Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f5d8c6e5 by security tracker role at 2026-03-03T20:14:05+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,10 +1,150 @@
-CVE-2026-25674
+CVE-2026-3494 (In MariaDB server version through 11.8.5, when server audit
plugin is ...)
+ TODO: check
+CVE-2026-3484 (A vulnerability was detected in PhialsBasement nmap-mcp-server
up to b ...)
+ TODO: check
+CVE-2026-3465 (A vulnerability was determined in Tuya App and SDK 24.07.11 on
Android ...)
+ TODO: check
+CVE-2026-3463 (A weakness has been identified in xlnt-community xlnt up to
1.6.1. Imp ...)
+ TODO: check
+CVE-2026-3437 (An Improper Restriction of Operations within the Bounds of a
Memory Bu ...)
+ TODO: check
+CVE-2026-3351 (Improper authorization in the API endpoint GET
/1.0/certificates in Ca ...)
+ TODO: check
+CVE-2026-3344 (A vulnerability in WatchGuard Fireware OS may allow an attacker
to byp ...)
+ TODO: check
+CVE-2026-3343 (A reflected cross-site scripting (XSS) vulnerability in the
Fireware O ...)
+ TODO: check
+CVE-2026-3342 (An Out-of-bounds Write vulnerability in WatchGuard Fireware OS
may all ...)
+ TODO: check
+CVE-2026-3136 (An improper authorizationvulnerability in GitHub Trigger
Comment Contr ...)
+ TODO: check
+CVE-2026-2915 (HP System Event Utility might allow denial of service with
elevated ar ...)
+ TODO: check
+CVE-2026-2637 (iBoysoft NTFS for Mac contains a local privilege escalation
vulnerabil ...)
+ TODO: check
+CVE-2026-2606 (IBM webMethods API Gateway (on-prem) 10.11 through
10.11_Fix3210.15 to ...)
+ TODO: check
+CVE-2026-2568 (The WP Zendesk for Contact Form 7, WPForms, Elementor,
Formidable and ...)
+ TODO: check
+CVE-2026-29022 (dr_libs version 0.14.4 and earlier (fixed in commit 8a7258c)
contain a ...)
+ TODO: check
+CVE-2026-28518 (OpenViking versions 0.2.1 and prior, fixed in commit46b3e76,
contain a ...)
+ TODO: check
+CVE-2026-26892 (Sourcecodester Logistic Hub Parcel's Management System v1.0 is
vulnera ...)
+ TODO: check
+CVE-2026-26891 (Sourcecodester Logistic Hub Parcel's Management System v1.0 is
vulnera ...)
+ TODO: check
+CVE-2026-26890 (Sourcecodester Pharmacy Point of Sale System v1.0 is
vulnerable to SQL ...)
+ TODO: check
+CVE-2026-26889 (Sourcecodester Pharmacy Point of Sale System v1.0 is
vulnerable to SQL ...)
+ TODO: check
+CVE-2026-26888 (Sourcecodester Pharmacy Point of Sale System v1.0 is
vulnerable to SQL ...)
+ TODO: check
+CVE-2026-26887 (Sourcecodester Pharmacy Point of Sale System v1.0 is
vulnerable to SQL ...)
+ TODO: check
+CVE-2026-26886 (Sourcecodester Online Men's Salon Management System v1.0 is
vulnerable ...)
+ TODO: check
+CVE-2026-26885 (Sourcecodester Online Men's Salon Management System v1.0 is
vulnerable ...)
+ TODO: check
+CVE-2026-26884 (Sourcecodester Online Men's Salon Management System v1.0 is
vulnerable ...)
+ TODO: check
+CVE-2026-26883 (Sourcecodester Online Men's Salon Management System v1.0 is
vulnerable ...)
+ TODO: check
+CVE-2026-24103 (A buffer overflow vulnerability was discovered in
goform/formSetMacFil ...)
+ TODO: check
+CVE-2026-22891 (A heap-based buffer overflow vulnerability exists in the Intan
CLP par ...)
+ TODO: check
+CVE-2026-22886 (OpenMQ exposes a TCP-based management service (imqbrokerd)
that by def ...)
+ TODO: check
+CVE-2026-20777 (A heap-based buffer overflow vulnerability exists in the
Nicolet WFT p ...)
+ TODO: check
+CVE-2026-1265 (IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is
vulnera ...)
+ TODO: check
+CVE-2026-0540 (DOMPurify 3.1.3 through 3.3.1 and 2.5.3 through 2.5.8, fixed in
commit ...)
+ TODO: check
+CVE-2025-70821 (renren-secuity before v5.5.0 is vulnerable to SQL Injection in
the Bas ...)
+ TODO: check
+CVE-2025-70236 (Stack buffer overflow vulnerability in D-Link DIR-513 v1.10
via the cu ...)
+ TODO: check
+CVE-2025-69765 (Tenda AX3 firmware v16.03.12.11 contains a stack overflow in
formGetIp ...)
+ TODO: check
+CVE-2025-67840 (Multiple authenticated OS command injection vulnerabilities
exist in t ...)
+ TODO: check
+CVE-2025-66945 (A path traversal vulnerability exists in the ZIP extraction
API of Zdi ...)
+ TODO: check
+CVE-2025-66680 (An issue in the WiseDelfile64.sys component of WiseCleaner
Wise Force ...)
+ TODO: check
+CVE-2025-66363 (An issue was discovered in LBS in Samsung Mobile Processor
Exynos 2200 ...)
+ TODO: check
+CVE-2025-64736 (An out-of-bounds read vulnerability exists in the ABF parsing
function ...)
+ TODO: check
+CVE-2025-63912 (Cohesity TranZman Migration Appliance Release 4.0 Build 14614
was disc ...)
+ TODO: check
+CVE-2025-63911 (Cohesity TranZman Migration Appliance Release 4.0 Build 14614
was disc ...)
+ TODO: check
+CVE-2025-63910 (An authenticated arbitrary file upload vulnerability in
Cohesity TranZ ...)
+ TODO: check
+CVE-2025-63909 (Incorrect access control in the component
/opt/SRLtzm/bin/TapeDumper o ...)
+ TODO: check
+CVE-2025-62817 (An issue was discovered in Samsung Mobile Processor Exynos
1280, 2200, ...)
+ TODO: check
+CVE-2025-62816 (An issue was discovered in Samsung Mobile Processor Exynos
1280, 2200, ...)
+ TODO: check
+CVE-2025-62815 (An issue was discovered in Samsung Mobile Processor Exynos
1380, 1480, ...)
+ TODO: check
+CVE-2025-62814 (An issue was discovered in Samsung Mobile Processor Exynos
1280, 2200, ...)
+ TODO: check
+CVE-2025-59060 (Hostname verification bypass issue in Apache Ranger
NiFiRegistryClient ...)
+ TODO: check
+CVE-2025-59059 (Remote Code Execution Vulnerability in
NashornScriptEngineCreator is r ...)
+ TODO: check
+CVE-2025-57622 (An issue in Step-Video-T2V allows a remote attacker to execute
arbitra ...)
+ TODO: check
+CVE-2025-52365 (A command injection vulnerability in the szc script of the
ccurtsinger ...)
+ TODO: check
+CVE-2025-36364 (IBM DevOps Plan 3.0.0 through 3.0.5 allows web page cache to
be stored ...)
+ TODO: check
+CVE-2025-36363 (IBM DevOps Plan 3.0.0 through 3.0.5 uses an inadequate account
lockout ...)
+ TODO: check
+CVE-2025-15599 (DOMPurify 3.1.3 through 3.2.6 and 2.5.3 through 2.5.8 contain
a cross- ...)
+ TODO: check
+CVE-2025-15598 (A vulnerability was found in Dataease SQLBot up to 1.5.1. This
impacts ...)
+ TODO: check
+CVE-2025-14923 (IBM WebSphere Application Server - Liberty 17.0.0.3 through
26.0.0.2 I ...)
+ TODO: check
+CVE-2025-14604 (IBM Storage Scale IBM S through rage Scale 5.2.3.0 - 5.2.3.5,
and IBM ...)
+ TODO: check
+CVE-2025-13734 (IBM Engineering Requirements Management DOORS Next 7.1, and
7.2 could ...)
+ TODO: check
+CVE-2025-13616 (IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0
returns sensit ...)
+ TODO: check
+CVE-2025-13490 (p.p1 {margin: 0.0px 0.0px 12.0px 0.0px; font: 15.0px
'Helvetica Neue'; ...)
+ TODO: check
+CVE-2024-55027 (Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was
discovered to st ...)
+ TODO: check
+CVE-2024-55026 (An issue in the reset_pj.cgi endpoint of Weintek cMT-3072XH2
easyweb v ...)
+ TODO: check
+CVE-2024-55025 (Incorrect access control in the VNC component of Weintek
cMT-3072XH2 e ...)
+ TODO: check
+CVE-2024-55024 (An authentication bypass vulnerability in the authorization
mechanism ...)
+ TODO: check
+CVE-2024-55023 (Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was
discovered to co ...)
+ TODO: check
+CVE-2024-55022 (Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was
discovered to co ...)
+ TODO: check
+CVE-2024-55021 (Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was
discovered to co ...)
+ TODO: check
+CVE-2024-55020 (A command injection vulnerability in the DHCP activation
feature of We ...)
+ TODO: check
+CVE-2024-55019 (Incorrect access control in the component download_wb.cgi of
Weintek c ...)
+ TODO: check
+CVE-2026-25674 (An issue was discovered in 6.0 before 6.0.3, 5.2 before
5.2.12, and 4. ...)
- python-django <unfixed> (bug #1129595)
[trixie] - python-django <no-dsa> (Minor issue)
[bookworm] - python-django <no-dsa> (Minor issue)
NOTE:
https://www.djangoproject.com/weblog/2026/mar/03/security-releases/
NOTE: Fixed by:
https://github.com/django/django/commit/54b50bf7d6dcbf02d4c01f853627cc9299d4934d
(4.2.29)
-CVE-2026-25673
+CVE-2026-25673 (An issue was discovered in 6.0 before 6.0.3, 5.2 before
5.2.12, and 4. ...)
- python-django <not-affected> (Windows-specific)
NOTE:
https://www.djangoproject.com/weblog/2026/mar/03/security-releases/
CVE-2026-3455 (Versions of the package mailparser before 3.9.3 are vulnerable
to Cros ...)
@@ -1077,9 +1217,11 @@ CVE-2026-22877 (An arbitrary file-read vulnerability
exists in XWEB Pro version
CVE-2026-22207 (OpenViking through version 0.1.18, prior to
commit0251c70,contains a b ...)
NOT-FOR-US: OpenViking
CVE-2026-22206 (SPIP versions prior to 4.4.10 contain a SQL injection
vulnerability th ...)
+ {DSA-6155-1}
- spip 4.4.10+dfsg-1
NOTE:
https://blog.spip.net/Mise-a-jour-de-securite-sortie-de-SPIP-4-4-10.html
CVE-2026-22205 (SPIP versions prior to 4.4.10 contain an authentication bypass
vulnera ...)
+ {DSA-6155-1}
- spip 4.4.10+dfsg-1
NOTE:
https://blog.spip.net/Mise-a-jour-de-securite-sortie-de-SPIP-4-4-10.html
CVE-2026-21718 (An authentication bypass vulnerability exists in Copeland XWEB
Pro ve ...)
@@ -4383,15 +4525,19 @@ CVE-2026-2243 (A flaw was found in QEMU. A specially
crafted VMDK image could tr
CVE-2026-2232 (The Product Table and List Builder for WooCommerce Lite plugin
for Wor ...)
NOT-FOR-US: WordPress plugin
CVE-2026-27475 (SPIP before 4.4.9 allows Insecure Deserialization in the
public area t ...)
+ {DSA-6155-1}
- spip 4.4.9+dfsg-1
NOTE:
https://blog.spip.net/Mise-a-jour-de-securite-sortie-de-SPIP-4-4-9.html
CVE-2026-27474 (SPIP before 4.4.9 allows Cross-Site Scripting (XSS) in the
private are ...)
+ {DSA-6155-1}
- spip 4.4.9+dfsg-1
NOTE:
https://blog.spip.net/Mise-a-jour-de-securite-sortie-de-SPIP-4-4-9.html
CVE-2026-27473 (SPIP before 4.4.9 allows Stored Cross-Site Scripting (XSS) via
syndica ...)
+ {DSA-6155-1}
- spip 4.4.9+dfsg-1
NOTE:
https://blog.spip.net/Mise-a-jour-de-securite-sortie-de-SPIP-4-4-9.html
CVE-2026-27472 (SPIP before 4.4.9 allows Blind Server-Side Request Forgery
(SSRF) via ...)
+ {DSA-6155-1}
- spip 4.4.9+dfsg-1
NOTE:
https://blog.spip.net/Mise-a-jour-de-securite-sortie-de-SPIP-4-4-9.html
CVE-2026-27094 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
@@ -4435,6 +4581,7 @@ CVE-2026-26359 (Dell Unisphere for PowerMax, version(s)
10.2, contain(s) an Exte
CVE-2026-26358 (Dell Unisphere for PowerMax, version(s) 10.2, contain(s) a
Missing Aut ...)
NOT-FOR-US: Dell / EMC
CVE-2026-26345 (SPIP before 4.4.8 contains a stored cross-site scripting (XSS)
vulnera ...)
+ {DSA-6155-1}
- spip 4.4.9+dfsg-1
NOTE:
https://blog.spip.net/Mise-a-jour-de-securite-sortie-de-SPIP-4-4-8.html
CVE-2026-26339 (Hyland Alfresco Transformation Service allows unauthenticated
attacker ...)
@@ -4457,6 +4604,7 @@ CVE-2026-26278 (fast-xml-parser allows users to validate
XML, parse XML to JS ob
CVE-2026-26267 (soroban-sdk is a Rust SDK for Soroban contracts. Prior to
versions 22. ...)
NOT-FOR-US: soroban-sdk
CVE-2026-26223 (SPIP before 4.4.8 allows cross-site scripting (XSS) in the
private are ...)
+ {DSA-6155-1}
- spip 4.4.9+dfsg-1
NOTE:
https://blog.spip.net/Mise-a-jour-de-securite-sortie-de-SPIP-4-4-8.html
CVE-2026-26205 (opa-envoy-plugun is a plugin to enforce OPA policies with
Envoy. Versi ...)
@@ -5011,7 +5159,7 @@ CVE-2026-24743 (InvoicePlane is a self-hosted open source
application for managi
NOT-FOR-US: InvoicePlane
CVE-2026-24126 (Weblate is a web based localization tool. Prior to 5.16.0, the
SSH man ...)
- weblate <itp> (bug #745661)
-CVE-2026-1999 (An incorrect authorization vulnerability was identified in
GitHub Ente ...)
+CVE-2026-1999 (A Server-Side Request Forgery (SSRF) vulnerability was
identified in G ...)
NOT-FOR-US: Github Enterprise Server
CVE-2026-1994 (The s2Member plugin for WordPress is vulnerable to privilege
escalatio ...)
NOT-FOR-US: WordPress plugin
@@ -240961,7 +241109,7 @@ CVE-2024-21499 (All versions of the package
github.com/greenpau/caddy-security a
NOT-FOR-US: caddy-security (addon for src:caddy)
CVE-2024-21498 (All versions of the package github.com/greenpau/caddy-security
are vul ...)
NOT-FOR-US: caddy-security (addon for src:caddy)
-CVE-2024-21497 (All versions of the package github.com/greenpau/caddy-security
are vul ...)
+CVE-2024-21497 (Versions of the package github.com/greenpau/caddy-security
are vulner ...)
NOT-FOR-US: caddy-security (addon for src:caddy)
CVE-2024-21496 (All versions of the package github.com/greenpau/caddy-security
are vul ...)
NOT-FOR-US: caddy-security (addon for src:caddy)
@@ -286832,8 +286980,8 @@ CVE-2023-31046 (A Path Traversal vulnerability exists
in PaperCut NG before 22.1
NOT-FOR-US: PaperCut
CVE-2023-31045 (A stored Cross-site scripting (XSS) issue in Text Editors and
Formats ...)
- backdrop <itp> (bug #914257)
-CVE-2023-31044
- RESERVED
+CVE-2023-31044 (An issue was discovered in Nokia Impact before Mobile 23_FP1.
In Impac ...)
+ TODO: check
CVE-2023-31043 (EnterpriseDB EDB Postgres Advanced Server (EPAS) before 14.6.0
logs un ...)
NOT-FOR-US: EnterpriseDB
CVE-2023-2247 (In affected versions of Octopus Deploy it is possible to unmask
variab ...)
@@ -428183,14 +428331,14 @@ CVE-2021-35488 (Thruk 2.40-2 allows
/thruk/#cgi-bin/status.cgi?style=combined&ti
NOT-FOR-US: Thruk
CVE-2021-35487 (Nokia Broadcast Message Center through 11.1.0 allows an
authenticated ...)
NOT-FOR-US: Nokia Broadcast Message Center
-CVE-2021-35486
- RESERVED
-CVE-2021-35485
- RESERVED
-CVE-2021-35484
- RESERVED
-CVE-2021-35483
- RESERVED
+CVE-2021-35486 (A Cross-Site Request Forgery (CSRF) vulnerability in Nokia
IMPACT thro ...)
+ TODO: check
+CVE-2021-35485 (The Applications component of Nokia IMPACT version through
19.11.2.10- ...)
+ TODO: check
+CVE-2021-35484 (Nokia IMPACT through 19.11.2.10-20210118042150283 allows an
authentica ...)
+ TODO: check
+CVE-2021-35483 (The Applications component of Nokia IMPACT version through
19.11.2.10- ...)
+ TODO: check
CVE-2021-35482 (An issue was discovered in Barco MirrorOp Windows Sender
before 2.5.4. ...)
NOT-FOR-US: Barco MirrorOp Windows Sender
CVE-2021-35481
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f5d8c6e5b01d712df4c847fb006804d34009afb9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f5d8c6e5b01d712df4c847fb006804d34009afb9
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
