Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1e0f3b9b by security tracker role at 2026-02-23T20:13:04+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,81 @@
+CVE-2026-3016 (A vulnerability was identified in UTT HiPER 810G up to
1.7.7-171114. T ...)
+ TODO: check
+CVE-2026-3015 (A vulnerability was determined in UTT HiPER 810G up to
1.7.7-171114. I ...)
+ TODO: check
+CVE-2026-2985 (A security flaw has been discovered in Tiandy Video
Surveillance Syste ...)
+ TODO: check
+CVE-2026-2984 (A vulnerability was identified in SourceCodester Student Result
Manage ...)
+ TODO: check
+CVE-2026-2983 (A vulnerability was determined in SourceCodester Student Result
Manage ...)
+ TODO: check
+CVE-2026-2981 (A vulnerability was found in UTT HiPER 810G up to 1.7.7-1711.
The affe ...)
+ TODO: check
+CVE-2026-2980 (A vulnerability has been found in UTT HiPER 810G up to
1.7.7-1711. Imp ...)
+ TODO: check
+CVE-2026-2979 (A flaw has been found in FastApiAdmin up to 2.2.0. This issue
affects ...)
+ TODO: check
+CVE-2026-2698 (An improper access control vulnerability exists where an
authenticated ...)
+ TODO: check
+CVE-2026-2697 (An Indirect Object Reference (IDOR) in Security Center allows
an authe ...)
+ TODO: check
+CVE-2026-27514 (Shenzhen Tenda F3 Wireless Routerfirmware V12.01.01.55_multi
contains ...)
+ TODO: check
+CVE-2026-27513 (Shenzhen Tenda F3 Wireless Routerfirmware V12.01.01.55_multi
contains ...)
+ TODO: check
+CVE-2026-27512 (Shenzhen Tenda F3 Wireless Routerfirmware V12.01.01.55_multi
contains ...)
+ TODO: check
+CVE-2026-27511 (Shenzhen Tenda F3 Wireless Routerfirmware V12.01.01.55_multi
contains ...)
+ TODO: check
+CVE-2026-26464 (Stored Cross-Site Scripting (XSS) was found in the
/admin/edit_user.ph ...)
+ TODO: check
+CVE-2026-26365 (Akamai Ghost on Akamai CDN edge servers before 2026-02-06
mishandles p ...)
+ TODO: check
+CVE-2026-25747 (Deserialization of Untrusted Data vulnerability in Apache
Camel LevelD ...)
+ TODO: check
+CVE-2026-23552 (Cross-Realm Token Acceptance Bypass in KeycloakSecurityPolicy
Apache C ...)
+ TODO: check
+CVE-2026-22568 (Improper neutralization of special elements in user-supplied
input wit ...)
+ TODO: check
+CVE-2026-22567 (Improper validation of user-supplied input in the ZIA Admin UI
could a ...)
+ TODO: check
+CVE-2026-21420 (Dell Repository Manager (DRM), versions prior to 3.4.8,
contains an Un ...)
+ TODO: check
+CVE-2025-70329 (TOTOLink X5000R v9.1.0cu_2415_B20250515 contains an OS command
injecti ...)
+ TODO: check
+CVE-2025-70058 (An issue pertaining to CWE-295: Improper Certificate
Validation was di ...)
+ TODO: check
+CVE-2025-70045 (An issue pertaining to CWE-295: Improper Certificate
Validation was di ...)
+ TODO: check
+CVE-2025-70044 (An issue pertaining to CWE-295: Improper Certificate
Validation was di ...)
+ TODO: check
+CVE-2025-70043 (An issue pertaining to CWE-295: Improper Certificate
Validation was di ...)
+ TODO: check
+CVE-2025-69700 (Tenda FH1203 V2.0.1.6 contains a stack-based buffer overflow
vulnerabi ...)
+ TODO: check
+CVE-2025-63946 (A privilege escalation (PE) vulnerability in the Tencent PC
Manager ap ...)
+ TODO: check
+CVE-2025-63945 (A privilege escalation (PE) vulnerability in the Tencent iOA
app thru ...)
+ TODO: check
+CVE-2025-61147 (strukturag libde265 commit d9fea9d wa discovered to contain a
segmenta ...)
+ TODO: check
+CVE-2025-61146 (saitoha libsixel until v1.8.7 was discovered to contain a
memory leak ...)
+ TODO: check
+CVE-2025-61145 (libtiff up to v4.7.1 was discovered to contain a double free
via the c ...)
+ TODO: check
+CVE-2025-61144 (libtiff up to v4.7.1 was discovered to contain a stack
overflow via th ...)
+ TODO: check
+CVE-2025-61143 (libtiff up to v4.7.1 was discovered to contain a NULL pointer
derefere ...)
+ TODO: check
+CVE-2025-59873 (An information exposure vulnerability exists in Vulnerability
in HCL ...)
+ TODO: check
+CVE-2025-41002 (SQL injection vulnerability in Infoticketing. This
vulnerability allow ...)
+ TODO: check
+CVE-2025-40986 (Reflected Cross-Site Scripting (XSS) vulnerability in
PideTuCita. This ...)
+ TODO: check
+CVE-2025-40701 (Reflected Cross-Site Scripting vulnerability in SOTESHOP,
version 8.3. ...)
+ TODO: check
+CVE-2025-14905 (A flaw was found in the 389-ds-base server. A heap buffer
overflow vul ...)
+ TODO: check
CVE-2026-2998 (ERP developed by eAI Technologies has a DLL Hijacking
vulnerability, a ...)
NOT-FOR-US: ERP eAI Technologies
CVE-2026-2997 (Tronclass developed by WisdomGarden has a Insecure Direct
Object Refer ...)
@@ -1400,7 +1478,7 @@ CVE-2026-26359 (Dell Unisphere for PowerMax, version(s)
10.2, contain(s) an Exte
NOT-FOR-US: Dell / EMC
CVE-2026-26358 (Dell Unisphere for PowerMax, version(s) 10.2, contain(s) a
Missing Aut ...)
NOT-FOR-US: Dell / EMC
-CVE-2026-26345 (SPIP before 4.4.8 allows Cross-Site Scripting (XSS) in the
public area ...)
+CVE-2026-26345 (SPIP before 4.4.8 contains a stored cross-site scripting (XSS)
vulnera ...)
- spip 4.4.9+dfsg-1
NOTE:
https://blog.spip.net/Mise-a-jour-de-securite-sortie-de-SPIP-4-4-8.html
CVE-2026-26339 (Hyland Alfresco Transformation Service allows unauthenticated
attacker ...)
@@ -1422,7 +1500,7 @@ CVE-2026-26278 (fast-xml-parser allows users to validate
XML, parse XML to JS ob
NOTE: node-webfont provides node-fast-xml-parser
CVE-2026-26267 (soroban-sdk is a Rust SDK for Soroban contracts. Prior to
versions 22. ...)
NOT-FOR-US: soroban-sdk
-CVE-2026-26223 (SPIP before 4.4.8 allows Cross-Site Scripting (XSS) in the
private are ...)
+CVE-2026-26223 (SPIP before 4.4.8 allows cross-site scripting (XSS) in the
private are ...)
- spip 4.4.9+dfsg-1
NOTE:
https://blog.spip.net/Mise-a-jour-de-securite-sortie-de-SPIP-4-4-8.html
CVE-2026-26205 (opa-envoy-plugun is a plugin to enforce OPA policies with
Envoy. Versi ...)
@@ -4988,7 +5066,7 @@ CVE-2025-70029 (An issue in Sunbird-Ed SunbirdEd-portal
v1.13.4 allows attackers
NOT-FOR-US: Sunbird-Ed SunbirdEd-portal
CVE-2025-69874 (nanotar through 0.2.0 has a path traversal vulnerability in
parseTar() ...)
NOT-FOR-US: nanotar Node.js module
-CVE-2025-69873 (ajv (Another JSON Schema Validator) through version 8.17.1 is
vulnerab ...)
+CVE-2025-69873 (ajv (Another JSON Schema Validator) before 8.18.0 is
vulnerable to Reg ...)
- node-ajv <unfixed> (bug #1128140)
[trixie] - node-ajv <no-dsa> (Minor issue)
[bookworm] - node-ajv <no-dsa> (Minor issue)
@@ -6296,7 +6374,7 @@ CVE-2026-22613 (The server identity check mechanism for
firmware upgrade perform
NOT-FOR-US: Eaton
CVE-2026-1868 (GitLab has remediated a vulnerability in the Duo Workflow
Service comp ...)
NOT-FOR-US: GitLab AI Gateway
-CVE-2026-1615 (Versions of the package jsonpath from 0.0.0 are vulnerable to
Arbitrar ...)
+CVE-2026-1615 (Versions of the package jsonpath before 1.2.0 are vulnerable to
Arbitr ...)
NOT-FOR-US: Node jsonpath
CVE-2026-0870 (MacroHub developed by GIGABYTE has a Local Privilege Escalation
vulner ...)
NOT-FOR-US: MacroHub
@@ -10703,6 +10781,7 @@ CVE-2026-21720 (Every uncached /avatar/:hash request
spawns a goroutine that ref
CVE-2026-21417 (Dell CloudBoost Virtual Appliance, versions prior to
19.14.0.0, contai ...)
NOT-FOR-US: Dell / EMC
CVE-2026-1489 (A flaw was found in GLib. An integer overflow vulnerability in
its Uni ...)
+ {DLA-4491-1}
- glib2.0 2.86.3-5 (bug #1126549)
[trixie] - glib2.0 <no-dsa> (Minor issue)
[bookworm] - glib2.0 <no-dsa> (Minor issue)
@@ -10710,6 +10789,7 @@ CVE-2026-1489 (A flaw was found in GLib. An integer
overflow vulnerability in it
NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4983
NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4984
CVE-2026-1485 (A flaw was found in Glib's content type parsing logic. This
buffer und ...)
+ {DLA-4491-1}
- glib2.0 2.86.3-5 (bug #1126550)
[trixie] - glib2.0 <no-dsa> (Minor issue)
[bookworm] - glib2.0 <no-dsa> (Minor issue)
@@ -10717,6 +10797,7 @@ CVE-2026-1485 (A flaw was found in Glib's content type
parsing logic. This buffe
NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4980
NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4981
CVE-2026-1484 (A flaw was found in the GLib Base64 encoding routine when
processing v ...)
+ {DLA-4491-1}
- glib2.0 2.86.3-5 (bug #1126551)
[trixie] - glib2.0 <no-dsa> (Minor issue)
[bookworm] - glib2.0 <no-dsa> (Minor issue)
@@ -10933,43 +11014,43 @@ CVE-2025-66199 (Issue summary: A TLS 1.3 connection
using certificate compressio
NOTE: https://openssl-library.org/news/secadv/20260127.txt
NOTE: Fixed by:
https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5
(openssl-3.5.5)
CVE-2025-68160 (Issue summary: Writing large, newline-free data into a BIO
chain using ...)
- {DSA-6113-1}
+ {DSA-6113-1 DLA-4490-1}
- openssl 3.5.5-1
NOTE: https://openssl-library.org/news/secadv/20260127.txt
NOTE: Fixed by:
https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0
(openssl-3.5.5)
NOTE: Fixed by:
https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6
(openssl-3.0.19)
CVE-2025-69418 (Issue summary: When using the low-level OCB API directly with
AES-NI o ...)
- {DSA-6113-1}
+ {DSA-6113-1 DLA-4490-1}
- openssl 3.5.5-1
NOTE: https://openssl-library.org/news/secadv/20260127.txt
NOTE: Fixed by:
https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8
(openssl-3.5.5)
NOTE: Fixed by:
https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347
(openssl-3.0.19)
CVE-2025-69419 (Issue summary: Calling PKCS12_get_friendlyname() function on a
malicio ...)
- {DSA-6113-1}
+ {DSA-6113-1 DLA-4490-1}
- openssl 3.5.5-1
NOTE: https://openssl-library.org/news/secadv/20260127.txt
NOTE: Fixed by:
https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535
(openssl-3.5.5)
NOTE: Fixed by:
https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296
(openssl-3.0.19)
CVE-2025-69420 (Issue summary: A type confusion vulnerability exists in the
TimeStamp ...)
- {DSA-6113-1}
+ {DSA-6113-1 DLA-4490-1}
- openssl 3.5.5-1
NOTE: https://openssl-library.org/news/secadv/20260127.txt
NOTE: Fixed by:
https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e
(openssl-3.5.5)
NOTE: Fixed by:
https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a
(openssl-3.0.19)
CVE-2025-69421 (Issue summary: Processing a malformed PKCS#12 file can trigger
a NULL ...)
- {DSA-6113-1}
+ {DSA-6113-1 DLA-4490-1}
- openssl 3.5.5-1
NOTE: https://openssl-library.org/news/secadv/20260127.txt
NOTE: Fixed by:
https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b
(openssl-3.5.5)
NOTE: Fixed by:
https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7
(openssl-3.0.19)
CVE-2026-22795 (Issue summary: An invalid or NULL pointer dereference can
happen in an ...)
- {DSA-6113-1}
+ {DSA-6113-1 DLA-4490-1}
- openssl 3.5.5-1
NOTE: https://openssl-library.org/news/secadv/20260127.txt
NOTE: Fixed by:
https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4
(openssl-3.5.5)
NOTE: Fixed by:
https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49
(openssl-3.0.19)
CVE-2026-22796 (Issue summary: A type confusion vulnerability exists in the
signature ...)
- {DSA-6113-1}
+ {DSA-6113-1 DLA-4490-1}
- openssl 3.5.5-1
NOTE: https://openssl-library.org/news/secadv/20260127.txt
NOTE: Fixed by:
https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4
(openssl-3.5.5)
@@ -15172,6 +15253,7 @@ CVE-2025-68675 (In Apache Airflow versions before
3.1.6, the proxies and proxy f
CVE-2025-68438 (In Apache Airflow versions before 3.1.6, when rendered
template fields ...)
- airflow <itp> (bug #819700)
CVE-2026-0988 (A flaw was found in glib. Missing validation of offset and
count param ...)
+ {DLA-4491-1}
[experimental] - glib2.0 2.87.1-1
- glib2.0 2.86.3-5 (bug #1125752)
[trixie] - glib2.0 <no-dsa> (Minor issue)
@@ -408997,7 +409079,7 @@ CVE-2021-41812
RESERVED
CVE-2021-41811
RESERVED
-CVE-2021-41810 (Admin tool allows storing configuration data with script which
may the ...)
+CVE-2021-41810 (Script injection in M-Files Admin versions before
22.2.11051.0, allows ...)
NOT-FOR-US: M-Files Server
CVE-2021-41809 (SSRF vulnerability in M-Files Server products with versions
before 22. ...)
NOT-FOR-US: M-Files Server
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1e0f3b9b30e594cbe639cb284c8a2621946baeea
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1e0f3b9b30e594cbe639cb284c8a2621946baeea
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
