Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4f3f4b5d by security tracker role at 2026-02-22T20:13:58+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,67 @@
+CVE-2026-2954 (A vulnerability was found in Dromara UJCMS 10.0.2. Impacted is
the fun ...)
+ TODO: check
+CVE-2026-2953 (A vulnerability has been found in Dromara UJCMS 101.2. This
issue affe ...)
+ TODO: check
+CVE-2026-2952 (A flaw has been found in Vaelsys 4.1.0. This vulnerability
affects unk ...)
+ TODO: check
+CVE-2026-2947 (A vulnerability was detected in rymcu forest up to 0.0.5. This
affects ...)
+ TODO: check
+CVE-2026-2946 (A security vulnerability has been detected in rymcu forest up
to 0.0.5 ...)
+ TODO: check
+CVE-2026-2945 (A weakness has been identified in JeecgBoot 3.9.0. Affected by
this vu ...)
+ TODO: check
+CVE-2026-2944 (A security flaw has been discovered in Tosei Online Store
Management S ...)
+ TODO: check
+CVE-2026-2943 (A vulnerability was identified in SapneshNaik Student
Management Syste ...)
+ TODO: check
+CVE-2026-2940 (A vulnerability was determined in Zaher1307 tiny_web_server up
to 8d77 ...)
+ TODO: check
+CVE-2026-2939 (A vulnerability was found in itsourcecode Student Management
System 1. ...)
+ TODO: check
+CVE-2026-2938 (A vulnerability has been found in SourceCodester Student Result
Manage ...)
+ TODO: check
+CVE-2026-2935 (A weakness has been identified in UTT HiPER 810G up to
1.7.7-171114. T ...)
+ TODO: check
+CVE-2026-2934 (A security vulnerability has been detected in YiFang CMS up to
2.0.5. ...)
+ TODO: check
+CVE-2026-2385 (The The Plus Addons for Elementor \u2013 Addons for Elementor,
Page Te ...)
+ TODO: check
+CVE-2019-25462 (Web Ofisi Rent a Car v3 contains an SQL injection
vulnerability that a ...)
+ TODO: check
+CVE-2019-25461 (Web Ofisi Platinum E-Ticaret v5 contains an SQL injection
vulnerabilit ...)
+ TODO: check
+CVE-2019-25460 (Web Ofisi Platinum E-Ticaret v5 contains an SQL injection
vulnerabilit ...)
+ TODO: check
+CVE-2019-25459 (Web Ofisi Emlak V2 contains multiple SQL injection
vulnerabilities in ...)
+ TODO: check
+CVE-2019-25458 (Web Ofisi Firma Rehberi v1 contains an SQL injection
vulnerability tha ...)
+ TODO: check
+CVE-2019-25457 (Web Ofisi Firma v13 contains an SQL injection vulnerability
that allow ...)
+ TODO: check
+CVE-2019-25456 (Web Ofisi Emlak v2 contains an SQL injection vulnerability
that allows ...)
+ TODO: check
+CVE-2019-25455 (Web Ofisi E-Ticaret v3 contains an SQL injection vulnerability
that al ...)
+ TODO: check
+CVE-2019-25452 (Dolibarr ERP/CRM 10.0.1 contains an SQL injection
vulnerability in the ...)
+ TODO: check
+CVE-2019-25450 (Dolibarr ERP/CRM 10.0.1 contains multiple SQL injection
vulnerabilitie ...)
+ TODO: check
+CVE-2019-25446 (DIGIT CENTRIS ERP contains an SQL injection vulnerability that
allows ...)
+ TODO: check
+CVE-2019-25443 (Inventory Webapp contains an SQL injection vulnerability that
allows u ...)
+ TODO: check
+CVE-2019-25442 (Web Wiz Forums 12.01 contains an SQL injection vulnerability
that allo ...)
+ TODO: check
+CVE-2019-25440 (WebIncorp ERP contains an SQL injection vulnerability that
allows unau ...)
+ TODO: check
+CVE-2019-25439 (NoviSmart CMS contains an SQL injection vulnerability that
allows remo ...)
+ TODO: check
+CVE-2019-25433 (XOOPS CMS 2.5.9 contains an SQL injection vulnerability that
allows un ...)
+ TODO: check
+CVE-2019-25391 (Ashop Shopping Cart Software contains a time-based blind SQL
injection ...)
+ TODO: check
+CVE-2019-25366 (microASP Portal+ CMS contains an SQL injection vulnerability
that allo ...)
+ TODO: check
CVE-2026-2597 [Disallow requesting strings with negative lengths]
- libcrypt-sysrandom-xs-perl 0.011-1
NOTE: Fixed by:
https://github.com/Leont/crypt-sysrandom-xs/commit/a402e0381a2150799a9ad919f0942f62d0282d2d
(v0.010)
@@ -2802,7 +2866,7 @@ CVE-2026-2452 (Emails sent by pretix can utilize
placeholders that will be fille
CVE-2026-2451 (Emails sent by pretix can utilize placeholders that will be
filled wit ...)
NOT-FOR-US: rami.io products
CVE-2026-2447 (Heap buffer overflow in libvpx. This vulnerability affects
Firefox < 1 ...)
- {DSA-6143-1}
+ {DSA-6143-1 DLA-4489-1}
- firefox 147.0.4-1 (unimportant)
- firefox-esr <unfixed> (unimportant)
- libvpx 1.16.0-3 (bug #1128283)
@@ -6127,7 +6191,7 @@ CVE-2026-22613 (The server identity check mechanism for
firmware upgrade perform
NOT-FOR-US: Eaton
CVE-2026-1868 (GitLab has remediated a vulnerability in the Duo Workflow
Service comp ...)
NOT-FOR-US: GitLab AI Gateway
-CVE-2026-1615 (Versions of the package jsonpath before 1.2.0 are vulnerable to
Arbitr ...)
+CVE-2026-1615 (Versions of the package jsonpath from 0.0.0 are vulnerable to
Arbitrar ...)
NOT-FOR-US: Node jsonpath
CVE-2026-0870 (MacroHub developed by GIGABYTE has a Local Privilege Escalation
vulner ...)
NOT-FOR-US: MacroHub
@@ -14380,7 +14444,7 @@ CVE-2026-22816 (Gradle is a build automation tool, and
its native-platform tool
NOTE: Followup:
https://github.com/gradle/gradle/commit/905df7b0a3f58cac40efaf430920bd3577c7d4ee
(v8.14.4)
NOTE: Documentation:
https://github.com/gradle/gradle/commit/4975f20330a3de43478099766827fb9f81cfe9e8
(v8.14.4)
NOTE: Followup:
https://github.com/gradle/gradle/commit/df5a15bd5fdb1032cea863518fc004523bab0853
(v8.14.4)
-CVE-2026-21223 (Microsoft Edge Elevation Service exposes a privileged COM
interface th ...)
+CVE-2026-21223 (Improper privilege management in Microsoft Edge
(Chromium-based) allow ...)
NOT-FOR-US: Microsoft
CVE-2026-20960 (Improper authorization in Microsoft Power Apps allows an
authorized at ...)
NOT-FOR-US: Microsoft
@@ -18017,7 +18081,7 @@ CVE-2026-21885 (Miniflux 2 is an open source feed
reader. Prior to version 2.2.1
NOTE:
https://github.com/miniflux/v2/security/advisories/GHSA-xwh2-742g-w3wp
NOTE: Fixed by:
https://github.com/miniflux/v2/commit/6c83e8c477b4d476aee5fbb87e47472c9ded01de
(v2.2.16)
CVE-2026-21876 (The OWASP core rule set (CRS) is a set of generic attack
detection rul ...)
- {DSA-6105-1}
+ {DSA-6105-1 DLA-4488-1}
- modsecurity-crs 3.3.8-1 (bug #1125084)
NOTE:
https://github.com/coreruleset/coreruleset/security/advisories/GHSA-36fv-25j3-r2c5
NOTE: Fixed by (merge):
https://github.com/coreruleset/coreruleset/commit/80d80473abf71bd49bf6d3c1ab221e3c74e4eb83
(v3.3.8)
@@ -274955,6 +275019,7 @@ CVE-2023-3342 (The User Registration plugin for
WordPress is vulnerable to arbit
CVE-2023-3319 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: PlatPlay DSr
CVE-2023-38199 (coreruleset (aka OWASP ModSecurity Core Rule Set) through
3.3.4 does n ...)
+ {DLA-4488-1}
- modsecurity-crs 3.3.5-1 (bug #1041109)
[bookworm] - modsecurity-crs <no-dsa> (Minor issue)
[buster] - modsecurity-crs <postponed> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f3f4b5d8201b386238989741cfc882256bf2f41
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f3f4b5d8201b386238989741cfc882256bf2f41
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
