Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
ead37b18 by security tracker role at 2026-07-12T19:13:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,81 @@
+CVE-2026-61876 (LuCI versions fail to properly encode DHCPv6 lease hostnames 
before re ...)
+       TODO: check
+CVE-2026-61875 (luci-app-upnp contains a stored cross-site scripting 
vulnerability tha ...)
+       TODO: check
+CVE-2026-61874 (filebrowser versions before 2.63.17 fail to normalize paths 
before que ...)
+       TODO: check
+CVE-2026-59260 (OpenWrt luci-app-samba4 read ACL grants file.exec permission 
on /usr/s ...)
+       TODO: check
+CVE-2026-58596 (Untrusted pointer dereference in Microsoft Edge 
(Chromium-based) allow ...)
+       TODO: check
+CVE-2026-56336 (Capgo before 12.128.2 contains an information disclosure 
vulnerability ...)
+       TODO: check
+CVE-2026-56313 (Capgo before 12.128.2 contains a cross-organization account 
disruption ...)
+       TODO: check
+CVE-2026-56308 (Capgo before 12.128.2 allows email address changes without 
requiring c ...)
+       TODO: check
+CVE-2026-56281 (Capgo before 12.128.2 contains a sql injection vulnerability 
in the PO ...)
+       TODO: check
+CVE-2026-56271 (Flowise before 3.1.0 (affected versions 3.0.13 and earlier) 
uses weak  ...)
+       TODO: check
+CVE-2026-56260 (Crawl4AI before 0.8.7 contains an arbitrary file write 
vulnerability i ...)
+       TODO: check
+CVE-2026-56259 (Crawl4AI before 0.8.8 contains credential exfiltration 
vulnerabilities ...)
+       TODO: check
+CVE-2026-56252 (Capgo before 12.128.2 contains a scope isolation vulnerability 
in the  ...)
+       TODO: check
+CVE-2026-56241 (Capgo before 12.128.2 contains a privilege escalation 
vulnerability wh ...)
+       TODO: check
+CVE-2026-56238 (Capgo before 12.128.2 contains an information disclosure 
vulnerability ...)
+       TODO: check
+CVE-2026-15502 (A vulnerability was detected in AojiaoZero Antaris 1.0. This 
affects t ...)
+       TODO: check
+CVE-2026-15501 (A security vulnerability has been detected in AstrBotDevs 
AstrBot up t ...)
+       TODO: check
+CVE-2026-15500 (A weakness has been identified in AstrBotDevs AstrBot up to 
4.25.2. Af ...)
+       TODO: check
+CVE-2026-15499 (A security flaw has been discovered in AstrBotDevs AstrBot up 
to 4.25. ...)
+       TODO: check
+CVE-2026-15498 (A vulnerability was identified in sergomanov SmartHomeAdatum 
up to cf4 ...)
+       TODO: check
+CVE-2026-15497 (A vulnerability was determined in SonicCloudOrg sonic-agent up 
to 2.7. ...)
+       TODO: check
+CVE-2026-15496 (A vulnerability was found in SonicCloudOrg sonic-agent up to 
2.7.2. Th ...)
+       TODO: check
+CVE-2026-15495 (A vulnerability has been found in SonicCloudOrg sonic-agent up 
to 2.7. ...)
+       TODO: check
+CVE-2026-15494 (A flaw has been found in AMTT Hotel Broadband Operation System 
1.0. Im ...)
+       TODO: check
+CVE-2026-15493 (A vulnerability was detected in Akpali9 
Attendance-Management-System u ...)
+       TODO: check
+CVE-2026-15492 (A security vulnerability has been detected in igweze wizgrade 
up to b1 ...)
+       TODO: check
+CVE-2026-15491 (A weakness has been identified in RafyMrX TOKO-ONLINE-ROTI up 
to ddfe1 ...)
+       TODO: check
+CVE-2026-15490 (A security flaw has been discovered in RafyMrX 
TOKO-ONLINE-ROTI up to  ...)
+       TODO: check
+CVE-2026-15489 (A vulnerability was identified in RafyMrX TOKO-ONLINE-ROTI up 
to ddfe1 ...)
+       TODO: check
+CVE-2026-15488 (A vulnerability was determined in hcr707305003 shiroiAdmin 
1.1/1.3. Af ...)
+       TODO: check
+CVE-2026-15487 (A vulnerability was found in TRENDnet TEW-821DAP 1.11B03. This 
impacts ...)
+       TODO: check
+CVE-2026-15486 (A vulnerability has been found in TRENDnet TEW-821DAP 1.11B03. 
This af ...)
+       TODO: check
+CVE-2026-15485 (A flaw has been found in TRENDnet TEW-821DAP 1.11B03. The 
impacted ele ...)
+       TODO: check
+CVE-2026-10668 (The Nuvoton NuMaker HSUSBD USB device-controller driver 
(drivers/usb/u ...)
+       TODO: check
+CVE-2026-10667 (Zephyr's dynamic kernel-object tracking 
(kernel/userspace/userspace.c, ...)
+       TODO: check
+CVE-2026-10666 (parse_ipv4() in subsys/net/ip/utils.c (reached via 
net_ipaddr_parse()  ...)
+       TODO: check
+CVE-2026-10665 (In Zephyr's WireGuard subsystem (subsys/net/lib/wireguard), 
wg_process ...)
+       TODO: check
+CVE-2026-10664 (The nRF70 Wi-Fi driver's power-save event handler 
nrf_wifi_event_proc_ ...)
+       TODO: check
+CVE-2026-10663 (In Zephyr's experimental USB host stack 
(CONFIG_USB_HOST_STACK), usbh_ ...)
+       TODO: check
 CVE-2026-58281 (Deserialization of untrusted data in Microsoft Edge 
(Chromium-based) a ...)
        NOT-FOR-US: Microsoft
 CVE-2026-15484 (A vulnerability was detected in TRENDnet TEW-821DAP 1.12B01. 
The affec ...)
@@ -1800,111 +1878,111 @@ CVE-2026-0288 (Multiple buffer overflow 
vulnerabilities in the User-ID Terminal
 CVE-2025-12506 (GitLab has remediated an issue in GitLab CE/EE affecting all 
versions  ...)
        NOT-FOR-US: GitLab (used to be packaged in the Debian archive as 
src:gitlab, but never in a stable release)
 CVE-2026-15112 (Use after free in Ozone in Google Chrome prior to 
150.0.7871.115 allow ...)
-       {DSA-6387-1}
+       {DSA-6387-1 DLA-4677-1}
        - chromium 150.0.7871.114-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-15129 (Use after free in Views in Google Chrome prior to 
150.0.7871.115 allow ...)
-       {DSA-6387-1}
+       {DSA-6387-1 DLA-4677-1}
        - chromium 150.0.7871.114-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-15132 (Uninitialized Use in V8 in Google Chrome prior to 
150.0.7871.115 allow ...)
-       {DSA-6387-1}
+       {DSA-6387-1 DLA-4677-1}
        - chromium 150.0.7871.114-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-15133 (Use after free in InterestGroups in Google Chrome prior to 
150.0.7871. ...)
-       {DSA-6387-1}
+       {DSA-6387-1 DLA-4677-1}
        - chromium 150.0.7871.114-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-15108 (Integer overflow in Extensions API in Google Chrome prior to 
150.0.787 ...)
-       {DSA-6387-1}
+       {DSA-6387-1 DLA-4677-1}
        - chromium 150.0.7871.114-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-15109 (Uninitialized Use in ANGLE in Google Chrome prior to 
150.0.7871.115 al ...)
-       {DSA-6387-1}
+       {DSA-6387-1 DLA-4677-1}
        - chromium 150.0.7871.114-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-15110 (Use after free in Extensions in Google Chrome prior to 
150.0.7871.115  ...)
-       {DSA-6387-1}
+       {DSA-6387-1 DLA-4677-1}
        - chromium 150.0.7871.114-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-15111 (Use after free in Views in Google Chrome prior to 
150.0.7871.115 allow ...)
-       {DSA-6387-1}
+       {DSA-6387-1 DLA-4677-1}
        - chromium 150.0.7871.114-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-15113 (Use after free in Autofill in Google Chrome on Android prior 
to 150.0. ...)
-       {DSA-6387-1}
+       {DSA-6387-1 DLA-4677-1}
        - chromium 150.0.7871.114-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-15114 (Out of bounds read and write in Codecs in Google Chrome prior 
to 150.0 ...)
-       {DSA-6387-1}
+       {DSA-6387-1 DLA-4677-1}
        - chromium 150.0.7871.114-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-15115 (Insufficient validation of untrusted input in WebAppInstalls 
in Google ...)
-       {DSA-6387-1}
+       {DSA-6387-1 DLA-4677-1}
        - chromium 150.0.7871.114-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-15116 (Use after free in Actor in Google Chrome prior to 
150.0.7871.115 allow ...)
-       {DSA-6387-1}
+       {DSA-6387-1 DLA-4677-1}
        - chromium 150.0.7871.114-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-15117 (Use after free in Payments in Google Chrome prior to 
150.0.7871.115 al ...)
-       {DSA-6387-1}
+       {DSA-6387-1 DLA-4677-1}
        - chromium 150.0.7871.114-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-15118 (Use after free in Input in Google Chrome prior to 
150.0.7871.115 allow ...)
-       {DSA-6387-1}
+       {DSA-6387-1 DLA-4677-1}
        - chromium 150.0.7871.114-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-15119 (Race in GetUserMedia in Google Chrome prior to 150.0.7871.115 
allowed  ...)
-       {DSA-6387-1}
+       {DSA-6387-1 DLA-4677-1}
        - chromium 150.0.7871.114-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-15120 (Use after free in Core in Google Chrome on Windows prior to 
150.0.7871 ...)
-       {DSA-6387-1}
+       {DSA-6387-1 DLA-4677-1}
        - chromium 150.0.7871.114-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-15121 (Use after free in WebRTC in Google Chrome prior to 
150.0.7871.115 allo ...)
-       {DSA-6387-1}
+       {DSA-6387-1 DLA-4677-1}
        - chromium 150.0.7871.114-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-15122 (Insufficient validation of untrusted input in Codecs in Google 
Chrome  ...)
-       {DSA-6387-1}
+       {DSA-6387-1 DLA-4677-1}
        - chromium 150.0.7871.114-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-15123 (Inappropriate implementation in DOM in Google Chrome prior to 
150.0.78 ...)
-       {DSA-6387-1}
+       {DSA-6387-1 DLA-4677-1}
        - chromium 150.0.7871.114-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-15124 (Insufficient policy enforcement in Passwords in Google Chrome 
prior to ...)
-       {DSA-6387-1}
+       {DSA-6387-1 DLA-4677-1}
        - chromium 150.0.7871.114-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-15125 (Inappropriate implementation in Forms in Google Chrome prior 
to 150.0. ...)
-       {DSA-6387-1}
+       {DSA-6387-1 DLA-4677-1}
        - chromium 150.0.7871.114-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-15126 (Use after free in Forms in Google Chrome prior to 
150.0.7871.115 allow ...)
-       {DSA-6387-1}
+       {DSA-6387-1 DLA-4677-1}
        - chromium 150.0.7871.114-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-15127 (Inappropriate implementation in WebGL in Google Chrome prior 
to 150.0. ...)
-       {DSA-6387-1}
+       {DSA-6387-1 DLA-4677-1}
        - chromium 150.0.7871.114-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-15128 (Inappropriate implementation in Forms in Google Chrome prior 
to 150.0. ...)
-       {DSA-6387-1}
+       {DSA-6387-1 DLA-4677-1}
        - chromium 150.0.7871.114-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-15130 (Insufficient policy enforcement in Navigation in Google Chrome 
prior t ...)
-       {DSA-6387-1}
+       {DSA-6387-1 DLA-4677-1}
        - chromium 150.0.7871.114-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-15107 (Use after free in IndexedDB in Google Chrome prior to 
150.0.7871.115 a ...)
-       {DSA-6387-1}
+       {DSA-6387-1 DLA-4677-1}
        - chromium 150.0.7871.114-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-15131 (Inappropriate implementation in Navigation in Google Chrome 
prior to 1 ...)
-       {DSA-6387-1}
+       {DSA-6387-1 DLA-4677-1}
        - chromium 150.0.7871.114-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-9074 (IBM API Connect 10.0.8.0 through 10.0.8.9 and12.1.0.0 through 
12.1.0.3 ...)
@@ -2730,14 +2808,17 @@ CVE-2026-10570 (The Sympl Repeater for ACF and 
Elementor plugin for WordPress is
 CVE-2025-12799 (A flaw was found in Jastow. Jastow is vulnerable to Cross-Site 
Scripti ...)
        NOT-FOR-US: Jastow
 CVE-2026-56003 (A heap buffer overflow due to missing size checking in the 
property bu ...)
+       {DLA-4678-1}
        - libxfont 1:2.0.8-1 (bug #1141702)
        NOTE: https://www.openwall.com/lists/oss-security/2026/07/08/1
        NOTE: Fixed by: 
https://gitlab.freedesktop.org/xorg/lib/libxfont/-/commit/dff957a5158da038a282a59a31fe736702732939
 (libXfont2-2.0.8)
 CVE-2026-56002 (A heap bufferflow in pcfReadFont() due to missing glyph bounds 
checkin ...)
+       {DLA-4678-1}
        - libxfont 1:2.0.8-1 (bug #1141702)
        NOTE: https://www.openwall.com/lists/oss-security/2026/07/08/1
        NOTE: Fixed by: 
https://gitlab.freedesktop.org/xorg/lib/libxfont/-/commit/b4389e0b1d84a690b819bb27b1439968811a3674
 (libXfont2-2.0.8)
 CVE-2026-56001 (A heap buffer overflow in BitmapScaleBitmaps in libXfont2 
before 2.0.8 ...)
+       {DLA-4678-1}
        - libxfont 1:2.0.8-1 (bug #1141702)
        NOTE: https://www.openwall.com/lists/oss-security/2026/07/08/1
        NOTE: Fixed by: 
https://gitlab.freedesktop.org/xorg/lib/libxfont/-/commit/be0b08e2d354138d3222b4490e2a77c6ee42f778
 (libXfont2-2.0.8)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ead37b18310869b4108ee2675cbc501338967a70

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ead37b18310869b4108ee2675cbc501338967a70
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to