[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Mar 18 20:13:33 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
32745d50 by security tracker role at 2026-03-18T20:13:26+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,124 +1,254 @@
-CVE-2026-23268 [apparmor: fix unprivileged local user can do privileged policy management]
+CVE-2026-4396 (Improper certificate validation in Devolutions Hub Reporting Service ...)
+ TODO: check
+CVE-2026-3479 (pkgutil.get_data() did not validate the resource argument as documente ...)
+ TODO: check
+CVE-2026-3278 (Improper neutralization of input during web page generation ('cross-si ...)
+ TODO: check
+CVE-2026-3090 (The Post SMTP \u2013 Complete Email Deliverability and SMTP Solution w ...)
+ TODO: check
+CVE-2026-33265 (In LibreChat 0.8.1-rc2, a logged-in user obtains a JWT for both the Li ...)
+ TODO: check
+CVE-2026-33004 (Jenkins LoadNinja Plugin 2.1 and earlier does not mask LoadNinja API k ...)
+ TODO: check
+CVE-2026-33003 (Jenkins LoadNinja Plugin 2.1 and earlier stores LoadNinja API keys une ...)
+ TODO: check
+CVE-2026-33002 (Jenkins 2.442 through 2.554 (both inclusive), LTS 2.426.3 through LTS ...)
+ TODO: check
+CVE-2026-33001 (Jenkins 2.554 and earlier, LTS 2.541.2 and earlier does not safely han ...)
+ TODO: check
+CVE-2026-32694 (In Juju from version 3.0.0 through 3.6.18, when a secret owner grants ...)
+ TODO: check
+CVE-2026-32693 (In Juju from version 3.0.0 through 3.6.18, the authorization of the "s ...)
+ TODO: check
+CVE-2026-32692 (An authorization bypass vulnerability in the Vault secrets back-end im ...)
+ TODO: check
+CVE-2026-32691 (A race condition in the secrets management subsystem of Juju versions ...)
+ TODO: check
+CVE-2026-32634 (Glances is an open-source system cross-platform monitoring tool. Prior ...)
+ TODO: check
+CVE-2026-32633 (Glances is an open-source system cross-platform monitoring tool. Prior ...)
+ TODO: check
+CVE-2026-32632 (Glances is an open-source system cross-platform monitoring tool. Glanc ...)
+ TODO: check
+CVE-2026-32611 (Glances is an open-source system cross-platform monitoring tool. The G ...)
+ TODO: check
+CVE-2026-32610 (Glances is an open-source system cross-platform monitoring tool. Prior ...)
+ TODO: check
+CVE-2026-32609 (Glances is an open-source system cross-platform monitoring tool. The G ...)
+ TODO: check
+CVE-2026-32565 (Missing Authorization vulnerability in WebberZone Contextual Related P ...)
+ TODO: check
+CVE-2026-31971 (HTSlib is a library for reading and writing bioinformatics file format ...)
+ TODO: check
+CVE-2026-31970 (HTSlib is a library for reading and writing bioinformatics file format ...)
+ TODO: check
+CVE-2026-31969 (HTSlib is a library for reading and writing bioinformatics file format ...)
+ TODO: check
+CVE-2026-31968 (HTSlib is a library for reading and writing bioinformatics file format ...)
+ TODO: check
+CVE-2026-31967 (HTSlib is a library for reading and writing bioinformatics file format ...)
+ TODO: check
+CVE-2026-31966 (HTSlib is a library for reading and writing bioinformatics file format ...)
+ TODO: check
+CVE-2026-31965 (HTSlib is a library for reading and writing bioinformatics file format ...)
+ TODO: check
+CVE-2026-31964 (HTSlib is a library for reading and writing bioinformatics file format ...)
+ TODO: check
+CVE-2026-31963 (HTSlib is a library for reading and writing bioinformatics file format ...)
+ TODO: check
+CVE-2026-31962 (HTSlib is a library for reading and writing bioinformatics file format ...)
+ TODO: check
+CVE-2026-30704 (The WiFi Extender WDR201A (HW V2.1, FW LFMZX28040922V1.02) exposes an ...)
+ TODO: check
+CVE-2026-30703 (A command injection vulnerability exists in the web management interfa ...)
+ TODO: check
+CVE-2026-30702 (The WiFi Extender WDR201A (HW V2.1, FW LFMZX28040922V1.02) implements ...)
+ TODO: check
+CVE-2026-30701 (The web interface of the WiFi Extender WDR201A (HW V2.1, FW LFMZX28040 ...)
+ TODO: check
+CVE-2026-30695 (A Cross-Site Scripting (XSS) vulnerability exists in the web-based con ...)
+ TODO: check
+CVE-2026-30345 (A zip slip vulnerability in the Admin import functionality of CTFd v3. ...)
+ TODO: check
+CVE-2026-30048 (A stored cross-site scripting (XSS) vulnerability exists in the NotCha ...)
+ TODO: check
+CVE-2026-2992 (The KiviCare \u2013 Clinic & Patient Management System (EHR) plugin fo ...)
+ TODO: check
+CVE-2026-2991 (The KiviCare \u2013 Clinic & Patient Management System (EHR) plugin fo ...)
+ TODO: check
+CVE-2026-2559 (The Post SMTP plugin for WordPress is vulnerable to unauthorized modif ...)
+ TODO: check
+CVE-2026-2512 (The Code Embed plugin for WordPress is vulnerable to Stored Cross-Site ...)
+ TODO: check
+CVE-2026-29859 (An arbitrary file upload vulnerability in aaPanel v7.57.0 allows attac ...)
+ TODO: check
+CVE-2026-29858 (A lack of path validation in aaPanel v7.57.0 allows attackers to execu ...)
+ TODO: check
+CVE-2026-29856 (An issue in the VirtualHost configuration handling/parser component of ...)
+ TODO: check
+CVE-2026-27135 (nghttp2 is an implementation of the Hypertext Transfer Protocol versio ...)
+ TODO: check
+CVE-2026-26948 (Dell Integrated Dell Remote Access Controller 9, 14G versions prior to ...)
+ TODO: check
+CVE-2026-26945 (Dell Integrated Dell Remote Access Controller 9, 14G versions prior to ...)
+ TODO: check
+CVE-2026-26740 (Buffer Overflow vulnerability in giflib v.5.2.2 allows a remote attack ...)
+ TODO: check
+CVE-2026-25449 (Deserialization of Untrusted Data vulnerability in Shinetheme Traveler ...)
+ TODO: check
+CVE-2026-24063 (When a plugin is installed using the Arturia Software Center (MacOS), ...)
+ TODO: check
+CVE-2026-24062 (The "Privileged Helper" component of the Arturia Software Center (MacO ...)
+ TODO: check
+CVE-2026-1463 (The Photo Gallery, Sliders, Proofing and Themes \u2013 NextGEN Gallery ...)
+ TODO: check
+CVE-2026-1217 (The Yoast Duplicate Post plugin for WordPress is vulnerable to unautho ...)
+ TODO: check
+CVE-2026-0866
+ REJECTED
+CVE-2025-67830 (Mura before 10.1.14 allows beanFeed.cfc getQuery sortby SQL injection.)
+ TODO: check
+CVE-2025-67829 (Mura before 10.1.14 allows beanFeed.cfc getQuery sortDirection SQL inj ...)
+ TODO: check
+CVE-2025-58112 (Microsoft Dynamics 365 Customer Engagement (on-premises) 1612 (9.0.2.3 ...)
+ TODO: check
+CVE-2025-55046 (MuraCMS through 10.1.10 contains a CSRF vulnerability that allows atta ...)
+ TODO: check
+CVE-2025-55045 (The update address CSRF vulnerability in MuraCMS through 10.1.10 allow ...)
+ TODO: check
+CVE-2025-55044 (The Trash Restore CSRF vulnerability in MuraCMS through 10.1.10 allows ...)
+ TODO: check
+CVE-2025-55043 (MuraCMS through 10.1.10 contains a CSRF vulnerability in the bundle cr ...)
+ TODO: check
+CVE-2025-55041 (MuraCMS through 10.1.10 contains a CSRF vulnerability in the Add To Gr ...)
+ TODO: check
+CVE-2025-55040 (The import form CSRF vulnerability in MuraCMS through 10.1.10 allows a ...)
+ TODO: check
+CVE-2025-41258 (LibreChat version 0.8.1-rc2 uses the same JWT secret for the user sess ...)
+ TODO: check
+CVE-2025-12518 (beefree.io SDK is vulnerable to Stored XSS in Social Media icon URL pa ...)
+ TODO: check
+CVE-2026-23268 (In the Linux kernel, the following vulnerability has been resolved: a ...)
- linux 6.19.6-2
[trixie] - linux 6.12.74-2
[bookworm] - linux 6.1.164-1
[bullseye] - linux 5.10.251-1
NOTE: https://git.kernel.org/linus/6601e13e82841879406bf9f369032656f441a425 (7.0-rc4)
NOTE: https://www.qualys.com/2026/03/10/crack-armor.txt
-CVE-2026-23269 [apparmor: validate DFA start states are in bounds in unpack_pdb]
+CVE-2026-23269 (In the Linux kernel, the following vulnerability has been resolved: a ...)
- linux 6.19.6-2
[trixie] - linux 6.12.74-2
[bookworm] - linux 6.1.164-1
[bullseye] - linux 5.10.251-1
NOTE: https://git.kernel.org/linus/9063d7e2615f4a7ab321de6b520e23d370e58816 (7.0-rc4)
NOTE: https://www.qualys.com/2026/03/10/crack-armor.txt
-CVE-2026-23270 [net/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks]
+CVE-2026-23270 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.19.8-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/11cb63b0d1a0685e0831ae3c77223e002ef18189 (7.0-rc3)
-CVE-2026-23266 [fbdev: rivafb: fix divide error in nv3_arb()]
+CVE-2026-23266 (In the Linux kernel, the following vulnerability has been resolved: f ...)
- linux 6.18.13-1
[trixie] - linux 6.12.74-1
[bookworm] - linux 6.1.164-1
[bullseye] - linux 5.10.251-1
NOTE: https://git.kernel.org/linus/0209e21e3c372fa2da04c39214bec0b64e4eb5f4 (7.0-rc1)
-CVE-2026-23267 [f2fs: fix IS_CHECKPOINTED flag inconsistency issue caused by concurrent atomic commit and checkpoint writes]
+CVE-2026-23267 (In the Linux kernel, the following vulnerability has been resolved: f ...)
- linux 6.18.13-1
[trixie] - linux 6.12.74-1
[bookworm] - linux 6.1.164-1
NOTE: https://git.kernel.org/linus/7633a7387eb4d0259d6bea945e1d3469cd135bbc (7.0-rc1)
-CVE-2026-23265 [f2fs: fix to do sanity check on node footer in {read,write}_end_io]
+CVE-2026-23265 (In the Linux kernel, the following vulnerability has been resolved: f ...)
- linux 6.18.13-1
NOTE: https://git.kernel.org/linus/50ac3ecd8e05b6bcc350c71a4307d40c030ec7e4 (7.0-rc1)
-CVE-2026-23264 [Revert "drm/amd: Check if ASPM is enabled from PCIe subsystem"]
+CVE-2026-23264 (In the Linux kernel, the following vulnerability has been resolved: R ...)
- linux 6.18.10-1
[trixie] - linux 6.12.73-1
[bookworm] - linux 6.1.164-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/243b467dea1735fed904c2e54d248a46fa417a2d (6.19)
-CVE-2026-23263 [io_uring/zcrx: fix page array leak]
+CVE-2026-23263 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.18.10-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/0ae91d8ab70922fb74c22c20bedcb69459579b1c (6.19)
-CVE-2026-23262 [gve: Fix stats report corruption on queue count change]
+CVE-2026-23262 (In the Linux kernel, the following vulnerability has been resolved: g ...)
- linux 6.18.10-1
[trixie] - linux 6.12.73-1
[bookworm] - linux 6.1.164-1
[bullseye] - linux 5.10.251-1
NOTE: https://git.kernel.org/linus/7b9ebcce0296e104a0d82a6b09d68564806158ff (6.19)
-CVE-2026-23258 [net: liquidio: Initialize netdev pointer before queue setup]
+CVE-2026-23258 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.18.10-1
[trixie] - linux 6.12.73-1
[bookworm] - linux 6.1.164-1
[bullseye] - linux 5.10.251-1
NOTE: https://git.kernel.org/linus/926ede0c85e1e57c97d64d9612455267d597bb2c (6.19)
-CVE-2026-23257 [net: liquidio: Fix off-by-one error in PF setup_nic_devices() cleanup]
+CVE-2026-23257 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.18.10-1
[trixie] - linux 6.12.73-1
[bookworm] - linux 6.1.164-1
[bullseye] - linux 5.10.251-1
NOTE: https://git.kernel.org/linus/8558aef4e8a1a83049ab906d21d391093cfa7e7f (6.19)
-CVE-2026-23256 [net: liquidio: Fix off-by-one error in VF setup_nic_devices() cleanup]
+CVE-2026-23256 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.18.10-1
[trixie] - linux 6.12.73-1
[bookworm] - linux 6.1.164-1
[bullseye] - linux 5.10.251-1
NOTE: https://git.kernel.org/linus/6cbba46934aefdfb5d171e0a95aec06c24f7ca30 (6.19)
-CVE-2026-23254 [net: gro: fix outer network offset]
+CVE-2026-23254 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.18.10-1
[trixie] - linux 6.12.73-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/5c2c3c38be396257a6a2e55bd601a12bb9781507 (6.19)
-CVE-2026-23261 [nvme-fc: release admin tagset if init fails]
+CVE-2026-23261 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.18.10-1
[trixie] - linux 6.12.73-1
[bookworm] - linux 6.1.164-1
NOTE: https://git.kernel.org/linus/d1877cc7270302081a315a81a0ee8331f19f95c8 (6.19-rc6)
-CVE-2026-23260 [regmap: maple: free entry on mas_store_gfp() failure]
+CVE-2026-23260 (In the Linux kernel, the following vulnerability has been resolved: r ...)
- linux 6.18.10-1
[trixie] - linux 6.12.73-1
NOTE: https://git.kernel.org/linus/f3f380ce6b3d5c9805c7e0b3d5bc28d9ec41e2e8 (6.19-rc7)
-CVE-2026-23259 [io_uring/rw: free potentially allocated iovec on cache put failure]
+CVE-2026-23259 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.18.10-1
NOTE: https://git.kernel.org/linus/4b9748055457ac3a0710bf210c229d01ea1b01b9 (6.19-rc7)
-CVE-2026-23255 [net: add proper RCU protection to /proc/net/ptype]
+CVE-2026-23255 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.18.10-1
NOTE: https://git.kernel.org/linus/f613e8b4afea0cd17c7168e8b00e25bc8d33175d (6.19)
-CVE-2025-71270 [LoongArch: Enable exception fixup for specific ADE subcode]
+CVE-2025-71270 (In the Linux kernel, the following vulnerability has been resolved: L ...)
- linux 6.18.10-1
[trixie] - linux 6.12.73-1
[bookworm] - linux 6.1.164-1
NOTE: https://git.kernel.org/linus/9bdc1ab5e4ce6f066119018d8f69631a46f9c5a0 (6.19-rc4)
-CVE-2025-71269 [btrfs: do not free data reservation in fallback from inline due to -ENOSPC]
+CVE-2025-71269 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.18.10-1
NOTE: https://git.kernel.org/linus/f8da41de0bff9eb1d774a7253da0c9f637c4470a (6.19-rc5)
-CVE-2025-71268 [btrfs: fix reservation leak in some error paths when inserting inline extent]
+CVE-2025-71268 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.18.10-1
[trixie] - linux 6.12.73-1
[bookworm] - linux 6.1.164-1
NOTE: https://git.kernel.org/linus/c1c050f92d8f6aac4e17f7f2230160794fceef0c (6.19-rc5)
-CVE-2026-23253 [media: dvb-core: fix wrong reinitialization of ringbuffer on reopen]
+CVE-2026-23253 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.19.8-1
NOTE: https://git.kernel.org/linus/bfbc0b5b32a8f28ce284add619bf226716a59bc0 (7.0-rc2)
-CVE-2026-23252 [xfs: get rid of the xchk_xfile_*_descr calls]
+CVE-2026-23252 (In the Linux kernel, the following vulnerability has been resolved: x ...)
- linux 6.19.6-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/60382993a2e18041f88c7969f567f168cd3b4de3 (7.0-rc1)
-CVE-2026-23251 [xfs: only call xf{array,blob}_destroy if we have a valid pointer]
+CVE-2026-23251 (In the Linux kernel, the following vulnerability has been resolved: x ...)
- linux 6.19.6-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/ba408d299a3bb3c5309f40c5326e4fb83ead4247 (7.0-rc1)
-CVE-2026-23250 [xfs: check return value of xchk_scrub_create_subord]
+CVE-2026-23250 (In the Linux kernel, the following vulnerability has been resolved: x ...)
- linux 6.19.6-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/ca27313fb3f23e4ac18532ede4ec1c7cc5814c4a (7.0-rc1)
-CVE-2026-23249 [xfs: check for deleted cursors when revalidating two btrees]
+CVE-2026-23249 (In the Linux kernel, the following vulnerability has been resolved: x ...)
- linux 6.19.6-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -160,43 +290,43 @@ CVE-2026-XXXX [pre-auth arbitrary file write via unsafe deserialization in edis/
- roundcube <unfixed> (bug #1131182)
NOTE: https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.16
NOTE: Fixed by: https://github.com/roundcube/roundcubemail/commit/6d586cfa4d8a31f7957f7a445aaedd52592a0e74
-CVE-2026-23248 [perf/core: Fix refcount bug and potential UAF in perf_mmap]
+CVE-2026-23248 (In the Linux kernel, the following vulnerability has been resolved: p ...)
- linux 6.19.8-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/77de62ad3de3967818c3dbe656b7336ebee461d2 (7.0-rc2)
-CVE-2026-23247 [tcp: secure_seq: add back ports to TS offset]
+CVE-2026-23247 (In the Linux kernel, the following vulnerability has been resolved: t ...)
- linux 6.19.8-1
NOTE: https://git.kernel.org/linus/165573e41f2f66ef98940cf65f838b2cb575d9d1 (7.0-rc3)
-CVE-2026-23246 [wifi: mac80211: bounds-check link_id in ieee80211_ml_reconfiguration]
+CVE-2026-23246 (In the Linux kernel, the following vulnerability has been resolved: w ...)
- linux 6.19.8-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/162d331d833dc73a3e905a24c44dd33732af1fc5 (7.0-rc2)
-CVE-2026-23245 [net/sched: act_gate: snapshot parameters with RCU on replace]
+CVE-2026-23245 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.19.8-1
NOTE: https://git.kernel.org/linus/62413a9c3cb183afb9bb6e94dd68caf4e4145f4c (7.0-rc3)
-CVE-2026-23244 [nvme: fix memory allocation in nvme_pr_read_keys()]
+CVE-2026-23244 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.19.8-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/c3320153769f05fd7fe9d840cb555dd3080ae424 (7.0-rc3)
-CVE-2026-23243 [RDMA/umad: Reject negative data_len in ib_umad_write]
+CVE-2026-23243 (In the Linux kernel, the following vulnerability has been resolved: R ...)
- linux 6.18.14-1
NOTE: https://git.kernel.org/linus/5551b02fdbfd85a325bb857f3a8f9c9f33397ed2 (7.0-rc1)
-CVE-2026-23242 [RDMA/siw: Fix potential NULL pointer dereference in header processing]
+CVE-2026-23242 (In the Linux kernel, the following vulnerability has been resolved: R ...)
- linux 6.18.14-1
NOTE: https://git.kernel.org/linus/14ab3da122bd18920ad57428f6cf4fade8385142 (7.0-rc1)
-CVE-2025-71267 [fs: ntfs3: fix infinite loop triggered by zero-sized ATTR_LIST]
+CVE-2025-71267 (In the Linux kernel, the following vulnerability has been resolved: f ...)
- linux 6.19.6-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/06909b2549d631a47fcda249d34be26f7ca1711d (7.0-rc1)
-CVE-2025-71266 [fs: ntfs3: check return value of indx_find to avoid infinite loop]
+CVE-2025-71266 (In the Linux kernel, the following vulnerability has been resolved: f ...)
- linux 6.19.6-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/1732053c8a6b360e2d5afb1b34fe9779398b072c (7.0-rc1)
-CVE-2025-71265 [fs: ntfs3: fix infinite loop in attr_load_runs_range on inconsistent metadata]
+CVE-2025-71265 (In the Linux kernel, the following vulnerability has been resolved: f ...)
- linux 6.19.6-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/4b90f16e4bb5607fb35e7802eb67874038da4640 (7.0-rc1)
@@ -3744,7 +3874,7 @@ CVE-2025-41711 (An unauthenticated remote attacker can use firmware images to ex
NOT-FOR-US: Janitza
CVE-2025-41710 (An unauthenticated remote attacker may use hardcodes credentials to ge ...)
NOT-FOR-US: Janitza
-CVE-2025-41709 ([PROBLEMTYPE] in [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] on [PLATF ...)
+CVE-2025-41709 (An unauthenticated remote attacker can perform a command injection via ...)
NOT-FOR-US: Janitza
CVE-2025-40943 (Affected devices do not properly sanitize contents of trace files. Thi ...)
NOT-FOR-US: Siemens
@@ -212076,7 +212206,8 @@ CVE-2023-47818 (Exposure of Sensitive Information to an Unauthorized Actor vulne
NOT-FOR-US: WordPress plugin
CVE-2023-47769 (Authentication Bypass by Spoofing vulnerability in WP Maintenance allo ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-47663 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...)
+CVE-2023-47663
+ REJECTED
NOT-FOR-US: WordPress plugin
CVE-2023-47513 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...)
NOT-FOR-US: WordPress plugin
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/32745d50105f0639a2bbfae9d25252492d603801
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/32745d50105f0639a2bbfae9d25252492d603801
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260318/3dc58edd/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list