Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
02ae6243 by security tracker role at 2026-02-16T20:13:04+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,131 @@
+CVE-2026-2577 (The WhatsApp bridge component in Nanobot binds the WebSocket
server to ...)
+ TODO: check
+CVE-2026-2567 (A vulnerability was detected in Wavlink WL-NU516U1 20251208.
This vuln ...)
+ TODO: check
+CVE-2026-2566 (A security vulnerability has been detected in Wavlink
WL-NU516U1 up to ...)
+ TODO: check
+CVE-2026-2565 (A weakness has been identified in Wavlink WL-NU516U1 20251208.
Affecte ...)
+ TODO: check
+CVE-2026-2564 (A security flaw has been discovered in Intelbras VIP 3260 Z IA
2.840.0 ...)
+ TODO: check
+CVE-2026-2563 (A vulnerability was identified in JingDong JD Cloud Box AX6600
up to 4 ...)
+ TODO: check
+CVE-2026-2562 (A vulnerability was determined in JingDong JD Cloud Box AX6600
up to 4 ...)
+ TODO: check
+CVE-2026-2561 (A vulnerability was found in JingDong JD Cloud Box AX6600 up to
4.5.1. ...)
+ TODO: check
+CVE-2026-2560 (A vulnerability has been found in kalcaddle kodbox up to
1.64.05. The ...)
+ TODO: check
+CVE-2026-2558 (A flaw has been found in GeekAI up to 4.2.4. The affected
element is t ...)
+ TODO: check
+CVE-2026-2557 (A vulnerability was detected in cskefu up to 8.0.1. Impacted is
the fu ...)
+ TODO: check
+CVE-2026-2556 (A security vulnerability has been detected in cskefu up to
8.0.1. This ...)
+ TODO: check
+CVE-2026-2555 (A weakness has been identified in JeecgBoot 3.9.1. This
vulnerability ...)
+ TODO: check
+CVE-2026-2553 (A security flaw has been discovered in tushar-2223
Hotel-Management-Sy ...)
+ TODO: check
+CVE-2026-2552 (A vulnerability was identified in ZenTao up to 21.7.8. Affected
by thi ...)
+ TODO: check
+CVE-2026-2551 (A vulnerability was determined in ZenTao up to 21.7.8. Affected
by thi ...)
+ TODO: check
+CVE-2026-2550 (A vulnerability was found in EFM iptime A6004MX 14.18.2.
Affected is t ...)
+ TODO: check
+CVE-2026-2549 (A vulnerability has been found in zhanghuanhao LibrarySystem
\u56fe\u4 ...)
+ TODO: check
+CVE-2026-2548 (A flaw has been found in WAYOS FBM-220G 24.10.19. This affects
the fun ...)
+ TODO: check
+CVE-2026-2547 (A vulnerability was detected in LigeroSmart up to 6.1.26. The
impacted ...)
+ TODO: check
+CVE-2026-2546 (A security vulnerability has been detected in LigeroSmart up to
6.1.26 ...)
+ TODO: check
+CVE-2026-2452 (Emails sent by pretix can utilize placeholders that will be
filled wit ...)
+ TODO: check
+CVE-2026-2451 (Emails sent by pretix can utilize placeholders that will be
filled wit ...)
+ TODO: check
+CVE-2026-2447 (Heap buffer overflow in libvpx. This vulnerability affects
Firefox < 1 ...)
+ TODO: check
+CVE-2026-2415 (Emails sent by pretix can utilize placeholders that will be
filled wit ...)
+ TODO: check
+CVE-2026-2101 (A Reflected Cross-site Scripting (XSS) vulnerability affecting
ENOVIAv ...)
+ TODO: check
+CVE-2026-2032 (Malicious scripts that interrupt new tab page loading could
cause desy ...)
+ TODO: check
+CVE-2026-2001 (The WowRevenue plugin for WordPress is vulnerable to
unauthorized plug ...)
+ TODO: check
+CVE-2026-26930 (SmarterTools SmarterMail before 9526 allows XSS via MAPI
requests.)
+ TODO: check
+CVE-2026-1783
+ REJECTED
+CVE-2026-1335 (An Out-Of-Bounds Write vulnerability affecting the EPRT file
reading p ...)
+ TODO: check
+CVE-2026-1334 (An Out-Of-Bounds Read vulnerability affecting the EPRT file
reading pr ...)
+ TODO: check
+CVE-2026-1333 (A Use of Uninitialized Variable vulnerability affecting the
EPRT file ...)
+ TODO: check
+CVE-2026-1046 (Mattermost Desktop App versions <=6.0 6.2.0 5.2.13.0 fail to
validate ...)
+ TODO: check
+CVE-2026-0999 (Mattermost versions 11.1.x <= 11.1.2, 10.11.x <= 10.11.9,
11.2.x <= 11 ...)
+ TODO: check
+CVE-2026-0998 (Mattermost versions 11.1.x <= 11.1.2, 10.11.x <= 10.11.9,
11.2.x <= 11 ...)
+ TODO: check
+CVE-2026-0997 (Mattermost versions 11.1.x <= 11.1.2, 10.11.x <= 10.11.9,
11.2.x <= 11 ...)
+ TODO: check
+CVE-2025-65717 (An issue in Visual Studio Code Extensions Live Server v5.7.9
allows at ...)
+ TODO: check
+CVE-2025-65716 (An issue in Visual Studio Code Extensions Markdown Preview
Enhanced v0 ...)
+ TODO: check
+CVE-2025-65715 (An issue in the code-runner.executorMap setting of Visual
Studio Code ...)
+ TODO: check
+CVE-2025-59905 (Cross-Site Scripting (XSS) vulnerability reflected in
Kubysoft, which ...)
+ TODO: check
+CVE-2025-59904 (Stored Cross-Site Scripting (XSS) vulnerability in Kubysoft,
which is ...)
+ TODO: check
+CVE-2025-59903 (Stored Cross-Site Scripting (XSS) vulnerability in Kubysoft,
where upl ...)
+ TODO: check
+CVE-2025-2418 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in T ...)
+ TODO: check
+CVE-2025-14573 (Mattermost versions 10.11.x <= 10.11.9 fail to enforce invite
permissi ...)
+ TODO: check
+CVE-2025-14350 (Mattermost versions 11.1.x <= 11.1.2, 10.11.x <= 10.11.9,
11.2.x <= 11 ...)
+ TODO: check
+CVE-2025-13821 (Mattermost versions 11.1.x <= 11.1.2, 10.11.x <= 10.11.9,
11.2.x <= 11 ...)
+ TODO: check
+CVE-2019-25395 (Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains
multiple stor ...)
+ TODO: check
+CVE-2019-25394 (Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains
multiple stor ...)
+ TODO: check
+CVE-2019-25393 (Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a
reflected c ...)
+ TODO: check
+CVE-2019-25392 (Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a
reflected c ...)
+ TODO: check
+CVE-2019-25390 (Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains
multiple refl ...)
+ TODO: check
+CVE-2019-25389 (Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a
reflected c ...)
+ TODO: check
+CVE-2019-25388 (Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a
reflected c ...)
+ TODO: check
+CVE-2019-25387 (Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a
reflected c ...)
+ TODO: check
+CVE-2019-25386 (Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains
multiple refl ...)
+ TODO: check
+CVE-2019-25385 (Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a
reflected c ...)
+ TODO: check
+CVE-2019-25384 (Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains
multiple refl ...)
+ TODO: check
+CVE-2019-25383 (Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains
multiple refl ...)
+ TODO: check
+CVE-2019-25382 (Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a
reflected c ...)
+ TODO: check
+CVE-2019-25381 (Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains
multiple refl ...)
+ TODO: check
+CVE-2019-25380 (Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains
multiple refl ...)
+ TODO: check
+CVE-2019-25379 (Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains
stored and re ...)
+ TODO: check
+CVE-2019-25378 (Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains
multiple cros ...)
+ TODO: check
CVE-2026-2050 [ZDI-CAN-28266: New Vulnerability Report at rgbe.c]
- gegl <unfixed>
NOTE: https://gitlab.gnome.org/GNOME/gegl/-/issues/446
@@ -12362,7 +12490,7 @@ CVE-2026-0961 (BLF file parser crash in Wireshark 4.6.0
to 4.6.2 and 4.4.0 to 4.
NOTE: Fixed by:
https://gitlab.com/wireshark/wireshark/-/commit/516ba22c34bd62468c2967ac476146bc03482679
NOTE: Introduced by:
https://gitlab.com/wireshark/wireshark/-/commit/4e8603b60438650fe3329d5a0a0e8ff0bc96b08c
(v4.3.0rc1)
CVE-2026-0960 (HTTP3 protocol dissector infinite loop in Wireshark 4.6.0 to
4.6.2 all ...)
- {DSA-6124-1}
+ {DSA-6124-1 DLA-4479-1}
- wireshark 4.6.3-1 (bug #1125690)
[bookworm] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2026-04.html
@@ -32936,13 +33064,13 @@ CVE-2025-61940 (NMIS/BioDose V22.02 and previous
versions rely on a common SQL S
CVE-2025-55181 (Sending an HTTP request/response body with greater than 2^31
bytes tri ...)
NOT-FOR-US: Meta software not packaged in Debian
CVE-2025-13946 (MEGACO dissector infinite loop in Wireshark 4.6.0 to 4.6.1 and
4.4.0 t ...)
- {DSA-6124-1}
+ {DSA-6124-1 DLA-4479-1}
- wireshark 4.6.2-1
[bookworm] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2025-08.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/20884
CVE-2025-13945 (HTTP3 dissector crash in Wireshark 4.6.0 and 4.6.1 allows
denial of se ...)
- {DSA-6124-1}
+ {DSA-6124-1 DLA-4479-1}
- wireshark 4.6.2-1
[bookworm] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2025-07.html
@@ -35424,7 +35552,7 @@ CVE-2025-36072 (IBM webMethods Integration 10.11
through 10.11_Core_Fix22, 10.15
CVE-2025-25613 (FS Inc S3150-8T2F 8-Port Gigabit Ethernet L2+ Switch, 8 x
Gigabit RJ45 ...)
NOT-FOR-US: FS Inc S3150-8T2F 8-Port Gigabit Ethernet L2+ Switch, 8 x
Gigabit RJ45, with 2 x 1Gb SFP, Fanless
CVE-2025-13499 (Kafka dissector crash in Wireshark 4.6.0 and 4.4.0 to 4.4.10
allows de ...)
- {DSA-6124-1}
+ {DSA-6124-1 DLA-4479-1}
- wireshark 4.6.1-1
[bookworm] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2025-06.html
@@ -48159,7 +48287,7 @@ CVE-2025-31718 (In modem, there is a possible system
crash due to improper input
CVE-2025-31717 (In modem, there is a possible system crash due to improper
input valid ...)
NOT-FOR-US: Unisoc
CVE-2025-11626 (MONGO dissector infinite loop in Wireshark 4.4.0 to 4.4.9 and
4.2.0 to ...)
- {DSA-6124-1}
+ {DSA-6124-1 DLA-4479-1}
- wireshark 4.6.0-1 (bug #1117852)
[bookworm] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2025-04.html
@@ -91864,6 +91992,7 @@ CVE-2025-5603 (A vulnerability has been found in
Campcodes Hospital Management S
CVE-2025-5602 (A vulnerability, which was classified as critical, was found in
Campco ...)
NOT-FOR-US: Campcodes
CVE-2025-5601 (Column handling crashes in Wireshark 4.4.0 to 4.4.6 and 4.2.0
to 4.2.1 ...)
+ {DLA-4479-1}
[experimental] - wireshark 4.4.7-0exp1
- wireshark 4.4.7-1 (bug #1107515)
[bookworm] - wireshark <no-dsa> (Minor issue)
@@ -153477,6 +153606,7 @@ CVE-2024-10034 (The Gallery Blocks with Lightbox.
Image Gallery, (HTML5 video ,
CVE-2024-52067 (Apache NiFi 1.16.0 through 1.28.0 and 2.0.0-M1 through
2.0.0-M4 includ ...)
NOT-FOR-US: Apache NiFi
CVE-2024-11596 (ECMP dissector crash in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to
4.2.8 al ...)
+ {DLA-4479-1}
- wireshark 4.4.2-1
[bookworm] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2024-15.html
@@ -167487,6 +167617,7 @@ CVE-2024-9798 (The health endpoint is public so
everybody can see a list of all
CVE-2024-9796 (The WP-Advanced-Search WordPress plugin before 3.3.9.2 does not
saniti ...)
NOT-FOR-US: WordPress plugin
CVE-2024-9781 (AppleTalk and RELOAD Framing dissector crash in Wireshark 4.4.0
and 4. ...)
+ {DLA-4479-1}
- wireshark 4.4.1-1
[bookworm] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2024-13.html
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/02ae6243affbd64d706cebf5d42076bcfe36ec27
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/02ae6243affbd64d706cebf5d42076bcfe36ec27
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
