during 
template ...)
+       TODO: check
+CVE-2026-25714 (Gitea versions up to and including 1.26.1 do not apply 
public-only tok ...)
+       TODO: check
+CVE-2026-25712 (Gitea versions before 1.25.5 have insufficient visibility 
checks in or ...)
+       TODO: check
+CVE-2026-25038 (Gitea 1.26.2 allows unauthorized users to access labels of 
private org ...)
+       TODO: check
+CVE-2026-24690 (Gitea versions before 1.25.5 have insufficient permission 
checks for u ...)
+       TODO: check
+CVE-2026-24451 (Gitea 1.26.2 allows fork synchronization to continue after a 
parent re ...)
+       TODO: check
+CVE-2026-22874 (Gitea versions up to and including 1.26.2 have incomplete SSRF 
protect ...)
+       TODO: check
+CVE-2026-22555 (Gitea versions before 1.26.0 allow API users to fork a 
repository into ...)
+       TODO: check
+CVE-2026-22547 (Gitea versions before 1.25.5 lack validation constraints for 
repositor ...)
+       TODO: check
+CVE-2026-20909 (Gitea versions before 1.25.5 have insufficient permission 
checks when  ...)
+       TODO: check
+CVE-2026-20896 (Gitea Docker image versions up to and including 1.26.2 use 
REVERSE_PRO ...)
+       TODO: check
+CVE-2026-20779 (Gitea versions from 1.5.0 before 1.26.3 have a TOTP single-use 
enforce ...)
+       TODO: check
+CVE-2026-20706 (Gitea versions up to and including 1.26.1 allow repository 
archive dow ...)
+       TODO: check
+CVE-2026-14618 (A vulnerability was detected in Open5GS up to 2.7.7. Affected 
by this  ...)
+       TODO: check
+CVE-2026-14617 (A security vulnerability has been detected in NousResearch 
hermes-agen ...)
+       TODO: check
+CVE-2026-14611 (A vulnerability has been found in DeepMyst Mysti up to 0.4.0. 
The affe ...)
+       TODO: check
+CVE-2026-14610 (A flaw has been found in Open Asset Import Library Assimp up 
to 6.0.5. ...)
+       TODO: check
+CVE-2026-14609 (A vulnerability was detected in SourceCodester CET Automated 
Grading S ...)
+       TODO: check
+CVE-2026-14608 (A security vulnerability has been detected in SourceCodester 
CET Autom ...)
+       TODO: check
+CVE-2026-14607 (A weakness has been identified in RT-Thread up to 5.0.2. This 
affects  ...)
+       TODO: check
+CVE-2026-14606 (A security flaw has been discovered in RT-Thread up to 5.0.2. 
Affected ...)
+       TODO: check
+CVE-2026-14605 (A vulnerability was identified in RT-Thread up to 5.0.2. 
Affected by t ...)
+       TODO: check
+CVE-2026-12481 (A vulnerability in keras-team/keras version 3.14.0 allows for 
arbitrar ...)
+       TODO: check
+CVE-2026-12252 (In nltk/nltk versions 3.9.3 and earlier, five Stanford 
interface class ...)
+       TODO: check
+CVE-2025-71380 (The Execute Command node in n8n allows authenticated users to 
execute  ...)
+       TODO: check
+CVE-2025-71375 (picklescan before 0.0.34 fails to detect the 
_operator.methodcaller bu ...)
+       TODO: check
+CVE-2025-71373 (picklescan before 0.0.33 fails to detect operator.methodcaller 
functio ...)
+       TODO: check
+CVE-2025-71372 (Picklescan before 0.0.33 fails to detect the 
numpy.f2py.crackfortran.g ...)
+       TODO: check
+CVE-2025-71369 (picklescan before 0.0.28 fails to detect malicious pickle 
files that u ...)
+       TODO: check
+CVE-2025-71367 (picklescan before 0.0.34 fails to detect _operator.attrgetter 
function ...)
+       TODO: check
+CVE-2025-71366 (picklescan before 0.0.28 fails to detect malicious 
torch.utils.bottlen ...)
+       TODO: check
+CVE-2025-71364 (picklescan before 0.0.30 fails to detect the 
asyncio.unix_events._Unix ...)
+       TODO: check
+CVE-2025-71362 (picklescan before 0.0.33 fails to detect unsafe 
deserialization when n ...)
+       TODO: check
+CVE-2025-71360 (picklescan before 0.0.29 fails to detect malicious pickle 
files using  ...)
+       TODO: check
+CVE-2025-71359 (picklescan before 0.0.29 fails to detect malicious pickle 
payloads tha ...)
+       TODO: check
+CVE-2025-71356 (picklescan before 0.0.28 fails to detect malicious 
torch.fx.experiment ...)
+       TODO: check
+CVE-2025-71353 (picklescan before 0.0.28 fails to detect malicious pickle 
files that e ...)
+       TODO: check
+CVE-2025-71347 (picklescan before 0.0.33 fails to detect malicious pickle 
files using  ...)
+       TODO: check
+CVE-2025-71345 (picklescan before 0.0.30 fails to detect malicious pickle 
files that i ...)
+       TODO: check
+CVE-2025-71343 (picklescan before 0.0.30 fails to detect malicious pickle 
files that e ...)
+       TODO: check
+CVE-2025-71342 (picklescan before 0.0.30 fails to detect malicious pickle 
files using  ...)
+       TODO: check
 CVE-2024-0234
        NOT-FOR-US: Podman Desktop
 CVE-2026-58207
@@ -154,7 +378,7 @@ CVE-2026-10055 (In Eclipse Theia since version 1.26.0, the 
backend /services/req
        NOT-FOR-US: Eclipse
 CVE-2026-10054 (In affected versions of Eclipse Theia (1.8.1 and later), the 
browser b ...)
        NOT-FOR-US: Eclipse
-CVE-2026-14355 [PHP: ext/openssl: Memory corruption (zend_mm_heap corrupted) 
in openssl_encrypt with AES-WRAP-PAD]
+CVE-2026-14355 (In PHP versions 8.2.* before 8.2.32, 8.3.* before 8.3.32, 
8.4.* before ...)
        - php8.4 8.4.23-1
        - php8.2 <removed>
        - php7.4 <removed>
@@ -336,21 +560,27 @@ CVE-2026-58381 (A flaw was found in GIMP's PSP file 
format parser. A double-free
        NOTE: https://gitlab.gnome.org/GNOME/gimp/-/work_items/16207
        NOTE: Fixed by: 
https://gitlab.gnome.org/GNOME/gimp/-/commit/b22e147b9dac6a57c50f3162262aa18fa1b1e210
 (GIMP_3_2_4)
 CVE-2026-13698
+       {DSA-6376-1 DLA-4666-1}
        - openvpn 2.7.5-1
        NOTE: Fixed by: 
https://github.com/OpenVPN/openvpn/commit/b005e4709ce1afbee7c571788cffd915280d646e
 (v2.7.5)
 CVE-2026-11771
+       {DSA-6376-1 DLA-4666-1}
        - openvpn 2.7.5-1
        NOTE: Fixed by: 
https://github.com/OpenVPN/openvpn/commit/04309bfe0313c09edd02c29945893b9d7e2ca920
 (v2.7.5)
 CVE-2026-12932
+       {DSA-6376-1 DLA-4666-1}
        - openvpn 2.7.5-1
        NOTE: Fixed by: 
https://github.com/OpenVPN/openvpn/commit/19c9ad5bb75942f66608d2ae28c0614a0a5c6073
 (v2.7.5)
 CVE-2026-13122
+       {DSA-6376-1 DLA-4666-1}
        - openvpn 2.7.5-1
        NOTE: Fixed by: 
https://github.com/OpenVPN/openvpn/commit/010b6c833b7fdbe889c0c7f8fc33f588a658b81f
 (v2.7.5)
 CVE-2026-13117
+       {DSA-6376-1 DLA-4666-1}
        - openvpn 2.7.5-1
        NOTE: Fixed by: 
https://github.com/OpenVPN/openvpn/commit/3ce0242e68527fd1e8d378aecb57c466e8058b44
 (v2.7.5)
 CVE-2026-12996
+       {DSA-6376-1 DLA-4666-1}
        - openvpn 2.7.5-1
        NOTE: Fixed by: 
https://github.com/OpenVPN/openvpn/commit/5ee1f9b90fe03ecf7cef5431147ecaabbe96db9e
 (v2.7.5)
 CVE-2026-49838



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b51d8c0ee67a2691310e2407771193b1a6da8359

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b51d8c0ee67a2691310e2407771193b1a6da8359
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to