[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Jan 6 20:13:25 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a7e28aa7 by security tracker role at 2026-01-06T20:13:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,167 @@
+CVE-2026-21494 (iccDEV provides a set of libraries and tools that allow for the intera ...)
+	TODO: check
+CVE-2026-21493 (iccDEV provides a set of libraries and tools for working with ICC colo ...)
+	TODO: check
+CVE-2026-21491 (iccDEV provides a set of libraries and tools that allow for the intera ...)
+	TODO: check
+CVE-2026-21490 (iccDEV provides a set of libraries and tools that allow for the intera ...)
+	TODO: check
+CVE-2026-21489 (iccDEV provides a set of libraries and tools for working with ICC colo ...)
+	TODO: check
+CVE-2026-21488 (iccDEV provides a set of libraries and tools for working with ICC colo ...)
+	TODO: check
+CVE-2026-0641 (A security vulnerability has been detected in TOTOLINK WA300 5.2cu.711 ...)
+	TODO: check
+CVE-2026-0640 (A weakness has been identified in Tenda AC23 16.03.07.52. This affects ...)
+	TODO: check
+CVE-2025-9637 (The Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey Maker plu ...)
+	TODO: check
+CVE-2025-9318 (The Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey Maker plu ...)
+	TODO: check
+CVE-2025-9294 (The Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey Maker plu ...)
+	TODO: check
+CVE-2025-7048 (On affected platforms running Arista EOS with MACsec configuration, a  ...)
+	TODO: check
+CVE-2025-69364 (Missing Authorization vulnerability in Cloudways Breeze breeze allows  ...)
+	TODO: check
+CVE-2025-69363 (Missing Authorization vulnerability in CyberChimps Responsive Addons f ...)
+	TODO: check
+CVE-2025-69362 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-69361 (Missing Authorization vulnerability in PublishPress Post Expirator pos ...)
+	TODO: check
+CVE-2025-69360 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-69359 (Missing Authorization vulnerability in WPFunnels Creator LMS creatorlm ...)
+	TODO: check
+CVE-2025-69357 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-69356 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+	TODO: check
+CVE-2025-69355 (Missing Authorization vulnerability in Tickera Tickera tickera-event-t ...)
+	TODO: check
+CVE-2025-69354 (Missing Authorization vulnerability in BBR Plugins Better Business Rev ...)
+	TODO: check
+CVE-2025-69353 (Missing Authorization vulnerability in Proxy & VPN Blocker Proxy & ...)
+	TODO: check
+CVE-2025-69352 (Missing Authorization vulnerability in StellarWP The Events Calendar t ...)
+	TODO: check
+CVE-2025-69351 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2025-69350 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-69349 (Missing Authorization vulnerability in Fahad Mahmood RSS Feed Widget r ...)
+	TODO: check
+CVE-2025-69348 (Missing Authorization vulnerability in CoolHappy The Events Calendar C ...)
+	TODO: check
+CVE-2025-69346 (Missing Authorization vulnerability in WPCenter AffiliateX affiliatex  ...)
+	TODO: check
+CVE-2025-69345 (Missing Authorization vulnerability in BoldGrid Post and Page Builder  ...)
+	TODO: check
+CVE-2025-69342 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+	TODO: check
+CVE-2025-69341 (Missing Authorization vulnerability in BuddhaThemes WeDesignTech Ultim ...)
+	TODO: check
+CVE-2025-69336 (Missing Authorization vulnerability in bdthemes Ultimate Store Kit Ele ...)
+	TODO: check
+CVE-2025-69335 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-69334 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-69331 (Missing Authorization vulnerability in Jeroen Schmit Theater for WordP ...)
+	TODO: check
+CVE-2025-69327 (Missing Authorization vulnerability in magepeopleteam Car Rental Manag ...)
+	TODO: check
+CVE-2025-69086 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+	TODO: check
+CVE-2025-69085 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-69084 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-69083 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+	TODO: check
+CVE-2025-65212 (An issue was discovered in NJHYST HY511 POE core before 2.1 and plugin ...)
+	TODO: check
+CVE-2025-63083 (Lack of output escaping leads to a XSS vector in the pagebreak plugin.)
+	TODO: check
+CVE-2025-63082 (Lack of input filtering leads to an XSS vector in the HTML filter code ...)
+	TODO: check
+CVE-2025-60534 (Blue Access Cobalt v02.000.195 suffers from an authentication bypass v ...)
+	TODO: check
+CVE-2025-60262 (An issue in H3C M102G HM1A0V200R010 wireless controller and BA1500L SW ...)
+	TODO: check
+CVE-2025-5919 (The Appointment Booking and Scheduling Calendar Plugin \u2013 WP Timet ...)
+	TODO: check
+CVE-2025-59379 (DwyerOmega Isensix Advanced Remote Monitoring System (ARMS) 1.5.7 allo ...)
+	TODO: check
+CVE-2025-47553 (Deserialization of Untrusted Data vulnerability in Digital zoom studio ...)
+	TODO: check
+CVE-2025-46696 (Dell Secure Connect Gateway (SCG) 5.0 Appliance and Application, versi ...)
+	TODO: check
+CVE-2025-39477 (Missing Authorization vulnerability in Sfwebservice InWave Jobs allows ...)
+	TODO: check
+CVE-2025-36589 (Dell Unisphere for PowerMax, version(s) 9.2.4.x, contain(s) an Imprope ...)
+	TODO: check
+CVE-2025-32304 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+	TODO: check
+CVE-2025-15382 (A heap buffer over-read vulnerability exists in the wolfSSH_CleanPath( ...)
+	TODO: check
+CVE-2025-14979 (AirVPN Eddie on MacOS contains an insecure XPC service that allows loc ...)
+	TODO: check
+CVE-2025-14942 (wolfSSH\u2019s key exchange state machine can be manipulated to leak t ...)
+	TODO: check
+CVE-2025-14552 (The MediaPress plugin for WordPress is vulnerable to Stored Cross-Site ...)
+	TODO: check
+CVE-2025-14026 (Forcepoint One DLP Client, version 23.04.5642 (and possibly newer vers ...)
+	TODO: check
+CVE-2025-13964 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vul ...)
+	TODO: check
+CVE-2025-13766 (The MasterStudy LMS WordPress Plugin \u2013 for Online Courses and Edu ...)
+	TODO: check
+CVE-2024-31088 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-30547 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2023-5069
+	REJECTED
+CVE-2020-36925 (Arteco Web Client DVR/NVR contains a session hijacking vulnerability w ...)
+	TODO: check
+CVE-2020-36924 (Sony BRAVIA Digital Signage 1.7.8 contains a remote file inclusion vul ...)
+	TODO: check
+CVE-2020-36923 (Sony BRAVIA Digital Signage 1.7.8 contains an insecure direct object r ...)
+	TODO: check
+CVE-2020-36922 (Sony BRAVIA Digital Signage 1.7.8 contains an information disclosure v ...)
+	TODO: check
+CVE-2020-36921 (RED-V Super Digital Signage System 5.1.1 contains an information discl ...)
+	TODO: check
+CVE-2020-36920 (iDS6 DSSPro Digital Signage System 6.2 contains an improper access con ...)
+	TODO: check
+CVE-2020-36918 (iDS6 DSSPro Digital Signage System 6.2 contains a cross-site request f ...)
+	TODO: check
+CVE-2020-36917 (iDS6 DSSPro Digital Signage System 6.2 contains a sensitive informatio ...)
+	TODO: check
+CVE-2020-36916 (TDM Digital Signage PC Player 4.1.0.4 contains an elevation of privile ...)
+	TODO: check
+CVE-2020-36915 (Adtec Digital SignEdje Digital Signage Player v2.08.28 contains multip ...)
+	TODO: check
+CVE-2020-36914 (QiHang Media Web Digital Signage 3.0.9 contains a sensitive informatio ...)
+	TODO: check
+CVE-2020-36913 (All-Dynamics Software enlogic:show 2.0.2 contains a session fixation v ...)
+	TODO: check
+CVE-2020-36912 (Plexus anblick Digital Signage Management 3.1.13 contains an open redi ...)
+	TODO: check
+CVE-2020-36910 (Cayin Signage Media Player 3.0 contains an authenticated remote comman ...)
+	TODO: check
+CVE-2020-36909 (SnapGear Management Console SG560 3.1.5 contains a file manipulation v ...)
+	TODO: check
+CVE-2020-36908 (SnapGear Management Console SG560 version 3.1.5 contains a cross-site  ...)
+	TODO: check
+CVE-2020-36907 (Aerohive HiveOS contains a denial of service vulnerability in the NetC ...)
+	TODO: check
+CVE-2020-36906 (P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery v ...)
+	TODO: check
+CVE-2020-36905 (FIBARO System Home Center 5.021 contains a remote file inclusion vulne ...)
+	TODO: check
 CVE-2026-21750
 	REJECTED
 CVE-2026-21749
@@ -15851,6 +16015,7 @@ CVE-2025-65346 (alexusmai laravel-file-manager 3.3.1 and below is vulnerable to
 CVE-2025-63681 (open-webui v0.6.33 is vulnerable to Incorrect Access Control. The API  ...)
 	NOT-FOR-US: open-webui
 CVE-2025-63499 (Alinto Sogo 5.12.3 is vulnerable to Cross Site Scripting (XSS) via the ...)
+	{DLA-4434-1}
 	- sogo 5.12.4-1.2 (bug #1121952)
 	[trixie] - sogo <no-dsa> (Minor issue, can be fixed via point release)
 	[bookworm] - sogo <no-dsa> (Minor issue, can be fixed via point release)
@@ -193566,6 +193731,7 @@ CVE-2024-34468 (Rukovoditel before 3.5.3 allows XSS via user_photo to My Page.)
 CVE-2024-34467 (ThinkPHP 8.0.3 allows remote attackers to exploit XSS due to inadequat ...)
 	NOT-FOR-US: ThinkPHP
 CVE-2024-34462 (Alinto SOGo through 5.10.0 allows XSS during attachment preview.)
+	{DLA-4434-1}
 	- sogo 5.11.0-1 (bug #1071163)
 	[bookworm] - sogo <no-dsa> (Minor issue)
 	[buster] - sogo <postponed> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a7e28aa7160d58fa1fcefce7af1e4cfd32f50f3c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a7e28aa7160d58fa1fcefce7af1e4cfd32f50f3c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260106/06a9eb67/attachment.htm>

More information about the debian-security-tracker-commits mailing list