Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5dcebb7c by security tracker role at 2026-01-07T08:13:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,165 @@
+CVE-2026-22162
+ REJECTED
+CVE-2026-22161
+ REJECTED
+CVE-2026-22160
+ REJECTED
+CVE-2026-22159
+ REJECTED
+CVE-2026-22158
+ REJECTED
+CVE-2026-22157
+ REJECTED
+CVE-2026-22156
+ REJECTED
+CVE-2026-21492 (iccDEV provides a set of libraries and tools that allow for
the intera ...)
+ TODO: check
+CVE-2026-20893 (Origin validation error issue exists in Fujitsu Security
Solution Auth ...)
+ TODO: check
+CVE-2026-0656 (The iPaymu Payment Gateway for WooCommerce plugin for WordPress
is vul ...)
+ TODO: check
+CVE-2026-0650 (OpenFlagr versions prior to and including 1.1.18 contain an
authentica ...)
+ TODO: check
+CVE-2026-0649 (A security vulnerability has been detected in invoiceninja up
to 5.12. ...)
+ TODO: check
+CVE-2026-0643 (A flaw has been found in projectworlds House Rental and
Property Listi ...)
+ TODO: check
+CVE-2026-0642 (A vulnerability was detected in projectworlds House Rental and
Propert ...)
+ TODO: check
+CVE-2025-9611 (Microsoft Playwright MCP Server versions prior to 0.0.40 fails
to vali ...)
+ TODO: check
+CVE-2025-47396 (Memory corruption occurs when a secure application is launched
on a de ...)
+ TODO: check
+CVE-2025-47395 (Transient DOS while parsing a WLAN management frame with a
Vendor Spec ...)
+ TODO: check
+CVE-2025-47394 (Memory corruption when copying overlapping buffers during
memory opera ...)
+ TODO: check
+CVE-2025-47393 (Memory corruption when accessing resources in kernel driver.)
+ TODO: check
+CVE-2025-47388 (Memory corruption while passing pages to DSP with an unaligned
startin ...)
+ TODO: check
+CVE-2025-47380 (Memory corruption while preprocessing IOCTLs in sensors.)
+ TODO: check
+CVE-2025-47369 (Information disclosure when a weak hashed value is returned to
userlan ...)
+ TODO: check
+CVE-2025-47356 (Memory Corruption when multiple threads concurrently access
and modify ...)
+ TODO: check
+CVE-2025-47348 (Memory corruption while processing identity credential
operations in t ...)
+ TODO: check
+CVE-2025-47346 (Memory corruption while processing a secure logging command in
the tru ...)
+ TODO: check
+CVE-2025-47345 (Cryptographic issue may occur while encrypting license data.)
+ TODO: check
+CVE-2025-47344 (Memory corruption while handling sensor utility operations.)
+ TODO: check
+CVE-2025-47343 (Memory corruption while processing a video session to set
video parame ...)
+ TODO: check
+CVE-2025-47339 (Memory corruption while deinitializing a HDCP session.)
+ TODO: check
+CVE-2025-47337 (Memory corruption while accessing a synchronization object
during conc ...)
+ TODO: check
+CVE-2025-47336 (Memory corruption while performing sensor register read
operations.)
+ TODO: check
+CVE-2025-47335 (Memory corruption while parsing clock configuration data for a
specifi ...)
+ TODO: check
+CVE-2025-47334 (Memory corruption while processing shared command buffer
packet betwee ...)
+ TODO: check
+CVE-2025-47333 (Memory corruption while handling buffer mapping operations in
the cryp ...)
+ TODO: check
+CVE-2025-47332 (Memory corruption while processing a config call from
userspace.)
+ TODO: check
+CVE-2025-47331 (Information disclosure while processing a firmware event.)
+ TODO: check
+CVE-2025-47330 (Transient DOS while parsing video packets received from the
video firm ...)
+ TODO: check
+CVE-2025-31964 (Improper service binding configuration in internal service
components ...)
+ TODO: check
+CVE-2025-31963 (Improper authentication and missing CSRF protection in the
local setup ...)
+ TODO: check
+CVE-2025-31962 (Insufficient session expiration in the Web UI authentication
component ...)
+ TODO: check
+CVE-2025-31642 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-31051 (Exposure of Sensitive System Information to an Unauthorized
Control Sp ...)
+ TODO: check
+CVE-2025-30996 (Unrestricted Upload of File with Dangerous Type vulnerability
in Themi ...)
+ TODO: check
+CVE-2025-30631 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-29004 (Incorrect Privilege Assignment vulnerability in AA-Team
Premium Age Ve ...)
+ TODO: check
+CVE-2025-15474 (AuntyFey Smart Combination Lock firmware versions as of
2025-12-24 con ...)
+ TODO: check
+CVE-2025-15472 (A flaw has been found in TRENDnet TEW-811DRU 1.0.2.0. This
affects the ...)
+ TODO: check
+CVE-2025-15471 (A vulnerability was detected in TRENDnet TEW-713RE 1.02. The
impacted ...)
+ TODO: check
+CVE-2025-14904 (The Newsletter Email Subscribe plugin for WordPress is
vulnerable to C ...)
+ TODO: check
+CVE-2025-14901 (The Bit Form \u2013 Contact Form Plugin plugin for WordPress
is vulner ...)
+ TODO: check
+CVE-2025-14891 (The Customer Reviews for WooCommerce plugin for WordPress is
vulnerabl ...)
+ TODO: check
+CVE-2025-14888 (The Simple User Meta Editor plugin for WordPress is vulnerable
to Stor ...)
+ TODO: check
+CVE-2025-14887 (The twinklesmtp \u2013 Email Service Provider For WordPress
plugin for ...)
+ TODO: check
+CVE-2025-14875 (The HBLPAY Payment Gateway for WooCommerce plugin for
WordPress is vul ...)
+ TODO: check
+CVE-2025-14867 (The Flashcard plugin for WordPress is vulnerable to Path
Traversal in ...)
+ TODO: check
+CVE-2025-14845 (The NS IE Compatibility Fixer plugin for WordPress is
vulnerable to Cr ...)
+ TODO: check
+CVE-2025-14842 (The Drag and Drop Multiple File Upload \u2013 Contact Form 7
plugin fo ...)
+ TODO: check
+CVE-2025-14835 (The WP Photo Album Plus plugin for WordPress is vulnerable to
Reflecte ...)
+ TODO: check
+CVE-2025-14804 (The Frontend File Manager Plugin WordPress plugin before 23.5
did not ...)
+ TODO: check
+CVE-2025-14802 (The LearnPress \u2013 WordPress LMS Plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2025-14792 (The Key Figures plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
+ TODO: check
+CVE-2025-14719 (The Relevanssi WordPress plugin before 4.26.0, Relevanssi
Premium Wor ...)
+ TODO: check
+CVE-2025-14631 (A NULL Pointer Dereference vulnerability in TP-Link Archer
BE400 V1(80 ...)
+ TODO: check
+CVE-2025-14625 (Uncontrolled Search Path Element vulnerability in Altera
Quartus Prime ...)
+ TODO: check
+CVE-2025-14614 (Insecure Temporary File vulnerability in Altera Quartus Prime
Standard ...)
+ TODO: check
+CVE-2025-14612 (Insecure Temporary File vulnerability in Altera Quartus Prime
Pro Ins ...)
+ TODO: check
+CVE-2025-14605 (Uncontrolled Search Path Element vulnerability in Altera
Quartus Prime ...)
+ TODO: check
+CVE-2025-14599 (Uncontrolled Search Path Element vulnerability in Altera
Quartus Prime ...)
+ TODO: check
+CVE-2025-14596 (Uncontrolled Search Path Element vulnerability in Altera
Quartus Prime ...)
+ TODO: check
+CVE-2025-14468 (The AMP for WP \u2013 Accelerated Mobile Pages plugin for
WordPress is ...)
+ TODO: check
+CVE-2025-14370 (The Quote Comments plugin for WordPress is vulnerable to
Missing Autho ...)
+ TODO: check
+CVE-2025-14059 (The EmailKit plugin for WordPress is vulnerable to Arbitrary
File Read ...)
+ TODO: check
+CVE-2025-13744 (An Improper Neutralization of Input During Web Page Generation
vulnera ...)
+ TODO: check
+CVE-2025-13657 (The HelpDesk contact form plugin for WordPress is vulnerable
to Cross- ...)
+ TODO: check
+CVE-2025-13371 (The MoneySpace plugin for WordPress is vulnerable to Sensitive
Informa ...)
+ TODO: check
+CVE-2025-13369 (The Premmerce WooCommerce Customers Manager plugin for
WordPress is vu ...)
+ TODO: check
+CVE-2025-12648 (The WP-Members Membership Plugin for WordPress is vulnerable
to unauth ...)
+ TODO: check
+CVE-2025-12449 (The aBlocks \u2013 WordPress Gutenberg Blocks plugin for
WordPress is ...)
+ TODO: check
+CVE-2025-11235 (Unverified Password Change vulnerability in Progress MOVEit
Transfer o ...)
+ TODO: check
+CVE-2025-0980 (Nokia SR Linux is vulnerable to an authentication vulnerability
allowi ...)
+ TODO: check
+CVE-2024-14020 (A weakness has been identified in carboneio carbone up to
fbcd349077ad ...)
+ TODO: check
CVE-2025-15224 [libssh key passphrase bypass without agent set]
- curl <unfixed> (unimportant)
NOTE: https://curl.se/docs/CVE-2025-15224.html
@@ -39,7 +201,7 @@ CVE-2025-13034 [No QUIC certificate pinning with GnuTLS]
NOTE: https://curl.se/docs/CVE-2025-13034.html
NOTE: Introduced with:
https://github.com/curl/curl/commit/3210101088dfa3d6a125d213226b092f2f866722
(curl-8_8_0)
NOTE: Fixed by:
https://github.com/curl/curl/commit/3d91ca8cdb3b434226e743946d428b4dd3acf2c9
(rc-8_18_0-1, curl-8_18_0)
-CVE-2026-0628
+CVE-2026-0628 (Insufficient policy enforcement in WebView tag in Google Chrome
prior ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-21494 (iccDEV provides a set of libraries and tools that allow for
the intera ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5dcebb7cb0b15247aba02ac080a9550eff9d00c1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5dcebb7cb0b15247aba02ac080a9550eff9d00c1
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
