[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Mar 10 20:13:42 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d250484a by security tracker role at 2026-03-10T20:13:32+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,477 @@
-CVE-2026-23240 [tls: Fix race condition in tls_sw_cancel_work_tx()]
+CVE-2026-3862 (Cross-site Scripting (XSS) allows an attacker to submit specially craf ...)
+ TODO: check
+CVE-2026-3854 (An improper neutralization of special elements vulnerability was ident ...)
+ TODO: check
+CVE-2026-3847 (Memory safety bugs present in Firefox 148.0.2. Some of these bugs show ...)
+ TODO: check
+CVE-2026-3846 (Same-origin policy bypass in the CSS Parsing and Computation component ...)
+ TODO: check
+CVE-2026-3845 (Heap buffer overflow in the Audio/Video: Playback component in Firefox ...)
+ TODO: check
+CVE-2026-3843 (Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 on L ...)
+ TODO: check
+CVE-2026-3582 (An Incorrect Authorization vulnerability was identified in GitHub Ente ...)
+ TODO: check
+CVE-2026-3483 (An exposed dangerous method in Ivanti DSM before version 2026.1.1 allo ...)
+ TODO: check
+CVE-2026-3370
+ REJECTED
+CVE-2026-3315 (Incorrect Default Permissions, : Execution with Unnecessary Privileges ...)
+ TODO: check
+CVE-2026-3306 (An improper authorization vulnerability was identified in GitHub Enter ...)
+ TODO: check
+CVE-2026-3228 (The NextScripts: Social Networks Auto-Poster plugin for WordPress is v ...)
+ TODO: check
+CVE-2026-31797 (iccDEV provides a set of libraries and tools for working with ICC colo ...)
+ TODO: check
+CVE-2026-31796 (iccDEV provides a set of libraries and tools for working with ICC colo ...)
+ TODO: check
+CVE-2026-31795 (iccDEV provides a set of libraries and tools for working with ICC colo ...)
+ TODO: check
+CVE-2026-31794 (iccDEV provides a set of libraries and tools for working with ICC colo ...)
+ TODO: check
+CVE-2026-31793 (iccDEV provides a set of libraries and tools for working with ICC colo ...)
+ TODO: check
+CVE-2026-31792 (iccDEV provides a set of libraries and tools for working with ICC colo ...)
+ TODO: check
+CVE-2026-30987 (iccDEV provides a set of libraries and tools for working with ICC colo ...)
+ TODO: check
+CVE-2026-30986 (iccDEV provides a set of libraries and tools for working with ICC colo ...)
+ TODO: check
+CVE-2026-30985 (iccDEV provides a set of libraries and tools for working with ICC colo ...)
+ TODO: check
+CVE-2026-30984 (iccDEV provides a set of libraries and tools for working with ICC colo ...)
+ TODO: check
+CVE-2026-30983 (iccDEV provides a set of libraries and tools for working with ICC colo ...)
+ TODO: check
+CVE-2026-30982 (iccDEV provides a set of libraries and tools for working with ICC colo ...)
+ TODO: check
+CVE-2026-30981 (iccDEV provides a set of libraries and tools for working with ICC colo ...)
+ TODO: check
+CVE-2026-30980 (iccDEV provides a set of libraries and tools for working with ICC colo ...)
+ TODO: check
+CVE-2026-30979 (iccDEV provides a set of libraries and tools for working with ICC colo ...)
+ TODO: check
+CVE-2026-30978 (iccDEV provides a set of libraries and tools for working with ICC colo ...)
+ TODO: check
+CVE-2026-30977 (RenderBlocking is a MediaWiki extension that allows interface administ ...)
+ TODO: check
+CVE-2026-30974 (Copyparty is a portable file server. Prior to v1.20.11., the nohtml co ...)
+ TODO: check
+CVE-2026-30973 (Appium is an automation framework that provides WebDriver-based automa ...)
+ TODO: check
+CVE-2026-30970 (Coral Server is open collaboration infrastructure that enables communi ...)
+ TODO: check
+CVE-2026-30969 (Coral Server is open collaboration infrastructure that enables communi ...)
+ TODO: check
+CVE-2026-30968 (Coral Server is open collaboration infrastructure that enables communi ...)
+ TODO: check
+CVE-2026-30964 (web-auth/webauthn-lib is an open source set of PHP libraries and a Sym ...)
+ TODO: check
+CVE-2026-30960 (rssn is a scientific computing library for Rust, combining a high-perf ...)
+ TODO: check
+CVE-2026-30959 (OneUptime is a solution for monitoring and managing online services. T ...)
+ TODO: check
+CVE-2026-30958 (OneUptime is a solution for monitoring and managing online services. P ...)
+ TODO: check
+CVE-2026-30957 (OneUptime is a solution for monitoring and managing online services. P ...)
+ TODO: check
+CVE-2026-30956 (OneUptime is a solution for monitoring and managing online services. P ...)
+ TODO: check
+CVE-2026-30945 (StudioCMS is a server-side-rendered, Astro native, headless content ma ...)
+ TODO: check
+CVE-2026-30944 (StudioCMS is a server-side-rendered, Astro native, headless content ma ...)
+ TODO: check
+CVE-2026-30942 (Flare is a Next.js-based, self-hostable file sharing platform that int ...)
+ TODO: check
+CVE-2026-30941 (Parse Server is an open source backend that can be deployed to any inf ...)
+ TODO: check
+CVE-2026-30939 (Parse Server is an open source backend that can be deployed to any inf ...)
+ TODO: check
+CVE-2026-30938 (Parse Server is an open source backend that can be deployed to any inf ...)
+ TODO: check
+CVE-2026-30934 (FileBrowser Quantum is a free, self-hosted, web-based file manager. Pr ...)
+ TODO: check
+CVE-2026-30933 (FileBrowser Quantum is a free, self-hosted, web-based file manager. Pr ...)
+ TODO: check
+CVE-2026-30930 (Glances is an open-source system cross-platform monitoring tool. Prior ...)
+ TODO: check
+CVE-2026-30928 (Glances is an open-source system cross-platform monitoring tool. Prior ...)
+ TODO: check
+CVE-2026-30897 (A stack-based buffer overflow vulnerability in Fortinet FortiWeb 8.0.0 ...)
+ TODO: check
+CVE-2026-2742 (An authentication bypass vulnerability exists in Vaadin 14.0.0 through ...)
+ TODO: check
+CVE-2026-2741 (Specially crafted ZIP archives can escape the intended extraction dire ...)
+ TODO: check
+CVE-2026-2724 (The Unlimited Elements for Elementor plugin for WordPress is vulnerabl ...)
+ TODO: check
+CVE-2026-2713 (IBM Trusteer Rapport installer 3.5.2309.290 IBM Trusteer Rapport could ...)
+ TODO: check
+CVE-2026-2339 (Missing Authentication for Critical Function vulnerability in TUBITAK ...)
+ TODO: check
+CVE-2026-2273 (CWE-94: Improper Control of Generation of Code ('Code Injection') vuln ...)
+ TODO: check
+CVE-2026-2266 (An improper neutralization of input vulnerability was identified in Gi ...)
+ TODO: check
+CVE-2026-29177 (Craft Commerce is an ecommerce platform for Craft CMS. Prior to 4.10.2 ...)
+ TODO: check
+CVE-2026-29176 (Craft Commerce is an ecommerce platform for Craft CMS. Prior to 5.5.3, ...)
+ TODO: check
+CVE-2026-29175 (Craft Commerce is an ecommerce platform for Craft CMS. Prior to 5.5.3, ...)
+ TODO: check
+CVE-2026-29174 (Craft Commerce is an ecommerce platform for Craft CMS. Prior to 5.5.3, ...)
+ TODO: check
+CVE-2026-29173 (Craft Commerce is an ecommerce platform for Craft CMS. Prior to 4.10.2 ...)
+ TODO: check
+CVE-2026-29172 (Craft Commerce is an ecommerce platform for Craft CMS. Prior to 4.10.2 ...)
+ TODO: check
+CVE-2026-29113 (Craft is a content management system (CMS). Prior to 4.17.4 and 5.9.7, ...)
+ TODO: check
+CVE-2026-28495 (GetSimple CMS is a content management system. The massiveAdmin plugin ...)
+ TODO: check
+CVE-2026-28292 (`simple-git`, an interface for running git commands in any node.js app ...)
+ TODO: check
+CVE-2026-27826 (MCP Atlassian is a Model Context Protocol (MCP) server for Atlassian p ...)
+ TODO: check
+CVE-2026-27825 (MCP Atlassian is a Model Context Protocol (MCP) server for Atlassian p ...)
+ TODO: check
+CVE-2026-27661 (A vulnerability has been identified in SINEC Security Monitor (All ver ...)
+ TODO: check
+CVE-2026-27281 (DNG SDK versions 1.7.1 2471 and earlier are affected by an Integer Ove ...)
+ TODO: check
+CVE-2026-27280 (DNG SDK versions 1.7.1 2471 and earlier are affected by an out-of-boun ...)
+ TODO: check
+CVE-2026-27279 (Substance3D - Stager versions 3.1.7 and earlier are affected by an out ...)
+ TODO: check
+CVE-2026-27277 (Substance3D - Stager versions 3.1.7 and earlier are affected by a Use ...)
+ TODO: check
+CVE-2026-27276 (Substance3D - Stager versions 3.1.7 and earlier are affected by a Use ...)
+ TODO: check
+CVE-2026-27275 (Substance3D - Stager versions 3.1.7 and earlier are affected by an out ...)
+ TODO: check
+CVE-2026-27274 (Substance3D - Stager versions 3.1.7 and earlier are affected by an out ...)
+ TODO: check
+CVE-2026-27273 (Substance3D - Stager versions 3.1.7 and earlier are affected by an out ...)
+ TODO: check
+CVE-2026-27269 (Premiere Pro versions 25.5 and earlier are affected by an out-of-bound ...)
+ TODO: check
+CVE-2026-27219 (Substance3D - Painter versions 11.1.2 and earlier are affected by an O ...)
+ TODO: check
+CVE-2026-27218 (Substance3D - Painter versions 11.1.2 and earlier are affected by a NU ...)
+ TODO: check
+CVE-2026-27217 (Substance3D - Painter versions 11.1.2 and earlier are affected by a NU ...)
+ TODO: check
+CVE-2026-27216 (Substance3D - Painter versions 11.1.2 and earlier are affected by an o ...)
+ TODO: check
+CVE-2026-27215 (Substance3D - Painter versions 11.1.2 and earlier are affected by a NU ...)
+ TODO: check
+CVE-2026-27214 (Substance3D - Painter versions 11.1.2 and earlier are affected by a NU ...)
+ TODO: check
+CVE-2026-26801 (Server-Side Request Forgery (SSRF) vulnerability in pdfmake versions 0 ...)
+ TODO: check
+CVE-2026-26742 (PX4 Autopilot versions 1.12.x through 1.15.x contain a protection mech ...)
+ TODO: check
+CVE-2026-26741 (PX4 Autopilot versions 1.12.x through 1.15.x contain a logic flaw in t ...)
+ TODO: check
+CVE-2026-26738 (Buffer Overflow vulnerability in Uderzo Software SpaceSniffer v.2.0.5. ...)
+ TODO: check
+CVE-2026-26330 (Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1 ...)
+ TODO: check
+CVE-2026-26311 (Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1 ...)
+ TODO: check
+CVE-2026-26310 (Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1 ...)
+ TODO: check
+CVE-2026-26309 (Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1 ...)
+ TODO: check
+CVE-2026-26308 (Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1 ...)
+ TODO: check
+CVE-2026-26148 (External initialization of trusted variables or data stores in Azure E ...)
+ TODO: check
+CVE-2026-26144 (Improper neutralization of input during web page generation ('cross-si ...)
+ TODO: check
+CVE-2026-26141 (Improper authentication in Azure Arc allows an authorized attacker to ...)
+ TODO: check
+CVE-2026-26134 (Integer overflow or wraparound in Microsoft Office allows an authorize ...)
+ TODO: check
+CVE-2026-26132 (Use after free in Windows Kernel allows an authorized attacker to elev ...)
+ TODO: check
+CVE-2026-26131 (Incorrect default permissions in .NET allows an authorized attacker to ...)
+ TODO: check
+CVE-2026-26130 (Allocation of resources without limits or throttling in ASP.NET Core a ...)
+ TODO: check
+CVE-2026-26128 (Improper authentication in Windows SMB Server allows an authorized att ...)
+ TODO: check
+CVE-2026-26127 (Out-of-bounds read in .NET allows an unauthorized attacker to deny ser ...)
+ TODO: check
+CVE-2026-26123 (Cwe is not in rca categories in Microsoft Authenticator allows an unau ...)
+ TODO: check
+CVE-2026-26121 (Server-side request forgery (ssrf) in Azure IoT Explorer allows an una ...)
+ TODO: check
+CVE-2026-26118 (Server-side request forgery (ssrf) in Azure MCP Server allows an autho ...)
+ TODO: check
+CVE-2026-26117 (Authentication bypass using an alternate path or channel in Azure Wind ...)
+ TODO: check
+CVE-2026-26116 (Improper neutralization of special elements used in an sql command ('s ...)
+ TODO: check
+CVE-2026-26115 (Improper validation of specified type of input in SQL Server allows an ...)
+ TODO: check
+CVE-2026-26114 (Deserialization of untrusted data in Microsoft Office SharePoint allow ...)
+ TODO: check
+CVE-2026-26113 (Untrusted pointer dereference in Microsoft Office allows an unauthoriz ...)
+ TODO: check
+CVE-2026-26112 (Untrusted pointer dereference in Microsoft Office Excel allows an unau ...)
+ TODO: check
+CVE-2026-26111 (Integer overflow or wraparound in Windows Routing and Remote Access Se ...)
+ TODO: check
+CVE-2026-26110 (Access of resource using incompatible type ('type confusion') in Micro ...)
+ TODO: check
+CVE-2026-26109 (Out-of-bounds read in Microsoft Office Excel allows an unauthorized at ...)
+ TODO: check
+CVE-2026-26108 (Heap-based buffer overflow in Microsoft Office Excel allows an unautho ...)
+ TODO: check
+CVE-2026-26107 (Use after free in Microsoft Office Excel allows an unauthorized attack ...)
+ TODO: check
+CVE-2026-26106 (Improper input validation in Microsoft Office SharePoint allows an aut ...)
+ TODO: check
+CVE-2026-26105 (Improper neutralization of input during web page generation ('cross-si ...)
+ TODO: check
+CVE-2026-25972 (An improper neutralization of input during web page generation ('cross ...)
+ TODO: check
+CVE-2026-25836 (An improper neutralization of special elements used in an os command ( ...)
+ TODO: check
+CVE-2026-25689 (An improper neutralization of argument delimiters in a command ('argum ...)
+ TODO: check
+CVE-2026-25605 (A vulnerability has been identified in SICAM SIAPP SDK (All versions < ...)
+ TODO: check
+CVE-2026-25573 (A vulnerability has been identified in SICAM SIAPP SDK (All versions < ...)
+ TODO: check
+CVE-2026-25572 (A vulnerability has been identified in SICAM SIAPP SDK (All versions < ...)
+ TODO: check
+CVE-2026-25571 (A vulnerability has been identified in SICAM SIAPP SDK (All versions < ...)
+ TODO: check
+CVE-2026-25570 (A vulnerability has been identified in SICAM SIAPP SDK (All versions < ...)
+ TODO: check
+CVE-2026-25569 (A vulnerability has been identified in SICAM SIAPP SDK (All versions < ...)
+ TODO: check
+CVE-2026-25190 (Untrusted search path in Windows GDI allows an unauthorized attacker t ...)
+ TODO: check
+CVE-2026-25189 (Use after free in Windows DWM Core Library allows an authorized attack ...)
+ TODO: check
+CVE-2026-25188 (Heap-based buffer overflow in Windows Telephony Service allows an unau ...)
+ TODO: check
+CVE-2026-25187 (Improper link resolution before file access ('link following') in Winl ...)
+ TODO: check
+CVE-2026-25186 (Exposure of sensitive information to an unauthorized actor in Windows ...)
+ TODO: check
+CVE-2026-25185 (Exposure of sensitive information to an unauthorized actor in Windows ...)
+ TODO: check
+CVE-2026-25181 (Out-of-bounds read in Windows GDI+ allows an unauthorized attacker to ...)
+ TODO: check
+CVE-2026-25180 (Out-of-bounds read in Microsoft Graphics Component allows an unauthori ...)
+ TODO: check
+CVE-2026-25179 (Improper validation of specified type of input in Windows Ancillary Fu ...)
+ TODO: check
+CVE-2026-25178 (Use after free in Windows Ancillary Function Driver for WinSock allows ...)
+ TODO: check
+CVE-2026-25177 (Improper restriction of names for files and other resources in Active ...)
+ TODO: check
+CVE-2026-25176 (Improper access control in Windows Ancillary Function Driver for WinSo ...)
+ TODO: check
+CVE-2026-25175 (Out-of-bounds read in Windows NTFS allows an authorized attacker to el ...)
+ TODO: check
+CVE-2026-25174 (Out-of-bounds read in Windows Extensible File Allocation allows an aut ...)
+ TODO: check
+CVE-2026-25173 (Integer overflow or wraparound in Windows Routing and Remote Access Se ...)
+ TODO: check
+CVE-2026-25172 (Integer overflow or wraparound in Windows Routing and Remote Access Se ...)
+ TODO: check
+CVE-2026-25171 (Use after free in Windows Authentication Methods allows an authorized ...)
+ TODO: check
+CVE-2026-25170 (Use after free in Windows Hyper-V allows an authorized attacker to ele ...)
+ TODO: check
+CVE-2026-25169 (Divide by zero in Microsoft Graphics Component allows an unauthorized ...)
+ TODO: check
+CVE-2026-25168 (Null pointer dereference in Microsoft Graphics Component allows an una ...)
+ TODO: check
+CVE-2026-25167 (Use after free in Microsoft Brokering File System allows an unauthoriz ...)
+ TODO: check
+CVE-2026-25166 (Deserialization of untrusted data in Windows System Image Manager allo ...)
+ TODO: check
+CVE-2026-25165 (Null pointer dereference in Windows Performance Counters allows an aut ...)
+ TODO: check
+CVE-2026-24641 (A NULL Pointer Dereference vulnerability [CWE-476] vulnerability in Fo ...)
+ TODO: check
+CVE-2026-24640 (A Stack-based Buffer Overflow vulnerability [CWE-121] vulnerability in ...)
+ TODO: check
+CVE-2026-24297 (Concurrent execution using shared resource with improper synchronizati ...)
+ TODO: check
+CVE-2026-24296 (Concurrent execution using shared resource with improper synchronizati ...)
+ TODO: check
+CVE-2026-24295 (Concurrent execution using shared resource with improper synchronizati ...)
+ TODO: check
+CVE-2026-24294 (Improper authentication in Windows SMB Server allows an authorized att ...)
+ TODO: check
+CVE-2026-24293 (Null pointer dereference in Windows Ancillary Function Driver for WinS ...)
+ TODO: check
+CVE-2026-24292 (Use after free in Connected Devices Platform Service (Cdpsvc) allows a ...)
+ TODO: check
+CVE-2026-24291 (Incorrect permission assignment for critical resource in Windows Acces ...)
+ TODO: check
+CVE-2026-24290 (Improper access control in Windows Projected File System allows an aut ...)
+ TODO: check
+CVE-2026-24289 (Use after free in Windows Kernel allows an authorized attacker to elev ...)
+ TODO: check
+CVE-2026-24288 (Heap-based buffer overflow in Windows Mobile Broadband allows an unaut ...)
+ TODO: check
+CVE-2026-24287 (External control of file name or path in Windows Kernel allows an auth ...)
+ TODO: check
+CVE-2026-24285 (Use after free in Windows Win32K allows an authorized attacker to elev ...)
+ TODO: check
+CVE-2026-24283 (Heap-based buffer overflow in Windows File Server allows an authorized ...)
+ TODO: check
+CVE-2026-24282 (Out-of-bounds read in Push Message Routing Service allows an authorize ...)
+ TODO: check
+CVE-2026-24018 (A UNIX symbolic link (Symlink) following vulnerability in Fortinet For ...)
+ TODO: check
+CVE-2026-24017 (An Improper Control of Interaction Frequency vulnerability [CWE-799] v ...)
+ TODO: check
+CVE-2026-23907 (This issue affects the ExtractEmbeddedFiles example inApache PDFBox: ...)
+ TODO: check
+CVE-2026-23868 (Giflib contains a double-free vulnerability that is the result of a sh ...)
+ TODO: check
+CVE-2026-23674 (Improper resolution of path equivalence in Windows MapUrlToZone allows ...)
+ TODO: check
+CVE-2026-23673 (Out-of-bounds read in Windows Resilient File System (ReFS) allows an a ...)
+ TODO: check
+CVE-2026-23672 (Windows Universal Disk Format File System Driver (UDFS) Elevation of P ...)
+ TODO: check
+CVE-2026-23671 (Concurrent execution using shared resource with improper synchronizati ...)
+ TODO: check
+CVE-2026-23669 (Use after free in Windows Print Spooler Components allows an authorize ...)
+ TODO: check
+CVE-2026-23668 (Concurrent execution using shared resource with improper synchronizati ...)
+ TODO: check
+CVE-2026-23667 (Use after free in Broadcast DVR allows an authorized attacker to eleva ...)
+ TODO: check
+CVE-2026-23665 (Heap-based buffer overflow in Azure Linux Virtual Machines allows an a ...)
+ TODO: check
+CVE-2026-23664 (Improper restriction of communication channel to intended endpoints in ...)
+ TODO: check
+CVE-2026-23662 (Missing authentication for critical function in Azure IoT Explorer all ...)
+ TODO: check
+CVE-2026-23661 (Cleartext transmission of sensitive information in Azure IoT Explorer ...)
+ TODO: check
+CVE-2026-23660 (Improper access control in Azure Portal Windows Admin Center allows an ...)
+ TODO: check
+CVE-2026-23656 (Insufficient verification of data authenticity in Windows App Installe ...)
+ TODO: check
+CVE-2026-23654 (Dependency on vulnerable third-party component in GitHub Repo: zero-sh ...)
+ TODO: check
+CVE-2026-22629 (An improper restriction of excessive authentication attempts vulnerabi ...)
+ TODO: check
+CVE-2026-22628 (An improper access control vulnerability in Fortinet FortiSwitchAXFixe ...)
+ TODO: check
+CVE-2026-22627 (A buffer copy without checking size of input ('classic buffer overflow ...)
+ TODO: check
+CVE-2026-22614 (The encryption mechanism used in Eaton's EasySoft project file wasinse ...)
+ TODO: check
+CVE-2026-22572 (An authentication bypass using an alternate path or channel vulnerabil ...)
+ TODO: check
+CVE-2026-21791 (HCL Sametime for Android is impacted by a sensitive information disclo ...)
+ TODO: check
+CVE-2026-21365 (Substance3D - Painter versions 11.1.2 and earlier are affected by an o ...)
+ TODO: check
+CVE-2026-21364 (Substance3D - Painter versions 11.1.2 and earlier are affected by a NU ...)
+ TODO: check
+CVE-2026-21363 (Substance3D - Painter versions 11.1.2 and earlier are affected by a NU ...)
+ TODO: check
+CVE-2026-21262 (Improper access control in SQL Server allows an authorized attacker to ...)
+ TODO: check
+CVE-2026-20967 (Improper input validation in System Center Operations Manager allows a ...)
+ TODO: check
+CVE-2026-1286 (CWE-502: Deserialization of untrusted data vulnerability exists that c ...)
+ TODO: check
+CVE-2026-1261 (The MetForm Pro plugin for WordPress is vulnerable to Stored Cross-Sit ...)
+ TODO: check
+CVE-2025-70251 (Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the we ...)
+ TODO: check
+CVE-2025-70249 (Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the cu ...)
+ TODO: check
+CVE-2025-70247 (Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the cu ...)
+ TODO: check
+CVE-2025-70246 (Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the cu ...)
+ TODO: check
+CVE-2025-70227 (Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the ne ...)
+ TODO: check
+CVE-2025-70129 (If the anti spam-captcha functionality in PluXml versions 5.8.22 and e ...)
+ TODO: check
+CVE-2025-70128 (A Stored Cross-Site Scripting (XSS) vulnerability exists in the PluXml ...)
+ TODO: check
+CVE-2025-70025 (An issue pertaining to CWE-79: Improper Neutralization of Input During ...)
+ TODO: check
+CVE-2025-69615 (Incorrect Access Control via missing 2FA rate-limiting allowing unlimi ...)
+ TODO: check
+CVE-2025-69614 (Incorrect Access Control via activation token reuse on the password-re ...)
+ TODO: check
+CVE-2025-68648 (A use of externally-controlled format string vulnerability in Fortinet ...)
+ TODO: check
+CVE-2025-68482 (A improper certificate validation vulnerability in Fortinet FortiAnaly ...)
+ TODO: check
+CVE-2025-66178 (A improper neutralization of special elements used in an os command (' ...)
+ TODO: check
+CVE-2025-56422 (A deserialization vulnerability in LimeSurvey before v6.15.0+250623 al ...)
+ TODO: check
+CVE-2025-56421 (SQL Injection vulnerability in LimeSurvey before v.6.15.4+250710 allow ...)
+ TODO: check
+CVE-2025-55717 (A cleartext storage of sensitive information vulnerability [CWE-312] v ...)
+ TODO: check
+CVE-2025-54820 (A Stack-based Buffer Overflow vulnerability [CWE-121] vulnerability in ...)
+ TODO: check
+CVE-2025-54659 (An Improper Limitation of a Pathname to a Restricted Directory ('Path ...)
+ TODO: check
+CVE-2025-53706
+ REJECTED
+CVE-2025-53608 (An Improper Neutralization of Input During Web Page Generation ('Cross ...)
+ TODO: check
+CVE-2025-49784 (An improper neutralization of special elements used in an sql command ...)
+ TODO: check
+CVE-2025-48840 (An authentication bypass by spoofing vulnerability in Fortinet FortiWe ...)
+ TODO: check
+CVE-2025-48611 (In DeviceId of DeviceId.java, there is a possible desync in persistenc ...)
+ TODO: check
+CVE-2025-48418 (A hidden functionality vulnerability in Fortinet FortiAnalyzer 7.6.0 t ...)
+ TODO: check
+CVE-2025-41712 (An unauthenticated remote attacker who tricks a user to upload a manip ...)
+ TODO: check
+CVE-2025-41711 (An unauthenticated remote attacker can use firmware images to extract ...)
+ TODO: check
+CVE-2025-41710 (An unauthenticated remote attacker may use hardcodes credentials to ge ...)
+ TODO: check
+CVE-2025-41709 ([PROBLEMTYPE] in [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] on [PLATF ...)
+ TODO: check
+CVE-2025-40943 (Affected devices do not properly sanitize contents of trace files. Thi ...)
+ TODO: check
+CVE-2025-36227 (IBM Aspera Faspex 5 5.0.0 through 5.0.14.3 is vulnerable to HTTP heade ...)
+ TODO: check
+CVE-2025-36226 (IBM Aspera Faspex 5 5.0.0 through 5.0.14.3 is vulnerable to cross-site ...)
+ TODO: check
+CVE-2025-27769 (A vulnerability has been identified in Heliox Flex 180 kW EV Charging ...)
+ TODO: check
+CVE-2025-13957 (CWE-798: Use of Hard-coded Credentials vulnerability exists that could ...)
+ TODO: check
+CVE-2025-13902 (CWE-79 Improper Neutralization of Input During Web Page Generation ('C ...)
+ TODO: check
+CVE-2025-13901 (CWE-404 Improper Resource Shutdown or Release vulnerability exists tha ...)
+ TODO: check
+CVE-2025-11739 (CWE\u2011502: Deserialization of Untrusted Data vulnerability exists t ...)
+ TODO: check
+CVE-2022-4977
+ REJECTED
+CVE-2026-23240 (In the Linux kernel, the following vulnerability has been resolved: t ...)
- linux 6.19.6-1
NOTE: https://git.kernel.org/linus/7bb09315f93dce6acc54bf59e5a95ba7365c2be4 (7.0-rc2)
-CVE-2026-23239 [espintcp: Fix race condition in espintcp_close()]
+CVE-2026-23239 (In the Linux kernel, the following vulnerability has been resolved: e ...)
- linux 6.19.6-1
NOTE: https://git.kernel.org/linus/e1512c1db9e8794d8d130addd2615ec27231d994 (7.0-rc2)
CVE-2026-3084
@@ -11609,7 +12079,7 @@ CVE-2026-23715 (A vulnerability has been identified in Simcenter Femap (All vers
NOT-FOR-US: Siemens
CVE-2026-23655 (Cleartext storage of sensitive information in Azure Compute Gallery al ...)
NOT-FOR-US: Microsoft
-CVE-2026-22923 (A vulnerability has been identified in NX (All versions < V2512). The ...)
+CVE-2026-22923 (A vulnerability has been identified in NX (All versions < V2512), NX ( ...)
NOT-FOR-US: Siemens
CVE-2026-22153 (An Authentication Bypass by Primary Weakness vulnerability [CWE-305] v ...)
NOT-FOR-US: Fortinet
@@ -12379,7 +12849,7 @@ CVE-2025-10463 (Improper Authentication vulnerability in Birtech Information Tec
CVE-2026-22922 (Apache Airflow versions 3.1.0 through 3.1.6 contain an authorization f ...)
- airflow <itp> (bug #819700)
NOTE: https://www.openwall.com/lists/oss-security/2026/02/09/2
-CVE-2026-24098 (Apache Airflow versions before 3.1.7, has vulnerability that allows au ...)
+CVE-2026-24098 (Apache Airflow versions 3.0.0 - 3.1.7, has vulnerability that allows a ...)
- airflow <itp> (bug #819700)
NOTE: https://www.openwall.com/lists/oss-security/2026/02/09/3
CVE-2026-23906 (Affected Products and Versions * Apache Druid * Affected Version ...)
@@ -39064,9 +39534,9 @@ CVE-2025-40807 (A vulnerability has been identified in Gridscale X Prepay (All v
NOT-FOR-US: Siemens
CVE-2025-40806 (A vulnerability has been identified in Gridscale X Prepay (All version ...)
NOT-FOR-US: Siemens
-CVE-2025-40801 (A vulnerability has been identified in COMOS V10.6 (All versions), COM ...)
+CVE-2025-40801 (A vulnerability has been identified in COMOS V10.6 (All versions < V10 ...)
NOT-FOR-US: Siemens
-CVE-2025-40800 (A vulnerability has been identified in COMOS V10.6 (All versions), COM ...)
+CVE-2025-40800 (A vulnerability has been identified in COMOS V10.6 (All versions < V10 ...)
NOT-FOR-US: Siemens
CVE-2025-34414 (Entrust Instant Financial Issuance (IFI) On Premise software (formerly ...)
NOT-FOR-US: Entrust Instant Financial Issuance (IFI) On Premise software
@@ -177120,13 +177590,13 @@ CVE-2024-47773 (Discourse is an open source platform for community discussion. A
CVE-2024-47763 (Wasmtime is an open source runtime for WebAssembly. Wasmtime's impleme ...)
- rust-wasmtime 21.0.2+dfsg-1
NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0440.html
-CVE-2024-47565 (A vulnerability has been identified in Siemens SINEC Security Monitor ...)
+CVE-2024-47565 (A vulnerability has been identified in SINEC Security Monitor (All ver ...)
NOT-FOR-US: Siemens
-CVE-2024-47563 (A vulnerability has been identified in Siemens SINEC Security Monitor ...)
+CVE-2024-47563 (A vulnerability has been identified in SINEC Security Monitor (All ver ...)
NOT-FOR-US: Siemens
-CVE-2024-47562 (A vulnerability has been identified in Siemens SINEC Security Monitor ...)
+CVE-2024-47562 (A vulnerability has been identified in SINEC Security Monitor (All ver ...)
NOT-FOR-US: Siemens
-CVE-2024-47553 (A vulnerability has been identified in Siemens SINEC Security Monitor ...)
+CVE-2024-47553 (A vulnerability has been identified in SINEC Security Monitor (All ver ...)
NOT-FOR-US: Siemens
CVE-2024-47425 (Adobe Framemaker versions 2020.6, 2022.4 and earlier are affected by a ...)
NOT-FOR-US: Adobe
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d250484ab17259622af24a46926bbb10f55df482
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d250484ab17259622af24a46926bbb10f55df482
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260310/fd5d820f/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list