[Git][security-tracker-team/security-tracker][master] automatic update

Mon Jan 19 20:15:27 GMT 2026


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
db54774c by security tracker role at 2026-01-19T20:15:20+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,32 +1,160 @@
-CVE-2026-23534
+CVE-2026-23878 (HotCRP is conference review software. Starting in commit aa20ef288828b ...)
+	TODO: check
+CVE-2026-23852 (SiYuan is a personal knowledge management system. Versions prior to 3. ...)
+	TODO: check
+CVE-2026-23851 (SiYuan is a personal knowledge management system. Versions prior to 3. ...)
+	TODO: check
+CVE-2026-23850 (SiYuan is a personal knowledge management system. In versions prior to ...)
+	TODO: check
+CVE-2026-23847 (SiYuan is a personal knowledge management system. Versions prior to 3. ...)
+	TODO: check
+CVE-2026-23846 (Tugtainer is a self-hosted app for automating updates of Docker contai ...)
+	TODO: check
+CVE-2026-23845 (Mailpit is an email testing tool and API for developers. Versions prio ...)
+	TODO: check
+CVE-2026-23843 (teklifolustur_app is a web-based PHP application that allows users to  ...)
+	TODO: check
+CVE-2026-23842 (ChatterBot is a machine learning, conversational dialog engine for cre ...)
+	TODO: check
+CVE-2026-23841 (Movary is a web application to track, rate and explore your movie watc ...)
+	TODO: check
+CVE-2026-23840 (Movary is a web application to track, rate and explore your movie watc ...)
+	TODO: check
+CVE-2026-23839 (Movary is a web application to track, rate and explore your movie watc ...)
+	TODO: check
+CVE-2026-23838 (Tandoor Recipes is a recipe manager than can be installed with the Nix ...)
+	TODO: check
+CVE-2026-23836 (HotCRP is conference review software. A problem introduced in April 20 ...)
+	TODO: check
+CVE-2026-23833 (ESPHome is a system to control microcontrollers remotely through Home  ...)
+	TODO: check
+CVE-2026-23721 (OpenProject is an open-source, web-based project management software.  ...)
+	TODO: check
+CVE-2026-23646 (OpenProject is an open-source, web-based project management software.  ...)
+	TODO: check
+CVE-2026-23625 (OpenProject is an open-source, web-based project management software.  ...)
+	TODO: check
+CVE-2026-23522 (LobeChat is an open source chat application platform. Prior to version ...)
+	TODO: check
+CVE-2026-22850 (Koko Analytics is an open-source analytics plugin for WordPress. Versi ...)
+	TODO: check
+CVE-2026-22037 (The @fastify/express plugin adds full Express compatibility to Fastify ...)
+	TODO: check
+CVE-2026-22031 (@fastify/middie is the plugin that adds middleware support on steroids ...)
+	TODO: check
+CVE-2026-21696 (Wings is the server control plane for Pterodactyl, a free, open-source ...)
+	TODO: check
+CVE-2026-21618 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2026-1181 (A stored cross-site scripting (XSS) vulnerability exists in the Altium ...)
+	TODO: check
+CVE-2026-1174 (A vulnerability was determined in birkir prime up to 0.4.0.beta.0. Thi ...)
+	TODO: check
+CVE-2026-1173 (A vulnerability was found in birkir prime up to 0.4.0.beta.0. The impa ...)
+	TODO: check
+CVE-2026-1172 (A vulnerability has been found in birkir prime up to 0.4.0.beta.0. The ...)
+	TODO: check
+CVE-2026-1171 (A flaw has been found in birkir prime up to 0.4.0.beta.0. Impacted is  ...)
+	TODO: check
+CVE-2026-1170 (A vulnerability was detected in birkir prime up to 0.4.0.beta.0. This  ...)
+	TODO: check
+CVE-2026-1169 (A security vulnerability has been detected in birkir prime up to 0.4.0 ...)
+	TODO: check
+CVE-2026-1162 (A flaw has been found in UTT HiPER 810 1.7.4-141218. The impacted elem ...)
+	TODO: check
+CVE-2026-1161 (A vulnerability was detected in pbrong hrms 1.0.1. The affected elemen ...)
+	TODO: check
+CVE-2026-1160 (A security vulnerability has been detected in PHPGurukul Directory Man ...)
+	TODO: check
+CVE-2026-1159 (A weakness has been identified in itsourcecode Online Frozen Foods Ord ...)
+	TODO: check
+CVE-2026-1158 (A security flaw has been discovered in Totolink LR350 9.3.5u.6369_B202 ...)
+	TODO: check
+CVE-2026-1157 (A vulnerability was identified in Totolink LR350 9.3.5u.6369_B20220309 ...)
+	TODO: check
+CVE-2026-1156 (A vulnerability was determined in Totolink LR350 9.3.5u.6369_B20220309 ...)
+	TODO: check
+CVE-2026-1155 (A vulnerability was found in Totolink LR350 9.3.5u.6369_B20220309. Aff ...)
+	TODO: check
+CVE-2026-1154 (A flaw has been found in SourceCodester E-Learning System 1.0. This im ...)
+	TODO: check
+CVE-2026-1153 (A vulnerability was detected in technical-laohu mpay up to 1.2.4. This ...)
+	TODO: check
+CVE-2026-1152 (A security vulnerability has been detected in technical-laohu mpay up  ...)
+	TODO: check
+CVE-2026-1151 (A weakness has been identified in technical-laohu mpay up to 1.2.4. Th ...)
+	TODO: check
+CVE-2026-1150 (A security flaw has been discovered in Totolink LR350 9.3.5u.6369_B202 ...)
+	TODO: check
+CVE-2026-1149 (A vulnerability was identified in Totolink LR350 9.3.5u.6369_B20220309 ...)
+	TODO: check
+CVE-2026-1148 (A vulnerability was determined in SourceCodester/Patrick Mvuma Patient ...)
+	TODO: check
+CVE-2026-1147 (A vulnerability was found in SourceCodester/Patrick Mvuma Patients Wai ...)
+	TODO: check
+CVE-2026-1146 (A vulnerability has been found in SourceCodester/Patrick Mvuma Patient ...)
+	TODO: check
+CVE-2026-1145 (A flaw has been found in quickjs-ng quickjs up to 0.11.0. Affected by  ...)
+	TODO: check
+CVE-2026-1007 (Incorrect Authorization vulnerability in virtual gateway component in  ...)
+	TODO: check
+CVE-2026-0610 (SQL Injection vulnerability in remote-sessions in Devolutions Server.T ...)
+	TODO: check
+CVE-2025-69199 (Wings is the server control plane for Pterodactyl, a free, open-source ...)
+	TODO: check
+CVE-2025-69198 (Pterodactyl is a free, open-source game server management panel. Ptero ...)
+	TODO: check
+CVE-2025-68616 (WeasyPrint helps web developers to create PDF documents. Prior to vers ...)
+	TODO: check
+CVE-2025-61684 (Quicly, an IETF QUIC protocol implementation, is susceptible to a deni ...)
+	TODO: check
+CVE-2025-55252 (HCL AION version 2 is affected by a Weak Password Policy vulnerability ...)
+	TODO: check
+CVE-2025-55251 (HCL AION is affected by an Unrestricted File Upload vulnerability. Thi ...)
+	TODO: check
+CVE-2025-55250 (HCL AION version 2 is affected by a Technical Error Disclosure vulnera ...)
+	TODO: check
+CVE-2025-55249 (HCL AION is affected by a Missing Security Response Headers vulnerabil ...)
+	TODO: check
+CVE-2025-52661 (HCL AION version 2 is affected by a JWT Token Expiry Too Long vulnerab ...)
+	TODO: check
+CVE-2025-52660 (HCL AION is affected by an Unrestricted File Upload vulnerability. Thi ...)
+	TODO: check
+CVE-2025-52659 (HCL AION version 2 is affected by a Cacheable HTTP Response vulnerabil ...)
+	TODO: check
+CVE-2025-11044 (An Allocation of Resources Without Limits or Throttling vulnerability  ...)
+	TODO: check
+CVE-2025-11043 (An Improper Certificate Validation vulnerability in the OPC-UA client  ...)
+	TODO: check
+CVE-2026-23534 (FreeRDP is a free implementation of the Remote Desktop Protocol. Prior ...)
 	- freerdp3 <unfixed>
 	- freerdp2 <removed>
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-3frr-mp8w-4599
-CVE-2026-23533
+CVE-2026-23533 (FreeRDP is a free implementation of the Remote Desktop Protocol. Prior ...)
 	- freerdp3 <unfixed>
 	- freerdp2 <removed>
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-32q9-m5qr-9j2v
-CVE-2026-23532
+CVE-2026-23532 (FreeRDP is a free implementation of the Remote Desktop Protocol. Prior ...)
 	- freerdp3 <unfixed>
 	- freerdp2 <removed>
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-fq8c-87hj-7gvr
-CVE-2026-23531
+CVE-2026-23531 (FreeRDP is a free implementation of the Remote Desktop Protocol. Prior ...)
 	- freerdp3 <unfixed>
 	- freerdp2 <removed>
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-xj5h-9cr5-23c5
-CVE-2026-23530
+CVE-2026-23530 (FreeRDP is a free implementation of the Remote Desktop Protocol. Prior ...)
 	- freerdp3 <unfixed>
 	- freerdp2 <removed>
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-r4hv-852m-fq7p
-CVE-2026-23732
+CVE-2026-23732 (FreeRDP is a free implementation of the Remote Desktop Protocol. Prior ...)
 	- freerdp3 <unfixed>
 	- freerdp2 <removed>
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-7qxp-j2fj-c3pp
-CVE-2026-23883
+CVE-2026-23883 (FreeRDP is a free implementation of the Remote Desktop Protocol. Prior ...)
 	- freerdp3 <unfixed>
 	- freerdp2 <removed>
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-qcrr-85qx-4p6x
-CVE-2026-23884
+CVE-2026-23884 (FreeRDP is a free implementation of the Remote Desktop Protocol. Prior ...)
 	- freerdp3 <unfixed>
 	- freerdp2 <removed>
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cfgj-vc84-f3pp
@@ -1055,7 +1183,7 @@ CVE-2021-47753 (phpKF CMS 3.00 Beta y6 contains an unauthenticated file upload v
 	NOT-FOR-US: phpKF CMS
 CVE-2021-47752 (AWebServer GhostBuilding 18 contains a denial of service vulnerability ...)
 	NOT-FOR-US: AWebServer GhostBuilding
-CVE-2026-22797 [Privilege Escalation via Identity Headers in External OAuth2 Tokens]
+CVE-2026-22797 (An issue was discovered in OpenStack keystonemiddleware 10.5 through 1 ...)
 	- python-keystonemiddleware 10.12.0-3 (bug #1125680)
 	[bookworm] - python-keystonemiddleware <not-affected> (Vulnerable code not present)
 	[bullseye] - python-keystonemiddleware <not-affected> (Vulnerable code not present)
@@ -2645,7 +2773,7 @@ CVE-2026-0892 (Memory safety bugs present in Firefox 146 and Thunderbird 146. So
 	- firefox 147.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-01/#CVE-2026-0892
 CVE-2026-0891 (Memory safety bugs present in Firefox ESR 140.6, Thunderbird ESR 140.6 ...)
-	{DSA-6103-1 DSA-6101-1 DLA-4439-1}
+	{DSA-6103-1 DSA-6101-1 DLA-4442-1 DLA-4439-1}
 	- firefox 147.0-1
 	- firefox-esr 140.7.0esr-1
 	- thunderbird 1:140.7.0esr-1
@@ -2653,7 +2781,7 @@ CVE-2026-0891 (Memory safety bugs present in Firefox ESR 140.6, Thunderbird ESR
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-03/#CVE-2026-0891
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-05/#CVE-2026-0891
 CVE-2026-0890 (Spoofing issue in the DOM: Copy & Paste and Drag & Drop component. Thi ...)
-	{DSA-6103-1 DSA-6101-1 DLA-4439-1}
+	{DSA-6103-1 DSA-6101-1 DLA-4442-1 DLA-4439-1}
 	- firefox 147.0-1
 	- firefox-esr 140.7.0esr-1
 	- thunderbird 1:140.7.0esr-1
@@ -2667,7 +2795,7 @@ CVE-2026-0888 (Information disclosure in the XML component. This vulnerability a
 	- firefox 147.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-01/#CVE-2026-0888
 CVE-2026-0887 (Clickjacking issue, information disclosure in the PDF Viewer component ...)
-	{DSA-6103-1 DSA-6101-1 DLA-4439-1}
+	{DSA-6103-1 DSA-6101-1 DLA-4442-1 DLA-4439-1}
 	- firefox 147.0-1
 	- firefox-esr 140.7.0esr-1
 	- thunderbird 1:140.7.0esr-1
@@ -2675,7 +2803,7 @@ CVE-2026-0887 (Clickjacking issue, information disclosure in the PDF Viewer comp
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-03/#CVE-2026-0887
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-05/#CVE-2026-0887
 CVE-2026-0886 (Incorrect boundary conditions in the Graphics component. This vulnerab ...)
-	{DSA-6103-1 DSA-6101-1 DLA-4439-1}
+	{DSA-6103-1 DSA-6101-1 DLA-4442-1 DLA-4439-1}
 	- firefox 147.0-1
 	- firefox-esr 140.7.0esr-1
 	- thunderbird 1:140.7.0esr-1
@@ -2683,7 +2811,7 @@ CVE-2026-0886 (Incorrect boundary conditions in the Graphics component. This vul
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-03/#CVE-2026-0886
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-05/#CVE-2026-0886
 CVE-2026-0885 (Use-after-free in the JavaScript: GC component. This vulnerability aff ...)
-	{DSA-6103-1 DSA-6101-1 DLA-4439-1}
+	{DSA-6103-1 DSA-6101-1 DLA-4442-1 DLA-4439-1}
 	- firefox 147.0-1
 	- firefox-esr 140.7.0esr-1
 	- thunderbird 1:140.7.0esr-1
@@ -2691,7 +2819,7 @@ CVE-2026-0885 (Use-after-free in the JavaScript: GC component. This vulnerabilit
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-03/#CVE-2026-0885
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-05/#CVE-2026-0885
 CVE-2026-0884 (Use-after-free in the JavaScript Engine component. This vulnerability  ...)
-	{DSA-6103-1 DSA-6101-1 DLA-4439-1}
+	{DSA-6103-1 DSA-6101-1 DLA-4442-1 DLA-4439-1}
 	- firefox 147.0-1
 	- firefox-esr 140.7.0esr-1
 	- thunderbird 1:140.7.0esr-1
@@ -2699,7 +2827,7 @@ CVE-2026-0884 (Use-after-free in the JavaScript Engine component. This vulnerabi
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-03/#CVE-2026-0884
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-05/#CVE-2026-0884
 CVE-2026-0883 (Information disclosure in the Networking component. This vulnerability ...)
-	{DSA-6103-1 DSA-6101-1 DLA-4439-1}
+	{DSA-6103-1 DSA-6101-1 DLA-4442-1 DLA-4439-1}
 	- firefox 147.0-1
 	- firefox-esr 140.7.0esr-1
 	- thunderbird 1:140.7.0esr-1
@@ -2707,7 +2835,7 @@ CVE-2026-0883 (Information disclosure in the Networking component. This vulnerab
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-03/#CVE-2026-0883
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-05/#CVE-2026-0883
 CVE-2026-0882 (Use-after-free in the IPC component. This vulnerability affects Firefo ...)
-	{DSA-6103-1 DSA-6101-1 DLA-4439-1}
+	{DSA-6103-1 DSA-6101-1 DLA-4442-1 DLA-4439-1}
 	- firefox 147.0-1
 	- firefox-esr 140.7.0esr-1
 	- thunderbird 1:140.7.0esr-1
@@ -2718,7 +2846,7 @@ CVE-2026-0881 (Sandbox escape in the Messaging System component. This vulnerabil
 	- firefox 147.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-01/#CVE-2026-0881
 CVE-2026-0880 (Sandbox escape due to integer overflow in the Graphics component. This ...)
-	{DSA-6103-1 DSA-6101-1 DLA-4439-1}
+	{DSA-6103-1 DSA-6101-1 DLA-4442-1 DLA-4439-1}
 	- firefox 147.0-1
 	- firefox-esr 140.7.0esr-1
 	- thunderbird 1:140.7.0esr-1
@@ -2726,7 +2854,7 @@ CVE-2026-0880 (Sandbox escape due to integer overflow in the Graphics component.
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-03/#CVE-2026-0880
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-05/#CVE-2026-0880
 CVE-2026-0879 (Sandbox escape due to incorrect boundary conditions in the Graphics co ...)
-	{DSA-6103-1 DSA-6101-1 DLA-4439-1}
+	{DSA-6103-1 DSA-6101-1 DLA-4442-1 DLA-4439-1}
 	- firefox 147.0-1
 	- firefox-esr 140.7.0esr-1
 	- thunderbird 1:140.7.0esr-1
@@ -2734,7 +2862,7 @@ CVE-2026-0879 (Sandbox escape due to incorrect boundary conditions in the Graphi
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-03/#CVE-2026-0879
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-05/#CVE-2026-0879
 CVE-2026-0878 (Sandbox escape due to incorrect boundary conditions in the Graphics: C ...)
-	{DSA-6103-1 DSA-6101-1 DLA-4439-1}
+	{DSA-6103-1 DSA-6101-1 DLA-4442-1 DLA-4439-1}
 	- firefox 147.0-1
 	- firefox-esr 140.7.0esr-1
 	- thunderbird 1:140.7.0esr-1
@@ -2742,7 +2870,7 @@ CVE-2026-0878 (Sandbox escape due to incorrect boundary conditions in the Graphi
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-03/#CVE-2026-0878
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-05/#CVE-2026-0878
 CVE-2026-0877 (Mitigation bypass in the DOM: Security component. This vulnerability a ...)
-	{DSA-6103-1 DSA-6101-1 DLA-4439-1}
+	{DSA-6103-1 DSA-6101-1 DLA-4442-1 DLA-4439-1}
 	- firefox 147.0-1
 	- firefox-esr 140.7.0esr-1
 	- thunderbird 1:140.7.0esr-1
@@ -18352,7 +18480,7 @@ CVE-2025-14328 (Privilege escalation in the Netmonitor component. This vulnerabi
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-94/#CVE-2025-14328
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-96/#CVE-2025-14328
 CVE-2025-14327 (Spoofing issue in the Downloads Panel component. This vulnerability af ...)
-	{DSA-6103-1 DSA-6101-1 DLA-4439-1}
+	{DSA-6103-1 DSA-6101-1 DLA-4442-1 DLA-4439-1}
 	- firefox 146.0-1
 	- firefox-esr 140.7.0esr-1
 	- thunderbird 1:140.7.0esr-1
@@ -43119,9 +43247,9 @@ CVE-2025-54520 (Improper Protection Against Voltage and Clock Glitches in FPGA d
 	NOT-FOR-US: AMD
 CVE-2025-21056 (Improper input validation in Retail Mode prior to version 5.59.4 allow ...)
 	NOT-FOR-US: Samsung Mobile
-CVE-2025-29847
+CVE-2025-29847 (A vulnerability in Apache Linkis.  Problem Description When using the  ...)
 	NOT-FOR-US: Apache Linkis
-CVE-2025-59355
+CVE-2025-59355 (A vulnerability.  When org.apache.linkis.metadata.util.HiveUtils.decod ...)
 	NOT-FOR-US: Apache Linkis
 CVE-2025-9353 (The Themify Builder plugin for WordPress is vulnerable to Stored Cross ...)
 	NOT-FOR-US: WordPress plugin



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/db54774cfc108217501a6ce42ae3aab7ed51dd00

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/db54774cfc108217501a6ce42ae3aab7ed51dd00
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260119/6be8a18c/attachment-0001.htm>
