[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jan 21 20:13:34 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d63d8b2c by security tracker role at 2026-01-21T20:13:28+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,166 @@
-CVE-2026-22977 [net: sock: fix hardened usercopy panic in sock_recv_errqueue]
+CVE-2026-23955 (EVerest is an EV charging software stack. Prior to version 2025.9.0, i ...)
+ TODO: check
+CVE-2026-23755 (D-Link D-View 8 versions 2.0.1.107 and below contain an uncontrolled s ...)
+ TODO: check
+CVE-2026-23754 (D-Link D-View 8 versions 2.0.1.107 and below contain an improper acces ...)
+ TODO: check
+CVE-2026-20109 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2026-20092 (A vulnerability in the read-only maintenance shell of Cisco Intersight ...)
+ TODO: check
+CVE-2026-20080 (A vulnerability in the SSH service of Cisco IEC6400 Wireless Backhaul ...)
+ TODO: check
+CVE-2026-20055 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2026-20045 (A vulnerability in Cisco Unified Communications Manager (Unified CM), ...)
+ TODO: check
+CVE-2026-1290 (Authentication Bypass by Primary Weakness vulnerability in Jamf Jamf P ...)
+ TODO: check
+CVE-2026-0834 (Logic vulnerability in TP-Link Archer C20 v6.0 and Archer AX53 v1.0 (T ...)
+ TODO: check
+CVE-2026-0663 (Denial-of-service vulnerability in M-Files Server versions before26.1. ...)
+ TODO: check
+CVE-2025-70651 (Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow in t ...)
+ TODO: check
+CVE-2025-70650 (Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in t ...)
+ TODO: check
+CVE-2025-70648 (Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow in th ...)
+ TODO: check
+CVE-2025-70646 (Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow in th ...)
+ TODO: check
+CVE-2025-70645 (Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in t ...)
+ TODO: check
+CVE-2025-70644 (Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in t ...)
+ TODO: check
+CVE-2025-69766 (Tenda AX3 firmware v16.03.12.11 contains a stack-based buffer overflow ...)
+ TODO: check
+CVE-2025-69763 (Tenda AX3 firmware v16.03.12.11 contains a stack overflow in formSetIp ...)
+ TODO: check
+CVE-2025-69762 (Tenda AX3 firmware v16.03.12.11 contains a stack overflow in formSetIp ...)
+ TODO: check
+CVE-2025-69209 (ArduinoCore-avr contains the source code and configuration files of th ...)
+ TODO: check
+CVE-2025-68141 (EVerest is an EV charging software stack. Prior to version 2025.10.0, ...)
+ TODO: check
+CVE-2025-68140 (EVerest is an EV charging software stack. Prior to version 2025.9.0, o ...)
+ TODO: check
+CVE-2025-68139 (EVerest is an EV charging software stack. In all versions up to and in ...)
+ TODO: check
+CVE-2025-68138 (EVerest is an EV charging software stack, and EVerest libocpp is a C++ ...)
+ TODO: check
+CVE-2025-68137 (EVerest is an EV charging software stack. Prior to version 2025.10.0, ...)
+ TODO: check
+CVE-2025-68136 (EVerest is an EV charging software stack. Prior to version 2025.10.0, ...)
+ TODO: check
+CVE-2025-68135 (EVerest is an EV charging software stack. Prior to version 2025.10.0, ...)
+ TODO: check
+CVE-2025-68134 (EVerest is an EV charging software stack. Prior to version 2025.10.0, ...)
+ TODO: check
+CVE-2025-68132 (EVerest is an EV charging software stack. Prior to version 2025.12.0, ...)
+ TODO: check
+CVE-2025-66960 (An issue in ollama v.0.12.10 allows a remote attacker to cause a denia ...)
+ TODO: check
+CVE-2025-66959 (An issue in ollama v.0.12.10 allows a remote attacker to cause a denia ...)
+ TODO: check
+CVE-2025-57681 (The WorklogPRO - Timesheets for Jira plugin in Jira Data Center before ...)
+ TODO: check
+CVE-2025-13878 (Malformed BRID/HHIT records can cause `named` to terminate unexpectedl ...)
+ TODO: check
+CVE-2025-13465 (Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype poll ...)
+ TODO: check
+CVE-2025-12781 (When passing data to the b64decode(), standard_b64decode(), and urlsaf ...)
+ TODO: check
+CVE-2021-47887 (OKI Print Job Accounting 4.4.10 contains an unquoted service path vuln ...)
+ TODO: check
+CVE-2021-47886 (Pingzapper 2.3.1 contains an unquoted service path vulnerability in th ...)
+ TODO: check
+CVE-2021-47884 (OKI Configuration Tool 1.6.53 contains an unquoted service path vulner ...)
+ TODO: check
+CVE-2021-47883 (Sandboxie Plus 0.7.2 contains an unquoted service path vulnerability i ...)
+ TODO: check
+CVE-2021-47882 (FreeLAN 2.2 contains an unquoted service path vulnerability in its Win ...)
+ TODO: check
+CVE-2021-47880 (Realtek Wireless LAN Utility 700.1631 contains an unquoted service pat ...)
+ TODO: check
+CVE-2021-47879 (eBeam Interactive Suite 3.6 contains an unquoted service path vulnerab ...)
+ TODO: check
+CVE-2021-47878 (eBeam Education Suite 2.5.0.9 contains an unquoted service path vulner ...)
+ TODO: check
+CVE-2021-47877 (GeoGebra Graphing Calculator 6.0.631.0 contains a denial of service vu ...)
+ TODO: check
+CVE-2021-47876 (GeoGebra Classic 5.0.631.0-d contains a denial of service vulnerabilit ...)
+ TODO: check
+CVE-2021-47875 (GeoGebra CAS Calculator 6.0.631.0 contains a denial of service vulnera ...)
+ TODO: check
+CVE-2021-47874 (VFS for Git 1.0.21014.1 contains an unquoted service path vulnerabilit ...)
+ TODO: check
+CVE-2021-47873 (VestaCP versions prior to 0.9.8-25 contain a cross-site scripting vuln ...)
+ TODO: check
+CVE-2021-47872 (SEO Panel versions prior to 4.9.0 contain a blind SQL injection vulner ...)
+ TODO: check
+CVE-2021-47871 (Hestia Control Panel 1.3.2 contains an arbitrary file write vulnerabil ...)
+ TODO: check
+CVE-2021-47870 (GetSimple CMS My SMTP Contact Plugin 1.1.2 suffers from a Stored Cross ...)
+ TODO: check
+CVE-2021-47869 (Brother BRAdmin Professional 3.75 contains an unquoted service path vu ...)
+ TODO: check
+CVE-2021-47868 (WIN-PACK PRO 4.8 contains an unquoted service path vulnerability in th ...)
+ TODO: check
+CVE-2021-47867 (WIN-PACK PRO4.8 contains an unquoted service path vulnerability in the ...)
+ TODO: check
+CVE-2021-47866 (WIN-PACK PRO 4.8 contains an unquoted service path vulnerability in th ...)
+ TODO: check
+CVE-2021-47865 (ProFTPD 1.3.7a contains a denial of service vulnerability that allows ...)
+ TODO: check
+CVE-2021-47864 (OSAS Traverse Extension 11 contains an unquoted service path vulnerabi ...)
+ TODO: check
+CVE-2021-47863 (MacPaw Encrypto 1.0.1 contains an unquoted service path vulnerability ...)
+ TODO: check
+CVE-2021-47862 (Hi-Rez Studios 5.1.6.3 contains an unquoted service path vulnerability ...)
+ TODO: check
+CVE-2021-47861 (Event Log Explorer 4.9.3 contains an unquoted service path vulnerabili ...)
+ TODO: check
+CVE-2021-47860 (GetSimple CMS Custom JS 0.1 plugin contains a cross-site request forge ...)
+ TODO: check
+CVE-2021-47859 (ActivIdentity 8.2 contains an unquoted service path vulnerability in t ...)
+ TODO: check
+CVE-2021-47858 (Genexis Platinum-4410 P4410-V2-1.31A contains a stored cross-site scri ...)
+ TODO: check
+CVE-2021-47857 (Moodle 3.10.3 contains a persistent cross-site scripting vulnerability ...)
+ TODO: check
+CVE-2021-47855 (Openlitespeed 1.7.9 contains a stored cross-site scripting vulnerabili ...)
+ TODO: check
+CVE-2021-47854 (DD-WRT version 45723 contains a buffer overflow vulnerability in the U ...)
+ TODO: check
+CVE-2021-47853 (phpPgAdmin 7.13.0 contains a remote command execution vulnerability th ...)
+ TODO: check
+CVE-2021-47852 (Rockstar Games Launcher 1.0.37.349 contains a privilege escalation vul ...)
+ TODO: check
+CVE-2021-47851 (Mini Mouse 9.2.0 contains a remote code execution vulnerability that a ...)
+ TODO: check
+CVE-2021-47850 (Mini Mouse 9.2.0 contains a path traversal vulnerability that allows r ...)
+ TODO: check
+CVE-2021-47849 (Mini Mouse 9.3.0 contains a path traversal vulnerability that allows a ...)
+ TODO: check
+CVE-2021-47848 (Blitar Tourism 1.0 contains an authentication bypass vulnerability tha ...)
+ TODO: check
+CVE-2021-47846 (Digital Crime Report Management System 1.0 contains a critical SQL inj ...)
+ TODO: check
+CVE-2021-47830 (GetSimple CMS My SMTP Contact Plugin 1.1.1 contains a cross-site reque ...)
+ TODO: check
+CVE-2021-47817 (OpenEMR 5.0.2.1 contains a cross-site scripting vulnerability that all ...)
+ TODO: check
+CVE-2021-47802 (Tenda D151 and D301 routers contain an unauthenticated configuration d ...)
+ TODO: check
+CVE-2021-47778 (GetSimple CMS My SMTP Contact Plugin 1.1.2 contains a PHP code injecti ...)
+ TODO: check
+CVE-2021-47770 (OpenPLC v3 contains an authenticated remote code execution vulnerabili ...)
+ TODO: check
+CVE-2021-47748 (Hasura GraphQL 1.3.3 contains a remote code execution vulnerability th ...)
+ TODO: check
+CVE-2021-47746 (NodeBB Plugin Emoji 3.2.1 contains an arbitrary file write vulnerabili ...)
+ TODO: check
+CVE-2026-22977 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/2a71a1a8d0ed718b1c7a9ac61f07e5755c47ae20 (6.19-rc5)
CVE-2026-1200
@@ -238,7 +400,7 @@ CVE-2025-14559 (A flaw was found in the keycloak-services component of Keycloak.
TODO: check
CVE-2025-11468 (When folding a long comment in an email header containing exclusively ...)
TODO: check
-CVE-2026-24061 [inetutils: remote authentication by-pass in telnet]
+CVE-2026-24061 (telnetd in GNU Inetutils through 2.7 allows remote authentication bypa ...)
- inetutils 2:2.7-2 (bug #1126047)
NOTE: https://lists.gnu.org/archive/html/bug-inetutils/2026-01/msg00004.html
NOTE: Introduced with: https://codeberg.org/inetutils/inetutils/commit/fa3245ac8c288b87139a0da8249d0a408c4dfb87 (inetutils-1_9_3)
@@ -329,7 +491,7 @@ CVE-2025-56005 (An undocumented and unsafe feature in the PLY (Python Lex-Yacc)
- ply <undetermined>
NOTE: https://github.com/bohmiiidd/Undocumented-RCE-in-PLY
TODO: check, details
-CVE-2025-55423 (ipTIME routers A2003NS-MU 10.00.6 to 12.16.2 , N600 10.00.8 to 12.16.2 ...)
+CVE-2025-55423 (A command injection vulnerability exists in the upnp_relay() function ...)
NOT-FOR-US: ipTIME
CVE-2025-55071 (A reflected cross-site scripting (xss) vulnerability exists in the mod ...)
NOT-FOR-US: MedDream PACS Premium
@@ -468,9 +630,9 @@ CVE-2025-15281 (Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND
NOTE: https://www.openwall.com/lists/oss-security/2026/01/20/3
NOTE: Inroduced with: https://sourceware.org/git/?p=glibc.git;a=commit;h=8f2ece695d8822e9ecc63ecd157e90bf17a6fe65
NOTE: Fixed by: https://sourceware.org/git/?p=glibc.git;a=commit;h=80cc58ea2de214f85b0a1d902a3b668ad2ecb302
-CVE-2026-22022
+CVE-2026-22022 (Deployments of Apache Solr 5.3.0 through 9.10.0 that rely on Solr's "R ...)
- lucene-solr <not-affected> (Vulnerable code introduced later)
-CVE-2026-22444
+CVE-2026-22444 (The "create core" API of Apache Solr 8.6 through 9.10.0 lacks sufficie ...)
- lucene-solr <not-affected> (Vulnerable code introduced later)
CVE-2026-23952
- imagemagick <unfixed> (bug #1126077)
@@ -1119,7 +1281,7 @@ CVE-2025-68924 (In Umbraco UmbracoForms through 8.13.16, an authenticated attack
NOT-FOR-US: Umbraco CMS
CVE-2025-68921 (SteelSeries Nahimic 3 1.10.7 allows Directory traversal.)
NOT-FOR-US: SteelSeries Nahimic
-CVE-2025-59870 (HCL MyXalytics v6.7 is affected by improper management of a static JWT ...)
+CVE-2025-59870 (HCL MyXalytics is affected by improper management of a static JWT sign ...)
NOT-FOR-US: HCL
CVE-2025-48647 (In cpm_fwtp_msg_handler of cpm/google/lib/tracepoint/cpm_fwtp_ipc.c, t ...)
NOT-FOR-US: Android
@@ -1186,7 +1348,8 @@ CVE-2021-47834 (Schlix CMS 2.2.6-6 contains a persistent cross-site scripting vu
NOT-FOR-US: Schlix CMS
CVE-2021-47833 (WifiHotSpot 1.0.0.0 contains an unquoted service path vulnerability in ...)
NOT-FOR-US: WifiHotSpot
-CVE-2021-47832 (Sandboxie Plus 0.7.4 contains an unquoted service path vulnerability i ...)
+CVE-2021-47832
+ REJECTED
NOT-FOR-US: Sandboxie Plus
CVE-2021-47831 (Sandboxie 5.49.7 contains a denial of service vulnerability that allow ...)
NOT-FOR-US: Sandboxie
@@ -1558,7 +1721,7 @@ CVE-2025-68675 (In Apache Airflow versions before 3.1.6, the proxies and proxy f
- airflow <itp> (bug #819700)
CVE-2025-68438 (In Apache Airflow versions before 3.1.6, when rendered template fields ...)
- airflow <itp> (bug #819700)
-CVE-2026-0988
+CVE-2026-0988 (A flaw was found in glib. Missing validation of offset and count param ...)
[experimental] - glib2.0 2.87.1-1
- glib2.0 <unfixed> (bug #1125752)
NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/3851
@@ -17739,7 +17902,7 @@ CVE-2020-36884 (BrightSign Digital Signage Diagnostic Web Server 8.2.26 and less
NOT-FOR-US: BrightSign Digital Signage Diagnostic Web Server
CVE-2020-36883 (SpinetiX Fusion Digital Signage 3.4.8 and lower contains an authentica ...)
NOT-FOR-US: SpinetiX Fusion Digital Signage
-CVE-2025-14083
+CVE-2025-14083 (A flaw was found in the Keycloak Admin REST API. This vulnerability al ...)
- keycloak <itp> (bug #1088287)
CVE-2025-13327
- uv <itp> (bug #1069776)
@@ -38624,7 +38787,7 @@ CVE-2025-53476 (A denial of service vulnerability exists in the ModbusTCP server
NOT-FOR-US: OpenPLC
CVE-2025-52021 (A SQL Injection vulnerability exists in the edit_product.php file of P ...)
NOT-FOR-US: PuneethReddyHC Online Shopping System Advanced
-CVE-2025-50505 (Clash Verge Rev thru 2.2.3 forces the installation of system services( ...)
+CVE-2025-50505 (Clash Verge Rev thru 2.2.3 (fixed in 2.3.0) forces the installation of ...)
NOT-FOR-US: Clash Verge
CVE-2025-48981 (An insecure implementation of the proprietary protocol DNET in Product ...)
NOT-FOR-US: CGM MEDICOI
@@ -303030,7 +303193,7 @@ CVE-2022-46766
RESERVED
CVE-2022-46765
RESERVED
-CVE-2022-46764 (A SQL injection issue in the web API in TrueConf Server 5.2.0.10225 al ...)
+CVE-2022-46764 (A SQL injection issue in the web API in TrueConf Server 5.2.0.10225 (f ...)
NOT-FOR-US: TrueConf Server
CVE-2022-46763 (A SQL injection issue in a database stored function in TrueConf Server ...)
NOT-FOR-US: TrueConf Server
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d63d8b2c3366aa58d0fb3a4cec453458f653b279
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d63d8b2c3366aa58d0fb3a4cec453458f653b279
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260121/e954556d/attachment.htm>
More information about the debian-security-tracker-commits
mailing list