Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
145f790d by security tracker role at 2026-02-05T08:12:56+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,169 @@
+CVE-2026-25585 (iccDEV provides a set of libraries and tools that allow for
the intera ...)
+ TODO: check
+CVE-2026-25584 (iccDEV provides a set of libraries and tools that allow for
the intera ...)
+ TODO: check
+CVE-2026-25583 (iccDEV provides a set of libraries and tools that allow for
the intera ...)
+ TODO: check
+CVE-2026-25582 (iccDEV provides a set of libraries and tools that allow for
the intera ...)
+ TODO: check
+CVE-2026-25579 (Navidrome is an open source web-based music collection server
and stre ...)
+ TODO: check
+CVE-2026-25578 (Navidrome is an open source web-based music collection server
and stre ...)
+ TODO: check
+CVE-2026-25575 (NavigaTUM is a website and API to search for rooms, buildings
and othe ...)
+ TODO: check
+CVE-2026-25547 (@isaacs/brace-expansion is a hybrid CJS/ESM TypeScript fork of
brace-e ...)
+ TODO: check
+CVE-2026-25546 (Godot MCP is a Model Context Protocol (MCP) server for
interacting wit ...)
+ TODO: check
+CVE-2026-25543 (HtmlSanitizer is a .NET library for cleaning HTML fragments
and docume ...)
+ TODO: check
+CVE-2026-25540 (Mastodon is a free, open-source social network server based on
Activit ...)
+ TODO: check
+CVE-2026-25539 (SiYuan is a personal knowledge management system. Prior to
version 3.5 ...)
+ TODO: check
+CVE-2026-25538 (Devtron is an open source tool integration platform for
Kubernetes. In ...)
+ TODO: check
+CVE-2026-25537 (jsonwebtoken is a JWT lib in rust. Prior to version 10.3.0,
there is a ...)
+ TODO: check
+CVE-2026-25536 (MCP TypeScript SDK is the official TypeScript SDK for Model
Context Pr ...)
+ TODO: check
+CVE-2026-25526 (JinJava is a Java-based template engine based on django
template synta ...)
+ TODO: check
+CVE-2026-25523 (Magento-lts is a long-term support alternative to Magento
Community Ed ...)
+ TODO: check
+CVE-2026-25521 (Locutus brings stdlibs of other programming languages to
JavaScript fo ...)
+ TODO: check
+CVE-2026-25519 (OpenSlides is a free, web based presentation and assembly
system for m ...)
+ TODO: check
+CVE-2026-25518 (cert-manager adds certificates and certificate issuers as
resource typ ...)
+ TODO: check
+CVE-2026-25517 (Wagtail is an open source content management system built on
Django. P ...)
+ TODO: check
+CVE-2026-25514 (FacturaScripts is open-source enterprise resource planning and
account ...)
+ TODO: check
+CVE-2026-25513 (FacturaScripts is open-source enterprise resource planning and
account ...)
+ TODO: check
+CVE-2026-25512 (Group-Office is an enterprise customer relationship management
and gro ...)
+ TODO: check
+CVE-2026-25511 (Group-Office is an enterprise customer relationship management
and gro ...)
+ TODO: check
+CVE-2026-25505 (Bambuddy is a self-hosted print archive and management system
for Bamb ...)
+ TODO: check
+CVE-2026-25499 (Terraform / OpenTofu Provider adds support for Proxmox Virtual
Environ ...)
+ TODO: check
+CVE-2026-25481 (Langroid is a framework for building
large-language-model-powered appl ...)
+ TODO: check
+CVE-2026-25198 (web2py versions 2.27.1-stable+timestamp.2023.11.16.08.03.57
and prior ...)
+ TODO: check
+CVE-2026-22038 (AutoGPT is a platform that allows users to create, deploy, and
manage ...)
+ TODO: check
+CVE-2026-1953 (Nukegraphic CMS v3.1.2 contains a stored cross-site scripting
(XSS) vu ...)
+ TODO: check
+CVE-2026-1898 (A vulnerability was determined in WeKan up to 8.20. This
affects an un ...)
+ TODO: check
+CVE-2026-1897 (A vulnerability was found in WeKan up to 8.20. Affected by this
issue ...)
+ TODO: check
+CVE-2026-1896 (A vulnerability has been found in WeKan up to 8.20. Affected by
this v ...)
+ TODO: check
+CVE-2026-1895 (A flaw has been found in WeKan up to 8.20. Affected is the
function ap ...)
+ TODO: check
+CVE-2026-1894 (A vulnerability was detected in WeKan up to 8.20. This impacts
an unkn ...)
+ TODO: check
+CVE-2026-1892 (A security vulnerability has been detected in WeKan up to 8.20.
This a ...)
+ TODO: check
+CVE-2026-1884 (A weakness has been identified in ZenTao up to 21.7.6-85642.
The impac ...)
+ TODO: check
+CVE-2026-1554 (XML Injection (aka Blind XPath Injection) vulnerability in
Drupal Cent ...)
+ TODO: check
+CVE-2026-1553 (Incorrect Authorization vulnerability in Drupal Drupal Canvas
allows F ...)
+ TODO: check
+CVE-2026-1268 (The Dynamic Widget Content plugin for WordPress is vulnerable
to Store ...)
+ TODO: check
+CVE-2026-1246 (The ShortPixel Image Optimizer plugin for WordPress is
vulnerable to A ...)
+ TODO: check
+CVE-2026-0948 (Authentication Bypass Using an Alternate Path or Channel
vulnerability ...)
+ TODO: check
+CVE-2026-0947 (Improper Neutralization of Input During Web Page Generation
("Cross-si ...)
+ TODO: check
+CVE-2026-0946 (Improper Neutralization of Input During Web Page Generation
("Cross-si ...)
+ TODO: check
+CVE-2026-0945 (Privilege Defined With Unsafe Actions vulnerability in Drupal
Role Del ...)
+ TODO: check
+CVE-2026-0944 (Improper Check for Unusual or Exceptional Conditions
vulnerability in ...)
+ TODO: check
+CVE-2026-0867 (The Essential Widgets plugin for WordPress is vulnerable to
Stored Cro ...)
+ TODO: check
+CVE-2025-71031 (Water-Melon Melon commit 9df9292 and below is vulnerable to
Denial of ...)
+ TODO: check
+CVE-2025-62616 (AutoGPT is a platform that allows users to create, deploy, and
manage ...)
+ TODO: check
+CVE-2025-62615 (AutoGPT is a platform that allows users to create, deploy, and
manage ...)
+ TODO: check
+CVE-2025-61732 (A discrepancy between how Go and C/C++ comments were parsed
allowed fo ...)
+ TODO: check
+CVE-2025-2134 (IBM Jazz Reporting Service could allow an authenticated user on
the ne ...)
+ TODO: check
+CVE-2025-27550 (IBM Jazz Reporting Service could allow an authenticated user
on the ho ...)
+ TODO: check
+CVE-2025-1823 (IBM Jazz Reporting Service could allow an authenticated user on
the ho ...)
+ TODO: check
+CVE-2025-15555 (A security flaw has been discovered in Open5GS up to 2.7.6.
Affected b ...)
+ TODO: check
+CVE-2025-15080 (Improper Validation of Specified Quantity in Input
vulnerability in Mi ...)
+ TODO: check
+CVE-2025-13375 (IBM Common Cryptographic Architecture (CCA)7.5.52 and8.4.82
could allo ...)
+ TODO: check
+CVE-2025-13192 (The Popup builder with Gamification, Multi-Step Popups,
Page-Level Tar ...)
+ TODO: check
+CVE-2025-11730 (A post\u2011authentication command injection vulnerability in
the Dyna ...)
+ TODO: check
+CVE-2025-10314 (Incorrect Default Permissions vulnerability in Mitsubishi
Electric Cor ...)
+ TODO: check
+CVE-2025-10258 (Infinera DNA is vulnerable to a time-based SQL injection
vulnerability ...)
+ TODO: check
+CVE-2024-51451 (IBM Concert 1.0.0 through 2.1.0 is vulnerable to HTTP header
injection ...)
+ TODO: check
+CVE-2024-43181 (IBM Concert 1.0.0 through 2.1.0 does not invalidate session
after logo ...)
+ TODO: check
+CVE-2024-40685 (IBM Operations Analytics \u2013 Log Analysis versions 1.3.5.0
through ...)
+ TODO: check
+CVE-2024-39724 (IBM Db2 Big SQL on Cloud Pak for Data versions 7.6 (on CP4D
4.8), 7.7 ...)
+ TODO: check
+CVE-2023-38281 (IBM Cloud Pak System does not set the secure attribute on
authorizatio ...)
+ TODO: check
+CVE-2023-38017 (IBM Cloud Pak Systemis vulnerable to cross-site scripting.
This vulner ...)
+ TODO: check
+CVE-2023-38010 (IBM Cloud Pak System displays sensitive information in user
messages t ...)
+ TODO: check
+CVE-2019-25288 (Wacom WTabletService 6.6.7-3 contains an unquoted service path
vulnera ...)
+ TODO: check
+CVE-2019-25287 (Adaware Web Companion version 4.8.2078.3950 contains an
unquoted servi ...)
+ TODO: check
+CVE-2019-25286 (GCaf\xe9 3.0 contains an unquoted service path vulnerability
in the gb ...)
+ TODO: check
+CVE-2019-25285 (Alps Pointing-device Controller 8.1202.1711.04 contains an
unquoted se ...)
+ TODO: check
+CVE-2019-25283 (Shrew Soft VPN Client 2.2.2 contains an unquoted service path
vulnerab ...)
+ TODO: check
+CVE-2019-25281 (NCP Secure Entry Client 9.2 contains an unquoted service path
vulnerab ...)
+ TODO: check
+CVE-2019-25276 (Studio 5000 Logix Designer 30.01.00 contains an unquoted
service path ...)
+ TODO: check
+CVE-2019-25275 (BartVPN 1.2.2 contains an unquoted service path vulnerability
in the B ...)
+ TODO: check
+CVE-2019-25274 (ProShow Producer 9.0.3797 contains an unquoted service path
vulnerabil ...)
+ TODO: check
+CVE-2019-25273 (Easy-Hide-IP 5.0.0.3 contains an unquoted service path
vulnerability i ...)
+ TODO: check
+CVE-2019-25272 (TexasSoft CyberPlanet 6.4.131 contains an unquoted service
path vulner ...)
+ TODO: check
+CVE-2019-25271 (NETGATE Data Backup 3.0.620 contains an unquoted service path
vulnerab ...)
+ TODO: check
+CVE-2019-25269 (Amiti Antivirus 25.0.640 contains an unquoted service path
vulnerabili ...)
+ TODO: check
+CVE-2019-25267 (Wing FTP Server 6.0.7 contains an unquoted service path
vulnerability ...)
+ TODO: check
CVE-2026-25532 (ESF-IDF is the Espressif Internet of Things (IOT) Development
Framewor ...)
NOT-FOR-US: ESF-IDF
CVE-2026-25508 (ESF-IDF is the Espressif Internet of Things (IOT) Development
Framewor ...)
@@ -635,7 +801,7 @@ CVE-2020-37065 (StreamRipper32 version 2.6 contains a
buffer overflow vulnerabil
NOT-FOR-US: StreamRipper32
CVE-2019-25260 (OXID eShop versions 6.x prior to 6.3.4 contains a SQL
injection vulner ...)
NOT-FOR-US: OXID eShop
-CVE-2026-25541
+CVE-2026-25541 (Bytes is a utility library for working with bytes. From
version 1.2.1 ...)
- rust-bytes 1.11.1-1
NOTE: https://rustsec.org/advisories/RUSTSEC-2026-0007.html
NOTE: https://github.com/advisories/GHSA-434x-w66g-qw3r
@@ -34703,6 +34869,7 @@ CVE-2025-64338 (ClipBucket v5 is an open source video
sharing platform. In versi
CVE-2025-64336 (ClipBucket v5 is an open source video sharing platform. In
versions 5. ...)
NOT-FOR-US: ClipBucket
CVE-2025-64329 (containerd is an open-source container runtime. Versions
1.7.28 and be ...)
+ {DLA-4467-1}
- containerd 1.7.24~ds1-10 (bug #1120343)
[trixie] - containerd 1.7.24~ds1-6+deb13u1
[bookworm] - containerd <no-dsa> (Minor issue)
@@ -35146,7 +35313,7 @@ CVE-2025-10955 (Improper Neutralization of Input During
Web Page Generation (XSS
CVE-2025-10885 (A maliciously crafted file, when executed on the victim's
machine, can ...)
NOT-FOR-US: Autodesk
CVE-2024-25621 (containerd is an open-source container runtime. Versions 0.1.0
through ...)
- {DSA-6067-1}
+ {DSA-6067-1 DLA-4467-1}
- containerd 1.7.24~ds1-9 (bug #1120285)
NOTE:
https://github.com/containerd/containerd/security/advisories/GHSA-pwhc-rpq9-4c8w
NOTE: Fixed by:
https://github.com/containerd/containerd/commit/910171e90ec3a402c6669333483fbec9d0b414d7
(v2.2.0)
@@ -95914,7 +96081,7 @@ CVE-2024-45554 (Memory corruption during concurrent SSR
execution due to race co
NOT-FOR-US: Qualcomm
CVE-2023-33770 (Real Estate Management System v1.0 was discovered to contain a
SQL inj ...)
NOT-FOR-US: Real Estate Management System
-CVE-2025-22873
+CVE-2025-22873 (It was possible to improperly access the parent directory of
an os.Roo ...)
- golang-1.24 1.24.4-1 (bug #1104816)
- golang-1.23 <not-affected> (Vulnerable code only present in 1.24.x
releases)
- golang-1.19 <not-affected> (Vulnerable code only present in 1.24.x
releases)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/145f790d6dcabc8ea2fb5761b336815730855b6c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/145f790d6dcabc8ea2fb5761b336815730855b6c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
