Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
06463ed7 by security tracker role at 2026-01-15T08:13:10+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,57 @@
+CVE-2026-23582
+ REJECTED
+CVE-2026-23581
+ REJECTED
+CVE-2026-23580
+ REJECTED
+CVE-2026-23579
+ REJECTED
+CVE-2026-23578
+ REJECTED
+CVE-2026-23577
+ REJECTED
+CVE-2026-23576
+ REJECTED
+CVE-2026-23575
+ REJECTED
+CVE-2026-23574
+ REJECTED
+CVE-2026-23512 (SumatraPDF is a multi-format reader for Windows. In 3.5.2 and
earlier, ...)
+ TODO: check
+CVE-2026-0962 (SOME/IP-SD protocol dissector crash in Wireshark 4.6.0 to 4.6.2
and 4. ...)
+ TODO: check
+CVE-2026-0961 (BLF file parser crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to
4.4.12 ...)
+ TODO: check
+CVE-2026-0960 (HTTP3 protocol dissector infinite loop in Wireshark 4.6.0 to
4.6.2 all ...)
+ TODO: check
+CVE-2026-0959 (IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to
4.6.2 and 4 ...)
+ TODO: check
+CVE-2026-0861 (Passing too large an alignment to the memalign suite of
functions (mem ...)
+ TODO: check
+CVE-2026-0601 (A reflected cross-site scripting vulnerability exists in Nexus
Reposit ...)
+ TODO: check
+CVE-2026-0600 (Server-Side Request Forgery (SSRF) vulnerability in Sonatype
Nexus Rep ...)
+ TODO: check
+CVE-2026-0421 (A potential vulnerability was reported in the BIOS of L13 Gen
6, L13 G ...)
+ TODO: check
+CVE-2025-14457 (The Drag and Drop Multiple File Upload for Contact Form 7
plugin for W ...)
+ TODO: check
+CVE-2025-14448 (The WP-Members Membership Plugin plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2025-14058 (A potential missing authentication vulnerability was reported
in some ...)
+ TODO: check
+CVE-2025-13455 (A vulnerability was reported in ThinkPlus configuration
software that ...)
+ TODO: check
+CVE-2025-13454 (A potential vulnerability was reported in ThinkPlus
configuration soft ...)
+ TODO: check
+CVE-2025-13453 (A potential vulnerability was reported in some ThinkPlus USB
drives th ...)
+ TODO: check
+CVE-2025-13154 (An improper link following vulnerability was reported in the
SmartPerf ...)
+ TODO: check
+CVE-2025-12533
+ REJECTED
+CVE-2025-12166 (The Appointment Booking Calendar \u2014 Simply Schedule
Appointments B ...)
+ TODO: check
CVE-2026-23550 (Incorrect Privilege Assignment vulnerability in Modular DS
allows Priv ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-23498 (Shopware is an open commerce platform. From 6.7.0.0 to before
6.7.6.1, ...)
@@ -666,33 +720,43 @@ CVE-2025-55131 [Timeout-based race conditions make
Uint8Array/Buffer.alloc non-z
- nodejs 22.22.0+dfsg+~cs22.19.6-1
NOTE:
https://nodejs.org/en/blog/vulnerability/december-2025-security-releases#timeout-based-race-conditions-make-uint8arraybufferalloc-non-zerofilled-cve-2025-55131---high
CVE-2026-0908
+ {DSA-6100-1}
- chromium 144.0.7559.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-0907
+ {DSA-6100-1}
- chromium 144.0.7559.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-0906
+ {DSA-6100-1}
- chromium 144.0.7559.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-0905
+ {DSA-6100-1}
- chromium 144.0.7559.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-0904
+ {DSA-6100-1}
- chromium 144.0.7559.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-0903
+ {DSA-6100-1}
- chromium 144.0.7559.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-0902
+ {DSA-6100-1}
- chromium 144.0.7559.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-0901
+ {DSA-6100-1}
- chromium 144.0.7559.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-0900
+ {DSA-6100-1}
- chromium 144.0.7559.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-0899
+ {DSA-6100-1}
- chromium 144.0.7559.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-22818 (Hono is a Web application framework that provides support for
any Java ...)
@@ -11188,13 +11252,13 @@ CVE-2025-63947 (A Reflected Cross-Site Scripting
(XSS) vulnerability exists in p
NOT-FOR-US: phpMsAdmin
CVE-2025-62004 (BullWall Server Intrusion Protection services are initialized
after lo ...)
NOT-FOR-US: BullWall
-CVE-2025-62003 (BullWall Server Intrusion Protection has a noticeable delay
before the ...)
+CVE-2025-62003 (BullWall Server Intrusion Protection has a noticeable
configuration-de ...)
NOT-FOR-US: BullWall
CVE-2025-62002 (BullWall Ransomware Containment relies on the number of file
modificat ...)
NOT-FOR-US: BullWall
-CVE-2025-62001 (BullWall Ransomware Containment contains excluded file paths,
such as ...)
+CVE-2025-62001 (BullWall Ransomware Containment supports configurable file and
directo ...)
NOT-FOR-US: BullWall
-CVE-2025-62000 (BullWall Ransomware Containment does not entirely inspect a
file to de ...)
+CVE-2025-62000 (BullWall Ransomware Containment may not always detect an
encrypted fil ...)
NOT-FOR-US: BullWall
CVE-2025-59529 (Avahi is a system which facilitates service discovery on a
local netwo ...)
- avahi <unfixed> (bug #1123671)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/06463ed7a6705d40dd46f11c68afb57657bb2f13
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/06463ed7a6705d40dd46f11c68afb57657bb2f13
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
