Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
003ad0b7 by security tracker role at 2026-02-05T20:13:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,183 @@
+CVE-2026-25630
+ REJECTED
+CVE-2026-23797 (In Quick.Cart user passwords are stored in plaintext form. An
attacker ...)
+ TODO: check
+CVE-2026-23796 (Quick.Cart allows a user's session identifier to be set before
authent ...)
+ TODO: check
+CVE-2026-23572 (Improper access control intheTeamViewerFull and Host
clients(Windows,m ...)
+ TODO: check
+CVE-2026-1966 (YugabyteDB Anywhere displays LDAP bind passwords configured via
gflags ...)
+ TODO: check
+CVE-2026-1927 (The Greenshift \u2013 animation and page builder blocks plugin
for Wor ...)
+ TODO: check
+CVE-2026-1707 (pgAdmin versions 9.11 are affected by a Restore restriction
bypass via ...)
+ TODO: check
+CVE-2026-1654 (The Peter's Date Countdown plugin for WordPress is vulnerable
to Refle ...)
+ TODO: check
+CVE-2026-1523 (Path Traversal vulnerability in Digitek ADT1100 and Digitek
DT950 from ...)
+ TODO: check
+CVE-2026-1517 (A vulnerability was identified in iomad up to 5.0. Affected is
an unkn ...)
+ TODO: check
+CVE-2026-1319 (The Robin Image Optimizer \u2013 Unlimited Image Optimization &
WebP C ...)
+ TODO: check
+CVE-2026-1301 (In builds with PubSub and JSON enabled, a crafted JSON message
can cau ...)
+ TODO: check
+CVE-2026-1294 (The All In One Image Viewer Block plugin for WordPress is
vulnerable t ...)
+ TODO: check
+CVE-2026-1271 (The ProfileGrid \u2013 User Profiles, Groups and Communities
plugin fo ...)
+ TODO: check
+CVE-2026-0715 (Moxa Arm-based industrial computers running Moxa Industrial
Linux Secu ...)
+ TODO: check
+CVE-2026-0714 (A physical attack vulnerability exists in certain Moxa
industrial comp ...)
+ TODO: check
+CVE-2025-70792 (Cross Site Scripting vulnerability in the
"/admin/category/create" end ...)
+ TODO: check
+CVE-2025-70791 (Cross Site Scripting vulnerability in the
"/admin/order/abandoned" end ...)
+ TODO: check
+CVE-2025-70073 (An issue in ChestnutCMS v.1.5.8 and before allows a remote
attacker to ...)
+ TODO: check
+CVE-2025-69906 (Monstra CMS v3.0.4 contains an arbitrary file upload
vulnerability in ...)
+ TODO: check
+CVE-2025-69619 (A path traversal in My Text Editor v1.6.2 allows attackers to
cause a ...)
+ TODO: check
+CVE-2025-68723 (Axigen Mail Server before 10.5.57 contains multiple stored
Cross-Site ...)
+ TODO: check
+CVE-2025-68722 (Axigen Mail Server before 10.5.57 and 10.6.x before 10.6.26
contains a ...)
+ TODO: check
+CVE-2025-68721 (Axigen Mail Server before 10.5.57 contains an improper access
control ...)
+ TODO: check
+CVE-2025-68643 (Axigen Mail Server before 10.5.57 allows stored Cross-Site
Scripting ( ...)
+ TODO: check
+CVE-2025-58190 (The html.Parse function in golang.org/x/net/html has an
infinite parsi ...)
+ TODO: check
+CVE-2025-47911 (The html.Parse function in golang.org/x/net/html has quadratic
parsing ...)
+ TODO: check
+CVE-2025-15557 (An Improper Certificate Validation vulnerability in TP-Link
Tapo H100 ...)
+ TODO: check
+CVE-2025-15551 (The response coming from TP-Link Archer MR200 v5.2, C20 v6,
TL-WR850N ...)
+ TODO: check
+CVE-2025-15343 (Tanium addressed an incorrect default permissions
vulnerability in Enf ...)
+ TODO: check
+CVE-2025-15342 (Tanium addressed an improper access controls vulnerability in
Reputati ...)
+ TODO: check
+CVE-2025-15341 (Tanium addressed an incorrect default permissions
vulnerability in Ben ...)
+ TODO: check
+CVE-2025-15340 (Tanium addressed an incorrect default permissions
vulnerability in Com ...)
+ TODO: check
+CVE-2025-15339 (Tanium addressed an incorrect default permissions
vulnerability in Dis ...)
+ TODO: check
+CVE-2025-15338 (Tanium addressed an incorrect default permissions
vulnerability in Par ...)
+ TODO: check
+CVE-2025-15337 (Tanium addressed an incorrect default permissions
vulnerability in Pat ...)
+ TODO: check
+CVE-2025-15336 (Tanium addressed an incorrect default permissions
vulnerability in Per ...)
+ TODO: check
+CVE-2025-15335 (Tanium addressed an information disclosure vulnerability in
Threat Res ...)
+ TODO: check
+CVE-2025-15334 (Tanium addressed an information disclosure vulnerability in
Threat Res ...)
+ TODO: check
+CVE-2025-15333 (Tanium addressed an information disclosure vulnerability in
Threat Res ...)
+ TODO: check
+CVE-2025-15332 (Tanium addressed an information disclosure vulnerability in
Threat Res ...)
+ TODO: check
+CVE-2025-15331 (Tanium addressed an uncontrolled resource consumption
vulnerability in ...)
+ TODO: check
+CVE-2025-15330 (Tanium addressed an improper input validation vulnerability in
Deploy.)
+ TODO: check
+CVE-2025-15329 (Tanium addressed an information disclosure vulnerability in
Threat Res ...)
+ TODO: check
+CVE-2025-15328 (Tanium addressed an improper link resolution before file
access vulner ...)
+ TODO: check
+CVE-2025-15327 (Tanium addressed an improper access controls vulnerability in
Deploy.)
+ TODO: check
+CVE-2025-15326 (Tanium addressed an improper access controls vulnerability in
Patch.)
+ TODO: check
+CVE-2025-15325 (Tanium addressed an improper input validation vulnerability in
Discove ...)
+ TODO: check
+CVE-2025-15324 (Tanium addressed a documentation issue in Engage.)
+ TODO: check
+CVE-2025-15323 (Tanium addressed an improper certificate validation
vulnerability in T ...)
+ TODO: check
+CVE-2025-15321 (Tanium addressed an improper input validation vulnerability in
Tanium ...)
+ TODO: check
+CVE-2025-15312 (Tanium addressed an improper output sanitization vulnerability
in Tani ...)
+ TODO: check
+CVE-2025-15311 (Tanium addressed an unauthorized code execution vulnerability
in Taniu ...)
+ TODO: check
+CVE-2025-15289 (Tanium addressed an improper access controls vulnerability in
Interact ...)
+ TODO: check
+CVE-2025-14150 (IBM webMethods Integration (on prem) - Integration Server
10.15 throug ...)
+ TODO: check
+CVE-2025-14079 (The ELEX WordPress HelpDesk & Customer Ticketing System plugin
for Wor ...)
+ TODO: check
+CVE-2025-13491 (IBM App Connect Enterprise Certified Containerup to 12.19.0
(Continuou ...)
+ TODO: check
+CVE-2025-13416 (The ProfileGrid \u2013 User Profiles, Groups and Communities
plugin fo ...)
+ TODO: check
+CVE-2025-13379 (IBM Aspera Console 3.4.0 through 3.4.8 is vulnerable to SQL
injection. ...)
+ TODO: check
+CVE-2020-37152 (PHP-Fusion 9.03.50 panels.php is vulnerable to cross-site
scripting (X ...)
+ TODO: check
+CVE-2020-37151 (phpMyChat Plus 1.98 contains a SQL injection vulnerability in
the delu ...)
+ TODO: check
+CVE-2020-37150 (Edimax EW-7438RPn-v3 Mini 1.27 allows unauthenticated
attackers to acc ...)
+ TODO: check
+CVE-2020-37149 (Edimax EW-7438RPn-v3 Mini 1.27 is vulnerable to cross-site
request for ...)
+ TODO: check
+CVE-2020-37148 (P5 FNIP-8x16A/FNIP-4xSH versions 1.0.20 and 1.0.11 suffer from
a store ...)
+ TODO: check
+CVE-2020-37145 (HRSALE 1.1.8 contains a cross-site request forgery
vulnerability that ...)
+ TODO: check
+CVE-2020-37144 (Exagate SYSGuard 6001 contains a cross-site request forgery
vulnerabil ...)
+ TODO: check
+CVE-2020-37143 (ProficySCADA for iOS 5.0.25920 contains a denial of service
vulnerabil ...)
+ TODO: check
+CVE-2020-37142 (10-Strike Network Inventory Explorer 8.54 contains a
structured except ...)
+ TODO: check
+CVE-2020-37140 (Everest, later referred to as AIDA64, 5.50.2100 contains a
denial of s ...)
+ TODO: check
+CVE-2020-37139 (Odin Secure FTP Expert 7.6.3 contains a local denial of
service vulner ...)
+ TODO: check
+CVE-2020-37138 (10-Strike Network Inventory Explorer 9.03 contains a buffer
overflow v ...)
+ TODO: check
+CVE-2020-37137 (PHP-Fusion 9.03.50 contains a remote code execution
vulnerability in t ...)
+ TODO: check
+CVE-2020-37136 (ZOC Terminal 7.25.5 contains a denial of service vulnerability
in the ...)
+ TODO: check
+CVE-2020-37134 (UltraVNC Viewer 1.2.4.0 contains a denial of service
vulnerability tha ...)
+ TODO: check
+CVE-2020-37133 (UltraVNC Launcher 1.2.4.0 contains a denial of service
vulnerability i ...)
+ TODO: check
+CVE-2020-37132 (UltraVNC Launcher 1.2.4.0 contains a denial of service
vulnerability i ...)
+ TODO: check
+CVE-2020-37131 (Nsauditor Product Key Explorer 4.2.2.0 contains a denial of
service vu ...)
+ TODO: check
+CVE-2020-37130 (Nsauditor 3.2.0.0 contains a denial of service vulnerability
in the re ...)
+ TODO: check
+CVE-2020-37129 (Memu Play 7.1.3 contains an insecure folder permissions
vulnerability ...)
+ TODO: check
+CVE-2020-37128 (ZOC Terminal 7.25.5 contains a script processing vulnerability
that al ...)
+ TODO: check
+CVE-2020-37127 (Dnsmasq-utils 2.79-1 contains a buffer overflow vulnerability
in the d ...)
+ TODO: check
+CVE-2020-37126 (Free Desktop Clock 3.0 contains a stack overflow vulnerability
in the ...)
+ TODO: check
+CVE-2020-37125 (Edimax EW-7438RPn-v3 Mini 1.27 contains a remote code
execution vulner ...)
+ TODO: check
+CVE-2020-37124 (B64dec 1.1.2 contains a buffer overflow vulnerability that
allows atta ...)
+ TODO: check
+CVE-2020-37123 (Pinger 1.0 contains a remote code execution vulnerability that
allows ...)
+ TODO: check
+CVE-2020-37121 (CODE::BLOCKS 16.01 contains a buffer overflow vulnerability
that allow ...)
+ TODO: check
+CVE-2020-37120 (Rubo DICOM Viewer 2.0 contains a buffer overflow vulnerability
in the ...)
+ TODO: check
+CVE-2020-37119 (Nsauditor 3.0.28 and 3.2.1.0 contains a buffer overflow
vulnerability ...)
+ TODO: check
+CVE-2020-37118 (P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request
forgery v ...)
+ TODO: check
+CVE-2020-37117 (jizhiCMS 1.6.7 contains a file download vulnerability in the
admin plu ...)
+ TODO: check
CVE-2026-21727
- grafana <removed>
CVE-2026-25585 (iccDEV provides a set of libraries and tools that allow for
the intera ...)
@@ -6012,7 +6192,7 @@ CVE-2026-21947 (Vulnerability in Oracle Java SE
(component: JavaFX). Supported
CVE-2026-21946 (Vulnerability in the JD Edwards EnterpriseOne Tools product of
Oracle ...)
NOT-FOR-US: Oracle
CVE-2026-21945 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK,
Oracle Gr ...)
- {DSA-6112-1 DSA-6110-1 DLA-4457-1 DLA-4456-1}
+ {DSA-6119-1 DSA-6112-1 DSA-6110-1 DLA-4457-1 DLA-4456-1}
- openjdk-8 <unfixed> (bug #1126119)
- openjdk-11 11.0.30+7-1
- openjdk-17 17.0.18+8-1
@@ -6042,7 +6222,7 @@ CVE-2026-21935 (Vulnerability in the Oracle Solaris
product of Oracle Systems (c
CVE-2026-21934 (Vulnerability in the PeopleSoft Enterprise PeopleTools product
of Orac ...)
NOT-FOR-US: Oracle
CVE-2026-21933 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK,
Oracle Gr ...)
- {DSA-6112-1 DSA-6110-1 DLA-4457-1 DLA-4456-1}
+ {DSA-6119-1 DSA-6112-1 DSA-6110-1 DLA-4457-1 DLA-4456-1}
- openjdk-8 <unfixed> (bug #1126119)
- openjdk-11 11.0.30+7-1
- openjdk-17 17.0.18+8-1
@@ -6050,7 +6230,7 @@ CVE-2026-21933 (Vulnerability in the Oracle Java SE,
Oracle GraalVM for JDK, Ora
- openjdk-25 25.0.2+10-1
NOTE: https://openjdk.org/groups/vulnerability/advisories/2026-01-20
CVE-2026-21932 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK,
Oracle Gr ...)
- {DSA-6112-1 DSA-6110-1 DLA-4457-1 DLA-4456-1}
+ {DSA-6119-1 DSA-6112-1 DSA-6110-1 DLA-4457-1 DLA-4456-1}
- openjdk-8 <unfixed> (bug #1126119)
- openjdk-11 11.0.30+7-1
- openjdk-17 17.0.18+8-1
@@ -6070,7 +6250,7 @@ CVE-2026-21927 (Vulnerability in the Oracle Solaris
product of Oracle Systems (c
CVE-2026-21926 (Vulnerability in the Siebel CRM Deployment product of Oracle
Siebel CR ...)
NOT-FOR-US: Oracle
CVE-2026-21925 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK,
Oracle Gr ...)
- {DSA-6112-1 DSA-6110-1 DLA-4457-1 DLA-4456-1}
+ {DSA-6119-1 DSA-6112-1 DSA-6110-1 DLA-4457-1 DLA-4456-1}
- openjdk-8 <unfixed> (bug #1126119)
- openjdk-11 11.0.30+7-1
- openjdk-17 17.0.18+8-1
@@ -7572,7 +7752,7 @@ CVE-2025-61731 (Building a malicious file with cmd/go can
cause can cause a writ
NOTE: https://github.com/golang/go/issues/77100
NOTE: Fixed by:
https://github.com/golang/go/commit/2526187481ee31241b72f491992accbdd66c2655
(go1.25.6)
NOTE: Fixed by:
https://github.com/golang/go/commit/00b7309387a171bcba37382e7ed96b473df04917
(go1.24.12)
-CVE-2025-68121 [crypto/tls: Config.Clone copies automatically generated
session ticket keys, session resumption does not account for the expiration of
full certificate chain]
+CVE-2025-68121 (During session resumption in crypto/tls, if the underlying
Config has ...)
- golang-1.25 1.25.6-1 (bug #1125916)
- golang-1.24 1.24.12-1 (bug #1125917)
[trixie] - golang-1.24 <no-dsa> (Minor issue)
@@ -38328,6 +38508,7 @@ CVE-2025-62263 (Multiple cross-site scripting (XSS)
vulnerabilities in Liferay P
CVE-2025-62253 (Open redirect vulnerability in page administration in Liferay
Portal 7 ...)
NOT-FOR-US: Liferay
CVE-2025-61795 (Improper Resource Shutdown or Release vulnerability in Apache
Tomcat. ...)
+ {DSA-6120-1 DLA-4468-1}
- tomcat11 11.0.15-1 (bug #1119293)
- tomcat10 10.1.52-1 (bug #1119294)
- tomcat9 9.0.70-2
@@ -38396,6 +38577,7 @@ CVE-2025-59151 (Pi-hole Admin Interface is a web
interface for managing Pi-hole,
CVE-2025-58356 (Constellation is the first Confidential Kubernetes. The
Constellation ...)
NOT-FOR-US: Constellation
CVE-2025-55754 (Improper Neutralization of Escape, Meta, or Control Sequences
vulnerab ...)
+ {DSA-6120-1 DLA-4468-1}
- tomcat11 11.0.11-1
- tomcat10 10.1.46-1
- tomcat9 9.0.70-2
@@ -38405,6 +38587,7 @@ CVE-2025-55754 (Improper Neutralization of Escape,
Meta, or Control Sequences vu
NOTE:
https://github.com/apache/tomcat/commit/138d7f5cfaae683078948303333c080e6faa75d2
(10.1.45)
NOTE:
https://github.com/apache/tomcat/commit/a03cabf3a36a42d27d8d997ed31f034f50ba6cd5
(9.0.109)
CVE-2025-55752 (Relative Path Traversal vulnerability in Apache Tomcat. The
fix for b ...)
+ {DSA-6120-1 DLA-4468-1}
- tomcat11 11.0.11-1
- tomcat10 10.1.46-1
- tomcat9 9.0.70-2
@@ -65933,6 +66116,7 @@ CVE-2025-6186 (An issue has been discovered in GitLab
CE/EE affecting all versio
CVE-2025-5819 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- gitlab <unfixed>
CVE-2025-55668 (Session Fixation vulnerability in Apache Tomcat via rewrite
valve. Th ...)
+ {DSA-6120-1}
- tomcat11 11.0.11-1 (bug #1111099)
- tomcat10 10.1.46-1 (bug #1111098)
- tomcat9 9.0.70-2
@@ -66037,6 +66221,7 @@ CVE-2025-50594 (An issue was discovered in
/Code/Websites/DanpheEMR/Controllers/
CVE-2025-50251 (Server side request forgery (SSRF) vulnerability in makeplane
plane 0. ...)
NOT-FOR-US: makeplane plane
CVE-2025-48989 (Improper Resource Shutdown or Release vulnerability in Apache
Tomcat m ...)
+ {DSA-6120-1}
- tomcat11 11.0.11-1 (bug #1111097)
- tomcat10 10.1.52-1 (bug #1111096)
- tomcat9 9.0.70-2
@@ -74976,7 +75161,7 @@ CVE-2025-53549 (The Matrix Rust SDK is a collection of
libraries that make it ea
CVE-2025-53542 (Headlamp is an extensible Kubernetes web UI. A command
injection vulne ...)
NOT-FOR-US: Headlamp
CVE-2025-53506 (Uncontrolled Resource Consumption vulnerability in Apache
Tomcat if an ...)
- {DLA-4244-1}
+ {DSA-6120-1 DLA-4244-1}
- tomcat11 11.0.11-1 (bug #1109113)
- tomcat10 10.1.46-1 (bug #1109114)
- tomcat9 9.0.70-2
@@ -75003,7 +75188,7 @@ CVE-2025-52837 (Trend Micro Password Manager (Consumer)
version 5.8.0.1327 and b
CVE-2025-52521 (Trend Micro Security 17.8 (Consumer) is vulnerable to a link
following ...)
NOT-FOR-US: Trend Micro
CVE-2025-52520 (For some unlikely configurations of multipart upload, an
Integer Overf ...)
- {DLA-4244-1}
+ {DSA-6120-1 DLA-4244-1}
- tomcat11 11.0.11-1 (bug #1109111)
- tomcat10 10.1.46-1 (bug #1109112)
- tomcat9 9.0.70-2
@@ -83984,7 +84169,7 @@ CVE-2025-4565 (Any project that uses Protobuf
Pure-Python backendto parse untrus
[bullseye] - protobuf <postponed> (Minor issue; can be fixed in next
update)
NOTE:
https://github.com/protocolbuffers/protobuf/commit/17838beda2943d08b8a9d4df5b68f5f04f26d901
CVE-2025-49125 (Authentication Bypass Using an Alternate Path or Channel
vulnerability ...)
- {DLA-4244-1}
+ {DSA-6120-1 DLA-4244-1}
- tomcat11 11.0.11-1 (bug #1108114)
- tomcat10 10.1.46-1 (bug #1108115)
- tomcat9 9.0.70-2
@@ -83999,7 +84184,7 @@ CVE-2025-49124 (Untrusted Search Path vulnerability in
Apache Tomcat installer f
- tomcat9 <not-affected> (Windows-specific)
NOTE: https://lists.apache.org/thread/lnow7tt2j6hb9kcpkggx32ht6o90vqzv
CVE-2025-48988 (Allocation of Resources Without Limits or Throttling
vulnerability in ...)
- {DLA-4244-1}
+ {DSA-6120-1 DLA-4244-1}
- tomcat11 11.0.11-1 (bug #1108116)
- tomcat10 10.1.46-1 (bug #1108117)
- tomcat9 9.0.70-2
@@ -84009,7 +84194,7 @@ CVE-2025-48988 (Allocation of Resources Without Limits
or Throttling vulnerabili
NOTE:
https://github.com/apache/tomcat/commit/cdde8e655bc1c5c60a07efd216251d77c52fd7f6
(10.1.42)
NOTE:
https://github.com/apache/tomcat/commit/ee8042ffce4cb9324dfd79efda5984f37bbb6910
(9.0.106)
CVE-2025-48976 (Allocation of resources for multipart headers with
insufficient limits ...)
- {DLA-4245-1 DLA-4244-1}
+ {DSA-6120-1 DLA-4245-1 DLA-4244-1}
- libcommons-fileupload-java <unfixed> (bug #1108120)
[trixie] - libcommons-fileupload-java <no-dsa> (Minor issue)
[bookworm] - libcommons-fileupload-java <no-dsa> (Minor issue)
@@ -88590,7 +88775,7 @@ CVE-2025-46823 (openmrs-module-fhir2 provides the FHIR
REST API and related serv
CVE-2025-46722 (vLLM is an inference and serving engine for large language
models (LLM ...)
- vllm <itp> (bug #1095237)
CVE-2025-46701 (Improper Handling of Case Sensitivity vulnerability in Apache
Tomcat's ...)
- {DLA-4244-1}
+ {DSA-6120-1 DLA-4244-1}
- tomcat11 11.0.11-1 (bug #1106821)
- tomcat10 10.1.46-1 (bug #1106820)
- tomcat9 9.0.70-2
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/003ad0b759a94ccb128473dbd1f950a32af3aa70
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/003ad0b759a94ccb128473dbd1f950a32af3aa70
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
