[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat May 16 20:16:31 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
308b959d by security tracker role at 2026-05-16T19:16:25+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,88 @@
-CVE-2026-46719
+CVE-2025-4202 (The Multicollab: Content Team Collaboration and Editorial Workflow plu ...)
+ TODO: check
+CVE-2021-47981 (Quick.CMS 6.7 contains a cross-site scripting vulnerability in the sli ...)
+ TODO: check
+CVE-2021-47980 (Fuel CMS 1.4.13 contains a blind SQL injection vulnerability that allo ...)
+ TODO: check
+CVE-2021-47979 (WordPress Plugin Backup and Restore 1.0.3 contains an arbitrary file d ...)
+ TODO: check
+CVE-2021-47978 (ProcessMaker 3.5.4 contains a local file inclusion vulnerability that ...)
+ TODO: check
+CVE-2021-47977 (WordPress Plugin Anti-Malware Security and Bruteforce Firewall 4.20.59 ...)
+ TODO: check
+CVE-2021-47976 (TextPattern CMS 4.9.0-dev contains a remote code execution vulnerabili ...)
+ TODO: check
+CVE-2021-47975 (WP Learn Manager 1.1.2 contains a stored cross-site scripting vulnerab ...)
+ TODO: check
+CVE-2021-47974 (VX Search 13.5.28 contains an unquoted service path vulnerability in b ...)
+ TODO: check
+CVE-2021-47973 (Sticky Notes Widget 3.0.6 contains a denial of service vulnerability t ...)
+ TODO: check
+CVE-2021-47972 (Sticky Notes & Color Widgets 1.4.2 contains a denial of service vulner ...)
+ TODO: check
+CVE-2021-47971 (My Notes Safe 5.3 contains a denial of service vulnerability that allo ...)
+ TODO: check
+CVE-2021-47970 (Macaron Notes 5.5 contains a denial of service vulnerability that allo ...)
+ TODO: check
+CVE-2021-47969 (Color Notes 1.4 contains a denial of service vulnerability that allows ...)
+ TODO: check
+CVE-2021-47957 (Cookie Law Bar 1.2.1 contains a stored cross-site scripting vulnerabil ...)
+ TODO: check
+CVE-2021-47956 (EgavilanMedia PHPCRUD 1.0 contains an SQL injection vulnerability that ...)
+ TODO: check
+CVE-2021-47955 (CouchCMS 2.2.1 contains a cross-site scripting vulnerability that allo ...)
+ TODO: check
+CVE-2021-47954 (LayerBB 1.1.4 contains an SQL injection vulnerability that allows unau ...)
+ TODO: check
+CVE-2021-47952 (python jsonpickle 2.0.0 contains a remote code execution vulnerability ...)
+ TODO: check
+CVE-2021-47942 (Home Assistant Community Store (HACS) 1.10.0 contains a path traversal ...)
+ TODO: check
+CVE-2021-47934 (MyBB Timeline Plugin 1.0 contains cross-site scripting vulnerabilities ...)
+ TODO: check
+CVE-2020-37247 (Kite 4.2.0.1 U1 contains an unquoted service path vulnerability in the ...)
+ TODO: check
+CVE-2020-37246 (Supsystic Backup 2.3.9 contains a local file inclusion vulnerability t ...)
+ TODO: check
+CVE-2020-37245 (Supsystic Digital Publications 1.6.9 contains a path traversal vulnera ...)
+ TODO: check
+CVE-2020-37244 (Supsystic Membership 1.4.7 contains an SQL injection vulnerability tha ...)
+ TODO: check
+CVE-2020-37243 (Supsystic Pricing Table 1.8.7 contains an SQL injection vulnerability ...)
+ TODO: check
+CVE-2020-37242 (Supsystic Ultimate Maps 1.1.12 contains an SQL injection vulnerability ...)
+ TODO: check
+CVE-2020-37241 (bloofoxCMS 0.5.2.1 contains a cross-site request forgery vulnerability ...)
+ TODO: check
+CVE-2020-37240 (Queue Management System 4.0.0 contains a stored cross-site scripting v ...)
+ TODO: check
+CVE-2020-37239 (libbabl 0.1.62 contains a broken double free detection vulnerability t ...)
+ TODO: check
+CVE-2020-37238 (CMS Made Simple 2.2.15 contains a stored cross-site scripting vulnerab ...)
+ TODO: check
+CVE-2020-37237 (Composr CMS 10.0.34 contains a persistent cross-site scripting vulnera ...)
+ TODO: check
+CVE-2020-37236 (NewsLister contains an authenticated persistent cross-site scripting v ...)
+ TODO: check
+CVE-2020-37235 (WordPress Theme Wibar 1.1.8 contains a stored cross-site scripting vul ...)
+ TODO: check
+CVE-2020-37234 (Internet Download Manager 6.38.12 contains a buffer overflow vulnerabi ...)
+ TODO: check
+CVE-2020-37233 (WordPress Plugin Buddypress 6.2.0 contains a persistent cross-site scr ...)
+ TODO: check
+CVE-2020-37232 (Advanced System Care Service 13.0.0.157 contains an unquoted service p ...)
+ TODO: check
+CVE-2020-37231 (Privacy Drive 3.17.0 contains an unquoted service path vulnerability i ...)
+ TODO: check
+CVE-2020-37230 (Syncplify.me Server! 5.0.37 contains an unquoted service path vulnerab ...)
+ TODO: check
+CVE-2020-37229 (OKI sPSV Port Manager 1.0.41 contains an unquoted service path vulnera ...)
+ TODO: check
+CVE-2020-37228 (iDS6 DSSPro Digital Signage System 6.2 contains a CAPTCHA security byp ...)
+ TODO: check
+CVE-2020-37227 (HS Brand Logo Slider 2.1 contains an unrestricted file upload vulnerab ...)
+ TODO: check
+CVE-2026-46719 (Net::Statsd::Lite versions before 0.9.0 for Perl allowed metric inject ...)
NOT-FOR-US: Net::Statsd::Lite Perl module
CVE-2026-8696 (radare2 6.1.5 contains a use-after-free vulnerability in the gdbr_pids ...)
- radare2 <unfixed> (bug #1136830)
@@ -374,7 +458,7 @@ CVE-2026-8669 (Imager versions through 1.030 for Perl allow a heap out of bounds
NOTE: Imager embbeds the Imager::File::GIF code and syncs the fix:
NOTE: Fixed by: https://github.com/tonycoz/imager/commit/782e9c06cc75a0f7eed383f39522f51f44598b04 (v1.031)
CVE-2026-46333 (In the Linux kernel, the following vulnerability has been resolved: p ...)
- {DSA-6275-1 DSA-6274-1}
+ {DSA-6275-1 DSA-6274-1 DLA-4588-1 DLA-4587-1}
- linux 7.0.7-1
NOTE: https://github.com/torvalds/linux/commit/31e62c2ebbfdc3fe3dbdf5e02c92a9dc67087a3a
NOTE: https://www.openwall.com/lists/oss-security/2026/05/15/2
@@ -2089,6 +2173,7 @@ CVE-2020-37168 (Ecommerce Systempay 1.0 contains a weak cryptographic implementa
CVE-2026-8500 (Web::Passwd versions through 0.03 for Perl is vulnerable to RCE. Web: ...)
NOT-FOR-US: Web::Passwd Perl module
CVE-2026-42945 (NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_ ...)
+ {DSA-6278-1}
- nginx 1.30.0-3
NOTE: https://www.openwall.com/lists/oss-security/2026/05/13/7
NOTE: https://depthfirst.com/research/nginx-rift-achieving-nginx-rce-via-an-18-year-old-vulnerability
@@ -2096,6 +2181,7 @@ CVE-2026-42945 (NGINX Plus and NGINX Open Source have a vulnerability in the ngx
NOTE: https://nginx.org/en/security_advisories.html
NOTE: https://github.com/nginx/nginx/commit/524977e7c534e87e5b55739fa74601c9f1102686 (release-1.30.1)
CVE-2026-42946 (A vulnerability exists in the ngx_http_scgi_moduleand ngx_http_uwsgi_m ...)
+ {DSA-6278-1}
- nginx 1.30.0-4
NOTE: https://my.f5.com/manage/s/article/K000161027
NOTE: https://nginx.org/en/security_advisories.html
@@ -2119,11 +2205,13 @@ CVE-2026-42926 (When NGINX Open Source is configured to proxy HTTP/2 traffic by
NOTE: https://github.com/nginx/nginx/commit/ce3362cfd5c3e1434a6151cfa585b89114389da7 (release-1.30.1)
NOTE: https://github.com/nginx/nginx/commit/a0e742944db64d8a547cc2e7a0ba4c2e85cd4b98 (release-1.30.1)
CVE-2026-40701 (NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_ ...)
+ {DSA-6278-1}
- nginx 1.30.0-4
NOTE: https://my.f5.com/manage/s/article/K000161021
NOTE: https://nginx.org/en/security_advisories.html
NOTE: https://github.com/nginx/nginx/commit/d2b8d47741820c9fb134c6731ecb40b21f3085b1 (release-1.30.1)
CVE-2026-42934 (NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_ ...)
+ {DSA-6278-1}
- nginx 1.30.0-4
NOTE: https://my.f5.com/manage/s/article/K000161028
NOTE: https://nginx.org/en/security_advisories.html
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/308b959df8ac74a8709ca1e91bbac376f351fd0e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/308b959df8ac74a8709ca1e91bbac376f351fd0e
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260516/625d2d67/attachment.htm>
More information about the debian-security-tracker-commits
mailing list