[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue May 26 08:13:04 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
813d0d56 by security tracker role at 2026-05-26T07:12:58+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,25 +1,157 @@
+CVE-2026-9534 (A flaw has been found in Totolink CA750-PoE 6.2c.510. This affects the ...)
+ TODO: check
+CVE-2026-9533 (A vulnerability was detected in Totolink CA750-PoE 6.2c.510. The impac ...)
+ TODO: check
+CVE-2026-9532 (A security vulnerability has been detected in Totolink CA750-PoE 6.2c. ...)
+ TODO: check
+CVE-2026-9531 (A weakness has been identified in Totolink CA750-PoE 6.2c.510. Impacte ...)
+ TODO: check
+CVE-2026-9530 (A weakness has been identified in GNU LibreDWG up to 0.14. The impacte ...)
+ TODO: check
+CVE-2026-9529 (A security flaw has been discovered in GNU LibreDWG up to 0.14. The af ...)
+ TODO: check
+CVE-2026-9528 (A vulnerability was identified in itsourcecode Electronic Judging Syst ...)
+ TODO: check
+CVE-2026-9527 (A vulnerability was determined in itsourcecode Electronic Judging Syst ...)
+ TODO: check
+CVE-2026-9526 (A vulnerability was found in itsourcecode Electronic Judging System 1. ...)
+ TODO: check
+CVE-2026-9525 (A vulnerability has been found in itsourcecode Electronic Judging Syst ...)
+ TODO: check
+CVE-2026-9524 (A flaw has been found in xianrendzw EasyReport up to 2.0.17.0522_Beta. ...)
+ TODO: check
+CVE-2026-9523 (A vulnerability was detected in Acrel Electrical EEMS Enterprise Power ...)
+ TODO: check
+CVE-2026-9521 (A security vulnerability has been detected in fraillt bitsery up to 5. ...)
+ TODO: check
+CVE-2026-9520 (A weakness has been identified in blitz-js blitz up to 3.0.2 on GitHub ...)
+ TODO: check
+CVE-2026-9519 (A security flaw has been discovered in stonith404 pingvin-share up to ...)
+ TODO: check
+CVE-2026-9518 (A vulnerability was identified in hemant6488 CodeIgniter-StudentManage ...)
+ TODO: check
+CVE-2026-9517 (A vulnerability was determined in hemant6488 CodeIgniter-StudentManage ...)
+ TODO: check
+CVE-2026-9515 (A vulnerability was detected in Totolink CA750-PoE 6.2c.510. The affec ...)
+ TODO: check
+CVE-2026-9514 (A security vulnerability has been detected in Totolink CA750-PoE 6.2c. ...)
+ TODO: check
+CVE-2026-9513 (A weakness has been identified in Totolink CA750-PoE 6.2c.510. This is ...)
+ TODO: check
+CVE-2026-9512 (A security flaw has been discovered in Totolink CA750-PoE 6.2c.510. Th ...)
+ TODO: check
+CVE-2026-9511 (A vulnerability was identified in Totolink CA750-PoE 6.2c.510. This af ...)
+ TODO: check
+CVE-2026-9504 (A weakness has been identified in GNU LibreDWG up to 0.14. Affected is ...)
+ TODO: check
+CVE-2026-9503 (A security flaw has been discovered in GNU LibreDWG up to 0.14. This i ...)
+ TODO: check
+CVE-2026-9502 (A vulnerability was identified in GNU LibreDWG up to 0.14. This affect ...)
+ TODO: check
+CVE-2026-9501 (A vulnerability was determined in GNU LibreDWG up to 0.14. The impacte ...)
+ TODO: check
+CVE-2026-9500 (A vulnerability was found in GNU LibreDWG up to 0.14. The affected ele ...)
+ TODO: check
+CVE-2026-9498 (A vulnerability has been found in Dromara lamp-cloud up to 5.6.2. Impa ...)
+ TODO: check
+CVE-2026-9497 (A flaw has been found in changmingxie tcc-transaction up to 2.1.0. Thi ...)
+ TODO: check
+CVE-2026-9496 (Versions of the package pacote from 11.2.7 are vulnerable to Denial of ...)
+ TODO: check
+CVE-2026-9495 (Versions of the package @koa/router from 14.0.0 and before 15.0.0 are ...)
+ TODO: check
+CVE-2026-9486 (A security flaw has been discovered in SourceCodester Student Grades M ...)
+ TODO: check
+CVE-2026-9485 (A vulnerability was identified in SourceCodester Student Grades Manage ...)
+ TODO: check
+CVE-2026-9484 (A vulnerability was determined in SourceCodester Student Grades Manage ...)
+ TODO: check
+CVE-2026-4795 (A missing authorization vulnerability in Zyxel GS1200-5v3 firmware ver ...)
+ TODO: check
+CVE-2026-48852 (PuTTY 0.71 before 0.84 has an assertion failure in ECDSA signature ver ...)
+ TODO: check
+CVE-2026-48851 (PuTTY 0.77 before 0.84 uses a copy of the PuTTY icon as a trust indica ...)
+ TODO: check
+CVE-2026-48850 (PuTTY 0.72 before 0.84 has a double free in RSA KEX.)
+ TODO: check
+CVE-2026-48837 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2026-45438 (Missing Authorization vulnerability in WebToffee Smart Coupons for Woo ...)
+ TODO: check
+CVE-2026-45435 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2026-45217 (Authentication Bypass Using an Alternate Path or Channel vulnerability ...)
+ TODO: check
+CVE-2026-45216 (Incorrect Privilege Assignment vulnerability in StoreApps Smart Manage ...)
+ TODO: check
+CVE-2026-45209 (Missing Authorization vulnerability in edward_plainview MyCryptoChecko ...)
+ TODO: check
+CVE-2026-42776 (Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart ...)
+ TODO: check
+CVE-2026-42774 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2026-42773 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2026-42763 (Missing Authorization vulnerability in SePay team SePay Gateway allows ...)
+ TODO: check
+CVE-2026-3314 (Missing password field masking vulnerability in Hitachi Ops Center Ana ...)
+ TODO: check
+CVE-2026-39436 (Cross-Site Request Forgery (CSRF) vulnerability in bgermann CformsII a ...)
+ TODO: check
+CVE-2026-32389 (Missing Authorization vulnerability in Linethemes NanoCare allows Expl ...)
+ TODO: check
+CVE-2026-27398 (Missing Authorization vulnerability in WP Chill RSVP and Event Managem ...)
+ TODO: check
+CVE-2026-27357 (Missing Authorization vulnerability in Cornel Raiu WP Search Analytics ...)
+ TODO: check
+CVE-2026-27346 (Missing Authorization vulnerability in Kings Plugins B2BKing allows Ex ...)
+ TODO: check
+CVE-2026-24937 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
+ TODO: check
+CVE-2026-24597 (Cross-Site Request Forgery (CSRF) vulnerability in WpDevArt Organizati ...)
+ TODO: check
+CVE-2026-24592 (Missing Authorization vulnerability in Lucian Apostol Auto Affiliate L ...)
+ TODO: check
+CVE-2026-24586 (Missing Authorization vulnerability in Themeansar Newses allows Exploi ...)
+ TODO: check
+CVE-2026-24582 (Missing Authorization vulnerability in WPPOOL FlexTable allows Exploit ...)
+ TODO: check
+CVE-2026-24574 (Cross-Site Request Forgery (CSRF) vulnerability in Recorp Export WP Pa ...)
+ TODO: check
+CVE-2026-24554 (Cross-Site Request Forgery (CSRF) vulnerability in Convers Lab WPSubsc ...)
+ TODO: check
+CVE-2026-24546 (Missing Authorization vulnerability in Ruben Garcia GamiPress allows E ...)
+ TODO: check
+CVE-2026-24545 (Missing Authorization vulnerability in Nikki Blight QR Redirector allo ...)
+ TODO: check
+CVE-2026-24527 (Missing Authorization vulnerability in Patterns in the cloud Autoship ...)
+ TODO: check
+CVE-2025-71310 (The GDPR cookies module for Backdrop CMS (before 1.x-1.3.5) doesn't ...)
+ TODO: check
+CVE-2025-62745 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
CVE-2026-48715 [Stack Buffer Overflow in radvdump Route Information Option Parser]
- radvd <unfixed>
NOTE: https://github.com/radvd-project/radvd/security/advisories/GHSA-52px-gh9p-m379
-CVE-2026-9538 [Perl allow memory exhaustion via attacker controlled entry size field in tar header]
+CVE-2026-9538 (Archive::Tar versions before 3.10 for Perl allow memory exhaustion via ...)
- perl <unfixed>
NOTE: https://lists.security.metacpan.org/cve-announce/msg/40396448/
-CVE-2026-42497 [Perl extract hardlinks to attacker controlled paths outside the extraction directory]
+CVE-2026-42497 (Archive::Tar versions before 3.08 for Perl extract hardlinks to attack ...)
- perl <unfixed>
NOTE: https://lists.security.metacpan.org/cve-announce/msg/40396457/
-CVE-2026-42496 [Perl extract symlinks with attacker controlled targets outside the extraction directory]
+CVE-2026-42496 (Archive::Tar versions before 3.08 for Perl extract symlinks with attac ...)
- perl <unfixed>
NOTE: https://lists.security.metacpan.org/cve-announce/msg/40396459/
-CVE-2026-48589
+CVE-2026-48589 (Apache Shiro\u2019s Jakarta EE module used the HTTP Referer header in ...)
- shiro <not-affected> (Jakarta EE integration introduced in 2.0.0)
NOTE: https://www.openwall.com/lists/oss-security/2026/05/25/9
-CVE-2026-44598
+CVE-2026-44598 (With valid login credentials, URL Redirection to Untrusted Site ('Open ...)
- shiro <not-affected> (Jakarta EE integration introduced in 2.0.0)
NOTE: https://www.openwall.com/lists/oss-security/2026/05/25/8
-CVE-2026-43828
+CVE-2026-43828 (Default configurations of Apache Shiro send sensitive cookies in HTTPS ...)
- shiro <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2026/05/25/7
-CVE-2026-43827
+CVE-2026-43827 (Default configurations of Apache Shiro have a session fixation vulnera ...)
- shiro <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2026/05/25/6
CVE-2026-9490 (A security vulnerability has been identified in Acer Care Center where ...)
@@ -388,35 +520,35 @@ CVE-2026-9360 (A security flaw has been discovered in Edimax EW-7438RPn 1.28a. A
NOT-FOR-US: Edimax
CVE-2026-4372 (A critical remote code execution vulnerability exists in all versions ...)
NOT-FOR-US: HuggingFace transformers
-CVE-2026-48844 [Code injection vulnerability via code evaluation support in LDAP autovalues option.]
+CVE-2026-48844 (Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has insec ...)
- roundcube 1.6.16+dfsg-1 (bug #1137507)
NOTE: https://roundcube.net/news/2026/05/24/security-updates-1.6.16-and-1.7.1
NOTE: https://github.com/roundcube/roundcubemail/commit/ea1798a6fbf060abcc0ba73b2435036bf8016a5a
-CVE-2026-48847 [Pre-auth arbitrary file delete via redis/memcache session poisoning bypass]
+CVE-2026-48847 (Roundcube Webmail 1.6.x before 1.6.16, and 1.7.x before 1.7.1 allows p ...)
- roundcube 1.6.16+dfsg-1 (bug #1137507)
NOTE: https://roundcube.net/news/2026/05/24/security-updates-1.6.16-and-1.7.1
NOTE: https://github.com/roundcube/roundcubemail/commit/703318e6a59515b73b0d8aa2a91e346b02f56baa
-CVE-2026-48846 [Bypass of remote image blocking via CSS var().]
+CVE-2026-48846 (In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, the r ...)
- roundcube 1.6.16+dfsg-1 (bug #1137507)
NOTE: https://roundcube.net/news/2026/05/24/security-updates-1.6.16-and-1.7.1
NOTE: https://github.com/roundcube/roundcubemail/commit/852350486b88b35b8544e8a630fad89e99e2150a
-CVE-2026-48845 [Local/private URL fetch bypass when remote resources were not allowed]
+CVE-2026-48845 (In Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16 and 1.7.x before ...)
- roundcube 1.6.16+dfsg-1 (bug #1137507)
NOTE: https://roundcube.net/news/2026/05/24/security-updates-1.6.16-and-1.7.1
NOTE: https://github.com/roundcube/roundcubemail/commit/7b52353653a67e6073b97d70eb94047132b78556
-CVE-2026-48843 [SSRF bypass via specific local address URLs.]
+CVE-2026-48843 (Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16,and 1.7.x before 1.7 ...)
- roundcube 1.6.16+dfsg-1 (bug #1137507)
NOTE: https://roundcube.net/news/2026/05/24/security-updates-1.6.16-and-1.7.1
NOTE: https://github.com/roundcube/roundcubemail/commit/cb3fc9041e91640ba9ba49ee7b2147c176ebf5a1
-CVE-2026-48842 [Pre-auth SQL injection in virtuser_query plugin via preg_replace backslash escape bypass.]
+CVE-2026-48842 (Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has Pre-a ...)
- roundcube 1.6.16+dfsg-1 (bug #1137507)
NOTE: https://roundcube.net/news/2026/05/24/security-updates-1.6.16-and-1.7.1
NOTE: https://github.com/roundcube/roundcubemail/commit/87124cc7136a48b5fa9d2b40dfead6e9dcaeaf4b
-CVE-2026-48848 [CSS injection bypass in HTML sanitizer via SVG <animate attributeName="style">.]
+CVE-2026-48848 (Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7 has insuffi ...)
- roundcube 1.6.16+dfsg-1 (bug #1137507)
NOTE: https://roundcube.net/news/2026/05/24/security-updates-1.6.16-and-1.7.1
NOTE: https://github.com/roundcube/roundcubemail/commit/58e5263f341e6a418774fb6d2643669a3c4d8a27
-CVE-2026-48849 [Stored XSS/HTML/CSS injection in subject field of the draft restore dialog]
+CVE-2026-48849 (In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, an un ...)
- roundcube 1.6.16+dfsg-1 (bug #1137507)
NOTE: https://roundcube.net/news/2026/05/24/security-updates-1.6.16-and-1.7.1
NOTE: https://github.com/roundcube/roundcubemail/commit/a21519187873ce962db029b6ff68e47bd7f3fd8a
@@ -1019,7 +1151,7 @@ CVE-2026-5091 (Catalyst::Plugin::Authentication versions through 0.10024 for Per
[bullseye] - libcatalyst-plugin-authentication-perl <postponed> (Minor issue, side channel)
NOTE: https://lists.security.metacpan.org/cve-announce/msg/40281889/
NOTE: https://github.com/perl-catalyst/Catalyst-Plugin-Authentication/commit/b0515f492257438cf07082acf1e10d06e8088a5e (v0.10_025)
-CVE-2026-8376 [Buffer overflow in Perl_study_chunk]
+CVE-2026-8376 (Perl versions through 5.43.10 have a heap buffer overflow when compili ...)
- perl <unfixed> (bug #1137345)
[trixie] - perl <no-dsa> (Minor issue; can be fixed in point release)
[bookworm] - perl <no-dsa> (Minor issue; can be fixed in point release)
@@ -2993,7 +3125,7 @@ CVE-2018-25338 (Zechat 1.5 contains a SQL injection vulnerability in the hashtag
NOT-FOR-US: Zechat
CVE-2018-25337 (Joomla JoomOCShop 1.0 contains a cross-site request forgery vulnerabil ...)
NOT-FOR-US: Joomla plugin
-CVE-2018-25336 (Joomla jCart for OpenCart 2.3.0.2 contains a cross-site request forger ...)
+CVE-2018-25336 (jCart for OpenCart 2.3.0.2 contains a cross-site request forgery vulne ...)
NOT-FOR-US: Joomla plugin
CVE-2018-25335 (WordPress Plugin Peugeot Music 1.0 contains an arbitrary file upload v ...)
NOT-FOR-US: WordPress plugin
@@ -3067,7 +3199,7 @@ CVE-2021-47954 (LayerBB 1.1.4 contains an SQL injection vulnerability that allow
NOT-FOR-US: LayerBB
CVE-2021-47952 (python jsonpickle 2.0.0 contains a remote code execution vulnerability ...)
NOTE: Bogus CVE assignment for jsonpickle
-CVE-2021-47942 (Home Assistant Community Store (HACS) 1.10.0 contains a path traversal ...)
+CVE-2021-47942 (Home Assistant Community Store (HACS) prior to 1.10.0 contains a path ...)
NOT-FOR-US: Home Assistant Community Store (HACS)
CVE-2021-47934 (MyBB Timeline Plugin 1.0 contains cross-site scripting vulnerabilities ...)
NOT-FOR-US: MyBB
@@ -19796,7 +19928,7 @@ CVE-2018-25271 (Textpad 8.1.2 contains a denial of service vulnerability that al
NOT-FOR-US: Textpad
CVE-2018-25270 (ThinkPHP 5.0.23 contains a remote code execution vulnerability that al ...)
NOT-FOR-US: ThinkPHP
-CVE-2018-25269 (ICEWARP 11.0.0.0 contains a cross-site scripting vulnerability that al ...)
+CVE-2018-25269 (ICEWARP 10.3.4 and 11.0.0.0 contains a cross-site scripting vulnerabil ...)
NOT-FOR-US: IceWarp
CVE-2018-25268 (LanSpy 2.0.1.159 contains a local buffer overflow vulnerability that a ...)
NOT-FOR-US: LanSpy
@@ -20539,7 +20671,7 @@ CVE-2026-6553 (Changing backend users' passwords via the user settings module re
NOT-FOR-US: TYPO3 (core or extensions)
CVE-2026-6550 (Cryptographic algorithm downgrade in the caching layer of Amazon AWS E ...)
NOT-FOR-US: Amazon
-CVE-2026-6257 (Vvveb CMS prior to v1.0.8.2 contains a remote code execution vulnerabi ...)
+CVE-2026-6257 (Vvveb CMS v1.0.8.2 contains a remote code execution vulnerability in i ...)
NOT-FOR-US: Vvveb CMS
CVE-2026-6249 (Vvveb CMS 1.0.8.2 contains a remote code execution vulnerability in it ...)
NOT-FOR-US: Vvveb CMS
@@ -29094,7 +29226,7 @@ CVE-2018-25249 (MyBB My Arcade Plugin 1.3 contains a persistent cross-site scrip
NOT-FOR-US: MyBB
CVE-2018-25248 (MyBB Downloads Plugin 2.0.3 contains a persistent cross-site scripting ...)
NOT-FOR-US: MyBB
-CVE-2018-25247 (MyBB Like Plugin 3.0.0 contains a cross-site scripting vulnerability t ...)
+CVE-2018-25247 (MyBB Like Plugin 3.0.0 contains a stored cross-site scripting vulnerab ...)
NOT-FOR-US: MyBB
CVE-2018-25245 (7 Tik 1.0.1.0 contains a denial of service vulnerability that allows a ...)
NOT-FOR-US: 7 Tik
@@ -29871,13 +30003,13 @@ CVE-2026-28815 (A remote attacker can supply a short X-Wing HPKE encapsulated ke
NOT-FOR-US: Apple
CVE-2026-26135 (Server-side request forgery (ssrf) in Azure Custom Locations Resource ...)
NOT-FOR-US: Microsof
-CVE-2025-15620 (HiOS Switch Platform versions 09.1.00 prior to 09.4.05 and 10.3.01 con ...)
+CVE-2025-15620 (HiOS Switch Platform versions 09.1.00 through 09.4.04 and 10.0.00 thro ...)
NOT-FOR-US: HiOS Switch Platform
CVE-2024-14034 (Hirschmann HiEOS devices versions prior to 01.1.00 contain an authenti ...)
NOT-FOR-US: Hirschmann HiEOS devices
-CVE-2024-14033 (Hirschmann Industrial IT products (BAT-R, BAT-F, BAT450-F, BAT867-R, B ...)
+CVE-2024-14033 (Hirschmann EagleSDV firmware prior to 05.4.02 contains a denial-of-ser ...)
NOT-FOR-US: Hirschmann
-CVE-2023-7343 (HiSecOS web server versions 05.0.00 to 08.3.01 prior to 08.3.02 contai ...)
+CVE-2023-7343 (Hirschmann Industrial HiVision versions 05.0.00 through 08.3.01 prior ...)
NOT-FOR-US: HiSecOS web server
CVE-2022-4986 (Hirschmann EagleSDV version 05.4.01 prior to 05.4.02 contains a denial ...)
NOT-FOR-US: Hirschmann
@@ -48807,7 +48939,7 @@ CVE-2026-27593 (Statmatic is a Laravel and Git powered content management system
NOT-FOR-US: Statmatic CMS
CVE-2026-27117 (bit7z is a cross-platform C++ static library that allows the compressi ...)
NOT-FOR-US: bit7z
-CVE-2026-26351 (GetSimpleCMS Community Edition (CE) version 3.3.16 contains a stored c ...)
+CVE-2026-26351 (GetSimpleCMS Community Edition (CE) versions prior to 3.3.22 (3.3.16 t ...)
NOT-FOR-US: GetSimpleCMS
CVE-2026-25899 (Fiber is an Express inspired web framework written in Go. In versions ...)
NOT-FOR-US: Fiber
@@ -59915,7 +60047,7 @@ CVE-2020-37005 (TimeClock Software 1.01 contains an authenticated time-based SQL
NOT-FOR-US: TimeClock Software
CVE-2020-37004 (Ultimate Project Manager CRM PRO 2.0.5 contains a blind SQL injection ...)
NOT-FOR-US: Ultimate Project Manager CRM PRO
-CVE-2020-37002 (Ajenti 2.1.36 contains an authentication bypass vulnerability that all ...)
+CVE-2020-37002 (Ajenti 2.1.36 contains a post-authenticated remote command execution v ...)
- ajenti <itp> (bug #792019)
CVE-2020-37001 (Frigate Professional 3.36.0.9 contains a local buffer overflow vulnera ...)
NOT-FOR-US: Frigate Professional
@@ -63478,7 +63610,7 @@ CVE-2021-47846 (Digital Crime Report Management System 1.0 contains a critical S
NOT-FOR-US: Digital Crime Report Management System
CVE-2021-47830 (GetSimple CMS My SMTP Contact Plugin 1.1.1 contains a cross-site reque ...)
NOT-FOR-US: GetSimple CMS My SMTP Contact Plugin
-CVE-2021-47817 (OpenEMR 5.0.2.1 contains a cross-site scripting vulnerability that all ...)
+CVE-2021-47817 (OpenEMR 5.0.2.1 contains a cross-site scripting vulnerability in user ...)
NOT-FOR-US: OpenEMR
CVE-2021-47802 (Tenda D151 and D301 routers contain an unauthenticated configuration d ...)
NOT-FOR-US: Tenda
@@ -121454,7 +121586,7 @@ CVE-2010-20049 (LeapFTP <3.1.x contains a stack-based buffer overflow vulnerabil
NOT-FOR-US: LeapFTP
CVE-2010-20045 (FileWrangler <= 5.30 suffers from a stack-based buffer overflow vulner ...)
NOT-FOR-US: FileWrangler
-CVE-2010-20042 (Xion Audio Player versions prior to 1.0.126 are vulnerable to a Unicod ...)
+CVE-2010-20042 (Xion Audio Player versions 1.0.126 and prior are vulnerable to a Unico ...)
NOT-FOR-US: Xion Audio Player
CVE-2010-20010 (Foxit PDF Reader before 4.2.0.0928 does not properly bound-check the / ...)
NOT-FOR-US: Foxit PDF Reader
@@ -126334,7 +126466,7 @@ CVE-2012-10035 (Turbo FTP Server versions 1.30.823 and 1.30.826 contain a buffer
NOT-FOR-US: Turbo FTP Server
CVE-2012-10033 (Narcissus is vulnerable to remote code execution via improper input ha ...)
NOT-FOR-US: Narcissus
-CVE-2012-10032 (Maxthon3 versions prior to 3.3 are vulnerable to cross context scripti ...)
+CVE-2012-10032 (Maxthon3 version 3.2.2 build 1000 and prior are vulnerable to cross co ...)
NOT-FOR-US: Maxthon3
CVE-2012-10030 (FreeFloat FTP Server contains multiple critical design flaws that allo ...)
NOT-FOR-US: FreeFloat FTP Server
@@ -126348,7 +126480,7 @@ CVE-2012-10026 (The WordPress plugin Asset-Manager version 2.0 and below contain
NOT-FOR-US: WordPress plugin
CVE-2012-10025 (The WordPress plugin Advanced Custom Fields (ACF) version 3.5.1 and be ...)
NOT-FOR-US: WordPress plugin
-CVE-2012-10024 (XBMC version 11, including builds up to the 2012-11-04 nightly release ...)
+CVE-2012-10024 (XBMC version 11.0 contains a path traversal vulnerability in its embed ...)
- xbmc <removed>
CVE-2012-10023 (A stack-based buffer overflow vulnerability exists in FreeFloat FTP Se ...)
NOT-FOR-US: FreeFloat FTP Server
@@ -126451,7 +126583,7 @@ CVE-2014-125113 (An unrestricted file upload vulnerability exists in Dell (acqui
NOT-FOR-US: Dell KACE K1000 System Management Appliance
CVE-2013-10069 (The web interface of multiple D-Link routers, including DIR-600 rev B ...)
NOT-FOR-US: D-Link
-CVE-2013-10068 (Foxit Reader Plugin version 2.2.1.530, bundled with Foxit Reader 5.4.4 ...)
+CVE-2013-10068 (Foxit Reader versions through 5.4.5.0114, including the bundled Foxit ...)
NOT-FOR-US: Foxit Reader Plugin
CVE-2013-10064 (A stack-based buffer overflow vulnerability exists in ActFax Server ve ...)
NOT-FOR-US: ActFax Server
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/813d0d56fd08c09742a22b00532344041ba18576
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/813d0d56fd08c09742a22b00532344041ba18576
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260526/02ebe9c0/attachment.htm>
More information about the debian-security-tracker-commits
mailing list