Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a2de2f44 by security tracker role at 2026-01-20T20:13:07+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,204 @@
-CVE-2025-15281
+CVE-2026-22844 (A Command Injection vulnerability in Zoom Node Multimedia
Routers (MMR ...)
+ TODO: check
+CVE-2026-1245 (A code injection vulnerability in the binary-parser library
prior to v ...)
+ TODO: check
+CVE-2026-1183 (HTML injection vulnerability in multiple Botble products such
as Trans ...)
+ TODO: check
+CVE-2026-1180 (A flaw was identified in Keycloak\u2019s OpenID Connect Dynamic
Client ...)
+ TODO: check
+CVE-2026-0726 (The Nexter Extension \u2013 Site Enhancements Toolkit plugin
for WordP ...)
+ TODO: check
+CVE-2026-0690 (The FlatPM \u2013 Ad Manager, AdSense and Custom Code plugin
for WordP ...)
+ TODO: check
+CVE-2026-0622 (Open 5GS WebUI uses a hard-coded JWT signing key (change-me)
whenever ...)
+ TODO: check
+CVE-2026-0608 (The Head Meta Data plugin for WordPress is vulnerable to Stored
Cross- ...)
+ TODO: check
+CVE-2026-0554 (The NotificationX plugin for WordPress is vulnerable to
unauthorized m ...)
+ TODO: check
+CVE-2026-0548 (The Tutor LMS \u2013 eLearning and online course solution
plugin for W ...)
+ TODO: check
+CVE-2025-9466 (A security issue exists within ArmorStart\xae LT that can
result in a ...)
+ TODO: check
+CVE-2025-9465 (A security issue exists within ArmorStart\xae LT that can
result in a ...)
+ TODO: check
+CVE-2025-9464 (A security issue exists within ArmorStart\xae LT that can
result in a ...)
+ TODO: check
+CVE-2025-9283 (A security issue exists within ArmorStart\xae LT that can
result in a ...)
+ TODO: check
+CVE-2025-9282 (A security issue exists within ArmorStart\xae LT that can
result in a ...)
+ TODO: check
+CVE-2025-9281 (A security issue exists within ArmorStart\xae LT that can
result in a ...)
+ TODO: check
+CVE-2025-9280 (A security issue exists within ArmorStart\xae LT that can
result in a ...)
+ TODO: check
+CVE-2025-9279 (A security issue exists within ArmorStart\xae LT that can
result in a ...)
+ TODO: check
+CVE-2025-9278 (A security issue exists within ArmorStart\xae LT that can
result in a ...)
+ TODO: check
+CVE-2025-67824 (The WorklogPRO - Jira Timesheets plugin in the Jira Data
Center before ...)
+ TODO: check
+CVE-2025-67263 (Abacre Retail Point of Sale 14.0.0.396 is affected by a stored
cross-s ...)
+ TODO: check
+CVE-2025-67261 (Abacre Retail Point of Sale 14.0.0.396 is vulnerable to
content-based ...)
+ TODO: check
+CVE-2025-66803 (Race condition in the turbo-frame element handler in Hotwired
Turbo be ...)
+ TODO: check
+CVE-2025-65482 (An XML External Entity (XXE) vulnerability in opensagres
XDocReport v0 ...)
+ TODO: check
+CVE-2025-64087 (A Server-Side Template Injection (SSTI) vulnerability in the
FreeMarke ...)
+ TODO: check
+CVE-2025-58095 (Multiple reflected cross-site scripting (xss) vulnerabilities
exist in ...)
+ TODO: check
+CVE-2025-58094 (Multiple reflected cross-site scripting (xss) vulnerabilities
exist in ...)
+ TODO: check
+CVE-2025-58093 (Multiple reflected cross-site scripting (xss) vulnerabilities
exist in ...)
+ TODO: check
+CVE-2025-58092 (Multiple reflected cross-site scripting (xss) vulnerabilities
exist in ...)
+ TODO: check
+CVE-2025-58091 (Multiple reflected cross-site scripting (xss) vulnerabilities
exist in ...)
+ TODO: check
+CVE-2025-58090 (Multiple reflected cross-site scripting (xss) vulnerabilities
exist in ...)
+ TODO: check
+CVE-2025-58089 (Multiple reflected cross-site scripting (xss) vulnerabilities
exist in ...)
+ TODO: check
+CVE-2025-58088 (Multiple reflected cross-site scripting (xss) vulnerabilities
exist in ...)
+ TODO: check
+CVE-2025-58087 (Multiple reflected cross-site scripting (xss) vulnerabilities
exist in ...)
+ TODO: check
+CVE-2025-58080 (A reflected cross-site scripting (xss) vulnerability exists in
the mod ...)
+ TODO: check
+CVE-2025-57881 (A reflected cross-site scripting (xss) vulnerability exists in
the mod ...)
+ TODO: check
+CVE-2025-57787 (A reflected cross-site scripting (xss) vulnerability exists in
the mod ...)
+ TODO: check
+CVE-2025-57786 (A reflected cross-site scripting (xss) vulnerability exists in
the not ...)
+ TODO: check
+CVE-2025-56353 (In tinyMQTT commit 6226ade15bd4f97be2d196352e64dd10937c1962
(2024-02-1 ...)
+ TODO: check
+CVE-2025-56005 (An undocumented and unsafe feature in the PLY (Python
Lex-Yacc) librar ...)
+ TODO: check
+CVE-2025-55423 (ipTIME routers A2003NS-MU 10.00.6 to 12.16.2 , N600 10.00.8 to
12.16.2 ...)
+ TODO: check
+CVE-2025-55071 (A reflected cross-site scripting (xss) vulnerability exists in
the mod ...)
+ TODO: check
+CVE-2025-54861 (A reflected cross-site scripting (xss) vulnerability exists in
the mod ...)
+ TODO: check
+CVE-2025-54853 (A reflected cross-site scripting (xss) vulnerability exists in
the mod ...)
+ TODO: check
+CVE-2025-54852 (A reflected cross-site scripting (xss) vulnerability exists in
the mod ...)
+ TODO: check
+CVE-2025-54817 (A reflected cross-site scripting (xss) vulnerability exists in
the aut ...)
+ TODO: check
+CVE-2025-54814 (A reflected cross-site scripting (xss) vulnerability exists in
the mod ...)
+ TODO: check
+CVE-2025-54778 (A reflected cross-site scripting (xss) vulnerability exists in
the exi ...)
+ TODO: check
+CVE-2025-54495 (A reflected cross-site scripting (xss) vulnerability exists in
the ema ...)
+ TODO: check
+CVE-2025-54157 (A reflected cross-site scripting (xss) vulnerability exists in
the enc ...)
+ TODO: check
+CVE-2025-53912 (An arbitrary file read vulnerability exists in the
encapsulatedDoc fun ...)
+ TODO: check
+CVE-2025-53854 (A reflected cross-site scripting (xss) vulnerability exists in
the mod ...)
+ TODO: check
+CVE-2025-53707 (A reflected cross-site scripting (xss) vulnerability exists in
the mod ...)
+ TODO: check
+CVE-2025-53516 (A reflected cross-site scripting (xss) vulnerability exists in
the dow ...)
+ TODO: check
+CVE-2025-46270 (A reflected cross-site scripting (xss) vulnerability exists in
the fet ...)
+ TODO: check
+CVE-2025-44000 (A reflected cross-site scripting (xss) vulnerability exists in
the sen ...)
+ TODO: check
+CVE-2025-41768 (On an instance of TwinCAT 3 HMI Server running on a device an
authenti ...)
+ TODO: check
+CVE-2025-41084 (Stored Cross-Site Scripting (XSS) vulnerability in Sesame web
applicat ...)
+ TODO: check
+CVE-2025-41081 (Reflected Cross-Site Scripting (XSS) vulnerability in IsMyGym
by Zuinq ...)
+ TODO: check
+CVE-2025-41025 (Stored Cross-Site Scripting (XSS) in Poultry Farm Management
System v1 ...)
+ TODO: check
+CVE-2025-41024 (Stored Cross-Site Scripting (XSS) in Poultry Farm Management
System v1 ...)
+ TODO: check
+CVE-2025-40679 (HTML Injection vulnerability in Isshue by Bdtask,
consisting os an ...)
+ TODO: check
+CVE-2025-40644 (Reflected Cross-Site Scripting (XSS) vulnerability in
Riftzilla's QRGe ...)
+ TODO: check
+CVE-2025-36556 (A reflected cross-site scripting (xss) vulnerability exists in
the lda ...)
+ TODO: check
+CVE-2025-36419 (IBM ApplinX 11.1 could disclose sensitive information about
server arc ...)
+ TODO: check
+CVE-2025-36418 (IBM ApplinX 11.1 is vulnerable due to a privilege escalation
vulnerabi ...)
+ TODO: check
+CVE-2025-36411 (IBM ApplinX 11.1 is vulnerable to cross-site request forgery
which cou ...)
+ TODO: check
+CVE-2025-36410 (IBM ApplinX 11.1 could allow an authenticated user to perform
unauthor ...)
+ TODO: check
+CVE-2025-36409 (IBM ApplinX 11.1 is vulnerable to cross-site scripting. This
vulnerabi ...)
+ TODO: check
+CVE-2025-36408 (IBM ApplinX 11.1 is vulnerable to stored cross-site scripting.
This vu ...)
+ TODO: check
+CVE-2025-36397 (IBM Application Gateway 23.10 through 25.09 is vulnerable to
HTML inje ...)
+ TODO: check
+CVE-2025-36396 (IBM Application Gateway 23.10 through 25.09 is vulnerable to
cross-sit ...)
+ TODO: check
+CVE-2025-36115 (IBM Sterling Connect:Express Adapter for Sterling B2B
Integrator 5.2.0 ...)
+ TODO: check
+CVE-2025-36113 (IBM Sterling Connect:Express Adapter for Sterling B2B
Integrator 5.2.0 ...)
+ TODO: check
+CVE-2025-36066 (IBM Sterling Connect:Express Adapter for Sterling B2B
Integrator 5.2.0 ...)
+ TODO: check
+CVE-2025-36065 (IBM Sterling Connect:Express Adapter for Sterling B2B
Integrator 5.2.0 ...)
+ TODO: check
+CVE-2025-36063 (IBM Sterling Connect:Express Adapter for Sterling B2B
Integrator 5.2.0 ...)
+ TODO: check
+CVE-2025-36059 (IBM Business Automation Workflow containers 25.0.0 through
25.0.0 Inte ...)
+ TODO: check
+CVE-2025-36058 (IBM Business Automation Workflow containers 25.0.0 through
25.0.0 Inte ...)
+ TODO: check
+CVE-2025-33233 (NVIDIA Merlin Transformers4Rec for all platforms contains a
vulnerabil ...)
+ TODO: check
+CVE-2025-33231 (NVIDIA Nsight Systems for Windows contains a vulnerability in
the appl ...)
+ TODO: check
+CVE-2025-33230 (NVIDIA Nsight Systems for Linux contains a vulnerability in
the .run i ...)
+ TODO: check
+CVE-2025-33229 (NVIDIA Nsight Visual Studio for Windows contains a
vulnerability in Ns ...)
+ TODO: check
+CVE-2025-33228 (NVIDIA Nsight Systems contains a vulnerability in the
gfx_hotspot reci ...)
+ TODO: check
+CVE-2025-33015 (IBM Concert 1.0.0 through 2.1.0 is vulnerable to malicious
file upload ...)
+ TODO: check
+CVE-2025-1722 (IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker
to obtai ...)
+ TODO: check
+CVE-2025-1719 (IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker
to obtai ...)
+ TODO: check
+CVE-2025-15380 (The NotificationX \u2013 FOMO, Live Sales Notification,
WooCommerce Sa ...)
+ TODO: check
+CVE-2025-15347 (The Creator LMS \u2013 The LMS for Creators, Coaches, and
Trainers plu ...)
+ TODO: check
+CVE-2025-15043 (The The Events Calendar plugin for WordPress is vulnerable to
unauthor ...)
+ TODO: check
+CVE-2025-14883
+ REJECTED
+CVE-2025-14533 (The Advanced Custom Fields: Extended plugin for WordPress is
vulnerabl ...)
+ TODO: check
+CVE-2025-14377 (A security issue was discovered within the legacy Ansible
playbook com ...)
+ TODO: check
+CVE-2025-14376 (A security issue was discovered within the legacy ADI server
component ...)
+ TODO: check
+CVE-2025-14369 (dr_flac, an audio decoder within the dr_libs toolset, contains
an inte ...)
+ TODO: check
+CVE-2025-14115 (IBM Sterling Connect:Direct for UNIX Container 6.3.0.0 through
6.3.0.6 ...)
+ TODO: check
+CVE-2025-14027 (Multiple denial-of-service vulnerabilities exist in the
affected produ ...)
+ TODO: check
+CVE-2025-13925 (IBM Aspera Console 3.4.7 stores potentially sensitive
information in l ...)
+ TODO: check
+CVE-2025-12985 (IBM Licensing Operator incorrectly assigns privileges to
security crit ...)
+ TODO: check
+CVE-2025-11743 (A denial-of-service security issue in the affected product.
The securi ...)
+ TODO: check
+CVE-2025-15281 (Calling wordexp with WRDE_REUSE in conjunction with
WRDE_APPEND in the ...)
- glibc <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2026/01/20/3
NOTE: Inroduced with:
https://sourceware.org/git/?p=glibc.git;a=commit;h=8f2ece695d8822e9ecc63ecd157e90bf17a6fe65
@@ -3192,7 +3392,7 @@ CVE-2026-22250 (wlc is a Weblate command-line client
using Weblate's REST API. P
NOTE:
https://github.com/WeblateOrg/wlc/security/advisories/GHSA-2mmv-7rrp-g8xh
NOTE: https://github.com/WeblateOrg/wlc/pull/1097
NOTE: Fixed by:
https://github.com/WeblateOrg/wlc/commit/a513864ec4daad00146e6d6e039559726e256fa3
(1.17.0)
-CVE-2026-22200 (Enhancesoft osTicket versions 1.18.3 contain an arbitrary file
read vu ...)
+CVE-2026-22200 (Enhancesoft osTicket versions 1.18.x prior to 1.18.3 and
1.17.x prior ...)
NOT-FOR-US: osTicket
CVE-2026-22050 (ONTAP versions 9.16.1 prior to 9.16.1P9 and 9.17.1 prior to
9.17.1P2 w ...)
NOT-FOR-US: NetApp
@@ -21640,6 +21840,7 @@ CVE-2025-12385 (Allocation of Resources Without Limits
or Throttling, Improper V
CVE-2025-12358 (The ShopEngine Elementor WooCommerce Builder Addon plugin for
WordPres ...)
NOT-FOR-US: WordPress plugin
CVE-2025-12084 (When building nested elements using xml.dom.minidom methods
such as ap ...)
+ {DLA-4445-1}
- python3.14 3.14.2-1
- python3.13 3.13.11-1
[trixie] - python3.13 <no-dsa> (Minor issue)
@@ -22335,6 +22536,7 @@ CVE-2025-23417 (A denial of service vulnerability
exists in the Modbus RTU over
CVE-2025-20085 (A denial of service vulnerability exists in the Modbus RTU
over TCP fu ...)
NOT-FOR-US: Socomec
CVE-2025-13837 (When loading a plist file, the plistlib module reads data in
size spec ...)
+ {DLA-4445-1}
- python3.14 3.14.2-1
- python3.13 3.13.11-1
[trixie] - python3.13 <no-dsa> (Minor issue)
@@ -22351,6 +22553,7 @@ CVE-2025-13837 (When loading a plist file, the plistlib
module reads data in siz
NOTE:
https://github.com/python/cpython/commit/71fa8eb8233b37f16c88b6e3e583b461b205d1ba
(v3.13.10)
NOTE: Introduced by:
https://github.com/python/cpython/commit/065266450ea5519a43bcc199e48d304f1e7038e8
(v3.4.2rc1)
CVE-2025-13836 (When reading an HTTP response from a server, if no read amount
is spec ...)
+ {DLA-4445-1}
- python3.14 3.14.2-1
- python3.13 3.13.11-1
[trixie] - python3.13 <no-dsa> (Minor issue)
@@ -29967,6 +30170,7 @@ CVE-2025-6176 (Scrapy versions up to 2.13.2 are
vulnerable to a denial of servic
NOTE: https://github.com/google/brotli/pull/1234
NOTE: Negligible security impact
CVE-2025-6075 (If the value passed to os.path.expandvars() is user-controlled
a perf ...)
+ {DLA-4445-1}
- python3.14 3.14.2-1
- python3.13 3.13.11-1
[trixie] - python3.13 <no-dsa> (Minor issue)
@@ -38028,7 +38232,7 @@ CVE-2025-10004 (GitLab has remediated an issue in
GitLab CE/EE affecting all ver
CVE-2025-11340 (GitLab has remediated an issue in GitLab EE affecting all
versions fro ...)
- gitlab <not-affected> (Specific to EE)
CVE-2025-8291 (The 'zipfile' module would not check the validity of the ZIP64
End of ...)
- {DLA-4354-1}
+ {DLA-4445-1 DLA-4354-1}
- python3.14 3.14.0-3
- python3.13 3.13.11-1
[trixie] - python3.13 <no-dsa> (Minor issue)
@@ -63456,6 +63660,7 @@ CVE-2025-8266 (A vulnerability has been found in
yanyutao0402 ChanCMS up to 3.1.
CVE-2025-8265 (A vulnerability classified as critical has been found in 299Ko
CMS 2.0 ...)
NOT-FOR-US: 299Ko CMS
CVE-2025-8194 (There is a defect in the CPython \u201ctarfile\u201d module
affecting ...)
+ {DLA-4445-1}
- python3.13 3.13.6-1 (bug #1124764)
[trixie] - python3.13 <no-dsa> (Minor issue)
- python3.12 <removed>
@@ -76747,7 +76952,7 @@ CVE-2025-6196 (A flaw was found in libgepub, a library
used to read EPUB files.
NOTE: https://gitlab.gnome.org/GNOME/libgepub/-/issues/18
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/libgepub/-/commit/70895c45364ef4ee827b39b2ed1c33723410e94c
(0.7.2)
CVE-2025-6069 (The html.parser.HTMLParser class had worse-case quadratic
complexity w ...)
- {DLA-4354-1}
+ {DLA-4445-1 DLA-4354-1}
- python3.13 3.13.6-1
[trixie] - python3.13 <no-dsa> (Minor issue)
- python3.12 <removed>
@@ -86114,6 +86319,7 @@ CVE-2025-4695 (A vulnerability was found in
PHPGurukul/Campcodes Cyber Cafe Mana
CVE-2025-4564 (The TicketBAI Facturas para WooCommerce plugin for WordPress is
vulner ...)
NOT-FOR-US: WordPress plugin
CVE-2025-4516 (There is an issue in CPython when using
`bytes.decode("unicode_escape" ...)
+ {DLA-4445-1}
- python3.13 3.13.3-4
- python3.12 <removed>
- python3.11 <removed>
@@ -331579,7 +331785,7 @@ CVE-2022-37456
CVE-2022-37455
RESERVED
CVE-2022-37454 (The Keccak XKCP SHA-3 reference implementation before fdc6fef
has an i ...)
- {DSA-5277-1 DSA-5269-1 DSA-5267-1 DLA-3243-1 DLA-3175-1 DLA-3174-1}
+ {DSA-5277-1 DSA-5269-1 DSA-5267-1 DLA-4445-1 DLA-3243-1 DLA-3175-1
DLA-3174-1}
- php8.1 8.1.12-1
- php7.4 <removed>
- php7.3 <removed>
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a2de2f442c0d30a45abc0efd2457a74ff4fdd9da
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a2de2f442c0d30a45abc0efd2457a74ff4fdd9da
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
