Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
018bf855 by security tracker role at 2026-02-20T08:13:02+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,213 @@
+CVE-2026-2825 (A vulnerability has been found in rachelos WeRSS we-mp-rss up
to 1.4.8 ...)
+ TODO: check
+CVE-2026-2824 (A flaw has been found in Comfast CF-E7 2.6.0.9. This affects
the funct ...)
+ TODO: check
+CVE-2026-2823 (A vulnerability was detected in Comfast CF-E7 2.6.0.9. The
impacted el ...)
+ TODO: check
+CVE-2026-2822 (A security vulnerability has been detected in JeecgBoot up to
3.9.1. T ...)
+ TODO: check
+CVE-2026-2821 (A weakness has been identified in Fujian Smart Integrated
Management P ...)
+ TODO: check
+CVE-2026-2820 (A security flaw has been discovered in Fujian Smart Integrated
Managem ...)
+ TODO: check
+CVE-2026-2819 (A vulnerability was identified in Dromara RuoYi-Vue-Plus up to
5.5.3. ...)
+ TODO: check
+CVE-2026-2739 (This affects versions of the package bn.js before 5.2.3.
Calling maskn ...)
+ TODO: check
+CVE-2026-2738 (Buffer overflow in ovpn\u2011dco\u2011winversion 2.8.0 allows
local at ...)
+ TODO: check
+CVE-2026-2605 (Tanium addressed an insertion of sensitive information into log
file v ...)
+ TODO: check
+CVE-2026-2435 (Tanium addressed a SQL injection vulnerability in Asset.)
+ TODO: check
+CVE-2026-2408 (Tanium addressed a use-after-free vulnerability in the Cloud
Workloads ...)
+ TODO: check
+CVE-2026-2384 (The Quiz Maker plugin for WordPress is vulnerable to Stored
Cross-Site ...)
+ TODO: check
+CVE-2026-2350 (Tanium addressed an insertion of sensitive information into log
file v ...)
+ TODO: check
+CVE-2026-27476 (RustFly 2.0.0 contains a command injection vulnerability in
its remote ...)
+ TODO: check
+CVE-2026-27440 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-27387 (Missing Authorization vulnerability in designinvento
DirectoryPress di ...)
+ TODO: check
+CVE-2026-27368 (Missing Authorization vulnerability in SeedProd Coming Soon
Page, Unde ...)
+ TODO: check
+CVE-2026-27360 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-27343 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2026-27328 (Missing Authorization vulnerability in DevsBlink EduBlink
edublink all ...)
+ TODO: check
+CVE-2026-27327 (Missing Authorization vulnerability in YayCommerce YayMail
\u2013 WooC ...)
+ TODO: check
+CVE-2026-27325
+ REJECTED
+CVE-2026-27324
+ REJECTED
+CVE-2026-27323
+ REJECTED
+CVE-2026-27322
+ REJECTED
+CVE-2026-27321
+ REJECTED
+CVE-2026-27320
+ REJECTED
+CVE-2026-27319
+ REJECTED
+CVE-2026-27318
+ REJECTED
+CVE-2026-27317
+ REJECTED
+CVE-2026-27114 (NanaZip is an open source file archive Starting in version
5.0.1252.0 ...)
+ TODO: check
+CVE-2026-27017 (uTLS is a fork of crypto/tls, created to customize ClientHello
for fin ...)
+ TODO: check
+CVE-2026-27016 (LibreNMS is an auto-discovering PHP/MySQL/SNMP based network
monitorin ...)
+ TODO: check
+CVE-2026-27014 (NanaZip is an open source file archive Starting in version
5.0.1252.0 ...)
+ TODO: check
+CVE-2026-27009 (OpenClaw is a personal AI assistant. Prior to version
2026.2.15, a ato ...)
+ TODO: check
+CVE-2026-27008 (OpenClaw is a personal AI assistant. Prior to version
2026.2.15, a bug ...)
+ TODO: check
+CVE-2026-27007 (OpenClaw is a personal AI assistant. Prior to version
2026.2.15, `norm ...)
+ TODO: check
+CVE-2026-27004 (OpenClaw is a personal AI assistant. Prior to version
2026.2.15, in so ...)
+ TODO: check
+CVE-2026-27003 (OpenClaw is a personal AI assistant. Telegram bot tokens can
appear in ...)
+ TODO: check
+CVE-2026-27002 (OpenClaw is a personal AI assistant. Prior to version
2026.2.15, a con ...)
+ TODO: check
+CVE-2026-27001 (OpenClaw is a personal AI assistant. Prior to version
2026.2.15, OpenC ...)
+ TODO: check
+CVE-2026-26996 (minimatch is a minimal matching utility for converting glob
expression ...)
+ TODO: check
+CVE-2026-26995
+ REJECTED
+CVE-2026-26994 (uTLS is a fork of crypto/tls, created to customize ClientHello
for fin ...)
+ TODO: check
+CVE-2026-26993 (Flare is a Next.js-based, self-hostable file sharing platform
that int ...)
+ TODO: check
+CVE-2026-26992 (LibreNMS is an auto-discovering PHP/MySQL/SNMP based network
monitorin ...)
+ TODO: check
+CVE-2026-26991 (LibreNMS is an auto-discovering PHP/MySQL/SNMP based network
monitorin ...)
+ TODO: check
+CVE-2026-26990 (LibreNMS is an auto-discovering PHP/MySQL/SNMP based network
monitorin ...)
+ TODO: check
+CVE-2026-26989 (LibreNMS is an auto-discovering PHP/MySQL/SNMP based network
monitorin ...)
+ TODO: check
+CVE-2026-26988 (LibreNMS is an auto-discovering PHP/MySQL/SNMP based network
monitorin ...)
+ TODO: check
+CVE-2026-26987 (LibreNMS is an auto-discovering PHP/MySQL/SNMP based network
monitorin ...)
+ TODO: check
+CVE-2026-26980 (Ghost is a Node.js content management system. Versions 3.24.0
through ...)
+ TODO: check
+CVE-2026-26977 (Frappe Learning Management System (LMS) is a learning system
that help ...)
+ TODO: check
+CVE-2026-26975 (Music Assistant is an open-source media library manager that
integrate ...)
+ TODO: check
+CVE-2026-26974 (Slyde is a program that creates animated presentations from
XML. In ve ...)
+ TODO: check
+CVE-2026-26972 (OpenClaw is a personal AI assistant. In versions 2026.1.12
through 202 ...)
+ TODO: check
+CVE-2026-26967 (PJSIP is a free and open source multimedia communication
library writt ...)
+ TODO: check
+CVE-2026-26964 (Windmill is an open-source developer platform for internal
code: APIs, ...)
+ TODO: check
+CVE-2026-26963 (Cilium is a networking, observability, and security solution
with an e ...)
+ TODO: check
+CVE-2026-26960 (node-tar is a full-featured Tar for Node.js. When using
default option ...)
+ TODO: check
+CVE-2026-26959 (ADB Explorer is a fluent UI for ADB on Windows. Versions
0.9.26020 and ...)
+ TODO: check
+CVE-2026-26958 (filippo.io/edwards25519 is a Go library implementing the
edwards25519 ...)
+ TODO: check
+CVE-2026-26957 (Libredesk is a self-hosted customer support desk application.
Versions ...)
+ TODO: check
+CVE-2026-26953 (Pi-hole Admin Interface is a web interface for managing
Pi-hole, a net ...)
+ TODO: check
+CVE-2026-26952 (Pi-hole Admin Interface is a web interface for managing
Pi-hole, a net ...)
+ TODO: check
+CVE-2026-26744 (A user enumeration vulnerability exists in FormaLMS 4.1.18 and
below i ...)
+ TODO: check
+CVE-2026-26370 (WordPress Plugin "Survey Maker" versions 5.1.7.7 and prior
contain a c ...)
+ TODO: check
+CVE-2026-26329 (OpenClaw is a personal AI assistant. Prior to version
2026.2.14, authe ...)
+ TODO: check
+CVE-2026-26328 (OpenClaw is a personal AI assistant. Prior to version
2026.2.14, under ...)
+ TODO: check
+CVE-2026-26327 (OpenClaw is a personal AI assistant. Discovery beacons
(Bonjour/mDNS a ...)
+ TODO: check
+CVE-2026-26326 (OpenClaw is a personal AI assistant. Prior to version
2026.2.14, `skil ...)
+ TODO: check
+CVE-2026-26325 (OpenClaw is a personal AI assistant. Prior to version
2026.2.14, a mis ...)
+ TODO: check
+CVE-2026-26324 (OpenClaw is a personal AI assistant. Prior to version
2026.2.14, OpenC ...)
+ TODO: check
+CVE-2026-26323 (OpenClaw is a personal AI assistant. Versions 2026.1.8 through
2026.2. ...)
+ TODO: check
+CVE-2026-26322 (OpenClaw is a personal AI assistant. Prior to OpenClaw version
2026.2. ...)
+ TODO: check
+CVE-2026-26321 (OpenClaw is a personal AI assistant. Prior to OpenClaw version
2026.2. ...)
+ TODO: check
+CVE-2026-26320 (OpenClaw is a personal AI assistant. OpenClaw macOS desktop
client reg ...)
+ TODO: check
+CVE-2026-26319 (OpenClaw is a personal AI assistant. Versions 2026.2.13 and
below allo ...)
+ TODO: check
+CVE-2026-26317 (OpenClaw is a personal AI assistant. Prior to 2026.2.14,
browser-facin ...)
+ TODO: check
+CVE-2026-26316 (OpenClaw is a personal AI assistant. Prior to 2026.2.13, the
optional ...)
+ TODO: check
+CVE-2026-26315 (go-ethereum (Geth) is a golang execution layer implementation
of the E ...)
+ TODO: check
+CVE-2026-26314 (go-ethereum (geth) is a golang execution layer implementation
of the E ...)
+ TODO: check
+CVE-2026-26313 (go-ethereum (geth) is a golang execution layer implementation
of the E ...)
+ TODO: check
+CVE-2026-26312 (Stalwart is a mail and collaboration server. A
denial-of-service vulne ...)
+ TODO: check
+CVE-2026-26286 (SillyTavern is a locally installed user interface that allows
users to ...)
+ TODO: check
+CVE-2026-26282 (NanaZip is an open source file archive Starting in version
5.0.1252.0 ...)
+ TODO: check
+CVE-2026-26275 (httpsig-hyper is a hyper extension for http message
signatures. An iss ...)
+ TODO: check
+CVE-2026-26065 (calibre is a cross-platform e-book manager for viewing,
converting, ed ...)
+ TODO: check
+CVE-2026-26064 (calibre is a cross-platform e-book manager for viewing,
converting, ed ...)
+ TODO: check
+CVE-2026-24122 (Cosign provides code signing and transparency for containers
and binar ...)
+ TODO: check
+CVE-2026-21535 (Improper access control in Microsoft Teams allows an
unauthorized atta ...)
+ TODO: check
+CVE-2026-1658 (User Interface (UI) Misrepresentation of Critical Information
vulnerab ...)
+ TODO: check
+CVE-2026-1292 (Tanium addressed an insertion of sensitive information into log
file v ...)
+ TODO: check
+CVE-2025-9208 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2025-8055 (Server-Side Request Forgery (SSRF) vulnerability in
OpenText\u2122 XM ...)
+ TODO: check
+CVE-2025-8054 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2025-67305 (In RUCKUS Network Director (RND) < 4.5.0.56, the OVA appliance
contain ...)
+ TODO: check
+CVE-2025-59819 (This vulnerability allows authenticated attackers to read an
arbitrary ...)
+ TODO: check
+CVE-2025-30416 (Sensitive data disclosure and manipulation due to missing
authorizatio ...)
+ TODO: check
+CVE-2025-30412 (Sensitive data disclosure and manipulation due to improper
authenticat ...)
+ TODO: check
+CVE-2025-30411 (Sensitive data disclosure and manipulation due to improper
authenticat ...)
+ TODO: check
+CVE-2025-30410 (Sensitive data disclosure and manipulation due to missing
authenticati ...)
+ TODO: check
+CVE-2025-13672 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2025-13671 (Cross-Site Request Forgery (CSRF) vulnerability in
OpenText\u2122 Web ...)
+ TODO: check
CVE-2026-2708 [libsoup: HTTP/1 request smuggling primitives accepted (CL.CL
and TE+CL) in soup_headers_parse()]
- libsoup3 <unfixed>
- libsoup2.4 <removed>
@@ -1490,6 +1700,7 @@ CVE-2026-25087 (Use After Free vulnerability in Apache
Arrow C++. This issue af
NOTE: https://github.com/apache/arrow/pull/48925
NOTE: https://www.openwall.com/lists/oss-security/2026/02/17/4
CVE-2026-24708 (An issue was discovered in OpenStack Nova before 30.2.2, 31
before 31. ...)
+ {DSA-6145-1}
- nova 2:32.1.0-7 (bug #1128294)
NOTE: https://www.openwall.com/lists/oss-security/2026/02/17/7
NOTE: https://review.opendev.org/977100
@@ -1573,6 +1784,7 @@ CVE-2026-2452 (Emails sent by pretix can utilize
placeholders that will be fille
CVE-2026-2451 (Emails sent by pretix can utilize placeholders that will be
filled wit ...)
NOT-FOR-US: rami.io products
CVE-2026-2447 (Heap buffer overflow in libvpx. This vulnerability affects
Firefox < 1 ...)
+ {DSA-6143-1}
- firefox 147.0.4-1 (unimportant)
- firefox-esr <unfixed> (unimportant)
- libvpx 1.16.0-3 (bug #1128283)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/018bf855a02926c5e989b4a05a91fbb6867e1feb
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/018bf855a02926c5e989b4a05a91fbb6867e1feb
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
