[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Jan 5 20:13:22 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
06ac0151 by security tracker role at 2026-01-05T20:13:12+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,76 +1,250 @@
-CVE-2025-68762 [net: netpoll: initialize work queue before error checks]
+CVE-2026-21635 (An Improper Access Control could allow a malicious actor in Wi-Fi rang ...)
+ TODO: check
+CVE-2026-21634 (A malicious actor with access to the adjacent network could overflow t ...)
+ TODO: check
+CVE-2026-21633 (A malicious actor with access to the adjacent network could obtain una ...)
+ TODO: check
+CVE-2026-0597 (A flaw has been found in Campcodes Supplier Management System 1.0. Aff ...)
+ TODO: check
+CVE-2026-0592 (A security flaw has been discovered in code-projects Online Product Re ...)
+ TODO: check
+CVE-2026-0591 (A vulnerability was identified in code-projects Online Product Reserva ...)
+ TODO: check
+CVE-2026-0590 (A vulnerability was determined in code-projects Online Product Reserva ...)
+ TODO: check
+CVE-2026-0589 (A vulnerability was found in code-projects Online Product Reservation ...)
+ TODO: check
+CVE-2026-0588 (A weakness has been identified in Xinhu Rainrock RockOA up to 2.7.1. A ...)
+ TODO: check
+CVE-2026-0587 (A security flaw has been discovered in Xinhu Rainrock RockOA up to 2.7 ...)
+ TODO: check
+CVE-2026-0586 (A vulnerability was detected in code-projects Online Product Reservati ...)
+ TODO: check
+CVE-2026-0585 (A security vulnerability has been detected in code-projects Online Pro ...)
+ TODO: check
+CVE-2026-0584 (A weakness has been identified in code-projects Online Product Reserva ...)
+ TODO: check
+CVE-2026-0583 (A security flaw has been discovered in code-projects Online Product Re ...)
+ TODO: check
+CVE-2026-0582 (A vulnerability was identified in itsourcecode Society Management Syst ...)
+ TODO: check
+CVE-2026-0581 (A vulnerability was determined in Tenda AC1206 15.03.06.23. Affected b ...)
+ TODO: check
+CVE-2025-69291
+ REJECTED
+CVE-2025-69290
+ REJECTED
+CVE-2025-69087 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-68865 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-68850 (Missing Authorization vulnerability in Codepeople Sell Downloads allow ...)
+ TODO: check
+CVE-2025-68547 (Missing Authorization vulnerability in WPweb Follow My Blog Post allow ...)
+ TODO: check
+CVE-2025-68280 (Improper Restriction of XML External Entity Reference vulnerability in ...)
+ TODO: check
+CVE-2025-68044 (Authorization Bypass Through User-Controlled Key vulnerability in Rust ...)
+ TODO: check
+CVE-2025-68033 (Insertion of Sensitive Information Into Sent Data vulnerability in Bre ...)
+ TODO: check
+CVE-2025-68029 (Insertion of Sensitive Information Into Sent Data vulnerability in WP ...)
+ TODO: check
+CVE-2025-68014 (Insertion of Sensitive Information Into Sent Data vulnerability in Awe ...)
+ TODO: check
+CVE-2025-67427 (A Blind Server-Side Request Forgery (SSRF) vulnerability in evershop 2 ...)
+ TODO: check
+CVE-2025-67419 (A Denial of Service (DoS) vulnerability in evershop 2.1.0 and prior al ...)
+ TODO: check
+CVE-2025-67397 (An issue in Passy v.1.6.3 allows a remote authenticated attacker to ex ...)
+ TODO: check
+CVE-2025-67316 (An issue in realme Internet browser v.45.13.4.1 allows a remote attack ...)
+ TODO: check
+CVE-2025-67315 (Cross Site Request Forgery vulnerability in Employee Leave Management ...)
+ TODO: check
+CVE-2025-67303 (An issue in ComfyUI-Manager prior to version 3.38 allowed remote attac ...)
+ TODO: check
+CVE-2025-66518 (Any client who can access to Apache Kyuubi Server via Kyuubi frontend ...)
+ TODO: check
+CVE-2025-66376 (Zimbra Collaboration (ZCS) 10 before 10.0.18 and 10.1 before 10.1.13 a ...)
+ TODO: check
+CVE-2025-65922 (PLANKA 2.0.0 lacks X-Frame-Options and CSP frame-ancestors headers, al ...)
+ TODO: check
+CVE-2025-65328 (Mega-Fence (webgate-lib.*) 25.1.914 and prior trusts the first value o ...)
+ TODO: check
+CVE-2025-64421 (Coolify is an open-source and self-hostable tool for managing servers, ...)
+ TODO: check
+CVE-2025-64420 (Coolify is an open-source and self-hostable tool for managing servers, ...)
+ TODO: check
+CVE-2025-64419 (Coolify is an open-source and self-hostable tool for managing servers, ...)
+ TODO: check
+CVE-2025-61781 (OpenCTI is an open source platform for managing cyber threat intellige ...)
+ TODO: check
+CVE-2025-5965 (In the backup parameters, a user with high privilege is able to concat ...)
+ TODO: check
+CVE-2025-59955 (Coolify is an open-source and self-hostable tool for managing servers, ...)
+ TODO: check
+CVE-2025-59467 (A Cross-Site Scripting (XSS) vulnerability in the UCRM Argentina AFIP ...)
+ TODO: check
+CVE-2025-59158 (Coolify is an open-source and self-hostable tool for managing servers, ...)
+ TODO: check
+CVE-2025-59157 (Coolify is an open-source and self-hostable tool for managing servers, ...)
+ TODO: check
+CVE-2025-59156 (Coolify is an open-source and self-hostable tool for managing servers, ...)
+ TODO: check
+CVE-2025-57836 (An issue was discovered in Samsung Magician 6.3.0 through 8.3.2 on Win ...)
+ TODO: check
+CVE-2025-55204 (muffon is a cross-platform music streaming client for desktop. Version ...)
+ TODO: check
+CVE-2025-53966 (An issue was discovered in Samsung Mobile Processor Exynos 1380, 1480, ...)
+ TODO: check
+CVE-2025-53344 (Cross-Site Request Forgery (CSRF) vulnerability in ThimPress Thim Core ...)
+ TODO: check
+CVE-2025-52519 (An issue was discovered in the Camera in Samsung Mobile Processor and ...)
+ TODO: check
+CVE-2025-52517 (An issue was discovered in the Camera in Samsung Mobile Processor and ...)
+ TODO: check
+CVE-2025-52516 (An issue was discovered in the Camera in Samsung Mobile Processor and ...)
+ TODO: check
+CVE-2025-52515 (An issue was discovered in the Camera in Samsung Mobile Processor and ...)
+ TODO: check
+CVE-2025-49495 (An issue was discovered in the WiFi driver in Samsung Mobile Processor ...)
+ TODO: check
+CVE-2025-46255 (Missing Authorization vulnerability in Marketing Fire LLC LoginWP - Pr ...)
+ TODO: check
+CVE-2025-43706 (An issue was discovered in L2 in Samsung Mobile Processor, Wearable Pr ...)
+ TODO: check
+CVE-2025-39561 (Missing Authorization vulnerability in Marketing Fire, LLC LoginWP - P ...)
+ TODO: check
+CVE-2025-39497 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-39484 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-31048 (Unrestricted Upload of File with Dangerous Type vulnerability in Themi ...)
+ TODO: check
+CVE-2025-31047 (Deserialization of Untrusted Data vulnerability in Themify Themify Edm ...)
+ TODO: check
+CVE-2025-31046 (Missing Authorization vulnerability in WPvibes AnyWhere Elementor Pro ...)
+ TODO: check
+CVE-2025-31044 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-30633 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-27807 (An issue was discovered in Samsung Mobile Processor, Wearable Processo ...)
+ TODO: check
+CVE-2025-15240 (QOCA aim AI Medical Cloud Platform developed by Quanta Computer has an ...)
+ TODO: check
+CVE-2025-15239 (QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a ...)
+ TODO: check
+CVE-2025-15029 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-15026 (Missing Authentication for Critical Function vulnerability in Centreon ...)
+ TODO: check
+CVE-2025-14346 (WHILL Model C2 Electric Wheelchairs and Model F Power Chairs do not en ...)
+ TODO: check
+CVE-2025-13056 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2025-12519 (Missing Authorization vulnerability in Centreon Infra Monitoring (Admi ...)
+ TODO: check
+CVE-2025-12513 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2025-12511 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2025-10933 (An integer underflow vulnerability in the Silicon Labs Z-Wave Protocol ...)
+ TODO: check
+CVE-2024-56825
+ REJECTED
+CVE-2024-56809
+ REJECTED
+CVE-2024-53735 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-30516 (Improper Validation of Specified Quantity in Input vulnerability in Sa ...)
+ TODO: check
+CVE-2024-30461 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-23511 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2023-52212 (Cross-Site Request Forgery (CSRF) vulnerability in Automattic WP Job M ...)
+ TODO: check
+CVE-2023-51513 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2023-50897 (Unrestricted Upload of File with Dangerous Type vulnerability in Meow ...)
+ TODO: check
+CVE-2023-49186 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2025-68762 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.17.13-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/e5235eb6cfe02a51256013a78f7b28779a7740d5 (6.19-rc1)
-CVE-2025-68761 [hfs: fix potential use after free in hfs_correct_next_unused_CNID()]
+CVE-2025-68761 (In the Linux kernel, the following vulnerability has been resolved: h ...)
- linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/c105e76bb17cf4b55fe89c6ad4f6a0e3972b5b08 (6.19-rc1)
-CVE-2025-68760 [iommu/amd: Fix potential out-of-bounds read in iommu_mmio_show]
+CVE-2025-68760 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.17.13-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/a0c7005333f9a968abb058b1d77bbcd7fb7fd1e7 (6.19-rc1)
-CVE-2025-68754 [rtc: amlogic-a4: fix double free caused by devm]
+CVE-2025-68754 (In the Linux kernel, the following vulnerability has been resolved: r ...)
- linux 6.17.13-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/384150d7a5b60c1086790a8ee07b0629f906cca2 (6.19-rc1)
-CVE-2025-68752 [iavf: Implement settime64 with -EOPNOTSUPP]
+CVE-2025-68752 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.17.13-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/1e43ebcd5152b3e681a334cc6542fb21770c3a2e (6.19-rc1)
-CVE-2025-68766 [irqchip/mchp-eic: Fix error code in mchp_eic_domain_alloc()]
+CVE-2025-68766 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.17.13-1
[trixie] - linux 6.12.63-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/7dbc0d40d8347bd9de55c904f59ea44bcc8dedb7 (6.19-rc1)
-CVE-2025-68765 [mt76: mt7615: Fix memory leak in mt7615_mcu_wtbl_sta_add()]
+CVE-2025-68765 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.17.13-1
[trixie] - linux 6.12.63-1
NOTE: https://git.kernel.org/linus/53d1548612670aa8b5d89745116cc33d9d172863 (6.19-rc1)
-CVE-2025-68764 [NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags]
+CVE-2025-68764 (In the Linux kernel, the following vulnerability has been resolved: N ...)
- linux 6.17.13-1
[trixie] - linux 6.12.63-1
NOTE: https://git.kernel.org/linus/8675c69816e4276b979ff475ee5fac4688f80125 (6.19-rc1)
-CVE-2025-68763 [crypto: starfive - Correctly handle return of sg_nents_for_len]
+CVE-2025-68763 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux 6.17.13-1
[trixie] - linux 6.12.63-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/e9eb52037a529fbb307c290e9951a62dd728b03d (6.19-rc1)
-CVE-2025-68759 [wifi: rtl818x: Fix potential memory leaks in rtl8180_init_rx_ring()]
+CVE-2025-68759 (In the Linux kernel, the following vulnerability has been resolved: w ...)
- linux 6.17.13-1
[trixie] - linux 6.12.63-1
NOTE: https://git.kernel.org/linus/9b5b9c042b30befc5b37e4539ace95af70843473 (6.19-rc1)
-CVE-2025-68758 [backlight: led-bl: Add devlink to supplier LEDs]
+CVE-2025-68758 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.17.13-1
[trixie] - linux 6.12.63-1
NOTE: https://git.kernel.org/linus/9341d6698f4cfdfc374fb6944158d111ebe16a9d (6.19-rc1)
-CVE-2025-68757 [drm/vgem-fence: Fix potential deadlock on release]
+CVE-2025-68757 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.17.13-1
[trixie] - linux 6.12.63-1
NOTE: https://git.kernel.org/linus/78b4d6463e9e69e5103f98b367f8984ad12cdc6f (6.19-rc1)
-CVE-2025-68756 [block: Use RCU in blk_mq_[un]quiesce_tagset() instead of set->tag_list_lock]
+CVE-2025-68756 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.17.13-1
[trixie] - linux 6.12.63-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/59e25ef2b413c72da6686d431e7759302cfccafa (6.19-rc1)
-CVE-2025-68755 [staging: most: remove broken i2c driver]
+CVE-2025-68755 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.17.13-1
NOTE: https://git.kernel.org/linus/495df2da6944477d282d5cc0c13174d06e25b310 (6.19-rc1)
-CVE-2025-68753 [ALSA: firewire-motu: add bounds check in put_user loop for DSP events]
+CVE-2025-68753 (In the Linux kernel, the following vulnerability has been resolved: A ...)
- linux 6.17.13-1
[trixie] - linux 6.12.63-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/298e753880b6ea99ac30df34959a7a03b0878eed (6.19-rc1)
-CVE-2025-68751 [s390/fpu: Fix false-positive kmsan report in fpu_vstl()]
+CVE-2025-68751 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.17.13-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -2133,6 +2307,7 @@ CVE-2020-36903 (Selea CarPlateServer 4.0.1.6 contains an unquoted service path v
CVE-2019-25262 (A security vulnerability has been detected in elinicksic Razgover up t ...)
NOT-FOR-US: elinicksic Razgover
CVE-2025-69277 (libsodium before ad3004e, in atypical use cases involving certain cust ...)
+ {DSA-6094-1}
- libsodium 1.0.18-2 (bug #1124374)
NOTE: https://00f.net/2025/12/30/libsodium-vulnerability/
NOTE: Fixed by: https://github.com/jedisct1/libsodium/commit/ad3004ec8731730e93fcfbbc824e67eadc1c1bae
@@ -2144,7 +2319,7 @@ CVE-2025-68131 (cbor2 provides encoding and decoding for the Concise Binary Obje
NOTE: https://github.com/agronholm/cbor2/pull/268
NOTE: Fixed by: https://github.com/agronholm/cbor2/commit/fb4ee1612a8a1ac0dbd8cf2f2f6f931a4e06d824 (5.8.0)
NOTE: Debian builds src:cbor2 with CBOR2_BUILD_C_EXTENSION=0 (not building C extensions)
-CVE-2025-66723 (inMusic Brands Engine DJ 4.3.0 suffers from Insecure Permissions due t ...)
+CVE-2025-66723 (inMusic Brands Engine DJ before 4.3.4 suffers from Insecure Permission ...)
NOT-FOR-US: inMusic Brands Engine DJ
CVE-2025-62753 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
NOT-FOR-US: WordPress plugin or theme
@@ -184677,7 +184852,7 @@ CVE-2024-5195 (A vulnerability was found in Arris VAP2500 08.50. It has been rat
NOT-FOR-US: Arris VAP2500
CVE-2024-5194 (A vulnerability was found in Arris VAP2500 08.50. It has been declared ...)
NOT-FOR-US: Arris VAP2500
-CVE-2024-5193 (A vulnerability was found in Ritlabs TinyWeb Server 1.94. It has been ...)
+CVE-2024-5193 (A security vulnerability has been detected in Ritlabs TinyWeb Server 1 ...)
NOT-FOR-US: Ritlabs TinyWeb Server
CVE-2024-5166 (An Insecure Direct Object Reference in Google Cloud's Looker allowed m ...)
NOT-FOR-US: Google Cloud Looker
@@ -240172,7 +240347,7 @@ CVE-2023-38276 (IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensit
CVE-2023-38275 (IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive in ...)
NOT-FOR-US: IBM
CVE-2023-5349 (A memory leak flaw was found in ruby-magick, an interface between Ruby ...)
- {DLA-3625-1}
+ {DLA-4433-1 DLA-3625-1}
- ruby-rmagick 5.3.0-1
[bookworm] - ruby-rmagick <no-dsa> (Minor issue)
NOTE: https://github.com/rmagick/rmagick/pull/1406
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/06ac0151908327b9e3d8db3d390cdc984ef41133
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/06ac0151908327b9e3d8db3d390cdc984ef41133
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260105/586ba7b8/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list