Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2a40ee29 by security tracker role at 2026-02-26T08:13:52+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,22 +1,232 @@
+CVE-2026-3209 (A vulnerability has been found in fosrl Pangolin up to
1.15.4-s.3. Thi ...)
+ TODO: check
+CVE-2026-3200 (A vulnerability was identified in z-9527 admin 1.0/2.0. The
affected e ...)
+ TODO: check
+CVE-2026-3172 (Buffer overflow in parallel HNSW index build in pgvector 0.6.0
through ...)
+ TODO: check
+CVE-2026-2694 (The The Events Calendar plugin for WordPress is vulnerable to
unauthor ...)
+ TODO: check
+CVE-2026-2506 (The EM Cost Calculator plugin for WordPress is vulnerable to
Stored Cr ...)
+ TODO: check
+CVE-2026-2499 (The Custom Logo plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
+ TODO: check
+CVE-2026-2498 (The WP Social Meta plugin for WordPress is vulnerable to Stored
Cross- ...)
+ TODO: check
+CVE-2026-2489 (The TP2WP Importer plugin for WordPress is vulnerable to Stored
Cross- ...)
+ TODO: check
+CVE-2026-2356 (The User Registration & Membership \u2013 Custom Registration
Form, Lo ...)
+ TODO: check
+CVE-2026-2029 (The Livemesh Addons for Beaver Builder plugin for WordPress is
vulnera ...)
+ TODO: check
+CVE-2026-27976 (Zed, a code editor, has an extension installer allows tar/gzip
downloa ...)
+ TODO: check
+CVE-2026-27975 (Ajenti is a Linux and BSD modular server admin panel. Prior to
version ...)
+ TODO: check
+CVE-2026-27974 (Audiobookshelf is a self-hosted audiobook and podcast server.
A cross- ...)
+ TODO: check
+CVE-2026-27973 (Audiobookshelf is a self-hosted audiobook and podcast server.
A stored ...)
+ TODO: check
+CVE-2026-27970 (Angular is a development platform for building mobile and
desktop web ...)
+ TODO: check
+CVE-2026-27969 (Vitess is a database clustering system for horizontal scaling
of MySQL ...)
+ TODO: check
+CVE-2026-27968 (Packistry is a self-hosted Composer repository designed to
handle PHP ...)
+ TODO: check
+CVE-2026-27967 (Zed, a code editor, has a symlink escape vulnerability in
versions pri ...)
+ TODO: check
+CVE-2026-27966 (Langflow is a tool for building and deploying AI-powered
agents and wo ...)
+ TODO: check
+CVE-2026-27965 (Vitess is a database clustering system for horizontal scaling
of MySQL ...)
+ TODO: check
+CVE-2026-27963 (Audiobookshelf is a self-hosted audiobook and podcast server.
A stored ...)
+ TODO: check
+CVE-2026-27961 (Agenta is an open-source LLMOps platform. A Server-Side
Template Injec ...)
+ TODO: check
+CVE-2026-27959 (Koa is middleware for Node.js using ES2017 async functions.
Prior to v ...)
+ TODO: check
+CVE-2026-27954 (Live Helper Chat is an open-source application that enables
live suppo ...)
+ TODO: check
+CVE-2026-27952 (Agenta is an open-source LLMOps platform. In Agenta-API prior
to versi ...)
+ TODO: check
+CVE-2026-27951 (FreeRDP is a free implementation of the Remote Desktop
Protocol. Prior ...)
+ TODO: check
+CVE-2026-27950 (FreeRDP is a free implementation of the Remote Desktop
Protocol. Prior ...)
+ TODO: check
+CVE-2026-27948 (Copyparty is a portable file server. In versions prior to
1.20.9, an X ...)
+ TODO: check
+CVE-2026-27946 (ZITADEL is an open source identity management platform. Prior
to versi ...)
+ TODO: check
+CVE-2026-27945 (ZITADEL is an open source identity management platform.
Zitadel Action ...)
+ TODO: check
+CVE-2026-27943 (OpenEMR is a free and open source electronic health records
and medica ...)
+ TODO: check
+CVE-2026-27942 (fast-xml-parser allows users to validate XML, parse XML to JS
object, ...)
+ TODO: check
+CVE-2026-27941 (OpenLIT is an open source platform for AI engineering. Prior
to versio ...)
+ TODO: check
+CVE-2026-27938 (WPGraphQL provides a GraphQL API for WordPress sites. Prior to
version ...)
+ TODO: check
+CVE-2026-27933 (Manyfold is an open source, self-hosted web application for
managing a ...)
+ TODO: check
+CVE-2026-27904 (minimatch is a minimal matching utility for converting glob
expression ...)
+ TODO: check
+CVE-2026-27903 (minimatch is a minimal matching utility for converting glob
expression ...)
+ TODO: check
+CVE-2026-27902 (Svelte performance oriented web framework. Prior to version
5.53.5, er ...)
+ TODO: check
+CVE-2026-27901 (Svelte performance oriented web framework. Prior to version
5.53.5, th ...)
+ TODO: check
+CVE-2026-27900 (The Terraform Provider for Linode versions prior to v3.9.0
logged sens ...)
+ TODO: check
+CVE-2026-27899 (WireGuard Portal (or wg-portal) is a web-based configuration
portal fo ...)
+ TODO: check
+CVE-2026-27896 (The Go MCP SDK used Go's standard encoding/json.Unmarshal for
JSON-RPC ...)
+ TODO: check
+CVE-2026-27888 (pypdf is a free and open-source pure-python PDF library. Prior
to 6.7. ...)
+ TODO: check
+CVE-2026-27887 (Spin is an open source developer tool for building and running
serverl ...)
+ TODO: check
+CVE-2026-27884 (NetExec is a network execution tool. Prior to version 1.5.1,
the modul ...)
+ TODO: check
+CVE-2026-27840 (ZITADEL is an open source identity management platform.
Starting in ve ...)
+ TODO: check
+CVE-2026-27837 (Dottie provides nested object access and manipulation in
JavaScript. V ...)
+ TODO: check
+CVE-2026-27831 (rldns is an open source DNS server. Version 2.3 has a
heap-based out-o ...)
+ TODO: check
+CVE-2026-27830 (c3p0, a JDBC Connection pooling library, is vulnerable to
attack via m ...)
+ TODO: check
+CVE-2026-27829 (Astro is a web framework. In versions 9.0.0 through 9.5.3, a
bug in As ...)
+ TODO: check
+CVE-2026-27821 (GPAC is an open-source multimedia framework. In versions up to
and inc ...)
+ TODO: check
+CVE-2026-27819 (Vikunja is an open-source self-hosted task management
platform. Prior ...)
+ TODO: check
+CVE-2026-27818 (TerriaJS-Server is a NodeJS Express server for TerriaJS, a
library for ...)
+ TODO: check
+CVE-2026-27812 (Sub2API is an AI API gateway platform designed to distribute
and manag ...)
+ TODO: check
+CVE-2026-27809 (psd-tools is a Python package for working with Adobe Photoshop
PSD fil ...)
+ TODO: check
+CVE-2026-27808 (Mailpit is an email testing tool and API for developers. Prior
to vers ...)
+ TODO: check
+CVE-2026-27804 (Parse Server is an open source backend that can be deployed to
any inf ...)
+ TODO: check
+CVE-2026-27800 (Zed, a code editor, has a Zip Slip (Path Traversal)
vulnerability exis ...)
+ TODO: check
+CVE-2026-27799 (ImageMagick is free and open-source software used for editing
and mani ...)
+ TODO: check
+CVE-2026-27798 (ImageMagick is free and open-source software used for editing
and mani ...)
+ TODO: check
+CVE-2026-27735 (Model Context Protocol Servers is a collection of reference
implementa ...)
+ TODO: check
+CVE-2026-27711 (NanaZip is an open source file archive. Starting in version
5.0.1252.0 ...)
+ TODO: check
+CVE-2026-27710 (NanaZip is an open source file archive. Starting in version
5.0.1252.0 ...)
+ TODO: check
+CVE-2026-27709 (NanaZip is an open source file archive. Starting in version
5.0.1252.0 ...)
+ TODO: check
+CVE-2026-27635 (Manyfold is an open source, self-hosted web application for
managing a ...)
+ TODO: check
+CVE-2026-27633 (TinyWeb is a web server (HTTP, HTTPS) written in Delphi for
Win32. Ver ...)
+ TODO: check
+CVE-2026-27630 (TinyWeb is a web server (HTTP, HTTPS) written in Delphi for
Win32. Ver ...)
+ TODO: check
+CVE-2026-27616 (Vikunja is an open-source self-hosted task management
platform. Prior ...)
+ TODO: check
+CVE-2026-27613 (TinyWeb is a web server (HTTP, HTTPS) written in Delphi for
Win32. A v ...)
+ TODO: check
+CVE-2026-27578 (n8n is an open source workflow automation platform. Prior to
versions ...)
+ TODO: check
+CVE-2026-27577 (n8n is an open source workflow automation platform. Prior to
versions ...)
+ TODO: check
+CVE-2026-27575 (Vikunja is an open-source self-hosted task management
platform. Prior ...)
+ TODO: check
+CVE-2026-27498 (n8n is an open source workflow automation platform. Prior to
versions ...)
+ TODO: check
+CVE-2026-27497 (n8n is an open source workflow automation platform. Prior to
versions ...)
+ TODO: check
+CVE-2026-27495 (n8n is an open source workflow automation platform. Prior to
versions ...)
+ TODO: check
+CVE-2026-27494 (n8n is an open source workflow automation platform. Prior to
versions ...)
+ TODO: check
+CVE-2026-27493 (n8n is an open source workflow automation platform. Prior to
versions ...)
+ TODO: check
+CVE-2026-27465 (Fleet is open source device management software. In versions
prior to ...)
+ TODO: check
+CVE-2026-27148 (Storybook is a frontend workshop for building user interface
component ...)
+ TODO: check
+CVE-2026-27116 (Vikunja is an open-source self-hosted task management
platform. Prior ...)
+ TODO: check
+CVE-2026-26985 (LORIS (Longitudinal Online Research and Imaging System) is a
self-host ...)
+ TODO: check
+CVE-2026-26984 (LORIS (Longitudinal Online Research and Imaging System) is a
self-host ...)
+ TODO: check
+CVE-2026-26186 (Fleet is open source device management software. A SQL
injection vulne ...)
+ TODO: check
+CVE-2026-25963 (Fleet is open source device management software. In versions
prior to ...)
+ TODO: check
+CVE-2026-25736 (Rucio is a software framework that provides functionality to
organize, ...)
+ TODO: check
+CVE-2026-25735 (Rucio is a software framework that provides functionality to
organize, ...)
+ TODO: check
+CVE-2026-25734 (Rucio is a software framework that provides functionality to
organize, ...)
+ TODO: check
+CVE-2026-25733 (Rucio is a software framework that provides functionality to
organize, ...)
+ TODO: check
+CVE-2026-25191 (The installer of FinalCode Client provided by Digital Arts
Inc. contai ...)
+ TODO: check
+CVE-2026-24004 (Fleet is open source device management software. In versions
prior to ...)
+ TODO: check
+CVE-2026-23999 (Fleet is open source device management software. In versions
prior to ...)
+ TODO: check
+CVE-2026-23703 (The installer of FinalCode Client provided by Digital Arts
Inc. contai ...)
+ TODO: check
+CVE-2026-22728 (Bitnami Sealed Secretsis vulnerable to a scope-widening attack
during ...)
+ TODO: check
+CVE-2026-22721 (VMware Aria Operations contains a privilege escalation
vulnerability. ...)
+ TODO: check
+CVE-2026-1779 (The User Registration & Membership plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2026-1698 (A HTTP Host header attack vulnerability affects WebClient and
the WebS ...)
+ TODO: check
+CVE-2026-1697 (The Secure and SameSite attribute are missing in the
GraphicalData web ...)
+ TODO: check
+CVE-2026-1696 (Some HTTP security headers are not properly set by the web
server when ...)
+ TODO: check
+CVE-2026-1695 (An XSS vulnerability affects the OAuth web services used by the
WebVue ...)
+ TODO: check
+CVE-2026-1694 (HTTP headers are added by the default configuration of IIS and
ASP.net ...)
+ TODO: check
+CVE-2026-1693 (The OAuth grant type Resource Owner Password Credentials (ROPC)
flow i ...)
+ TODO: check
+CVE-2026-1692 (A missing origin validation in WebSockets vulnerability affects
the Gr ...)
+ TODO: check
+CVE-2026-1557 (The WP Responsive Images plugin for WordPress is vulnerable to
Path Tr ...)
+ TODO: check
+CVE-2026-1311 (The Worry Proof Backup plugin for WordPress is vulnerable to
Path Trav ...)
+ TODO: check
+CVE-2026-0542 (ServiceNow has addressed a remote code execution vulnerability
that wa ...)
+ TODO: check
CVE-2026-3190
- keycloak <itp> (bug #1088287)
CVE-2026-3184 [Access control bypass due to improper hostname canonicalization]
- util-linux <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2442570
TODO: check upstream status
-CVE-2026-1747
+CVE-2026-1747 (GitLab has remediated an issue in GitLab EE affecting all
versions fro ...)
- gitlab <not-affected> (Specific to EE)
-CVE-2026-1725
+CVE-2026-1725 (GitLab has remediated an issue in GitLab CE/EE affecting
versions from ...)
- gitlab <not-affected> (Vulnerable code introduced later)
-CVE-2026-2845
+CVE-2026-2845 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- gitlab <unfixed>
-CVE-2026-1388
+CVE-2026-1388 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- gitlab <unfixed>
-CVE-2026-1662
+CVE-2026-1662 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- gitlab <unfixed>
-CVE-2025-14511
+CVE-2025-14511 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- gitlab <unfixed>
-CVE-2026-0752
+CVE-2026-0752 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- gitlab <unfixed>
CVE-2026-3221 (Sensitive user account information is not encrypted in the
database i ...)
NOT-FOR-US: Devolutions
@@ -234,63 +444,63 @@ CVE-2025-14742 (The WP Recipe Maker plugin for WordPress
is vulnerable to unauth
NOT-FOR-US: WordPress plugin
CVE-2025-14103 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- gitlab <not-affected> (Vulnerable code introduced later)
-CVE-2026-27015
+CVE-2026-27015 (FreeRDP is a free implementation of the Remote Desktop
Protocol. Prior ...)
- freerdp3 3.23.0+dfsg-1
- freerdp2 <removed>
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-7g72-39pq-4725
NOTE: Fixed by:
https://github.com/FreeRDP/FreeRDP/commit/65d59d3b3c2f630f2ea862687ecf5f95f8115244
(3.23.0)
-CVE-2026-26986
+CVE-2026-26986 (FreeRDP is a free implementation of the Remote Desktop
Protocol. Prior ...)
- freerdp3 3.23.0+dfsg-1
- freerdp2 <removed>
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-crqx-g6x5-rx47
NOTE: Fixed by:
https://github.com/FreeRDP/FreeRDP/commit/b4f0f0a18fe53aa8d47d062f91471f4e9c5e0d51
(3.23.0)
-CVE-2026-26965
+CVE-2026-26965 (FreeRDP is a free implementation of the Remote Desktop
Protocol. Prior ...)
- freerdp3 3.23.0+dfsg-1
- freerdp2 <removed>
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5vgf-mw4f-r33h
NOTE: Fixed by:
https://github.com/FreeRDP/FreeRDP/commit/a0be5cb87d760bb1c803ad1bb835aa1e73e62abc
(3.23.0)
-CVE-2026-26955
+CVE-2026-26955 (FreeRDP is a free implementation of the Remote Desktop
Protocol. Prior ...)
- freerdp3 3.23.0+dfsg-1
- freerdp2 <removed>
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mr6w-ch7c-mqqj
NOTE: Fixed by:
https://github.com/FreeRDP/FreeRDP/commit/7d8fdce2d0ef337cb86cb37fc0c436c905e04d77
(3.23.0)
-CVE-2026-26271
+CVE-2026-26271 (FreeRDP is a free implementation of the Remote Desktop
Protocol. Prior ...)
- freerdp3 3.23.0+dfsg-1
- freerdp2 <removed>
-CVE-2026-25997
+CVE-2026-25997 (FreeRDP is a free implementation of the Remote Desktop
Protocol. Prior ...)
- freerdp3 3.23.0+dfsg-1
- freerdp2 <removed>
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-q5j3-m6jf-3jq4
NOTE: Fixed by:
https://github.com/FreeRDP/FreeRDP/commit/58409406afe7c2a8a71ed2dc8e22075be4f41c0c
(3.23.0)
-CVE-2026-25959
+CVE-2026-25959 (FreeRDP is a free implementation of the Remote Desktop
Protocol. Prior ...)
- freerdp3 3.23.0+dfsg-1
- freerdp2 <removed>
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-78xg-v4p2-4w3c
NOTE: Fixed by:
https://github.com/FreeRDP/FreeRDP/commit/d3e8b3b9365be96a4f11dda149d71b3287227d0a
(3.23.0)
-CVE-2026-25955
+CVE-2026-25955 (FreeRDP is a free implementation of the Remote Desktop
Protocol. Prior ...)
- freerdp3 3.23.0+dfsg-1
- freerdp2 <removed>
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4g54-x8v7-559x
NOTE: Fixed by:
https://github.com/FreeRDP/FreeRDP/commit/169d358734509e82663a0d6a0085ae726d439d8e
(3.23.0)
-CVE-2026-25954
+CVE-2026-25954 (FreeRDP is a free implementation of the Remote Desktop
Protocol. Prior ...)
- freerdp3 3.23.0+dfsg-1
- freerdp2 <removed>
-CVE-2026-25953
+CVE-2026-25953 (FreeRDP is a free implementation of the Remote Desktop
Protocol. Prior ...)
- freerdp3 3.23.0+dfsg-1
- freerdp2 <removed>
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-p6rq-rxpc-rh3p
NOTE: Fixed by:
https://github.com/FreeRDP/FreeRDP/commit/1994e9844212a6dfe0ff12309fef520e888986b5
(3.23.0)
-CVE-2026-25952
+CVE-2026-25952 (FreeRDP is a free implementation of the Remote Desktop
Protocol. Prior ...)
- freerdp3 3.23.0+dfsg-1
- freerdp2 <removed>
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cgqm-cwjg-7w9x
NOTE: Fixed by:
https://github.com/FreeRDP/FreeRDP/commit/1994e9844212a6dfe0ff12309fef520e888986b5
(3.23.0)
-CVE-2026-25942
+CVE-2026-25942 (FreeRDP is a free implementation of the Remote Desktop
Protocol. Prior ...)
- freerdp3 3.23.0+dfsg-1
- freerdp2 <removed>
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-78q6-67m7-wwf6
NOTE: Fixed by:
https://github.com/FreeRDP/FreeRDP/commit/9362a0bf8dda04eedbca07d5dfaec1044e67cc6b
(3.23.0)
-CVE-2026-25941
+CVE-2026-25941 (FreeRDP is a free implementation of the Remote Desktop
Protocol. Versi ...)
- freerdp3 3.23.0+dfsg-1
- freerdp2 <removed>
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-3546-x645-5cf8
@@ -637,7 +847,7 @@ CVE-2025-1789 (Local privilege escalation in Genetec Update
Service. An authenti
NOT-FOR-US: Genetec
CVE-2025-1787 (Local admin could to leak information from the Genetec Update
Service ...)
NOT-FOR-US: Genetec
-CVE-2025-14963 (A vulnerability identified in the Trellix HX Agent driver file
fekern ...)
+CVE-2025-14963 (A vulnerability identified in the HX Agent driver file
fekern.sysallow ...)
NOT-FOR-US: Trellix
CVE-2025-14577 (Slican NCP/IPL/IPM/IPU devices are vulnerable to PHP Function
Injectio ...)
NOT-FOR-US: Slican NCP/IPL/IPM/IPU devices
@@ -2517,7 +2727,7 @@ CVE-2026-27318
REJECTED
CVE-2026-27317
REJECTED
-CVE-2026-27114 (NanaZip is an open source file archive Starting in version
5.0.1252.0 ...)
+CVE-2026-27114 (NanaZip is an open source file archive. Starting in version
5.0.1252.0 ...)
NOT-FOR-US: NanaZip
CVE-2026-27017 (uTLS is a fork of crypto/tls, created to customize ClientHello
for fin ...)
- golang-refraction-networking-utls <not-affected> (Vulnerable code
introduced later)
@@ -80114,7 +80324,7 @@ CVE-2025-2329 (In high traffic environments, a Silicon
Labs OpenThread RCP (see
NOT-FOR-US: Silicon Labs
CVE-2025-29631 (Gardyn Home Kit firmware before master.619, Home Kit Mobile
Applicatio ...)
NOT-FOR-US: Gardyn
-CVE-2025-29630 (An issue in Gardyn 4 allows a remote attacker with the
corresponding s ...)
+CVE-2025-29630 (Gardyn Home Kit Firmware allows a remote attacker with the
correspondi ...)
NOT-FOR-US: Gardyn
CVE-2025-29629 (Gardyn Home Kit firmware before master.619, Home Kit Mobile
Applicatio ...)
NOT-FOR-US: Gardyn
@@ -374708,7 +374918,7 @@ CVE-2022-28044 (Irzip v0.640 was discovered to
contain a heap memory corruption
CVE-2022-28043
RESERVED
CVE-2022-28042 (stb_image.h v2.27 was discovered to contain an heap-based
use-after-fr ...)
- {DLA-3305-1}
+ {DLA-4493-1 DLA-3305-1}
- libstb 0.0~git20230129.5736b15+ds-1 (bug #1014531)
[bookworm] - libstb <no-dsa> (Minor issue)
NOTE: https://github.com/nothings/stb/issues/1289
@@ -374718,7 +374928,7 @@ CVE-2022-28042 (stb_image.h v2.27 was discovered to
contain an heap-based use-af
NOTE:
https://github.com/nothings/stb/commit/47164e4086c1349ef3042fb04e0f7f7ceaf1fcee
NOTE:
https://github.com/nothings/stb/commit/5cfc2a744ad7047cda2396cc67772f313a46093d
CVE-2022-28041 (stb_image.h v2.27 was discovered to contain an integer
overflow via th ...)
- {DLA-3305-1}
+ {DLA-4493-1 DLA-3305-1}
- libstb 0.0~git20230129.5736b15+ds-1 (bug #1014531)
[bookworm] - libstb <no-dsa> (Minor issue)
NOTE: https://github.com/nothings/stb/issues/1292
@@ -405094,7 +405304,7 @@ CVE-2022-20777 (Multiple vulnerabilities in Cisco
Enterprise NFV Infrastructure
NOT-FOR-US: Cisco
CVE-2022-20776 (Multiple vulnerabilities in Cisco TelePresence Collaboration
Endpoint ...)
NOT-FOR-US: Cisco
-CVE-2022-20775 (Multiple vulnerabilities in the CLI of Cisco SD-WAN Software
could all ...)
+CVE-2022-20775 (A vulnerability in the CLI of Cisco SD-WAN Software could
allow an aut ...)
NOT-FOR-US: Cisco
CVE-2022-20774 (A vulnerability in the web-based management interface of Cisco
IP Phon ...)
NOT-FOR-US: Cisco
@@ -406791,7 +407001,7 @@ CVE-2021-42716 (An issue was discovered in stb
stb_image.h 2.27. The PNM loader
NOTE: 16-bin PNM support was added in
NOTE:
https://github.com/nothings/stb/commit/8befa752b005da174b2429c1ffaafffe452b2997
CVE-2021-42715 (An issue was discovered in stb stb_image.h 1.33 through 2.27.
The HDR ...)
- {DLA-3305-1}
+ {DLA-4493-1 DLA-3305-1}
- libstb 0.0~git20230129.5736b15+ds-1 (bug #1014532)
[bookworm] - libstb <no-dsa> (Minor issue)
NOTE: https://github.com/nothings/stb/issues/1224
@@ -420839,7 +421049,7 @@ CVE-2021-37791 (MyAdmin v1.0 is affected by an
incorrect access control vulnerab
CVE-2021-37790
RESERVED
CVE-2021-37789 (stb_image.h 2.27 has a heap-based buffer over in
stbi__jpeg_load, lead ...)
- {DLA-3305-1}
+ {DLA-4493-1 DLA-3305-1}
- libstb 0.0~git20210910.af1a5bc+ds-1 (bug #1023693)
NOTE: https://github.com/nothings/stb/issues/1178
NOTE:
https://github.com/nothings/stb/commit/5ba0baaa269b3fd681828e0e3b3ac0f1472eaf40
@@ -446039,7 +446249,7 @@ CVE-2021-28023 (Arbitrary file upload in Service
import feature in ServiceTonic
CVE-2021-28022 (Blind SQL injection in the login form in ServiceTonic Helpdesk
softwar ...)
NOT-FOR-US: ServiceTonic
CVE-2021-28021 (Buffer overflow vulnerability in function stbi__extend_receive
in stb_ ...)
- {DLA-3305-1}
+ {DLA-4493-1 DLA-3305-1}
- libstb 0.0~git20220908.8b5f1f3+ds-1 (bug #1014530)
NOTE: https://github.com/nothings/stb/issues/1108
NOTE:
https://github.com/nothings/stb/commit/86b7570cfba845e8209c6aec2d15e487bb1d8bb4
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2a40ee292066eef91734d9adf4c3d7a4d1c0f1a3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2a40ee292066eef91734d9adf4c3d7a4d1c0f1a3
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
