[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Jan 16 08:12:39 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a61fb932 by security tracker role at 2026-01-16T08:12:28+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,263 @@
+CVE-2026-23769 (lucy-xss-filter before commit e5826c0 allows an attacker to execute ma ...)
+ TODO: check
+CVE-2026-23768 (lucy-xss-filter before commit 7c1de6d allows an attacker to induce ser ...)
+ TODO: check
+CVE-2026-23714
+ REJECTED
+CVE-2026-23713
+ REJECTED
+CVE-2026-23712
+ REJECTED
+CVE-2026-23711
+ REJECTED
+CVE-2026-23710
+ REJECTED
+CVE-2026-23709
+ REJECTED
+CVE-2026-22864 (Deno is a JavaScript, TypeScript, and WebAssembly runtime. Before 2.5. ...)
+ TODO: check
+CVE-2026-22863 (Deno is a JavaScript, TypeScript, and WebAssembly runtime. Before 2.6. ...)
+ TODO: check
+CVE-2026-22045 (Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.35 a ...)
+ TODO: check
+CVE-2026-21921 (A Use After Free vulnerability in the chassis daemon (chassisd) of Jun ...)
+ TODO: check
+CVE-2026-21920 (An Unchecked Return Value vulnerability in the DNS module of Juniper N ...)
+ TODO: check
+CVE-2026-21918 (A Double Free vulnerability in the flow processing daemon (flowd) of J ...)
+ TODO: check
+CVE-2026-21917 (An Improper Validation of Syntactic Correctness of Input vulnerability ...)
+ TODO: check
+CVE-2026-21914 (An Improper Locking vulnerability in the GTP plugin of Juniper Network ...)
+ TODO: check
+CVE-2026-21913 (An Incorrect Initialization of Resource vulnerability in the Internal ...)
+ TODO: check
+CVE-2026-21912 (A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in t ...)
+ TODO: check
+CVE-2026-21911 (An Incorrect Calculation vulnerability in the Layer 2 Control Protoco ...)
+ TODO: check
+CVE-2026-21910 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...)
+ TODO: check
+CVE-2026-21909 (A Missing Release of Memory after Effective Lifetime vulnerability in ...)
+ TODO: check
+CVE-2026-21908 (A Use After Free vulnerability was identified in the 802.1X authentica ...)
+ TODO: check
+CVE-2026-21907 (A Use of a Broken or Risky Cryptographic Algorithm vulnerability in th ...)
+ TODO: check
+CVE-2026-21906 (An Improper Handling of Exceptional Conditions vulnerability in the pa ...)
+ TODO: check
+CVE-2026-21905 (A Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability ...)
+ TODO: check
+CVE-2026-21903 (A Stack-based Buffer Overflow vulnerability in the Packet Forwarding E ...)
+ TODO: check
+CVE-2026-1023 (Statistics Database System developed by Gotac has a Missing Authentica ...)
+ TODO: check
+CVE-2026-1022 (Statistics Database System developed by Gotac has an Arbitrary File Re ...)
+ TODO: check
+CVE-2026-1021 (Police Statistics Database System developed by Gotac has an Arbitrary ...)
+ TODO: check
+CVE-2026-1020 (Police Statistics Database System developed by Gotac has a Absolute Pa ...)
+ TODO: check
+CVE-2026-1019 (Police Statistics Database System developed by Gotac has a Missing Aut ...)
+ TODO: check
+CVE-2026-1018 (Police Statistics Database Systemdeveloped by Gotac has an Arbitrary F ...)
+ TODO: check
+CVE-2026-1012
+ REJECTED
+CVE-2026-1011 (A stored cross-site scripting (XSS) vulnerability exists in the Altium ...)
+ TODO: check
+CVE-2026-1010 (A stored cross-site scripting (XSS) vulnerability exists in the Altium ...)
+ TODO: check
+CVE-2026-1009 (A stored cross-site scripting (XSS) vulnerability exists in the Altium ...)
+ TODO: check
+CVE-2026-1008 (A stored cross-site scripting (XSS) vulnerability exists in the user p ...)
+ TODO: check
+CVE-2026-1003 (The GetGenie plugin for WordPress is vulnerable to authorization bypas ...)
+ TODO: check
+CVE-2026-1002 (The Vert.x Web static handler component cache can be manipulated to de ...)
+ TODO: check
+CVE-2026-1000 (The MailerLite - WooCommerce integration plugin for WordPress is vulne ...)
+ TODO: check
+CVE-2026-0975 (Delta Electronics DIAView has Command Injection vulnerability.)
+ TODO: check
+CVE-2026-0942 (The Rede Ita\xfa for WooCommerce \u2014 Payment PIX, Credit Card and D ...)
+ TODO: check
+CVE-2026-0939 (The Rede Ita\xfa for WooCommerce plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2026-0916 (The Related Posts by Taxonomy plugin for WordPress is vulnerable to St ...)
+ TODO: check
+CVE-2026-0915 (Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf ...)
+ TODO: check
+CVE-2026-0858 (Versions of the package net.sourceforge.plantuml:plantuml before 1.202 ...)
+ TODO: check
+CVE-2026-0203 (An Improper Handling of Exceptional Conditions vulnerability in packet ...)
+ TODO: check
+CVE-2025-70893 (A time-based blind SQL Injection vulnerability exists in PHPGurukul Cy ...)
+ TODO: check
+CVE-2025-70892 (Phpgurukul Cyber Cafe Management System v1.0 contains a SQL Injection ...)
+ TODO: check
+CVE-2025-70891 (A stored cross-site scripting (XSS) vulnerability exists in Phpgurukul ...)
+ TODO: check
+CVE-2025-70890 (A stored cross-site scripting (XSS) vulnerability exists in Cyber Cafe ...)
+ TODO: check
+CVE-2025-68671 (lakeFS is an open-source tool that transforms object storage into a Gi ...)
+ TODO: check
+CVE-2025-67823 (A vulnerability in the Multimedia Email component of Mitel MiContact C ...)
+ TODO: check
+CVE-2025-67822 (A vulnerability in the Provisioning Manager component of Mitel MiVoice ...)
+ TODO: check
+CVE-2025-67025 (Cross Site Scripting vulnerability in Anycomment anycomment.io 0.4.4 a ...)
+ TODO: check
+CVE-2025-65368 (SparkyFitness v0.15.8.2 is vulnerable to Cross Site Scripting (XSS) vi ...)
+ TODO: check
+CVE-2025-65118 (The vulnerability, if exploited, could allow an authenticated miscrean ...)
+ TODO: check
+CVE-2025-65117 (The vulnerability, if exploited, could allow an authenticated miscrean ...)
+ TODO: check
+CVE-2025-64769 (The Process Optimization application suite leverages connection chann ...)
+ TODO: check
+CVE-2025-64729 (The vulnerability, if exploited, could allow an authenticated miscrean ...)
+ TODO: check
+CVE-2025-64691 (The vulnerability, if exploited, could allow an authenticated miscrean ...)
+ TODO: check
+CVE-2025-62582 (Delta Electronics DIAView has multiple vulnerabilities.)
+ TODO: check
+CVE-2025-62581 (Delta Electronics DIAView has multiple vulnerabilities.)
+ TODO: check
+CVE-2025-61943 (The vulnerability, if exploited, could allow an authenticated miscrean ...)
+ TODO: check
+CVE-2025-61937 (The vulnerability, if exploited, could allow an unauthenticated miscr ...)
+ TODO: check
+CVE-2025-60011 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...)
+ TODO: check
+CVE-2025-60007 (A NULL Pointer Dereference vulnerability in the chassis daemon (chassi ...)
+ TODO: check
+CVE-2025-60003 (A Buffer Over-read vulnerability in the routing protocol daemon (rpd) ...)
+ TODO: check
+CVE-2025-59961 (An Incorrect Permission Assignment for Critical Resource vulnerability ...)
+ TODO: check
+CVE-2025-59960 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...)
+ TODO: check
+CVE-2025-59959 (An Untrusted Pointer Dereference vulnerability in the routing protocol ...)
+ TODO: check
+CVE-2025-52987 (A clickjacking vulnerability exists in the web portal of Juniper Netwo ...)
+ TODO: check
+CVE-2025-15527 (The WP Recipe Maker plugin for WordPress is vulnerable to Information ...)
+ TODO: check
+CVE-2025-15526 (The Fancy Product Designer plugin for WordPress is vulnerable to Full ...)
+ TODO: check
+CVE-2025-15370 (The Shield: Blocks Bots, Protects Users, and Prevents Security Breache ...)
+ TODO: check
+CVE-2025-14982 (The Booking Calendar plugin for WordPress is vulnerable to Missing Aut ...)
+ TODO: check
+CVE-2025-14853 (The LEAV Last Email Address Validator plugin for WordPress is vulnerab ...)
+ TODO: check
+CVE-2025-14793 (The DK PDF \u2013 WordPress PDF Generator plugin for WordPress is vuln ...)
+ TODO: check
+CVE-2025-14384 (The All in One SEO \u2013 Powerful SEO Plugin to Boost SEO Rankings & ...)
+ TODO: check
+CVE-2025-14375 (The RSS Aggregator \u2013 RSS Import, News Feeds, Feed to Post, and Au ...)
+ TODO: check
+CVE-2025-14237 (Buffer overflow in XPS font parse processing on Small Office Multifunc ...)
+ TODO: check
+CVE-2025-14236 (Buffer overflow in Address Book attribute tag processing on Small Offi ...)
+ TODO: check
+CVE-2025-14235 (Buffer overflow in XPS font fpgm data processing on Small Office Multi ...)
+ TODO: check
+CVE-2025-14234 (Buffer overflow in CPCA list processing on Small Office Multifunction ...)
+ TODO: check
+CVE-2025-14233 (Invalid free in CPCA file deletion processing on Small Office Multifun ...)
+ TODO: check
+CVE-2025-14232 (Buffer overflow in XML processing of XPS file in Small Office Multifun ...)
+ TODO: check
+CVE-2025-14231 (Buffer overflow in print job processing by WSD on Small Office Multifu ...)
+ TODO: check
+CVE-2025-12957 (The All-in-One Video Gallery plugin for WordPress is vulnerable to arb ...)
+ TODO: check
+CVE-2025-12641 (The Awesome Support - WordPress HelpDesk & Support Plugin for WordPres ...)
+ TODO: check
+CVE-2023-7334 (Changjetong T+ versions up to and including 16.x contain a .NET deseri ...)
+ TODO: check
+CVE-2021-47815 (Nsauditor 3.2.3 contains a denial of service vulnerability in the regi ...)
+ TODO: check
+CVE-2021-47814 (NBMonitor 1.6.8 contains a denial of service vulnerability that allows ...)
+ TODO: check
+CVE-2021-47813 (Backup Key Recovery 2.2.7 contains a denial of service vulnerability t ...)
+ TODO: check
+CVE-2021-47812 (GravCMS 1.10.7 contains an unauthenticated vulnerability that allows r ...)
+ TODO: check
+CVE-2021-47811 (Grocery Crud 1.6.4 contains a SQL injection vulnerability in the order ...)
+ TODO: check
+CVE-2021-47810 (WibuKey Runtime 6.51 contains an unquoted service path vulnerability i ...)
+ TODO: check
+CVE-2021-47809 (Disk Sorter Enterprise 13.6.12 contains an unquoted service path vulne ...)
+ TODO: check
+CVE-2021-47808 (Cotonti Siena 0.9.19 contains a stored cross-site scripting vulnerabil ...)
+ TODO: check
+CVE-2021-47807 (Sync Breeze 13.6.18 contains an unquoted service path vulnerability in ...)
+ TODO: check
+CVE-2021-47806 (Dup Scout 13.5.28 contains an unquoted service path vulnerability in i ...)
+ TODO: check
+CVE-2021-47805 (Disk Savvy 13.6.14 contains an unquoted service path vulnerability in ...)
+ TODO: check
+CVE-2021-47804 (Wise Care 365 5.6.7.568 contains an unquoted service path vulnerabilit ...)
+ TODO: check
+CVE-2021-47803 (iFunbox 4.2 contains an unquoted service path vulnerability in the App ...)
+ TODO: check
+CVE-2021-47801 (Vianeos OctoPUS 5 contains a time-based blind SQL injection vulnerabil ...)
+ TODO: check
+CVE-2021-47800 (b2evolution 7.2.2 contains a cross-site request forgery vulnerability ...)
+ TODO: check
+CVE-2021-47798 (NoteBurner 2.35 contains a buffer overflow vulnerability in the licens ...)
+ TODO: check
+CVE-2021-47797 (Leawo Prof. Media 11.0.0.1 contains a denial of service vulnerability ...)
+ TODO: check
+CVE-2021-47796 (Denver SHC-150 Smart Wifi Camera contains a hardcoded telnet credentia ...)
+ TODO: check
+CVE-2021-47795 (GeoVision GeoWebServer 5.3.3 contains multiple vulnerabilities includi ...)
+ TODO: check
+CVE-2021-47794 (ZesleCP 3.1.9 contains an authenticated remote code execution vulnerab ...)
+ TODO: check
+CVE-2021-47793 (Telegram Desktop 2.9.2 contains a denial of service vulnerability that ...)
+ TODO: check
+CVE-2021-47792 (Remote Mouse 4.002 contains an unquoted service path vulnerability tha ...)
+ TODO: check
+CVE-2021-47791 (SmartFTP Client 10.0.2909.0 contains multiple denial of service vulner ...)
+ TODO: check
+CVE-2021-47790 (Active WebCam 11.5 contains an unquoted service path vulnerability tha ...)
+ TODO: check
+CVE-2021-47789 (Yenkee Hornet Gaming Mouse driver GM312Fltr.sys contains a buffer over ...)
+ TODO: check
+CVE-2021-47788 (WebsiteBaker 2.13.0 contains an authenticated remote code execution vu ...)
+ TODO: check
+CVE-2021-47787 (TotalAV 5.15.69 contains an unquoted service path vulnerability in mul ...)
+ TODO: check
+CVE-2021-47786 (Redragon Gaming Mouse driver contains a kernel-level vulnerability tha ...)
+ TODO: check
+CVE-2021-47785 (Ether MP3 CD Burner 1.3.8 contains a buffer overflow vulnerability in ...)
+ TODO: check
+CVE-2021-47783 (Phpwcms 1.9.30 contains a file upload vulnerability that allows authen ...)
+ TODO: check
+CVE-2021-47782 (Odine Solutions GateKeeper 1.0 contains a SQL injection vulnerability ...)
+ TODO: check
+CVE-2021-47780 (Macro Expert 4.7 contains an unquoted service path vulnerability that ...)
+ TODO: check
+CVE-2021-47779 (Dolibarr ERP-CRM 14.0.2 contains a stored cross-site scripting vulnera ...)
+ TODO: check
+CVE-2021-47756 (Laravel Valet versions 1.1.4 to 2.0.3 contain a local privilege escala ...)
+ TODO: check
+CVE-2020-36930 (SysGauge Server 7.9.18 contains an unquoted service path vulnerability ...)
+ TODO: check
+CVE-2020-36929 (Brother BRPrint Auditor 3.0.7 contains an unquoted service path vulner ...)
+ TODO: check
+CVE-2020-36928 (Brother BRAgent 1.38 contains an unquoted service path vulnerability i ...)
+ TODO: check
+CVE-2020-36927 (DiskPulse Enterprise 13.6.14 contains an unquoted service path vulnera ...)
+ TODO: check
+CVE-2020-36926 (SmarterTrack 7922 contains an information disclosure vulnerability in ...)
+ TODO: check
+CVE-2011-10041 (Uploadify WordPress plugin versions up to and including 1.0contain an ...)
+ TODO: check
CVE-2025-61730 [crypto/tls: handshake messages may be processed at the incorrect encryption level]
- golang-1.25 <unfixed>
- golang-1.24 <unfixed>
@@ -2150,7 +2410,7 @@ CVE-2026-22250 (wlc is a Weblate command-line client using Weblate's REST API. P
NOTE: https://github.com/WeblateOrg/wlc/security/advisories/GHSA-2mmv-7rrp-g8xh
NOTE: https://github.com/WeblateOrg/wlc/pull/1097
NOTE: Fixed by: https://github.com/WeblateOrg/wlc/commit/a513864ec4daad00146e6d6e039559726e256fa3 (1.17.0)
-CVE-2026-22200 (Enhancesoft osTicket versions up to and including 1.18.2 contain an ar ...)
+CVE-2026-22200 (Enhancesoft osTicket versions 1.18.3 contain an arbitrary file read vu ...)
NOT-FOR-US: osTicket
CVE-2026-22050 (ONTAP versions 9.16.1 prior to 9.16.1P9 and 9.17.1 prior to 9.17.1P2 w ...)
NOT-FOR-US: NetApp
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a61fb9327526ce27b439b8e9af963d2401fe8a21
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a61fb9327526ce27b439b8e9af963d2401fe8a21
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260116/e482b0c6/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list