Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1d5c1c9f by security tracker role at 2026-02-27T08:13:25+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,14 +1,266 @@
+CVE-2026-3302 (A weakness has been identified in SourceCodester Doctor
Appointment Sy ...)
+ TODO: check
+CVE-2026-3301 (A security flaw has been discovered in Totolink N300RH
6.1c.1353_B2019 ...)
+ TODO: check
+CVE-2026-3293 (A weakness has been identified in snowflakedb snowflake-jdbc up
to 4.0 ...)
+ TODO: check
+CVE-2026-3292 (A security vulnerability has been detected in jizhiCMS up to
2.5.6. Af ...)
+ TODO: check
+CVE-2026-3289 (A weakness has been identified in Sanluan PublicCMS 6.202506.d.
This i ...)
+ TODO: check
+CVE-2026-3287 (A security flaw has been discovered in youlaitech youlai-mall
2.0.0. T ...)
+ TODO: check
+CVE-2026-3286 (A vulnerability was identified in itwanger paicoding
1.0.0/1.0.1/1.0.2 ...)
+ TODO: check
+CVE-2026-3285 (A vulnerability was determined in berry-lang berry up to 1.1.0.
The af ...)
+ TODO: check
+CVE-2026-3284 (A vulnerability was found in libvips 8.19.0. Impacted is the
function ...)
+ TODO: check
+CVE-2026-3283 (A vulnerability has been found in libvips 8.19.0. This issue
affects t ...)
+ TODO: check
+CVE-2026-3282 (A flaw has been found in libvips 8.19.0. This vulnerability
affects th ...)
+ TODO: check
+CVE-2026-3281 (A vulnerability was detected in libvips 8.19.0. This affects
the funct ...)
+ TODO: check
+CVE-2026-3275 (A weakness has been identified in Tenda F453 1.0.0.3. This
affects the ...)
+ TODO: check
+CVE-2026-3274 (A security flaw has been discovered in Tenda F453 1.0.0.3.
Affected by ...)
+ TODO: check
+CVE-2026-3273 (A vulnerability was identified in Tenda F453 1.0.0.3. Affected
by this ...)
+ TODO: check
+CVE-2026-3272 (A vulnerability was determined in Tenda F453 1.0.0.3. Affected
is the ...)
+ TODO: check
+CVE-2026-3271 (A vulnerability was found in Tenda F453 1.0.0.3. This impacts
the func ...)
+ TODO: check
+CVE-2026-3270 (A vulnerability has been found in psi-probe PSI Probe up to
5.3.0. Thi ...)
+ TODO: check
+CVE-2026-3269 (A flaw has been found in psi-probe PSI Probe up to 5.3.0. The
impacted ...)
+ TODO: check
+CVE-2026-3268 (A vulnerability was detected in psi-probe PSI Probe up to
5.3.0. The a ...)
+ TODO: check
+CVE-2026-3265 (A vulnerability was identified in go2ismail Free-CRM up to
b83c40a9072 ...)
+ TODO: check
+CVE-2026-3264 (A vulnerability was determined in go2ismail Free-CRM up to
b83c40a9072 ...)
+ TODO: check
+CVE-2026-3263 (A vulnerability was found in go2ismail
Asp.Net-Core-Inventory-Order-Ma ...)
+ TODO: check
+CVE-2026-3262 (A vulnerability has been found in go2ismail
Asp.Net-Core-Inventory-Ord ...)
+ TODO: check
+CVE-2026-3261 (A flaw has been found in itsourcecode School Management System
1.0. Th ...)
+ TODO: check
+CVE-2026-3037 (An OS command injection vulnerability exists in XWEB Pro
version 1.12. ...)
+ TODO: check
+CVE-2026-2428 (The Fluent Forms Pro Add On Pack plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2026-28370 (In the query parser in OpenStack Vitrage before 12.0.1,
13.0.0, 14.0.0 ...)
+ TODO: check
+CVE-2026-28364 (In OCaml before 4.14.3 and 5.x before 5.4.1, a buffer
over-read in Mar ...)
+ TODO: check
+CVE-2026-28363 (In OpenClaw before 2026.2.23, tools.exec.safeBins validation
for sort ...)
+ TODO: check
+CVE-2026-28280 (osctrl is an osquery management solution. Prior to version
0.5.0, a st ...)
+ TODO: check
+CVE-2026-28279 (osctrl is an osquery management solution. Prior to version
0.5.0, an O ...)
+ TODO: check
+CVE-2026-28276 (Initiative is a self-hosted project management platform. An
access con ...)
+ TODO: check
+CVE-2026-28275 (Initiative is a self-hosted project management platform.
Versions of t ...)
+ TODO: check
+CVE-2026-28274 (Initiative is a self-hosted project management platform.
Versions of t ...)
+ TODO: check
+CVE-2026-28269 (Kiteworks is a private data network (PDN). Prior to version
9.2.0, avu ...)
+ TODO: check
+CVE-2026-28230 (SteVe is an open-source EV charging station management system.
In vers ...)
+ TODO: check
+CVE-2026-28227 (Discourse is an open source discussion platform. Prior to
versions 202 ...)
+ TODO: check
+CVE-2026-28226 (Phishing Club is a phishing simulation and man-in-the-middle
framework ...)
+ TODO: check
+CVE-2026-28225 (Manyfold is an open source, self-hosted web application for
managing a ...)
+ TODO: check
+CVE-2026-28219 (Discourse is an open source discussion platform. Prior to
versions 202 ...)
+ TODO: check
+CVE-2026-28218 (Discourse is an open source discussion platform. Prior to
versions 202 ...)
+ TODO: check
+CVE-2026-28217 (hoppscotch is an open source API development ecosystem. Prior
to versi ...)
+ TODO: check
+CVE-2026-28216 (hoppscotch is an open source API development ecosystem. Prior
to versi ...)
+ TODO: check
+CVE-2026-28215 (hoppscotch is an open source API development ecosystem. Prior
to versi ...)
+ TODO: check
+CVE-2026-28213 (EverShop is a TypeScript-first eCommerce platform. Versions
prior to 2 ...)
+ TODO: check
+CVE-2026-28211 (The NVDA Dev & Test Toolbox is an NVDA add-on for gathering
tools to h ...)
+ TODO: check
+CVE-2026-28208 (Junrar is an open source java RAR archive library. Prior to
version 7. ...)
+ TODO: check
+CVE-2026-28207 (Zen C is a systems programming language that compiles to
human-readabl ...)
+ TODO: check
+CVE-2026-27839 (wger is a free, open-source workout and fitness manager. In
versions u ...)
+ TODO: check
+CVE-2026-27838 (wger is a free, open-source workout and fitness manager. Five
routine ...)
+ TODO: check
+CVE-2026-27835 (wger is a free, open-source workout and fitness manager. In
versions u ...)
+ TODO: check
+CVE-2026-27776 (IM-LogicDesigner module of intra-mart Accel Platform contains
insecure ...)
+ TODO: check
+CVE-2026-27773 (Charging station authentication identifiers are publicly
accessible vi ...)
+ TODO: check
+CVE-2026-27772 (WebSocket endpoints lack proper authentication mechanisms,
enabling a ...)
+ TODO: check
+CVE-2026-27767 (WebSocket endpoints lack proper authentication mechanisms,
enabling a ...)
+ TODO: check
+CVE-2026-27653 (The installers for multiple products provided by Soliton
Systems K.K. ...)
+ TODO: check
+CVE-2026-27652 (The WebSocket backend uses charging station identifiers to
uniquely a ...)
+ TODO: check
+CVE-2026-27647 (The WebSocket backend uses charging station identifiers to
uniquely a ...)
+ TODO: check
+CVE-2026-27638 (Actual is a local-first personal finance tool. Prior to
version 26.2.1 ...)
+ TODO: check
+CVE-2026-27457 (Weblate is a web based localization tool. Prior to version
5.16.1, the ...)
+ TODO: check
+CVE-2026-27449 (Umbraco Engage is a business intelligence platform. A
vulnerability ha ...)
+ TODO: check
+CVE-2026-27162 (Discourse is an open source discussion platform. Prior to
versions 202 ...)
+ TODO: check
+CVE-2026-27154 (Discourse is an open source discussion platform. Prior to
versions 202 ...)
+ TODO: check
+CVE-2026-27153 (Discourse is an open source discussion platform. Prior to
versions 202 ...)
+ TODO: check
+CVE-2026-27152 (Discourse is an open source discussion platform. Prior to
versions 202 ...)
+ TODO: check
+CVE-2026-27151 (Discourse is an open source discussion platform. Prior to
versions 202 ...)
+ TODO: check
+CVE-2026-27150 (Discourse is an open source discussion platform. Prior to
versions 202 ...)
+ TODO: check
+CVE-2026-27149 (Discourse is an open source discussion platform. Prior to
versions 202 ...)
+ TODO: check
+CVE-2026-27028 (WebSocket endpoints lack proper authentication mechanisms,
enabling a ...)
+ TODO: check
+CVE-2026-27021 (Discourse is an open source discussion platform. Prior to
versions 202 ...)
+ TODO: check
+CVE-2026-26305 (The WebSocket Application Programming Interface lacks
restrictions on ...)
+ TODO: check
+CVE-2026-26290 (The WebSocket backend uses charging station identifiers to
uniquely a ...)
+ TODO: check
+CVE-2026-25945 (The WebSocket Application Programming Interface lacks
restrictions on ...)
+ TODO: check
+CVE-2026-25851 (WebSocket endpoints lack proper authentication mechanisms,
enabling a ...)
+ TODO: check
+CVE-2026-25778 (The WebSocket backend uses charging station identifiers to
uniquely a ...)
+ TODO: check
+CVE-2026-25774 (Charging station authentication identifiers are publicly
accessible vi ...)
+ TODO: check
+CVE-2026-25741 (Zulip is an open-source team collaboration tool. Prior to
commit bf28c ...)
+ TODO: check
+CVE-2026-25721 (An OS command injection vulnerability exists in XWEB Pro
version 1.12 ...)
+ TODO: check
+CVE-2026-25711 (The WebSocket backend uses charging station identifiers to
uniquely a ...)
+ TODO: check
+CVE-2026-25196 (An OS command injection vulnerability exists in XWEB Pro
version 1.12 ...)
+ TODO: check
+CVE-2026-25195 (An OS command injection vulnerability exists in XWEB Pro
version 1 ...)
+ TODO: check
+CVE-2026-25114 (The WebSocket Application Programming Interface lacks
restrictions on ...)
+ TODO: check
+CVE-2026-25113 (The WebSocket Application Programming Interface lacks
restrictions on ...)
+ TODO: check
+CVE-2026-25111 (An OS command injection vulnerability exists in XWEB Pro
version 1.12 ...)
+ TODO: check
+CVE-2026-25109 (An OS command injection vulnerability exists in XWEB Pro
version 1. ...)
+ TODO: check
+CVE-2026-25105 (An OS command injection vulnerability exists in XWEB Pro
version ...)
+ TODO: check
+CVE-2026-25085 (A vulnerability exists in Copeland XWEB Pro version 1.12.1 and
prior, ...)
+ TODO: check
+CVE-2026-25037 (An OS command injection vulnerability exists in XWEB Pro
version 1.1 ...)
+ TODO: check
+CVE-2026-24731 (WebSocket endpoints lack proper authentication mechanisms,
enabling a ...)
+ TODO: check
+CVE-2026-24695 (An OS command injection vulnerability exists in XWEB Pro
version ...)
+ TODO: check
+CVE-2026-24689 (An OS command injection vulnerability exists in XWEB Pro
version 1.1 ...)
+ TODO: check
+CVE-2026-24663 (An OS command injection vulnerability exists in XWEB Pro
version 1.12. ...)
+ TODO: check
+CVE-2026-24517 (An OS command injection vulnerability exists in XWEB Pro
version 1. ...)
+ TODO: check
+CVE-2026-24498 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
+CVE-2026-24497 (Stack-based Buffer Overflow vulnerability in SimTech Systems,
Inc. Thi ...)
+ TODO: check
+CVE-2026-24452 (An OS command injection vulnerability exists in XWEB Pro
version 1.1 ...)
+ TODO: check
+CVE-2026-24445 (The WebSocket Application Programming Interface lacks
restrictions on ...)
+ TODO: check
+CVE-2026-23702 (An OS command injection vulnerability exists in XWEB Pro
version 1.12 ...)
+ TODO: check
+CVE-2026-22890 (Charging station authentication identifiers are publicly
accessible vi ...)
+ TODO: check
+CVE-2026-22878 (Charging station authentication identifiers are publicly
accessible vi ...)
+ TODO: check
+CVE-2026-22877 (An arbitrary file-read vulnerability exists in XWEB Pro
version 1.12.1 ...)
+ TODO: check
+CVE-2026-22207 (OpenViking through version 0.1.18, prior to
commit0251c70,contains a b ...)
+ TODO: check
+CVE-2026-22206 (SPIP versions prior to 4.4.10 contain a SQL injection
vulnerability th ...)
+ TODO: check
+CVE-2026-22205 (SPIP versions prior to 4.4.10 contain an authentication bypass
vulnera ...)
+ TODO: check
+CVE-2026-21718 (An authentication bypass vulnerability exists in Copeland XWEB
Pro ve ...)
+ TODO: check
+CVE-2026-21389 (An OS command injection vulnerability exists in XWEB Pro
version 1.12 ...)
+ TODO: check
+CVE-2026-20910 (An OS command injection vulnerability exists in XWEB Pro
version 1.12 ...)
+ TODO: check
+CVE-2026-20902 (An OS command injection vulnerability exists in XWEB Pro
version 1 ...)
+ TODO: check
+CVE-2026-20895 (The WebSocket backend uses charging station identifiers to
uniquely a ...)
+ TODO: check
+CVE-2026-20797 (A stack based buffer overflow exists in an API route of XWEB
Pro versi ...)
+ TODO: check
+CVE-2026-20792 (The WebSocket Application Programming Interface lacks
restrictions on ...)
+ TODO: check
+CVE-2026-20791 (Charging station authentication identifiers are publicly
accessible vi ...)
+ TODO: check
+CVE-2026-20781 (WebSocket endpoints lack proper authentication mechanisms,
enabling a ...)
+ TODO: check
+CVE-2026-20764 (An OS command injection vulnerability exists in XWEB Pro
version 1.12 ...)
+ TODO: check
+CVE-2026-20742 (An OS command injection vulnerability exists in XWEB Pro
version 1.1 ...)
+ TODO: check
+CVE-2026-20733 (Charging station authentication identifiers are publicly
accessible vi ...)
+ TODO: check
+CVE-2026-1585 (An unquoted Windows service executable path vulnerability in IJ
Scan U ...)
+ TODO: check
+CVE-2026-1558 (The WP Recipe Maker plugin for WordPress is vulnerable to an
Insecure ...)
+ TODO: check
+CVE-2026-1442 (Since the encryption algorithm used to protect firmware updates
is its ...)
+ TODO: check
+CVE-2025-15567 (Insufficient protection mechanisms in the Health Module may
lead to pa ...)
+ TODO: check
+CVE-2025-15509 (TheSmartRemote module has insufficient restrictions on loading
URLs, w ...)
+ TODO: check
+CVE-2025-14149 (The Xpro Addons \u2014 140+ Widgets for Elementor plugin for
WordPress ...)
+ TODO: check
+CVE-2025-14040 (The Automotive Car Dealership Business WordPress Theme for
WordPress i ...)
+ TODO: check
+CVE-2025-12981 (The Listee theme for WordPress is vulnerable to privilege
escalation i ...)
+ TODO: check
+CVE-2023-31364 (Improper handling of direct memory writes in the input-output
memory m ...)
+ TODO: check
CVE-2026-XXXX [rashes Opus buffer overruns]
- mumble 1.5.735-7 (bug #1129178)
[trixie] - mumble <no-dsa> (Minor issue; will be fixed via point
release)
[bookworm] - mumble <no-dsa> (Minor issue; will be fixed via point
release)
NOTE: https://github.com/mumble-voip/mumble/pull/7032
NOTE: Fixed by (merge):
https://github.com/mumble-voip/mumble/commit/ff2a2332cccb267721553f09c0ded4de880622e0
-CVE-2021-4456 [mishandles leading zeros in IP CIDR addresses]
+CVE-2021-4456 (Net::CIDR versions before 0.24 for Perl mishandle leading zeros
in IP ...)
- libnet-cidr-perl 0.25-1
NOTE: https://lists.security.metacpan.org/cve-announce/msg/37425715/
NOTE: Fixed by:
https://github.com/svarshavchik/Net-CIDR/commit/e3648c6bc6bdd018f90cca4149c467017d42bd10
-CVE-2025-40932 [creates insecure session id]
+CVE-2025-40932 (Apache::SessionX versions through 2.01 for Perl create
insecure sessio ...)
- libapache-sessionx-perl <unfixed>
NOTE: https://lists.security.metacpan.org/cve-announce/msg/37425045/
CVE-2026-3071 (Deserialization of untrusted data in the LanguageModel class of
Flair ...)
@@ -1722,12 +1974,15 @@ CVE-2025-11846 (A null pointer dereference
vulnerability in the account settings
CVE-2025-11845 (A null pointer dereference vulnerability in the certificate
downloader ...)
NOT-FOR-US: Zyxel
CVE-2026-3063 (Inappropriate implementation in DevTools in Google Chrome prior
to 145 ...)
+ {DSA-6151-1}
- chromium 145.0.7632.116-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-3062 (Out of bounds read and write in Tint in Google Chrome on Mac
prior to ...)
+ {DSA-6151-1}
- chromium 145.0.7632.116-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-3061 (Out of bounds read in Media in Google Chrome prior to
145.0.7632.116 a ...)
+ {DSA-6151-1}
- chromium 145.0.7632.116-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-58041 (Smolder versions through 1.51 for Perl uses insecure rand()
function f ...)
@@ -1950,7 +2205,7 @@ CVE-2019-25391 (Ashop Shopping Cart Software contains a
time-based blind SQL inj
NOT-FOR-US: Ashop Shopping Cart Software
CVE-2019-25366 (microASP Portal+ CMS contains an SQL injection vulnerability
that allo ...)
NOT-FOR-US: microASP Portal+ CMS
-CVE-2026-2597 [Disallow requesting strings with negative lengths]
+CVE-2026-2597 (Crypt::SysRandom::XS versions before 0.010 for Perl is
vulnerable to a ...)
- libcrypt-sysrandom-xs-perl 0.011-1
NOTE: Fixed by:
https://github.com/Leont/crypt-sysrandom-xs/commit/a402e0381a2150799a9ad919f0942f62d0282d2d
(v0.010)
CVE-2026-2933 (A weakness has been identified in YiFang CMS up to 2.0.5. This
affects ...)
@@ -4913,7 +5168,8 @@ CVE-2026-2049 [ZDI-CAN-28618: New Vulnerability Report at
rgbe.c]
NOTE: https://gitlab.gnome.org/GNOME/gegl/-/merge_requests/241
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/gegl/-/commit/d32f1badb4bde1d6e8137f687d9ee1195768d4ed
NOTE: Same fix as for CVE-2026-2050 (main tracked upstream, considered
duplicate)
-CVE-2026-28372 [telnetd: don't allow systemd service credentials]
+CVE-2026-28372 (telnetd in GNU inetutils through 2.7 allows privilege
escalation that ...)
+ {DSA-6144-1}
- inetutils 2:2.7-3
[bookworm] - inetutils <ignored> (Not exploitable with util-linux/login
Version in Debian bookworm)
[bullseye] - inetutils <ignored> (Not exploitable with util-linux/login
Version in Debian bullseye)
@@ -10458,32 +10714,33 @@ CVE-2019-25263 (Zendesk SweetHawk Survey 1.6 contains
a persistent cross-site sc
CVE-2019-25261 (AnyDesk 5.4.0 contains an unquoted service path vulnerability
in its W ...)
NOT-FOR-US: AnyDesk
CVE-2026-1312 (An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11,
and 4. ...)
- {DLA-4484-1}
+ {DSA-6150-1 DLA-4484-1}
- python-django 3:4.2.28-1 (bug #1126914)
NOTE:
https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
NOTE: Fixed by:
https://github.com/django/django/commit/90f5b10784ba5bf369caed87640e2b4394ea3314
(4.2.28)
CVE-2026-1287 (An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11,
and 4. ...)
- {DLA-4484-1}
+ {DSA-6150-1 DLA-4484-1}
- python-django 3:4.2.28-1 (bug #1126914)
NOTE:
https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
NOTE: Fixed by:
https://github.com/django/django/commit/f75f8f3597e1ce351d5ac08b6ba7ebd9dadd9b5d
(4.2.28)
CVE-2026-1285 (An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11,
and 4. ...)
- {DLA-4484-1}
+ {DSA-6150-1 DLA-4484-1}
- python-django 3:4.2.28-1 (bug #1126914)
NOTE:
https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
NOTE: Fixed by:
https://github.com/django/django/commit/b40cfc6052ced26dcd8166a58ea6f841d0d2cac8
(4.2.28)
CVE-2026-1207 (An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11,
and 4. ...)
- {DLA-4484-1}
+ {DSA-6150-1 DLA-4484-1}
- python-django 3:4.2.28-1 (bug #1126914)
NOTE:
https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
NOTE: Fixed by:
https://github.com/django/django/commit/a14363102d98fa29b8cced578eb3a0fadaa5bcb7
(4.2.28)
CVE-2025-14550 (An issue was discovered in 6.0 before 6.0.2, 5.2 before
5.2.11, and 4. ...)
+ {DSA-6150-1}
- python-django 3:4.2.28-1 (bug #1126914)
[bullseye] - python-django <not-affected> (Vulnerable code not present;
no ASGI support)
NOTE:
https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
NOTE: Fixed by:
https://github.com/django/django/commit/f578acc8c54530fffabd52d2db654c8669b011af
(4.2.28)
CVE-2025-13473 (An issue was discovered in 6.0 before 6.0.2, 5.2 before
5.2.11, and 4. ...)
- {DLA-4484-1}
+ {DSA-6150-1 DLA-4484-1}
- python-django 3:4.2.28-1 (bug #1126914)
NOTE:
https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
NOTE: Fixed by:
https://github.com/django/django/commit/6dc23508f3395e1254c315084c7334ef81c4c09a
(4.2.28)
@@ -17021,7 +17278,7 @@ CVE-2026-0988 (A flaw was found in glib. Missing
validation of offset and count
[bookworm] - glib2.0 <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/3851
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/glib/-/commit/c5766cff61ffce0b8e787eae09908ac348338e5f
(2.87.1)
-CVE-2026-0980
+CVE-2026-0980 (A flaw was found in rubyipmi, a gem used in the Baseboard
Management C ...)
NOT-FOR-US: rubyipmi Ruby Gem
CVE-2026-23766
REJECTED
@@ -17301,7 +17558,7 @@ CVE-2026-22797 (An issue was discovered in OpenStack
keystonemiddleware 10.5 thr
CVE-2026-0708
NOTE: https://github.com/vstakhov/libucl/issues/323
TODO: check if impacts security wise rspamd, which embeds libucl and
uses it a compile time
-CVE-2026-0871
+CVE-2026-0871 (A flaw was found in Keycloak. An administrator with
`manage-users` per ...)
- keycloak <itp> (bug #1088287)
CVE-2026-23582
REJECTED
@@ -33437,7 +33694,7 @@ CVE-2020-36883 (SpinetiX Fusion Digital Signage 3.4.8
and lower contains an auth
NOT-FOR-US: SpinetiX Fusion Digital Signage
CVE-2025-14083 (A flaw was found in the Keycloak Admin REST API. This
vulnerability al ...)
- keycloak <itp> (bug #1088287)
-CVE-2025-13327
+CVE-2025-13327 (A flaw was found in uv. This vulnerability allows an attacker
to execu ...)
- uv <itp> (bug #1069776)
CVE-2025-9315 (An unauthenticated device registration vulnerability, caused by
Improp ...)
NOT-FOR-US: Moxa
@@ -61740,11 +61997,11 @@ CVE-2025-39837 (In the Linux kernel, the following
vulnerability has been resolv
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/5549202b9c02c2ecbc8634768a3da8d9e82d548d (6.17-rc5)
-CVE-2025-9909
+CVE-2025-9909 (A flaw was found in the Red Hat Ansible Automation Platform
Gateway ro ...)
NOT-FOR-US: Red Hat Ansible Automation Platform
-CVE-2025-9908
+CVE-2025-9908 (A flaw was found in the Red Hat Ansible Automation Platform,
Event-Dri ...)
NOT-FOR-US: Red Hat Ansible Automation Platform
-CVE-2025-9907
+CVE-2025-9907 (A flaw was found in the Red Hat Ansible Automation Platform,
Event-Dri ...)
NOT-FOR-US: Red Hat Ansible Automation Platform
CVE-2025-9992 (The Ghost Kit \u2013 Page Builder Blocks, Motion Effects &
Extensions ...)
NOT-FOR-US: WordPress plugin
@@ -69971,7 +70228,7 @@ CVE-2008-20001 (activePDF WebGrabber version 3.8.2.0
contains a stack-based buff
NOT-FOR-US: activePDF WebGrabber
CVE-2005-10004 (Cacti versions prior to 0.8.6-d contain a remote command
execution vul ...)
- cacti 0.8.6d-1
-CVE-2025-9572
+CVE-2025-9572 (n authorization flaw in Foreman's GraphQL API allows
low-privileged us ...)
- foreman <itp> (bug #663101)
CVE-2025-38677 (In the Linux kernel, the following vulnerability has been
resolved: f ...)
{DSA-6009-1 DSA-6008-1 DLA-4328-1 DLA-4327-1}
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1d5c1c9fab4430a441a645ce53b2462c2cf2d16b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1d5c1c9fab4430a441a645ce53b2462c2cf2d16b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
