[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jan 20 08:13:17 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2de87090 by security tracker role at 2026-01-20T08:13:10+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,115 @@
+CVE-2026-23950 (node-tar,a Tar for Node.js, has a race condition vulnerability in vers ...)
+ TODO: check
+CVE-2026-23949 (jaraco.context, an open-source software package that provides some use ...)
+ TODO: check
+CVE-2026-23947 (Orval generates type-safe JS clients (TypeScript) from any valid OpenA ...)
+ TODO: check
+CVE-2026-23944 (Arcane is an interface for managing Docker containers, images, network ...)
+ TODO: check
+CVE-2026-23917
+ REJECTED
+CVE-2026-23916
+ REJECTED
+CVE-2026-23915
+ REJECTED
+CVE-2026-23914
+ REJECTED
+CVE-2026-23913
+ REJECTED
+CVE-2026-23912
+ REJECTED
+CVE-2026-23911
+ REJECTED
+CVE-2026-23910
+ REJECTED
+CVE-2026-23909
+ REJECTED
+CVE-2026-23886 (Swift W3C TraceContext is a Swift implementation of the W3C Trace Cont ...)
+ TODO: check
+CVE-2026-23885 (Alchemy is an open source content management system engine written in ...)
+ TODO: check
+CVE-2026-23880 (OnboardLite is a comprehensive membership lifecycle platform built for ...)
+ TODO: check
+CVE-2026-23877 (Swing Music is a self-hosted music player for local audio files. Prior ...)
+ TODO: check
+CVE-2026-23876 (ImageMagick is free and open-source software used for editing and mani ...)
+ TODO: check
+CVE-2026-23875 (CrawlChat is an open-source, AI-powered platform that transforms techn ...)
+ TODO: check
+CVE-2026-23874 (ImageMagick is free and open-source software used for editing and mani ...)
+ TODO: check
+CVE-2026-23849 (File Browser provides a file managing interface within a specified dir ...)
+ TODO: check
+CVE-2026-23848 (MyTube is a self-hosted downloader and player for several video websit ...)
+ TODO: check
+CVE-2026-23844 (Whisper Money is a personal finance application. Versions prior to 0.1 ...)
+ TODO: check
+CVE-2026-23837 (MyTube is a self-hosted downloader and player for several video websit ...)
+ TODO: check
+CVE-2026-22770 (ImageMagick is free and open-source software used for editing and mani ...)
+ TODO: check
+CVE-2026-22219 (Chainlit versions prior to 2.9.4 contain a server-side request forgery ...)
+ TODO: check
+CVE-2026-22218 (Chainlit versions prior to 2.9.4 contain an arbitrary file read vulner ...)
+ TODO: check
+CVE-2026-1223 (PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS has an I ...)
+ TODO: check
+CVE-2026-1222 (PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS has an A ...)
+ TODO: check
+CVE-2026-1221 (PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS has a U ...)
+ TODO: check
+CVE-2026-1218 (A vulnerability was detected in Bjskzy Zhiyou ERP up to 11.0. Impacted ...)
+ TODO: check
+CVE-2026-1203 (A weakness has been identified in CRMEB up to 5.6.3. The impacted elem ...)
+ TODO: check
+CVE-2026-1202 (A security flaw has been discovered in CRMEB up to 5.6.3. The affected ...)
+ TODO: check
+CVE-2026-1197 (A vulnerability was detected in MineAdmin 1.x/2.x. Affected by this vu ...)
+ TODO: check
+CVE-2026-1196 (A security vulnerability has been detected in MineAdmin 1.x/2.x. Affec ...)
+ TODO: check
+CVE-2026-1195 (A weakness has been identified in MineAdmin 1.x/2.x. This impacts the ...)
+ TODO: check
+CVE-2026-1194 (A security flaw has been discovered in MineAdmin 1.x/2.x. This affects ...)
+ TODO: check
+CVE-2026-1193 (A vulnerability was identified in MineAdmin 1.x/2.x. The impacted elem ...)
+ TODO: check
+CVE-2026-1192 (A vulnerability was determined in Tosei Online Store Management System ...)
+ TODO: check
+CVE-2026-1179 (A vulnerability was detected in Yonyou KSOA 9.0. This affects an unkno ...)
+ TODO: check
+CVE-2026-1178 (A security vulnerability has been detected in Yonyou KSOA 9.0. Affecte ...)
+ TODO: check
+CVE-2026-1177 (A weakness has been identified in Yonyou KSOA 9.0. Affected by this vu ...)
+ TODO: check
+CVE-2026-1176 (A security flaw has been discovered in itsourcecode School Management ...)
+ TODO: check
+CVE-2026-1175 (A vulnerability was identified in birkir prime up to 0.4.0.beta.0. Thi ...)
+ TODO: check
+CVE-2026-1051 (The Newsletter \u2013 Send awesome emails from WordPress plugin for Wo ...)
+ TODO: check
+CVE-2026-1045 (The Viet contact plugin for WordPress is vulnerable to Stored Cross-Si ...)
+ TODO: check
+CVE-2026-1042 (The WP Hello Bar plugin for WordPress is vulnerable to Stored Cross-Si ...)
+ TODO: check
+CVE-2026-0895 (The extension extends TYPO3\u2019 FileSpool component, which was vulne ...)
+ TODO: check
+CVE-2025-66523 (URL parameters are directly embedded into JavaScript code or HTML attr ...)
+ TODO: check
+CVE-2025-15466 (The Image Photo Gallery Final Tiles Grid plugin for WordPress is vulne ...)
+ TODO: check
+CVE-2025-14978 (The PeachPay \u2014 Payments & Express Checkout for WooCommerce (suppo ...)
+ TODO: check
+CVE-2025-14977 (The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution \u2 ...)
+ TODO: check
+CVE-2025-14798 (The LearnPress \u2013 WordPress LMS Plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2025-14351 (The Custom Fonts \u2013 Host Your Fonts Locally plugin for WordPress i ...)
+ TODO: check
+CVE-2025-14348 (The weMail - Email Marketing, Lead Generation, Optin Forms, Email News ...)
+ TODO: check
+CVE-2025-12573 (The Bookingor WordPress plugin through 1.0.12 exposes authenticated A ...)
+ TODO: check
CVE-2026-23878 (HotCRP is conference review software. Starting in commit aa20ef288828b ...)
NOT-FOR-US: HotCRP
CVE-2026-23852 (SiYuan is a personal knowledge management system. Versions prior to 3. ...)
@@ -1972,43 +2084,43 @@ CVE-2025-55130 [Bypass File System Permissions using crafted symlinks]
CVE-2025-55131 [Timeout-based race conditions make Uint8Array/Buffer.alloc non-zerofilled]
- nodejs 22.22.0+dfsg+~cs22.19.6-1
NOTE: https://nodejs.org/en/blog/vulnerability/december-2025-security-releases#timeout-based-race-conditions-make-uint8arraybufferalloc-non-zerofilled-cve-2025-55131---high
-CVE-2026-0908
+CVE-2026-0908 (Use after free in ANGLE in Google Chrome prior to 144.0.7559.59 allowe ...)
{DSA-6100-1}
- chromium 144.0.7559.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-0907
+CVE-2026-0907 (Incorrect security UI in Split View in Google Chrome prior to 144.0.75 ...)
{DSA-6100-1}
- chromium 144.0.7559.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-0906
+CVE-2026-0906 (Incorrect security UI in Google Chrome on Android prior to 144.0.7559 ...)
{DSA-6100-1}
- chromium 144.0.7559.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-0905
+CVE-2026-0905 (Insufficient policy enforcement in Network in Google Chrome prior to 1 ...)
{DSA-6100-1}
- chromium 144.0.7559.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-0904
+CVE-2026-0904 (Incorrect security UI in Digital Credentials in Google Chrome prior to ...)
{DSA-6100-1}
- chromium 144.0.7559.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-0903
+CVE-2026-0903 (Inappropriate implementation in Downloads in Google Chrome on Windows ...)
{DSA-6100-1}
- chromium 144.0.7559.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-0902
+CVE-2026-0902 (Inappropriate implementation in V8 in Google Chrome prior to 144.0.755 ...)
{DSA-6100-1}
- chromium 144.0.7559.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-0901
+CVE-2026-0901 (Inappropriate implementation in Blink in Google Chrome on Android prio ...)
{DSA-6100-1}
- chromium 144.0.7559.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-0900
+CVE-2026-0900 (Inappropriate implementation in V8 in Google Chrome prior to 144.0.755 ...)
{DSA-6100-1}
- chromium 144.0.7559.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-0899
+CVE-2026-0899 (Out of bounds memory access in V8 in Google Chrome prior to 144.0.7559 ...)
{DSA-6100-1}
- chromium 144.0.7559.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
@@ -12487,6 +12599,7 @@ CVE-2025-68381 (Improper Bounds Check (CWE-787) in Packetbeat can allow a remote
CVE-2025-68279 (Weblate is a web based localization tool. In versions prior to 5.15.1, ...)
- weblate <itp> (bug #745661)
CVE-2025-68161 (The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2. ...)
+ {DLA-4444-1}
- apache-log4j2 <unfixed> (bug #1123744)
[trixie] - apache-log4j2 <no-dsa> (Minor issue)
[bookworm] - apache-log4j2 <no-dsa> (Minor issue)
@@ -13497,6 +13610,7 @@ CVE-2025-27063 (Memory corruption during video playback when video session open
CVE-2025-14856 (A security vulnerability has been detected in y_project RuoYi up to 4. ...)
NOT-FOR-US: RuoYi
CVE-2025-14841 (A flaw has been found in OFFIS DCMTK up to 3.6.9. The impacted element ...)
+ {DLA-4443-1}
- dcmtk <unfixed> (bug #1123584)
[trixie] - dcmtk <no-dsa> (Minor issue)
[bookworm] - dcmtk <no-dsa> (Minor issue)
@@ -15652,6 +15766,7 @@ CVE-2025-14619 (A vulnerability was found in code-projects Student File Manageme
CVE-2025-14617 (A vulnerability has been found in Jehovahs Witnesses JW Library App up ...)
NOT-FOR-US: Jehovahs Witnesses JW Library App
CVE-2025-14607 (A vulnerability was detected in OFFIS DCMTK up to 3.6.9. Affected by t ...)
+ {DLA-4443-1}
- dcmtk <unfixed> (bug #1122926)
[trixie] - dcmtk <no-dsa> (Minor issue)
[bookworm] - dcmtk <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2de87090246c3c99ed159df1ddde7334d2c6703b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2de87090246c3c99ed159df1ddde7334d2c6703b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260120/b0c93741/attachment.htm>
More information about the debian-security-tracker-commits
mailing list