Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9c1326a8 by security tracker role at 2026-02-04T08:13:37+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,18 +1,182 @@
+CVE-2026-25510 (CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a
production ...)
+ TODO: check
+CVE-2026-25509 (CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a
production ...)
+ TODO: check
+CVE-2026-25224 (Fastify is a fast and low overhead web framework, for Node.js.
Prior t ...)
+ TODO: check
+CVE-2026-25223 (Fastify is a fast and low overhead web framework, for Node.js.
Prior t ...)
+ TODO: check
+CVE-2026-25155 (Qwik is a performance focused javascript framework. Prior to
version 1 ...)
+ TODO: check
+CVE-2026-25151 (Qwik is a performance focused javascript framework. Prior to
version 1 ...)
+ TODO: check
+CVE-2026-25150 (Qwik is a performance focused javascript framework. Prior to
version 1 ...)
+ TODO: check
+CVE-2026-25149 (Qwik is a performance focused javascript framework. Prior to
version 1 ...)
+ TODO: check
+CVE-2026-25148 (Qwik is a performance focused javascript framework. Prior to
version 1 ...)
+ TODO: check
+CVE-2026-24887 (Claude Code is an agentic coding tool. Prior to version
2.0.72, due to ...)
+ TODO: check
+CVE-2026-24447 (If a malformed data is input to the affected product, a CSV
file downl ...)
+ TODO: check
+CVE-2026-24053 (Claude Code is an agentic coding tool. Prior to version
2.0.74, due to ...)
+ TODO: check
+CVE-2026-24052 (Claude Code is an agentic coding tool. Prior to version
1.0.111, Claud ...)
+ TODO: check
+CVE-2026-23704 (A non-administrative user can upload malicious files. When an
administ ...)
+ TODO: check
+CVE-2026-22875 (Movable Type contains a stored cross-site scripting
vulnerability in E ...)
+ TODO: check
+CVE-2026-21393 (Movable Type contains a stored cross-site scripting
vulnerability in E ...)
+ TODO: check
+CVE-2026-20987 (Improper input validation in GalaxyDiagnostics prior to
version 3.5.05 ...)
+ TODO: check
+CVE-2026-20986 (Path traversal in Samsung Members prior to Chinese version
15.5.05.4 a ...)
+ TODO: check
+CVE-2026-20985 (Improper input validation in Samsung Members prior to version
5.6.00.1 ...)
+ TODO: check
+CVE-2026-20984 (Improper handling of insufficient permission in Galaxy
Wearable instal ...)
+ TODO: check
+CVE-2026-20983 (Improper export of android application components in Samsung
Dialer pr ...)
+ TODO: check
+CVE-2026-20982 (Path traversal in ShortcutService prior to SMR Feb-2026
Release 1 allo ...)
+ TODO: check
+CVE-2026-20981 (Improper input validation in FacAtFunction prior to SMR
Feb-2026 Relea ...)
+ TODO: check
+CVE-2026-20980 (Improper input validation in PACM prior to SMR Feb-2026
Release 1 allo ...)
+ TODO: check
+CVE-2026-20979 (Improper privilege management in Settings prior to SMR
Feb-2026 Releas ...)
+ TODO: check
+CVE-2026-20978 (Improper authorization in KnoxGuardManager prior to SMR
Feb-2026 Relea ...)
+ TODO: check
+CVE-2026-20977 (Improper access control in Emergency Sharing prior to SMR
Feb-2026 Rel ...)
+ TODO: check
+CVE-2026-1835 (A vulnerability was identified in lcg0124 BootDo up to
e93dd428ef6f5c8 ...)
+ TODO: check
+CVE-2026-1819 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2026-1813 (A vulnerability was found in bolo-blog bolo-solo up to 2.6.4.
Affected ...)
+ TODO: check
+CVE-2026-1812 (A vulnerability has been found in bolo-blog bolo-solo up to
2.6.4. Thi ...)
+ TODO: check
+CVE-2026-1811 (A flaw has been found in bolo-blog bolo-solo up to 2.6.4. This
affects ...)
+ TODO: check
+CVE-2026-1810 (A vulnerability was detected in bolo-blog bolo-solo up to
2.6.4. The i ...)
+ TODO: check
+CVE-2026-1791 (Unrestricted Upload of File with Dangerous Type vulnerability
in Hills ...)
+ TODO: check
+CVE-2026-1756 (The WP FOFT Loader plugin for WordPress is vulnerable to
arbitrary fil ...)
+ TODO: check
+CVE-2026-1755 (The Menu Icons by ThemeIsle plugin for WordPress is vulnerable
to Stor ...)
+ TODO: check
+CVE-2026-1633 (The Synectix LAN 232 TRIO 3-Port serial to ethernet adapter
exposes it ...)
+ TODO: check
+CVE-2026-1632 (MOMA Seismic Station Version v2.4.2520 and prior exposes its
web manag ...)
+ TODO: check
+CVE-2026-1341 (Avation Light Engine Pro exposes its configuration and control
interfa ...)
+ TODO: check
+CVE-2025-69621 (An arbitrary file overwrite vulnerability in the file import
process o ...)
+ TODO: check
+CVE-2025-69620 (A path traversal in Moo Chan Song v4.5.7 allows attackers to
cause a D ...)
+ TODO: check
+CVE-2025-65081 (An out-of-bounds read vulnerability has been identified in the
Postscr ...)
+ TODO: check
+CVE-2025-65080 (A type confusion vulnerability has been identified in the
Postscript i ...)
+ TODO: check
+CVE-2025-65079 (A heap-based buffer overflow vulnerability has been identified
in the ...)
+ TODO: check
+CVE-2025-65078 (An untrusted search path vulnerability has been identified in
the Embe ...)
+ TODO: check
+CVE-2025-65077 (A relative path traversal vulnerability has been identified in
the Emb ...)
+ TODO: check
+CVE-2025-36094 (IBM Cloud Pak for Business Automation 25.0.0 through 25.0.0
Interim Fi ...)
+ TODO: check
+CVE-2025-36033 (IBM Engineering Lifecycle Management - Global Configuration
Management ...)
+ TODO: check
+CVE-2025-33081 (IBM Concert 1.0.0 through 2.1.0 stores potentially sensitive
informati ...)
+ TODO: check
+CVE-2025-29867 (Access of Resource Using Incompatible Type ('Type Confusion')
vulnerab ...)
+ TODO: check
+CVE-2020-37097 (Edimax EW-7438RPn 1.13 contains an information disclosure
vulnerabilit ...)
+ TODO: check
+CVE-2020-37096 (Edimax EW-7438RPn 1.13 contains a cross-site request forgery
vulnerabi ...)
+ TODO: check
+CVE-2020-37094 (EspoCRM 5.8.5 contains an authentication vulnerability that
allows att ...)
+ TODO: check
+CVE-2020-37093 (Netis E1+ 1.2.32533 contains an information disclosure
vulnerability t ...)
+ TODO: check
+CVE-2020-37092 (Netis E1+ version 1.2.32533 contains a hardcoded root account
vulnerab ...)
+ TODO: check
+CVE-2020-37091 (Maian Support Helpdesk 4.3 contains a cross-site request
forgery vulne ...)
+ TODO: check
+CVE-2020-37090 (School ERP Pro 1.0 contains a file upload vulnerability that
allows st ...)
+ TODO: check
+CVE-2020-37089 (School ERP Pro 1.0 contains a SQL injection vulnerability in
the 'es_m ...)
+ TODO: check
+CVE-2020-37088 (School ERP Pro 1.0 contains a file disclosure vulnerability
that allow ...)
+ TODO: check
+CVE-2020-37087 (Easy Transfer Wifi Transfer v1.7 for iOS contains a persistent
cross-s ...)
+ TODO: check
+CVE-2020-37086 (Easy Transfer 1.7 iOS mobile application contains a directory
traversa ...)
+ TODO: check
+CVE-2020-37085 (VirtualTablet Server 3.0.2 contains a denial of service
vulnerability ...)
+ TODO: check
+CVE-2020-37084 (School ERP Pro 1.0 contains a remote code execution
vulnerability that ...)
+ TODO: check
+CVE-2020-37083 (PHP AddressBook 9.0.0.1 contains a time-based blind SQL
injection vuln ...)
+ TODO: check
+CVE-2020-37082 (webERP 4.15.1 contains an unauthenticated file access
vulnerability th ...)
+ TODO: check
+CVE-2020-37081 (Fishing Reservation System 7.5 contains multiple remote SQL
injection ...)
+ TODO: check
+CVE-2020-37080 (webTareas 2.0.p8 contains a file deletion vulnerability in the
print_l ...)
+ TODO: check
+CVE-2020-37078 (i-doit Open Source CMDB 1.14.1 contains a file deletion
vulnerability ...)
+ TODO: check
+CVE-2020-37077 (Booked Scheduler 2.7.7 contains a directory traversal
vulnerability in ...)
+ TODO: check
+CVE-2020-37076 (Victor CMS version 1.0 contains a SQL injection vulnerability
in the ' ...)
+ TODO: check
+CVE-2020-37075 (LanSend 3.2 contains a buffer overflow vulnerability in the
Add Comput ...)
+ TODO: check
+CVE-2020-37074 (Remote Desktop Audit 2.3.0.157 contains a buffer overflow
vulnerabilit ...)
+ TODO: check
+CVE-2020-37073 (Victor CMS 1.0 contains an authenticated file upload
vulnerability tha ...)
+ TODO: check
+CVE-2020-37072 (Victor CMS 1.0 contains a stored cross-site scripting
vulnerability in ...)
+ TODO: check
+CVE-2020-37071 (CraftCMS 3 vCard Plugin 1.0.0 contains a deserialization
vulnerability ...)
+ TODO: check
+CVE-2020-37070 (CloudMe 1.11.2 contains a buffer overflow vulnerability that
allows re ...)
+ TODO: check
+CVE-2020-37069 (Konica Minolta FTP Utility 1.0 contains a buffer overflow
vulnerabilit ...)
+ TODO: check
+CVE-2020-37068 (Konica Minolta FTP Utility 1.0 contains a buffer overflow
vulnerabilit ...)
+ TODO: check
+CVE-2020-37067 (Filetto 1.0 FTP server contains a denial of service
vulnerability in t ...)
+ TODO: check
+CVE-2020-37066 (GoldWave 5.70 contains a buffer overflow vulnerability that
allows att ...)
+ TODO: check
+CVE-2020-37065 (StreamRipper32 version 2.6 contains a buffer overflow
vulnerability in ...)
+ TODO: check
+CVE-2019-25260 (OXID eShop versions 6.x prior to 6.3.4 contains a SQL
injection vulner ...)
+ TODO: check
CVE-2026-25541
- rust-bytes 1.11.1-1
NOTE: https://rustsec.org/advisories/RUSTSEC-2026-0007.html
NOTE: https://github.com/advisories/GHSA-434x-w66g-qw3r
NOTE: Fixed by:
https://github.com/tokio-rs/bytes/commit/d0293b0e35838123c51ca5dfdf468ecafee4398f
(v1.11.1)
-CVE-2026-1801
+CVE-2026-1801 (A flaw was found in libsoup, an HTTP client/server library.
This HTTP ...)
- libsoup3 3.6.5-8
- libsoup2.4 <removed>
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/issues/481
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/506
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/libsoup/-/commit/b9a1c0663ff8ab6e79715db4b35b54f560416ddd
-CVE-2026-1862
+CVE-2026-1862 (Type Confusion in V8 in Google Chrome prior to 144.0.7559.132
allowed ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-1861
+CVE-2026-1861 (Heap buffer overflow in libvpx in Google Chrome prior to
144.0.7559.13 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-25616 (Blesta 3.x through 5.x before 5.13.3 mishandles input
validation, aka ...)
@@ -232,6 +396,7 @@ CVE-2025-70758 (chetans9 core-php-admin-panel through
commit a94a780d6 contains
CVE-2025-70560 (Boltz 2.0.0 contains an insecure deserialization vulnerability
in its ...)
- boltz <itp> (bug #1109350)
CVE-2025-70559 (pdfminer.six before 20251230 contains an insecure
deserialization vuln ...)
+ {DLA-4374-2}
- pdfminer 20260107+dfsg-1
NOTE:
https://github.com/pdfminer/pdfminer.six/security/advisories/GHSA-f83h-ghpp-7wcc
NOTE: https://github.com/pdfminer/pdfminer.six/pull/1172
@@ -590,13 +755,13 @@ CVE-2025-12680 (Brocade SANnav before Brocade SANnav
2.4.0b logs database passwo
NOT-FOR-US: Brocade
CVE-2025-12679 (A vulnerability in Brocade SANnav before 2.4.0b prints the
Password-B ...)
NOT-FOR-US: Brocade
-CVE-2026-24514
+CVE-2026-24514 (A security issue was discovered in ingress-nginxwhere the
validating a ...)
NOT-FOR-US: Kubernetes ingress-nginx
-CVE-2026-24513
+CVE-2026-24513 (A security issue was discovered in ingress-nginxwhere the
protection a ...)
NOT-FOR-US: Kubernetes ingress-nginx
-CVE-2026-24512
+CVE-2026-24512 (A security issue was discovered in ingress-nginx cthe
`rules.http.path ...)
NOT-FOR-US: Kubernetes ingress-nginx
-CVE-2026-1580
+CVE-2026-1580 (A security issue was discovered in ingress-nginxwhere the
`nginx.ingre ...)
NOT-FOR-US: Kubernetes ingress-nginx
CVE-2026-1767 [Heap Buffer Overflow in GNOME localsearch MP3 Extractor]
- localsearch <unfixed> (bug #1126910)
@@ -2143,7 +2308,7 @@ CVE-2026-0832 (The New User Approve plugin for WordPress
is vulnerable to unauth
CVE-2026-0825 (The Database for Contact Form 7, WPforms, Elementor forms
plugin for W ...)
NOT-FOR-US: WordPress plugin
CVE-2026-0818 (When a user explicitly requested Thunderbird to decrypt an
inline Open ...)
- {DSA-6118-1}
+ {DSA-6118-1 DLA-4466-1}
- thunderbird 1:140.7.1esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-08/#CVE-2026-0818
CVE-2025-9082 (The WPBITS Addons For Elementor plugin for WordPress is
vulnerable to ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c1326a87b0492347f9877274aa4c4c5bdcf5ad6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c1326a87b0492347f9877274aa4c4c5bdcf5ad6
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
