Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
36ae80fa by security tracker role at 2026-01-31T08:12:55+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,6 +1,126 @@
-CVE-2026-25153
+CVE-2026-25156 (HotCRP is conference review software. HotCRP versions from
October 202 ...)
+ TODO: check
+CVE-2026-25154 (LocalSend is a free, open-source app that allows users to
share files ...)
+ TODO: check
+CVE-2026-25141 (Orval generates type-safe JS clients (TypeScript) from any
valid OpenA ...)
+ TODO: check
+CVE-2026-25130 (Cybersecurity AI (CAI) is a framework for AI Security. In
versions up ...)
+ TODO: check
+CVE-2026-25129 (PsySH is a runtime developer console, interactive debugger,
and REPL f ...)
+ TODO: check
+CVE-2026-1723 (Improper Neutralization of Special Elements used in an OS
Command ('OS ...)
+ TODO: check
+CVE-2026-1705 (A vulnerability was detected in D-Link DSL-6641K
N8.TR069.20131126. Af ...)
+ TODO: check
+CVE-2026-1431 (The Booking Calendar plugin for WordPress is vulnerable to
unauthorize ...)
+ TODO: check
+CVE-2026-1251 (The SupportCandy \u2013 Helpdesk & Customer Support Ticket
System plug ...)
+ TODO: check
+CVE-2026-0683 (The SupportCandy \u2013 Helpdesk & Customer Support Ticket
System plug ...)
+ TODO: check
+CVE-2025-36442 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect
Server) 11.5 ...)
+ TODO: check
+CVE-2025-36428 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect
Server) 11.5 ...)
+ TODO: check
+CVE-2025-36427 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect
Server) 11.5 ...)
+ TODO: check
+CVE-2025-36424 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect
Server) 11.5 ...)
+ TODO: check
+CVE-2025-36423 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect
Server) 12.1 ...)
+ TODO: check
+CVE-2025-36407 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect
Server)11.5. ...)
+ TODO: check
+CVE-2025-36387 (IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect
Server) 11.5 ...)
+ TODO: check
+CVE-2025-36384 (IBM Db2 for Windows12.1.0 - 12.1.3 could allow a local user
with file ...)
+ TODO: check
+CVE-2025-36366 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect
Server) 11.5 ...)
+ TODO: check
+CVE-2025-36365 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect
Server) 11.5 ...)
+ TODO: check
+CVE-2025-36353 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect
Server) 11.5 ...)
+ TODO: check
+CVE-2025-36184 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect
Server)11.5. ...)
+ TODO: check
+CVE-2025-36123 (IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect
Server) 11.5 ...)
+ TODO: check
+CVE-2025-36098 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect
Server) 11.5 ...)
+ TODO: check
+CVE-2025-36070 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect
Server)11.5. ...)
+ TODO: check
+CVE-2025-36009 (IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect
Server) 11.5 ...)
+ TODO: check
+CVE-2025-36001 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect
Server) 11.5 ...)
+ TODO: check
+CVE-2025-2668 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect
Server)11.5. ...)
+ TODO: check
+CVE-2025-15525 (The Ajax Load More \u2013 Infinite Scroll, Load More, & Lazy
Load plug ...)
+ TODO: check
+CVE-2025-15510 (The NEX-Forms \u2013 Ultimate Forms Plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2020-37057 (Online-Exam-System 2015 contains a SQL injection vulnerability
in the ...)
+ TODO: check
+CVE-2020-37056 (Crystal Shard http-protection 0.2.0 contains an IP spoofing
vulnerabil ...)
+ TODO: check
+CVE-2020-37054 (Navigate CMS 2.8.7 contains a cross-site request forgery
vulnerability ...)
+ TODO: check
+CVE-2020-37053 (Navigate CMS 2.8.7 contains an authenticated SQL injection
vulnerabili ...)
+ TODO: check
+CVE-2020-37052 (AirControl 1.4.2 contains a pre-authentication remote code
execution v ...)
+ TODO: check
+CVE-2020-37051 (Online-Exam-System 2015 contains a time-based blind SQL
injection vuln ...)
+ TODO: check
+CVE-2020-37050 (Quick Player 1.3 contains a buffer overflow vulnerability that
allows ...)
+ TODO: check
+CVE-2020-37049 (Frigate 3.36.0.9 contains a local buffer overflow
vulnerability in the ...)
+ TODO: check
+CVE-2020-37046 (Sistem Informasi Pengumuman Kelulusan Online 1.0 contains a
cross-site ...)
+ TODO: check
+CVE-2020-37044 (OpenCTI 3.3.1 is vulnerable to a reflected cross-site
scripting (XSS) ...)
+ TODO: check
+CVE-2020-37043 (10-Strike Bandwidth Monitor 3.9 contains a buffer overflow
vulnerabili ...)
+ TODO: check
+CVE-2020-37042 (Frigate Professional 3.36.0.9 contains a local buffer overflow
vulnera ...)
+ TODO: check
+CVE-2020-37041 (OpenCTI 3.3.1 is vulnerable to a directory traversal attack
via the st ...)
+ TODO: check
+CVE-2020-37040 (Code Blocks 17.12 contains a local buffer overflow
vulnerability that ...)
+ TODO: check
+CVE-2020-37039 (Frigate 2.02 contains a denial of service vulnerability that
allows at ...)
+ TODO: check
+CVE-2020-37038 (Code Blocks 20.03 contains a denial of service vulnerability
that allo ...)
+ TODO: check
+CVE-2020-37036 (RM Downloader 2.50.60 contains a local buffer overflow
vulnerability i ...)
+ TODO: check
+CVE-2020-37035 (e-Learning PHP Script 0.1.0 contains a SQL injection
vulnerability in ...)
+ TODO: check
+CVE-2020-37034 (HelloWeb 2.0 contains an arbitrary file download vulnerability
that al ...)
+ TODO: check
+CVE-2020-37033 (Infor Storefront B2B 1.0 contains a SQL injection
vulnerability that a ...)
+ TODO: check
+CVE-2020-37032 (Wing FTP Server 6.3.8 contains a remote code execution
vulnerability i ...)
+ TODO: check
+CVE-2020-37031 (Simple Startup Manager 1.17 contains a local buffer overflow
vulnerabi ...)
+ TODO: check
+CVE-2020-37029 (FTPDummy 4.80 contains a local buffer overflow vulnerability
in its pr ...)
+ TODO: check
+CVE-2020-37028 (Socusoft Photo to Video Converter Professional 8.07 contains a
local b ...)
+ TODO: check
+CVE-2020-37027 (Sickbeard alpha contains a remote command injection
vulnerability that ...)
+ TODO: check
+CVE-2020-37026 (Sickbeard alpha contains a cross-site request forgery
vulnerability th ...)
+ TODO: check
+CVE-2020-37025 (Port Forwarding Wizard 4.8.0 contains a buffer overflow
vulnerability ...)
+ TODO: check
+CVE-2020-37024 (Nidesoft DVD Ripper 5.2.18 contains a local buffer overflow
vulnerabil ...)
+ TODO: check
+CVE-2020-37023 (Koken CMS 0.22.24 contains a file upload vulnerability that
allows aut ...)
+ TODO: check
+CVE-2019-25232 (NetPCLinker 1.0.0.0 contains a buffer overflow vulnerability
in the Cl ...)
+ TODO: check
+CVE-2026-25153 (Backstage is an open framework for building developer portals,
and @ba ...)
NOT-FOR-US: backstage/plugin-techdocs-node
-CVE-2026-25152
+CVE-2026-25152 (Backstage is an open framework for building developer portals,
and @ba ...)
NOT-FOR-US: backstage/plugin-techdocs-node
CVE-2026-25128 (fast-xml-parser allows users to validate XML, parse XML to JS
object, ...)
- node-webfont <not-affected> (Vulnerable code not present)
@@ -52491,7 +52611,7 @@ CVE-2025-10477 (A vulnerability was identified in
kidaze CourseSelectionSystem u
NOT-FOR-US: kidaze CourseSelectionSystem
CVE-2024-12367 (Exposure of Sensitive System Information to an Unauthorized
Control Sp ...)
NOT-FOR-US: Vega Master
-CVE-2025-24293
+CVE-2025-24293 (# Active Storage allowed transformation methods potentially
unsafe Ac ...)
{DSA-6090-1 DLA-4416-1}
- rails 2:7.2.2.2+dfsg-1
NOTE:
https://github.com/rails/rails/security/advisories/GHSA-r4mg-4433-c7g3
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/36ae80fa5cff087818c97a83c76ae23959fa1fa1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/36ae80fa5cff087818c97a83c76ae23959fa1fa1
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
