Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2de87090 by security tracker role at 2026-01-20T08:13:10+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,115 @@
+CVE-2026-23950 (node-tar,a Tar for Node.js, has a race condition vulnerability
in vers ...)
+ TODO: check
+CVE-2026-23949 (jaraco.context, an open-source software package that provides
some use ...)
+ TODO: check
+CVE-2026-23947 (Orval generates type-safe JS clients (TypeScript) from any
valid OpenA ...)
+ TODO: check
+CVE-2026-23944 (Arcane is an interface for managing Docker containers, images,
network ...)
+ TODO: check
+CVE-2026-23917
+ REJECTED
+CVE-2026-23916
+ REJECTED
+CVE-2026-23915
+ REJECTED
+CVE-2026-23914
+ REJECTED
+CVE-2026-23913
+ REJECTED
+CVE-2026-23912
+ REJECTED
+CVE-2026-23911
+ REJECTED
+CVE-2026-23910
+ REJECTED
+CVE-2026-23909
+ REJECTED
+CVE-2026-23886 (Swift W3C TraceContext is a Swift implementation of the W3C
Trace Cont ...)
+ TODO: check
+CVE-2026-23885 (Alchemy is an open source content management system engine
written in ...)
+ TODO: check
+CVE-2026-23880 (OnboardLite is a comprehensive membership lifecycle platform
built for ...)
+ TODO: check
+CVE-2026-23877 (Swing Music is a self-hosted music player for local audio
files. Prior ...)
+ TODO: check
+CVE-2026-23876 (ImageMagick is free and open-source software used for editing
and mani ...)
+ TODO: check
+CVE-2026-23875 (CrawlChat is an open-source, AI-powered platform that
transforms techn ...)
+ TODO: check
+CVE-2026-23874 (ImageMagick is free and open-source software used for editing
and mani ...)
+ TODO: check
+CVE-2026-23849 (File Browser provides a file managing interface within a
specified dir ...)
+ TODO: check
+CVE-2026-23848 (MyTube is a self-hosted downloader and player for several
video websit ...)
+ TODO: check
+CVE-2026-23844 (Whisper Money is a personal finance application. Versions
prior to 0.1 ...)
+ TODO: check
+CVE-2026-23837 (MyTube is a self-hosted downloader and player for several
video websit ...)
+ TODO: check
+CVE-2026-22770 (ImageMagick is free and open-source software used for editing
and mani ...)
+ TODO: check
+CVE-2026-22219 (Chainlit versions prior to 2.9.4 contain a server-side request
forgery ...)
+ TODO: check
+CVE-2026-22218 (Chainlit versions prior to 2.9.4 contain an arbitrary file
read vulner ...)
+ TODO: check
+CVE-2026-1223 (PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS
has an I ...)
+ TODO: check
+CVE-2026-1222 (PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS
has an A ...)
+ TODO: check
+CVE-2026-1221 (PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS
has a U ...)
+ TODO: check
+CVE-2026-1218 (A vulnerability was detected in Bjskzy Zhiyou ERP up to 11.0.
Impacted ...)
+ TODO: check
+CVE-2026-1203 (A weakness has been identified in CRMEB up to 5.6.3. The
impacted elem ...)
+ TODO: check
+CVE-2026-1202 (A security flaw has been discovered in CRMEB up to 5.6.3. The
affected ...)
+ TODO: check
+CVE-2026-1197 (A vulnerability was detected in MineAdmin 1.x/2.x. Affected by
this vu ...)
+ TODO: check
+CVE-2026-1196 (A security vulnerability has been detected in MineAdmin
1.x/2.x. Affec ...)
+ TODO: check
+CVE-2026-1195 (A weakness has been identified in MineAdmin 1.x/2.x. This
impacts the ...)
+ TODO: check
+CVE-2026-1194 (A security flaw has been discovered in MineAdmin 1.x/2.x. This
affects ...)
+ TODO: check
+CVE-2026-1193 (A vulnerability was identified in MineAdmin 1.x/2.x. The
impacted elem ...)
+ TODO: check
+CVE-2026-1192 (A vulnerability was determined in Tosei Online Store Management
System ...)
+ TODO: check
+CVE-2026-1179 (A vulnerability was detected in Yonyou KSOA 9.0. This affects
an unkno ...)
+ TODO: check
+CVE-2026-1178 (A security vulnerability has been detected in Yonyou KSOA 9.0.
Affecte ...)
+ TODO: check
+CVE-2026-1177 (A weakness has been identified in Yonyou KSOA 9.0. Affected by
this vu ...)
+ TODO: check
+CVE-2026-1176 (A security flaw has been discovered in itsourcecode School
Management ...)
+ TODO: check
+CVE-2026-1175 (A vulnerability was identified in birkir prime up to
0.4.0.beta.0. Thi ...)
+ TODO: check
+CVE-2026-1051 (The Newsletter \u2013 Send awesome emails from WordPress plugin
for Wo ...)
+ TODO: check
+CVE-2026-1045 (The Viet contact plugin for WordPress is vulnerable to Stored
Cross-Si ...)
+ TODO: check
+CVE-2026-1042 (The WP Hello Bar plugin for WordPress is vulnerable to Stored
Cross-Si ...)
+ TODO: check
+CVE-2026-0895 (The extension extends TYPO3\u2019 FileSpool component, which
was vulne ...)
+ TODO: check
+CVE-2025-66523 (URL parameters are directly embedded into JavaScript code or
HTML attr ...)
+ TODO: check
+CVE-2025-15466 (The Image Photo Gallery Final Tiles Grid plugin for WordPress
is vulne ...)
+ TODO: check
+CVE-2025-14978 (The PeachPay \u2014 Payments & Express Checkout for
WooCommerce (suppo ...)
+ TODO: check
+CVE-2025-14977 (The Dokan: AI Powered WooCommerce Multivendor Marketplace
Solution \u2 ...)
+ TODO: check
+CVE-2025-14798 (The LearnPress \u2013 WordPress LMS Plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2025-14351 (The Custom Fonts \u2013 Host Your Fonts Locally plugin for
WordPress i ...)
+ TODO: check
+CVE-2025-14348 (The weMail - Email Marketing, Lead Generation, Optin Forms,
Email News ...)
+ TODO: check
+CVE-2025-12573 (The Bookingor WordPress plugin through 1.0.12 exposes
authenticated A ...)
+ TODO: check
CVE-2026-23878 (HotCRP is conference review software. Starting in commit
aa20ef288828b ...)
NOT-FOR-US: HotCRP
CVE-2026-23852 (SiYuan is a personal knowledge management system. Versions
prior to 3. ...)
@@ -1972,43 +2084,43 @@ CVE-2025-55130 [Bypass File System Permissions using
crafted symlinks]
CVE-2025-55131 [Timeout-based race conditions make Uint8Array/Buffer.alloc
non-zerofilled]
- nodejs 22.22.0+dfsg+~cs22.19.6-1
NOTE:
https://nodejs.org/en/blog/vulnerability/december-2025-security-releases#timeout-based-race-conditions-make-uint8arraybufferalloc-non-zerofilled-cve-2025-55131---high
-CVE-2026-0908
+CVE-2026-0908 (Use after free in ANGLE in Google Chrome prior to 144.0.7559.59
allowe ...)
{DSA-6100-1}
- chromium 144.0.7559.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-0907
+CVE-2026-0907 (Incorrect security UI in Split View in Google Chrome prior to
144.0.75 ...)
{DSA-6100-1}
- chromium 144.0.7559.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-0906
+CVE-2026-0906 (Incorrect security UI in Google Chrome on Android prior to
144.0.7559 ...)
{DSA-6100-1}
- chromium 144.0.7559.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-0905
+CVE-2026-0905 (Insufficient policy enforcement in Network in Google Chrome
prior to 1 ...)
{DSA-6100-1}
- chromium 144.0.7559.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-0904
+CVE-2026-0904 (Incorrect security UI in Digital Credentials in Google Chrome
prior to ...)
{DSA-6100-1}
- chromium 144.0.7559.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-0903
+CVE-2026-0903 (Inappropriate implementation in Downloads in Google Chrome on
Windows ...)
{DSA-6100-1}
- chromium 144.0.7559.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-0902
+CVE-2026-0902 (Inappropriate implementation in V8 in Google Chrome prior to
144.0.755 ...)
{DSA-6100-1}
- chromium 144.0.7559.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-0901
+CVE-2026-0901 (Inappropriate implementation in Blink in Google Chrome on
Android prio ...)
{DSA-6100-1}
- chromium 144.0.7559.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-0900
+CVE-2026-0900 (Inappropriate implementation in V8 in Google Chrome prior to
144.0.755 ...)
{DSA-6100-1}
- chromium 144.0.7559.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-0899
+CVE-2026-0899 (Out of bounds memory access in V8 in Google Chrome prior to
144.0.7559 ...)
{DSA-6100-1}
- chromium 144.0.7559.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
@@ -12487,6 +12599,7 @@ CVE-2025-68381 (Improper Bounds Check (CWE-787) in
Packetbeat can allow a remote
CVE-2025-68279 (Weblate is a web based localization tool. In versions prior to
5.15.1, ...)
- weblate <itp> (bug #745661)
CVE-2025-68161 (The Socket Appender in Apache Log4j Core versions 2.0-beta9
through 2. ...)
+ {DLA-4444-1}
- apache-log4j2 <unfixed> (bug #1123744)
[trixie] - apache-log4j2 <no-dsa> (Minor issue)
[bookworm] - apache-log4j2 <no-dsa> (Minor issue)
@@ -13497,6 +13610,7 @@ CVE-2025-27063 (Memory corruption during video playback
when video session open
CVE-2025-14856 (A security vulnerability has been detected in y_project RuoYi
up to 4. ...)
NOT-FOR-US: RuoYi
CVE-2025-14841 (A flaw has been found in OFFIS DCMTK up to 3.6.9. The impacted
element ...)
+ {DLA-4443-1}
- dcmtk <unfixed> (bug #1123584)
[trixie] - dcmtk <no-dsa> (Minor issue)
[bookworm] - dcmtk <no-dsa> (Minor issue)
@@ -15652,6 +15766,7 @@ CVE-2025-14619 (A vulnerability was found in
code-projects Student File Manageme
CVE-2025-14617 (A vulnerability has been found in Jehovahs Witnesses JW
Library App up ...)
NOT-FOR-US: Jehovahs Witnesses JW Library App
CVE-2025-14607 (A vulnerability was detected in OFFIS DCMTK up to 3.6.9.
Affected by t ...)
+ {DLA-4443-1}
- dcmtk <unfixed> (bug #1122926)
[trixie] - dcmtk <no-dsa> (Minor issue)
[bookworm] - dcmtk <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2de87090246c3c99ed159df1ddde7334d2c6703b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2de87090246c3c99ed159df1ddde7334d2c6703b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
