[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jan 7 08:13:43 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5dcebb7c by security tracker role at 2026-01-07T08:13:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,165 @@
+CVE-2026-22162
+ REJECTED
+CVE-2026-22161
+ REJECTED
+CVE-2026-22160
+ REJECTED
+CVE-2026-22159
+ REJECTED
+CVE-2026-22158
+ REJECTED
+CVE-2026-22157
+ REJECTED
+CVE-2026-22156
+ REJECTED
+CVE-2026-21492 (iccDEV provides a set of libraries and tools that allow for the intera ...)
+ TODO: check
+CVE-2026-20893 (Origin validation error issue exists in Fujitsu Security Solution Auth ...)
+ TODO: check
+CVE-2026-0656 (The iPaymu Payment Gateway for WooCommerce plugin for WordPress is vul ...)
+ TODO: check
+CVE-2026-0650 (OpenFlagr versions prior to and including 1.1.18 contain an authentica ...)
+ TODO: check
+CVE-2026-0649 (A security vulnerability has been detected in invoiceninja up to 5.12. ...)
+ TODO: check
+CVE-2026-0643 (A flaw has been found in projectworlds House Rental and Property Listi ...)
+ TODO: check
+CVE-2026-0642 (A vulnerability was detected in projectworlds House Rental and Propert ...)
+ TODO: check
+CVE-2025-9611 (Microsoft Playwright MCP Server versions prior to 0.0.40 fails to vali ...)
+ TODO: check
+CVE-2025-47396 (Memory corruption occurs when a secure application is launched on a de ...)
+ TODO: check
+CVE-2025-47395 (Transient DOS while parsing a WLAN management frame with a Vendor Spec ...)
+ TODO: check
+CVE-2025-47394 (Memory corruption when copying overlapping buffers during memory opera ...)
+ TODO: check
+CVE-2025-47393 (Memory corruption when accessing resources in kernel driver.)
+ TODO: check
+CVE-2025-47388 (Memory corruption while passing pages to DSP with an unaligned startin ...)
+ TODO: check
+CVE-2025-47380 (Memory corruption while preprocessing IOCTLs in sensors.)
+ TODO: check
+CVE-2025-47369 (Information disclosure when a weak hashed value is returned to userlan ...)
+ TODO: check
+CVE-2025-47356 (Memory Corruption when multiple threads concurrently access and modify ...)
+ TODO: check
+CVE-2025-47348 (Memory corruption while processing identity credential operations in t ...)
+ TODO: check
+CVE-2025-47346 (Memory corruption while processing a secure logging command in the tru ...)
+ TODO: check
+CVE-2025-47345 (Cryptographic issue may occur while encrypting license data.)
+ TODO: check
+CVE-2025-47344 (Memory corruption while handling sensor utility operations.)
+ TODO: check
+CVE-2025-47343 (Memory corruption while processing a video session to set video parame ...)
+ TODO: check
+CVE-2025-47339 (Memory corruption while deinitializing a HDCP session.)
+ TODO: check
+CVE-2025-47337 (Memory corruption while accessing a synchronization object during conc ...)
+ TODO: check
+CVE-2025-47336 (Memory corruption while performing sensor register read operations.)
+ TODO: check
+CVE-2025-47335 (Memory corruption while parsing clock configuration data for a specifi ...)
+ TODO: check
+CVE-2025-47334 (Memory corruption while processing shared command buffer packet betwee ...)
+ TODO: check
+CVE-2025-47333 (Memory corruption while handling buffer mapping operations in the cryp ...)
+ TODO: check
+CVE-2025-47332 (Memory corruption while processing a config call from userspace.)
+ TODO: check
+CVE-2025-47331 (Information disclosure while processing a firmware event.)
+ TODO: check
+CVE-2025-47330 (Transient DOS while parsing video packets received from the video firm ...)
+ TODO: check
+CVE-2025-31964 (Improper service binding configuration in internal service components ...)
+ TODO: check
+CVE-2025-31963 (Improper authentication and missing CSRF protection in the local setup ...)
+ TODO: check
+CVE-2025-31962 (Insufficient session expiration in the Web UI authentication component ...)
+ TODO: check
+CVE-2025-31642 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-31051 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
+ TODO: check
+CVE-2025-30996 (Unrestricted Upload of File with Dangerous Type vulnerability in Themi ...)
+ TODO: check
+CVE-2025-30631 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-29004 (Incorrect Privilege Assignment vulnerability in AA-Team Premium Age Ve ...)
+ TODO: check
+CVE-2025-15474 (AuntyFey Smart Combination Lock firmware versions as of 2025-12-24 con ...)
+ TODO: check
+CVE-2025-15472 (A flaw has been found in TRENDnet TEW-811DRU 1.0.2.0. This affects the ...)
+ TODO: check
+CVE-2025-15471 (A vulnerability was detected in TRENDnet TEW-713RE 1.02. The impacted ...)
+ TODO: check
+CVE-2025-14904 (The Newsletter Email Subscribe plugin for WordPress is vulnerable to C ...)
+ TODO: check
+CVE-2025-14901 (The Bit Form \u2013 Contact Form Plugin plugin for WordPress is vulner ...)
+ TODO: check
+CVE-2025-14891 (The Customer Reviews for WooCommerce plugin for WordPress is vulnerabl ...)
+ TODO: check
+CVE-2025-14888 (The Simple User Meta Editor plugin for WordPress is vulnerable to Stor ...)
+ TODO: check
+CVE-2025-14887 (The twinklesmtp \u2013 Email Service Provider For WordPress plugin for ...)
+ TODO: check
+CVE-2025-14875 (The HBLPAY Payment Gateway for WooCommerce plugin for WordPress is vul ...)
+ TODO: check
+CVE-2025-14867 (The Flashcard plugin for WordPress is vulnerable to Path Traversal in ...)
+ TODO: check
+CVE-2025-14845 (The NS IE Compatibility Fixer plugin for WordPress is vulnerable to Cr ...)
+ TODO: check
+CVE-2025-14842 (The Drag and Drop Multiple File Upload \u2013 Contact Form 7 plugin fo ...)
+ TODO: check
+CVE-2025-14835 (The WP Photo Album Plus plugin for WordPress is vulnerable to Reflecte ...)
+ TODO: check
+CVE-2025-14804 (The Frontend File Manager Plugin WordPress plugin before 23.5 did not ...)
+ TODO: check
+CVE-2025-14802 (The LearnPress \u2013 WordPress LMS Plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2025-14792 (The Key Figures plugin for WordPress is vulnerable to Stored Cross-Sit ...)
+ TODO: check
+CVE-2025-14719 (The Relevanssi WordPress plugin before 4.26.0, Relevanssi Premium Wor ...)
+ TODO: check
+CVE-2025-14631 (A NULL Pointer Dereference vulnerability in TP-Link Archer BE400 V1(80 ...)
+ TODO: check
+CVE-2025-14625 (Uncontrolled Search Path Element vulnerability in Altera Quartus Prime ...)
+ TODO: check
+CVE-2025-14614 (Insecure Temporary File vulnerability in Altera Quartus Prime Standard ...)
+ TODO: check
+CVE-2025-14612 (Insecure Temporary File vulnerability in Altera Quartus Prime Pro Ins ...)
+ TODO: check
+CVE-2025-14605 (Uncontrolled Search Path Element vulnerability in Altera Quartus Prime ...)
+ TODO: check
+CVE-2025-14599 (Uncontrolled Search Path Element vulnerability in Altera Quartus Prime ...)
+ TODO: check
+CVE-2025-14596 (Uncontrolled Search Path Element vulnerability in Altera Quartus Prime ...)
+ TODO: check
+CVE-2025-14468 (The AMP for WP \u2013 Accelerated Mobile Pages plugin for WordPress is ...)
+ TODO: check
+CVE-2025-14370 (The Quote Comments plugin for WordPress is vulnerable to Missing Autho ...)
+ TODO: check
+CVE-2025-14059 (The EmailKit plugin for WordPress is vulnerable to Arbitrary File Read ...)
+ TODO: check
+CVE-2025-13744 (An Improper Neutralization of Input During Web Page Generation vulnera ...)
+ TODO: check
+CVE-2025-13657 (The HelpDesk contact form plugin for WordPress is vulnerable to Cross- ...)
+ TODO: check
+CVE-2025-13371 (The MoneySpace plugin for WordPress is vulnerable to Sensitive Informa ...)
+ TODO: check
+CVE-2025-13369 (The Premmerce WooCommerce Customers Manager plugin for WordPress is vu ...)
+ TODO: check
+CVE-2025-12648 (The WP-Members Membership Plugin for WordPress is vulnerable to unauth ...)
+ TODO: check
+CVE-2025-12449 (The aBlocks \u2013 WordPress Gutenberg Blocks plugin for WordPress is ...)
+ TODO: check
+CVE-2025-11235 (Unverified Password Change vulnerability in Progress MOVEit Transfer o ...)
+ TODO: check
+CVE-2025-0980 (Nokia SR Linux is vulnerable to an authentication vulnerability allowi ...)
+ TODO: check
+CVE-2024-14020 (A weakness has been identified in carboneio carbone up to fbcd349077ad ...)
+ TODO: check
CVE-2025-15224 [libssh key passphrase bypass without agent set]
- curl <unfixed> (unimportant)
NOTE: https://curl.se/docs/CVE-2025-15224.html
@@ -39,7 +201,7 @@ CVE-2025-13034 [No QUIC certificate pinning with GnuTLS]
NOTE: https://curl.se/docs/CVE-2025-13034.html
NOTE: Introduced with: https://github.com/curl/curl/commit/3210101088dfa3d6a125d213226b092f2f866722 (curl-8_8_0)
NOTE: Fixed by: https://github.com/curl/curl/commit/3d91ca8cdb3b434226e743946d428b4dd3acf2c9 (rc-8_18_0-1, curl-8_18_0)
-CVE-2026-0628
+CVE-2026-0628 (Insufficient policy enforcement in WebView tag in Google Chrome prior ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-21494 (iccDEV provides a set of libraries and tools that allow for the intera ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5dcebb7cb0b15247aba02ac080a9550eff9d00c1
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5dcebb7cb0b15247aba02ac080a9550eff9d00c1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260107/f9534132/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list