Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a61fb932 by security tracker role at 2026-01-16T08:12:28+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,263 @@
+CVE-2026-23769 (lucy-xss-filter before commit e5826c0 allows an attacker to
execute ma ...)
+ TODO: check
+CVE-2026-23768 (lucy-xss-filter before commit 7c1de6d allows an attacker to
induce ser ...)
+ TODO: check
+CVE-2026-23714
+ REJECTED
+CVE-2026-23713
+ REJECTED
+CVE-2026-23712
+ REJECTED
+CVE-2026-23711
+ REJECTED
+CVE-2026-23710
+ REJECTED
+CVE-2026-23709
+ REJECTED
+CVE-2026-22864 (Deno is a JavaScript, TypeScript, and WebAssembly runtime.
Before 2.5. ...)
+ TODO: check
+CVE-2026-22863 (Deno is a JavaScript, TypeScript, and WebAssembly runtime.
Before 2.6. ...)
+ TODO: check
+CVE-2026-22045 (Traefik is an HTTP reverse proxy and load balancer. Prior to
2.11.35 a ...)
+ TODO: check
+CVE-2026-21921 (A Use After Free vulnerability in the chassis daemon
(chassisd) of Jun ...)
+ TODO: check
+CVE-2026-21920 (An Unchecked Return Value vulnerability in the DNS module of
Juniper N ...)
+ TODO: check
+CVE-2026-21918 (A Double Free vulnerability in the flow processing daemon
(flowd) of J ...)
+ TODO: check
+CVE-2026-21917 (An Improper Validation of Syntactic Correctness of Input
vulnerability ...)
+ TODO: check
+CVE-2026-21914 (An Improper Locking vulnerability in the GTP plugin of Juniper
Network ...)
+ TODO: check
+CVE-2026-21913 (An Incorrect Initialization of Resource vulnerability in the
Internal ...)
+ TODO: check
+CVE-2026-21912 (A Time-of-check Time-of-use (TOCTOU) Race Condition
vulnerability in t ...)
+ TODO: check
+CVE-2026-21911 (An Incorrect Calculation vulnerability in the Layer 2 Control
Protoco ...)
+ TODO: check
+CVE-2026-21910 (An Improper Check for Unusual or Exceptional Conditions
vulnerability ...)
+ TODO: check
+CVE-2026-21909 (A Missing Release of Memory after Effective Lifetime
vulnerability in ...)
+ TODO: check
+CVE-2026-21908 (A Use After Free vulnerability was identified in the 802.1X
authentica ...)
+ TODO: check
+CVE-2026-21907 (A Use of a Broken or Risky Cryptographic Algorithm
vulnerability in th ...)
+ TODO: check
+CVE-2026-21906 (An Improper Handling of Exceptional Conditions vulnerability
in the pa ...)
+ TODO: check
+CVE-2026-21905 (A Loop with Unreachable Exit Condition ('Infinite Loop')
vulnerability ...)
+ TODO: check
+CVE-2026-21903 (A Stack-based Buffer Overflow vulnerability in the Packet
Forwarding E ...)
+ TODO: check
+CVE-2026-1023 (Statistics Database System developed by Gotac has a Missing
Authentica ...)
+ TODO: check
+CVE-2026-1022 (Statistics Database System developed by Gotac has an Arbitrary
File Re ...)
+ TODO: check
+CVE-2026-1021 (Police Statistics Database System developed by Gotac has an
Arbitrary ...)
+ TODO: check
+CVE-2026-1020 (Police Statistics Database System developed by Gotac has a
Absolute Pa ...)
+ TODO: check
+CVE-2026-1019 (Police Statistics Database System developed by Gotac has a
Missing Aut ...)
+ TODO: check
+CVE-2026-1018 (Police Statistics Database Systemdeveloped by Gotac has an
Arbitrary F ...)
+ TODO: check
+CVE-2026-1012
+ REJECTED
+CVE-2026-1011 (A stored cross-site scripting (XSS) vulnerability exists in the
Altium ...)
+ TODO: check
+CVE-2026-1010 (A stored cross-site scripting (XSS) vulnerability exists in the
Altium ...)
+ TODO: check
+CVE-2026-1009 (A stored cross-site scripting (XSS) vulnerability exists in the
Altium ...)
+ TODO: check
+CVE-2026-1008 (A stored cross-site scripting (XSS) vulnerability exists in the
user p ...)
+ TODO: check
+CVE-2026-1003 (The GetGenie plugin for WordPress is vulnerable to
authorization bypas ...)
+ TODO: check
+CVE-2026-1002 (The Vert.x Web static handler component cache can be
manipulated to de ...)
+ TODO: check
+CVE-2026-1000 (The MailerLite - WooCommerce integration plugin for WordPress
is vulne ...)
+ TODO: check
+CVE-2026-0975 (Delta Electronics DIAView has Command Injection vulnerability.)
+ TODO: check
+CVE-2026-0942 (The Rede Ita\xfa for WooCommerce \u2014 Payment PIX, Credit
Card and D ...)
+ TODO: check
+CVE-2026-0939 (The Rede Ita\xfa for WooCommerce plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2026-0916 (The Related Posts by Taxonomy plugin for WordPress is
vulnerable to St ...)
+ TODO: check
+CVE-2026-0915 (Calling getnetbyaddr or getnetbyaddr_r with a configured
nsswitch.conf ...)
+ TODO: check
+CVE-2026-0858 (Versions of the package net.sourceforge.plantuml:plantuml
before 1.202 ...)
+ TODO: check
+CVE-2026-0203 (An Improper Handling of Exceptional Conditions vulnerability in
packet ...)
+ TODO: check
+CVE-2025-70893 (A time-based blind SQL Injection vulnerability exists in
PHPGurukul Cy ...)
+ TODO: check
+CVE-2025-70892 (Phpgurukul Cyber Cafe Management System v1.0 contains a SQL
Injection ...)
+ TODO: check
+CVE-2025-70891 (A stored cross-site scripting (XSS) vulnerability exists in
Phpgurukul ...)
+ TODO: check
+CVE-2025-70890 (A stored cross-site scripting (XSS) vulnerability exists in
Cyber Cafe ...)
+ TODO: check
+CVE-2025-68671 (lakeFS is an open-source tool that transforms object storage
into a Gi ...)
+ TODO: check
+CVE-2025-67823 (A vulnerability in the Multimedia Email component of Mitel
MiContact C ...)
+ TODO: check
+CVE-2025-67822 (A vulnerability in the Provisioning Manager component of Mitel
MiVoice ...)
+ TODO: check
+CVE-2025-67025 (Cross Site Scripting vulnerability in Anycomment anycomment.io
0.4.4 a ...)
+ TODO: check
+CVE-2025-65368 (SparkyFitness v0.15.8.2 is vulnerable to Cross Site Scripting
(XSS) vi ...)
+ TODO: check
+CVE-2025-65118 (The vulnerability, if exploited, could allow an authenticated
miscrean ...)
+ TODO: check
+CVE-2025-65117 (The vulnerability, if exploited, could allow an authenticated
miscrean ...)
+ TODO: check
+CVE-2025-64769 (The Process Optimization application suite leverages
connection chann ...)
+ TODO: check
+CVE-2025-64729 (The vulnerability, if exploited, could allow an authenticated
miscrean ...)
+ TODO: check
+CVE-2025-64691 (The vulnerability, if exploited, could allow an authenticated
miscrean ...)
+ TODO: check
+CVE-2025-62582 (Delta Electronics DIAView has multiple vulnerabilities.)
+ TODO: check
+CVE-2025-62581 (Delta Electronics DIAView has multiple vulnerabilities.)
+ TODO: check
+CVE-2025-61943 (The vulnerability, if exploited, could allow an authenticated
miscrean ...)
+ TODO: check
+CVE-2025-61937 (The vulnerability, if exploited, could allow an
unauthenticated miscr ...)
+ TODO: check
+CVE-2025-60011 (An Improper Check for Unusual or Exceptional Conditions
vulnerability ...)
+ TODO: check
+CVE-2025-60007 (A NULL Pointer Dereference vulnerability in the chassis daemon
(chassi ...)
+ TODO: check
+CVE-2025-60003 (A Buffer Over-read vulnerability in the routing protocol
daemon (rpd) ...)
+ TODO: check
+CVE-2025-59961 (An Incorrect Permission Assignment for Critical Resource
vulnerability ...)
+ TODO: check
+CVE-2025-59960 (An Improper Check for Unusual or Exceptional Conditions
vulnerability ...)
+ TODO: check
+CVE-2025-59959 (An Untrusted Pointer Dereference vulnerability in the routing
protocol ...)
+ TODO: check
+CVE-2025-52987 (A clickjacking vulnerability exists in the web portal of
Juniper Netwo ...)
+ TODO: check
+CVE-2025-15527 (The WP Recipe Maker plugin for WordPress is vulnerable to
Information ...)
+ TODO: check
+CVE-2025-15526 (The Fancy Product Designer plugin for WordPress is vulnerable
to Full ...)
+ TODO: check
+CVE-2025-15370 (The Shield: Blocks Bots, Protects Users, and Prevents Security
Breache ...)
+ TODO: check
+CVE-2025-14982 (The Booking Calendar plugin for WordPress is vulnerable to
Missing Aut ...)
+ TODO: check
+CVE-2025-14853 (The LEAV Last Email Address Validator plugin for WordPress is
vulnerab ...)
+ TODO: check
+CVE-2025-14793 (The DK PDF \u2013 WordPress PDF Generator plugin for WordPress
is vuln ...)
+ TODO: check
+CVE-2025-14384 (The All in One SEO \u2013 Powerful SEO Plugin to Boost SEO
Rankings & ...)
+ TODO: check
+CVE-2025-14375 (The RSS Aggregator \u2013 RSS Import, News Feeds, Feed to
Post, and Au ...)
+ TODO: check
+CVE-2025-14237 (Buffer overflow in XPS font parse processing on Small Office
Multifunc ...)
+ TODO: check
+CVE-2025-14236 (Buffer overflow in Address Book attribute tag processing on
Small Offi ...)
+ TODO: check
+CVE-2025-14235 (Buffer overflow in XPS font fpgm data processing on Small
Office Multi ...)
+ TODO: check
+CVE-2025-14234 (Buffer overflow in CPCA list processing on Small Office
Multifunction ...)
+ TODO: check
+CVE-2025-14233 (Invalid free in CPCA file deletion processing on Small Office
Multifun ...)
+ TODO: check
+CVE-2025-14232 (Buffer overflow in XML processing of XPS file in Small Office
Multifun ...)
+ TODO: check
+CVE-2025-14231 (Buffer overflow in print job processing by WSD on Small Office
Multifu ...)
+ TODO: check
+CVE-2025-12957 (The All-in-One Video Gallery plugin for WordPress is
vulnerable to arb ...)
+ TODO: check
+CVE-2025-12641 (The Awesome Support - WordPress HelpDesk & Support Plugin for
WordPres ...)
+ TODO: check
+CVE-2023-7334 (Changjetong T+ versions up to and including 16.x contain a .NET
deseri ...)
+ TODO: check
+CVE-2021-47815 (Nsauditor 3.2.3 contains a denial of service vulnerability in
the regi ...)
+ TODO: check
+CVE-2021-47814 (NBMonitor 1.6.8 contains a denial of service vulnerability
that allows ...)
+ TODO: check
+CVE-2021-47813 (Backup Key Recovery 2.2.7 contains a denial of service
vulnerability t ...)
+ TODO: check
+CVE-2021-47812 (GravCMS 1.10.7 contains an unauthenticated vulnerability that
allows r ...)
+ TODO: check
+CVE-2021-47811 (Grocery Crud 1.6.4 contains a SQL injection vulnerability in
the order ...)
+ TODO: check
+CVE-2021-47810 (WibuKey Runtime 6.51 contains an unquoted service path
vulnerability i ...)
+ TODO: check
+CVE-2021-47809 (Disk Sorter Enterprise 13.6.12 contains an unquoted service
path vulne ...)
+ TODO: check
+CVE-2021-47808 (Cotonti Siena 0.9.19 contains a stored cross-site scripting
vulnerabil ...)
+ TODO: check
+CVE-2021-47807 (Sync Breeze 13.6.18 contains an unquoted service path
vulnerability in ...)
+ TODO: check
+CVE-2021-47806 (Dup Scout 13.5.28 contains an unquoted service path
vulnerability in i ...)
+ TODO: check
+CVE-2021-47805 (Disk Savvy 13.6.14 contains an unquoted service path
vulnerability in ...)
+ TODO: check
+CVE-2021-47804 (Wise Care 365 5.6.7.568 contains an unquoted service path
vulnerabilit ...)
+ TODO: check
+CVE-2021-47803 (iFunbox 4.2 contains an unquoted service path vulnerability in
the App ...)
+ TODO: check
+CVE-2021-47801 (Vianeos OctoPUS 5 contains a time-based blind SQL injection
vulnerabil ...)
+ TODO: check
+CVE-2021-47800 (b2evolution 7.2.2 contains a cross-site request forgery
vulnerability ...)
+ TODO: check
+CVE-2021-47798 (NoteBurner 2.35 contains a buffer overflow vulnerability in
the licens ...)
+ TODO: check
+CVE-2021-47797 (Leawo Prof. Media 11.0.0.1 contains a denial of service
vulnerability ...)
+ TODO: check
+CVE-2021-47796 (Denver SHC-150 Smart Wifi Camera contains a hardcoded telnet
credentia ...)
+ TODO: check
+CVE-2021-47795 (GeoVision GeoWebServer 5.3.3 contains multiple vulnerabilities
includi ...)
+ TODO: check
+CVE-2021-47794 (ZesleCP 3.1.9 contains an authenticated remote code execution
vulnerab ...)
+ TODO: check
+CVE-2021-47793 (Telegram Desktop 2.9.2 contains a denial of service
vulnerability that ...)
+ TODO: check
+CVE-2021-47792 (Remote Mouse 4.002 contains an unquoted service path
vulnerability tha ...)
+ TODO: check
+CVE-2021-47791 (SmartFTP Client 10.0.2909.0 contains multiple denial of
service vulner ...)
+ TODO: check
+CVE-2021-47790 (Active WebCam 11.5 contains an unquoted service path
vulnerability tha ...)
+ TODO: check
+CVE-2021-47789 (Yenkee Hornet Gaming Mouse driver GM312Fltr.sys contains a
buffer over ...)
+ TODO: check
+CVE-2021-47788 (WebsiteBaker 2.13.0 contains an authenticated remote code
execution vu ...)
+ TODO: check
+CVE-2021-47787 (TotalAV 5.15.69 contains an unquoted service path
vulnerability in mul ...)
+ TODO: check
+CVE-2021-47786 (Redragon Gaming Mouse driver contains a kernel-level
vulnerability tha ...)
+ TODO: check
+CVE-2021-47785 (Ether MP3 CD Burner 1.3.8 contains a buffer overflow
vulnerability in ...)
+ TODO: check
+CVE-2021-47783 (Phpwcms 1.9.30 contains a file upload vulnerability that
allows authen ...)
+ TODO: check
+CVE-2021-47782 (Odine Solutions GateKeeper 1.0 contains a SQL injection
vulnerability ...)
+ TODO: check
+CVE-2021-47780 (Macro Expert 4.7 contains an unquoted service path
vulnerability that ...)
+ TODO: check
+CVE-2021-47779 (Dolibarr ERP-CRM 14.0.2 contains a stored cross-site scripting
vulnera ...)
+ TODO: check
+CVE-2021-47756 (Laravel Valet versions 1.1.4 to 2.0.3 contain a local
privilege escala ...)
+ TODO: check
+CVE-2020-36930 (SysGauge Server 7.9.18 contains an unquoted service path
vulnerability ...)
+ TODO: check
+CVE-2020-36929 (Brother BRPrint Auditor 3.0.7 contains an unquoted service
path vulner ...)
+ TODO: check
+CVE-2020-36928 (Brother BRAgent 1.38 contains an unquoted service path
vulnerability i ...)
+ TODO: check
+CVE-2020-36927 (DiskPulse Enterprise 13.6.14 contains an unquoted service path
vulnera ...)
+ TODO: check
+CVE-2020-36926 (SmarterTrack 7922 contains an information disclosure
vulnerability in ...)
+ TODO: check
+CVE-2011-10041 (Uploadify WordPress plugin versions up to and including
1.0contain an ...)
+ TODO: check
CVE-2025-61730 [crypto/tls: handshake messages may be processed at the
incorrect encryption level]
- golang-1.25 <unfixed>
- golang-1.24 <unfixed>
@@ -2150,7 +2410,7 @@ CVE-2026-22250 (wlc is a Weblate command-line client
using Weblate's REST API. P
NOTE:
https://github.com/WeblateOrg/wlc/security/advisories/GHSA-2mmv-7rrp-g8xh
NOTE: https://github.com/WeblateOrg/wlc/pull/1097
NOTE: Fixed by:
https://github.com/WeblateOrg/wlc/commit/a513864ec4daad00146e6d6e039559726e256fa3
(1.17.0)
-CVE-2026-22200 (Enhancesoft osTicket versions up to and including 1.18.2
contain an ar ...)
+CVE-2026-22200 (Enhancesoft osTicket versions 1.18.3 contain an arbitrary file
read vu ...)
NOT-FOR-US: osTicket
CVE-2026-22050 (ONTAP versions 9.16.1 prior to 9.16.1P9 and 9.17.1 prior to
9.17.1P2 w ...)
NOT-FOR-US: NetApp
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a61fb9327526ce27b439b8e9af963d2401fe8a21
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a61fb9327526ce27b439b8e9af963d2401fe8a21
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
