[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
75f2661f by security tracker role at 2026-02-02T20:12:54+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,147 @@
+CVE-2026-24071 (It was found that the XPC service offered by the privileged helper of  ...)
+	TODO: check
+CVE-2026-24070 (During the installation of the Native Access application, a privileged ...)
+	TODO: check
+CVE-2026-22229 (A command injection vulnerability may be exploited after the admin's a ...)
+	TODO: check
+CVE-2026-22227 (A command injection vulnerability may be exploited after the admin's a ...)
+	TODO: check
+CVE-2026-22226 (A command injection vulnerability may be exploited after the admin's a ...)
+	TODO: check
+CVE-2026-22225 (A command injection vulnerability may be exploited after the admin's a ...)
+	TODO: check
+CVE-2026-22224 (A command injection vulnerability may be exploited after the admin's a ...)
+	TODO: check
+CVE-2026-22223 (An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(vpn ...)
+	TODO: check
+CVE-2026-22222 (An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(web ...)
+	TODO: check
+CVE-2026-22221 (An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(vpn ...)
+	TODO: check
+CVE-2026-20422 (In Modem, there is a possible system crash due to improper input valid ...)
+	TODO: check
+CVE-2026-20421 (In Modem, there is a possible system crash due to improper input valid ...)
+	TODO: check
+CVE-2026-20420 (In Modem, there is a possible system crash due to incorrect error hand ...)
+	TODO: check
+CVE-2026-20419 (In wlan AP/STA firmware, there is a possible system becoming irrespons ...)
+	TODO: check
+CVE-2026-20418 (In Thread, there is a possible out of bounds write due to a missing bo ...)
+	TODO: check
+CVE-2026-20417 (In pcie, there is a possible out of bounds write due to a missing boun ...)
+	TODO: check
+CVE-2026-20415 (In imgsys, there is a possible memory corruption due to improper locki ...)
+	TODO: check
+CVE-2026-20414 (In imgsys, there is a possible escalation of privilege due to use afte ...)
+	TODO: check
+CVE-2026-20413 (In imgsys, there is a possible out of bounds write due to a missing bo ...)
+	TODO: check
+CVE-2026-20412 (In cameraisp, there is a possible out of bounds write due to a missing ...)
+	TODO: check
+CVE-2026-20411 (In cameraisp, there is a possible escalation of privilege due to use a ...)
+	TODO: check
+CVE-2026-20410 (In imgsys, there is a possible out of bounds write due to a missing bo ...)
+	TODO: check
+CVE-2026-20409 (In imgsys, there is a possible out of bounds write due to a missing bo ...)
+	TODO: check
+CVE-2026-20408 (In wlan, there is a possible out of bounds write due to a heap buffer  ...)
+	TODO: check
+CVE-2026-20407 (In wlan STA driver, there is a possible escalation of privilege due to ...)
+	TODO: check
+CVE-2026-20406 (In Modem, there is a possible system crash due to an uncaught exceptio ...)
+	TODO: check
+CVE-2026-20405 (In Modem, there is a possible system crash due to a missing bounds che ...)
+	TODO: check
+CVE-2026-20404 (In Modem, there is a possible system crash due to improper input valid ...)
+	TODO: check
+CVE-2026-20403 (In Modem, there is a possible system crash due to a missing bounds che ...)
+	TODO: check
+CVE-2026-20402 (In Modem, there is a possible system crash due to improper input valid ...)
+	TODO: check
+CVE-2026-20401 (In Modem, there is a possible system crash due to an uncaught exceptio ...)
+	TODO: check
+CVE-2026-1770 (Improper Control of Dynamically-Managed Code Resources vulnerability i ...)
+	TODO: check
+CVE-2026-1761 (A flaw was found in libsoup. This stack-based buffer overflow vulnerab ...)
+	TODO: check
+CVE-2026-1760 (A flaw was found in SoupServer. This HTTP request smuggling vulnerabil ...)
+	TODO: check
+CVE-2026-1757 (A flaw was identified in the interactive shell of the xmllint utility, ...)
+	TODO: check
+CVE-2026-1751 (A vulnerability has been discovered in GitLab CE/EE affecting all vers ...)
+	TODO: check
+CVE-2026-1703 (When pip is installing and extracting a maliciously crafted wheel arch ...)
+	TODO: check
+CVE-2026-1232 (A medium-severity vulnerability has been identified in BeyondTrust Pri ...)
+	TODO: check
+CVE-2026-1186 (EAP Legislator is vulnerable to Path Traversal in file extraction func ...)
+	TODO: check
+CVE-2026-1117 (A vulnerability in the `lollms_generation_events.py` component of pari ...)
+	TODO: check
+CVE-2026-0921
+	REJECTED
+CVE-2026-0631 (An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(vpn ...)
+	TODO: check
+CVE-2026-0630 (An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(web ...)
+	TODO: check
+CVE-2026-0599 (A vulnerability in huggingface/text-generation-inference version 3.3.6 ...)
+	TODO: check
+CVE-2025-9974 (The unified WEBUI application of the ONT/Beacon device contains an inp ...)
+	TODO: check
+CVE-2025-8587 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2025-7105 (A vulnerability in danny-avila/librechat allows attackers to exploit t ...)
+	TODO: check
+CVE-2025-6208 (The `SimpleDirectoryReader` component in `llama_index.core` version 0. ...)
+	TODO: check
+CVE-2025-47402 (Transient DOS when processing a received frame with an excessively lar ...)
+	TODO: check
+CVE-2025-47399 (Memory Corruption while processing IOCTL call to update sensor propert ...)
+	TODO: check
+CVE-2025-47398 (Memory Corruption while deallocating graphics processing unit memory b ...)
+	TODO: check
+CVE-2025-47397 (Memory Corruption when initiating GPU memory mapping using scatter-gat ...)
+	TODO: check
+CVE-2025-47366 (Cryptographic issue when a Trusted Zone with outdated code is triggere ...)
+	TODO: check
+CVE-2025-47364 (Memory corruption while calculating offset from partition start point.)
+	TODO: check
+CVE-2025-47363 (Memory corruption when calculating oversized partition sizes without p ...)
+	TODO: check
+CVE-2025-47359 (Memory Corruption when multiple threads simultaneously access a memory ...)
+	TODO: check
+CVE-2025-47358 (Memory Corruption when user space address is modified and passed to me ...)
+	TODO: check
+CVE-2025-15395 (IBM Jazz Foundation7.0.3 through7.0.3 iFix019 and7.1.0 through7.1.0 iF ...)
+	TODO: check
+CVE-2025-14914 (IBM WebSphere Application Server Liberty 17.0.0.3 through 26.0.0.1coul ...)
+	TODO: check
+CVE-2025-10279 (In mlflow version 2.20.3, the temporary directory used for creating Py ...)
+	TODO: check
+CVE-2024-5986 (A vulnerability in h2oai/h2o-3 version 3.46.0.1 allows remote attacker ...)
+	TODO: check
+CVE-2024-5386 (In lunary-ai/lunary version 1.2.2, an account hijacking vulnerability  ...)
+	TODO: check
+CVE-2024-54263 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+	TODO: check
+CVE-2024-4147 (In lunary-ai/lunary version 1.2.13, an insufficient granularity of acc ...)
+	TODO: check
+CVE-2024-2356 (A Local File Inclusion (LFI) vulnerability exists in the '/reinstall_e ...)
+	TODO: check
+CVE-2022-50981 (An unauthenticated remote attacker can gain full access on the affecte ...)
+	TODO: check
+CVE-2022-50980 (A unauthenticated adjacent attacker could potentially disrupt operatio ...)
+	TODO: check
+CVE-2022-50979 (An unauthenticated adjacent attacker could potentially disrupt operati ...)
+	TODO: check
+CVE-2022-50978 (An unauthenticated remote attacker could potentially disrupt operation ...)
+	TODO: check
+CVE-2022-50977 (An unauthenticated remote attacker could potentially disrupt operation ...)
+	TODO: check
+CVE-2022-50976 (A local attacker could cause a full device reset by resetting the devi ...)
+	TODO: check
+CVE-2022-50975 (An unauthenticated remote attacker is able to use an existing session  ...)
+	TODO: check
 CVE-2026-25253 (OpenClaw (aka clawdbot or Moltbot) before 2026.1.29 obtains a gatewayU ...)
 	NOT-FOR-US: OpenClaw
 CVE-2026-25202 (The database account and password are hardcoded, allowing login with t ...)
@@ -60,7 +204,7 @@ CVE-2022-50951 (WiFi File Transfer 1.0.8 contains a persistent cross-site script
 	NOT-FOR-US: WiFi File Transfer
 CVE-2022-50950 (Webile 1.0.1 contains a directory traversal vulnerability that allows  ...)
 	NOT-FOR-US: Webile
-CVE-2022-50942 (Inciga Web 2.8.2 contains a client-side cross-site scripting vulnerabi ...)
+CVE-2022-50942 (Incinga Web 2.8.2 contains a client-side cross-site scripting vulnerab ...)
 	- icingaweb2 <undetermined>
 	NOTE: https://www.vulnerability-lab.com/get_content.php?id=2273
 	TODO: check status upstream
@@ -173693,7 +173837,8 @@ CVE-2024-6533 (Directus v10.13.0 allows an authenticated external attacker to ex
 	NOT-FOR-US: Directus
 CVE-2024-43368 (The Trix editor, versions prior to 2.1.4, is vulnerable to XSS when pa ...)
 	NOT-FOR-US: Trix editor
-CVE-2024-43275 (Cross-Site Request Forgery (CSRF) vulnerability in xyzscripts.Com Inse ...)
+CVE-2024-43275
+	REJECTED
 	NOT-FOR-US: Xyzscripts Insert PHP Code Snippet
 CVE-2024-42353 (WebOb provides objects for HTTP requests and responses. When WebOb nor ...)
 	- python-webob 1:1.8.9-1 (bug #1078879)
@@ -192635,7 +192780,8 @@ CVE-2024-34767 (Improper Neutralization of Input During Web Page Generation (XSS
 	NOT-FOR-US: WordPress plugin
 CVE-2024-34766 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2024-34764 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+CVE-2024-34764
+	REJECTED
 	NOT-FOR-US: WordPress plugin
 CVE-2024-34754 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
 	NOT-FOR-US: WordPress plugin



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/75f2661f96b834babe355dd63f9a86b9a4461c53

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/75f2661f96b834babe355dd63f9a86b9a4461c53
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260202/77559082/attachment-0001.htm>