Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5a974272 by security tracker role at 2026-01-15T20:14:15+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -21,33 +21,33 @@ CVE-2026-23494 (Pimcore is an Open Source Data & Experience
Management Platform.
CVE-2026-23493 (Pimcore is an Open Source Data & Experience Management
Platform. Prior ...)
TODO: check
CVE-2026-22920 (The device's passwords have not been adequately salted, making
them vu ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2026-22919 (An attacker with administrative access may inject malicious
content in ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2026-22918 (An attacker may exploit missing protection against
clickjacking by tri ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2026-22917 (Improper input handling in a system endpoint may allow
attackers to ov ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2026-22916 (An attacker with low privileges may be able to trigger
critical system ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2026-22915 (An attacker with low privileges may be able to read files from
specifi ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2026-22914 (An attacker with limited permissions may still be able to
write files ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2026-22913 (Improper handling of a URL parameter may allow attackers to
execute co ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2026-22912 (Improper validation of a login parameter may allow attackers
to redire ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2026-22911 (Firmware update files may expose password hashes for system
accounts, ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2026-22910 (The device is deployed with weak and publicly known default
passwords ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2026-22909 (Certain system functions may be accessed without proper
authorization, ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2026-22908 (Uploading unvalidated container images may allow remote
attackers to g ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2026-22907 (An attacker may gain unauthorized access to the host
filesystem, poten ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2026-22867 (LaSuite Doc is a collaborative note taking, wiki and
documentation pla ...)
TODO: check
CVE-2026-22803 (SvelteKit is a framework for rapidly developing robust,
performant web ...)
@@ -57,35 +57,35 @@ CVE-2026-22775 (Svelte devalue is a JavaScript library that
serializes values in
CVE-2026-22774 (Svelte devalue is a JavaScript library that serializes values
into str ...)
TODO: check
CVE-2026-22646 (Certain error messages returned by the application expose
internal sys ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2026-22645 (The application discloses all used components, versions and
license in ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2026-22644 (Certain requests pass the authentication token in the URL as
string qu ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2026-22643 (In Grafana, an excessively long dashboard title or panel name
will cau ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2026-22642 (An open redirect vulnerability has been identified in Grafana
OSS orga ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2026-22641 (This vulnerability in Grafana's datasource proxy API allows
authorizat ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2026-22640 (An access control vulnerability was discovered in Grafana OSS
where an ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2026-22639 (Grafana is an open-source platform for monitoring and
observability. T ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2026-22638 (A cross-site scripting (XSS) vulnerability exists in Grafana
caused by ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2026-22637 (The built-in XY Chart plugin is vulnerable to a DOM XSS
vulnerability. ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2026-22265 (Roxy-WI is a web interface for managing Haproxy, Nginx, Apache
and Kee ...)
TODO: check
CVE-2026-22249 (Docmost is an open-source collaborative wiki and documentation
softwar ...)
TODO: check
CVE-2026-20076 (A vulnerability in the web-based management interface of Cisco
Identit ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-20075 (A vulnerability in the web-based management interface of Cisco
Evolved ...)
TODO: check
CVE-2026-20047 (A vulnerability in the web-based management interface of Cisco
Identit ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-0992 (A flaw was found in the libxml2 library. This uncontrolled
resource co ...)
TODO: check
CVE-2026-0990 (A flaw was found in libxml2, an XML parsing library. This
uncontrolled ...)
@@ -97,19 +97,19 @@ CVE-2026-0976 (A flaw was found in Keycloak. This improper
input validation vuln
CVE-2026-0897 (Allocation of Resources Without Limits or Throttling in the
HDF5 weigh ...)
TODO: check
CVE-2026-0713 (A security vulnerability in the /apis/dashboard.grafana.app/*
endpoint ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2026-0712 (An open redirect vulnerability has been identified in Grafana
OSS that ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2026-0227 (A vulnerability in Palo Alto Networks PAN-OS software enables
an unaut ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2025-9014 (A Null Pointer Dereference vulnerability exists in the referer
header ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2025-71019 (Tenda AX-1806 v1.0.0.1 was discovered to contain a stack
overflow in t ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-70744 (Tenda AX-1806 v1.0.0.1 was discovered to contain a stack
overflow in t ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-70656 (Tenda AX-1806 v1.0.0.1 was discovered to contain a stack
overflow in t ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-70310 (A heap overflow in the vorbis_to_intern() function of GPAC
v2.4.0 allo ...)
TODO: check
CVE-2025-70309 (A stack overflow in the pcmreframe_flush_packet function of
GPAC v2.4. ...)
@@ -163,19 +163,19 @@ CVE-2025-62193 (Sites running NOAA PMEL Live Access
Server (LAS) are vulnerable
CVE-2025-61973 (A local privilege escalation vulnerability exists during the
installat ...)
TODO: check
CVE-2025-36911 (In key-based pairing, there is a possible ID due to a logic
error in t ...)
- TODO: check
+ NOT-FOR-US: Google devices
CVE-2025-15265 (An SSR XSS exists in async hydration when
attacker\u2011controlled key ...)
TODO: check
CVE-2025-13859 (The AffiliateX \u2013 Amazon Affiliate Plugin plugin for
WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13845 (CWE-416: Use After Free vulnerability that could cause remote
code exe ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2025-13844 (CWE-415: Double Free vulnerability exists that could cause
heap memory ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2025-13062 (The Supreme Modules Lite plugin for WordPress is vulnerable to
arbitra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12895 (The Kalium 3 | Creative WordPress & WooCommerce Theme theme
for WordPr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-48077 (An issue in nanomq v0.22.7 allows attackers to cause a Denial
of Servi ...)
TODO: check
CVE-2021-47843 (Tagstoo 2.0.1 contains a stored cross-site scripting
vulnerability tha ...)
@@ -191,7 +191,7 @@ CVE-2021-47781 (Cmder Console Emulator 1.3.18 contains a
buffer overflow vulnera
CVE-2021-47777 (Build Smart ERP 21.0817 contains an unauthenticated SQL
injection vuln ...)
TODO: check
CVE-2021-47776 (Umbraco CMS v8.14.1 contains a server-side request forgery
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Umbraco CMS
CVE-2021-47775 (YouTube Video Grabber, now referred to as YouTube Downloader,
1.9.9.1 ...)
TODO: check
CVE-2021-47774 (Kingdia CD Extractor 3.0.2 contains a buffer overflow
vulnerability in ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a974272cccd735b938c9d7902e9fb52e34bf8e1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a974272cccd735b938c9d7902e9fb52e34bf8e1
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
