Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
308b959d by security tracker role at 2026-05-16T19:16:25+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,88 @@
-CVE-2026-46719
+CVE-2025-4202 (The Multicollab: Content Team Collaboration and Editorial
Workflow plu ...)
+ TODO: check
+CVE-2021-47981 (Quick.CMS 6.7 contains a cross-site scripting vulnerability in
the sli ...)
+ TODO: check
+CVE-2021-47980 (Fuel CMS 1.4.13 contains a blind SQL injection vulnerability
that allo ...)
+ TODO: check
+CVE-2021-47979 (WordPress Plugin Backup and Restore 1.0.3 contains an
arbitrary file d ...)
+ TODO: check
+CVE-2021-47978 (ProcessMaker 3.5.4 contains a local file inclusion
vulnerability that ...)
+ TODO: check
+CVE-2021-47977 (WordPress Plugin Anti-Malware Security and Bruteforce Firewall
4.20.59 ...)
+ TODO: check
+CVE-2021-47976 (TextPattern CMS 4.9.0-dev contains a remote code execution
vulnerabili ...)
+ TODO: check
+CVE-2021-47975 (WP Learn Manager 1.1.2 contains a stored cross-site scripting
vulnerab ...)
+ TODO: check
+CVE-2021-47974 (VX Search 13.5.28 contains an unquoted service path
vulnerability in b ...)
+ TODO: check
+CVE-2021-47973 (Sticky Notes Widget 3.0.6 contains a denial of service
vulnerability t ...)
+ TODO: check
+CVE-2021-47972 (Sticky Notes & Color Widgets 1.4.2 contains a denial of
service vulner ...)
+ TODO: check
+CVE-2021-47971 (My Notes Safe 5.3 contains a denial of service vulnerability
that allo ...)
+ TODO: check
+CVE-2021-47970 (Macaron Notes 5.5 contains a denial of service vulnerability
that allo ...)
+ TODO: check
+CVE-2021-47969 (Color Notes 1.4 contains a denial of service vulnerability
that allows ...)
+ TODO: check
+CVE-2021-47957 (Cookie Law Bar 1.2.1 contains a stored cross-site scripting
vulnerabil ...)
+ TODO: check
+CVE-2021-47956 (EgavilanMedia PHPCRUD 1.0 contains an SQL injection
vulnerability that ...)
+ TODO: check
+CVE-2021-47955 (CouchCMS 2.2.1 contains a cross-site scripting vulnerability
that allo ...)
+ TODO: check
+CVE-2021-47954 (LayerBB 1.1.4 contains an SQL injection vulnerability that
allows unau ...)
+ TODO: check
+CVE-2021-47952 (python jsonpickle 2.0.0 contains a remote code execution
vulnerability ...)
+ TODO: check
+CVE-2021-47942 (Home Assistant Community Store (HACS) 1.10.0 contains a path
traversal ...)
+ TODO: check
+CVE-2021-47934 (MyBB Timeline Plugin 1.0 contains cross-site scripting
vulnerabilities ...)
+ TODO: check
+CVE-2020-37247 (Kite 4.2.0.1 U1 contains an unquoted service path
vulnerability in the ...)
+ TODO: check
+CVE-2020-37246 (Supsystic Backup 2.3.9 contains a local file inclusion
vulnerability t ...)
+ TODO: check
+CVE-2020-37245 (Supsystic Digital Publications 1.6.9 contains a path traversal
vulnera ...)
+ TODO: check
+CVE-2020-37244 (Supsystic Membership 1.4.7 contains an SQL injection
vulnerability tha ...)
+ TODO: check
+CVE-2020-37243 (Supsystic Pricing Table 1.8.7 contains an SQL injection
vulnerability ...)
+ TODO: check
+CVE-2020-37242 (Supsystic Ultimate Maps 1.1.12 contains an SQL injection
vulnerability ...)
+ TODO: check
+CVE-2020-37241 (bloofoxCMS 0.5.2.1 contains a cross-site request forgery
vulnerability ...)
+ TODO: check
+CVE-2020-37240 (Queue Management System 4.0.0 contains a stored cross-site
scripting v ...)
+ TODO: check
+CVE-2020-37239 (libbabl 0.1.62 contains a broken double free detection
vulnerability t ...)
+ TODO: check
+CVE-2020-37238 (CMS Made Simple 2.2.15 contains a stored cross-site scripting
vulnerab ...)
+ TODO: check
+CVE-2020-37237 (Composr CMS 10.0.34 contains a persistent cross-site scripting
vulnera ...)
+ TODO: check
+CVE-2020-37236 (NewsLister contains an authenticated persistent cross-site
scripting v ...)
+ TODO: check
+CVE-2020-37235 (WordPress Theme Wibar 1.1.8 contains a stored cross-site
scripting vul ...)
+ TODO: check
+CVE-2020-37234 (Internet Download Manager 6.38.12 contains a buffer overflow
vulnerabi ...)
+ TODO: check
+CVE-2020-37233 (WordPress Plugin Buddypress 6.2.0 contains a persistent
cross-site scr ...)
+ TODO: check
+CVE-2020-37232 (Advanced System Care Service 13.0.0.157 contains an unquoted
service p ...)
+ TODO: check
+CVE-2020-37231 (Privacy Drive 3.17.0 contains an unquoted service path
vulnerability i ...)
+ TODO: check
+CVE-2020-37230 (Syncplify.me Server! 5.0.37 contains an unquoted service path
vulnerab ...)
+ TODO: check
+CVE-2020-37229 (OKI sPSV Port Manager 1.0.41 contains an unquoted service path
vulnera ...)
+ TODO: check
+CVE-2020-37228 (iDS6 DSSPro Digital Signage System 6.2 contains a CAPTCHA
security byp ...)
+ TODO: check
+CVE-2020-37227 (HS Brand Logo Slider 2.1 contains an unrestricted file upload
vulnerab ...)
+ TODO: check
+CVE-2026-46719 (Net::Statsd::Lite versions before 0.9.0 for Perl allowed
metric inject ...)
NOT-FOR-US: Net::Statsd::Lite Perl module
CVE-2026-8696 (radare2 6.1.5 contains a use-after-free vulnerability in the
gdbr_pids ...)
- radare2 <unfixed> (bug #1136830)
@@ -374,7 +458,7 @@ CVE-2026-8669 (Imager versions through 1.030 for Perl allow
a heap out of bounds
NOTE: Imager embbeds the Imager::File::GIF code and syncs the fix:
NOTE: Fixed by:
https://github.com/tonycoz/imager/commit/782e9c06cc75a0f7eed383f39522f51f44598b04
(v1.031)
CVE-2026-46333 (In the Linux kernel, the following vulnerability has been
resolved: p ...)
- {DSA-6275-1 DSA-6274-1}
+ {DSA-6275-1 DSA-6274-1 DLA-4588-1 DLA-4587-1}
- linux 7.0.7-1
NOTE:
https://github.com/torvalds/linux/commit/31e62c2ebbfdc3fe3dbdf5e02c92a9dc67087a3a
NOTE: https://www.openwall.com/lists/oss-security/2026/05/15/2
@@ -2089,6 +2173,7 @@ CVE-2020-37168 (Ecommerce Systempay 1.0 contains a weak
cryptographic implementa
CVE-2026-8500 (Web::Passwd versions through 0.03 for Perl is vulnerable to
RCE. Web: ...)
NOT-FOR-US: Web::Passwd Perl module
CVE-2026-42945 (NGINX Plus and NGINX Open Source have a vulnerability in the
ngx_http_ ...)
+ {DSA-6278-1}
- nginx 1.30.0-3
NOTE: https://www.openwall.com/lists/oss-security/2026/05/13/7
NOTE:
https://depthfirst.com/research/nginx-rift-achieving-nginx-rce-via-an-18-year-old-vulnerability
@@ -2096,6 +2181,7 @@ CVE-2026-42945 (NGINX Plus and NGINX Open Source have a
vulnerability in the ngx
NOTE: https://nginx.org/en/security_advisories.html
NOTE:
https://github.com/nginx/nginx/commit/524977e7c534e87e5b55739fa74601c9f1102686
(release-1.30.1)
CVE-2026-42946 (A vulnerability exists in the ngx_http_scgi_moduleand
ngx_http_uwsgi_m ...)
+ {DSA-6278-1}
- nginx 1.30.0-4
NOTE: https://my.f5.com/manage/s/article/K000161027
NOTE: https://nginx.org/en/security_advisories.html
@@ -2119,11 +2205,13 @@ CVE-2026-42926 (When NGINX Open Source is configured to
proxy HTTP/2 traffic by
NOTE:
https://github.com/nginx/nginx/commit/ce3362cfd5c3e1434a6151cfa585b89114389da7
(release-1.30.1)
NOTE:
https://github.com/nginx/nginx/commit/a0e742944db64d8a547cc2e7a0ba4c2e85cd4b98
(release-1.30.1)
CVE-2026-40701 (NGINX Plus and NGINX Open Source have a vulnerability in the
ngx_http_ ...)
+ {DSA-6278-1}
- nginx 1.30.0-4
NOTE: https://my.f5.com/manage/s/article/K000161021
NOTE: https://nginx.org/en/security_advisories.html
NOTE:
https://github.com/nginx/nginx/commit/d2b8d47741820c9fb134c6731ecb40b21f3085b1
(release-1.30.1)
CVE-2026-42934 (NGINX Plus and NGINX Open Source have a vulnerability in the
ngx_http_ ...)
+ {DSA-6278-1}
- nginx 1.30.0-4
NOTE: https://my.f5.com/manage/s/article/K000161028
NOTE: https://nginx.org/en/security_advisories.html
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/308b959df8ac74a8709ca1e91bbac376f351fd0e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/308b959df8ac74a8709ca1e91bbac376f351fd0e
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
