[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Jan 17 08:14:22 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b162dcc4 by security tracker role at 2026-01-17T08:13:01+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,85 @@
+CVE-2026-23800 (Incorrect Privilege Assignment vulnerability in Modular DS modular-con ...)
+	TODO: check
+CVE-2026-23745 (node-tar is a Tar for Node.js. The node-tar library (<= 7.5.2) fails t ...)
+	TODO: check
+CVE-2026-23744 (MCPJam inspector is the local-first development platform for MCP serve ...)
+	TODO: check
+CVE-2026-23742 (Skipper is an HTTP router and reverse proxy for service composition. T ...)
+	TODO: check
+CVE-2026-23735 (GraphQL Modules is a toolset of libraries and guidelines dedicated to  ...)
+	TODO: check
+CVE-2026-23643 (CakePHP is a rapid development framework for PHP. The PaginatorHelper: ...)
+	TODO: check
+CVE-2026-22865 (Gradle is a build automation tool, and its native-platform tool provid ...)
+	TODO: check
+CVE-2026-22816 (Gradle is a build automation tool, and its native-platform tool provid ...)
+	TODO: check
+CVE-2026-21223 (Microsoft Edge Elevation Service exposes a privileged COM interface th ...)
+	TODO: check
+CVE-2026-20960 (Improper authorization in Microsoft Power Apps allows an authorized at ...)
+	TODO: check
+CVE-2026-0833 (The Team Section Block plugin for WordPress is vulnerable to Stored Cr ...)
+	TODO: check
+CVE-2026-0820 (The RepairBuddy \u2013 Repair Shop CRM & Booking Plugin for WordPress  ...)
+	TODO: check
+CVE-2026-0808 (The Spin Wheel plugin for WordPress is vulnerable to client-side prize ...)
+	TODO: check
+CVE-2026-0691 (The CM E-Mail Blacklist \u2013 Simple email filtering for safer regist ...)
+	TODO: check
+CVE-2026-0682 (The Church Admin plugin for WordPress is vulnerable to Server-Side Req ...)
+	TODO: check
+CVE-2026-0519 (In Secure Access 12.70 and prior to 14.20, the logging  subsystem may  ...)
+	TODO: check
+CVE-2026-0518 (CVE-2026-0518 is a cross-site scripting vulnerability in versions of   ...)
+	TODO: check
+CVE-2026-0517 (CVE-2026-0517 is a denial-of-service vulnerability in versions of Secu ...)
+	TODO: check
+CVE-2025-5489
+	REJECTED
+CVE-2025-5102
+	REJECTED
+CVE-2025-56451 (Cross site scripting vulnerability in seeyon Zhiyuan A8+ Collaborative ...)
+	TODO: check
+CVE-2025-15529 (A vulnerability was found in Open5GS up to 2.7.6. Affected by this iss ...)
+	TODO: check
+CVE-2025-15528 (A vulnerability has been found in Open5GS up to 2.7.6. Affected by thi ...)
+	TODO: check
+CVE-2025-15403 (The RegistrationMagic plugin for WordPress is vulnerable to Privilege  ...)
+	TODO: check
+CVE-2025-14632 (The Filr \u2013 Secure document library plugin for WordPress is vulner ...)
+	TODO: check
+CVE-2025-14478 (The Demo Importer Plus plugin for WordPress is vulnerable to XML Exter ...)
+	TODO: check
+CVE-2025-14463 (The Payment Button for PayPal plugin for WordPress is vulnerable to un ...)
+	TODO: check
+CVE-2025-14450 (The Wallet System for WooCommerce plugin for WordPress is vulnerable t ...)
+	TODO: check
+CVE-2025-14075 (The WP Hotel Booking plugin for WordPress is vulnerable to Sensitive I ...)
+	TODO: check
+CVE-2025-14029 (The Community Events plugin for WordPress is vulnerable to unauthorize ...)
+	TODO: check
+CVE-2025-13725 (The Gutenberg Thim Blocks \u2013 Page Builder, Gutenberg Blocks for th ...)
+	TODO: check
+CVE-2025-12984 (The Advanced Ads \u2013Ad Manager & AdSense plugin for WordPress is vu ...)
+	TODO: check
+CVE-2025-12825 (The User Registration Using Contact Form 7 plugin for WordPress is vul ...)
+	TODO: check
+CVE-2025-12718 (The Quick Contact Form plugin for WordPress is vulnerable to Open Mail ...)
+	TODO: check
+CVE-2025-12168 (The Phrase TMS Integration for WordPress plugin for WordPress is vulne ...)
+	TODO: check
+CVE-2025-12129 (The CubeWP \u2013 All-in-One Dynamic Content Framework plugin for Word ...)
+	TODO: check
+CVE-2025-12002 (The Feeds for YouTube Pro plugin for WordPress is vulnerable to arbitr ...)
+	TODO: check
+CVE-2024-8506
+	REJECTED
+CVE-2024-8491
+	REJECTED
+CVE-2019-25297 (Poll, Survey & Quiz Maker Plugin by Opinion Stage Wordpress plugin ver ...)
+	TODO: check
+CVE-2012-10064 (Omni Secure Files plugin versions prior to 0.1.14 contain an arbitrary ...)
+	TODO: check
 CVE-2026-23731 (WeGIA is a web manager for charitable institutions. Prior to 3.6.2, Th ...)
 	NOT-FOR-US: WeGIA
 CVE-2026-23730 (WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an ...)
@@ -12323,7 +12405,7 @@ CVE-2025-64236 (Authentication Bypass Using an Alternate Path or Channel vulnera
 CVE-2025-64235 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-63757 (Integer overflow vulnerability in the yuv2ya16_X_c_template function i ...)
-	{DSA-6079-1 DSA-6073-1}
+	{DSA-6079-1 DSA-6073-1 DLA-4440-1}
 	- ffmpeg 7:7.1.3-1
 	NOTE: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/20698
 	NOTE: https://code.ffmpeg.org/FFmpeg/FFmpeg/0c6b7f9483a38657c9be824572b4c0c45d4d9fef (master)
@@ -48828,7 +48910,7 @@ CVE-2025-39792 (In the Linux kernel, the following vulnerability has been resolv
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/2df7168717b7d2d32bcf017c68be16e4aae9dd13 (6.17-rc1)
 CVE-2025-10256
-	{DSA-6007-1}
+	{DSA-6007-1 DLA-4440-1}
 	- ffmpeg 7:7.1.2-1
 	[bookworm] - ffmpeg <postponed> (Minor issue, wait until it's fixed in the 5.1 branch)
 	NOTE: Fixed by: https://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff/a25462482c02c004d685a8fcf2fa63955aaa0931 (n8.0)
@@ -49712,7 +49794,7 @@ CVE-2025-10148 (curl's websocket code did not update the 32 bit mask pattern for
 CVE-2025-9994 (The Amp\u2019ed RF BT-AP 111 Bluetooth access point's HTTP admin inter ...)
 	NOT-FOR-US: Amped RF
 CVE-2025-9951 (A heap-buffer-overflow write exists in jpeg2000dec FFmpeg which allows ...)
-	{DSA-6007-1 DSA-5985-1}
+	{DSA-6007-1 DSA-5985-1 DLA-4440-1}
 	- ffmpeg 7:7.1.2-1
 	NOTE: https://github.com/google/security-research/security/advisories/GHSA-39q3-f8jq-v6mg
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/01a292c7e36545ddeb3c7f79cd02e2611cd37d73 (n8.0)
@@ -66034,7 +66116,7 @@ CVE-2025-53644 (OpenCV is an Open Source Computer Vision Library. Versions 4.10.
 CVE-2024-6234
 	NOT-FOR-US: Ansible Automation Platform
 CVE-2025-7700 (A flaw was found in FFmpeg\u2019s ALS audio decoder, where it does not ...)
-	{DSA-6007-1 DSA-5985-1}
+	{DSA-6007-1 DSA-5985-1 DLA-4440-1}
 	- ffmpeg 7:7.1.2-1
 	NOTE: Introduced with: https://git.ffmpeg.org/gitweb/ffmpeg.git/object/dcfd24b10c7eaec4b7b1ec2c4abb46808721a71d
 	NOTE: Fixed by: https://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff/35a6de137a39f274d5e01ed0e0e6c4f04d0aaf07 (n8.0)
@@ -115572,7 +115654,7 @@ CVE-2025-1596 (A vulnerability was found in SourceCodester Best Church Managemen
 CVE-2025-1595 (A vulnerability has been found in Anhui Xufan Information Technology E ...)
 	NOT-FOR-US: Anhui Xufan Information Technology EasyCVR
 CVE-2025-1594 (A vulnerability, which was classified as critical, was found in FFmpeg ...)
-	{DSA-6079-1 DSA-6007-1}
+	{DSA-6079-1 DSA-6007-1 DLA-4440-1}
 	- ffmpeg 7:7.1.2-1
 	NOTE: https://ffmpeg.org/pipermail/ffmpeg-devel/2025-February/339544.html
 	NOTE: https://trac.ffmpeg.org/ticket/11418
@@ -131349,6 +131431,7 @@ CVE-2023-50850 (Missing Authorization vulnerability in Woo WooCommerce Subscript
 CVE-2023-48775 (Missing Authorization vulnerability in Gfazioli WP Cleanfix allows Exp ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-6603 (A flaw was found in FFmpeg's HLS playlist parsing. This vulnerability  ...)
+	{DLA-4440-1}
 	- ffmpeg 7:5.0.1-2
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2334335
 	NOTE: Fixed by: https://github.com/FFmpeg/FFmpeg/commit/28c83584e8f3cd747c1476a74cc2841d3d1fa7f3 (n5.0)
@@ -139519,6 +139602,7 @@ CVE-2024-36616 (An integer overflow in the component /libavformat/westwood_vqa.c
 	NOTE: https://github.com/ffmpeg/ffmpeg/commit/a8beef67993aa267de87599007143d9f0ba67c23 (n5.1.5)
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/251b3c3892e79bd9dd93a973d16c28667fde131e (n4.3.7)
 CVE-2024-36615 (FFmpeg n7.0 has a race condition vulnerability in the VP9 decoder. Thi ...)
+	{DLA-4440-1}
 	- ffmpeg 7:7.1-3
 	[bookworm] - ffmpeg <postponed> (Pick up when fixed in 5.1.x)
 	NOTE: https://github.com/ffmpeg/ffmpeg/commit/0ba058579f332b3060d8470a04ddd3fbf305be61 (n7.1)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b162dcc4609d9a69e50fe67d22f8f71bd92c72f0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b162dcc4609d9a69e50fe67d22f8f71bd92c72f0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260117/05630d0e/attachment.htm>

More information about the debian-security-tracker-commits mailing list