Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
dbab6279 by security tracker role at 2026-01-13T08:12:47+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,8 +1,120 @@
-CVE-2026-22801
+CVE-2026-22837
+ REJECTED
+CVE-2026-22836
+ REJECTED
+CVE-2026-22835
+ REJECTED
+CVE-2026-22834
+ REJECTED
+CVE-2026-22833
+ REJECTED
+CVE-2026-22832
+ REJECTED
+CVE-2026-22831
+ REJECTED
+CVE-2026-22830
+ REJECTED
+CVE-2026-22829
+ REJECTED
+CVE-2026-22813 (OpenCode is an open source AI coding agent. The markdown
renderer used ...)
+ TODO: check
+CVE-2026-22812 (OpenCode is an open source AI coding agent. Prior to 1.0.216,
OpenCode ...)
+ TODO: check
+CVE-2026-22805 (Metabase is an open-source data analytics platform. Prior to
55.13, 56 ...)
+ TODO: check
+CVE-2026-22804 (Termix is a web-based server management platform with SSH
terminal, tu ...)
+ TODO: check
+CVE-2026-22800 (PILOS (Platform for Interactive Live-Online Seminars) is a
frontend fo ...)
+ TODO: check
+CVE-2026-22799 (Emlog is an open source website building system. emlog v2.6.1
and earl ...)
+ TODO: check
+CVE-2026-22798 (hermes is an implementation of the HERMES workflow to
automatize softw ...)
+ TODO: check
+CVE-2026-22794 (Appsmith is a platform to build admin panels, internal tools,
and dash ...)
+ TODO: check
+CVE-2026-22789 (WebErpMesv2 is a Resource Management and Manufacturing
execution syste ...)
+ TODO: check
+CVE-2026-22788 (WebErpMesv2 is a Resource Management and Manufacturing
execution syste ...)
+ TODO: check
+CVE-2026-22786 (Gin-vue-admin is a backstage management system based on vue
and gin. G ...)
+ TODO: check
+CVE-2026-22772 (Fulcio is a certificate authority for issuing code signing
certificate ...)
+ TODO: check
+CVE-2026-22214 (RIOT OS versions up to and including 2026.01-devel-317 contain
a stack ...)
+ TODO: check
+CVE-2026-22213 (RIOT OS versions up to and including 2026.01-devel-317 contain
a stack ...)
+ TODO: check
+CVE-2026-22212 (TinyOS versions up to and including 2.1.2 contain a
stack-based buffer ...)
+ TODO: check
+CVE-2026-0514 (Due to a Cross-Site Scripting (XSS) vulnerability in SAP
Business Conn ...)
+ TODO: check
+CVE-2026-0513 (Due to an Open Redirect Vulnerability in SAP Supplier
Relationship Man ...)
+ TODO: check
+CVE-2026-0511 (SAP Fiori App Intercompany Balance Reconciliation does not
perform nec ...)
+ TODO: check
+CVE-2026-0510 (The User Management Engine (UME) in NetWeaver Application
Server for J ...)
+ TODO: check
+CVE-2026-0507 (Due to an OS Command Injection vulnerability in SAP Application
Server ...)
+ TODO: check
+CVE-2026-0506 (Due to a Missing Authorization Check vulnerability in
Application Serv ...)
+ TODO: check
+CVE-2026-0504 (Due to insufficient input handling, the SAP Identity Management
REST i ...)
+ TODO: check
+CVE-2026-0503 (Due to missing authorization check in the SAP ERP Central
Component (S ...)
+ TODO: check
+CVE-2026-0501 (Due to insufficient input validation in SAP S/4HANA Private
Cloud and ...)
+ TODO: check
+CVE-2026-0500 (Due to the usage of vulnerable third party component in SAP
Wily Intro ...)
+ TODO: check
+CVE-2026-0499 (SAP NetWeaver Enterprise Portal allows an unauthenticated
attacker to ...)
+ TODO: check
+CVE-2026-0498 (SAP S/4HANA (Private Cloud and On-Premise) allows an attacker
with adm ...)
+ TODO: check
+CVE-2026-0497 (SAP Product Designer Web UI of Business Server Pages allows
authentica ...)
+ TODO: check
+CVE-2026-0496 (SAP Fiori App Intercompany Balance Reconciliation allows an
attacker w ...)
+ TODO: check
+CVE-2026-0495 (SAP Fiori App Intercompany Balance Reconciliation allows an
attacker w ...)
+ TODO: check
+CVE-2026-0494 (Under certain conditions SAP Fiori App Intercompany Balance
Reconcilia ...)
+ TODO: check
+CVE-2026-0493 (Due to a Cross-Site Request Forgery (CSRF) vulnerability in SAP
Fiori ...)
+ TODO: check
+CVE-2026-0492 (SAP HANA database is vulnerable to privilege escalation
allowing an at ...)
+ TODO: check
+CVE-2026-0491 (SAP Landscape Transformation allows an attacker with admin
privileges ...)
+ TODO: check
+CVE-2025-67147 (Multiple SQL Injection vulnerabilities exist in
amansuryawanshi Gym-Ma ...)
+ TODO: check
+CVE-2025-67146 (Multiple SQL Injection vulnerabilities exist in AbhishekMali21
GYM-MAN ...)
+ TODO: check
+CVE-2025-66177 (There is a Stack overflow Vulnerability in the device Search
and Disco ...)
+ TODO: check
+CVE-2025-66176 (There is a Stack overflow Vulnerability in the device Search
and Disco ...)
+ TODO: check
+CVE-2025-41717 (An unauthenticated remote attacker can trick a high privileged
user in ...)
+ TODO: check
+CVE-2025-29329 (Buffer Overflow in the ippprint (Internet Printing Protocol)
service i ...)
+ TODO: check
+CVE-2025-15514 (Ollama 0.11.5-rc0 through current version 0.13.5 contain a
null pointe ...)
+ TODO: check
+CVE-2025-14829 (The E-xact | Hosted Payment | WordPress plugin through 2.0 is
vulnerab ...)
+ TODO: check
+CVE-2025-12420 (A vulnerability has been identified in the ServiceNow AI
Platform that ...)
+ TODO: check
+CVE-2025-10915 (The Dreamer Blog WordPress theme through 1.2 is vulnerable to
arbitrar ...)
+ TODO: check
+CVE-2024-58340 (LangChain versions up to and including 0.3.1 contain a regular
express ...)
+ TODO: check
+CVE-2024-58339 (LlamaIndex (run-llama/llama_index) versions up to and
including 0.12.2 ...)
+ TODO: check
+CVE-2024-14021 (LlamaIndex (run-llama/llama_index) versions up to and
including 0.11.6 ...)
+ TODO: check
+CVE-2026-22801 (LIBPNG is a reference library for use in applications that
read, creat ...)
- libpng1.6 <unfixed>
NOTE:
https://github.com/pnggroup/libpng/security/advisories/GHSA-vgjq-8cw5-ggw8
NOTE: Fixed by: https://github.com/pnggroup/libpng/commit/cf155de014
-CVE-2026-22695
+CVE-2026-22695 (LIBPNG is a reference library for use in applications that
read, creat ...)
- libpng1.6 <unfixed>
NOTE:
https://github.com/pnggroup/libpng/security/advisories/GHSA-mmq5-27w3-rxpp
NOTE: Introduced by:
https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea
(v1.6.51)
@@ -6298,7 +6410,7 @@ CVE-2025-15070 (Exposure of Sensitive Information to an
Unauthorized Actor, Miss
NOT-FOR-US: Web Fax
CVE-2025-15069 (Improper Authentication vulnerability in Gmission Web Fax
allows Privi ...)
NOT-FOR-US: Web Fax
-CVE-2025-15068 (Missing Authorization vulnerability in Gmission Web Fax allows
Privile ...)
+CVE-2025-15068 (Missing Authorization vulnerability in Gmission Web Fax allows
Authent ...)
NOT-FOR-US: Web Fax
CVE-2025-15067 (Unrestricted Upload of File with Dangerous Type vulnerability
in Innor ...)
NOT-FOR-US: Innorix
@@ -393148,8 +393260,8 @@ CVE-2021-41076
REJECTED
CVE-2021-41075 (The NetFlow Analyzer in Zoho ManageEngine OpManger before
125455 is vu ...)
NOT-FOR-US: Zoho ManageEngine
-CVE-2021-41074
- RESERVED
+CVE-2021-41074 (A CSRF issue in index.php in QloApps hotel eCommerce 1.5.1
allows an a ...)
+ TODO: check
CVE-2021-41073 (loop_rw_iter in fs/io_uring.c in the Linux kernel 5.10 through
5.14.6 ...)
{DSA-4978-1}
- linux 5.14.6-2
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dbab627969fa736d54a76aa2d50d64c11d96c72e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dbab627969fa736d54a76aa2d50d64c11d96c72e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
