[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sun May 10 20:13:10 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2266ef08 by security tracker role at 2026-05-10T19:13:01+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,121 @@
+CVE-2026-8244 (A vulnerability was identified in Industrial Application Software IAS ...)
+ TODO: check
+CVE-2026-8243 (A vulnerability was determined in Industrial Application Software IAS ...)
+ TODO: check
+CVE-2026-8242 (A vulnerability was found in Industrial Application Software IAS Cania ...)
+ TODO: check
+CVE-2026-8241 (A vulnerability has been found in Industrial Application Software IAS ...)
+ TODO: check
+CVE-2022-50970 (WordPress Plugin AAWP 3.16 contains a reflected cross-site scripting v ...)
+ TODO: check
+CVE-2022-50969 (uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerabil ...)
+ TODO: check
+CVE-2022-50968 (uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerabil ...)
+ TODO: check
+CVE-2022-50967 (uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerabil ...)
+ TODO: check
+CVE-2022-50966 (uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerabil ...)
+ TODO: check
+CVE-2022-50965 (uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerabil ...)
+ TODO: check
+CVE-2022-50964 (uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerabil ...)
+ TODO: check
+CVE-2022-50963 (uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerabil ...)
+ TODO: check
+CVE-2022-50962 (uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerabil ...)
+ TODO: check
+CVE-2022-50961 (WordPress Plugin IP2Location Country Blocker 2.26.7 contains a stored ...)
+ TODO: check
+CVE-2022-50960 (WordPress International Sms For Contact Form 7 Integration version 1.2 ...)
+ TODO: check
+CVE-2022-50959 (WordPress Contact Form Builder 1.6.1 contains a reflected cross-site s ...)
+ TODO: check
+CVE-2022-50958 (WordPress Plugin Jetpack 9.1 contains a reflected cross-site scripting ...)
+ TODO: check
+CVE-2022-50957 (Drupal avatar_uploader 7.x-1.0-beta8 contains a reflected cross-site s ...)
+ TODO: check
+CVE-2022-50956 (WordPress Plugin amministrazione-aperta 3.7.3 contains a local file re ...)
+ TODO: check
+CVE-2022-50955 (WordPress Plugin Curtain 1.0.2 contains a cross-site request forgery v ...)
+ TODO: check
+CVE-2022-50954 (WordPress Plugin cab-fare-calculator 1.0.3 contains a local file inclu ...)
+ TODO: check
+CVE-2022-50949 (WordPress Plugin Videos sync PDF 1.7.4 contains a stored cross-site sc ...)
+ TODO: check
+CVE-2022-50948 (Motopress Hotel Booking Lite 4.2.4 contains a stored cross-site script ...)
+ TODO: check
+CVE-2022-50947 (WordPress Plugin Testimonial Slider and Showcase 2.2.6 contains a stor ...)
+ TODO: check
+CVE-2022-50946 (WordPress Plugin Netroics Blog Posts Grid 1.0 contains a stored cross- ...)
+ TODO: check
+CVE-2022-50945 (WordPress 3dady real-time web stats plugin 1.0 contains a stored cross ...)
+ TODO: check
+CVE-2022-50944 (Aero CMS 0.0.1 contains a PHP code injection vulnerability that allows ...)
+ TODO: check
+CVE-2022-50943 (Moodle LMS 4.0 contains a cross-site scripting vulnerability that allo ...)
+ TODO: check
+CVE-2021-47953 (OpenCart 3.0.3.7 contains a cross-site request forgery vulnerability t ...)
+ TODO: check
+CVE-2021-47951 (WordPress Picture Gallery 1.4.2 contains a stored cross-site scripting ...)
+ TODO: check
+CVE-2021-47950 (Advanced Guestbook 2.4.4 contains a persistent cross-site scripting vu ...)
+ TODO: check
+CVE-2021-47949 (CyberPanel 2.1 contains a command execution vulnerability that allows ...)
+ TODO: check
+CVE-2021-47948 (WordPress GetPaid Plugin 2.4.6 contains an HTML injection vulnerabilit ...)
+ TODO: check
+CVE-2021-47947 (Projectsend r1295 contains a stored cross-site scripting vulnerability ...)
+ TODO: check
+CVE-2021-47946 (OpenCart 3.0.36 contains a cross-site request forgery vulnerability in ...)
+ TODO: check
+CVE-2021-47945 (Argus Surveillance DVR 4.0 contains an unquoted service path vulnerabi ...)
+ TODO: check
+CVE-2021-47944 (memono Notepad 4.2 contains a denial of service vulnerability that all ...)
+ TODO: check
+CVE-2021-47943 (TextPattern CMS 4.8.7 contains a remote code execution vulnerability t ...)
+ TODO: check
+CVE-2021-47941 (WordPress Plugin Survey & Poll 1.5.7.3 contains an SQL injection vulne ...)
+ TODO: check
+CVE-2021-47940 (WordPress Plugin Download From Files version 1.48 and earlier contains ...)
+ TODO: check
+CVE-2021-47939 (Evolution CMS 3.1.6 contains a remote code execution vulnerability tha ...)
+ TODO: check
+CVE-2021-47938 (ImpressCMS 1.4.2 contains a remote code execution vulnerability in the ...)
+ TODO: check
+CVE-2021-47937 (e107 CMS 2.3.0 contains a remote code execution vulnerability that all ...)
+ TODO: check
+CVE-2021-47936 (OpenCATS 0.9.4 contains a remote code execution vulnerability that all ...)
+ TODO: check
+CVE-2021-47935 (Sentry 8.2.0 contains a remote code execution vulnerability that allow ...)
+ TODO: check
+CVE-2021-47933 (WordPress MStore API 2.0.6 contains an arbitrary file upload vulnerabi ...)
+ TODO: check
+CVE-2021-47932 (WordPress TheCartPress 1.5.3.6 contains an unauthenticated privilege e ...)
+ TODO: check
+CVE-2021-47931 (Exponent CMS 2.6 contains a stored cross-site scripting vulnerability ...)
+ TODO: check
+CVE-2021-47930 (Balbooa Joomla Forms Builder 2.0.6 contains an unauthenticated SQL inj ...)
+ TODO: check
+CVE-2021-47929 (Filterable Portfolio Gallery 1.0 contains a stored cross-site scriptin ...)
+ TODO: check
+CVE-2021-47928 (Opencart TMD Vendor System 3.x contains a blind SQL injection vulnerab ...)
+ TODO: check
+CVE-2021-47927 (WordPress Plugin WP Symposium Pro 2021.10 contains a stored cross-site ...)
+ TODO: check
+CVE-2021-47926 (Contact Form to Email 1.3.24 contains a stored cross-site scripting vu ...)
+ TODO: check
+CVE-2021-47925 (CMDBuild 3.3.2 contains multiple stored cross-site scripting vulnerabi ...)
+ TODO: check
+CVE-2021-47924 (Ultimate Product Catalog 5.8.2 contains a stored cross-site scripting ...)
+ TODO: check
+CVE-2021-47923 (OpenCart 3.0.3.8 contains a session fixation vulnerability that allows ...)
+ TODO: check
+CVE-2021-47922 (Slider by Soliloquy 2.6.2 contains a stored cross-site scripting vulne ...)
+ TODO: check
+CVE-2021-47910 (AccessPress Social Icons 1.8.2 contains a stored cross-site scripting ...)
+ TODO: check
+CVE-2021-47907 (Rocket LMS 1.1 contains a persistent cross-site scripting vulnerabilit ...)
+ TODO: check
CVE-2026-8235 (A vulnerability was detected in 8421bit MiniClaw 0.8.0/0.9.0. This iss ...)
NOT-FOR-US: MiniClaw
CVE-2026-8234 (A security vulnerability has been detected in EFM ipTIME A8004T 14.18. ...)
@@ -2266,36 +2384,42 @@ CVE-2026-4807 (The Appointment Booking Calendar plugin for WordPress is vulnerab
CVE-2026-4348 (The BetterDocs Pro plugin for WordPress is vulnerable to SQL Injection ...)
NOT-FOR-US: WordPress plugin
CVE-2026-44603 (Tor before 0.4.9.7 has an out-of-bounds read by one byte via a malform ...)
+ {DSA-6260-1}
- tor 0.4.9.8-1
NOTE: https://forum.torproject.org/c/news/tor-release-announcement/28
NOTE: https://www.openwall.com/lists/oss-security/2026/05/06/8
NOTE: https://gitlab.torproject.org/tpo/core/tor/-/work_items/41245
NOTE: https://gitlab.torproject.org/tpo/core/tor/-/commit/1703df3d439c83c2184e259fad1cfa19240f9c89
CVE-2026-44602 (Tor before 0.4.9.7 has a NULL pointer dereference when a CERT cell is ...)
+ {DSA-6260-1}
- tor 0.4.9.8-1
NOTE: https://forum.torproject.org/c/news/tor-release-announcement/28
NOTE: https://www.openwall.com/lists/oss-security/2026/05/06/8
NOTE: https://gitlab.torproject.org/tpo/core/tor/-/work_items/41240
NOTE: https://gitlab.torproject.org/tpo/core/tor/-/commit/df7d5174ef41814d806c8ede776e230cd30ac12b
CVE-2026-44601 (Tor before 0.4.9.7, when circuit queue memory pressure exists, can exp ...)
+ {DSA-6260-1}
- tor 0.4.9.8-1
NOTE: https://forum.torproject.org/c/news/tor-release-announcement/28
NOTE: https://www.openwall.com/lists/oss-security/2026/05/06/8
NOTE: https://gitlab.torproject.org/tpo/core/tor/-/work_items/41237
NOTE: https://gitlab.torproject.org/tpo/core/tor/-/commit/d4e3f6a440b58c2be661decf20c09548704907dc
CVE-2026-44600 (Tor before 0.4.9.7 mishandles accounting of the conflux out-of-order q ...)
+ {DSA-6260-1}
- tor 0.4.9.8-1
NOTE: https://forum.torproject.org/c/news/tor-release-announcement/28
NOTE: https://www.openwall.com/lists/oss-security/2026/05/06/8
NOTE: https://gitlab.torproject.org/tpo/core/tor/-/work_items/41251
NOTE: https://gitlab.torproject.org/tpo/core/tor/-/commit/a198185ed863677d60eec120126730628dac35bb
CVE-2026-44599 (Tor before 0.4.9.7 can attempt or accept BEGIN_DIR via conflux legs, a ...)
+ {DSA-6260-1}
- tor 0.4.9.8-1
NOTE: https://forum.torproject.org/c/news/tor-release-announcement/28
NOTE: https://www.openwall.com/lists/oss-security/2026/05/06/8
NOTE: https://gitlab.torproject.org/tpo/core/tor/-/work_items/41243
NOTE: https://gitlab.torproject.org/tpo/core/tor/-/commit/50f90ba849088247734786922855c22661c6fa03
CVE-2026-44597 (Tor before 0.4.9.7 has an out-of-bounds read when an END, a TRUNCATE, ...)
+ {DSA-6260-1}
- tor 0.4.9.8-1
NOTE: https://forum.torproject.org/c/news/tor-release-announcement/28
NOTE: https://www.openwall.com/lists/oss-security/2026/05/06/8
@@ -13506,7 +13630,7 @@ CVE-2026-5250
CVE-2026-4801 (The Page Builder Gutenberg Blocks \u2013 CoBlocks plugin for WordPress ...)
NOT-FOR-US: WordPress plugin
CVE-2026-41254 (Little CMS (lcms2) through 2.18 has an integer overflow in CubeSize in ...)
- {DLA-4568-1}
+ {DSA-6262-1 DLA-4568-1}
- lcms2 2.17-1.1 (bug #1134335)
NOTE: https://www.openwall.com/lists/oss-security/2026/04/17/16
NOTE: https://abhinavagarwal07.github.io/posts/lcms2-cubesize-overflow/
@@ -19030,7 +19154,7 @@ CVE-2025-12664 (GitLab has remediated an issue in GitLab CE/EE affecting all ver
CVE-2023-46945 (QD 20230821 is vulnerable to Server-side request forgery (SSRF) via a ...)
NOT-FOR-US: QD 20230821
CVE-2026-34757 (LIBPNG is a reference library for use in applications that read, creat ...)
- {DLA-4573-1}
+ {DSA-6263-1 DLA-4573-1}
- libpng1.6 1.6.57-1 (bug #1133051)
NOTE: https://github.com/pnggroup/libpng/security/advisories/GHSA-6fr7-g8h7-v645
NOTE: Fixed by: https://github.com/pnggroup/libpng/commit/398cbe3df03f4e11bb031e07f416dfdde3684e8a (v1.6.57)
@@ -22748,11 +22872,13 @@ CVE-2026-35093 (A flaw was found in libinput. A local attacker who can place a s
NOTE: Fixed by: https://gitlab.freedesktop.org/libinput/libinput/-/commit/49f9a815170fe4178cca8dd3a3e591486aa508a3 (1.31.1)
NOTE: Fixed by: https://gitlab.freedesktop.org/libinput/libinput/-/commit/7819c23eaf61b8501169b124baf984edcaf9e5ff (1.30.3)
CVE-2026-35092 (A flaw was found in Corosync. An integer overflow vulnerability in Cor ...)
+ {DSA-6261-1}
- corosync 3.1.10-2 (bug #1133837)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2453814
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2453169
NOTE: https://github.com/corosync/corosync/commit/4082294f5094a7591e4e00658c5a605f05d644f1
CVE-2026-35091 (A flaw was found in Corosync. A remote unauthenticated attacker can ex ...)
+ {DSA-6261-1}
- corosync 3.1.10-2 (bug #1133838)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2453813
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2453169
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2266ef081d2fd80572272320a3977e3ddc11d65f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2266ef081d2fd80572272320a3977e3ddc11d65f
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260510/9d76744e/attachment.htm>
More information about the debian-security-tracker-commits
mailing list