Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7a6b20ec by security tracker role at 2026-01-29T20:13:32+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,193 @@
+CVE-2026-25068 (alsa-lib versions 1.2.2 up to and including 1.2.15.2, prior to
commit ...)
+ TODO: check
+CVE-2026-24780 (AutoGPT is a platform that allows users to create, deploy, and
manage ...)
+ TODO: check
+CVE-2026-24687 (Umbraco Forms is a form builder that integrates with the
Umbraco conte ...)
+ TODO: check
+CVE-2026-24414 (The Icinga PowerShell Framework provides configuration and
check possi ...)
+ TODO: check
+CVE-2026-24413 (Icinga 2 is an open source monitoring system. Starting in
version 2.3. ...)
+ TODO: check
+CVE-2026-24054 (Kata Containers is an open source project focusing on a
standard imple ...)
+ TODO: check
+CVE-2026-23896 (immich is a high performance self-hosted photo and video
management so ...)
+ TODO: check
+CVE-2026-23571 (A command injection vulnerability was discovered in TeamViewer
DEX (fo ...)
+ TODO: check
+CVE-2026-23570 (A missing validation of a user-controlled value in the
TeamViewer DEX ...)
+ TODO: check
+CVE-2026-23569 (An out-of-bounds read vulnerability in the TeamViewer DEX
Client (form ...)
+ TODO: check
+CVE-2026-23568 (An out-of-bounds read vulnerability in the TeamViewer DEX
Client (form ...)
+ TODO: check
+CVE-2026-23567 (An integer underflow in the UDP command handler of the
TeamViewer DEX ...)
+ TODO: check
+CVE-2026-23566 (A vulnerability in TeamViewer DEX Client (former 1E Client) -
Content ...)
+ TODO: check
+CVE-2026-23565 (A vulnerability in TeamViewer DEX Client (former 1E Client) -
Content ...)
+ TODO: check
+CVE-2026-23564 (A vulnerability in TeamViewer DEX Client (former 1E Client) -
Content ...)
+ TODO: check
+CVE-2026-23563 (Improper Link Resolution Before File Access (invoked by
1E\u2011Explor ...)
+ TODO: check
+CVE-2026-22806 (vCluster Platform provides a Kubernetes platform for managing
virtual ...)
+ TODO: check
+CVE-2026-22764 (Dell OpenManage Network Integration, versions prior to 3.9,
contains a ...)
+ TODO: check
+CVE-2026-1616 (The $uri$args concatenation in nginx configuration file present
in Ope ...)
+ TODO: check
+CVE-2026-1610 (A vulnerability was found in Tenda AX12 Pro V2 16.03.49.24_cn.
Affecte ...)
+ TODO: check
+CVE-2026-1601 (A weakness has been identified in Totolink A7000R 4.1cu.4154.
The impa ...)
+ TODO: check
+CVE-2026-1600 (A vulnerability was identified in Bdtask Bhojon All-In-One
Restaurant ...)
+ TODO: check
+CVE-2026-1599 (A vulnerability was determined in Bdtask Bhojon All-In-One
Restaurant ...)
+ TODO: check
+CVE-2026-1598 (A vulnerability was found in Bdtask Bhojon All-In-One
Restaurant Manag ...)
+ TODO: check
+CVE-2026-1597 (A vulnerability has been found in Bdtask SalesERP up to
20260116. This ...)
+ TODO: check
+CVE-2026-1596 (A flaw has been found in D-Link DWR-M961 1.1.47. This
vulnerability af ...)
+ TODO: check
+CVE-2026-1595 (A vulnerability was detected in itsourcecode Society Management
System ...)
+ TODO: check
+CVE-2026-1594 (A security vulnerability has been detected in itsourcecode
Society Man ...)
+ TODO: check
+CVE-2026-1593 (A weakness has been identified in itsourcecode Society
Management Syst ...)
+ TODO: check
+CVE-2026-1590 (A vulnerability was identified in itsourcecode School
Management Syste ...)
+ TODO: check
+CVE-2026-1589 (A vulnerability was determined in itsourcecode School
Management Syste ...)
+ TODO: check
+CVE-2026-1588 (A vulnerability was found in jishenghua jshERP up to 3.6. The
impacted ...)
+ TODO: check
+CVE-2026-1587 (A vulnerability has been found in Open5GS up to 2.7.6. The
affected el ...)
+ TODO: check
+CVE-2026-1586 (A flaw has been found in Open5GS up to 2.7.5. Impacted is the
function ...)
+ TODO: check
+CVE-2026-1469 (Stored Cross-Site Scripting (XSS) in RLE NOVA's PlanManager.
This vuln ...)
+ TODO: check
+CVE-2026-1457 (An authenticated buffer handling flaw in TP-Link VIGI C385 V1
Web API ...)
+ TODO: check
+CVE-2026-1453 (A missing authentication for critical function vulnerability in
KiloVi ...)
+ TODO: check
+CVE-2026-1188 (In the Eclipse OMR port library component since release 0.2.0,
an API ...)
+ TODO: check
+CVE-2026-0936 (An Insertion of Sensitive Information into Log File
vulnerability in B ...)
+ TODO: check
+CVE-2025-7714 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-7713 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2025-7016 (Improper Access Control vulnerability in Ak\u0131n Software
Computer I ...)
+ TODO: check
+CVE-2025-7015 (Session Fixation vulnerability in Ak\u0131n Software Computer
Import E ...)
+ TODO: check
+CVE-2025-7014 (Session Fixation vulnerability in QR Menu Pro Smart Menu
Systems Menu ...)
+ TODO: check
+CVE-2025-7013 (Authorization Bypass Through User-Controlled Key vulnerability
in QR M ...)
+ TODO: check
+CVE-2025-71011 (An input validation vulnerability in the
flow.Tensor.new_empty/flow.Te ...)
+ TODO: check
+CVE-2025-71009 (An input validation vulnerability in the
flow.scatter/flow.scatter_add ...)
+ TODO: check
+CVE-2025-71008 (A segmentation violation in the
oneflow._oneflow_internal.autograd.Fun ...)
+ TODO: check
+CVE-2025-69929 (An issue in N3uron Web User Interface v.1.21.7-240207.1047
allows a re ...)
+ TODO: check
+CVE-2025-69749 (Cross Site Scripting vulnerability in tale v.2.0.5 allows an
attacker ...)
+ TODO: check
+CVE-2025-69604 (An issue in Shirt Pocket's SuperDuper! 3.11 and earlier allow
a local ...)
+ TODO: check
+CVE-2025-69516 (A Server-Side Template Injection (SSTI) vulnerability in the
/reportin ...)
+ TODO: check
+CVE-2025-63658 (A stack overflow in the mk_http_index_lookup function
(mk_server/mk_ht ...)
+ TODO: check
+CVE-2025-63657 (An out-of-bounds read in the mk_mimetype_find function
(mk_server/mk_m ...)
+ TODO: check
+CVE-2025-63656 (An out-of-bounds read in the header_cmp function
(mk_server/mk_http_pa ...)
+ TODO: check
+CVE-2025-63655 (A NULL pointer dereference in the mk_http_range_parse function
(mk_ser ...)
+ TODO: check
+CVE-2025-63653 (An out-of-bounds read in the mk_vhost_fdt_close function
(mk_server/mk ...)
+ TODO: check
+CVE-2025-63652 (A use-after-free in the mk_http_request_end function
(mk_server/mk_htt ...)
+ TODO: check
+CVE-2025-63651 (A use-after-free in the mk_string_char_search function
(mk_core/mk_str ...)
+ TODO: check
+CVE-2025-63650 (An out-of-bounds read in the mk_ptr_to_buf in mk_core function
(mk_mem ...)
+ TODO: check
+CVE-2025-63649 (An out-of-bounds read in the
http_parser_transfer_encoding_chunked fun ...)
+ TODO: check
+CVE-2025-62514 (Parsec is a cloud-based application for cryptographically
secure file ...)
+ TODO: check
+CVE-2025-45160 (A HTML injection vulnerability exists in the file upload
functionality ...)
+ TODO: check
+CVE-2025-15550 (birkir prime <= 0.4.0.beta.0 contains a cross-site request
forgery vul ...)
+ TODO: check
+CVE-2025-15549 (FluentCMS 2026 contains a stored cross-site scripting
vulnerability th ...)
+ TODO: check
+CVE-2025-15548 (Some VX800v v1.0 web interface endpoints transmit sensitive
informatio ...)
+ TODO: check
+CVE-2025-15545 (The backup restore function does not properly validate
unexpected or u ...)
+ TODO: check
+CVE-2025-15543 (Improper link resolution in USB HTTP access path in VX800v
v1.0 allows ...)
+ TODO: check
+CVE-2025-15542 (Improper handling of exceptional conditions in VX800v v1.0 in
SIP proc ...)
+ TODO: check
+CVE-2025-15541 (Improper link resolution in the VX800v v1.0 SFTP service
allows authen ...)
+ TODO: check
+CVE-2025-13905 (CWE-276: Incorrect Default Permissions vulnerability exists
that could ...)
+ TODO: check
+CVE-2025-13399 (A weakness in the web interface\u2019s application layer
encryption in ...)
+ TODO: check
+CVE-2020-37021 (10-Strike Bandwidth Monitor 3.9 contains an unquoted service
path vuln ...)
+ TODO: check
+CVE-2020-37020 (SonarQube 8.3.1 contains an unquoted service path
vulnerability that a ...)
+ TODO: check
+CVE-2020-37018 (GOautodial 4.0 contains a persistent cross-site scripting
vulnerabilit ...)
+ TODO: check
+CVE-2020-37017 (CodeMeter 6.60 contains an unquoted service path vulnerability
that al ...)
+ TODO: check
+CVE-2020-37016 (BarcodeOCR 19.3.6 contains an unquoted service path
vulnerability that ...)
+ TODO: check
+CVE-2020-37015 (Ruijie Networks Switch eWeb S29_RGOS 11.4 contains a directory
travers ...)
+ TODO: check
+CVE-2020-37013 (Audio Playback Recorder 3.2.2 contains a local buffer overflow
vulnera ...)
+ TODO: check
+CVE-2020-37012 (Tea LaTex 1.0 contains a remote code execution vulnerability
that allo ...)
+ TODO: check
+CVE-2020-37011 (Gnome Fonts Viewer 3.34.0 contains a heap corruption
vulnerability tha ...)
+ TODO: check
+CVE-2020-37010 (BearShare Lite 5.2.5 contains a buffer overflow vulnerability
in the A ...)
+ TODO: check
+CVE-2020-37009 (MedDream PACS Server 6.8.3.751 contains an authenticated
remote code e ...)
+ TODO: check
+CVE-2020-37008 (EasyPMS 1.0.0 contains an authentication bypass vulnerability
that all ...)
+ TODO: check
+CVE-2020-37007 (Liman 0.7 contains a cross-site request forgery vulnerability
that all ...)
+ TODO: check
+CVE-2020-37006 (berliCRM 1.0.24 contains a SQL injection vulnerability in the
'src_rec ...)
+ TODO: check
+CVE-2020-37005 (TimeClock Software 1.01 contains an authenticated time-based
SQL injec ...)
+ TODO: check
+CVE-2020-37004 (Ultimate Project Manager CRM PRO 2.0.5 contains a blind SQL
injection ...)
+ TODO: check
+CVE-2020-37002 (Ajenti 2.1.36 contains an authentication bypass vulnerability
that all ...)
+ TODO: check
+CVE-2020-37001 (Frigate Professional 3.36.0.9 contains a local buffer overflow
vulnera ...)
+ TODO: check
+CVE-2020-37000 (Free MP3 CD Ripper 2.8 contains a stack buffer overflow
vulnerability ...)
+ TODO: check
+CVE-2020-36999 (Elaniin CMS 1.0 contains an authentication bypass
vulnerability that a ...)
+ TODO: check
+CVE-2020-36997 (BacklinkSpeed 2.4 contains a buffer overflow vulnerability
that allows ...)
+ TODO: check
+CVE-2020-36995 (Mocha Telnet Lite for iOS 4.2 contains a denial of service
vulnerabili ...)
+ TODO: check
+CVE-2020-36994 (QlikView 12.50.20000.0 contains a denial of service
vulnerability in t ...)
+ TODO: check
CVE-2026-24682
- freerdp3 3.22.0+dfsg-1
- freerdp2 <removed>
@@ -195,7 +385,7 @@ CVE-2025-69602 (A session fixation vulnerability exists in
66biolinks v62.0.0 by
NOT-FOR-US: 66biolinks
CVE-2025-69601 (A directory traversal (Zip Slip) vulnerability exists in the
\u201cSta ...)
NOT-FOR-US: 66biolinks
-CVE-2025-69517 (An issue in Amidaware Inc Tactical RMM v1.3.1 and before
allows a remo ...)
+CVE-2025-69517 (An HTML injection vulnerability in Amidaware Inc Tactical RMM
v1.3.1 a ...)
NOT-FOR-US: Amidaware Inc Tactical RMM
CVE-2025-69289 (Discourse is an open source discussion platform. A privilege
escalatio ...)
NOT-FOR-US: Discourse
@@ -11950,6 +12140,7 @@ CVE-2025-56332 (Authentication Bypass in fosrl/pangolin
v1.6.2 and before allows
CVE-2025-52835 (Cross-Site Request Forgery (CSRF) vulnerability in ConoHa by
GMO WING ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-50343 (An issue was discovered in matio 1.5.28. A heap-based memory
corruptio ...)
+ {DLA-4459-1}
[experimental] - libmatio 1.5.30-1
- libmatio 1.5.30-2 (bug #1124797)
[trixie] - libmatio <no-dsa> (Minor issue, revisit when fixed upstream)
@@ -111095,6 +111286,7 @@ CVE-2025-2340 (A vulnerability was found in otale
Tale Blog 2.0.5. It has been d
CVE-2025-2339 (A vulnerability was found in otale Tale Blog 2.0.5. It has been
classi ...)
NOT-FOR-US: Tale Blog
CVE-2025-2338 (A vulnerability, which was classified as critical, was found in
tbeu m ...)
+ {DLA-4459-1}
- libmatio 1.5.29-1 (bug #1104247)
[trixie] - libmatio <no-dsa> (Minor issue)
[bookworm] - libmatio <no-dsa> (Minor issue)
@@ -357217,6 +357409,7 @@ CVE-2022-1516 (A NULL pointer dereference flaw was
found in the Linux kernel\u20
NOTE: Fixed by:
https://git.kernel.org/linus/7781607938c8371d4c2b243527430241c62e39c2 (5.18-rc1)
NOTE: CONFIG_X25 is not set in Debian
CVE-2022-1515 (A memory leak was discovered in matio 1.5.21 and earlier in
Mat_VarRea ...)
+ {DLA-4459-1}
- libmatio 1.5.22-1
[buster] - libmatio <no-dsa> (Minor issue)
NOTE: https://github.com/tbeu/matio/issues/186
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a6b20ec672e03b984840a22084210e298e8c139
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a6b20ec672e03b984840a22084210e298e8c139
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
