[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jan 15 08:13:21 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
06463ed7 by security tracker role at 2026-01-15T08:13:10+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,57 @@
+CVE-2026-23582
+	REJECTED
+CVE-2026-23581
+	REJECTED
+CVE-2026-23580
+	REJECTED
+CVE-2026-23579
+	REJECTED
+CVE-2026-23578
+	REJECTED
+CVE-2026-23577
+	REJECTED
+CVE-2026-23576
+	REJECTED
+CVE-2026-23575
+	REJECTED
+CVE-2026-23574
+	REJECTED
+CVE-2026-23512 (SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, ...)
+	TODO: check
+CVE-2026-0962 (SOME/IP-SD protocol dissector crash in Wireshark 4.6.0 to 4.6.2 and 4. ...)
+	TODO: check
+CVE-2026-0961 (BLF file parser crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12  ...)
+	TODO: check
+CVE-2026-0960 (HTTP3 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.2 all ...)
+	TODO: check
+CVE-2026-0959 (IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.2 and 4 ...)
+	TODO: check
+CVE-2026-0861 (Passing too large an alignment to the memalign suite of functions (mem ...)
+	TODO: check
+CVE-2026-0601 (A reflected cross-site scripting vulnerability exists in Nexus Reposit ...)
+	TODO: check
+CVE-2026-0600 (Server-Side Request Forgery (SSRF) vulnerability in Sonatype Nexus Rep ...)
+	TODO: check
+CVE-2026-0421 (A potential vulnerability was reported in the BIOS of L13 Gen 6, L13 G ...)
+	TODO: check
+CVE-2025-14457 (The Drag and Drop Multiple File Upload for Contact Form 7 plugin for W ...)
+	TODO: check
+CVE-2025-14448 (The WP-Members Membership Plugin plugin for WordPress is vulnerable to ...)
+	TODO: check
+CVE-2025-14058 (A potential missing authentication vulnerability was reported in some  ...)
+	TODO: check
+CVE-2025-13455 (A vulnerability was reported in ThinkPlus configuration software that  ...)
+	TODO: check
+CVE-2025-13454 (A potential vulnerability was reported in ThinkPlus configuration soft ...)
+	TODO: check
+CVE-2025-13453 (A potential vulnerability was reported in some ThinkPlus USB drives th ...)
+	TODO: check
+CVE-2025-13154 (An improper link following vulnerability was reported in the SmartPerf ...)
+	TODO: check
+CVE-2025-12533
+	REJECTED
+CVE-2025-12166 (The Appointment Booking Calendar \u2014 Simply Schedule Appointments B ...)
+	TODO: check
 CVE-2026-23550 (Incorrect Privilege Assignment vulnerability in Modular DS allows Priv ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-23498 (Shopware is an open commerce platform. From 6.7.0.0 to before 6.7.6.1, ...)
@@ -666,33 +720,43 @@ CVE-2025-55131 [Timeout-based race conditions make Uint8Array/Buffer.alloc non-z
 	- nodejs 22.22.0+dfsg+~cs22.19.6-1
 	NOTE: https://nodejs.org/en/blog/vulnerability/december-2025-security-releases#timeout-based-race-conditions-make-uint8arraybufferalloc-non-zerofilled-cve-2025-55131---high
 CVE-2026-0908
+	{DSA-6100-1}
 	- chromium 144.0.7559.59-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-0907
+	{DSA-6100-1}
 	- chromium 144.0.7559.59-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-0906
+	{DSA-6100-1}
 	- chromium 144.0.7559.59-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-0905
+	{DSA-6100-1}
 	- chromium 144.0.7559.59-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-0904
+	{DSA-6100-1}
 	- chromium 144.0.7559.59-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-0903
+	{DSA-6100-1}
 	- chromium 144.0.7559.59-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-0902
+	{DSA-6100-1}
 	- chromium 144.0.7559.59-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-0901
+	{DSA-6100-1}
 	- chromium 144.0.7559.59-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-0900
+	{DSA-6100-1}
 	- chromium 144.0.7559.59-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-0899
+	{DSA-6100-1}
 	- chromium 144.0.7559.59-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-22818 (Hono is a Web application framework that provides support for any Java ...)
@@ -11188,13 +11252,13 @@ CVE-2025-63947 (A Reflected Cross-Site Scripting (XSS) vulnerability exists in p
 	NOT-FOR-US: phpMsAdmin
 CVE-2025-62004 (BullWall Server Intrusion Protection services are initialized after lo ...)
 	NOT-FOR-US: BullWall
-CVE-2025-62003 (BullWall Server Intrusion Protection has a noticeable delay before the ...)
+CVE-2025-62003 (BullWall Server Intrusion Protection has a noticeable configuration-de ...)
 	NOT-FOR-US: BullWall
 CVE-2025-62002 (BullWall Ransomware Containment relies on the number of file modificat ...)
 	NOT-FOR-US: BullWall
-CVE-2025-62001 (BullWall Ransomware Containment contains excluded file paths, such as  ...)
+CVE-2025-62001 (BullWall Ransomware Containment supports configurable file and directo ...)
 	NOT-FOR-US: BullWall
-CVE-2025-62000 (BullWall Ransomware Containment does not entirely inspect a file to de ...)
+CVE-2025-62000 (BullWall Ransomware Containment may not always detect an encrypted fil ...)
 	NOT-FOR-US: BullWall
 CVE-2025-59529 (Avahi is a system which facilitates service discovery on a local netwo ...)
 	- avahi <unfixed> (bug #1123671)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/06463ed7a6705d40dd46f11c68afb57657bb2f13

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/06463ed7a6705d40dd46f11c68afb57657bb2f13
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260115/75aaebbe/attachment.htm>

More information about the debian-security-tracker-commits mailing list