[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sun Feb 1 20:13:20 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2f3e1516 by security tracker role at 2026-02-01T20:13:13+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,67 @@
+CVE-2023-54343 (QWE DL 2.0.1 mobile web application contains a persistent input valida ...)
+ TODO: check
+CVE-2022-50952 (Banco Guayaquil 8.0.0 mobile iOS application contains a persistent cro ...)
+ TODO: check
+CVE-2022-50951 (WiFi File Transfer 1.0.8 contains a persistent cross-site scripting vu ...)
+ TODO: check
+CVE-2022-50950 (Webile 1.0.1 contains a directory traversal vulnerability that allows ...)
+ TODO: check
+CVE-2022-50942 (Inciga Web 2.8.2 contains a client-side cross-site scripting vulnerabi ...)
+ TODO: check
+CVE-2022-50941 (BootCommerce 3.2.1 contains persistent input validation vulnerabilitie ...)
+ TODO: check
+CVE-2022-50940 (Knap Advanced PHP Login 3.1.3 contains a persistent cross-site scripti ...)
+ TODO: check
+CVE-2022-50797 (Stripe Green Downloads Wordpress Plugin 2.03 contains a persistent cro ...)
+ TODO: check
+CVE-2021-47921 (Free Photo & Video Vault 0.0.2 contains a directory traversal web vuln ...)
+ TODO: check
+CVE-2021-47920 (WebMO Job Manager 20.0 contains a cross-site scripting vulnerability i ...)
+ TODO: check
+CVE-2021-47919 (Simple CMS 2.1 contains a non-persistent cross-site scripting vulnerab ...)
+ TODO: check
+CVE-2021-47918 (Simple CMS 2.1 contains a remote SQL injection vulnerability that allo ...)
+ TODO: check
+CVE-2021-47917 (Simple CMS 2.1 contains a persistent cross-site scripting vulnerabilit ...)
+ TODO: check
+CVE-2021-47916 (Simple CMS 2.1 contains a remote SQL injection vulnerability that allo ...)
+ TODO: check
+CVE-2021-47915 (PHP Melody version 3.0 contains a remote SQL injection vulnerability i ...)
+ TODO: check
+CVE-2021-47914 (PHP Melody version 3.0 contains a persistent cross-site scripting vuln ...)
+ TODO: check
+CVE-2021-47913 (PHP Melody 3.0 contains a persistent cross-site scripting vulnerabilit ...)
+ TODO: check
+CVE-2021-47912 (PHP Melody version 3.0 contains multiple non-persistent cross-site scr ...)
+ TODO: check
+CVE-2021-47911 (Affiliate Pro 1.7 contains multiple reflected cross-site scripting vul ...)
+ TODO: check
+CVE-2021-47909 (Mult-E-Cart Ultimate 2.4 contains multiple SQL injection vulnerabiliti ...)
+ TODO: check
+CVE-2021-47908 (Ultimate POS 4.4 contains a persistent cross-site scripting vulnerabil ...)
+ TODO: check
+CVE-2021-47885 (Multiple payment terminal versions contain non-persistent cross-site s ...)
+ TODO: check
+CVE-2021-47856 (Easy Cart Shopping Cart 2021 contains a non-persistent cross-site scri ...)
+ TODO: check
+CVE-2020-37064 (EPSON EasyMP Network Projection 2.81 contains an unquoted service path ...)
+ TODO: check
+CVE-2020-37063 (TFTP Turbo 4.6.1273 contains an unquoted service path vulnerability th ...)
+ TODO: check
+CVE-2020-37062 (DHCP Turbo 4.61298 contains an unquoted service path vulnerability tha ...)
+ TODO: check
+CVE-2020-37061 (BOOTP Turbo 2.0.1214 contains an unquoted service path vulnerability t ...)
+ TODO: check
+CVE-2020-37055 (SpyHunter 4 contains an unquoted service path vulnerability that allow ...)
+ TODO: check
+CVE-2020-37048 (Iskysoft Application Framework Service 2.4.3.241 contains an unquoted ...)
+ TODO: check
+CVE-2020-37047 (Deep Instinct Windows Agent 1.2.29.0 contains an unquoted service path ...)
+ TODO: check
+CVE-2020-37045 (Veritas NetBackup 7.0 contains an unquoted service path vulnerability ...)
+ TODO: check
+CVE-2020-37037 (Avast SecureLine 5.5.522.0 contains an unquoted service path vulnerabi ...)
+ TODO: check
CVE-2026-25069 (SunFounder Pironman Dashboard (pm_dashboard) version 1.3.13 and prior ...)
NOT-FOR-US: SunFounder Pironman Dashboard (pm_dashboard)
CVE-2026-1165 (The Popup Box plugin for WordPress is vulnerable to Cross-Site Request ...)
@@ -4073,7 +4137,8 @@ CVE-2021-47855 (Openlitespeed 1.7.9 contains a stored cross-site scripting vulne
NOT-FOR-US: OpenLiteSpeed
CVE-2021-47854 (DD-WRT version 45723 contains a buffer overflow vulnerability in the U ...)
NOT-FOR-US: DD-WRT
-CVE-2021-47853 (phpPgAdmin 7.13.0 contains a remote command execution vulnerability th ...)
+CVE-2021-47853
+ REJECTED
- phppgadmin <undetermined>
NOTE: https://www.exploit-db.com/exploits/49736
CVE-2021-47852 (Rockstar Games Launcher 1.0.37.349 contains a privilege escalation vul ...)
@@ -5321,7 +5386,7 @@ CVE-2026-23528 (Dask distributed is a distributed task scheduler for Dask. Prior
CVE-2026-23523 (Dive is an open-source MCP Host Desktop Application that enables integ ...)
NOT-FOR-US: Dive
CVE-2026-23490 (pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.2, a Denial ...)
- {DSA-6114-1}
+ {DSA-6114-1 DLA-4463-1}
- pyasn1 0.6.2-1 (bug #1125753)
NOTE: https://github.com/pyasn1/pyasn1/security/advisories/GHSA-63vm-454h-vhhq
NOTE: Fixed by: https://github.com/pyasn1/pyasn1/commit/3908f144229eed4df24bd569d16e5991ace44970 (v0.6.2)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2f3e15166e9f84c7c9ae9d86a188d2552f58ebd6
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2f3e15166e9f84c7c9ae9d86a188d2552f58ebd6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260201/381e0c70/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list