Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c2a0fa59 by security tracker role at 2026-02-24T08:12:30+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,13 +1,247 @@
-CVE-2026-3063
+CVE-2026-3091 (An uncontrolled search path element vulnerability in Synology
Presto C ...)
+ TODO: check
+CVE-2026-3075 (Exposure of Sensitive System Information to an Unauthorized
Control Sp ...)
+ TODO: check
+CVE-2026-3070 (A vulnerability was detected in SourceCodester Modern Image
Gallery Ap ...)
+ TODO: check
+CVE-2026-3069 (A security vulnerability has been detected in itsourcecode
Document Ma ...)
+ TODO: check
+CVE-2026-3068 (A weakness has been identified in itsourcecode Document
Management Sys ...)
+ TODO: check
+CVE-2026-3067 (A vulnerability has been found in HummerRisk up to 1.5.0. This
issue a ...)
+ TODO: check
+CVE-2026-3066 (A flaw has been found in HummerRisk up to 1.5.0. This
vulnerability af ...)
+ TODO: check
+CVE-2026-3065 (A vulnerability was detected in HummerRisk up to 1.5.0. This
affects t ...)
+ TODO: check
+CVE-2026-3064 (A security vulnerability has been detected in HummerRisk up to
1.5.0. ...)
+ TODO: check
+CVE-2026-3057 (A security flaw has been discovered in a54552239 pearProjectApi
up to ...)
+ TODO: check
+CVE-2026-3054 (A vulnerability was identified in Alinto SOGo 5.12.3/5.12.4.
This impa ...)
+ TODO: check
+CVE-2026-3053 (A vulnerability was determined in DataLinkDC dinky up to 1.2.5.
This a ...)
+ TODO: check
+CVE-2026-3052 (A vulnerability was found in DataLinkDC dinky up to 1.2.5. The
impacte ...)
+ TODO: check
+CVE-2026-3051 (A vulnerability has been found in DataLinkDC dinky up to 1.2.5.
The af ...)
+ TODO: check
+CVE-2026-3050 (A flaw has been found in horilla-opensource horilla up to
1.0.2. Impac ...)
+ TODO: check
+CVE-2026-3049 (A vulnerability was detected in horilla-opensource horilla up
to 1.0.2 ...)
+ TODO: check
+CVE-2026-3046 (A security vulnerability has been detected in itsourcecode
E-Logbook w ...)
+ TODO: check
+CVE-2026-3044 (A vulnerability has been found in Tenda AC8 16.03.34.06. This
affects ...)
+ TODO: check
+CVE-2026-3043 (A flaw has been found in itsourcecode Event Management System
1.0. The ...)
+ TODO: check
+CVE-2026-3042 (A vulnerability was detected in itsourcecode Event Management
System 1 ...)
+ TODO: check
+CVE-2026-3041 (A security vulnerability has been detected in xingfuggz
BaykeShop up t ...)
+ TODO: check
+CVE-2026-3040 (A vulnerability was identified in DrayTek Vigor 300B up to
1.5.1.6. Th ...)
+ TODO: check
+CVE-2026-3028 (A vulnerability was determined in erzhongxmu JEEWMS up to 3.7.
This vu ...)
+ TODO: check
+CVE-2026-3027 (A vulnerability was found in erzhongxmu JEEWMS up to 3.7. This
affects ...)
+ TODO: check
+CVE-2026-3026 (A vulnerability has been found in erzhongxmu JEEWMS 3.7.
Affected by t ...)
+ TODO: check
+CVE-2026-3025 (A flaw has been found in ShuoRen Smart Heating Integrated
Management P ...)
+ TODO: check
+CVE-2026-27742 (Bludit version 3.16.2 contains a stored cross-site scripting
(XSS) vul ...)
+ TODO: check
+CVE-2026-27741 (Bludit version 3.16.1 contains a cross-site request forgery
(CSRF) vul ...)
+ TODO: check
+CVE-2026-27729 (Astro is a web framework. In versions 9.0.0 through 9.5.3,
Astro serve ...)
+ TODO: check
+CVE-2026-27643 (free5GC UDR is the user data repository (UDR) for free5GC, an
an open- ...)
+ TODO: check
+CVE-2026-27642 (free5gc UDM provides Unified Data Management (UDM) for
free5GC, an ope ...)
+ TODO: check
+CVE-2026-27623 (Valkey is a distributed key-value database. Starting in
version 9.0.0 ...)
+ TODO: check
+CVE-2026-27461 (Pimcore is an Open Source Data & Experience Management
Platform. In ve ...)
+ TODO: check
+CVE-2026-27163
+ REJECTED
+CVE-2026-27129 (Craft is a content management system (CMS). In versions
4.5.0-RC1 thro ...)
+ TODO: check
+CVE-2026-27128 (Craft is a content management system (CMS). In versions
4.5.0-RC1 thro ...)
+ TODO: check
+CVE-2026-27127 (Craft is a content management system (CMS). In versions
4.5.0-RC1 thro ...)
+ TODO: check
+CVE-2026-27126 (Craft is a content management system (CMS). In versions
4.5.0-RC1 thro ...)
+ TODO: check
+CVE-2026-26983 (ImageMagick is free and open-source software used for editing
and mani ...)
+ TODO: check
+CVE-2026-26981 (OpenEXR provides the specification and reference
implementation of the ...)
+ TODO: check
+CVE-2026-26331 (yt-dlp is a command-line audio/video downloader. Starting in
version 2 ...)
+ TODO: check
+CVE-2026-26284 (ImageMagick is free and open-source software used for editing
and mani ...)
+ TODO: check
+CVE-2026-26283 (ImageMagick is free and open-source software used for editing
and mani ...)
+ TODO: check
+CVE-2026-26198 (Ormar is a async mini ORM for Python. In versions 0.9.9
through 0.22.0 ...)
+ TODO: check
+CVE-2026-26066 (ImageMagick is free and open-source software used for editing
and mani ...)
+ TODO: check
+CVE-2026-26025 (free5GC SMF provides Session Management Function for free5GC,
an open- ...)
+ TODO: check
+CVE-2026-26024 (free5GC SMF provides Session Management Function for free5GC,
an open- ...)
+ TODO: check
+CVE-2026-25989 (ImageMagick is free and open-source software used for editing
and mani ...)
+ TODO: check
+CVE-2026-25988 (ImageMagick is free and open-source software used for editing
and mani ...)
+ TODO: check
+CVE-2026-25987 (ImageMagick is free and open-source software used for editing
and mani ...)
+ TODO: check
+CVE-2026-25986 (ImageMagick is free and open-source software used for editing
and mani ...)
+ TODO: check
+CVE-2026-25985 (ImageMagick is free and open-source software used for editing
and mani ...)
+ TODO: check
+CVE-2026-25984
+ REJECTED
+CVE-2026-25983 (ImageMagick is free and open-source software used for editing
and mani ...)
+ TODO: check
+CVE-2026-25982 (ImageMagick is free and open-source software used for editing
and mani ...)
+ TODO: check
+CVE-2026-25971 (ImageMagick is free and open-source software used for editing
and mani ...)
+ TODO: check
+CVE-2026-25970 (ImageMagick is free and open-source software used for editing
and mani ...)
+ TODO: check
+CVE-2026-25969 (ImageMagick is free and open-source software used for editing
and mani ...)
+ TODO: check
+CVE-2026-25968 (ImageMagick is free and open-source software used for editing
and mani ...)
+ TODO: check
+CVE-2026-25967 (ImageMagick is free and open-source software used for editing
and mani ...)
+ TODO: check
+CVE-2026-25966 (ImageMagick is free and open-source software used for editing
and mani ...)
+ TODO: check
+CVE-2026-25965 (ImageMagick is free and open-source software used for editing
and mani ...)
+ TODO: check
+CVE-2026-25898 (ImageMagick is free and open-source software used for editing
and mani ...)
+ TODO: check
+CVE-2026-25897 (ImageMagick is free and open-source software used for editing
and mani ...)
+ TODO: check
+CVE-2026-25802 (New API is a large language mode (LLM) gateway and artificial
intellig ...)
+ TODO: check
+CVE-2026-25799 (ImageMagick is free and open-source software used for editing
and mani ...)
+ TODO: check
+CVE-2026-25798 (ImageMagick is free and open-source software used for editing
and mani ...)
+ TODO: check
+CVE-2026-25797 (ImageMagick is free and open-source software used for editing
and mani ...)
+ TODO: check
+CVE-2026-25796 (ImageMagick is free and open-source software used for editing
and mani ...)
+ TODO: check
+CVE-2026-25795 (ImageMagick is free and open-source software used for editing
and mani ...)
+ TODO: check
+CVE-2026-25794 (ImageMagick is free and open-source software used for editing
and mani ...)
+ TODO: check
+CVE-2026-25649 (Versions of the Traccar open-source GPS tracking system up to
and incl ...)
+ TODO: check
+CVE-2026-25648 (Versions of the Traccar open-source GPS tracking system
starting with ...)
+ TODO: check
+CVE-2026-25638 (ImageMagick is free and open-source software used for editing
and mani ...)
+ TODO: check
+CVE-2026-25637 (ImageMagick is free and open-source software used for editing
and mani ...)
+ TODO: check
+CVE-2026-25591 (New API is a large language mode (LLM) gateway and artificial
intellig ...)
+ TODO: check
+CVE-2026-25576 (ImageMagick is free and open-source software used for editing
and mani ...)
+ TODO: check
+CVE-2026-25545 (Astro is a web framework. Prior to version 9.5.4, Server-Side
Rendered ...)
+ TODO: check
+CVE-2026-25501 (free5GC SMF provides Session Management Function for free5GC,
an open- ...)
+ TODO: check
+CVE-2026-24485 (ImageMagick is free and open-source software used for editing
and mani ...)
+ TODO: check
+CVE-2026-24484 (ImageMagick is free and open-source software used for editing
and mani ...)
+ TODO: check
+CVE-2026-24481 (ImageMagick is free and open-source software used for editing
and mani ...)
+ TODO: check
+CVE-2026-24314 (Under certain conditions SAP S/4HANA (Manage Payment Media)
allows an ...)
+ TODO: check
+CVE-2026-23694 (Aruba HiSpeed Cache (aruba-hispeed-cache) WordPress plugin
versions pr ...)
+ TODO: check
+CVE-2026-23693 (ElementsKit Lite (elementskit-lite) WordPress plugin versions
prior to ...)
+ TODO: check
+CVE-2026-23521 (Versions of the Traccar open-source GPS tracking system up to
and incl ...)
+ TODO: check
+CVE-2026-21864 (Valkey-Bloom is a Rust based Valkey module which brings a
Bloom Filter ...)
+ TODO: check
+CVE-2026-21863 (Valkey is a distributed key-value database. Prior to versions
9.0.2, 8 ...)
+ TODO: check
+CVE-2026-21665 (The Print Service component of Fiserv Originate Loans
Peripherals (for ...)
+ TODO: check
+CVE-2026-1459 (A post-authentication command injection vulnerability in the
TR-369 ce ...)
+ TODO: check
+CVE-2026-1229 (The CombinedMult function in the CIRCL ecc/p384 package
(secp384r1 cur ...)
+ TODO: check
+CVE-2025-9120 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
+ TODO: check
+CVE-2025-71056 (Improper session management in GCOM EPON 1GE ONU version
C00R371V00B01 ...)
+ TODO: check
+CVE-2025-70328 (TOTOLINK X6000R v9.4.0cu.1498_B20250826 contains an OS command
injecti ...)
+ TODO: check
+CVE-2025-70327 (TOTOLINK X5000R v9.1.0cu_2415_B20250515 contains an argument
injection ...)
+ TODO: check
+CVE-2025-69253 (free5GC is an open-source project for 5th generation (5G)
mobile core ...)
+ TODO: check
+CVE-2025-69252 (free5gc UDM provides Unified Data Management (UDM) for
free5GC, an ope ...)
+ TODO: check
+CVE-2025-69251 (free5gc UDM provides Unified Data Management (UDM) for
free5GC, an ope ...)
+ TODO: check
+CVE-2025-69250 (free5gc UDM provides Unified Data Management (UDM) for
free5GC, an ope ...)
+ TODO: check
+CVE-2025-69248 (free5GC is an open-source project for 5th generation (5G)
mobile core ...)
+ TODO: check
+CVE-2025-69247 (free5GC go-upf is the User Plane Function (UPF) implementation
for 5G ...)
+ TODO: check
+CVE-2025-69232 (free5GC is an open-source project for 5th generation (5G)
mobile core ...)
+ TODO: check
+CVE-2025-69208 (free5GC UDR is the user data repository (UDR) for free5GC, an
an open- ...)
+ TODO: check
+CVE-2025-68930 (Versions of the Traccar open-source GPS tracking system up to
and incl ...)
+ TODO: check
+CVE-2025-67733 (Valkey is a distributed key-value database. Prior to versions
9.0.2, 8 ...)
+ TODO: check
+CVE-2025-40541 (An Insecure Direct Object Reference (IDOR) vulnerability
exists in Ser ...)
+ TODO: check
+CVE-2025-40540 (A type confusion vulnerability exists in Serv-U which when
exploited, ...)
+ TODO: check
+CVE-2025-40539 (A type confusion vulnerability exists in Serv-U which when
exploited, ...)
+ TODO: check
+CVE-2025-40538 (A broken access control vulnerability exists in Serv-U which
when expl ...)
+ TODO: check
+CVE-2025-15589 (A vulnerability was determined in MuYuCMS 2.7. Affected is the
functio ...)
+ TODO: check
+CVE-2025-15386 (The Responsive Lightbox & Gallery WordPress plugin before
2.6.1 is vul ...)
+ TODO: check
+CVE-2025-13943 (A post-authentication command injection vulnerability in the
log file ...)
+ TODO: check
+CVE-2025-13942 (A command injection vulnerability in the UPnP function of the
Zyxel EX ...)
+ TODO: check
+CVE-2025-11848 (A null pointer dereference vulnerability in the Wake-on-LAN
CGI progra ...)
+ TODO: check
+CVE-2025-11847 (A null pointer dereference vulnerability in the IP settings
CGI progra ...)
+ TODO: check
+CVE-2025-11846 (A null pointer dereference vulnerability in the account
settings CGI p ...)
+ TODO: check
+CVE-2025-11845 (A null pointer dereference vulnerability in the certificate
downloader ...)
+ TODO: check
+CVE-2026-3063 (Inappropriate implementation in DevTools in Google Chrome prior
to 145 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-3062
+CVE-2026-3062 (Out of bounds read and write in Tint in Google Chrome on Mac
prior to ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-3061
+CVE-2026-3061 (Out of bounds read in Media in Google Chrome prior to
145.0.7632.116 a ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2024-58041
+CVE-2024-58041 (Smolder versions through 1.51 for Perl uses insecure rand()
function f ...)
NOTE: Smolder Perl module
CVE-2026-3016 (A vulnerability was identified in UTT HiPER 810G up to
1.7.7-171114. T ...)
NOT-FOR-US: UTT
@@ -1613,7 +1847,8 @@ CVE-2026-25416 (Missing Authorization vulnerability in
blazethemes News Kit Elem
NOT-FOR-US: WordPress plugin or theme
CVE-2026-25415 (Missing Authorization vulnerability in iqonicdesign WPBookit
Pro wpboo ...)
NOT-FOR-US: WordPress plugin or theme
-CVE-2026-25412 (Missing Authorization vulnerability in mdempfle Advanced
iFrame advanc ...)
+CVE-2026-25412
+ REJECTED
NOT-FOR-US: WordPress plugin or theme
CVE-2026-25411 (Cross-Site Request Forgery (CSRF) vulnerability in
themastercut Revisi ...)
NOT-FOR-US: WordPress plugin or theme
@@ -15278,7 +15513,7 @@ CVE-2025-61728 (archive/zip uses a super-linear file
name indexing algorithm tha
NOTE: Introduced by:
https://github.com/golang/go/commit/1296ee6b4f9058be75c799513ccb488d2f2dd085
(go1.16beta1)
NOTE: Fixed by:
https://github.com/golang/go/commit/9d497df196d66553ae844c22a53fb86cd422e80c
(go1.25.6)
NOTE: Fixed by:
https://github.com/golang/go/commit/3235ef3db85c2d7e797b976822a7addaf6d5ca2a
(go1.24.12)
-CVE-2025-68675 (In Apache Airflow versions before 3.1.6, the proxies and proxy
fields ...)
+CVE-2025-68675 (In Apache Airflow versions before 3.1.6, and 2.11.1 the
proxies and pr ...)
- airflow <itp> (bug #819700)
CVE-2025-68438 (In Apache Airflow versions before 3.1.6, when rendered
template fields ...)
- airflow <itp> (bug #819700)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c2a0fa595ce2b1fee8757e6b3696a55f38ffb163
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c2a0fa595ce2b1fee8757e6b3696a55f38ffb163
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
