Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2775a12f by security tracker role at 2026-02-16T08:12:59+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,49 @@
+CVE-2026-2545 (A weakness has been identified in LigeroSmart up to 6.1.26.
Impacted i ...)
+ TODO: check
+CVE-2026-2544 (A security flaw has been discovered in yued-fe LuLu UI up to
3.0.0. Th ...)
+ TODO: check
+CVE-2026-2543 (A vulnerability was identified in vichan-devel vichan up to
5.1.5. Thi ...)
+ TODO: check
+CVE-2026-2542 (A weakness has been identified in Total VPN 0.5.29.0 on
Windows. Affec ...)
+ TODO: check
+CVE-2026-2538 (A security flaw has been discovered in Flos Freeware Notepad2
4.2.22/4 ...)
+ TODO: check
+CVE-2026-2537 (A vulnerability was identified in Comfast CF-E4 2.6.0.1. This
impacts ...)
+ TODO: check
+CVE-2026-2536 (A vulnerability was determined in opencc JFlow up to 20260129.
This af ...)
+ TODO: check
+CVE-2026-2535 (A vulnerability was found in Comfast CF-N1 V2 2.6.0.2. The
impacted el ...)
+ TODO: check
+CVE-2026-2534 (A vulnerability has been found in Comfast CF-N1 V2 2.6.0.2. The
affect ...)
+ TODO: check
+CVE-2026-2533 (A flaw has been found in Tosei Self-service Washing Machine
4.02. Impa ...)
+ TODO: check
+CVE-2026-2532 (A vulnerability was detected in lintsinghua DeepAudit up to
3.0.3. Thi ...)
+ TODO: check
+CVE-2026-2531 (A security vulnerability has been detected in MindsDB up to
25.14.1. T ...)
+ TODO: check
+CVE-2026-2530 (A weakness has been identified in Wavlink WL-WN579A3 up to
20210219. T ...)
+ TODO: check
+CVE-2026-2529 (A security flaw has been discovered in Wavlink WL-WN579A3 up to
202102 ...)
+ TODO: check
+CVE-2026-2528 (A vulnerability was identified in Wavlink WL-WN579A3 up to
20210219. A ...)
+ TODO: check
+CVE-2026-2527 (A vulnerability was determined in Wavlink WL-WN579A3 up to
20210219. A ...)
+ TODO: check
+CVE-2026-2526 (A vulnerability was found in Wavlink WL-WN579A3 up to 20210219.
This i ...)
+ TODO: check
+CVE-2026-2525 (A vulnerability has been found in Free5GC up to 4.1.0. This
affects an ...)
+ TODO: check
+CVE-2026-2524 (A flaw has been found in Open5GS 2.7.6. The impacted element is
the fu ...)
+ TODO: check
+CVE-2026-2523 (A vulnerability was detected in Open5GS up to 2.7.6. The
affected elem ...)
+ TODO: check
+CVE-2026-2522 (A security vulnerability has been detected in Open5GS up to
2.7.6. Imp ...)
+ TODO: check
+CVE-2026-2521 (A weakness has been identified in Open5GS up to 2.7.6. This
issue affe ...)
+ TODO: check
+CVE-2026-0929 (The RegistrationMagic WordPress plugin before 6.0.7.2 does not
have p ...)
+ TODO: check
CVE-2026-2541 (The Micca KE700 system relies on a 6-bit portion of an
identifier for ...)
NOT-FOR-US: Micca KE700 system
CVE-2026-2540 (The Micca KE700 system contains flawed resynchronization logic
and is ...)
@@ -33148,12 +33194,12 @@ CVE-2025-11778 (Stack-based buffer overflow in
Circutor SGE-PLC1000/SGE-PLC50 v0
CVE-2025-10543 (In Eclipse Paho Go MQTT v3.1 library (paho.mqtt.golang)
versions <=1.5 ...)
NOT-FOR-US: Eclipse Paho Go MQTT
CVE-2025-64460 (An issue was discovered in 5.2 before 5.2.9, 5.1 before
5.1.15, and 4. ...)
- {DSA-6117-1 DLA-4425-1}
+ {DSA-6136-1 DSA-6117-1 DLA-4425-1}
- python-django 3:4.2.27-1 (bug #1121788)
NOTE:
https://www.djangoproject.com/weblog/2025/dec/02/security-releases/
NOTE: Fixed by:
https://github.com/django/django/commit/4d2b8803bebcdefd2b76e9e8fc528d5fddea93f0
(4.2.27)
CVE-2025-13372 (An issue was discovered in 5.2 before 5.2.9, 5.1 before
5.1.15, and 4. ...)
- {DSA-6117-1}
+ {DSA-6136-1 DSA-6117-1}
- python-django 3:4.2.27-1 (bug #1121788)
[bullseye] - python-django <not-affected> (.alias() functionality added
later)
NOTE:
https://www.djangoproject.com/weblog/2025/dec/02/security-releases/
@@ -39968,7 +40014,7 @@ CVE-2025-12725 (Out of bounds read in WebGPU in Google
Chrome on Android prior t
- chromium 142.0.7444.134-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-64459 (An issue was discovered in 5.1 before 5.1.14, 4.2 before
4.2.26, and 5 ...)
- {DSA-6117-1 DLA-4425-1}
+ {DSA-6136-1 DSA-6117-1 DLA-4425-1}
- python-django 3:4.2.26-1 (bug #1120139)
NOTE:
https://www.djangoproject.com/weblog/2025/nov/05/security-releases/
NOTE:
https://github.com/django/django/commit/98e642c69181c942d60a10ca0085d48c6b3068bb
(main)
@@ -52816,12 +52862,12 @@ CVE-2022-50420 (In the Linux kernel, the following
vulnerability has been resolv
- linux 6.1.4-1
NOTE:
https://git.kernel.org/linus/45e6319bd5f2154d8b8c9f1eaa4ac030ba0d330c (6.2-rc1)
CVE-2025-59681 (An issue was discovered in Django 4.2 before 4.2.25, 5.1
before 5.1.13 ...)
- {DSA-6117-1 DLA-4324-1}
+ {DSA-6136-1 DSA-6117-1 DLA-4324-1}
- python-django 3:4.2.25-1 (bug #1116979)
NOTE:
https://www.djangoproject.com/weblog/2025/oct/01/security-releases/
NOTE:
https://github.com/django/django/commit/38d9ef8c7b5cb6ef51b933e51a20e0e0063f33d5
(4.2.25)
CVE-2025-59682 (An issue was discovered in Django 4.2 before 4.2.25, 5.1
before 5.1.13 ...)
- {DSA-6117-1 DLA-4324-1}
+ {DSA-6136-1 DSA-6117-1 DLA-4324-1}
- python-django 3:4.2.25-1 (bug #1116979)
NOTE:
https://www.djangoproject.com/weblog/2025/oct/01/security-releases/
NOTE:
https://github.com/django/django/commit/9504bbaa392c9fe37eee9291f5b4c29eb6037619
(4.2.25)
@@ -64145,7 +64191,7 @@ CVE-2024-13063 (Authorization Bypass Through
User-Controlled Key vulnerability i
CVE-2014-125127 (The mikecao/flight PHP framework in versions prior to v1.2 is
vulnerab ...)
NOT-FOR-US: mikecao/flight
CVE-2025-57833 (An issue was discovered in Django 4.2 before 4.2.24, 5.1
before 5.1.12 ...)
- {DSA-6117-1 DLA-4301-1}
+ {DSA-6136-1 DSA-6117-1 DLA-4301-1}
- python-django 3:4.2.24-1 (bug #1113865)
NOTE:
https://www.djangoproject.com/weblog/2025/sep/03/security-releases/
NOTE:
https://github.com/django/django/commit/31334e6965ad136a5e369993b01721499c5d1a92
(4.2.24)
@@ -91896,7 +91942,7 @@ CVE-2024-13967 (This vulnerability allows the
successful attacker to gain unauth
CVE-2018-25112 (An unauthenticated remote attacker may use an uncontrolled
resource co ...)
NOT-FOR-US: IEC 61131
CVE-2025-48432 (An issue was discovered in Django 5.2 before 5.2.3, 5.1 before
5.1.11, ...)
- {DLA-4210-1}
+ {DSA-6136-1 DLA-4210-1}
- python-django 3:4.2.23-1 (bug #1107282; bug #1107616)
NOTE:
https://www.djangoproject.com/weblog/2025/jun/04/security-releases/
NOTE: Fixed by:
https://github.com/django/django/commit/ac03c5e7df8680c61cdb0d3bdb8be9095dba841e
(4.2.22)
@@ -100354,7 +100400,7 @@ CVE-2020-36791 (In the Linux kernel, the following
vulnerability has been resolv
- linux 5.5.17-1
NOTE:
https://git.kernel.org/linus/0d1c3530e1bd38382edef72591b78e877e0edcd3 (5.6)
CVE-2025-32873 (An issue was discovered in Django 4.2 before 4.2.21, 5.1
before 5.1.9, ...)
- {DLA-4210-1}
+ {DSA-6136-1 DLA-4210-1}
- python-django 3:4.2.21-1 (bug #1104872)
NOTE:
https://www.djangoproject.com/weblog/2025/may/07/security-releases/
NOTE: Fixed by:
https://github.com/django/django/commit/9cd8028f3e38dca8e51c1388f474eecbe7d6ca3c
(4.2.21)
@@ -123810,7 +123856,7 @@ CVE-2024-49570 (In the Linux kernel, the following
vulnerability has been resolv
CVE-2025-26925 (Cross-Site Request Forgery (CSRF) vulnerability in Required
Admin Menu ...)
NOT-FOR-US: WordPress plugin
CVE-2025-26699 (An issue was discovered in Django 5.1 before 5.1.7, 5.0 before
5.0.13, ...)
- {DLA-4086-1}
+ {DSA-6136-1 DLA-4086-1}
- python-django 3:4.2.20-1 (bug #1099682)
NOTE:
https://www.djangoproject.com/weblog/2025/mar/06/security-releases/
NOTE: Fixed by:
https://github.com/django/django/commit/e88f7376fe68dbf4ebaf11fad1513ce700b45860
(4.2.20)
@@ -138613,7 +138659,7 @@ CVE-2024-56841 (A vulnerability has been identified
in Mendix LDAP (All versions
CVE-2024-56497 (An improper neutralization of special elements used in an os
command ( ...)
NOT-FOR-US: FortiGuard
CVE-2024-56374 (An issue was discovered in Django 5.1 before 5.1.5, 5.0 before
5.0.11, ...)
- {DLA-4030-1}
+ {DSA-6136-1 DLA-4030-1}
- python-django 3:4.2.18-1 (bug #1093049)
NOTE:
https://www.djangoproject.com/weblog/2025/jan/14/security-releases/
NOTE: Fixed by:
https://github.com/django/django/commit/ad866a1ca3e7d60da888d25d27e46a8adb2ed36e
(4.2.18)
@@ -150296,7 +150342,7 @@ CVE-2024-53908 (An issue was discovered in Django 5.1
before 5.1.4, 5.0 before 5
NOTE:
https://www.djangoproject.com/weblog/2024/dec/04/security-releases/
NOTE: Fixed by:
https://github.com/django/django/commit/7376bcbf508883282ffcc0f0fac5cf0ed2d6cbc5
(4.2.17)
CVE-2024-53907 (An issue was discovered in Django 5.1 before 5.1.4, 5.0 before
5.0.10, ...)
- {DLA-4006-1}
+ {DSA-6136-1 DLA-4006-1}
- python-django 3:4.2.17-1
NOTE:
https://www.djangoproject.com/weblog/2024/dec/04/security-releases/
NOTE: Fixed by:
https://github.com/django/django/commit/790eb058b0716c536a2f2e8d1c6d5079d776c22b
(4.2.17)
@@ -175573,7 +175619,7 @@ CVE-2024-6232 (There is a MEDIUM severity
vulnerability affecting CPython.
NOTE:
https://github.com/python/cpython/commit/d449caf8a179e3b954268b3a88eb9170be3c8fbf
(v3.11.10)
NOTE:
https://github.com/python/cpython/commit/743acbe872485dc18df4d8ab2dc7895187f062c4
(v3.10.15)
CVE-2024-45231 (An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16.
The dja ...)
- {DLA-4458-1}
+ {DSA-6136-1 DLA-4458-1}
- python-django 3:4.2.16-1
NOTE:
https://www.djangoproject.com/weblog/2024/sep/03/security-releases/
NOTE:
https://github.com/django/django/commit/bf4888d317ba4506d091eeac6e8b4f1fcc731199
(4.2.16)
@@ -182230,12 +182276,12 @@ CVE-2024-7518 (Select options could obscure the
fullscreen notification dialog.
- firefox 129.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-33/#CVE-2024-7518
CVE-2024-42005 (An issue was discovered in Django 5.0 before 5.0.8 and 4.2
before 4.2. ...)
- {DLA-4458-1}
+ {DSA-6136-1 DLA-4458-1}
- python-django 3:4.2.15-1 (bug #1078074)
NOTE:
https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
NOTE:
https://github.com/django/django/commit/f4af67b9b41e0f4c117a8741da3abbd1c869ab28/
(4.2.15)
CVE-2024-41991 (An issue was discovered in Django 5.0 before 5.0.8 and 4.2
before 4.2. ...)
- {DLA-4458-1}
+ {DSA-6136-1 DLA-4458-1}
- python-django 3:4.2.15-1 (bug #1078074)
NOTE:
https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
NOTE:
https://github.com/django/django/commit/efea1ef7e2190e3f77ca0651b5458297bc0f6a9f/
(4.2.15)
@@ -182247,7 +182293,7 @@ CVE-2024-41990 (An issue was discovered in Django 5.0
before 5.0.8 and 4.2 befor
NOTE:
https://github.com/django/django/commit/d0a82e26a74940bf0c78204933c3bdd6a283eb88/
(4.2.15)
NOTE: Patch overlapping with fix for CVE-2024-38875 & CVE-2024-45230.
CVE-2024-41989 (An issue was discovered in Django 5.0 before 5.0.8 and 4.2
before 4.2. ...)
- {DLA-4458-1}
+ {DSA-6136-1 DLA-4458-1}
- python-django 3:4.2.15-1 (bug #1078074)
NOTE:
https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
NOTE:
https://github.com/django/django/commit/fc76660f589ac07e45e9cd34ccb8087aeb11904b/
(4.2.15)
@@ -188849,18 +188895,18 @@ CVE-2024-39881 (Delta Electronics CNCSoft-G2 lacks
proper validation of user-sup
CVE-2024-39880 (Delta Electronics CNCSoft-G2 lacks proper validation of the
length of ...)
NOT-FOR-US: Delta Electronics
CVE-2024-39614 (An issue was discovered in Django 5.0 before 5.0.7 and 4.2
before 4.2. ...)
- {DLA-4458-1}
+ {DSA-6136-1 DLA-4458-1}
- python-django 3:4.2.14-1 (bug #1076069)
NOTE:
https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
NOTE:
https://github.com/django/django/commit/17358fb35fb7217423d4c4877ccb6d1a3a40b1c3
(4.2.14)
NOTE: Relates to CVE-2023-23969 fix
CVE-2024-39330 (An issue was discovered in Django 5.0 before 5.0.7 and 4.2
before 4.2. ...)
- {DLA-4458-1}
+ {DSA-6136-1 DLA-4458-1}
- python-django 3:4.2.14-1 (bug #1076069)
NOTE:
https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
NOTE:
https://github.com/django/django/commit/2b00edc0151a660d1eb86da4059904a0fc4e095e
(4.2.14)
CVE-2024-39329 (An issue was discovered in Django 5.0 before 5.0.7 and 4.2
before 4.2. ...)
- {DLA-4458-1}
+ {DSA-6136-1 DLA-4458-1}
- python-django 3:4.2.14-1 (bug #1076069)
NOTE:
https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
NOTE:
https://github.com/django/django/commit/156d3186c96e3ec2ca73b8b25dc2ef366e38df14
(4.2.14)
@@ -230004,7 +230050,7 @@ CVE-2024-2002 (A double-free vulnerability was found
in libdwarf. In a multiply-
NOTE: https://www.prevanders.net/dwarfbug.html#DW202402-002
NOTE: Fixed by:
https://github.com/davea42/libdwarf-code/commit/404e6b1b14f60c81388d50b4239f81d461b3c3ad
(v0.9.2)
CVE-2024-27351 (In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before
5.0.3, ...)
- {DLA-4210-1}
+ {DSA-6136-1 DLA-4210-1}
- python-django 3:4.2.11-1
[buster] - python-django <no-dsa> (Minor issue)
NOTE:
https://www.djangoproject.com/weblog/2024/mar/04/security-releases/
@@ -237063,7 +237109,7 @@ CVE-2024-1283 (Heap buffer overflow in Skia in Google
Chrome prior to 121.0.6167
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2024-24680 (An issue was discovered in Django 3.2 before 3.2.24, 4.2
before 4.2.10 ...)
- {DLA-4210-1}
+ {DSA-6136-1 DLA-4210-1}
- python-django 3:4.2.10-1
[buster] - python-django <postponed> (Minor issue, fix along in future
update)
NOTE: https://www.openwall.com/lists/oss-security/2024/02/06/2
@@ -261073,7 +261119,7 @@ CVE-2023-43740 (Online Book Store Project v1.0 is
vulnerable to an Insecure File
CVE-2023-43739 (The 'bookisbn' parameter of the cart.php resource does not
validate t ...)
NOT-FOR-US: Online Book Store Project
CVE-2023-43665 (In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before
4.2.6, ...)
- {DLA-4210-1}
+ {DSA-6136-1 DLA-4210-1}
- python-django 3:4.2.6-1 (bug #1053475)
[buster] - python-django <postponed> (Minor issue, fix along in future
update)
NOTE: https://www.openwall.com/lists/oss-security/2023/10/04/6
@@ -264832,7 +264878,7 @@ CVE-2023-32102 (Auth. (contributor+) Stored
Cross-Site Scripting (XSS) vulnerabi
CVE-2023-2813 (All of the above Aapna WordPress theme through 1.3, Anand
WordPress th ...)
NOT-FOR-US: WordPress theme
CVE-2023-41164 (In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before
4.2.5, ...)
- {DLA-4210-1 DLA-3558-1}
+ {DSA-6136-1 DLA-4210-1 DLA-3558-1}
- python-django 3:3.2.21-1 (bug #1051226)
NOTE: https://www.openwall.com/lists/oss-security/2023/09/04/1
NOTE:
https://www.djangoproject.com/weblog/2023/sep/04/security-releases/
@@ -559793,7 +559839,7 @@ CVE-2019-14233 (An issue was discovered in Django
1.11.x before 1.11.23, 2.1.x b
NOTE:
https://github.com/django/django/commit/e34f3c0e9ee5fc9022428fe91640638bafd4cda7
(2.2.x)
NOTE:
https://github.com/django/django/commit/52479acce792ad80bb0f915f20b835f919993c72
(1.11.x)
CVE-2019-14232 (An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x
before ...)
- {DSA-4498-1 DLA-1872-1}
+ {DSA-6136-1 DSA-4498-1 DLA-1872-1}
- python-django 2:2.2.4-1 (bug #934026)
NOTE:
https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
NOTE:
https://github.com/django/django/commit/c3289717c6f21a8cf23daff1c78c0c014b94041f
(2.2.x)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2775a12fb4b81d622fbf08969bfab140e026a281
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2775a12fb4b81d622fbf08969bfab140e026a281
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
