Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a4a308bd by security tracker role at 2026-01-29T08:12:49+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,75 @@
+CVE-2026-25067 (SmarterTools SmarterMail versions prior to build 9518
containan unaut ...)
+ TODO: check
+CVE-2026-24897 (Erugo is a self-hosted file-sharing platform. In versions up
to and in ...)
+ TODO: check
+CVE-2026-24889 (soroban-sdk is a Rust SDK for Soroban contracts. Arithmetic
overflow c ...)
+ TODO: check
+CVE-2026-24888 (Maker.js is a 2D vector line drawing and shape modeling for
CNC and la ...)
+ TODO: check
+CVE-2026-24857 (`bulk_extractor` is a digital forensics exploitation tool.
Starting in ...)
+ TODO: check
+CVE-2026-24856 (iccDEV provides a set of libraries and tools that allow for
the intera ...)
+ TODO: check
+CVE-2026-24835 (Podman Desktop is a graphical tool for developing on
containers and Ku ...)
+ TODO: check
+CVE-2026-24769 (NocoDB is software for building databases as spreadsheets.
Prior to ve ...)
+ TODO: check
+CVE-2026-24768 (NocoDB is software for building databases as spreadsheets.
Prior to ve ...)
+ TODO: check
+CVE-2026-24767 (NocoDB is software for building databases as spreadsheets.
Prior to ve ...)
+ TODO: check
+CVE-2026-24766 (NocoDB is software for building databases as spreadsheets.
Prior to ve ...)
+ TODO: check
+CVE-2026-24742 (Discourse is an open source discussion platform. In versions
prior to ...)
+ TODO: check
+CVE-2026-24739 (Symfony is a PHP framework for web and console applications
and a set ...)
+ TODO: check
+CVE-2026-23743 (Discourse is an open source discussion platform. In versions
prior to ...)
+ TODO: check
+CVE-2026-1552 (A security vulnerability has been detected in SEMCMS 5.0. This
vulnera ...)
+ TODO: check
+CVE-2026-1551 (A weakness has been identified in itsourcecode School
Management Syste ...)
+ TODO: check
+CVE-2026-1550 (A security flaw has been discovered in PHPGurukul Hospital
Management ...)
+ TODO: check
+CVE-2026-1549 (A vulnerability was identified in jishenghua jshERP up to 3.6.
Affecte ...)
+ TODO: check
+CVE-2026-1548 (A flaw has been found in Totolink A7000R 4.1cu.4154. This
impacts the ...)
+ TODO: check
+CVE-2026-1547 (A vulnerability was detected in Totolink A7000R 4.1cu.4154.
This affec ...)
+ TODO: check
+CVE-2026-1546 (A security vulnerability has been detected in jishenghua jshERP
up to ...)
+ TODO: check
+CVE-2026-1545 (A weakness has been identified in itsourcecode School
Management Syste ...)
+ TODO: check
+CVE-2026-1544 (A security flaw has been discovered in D-Link DIR-823X 250416.
Impacte ...)
+ TODO: check
+CVE-2026-1535 (A security vulnerability has been detected in code-projects
Online Mus ...)
+ TODO: check
+CVE-2026-1534 (A weakness has been identified in code-projects Online Music
Site 1.0. ...)
+ TODO: check
+CVE-2026-1533 (A security flaw has been discovered in code-projects Online
Music Site ...)
+ TODO: check
+CVE-2026-1532 (A vulnerability was identified in D-Link DCS-700L 1.03.09. The
affecte ...)
+ TODO: check
+CVE-2025-71007 (An input validation vulnerability in the oneflow.index_add
component o ...)
+ TODO: check
+CVE-2025-71006 (A floating point exception (FPE) in the oneflow.reshape
component of O ...)
+ TODO: check
+CVE-2025-71005 (A floating point exception (FPE) in the oneflow.view component
of OneF ...)
+ TODO: check
+CVE-2025-71004 (A segmentation violation in the oneflow.logical_or component
of OneFlo ...)
+ TODO: check
+CVE-2025-71003 (An input validation vulnerability in the flow.arange()
component of On ...)
+ TODO: check
+CVE-2025-55704 (Hidden functionality issue exists in multiple MFPs provided by
Brother ...)
+ TODO: check
+CVE-2025-53869 (Multiple MFPs provided by Brother Industries, Ltd. does not
properly v ...)
+ TODO: check
+CVE-2025-15344 (Tanium addressed a SQL injection vulnerability in Asset.)
+ TODO: check
+CVE-2025-14975 (The Custom Login Page Customizer WordPress plugin before 2.5.4
does no ...)
+ TODO: check
CVE-2026-24775 (OpenProject is an open-source, web-based project management
software. ...)
NOT-FOR-US: OpenProject
CVE-2026-24772 (OpenProject is an open-source, web-based project management
software. ...)
@@ -2080,6 +2152,7 @@ CVE-2025-15062 (Trimble SketchUp SKP File Parsing
Use-After-Free Remote Code Exe
CVE-2025-15061 (Framelink Figma MCP Server fetchWithRetry Command Injection
Remote Cod ...)
NOT-FOR-US: Framelink Figma MCP Server
CVE-2025-15059 (GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code
Execution ...)
+ {DSA-6115-1}
- gimp <unfixed> (bug #1126267)
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-25-1196/
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/15284
@@ -4419,6 +4492,7 @@ CVE-2026-23528 (Dask distributed is a distributed task
scheduler for Dask. Prior
CVE-2026-23523 (Dive is an open-source MCP Host Desktop Application that
enables integ ...)
NOT-FOR-US: Dive
CVE-2026-23490 (pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.2,
a Denial ...)
+ {DSA-6114-1}
- pyasn1 0.6.2-1 (bug #1125753)
NOTE:
https://github.com/pyasn1/pyasn1/security/advisories/GHSA-63vm-454h-vhhq
NOTE: Fixed by:
https://github.com/pyasn1/pyasn1/commit/3908f144229eed4df24bd569d16e5991ace44970
(v0.6.2)
@@ -168226,6 +168300,7 @@ CVE-2024-6232 (There is a MEDIUM severity
vulnerability affecting CPython.
NOTE:
https://github.com/python/cpython/commit/d449caf8a179e3b954268b3a88eb9170be3c8fbf
(v3.11.10)
NOTE:
https://github.com/python/cpython/commit/743acbe872485dc18df4d8ab2dc7895187f062c4
(v3.10.15)
CVE-2024-45231 (An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16.
The dja ...)
+ {DLA-4458-1}
- python-django 3:4.2.16-1
[bookworm] - python-django <no-dsa> (Minor issue)
NOTE:
https://www.djangoproject.com/weblog/2024/sep/03/security-releases/
@@ -174876,11 +174951,13 @@ CVE-2024-7518 (Select options could obscure the
fullscreen notification dialog.
- firefox 129.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-33/#CVE-2024-7518
CVE-2024-42005 (An issue was discovered in Django 5.0 before 5.0.8 and 4.2
before 4.2. ...)
+ {DLA-4458-1}
- python-django 3:4.2.15-1 (bug #1078074)
[bookworm] - python-django <no-dsa> (Minor issue)
NOTE:
https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
NOTE:
https://github.com/django/django/commit/f4af67b9b41e0f4c117a8741da3abbd1c869ab28/
(4.2.15)
CVE-2024-41991 (An issue was discovered in Django 5.0 before 5.0.8 and 4.2
before 4.2. ...)
+ {DLA-4458-1}
- python-django 3:4.2.15-1 (bug #1078074)
[bookworm] - python-django <no-dsa> (Minor issue)
NOTE:
https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
@@ -174893,6 +174970,7 @@ CVE-2024-41990 (An issue was discovered in Django 5.0
before 5.0.8 and 4.2 befor
NOTE:
https://github.com/django/django/commit/d0a82e26a74940bf0c78204933c3bdd6a283eb88/
(4.2.15)
NOTE: Patch overlapping with fix for CVE-2024-38875 & CVE-2024-45230.
CVE-2024-41989 (An issue was discovered in Django 5.0 before 5.0.8 and 4.2
before 4.2. ...)
+ {DLA-4458-1}
- python-django 3:4.2.15-1 (bug #1078074)
[bookworm] - python-django <no-dsa> (Minor issue)
NOTE:
https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
@@ -181495,17 +181573,20 @@ CVE-2024-39881 (Delta Electronics CNCSoft-G2 lacks
proper validation of user-sup
CVE-2024-39880 (Delta Electronics CNCSoft-G2 lacks proper validation of the
length of ...)
NOT-FOR-US: Delta Electronics
CVE-2024-39614 (An issue was discovered in Django 5.0 before 5.0.7 and 4.2
before 4.2. ...)
+ {DLA-4458-1}
- python-django 3:4.2.14-1 (bug #1076069)
[bookworm] - python-django <no-dsa> (Minor issue)
NOTE:
https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
NOTE:
https://github.com/django/django/commit/17358fb35fb7217423d4c4877ccb6d1a3a40b1c3
(4.2.14)
NOTE: Relates to CVE-2023-23969 fix
CVE-2024-39330 (An issue was discovered in Django 5.0 before 5.0.7 and 4.2
before 4.2. ...)
+ {DLA-4458-1}
- python-django 3:4.2.14-1 (bug #1076069)
[bookworm] - python-django <no-dsa> (Minor issue)
NOTE:
https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
NOTE:
https://github.com/django/django/commit/2b00edc0151a660d1eb86da4059904a0fc4e095e
(4.2.14)
CVE-2024-39329 (An issue was discovered in Django 5.0 before 5.0.7 and 4.2
before 4.2. ...)
+ {DLA-4458-1}
- python-django 3:4.2.14-1 (bug #1076069)
[bookworm] - python-django <no-dsa> (Minor issue)
NOTE:
https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a4a308bdf0dd9804ae15e35840e4d9a996b2b2ca
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a4a308bdf0dd9804ae15e35840e4d9a996b2b2ca
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
