[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Tue, 27 Jan 2026 00:13:22 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
963ab16f by security tracker role at 2026-01-27T08:12:58+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,71 @@
+CVE-2026-24686 (go-tuf is a Go implementation of The Update Framework (TUF). 
go-tuf's  ...)
+       TODO: check
+CVE-2026-24490 (MobSF is a mobile application security testing tool used. 
Prior to ver ...)
+       TODO: check
+CVE-2026-24489 (Gakido is a Python HTTP client focused on browser 
impersonation and an ...)
+       TODO: check
+CVE-2026-24486 (Python-Multipart is a streaming multipart parser for Python. 
Prior to  ...)
+       TODO: check
+CVE-2026-24480 (QGIS is a free, open source, cross platform geographical 
information s ...)
+       TODO: check
+CVE-2026-24479 (HUSTOF is an open source online judge based on 
PHP/C++/MySQL/Linux for ...)
+       TODO: check
+CVE-2026-24478 (AnythingLLM is an application that turns pieces of content 
into contex ...)
+       TODO: check
+CVE-2026-24477 (AnythingLLM is an application that turns pieces of content 
into contex ...)
+       TODO: check
+CVE-2026-24476 (Shaarli is a personal bookmarking service. Prior to version 
0.16.0, cr ...)
+       TODO: check
+CVE-2026-24470 (Skipper is an HTTP router and reverse proxy for service 
composition. P ...)
+       TODO: check
+CVE-2026-24408 (sigstore-python is a Python tool for generating and verifying 
Sigstore ...)
+       TODO: check
+CVE-2026-24400 (AssertJ provides Fluent testing assertions for Java and the 
Java Virtu ...)
+       TODO: check
+CVE-2026-24131 (pnpm is a package manager. Prior to version 10.28.2, when pnpm 
process ...)
+       TODO: check
+CVE-2026-24123 (BentoML is a Python library for building online serving 
systems optimi ...)
+       TODO: check
+CVE-2026-24056 (pnpm is a package manager. Prior to version 10.28.2, when pnpm 
install ...)
+       TODO: check
+CVE-2026-24003 (EVerest is an EV charging software stack. In versions up to 
and includ ...)
+       TODO: check
+CVE-2026-23890 (pnpm is a package manager. Prior to version 10.28.1, a path 
traversal  ...)
+       TODO: check
+CVE-2026-23889 (pnpm is a package manager. Prior to version 10.28.1, a path 
traversal  ...)
+       TODO: check
+CVE-2026-23888 (pnpm is a package manager. Prior to version 10.28.1, a path 
traversal  ...)
+       TODO: check
+CVE-2026-23683 (SAP Fiori App Intercompany Balance Reconciliation does not 
perform nec ...)
+       TODO: check
+CVE-2026-22709 (vm2 is an open source vm/sandbox for Node.js. In vm2 prior to 
version  ...)
+       TODO: check
+CVE-2026-22696 (dcap-qvl implements the quote verification logic for DCAP 
(Data Center ...)
+       TODO: check
+CVE-2026-21408 (beat-access for Windows version 3.0.3 and prior contains an 
issue with ...)
+       TODO: check
+CVE-2026-1449 (A flaw has been found in Hisense TransTech Smart Bus Management 
System ...)
+       TODO: check
+CVE-2026-1448 (A vulnerability was detected in D-Link DIR-615 up to 4.10. This 
impact ...)
+       TODO: check
+CVE-2026-1445 (A vulnerability was found in iJason-Liu Books_Manager up to 
298ba73638 ...)
+       TODO: check
+CVE-2026-1444 (A vulnerability has been found in iJason-Liu Books_Manager up 
to 298ba ...)
+       TODO: check
+CVE-2026-1443 (A flaw has been found in code-projects Online Music Site 1.0. 
Affected ...)
+       TODO: check
+CVE-2026-1361 (ASDA-Soft Stack-based Buffer Overflow Vulnerability)
+       TODO: check
+CVE-2025-59473 (SQL Injection vulnerability in the Structure for Admin 
authenticated u ...)
+       TODO: check
+CVE-2025-59472 (A denial of service vulnerability exists in Next.js versions 
with Part ...)
+       TODO: check
+CVE-2025-59471 (A denial of service vulnerability exists in self-hosted 
Next.js applic ...)
+       TODO: check
+CVE-2025-30248 (DLL hijacking in the WD Discovery Installer in Western Digital 
WD Disc ...)
+       TODO: check
+CVE-2025-14971 (The Link Invoice Payment for WooCommerce plugin for WordPress 
is vulne ...)
+       TODO: check
 CVE-2026-24440 (Shenzhen Tenda W30E V2 firmware versions up to and including 
V16.01.0. ...)
        NOT-FOR-US: Tenda
 CVE-2026-24439 (Shenzhen Tenda W30E V2 firmware versions up to and including 
V16.01.0. ...)
@@ -2398,7 +2466,7 @@ CVE-2026-21947 (Vulnerability in Oracle Java SE 
(component: JavaFX).  Supported
 CVE-2026-21946 (Vulnerability in the JD Edwards EnterpriseOne Tools product of 
Oracle  ...)
        NOT-FOR-US: Oracle
 CVE-2026-21945 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, 
Oracle Gr ...)
-       {DSA-6110-1 DLA-4457-1 DLA-4456-1}
+       {DSA-6112-1 DSA-6110-1 DLA-4457-1 DLA-4456-1}
        - openjdk-8 <unfixed> (bug #1126119)
        - openjdk-11 11.0.30+7-1
        - openjdk-17 17.0.18+8-1
@@ -2428,7 +2496,7 @@ CVE-2026-21935 (Vulnerability in the Oracle Solaris 
product of Oracle Systems (c
 CVE-2026-21934 (Vulnerability in the PeopleSoft Enterprise PeopleTools product 
of Orac ...)
        NOT-FOR-US: Oracle
 CVE-2026-21933 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, 
Oracle Gr ...)
-       {DSA-6110-1 DLA-4457-1 DLA-4456-1}
+       {DSA-6112-1 DSA-6110-1 DLA-4457-1 DLA-4456-1}
        - openjdk-8 <unfixed> (bug #1126119)
        - openjdk-11 11.0.30+7-1
        - openjdk-17 17.0.18+8-1
@@ -2436,7 +2504,7 @@ CVE-2026-21933 (Vulnerability in the Oracle Java SE, 
Oracle GraalVM for JDK, Ora
        - openjdk-25 25.0.2+10-1
        NOTE: https://openjdk.org/groups/vulnerability/advisories/2026-01-20
 CVE-2026-21932 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, 
Oracle Gr ...)
-       {DSA-6110-1 DLA-4457-1 DLA-4456-1}
+       {DSA-6112-1 DSA-6110-1 DLA-4457-1 DLA-4456-1}
        - openjdk-8 <unfixed> (bug #1126119)
        - openjdk-11 11.0.30+7-1
        - openjdk-17 17.0.18+8-1
@@ -2456,7 +2524,7 @@ CVE-2026-21927 (Vulnerability in the Oracle Solaris 
product of Oracle Systems (c
 CVE-2026-21926 (Vulnerability in the Siebel CRM Deployment product of Oracle 
Siebel CR ...)
        NOT-FOR-US: Oracle
 CVE-2026-21925 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, 
Oracle Gr ...)
-       {DSA-6110-1 DLA-4457-1 DLA-4456-1}
+       {DSA-6112-1 DSA-6110-1 DLA-4457-1 DLA-4456-1}
        - openjdk-8 <unfixed> (bug #1126119)
        - openjdk-11 11.0.30+7-1
        - openjdk-17 17.0.18+8-1
@@ -2867,7 +2935,7 @@ CVE-2026-22022 (Deployments of Apache Solr 5.3.0 through 
9.10.0 that rely on Sol
 CVE-2026-22444 (The "create core" API of Apache Solr 8.6 through 9.10.0 lacks 
sufficie ...)
        - lucene-solr <not-affected> (Vulnerable code introduced later)
 CVE-2026-23952 (ImageMagick is free and open-source software used for editing 
and mani ...)
-       {DLA-4448-1}
+       {DSA-6111-1 DLA-4448-1}
        - imagemagick 8:7.1.2.13+dfsg1-1 (bug #1126077)
        NOTE: 
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5vx3-wx4q-6cj8
        NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick/commit/1eefab41bc0ab1c6c2c1fd3e4a49e3ee1849751d
 (7.1.2-13)
@@ -2919,7 +2987,7 @@ CVE-2026-23880 (OnboardLite is a comprehensive membership 
lifecycle platform bui
 CVE-2026-23877 (Swing Music is a self-hosted music player for local audio 
files. Prior ...)
        NOT-FOR-US: Swing Music
 CVE-2026-23876 (ImageMagick is free and open-source software used for editing 
and mani ...)
-       {DLA-4448-1}
+       {DSA-6111-1 DLA-4448-1}
        - imagemagick 8:7.1.2.13+dfsg1-1 (bug #1126076)
        NOTE: 
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r49w-jqq3-3gx8
        NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick/commit/2fae24192b78fdfdd27d766fd21d90aeac6ea8b8
 (7.1.2-13)
@@ -2927,7 +2995,7 @@ CVE-2026-23876 (ImageMagick is free and open-source 
software used for editing an
 CVE-2026-23875 (CrawlChat is an open-source, AI-powered platform that 
transforms techn ...)
        NOT-FOR-US: CrawlChat
 CVE-2026-23874 (ImageMagick is free and open-source software used for editing 
and mani ...)
-       {DLA-4448-1}
+       {DSA-6111-1 DLA-4448-1}
        - imagemagick 8:7.1.2.13+dfsg1-1 (bug #1126075)
        NOTE: 
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-9vj4-wc7r-p844
        NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick/commit/2a09644b10a5b146e0a7c63b778bd74a112ebec3
 (7.1.2-13)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/963ab16f94de2710007937872a0a9529b6b0a23e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/963ab16f94de2710007937872a0a9529b6b0a23e
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to