Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4fe0bb2f by security tracker role at 2026-02-13T20:13:06+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,10 +1,172 @@
-CVE-2026-2441
+CVE-2026-2443 (A flaw was identified in libsoup, a widely used HTTP library in
GNOME- ...)
+ TODO: check
+CVE-2026-2026 (A vulnerability has been identified where weak file permissions
in the ...)
+ TODO: check
+CVE-2026-26269 (Vim is an open source, command line text editor. Prior to
9.1.2148, a ...)
+ TODO: check
+CVE-2026-26268 (Cursor is a code editor built for programming with AI. Sandbox
escape ...)
+ TODO: check
+CVE-2026-26264 (BACnet Stack is a BACnet open source protocol stack C library
for embe ...)
+ TODO: check
+CVE-2026-26226 (beautiful-mermaid versions prior to 0.1.3 contain an SVG
attribute inj ...)
+ TODO: check
+CVE-2026-26221 (Hyland OnBase contains an unauthenticated .NET Remoting
exposure in th ...)
+ TODO: check
+CVE-2026-26208 (ADB Explorer is a fluent UI for ADB on Windows. Prior to Beta
0.9.2602 ...)
+ TODO: check
+CVE-2026-26190 (Milvus is an open-source vector database built for generative
AI appli ...)
+ TODO: check
+CVE-2026-26187 (lakeFS is an open-source tool that transforms object storage
into a Gi ...)
+ TODO: check
+CVE-2026-25991 (Tandoor Recipes is an application for managing recipes,
planning meals ...)
+ TODO: check
+CVE-2026-25964 (Tandoor Recipes is an application for managing recipes,
planning meals ...)
+ TODO: check
+CVE-2026-22892 (Mattermost versions 11.1.x <= 11.1.2, 10.11.x <= 10.11.9,
11.2.x <= 11 ...)
+ TODO: check
+CVE-2026-21878 (BACnet Stack is a BACnet open source protocol stack C library
for embe ...)
+ TODO: check
+CVE-2026-21870 (BACnet Protocol Stack library provides a BACnet application
layer, net ...)
+ TODO: check
+CVE-2026-20796 (Mattermost versions 10.11.x <= 10.11.9 fail to properly
validate chann ...)
+ TODO: check
+CVE-2026-1619 (Authorization Bypass Through User-Controlled Key vulnerability
in Univ ...)
+ TODO: check
+CVE-2026-1618 (Authentication Bypass Using an Alternate Path or Channel
vulnerability ...)
+ TODO: check
+CVE-2026-1578 (HP App for Android is potentially vulnerable to cross-site
scripting ( ...)
+ TODO: check
+CVE-2026-0872 (Improper Certificate Validation vulnerability in Thales SafeNet
Agent ...)
+ TODO: check
+CVE-2025-70123 (An improper input validation and protocol compliance
vulnerability in ...)
+ TODO: check
+CVE-2025-70122 (A heap buffer overflow vulnerability in the UPF component of
free5GC v ...)
+ TODO: check
+CVE-2025-70121 (An array index out of bounds vulnerability in the AMF
component of fre ...)
+ TODO: check
+CVE-2025-70095 (A cross-site scripting (XSS) vulnerability in the item
management and ...)
+ TODO: check
+CVE-2025-70094 (A cross-site scripting (XSS) vulnerability in the Generate
Item Barcod ...)
+ TODO: check
+CVE-2025-70093 (An issue in OpenSourcePOS v3.4.1 allows attackers to execute
arbitrary ...)
+ TODO: check
+CVE-2025-70091 (A cross-site scripting (XSS) vulnerability in the Customers
function o ...)
+ TODO: check
+CVE-2025-69770 (A zip slip vulnerability in the /DesignTools/SkinList.aspx
endpoint of ...)
+ TODO: check
+CVE-2025-66676 (An issue in IObit Unlocker v1.3.0.11 allows attackers to cause
a Denia ...)
+ TODO: check
+CVE-2025-36552
+ REJECTED
+CVE-2025-36545
+ REJECTED
+CVE-2025-36542
+ REJECTED
+CVE-2025-36538
+ REJECTED
+CVE-2025-36534
+ REJECTED
+CVE-2025-36532
+ REJECTED
+CVE-2025-36526
+ REJECTED
+CVE-2025-36524
+ REJECTED
+CVE-2025-36523
+ REJECTED
+CVE-2025-36517
+ REJECTED
+CVE-2025-35997
+ REJECTED
+CVE-2025-35993
+ REJECTED
+CVE-2025-35976
+ REJECTED
+CVE-2025-35962
+ REJECTED
+CVE-2025-35961
+ REJECTED
+CVE-2025-35960
+ REJECTED
+CVE-2025-33042 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
+ TODO: check
+CVE-2025-32734
+ REJECTED
+CVE-2025-32733
+ REJECTED
+CVE-2025-32090
+ REJECTED
+CVE-2025-32085
+ REJECTED
+CVE-2025-32082
+ REJECTED
+CVE-2025-32009
+ REJECTED
+CVE-2025-31942
+ REJECTED
+CVE-2025-31364
+ REJECTED
+CVE-2025-31358
+ REJECTED
+CVE-2025-31145
+ REJECTED
+CVE-2025-30517
+ REJECTED
+CVE-2025-29869
+ REJECTED
+CVE-2025-27941
+ REJECTED
+CVE-2025-27928
+ REJECTED
+CVE-2025-27573
+ REJECTED
+CVE-2025-27569
+ REJECTED
+CVE-2025-27251
+ REJECTED
+CVE-2025-26471
+ REJECTED
+CVE-2025-25049
+ REJECTED
+CVE-2025-24524
+ REJECTED
+CVE-2025-24518
+ REJECTED
+CVE-2025-24492
+ REJECTED
+CVE-2025-24321
+ REJECTED
+CVE-2025-24300
+ REJECTED
+CVE-2025-22845
+ REJECTED
+CVE-2025-20110
+ REJECTED
+CVE-2025-20107
+ REJECTED
+CVE-2025-20098
+ REJECTED
+CVE-2025-20089
+ REJECTED
+CVE-2025-20078
+ REJECTED
+CVE-2025-20066
+ REJECTED
+CVE-2025-20038
+ REJECTED
+CVE-2025-20007
+ REJECTED
+CVE-2025-1790 (Local privilege escalation in Genetec Sipelia Plugin. An
authenticated ...)
+ TODO: check
+CVE-2025-14349 (Privilege Defined With Unsafe Actions, Missing Authentication
for Crit ...)
+ TODO: check
+CVE-2026-2441 (Use after free in CSS in Google Chrome prior to 145.0.7632.75
allowed ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-23112 [nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec]
+CVE-2026-23112 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/52a0a98549344ca20ad81a4176d68d28e3c05a5c (6.19)
-CVE-2026-23111 [netfilter: nf_tables: fix inverted genmask check in
nft_map_catchall_activate()]
+CVE-2026-23111 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/f41c5d151078c5348271ffaf8e7410d96f2d82f8 (6.19)
CVE-2026-26257
@@ -252,7 +414,8 @@ CVE-2023-31323 (Type confusion in the AMD Secure Processor
(ASP) could allow an
NOT-FOR-US: AMD
CVE-2023-31313 (An unintended proxy or intermediary in the AMD power
management firmwa ...)
TODO: check
-CVE-2019-25348 (Computrols CBAS-Web 19.0.0 contains a boolean-based blind SQL
injectio ...)
+CVE-2019-25348
+ REJECTED
NOT-FOR-US: Computrols CBAS-Web
CVE-2019-25347 (thesystem App 1.0 contains a SQL injection vulnerability that
allows a ...)
NOT-FOR-US: thesystem App
@@ -1000,7 +1163,7 @@ CVE-2019-25316 (GOautodial 4.0 contains a persistent
cross-site scripting vulner
NOT-FOR-US: GOautodial
CVE-2019-25315 (WordPress Server Log Viewer 1.0 contains a persistent
cross-site scrip ...)
NOT-FOR-US: WordPress Server Log Viewer
-CVE-2019-25314 (Duplicate-Post WordPress Plugin 3.2.3 contains a persistent
cross-site ...)
+CVE-2019-25314 (Yoast Duplicate-Post WordPress Plugin 3.2.3 contains a
persistent cros ...)
NOT-FOR-US: Duplicate-Post WordPress Plugin
CVE-2019-25312 (InoERP 0.7.2 contains a persistent cross-site scripting
vulnerability ...)
NOT-FOR-US: InoERP
@@ -1155,7 +1318,7 @@ CVE-2025-8099 (GitLab has remediated an issue in GitLab
CE/EE affecting all vers
- gitlab <not-affected> (Vulnerable code not present)
CVE-2025-7659 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- gitlab <not-affected> (Vulnerable code not present)
-CVE-2026-25531
+CVE-2026-25531 (Kanboard is project management software focused on Kanban
methodology. ...)
- kanboard <unfixed> (bug #1127694)
NOTE:
https://github.com/kanboard/kanboard/security/advisories/GHSA-vrm3-3337-whp9
CVE-2026-2303 (The mongo-go-driver repositorycontains CGo bindings for GSSAPI
(Kerber ...)
@@ -1938,6 +2101,7 @@ CVE-2026-1486 (A flaw was found in Keycloak. A
vulnerability exists in the jwt-a
CVE-2026-0632 (The Fluent Forms Pro Add On Pack plugin for WordPress is
vulnerable to ...)
NOT-FOR-US: WordPress plugin
CVE-2026-0398 (Crafted zones can lead to increased resource usage and crafted
CNAME c ...)
+ {DSA-6134-1}
- pdns-recursor 5.3.5-1 (bug #1127490)
[bookworm] - pdns-recursor <end-of-life> (see DSA 6045)
[bullseye] - pdns-recursor <end-of-life> (see DSA 6045)
@@ -2011,6 +2175,7 @@ CVE-2026-23948 (FreeRDP is a free implementation of the
Remote Desktop Protocol.
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-6f3c-qvqq-2px5
NOTE: Fixed by:
https://github.com/FreeRDP/FreeRDP/commit/4d44e3c097656a8b9ec696353647b0888ca45860
(3.22.0)
CVE-2026-24027 (Crafted zones can lead to increased incoming network traffic.)
+ {DSA-6134-1}
- pdns-recursor 5.3.5-1 (bug #1127490)
[bookworm] - pdns-recursor <end-of-life> (see DSA 6045)
[bullseye] - pdns-recursor <end-of-life> (see DSA 6045)
@@ -97078,7 +97243,7 @@ CVE-2025-32917 (Privilege escalation in jar_signature
agent plugin in Checkmk ve
- check-mk <removed>
CVE-2025-32756 (A stack-based buffer overflow vulnerability [CWE-121]
vulnerability in ...)
NOT-FOR-US: Fortinet
-CVE-2025-32709 (Use after free in Windows Ancillary Function Driver for
WinSock allows ...)
+CVE-2025-32709 (Null pointer dereference in Windows Ancillary Function Driver
for WinS ...)
NOT-FOR-US: Microsoft
CVE-2025-32707 (Out-of-bounds read in Windows NTFS allows an unauthorized
attacker to ...)
NOT-FOR-US: Microsoft
@@ -98076,7 +98241,7 @@ CVE-2025-47735 (inner::drop in inner.rs in the wgp
crate through 0.2.0 for Rust
NOT-FOR-US: wgp Rust crate
CVE-2025-47733 (Server-Side Request Forgery (SSRF) in Microsoft Power Apps
allows an u ...)
NOT-FOR-US: Microsoft
-CVE-2025-47732 (Microsoft Dataverse Remote Code Execution Vulnerability)
+CVE-2025-47732 (Deserialization of untrusted data in Microsoft Dataverse
allows an aut ...)
NOT-FOR-US: Microsoft
CVE-2025-46392 (Uncontrolled Resource Consumption vulnerability in Apache
Commons Conf ...)
- commons-configuration <unfixed> (bug #1105107)
@@ -98141,11 +98306,11 @@ CVE-2025-31946 (Pixmeo OsiriX MD is vulnerable to a
local use after free scenar
NOT-FOR-US: Pixmeo OsiriX MD
CVE-2025-2253 (The IMITHEMES Listing plugin is vulnerable to privilege
escalation via ...)
NOT-FOR-US: WordPress plugin
-CVE-2025-29972 (Server-Side Request Forgery (SSRF) in Azure allows an
authorized attac ...)
+CVE-2025-29972 (Server-side request forgery (ssrf) in Azure Storage Resource
Provider ...)
NOT-FOR-US: Microsoft
-CVE-2025-29827 (Improper Authorization in Azure Automation allows an
authorized attack ...)
+CVE-2025-29827 (Improper authorization in Azure Automation allows an
authorized attack ...)
NOT-FOR-US: Microsoft
-CVE-2025-29813 ([Spoofable identity claims] Authentication Bypass by
Assumed-Immutable ...)
+CVE-2025-29813 (Authentication bypass by assumed-immutable data in Azure
DevOps allows ...)
NOT-FOR-US: Microsoft
CVE-2025-29509 (Jan v0.5.14 and before is vulnerable to remote code execution
(RCE) wh ...)
NOT-FOR-US: Jan
@@ -108646,7 +108811,7 @@ CVE-2025-26649 (Concurrent execution using shared
resource with improper synchro
NOT-FOR-US: Microsoft
CVE-2025-26648 (Sensitive data storage in improperly locked memory in Windows
Kernel a ...)
NOT-FOR-US: Microsoft
-CVE-2025-26647 (Improper input validation in Windows Kerberos allows an
unauthorized a ...)
+CVE-2025-26647 (Improper input validation in Windows Kerberos allows an
authorized att ...)
NOT-FOR-US: Microsoft
CVE-2025-26644 (Automated recognition mechanism with inadequate detection or
handling ...)
NOT-FOR-US: Microsoft
@@ -117755,7 +117920,7 @@ CVE-2025-24974 (DataEase is an open source business
intelligence and data visual
NOT-FOR-US: DataEase
CVE-2025-24053 (Improper authentication in Microsoft Dataverse allows an
authorized at ...)
NOT-FOR-US: Microsoft
-CVE-2025-21104 (Dell NetWorker, versions prior to 19.12.0.1 and versions prior
to 19.1 ...)
+CVE-2025-21104 (Dell NetWorker, versions prior to 19.11.0.4 and version 19.12,
contain ...)
NOT-FOR-US: Dell / EMC
CVE-2025-1767 (This CVE only affects Kubernetes clusters that utilize the
in-tree git ...)
- kubernetes 1.20.5+really1.20.2-1
@@ -130428,7 +130593,7 @@ CVE-2025-21267 (Microsoft Edge (Chromium-based)
Spoofing Vulnerability)
NOT-FOR-US: Microsoft
CVE-2025-21253 (Microsoft Edge for IOS and Android Spoofing Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2025-21177 (Server-Side Request Forgery (SSRF) in Microsoft Dynamics 365
Sales all ...)
+CVE-2025-21177 (Server-side request forgery (ssrf) in Microsoft Dynamics 365
Sales all ...)
NOT-FOR-US: Microsoft
CVE-2025-1086 (A vulnerability has been found in Safetytest Cloud-Master
Server up to ...)
NOT-FOR-US: Safetytest Cloud-Master Server
@@ -137235,7 +137400,7 @@ CVE-2025-21395 (Microsoft Access Remote Code
Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2025-21393 (Microsoft SharePoint Server Spoofing Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2025-21389 (Windows upnphost.dll Denial of Service Vulnerability)
+CVE-2025-21389 (Uncontrolled resource consumption in Windows Universal Plug
and Play ( ...)
NOT-FOR-US: Microsoft
CVE-2025-21382 (Windows Graphics Component Elevation of Privilege
Vulnerability)
NOT-FOR-US: Microsoft
@@ -137357,7 +137522,7 @@ CVE-2025-21302 (Windows Telephony Service Remote Code
Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2025-21301 (Windows Geolocation Service Information Disclosure
Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2025-21300 (Windows upnphost.dll Denial of Service Vulnerability)
+CVE-2025-21300 (Windows Universal Plug and Play (UPnP) Device Host Denial of
Service V ...)
NOT-FOR-US: Microsoft
CVE-2025-21299 (Windows Kerberos Security Feature Bypass Vulnerability)
NOT-FOR-US: Microsoft
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4fe0bb2f53bd499ba6f72044dd024ff1161e32fa
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4fe0bb2f53bd499ba6f72044dd024ff1161e32fa
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
