[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Jan 21 08:13:06 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2ba88228 by security tracker role at 2026-01-21T08:12:59+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,209 @@
+CVE-2026-24061 (telnetd in GNU Inetutils through 2.7 allows remote authentication bypa ...)
+	TODO: check
+CVE-2026-24026
+	REJECTED
+CVE-2026-24025
+	REJECTED
+CVE-2026-24024
+	REJECTED
+CVE-2026-24023
+	REJECTED
+CVE-2026-24022
+	REJECTED
+CVE-2026-24021
+	REJECTED
+CVE-2026-24020
+	REJECTED
+CVE-2026-24016 (The installer of ServerView Agents for Windows provided by Fsas Techno ...)
+	TODO: check
+CVE-2026-22976 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
+	TODO: check
+CVE-2026-21990 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+	TODO: check
+CVE-2026-21989 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+	TODO: check
+CVE-2026-21988 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+	TODO: check
+CVE-2026-21987 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+	TODO: check
+CVE-2026-21986 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+	TODO: check
+CVE-2026-21985 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+	TODO: check
+CVE-2026-21984 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+	TODO: check
+CVE-2026-21983 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+	TODO: check
+CVE-2026-21982 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+	TODO: check
+CVE-2026-21981 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+	TODO: check
+CVE-2026-21980 (Vulnerability in the Oracle Life Sciences Central Coding product of Or ...)
+	TODO: check
+CVE-2026-21979 (Vulnerability in the Oracle Planning and Budgeting Cloud Service produ ...)
+	TODO: check
+CVE-2026-21978 (Vulnerability in the Oracle FLEXCUBE Universal Banking product of Orac ...)
+	TODO: check
+CVE-2026-21977 (Vulnerability in the Oracle Zero Data Loss Recovery Appliance Software ...)
+	TODO: check
+CVE-2026-21976 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
+	TODO: check
+CVE-2026-21975 (Vulnerability in the Java VM component of Oracle Database Server.  Sup ...)
+	TODO: check
+CVE-2026-21974 (Vulnerability in the Oracle Life Sciences Central Designer product of  ...)
+	TODO: check
+CVE-2026-21973 (Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Ora ...)
+	TODO: check
+CVE-2026-21972 (Vulnerability in the Oracle Configurator product of Oracle E-Business  ...)
+	TODO: check
+CVE-2026-21971 (Vulnerability in the PeopleSoft Enterprise SCM Purchasing product of O ...)
+	TODO: check
+CVE-2026-21970 (Vulnerability in the Oracle Life Sciences Central Designer product of  ...)
+	TODO: check
+CVE-2026-21969 (Vulnerability in the Oracle Agile Product Lifecycle Management for Pro ...)
+	TODO: check
+CVE-2026-21968 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
+	TODO: check
+CVE-2026-21967 (Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hosp ...)
+	TODO: check
+CVE-2026-21966 (Vulnerability in the Oracle Hospitality OPERA 5 Property Services prod ...)
+	TODO: check
+CVE-2026-21965 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
+	TODO: check
+CVE-2026-21964 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
+	TODO: check
+CVE-2026-21963 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+	TODO: check
+CVE-2026-21962 (Vulnerability in the Oracle HTTP Server, Oracle Weblogic Server Proxy  ...)
+	TODO: check
+CVE-2026-21961 (Vulnerability in the PeopleSoft Enterprise HCM Human Resources product ...)
+	TODO: check
+CVE-2026-21960 (Vulnerability in the Oracle Applications DBA product of Oracle E-Busin ...)
+	TODO: check
+CVE-2026-21959 (Vulnerability in the Oracle Workflow product of Oracle E-Business Suit ...)
+	TODO: check
+CVE-2026-21957 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+	TODO: check
+CVE-2026-21956 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+	TODO: check
+CVE-2026-21955 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+	TODO: check
+CVE-2026-21952 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
+	TODO: check
+CVE-2026-21951 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+	TODO: check
+CVE-2026-21950 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
+	TODO: check
+CVE-2026-21949 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
+	TODO: check
+CVE-2026-21948 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
+	TODO: check
+CVE-2026-21947 (Vulnerability in Oracle Java SE (component: JavaFX).  Supported versio ...)
+	TODO: check
+CVE-2026-21946 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle  ...)
+	TODO: check
+CVE-2026-21945 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
+	TODO: check
+CVE-2026-21944 (Vulnerability in the Oracle Agile Product Lifecycle Management for Pro ...)
+	TODO: check
+CVE-2026-21943 (Vulnerability in the Oracle Scripting product of Oracle E-Business Sui ...)
+	TODO: check
+CVE-2026-21942 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
+	TODO: check
+CVE-2026-21941 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
+	TODO: check
+CVE-2026-21940 (Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain ( ...)
+	TODO: check
+CVE-2026-21939 (Vulnerability in the SQLcl component of Oracle Database Server.  Suppo ...)
+	TODO: check
+CVE-2026-21938 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+	TODO: check
+CVE-2026-21937 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
+	TODO: check
+CVE-2026-21936 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
+	TODO: check
+CVE-2026-21935 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
+	TODO: check
+CVE-2026-21934 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+	TODO: check
+CVE-2026-21933 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
+	TODO: check
+CVE-2026-21932 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
+	TODO: check
+CVE-2026-21931 (Vulnerability in the Oracle APEX Sample Applications product of Oracle ...)
+	TODO: check
+CVE-2026-21930 (Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracl ...)
+	TODO: check
+CVE-2026-21929 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
+	TODO: check
+CVE-2026-21928 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
+	TODO: check
+CVE-2026-21927 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
+	TODO: check
+CVE-2026-21926 (Vulnerability in the Siebel CRM Deployment product of Oracle Siebel CR ...)
+	TODO: check
+CVE-2026-21925 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
+	TODO: check
+CVE-2026-21924 (Vulnerability in the Oracle Utilities Application Framework product of ...)
+	TODO: check
+CVE-2026-21923 (Vulnerability in the Oracle Life Sciences Central Designer product of  ...)
+	TODO: check
+CVE-2026-21922 (Vulnerability in the Oracle Planning and Budgeting Cloud Service produ ...)
+	TODO: check
+CVE-2026-21664 (HackerOne community member Huynh Pham Thanh Luc (nigh7c0r3) has report ...)
+	TODO: check
+CVE-2026-21663 (HackerOne community member Patrick Lang (7yr) has reported a reflected ...)
+	TODO: check
+CVE-2026-21642 (HackerOne community member Patrick Lang (7yr) has reported a reflected ...)
+	TODO: check
+CVE-2026-21641 (HackerOne community member Jad Ghamloush (0xjad) has reported an autho ...)
+	TODO: check
+CVE-2026-21640 (HackerOne community member Faraz Ahmed (PakCyberbot) has reported a fo ...)
+	TODO: check
+CVE-2026-1035 (A flaw was found in the Keycloak server during refresh token processin ...)
+	TODO: check
+CVE-2026-0933 (SummaryA command injection vulnerability (CWE-78) has been found to ex ...)
+	TODO: check
+CVE-2026-0865 (User-controlled header names and values containing newlines can allow  ...)
+	TODO: check
+CVE-2026-0672 (When using http.cookies.Morsel, user-controlled cookie values and para ...)
+	TODO: check
+CVE-2025-68133 (EVerest is an EV charging software stack. In versions 2025.9.0 and bel ...)
+	TODO: check
+CVE-2025-66902 (An input validation issue in in Pithikos websocket-server v.0.6.4 allo ...)
+	TODO: check
+CVE-2025-66692 (A buffer over-read in the PublicKey::verify() method of Binance - Trus ...)
+	TODO: check
+CVE-2025-63648 (A NULL pointer dereference in the dacp_reply_playqueueedit_move functi ...)
+	TODO: check
+CVE-2025-63647 (A NULL pointer dereference in the parse_meta function (src/httpd_daap. ...)
+	TODO: check
+CVE-2025-58744 (Use of Default Credentials, Hard-coded Credentials vulnerability inC2S ...)
+	TODO: check
+CVE-2025-58743 (Use of a Broken or Risky Cryptographic Algorithm (DES) vulnerability   ...)
+	TODO: check
+CVE-2025-58742 (Insufficiently Protected Credentials, Improper Restriction of Communic ...)
+	TODO: check
+CVE-2025-58741 (Insufficiently Protected Credentials vulnerability in the Credential F ...)
+	TODO: check
+CVE-2025-58740 (The use of a hard-coded encryption key in calls to the Password functi ...)
+	TODO: check
+CVE-2025-57156 (NULL pointer dereference in the dacp_reply_playqueueedit_clear functio ...)
+	TODO: check
+CVE-2025-57155 (NULL pointer dereference in the daap_reply_groups function in src/http ...)
+	TODO: check
+CVE-2025-15521 (The Academy LMS \u2013 WordPress LMS Plugin for Complete eLearning Sol ...)
+	TODO: check
+CVE-2025-15367 (The poplib module, when passed a user-controlled command, can have add ...)
+	TODO: check
+CVE-2025-15366 (The imaplib module, when passed a user-controlled command, can have ad ...)
+	TODO: check
+CVE-2025-15282 (User-controlled data URLs parsed by urllib.request.DataHandler allow i ...)
+	TODO: check
+CVE-2025-14559 (A flaw was found in the keycloak-services component of Keycloak. This  ...)
+	TODO: check
+CVE-2025-11468 (When folding a long comment in an email header containing exclusively  ...)
+	TODO: check
 CVE-2026-XXXX [inetutils: remote authentication by-pass in telnet]
 	- inetutils 2:2.7-2
 	NOTE: https://lists.gnu.org/archive/html/bug-inetutils/2026-01/msg00004.html
@@ -1555,6 +1761,7 @@ CVE-2021-47753 (phpKF CMS 3.00 Beta y6 contains an unauthenticated file upload v
 CVE-2021-47752 (AWebServer GhostBuilding 18 contains a denial of service vulnerability ...)
 	NOT-FOR-US: AWebServer GhostBuilding
 CVE-2026-22797 (An issue was discovered in OpenStack keystonemiddleware 10.5 through 1 ...)
+	{DSA-6104-1}
 	- python-keystonemiddleware 10.12.0-3 (bug #1125680)
 	[bookworm] - python-keystonemiddleware <not-affected> (Vulnerable code not present)
 	[bullseye] - python-keystonemiddleware <not-affected> (Vulnerable code not present)
@@ -2319,28 +2526,28 @@ CVE-2020-36919 (WPForms 1.7.8 contains a cross-site scripting vulnerability in t
 	NOT-FOR-US: WPForms
 CVE-2020-36911 (Covenant 0.1.3 - 0.5 contains a remote code execution vulnerability th ...)
 	NOT-FOR-US: Covenant
-CVE-2025-55132 [fs.futimes() Bypasses Read-Only Permission Model]
+CVE-2025-55132 (A flaw in Node.js's permission model allows a file's access and modifi ...)
 	- nodejs 22.22.0+dfsg+~cs22.19.6-1
 	NOTE: https://nodejs.org/en/blog/vulnerability/december-2025-security-releases#fsfutimes-bypasses-read-only-permission-model-cve-2025-55132---low
-CVE-2026-21637 [TLS PSK/ALPN Callback Exceptions Bypass Error Handlers, Causing DoS and FD Leak]
+CVE-2026-21637 (A flaw in Node.js TLS error handling allows remote attackers to crash  ...)
 	- nodejs 22.22.0+dfsg+~cs22.19.6-1
 	NOTE: https://nodejs.org/en/blog/vulnerability/december-2025-security-releases#tls-pskalpn-callback-exceptions-bypass-error-handlers-causing-dos-and-fd-leak-cve-2026-21637---medium
-CVE-2026-21636 [Node.js permission model bypass via unchecked Unix Domain Socket connections (UDS)]
+CVE-2026-21636 (A flaw in Node.js's permission model allows Unix Domain Socket (UDS) c ...)
 	- nodejs <not-affected> (Only affects Node.js v25)
 	NOTE: https://nodejs.org/en/blog/vulnerability/december-2025-security-releases#nodejs-permission-model-bypass-via-unchecked-unix-domain-socket-connections-uds-cve-2026-21636---medium
-CVE-2025-59464 [Memory leak that enables remote Denial of Service against applications processing TLS client certificates]
+CVE-2025-59464 (A memory leak in Node.js\u2019s OpenSSL integration occurs when conver ...)
 	- nodejs <not-affected> (Only affects Node.js v24 releases and fixed in v24.12.0)
 	NOTE: https://nodejs.org/en/blog/vulnerability/december-2025-security-releases#memory-leak-that-enables-remote-denial-of-service-against-applications-processing-tls-client-certificates-cve-2025-59464---medium
-CVE-2025-59466 [Uncatchable "Maximum call stack size exceeded" error on Node.js via async_hooks leads to process crashes bypassing error handlers]
+CVE-2025-59466 (We have identified a bug in Node.js error handling where "Maximum call ...)
 	- nodejs 22.22.0+dfsg+~cs22.19.6-1
 	NOTE: https://nodejs.org/en/blog/vulnerability/december-2025-security-releases#uncatchable-maximum-call-stack-size-exceeded-error-on-nodejs-via-async_hooks-leads-to-process-crashes-bypassing-error-handlers-cve-2025-59466---medium
-CVE-2025-59465 [Node.js HTTP/2 server crashes with unhandled error when receiving malformed HEADERS frame]
+CVE-2025-59465 (A malformed `HTTP/2 HEADERS` frame with oversized, invalid `HPACK` dat ...)
 	- nodejs 22.22.0+dfsg+~cs22.19.6-1
 	NOTE: https://nodejs.org/en/blog/vulnerability/december-2025-security-releases#nodejs-http2-server-crashes-with-unhandled-error-when-receiving-malformed-headers-frame-cve-2025-59465---high
-CVE-2025-55130 [Bypass File System Permissions using crafted symlinks]
+CVE-2025-55130 (A flaw in Node.js\u2019s Permissions model allows attackers to bypass  ...)
 	- nodejs 22.22.0+dfsg+~cs22.19.6-1
 	NOTE: https://nodejs.org/en/blog/vulnerability/december-2025-security-releases#bypass-file-system-permissions-using-crafted-symlinks-cve-2025-55130---high
-CVE-2025-55131 [Timeout-based race conditions make Uint8Array/Buffer.alloc non-zerofilled]
+CVE-2025-55131 (A flaw in Node.js's buffer allocation logic can expose uninitialized m ...)
 	- nodejs 22.22.0+dfsg+~cs22.19.6-1
 	NOTE: https://nodejs.org/en/blog/vulnerability/december-2025-security-releases#timeout-based-race-conditions-make-uint8arraybufferalloc-non-zerofilled-cve-2025-55131---high
 CVE-2026-0908 (Use after free in ANGLE in Google Chrome prior to 144.0.7559.59 allowe ...)
@@ -184124,7 +184331,7 @@ CVE-2024-37182 (Mattermost Desktop App versions <=5.7.0 fail to correctly prompt
 	- mattermost-desktop <itp> (bug #831861)
 CVE-2024-36656 (In MintHCM 4.0.3, a registered user can execute arbitrary JavaScript c ...)
 	NOT-FOR-US: MintHCM
-CVE-2024-36600 (Buffer Overflow Vulnerability in libcdio in commit 4c840665 allows an  ...)
+CVE-2024-36600 (Buffer Overflow Vulnerability in libcdio 2.2.0 (fixed in 2.3.0) allows ...)
 	- libcdio <not-affected> (Vulnerable code introduced later in development version)
 	NOTE: https://github.com/gashasbi/My-Reports/tree/main/CVE-2024-36600
 	NOTE: Introduced by: https://git.savannah.gnu.org/cgit/libcdio.git/commit/?id=4c840665c6d9cf2ff1cf0cd12f91b25030776c74 (master)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ba8822815f0bded52b8b3dac56c9c2c2b3295a4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ba8822815f0bded52b8b3dac56c9c2c2b3295a4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260121/3334c5d9/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list