[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Mar 11 08:13:21 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a4625559 by security tracker role at 2026-03-11T08:13:06+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,371 @@
+CVE-2026-3911 (A flaw was found in Keycloak. An authenticated user with the view-user ...)
+ TODO: check
+CVE-2026-3903 (The Modular DS: Monitor, update, and backup multiple websites plugin f ...)
+ TODO: check
+CVE-2026-3884 (Versions of the package spin.js before 3.0.0 are vulnerable to Cross-s ...)
+ TODO: check
+CVE-2026-3826 (IFTOP developed by WellChoose has a Local File Inclusion vulnerability ...)
+ TODO: check
+CVE-2026-3825 (IFTOP developed by WellChoose has a Reflected Cross-site Scripting vul ...)
+ TODO: check
+CVE-2026-3824 (IFTOP developed by WellChoose has an Open redirect vulnerability, allo ...)
+ TODO: check
+CVE-2026-3534 (The Astra theme for WordPress is vulnerable to Stored Cross-Site Scrip ...)
+ TODO: check
+CVE-2026-3453 (The ProfilePress plugin for WordPress is vulnerable to Insecure Direct ...)
+ TODO: check
+CVE-2026-3222 (The WP Maps plugin for WordPress is vulnerable to time-based blind SQL ...)
+ TODO: check
+CVE-2026-31844 (An authenticated SQL Injection vulnerability (CWE-89) exists in the Ko ...)
+ TODO: check
+CVE-2026-31838 (Istio is an open platform to connect, manage, and secure microservices ...)
+ TODO: check
+CVE-2026-31837 (Istio is an open platform to connect, manage, and secure microservices ...)
+ TODO: check
+CVE-2026-31834 (Umbraco is an ASP.NET CMS. From 15.3.1 to before 16.5.1 and 17.2.2, A ...)
+ TODO: check
+CVE-2026-31833 (Umbraco is an ASP.NET CMS. From 16.2.0 to before 16.5.1 and 17.2.2, An ...)
+ TODO: check
+CVE-2026-31832 (Umbraco is an ASP.NET CMS. From 14.0.0 to before 16.5.1 and 17.2.2, A ...)
+ TODO: check
+CVE-2026-31830 (sigstore-ruby is a pure Ruby implementation of the sigstore verify com ...)
+ TODO: check
+CVE-2026-31829 (Flowise is a drag & drop user interface to build a customized large la ...)
+ TODO: check
+CVE-2026-31828 (Parse Server is an open source backend that can be deployed to any inf ...)
+ TODO: check
+CVE-2026-31827 (Alienbin is an anonymous code and text sharing web service. In 1.0.0 a ...)
+ TODO: check
+CVE-2026-31826 (pypdf is a free and open-source pure-python PDF library. Prior to 6.8. ...)
+ TODO: check
+CVE-2026-31825 (Sylius is an Open Source eCommerce Framework on Symfony. Sylius API fi ...)
+ TODO: check
+CVE-2026-31824 (Sylius is an Open Source eCommerce Framework on Symfony. A Time-of-Che ...)
+ TODO: check
+CVE-2026-31823 (Sylius is an Open Source eCommerce Framework on Symfony. An authentica ...)
+ TODO: check
+CVE-2026-31822 (Sylius is an Open Source eCommerce Framework on Symfony. A cross-site ...)
+ TODO: check
+CVE-2026-31821 (Sylius is an Open Source eCommerce Framework on Symfony. The POST /api ...)
+ TODO: check
+CVE-2026-31820 (Sylius is an Open Source eCommerce Framework on Symfony. An authentica ...)
+ TODO: check
+CVE-2026-31819 (Sylius is an Open Source eCommerce Framework on Symfony. CurrencySwitc ...)
+ TODO: check
+CVE-2026-31817 (OliveTin gives access to predefined shell commands from a web interfac ...)
+ TODO: check
+CVE-2026-31815 (Unicorn adds modern reactive component functionality to your Django te ...)
+ TODO: check
+CVE-2026-31812 (Quinn is a pure-Rust, async-compatible implementation of the IETF QUIC ...)
+ TODO: check
+CVE-2026-31809 (SiYuan is a personal knowledge management system. Prior to 3.5.10, SiY ...)
+ TODO: check
+CVE-2026-31808 (file-type detects the file type of a file, stream, or data. Prior to 2 ...)
+ TODO: check
+CVE-2026-31807 (SiYuan is a personal knowledge management system. Prior to 3.5.10, SiY ...)
+ TODO: check
+CVE-2026-31801 (zot is ancontainer image/artifact registry based on the Open Container ...)
+ TODO: check
+CVE-2026-31800 (Parse Server is an open source backend that can be deployed to any inf ...)
+ TODO: check
+CVE-2026-30972 (Parse Server is an open source backend that can be deployed to any inf ...)
+ TODO: check
+CVE-2026-30967 (Parse Server is an open source backend that can be deployed to any inf ...)
+ TODO: check
+CVE-2026-30966 (Parse Server is an open source backend that can be deployed to any inf ...)
+ TODO: check
+CVE-2026-30965 (Parse Server is an open source backend that can be deployed to any inf ...)
+ TODO: check
+CVE-2026-30962 (Parse Server is an open source backend that can be deployed to any inf ...)
+ TODO: check
+CVE-2026-30954 (LinkAce is a self-hosted archive to collect website links. In 2.1.0 an ...)
+ TODO: check
+CVE-2026-30953 (LinkAce is a self-hosted archive to collect website links. When a user ...)
+ TODO: check
+CVE-2026-30952 (liquidjs is a Shopify / GitHub Pages compatible template engine in pur ...)
+ TODO: check
+CVE-2026-30951 (Sequelize is a Node.js ORM tool. Prior to 6.37.8, there is SQL injecti ...)
+ TODO: check
+CVE-2026-30949 (Parse Server is an open source backend that can be deployed to any inf ...)
+ TODO: check
+CVE-2026-30948 (Parse Server is an open source backend that can be deployed to any inf ...)
+ TODO: check
+CVE-2026-30947 (Parse Server is an open source backend that can be deployed to any inf ...)
+ TODO: check
+CVE-2026-30946 (Parse Server is an open source backend that can be deployed to any inf ...)
+ TODO: check
+CVE-2026-30837 (Elysia is a Typescript framework for request validation, type inferenc ...)
+ TODO: check
+CVE-2026-2918 (The Happy Addons for Elementor plugin for WordPress is vulnerable to I ...)
+ TODO: check
+CVE-2026-2917 (The Happy Addons for Elementor plugin for WordPress is vulnerable to I ...)
+ TODO: check
+CVE-2026-2707 (The weForms plugin for WordPress is vulnerable to Stored Cross-Site Sc ...)
+ TODO: check
+CVE-2026-2631 (The Datalogics Ecommerce Delivery WordPress plugin before 2.6.60 expo ...)
+ TODO: check
+CVE-2026-2626 (The divi-booster WordPress plugin before 5.0.2 does not have authoriza ...)
+ TODO: check
+CVE-2026-2569 (The Dear Flipbook \u2013 PDF Flipbook, 3D Flipbook, PDF embed, PDF vie ...)
+ TODO: check
+CVE-2026-2466 (The DukaPress WordPress plugin through 3.2.4 does not sanitise and esc ...)
+ TODO: check
+CVE-2026-2413 (The Ally \u2013 Web Accessibility & Usability plugin for WordPress is ...)
+ TODO: check
+CVE-2026-2358 (The WP ULike plugin for WordPress is vulnerable to Stored Cross-Site S ...)
+ TODO: check
+CVE-2026-2324 (The LatePoint \u2013 Calendar Booking Plugin for Appointments and Even ...)
+ TODO: check
+CVE-2026-29793 (Feathersjs is a framework for creating web APIs and real-time applicat ...)
+ TODO: check
+CVE-2026-29792 (Feathersjs is a framework for creating web APIs and real-time applicat ...)
+ TODO: check
+CVE-2026-29515 (MiCode FileExplorer contains an authentication bypass vulnerability in ...)
+ TODO: check
+CVE-2026-28807 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2026-28806 (Improper Authorization vulnerability in nerves-hub nerves_hub_web allo ...)
+ TODO: check
+CVE-2026-27842 (Authentication bypass issue exists in MR-GM5L-S1 and MR-GM5A-L1, which ...)
+ TODO: check
+CVE-2026-27278 (Acrobat Reader versions 24.001.30307, 24.001.30308, 25.001.21265 and e ...)
+ TODO: check
+CVE-2026-27272 (Illustrator versions 29.8.4, 30.1 and earlier are affected by an out-o ...)
+ TODO: check
+CVE-2026-27271 (Illustrator versions 29.8.4, 30.1 and earlier are affected by a Heap-b ...)
+ TODO: check
+CVE-2026-27270 (Illustrator versions 29.8.4, 30.1 and earlier are affected by an Out-o ...)
+ TODO: check
+CVE-2026-27268 (Illustrator versions 29.8.4, 30.1 and earlier are affected by an Out-o ...)
+ TODO: check
+CVE-2026-27267 (Illustrator versions 29.8.4, 30.1 and earlier are affected by a Stack- ...)
+ TODO: check
+CVE-2026-27266 (Adobe Experience Manager versions 6.5.23 and earlier are affected by a ...)
+ TODO: check
+CVE-2026-27265 (Adobe Experience Manager versions 6.5.23 and earlier are affected by a ...)
+ TODO: check
+CVE-2026-27264 (Adobe Experience Manager versions 6.5.23 and earlier are affected by a ...)
+ TODO: check
+CVE-2026-27263 (Adobe Experience Manager versions 6.5.23 and earlier are affected by a ...)
+ TODO: check
+CVE-2026-27262 (Adobe Experience Manager versions 6.5.23 and earlier are affected by a ...)
+ TODO: check
+CVE-2026-27261 (Adobe Experience Manager versions 6.5.23 and earlier are affected by a ...)
+ TODO: check
+CVE-2026-27260 (Adobe Experience Manager versions 6.5.23 and earlier are affected by a ...)
+ TODO: check
+CVE-2026-27259 (Adobe Experience Manager versions 6.5.23 and earlier are affected by a ...)
+ TODO: check
+CVE-2026-27257 (Adobe Experience Manager versions 6.5.23 and earlier are affected by a ...)
+ TODO: check
+CVE-2026-27256 (Adobe Experience Manager versions 6.5.23 and earlier are affected by a ...)
+ TODO: check
+CVE-2026-27255 (Adobe Experience Manager versions 6.5.23 and earlier are affected by a ...)
+ TODO: check
+CVE-2026-27254 (Adobe Experience Manager versions 6.5.23 and earlier are affected by a ...)
+ TODO: check
+CVE-2026-27253 (Adobe Experience Manager versions 6.5.23 and earlier are affected by a ...)
+ TODO: check
+CVE-2026-27252 (Adobe Experience Manager versions 6.5.23 and earlier are affected by a ...)
+ TODO: check
+CVE-2026-27251 (Adobe Experience Manager versions 6.5.23 and earlier are affected by a ...)
+ TODO: check
+CVE-2026-27250 (Adobe Experience Manager versions 6.5.23 and earlier are affected by a ...)
+ TODO: check
+CVE-2026-27249 (Adobe Experience Manager versions 6.5.23 and earlier are affected by a ...)
+ TODO: check
+CVE-2026-27248 (Adobe Experience Manager versions 6.5.23 and earlier are affected by a ...)
+ TODO: check
+CVE-2026-27247 (Adobe Experience Manager versions 6.5.23 and earlier are affected by a ...)
+ TODO: check
+CVE-2026-27244 (Adobe Experience Manager versions 6.5.23 and earlier are affected by a ...)
+ TODO: check
+CVE-2026-27242 (Adobe Experience Manager versions 6.5.23 and earlier are affected by a ...)
+ TODO: check
+CVE-2026-27241 (Adobe Experience Manager versions 6.5.23 and earlier are affected by a ...)
+ TODO: check
+CVE-2026-27240 (Adobe Experience Manager versions 6.5.23 and earlier are affected by a ...)
+ TODO: check
+CVE-2026-27239 (Adobe Experience Manager versions 6.5.23 and earlier are affected by a ...)
+ TODO: check
+CVE-2026-27237 (Adobe Experience Manager versions 6.5.23 and earlier are affected by a ...)
+ TODO: check
+CVE-2026-27236 (Adobe Experience Manager versions 6.5.23 and earlier are affected by a ...)
+ TODO: check
+CVE-2026-27235 (Adobe Experience Manager versions 6.5.23 and earlier are affected by a ...)
+ TODO: check
+CVE-2026-27234 (Adobe Experience Manager versions 6.5.23 and earlier are affected by a ...)
+ TODO: check
+CVE-2026-27233 (Adobe Experience Manager versions 6.5.23 and earlier are affected by a ...)
+ TODO: check
+CVE-2026-27232 (Adobe Experience Manager versions 6.5.23 and earlier are affected by a ...)
+ TODO: check
+CVE-2026-27231 (Adobe Experience Manager versions 6.5.23 and earlier are affected by a ...)
+ TODO: check
+CVE-2026-27230 (Adobe Experience Manager versions 6.5.23 and earlier are affected by a ...)
+ TODO: check
+CVE-2026-27229 (Adobe Experience Manager versions 6.5.23 and earlier are affected by a ...)
+ TODO: check
+CVE-2026-27228 (Adobe Experience Manager versions 6.5.23 and earlier are affected by a ...)
+ TODO: check
+CVE-2026-27226 (Adobe Experience Manager versions 6.5.23 and earlier are affected by a ...)
+ TODO: check
+CVE-2026-27225 (Adobe Experience Manager versions 6.5.23 and earlier are affected by a ...)
+ TODO: check
+CVE-2026-27224 (Adobe Experience Manager versions 6.5.23 and earlier are affected by a ...)
+ TODO: check
+CVE-2026-27223 (Adobe Experience Manager versions 6.5.23 and earlier are affected by a ...)
+ TODO: check
+CVE-2026-27221 (Acrobat Reader versions 24.001.30307, 24.001.30308, 25.001.21265 and e ...)
+ TODO: check
+CVE-2026-27220 (Acrobat Reader versions 24.001.30307, 24.001.30308, 25.001.21265 and e ...)
+ TODO: check
+CVE-2026-24448 (Use of hard-coded credentials issue exists in MR-GM5L-S1 and MR-GM5A-L ...)
+ TODO: check
+CVE-2026-23817 (A vulnerability in the web-based management interface of AOS-CX Switch ...)
+ TODO: check
+CVE-2026-23816 (A vulnerability in the command line interface of AOS-CX Switches could ...)
+ TODO: check
+CVE-2026-23815 (A vulnerability in a custom binary used in AOS-CX Switches' CLI could ...)
+ TODO: check
+CVE-2026-23814 (A vulnerability in the command parameters of a certain AOS-CX CLI comm ...)
+ TODO: check
+CVE-2026-23813 (A vulnerability has been identified in the web-based management interf ...)
+ TODO: check
+CVE-2026-21362 (Illustrator versions 29.8.4, 30.1 and earlier are affected by an out-o ...)
+ TODO: check
+CVE-2026-21361 (Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2 ...)
+ TODO: check
+CVE-2026-21360 (Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2 ...)
+ TODO: check
+CVE-2026-21359 (Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2 ...)
+ TODO: check
+CVE-2026-21333 (Illustrator versions 29.8.4, 30.1 and earlier are affected by an Untru ...)
+ TODO: check
+CVE-2026-21311 (Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2 ...)
+ TODO: check
+CVE-2026-21310 (Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2 ...)
+ TODO: check
+CVE-2026-21309 (Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2 ...)
+ TODO: check
+CVE-2026-21297 (Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2 ...)
+ TODO: check
+CVE-2026-21296 (Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2 ...)
+ TODO: check
+CVE-2026-21295 (Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2 ...)
+ TODO: check
+CVE-2026-21294 (Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2 ...)
+ TODO: check
+CVE-2026-21293 (Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2 ...)
+ TODO: check
+CVE-2026-21292 (Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2 ...)
+ TODO: check
+CVE-2026-21291 (Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2 ...)
+ TODO: check
+CVE-2026-21290 (Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2 ...)
+ TODO: check
+CVE-2026-21289 (Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2 ...)
+ TODO: check
+CVE-2026-21286 (Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2 ...)
+ TODO: check
+CVE-2026-21285 (Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2 ...)
+ TODO: check
+CVE-2026-21284 (Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2 ...)
+ TODO: check
+CVE-2026-21282 (Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2 ...)
+ TODO: check
+CVE-2026-20892 (Code injection vulnerability exists in MR-GM5L-S1 and MR-GM5A-L1, whic ...)
+ TODO: check
+CVE-2026-1867 (The Guest posting / Frontend Posting / Front Editor WordPress plugin ...)
+ TODO: check
+CVE-2026-1781 (The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2026-1753 (The Gutena Forms WordPress plugin before 1.6.1 does not validate opti ...)
+ TODO: check
+CVE-2026-1708 (The Appointment Booking Calendar \u2014 Simply Schedule Appointments B ...)
+ TODO: check
+CVE-2026-0124 (There is a possible out of bounds write due to a missing bounds check. ...)
+ TODO: check
+CVE-2026-0123 (In EfwApTransport::ProcessRxRing of efw_ap_transport.cc, there is a po ...)
+ TODO: check
+CVE-2026-0122 (In multiple places, there is a possible out of bounds write due to mem ...)
+ TODO: check
+CVE-2026-0121 (In VPU, there is a possible use-after-free read due to a race conditio ...)
+ TODO: check
+CVE-2026-0120 (In modem, there is a possible out of bounds write due to an incorrect ...)
+ TODO: check
+CVE-2026-0119 (In usim_SendMCCMNCIndMsg of usim_Registration.c, there is a possible o ...)
+ TODO: check
+CVE-2026-0118 (In oobconfig, there is a possible bypass of carrier restrictions due t ...)
+ TODO: check
+CVE-2026-0117 (In mfc_dec_dqbuf of mfc_dec_v4l2.c, there is a possible out of bounds ...)
+ TODO: check
+CVE-2026-0116 (In __mfc_handle_released_buf of mfc_core_isr.c, there is a possible ou ...)
+ TODO: check
+CVE-2026-0115 (In Trusted Execution Environment, there is a possible key leak due to ...)
+ TODO: check
+CVE-2026-0114 (In Modem, there is a possible out of bounds write due to an incorrect ...)
+ TODO: check
+CVE-2026-0113 (In ns_GetUserData of ns_SmscbUtilities.c, there is a possible out of b ...)
+ TODO: check
+CVE-2026-0112 (In vpu_open_inst of vpu_ioctl.c, there is a possible use after free du ...)
+ TODO: check
+CVE-2026-0111 (In ns_GetUserData of ns_SmscbUtilities.c, there is a possible out of b ...)
+ TODO: check
+CVE-2026-0110 (In MM_DATA_IND of cn_NrSmMsgHdlrFromMM.cpp, there is a possible EoP du ...)
+ TODO: check
+CVE-2026-0109 (In dhd_tcpdata_info_get of dhd_ip.c, there is a possible Denial of Ser ...)
+ TODO: check
+CVE-2026-0108 (The register protection of the PowerVR GPU is incorrectly configured. ...)
+ TODO: check
+CVE-2026-0107 (In gmc_ddr_handle_mba_mr_req of gmc_mba_ddr.c, there is a possible esc ...)
+ TODO: check
+CVE-2025-70802 (Tenda G1V3.1si V16.01.7.8 Firmware V16.01.7.8 was discovered to contai ...)
+ TODO: check
+CVE-2025-70798 (Tenda i24V3.0si V3.0.0.5 Firmware V3.0.0.5 was discovered to contain a ...)
+ TODO: check
+CVE-2025-70244 (Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the we ...)
+ TODO: check
+CVE-2025-70242 (Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the we ...)
+ TODO: check
+CVE-2025-66413 (Git for Windows is the Windows port of Git. Prior to 2.53.0(2), it is ...)
+ TODO: check
+CVE-2025-36920 (In hyp_alloc of arch/arm64/kvm/hyp/nvhe/alloc.c, there is a possible o ...)
+ TODO: check
+CVE-2025-22850 (Time-of-check time-of-use race condition in the UEFI PdaSmm module for ...)
+ TODO: check
+CVE-2025-22444 (Exposure of resource to wrong sphere in the UEFI PdaSmm module for som ...)
+ TODO: check
+CVE-2025-20105 (Improper input validation in some UEFI firmware SMM module for the Int ...)
+ TODO: check
+CVE-2025-20096 (Improper input validation in the UEFI firmware for some Intel Referenc ...)
+ TODO: check
+CVE-2025-20073 (Improper buffer restrictions in the UEFI DXE module for some Intel(R) ...)
+ TODO: check
+CVE-2025-20068 (Improper input validation in the UEFI ImcErrorHandler module for some ...)
+ TODO: check
+CVE-2025-20064 (Improper input validation in the UEFI FlashUcAcmSmm module for some In ...)
+ TODO: check
+CVE-2025-20028 (Time-of-check time-of-use race condition in the WheaERST SMM module fo ...)
+ TODO: check
+CVE-2025-20027 (Improper input validation in the UEFI WheaERST module for some Intel(R ...)
+ TODO: check
+CVE-2025-20005 (Improper buffer restrictions in some UEFI firmware for some Intel(R) r ...)
+ TODO: check
+CVE-2025-13219 (IBM Aspera Orchestrator 3.0.0 through 4.1.2 stores sensitive informati ...)
+ TODO: check
+CVE-2025-13213 (IBM Aspera Orchestrator 3.0.0 through 4.1.2 is vulnerable to HTTP head ...)
+ TODO: check
+CVE-2025-13067 (The Royal Addons for Elementor plugin for WordPress is vulnerable to a ...)
+ TODO: check
+CVE-2025-12473 (The RTMKit plugin for WordPress is vulnerable to Reflected Cross-Site ...)
+ TODO: check
+CVE-2024-14026 (A command injection vulnerability has been reported to affect several ...)
+ TODO: check
+CVE-2024-14025 (An SQL injection vulnerability has been reported to affect Video Stati ...)
+ TODO: check
+CVE-2024-14024 (An improper certificate validation vulnerability has been reported to ...)
+ TODO: check
CVE-2026-3805
- curl <unfixed>
[trixie] - curl <no-dsa> (Minor issue)
@@ -959,7 +1327,7 @@ CVE-2026-3634
NOTE: Duplicate/Overlapping issue: https://gitlab.gnome.org/GNOME/libsoup/-/issues/486
CVE-2026-3823 (EHG2408 series switch developed by Atop Technologies has a Stack-based ...)
NOT-FOR-US: EHG2408 series switch
-CVE-2026-3822 (Taipower APP developed by Taipower has an Improper Certificate Validat ...)
+CVE-2026-3822 (Taipower APP for Andorid developed by Taipower has an Improper Certifi ...)
NOT-FOR-US: Taipower
CVE-2026-3810 (A vulnerability has been found in Tenda FH1202 1.2.0.14(408). This aff ...)
NOT-FOR-US: Tenda
@@ -5038,13 +5406,13 @@ CVE-2026-27804 (Parse Server is an open source backend that can be deployed to a
CVE-2026-27800 (Zed, a code editor, has a Zip Slip (Path Traversal) vulnerability exis ...)
- zed-editor <itp> (bug #1076165)
CVE-2026-27799 (ImageMagick is free and open-source software used for editing and mani ...)
- {DSA-6158-1}
+ {DSA-6159-1 DSA-6158-1}
- imagemagick 8:7.1.2.15+dfsg1-1
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r99p-5442-q2x2
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/e87695b3227978ad70b967b8d054baaf8ac2cced (7.1.2-14)
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/958ca384aa84ca48fbe3af07bb8d1708ab4d6143 (6.9.13-39)
CVE-2026-27798 (ImageMagick is free and open-source software used for editing and mani ...)
- {DSA-6158-1}
+ {DSA-6159-1 DSA-6158-1}
- imagemagick 8:7.1.2.15+dfsg1-1
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qpgx-jfcq-r59f
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/0377e60b3c0d766bd7271221c95d9ee54f6a3738 (7.1.2-14)
@@ -6290,7 +6658,7 @@ CVE-2026-26284 (ImageMagick is free and open-source software used for editing an
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/0c9ffcf55763e5daf1b61dfed0deed1aa43e217f (7.1.2-14)
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/5204a166fd2463905025378303c7e3715163d0e7 (6.9.13-39)
CVE-2026-26283 (ImageMagick is free and open-source software used for editing and mani ...)
- {DSA-6158-1}
+ {DSA-6159-1 DSA-6158-1}
- imagemagick 8:7.1.2.15+dfsg1-1
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-gwr3-x37h-h84v
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/c448c6920a985872072fc7be6034f678c087de9b (7.1.2-14)
@@ -6300,7 +6668,7 @@ CVE-2026-26198 (Ormar is a async mini ORM for Python. In versions 0.9.9 through
NOTE: https://github.com/collerek/ormar/security/advisories/GHSA-xxh2-68g9-8jqr
NOTE: Fixed by: https://github.com/collerek/ormar/commit/a03bae14fe01358d3eaf7e319fcd5db2e4956b16 (0.23.0)
CVE-2026-26066 (ImageMagick is free and open-source software used for editing and mani ...)
- {DSA-6158-1}
+ {DSA-6159-1 DSA-6158-1}
- imagemagick 8:7.1.2.15+dfsg1-1
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-v994-63cg-9wj3
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/880057ce34f6da9dff2fe3b290bbbc45b743e613 (7.1.2-14)
@@ -6310,25 +6678,25 @@ CVE-2026-26025 (free5GC SMF provides Session Management Function for free5GC, an
CVE-2026-26024 (free5GC SMF provides Session Management Function for free5GC, an open- ...)
NOT-FOR-US: Free5GC
CVE-2026-25989 (ImageMagick is free and open-source software used for editing and mani ...)
- {DSA-6158-1}
+ {DSA-6159-1 DSA-6158-1}
- imagemagick 8:7.1.2.15+dfsg1-1
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-7355-pwx2-pm84
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/5a545ab9d6c3d12a6a76cfed32b87df096729d95 (7.1.2-14)
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/7fc7208f8f3073d768b8b1658fd6ecda1ef6e1c5 (6.9.13-39)
CVE-2026-25988 (ImageMagick is free and open-source software used for editing and mani ...)
- {DSA-6158-1}
+ {DSA-6159-1 DSA-6158-1}
- imagemagick 8:7.1.2.15+dfsg1-1
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-782x-jh29-9mf7
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/4354fc1d554ec2e6314aed13536efa7bde9593d2 (7.1.2-14)
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/d2e99064d65f5955f39d92e4b208089409118683 (6.9.13-39)
CVE-2026-25987 (ImageMagick is free and open-source software used for editing and mani ...)
- {DSA-6158-1}
+ {DSA-6159-1 DSA-6158-1}
- imagemagick 8:7.1.2.15+dfsg1-1
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-42p5-62qq-mmh7
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/bbae0215e1b76830509fd20e6d37c0dd7e3e4c3a (7.1.2-14)
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/a842cd896a19744b5577b6113990faaae14569b0 (6.9.13-39)
CVE-2026-25986 (ImageMagick is free and open-source software used for editing and mani ...)
- {DSA-6158-1}
+ {DSA-6159-1 DSA-6158-1}
- imagemagick 8:7.1.2.15+dfsg1-1
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-mqfc-82jx-3mr2
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/b9c80ad3ca802b6883da25f153c4fdf72c017eba (7.1.2-14)
@@ -6342,14 +6710,14 @@ CVE-2026-25985 (ImageMagick is free and open-source software used for editing an
CVE-2026-25984
REJECTED
CVE-2026-25983 (ImageMagick is free and open-source software used for editing and mani ...)
- {DSA-6158-1}
+ {DSA-6159-1 DSA-6158-1}
- imagemagick 8:7.1.2.15+dfsg1-1
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-fwqw-2x5x-w566
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/b4f8e1a387dd1d0a0af516071831a235f2fdf437 (7.1.2-14)
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/257200cb21de23404dce5f8261871845d425dee5 (7.1.2-14)
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/e5d3ca6dfb76dccb5bdf73c74135e0fde2f9d0b7 (6.9.13-39)
CVE-2026-25982 (ImageMagick is free and open-source software used for editing and mani ...)
- {DSA-6158-1}
+ {DSA-6159-1 DSA-6158-1}
- imagemagick 8:7.1.2.15+dfsg1-1
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pmq6-8289-hx3v
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/4e1f5381d4ccbb6b71927e94c5d257fa883b3af7 (7.1.2-14)
@@ -6361,7 +6729,7 @@ CVE-2026-25971 (ImageMagick is free and open-source software used for editing an
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8mpr-6xr2-chhc
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/9313e530b37272b748898febd42b5949756f0179 (7.1.2-14)
CVE-2026-25970 (ImageMagick is free and open-source software used for editing and mani ...)
- {DSA-6158-1}
+ {DSA-6159-1 DSA-6158-1}
- imagemagick 8:7.1.2.15+dfsg1-1
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-xg29-8ghv-v4xr
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/729253dc16e1a1ec4cac891a12d597e3fa9336b3 (7.1.2-14)
@@ -6375,7 +6743,7 @@ CVE-2026-25969 (ImageMagick is free and open-source software used for editing an
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/a253d1b124ebdcc2832daac6f9a35c362635b40e (7.1.2-14)
NOTE: Introduced by: https://github.com/ImageMagick/ImageMagick/commit/114356949267dc1e04dc0d5c460ca1c05833504a (7.0.10-22)
CVE-2026-25968 (ImageMagick is free and open-source software used for editing and mani ...)
- {DSA-6158-1}
+ {DSA-6159-1 DSA-6158-1}
- imagemagick 8:7.1.2.15+dfsg1-1
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-3mwp-xqp2-q6ph
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/56f02958890b820cf2d0a6ecb04eb6f58ea75628 (7.1.2-14)
@@ -6397,14 +6765,14 @@ CVE-2026-25966 (ImageMagick is free and open-source software used for editing an
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/6a602fb36f181a0089848344a3b0d79fc6155a2b
NOTE: for imagemagick6 fix in included in a jumbo security patch with other fix
CVE-2026-25965 (ImageMagick is free and open-source software used for editing and mani ...)
- {DSA-6158-1}
+ {DSA-6159-1 DSA-6158-1}
- imagemagick 8:7.1.2.15+dfsg1-1
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8jvj-p28h-9gm7
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/4a9dc1075dcad3ab0579e1b37dbe854c882699a5 (7.1.2-14)
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/b4c37614b6da7695cb4f5b3c6e326a37bdf2b1a9 (6.9.13-39)
NOTE: for imagemagick6 fix in included in a jumbo security patch with other fix like CVE-2026-25797
CVE-2026-25898 (ImageMagick is free and open-source software used for editing and mani ...)
- {DSA-6158-1}
+ {DSA-6159-1 DSA-6158-1}
- imagemagick 8:7.1.2.15+dfsg1-1
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-vpxv-r9pg-7gpr
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/c9c87dbaba56bf82aebd3392e11f0ffd93709b12 (7.1.2-14)
@@ -6412,7 +6780,7 @@ CVE-2026-25898 (ImageMagick is free and open-source software used for editing an
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/66d3a6497eb89b3ce2a7b86cc23be6d69bce9220 (6.9.13-39)
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/abfbcfe8e7884deb3560c74569c96ee4b068f3a6 (6.9.13-39)
CVE-2026-25897 (ImageMagick is free and open-source software used for editing and mani ...)
- {DSA-6158-1}
+ {DSA-6159-1 DSA-6158-1}
- imagemagick 8:7.1.2.15+dfsg1-1
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-6j5f-24fw-pqp4
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/23fde73188ea32c15b607571775d4f92bdb75e60 (7.1.2-14)
@@ -6420,19 +6788,19 @@ CVE-2026-25897 (ImageMagick is free and open-source software used for editing an
CVE-2026-25802 (New API is a large language mode (LLM) gateway and artificial intellig ...)
NOT-FOR-US: New API (QuantumNous/new-api)
CVE-2026-25799 (ImageMagick is free and open-source software used for editing and mani ...)
- {DSA-6158-1}
+ {DSA-6159-1 DSA-6158-1}
- imagemagick 8:7.1.2.15+dfsg1-1
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-543g-8grm-9cw6
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/412f3c8bc1d3b6890aad72376cd992c9b5177037 (7.1.2-14)
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/44c687dee38eb1a8053facb4a33dfa1e255875ea (6.9.13-39)
CVE-2026-25798 (ImageMagick is free and open-source software used for editing and mani ...)
- {DSA-6158-1}
+ {DSA-6159-1 DSA-6158-1}
- imagemagick 8:7.1.2.15+dfsg1-1
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-p863-5fgm-rgq4
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/16dd3158ce197c6f65e7798a7a5cc4538bb0303e (7.1.2-14)
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/93a38e3a7bfb7a492409275321eca94df7cd03a7 (6.9.13-39)
CVE-2026-25797 (ImageMagick is free and open-source software used for editing and mani ...)
- {DSA-6158-1}
+ {DSA-6159-1 DSA-6158-1}
- imagemagick 8:7.1.2.15+dfsg1-1
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-rw6c-xp26-225v
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/26088a83d71e9daa203d54a56fe3c31f3f85463d (7.1.2-14)
@@ -6441,13 +6809,13 @@ CVE-2026-25797 (ImageMagick is free and open-source software used for editing an
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/b4c37614b6da7695cb4f5b3c6e326a37bdf2b1a9 (6.9.13-39)
NOTE: for imagemagick6 fix in included in a jumbo security patch with other fix like CVE-2026-25965
CVE-2026-25796 (ImageMagick is free and open-source software used for editing and mani ...)
- {DSA-6158-1}
+ {DSA-6159-1 DSA-6158-1}
- imagemagick 8:7.1.2.15+dfsg1-1
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-g2pr-qxjg-7r2w
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/93ad259ce4f6d641eea0bee73f374af90f35efc3 (7.1.2-14)
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/29aeed740553ed4e5c544e101ac468be55a919ff (6.9.13-39)
CVE-2026-25795 (ImageMagick is free and open-source software used for editing and mani ...)
- {DSA-6158-1}
+ {DSA-6159-1 DSA-6158-1}
- imagemagick 8:7.1.2.15+dfsg1-1
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-p33r-fqw2-rqmm
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/0c7d0b9671ae2616fca106dcada45536eb4df5dc (7.1.2-14)
@@ -6465,7 +6833,7 @@ CVE-2026-25649 (Versions of the Traccar open-source GPS tracking system up to an
CVE-2026-25648 (Versions of the Traccar open-source GPS tracking system starting with ...)
NOT-FOR-US: Traccar
CVE-2026-25638 (ImageMagick is free and open-source software used for editing and mani ...)
- {DSA-6158-1}
+ {DSA-6159-1 DSA-6158-1}
- imagemagick 8:7.1.2.15+dfsg1-1
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-gxcx-qjqp-8vjw
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/1e88fca11c7b8517100d518bc99bd8c474f02f88 (7.1.2-14)
@@ -6481,7 +6849,7 @@ CVE-2026-25637 (ImageMagick is free and open-source software used for editing an
CVE-2026-25591 (New API is a large language mode (LLM) gateway and artificial intellig ...)
NOT-FOR-US: New API (QuantumNous/new-api)
CVE-2026-25576 (ImageMagick is free and open-source software used for editing and mani ...)
- {DSA-6158-1}
+ {DSA-6159-1 DSA-6158-1}
- imagemagick 8:7.1.2.15+dfsg1-1
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-jv4p-gjwq-9r2j
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/077b42643212d7da8c1a4f6b2cd0067ebca8ec0f (7.1.2-14)
@@ -6492,14 +6860,14 @@ CVE-2026-25545 (Astro is a web framework. Prior to version 9.5.4, Server-Side Re
CVE-2026-25501 (free5GC SMF provides Session Management Function for free5GC, an open- ...)
NOT-FOR-US: Free5GC
CVE-2026-24485 (ImageMagick is free and open-source software used for editing and mani ...)
- {DSA-6158-1}
+ {DSA-6159-1 DSA-6158-1}
- imagemagick 8:7.1.2.15+dfsg1-1
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pqgj-2p96-rx85
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/332c1566acc2de77857032d3c2504ead6210ff50 (7.1.2-14)
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/55c344f4b514213642da41194bab57b4476fb9f5 (7.1.2-14)
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/75904c39049ec0b8d81eb7131bb05c0b23ad3189 (6.9.13-39)
CVE-2026-24484 (ImageMagick is free and open-source software used for editing and mani ...)
- {DSA-6158-1}
+ {DSA-6159-1 DSA-6158-1}
- imagemagick 8:7.1.2.15+dfsg1-1
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wg3g-gvx5-2pmv
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/0349df6d43d633bd61bb582d1e1e87d6332de32a (7.1.2-14)
@@ -6507,7 +6875,7 @@ CVE-2026-24484 (ImageMagick is free and open-source software used for editing an
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/c47b28f700fc454e4f7c16e197a55149120697ea (6.9.13-39)
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/151dcb4f0246d1285cbd756a1f32797894ad5da5 (6.9.13-39)
CVE-2026-24481 (ImageMagick is free and open-source software used for editing and mani ...)
- {DSA-6158-1}
+ {DSA-6159-1 DSA-6158-1}
- imagemagick 8:7.1.2.15+dfsg1-1
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-96pc-27rx-pr36
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/51c9d33f4770cdcfa1a029199375d570af801c97 (7.1.2-14)
@@ -69224,7 +69592,7 @@ CVE-2025-58045 (Dataease is an open source data analytics and visualization plat
NOT-FOR-US: Dataease
CVE-2025-57248 (A null pointer dereference vulnerability was discovered in SumatraPDF ...)
NOT-FOR-US: SumatraPDF
-CVE-2025-57176 (The rfpiped service on TCP port 555 in Ceragon Networks / Siklu Commun ...)
+CVE-2025-57176 (On Ceragon Networks / Siklu Communication EtherHaul and MultiHaul Seri ...)
NOT-FOR-US: Ceragon Networks / Siklu Communication EtherHaul series
CVE-2025-57174 (An issue was discovered in Siklu Communications Etherhaul 8010TX and 1 ...)
NOT-FOR-US: Siklu Communications Etherhaul
@@ -301733,8 +302101,8 @@ CVE-2023-27575
RESERVED
CVE-2023-27574 (ShadowsocksX-NG 1.10.0 signs with com.apple.security.get-task-allow en ...)
NOT-FOR-US: ShadowsocksX-NG
-CVE-2023-27573
- RESERVED
+CVE-2023-27573 (netbox-docker before 2.5.0 has a superuser account with default creden ...)
+ TODO: check
CVE-2023-27572 (An issue was discovered in CommScope Arris DG3450 Cable Gateway AR01.0 ...)
NOT-FOR-US: CommScope Arris DG3450
CVE-2023-27571 (An issue was discovered in DG3450 Cable Gateway AR01.02.056.18_041520_ ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a46255596492ba9b793370a914562c8760cba14c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a46255596492ba9b793370a914562c8760cba14c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260311/dad3858c/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list