Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
df64ae9d by security tracker role at 2026-03-04T20:13:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,30 +1,326 @@
-CVE-2026-23238 [romfs: check sb_set_blocksize() return value]
+CVE-2026-3545 (Insufficient data validation in Navigation in Google Chrome
prior to 1 ...)
+ TODO: check
+CVE-2026-3544 (Heap buffer overflow in WebCodecs in Google Chrome prior to
145.0.7632 ...)
+ TODO: check
+CVE-2026-3543 (Inappropriate implementation in V8 in Google Chrome prior to
145.0.763 ...)
+ TODO: check
+CVE-2026-3542 (Inappropriate implementation in WebAssembly in Google Chrome
prior to ...)
+ TODO: check
+CVE-2026-3541 (Inappropriate implementation in CSS in Google Chrome prior to
145.0.76 ...)
+ TODO: check
+CVE-2026-3540 (Inappropriate implementation in WebAudio in Google Chrome prior
to 145 ...)
+ TODO: check
+CVE-2026-3539 (Object lifecycle issue in DevTools in Google Chrome prior to
145.0.763 ...)
+ TODO: check
+CVE-2026-3538 (Integer overflow in Skia in Google Chrome prior to
145.0.7632.159 allo ...)
+ TODO: check
+CVE-2026-3537 (Object lifecycle issue in PowerVR in Google Chrome on Android
prior to ...)
+ TODO: check
+CVE-2026-3536 (Integer overflow in ANGLE in Google Chrome prior to
145.0.7632.159 all ...)
+ TODO: check
+CVE-2026-3520 (Multer is a node.js middleware for handling
`multipart/form-data`. A v ...)
+ TODO: check
+CVE-2026-3439 (A post-authentication Stack-based Buffer Overflow vulnerability
in Son ...)
+ TODO: check
+CVE-2026-3125 (A Server-Side Request Forgery (SSRF) vulnerability was
identified in t ...)
+ TODO: check
+CVE-2026-3103 (A logic error in the remove_password() function in Checkmk
GmbH's Chec ...)
+ TODO: check
+CVE-2026-3094 (Delta Electronics CNCSoft-G2lacks proper validation of the
user-suppli ...)
+ TODO: check
+CVE-2026-3058 (The Seraphinite Accelerator plugin for WordPress is vulnerable
to Sens ...)
+ TODO: check
+CVE-2026-3056 (The Seraphinite Accelerator plugin for WordPress is vulnerable
to unau ...)
+ TODO: check
+CVE-2026-2748 (SEPPmail Secure Email Gateway before version 15.0.1 improperly
validat ...)
+ TODO: check
+CVE-2026-2747 (SEPPmail Secure Email Gateway before version 15.0.1 decrypts
inline PG ...)
+ TODO: check
+CVE-2026-2746 (SEPPmail Secure Email Gateway before version 15.0.1 does not
properly ...)
+ TODO: check
+CVE-2026-2355 (The My Calendar \u2013 Accessible Event Manager plugin for
WordPress i ...)
+ TODO: check
+CVE-2026-29120 (The /root/anaconda-ks.cfg installation configuration file in
Internati ...)
+ TODO: check
+CVE-2026-29119 (International Datacasting Corporation (IDC) SFX Series
SuperFlex(SFX21 ...)
+ TODO: check
+CVE-2026-29069 (Craft is a content management system (CMS). Prior to
5.9.0-beta.2 and ...)
+ TODO: check
+CVE-2026-28784 (Craft is a content management system (CMS). Prior to 5.8.22
and 4.16.1 ...)
+ TODO: check
+CVE-2026-28783 (Craft is a content management system (CMS). Prior to
5.9.0-beta.1 and ...)
+ TODO: check
+CVE-2026-28782 (Craft is a content management system (CMS). Prior to
5.9.0-beta.1 and ...)
+ TODO: check
+CVE-2026-28781 (Craft is a content management system (CMS). Prior to
4.17.0-beta.1 and ...)
+ TODO: check
+CVE-2026-28697 (Craft is a content management system (CMS). Prior to
4.17.0-beta.1 and ...)
+ TODO: check
+CVE-2026-28696 (Craft is a content management system (CMS). Prior to
4.17.0-beta.1 and ...)
+ TODO: check
+CVE-2026-28695 (Craft is a content management system (CMS). There is an
authenticated ...)
+ TODO: check
+CVE-2026-28435 (cpp-httplib is a C++11 single-file header-only cross platform
HTTP/HTT ...)
+ TODO: check
+CVE-2026-28434 (cpp-httplib is a C++11 single-file header-only cross platform
HTTP/HTT ...)
+ TODO: check
+CVE-2026-28427 (OpenDeck is Linux software for your Elgato Stream Deck. Prior
to 2.8.1 ...)
+ TODO: check
+CVE-2026-27446 (Missing Authentication for Critical Function (CWE-306)
vulnerability i ...)
+ TODO: check
+CVE-2026-27445 (SEPPmail Secure Email Gateway before version 15.0.1 does not
properly ...)
+ TODO: check
+CVE-2026-27444 (SEPPmail Secure Email Gateway before version 15.0.1
incorrectly interp ...)
+ TODO: check
+CVE-2026-27443 (SEPPmail Secure Email Gateway before version 15.0.1 does not
properly ...)
+ TODO: check
+CVE-2026-27442 (The GINA web interface in SEPPmail Secure Email Gateway before
version ...)
+ TODO: check
+CVE-2026-27441 (SEPPmail Secure Email Gateway before version 15.0.1
insufficiently neu ...)
+ TODO: check
+CVE-2026-26949 (Dell Device Management Agent (DDMA), versions prior to 26.02,
contain ...)
+ TODO: check
+CVE-2026-26673 (An issue in DJI Mavic Mini, Spark, Mavic Air, Mini, Mini SE
0.1.00.050 ...)
+ TODO: check
+CVE-2026-26514 (An Argument Injection vulnerability exists in bird-lg-go
before commit ...)
+ TODO: check
+CVE-2026-26478 (A shell command injection vulnerability in Mobvoi Tichome Mini
smart s ...)
+ TODO: check
+CVE-2026-25907 (Dell PowerScale OneFS, version 9.13.0.0, contains an overly
restrictiv ...)
+ TODO: check
+CVE-2026-24732 (Files or Directories Accessible to External Parties, Incorrect
Permiss ...)
+ TODO: check
+CVE-2026-23812 (A vulnerability has been identified where an attacker
connecting to an ...)
+ TODO: check
+CVE-2026-23811 (A vulnerability in the client isolation mechanism may allow an
attacke ...)
+ TODO: check
+CVE-2026-23810 (A vulnerability in the packet processing logic may allow an
authentica ...)
+ TODO: check
+CVE-2026-23809 (A technique has been identified that adapts a known
port-stealing meth ...)
+ TODO: check
+CVE-2026-23808 (A vulnerability has been identified in a standardized wireless
roaming ...)
+ TODO: check
+CVE-2026-23601 (A vulnerability has been identified in the wireless encryption
handlin ...)
+ TODO: check
+CVE-2026-22760 (Dell Device Management Agent (DDMA), versions prior to 26.02,
contain ...)
+ TODO: check
+CVE-2026-22285 (Dell Device Management Agent (DDMA), versions prior to 26.02,
contain ...)
+ TODO: check
+CVE-2026-22270 (Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions
9.11.0. ...)
+ TODO: check
+CVE-2026-21426 (Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions
9.11.0. ...)
+ TODO: check
+CVE-2026-21425 (Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions
9.11.0. ...)
+ TODO: check
+CVE-2026-21424 (Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions
9.11.0. ...)
+ TODO: check
+CVE-2026-21423 (Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions
9.11.0. ...)
+ TODO: check
+CVE-2026-21422 (Dell PowerScale OneFS, versions 9.10.0.0 through 9.10.1.5 and
versions ...)
+ TODO: check
+CVE-2026-21421 (Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions
9.11.0. ...)
+ TODO: check
+CVE-2026-20149 (A vulnerability in Cisco Webex could have allowed an
unauthenticated, ...)
+ TODO: check
+CVE-2026-20131 (A vulnerability in the web-based management interface of Cisco
Secure ...)
+ TODO: check
+CVE-2026-20106 (A vulnerability in the Remote Access SSL VPN, HTTP management
and MUS ...)
+ TODO: check
+CVE-2026-20105 (A vulnerability in the Remote Access SSL VPN functionality of
Cisco Se ...)
+ TODO: check
+CVE-2026-20103 (A vulnerability in the Remote Access SSL VPN functionality of
Cisco Se ...)
+ TODO: check
+CVE-2026-20102 (A vulnerability in the SAML 2.0 single sign-on (SSO) feature
of Cisco ...)
+ TODO: check
+CVE-2026-20101 (A vulnerability in the SAML 2.0 single sign-on (SSO) feature
of Cisco ...)
+ TODO: check
+CVE-2026-20100 (A vulnerability in the LUA interperter of the Remote Access
SSL VPN fe ...)
+ TODO: check
+CVE-2026-20082 (A vulnerability in the handling of the embryonic connection
limits in ...)
+ TODO: check
+CVE-2026-20079 (A vulnerability in the web interface of Cisco Secure Firewall
Manageme ...)
+ TODO: check
+CVE-2026-20073 (A vulnerability in Cisco Secure Firewall Adaptive Security
Appliance ( ...)
+ TODO: check
+CVE-2026-20070 (A vulnerability in the VPN web services component of Cisco
Secure Fire ...)
+ TODO: check
+CVE-2026-20069 (A vulnerability in the VPN web services component of Cisco
Secure Fire ...)
+ TODO: check
+CVE-2026-20068 (Multiple Cisco products are affected by a vulnerability in the
Snort 3 ...)
+ TODO: check
+CVE-2026-20067 (Multiple Cisco products are affected by a vulnerability in the
Snort 3 ...)
+ TODO: check
+CVE-2026-20066 (Multiple Cisco products are affected by a vulnerability in the
Snort 3 ...)
+ TODO: check
+CVE-2026-20065 (Multiple Cisco products are affected by a vulnerability in the
Snort 3 ...)
+ TODO: check
+CVE-2026-20064 (A vulnerability in of Cisco Secure Firewall Threat Defense
(FTD) Softw ...)
+ TODO: check
+CVE-2026-20063 (A vulnerability in the CLI of Cisco Secure FTD Software could
allow an ...)
+ TODO: check
+CVE-2026-20062 (A vulnerability in the CLI of Cisco Secure Firewall Adaptive
Security ...)
+ TODO: check
+CVE-2026-20058 (Multiple Cisco products are affected by vulnerabilities in the
Snort 3 ...)
+ TODO: check
+CVE-2026-20057 (Multiple Cisco products are affected by a vulnerability in the
Snort 3 ...)
+ TODO: check
+CVE-2026-20054 (Multiple Cisco products are affected by a vulnerability in the
Snort 3 ...)
+ TODO: check
+CVE-2026-20053 (Multiple Cisco products are affected by a vulnerability in the
Snort 3 ...)
+ TODO: check
+CVE-2026-20052 (A vulnerability in the memory management handling for the
Snort 3 Dete ...)
+ TODO: check
+CVE-2026-20050 (A vulnerability in the Do Not Decrypt exclusion feature of the
SSL dec ...)
+ TODO: check
+CVE-2026-20049 (A vulnerability in the processing of Galois/Counter Mode
(GCM)-encrypt ...)
+ TODO: check
+CVE-2026-20044 (A vulnerability in the lockdown mechanism of Cisco Secure
Firewall Man ...)
+ TODO: check
+CVE-2026-20039 (A vulnerability in the VPN web server of Cisco Secure Firewall
Adaptiv ...)
+ TODO: check
+CVE-2026-20031 (A vulnerability in the HTML Cascading Style Sheets (CSS)
module of Cla ...)
+ TODO: check
+CVE-2026-20025 (A vulnerability in the OSPF protocol of Cisco Secure Firewall
ASA Soft ...)
+ TODO: check
+CVE-2026-20024 (A vulnerability in the OSPF protocol of Cisco Secure Firewall
ASA Soft ...)
+ TODO: check
+CVE-2026-20023 (A vulnerability in the OSPF protocol of Cisco Secure Firewall
Adaptive ...)
+ TODO: check
+CVE-2026-20022 (A vulnerability in the OSPF protocol of Cisco Secure Firewall
ASA Soft ...)
+ TODO: check
+CVE-2026-20021 (A vulnerability in the OSPF protocol of Cisco Secure Firewall
Adaptive ...)
+ TODO: check
+CVE-2026-20020 (A vulnerability in the OSPF protocol of Cisco Secure Firewall
ASA Soft ...)
+ TODO: check
+CVE-2026-20018 (A vulnerability in the sftunnel functionality of Cisco Secure
Firewall ...)
+ TODO: check
+CVE-2026-20017 (A vulnerability in the CLI of Cisco Secure FTD Software could
allow an ...)
+ TODO: check
+CVE-2026-20016 (A vulnerability in the Cisco FXOS Software CLI feature for
Cisco Secur ...)
+ TODO: check
+CVE-2026-20015 (A vulnerability in the IKEv2 feature of Cisco Secure Firewall
ASA Soft ...)
+ TODO: check
+CVE-2026-20014 (A vulnerability in the IKEv2 feature of Cisco Secure Firewall
ASA Soft ...)
+ TODO: check
+CVE-2026-20013 (A vulnerability in the IKEv2 feature of Cisco Secure Firewall
ASA Soft ...)
+ TODO: check
+CVE-2026-20009 (A vulnerability in the implementation of the proprietary SSH
stack wit ...)
+ TODO: check
+CVE-2026-20008 (A vulnerability in a small subset of CLI commands that are
used on Cis ...)
+ TODO: check
+CVE-2026-20007 (A vulnerability in the Snort 2 and Snort 3 deep packet
inspection of C ...)
+ TODO: check
+CVE-2026-20006 (A vulnerability in the TLS cryptography functionality of the
Snort 3 D ...)
+ TODO: check
+CVE-2026-20005 (Multiple Cisco products are affected by a vulnerability in the
Snort 3 ...)
+ TODO: check
+CVE-2026-20003 (A vulnerability in the REST API of Cisco Secure FMC Software
could all ...)
+ TODO: check
+CVE-2026-20002 (A vulnerability in the web-based management interface of Cisco
Secure ...)
+ TODO: check
+CVE-2026-20001 (A vulnerability in the REST API of Cisco Secure FMC Software
could all ...)
+ TODO: check
+CVE-2026-1706 (The All-in-One Video Gallery plugin for WordPress is vulnerable
to Ref ...)
+ TODO: check
+CVE-2026-1674 (The Gutena Forms \u2013 Contact Form, Survey Form, Feedback
Form, Book ...)
+ TODO: check
+CVE-2026-1236 (The Envira Gallery for WordPress plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2026-0847 (A vulnerability in NLTK versions up to and including 3.9.2
allows arbi ...)
+ TODO: check
+CVE-2025-70342 (erase-install prior to v40.4 commit 2c31239 writes swiftDialog
credent ...)
+ TODO: check
+CVE-2025-70341 (Insecure permissions in App-Auto-Patch v3.4.2 create a race
condition ...)
+ TODO: check
+CVE-2025-70226 (Stack buffer overflow vulnerability in D-Link DIR-513 v1.10
via the cu ...)
+ TODO: check
+CVE-2025-70223 (Stack buffer overflow vulnerability in D-Link DIR-513 v1.10
via the cu ...)
+ TODO: check
+CVE-2025-70220 (Stack buffer overflow vulnerability in D-Link DIR-513 v1.10
via the cu ...)
+ TODO: check
+CVE-2025-70219 (Stack buffer overflow vulnerability in D-Link DIR-513 v1.10
via the go ...)
+ TODO: check
+CVE-2025-70218 (Stack buffer overflow vulnerability in D-Link DIR-513 v1.10
via POST t ...)
+ TODO: check
+CVE-2025-69969 (A lack of authentication and authorization mechanisms in the
Bluetooth ...)
+ TODO: check
+CVE-2025-66944 (SQL Injection vulnerability in vran-dev databaseir v.1.0.7 and
before ...)
+ TODO: check
+CVE-2025-66678 (An issue in the HwRwDrv.sys component of Nil Hardware Editor
Hardware ...)
+ TODO: check
+CVE-2025-66168 (Apache ActiveMQ does not properly validate the remaining
length field ...)
+ TODO: check
+CVE-2025-62879 (A vulnerability has been identified within the Rancher Backup
Operator ...)
+ TODO: check
+CVE-2025-59787 (2N Access Commander application version 3.4.2 and prior
returns HTTP 5 ...)
+ TODO: check
+CVE-2025-59786 (2N Access Commander version 3.4.2 and prior improperly
invalidates ses ...)
+ TODO: check
+CVE-2025-59785 (Improper validation of API end-point in 2N Access Commander
version 3. ...)
+ TODO: check
+CVE-2025-59784 (2N Access Commander version 3.4.1 and prior is vulnerable to
log pollu ...)
+ TODO: check
+CVE-2025-59783 (API endpoint for user synchronization in 2N Access Commander
version 3 ...)
+ TODO: check
+CVE-2025-40896 (The server certificate was not verified when an Arc agent
connected to ...)
+ TODO: check
+CVE-2025-40895 (A Stored HTML Injection vulnerability was discovered in the
CMC's Sens ...)
+ TODO: check
+CVE-2025-40894 (A Stored HTML Injection vulnerability was discovered in the
Alerted No ...)
+ TODO: check
+CVE-2025-15558 (Docker CLI for Windows searches for plugin binaries in
C:\ProgramData\ ...)
+ TODO: check
+CVE-2025-12801 (A vulnerability was recently discovered in the rpc.mountd
daemon in th ...)
+ TODO: check
+CVE-2023-7337 (The JS Help Desk \u2013 AI-Powered Support & Ticketing System
plugin f ...)
+ TODO: check
+CVE-2019-25507 (Ashop Shopping Cart Software contains an SQL injection
vulnerability t ...)
+ TODO: check
+CVE-2019-25506 (FreeSMS 2.1.2 contains a boolean-based blind SQL injection
vulnerabili ...)
+ TODO: check
+CVE-2019-25505 (Tradebox 5.4 contains an SQL injection vulnerability that
allows authe ...)
+ TODO: check
+CVE-2019-25504 (NCrypted Jobgator contains an SQL injection vulnerability that
allows ...)
+ TODO: check
+CVE-2019-25503 (PHPads 2.0 contains an SQL injection vulnerability that allows
unauthe ...)
+ TODO: check
+CVE-2019-25502 (Simple Job Script contains a cross-site scripting
vulnerability that a ...)
+ TODO: check
+CVE-2019-25501 (Simple Job Script contains an SQL injection vulnerability that
allows ...)
+ TODO: check
+CVE-2019-25500 (Simple Job Script contains an SQL injection vulnerability that
allows ...)
+ TODO: check
+CVE-2019-25499 (Simple Job Script contains an SQL injection vulnerability that
allows ...)
+ TODO: check
+CVE-2019-25498 (Simple Job Script contains an SQL injection vulnerability that
allows ...)
+ TODO: check
+CVE-2026-23238 (In the Linux kernel, the following vulnerability has been
resolved: r ...)
- linux 6.18.13-1
NOTE:
https://git.kernel.org/linus/ab7ad7abb3660c58ffffdf07ff3bb976e7e0afa0 (6.19-rc8)
-CVE-2026-23237 [platform/x86: classmate-laptop: Add missing NULL pointer
checks]
+CVE-2026-23237 (In the Linux kernel, the following vulnerability has been
resolved: p ...)
- linux 6.18.13-1
NOTE:
https://git.kernel.org/linus/fe747d7112283f47169e9c16e751179a9b38611e (6.19)
-CVE-2026-23232 [Revert "f2fs: block cache/dio write during
f2fs_enable_checkpoint()"]
+CVE-2026-23232 (In the Linux kernel, the following vulnerability has been
resolved: R ...)
- linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/3996b70209f145bfcf2afc7d05dd92c27b233b48 (7.0-rc1)
-CVE-2026-23236 [fbdev: smscufx: properly copy ioctl memory to kernelspace]
+CVE-2026-23236 (In the Linux kernel, the following vulnerability has been
resolved: f ...)
- linux 6.18.13-1
NOTE:
https://git.kernel.org/linus/120adae7b42faa641179270c067864544a50ab69 (7.0-rc1)
-CVE-2026-23235 [f2fs: fix out-of-bounds access in sysfs attribute read/write]
+CVE-2026-23235 (In the Linux kernel, the following vulnerability has been
resolved: f ...)
- linux 6.18.13-1
NOTE:
https://git.kernel.org/linus/98ea0039dbfdd00e5cc1b9a8afa40434476c0955 (7.0-rc1)
-CVE-2026-23234 [f2fs: fix to avoid UAF in f2fs_write_end_io()]
+CVE-2026-23234 (In the Linux kernel, the following vulnerability has been
resolved: f ...)
- linux 6.18.13-1
NOTE:
https://git.kernel.org/linus/ce2739e482bce8d2c014d76c4531c877f382aa54 (7.0-rc1)
-CVE-2026-23233 [f2fs: fix to avoid mapping wrong physical block for swapfile]
+CVE-2026-23233 (In the Linux kernel, the following vulnerability has been
resolved: f ...)
- linux 6.18.13-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/5c145c03188bc9ba1c29e0bc4d527a5978fc47f9 (7.0-rc1)
-CVE-2025-71238 [scsi: qla2xxx: Fix bsg_done() causing double free]
+CVE-2025-71238 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
- linux 6.18.13-1
NOTE:
https://git.kernel.org/linus/c2c68225b1456f4d0d393b5a8778d51bb0d5b1d0 (7.0-rc1)
-CVE-2026-23231 [netfilter: nf_tables: fix use-after-free in
nf_tables_addchain()]
+CVE-2026-23231 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.18.14-1
NOTE:
https://git.kernel.org/linus/71e99ee20fc3f662555118cf1159443250647533 (7.0-rc1)
CVE-2026-3487 (A vulnerability was found in itsourcecode College Management
System 1. ...)
@@ -48928,7 +49224,7 @@ CVE-2025-60805 (An issue was discovered in BESSystem
BES Application Server thru
NOT-FOR-US: BESSystem BES Application Server
CVE-2025-60800 (Incorrect access control in the /jshERP-boot/user/info
interface of js ...)
NOT-FOR-US: jshERP
-CVE-2025-60355 (zhangyd-c OneBlog before 2.3.9 was vulnerable to SSTI
(Server-Side Tem ...)
+CVE-2025-60355 (zhangyd-c OneBlog v2.3.9 and before was vulnerable to SSTI
(Server-Sid ...)
NOT-FOR-US: zhangyd-c OneBlog
CVE-2025-60354 (Unauthorized modification of arbitrary articles vulnerability
exists i ...)
NOT-FOR-US: blog-vue-springboot
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df64ae9d0ce3ae7fd0eca88f0f9120d0f037f446
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df64ae9d0ce3ae7fd0eca88f0f9120d0f037f446
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
