Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1a51de08 by security tracker role at 2026-03-04T08:13:13+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,139 @@
+CVE-2026-3487 (A vulnerability was found in itsourcecode College Management
System 1. ...)
+ TODO: check
+CVE-2026-3486 (A vulnerability has been found in itsourcecode College
Management Syst ...)
+ TODO: check
+CVE-2026-3485 (A flaw has been found in D-Link DIR-868L 110b03. This affects
the func ...)
+ TODO: check
+CVE-2026-3452 (Concrete CMS below version 9.4.8 is vulnerable toRemote Code
Execution ...)
+ TODO: check
+CVE-2026-3266 (Missing Authorization vulnerability in OpenText\u2122 Filr
allows Auth ...)
+ TODO: check
+CVE-2026-3244 (In Concrete CMS below version 9.4.8, A stored cross-site
scripting (XS ...)
+ TODO: check
+CVE-2026-3242 (In Concrete CMS below version 9.4.8, a rogue administrator can
add sto ...)
+ TODO: check
+CVE-2026-3241 (In Concrete CMS below version 9.4.8, astored cross-site
scripting (XSS ...)
+ TODO: check
+CVE-2026-3240 (In Concrete CMS below version 9.4.8, auser with permission to
edit a p ...)
+ TODO: check
+CVE-2026-3224 (Authentication bypass in the Microsoft Entra ID (Azure AD)
authenticat ...)
+ TODO: check
+CVE-2026-3204 (Improper input validation in the error message page in
Devolutions Se ...)
+ TODO: check
+CVE-2026-3130 (Improper Enforcement of Behavioral Controls inDevolutions
Server 2025. ...)
+ TODO: check
+CVE-2026-3076
+ REJECTED
+CVE-2026-2994 (Concrete CMS below version 9.4.8 is subject toCSRF by a Rogue
Administ ...)
+ TODO: check
+CVE-2026-2732 (The Enable Media Replace plugin for WordPress is vulnerable to
unautho ...)
+ TODO: check
+CVE-2026-2590 (Improper enforcement of the Disable password saving in vaults
setting ...)
+ TODO: check
+CVE-2026-2363 (The WP-Members Membership Plugin plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2026-2292 (The Morkva UA Shipping plugin for WordPress is vulnerable to
Stored Cr ...)
+ TODO: check
+CVE-2026-2289 (The Taskbuilder plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
+ TODO: check
+CVE-2026-2025 (The Mail Mint WordPress plugin before 1.19.5 does not have
authorizat ...)
+ TODO: check
+CVE-2026-28778 (International Datacasting Corporation (IDC) SFX Series
SuperFlex Satel ...)
+ TODO: check
+CVE-2026-28777 (International Datacasting Corporation (IDC) SFX2100
Satellite Receiv ...)
+ TODO: check
+CVE-2026-28776 (International Datacasting Corporation (IDC) SFX Series
SuperFlex Satel ...)
+ TODO: check
+CVE-2026-28775 (An unauthenticated Remote Code Execution (RCE) vulnerability
exists in ...)
+ TODO: check
+CVE-2026-28774 (An OS Command Injection vulnerability exists in the web-based
Tracerou ...)
+ TODO: check
+CVE-2026-28773 (The web-based Ping diagnostic utility (/IDC_Ping/main.cgi) in
Internat ...)
+ TODO: check
+CVE-2026-28772 (A Reflected Cross-Site Scripting (XSS) vulnerability in the
/IDC_Loggi ...)
+ TODO: check
+CVE-2026-28771 (A Reflected Cross-Site Scripting (XSS) vulnerability exists in
the /in ...)
+ TODO: check
+CVE-2026-28770 (Improper neutralization of special elements in the
/IDC_Logging/checki ...)
+ TODO: check
+CVE-2026-28769 (A path traversal vulnerability exists in the
/IDC_Logging/checkifdone. ...)
+ TODO: check
+CVE-2026-28289 (FreeScout is a free help desk and shared inbox built with
PHP's Larave ...)
+ TODO: check
+CVE-2026-27981 (HomeBox is a home inventory and organization system. Prior to
0.24.0, ...)
+ TODO: check
+CVE-2026-27971 (Qwik is a performance focused javascript framework. qwik
<=1.19.0 is v ...)
+ TODO: check
+CVE-2026-27932 (joserfc is a Python library that provides an implementation of
several ...)
+ TODO: check
+CVE-2026-27905 (BentoML is a Python library for building online serving
systems optimi ...)
+ TODO: check
+CVE-2026-27622 (OpenEXR provides the specification and reference
implementation of the ...)
+ TODO: check
+CVE-2026-27601 (Underscore.js is a utility-belt library for JavaScript. Prior
to 1.13. ...)
+ TODO: check
+CVE-2026-27600 (HomeBox is a home inventory and organization system. Prior to
0.24.0-r ...)
+ TODO: check
+CVE-2026-27012 (OpenSTAManager is an open source management software for
technical ass ...)
+ TODO: check
+CVE-2026-26279 (Froxlor is open source server administration software. Prior
to 2.3.4, ...)
+ TODO: check
+CVE-2026-26272 (HomeBox is a home inventory and organization system. Prior to
0.24.0-r ...)
+ TODO: check
+CVE-2026-26266 (AliasVault is a privacy-first password manager with built-in
email ali ...)
+ TODO: check
+CVE-2026-25906 (Dell Optimizer, versions prior to 6.3.1, contain an Improper
Link Reso ...)
+ TODO: check
+CVE-2026-25590 (The GLPI Inventory Plugin handles network discovery,
inventory, softwa ...)
+ TODO: check
+CVE-2026-25146 (OpenEMR is a free and open source electronic health records
and medica ...)
+ TODO: check
+CVE-2026-24898 (OpenEMR is a free and open source electronic health records
and medica ...)
+ TODO: check
+CVE-2026-24848 (OpenEMR is a free and open source electronic health records
and medica ...)
+ TODO: check
+CVE-2026-24502 (Dell Command | Intel vPro Out of Band, versions prior to
4.7.0, contai ...)
+ TODO: check
+CVE-2026-24415 (OpenSTAManager is an open source management software for
technical ass ...)
+ TODO: check
+CVE-2026-21866 (Dify is an open-source LLM app development platform. Prior to
1.11.2, ...)
+ TODO: check
+CVE-2026-1980 (The WPBookit plugin for WordPress is vulnerable to unauthorized
data d ...)
+ TODO: check
+CVE-2026-1945 (The WPBookit plugin for WordPress is vulnerable to Stored
Cross-Site S ...)
+ TODO: check
+CVE-2026-1775 (The Labkotec LID-3300IP has an existing vulnerability in the
ice detec ...)
+ TODO: check
+CVE-2026-1713 (IBM MQ 9.1.0.0 through 9.1.0.33 LTS, 9.2.0.0 through 9.2.0.40
LTS, 9.3 ...)
+ TODO: check
+CVE-2026-1651 (The Email Subscribers by Icegram Express plugin for WordPress
is vulne ...)
+ TODO: check
+CVE-2026-1567 (IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 An
XML Ext ...)
+ TODO: check
+CVE-2026-1273 (The Post Grid Gutenberg Blocks for News, Magazines, Blog
Websites \u20 ...)
+ TODO: check
+CVE-2026-0869 (Authentication bypass in Brocade ASCG 3.4.0 Could allow an
unauthorize ...)
+ TODO: check
+CVE-2025-70241 (Stack buffer overflow vulnerability in D-Link DIR-513 v1.10
via the cu ...)
+ TODO: check
+CVE-2025-70240 (Stack buffer overflow vulnerability in D-Link DIR-513 v1.10
via the cu ...)
+ TODO: check
+CVE-2025-70239 (Stack buffer overflow vulnerability in D-Link DIR-513 v1.10
via the cu ...)
+ TODO: check
+CVE-2025-70237 (Stack buffer overflow vulnerability in D-Link DIR-513 v1.10
via the cu ...)
+ TODO: check
+CVE-2025-70234 (Stack buffer overflow vulnerability in D-Link DIR-513 v1.10
via the cu ...)
+ TODO: check
+CVE-2025-14480 (IBM Aspera faspio Gateway 1.3.6 uses weaker than expected
cryptographi ...)
+ TODO: check
+CVE-2025-14456 (IBM MQ Appliance 9.4 CD through 9.4.4.0 to 9.4.4.1)
+ TODO: check
+CVE-2025-13688 (IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could
allow an ...)
+ TODO: check
+CVE-2025-13687 (IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could
allow an ...)
+ TODO: check
+CVE-2025-13686 (IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could
allow an ...)
+ TODO: check
CVE-2026-3494 (In MariaDB server version through 11.8.5, when server audit
plugin is ...)
NOT-FOR-US: Amazon
CVE-2026-3484 (A vulnerability was detected in PhialsBasement nmap-mcp-server
up to b ...)
@@ -123,7 +259,7 @@ CVE-2025-13734 (IBM Engineering Requirements Management
DOORS Next 7.1, and 7.2
NOT-FOR-US: IBM
CVE-2025-13616 (IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0
returns sensit ...)
NOT-FOR-US: IBM
-CVE-2025-13490 (p.p1 {margin: 0.0px 0.0px 12.0px 0.0px; font: 15.0px
'Helvetica Neue'; ...)
+CVE-2025-13490 (IBM App Connect Operator versions CD 11.3.0 through 11.6.0 and
12.1.0 ...)
NOT-FOR-US: IBM
CVE-2024-55027 (Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was
discovered to st ...)
TODO: check
@@ -3445,6 +3581,7 @@ CVE-2026-2492 (TensorFlow HDF5 Library Uncontrolled
Search Path Element Local Pr
CVE-2026-2490 (RustDesk Client for Windows Transfer File Link Following
Information D ...)
NOT-FOR-US: RustDesk Client for Windows
CVE-2026-2048 (GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution
Vulner ...)
+ {DSA-6156-1}
- gimp 3.2.0~RC3-1 (bug #1128606)
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-26-121/
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/15554
@@ -3463,6 +3600,7 @@ CVE-2026-2047 (GIMP ICNS File Parsing Heap-based Buffer
Overflow Remote Code Exe
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/gimp/-/commit/5873e16f80cf4152d25a4c86b08553008a331e90
(GIMP_3_0_8)
NOTE: Introduced by:
https://gitlab.gnome.org/GNOME/gimp/-/commit/00232e17875d4676a2c797a429db23b1a9815db8
(GIMP_2_99_14)
CVE-2026-2045 (GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution
Vulner ...)
+ {DSA-6156-1}
- gimp 3.2.0~RC3-1 (bug #1128604)
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-26-119/
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/15293
@@ -3470,6 +3608,7 @@ CVE-2026-2045 (GIMP XWD File Parsing Out-Of-Bounds Write
Remote Code Execution V
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/gimp/-/commit/68b27dfb1cbd9b3f22d7fa624dbab8647ee5f275
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/gimp/-/commit/bb896f67942557658b3fbfc67a1c073775c002c7
(GIMP_3_0_8)
CVE-2026-2044 (GIMP PGM File Parsing Uninitialized Memory Remote Code
Execution Vulne ...)
+ {DSA-6156-1}
- gimp 3.2.0~RC2-1
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-26-118/
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/15287
@@ -3651,6 +3790,7 @@ CVE-2026-25896 (fast-xml-parser allows users to validate
XML, parse XML to JS ob
CVE-2026-24892 (openITCOCKPIT is an open source monitoring tool built for
different mo ...)
NOT-FOR-US: openITCOCKPIT
CVE-2026-0797 (GIMP ICO File Parsing Heap-based Buffer Overflow Remote Code
Execution ...)
+ {DSA-6156-1}
- gimp 3.2.0~RC3-1 (bug #1128601)
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-26-050/
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/15555
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a51de088cdcee1ec4173019837814832295e037
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a51de088cdcee1ec4173019837814832295e037
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
