Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2ba88228 by security tracker role at 2026-01-21T08:12:59+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,209 @@
+CVE-2026-24061 (telnetd in GNU Inetutils through 2.7 allows remote
authentication bypa ...)
+ TODO: check
+CVE-2026-24026
+ REJECTED
+CVE-2026-24025
+ REJECTED
+CVE-2026-24024
+ REJECTED
+CVE-2026-24023
+ REJECTED
+CVE-2026-24022
+ REJECTED
+CVE-2026-24021
+ REJECTED
+CVE-2026-24020
+ REJECTED
+CVE-2026-24016 (The installer of ServerView Agents for Windows provided by
Fsas Techno ...)
+ TODO: check
+CVE-2026-22976 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
+ TODO: check
+CVE-2026-21990 (Vulnerability in the Oracle VM VirtualBox product of Oracle
Virtualiza ...)
+ TODO: check
+CVE-2026-21989 (Vulnerability in the Oracle VM VirtualBox product of Oracle
Virtualiza ...)
+ TODO: check
+CVE-2026-21988 (Vulnerability in the Oracle VM VirtualBox product of Oracle
Virtualiza ...)
+ TODO: check
+CVE-2026-21987 (Vulnerability in the Oracle VM VirtualBox product of Oracle
Virtualiza ...)
+ TODO: check
+CVE-2026-21986 (Vulnerability in the Oracle VM VirtualBox product of Oracle
Virtualiza ...)
+ TODO: check
+CVE-2026-21985 (Vulnerability in the Oracle VM VirtualBox product of Oracle
Virtualiza ...)
+ TODO: check
+CVE-2026-21984 (Vulnerability in the Oracle VM VirtualBox product of Oracle
Virtualiza ...)
+ TODO: check
+CVE-2026-21983 (Vulnerability in the Oracle VM VirtualBox product of Oracle
Virtualiza ...)
+ TODO: check
+CVE-2026-21982 (Vulnerability in the Oracle VM VirtualBox product of Oracle
Virtualiza ...)
+ TODO: check
+CVE-2026-21981 (Vulnerability in the Oracle VM VirtualBox product of Oracle
Virtualiza ...)
+ TODO: check
+CVE-2026-21980 (Vulnerability in the Oracle Life Sciences Central Coding
product of Or ...)
+ TODO: check
+CVE-2026-21979 (Vulnerability in the Oracle Planning and Budgeting Cloud
Service produ ...)
+ TODO: check
+CVE-2026-21978 (Vulnerability in the Oracle FLEXCUBE Universal Banking product
of Orac ...)
+ TODO: check
+CVE-2026-21977 (Vulnerability in the Oracle Zero Data Loss Recovery Appliance
Software ...)
+ TODO: check
+CVE-2026-21976 (Vulnerability in the Oracle Business Intelligence Enterprise
Edition p ...)
+ TODO: check
+CVE-2026-21975 (Vulnerability in the Java VM component of Oracle Database
Server. Sup ...)
+ TODO: check
+CVE-2026-21974 (Vulnerability in the Oracle Life Sciences Central Designer
product of ...)
+ TODO: check
+CVE-2026-21973 (Vulnerability in the Oracle FLEXCUBE Investor Servicing
product of Ora ...)
+ TODO: check
+CVE-2026-21972 (Vulnerability in the Oracle Configurator product of Oracle
E-Business ...)
+ TODO: check
+CVE-2026-21971 (Vulnerability in the PeopleSoft Enterprise SCM Purchasing
product of O ...)
+ TODO: check
+CVE-2026-21970 (Vulnerability in the Oracle Life Sciences Central Designer
product of ...)
+ TODO: check
+CVE-2026-21969 (Vulnerability in the Oracle Agile Product Lifecycle Management
for Pro ...)
+ TODO: check
+CVE-2026-21968 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ TODO: check
+CVE-2026-21967 (Vulnerability in the Oracle Hospitality OPERA 5 product of
Oracle Hosp ...)
+ TODO: check
+CVE-2026-21966 (Vulnerability in the Oracle Hospitality OPERA 5 Property
Services prod ...)
+ TODO: check
+CVE-2026-21965 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ TODO: check
+CVE-2026-21964 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ TODO: check
+CVE-2026-21963 (Vulnerability in the Oracle VM VirtualBox product of Oracle
Virtualiza ...)
+ TODO: check
+CVE-2026-21962 (Vulnerability in the Oracle HTTP Server, Oracle Weblogic
Server Proxy ...)
+ TODO: check
+CVE-2026-21961 (Vulnerability in the PeopleSoft Enterprise HCM Human Resources
product ...)
+ TODO: check
+CVE-2026-21960 (Vulnerability in the Oracle Applications DBA product of Oracle
E-Busin ...)
+ TODO: check
+CVE-2026-21959 (Vulnerability in the Oracle Workflow product of Oracle
E-Business Suit ...)
+ TODO: check
+CVE-2026-21957 (Vulnerability in the Oracle VM VirtualBox product of Oracle
Virtualiza ...)
+ TODO: check
+CVE-2026-21956 (Vulnerability in the Oracle VM VirtualBox product of Oracle
Virtualiza ...)
+ TODO: check
+CVE-2026-21955 (Vulnerability in the Oracle VM VirtualBox product of Oracle
Virtualiza ...)
+ TODO: check
+CVE-2026-21952 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ TODO: check
+CVE-2026-21951 (Vulnerability in the PeopleSoft Enterprise PeopleTools product
of Orac ...)
+ TODO: check
+CVE-2026-21950 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ TODO: check
+CVE-2026-21949 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ TODO: check
+CVE-2026-21948 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ TODO: check
+CVE-2026-21947 (Vulnerability in Oracle Java SE (component: JavaFX).
Supported versio ...)
+ TODO: check
+CVE-2026-21946 (Vulnerability in the JD Edwards EnterpriseOne Tools product of
Oracle ...)
+ TODO: check
+CVE-2026-21945 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK,
Oracle Gr ...)
+ TODO: check
+CVE-2026-21944 (Vulnerability in the Oracle Agile Product Lifecycle Management
for Pro ...)
+ TODO: check
+CVE-2026-21943 (Vulnerability in the Oracle Scripting product of Oracle
E-Business Sui ...)
+ TODO: check
+CVE-2026-21942 (Vulnerability in the Oracle Solaris product of Oracle Systems
(compone ...)
+ TODO: check
+CVE-2026-21941 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ TODO: check
+CVE-2026-21940 (Vulnerability in the Oracle Agile PLM product of Oracle Supply
Chain ( ...)
+ TODO: check
+CVE-2026-21939 (Vulnerability in the SQLcl component of Oracle Database
Server. Suppo ...)
+ TODO: check
+CVE-2026-21938 (Vulnerability in the PeopleSoft Enterprise PeopleTools product
of Orac ...)
+ TODO: check
+CVE-2026-21937 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ TODO: check
+CVE-2026-21936 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ TODO: check
+CVE-2026-21935 (Vulnerability in the Oracle Solaris product of Oracle Systems
(compone ...)
+ TODO: check
+CVE-2026-21934 (Vulnerability in the PeopleSoft Enterprise PeopleTools product
of Orac ...)
+ TODO: check
+CVE-2026-21933 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK,
Oracle Gr ...)
+ TODO: check
+CVE-2026-21932 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK,
Oracle Gr ...)
+ TODO: check
+CVE-2026-21931 (Vulnerability in the Oracle APEX Sample Applications product
of Oracle ...)
+ TODO: check
+CVE-2026-21930 (Vulnerability in the Oracle ZFS Storage Appliance Kit product
of Oracl ...)
+ TODO: check
+CVE-2026-21929 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ TODO: check
+CVE-2026-21928 (Vulnerability in the Oracle Solaris product of Oracle Systems
(compone ...)
+ TODO: check
+CVE-2026-21927 (Vulnerability in the Oracle Solaris product of Oracle Systems
(compone ...)
+ TODO: check
+CVE-2026-21926 (Vulnerability in the Siebel CRM Deployment product of Oracle
Siebel CR ...)
+ TODO: check
+CVE-2026-21925 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK,
Oracle Gr ...)
+ TODO: check
+CVE-2026-21924 (Vulnerability in the Oracle Utilities Application Framework
product of ...)
+ TODO: check
+CVE-2026-21923 (Vulnerability in the Oracle Life Sciences Central Designer
product of ...)
+ TODO: check
+CVE-2026-21922 (Vulnerability in the Oracle Planning and Budgeting Cloud
Service produ ...)
+ TODO: check
+CVE-2026-21664 (HackerOne community member Huynh Pham Thanh Luc (nigh7c0r3)
has report ...)
+ TODO: check
+CVE-2026-21663 (HackerOne community member Patrick Lang (7yr) has reported a
reflected ...)
+ TODO: check
+CVE-2026-21642 (HackerOne community member Patrick Lang (7yr) has reported a
reflected ...)
+ TODO: check
+CVE-2026-21641 (HackerOne community member Jad Ghamloush (0xjad) has reported
an autho ...)
+ TODO: check
+CVE-2026-21640 (HackerOne community member Faraz Ahmed (PakCyberbot) has
reported a fo ...)
+ TODO: check
+CVE-2026-1035 (A flaw was found in the Keycloak server during refresh token
processin ...)
+ TODO: check
+CVE-2026-0933 (SummaryA command injection vulnerability (CWE-78) has been
found to ex ...)
+ TODO: check
+CVE-2026-0865 (User-controlled header names and values containing newlines can
allow ...)
+ TODO: check
+CVE-2026-0672 (When using http.cookies.Morsel, user-controlled cookie values
and para ...)
+ TODO: check
+CVE-2025-68133 (EVerest is an EV charging software stack. In versions 2025.9.0
and bel ...)
+ TODO: check
+CVE-2025-66902 (An input validation issue in in Pithikos websocket-server
v.0.6.4 allo ...)
+ TODO: check
+CVE-2025-66692 (A buffer over-read in the PublicKey::verify() method of
Binance - Trus ...)
+ TODO: check
+CVE-2025-63648 (A NULL pointer dereference in the
dacp_reply_playqueueedit_move functi ...)
+ TODO: check
+CVE-2025-63647 (A NULL pointer dereference in the parse_meta function
(src/httpd_daap. ...)
+ TODO: check
+CVE-2025-58744 (Use of Default Credentials, Hard-coded Credentials
vulnerability inC2S ...)
+ TODO: check
+CVE-2025-58743 (Use of a Broken or Risky Cryptographic Algorithm (DES)
vulnerability ...)
+ TODO: check
+CVE-2025-58742 (Insufficiently Protected Credentials, Improper Restriction of
Communic ...)
+ TODO: check
+CVE-2025-58741 (Insufficiently Protected Credentials vulnerability in the
Credential F ...)
+ TODO: check
+CVE-2025-58740 (The use of a hard-coded encryption key in calls to the
Password functi ...)
+ TODO: check
+CVE-2025-57156 (NULL pointer dereference in the dacp_reply_playqueueedit_clear
functio ...)
+ TODO: check
+CVE-2025-57155 (NULL pointer dereference in the daap_reply_groups function in
src/http ...)
+ TODO: check
+CVE-2025-15521 (The Academy LMS \u2013 WordPress LMS Plugin for Complete
eLearning Sol ...)
+ TODO: check
+CVE-2025-15367 (The poplib module, when passed a user-controlled command, can
have add ...)
+ TODO: check
+CVE-2025-15366 (The imaplib module, when passed a user-controlled command, can
have ad ...)
+ TODO: check
+CVE-2025-15282 (User-controlled data URLs parsed by urllib.request.DataHandler
allow i ...)
+ TODO: check
+CVE-2025-14559 (A flaw was found in the keycloak-services component of
Keycloak. This ...)
+ TODO: check
+CVE-2025-11468 (When folding a long comment in an email header containing
exclusively ...)
+ TODO: check
CVE-2026-XXXX [inetutils: remote authentication by-pass in telnet]
- inetutils 2:2.7-2
NOTE:
https://lists.gnu.org/archive/html/bug-inetutils/2026-01/msg00004.html
@@ -1555,6 +1761,7 @@ CVE-2021-47753 (phpKF CMS 3.00 Beta y6 contains an
unauthenticated file upload v
CVE-2021-47752 (AWebServer GhostBuilding 18 contains a denial of service
vulnerability ...)
NOT-FOR-US: AWebServer GhostBuilding
CVE-2026-22797 (An issue was discovered in OpenStack keystonemiddleware 10.5
through 1 ...)
+ {DSA-6104-1}
- python-keystonemiddleware 10.12.0-3 (bug #1125680)
[bookworm] - python-keystonemiddleware <not-affected> (Vulnerable code
not present)
[bullseye] - python-keystonemiddleware <not-affected> (Vulnerable code
not present)
@@ -2319,28 +2526,28 @@ CVE-2020-36919 (WPForms 1.7.8 contains a cross-site
scripting vulnerability in t
NOT-FOR-US: WPForms
CVE-2020-36911 (Covenant 0.1.3 - 0.5 contains a remote code execution
vulnerability th ...)
NOT-FOR-US: Covenant
-CVE-2025-55132 [fs.futimes() Bypasses Read-Only Permission Model]
+CVE-2025-55132 (A flaw in Node.js's permission model allows a file's access
and modifi ...)
- nodejs 22.22.0+dfsg+~cs22.19.6-1
NOTE:
https://nodejs.org/en/blog/vulnerability/december-2025-security-releases#fsfutimes-bypasses-read-only-permission-model-cve-2025-55132---low
-CVE-2026-21637 [TLS PSK/ALPN Callback Exceptions Bypass Error Handlers,
Causing DoS and FD Leak]
+CVE-2026-21637 (A flaw in Node.js TLS error handling allows remote attackers
to crash ...)
- nodejs 22.22.0+dfsg+~cs22.19.6-1
NOTE:
https://nodejs.org/en/blog/vulnerability/december-2025-security-releases#tls-pskalpn-callback-exceptions-bypass-error-handlers-causing-dos-and-fd-leak-cve-2026-21637---medium
-CVE-2026-21636 [Node.js permission model bypass via unchecked Unix Domain
Socket connections (UDS)]
+CVE-2026-21636 (A flaw in Node.js's permission model allows Unix Domain Socket
(UDS) c ...)
- nodejs <not-affected> (Only affects Node.js v25)
NOTE:
https://nodejs.org/en/blog/vulnerability/december-2025-security-releases#nodejs-permission-model-bypass-via-unchecked-unix-domain-socket-connections-uds-cve-2026-21636---medium
-CVE-2025-59464 [Memory leak that enables remote Denial of Service against
applications processing TLS client certificates]
+CVE-2025-59464 (A memory leak in Node.js\u2019s OpenSSL integration occurs
when conver ...)
- nodejs <not-affected> (Only affects Node.js v24 releases and fixed in
v24.12.0)
NOTE:
https://nodejs.org/en/blog/vulnerability/december-2025-security-releases#memory-leak-that-enables-remote-denial-of-service-against-applications-processing-tls-client-certificates-cve-2025-59464---medium
-CVE-2025-59466 [Uncatchable "Maximum call stack size exceeded" error on
Node.js via async_hooks leads to process crashes bypassing error handlers]
+CVE-2025-59466 (We have identified a bug in Node.js error handling where
"Maximum call ...)
- nodejs 22.22.0+dfsg+~cs22.19.6-1
NOTE:
https://nodejs.org/en/blog/vulnerability/december-2025-security-releases#uncatchable-maximum-call-stack-size-exceeded-error-on-nodejs-via-async_hooks-leads-to-process-crashes-bypassing-error-handlers-cve-2025-59466---medium
-CVE-2025-59465 [Node.js HTTP/2 server crashes with unhandled error when
receiving malformed HEADERS frame]
+CVE-2025-59465 (A malformed `HTTP/2 HEADERS` frame with oversized, invalid
`HPACK` dat ...)
- nodejs 22.22.0+dfsg+~cs22.19.6-1
NOTE:
https://nodejs.org/en/blog/vulnerability/december-2025-security-releases#nodejs-http2-server-crashes-with-unhandled-error-when-receiving-malformed-headers-frame-cve-2025-59465---high
-CVE-2025-55130 [Bypass File System Permissions using crafted symlinks]
+CVE-2025-55130 (A flaw in Node.js\u2019s Permissions model allows attackers to
bypass ...)
- nodejs 22.22.0+dfsg+~cs22.19.6-1
NOTE:
https://nodejs.org/en/blog/vulnerability/december-2025-security-releases#bypass-file-system-permissions-using-crafted-symlinks-cve-2025-55130---high
-CVE-2025-55131 [Timeout-based race conditions make Uint8Array/Buffer.alloc
non-zerofilled]
+CVE-2025-55131 (A flaw in Node.js's buffer allocation logic can expose
uninitialized m ...)
- nodejs 22.22.0+dfsg+~cs22.19.6-1
NOTE:
https://nodejs.org/en/blog/vulnerability/december-2025-security-releases#timeout-based-race-conditions-make-uint8arraybufferalloc-non-zerofilled-cve-2025-55131---high
CVE-2026-0908 (Use after free in ANGLE in Google Chrome prior to 144.0.7559.59
allowe ...)
@@ -184124,7 +184331,7 @@ CVE-2024-37182 (Mattermost Desktop App versions
<=5.7.0 fail to correctly prompt
- mattermost-desktop <itp> (bug #831861)
CVE-2024-36656 (In MintHCM 4.0.3, a registered user can execute arbitrary
JavaScript c ...)
NOT-FOR-US: MintHCM
-CVE-2024-36600 (Buffer Overflow Vulnerability in libcdio in commit 4c840665
allows an ...)
+CVE-2024-36600 (Buffer Overflow Vulnerability in libcdio 2.2.0 (fixed in
2.3.0) allows ...)
- libcdio <not-affected> (Vulnerable code introduced later in
development version)
NOTE: https://github.com/gashasbi/My-Reports/tree/main/CVE-2024-36600
NOTE: Introduced by:
https://git.savannah.gnu.org/cgit/libcdio.git/commit/?id=4c840665c6d9cf2ff1cf0cd12f91b25030776c74
(master)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ba8822815f0bded52b8b3dac56c9c2c2b3295a4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ba8822815f0bded52b8b3dac56c9c2c2b3295a4
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
