[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Mar 23 08:14:49 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6a2d6be8 by security tracker role at 2026-03-23T08:13:01+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,71 @@
+CVE-2026-4606 (GV Edge Recording Manager (ERM) v2.3.1 improperly runs application com ...)
+ TODO: check
+CVE-2026-4603 (Versions of the package jsrsasign before 11.1.1 are vulnerable to Divi ...)
+ TODO: check
+CVE-2026-4602 (Versions of the package jsrsasign before 11.1.1 are vulnerable to Inco ...)
+ TODO: check
+CVE-2026-4601 (Versions of the package jsrsasign before 11.1.1 are vulnerable to Miss ...)
+ TODO: check
+CVE-2026-4600 (Versions of the package jsrsasign before 11.1.1 are vulnerable to Impr ...)
+ TODO: check
+CVE-2026-4599 (Versions of the package jsrsasign from 7.0.0 and before 11.1.1 are vul ...)
+ TODO: check
+CVE-2026-4598 (Versions of the package jsrsasign before 11.1.1 are vulnerable to Infi ...)
+ TODO: check
+CVE-2026-4579 (A vulnerability was identified in code-projects Simple Laundry System ...)
+ TODO: check
+CVE-2026-4578 (A vulnerability was determined in code-projects Exam Form Submission 1 ...)
+ TODO: check
+CVE-2026-4577 (A vulnerability was found in code-projects Exam Form Submission 1.0. T ...)
+ TODO: check
+CVE-2026-4576 (A vulnerability has been found in code-projects Exam Form Submission 1 ...)
+ TODO: check
+CVE-2026-4575 (A flaw has been found in code-projects Exam Form Submission 1.0. This ...)
+ TODO: check
+CVE-2026-4574 (A vulnerability was detected in SourceCodester Simple E-learning Syste ...)
+ TODO: check
+CVE-2026-4573 (A security vulnerability has been detected in SourceCodester Simple E- ...)
+ TODO: check
+CVE-2026-4572 (A weakness has been identified in SourceCodester Sales and Inventory S ...)
+ TODO: check
+CVE-2026-4571 (A security flaw has been discovered in SourceCodester Sales and Invent ...)
+ TODO: check
+CVE-2026-4570 (A vulnerability was identified in SourceCodester Sales and Inventory S ...)
+ TODO: check
+CVE-2026-4569 (A vulnerability was determined in SourceCodester Sales and Inventory S ...)
+ TODO: check
+CVE-2026-4568 (A vulnerability was found in SourceCodester Sales and Inventory System ...)
+ TODO: check
+CVE-2026-4567 (A vulnerability has been found in Tenda A15 15.13.07.13. The impacted ...)
+ TODO: check
+CVE-2026-4566 (A flaw has been found in Belkin F9K1122 1.00.33. The affected element ...)
+ TODO: check
+CVE-2026-4565 (A vulnerability was detected in Tenda AC21 16.03.08.16. Impacted is th ...)
+ TODO: check
+CVE-2026-4564 (A security vulnerability has been detected in yangzongzhuan RuoYi up t ...)
+ TODO: check
+CVE-2026-4563 (A weakness has been identified in MacCMS up to 2025.1000.4052. This vu ...)
+ TODO: check
+CVE-2026-4562 (A security flaw has been discovered in MacCMS 2025.1000.4052. This aff ...)
+ TODO: check
+CVE-2026-3587 (An unauthenticated remote attacker can exploit a hidden function in th ...)
+ TODO: check
+CVE-2026-2580 (The WP Maps \u2013 Store Locator,Google Maps,OpenStreetMap,Mapbox,List ...)
+ TODO: check
+CVE-2026-1969 (The trx_addons WordPress plugin before 2.38.5 does not correctly valid ...)
+ TODO: check
+CVE-2025-6229 (The Sina Extension for Elementor (Header Builder, Footer Builter, Them ...)
+ TODO: check
+CVE-2025-13997 (The King Addons for Elementor \u2013 4,000+ ready Elementor sections, ...)
+ TODO: check
+CVE-2025-10736 (The ReviewX \u2013 WooCommerce Product Reviews with Multi-Criteria, Re ...)
+ TODO: check
+CVE-2025-10734 (The ReviewX \u2013 WooCommerce Product Reviews with Multi-Criteria, Re ...)
+ TODO: check
+CVE-2025-10731 (The ReviewX \u2013 WooCommerce Product Reviews with Multi-Criteria, Re ...)
+ TODO: check
+CVE-2025-10679 (The ReviewX \u2013 WooCommerce Product Reviews with Multi-Criteria, Re ...)
+ TODO: check
CVE-2026-4558 (A flaw has been found in Linksys MR9600 2.0.6.206937. Affected is the ...)
NOT-FOR-US: Linksys
CVE-2026-4557 (A vulnerability was detected in code-projects Exam Form Submission 1.0 ...)
@@ -14464,6 +14532,7 @@ CVE-2026-27100 (Jenkins 2.550 and earlier, LTS 2.541.1 and earlier accepts Run P
CVE-2026-27099 (Jenkins 2.483 through 2.550 (both inclusive), LTS 2.492.1 through 2.54 ...)
NOT-FOR-US: Jenkins (core or plugin)
CVE-2026-25500 (Rack is a modular Ruby web server interface. Prior to versions 2.2.22, ...)
+ {DLA-4505-1}
- ruby-rack 3.2.5-1 (bug #1128480)
NOTE: https://github.com/rack/rack/security/advisories/GHSA-whrj-4476-wvmp
NOTE: Fixed by: https://github.com/rack/rack/commit/f2f225f297b99fbee3d9f51255d41f601fc40aff (main)
@@ -14473,6 +14542,7 @@ CVE-2026-25500 (Rack is a modular Ruby web server interface. Prior to versions 2
CVE-2026-23491 (InvoicePlane is a self-hosted open source application for managing inv ...)
NOT-FOR-US: InvoicePlane
CVE-2026-22860 (Rack is a modular Ruby web server interface. Prior to versions 2.2.22, ...)
+ {DLA-4505-1}
- ruby-rack 3.2.5-1 (bug #1128479)
NOTE: https://github.com/rack/rack/security/advisories/GHSA-mxw3-3hh2-x2mh
NOTE: Fixed by: https://github.com/rack/rack/commit/75c5745c286637a8f049a33790c71237762069e7 (main)
@@ -71914,6 +71984,7 @@ CVE-2025-59671
CVE-2025-59670
REJECTED
CVE-2025-59431 (MapServer is a system for developing web-based GIS applications. Prior ...)
+ {DLA-4506-1}
- mapserver 8.4.1-1
[trixie] - mapserver 8.4.0-4+deb13u1
[bookworm] - mapserver <no-dsa> (Minor issue)
@@ -97859,13 +97930,13 @@ CVE-2025-23970 (Incorrect Privilege Assignment vulnerability in aonetheme Servic
NOT-FOR-US: WordPress plugin
CVE-2024-9453 (A vulnerability was found in Red Hat OpenShift Jenkins. The bearer tok ...)
NOT-FOR-US: Red Hat OpenShift Jenkins
-CVE-2026-23555
+CVE-2026-23555 (Any guest issuing a Xenstore command accessing a node using the (illeg ...)
- xen <unfixed> (unimportant)
[bookworm] - xen <not-affected> (Vulnerable code not present)
[bullseye] - xen <end-of-life> (EOLed in Bullseye)
NOTE: https://xenbits.xen.org/xsa/advisory-481.html
NOTE: Debian uses the ocaml-based xenstored
-CVE-2026-23554
+CVE-2026-23554 (The Intel EPT paging code uses an optimization to defer flushing of an ...)
- xen <unfixed>
[bullseye] - xen <not-affected> (Vulnerable code not present)
NOTE: https://xenbits.xen.org/xsa/advisory-480.html
@@ -446163,6 +446234,7 @@ CVE-2021-32064
CVE-2021-32063
RESERVED
CVE-2021-32062 (MapServer before 7.0.8, 7.1.x and 7.2.x before 7.2.3, 7.3.x and 7.4.x ...)
+ {DLA-4506-1}
[experimental] - mapserver 7.6.3-1~exp1
- mapserver 7.6.2-2 (bug #988208)
[buster] - mapserver <no-dsa> (Minor issue; will be fixed via point release)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6a2d6be85d5587620dcf3def4c3de9724ac33459
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6a2d6be85d5587620dcf3def4c3de9724ac33459
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260323/83c62685/attachment.htm>
More information about the debian-security-tracker-commits
mailing list