Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e99547e0 by security tracker role at 2026-01-26T20:13:14+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,133 @@
+CVE-2026-24440 (Shenzhen Tenda W30E V2 firmware versions up to and including
V16.01.0. ...)
+ TODO: check
+CVE-2026-24439 (Shenzhen Tenda W30E V2 firmware versions up to and including
V16.01.0. ...)
+ TODO: check
+CVE-2026-24437 (Shenzhen Tenda W30E V2 firmware versions up to and including
V16.01.0. ...)
+ TODO: check
+CVE-2026-24436 (Shenzhen Tenda W30E V2 firmware versions up to and including
V16.01.0. ...)
+ TODO: check
+CVE-2026-24435 (Shenzhen Tenda W30E V2 firmware versions up to and including
V16.01.0. ...)
+ TODO: check
+CVE-2026-24433 (Shenzhen Tenda W30E V2 firmware versions up to and including
V16.01.0. ...)
+ TODO: check
+CVE-2026-24432 (Shenzhen Tenda W30E V2 firmware versions up to and including
V16.01.0. ...)
+ TODO: check
+CVE-2026-24431 (Shenzhen Tenda W30E V2 firmware versions up to and including
V16.01.0. ...)
+ TODO: check
+CVE-2026-24430 (Shenzhen Tenda W30E V2 firmware versions up to and including
V16.01.0. ...)
+ TODO: check
+CVE-2026-24429 (Shenzhen Tenda W30E V2 firmware versions up to and including
V16.01.0. ...)
+ TODO: check
+CVE-2026-24428 (Shenzhen Tenda W30E V2 firmware versions up to and including
V16.01.0. ...)
+ TODO: check
+CVE-2026-23864 (Multiple denial of service vulnerabilities exist in React
Server Compo ...)
+ TODO: check
+CVE-2026-21509 (Reliance on untrusted inputs in a security decision in
Microsoft Offic ...)
+ TODO: check
+CVE-2026-1446 (There is a Cross Site Scripting issue in Esri ArcGIS Pro
versions 3.6. ...)
+ TODO: check
+CVE-2026-1429 (Single Sign-On Portal System developed by WellChoose has a
Reflected C ...)
+ TODO: check
+CVE-2026-1428 (Single Sign-On Portal System developed by WellChoose has a OS
Command ...)
+ TODO: check
+CVE-2026-1427 (Single Sign-On Portal System developed by WellChoose has a OS
Command ...)
+ TODO: check
+CVE-2026-1284 (An Out-Of-Bounds Write vulnerability affecting the EPRT file
reading p ...)
+ TODO: check
+CVE-2026-1283 (A Heap-based Buffer Overflow vulnerability affecting the EPRT
file rea ...)
+ TODO: check
+CVE-2026-1224 (Tanium addressed an uncontrolled resource consumption
vulnerability in ...)
+ TODO: check
+CVE-2026-0925 (Tanium addressed an improper input validation vulnerability in
Discove ...)
+ TODO: check
+CVE-2025-9522 (Blind Server-Side Request Forgery (SSRF) in Omada Controllers
through ...)
+ TODO: check
+CVE-2025-9521 (Password Confirmation Bypass vulnerability in Omada
Controllers, allow ...)
+ TODO: check
+CVE-2025-9520 (An IDOR vulnerability exists in Omada Controllers that allows
an attac ...)
+ TODO: check
+CVE-2025-71178 (Crucial Storage Executive installer versions prior to
11.08.082025.00 ...)
+ TODO: check
+CVE-2025-70982 (Incorrect access control in the importUser function of
SpringBlade v4. ...)
+ TODO: check
+CVE-2025-70368 (Worklenz version 2.1.5 contains a Stored Cross-Site Scripting
(XSS) vu ...)
+ TODO: check
+CVE-2025-67274 (An issue in continuous.software aangine v.2025.2 allows a
remote attac ...)
+ TODO: check
+CVE-2025-59109 (The dormakaba registration units 9002 (PIN Pad Units) have an
exposed ...)
+ TODO: check
+CVE-2025-59108 (By default, the password for the Access Manager's web
interface, is se ...)
+ TODO: check
+CVE-2025-59107 (Dormakaba provides the software FWServiceTool to update the
firmware v ...)
+ TODO: check
+CVE-2025-59106 (The binary serving the web server and executing basically all
actions ...)
+ TODO: check
+CVE-2025-59105 (With physical access to the device and enough time an attacker
can des ...)
+ TODO: check
+CVE-2025-59104 (With physical access to the device and enough time an attacker
is able ...)
+ TODO: check
+CVE-2025-59103 (The Access Manager 92xx in hardware revision K7 is based on
Linux inst ...)
+ TODO: check
+CVE-2025-59102 (The web server of the Access Manager offers a functionality to
downloa ...)
+ TODO: check
+CVE-2025-59101 (Instead of typical session tokens or cookies, it is verified
on a per- ...)
+ TODO: check
+CVE-2025-59100 (The web interface offers a functionality to export the
internal SQLite ...)
+ TODO: check
+CVE-2025-59099 (The Access Manager is using the open source web server
CompactWebServe ...)
+ TODO: check
+CVE-2025-59098 (The Access Manager is offering a trace functionality to debug
errors a ...)
+ TODO: check
+CVE-2025-59097 (The exos 9300 application can be used to configure Access
Managers (e. ...)
+ TODO: check
+CVE-2025-59096 (The default password for the extended admin user mode in the
applicati ...)
+ TODO: check
+CVE-2025-59095 (The program libraries (DLL) and binaries used by exos 9300
contain mul ...)
+ TODO: check
+CVE-2025-59094 (A local privilege escalation vulnerability has been identified
in the ...)
+ TODO: check
+CVE-2025-59093 (Exos 9300 instances are using a randomly generated database
password t ...)
+ TODO: check
+CVE-2025-59092 (An RPC service, which is part of exos 9300, is reachable on
port 4000, ...)
+ TODO: check
+CVE-2025-59091 (Multiple hardcoded credentials have been identified, which are
allowed ...)
+ TODO: check
+CVE-2025-59090 (On the exos 9300 server, a SOAP API is reachable on port 8002.
This AP ...)
+ TODO: check
+CVE-2025-57785 (A Double Free in XSLT `show_index` has been identified in
Hiawatha web ...)
+ TODO: check
+CVE-2025-57784 (Tomahawk auth timing attack due to usage of `strcmp` has been
identifi ...)
+ TODO: check
+CVE-2025-57783 (Improper header parsing may lead to request smuggling has been
identif ...)
+ TODO: check
+CVE-2025-50537 (Stack overflow vulnerability in eslint before 9.26.0 when
serializing ...)
+ TODO: check
+CVE-2025-41083 (Vulnerability in Altitude Authentication Service and Altitude
Communic ...)
+ TODO: check
+CVE-2025-41082 (Illegal HTTP request traffic vulnerability (CL.0) in Altitude
Communic ...)
+ TODO: check
+CVE-2025-14756 (Command injection vulnerability was found in the admin
interface compo ...)
+ TODO: check
+CVE-2020-36960 (Forma LMS 2.3 contains a stored cross-site scripting
vulnerability tha ...)
+ TODO: check
+CVE-2020-36959 (IDT PC Audio 1.0.6499.0 contains an unquoted service path
vulnerabilit ...)
+ TODO: check
+CVE-2020-36958 (Kite 1.2020.1119.0 contains an unquoted service path
vulnerability in ...)
+ TODO: check
+CVE-2020-36957 (PDF Complete 3.5.310.2002 contains an unquoted service path
vulnerabil ...)
+ TODO: check
+CVE-2020-36956 (Openfire 4.6.0 contains a stored cross-site scripting
vulnerability in ...)
+ TODO: check
+CVE-2020-36955 (Grav CMS 1.6.30 with Admin Plugin 1.9.18 contains a persistent
cross-s ...)
+ TODO: check
+CVE-2020-36954 (Xeroneit Library Management System 3.1 contains a stored
cross-site sc ...)
+ TODO: check
+CVE-2020-36953 (MiniTool ShadowMaker 3.2 contains an unquoted service path
vulnerabili ...)
+ TODO: check
+CVE-2020-36952 (IObit Uninstaller 10 Pro contains an unquoted service path
vulnerabili ...)
+ TODO: check
+CVE-2016-15057 (** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of
Special Ele ...)
+ TODO: check
CVE-2026-1425 (A security flaw has been discovered in pymumu SmartDNS up to
47.1. Thi ...)
- smartdns <unfixed>
NOTE: Fixed by:
https://github.com/pymumu/smartdns/commit/2d57c4b4e1add9b4537aeb403f794a084727e1c8
@@ -53,9 +183,9 @@ CVE-2025-14973 (The Recipe Card Blocks Lite WordPress plugin
before 3.4.13 does
NOT-FOR-US: WordPress plugin
CVE-2025-14316 (The AhaChat Messenger Marketing WordPress plugin through 1.1
does not ...)
NOT-FOR-US: WordPress plugin
-CVE-2025-27821
+CVE-2025-27821 (Out-of-bounds Write vulnerability in Apache Hadoop HDFS native
client. ...)
- hadoop <itp> (bug #793644)
-CVE-2026-24656
+CVE-2026-24656 (Deserialization of Untrusted Data vulnerability in Apache
Karaf Decant ...)
- apache-karaf <itp> (bug #881297)
CVE-2026-1406 (A vulnerability was determined in lcg0124 BootDo up to
5ccd963c7405803 ...)
NOT-FOR-US: lcg0124 BootDo
@@ -2147,7 +2277,7 @@ CVE-2026-22977 (In the Linux kernel, the following
vulnerability has been resolv
NOTE:
https://git.kernel.org/linus/2a71a1a8d0ed718b1c7a9ac61f07e5755c47ae20 (6.19-rc5)
CVE-2026-1200
- liblivemedia <removed>
-CVE-2026-1190
+CVE-2026-1190 (A flaw was found in Keycloak's SAML brokering functionality.
When Keyc ...)
- keycloak <itp> (bug #1088287)
CVE-2026-0603 (A flaw was found in Hibernate. A remote attacker with low
privileges c ...)
NOT-FOR-US: Hibernate Core
@@ -2265,7 +2395,7 @@ CVE-2026-21947 (Vulnerability in Oracle Java SE
(component: JavaFX). Supported
CVE-2026-21946 (Vulnerability in the JD Edwards EnterpriseOne Tools product of
Oracle ...)
NOT-FOR-US: Oracle
CVE-2026-21945 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK,
Oracle Gr ...)
- {DSA-6110-1}
+ {DSA-6110-1 DLA-4457-1 DLA-4456-1}
- openjdk-8 <unfixed> (bug #1126119)
- openjdk-11 11.0.30+7-1
- openjdk-17 17.0.18+8-1
@@ -2295,7 +2425,7 @@ CVE-2026-21935 (Vulnerability in the Oracle Solaris
product of Oracle Systems (c
CVE-2026-21934 (Vulnerability in the PeopleSoft Enterprise PeopleTools product
of Orac ...)
NOT-FOR-US: Oracle
CVE-2026-21933 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK,
Oracle Gr ...)
- {DSA-6110-1}
+ {DSA-6110-1 DLA-4457-1 DLA-4456-1}
- openjdk-8 <unfixed> (bug #1126119)
- openjdk-11 11.0.30+7-1
- openjdk-17 17.0.18+8-1
@@ -2303,7 +2433,7 @@ CVE-2026-21933 (Vulnerability in the Oracle Java SE,
Oracle GraalVM for JDK, Ora
- openjdk-25 25.0.2+10-1
NOTE: https://openjdk.org/groups/vulnerability/advisories/2026-01-20
CVE-2026-21932 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK,
Oracle Gr ...)
- {DSA-6110-1}
+ {DSA-6110-1 DLA-4457-1 DLA-4456-1}
- openjdk-8 <unfixed> (bug #1126119)
- openjdk-11 11.0.30+7-1
- openjdk-17 17.0.18+8-1
@@ -2323,7 +2453,7 @@ CVE-2026-21927 (Vulnerability in the Oracle Solaris
product of Oracle Systems (c
CVE-2026-21926 (Vulnerability in the Siebel CRM Deployment product of Oracle
Siebel CR ...)
NOT-FOR-US: Oracle
CVE-2026-21925 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK,
Oracle Gr ...)
- {DSA-6110-1}
+ {DSA-6110-1 DLA-4457-1 DLA-4456-1}
- openjdk-8 <unfixed> (bug #1126119)
- openjdk-11 11.0.30+7-1
- openjdk-17 17.0.18+8-1
@@ -6097,7 +6227,7 @@ CVE-2025-14338 (Polkit authentication dis isabled by
default and a race conditio
NOT-FOR-US: InputPlumber
CVE-2025-66005 (Lack of authorization of the InputManager D-Bus interface in
InputPlum ...)
NOT-FOR-US: InputPlumber
-CVE-2025-14525
+CVE-2025-14525 (A flaw was found in kubevirt. A user within a virtual machine
(VM), if ...)
NOT-FOR-US: KubeVirt
CVE-2026-0843 (A vulnerability has been found in jiujiujia/victor123/wxw850227
jjjfoo ...)
NOT-FOR-US: jjjfood and jjjshop_food
@@ -6488,7 +6618,7 @@ CVE-2025-11453 (The Header and Footer Scripts plugin for
WordPress is vulnerable
NOT-FOR-US: WordPress plugin
CVE-2020-36875 (AccessAlly WordPress plugin versions prior to3.3.2 contain an
unauthen ...)
NOT-FOR-US: WordPress plugin
-CVE-2025-14459
+CVE-2025-14459 (A flaw was found in KubeVirt Containerized Data Importer
(CDI). This v ...)
NOT-FOR-US: Red Hat virt-cdi-controller
CVE-2025-51602 (mmstu.c in VideoLAN VLC media player before 3.0.22 allows an
out-of-bo ...)
{DSA-6082-1}
@@ -8267,7 +8397,7 @@ CVE-2025-68751 (In the Linux kernel, the following
vulnerability has been resolv
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/14e4e4175b64dd9216b522f6ece8af6997d063b2 (6.19-rc1)
-CVE-2026-0810 [RUSTSEC-2025-0140]
+CVE-2026-0810 (A flaw was found in gix-date. The
`gix_date::parse::TimeBuf::as_str` f ...)
- rust-gix-date <unfixed> (bug #1124687)
[trixie] - rust-gix-date <no-dsa> (Minor issue)
NOTE: https://rustsec.org/advisories/RUSTSEC-2025-0140.html
@@ -15167,7 +15297,7 @@ CVE-2025-14298 (The FiboSearch \u2013 Ajax Search for
WooCommerce plugin for Wor
NOT-FOR-US: WordPress plugin
CVE-2025-12492 (The Ultimate Member \u2013 User Profile, Registration, Login,
Member D ...)
NOT-FOR-US: WordPress plugin
-CVE-2025-14969
+CVE-2025-14969 (A flaw was found in Hibernate Reactive. When an HTTP endpoint
is expos ...)
NOT-FOR-US: Quarkus
CVE-2025-8065 (A buffer overflow vulnerability exists in the ONVIF XML parser
of Tapo ...)
NOT-FOR-US: Tp-Link
@@ -19045,7 +19175,7 @@ CVE-2025-66388 (A vulnerability in Apache Airflow
allowed authenticated UI users
- airflow <itp> (bug #819700)
CVE-2025-65995
- airflow <itp> (bug #819700)
-CVE-2025-9615 [avoid that non-admin user using other users' certificates]
+CVE-2025-9615 (A flaw was found in NetworkManager. The NetworkManager package
allows ...)
- network-manager 1.54.3-1
[trixie] - network-manager <ignored> (Intrusive and needs update across
the VPN plugin ecosystem to keep them functional)
[bookworm] - network-manager <ignored> (Intrusive and needs update
across the VPN plugin ecosystem to keep them functional)
@@ -27058,7 +27188,7 @@ CVE-2025-11003 (The UiPress lite | Effortless custom
dashboards, admin themes an
NOT-FOR-US: WordPress plugin
CVE-2025-10938 (The UiPress lite plugin for WordPress is vulnerable to
Sensitive Infor ...)
NOT-FOR-US: WordPress plugin
-CVE-2025-9820 [GNUTLS-SA-2025-11-18]
+CVE-2025-9820 (A flaw was found in the GnuTLS library, specifically in the
gnutls_pkc ...)
[experimental] - gnutls28 3.8.11-1
- gnutls28 3.8.11-3 (bug #1121146)
[trixie] - gnutls28 3.8.9-3+deb13u1
@@ -39126,7 +39256,7 @@ CVE-2011-20002 (A vulnerability has been identified in
SIMATIC S7-1200 CPU V1 fa
NOT-FOR-US: Siemens
CVE-2011-20001 (A vulnerability has been identified in SIMATIC S7-1200 CPU V1
family ( ...)
NOT-FOR-US: Siemens
-CVE-2025-11687
+CVE-2025-11687 (A flaw was found in the gi-docgen. This vulnerability allows
arbitrary ...)
- gi-docgen 2025.5-1 (bug #1118145)
[trixie] - gi-docgen <no-dsa> (Minor issue)
[bookworm] - gi-docgen <no-dsa> (Minor issue)
@@ -45204,7 +45334,7 @@ CVE-2025-11104 (A vulnerability was detected in
CodeAstro Electricity Billing Sy
NOT-FOR-US: CodeAstro
CVE-2025-11103 (A security vulnerability has been detected in Projectworlds
Online Tou ...)
NOT-FOR-US: Projectworlds Online Tours and Travels
-CVE-2025-11065 [May Leak Sensitive Information in Logs]
+CVE-2025-11065 (A flaw was found in github.com/go-viper/mapstructure/v2, in
the field ...)
- golang-github-go-viper-mapstructure 2.4.0-1 (bug #1116584)
[trixie] - golang-github-go-viper-mapstructure <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2391829
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e99547e016aa22cea78a8632f626b32a7a1be00d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e99547e016aa22cea78a8632f626b32a7a1be00d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
