Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
97c175e7 by security tracker role at 2026-07-17T19:13:43+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,253 @@
+CVE-2026-9762 (IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is 
vulnerable ...)
+       TODO: check
+CVE-2026-9656 (The HubSpot All-In-One Marketing \u2013 Forms, Popups, Live 
Chat plugi ...)
+       TODO: check
+CVE-2026-9602 (Mattermost Desktop App versions <=6.2 6.0.2 5.6.13.0 fail to 
validate  ...)
+       TODO: check
+CVE-2026-9592 (SEPPmail Secure Email Gateway & SEPPmail Cloud before version 
15.0.4.2 ...)
+       TODO: check
+CVE-2026-9588 (A stored cross-site scripting (XSS) vulnerability exists in 
Sangoma Sw ...)
+       TODO: check
+CVE-2026-9587 (An authenticated local file inclusion vulnerability exists in 
Sangoma  ...)
+       TODO: check
+CVE-2026-9586 (An unauthenticated SQL injection vulnerability exists in 
Sangoma Switc ...)
+       TODO: check
+CVE-2026-9585 (An unauthenticated reflected cross-site scripting (XSS) 
vulnerability  ...)
+       TODO: check
+CVE-2026-9537 (Mojo::JWT versions before 1.02 for Perl verify HMAC signatures 
with a  ...)
+       TODO: check
+CVE-2026-9202 (IBM Langflow OSS 1.0.0 through 1.10.0 allows unauthenticated 
attackers ...)
+       TODO: check
+CVE-2026-9198 (IBM Langflow OSS 1.0.0 through 1.10.0 allows unauthenticated 
attackers ...)
+       TODO: check
+CVE-2026-9171 (IBM PowerVM Novalink are vulnerable to a denial of service, 
caused by  ...)
+       TODO: check
+CVE-2026-9135 (IBM Langflow OSS 1.0.0 through 1.10.0 Langflow versions up to 
1.9.2 (c ...)
+       TODO: check
+CVE-2026-9103 (IBM Langflow OSS 1.0.0 through 1.10.0 could allow a remote 
attacker to ...)
+       TODO: check
+CVE-2026-8396 (Improper restriction of XML external entity reference 
vulnerability in ...)
+       TODO: check
+CVE-2026-8297 (Improper neutralization of special elements used in an SQL 
command ('S ...)
+       TODO: check
+CVE-2026-8075 (Mattermost Desktop App versions <=6.2 5.5.13 6.0.2.0 fail to 
properly  ...)
+       TODO: check
+CVE-2026-7488 (Insertion of sensitive information into sent data vulnerability 
in IKA ...)
+       TODO: check
+CVE-2026-7189 (Insertion of sensitive information into sent data vulnerability 
in Pro ...)
+       TODO: check
+CVE-2026-63309 (SurrealDB before 3.1.5 fail to apply field-level SELECT 
permissions to ...)
+       TODO: check
+CVE-2026-63308 (Helm through 4.2.3, fixed in commit ba6c9a2, contains a denial 
of serv ...)
+       TODO: check
+CVE-2026-63307 (Chat2DB before 5.3.0 contains an insecure direct object 
reference vuln ...)
+       TODO: check
+CVE-2026-63101 (Open Event Server through 1.19.1 contains a missing 
authentication vul ...)
+       TODO: check
+CVE-2026-63100 (Maybe through 0.6.0 contains a missing authorization 
vulnerability tha ...)
+       TODO: check
+CVE-2026-63099 (TheHive through 4.1.24 contains a broken object-level 
authorization vu ...)
+       TODO: check
+CVE-2026-63098 (TheHive through 4.1.24 contains an unauthenticated information 
disclos ...)
+       TODO: check
+CVE-2026-63097 (Dendrite through 0.13.8 contains an improper access control 
vulnerabil ...)
+       TODO: check
+CVE-2026-63096 (Dendrite through 0.13.8 contains a server-side request forgery 
vulnera ...)
+       TODO: check
+CVE-2026-63095 (Dendrite through 0.13.8 contains an improper authorization 
vulnerabili ...)
+       TODO: check
+CVE-2026-63094 (SigNoz through 0.133.0 contains an open redirect vulnerability 
in the  ...)
+       TODO: check
+CVE-2026-63093 (Cursor for Windows version 3.2.16 contains a binary planting 
vulnerabi ...)
+       TODO: check
+CVE-2026-62764 (Improper Handling of Insufficient Privileges vulnerability in 
Apache A ...)
+       TODO: check
+CVE-2026-60025 (The Joomla extension Events Booking prior version 5.8.0 had an 
fronten ...)
+       TODO: check
+CVE-2026-60024 (The Joomla extension Events Booking prior version 5.8.0 did by 
default ...)
+       TODO: check
+CVE-2026-59695 (Improper Validation of Specified Quantity in Input in ZenHive 
mpp allo ...)
+       TODO: check
+CVE-2026-59694 (Improper Validation of Specified Quantity in Input in ZenHive 
mpp allo ...)
+       TODO: check
+CVE-2026-59252 (Improper Validation of Specified Quantity in Input in ZenHive 
mpp allo ...)
+       TODO: check
+CVE-2026-58195 (Agentic-Flow is an AI agent orchestration platform. Prior to 
2.0.14, a ...)
+       TODO: check
+CVE-2026-58149 (The Joomla extension Events Booking is vulnerable to an 
unauthenticate ...)
+       TODO: check
+CVE-2026-58148 (The Joomla extension ChronoForms is vulnerable to an 
unauthenticated s ...)
+       TODO: check
+CVE-2026-57860 (ForgeCode (tailcallhq/forgecode), an AI pair-programming CLI, 
automati ...)
+       TODO: check
+CVE-2026-54496 (ZEBRA is a Zcash node written entirely in Rust. Prior to 
zebrad 5.0.0, ...)
+       TODO: check
+CVE-2026-53712 (SCRAM (Salted Challenge Response Authentication Mechanism) is 
part of  ...)
+       TODO: check
+CVE-2026-52746 (JSONata is a JSON query and transformation language. Prior to 
2.2.0, m ...)
+       TODO: check
+CVE-2026-51083 (Incorrect access control in Proxmox Virtual Environment (PVE) 
9.x qemu ...)
+       TODO: check
+CVE-2026-51082 (A race condition between the vncproxy and vncwebsocket API 
calls in Pr ...)
+       TODO: check
+CVE-2026-51081 (A cross-site scripting (XSS) vulnerability in Proxmox Virtual 
Environm ...)
+       TODO: check
+CVE-2026-51080 (libpvestorage-perl v9.1.1 and libpve-storage-perl v8.3.7 were 
discover ...)
+       TODO: check
+CVE-2026-50273 (Datadog .NET Tracer is a client library for Datadog APM for 
.NET appli ...)
+       TODO: check
+CVE-2026-50185 (RustCrypto CMOV provides conditional move CPU intrinsics which 
are gua ...)
+       TODO: check
+CVE-2026-49835 (Sigstore Timestamp Authority is a service for issuing RFC 3161 
timesta ...)
+       TODO: check
+CVE-2026-49216 (Symfony UX is a JavaScript ecosystem for Symfony. From 2.2.0 
until 2.3 ...)
+       TODO: check
+CVE-2026-49215 (Symfony UX is a JavaScript ecosystem for Symfony. From 2.22.0 
until 2. ...)
+       TODO: check
+CVE-2026-49212 (Symfony UX is a JavaScript ecosystem for Symfony. From 2.8.0 
until 2.3 ...)
+       TODO: check
+CVE-2026-49211 (Symfony UX is a JavaScript ecosystem for Symfony. From 2.2.0 
until 2.3 ...)
+       TODO: check
+CVE-2026-49210 (Symfony UX is a JavaScript ecosystem for Symfony. From 2.8.0 
until 2.3 ...)
+       TODO: check
+CVE-2026-49209 (Symfony UX is a JavaScript ecosystem for Symfony. From 2.5.0 
until 2.3 ...)
+       TODO: check
+CVE-2026-49208 (Symfony UX is a JavaScript ecosystem for Symfony. From 2.8.0 
until 2.3 ...)
+       TODO: check
+CVE-2026-48487 (Zeroconf is a pure Python implementation of multicast DNS 
service disc ...)
+       TODO: check
+CVE-2026-48045 (Zeroconf is a pure Python implementation of multicast DNS 
service disc ...)
+       TODO: check
+CVE-2026-48016 (Shopware is an open commerce platform. Prior to 6.6.10.18 and 
6.7.10.1 ...)
+       TODO: check
+CVE-2026-48015 (Shopware is an open commerce platform. Prior to 6.6.10.18 and 
6.7.10.1 ...)
+       TODO: check
+CVE-2026-48014 (Shopware is an open commerce platform. Prior to 6.6.10.18 and 
6.7.10.1 ...)
+       TODO: check
+CVE-2026-48010 (Shopware is an open commerce platform. Prior to 6.6.10.18 and 
6.7.10.1 ...)
+       TODO: check
+CVE-2026-48009 (Shopware is an open commerce platform. Prior to 6.6.10.18 and 
6.7.10.1 ...)
+       TODO: check
+CVE-2026-48008 (Shopware is an open commerce platform. Prior to 6.6.10.18 and 
6.7.10.1 ...)
+       TODO: check
+CVE-2026-47184 (Zeroconf is a pure Python implementation of multicast DNS 
service disc ...)
+       TODO: check
+CVE-2026-47183 (Zeroconf is a pure Python implementation of multicast DNS 
service disc ...)
+       TODO: check
+CVE-2026-47180 (Zeroconf is a pure Python implementation of multicast DNS 
service disc ...)
+       TODO: check
+CVE-2026-45703 (Pimcore is an Open Source Data & Experience Management 
Platform. Prior ...)
+       TODO: check
+CVE-2026-45162 (Pimcore is an Open Source Data & Experience Management 
Platform. Prior ...)
+       TODO: check
+CVE-2026-44722 (pyzipper is a replacement for Python's zipfile that can read 
and write ...)
+       TODO: check
+CVE-2026-22104 (Improper access control in Hashtopolis server web-interface 
chunk acti ...)
+       TODO: check
+CVE-2026-21764 (HCL DevOps Loop is affected by insufficient input validation 
that allo ...)
+       TODO: check
+CVE-2026-21762 (HCL DevOps Loop is affected by missing HTTP security headers. 
Missing  ...)
+       TODO: check
+CVE-2026-21761 (HCL DevOps Loop is affected by a Cross-Origin Resource Sharing 
(CORS)  ...)
+       TODO: check
+CVE-2026-21760 (HCL DevOps Loop is affected by an Unauthorized Access to Admin 
Functio ...)
+       TODO: check
+CVE-2026-16108 (A flaw was found in the default-groups REST endpoint and realm 
represe ...)
+       TODO: check
+CVE-2026-16106 (A flaw was found in the admin REST API of Keycloak, a solution 
for ide ...)
+       TODO: check
+CVE-2026-16104 (A flaw was found in the authentication configuration endpoint 
of the k ...)
+       TODO: check
+CVE-2026-16103 (A flaw was found in the keycloak-services component of 
Keycloak. This  ...)
+       TODO: check
+CVE-2026-16093 (Keycloak provides a mechanism called Client Policies to 
enforce securi ...)
+       TODO: check
+CVE-2026-16089 (A flaw was found in the keycloak-services component of Red Hat 
Build o ...)
+       TODO: check
+CVE-2026-16073 (A security vulnerability has been detected in AstrBotDevs 
AstrBot up t ...)
+       TODO: check
+CVE-2026-16072 (A flaw was found in the organization management component of 
Keycloak. ...)
+       TODO: check
+CVE-2026-16017 (A security flaw has been discovered in mosaxiv clawlet up to 
0.2.10. I ...)
+       TODO: check
+CVE-2026-16016 (A vulnerability was identified in poco-ai poco-claw up to 
0.5.4. This  ...)
+       TODO: check
+CVE-2026-16015 (A vulnerability was determined in poco-ai poco-claw up to 
0.5.4. This  ...)
+       TODO: check
+CVE-2026-16014 (A vulnerability was found in code-projects Hospital Bed 
Management Sys ...)
+       TODO: check
+CVE-2026-16013 (A vulnerability has been found in liftoff-sr CIPster up to 
632336d414e ...)
+       TODO: check
+CVE-2026-16009 (A vulnerability was detected in itsourcecode Hospital 
Management Syste ...)
+       TODO: check
+CVE-2026-16008 (A security vulnerability has been detected in sagold 
json-schema-libra ...)
+       TODO: check
+CVE-2026-15943 (A flaw was found in the Keycloak keycloak-services component, 
which ha ...)
+       TODO: check
+CVE-2026-15783 (A missing authorization vulnerability was identified in GitHub 
Enterpr ...)
+       TODO: check
+CVE-2026-15380 (A non-administrator interactive user can obtain full SYSTEM 
code execu ...)
+       TODO: check
+CVE-2026-15379 (The Altiris WMI provider exposes a class (AltirisAgent_Stream) 
that al ...)
+       TODO: check
+CVE-2026-15343 (A path traversal vulnerability was identified in GitHub 
Enterprise Ser ...)
+       TODO: check
+CVE-2026-15007 (A denial of service vulnerability was identified in GitHub 
Enterprise  ...)
+       TODO: check
+CVE-2026-14871 (osTicket versions v1.18.3 and v1.17.7 contain a Broken Object 
Level Au ...)
+       TODO: check
+CVE-2026-13410 (Dancer::Plugin::Auth::Google versions through 0.07 for Perl 
have TLS v ...)
+       TODO: check
+CVE-2026-13082 (GD::SecurityImage versions through 1.75 for Perl use rand to 
generate  ...)
+       TODO: check
+CVE-2026-12715 (Missing Authorization in Google Cloud Firebase Studio versions 
prior t ...)
+       TODO: check
+CVE-2026-12705 (Missing support for integrity check vulnerability in ABB KNX 
Update To ...)
+       TODO: check
+CVE-2026-12694 (Missing Authorization vulnerability in Vimesoft Inc. 
Enterprise Video  ...)
+       TODO: check
+CVE-2026-12693 (Authorization bypass through User-Controlled key vulnerability 
in Vime ...)
+       TODO: check
+CVE-2026-12692 (Unverified password change vulnerability in Vimesoft Inc. 
Enterprise V ...)
+       TODO: check
+CVE-2026-12691 (Missing authentication for critical function vulnerability in 
Vimesoft ...)
+       TODO: check
+CVE-2026-11763 (Authorization bypass through User-Controlled key vulnerability 
in Gis  ...)
+       TODO: check
+CVE-2025-60357 (AhnLab EPP Management v1.0.14.32-6249 was discovered to 
contain a NoSQ ...)
+       TODO: check
+CVE-2025-59866 (The HCL DFMPro, DFXAnalytics and DFXServer installers are 
affected by  ...)
+       TODO: check
+CVE-2024-42214 (HCL Aftermarket EPC is vulnerable to attack since HTTP OPTIONS 
method  ...)
+       TODO: check
+CVE-2024-23578 (HCL Aftermarket EPC is vulnerable to attack as the application 
impleme ...)
+       TODO: check
+CVE-2024-23577 (HCL Aftermarket EPC is vulnerable since the application does 
not have  ...)
+       TODO: check
+CVE-2024-23575 (HCL Aftermarket EPC is vulnerable to attack since the 
application retu ...)
+       TODO: check
+CVE-2024-23574 (HCL Aftermarket EPC is vulnerable to attack since It was found 
that a  ...)
+       TODO: check
+CVE-2024-23573 (HCL Aftermarket EPC is vulnerable to attack since the 
Application is v ...)
+       TODO: check
+CVE-2024-23572 (HCL Aftermarket EPC is vulnerable to attack as cookie appears 
to conta ...)
+       TODO: check
+CVE-2024-23571 (HCL Aftermarket EPC is vulnerable to attack since the 
application does ...)
+       TODO: check
+CVE-2024-23570 (HCL Aftermarket EPC is affected by clickjacking vulnerability 
Cross-Fr ...)
+       TODO: check
+CVE-2024-23569 (HCL Aftermarket EPC is vulnerable to attack since the server 
is not co ...)
+       TODO: check
+CVE-2024-23568 (HCL Aftermarket EPC is vulnerable to attacks since the server 
software ...)
+       TODO: check
+CVE-2024-23567 (HCL Aftermarket EPC is affected by Sensitive Information in 
GET method ...)
+       TODO: check
+CVE-2024-23566 (HCL Aftermarket EPC is vulnerable to brute force attacks since 
applica ...)
+       TODO: check
+CVE-2024-23565 (HCL Aftermarket EPC is vulnerable to email flooding as the 
application ...)
+       TODO: check
+CVE-2024-23564 (HCL Aftermarket EPC is affected by Business Logic 
Vulnerability using  ...)
+       TODO: check
 CVE-2026-14266
        - 7zip 26.02+dfsg-1 (bug #1142293)
        - p7zip 16.02+transitional.1
@@ -2033,7 +2283,7 @@ CVE-2026-52100 (Cross Site Request Forgery vulnerability 
in andreimarcu linux-se
        NOT-FOR-US: andreimarcu linux-server
 CVE-2026-51808 (Buffer Overflow vulnerability in OpenHTJ2K v.0.18.4 and before 
allows  ...)
        NOT-FOR-US: OpenHTJ2K
-CVE-2026-51807 (Buffer Overflow vulnerability in OpenHTJ2K v.0.18.4 and before 
allows  ...)
+CVE-2026-51807 (Heap-based out-of-bounds write in 
j2k_precinct_subband::parse_packet_h ...)
        NOT-FOR-US: OpenHTJ2K
 CVE-2026-51105 (Buffer Overflow vulnerability in aMULE-Project aMule v.2.3.3 
allows a  ...)
        - amule <unfixed> (bug #1142276)
@@ -5346,7 +5596,7 @@ CVE-2026-0275 (A local privilege escalation vulnerability 
in Palo Alto Networks
        NOT-FOR-US: Palo Alto Networks
 CVE-2025-45422 (Incorrect access control in Proximus b-box v8c.725A allows 
authenticat ...)
        TODO: check
-CVE-2026-14741
+CVE-2026-14741 (HTTP::Date versions before 6.08 for Perl allow CPU exhaustion 
via poly ...)
        - libhttp-date-perl 6.08-1
        [trixie] - libhttp-date-perl <no-dsa> (Minor issue)
        [bookworm] - libhttp-date-perl <postponed> (Minor issue)
@@ -5922,7 +6172,7 @@ CVE-2026-54590 (AsyncSSH is a Python package which 
provides an asynchronous clie
        [bullseye] - python-asyncssh <not-affected> (Incomplete fix for 
CVE-2026-45309 not applied)
        NOTE: 
https://github.com/ronf/asyncssh/security/advisories/GHSA-qr67-gv47-xwwh
        NOTE: Fixed by: 
https://github.com/ronf/asyncssh/commit/3d515ba9ba0cd9990d248bdf62bcf05d51261a88
 (v2.23.1)
-CVE-2026-45309
+CVE-2026-45309 (AsyncSSH is a Python package which provides an asynchronous 
client and ...)
        - python-asyncssh 2.23.0-1
        NOTE: https://github.com/advisories/GHSA-g794-3fmp-753h
        NOTE: Fixed by: 
https://github.com/ronf/asyncssh/commit/2af2382cce946c959a378a62f257af253dc4ab51
 (v2.23.0)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/97c175e7c3d36c53ccb9447385300ed8708c6e6e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/97c175e7c3d36c53ccb9447385300ed8708c6e6e
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to