Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
22bf5273 by security tracker role at 2026-07-15T19:13:58+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,379 @@
+CVE-2026-9007 (Improper neutralization of input during web page generation
('cross-si ...)
+ TODO: check
+CVE-2026-8281
+ REJECTED
+CVE-2026-8055
+ REJECTED
+CVE-2026-62948 (OpenWrt is a Linux operating system targeting embedded
devices. Prior ...)
+ TODO: check
+CVE-2026-62947 (OpenWrt is a Linux operating system targeting embedded
devices. Prior ...)
+ TODO: check
+CVE-2026-62843 (File Browser is a file managing interface for uploading,
deleting, pre ...)
+ TODO: check
+CVE-2026-62685 (File Browser is a file managing interface for uploading,
deleting, pre ...)
+ TODO: check
+CVE-2026-62683 (File Browser is a file managing interface for uploading,
deleting, pre ...)
+ TODO: check
+CVE-2026-62389 (ws before 8.21.1 contains a memory exhaustion vulnerability in
lib/rec ...)
+ TODO: check
+CVE-2026-62378 (RustFS Console is a web management console for the RustFS
distributed ...)
+ TODO: check
+CVE-2026-62294 (Flameshot is powerful yet simple to use screenshot software.
Prior to ...)
+ TODO: check
+CVE-2026-62287
+ REJECTED
+CVE-2026-62248
+ REJECTED
+CVE-2026-62180
+ REJECTED
+CVE-2026-62178
+ REJECTED
+CVE-2026-62177
+ REJECTED
+CVE-2026-62175
+ REJECTED
+CVE-2026-62174
+ REJECTED
+CVE-2026-62173
+ REJECTED
+CVE-2026-62172
+ REJECTED
+CVE-2026-62169
+ REJECTED
+CVE-2026-62168
+ REJECTED
+CVE-2026-62165
+ REJECTED
+CVE-2026-62164
+ REJECTED
+CVE-2026-61873 (Grav before 9.1.8 contains an arbitrary file write
vulnerability in th ...)
+ TODO: check
+CVE-2026-61872 (ImageMagick before 7.1.2-26 and 6.9.13-51 contains a memory
leak in th ...)
+ TODO: check
+CVE-2026-61871 (ImageMagick before 7.1.2-26 and 6.9.13-51 contains a memory
leak in th ...)
+ TODO: check
+CVE-2026-61869 (ImageMagick before 7.1.2-26 and 6.9.13-51 contains a memory
leak in th ...)
+ TODO: check
+CVE-2026-61868 (ImageMagick before 7.1.2-26 and 6.9.x before 6.9.13-51
contains a memo ...)
+ TODO: check
+CVE-2026-61867 (ImageMagick before 7.1.2-26 contains a memory leak
vulnerability in th ...)
+ TODO: check
+CVE-2026-61866 (ImageMagick before 7.1.2-26 contains a memory leak
vulnerability in th ...)
+ TODO: check
+CVE-2026-61865 (ImageMagick before 7.1.2-26 and 6.9.13-51 contains a memory
leak in th ...)
+ TODO: check
+CVE-2026-61864 (ImageMagick before 7.1.2-26 and 6.9.13-51 contains a memory
leak in co ...)
+ TODO: check
+CVE-2026-61863 (ImageMagick before 7.1.2-26 (and 6.x before 6.9.13-51)
contains a memo ...)
+ TODO: check
+CVE-2026-61862 (ImageMagick before 7.1.2-26 and 6.9.13-51 contains an
information disc ...)
+ TODO: check
+CVE-2026-61860 (ImageMagick before 7.1.2-26 and 6.9.13-51 contains a
use-after-free vu ...)
+ TODO: check
+CVE-2026-61859 (ImageMagick before 7.1.2-26 and 6.9.13-x before 6.9.13-51
contains a p ...)
+ TODO: check
+CVE-2026-61841
+ REJECTED
+CVE-2026-61839
+ REJECTED
+CVE-2026-61836 (Directus is a real-time API and App dashboard for managing SQL
databas ...)
+ TODO: check
+CVE-2026-61835 (Directus is a real-time API and App dashboard for managing SQL
databas ...)
+ TODO: check
+CVE-2026-61829
+ REJECTED
+CVE-2026-61828 (Nixpkgs is a collection of software packages that can be
installed wit ...)
+ TODO: check
+CVE-2026-61740 (LightRAG provides simple and fast retrieval-augmented
generation. Prio ...)
+ TODO: check
+CVE-2026-61736 (LightRAG provides simple and fast retrieval-augmented
generation. Prio ...)
+ TODO: check
+CVE-2026-61710
+ REJECTED
+CVE-2026-61684 (FastGPT is a knowledge-based AI application platform. In
4.15.0-beta4, ...)
+ TODO: check
+CVE-2026-61646 (FastGPT is a knowledge-based AI application platform. Prior to
4.15.0- ...)
+ TODO: check
+CVE-2026-61644 (FastGPT is a knowledge-based AI application platform. From
4.14.17 unt ...)
+ TODO: check
+CVE-2026-61643 (FastGPT is a knowledge-based AI application platform. From
4.14.17 unt ...)
+ TODO: check
+CVE-2026-61613 (Cursor is a code editor built for programming with AI. Prior
to the Cl ...)
+ TODO: check
+CVE-2026-61606
+ REJECTED
+CVE-2026-61605
+ REJECTED
+CVE-2026-61464 (ImageMagick before 7.1.2-26 and 6.9.13-51 contains a
heap-based buffer ...)
+ TODO: check
+CVE-2026-61457 (The Grav API plugin (getgrav/grav-plugin-api) before 1.0.3
contains a ...)
+ TODO: check
+CVE-2026-61453 (Grav v2.0.0 contains a cross-site scripting vulnerability
(fixed in 2. ...)
+ TODO: check
+CVE-2026-61452 (The Grav API plugin (getgrav/grav-plugin-api) before 2.0.4
contains an ...)
+ TODO: check
+CVE-2026-61451 (The Grav API plugin (grav-plugin-api) before 1.0.4 does not
validate t ...)
+ TODO: check
+CVE-2026-61449 (Grav 2.0.1 contains a decompression-bomb size-cap bypass in
ZipArchive ...)
+ TODO: check
+CVE-2026-61446 (PraisonAI (praisonaiagents) before 1.6.78 contains a remote
code execu ...)
+ TODO: check
+CVE-2026-61443 (PraisonAI before 1.6.78 contains a remote code execution
vulnerability ...)
+ TODO: check
+CVE-2026-61440 (PraisonAI Platform before 0.1.9 fails to properly authorize
label and ...)
+ TODO: check
+CVE-2026-61438 (PraisonAI before 4.6.78 contains a remote code execution
vulnerability ...)
+ TODO: check
+CVE-2026-61436 (PraisonAI before 4.6.78 fails to verify Svix webhook
signatures in Age ...)
+ TODO: check
+CVE-2026-61435 (PraisonAI before 4.6.78 contains an authentication bypass in
the Call ...)
+ TODO: check
+CVE-2026-61433 (PraisonAI before 4.6.78 fails to safely encode deployment
configuratio ...)
+ TODO: check
+CVE-2026-61430 (PraisonAI before 1.6.78 contains a server-side request forgery
vulnera ...)
+ TODO: check
+CVE-2026-61427 (PraisonAI before 4.6.78 exposes the MCP HTTP-stream transport
without ...)
+ TODO: check
+CVE-2026-61371 (Microsoft AVML before 0.17.0 could follow a symlink when
opening a des ...)
+ TODO: check
+CVE-2026-60087 (PraisonAI before 1.6.78 caches tool approval decisions by tool
name on ...)
+ TODO: check
+CVE-2026-60085 (PraisonAI before 4.6.78 contains an unenforced security policy
vulnera ...)
+ TODO: check
+CVE-2026-60065 (When NGINX Plus is configured to use the Message Queuing
Telemetry Tra ...)
+ TODO: check
+CVE-2026-60062 (The NGINX Agent config_dirsdirective allows a low-privileged
attacker ...)
+ TODO: check
+CVE-2026-60005 (NGINX Plus and NGINX Open Source have a vulnerability in the
ngx_http_ ...)
+ TODO: check
+CVE-2026-59955 (Apollo is a reliable configuration management system suitable
for micr ...)
+ TODO: check
+CVE-2026-59954 (Apollo is a reliable configuration management system suitable
for micr ...)
+ TODO: check
+CVE-2026-59838 (A improper neutralization of script-related html tags in a web
page (b ...)
+ TODO: check
+CVE-2026-59762 (When an HTTP/2 profile is configured on a virtual server,
undisclosed ...)
+ TODO: check
+CVE-2026-59259 (n8n before versions 1.123.61, 2.27.4, and 2.28.1 contains a
permission ...)
+ TODO: check
+CVE-2026-59258 (immich before 3.0.3 contains a broken access control
vulnerability in ...)
+ TODO: check
+CVE-2026-59255 (BloodHound through 9.4.0, fixed in commit 8f79035, contains a
missing ...)
+ TODO: check
+CVE-2026-59254 (n8n before 2.28.1 contains an information disclosure
vulnerability whe ...)
+ TODO: check
+CVE-2026-59236 (Authorization Bypass Through User-Controlled Key (CWE-639) in
the Exce ...)
+ TODO: check
+CVE-2026-59235 (Missing Authorization (CWE-862) in BankAccountListController
(app/Http ...)
+ TODO: check
+CVE-2026-58660 (Kanboard through 1.2.52, fixed in commit 564cc30,
BoardAjaxController ...)
+ TODO: check
+CVE-2026-58659 (PyTorch Lightning through 2.6.5, fixed in commit d710d68,
contains a r ...)
+ TODO: check
+CVE-2026-58658 (GPUStack through 2.2.1, fixed in commit 4e20551, contains an
unauthent ...)
+ TODO: check
+CVE-2026-58655 (The bundled Grav Flex Objects plugin
(getgrav/grav-plugin-flex-objects ...)
+ TODO: check
+CVE-2026-58559 (DoS vulnerability in the vibration service.Impact: Successful
exploita ...)
+ TODO: check
+CVE-2026-58558 (Permission control vulnerability in the file system.Impact:
Successful ...)
+ TODO: check
+CVE-2026-58557 (Design defect vulnerability in Expedition mode.Impact:
Successful expl ...)
+ TODO: check
+CVE-2026-58556 (Permission control vulnerability in the Bluetooth
module.Impact: Succe ...)
+ TODO: check
+CVE-2026-58555 (Permission bypass vulnerability in the card module.Impact:
Successful ...)
+ TODO: check
+CVE-2026-58554 (Permission control vulnerability in the Settings
module.Impact: Succes ...)
+ TODO: check
+CVE-2026-58553 (Out-of-bounds read vulnerability in the image codec
module.Impact: Suc ...)
+ TODO: check
+CVE-2026-58552 (Out-of-bounds read vulnerability in the image codec
module.Impact: Suc ...)
+ TODO: check
+CVE-2026-58551 (Out-of-bounds read vulnerability in the image codec
module.Impact: Suc ...)
+ TODO: check
+CVE-2026-58550 (Out-of-bounds read vulnerability in the image codec module.
Impact: Su ...)
+ TODO: check
+CVE-2026-58549 (Out-of-bounds read vulnerability in the image codec module.
Impact: Su ...)
+ TODO: check
+CVE-2026-58077 (The Joomla extension 4Analytics is vulnerable to an
unauthenticated st ...)
+ TODO: check
+CVE-2026-57996 (phpMyFAQ before 4.1.5 contains a privilege escalation
vulnerability in ...)
+ TODO: check
+CVE-2026-57833 (The Joomla extension 4Analytics is vulnerable to an
unauthenticated st ...)
+ TODO: check
+CVE-2026-57832 (The Joomla extension EDocman is vulnerable to an
unauthenticated SQL i ...)
+ TODO: check
+CVE-2026-57831 (The Joomla extension DP Calendar is vulnerable to an
unauthenticated S ...)
+ TODO: check
+CVE-2026-57821 (A SQL Injection vulnerability exists in Apache Fineract's
Office Searc ...)
+ TODO: check
+CVE-2026-56764 (Hono before 4.11.10 contains a timing attack vulnerability in
the basi ...)
+ TODO: check
+CVE-2026-56699 (Wazuh Manager before 5.0.0-beta3 fails to escape the
DataValue.index f ...)
+ TODO: check
+CVE-2026-56687 (Dell ThinOS 10, versions prior to 2605_10.2100, contain an
Obsolete Fe ...)
+ TODO: check
+CVE-2026-56434 (NGINX Plus and NGINX Open Source have a vulnerability in the
ngx_http_ ...)
+ TODO: check
+CVE-2026-56400 (open-webui before 0.3.14 contains a cross-origin resource
sharing misc ...)
+ TODO: check
+CVE-2026-56398 (Open WebUI before 0.9.5 contains a stored cross-site scripting
vulnera ...)
+ TODO: check
+CVE-2026-56375 (ImageMagick through 7.1.2-18 contains a memory leak
vulnerability in t ...)
+ TODO: check
+CVE-2026-56353 (n8n contains an authentication bypass in the Chat Trigger node
when co ...)
+ TODO: check
+CVE-2026-56352 (n8n before 2.19.3 contains a file path restriction bypass in
the legac ...)
+ TODO: check
+CVE-2026-56349 (n8n before version 2.10.0 contains an input validation
vulnerability i ...)
+ TODO: check
+CVE-2026-56339 (Capgo (Cap-go/capgo) before 12.128.2 contains an information
disclosur ...)
+ TODO: check
+CVE-2026-56287 (A boolean-based SQL Injection vulnerability exists in Apache
Fineract' ...)
+ TODO: check
+CVE-2026-56087 (Dell ThinOS 10, versions prior to 2605_10.2100 contain a
Protection Me ...)
+ TODO: check
+CVE-2026-55723 (When NGINX Ingress Controller is configured with Custom
Resource Defin ...)
+ TODO: check
+CVE-2026-55242 (ERPNext is a free and open source Enterprise Resource Planning
tool. P ...)
+ TODO: check
+CVE-2026-54563 (Cloudreve is a self-hosted file management and sharing system.
Prior t ...)
+ TODO: check
+CVE-2026-54562 (Cloudreve is a self-hosted file management and sharing system.
Prior t ...)
+ TODO: check
+CVE-2026-54560 (Cloudreve is a self-hosted file management and sharing system.
From 4. ...)
+ TODO: check
+CVE-2026-54443 (Dashy is a self-hostable personal dashboard. From 1.9.4 until
3.2.0, t ...)
+ TODO: check
+CVE-2026-53518 (Better Auth is an authentication and authorization library for
TypeScr ...)
+ TODO: check
+CVE-2026-53517 (Better Auth is an authentication and authorization library for
TypeScr ...)
+ TODO: check
+CVE-2026-53516 (Better Auth is an authentication and authorization library for
TypeScr ...)
+ TODO: check
+CVE-2026-53515 (Better Auth is an authentication and authorization library for
TypeScr ...)
+ TODO: check
+CVE-2026-53514 (Better Auth is an authentication and authorization library for
TypeScr ...)
+ TODO: check
+CVE-2026-53513 (Better Auth is an authentication and authorization library for
TypeScr ...)
+ TODO: check
+CVE-2026-53512 (Better Auth is an authentication and authorization library for
TypeScr ...)
+ TODO: check
+CVE-2026-52865 (When NGINX Ingress Controller processes Ingress or
TransportServer res ...)
+ TODO: check
+CVE-2026-52843 (Lightpanda is a headless browser designed for AI and
automation. Prior ...)
+ TODO: check
+CVE-2026-52842 (Lightpanda is a headless browser designed for AI and
automation. Prior ...)
+ TODO: check
+CVE-2026-50562 (FastGPT is a knowledge-based AI application platform. At
commit 22ebfa ...)
+ TODO: check
+CVE-2026-50148 (Metabase is an open-source business intelligence and embedded
analytic ...)
+ TODO: check
+CVE-2026-50147 (Metabase is an open-source business intelligence and embedded
analytic ...)
+ TODO: check
+CVE-2026-49997 (SurrealDB is a scalable, distributed, collaborative,
document-graph da ...)
+ TODO: check
+CVE-2026-49988 (Repomix is a tool that packs repositories into AI-friendly
files. Prio ...)
+ TODO: check
+CVE-2026-49987 (Repomix is a tool that packs repositories into AI-friendly
files. Prio ...)
+ TODO: check
+CVE-2026-49501 (Dell PowerScale OneFS versions 9.5.0.0 through 9.10.1.7, and
versions ...)
+ TODO: check
+CVE-2026-48799 (Postiz is an AI social media scheduling tool. Prior to 2.21.8,
Postiz ...)
+ TODO: check
+CVE-2026-47703 (AdGuard Home is a network-wide software for blocking ads and
tracking. ...)
+ TODO: check
+CVE-2026-47164 (Vaultwarden is a Bitwarden-compatible server written in Rust.
Prior to ...)
+ TODO: check
+CVE-2026-47160 (Vaultwarden is a Bitwarden-compatible server written in Rust.
Prior to ...)
+ TODO: check
+CVE-2026-47159 (Vaultwarden is a Bitwarden-compatible server written in Rust.
Prior to ...)
+ TODO: check
+CVE-2026-47158 (Vaultwarden is a Bitwarden-compatible server written in Rust.
Prior to ...)
+ TODO: check
+CVE-2026-46709 (Tabby (formerly Terminus) is a highly configurable terminal
emulator. ...)
+ TODO: check
+CVE-2026-46485 (Dashy is a self-hostable personal dashboard. Prior to 4.0.8,
Dashy dep ...)
+ TODO: check
+CVE-2026-46459 (ICU Scandinavia Boomerang is vulnerable to a missing
authentication fl ...)
+ TODO: check
+CVE-2026-46458 (ICU Scandinavia Boomerang is vulnerable to an information
disclosure f ...)
+ TODO: check
+CVE-2026-45806 (Penpot is an open-source design tool for design and code
collaboration ...)
+ TODO: check
+CVE-2026-45805 (Penpot is an open-source design tool for design and code
collaboration ...)
+ TODO: check
+CVE-2026-45804 (Diffusers is the a library for pretrained diffusion models.
Prior to 0 ...)
+ TODO: check
+CVE-2026-45337 (Better Auth is an authentication and authorization library for
TypeScr ...)
+ TODO: check
+CVE-2026-45150 (Zen is a firefox-based browser. Prior to 1.19.13b, Zen Browser
did not ...)
+ TODO: check
+CVE-2026-44986 (Penpot is an open-source design tool for design and code
collaboration ...)
+ TODO: check
+CVE-2026-43637 (Cornac before 2.6.0 contains a path traversal (Tar Slip)
vulnerability ...)
+ TODO: check
+CVE-2026-42533 (A vulnerability exists in NGINX Plus and NGINX Open Source
when a mapd ...)
+ TODO: check
+CVE-2026-41580 (Stirling-PDF is a locally hosted web application that
facilitates vari ...)
+ TODO: check
+CVE-2026-40633 (Dell PowerScale OneFS versions 9.5.0.0 through 9.10.1.7,
versions 9.11 ...)
+ TODO: check
+CVE-2026-40501 (Cherry Studio versions 1.2.2 through 1.9.12, fixed in commit
1518530, ...)
+ TODO: check
+CVE-2026-35152 (A SQL Injection vulnerability exists in Apache Fineract's
Report Execu ...)
+ TODO: check
+CVE-2026-33213 (Redash is a package for data visualization and sharing. From
5.0.2 to ...)
+ TODO: check
+CVE-2026-20298 (In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8,
and 9.4.13 ...)
+ TODO: check
+CVE-2026-20297 (In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8,
9.4.13, an ...)
+ TODO: check
+CVE-2026-20296 (In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8,
and 9.4.13 ...)
+ TODO: check
+CVE-2026-20187 (As part of Cisco's ongoing commitment to proactive security
and produc ...)
+ TODO: check
+CVE-2026-20158 (As part of Cisco's ongoing commitment to proactive security
and produc ...)
+ TODO: check
+CVE-2026-20157 (As part of Cisco's ongoing commitment to proactive security
and produc ...)
+ TODO: check
+CVE-2026-20156 (As part of Cisco's ongoing commitment to proactive security
and produc ...)
+ TODO: check
+CVE-2026-20153 (As part of Cisco's ongoing commitment to proactive security
and produc ...)
+ TODO: check
+CVE-2026-20150 (As part of Cisco's ongoing commitment to proactive security
and produc ...)
+ TODO: check
+CVE-2026-20146 (A vulnerability in Cisco Identity Services Engine (ISE) and
Cisco ISE ...)
+ TODO: check
+CVE-2026-1563 (Pega Platform versions 8.1.0 through 25.1.2 are affected by an
Reflect ...)
+ TODO: check
+CVE-2026-1562 (Pega Platform versions 8.1.0 through 25.1.2 are affected by an
Stored ...)
+ TODO: check
+CVE-2026-15809 (A flaw was found in CRI-O. The fix for a previous
vulnerability (CVE-2 ...)
+ TODO: check
+CVE-2026-15804 (The HCM developed by MetaGuru has a SQL Injection
vulnerability. Authe ...)
+ TODO: check
+CVE-2026-15779 (A flaw was found in samba's pam_winbind. When mkhomedir is
enabled, pa ...)
+ TODO: check
+CVE-2026-15746 (Strands Agents is an open-source Python SDK for building and
running A ...)
+ TODO: check
+CVE-2026-15583 (A confused-deputy flaw in Grafana MCP Server allows an
unauthenticated ...)
+ TODO: check
+CVE-2026-14961 (Pegatron `Tdelo64.sys` exposes a privileged device interface,
`\\.\Tde ...)
+ TODO: check
+CVE-2026-14960 (Pegatron `Tdelo64.sys` improperly exposes privileged hardware
access f ...)
+ TODO: check
+CVE-2026-14251 (A flaw was found in the OpenShift GitOps operator. The
ClusterRole rec ...)
+ TODO: check
+CVE-2026-12997 (The Gravity Forms plugin for WordPress is vulnerable to
Directory Trav ...)
+ TODO: check
+CVE-2026-12382 (A flaw was found in the AAP Gateway Envoy proxy configuration.
The non ...)
+ TODO: check
+CVE-2026-10673 (The Zephyr ADIN2111/ADIN1110 10BASE-T1S/T1L Ethernet driver
(drivers/e ...)
+ TODO: check
+CVE-2025-32781 (Apollo is a reliable configuration management system suitable
for micr ...)
+ TODO: check
CVE-2026-56136
- ntfs-3g <unfixed>
NOTE:
https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-r66g-c39x-cw95
@@ -5087,7 +5463,8 @@ CVE-2026-56776 (n8n before 1.123.55, 2.25.7, and 2.26.2
contains an authorizatio
NOT-FOR-US: n8n
CVE-2026-56775 (n8n before 1.123.55, 2.25.7, and 2.26.2 contains an
authorization vuln ...)
NOT-FOR-US: n8n
-CVE-2026-56401 (Wazuh wazuh-modulesd before 5.0.0-beta3 contains a null
pointer derefe ...)
+CVE-2026-56401
+ REJECTED
NOT-FOR-US: Wazuh
CVE-2026-56374 (ImageMagick before 7.1.2-19 contains a heap buffer overflow
vulnerabil ...)
- imagemagick 8:7.1.2.19+dfsg1-1
@@ -17350,6 +17727,7 @@ CVE-2026-56116 (dhcpcd through 10.3.2, fixed in commit
708b4a5, contains a memor
CVE-2026-56115 (Bootimus through 0.1.70 contains a broken access control
vulnerability ...)
NOT-FOR-US: Bootimus
CVE-2026-56114 (dhcpcd through 10.3.2, fixed in commit 2f00c7b, contains a
one-byte st ...)
+ {DLA-4686-1}
- dhcpcd 1:10.3.2-4 (bug #1140767)
[trixie] - dhcpcd 1:10.1.0-11+deb13u3
- dhcpcd5 <removed>
@@ -22427,6 +22805,7 @@ CVE-2026-10780 (The Static Block plugin for WordPress
is vulnerable to Insecure
CVE-2026-10635 (On Xtensa targets with CONFIG_USERSPACE and CONFIG_XTENSA_MMU,
the pag ...)
NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2025-70102 (A NULL pointer dereference occurs in Roy Marples
NetworkConfiguration/ ...)
+ {DLA-4686-1}
- dhcpcd 1:10.3.1-1
[trixie] - dhcpcd 1:10.1.0-11+deb13u3
- dhcpcd5 <removed>
@@ -43438,7 +43817,7 @@ CVE-2026-6637 (Stack buffer overflow in PostgreSQL
module "refint" allows an unp
- postgresql-15 <removed>
- postgresql-13 <removed>
NOTE:
https://www.postgresql.org/about/news/postgresql-184-1710-1614-1518-and-1423-released-3297/
-CVE-2026-45793 [Github Actions issued GITHUB_TOKEN disclosure in GitHub
Actions logs]
+CVE-2026-45793 (Composer is a dependency Manager for the PHP language. Prior
to 1.10.2 ...)
- composer 0.9.1+dfsg-1
[trixie] - composer 2.8.8-1+deb13u3
[bookworm] - composer 2.5.5-1+deb12u5
@@ -144941,7 +145320,7 @@ CVE-2025-40990 (Stored Cross Site Scripting
vulnerability in Ekushey CRM v5.0 by
NOT-FOR-US: Ekushey CRM
CVE-2025-40989 (Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0
by Creat ...)
NOT-FOR-US: Ekushey CRM
-CVE-2025-40646 (Stored Cross-Site Scripting (XSS) vulnerability in Energy CRM
v2025 by ...)
+CVE-2025-40646 (Exposure of sensitive information in Viday. This vulnerability
could a ...)
NOT-FOR-US: Viday
CVE-2025-40645 (Exposure of sensitive information in Viday. This vulnerability
could a ...)
NOT-FOR-US: Viday
@@ -221616,106 +221995,127 @@ CVE-2024-13316 (The Scratch & Win \u2013
Giveaways and Contests. Boost subscribe
CVE-2024-12860 (The CarSpot \u2013 Dealership Wordpress Classified Theme theme
for Wor ...)
NOT-FOR-US: WordPress plugin
CVE-2025-1125 (When reading data from a hfs filesystem, grub's hfs filesystem
module ...)
+ {DLA-4685-1}
- grub2 2.12-6 (bug #1098319)
[bookworm] - grub2 2.06-13+deb12u2
NOTE:
https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
CVE-2025-1118 (A flaw was found in grub2. Grub's dump command is not blocked
when gru ...)
+ {DLA-4685-1}
- grub2 2.12-6 (bug #1098319)
[bookworm] - grub2 2.06-13+deb12u2
NOTE:
https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
CVE-2025-0690 (The read command is used to read the keyboard input from the
user, whi ...)
+ {DLA-4685-1}
- grub2 2.12-6 (bug #1098319)
[bookworm] - grub2 2.06-13+deb12u2
NOTE:
https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
CVE-2025-0689 (When reading data from disk, the grub's UDF filesystem module
utilizes ...)
+ {DLA-4685-1}
- grub2 2.12-6 (bug #1098319)
[bookworm] - grub2 2.06-13+deb12u2
NOTE:
https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
CVE-2025-0686 (A flaw was found in grub2. When performing a symlink lookup
from a rom ...)
+ {DLA-4685-1}
- grub2 2.12-6 (bug #1098319)
[bookworm] - grub2 2.06-13+deb12u2
NOTE:
https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
CVE-2025-0685 (A flaw was found in grub2. When reading data from a jfs
filesystem, gr ...)
+ {DLA-4685-1}
- grub2 2.12-6 (bug #1098319)
[bookworm] - grub2 2.06-13+deb12u2
NOTE:
https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
CVE-2025-0684 (A flaw was found in grub2. When performing a symlink lookup
from a rei ...)
+ {DLA-4685-1}
- grub2 2.12-6 (bug #1098319)
[bookworm] - grub2 2.06-13+deb12u2
NOTE:
https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
CVE-2025-0678 (A flaw was found in grub2. When reading data from a squash4
filesystem ...)
+ {DLA-4685-1}
- grub2 2.12-6 (bug #1098319)
[bookworm] - grub2 2.06-13+deb12u2
NOTE:
https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
CVE-2025-0677 (A flaw was found in grub2. When performing a symlink lookup,
the grub' ...)
+ {DLA-4685-1}
- grub2 2.12-6 (bug #1098319)
[bookworm] - grub2 2.06-13+deb12u2
NOTE:
https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
CVE-2025-0624 (A flaw was found in grub2. During the network boot process,
when tryin ...)
+ {DLA-4685-1}
- grub2 2.12-6 (bug #1098319)
[bookworm] - grub2 2.06-13+deb12u2
NOTE:
https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
CVE-2025-0622 (A flaw was found in command/gpg. In some scenarios, hooks
created by l ...)
+ {DLA-4685-1}
- grub2 2.12-6 (bug #1098319)
[bookworm] - grub2 2.06-13+deb12u2
NOTE:
https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
CVE-2024-45783 (A flaw was found in grub2. When failing to mount an HFS+ grub,
the hfs ...)
+ {DLA-4685-1}
- grub2 2.12-6 (bug #1098319)
[bookworm] - grub2 2.06-13+deb12u2
NOTE:
https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
CVE-2024-45782 (A flaw was found in the HFS filesystem. When reading an HFS
volume's n ...)
+ {DLA-4685-1}
- grub2 2.12-6 (bug #1098319)
[bookworm] - grub2 2.06-13+deb12u2
NOTE:
https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
CVE-2024-45781 (A flaw was found in grub2. When reading a symbolic link's name
from a ...)
+ {DLA-4685-1}
- grub2 2.12-6 (bug #1098319)
[bookworm] - grub2 2.06-13+deb12u2
NOTE:
https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
CVE-2024-45780 (A flaw was found in grub2. When reading tar files, grub2
allocates an ...)
+ {DLA-4685-1}
- grub2 2.12-6 (bug #1098319)
[bookworm] - grub2 2.06-13+deb12u2
NOTE:
https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
CVE-2024-45779 (An integer overflow flaw was found in the BFS file system
driver in gr ...)
+ {DLA-4685-1}
- grub2 2.12-6 (bug #1098319)
[bookworm] - grub2 2.06-13+deb12u2
NOTE:
https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
CVE-2024-45778 (A stack overflow flaw was found when reading a BFS file
system. A craf ...)
+ {DLA-4685-1}
- grub2 2.12-6 (bug #1098319)
[bookworm] - grub2 2.06-13+deb12u2
NOTE:
https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
CVE-2024-45777 (A flaw was found in grub2. The calculation of the translation
buffer w ...)
+ {DLA-4685-1}
- grub2 2.12-6 (bug #1098319)
[bookworm] - grub2 2.06-13+deb12u2
NOTE:
https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
CVE-2024-45776 (When reading the language .mo file in grub_mofile_open(),
grub2 fails ...)
+ {DLA-4685-1}
- grub2 2.12-6 (bug #1098319)
[bookworm] - grub2 2.06-13+deb12u2
NOTE:
https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
CVE-2024-45775 (A flaw was found in grub2 where the grub_extcmd_dispatcher()
function ...)
+ {DLA-4685-1}
- grub2 2.12-6 (bug #1098319)
[bookworm] - grub2 2.06-13+deb12u2
NOTE:
https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
CVE-2024-45774 (A flaw was found in grub2. A specially crafted JPEG file can
cause the ...)
+ {DLA-4685-1}
- grub2 2.12-6 (bug #1098319)
[bookworm] - grub2 2.06-13+deb12u2
NOTE:
https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/22bf5273c551be181a709505ee2899e8bba10690
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/22bf5273c551be181a709505ee2899e8bba10690
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits