Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3e45e440 by security tracker role at 2026-06-15T19:13:32+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,145 @@
+CVE-2026-9863 (Fortra BoKS Manager contains an OS command injection
vulnerability in ...)
+ TODO: check
+CVE-2026-9862 (Fortra's Core Privileged Access Manager (BoKS)contains an OS
command i ...)
+ TODO: check
+CVE-2026-9595 (Impact: When a user-configured proxy on webpack-dev-server has
a broad ...)
+ TODO: check
+CVE-2026-9278 (The Form Builder CP WordPress plugin before 1.2.47 does not
properly s ...)
+ TODO: check
+CVE-2026-8935 (The WP MAPS PRO WordPress plugin before 6.1.1 registers an
unauthentic ...)
+ TODO: check
+CVE-2026-8683 (Mattermost Desktop App versions <=6.1 5.5.13.0 fail to account
for att ...)
+ TODO: check
+CVE-2026-8386 (The WP Go Maps WordPress plugin before 10.0.10 does not
perform any a ...)
+ TODO: check
+CVE-2026-8385 (The WP Go Maps WordPress plugin before 10.0.10 does not
properly enfo ...)
+ TODO: check
+CVE-2026-8358 (LibreOffice Calc can import tracked changes from a spreadsheet
documen ...)
+ TODO: check
+CVE-2026-8357 (LibreOffice Calc compiles cell formulas when opening a
spreadsheet. A ...)
+ TODO: check
+CVE-2026-8356 (LibreOffice can import presentations in the legacy binary PPT
format. ...)
+ TODO: check
+CVE-2026-6517 (Mattermost Desktop App versions <=6.1 5.5.13.0 fail to restrict
the al ...)
+ TODO: check
+CVE-2026-6047 (LibreOffice can import documents in the OOXML format (DOCX). A
heap bu ...)
+ TODO: check
+CVE-2026-6045 (LibreOffice can import EMF+ graphics, which may be embedded in
documen ...)
+ TODO: check
+CVE-2026-6040 (A heap use-after-free existed when importing the blank-width
character ...)
+ TODO: check
+CVE-2026-6039 (LibreOffice can import drawings in the DXF format used by CAD
software ...)
+ TODO: check
+CVE-2026-5482 (Responsive FileManager's allows an unauthenticatedattacker to
upload f ...)
+ TODO: check
+CVE-2026-5242 (Improper neutralization of formula elements in a CSV file
vulnerabilit ...)
+ TODO: check
+CVE-2026-5233 (Improper Control of Interaction Frequency vulnerability in MIA
Technol ...)
+ TODO: check
+CVE-2026-5230 (Improper Access Control, Missing Authorization vulnerability in
MIA Te ...)
+ TODO: check
+CVE-2026-5079 (Impact: multer versions 1.0.0 through 2.1.1 and 3.0.0-alpha.1
are vuln ...)
+ TODO: check
+CVE-2026-5038 (Impact: multer versions 2.0.0-alpha.1 through 2.1.1 and
3.0.0-alpha.1 ...)
+ TODO: check
+CVE-2026-52704 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
+ TODO: check
+CVE-2026-50100 (Multiple printer drivers provided by Ricoh Company, Ltd. and
KONICA MI ...)
+ TODO: check
+CVE-2026-49757 (Authentication Bypass by Spoofing vulnerability in
team-alembic AshAut ...)
+ TODO: check
+CVE-2026-49294 (Valhalla is an open source routing engine and accompanying
libraries f ...)
+ TODO: check
+CVE-2026-49111 (Incorrect Privilege Assignment vulnerability in ThemeGrill
Masteriyo - ...)
+ TODO: check
+CVE-2026-49064 (Insertion of Sensitive Information Into Sent Data
vulnerability in Sti ...)
+ TODO: check
+CVE-2026-49062 (Authentication Bypass Using an Alternate Path or Channel
vulnerability ...)
+ TODO: check
+CVE-2026-48969 (Subscriber Broken Access Control in Really Simple SSL <= 9.5.9
version ...)
+ TODO: check
+CVE-2026-47777 (Mastodon is a free, open-source social network server based on
Activit ...)
+ TODO: check
+CVE-2026-44188 (A flaw was found in Ansible Lightspeed. This vulnerability,
related to ...)
+ TODO: check
+CVE-2026-34030 (TheWertheim SafeController Software, AssemblyVersion
6.15.8328.28014, ...)
+ TODO: check
+CVE-2026-34029 (TheWertheim SafeController Software, AssemblyVersion
6.15.8328.28014, ...)
+ TODO: check
+CVE-2026-34028 (The Wertheim SafeController Software, AssemblyVersion
6.15.8328.28014, ...)
+ TODO: check
+CVE-2026-34027 (The Wertheim SafeController Software, AssemblyVersion
6.15.8328.28014, ...)
+ TODO: check
+CVE-2026-34026 (Wertheim SafeController Software, AssemblyVersion
6.15.8328.28014, con ...)
+ TODO: check
+CVE-2026-34025 (The Wertheim SafeController Software, AssemblyVersion
6.15.8328.28014, ...)
+ TODO: check
+CVE-2026-34024 (The Wertheim SafeController Software, AssemblyVersion
6.15.8328.28014, ...)
+ TODO: check
+CVE-2026-34023 (The Wertheim SafeController Software, AssemblyVersion
6.15.8328.28014, ...)
+ TODO: check
+CVE-2026-34022 (TheWertheim SafeController Family 65000, Controller 65000 -
AssemblyVe ...)
+ TODO: check
+CVE-2026-34021 (The Wertheim SafeController 5400, Controller 5400 -
AssemblyVersion 6. ...)
+ TODO: check
+CVE-2026-20262 (A vulnerability in the web UI of Cisco Catalyst SD-WAN
Manager, former ...)
+ TODO: check
+CVE-2026-12057 (When the application executes the JavaScript script embedded
in the PD ...)
+ TODO: check
+CVE-2026-11860 (Quick.CMS deserializes user-controlled data received over
plaintext HT ...)
+ TODO: check
+CVE-2026-10634 (Zephyr's native TCP stack iterates the global connection list
in net_t ...)
+ TODO: check
+CVE-2025-64215 (Missing Authorization vulnerability in StylemixThemes
MasterStudy LMS ...)
+ TODO: check
+CVE-2025-15659 (Contributor Cross Site Scripting (XSS) in Elizaibots <= 1.0.2
versions ...)
+ TODO: check
+CVE-2025-15658 (Administrator Cross Site Scripting (XSS) in WP Emmet <= 0.3.4
versions ...)
+ TODO: check
+CVE-2019-25746 (WordPress Sliced Invoices 3.8.2 contains an authenticated SQL
injectio ...)
+ TODO: check
+CVE-2018-25437 (WordPress CherryFramework Themes 3.1.4 contains an information
disclos ...)
+ TODO: check
+CVE-2018-25436 (WordPress Plugin Baggage Freight Shipping Australia 0.1.0
contains an ...)
+ TODO: check
+CVE-2016-20084 (WordPress appointment-booking-calendar 1.1.24 contains
multiple privil ...)
+ TODO: check
+CVE-2016-20083 (WordPress More Fields Plugin 2.1 contains a cross-site request
forgery ...)
+ TODO: check
+CVE-2016-20082 (WordPress Plugin Abtest contains a local file inclusion
vulnerability ...)
+ TODO: check
+CVE-2016-20081 (WordPress Plugin HB Audio Gallery Lite 1.0.0 contains a path
traversal ...)
+ TODO: check
+CVE-2016-20080 (WordPress Brandfolder plugin version 3.0 and earlier contains
a local ...)
+ TODO: check
+CVE-2016-20079 (WordPress Dharma Booking 2.28.3 and earlier contains a local
file incl ...)
+ TODO: check
+CVE-2016-20078 (WordPress IMDb Profile Widget 1.0.8 contains a local file
inclusion vu ...)
+ TODO: check
+CVE-2016-20077 (WordPress Plugin Photocart Link 1.6 contains a local file
inclusion vu ...)
+ TODO: check
+CVE-2016-20076 (WordPress Simple-Backup 2.7.11 contains multiple
vulnerabilities that ...)
+ TODO: check
+CVE-2016-20075 (WordPress Ultimate Product Catalog 3.8.6 contains an arbitrary
file up ...)
+ TODO: check
+CVE-2016-20074 (WordPress Lazy Content Slider Plugin 3.4 contains a cross-site
request ...)
+ TODO: check
+CVE-2016-20073 (Answer My Question 1.3 plugin for WordPress contains an SQL
injection ...)
+ TODO: check
+CVE-2016-20072 (BBS e-Franchise 1.1.1 plugin for WordPress contains an SQL
injection v ...)
+ TODO: check
+CVE-2016-20071 (The 404 Redirection Manager plugin version 1.0 for WordPress
contains ...)
+ TODO: check
+CVE-2016-20070 (WordPress Booking Calendar Contact Form 1.0.23 contains
privilege esca ...)
+ TODO: check
+CVE-2016-20069 (WordPress Booking Calendar Contact Form 1.0.23 contains an
unauthentic ...)
+ TODO: check
+CVE-2016-20068 (WordPress Booking Calendar Contact Form version 1.0.23
contains an una ...)
+ TODO: check
+CVE-2016-20067 (WordPress CP Polls 1.0.8 contains a cross-site request forgery
vulnera ...)
+ TODO: check
+CVE-2016-20066 (WordPress CP Polls 1.0.8 contains a persistent cross-site
scripting vu ...)
+ TODO: check
CVE-2026-12205
- libcrypt-dsa-perl <unfixed>
NOTE: https://lists.security.metacpan.org/cve-announce/msg/41004653/
@@ -15898,7 +16040,7 @@ CVE-2026-48849 (In Roundcube Webmail 1.6.x before
1.6.16 and 1.7.x before 1.7.1,
NOTE:
https://github.com/roundcube/roundcubemail/commit/a21519187873ce962db029b6ff68e47bd7f3fd8a
CVE-2026-9359 (A vulnerability was identified in Edimax EW-7438RPn 1.28a.
Affected by ...)
NOT-FOR-US: Edimax
-CVE-2026-9358 (A vulnerability was determined in postcss up to 7.1.1. Affected
is the ...)
+CVE-2026-9358 (A vulnerability was determined in postcss-selector-parser up to
6.1.2/ ...)
- node-css-loader <unfixed> (bug #1139161)
[trixie] - node-css-loader <no-dsa> (Minor issue)
[bookworm] - node-css-loader <no-dsa> (Minor issue)
@@ -28319,9 +28461,9 @@ CVE-2026-32689 (Allocation of Resources Without Limits
or Throttling vulnerabili
NOT-FOR-US: phoenix
CVE-2026-31835 (Vaultwarden is a Bitwarden-compatible server written in Rust.
In versi ...)
- vaultwarden <itp> (bug #1067023)
-CVE-2026-31196 (The traceroute diagnostic handler in /bin/httpd_clientside for
ALTICE ...)
+CVE-2026-31196 (OS command injection vulnerability in the traceroute
diagnostic handle ...)
NOT-FOR-US: ALTICE
-CVE-2026-31195 (The ping diagnostic handler in /bin/httpd_clientside for
ALTICE LABS / ...)
+CVE-2026-31195 (OS command injection vulnerability in the ping diagnostic
handler in / ...)
NOT-FOR-US: ALTICE
CVE-2026-42268 (ModSecurity is an open source, cross platform web application
firewall ...)
- modsecurity 3.0.15-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e45e440c8333b03bb32d6a301b573867f3de576
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e45e440c8333b03bb32d6a301b573867f3de576
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
