Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ead37b18 by security tracker role at 2026-07-12T19:13:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,81 @@
+CVE-2026-61876 (LuCI versions fail to properly encode DHCPv6 lease hostnames
before re ...)
+ TODO: check
+CVE-2026-61875 (luci-app-upnp contains a stored cross-site scripting
vulnerability tha ...)
+ TODO: check
+CVE-2026-61874 (filebrowser versions before 2.63.17 fail to normalize paths
before que ...)
+ TODO: check
+CVE-2026-59260 (OpenWrt luci-app-samba4 read ACL grants file.exec permission
on /usr/s ...)
+ TODO: check
+CVE-2026-58596 (Untrusted pointer dereference in Microsoft Edge
(Chromium-based) allow ...)
+ TODO: check
+CVE-2026-56336 (Capgo before 12.128.2 contains an information disclosure
vulnerability ...)
+ TODO: check
+CVE-2026-56313 (Capgo before 12.128.2 contains a cross-organization account
disruption ...)
+ TODO: check
+CVE-2026-56308 (Capgo before 12.128.2 allows email address changes without
requiring c ...)
+ TODO: check
+CVE-2026-56281 (Capgo before 12.128.2 contains a sql injection vulnerability
in the PO ...)
+ TODO: check
+CVE-2026-56271 (Flowise before 3.1.0 (affected versions 3.0.13 and earlier)
uses weak ...)
+ TODO: check
+CVE-2026-56260 (Crawl4AI before 0.8.7 contains an arbitrary file write
vulnerability i ...)
+ TODO: check
+CVE-2026-56259 (Crawl4AI before 0.8.8 contains credential exfiltration
vulnerabilities ...)
+ TODO: check
+CVE-2026-56252 (Capgo before 12.128.2 contains a scope isolation vulnerability
in the ...)
+ TODO: check
+CVE-2026-56241 (Capgo before 12.128.2 contains a privilege escalation
vulnerability wh ...)
+ TODO: check
+CVE-2026-56238 (Capgo before 12.128.2 contains an information disclosure
vulnerability ...)
+ TODO: check
+CVE-2026-15502 (A vulnerability was detected in AojiaoZero Antaris 1.0. This
affects t ...)
+ TODO: check
+CVE-2026-15501 (A security vulnerability has been detected in AstrBotDevs
AstrBot up t ...)
+ TODO: check
+CVE-2026-15500 (A weakness has been identified in AstrBotDevs AstrBot up to
4.25.2. Af ...)
+ TODO: check
+CVE-2026-15499 (A security flaw has been discovered in AstrBotDevs AstrBot up
to 4.25. ...)
+ TODO: check
+CVE-2026-15498 (A vulnerability was identified in sergomanov SmartHomeAdatum
up to cf4 ...)
+ TODO: check
+CVE-2026-15497 (A vulnerability was determined in SonicCloudOrg sonic-agent up
to 2.7. ...)
+ TODO: check
+CVE-2026-15496 (A vulnerability was found in SonicCloudOrg sonic-agent up to
2.7.2. Th ...)
+ TODO: check
+CVE-2026-15495 (A vulnerability has been found in SonicCloudOrg sonic-agent up
to 2.7. ...)
+ TODO: check
+CVE-2026-15494 (A flaw has been found in AMTT Hotel Broadband Operation System
1.0. Im ...)
+ TODO: check
+CVE-2026-15493 (A vulnerability was detected in Akpali9
Attendance-Management-System u ...)
+ TODO: check
+CVE-2026-15492 (A security vulnerability has been detected in igweze wizgrade
up to b1 ...)
+ TODO: check
+CVE-2026-15491 (A weakness has been identified in RafyMrX TOKO-ONLINE-ROTI up
to ddfe1 ...)
+ TODO: check
+CVE-2026-15490 (A security flaw has been discovered in RafyMrX
TOKO-ONLINE-ROTI up to ...)
+ TODO: check
+CVE-2026-15489 (A vulnerability was identified in RafyMrX TOKO-ONLINE-ROTI up
to ddfe1 ...)
+ TODO: check
+CVE-2026-15488 (A vulnerability was determined in hcr707305003 shiroiAdmin
1.1/1.3. Af ...)
+ TODO: check
+CVE-2026-15487 (A vulnerability was found in TRENDnet TEW-821DAP 1.11B03. This
impacts ...)
+ TODO: check
+CVE-2026-15486 (A vulnerability has been found in TRENDnet TEW-821DAP 1.11B03.
This af ...)
+ TODO: check
+CVE-2026-15485 (A flaw has been found in TRENDnet TEW-821DAP 1.11B03. The
impacted ele ...)
+ TODO: check
+CVE-2026-10668 (The Nuvoton NuMaker HSUSBD USB device-controller driver
(drivers/usb/u ...)
+ TODO: check
+CVE-2026-10667 (Zephyr's dynamic kernel-object tracking
(kernel/userspace/userspace.c, ...)
+ TODO: check
+CVE-2026-10666 (parse_ipv4() in subsys/net/ip/utils.c (reached via
net_ipaddr_parse() ...)
+ TODO: check
+CVE-2026-10665 (In Zephyr's WireGuard subsystem (subsys/net/lib/wireguard),
wg_process ...)
+ TODO: check
+CVE-2026-10664 (The nRF70 Wi-Fi driver's power-save event handler
nrf_wifi_event_proc_ ...)
+ TODO: check
+CVE-2026-10663 (In Zephyr's experimental USB host stack
(CONFIG_USB_HOST_STACK), usbh_ ...)
+ TODO: check
CVE-2026-58281 (Deserialization of untrusted data in Microsoft Edge
(Chromium-based) a ...)
NOT-FOR-US: Microsoft
CVE-2026-15484 (A vulnerability was detected in TRENDnet TEW-821DAP 1.12B01.
The affec ...)
@@ -1800,111 +1878,111 @@ CVE-2026-0288 (Multiple buffer overflow
vulnerabilities in the User-ID Terminal
CVE-2025-12506 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
NOT-FOR-US: GitLab (used to be packaged in the Debian archive as
src:gitlab, but never in a stable release)
CVE-2026-15112 (Use after free in Ozone in Google Chrome prior to
150.0.7871.115 allow ...)
- {DSA-6387-1}
+ {DSA-6387-1 DLA-4677-1}
- chromium 150.0.7871.114-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-15129 (Use after free in Views in Google Chrome prior to
150.0.7871.115 allow ...)
- {DSA-6387-1}
+ {DSA-6387-1 DLA-4677-1}
- chromium 150.0.7871.114-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-15132 (Uninitialized Use in V8 in Google Chrome prior to
150.0.7871.115 allow ...)
- {DSA-6387-1}
+ {DSA-6387-1 DLA-4677-1}
- chromium 150.0.7871.114-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-15133 (Use after free in InterestGroups in Google Chrome prior to
150.0.7871. ...)
- {DSA-6387-1}
+ {DSA-6387-1 DLA-4677-1}
- chromium 150.0.7871.114-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-15108 (Integer overflow in Extensions API in Google Chrome prior to
150.0.787 ...)
- {DSA-6387-1}
+ {DSA-6387-1 DLA-4677-1}
- chromium 150.0.7871.114-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-15109 (Uninitialized Use in ANGLE in Google Chrome prior to
150.0.7871.115 al ...)
- {DSA-6387-1}
+ {DSA-6387-1 DLA-4677-1}
- chromium 150.0.7871.114-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-15110 (Use after free in Extensions in Google Chrome prior to
150.0.7871.115 ...)
- {DSA-6387-1}
+ {DSA-6387-1 DLA-4677-1}
- chromium 150.0.7871.114-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-15111 (Use after free in Views in Google Chrome prior to
150.0.7871.115 allow ...)
- {DSA-6387-1}
+ {DSA-6387-1 DLA-4677-1}
- chromium 150.0.7871.114-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-15113 (Use after free in Autofill in Google Chrome on Android prior
to 150.0. ...)
- {DSA-6387-1}
+ {DSA-6387-1 DLA-4677-1}
- chromium 150.0.7871.114-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-15114 (Out of bounds read and write in Codecs in Google Chrome prior
to 150.0 ...)
- {DSA-6387-1}
+ {DSA-6387-1 DLA-4677-1}
- chromium 150.0.7871.114-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-15115 (Insufficient validation of untrusted input in WebAppInstalls
in Google ...)
- {DSA-6387-1}
+ {DSA-6387-1 DLA-4677-1}
- chromium 150.0.7871.114-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-15116 (Use after free in Actor in Google Chrome prior to
150.0.7871.115 allow ...)
- {DSA-6387-1}
+ {DSA-6387-1 DLA-4677-1}
- chromium 150.0.7871.114-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-15117 (Use after free in Payments in Google Chrome prior to
150.0.7871.115 al ...)
- {DSA-6387-1}
+ {DSA-6387-1 DLA-4677-1}
- chromium 150.0.7871.114-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-15118 (Use after free in Input in Google Chrome prior to
150.0.7871.115 allow ...)
- {DSA-6387-1}
+ {DSA-6387-1 DLA-4677-1}
- chromium 150.0.7871.114-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-15119 (Race in GetUserMedia in Google Chrome prior to 150.0.7871.115
allowed ...)
- {DSA-6387-1}
+ {DSA-6387-1 DLA-4677-1}
- chromium 150.0.7871.114-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-15120 (Use after free in Core in Google Chrome on Windows prior to
150.0.7871 ...)
- {DSA-6387-1}
+ {DSA-6387-1 DLA-4677-1}
- chromium 150.0.7871.114-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-15121 (Use after free in WebRTC in Google Chrome prior to
150.0.7871.115 allo ...)
- {DSA-6387-1}
+ {DSA-6387-1 DLA-4677-1}
- chromium 150.0.7871.114-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-15122 (Insufficient validation of untrusted input in Codecs in Google
Chrome ...)
- {DSA-6387-1}
+ {DSA-6387-1 DLA-4677-1}
- chromium 150.0.7871.114-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-15123 (Inappropriate implementation in DOM in Google Chrome prior to
150.0.78 ...)
- {DSA-6387-1}
+ {DSA-6387-1 DLA-4677-1}
- chromium 150.0.7871.114-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-15124 (Insufficient policy enforcement in Passwords in Google Chrome
prior to ...)
- {DSA-6387-1}
+ {DSA-6387-1 DLA-4677-1}
- chromium 150.0.7871.114-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-15125 (Inappropriate implementation in Forms in Google Chrome prior
to 150.0. ...)
- {DSA-6387-1}
+ {DSA-6387-1 DLA-4677-1}
- chromium 150.0.7871.114-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-15126 (Use after free in Forms in Google Chrome prior to
150.0.7871.115 allow ...)
- {DSA-6387-1}
+ {DSA-6387-1 DLA-4677-1}
- chromium 150.0.7871.114-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-15127 (Inappropriate implementation in WebGL in Google Chrome prior
to 150.0. ...)
- {DSA-6387-1}
+ {DSA-6387-1 DLA-4677-1}
- chromium 150.0.7871.114-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-15128 (Inappropriate implementation in Forms in Google Chrome prior
to 150.0. ...)
- {DSA-6387-1}
+ {DSA-6387-1 DLA-4677-1}
- chromium 150.0.7871.114-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-15130 (Insufficient policy enforcement in Navigation in Google Chrome
prior t ...)
- {DSA-6387-1}
+ {DSA-6387-1 DLA-4677-1}
- chromium 150.0.7871.114-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-15107 (Use after free in IndexedDB in Google Chrome prior to
150.0.7871.115 a ...)
- {DSA-6387-1}
+ {DSA-6387-1 DLA-4677-1}
- chromium 150.0.7871.114-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-15131 (Inappropriate implementation in Navigation in Google Chrome
prior to 1 ...)
- {DSA-6387-1}
+ {DSA-6387-1 DLA-4677-1}
- chromium 150.0.7871.114-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9074 (IBM API Connect 10.0.8.0 through 10.0.8.9 and12.1.0.0 through
12.1.0.3 ...)
@@ -2730,14 +2808,17 @@ CVE-2026-10570 (The Sympl Repeater for ACF and
Elementor plugin for WordPress is
CVE-2025-12799 (A flaw was found in Jastow. Jastow is vulnerable to Cross-Site
Scripti ...)
NOT-FOR-US: Jastow
CVE-2026-56003 (A heap buffer overflow due to missing size checking in the
property bu ...)
+ {DLA-4678-1}
- libxfont 1:2.0.8-1 (bug #1141702)
NOTE: https://www.openwall.com/lists/oss-security/2026/07/08/1
NOTE: Fixed by:
https://gitlab.freedesktop.org/xorg/lib/libxfont/-/commit/dff957a5158da038a282a59a31fe736702732939
(libXfont2-2.0.8)
CVE-2026-56002 (A heap bufferflow in pcfReadFont() due to missing glyph bounds
checkin ...)
+ {DLA-4678-1}
- libxfont 1:2.0.8-1 (bug #1141702)
NOTE: https://www.openwall.com/lists/oss-security/2026/07/08/1
NOTE: Fixed by:
https://gitlab.freedesktop.org/xorg/lib/libxfont/-/commit/b4389e0b1d84a690b819bb27b1439968811a3674
(libXfont2-2.0.8)
CVE-2026-56001 (A heap buffer overflow in BitmapScaleBitmaps in libXfont2
before 2.0.8 ...)
+ {DLA-4678-1}
- libxfont 1:2.0.8-1 (bug #1141702)
NOTE: https://www.openwall.com/lists/oss-security/2026/07/08/1
NOTE: Fixed by:
https://gitlab.freedesktop.org/xorg/lib/libxfont/-/commit/be0b08e2d354138d3222b4490e2a77c6ee42f778
(libXfont2-2.0.8)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ead37b18310869b4108ee2675cbc501338967a70
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ead37b18310869b4108ee2675cbc501338967a70
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits