Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0ab99d26 by security tracker role at 2026-02-17T20:16:35+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,120 @@
-CVE-2026-25087 [Potential use-after-free when reading IPC file with
pre-buffering]
+CVE-2026-2630 (A Command Injection vulnerability exists where an
authenticated, remot ...)
+ TODO: check
+CVE-2026-2620 (A weakness has been identified in Huace Monitoring and Early
Warning S ...)
+ TODO: check
+CVE-2026-2618 (A vulnerability was determined in Beetel 777VR1 up to 01.00.09.
This i ...)
+ TODO: check
+CVE-2026-2617 (A vulnerability was found in Beetel 777VR1 up to 01.00.09. This
affect ...)
+ TODO: check
+CVE-2026-2616 (A vulnerability has been found in Beetel 777VR1 up to 01.00.09.
The im ...)
+ TODO: check
+CVE-2026-2615 (A flaw has been found in Wavlink WL-NU516U1 up to 20251208. The
affect ...)
+ TODO: check
+CVE-2026-2608 (The Kadence Blocks \u2014 Page Builder Toolkit for Gutenberg
Editor pl ...)
+ TODO: check
+CVE-2026-2247 (SQL injection vulnerability (SQLi) in Clicldeu SaaS,
specifically in t ...)
+ TODO: check
+CVE-2026-26736 (TOTOLINK A3002RU_V3 V3.0.0-B20220304.1804 was discovered to
contain a ...)
+ TODO: check
+CVE-2026-26732 (TOTOLINK A3002RU V2.1.1-B20211108.1455 was discovered to
contain a sta ...)
+ TODO: check
+CVE-2026-26731 (TOTOLINK A3002RU V2.1.1-B20211108.1455 was discovered to
contain a sta ...)
+ TODO: check
+CVE-2026-25903 (Apache NiFi 1.1.0 through 2.7.2 are missing authorization when
updatin ...)
+ TODO: check
+CVE-2026-24734 (Improper Input Validation vulnerability in Apache Tomcat
Native, Apach ...)
+ TODO: check
+CVE-2026-24733 (Improper Input Validation vulnerability in Apache Tomcat.
Tomcat did ...)
+ TODO: check
+CVE-2026-23861 (Dell Unisphere for PowerMax vApp, version(s) 9.2.4.x,
contain(s) an Im ...)
+ TODO: check
+CVE-2026-23648 (Glory RBG-100 recycler systems using the ISPK-08 software
component co ...)
+ TODO: check
+CVE-2026-23647 (Glory RBG-100 recycler systems using the ISPK-08 software
component co ...)
+ TODO: check
+CVE-2026-22769 (Dell RecoverPoint for Virtual Machines, versions prior to
6.0.3.1 HF1, ...)
+ TODO: check
+CVE-2026-22208 (OpenS100 (the reference implementation S-100 viewer) prior to
commit 7 ...)
+ TODO: check
+CVE-2026-1452
+ REJECTED
+CVE-2026-1216 (The RSS Aggregator plugin for WordPress is vulnerable to
Reflected Cro ...)
+ TODO: check
+CVE-2026-0102 (Under specific conditions, a malicious webpage may trigger
autofill po ...)
+ TODO: check
+CVE-2025-8303 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2025-7706 (Missing Authentication for Critical Function vulnerability in
TUBITAK ...)
+ TODO: check
+CVE-2025-7631 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-70846 (lty628 aidigu v1.9.1 is vulnerable to Cross Site Scripting
(XSS) on th ...)
+ TODO: check
+CVE-2025-70830 (A Server-Side Template Injection (SSTI) vulnerability in the
Freemarke ...)
+ TODO: check
+CVE-2025-70829 (An information exposure vulnerability in Datart v1.0.0-rc.3
allows aut ...)
+ TODO: check
+CVE-2025-70828 (An issue in Datart v1.0.0-rc.3 allows attackers to execute
arbitrary c ...)
+ TODO: check
+CVE-2025-70397 (jizhicms 2.5.6 is vulnerable to SQL Injection in
Article/deleteAll and ...)
+ TODO: check
+CVE-2025-67905 (Malwarebytes AdwCleaner before v.8.7.0 runs as Administrator
and perfo ...)
+ TODO: check
+CVE-2025-66614 (Improper Input Validation vulnerability. This issue affects
Apache To ...)
+ TODO: check
+CVE-2025-65753 (An issue in the TLS certification mechanism of Guardian
Gryphon v01.06 ...)
+ TODO: check
+CVE-2025-59793 (Rocket TRUfusion Enterprise through 7.10.5 exposes the
endpoint at /ax ...)
+ TODO: check
+CVE-2025-36598 (Dell Avamar, versions prior to 19.12 with patch 338905,
contains an Im ...)
+ TODO: check
+CVE-2025-36597 (Dell Avamar, versions prior to 19.12 with patch 338905,
contains an Im ...)
+ TODO: check
+CVE-2025-36425 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect
Server) 11.5 ...)
+ TODO: check
+CVE-2025-36247 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect
Server) 11.5 ...)
+ TODO: check
+CVE-2025-36243 (IBM Concert 1.0.0 through 2.1.0 is vulnerable to server-side
request f ...)
+ TODO: check
+CVE-2025-36019 (IBM Concert 1.0.0 through 2.1.0 for Z hub framework is
vulnerable to c ...)
+ TODO: check
+CVE-2025-36018 (IBM Concert 1.0.0 through 2.1.0 for Z hub componentis
vulnerable to cr ...)
+ TODO: check
+CVE-2025-33130 (IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0
could allow ...)
+ TODO: check
+CVE-2025-33124 (IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0
could allow ...)
+ TODO: check
+CVE-2025-33101 (IBM Concert 1.0.0 through 2.1.0 could allow an attacker to
obtain sens ...)
+ TODO: check
+CVE-2025-33089 (IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker
to obtai ...)
+ TODO: check
+CVE-2025-32355 (Rocket TRUfusion Enterprise through 7.10.4.0 uses a reverse
proxy to h ...)
+ TODO: check
+CVE-2025-27904 (IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2
Recovery E ...)
+ TODO: check
+CVE-2025-27903 (IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2
Recovery E ...)
+ TODO: check
+CVE-2025-27901 (IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2
Recovery E ...)
+ TODO: check
+CVE-2025-14689 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect
Server) 12.1 ...)
+ TODO: check
+CVE-2025-13867 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect
Server) 11.5 ...)
+ TODO: check
+CVE-2025-13108 (IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0
could allow ...)
+ TODO: check
+CVE-2025-12755 (IBM MQ Operator (SC2 v3.2.0\u20133.8.1, LTS
v2.0.0\u20132.0.29) and IB ...)
+ TODO: check
+CVE-2024-55271 (A Cross-Site Request Forgery (CSRF) vulnerability has been
identified ...)
+ TODO: check
+CVE-2024-55270 (phpgurukul Student Management System 1.0 is vulnerable to SQL
Injectio ...)
+ TODO: check
+CVE-2024-43178 (IBM Concert 1.0.0 through 2.1.0 uses weaker than expected
cryptographi ...)
+ TODO: check
+CVE-2024-31118 (Missing Authorization vulnerability in Smartypants SP Project
& Docume ...)
+ TODO: check
+CVE-2023-38265 (IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and
2.3.5.0 c ...)
+ TODO: check
+CVE-2026-25087 (Use After Free vulnerability in Apache Arrow C++. This issue
affects ...)
- apache-arrow 23.0.1-1
NOTE: https://github.com/apache/arrow/pull/48925
NOTE: https://www.openwall.com/lists/oss-security/2026/02/17/4
@@ -3111,6 +3227,7 @@ CVE-2026-1609
CVE-2025-11537 (A flaw was found in Keycloak. When the logging format is
configured to ...)
- keycloak <itp> (bug #1088287)
CVE-2026-25646 (LIBPNG is a reference library for use in applications that
read, creat ...)
+ {DLA-4481-1}
- libpng1.6 1.6.55-1 (bug #1127566)
NOTE:
https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3
NOTE: Fixed by:
https://github.com/pnggroup/libpng/commit/01d03b8453eb30ade759cd45c707e5a1c7277d88
(v1.6.55)
@@ -3262,11 +3379,13 @@ CVE-2026-23901 (Observable Timing Discrepancy
vulnerability in Apache Shiro. Th
[bullseye] - shiro <postponed> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2026/02/08/2
CVE-2026-25916 (Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13, when
"Block rem ...)
+ {DSA-6137-1 DLA-4480-1}
- roundcube 1.6.13+dfsg-1 (bug #1127447)
NOTE: Fixed by:
https://github.com/roundcube/roundcubemail/commit/036e851b683333205813f70acda2dc047b4891c8
(1.6.13)
NOTE:
https://roundcube.net/news/2026/02/08/security-updates-1.6.13-and-1.5.13
NOTE:
https://nullcathedral.com/posts/2026-02-08-roundcube-svg-feimage-remote-image-bypass/
CVE-2026-26079 (Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13 allows
Cascading ...)
+ {DSA-6137-1 DLA-4480-1}
- roundcube 1.6.13+dfsg-1 (bug #1127447)
NOTE: Fixed by:
https://github.com/roundcube/roundcubemail/commit/1f4c3a5af5033747f9685a8a395dbd8228d19816
(1.6.13)
NOTE: Regression fix:
https://github.com/roundcube/roundcubemail/commit/2b5625f1d2ef7e050fd1ae481b2a52dc35466447
(1.6.13)
@@ -3368,7 +3487,7 @@ CVE-2026-22613 (The server identity check mechanism for
firmware upgrade perform
NOT-FOR-US: Eaton
CVE-2026-1868 (GitLab has remediated a vulnerability in the Duo Workflow
Service comp ...)
NOT-FOR-US: GitLab AI Gateway
-CVE-2026-1615 (All versions of the package jsonpath are vulnerable to
Arbitrary Code ...)
+CVE-2026-1615 (Versions of the package jsonpath before 1.2.0 are vulnerable to
Arbitr ...)
NOT-FOR-US: Node jsonpath
CVE-2026-0870 (MacroHub developed by GIGABYTE has a Local Privilege Escalation
vulner ...)
NOT-FOR-US: MacroHub
@@ -8790,7 +8909,7 @@ CVE-2026-24535 (Missing Authorization vulnerability in
webdevstudios Automatic F
NOT-FOR-US: WordPress plugin or theme
CVE-2026-24534 (Missing Authorization vulnerability in uPress Booter
booter-bots-crawl ...)
NOT-FOR-US: WordPress plugin or theme
-CVE-2026-24532 (Missing Authorization vulnerability in SiteLock SiteLock
Security site ...)
+CVE-2026-24532 (Missing Authorization vulnerability in SiteLock SiteLock
Security \u20 ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-24531 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
NOT-FOR-US: WordPress plugin or theme
@@ -14430,12 +14549,14 @@ CVE-2024-58339 (LlamaIndex (run-llama/llama_index)
versions up to and including
CVE-2024-14021 (LlamaIndex (run-llama/llama_index) versions up to and
including 0.11.6 ...)
NOT-FOR-US: LlamaIndex (run-llama/llama_index)
CVE-2026-22801 (LIBPNG is a reference library for use in applications that
read, creat ...)
+ {DLA-4481-1}
- libpng1.6 1.6.54-1 (bug #1125444)
[trixie] - libpng1.6 <no-dsa> (Minor issue)
[bookworm] - libpng1.6 <no-dsa> (Minor issue)
NOTE:
https://github.com/pnggroup/libpng/security/advisories/GHSA-vgjq-8cw5-ggw8
NOTE: Fixed by:
https://github.com/pnggroup/libpng/commit/cf155de014fc6c5cb199dd681dd5c8fb70429072
CVE-2026-22695 (LIBPNG is a reference library for use in applications that
read, creat ...)
+ {DLA-4481-1}
- libpng1.6 1.6.54-1 (bug #1125443)
[trixie] - libpng1.6 <no-dsa> (Minor issue)
[bookworm] - libpng1.6 <no-dsa> (Minor issue)
@@ -73555,7 +73676,7 @@ CVE-2025-26476 (Dell ECS versions prior to 3.8.1.5/
ObjectScale version 4.0.0.0,
NOT-FOR-US: Dell / EMC
CVE-2025-26065 (A cross-site scripting (XSS) vulnerability in Intelbras RX1500
v2.2.9 ...)
NOT-FOR-US: Intelbras
-CVE-2025-21120 (Dell Avamar, versions prior to 19.12 with patch 338905,
excluding vers ...)
+CVE-2025-21120 (Dell Avamar, versions prior to 19.10 SP1 with patch 338904,
contains a ...)
NOT-FOR-US: Dell / EMC
CVE-2025-0932 (Use After Free vulnerability in Arm Ltd Bifrost GPU Userspace
Driver, ...)
NOT-FOR-US: ARM
@@ -331912,8 +332033,8 @@ CVE-2022-41656
RESERVED
CVE-2022-41655 (Auth. (subscriber+) Sensitive Data Exposure vulnerability in
Phone Ord ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-41650
- RESERVED
+CVE-2022-41650 (Missing Authorization vulnerability in Paul Custom Content by
Country ...)
+ TODO: check
CVE-2022-41647
RESERVED
CVE-2022-41643 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Acce ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ab99d267aa1bab65deb41bbe89b306b77746a1c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ab99d267aa1bab65deb41bbe89b306b77746a1c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
