[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Feb 23 20:13:11 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1e0f3b9b by security tracker role at 2026-02-23T20:13:04+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,81 @@
+CVE-2026-3016 (A vulnerability was identified in UTT HiPER 810G up to 1.7.7-171114. T ...)
+	TODO: check
+CVE-2026-3015 (A vulnerability was determined in UTT HiPER 810G up to 1.7.7-171114. I ...)
+	TODO: check
+CVE-2026-2985 (A security flaw has been discovered in Tiandy Video Surveillance Syste ...)
+	TODO: check
+CVE-2026-2984 (A vulnerability was identified in SourceCodester Student Result Manage ...)
+	TODO: check
+CVE-2026-2983 (A vulnerability was determined in SourceCodester Student Result Manage ...)
+	TODO: check
+CVE-2026-2981 (A vulnerability was found in UTT HiPER 810G up to 1.7.7-1711. The affe ...)
+	TODO: check
+CVE-2026-2980 (A vulnerability has been found in UTT HiPER 810G up to 1.7.7-1711. Imp ...)
+	TODO: check
+CVE-2026-2979 (A flaw has been found in FastApiAdmin up to 2.2.0. This issue affects  ...)
+	TODO: check
+CVE-2026-2698 (An improper access control vulnerability exists where an authenticated ...)
+	TODO: check
+CVE-2026-2697 (An Indirect Object Reference (IDOR) in Security Center allows an authe ...)
+	TODO: check
+CVE-2026-27514 (Shenzhen Tenda F3 Wireless Routerfirmware V12.01.01.55_multi contains  ...)
+	TODO: check
+CVE-2026-27513 (Shenzhen Tenda F3 Wireless Routerfirmware V12.01.01.55_multi contains  ...)
+	TODO: check
+CVE-2026-27512 (Shenzhen Tenda F3 Wireless Routerfirmware V12.01.01.55_multi contains  ...)
+	TODO: check
+CVE-2026-27511 (Shenzhen Tenda F3 Wireless Routerfirmware V12.01.01.55_multi contains  ...)
+	TODO: check
+CVE-2026-26464 (Stored Cross-Site Scripting (XSS) was found in the /admin/edit_user.ph ...)
+	TODO: check
+CVE-2026-26365 (Akamai Ghost on Akamai CDN edge servers before 2026-02-06 mishandles p ...)
+	TODO: check
+CVE-2026-25747 (Deserialization of Untrusted Data vulnerability in Apache Camel LevelD ...)
+	TODO: check
+CVE-2026-23552 (Cross-Realm Token Acceptance Bypass in KeycloakSecurityPolicy Apache C ...)
+	TODO: check
+CVE-2026-22568 (Improper neutralization of special elements in user-supplied input wit ...)
+	TODO: check
+CVE-2026-22567 (Improper validation of user-supplied input in the ZIA Admin UI could a ...)
+	TODO: check
+CVE-2026-21420 (Dell Repository Manager (DRM), versions prior to 3.4.8, contains an Un ...)
+	TODO: check
+CVE-2025-70329 (TOTOLink X5000R v9.1.0cu_2415_B20250515 contains an OS command injecti ...)
+	TODO: check
+CVE-2025-70058 (An issue pertaining to CWE-295: Improper Certificate Validation was di ...)
+	TODO: check
+CVE-2025-70045 (An issue pertaining to CWE-295: Improper Certificate Validation was di ...)
+	TODO: check
+CVE-2025-70044 (An issue pertaining to CWE-295: Improper Certificate Validation was di ...)
+	TODO: check
+CVE-2025-70043 (An issue pertaining to CWE-295: Improper Certificate Validation was di ...)
+	TODO: check
+CVE-2025-69700 (Tenda FH1203 V2.0.1.6 contains a stack-based buffer overflow vulnerabi ...)
+	TODO: check
+CVE-2025-63946 (A privilege escalation (PE) vulnerability in the Tencent PC Manager ap ...)
+	TODO: check
+CVE-2025-63945 (A privilege escalation (PE) vulnerability in the Tencent iOA app thru  ...)
+	TODO: check
+CVE-2025-61147 (strukturag libde265 commit d9fea9d wa discovered to contain a segmenta ...)
+	TODO: check
+CVE-2025-61146 (saitoha libsixel until v1.8.7 was discovered to contain a memory leak  ...)
+	TODO: check
+CVE-2025-61145 (libtiff up to v4.7.1 was discovered to contain a double free via the c ...)
+	TODO: check
+CVE-2025-61144 (libtiff up to v4.7.1 was discovered to contain a stack overflow via th ...)
+	TODO: check
+CVE-2025-61143 (libtiff up to v4.7.1 was discovered to contain a NULL pointer derefere ...)
+	TODO: check
+CVE-2025-59873 (An information exposure vulnerability exists in  Vulnerability in HCL  ...)
+	TODO: check
+CVE-2025-41002 (SQL injection vulnerability in Infoticketing. This vulnerability allow ...)
+	TODO: check
+CVE-2025-40986 (Reflected Cross-Site Scripting (XSS) vulnerability in PideTuCita. This ...)
+	TODO: check
+CVE-2025-40701 (Reflected Cross-Site Scripting vulnerability in SOTESHOP, version 8.3. ...)
+	TODO: check
+CVE-2025-14905 (A flaw was found in the 389-ds-base server. A heap buffer overflow vul ...)
+	TODO: check
 CVE-2026-2998 (ERP developed by eAI Technologies has a DLL Hijacking vulnerability, a ...)
 	NOT-FOR-US: ERP eAI Technologies
 CVE-2026-2997 (Tronclass developed by WisdomGarden has a Insecure Direct Object Refer ...)
@@ -1400,7 +1478,7 @@ CVE-2026-26359 (Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an Exte
 	NOT-FOR-US: Dell / EMC
 CVE-2026-26358 (Dell Unisphere for PowerMax, version(s) 10.2, contain(s) a Missing Aut ...)
 	NOT-FOR-US: Dell / EMC
-CVE-2026-26345 (SPIP before 4.4.8 allows Cross-Site Scripting (XSS) in the public area ...)
+CVE-2026-26345 (SPIP before 4.4.8 contains a stored cross-site scripting (XSS) vulnera ...)
 	- spip 4.4.9+dfsg-1
 	NOTE: https://blog.spip.net/Mise-a-jour-de-securite-sortie-de-SPIP-4-4-8.html
 CVE-2026-26339 (Hyland Alfresco Transformation Service allows unauthenticated attacker ...)
@@ -1422,7 +1500,7 @@ CVE-2026-26278 (fast-xml-parser allows users to validate XML, parse XML to JS ob
 	NOTE: node-webfont provides node-fast-xml-parser
 CVE-2026-26267 (soroban-sdk is a Rust SDK for Soroban contracts. Prior to versions 22. ...)
 	NOT-FOR-US: soroban-sdk
-CVE-2026-26223 (SPIP before 4.4.8 allows Cross-Site Scripting (XSS) in the private are ...)
+CVE-2026-26223 (SPIP before 4.4.8 allows cross-site scripting (XSS) in the private are ...)
 	- spip 4.4.9+dfsg-1
 	NOTE: https://blog.spip.net/Mise-a-jour-de-securite-sortie-de-SPIP-4-4-8.html
 CVE-2026-26205 (opa-envoy-plugun is a plugin to enforce OPA policies with Envoy. Versi ...)
@@ -4988,7 +5066,7 @@ CVE-2025-70029 (An issue in Sunbird-Ed SunbirdEd-portal v1.13.4 allows attackers
 	NOT-FOR-US: Sunbird-Ed SunbirdEd-portal
 CVE-2025-69874 (nanotar through 0.2.0 has a path traversal vulnerability in parseTar() ...)
 	NOT-FOR-US: nanotar Node.js module
-CVE-2025-69873 (ajv (Another JSON Schema Validator) through version 8.17.1 is vulnerab ...)
+CVE-2025-69873 (ajv (Another JSON Schema Validator) before 8.18.0 is vulnerable to Reg ...)
 	- node-ajv <unfixed> (bug #1128140)
 	[trixie] - node-ajv <no-dsa> (Minor issue)
 	[bookworm] - node-ajv <no-dsa> (Minor issue)
@@ -6296,7 +6374,7 @@ CVE-2026-22613 (The server identity check mechanism for firmware upgrade perform
 	NOT-FOR-US: Eaton
 CVE-2026-1868 (GitLab has remediated a vulnerability in the Duo Workflow Service comp ...)
 	NOT-FOR-US: GitLab AI Gateway
-CVE-2026-1615 (Versions of the package jsonpath from 0.0.0 are vulnerable to Arbitrar ...)
+CVE-2026-1615 (Versions of the package jsonpath before 1.2.0 are vulnerable to Arbitr ...)
 	NOT-FOR-US: Node jsonpath
 CVE-2026-0870 (MacroHub developed by GIGABYTE has a Local Privilege Escalation vulner ...)
 	NOT-FOR-US: MacroHub
@@ -10703,6 +10781,7 @@ CVE-2026-21720 (Every uncached /avatar/:hash request spawns a goroutine that ref
 CVE-2026-21417 (Dell CloudBoost Virtual Appliance, versions prior to 19.14.0.0, contai ...)
 	NOT-FOR-US: Dell / EMC
 CVE-2026-1489 (A flaw was found in GLib. An integer overflow vulnerability in its Uni ...)
+	{DLA-4491-1}
 	- glib2.0 2.86.3-5 (bug #1126549)
 	[trixie] - glib2.0 <no-dsa> (Minor issue)
 	[bookworm] - glib2.0 <no-dsa> (Minor issue)
@@ -10710,6 +10789,7 @@ CVE-2026-1489 (A flaw was found in GLib. An integer overflow vulnerability in it
 	NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4983
 	NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4984
 CVE-2026-1485 (A flaw was found in Glib's content type parsing logic. This buffer und ...)
+	{DLA-4491-1}
 	- glib2.0 2.86.3-5 (bug #1126550)
 	[trixie] - glib2.0 <no-dsa> (Minor issue)
 	[bookworm] - glib2.0 <no-dsa> (Minor issue)
@@ -10717,6 +10797,7 @@ CVE-2026-1485 (A flaw was found in Glib's content type parsing logic. This buffe
 	NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4980
 	NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4981
 CVE-2026-1484 (A flaw was found in the GLib Base64 encoding routine when processing v ...)
+	{DLA-4491-1}
 	- glib2.0 2.86.3-5 (bug #1126551)
 	[trixie] - glib2.0 <no-dsa> (Minor issue)
 	[bookworm] - glib2.0 <no-dsa> (Minor issue)
@@ -10933,43 +11014,43 @@ CVE-2025-66199 (Issue summary: A TLS 1.3 connection using certificate compressio
 	NOTE: https://openssl-library.org/news/secadv/20260127.txt
 	NOTE: Fixed by: https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5 (openssl-3.5.5)
 CVE-2025-68160 (Issue summary: Writing large, newline-free data into a BIO chain using ...)
-	{DSA-6113-1}
+	{DSA-6113-1 DLA-4490-1}
 	- openssl 3.5.5-1
 	NOTE: https://openssl-library.org/news/secadv/20260127.txt
 	NOTE: Fixed by: https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0 (openssl-3.5.5)
 	NOTE: Fixed by: https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6 (openssl-3.0.19)
 CVE-2025-69418 (Issue summary: When using the low-level OCB API directly with AES-NI o ...)
-	{DSA-6113-1}
+	{DSA-6113-1 DLA-4490-1}
 	- openssl 3.5.5-1
 	NOTE: https://openssl-library.org/news/secadv/20260127.txt
 	NOTE: Fixed by: https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8 (openssl-3.5.5)
 	NOTE: Fixed by: https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347 (openssl-3.0.19)
 CVE-2025-69419 (Issue summary: Calling PKCS12_get_friendlyname() function on a malicio ...)
-	{DSA-6113-1}
+	{DSA-6113-1 DLA-4490-1}
 	- openssl 3.5.5-1
 	NOTE: https://openssl-library.org/news/secadv/20260127.txt
 	NOTE: Fixed by: https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535 (openssl-3.5.5)
 	NOTE: Fixed by: https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296 (openssl-3.0.19)
 CVE-2025-69420 (Issue summary: A type confusion vulnerability exists in the TimeStamp  ...)
-	{DSA-6113-1}
+	{DSA-6113-1 DLA-4490-1}
 	- openssl 3.5.5-1
 	NOTE: https://openssl-library.org/news/secadv/20260127.txt
 	NOTE: Fixed by: https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e (openssl-3.5.5)
 	NOTE: Fixed by: https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a (openssl-3.0.19)
 CVE-2025-69421 (Issue summary: Processing a malformed PKCS#12 file can trigger a NULL  ...)
-	{DSA-6113-1}
+	{DSA-6113-1 DLA-4490-1}
 	- openssl 3.5.5-1
 	NOTE: https://openssl-library.org/news/secadv/20260127.txt
 	NOTE: Fixed by: https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b (openssl-3.5.5)
 	NOTE: Fixed by: https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7 (openssl-3.0.19)
 CVE-2026-22795 (Issue summary: An invalid or NULL pointer dereference can happen in an ...)
-	{DSA-6113-1}
+	{DSA-6113-1 DLA-4490-1}
 	- openssl 3.5.5-1
 	NOTE: https://openssl-library.org/news/secadv/20260127.txt
 	NOTE: Fixed by: https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4 (openssl-3.5.5)
 	NOTE: Fixed by: https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49 (openssl-3.0.19)
 CVE-2026-22796 (Issue summary: A type confusion vulnerability exists in the signature  ...)
-	{DSA-6113-1}
+	{DSA-6113-1 DLA-4490-1}
 	- openssl 3.5.5-1
 	NOTE: https://openssl-library.org/news/secadv/20260127.txt
 	NOTE: Fixed by: https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4 (openssl-3.5.5)
@@ -15172,6 +15253,7 @@ CVE-2025-68675 (In Apache Airflow versions before 3.1.6, the proxies and proxy f
 CVE-2025-68438 (In Apache Airflow versions before 3.1.6, when rendered template fields ...)
 	- airflow <itp> (bug #819700)
 CVE-2026-0988 (A flaw was found in glib. Missing validation of offset and count param ...)
+	{DLA-4491-1}
 	[experimental] - glib2.0 2.87.1-1
 	- glib2.0 2.86.3-5 (bug #1125752)
 	[trixie] - glib2.0 <no-dsa> (Minor issue)
@@ -408997,7 +409079,7 @@ CVE-2021-41812
 	RESERVED
 CVE-2021-41811
 	RESERVED
-CVE-2021-41810 (Admin tool allows storing configuration data with script which may the ...)
+CVE-2021-41810 (Script injection in M-Files Admin versions before 22.2.11051.0, allows ...)
 	NOT-FOR-US: M-Files Server
 CVE-2021-41809 (SSRF vulnerability in M-Files Server products with versions before 22. ...)
 	NOT-FOR-US: M-Files Server



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1e0f3b9b30e594cbe639cb284c8a2621946baeea

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1e0f3b9b30e594cbe639cb284c8a2621946baeea
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260223/e62df495/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list