Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4026a71a by security tracker role at 2026-02-21T08:12:43+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,211 @@
+CVE-2026-2865 (A vulnerability was found in itsourcecode Agri-Trading Online
Shopping ...)
+ TODO: check
+CVE-2026-2864 (A vulnerability has been found in feng_ha_ha/megagao ssm-erp
and produ ...)
+ TODO: check
+CVE-2026-2863 (A flaw has been found in feng_ha_ha/megagao ssm-erp and
production_ssm ...)
+ TODO: check
+CVE-2026-2861 (A vulnerability was detected in Foswiki up to 2.1.10. The
affected ele ...)
+ TODO: check
+CVE-2026-2860 (A security vulnerability has been detected in
feng_ha_ha/megagao ssm-e ...)
+ TODO: check
+CVE-2026-2858 (A vulnerability was identified in wren-lang wren up to 0.4.0.
This aff ...)
+ TODO: check
+CVE-2026-2857 (A vulnerability was determined in D-Link DWR-M960 1.01.07.
Affected by ...)
+ TODO: check
+CVE-2026-2856 (A vulnerability was found in D-Link DWR-M960 1.01.07. Affected
by this ...)
+ TODO: check
+CVE-2026-2855 (A vulnerability has been found in D-Link DWR-M960 1.01.07.
Affected is ...)
+ TODO: check
+CVE-2026-2635 (MLflow Use of Default Password Authentication Bypass
Vulnerability. Th ...)
+ TODO: check
+CVE-2026-2492 (TensorFlow HDF5 Library Uncontrolled Search Path Element Local
Privile ...)
+ TODO: check
+CVE-2026-2490 (RustDesk Client for Windows Transfer File Link Following
Information D ...)
+ TODO: check
+CVE-2026-2048 (GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution
Vulner ...)
+ TODO: check
+CVE-2026-2047 (GIMP ICNS File Parsing Heap-based Buffer Overflow Remote Code
Executio ...)
+ TODO: check
+CVE-2026-2045 (GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution
Vulner ...)
+ TODO: check
+CVE-2026-2044 (GIMP PGM File Parsing Uninitialized Memory Remote Code
Execution Vulne ...)
+ TODO: check
+CVE-2026-2043 (Nagios Host esensors_websensor_configwizard_func Command
Injection Rem ...)
+ TODO: check
+CVE-2026-2042 (Nagios Host monitoringwizard Command Injection Remote Code
Execution V ...)
+ TODO: check
+CVE-2026-2041 (Nagios Host zabbixagent_configwizard_func Command Injection
Remote Cod ...)
+ TODO: check
+CVE-2026-2040 (PDF-XChange Editor TrackerUpdate Uncontrolled Search Path
Element Loca ...)
+ TODO: check
+CVE-2026-2039 (GFI Archiver MArc.Store Missing Authorization Authentication
Bypass Vu ...)
+ TODO: check
+CVE-2026-2038 (GFI Archiver MArc.Core Missing Authorization Authentication
Bypass Vul ...)
+ TODO: check
+CVE-2026-2037 (GFI Archiver MArc.Core Deserialization of Untrusted Data Remote
Code E ...)
+ TODO: check
+CVE-2026-2036 (GFI Archiver MArc.Store Deserialization of Untrusted Data
Remote Code ...)
+ TODO: check
+CVE-2026-2035 (Deciso OPNsense diag_backup.php filename Command Injection
Remote Code ...)
+ TODO: check
+CVE-2026-2034 (Sante DICOM Viewer Pro DCM File Parsing Buffer Overflow Remote
Code Ex ...)
+ TODO: check
+CVE-2026-2033 (MLflow Tracking Server Artifact Handler Directory Traversal
Remote Cod ...)
+ TODO: check
+CVE-2026-27534
+ REJECTED
+CVE-2026-27533
+ REJECTED
+CVE-2026-27532
+ REJECTED
+CVE-2026-27531
+ REJECTED
+CVE-2026-27530
+ REJECTED
+CVE-2026-27529
+ REJECTED
+CVE-2026-27528
+ REJECTED
+CVE-2026-27527
+ REJECTED
+CVE-2026-27471 (ERP is a free and open source Enterprise Resource Planning
tool. In ve ...)
+ TODO: check
+CVE-2026-27470 (ZoneMinder is a free, open source closed-circuit television
software a ...)
+ TODO: check
+CVE-2026-27469 (Isso is a lightweight commenting server written in Python and
JavaScri ...)
+ TODO: check
+CVE-2026-27467 (BigBlueButton is an open-source virtual classroom. In versions
3.0.19 ...)
+ TODO: check
+CVE-2026-27466 (BigBlueButton is an open-source virtual classroom. In versions
3.0.21 ...)
+ TODO: check
+CVE-2026-27464 (Metabase is an open-source data analytics platform. In
versions prior ...)
+ TODO: check
+CVE-2026-27458 (LinkAce is a self-hosted archive to collect website links.
Versions 2. ...)
+ TODO: check
+CVE-2026-27452 (ASN.1 TypeScript ESM library, including codecs for Basic
Encoding Rule ...)
+ TODO: check
+CVE-2026-27212 (Swiper is a free and mobile touch slider with hardware
accelerated tra ...)
+ TODO: check
+CVE-2026-27211 (Cloud Hypervisor is a Virtual Machine Monitor for Cloud
workloads. Ver ...)
+ TODO: check
+CVE-2026-27210 (Pannellum is a lightweight, free, and open source panorama
viewer for ...)
+ TODO: check
+CVE-2026-27205 (Flask is a web server gateway interface (WSGI) web application
framewo ...)
+ TODO: check
+CVE-2026-27203 (eBay API MCP Server is an open source local MCP server
providing AI as ...)
+ TODO: check
+CVE-2026-27202 (GetSimple CMS is a content management system. All versions of
GetSimpl ...)
+ TODO: check
+CVE-2026-27199 (Werkzeug is a comprehensive WSGI web application library.
Versions 3.1 ...)
+ TODO: check
+CVE-2026-27198 (Formwork is a flat file-based Content Management System (CMS).
In vers ...)
+ TODO: check
+CVE-2026-27197 (Sentry is a developer-first error tracking and performance
monitoring ...)
+ TODO: check
+CVE-2026-27196 (Statmatic is a Laravel and Git powered content management
system (CMS) ...)
+ TODO: check
+CVE-2026-27194 (D-Tale is a visualizer for pandas data structures. Versions
prior to 3 ...)
+ TODO: check
+CVE-2026-27193 (Feathersjs is a framework for creating web APIs and real-time
applicat ...)
+ TODO: check
+CVE-2026-27192 (Feathersjs is a framework for creating web APIs and real-time
applicat ...)
+ TODO: check
+CVE-2026-27191 (Feathersjs is a framework for creating web APIs and real-time
applicat ...)
+ TODO: check
+CVE-2026-27190 (Deno is a JavaScript, TypeScript, and WebAssembly runtime.
Prior to 2. ...)
+ TODO: check
+CVE-2026-27189 (OpenSift is an AI study tool that sifts through large datasets
using s ...)
+ TODO: check
+CVE-2026-27170 (OpenSift is an AI study tool that sifts through large datasets
using s ...)
+ TODO: check
+CVE-2026-27169 (OpenSift is an AI study tool that sifts through large datasets
using s ...)
+ TODO: check
+CVE-2026-27168 (SAIL is a cross-platform library for loading and saving images
with su ...)
+ TODO: check
+CVE-2026-27161 (GetSimple CMS is a content management system. All versions of
GetSimpl ...)
+ TODO: check
+CVE-2026-27147 (GetSimple CMS is a content management system. All versions of
GetSimpl ...)
+ TODO: check
+CVE-2026-27146 (GetSimple CMS is a content management system. All versions of
GetSimpl ...)
+ TODO: check
+CVE-2026-27134 (Strimzi provides a way to run an Apache Kafka cluster on
Kubernetes or ...)
+ TODO: check
+CVE-2026-27133 (Strimzi provides a way to run an Apache Kafka cluster on
Kubernetes or ...)
+ TODO: check
+CVE-2026-27125 (svelte performance oriented web framework. Prior to 5.51.5, in
server- ...)
+ TODO: check
+CVE-2026-27122 (svelte performance oriented web framework. Prior to 5.51.5,
when using ...)
+ TODO: check
+CVE-2026-27121 (svelte performance oriented web framework. Versions of svelte
prior to ...)
+ TODO: check
+CVE-2026-27120 (Leafkit is a templating language with Swift-inspired syntax.
Prior to ...)
+ TODO: check
+CVE-2026-27119 (svelte performance oriented web framework. From 5.39.3,
<=5.51.4, in c ...)
+ TODO: check
+CVE-2026-27118 (SvelteKit is a framework for rapidly developing robust,
performant web ...)
+ TODO: check
+CVE-2026-27113 (Liquid Prompt is an adaptive prompt for Bash and Zsh. Starting
in comm ...)
+ TODO: check
+CVE-2026-27112 (Kargo manages and automates the promotion of software
artifacts. From ...)
+ TODO: check
+CVE-2026-27111 (Kargo manages and automates the promotion of software
artifacts. From ...)
+ TODO: check
+CVE-2026-27026 (pypdf is a free and open-source pure-python PDF library. Prior
to 6.7. ...)
+ TODO: check
+CVE-2026-27025 (pypdf is a free and open-source pure-python PDF library. Prior
to 6.7. ...)
+ TODO: check
+CVE-2026-27024 (pypdf is a free and open-source pure-python PDF library. Prior
to 6.7. ...)
+ TODO: check
+CVE-2026-27022 (@langchain/langgraph-checkpoint-redis is the Redis checkpoint
and stor ...)
+ TODO: check
+CVE-2026-27020 (Photobooth prior to 1.0.1 has a cross-site scripting (XSS)
vulnerabili ...)
+ TODO: check
+CVE-2026-26047 (A denial-of-service vulnerability was identified in
Moodle\u2019s TeX ...)
+ TODO: check
+CVE-2026-26046 (A vulnerability was found in a Moodle TeX filter
administrative settin ...)
+ TODO: check
+CVE-2026-26045 (A flaw was identified in Moodle\u2019s backup restore
functionality wh ...)
+ TODO: check
+CVE-2026-25896 (fast-xml-parser allows users to validate XML, parse XML to JS
object, ...)
+ TODO: check
+CVE-2026-24892 (openITCOCKPIT is an open source monitoring tool built for
different mo ...)
+ TODO: check
+CVE-2026-0797 (GIMP ICO File Parsing Heap-based Buffer Overflow Remote Code
Execution ...)
+ TODO: check
+CVE-2026-0777 (Xmind Attachment Insufficient UI Warning Remote Code Execution
Vulnera ...)
+ TODO: check
+CVE-2025-62326 (HCL Digital Experience is susceptible to stored cross-site
scripting ( ...)
+ TODO: check
+CVE-2019-25454 (phpMoAdmin 1.1.5 contains a stored cross-site scripting
vulnerability ...)
+ TODO: check
+CVE-2019-25453 (phpMoAdmin 1.1.5 contains a reflected cross-site scripting
vulnerabili ...)
+ TODO: check
+CVE-2019-25451 (phpMoAdmin 1.1.5 contains a cross-site request forgery
vulnerability t ...)
+ TODO: check
+CVE-2019-25449 (OrientDB 3.0.17 contains a reflected cross-site scripting
vulnerabilit ...)
+ TODO: check
+CVE-2019-25448 (OrientDB 3.0.17 contains a stored cross-site scripting
vulnerability t ...)
+ TODO: check
+CVE-2019-25447 (OrientDB 3.0.17 GA Community Edition contains cross-site
request forge ...)
+ TODO: check
+CVE-2019-25441 (thesystem 1.0 contains a command injection vulnerability that
allows u ...)
+ TODO: check
+CVE-2019-25438 (LabCollector 5.423 contains multiple SQL injection
vulnerabilities tha ...)
+ TODO: check
+CVE-2019-25437 (Foscam Video Management System 1.1.6.6 contains a buffer
overflow vuln ...)
+ TODO: check
+CVE-2019-25436 (Sricam DeviceViewer 3.12.0.1 contains a password change
security bypas ...)
+ TODO: check
+CVE-2019-25435 (Sricam DeviceViewer 3.12.0.1 contains a local buffer overflow
vulnerab ...)
+ TODO: check
+CVE-2019-25434 (SpotAuditor 5.3.1.0 contains a denial of service vulnerability
that al ...)
+ TODO: check
+CVE-2019-25432 (Part-DB 0.4 contains an authentication bypass vulnerability
that allow ...)
+ TODO: check
+CVE-2019-25431 (delpino73 Blue-Smiley-Organizer 1.32 contains an SQL injection
vulnera ...)
+ TODO: check
+CVE-2018-25158 (Chamilo LMS 1.11.8 contains an arbitrary file upload
vulnerability tha ...)
+ TODO: check
CVE-2026-2854 (A flaw has been found in D-Link DWR-M960 1.01.07. This impacts
the fun ...)
NOT-FOR-US: D-Link
CVE-2026-2853 (A vulnerability was detected in D-Link DWR-M960 1.01.07. This
affects ...)
@@ -1299,7 +1507,7 @@ CVE-2026-XXXX [RUSTSEC-2026-0013]
[trixie] - rust-pyo3 <no-dsa> (Minor issue)
[bookworm] - rust-pyo3 <no-dsa> (Minor issue)
NOTE: https://rustsec.org/advisories/RUSTSEC-2026-0013.html
-CVE-2026-27206 [Potential PHP Object Injection via Unrestricted @type in
unserialize()]
+CVE-2026-27206 (Zumba Json Serializer is a library to serialize PHP variables
in JSON ...)
- php-zumba-json-serializer <unfixed> (bug #1128481)
NOTE:
https://github.com/zumba/json-serializer/security/advisories/GHSA-v7m3-fpcr-h7m2
NOTE: Fixed by:
https://github.com/zumba/json-serializer/commit/bf26227879adefce75eb9651040d8982be97b881
(3.2.3)
@@ -2300,7 +2508,7 @@ CVE-2026-25087 (Use After Free vulnerability in Apache
Arrow C++. This issue af
NOTE: https://github.com/apache/arrow/pull/48925
NOTE: https://www.openwall.com/lists/oss-security/2026/02/17/4
CVE-2026-24708 (An issue was discovered in OpenStack Nova before 30.2.2, 31
before 31. ...)
- {DSA-6145-1}
+ {DSA-6145-1 DLA-4486-1}
- nova 2:32.1.0-7 (bug #1128294)
NOTE: https://www.openwall.com/lists/oss-security/2026/02/17/7
NOTE: https://review.opendev.org/977100
@@ -30022,7 +30230,7 @@ CVE-2025-40345 (In the Linux kernel, the following
vulnerability has been resolv
NOTE:
https://git.kernel.org/linus/b59d4fda7e7d0aff1043a7f742487cb829f5aac1 (6.18)
CVE-2025-66388 (A vulnerability in Apache Airflow allowed authenticated UI
users to vi ...)
- airflow <itp> (bug #819700)
-CVE-2025-65995
+CVE-2025-65995 (When a DAG failed during parsing, Airflow\u2019s
error-reporting in th ...)
- airflow <itp> (bug #819700)
CVE-2025-9615 (A flaw was found in NetworkManager. The NetworkManager package
allows ...)
- network-manager 1.54.3-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4026a71a80bf554f43ec4f092b3653d807181ccb
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4026a71a80bf554f43ec4f092b3653d807181ccb
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
