[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Jan 6 08:13:24 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9f762208 by security tracker role at 2026-01-06T08:13:10+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,37 +1,217 @@
-CVE-2025-69225
+CVE-2026-21750
+	REJECTED
+CVE-2026-21749
+	REJECTED
+CVE-2026-21748
+	REJECTED
+CVE-2026-21747
+	REJECTED
+CVE-2026-21746
+	REJECTED
+CVE-2026-21745
+	REJECTED
+CVE-2026-21744
+	REJECTED
+CVE-2026-21677 (iccDEV provides a set of libraries and tools for working with ICC colo ...)
+	TODO: check
+CVE-2026-21676 (iccDEV provides a set of libraries and tools for working with ICC colo ...)
+	TODO: check
+CVE-2026-21675 (iccDEV provides a set of libraries and tools for working with ICC colo ...)
+	TODO: check
+CVE-2026-21674 (iccDEV provides a set of libraries and tools for working with ICC colo ...)
+	TODO: check
+CVE-2026-21673 (iccDEV provides a set of libraries and tools for working with ICC colo ...)
+	TODO: check
+CVE-2026-21507 (iccDEV provides a set of libraries and tools for working with ICC colo ...)
+	TODO: check
+CVE-2026-21487 (iccDEV provides a set of libraries and tools for working with ICC colo ...)
+	TODO: check
+CVE-2026-21486 (iccDEV provides a set of libraries and tools for working with ICC colo ...)
+	TODO: check
+CVE-2026-21485 (iccDEV provides a set of libraries and tools for working with ICC colo ...)
+	TODO: check
+CVE-2026-21439 (badkeys is a tool and library for checking cryptographic public keys f ...)
+	TODO: check
+CVE-2026-21411 (Authentication bypass issue exists in OpenBlocks series versions prior ...)
+	TODO: check
+CVE-2026-0625 (Multiple D-Link DSL gateway devices contain a command injection vulner ...)
+	TODO: check
+CVE-2026-0621 (Anthropic's MCP TypeScript SDK versions up to and including 1.25.1 con ...)
+	TODO: check
+CVE-2026-0607 (A flaw has been found in code-projects Online Music Site 1.0. This aff ...)
+	TODO: check
+CVE-2026-0606 (A vulnerability was detected in code-projects Online Music Site 1.0. A ...)
+	TODO: check
+CVE-2026-0605 (A security vulnerability has been detected in code-projects Online Mus ...)
+	TODO: check
+CVE-2026-0604 (The FastDup \u2013 Fastest WordPress Migration & Duplicator plugin for ...)
+	TODO: check
+CVE-2025-69197 (Pterodactyl is a free, open-source game server management panel. Versi ...)
+	TODO: check
+CVE-2025-68954 (Pterodactyl is a free, open-source game server management panel. Versi ...)
+	TODO: check
+CVE-2025-68953 (Frappe is a full-stack web application framework. Versions 14.99.5 and ...)
+	TODO: check
+CVE-2025-68456 (Craft is a platform for creating digital experiences. In versions 5.0. ...)
+	TODO: check
+CVE-2025-68455 (Craft is a platform for creating digital experiences. Versions 5.0.0-R ...)
+	TODO: check
+CVE-2025-68454 (Craft is a platform for creating digital experiences. Versions 5.0.0-R ...)
+	TODO: check
+CVE-2025-68437 (Craft is a platform for creating digital experiences. In versions 5.0. ...)
+	TODO: check
+CVE-2025-68436 (Craft is a platform for creating digital experiences. In versions 5.0. ...)
+	TODO: check
+CVE-2025-68428 (jsPDF is a library to generate PDFs in JavaScript. Prior to version 4. ...)
+	TODO: check
+CVE-2025-67732 (Dify is an open-source LLM app development platform. Prior to version  ...)
+	TODO: check
+CVE-2025-66648 (vega-functions provides function implementations for the Vega expressi ...)
+	TODO: check
+CVE-2025-65110 (Vega is a visualization grammar, a declarative format for creating, sa ...)
+	TODO: check
+CVE-2025-64425 (Coolify is an open-source and self-hostable tool for managing servers, ...)
+	TODO: check
+CVE-2025-64424 (Coolify is an open-source and self-hostable tool for managing servers, ...)
+	TODO: check
+CVE-2025-64423 (Coolify is an open-source and self-hostable tool for managing servers, ...)
+	TODO: check
+CVE-2025-64422 (Coolify is an open-source and self-hostable tool for managing servers, ...)
+	TODO: check
+CVE-2025-61916 (Spinnaker is an open source, multi-cloud continuous delivery platform. ...)
+	TODO: check
+CVE-2025-4776 (The Phlox theme for WordPress is vulnerable to Stored Cross-Site Scrip ...)
+	TODO: check
+CVE-2025-20807 (In dpe, there is a possible out of bounds write due to an integer over ...)
+	TODO: check
+CVE-2025-20806 (In dpe, there is a possible memory corruption due to use after free. T ...)
+	TODO: check
+CVE-2025-20805 (In dpe, there is a possible memory corruption due to use after free. T ...)
+	TODO: check
+CVE-2025-20804 (In dpe, there is a possible memory corruption due to use after free. T ...)
+	TODO: check
+CVE-2025-20803 (In dpe, there is a possible memory corruption due to an integer overfl ...)
+	TODO: check
+CVE-2025-20802 (In geniezone, there is a possible memory corruption due to use after f ...)
+	TODO: check
+CVE-2025-20801 (In seninf, there is a possible memory corruption due to a race conditi ...)
+	TODO: check
+CVE-2025-20800 (In mminfra, there is a possible out of bounds write due to a missing b ...)
+	TODO: check
+CVE-2025-20799 (In c2ps, there is a possible memory corruption due to use after free.  ...)
+	TODO: check
+CVE-2025-20798 (In battery, there is a possible out of bounds write due to a missing b ...)
+	TODO: check
+CVE-2025-20797 (In battery, there is a possible out of bounds write due to a missing b ...)
+	TODO: check
+CVE-2025-20796 (In imgsys, there is a possible out of bounds write due to improper inp ...)
+	TODO: check
+CVE-2025-20795 (In KeyInstall, there is a possible out of bounds write due to a missin ...)
+	TODO: check
+CVE-2025-20794 (In Modem, there is a possible system crash due to improper input valid ...)
+	TODO: check
+CVE-2025-20793 (In Modem, there is a possible system crash due to incorrect error hand ...)
+	TODO: check
+CVE-2025-20787 (In display, there is a possible memory corruption due to use after fre ...)
+	TODO: check
+CVE-2025-20786 (In display, there is a possible memory corruption due to use after fre ...)
+	TODO: check
+CVE-2025-20785 (In display, there is a possible memory corruption due to use after fre ...)
+	TODO: check
+CVE-2025-20784 (In display, there is a possible memory corruption due to uninitialized ...)
+	TODO: check
+CVE-2025-20783 (In display, there is a possible out of bounds write due to a missing b ...)
+	TODO: check
+CVE-2025-20782 (In display, there is a possible out of bounds write due to a missing b ...)
+	TODO: check
+CVE-2025-20781 (In display, there is a possible memory corruption due to use after fre ...)
+	TODO: check
+CVE-2025-20780 (In display, there is a possible memory corruption due to use after fre ...)
+	TODO: check
+CVE-2025-20779 (In display, there is a possible use after free due to a race condition ...)
+	TODO: check
+CVE-2025-20778 (In display, there is a possible out of bounds write due to a missing b ...)
+	TODO: check
+CVE-2025-20762 (In Modem, there is a possible system crash due to incorrect error hand ...)
+	TODO: check
+CVE-2025-20761 (In Modem, there is a possible system crash due to incorrect error hand ...)
+	TODO: check
+CVE-2025-20760 (In Modem, there is a possible read of uninitialized heap data due to a ...)
+	TODO: check
+CVE-2025-15385 (Insufficient Verification of Data Authenticity vulnerability in TECNO  ...)
+	TODO: check
+CVE-2025-15364 (The Download Manager plugin for WordPress is vulnerable to privilege e ...)
+	TODO: check
+CVE-2025-15001 (The FS Registration Password plugin for WordPress is vulnerable to pri ...)
+	TODO: check
+CVE-2025-14997 (The BuddyPress Xprofile Custom Field Types plugin for WordPress is vul ...)
+	TODO: check
+CVE-2025-14996 (The AS Password Field In Default Registration Form plugin for WordPres ...)
+	TODO: check
+CVE-2025-14441 (The Popupkit plugin for WordPress is vulnerable to arbitrary subscribe ...)
+	TODO: check
+CVE-2025-14438 (The Xagio SEO \u2013 AI Powered SEO plugin for WordPress is vulnerable ...)
+	TODO: check
+CVE-2025-14371 (The Tag, Category, and Taxonomy Manager \u2013 AI Autotagger with Open ...)
+	TODO: check
+CVE-2025-14153 (The Page Expire Popup/Redirection for WordPress plugin for WordPress i ...)
+	TODO: check
+CVE-2025-14120 (The URL Image Importer plugin for WordPress is vulnerable to Stored Cr ...)
+	TODO: check
+CVE-2025-14034 (The ilGhera Support System for WooCommerce plugin for WordPress is vul ...)
+	TODO: check
+CVE-2025-13812 (The GamiPress \u2013 Gamification plugin to reward points, achievement ...)
+	TODO: check
+CVE-2025-13746 (The ForumWP \u2013 Forum & Discussion Board plugin for WordPress is vu ...)
+	TODO: check
+CVE-2025-13652 (The CBX Bookmark & Favorite plugin for WordPress is vulnerable to gene ...)
+	TODO: check
+CVE-2025-13409 (The Form Vibes \u2013 Database Manager for Forms plugin for WordPress  ...)
+	TODO: check
+CVE-2025-13215 (The Shortcodes and extra features for Phlox theme plugin for WordPress ...)
+	TODO: check
+CVE-2025-12793 (An uncontrolled DLL loading path vulnerability exists in AsusSoftwareM ...)
+	TODO: check
+CVE-2025-12067 (The Table Field Add-on for ACF and SCF plugin for WordPress is vulnera ...)
+	TODO: check
+CVE-2025-11723 (The Appointment Booking Calendar \u2014 Simply Schedule Appointments B ...)
+	TODO: check
+CVE-2025-11370 (The Popup and Slider Builder by Depicter \u2013 Add Email collecting P ...)
+	TODO: check
+CVE-2025-69225 (AIOHTTP is an asynchronous HTTP client/server framework for asyncio an ...)
 	- python-aiohttp <unfixed>
 	NOTE: https://github.com/aio-libs/aiohttp/security/advisories/GHSA-mqqc-3gqh-h2x8
 	NOTE: Fixed by: https://github.com/aio-libs/aiohttp/commit/c7b7a044f88c71cefda95ec75cdcfaa4792b3b96 (v3.13.3)
-CVE-2025-69224
+CVE-2025-69224 (AIOHTTP is an asynchronous HTTP client/server framework for asyncio an ...)
 	- python-aiohttp <unfixed>
 	NOTE: https://github.com/aio-libs/aiohttp/security/advisories/GHSA-69f9-5gxw-wvc2
 	NOTE: Fixed by: https://github.com/aio-libs/aiohttp/commit/32677f2adfd907420c078dda6b79225c6f4ebce0 (v3.13.3)
-CVE-2025-69226
+CVE-2025-69226 (AIOHTTP is an asynchronous HTTP client/server framework for asyncio an ...)
 	- python-aiohttp <unfixed>
 	NOTE: https://github.com/aio-libs/aiohttp/security/advisories/GHSA-54jq-c3m8-4m76
 	NOTE: Fixed by: https://github.com/aio-libs/aiohttp/commit/f2a86fd5ac0383000d1715afddfa704413f0711e (v3.13.3)
-CVE-2025-69230
+CVE-2025-69230 (AIOHTTP is an asynchronous HTTP client/server framework for asyncio an ...)
 	- python-aiohttp <unfixed>
 	NOTE: https://github.com/aio-libs/aiohttp/security/advisories/GHSA-fh55-r93g-j68g
 	NOTE: Fixed by: https://github.com/aio-libs/aiohttp/commit/64629a0834f94e46d9881f4e99c41a137e1f3326 (v3.13.3)
-CVE-2025-69229
+CVE-2025-69229 (AIOHTTP is an asynchronous HTTP client/server framework for asyncio an ...)
 	- python-aiohttp <unfixed>
 	NOTE: https://github.com/aio-libs/aiohttp/security/advisories/GHSA-g84x-mcqj-x9qq
 	NOTE: Fixed by: https://github.com/aio-libs/aiohttp/commit/dc3170b56904bdf814228fae70a5501a42a6c712 (v3.13.3)
 	NOTE: Fixed by: https://github.com/aio-libs/aiohttp/commit/4ed97a4e46eaf61bd0f05063245f613469700229 (v3.13.3)
-CVE-2025-69227
+CVE-2025-69227 (AIOHTTP is an asynchronous HTTP client/server framework for asyncio an ...)
 	- python-aiohttp <unfixed>
 	NOTE: https://github.com/aio-libs/aiohttp/security/advisories/GHSA-jj3x-wxrx-4x23
 	NOTE: Fixed by: https://github.com/aio-libs/aiohttp/commit/bc1319ec3cbff9438a758951a30907b072561259 (v3.13.3)
-CVE-2025-69228
+CVE-2025-69228 (AIOHTTP is an asynchronous HTTP client/server framework for asyncio an ...)
 	- python-aiohttp <unfixed>
 	NOTE: https://github.com/aio-libs/aiohttp/security/advisories/GHSA-6jhg-hg63-jvvf
 	NOTE: Fixed by: https://github.com/aio-libs/aiohttp/commit/b7dbd35375aedbcd712cbae8ad513d56d11cce60 (v3.13.3)
-CVE-2025-69223
+CVE-2025-69223 (AIOHTTP is an asynchronous HTTP client/server framework for asyncio an ...)
 	- python-aiohttp <unfixed>
 	NOTE: https://github.com/aio-libs/aiohttp/security/advisories/GHSA-6mq8-rvhq-8wgg
 	NOTE: Fixed by: https://github.com/aio-libs/aiohttp/commit/2b920c39002cee0ec5b402581779bbaaf7c9138a (v3.13.3)
-CVE-2025-15444
+CVE-2025-15444 (Crypt::Sodium::XS module versions prior to0.000042,for Perl, include a ...)
 	NOT-FOR-US: Crypt::Sodium::XS Perl module
 CVE-2026-21635 (An Improper Access Control could allow a malicious actor in Wi-Fi rang ...)
 	NOT-FOR-US: Ubiquiti



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f76220870a39ffb8173efab2db1f8059cc661d3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f76220870a39ffb8173efab2db1f8059cc661d3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260106/f61e0509/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list