[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Jan 23 20:13:39 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0737408b by security tracker role at 2026-01-23T20:13:32+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,152 +1,446 @@
-CVE-2026-22995 [ublk: fix use-after-free in ublk_partition_scan_work]
+CVE-2026-24636 (Missing Authorization vulnerability in Syed Balkhi Sugar Calendar (Lit ...)
+ TODO: check
+CVE-2026-24635 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2026-24634 (Authorization Bypass Through User-Controlled Key vulnerability in Rust ...)
+ TODO: check
+CVE-2026-24633 (Missing Authorization vulnerability in Passionate Brains Add Expires H ...)
+ TODO: check
+CVE-2026-24632 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2026-24631 (Authorization Bypass Through User-Controlled Key vulnerability in Mika ...)
+ TODO: check
+CVE-2026-24630 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2026-24629 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2026-24627 (Missing Authorization vulnerability in Trusona Trusona for WordPress t ...)
+ TODO: check
+CVE-2026-24626 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2026-24625 (Missing Authorization vulnerability in Imaginate Solutions File Upload ...)
+ TODO: check
+CVE-2026-24624 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2026-24623 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2026-24622 (Missing Authorization vulnerability in Sergiy Dzysyak Suggestion Toolk ...)
+ TODO: check
+CVE-2026-24621 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2026-24620 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2026-24619 (Missing Authorization vulnerability in PopCash PopCash.Net Code Integr ...)
+ TODO: check
+CVE-2026-24617 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2026-24616 (Missing Authorization vulnerability in Damian WP Popups wp-popups-lite ...)
+ TODO: check
+CVE-2026-24615 (Missing Authorization vulnerability in themebeez Cream Magazine cream- ...)
+ TODO: check
+CVE-2026-24614 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2026-24613 (Missing Authorization vulnerability in Ecwid by Lightspeed Ecommerce S ...)
+ TODO: check
+CVE-2026-24612 (Missing Authorization vulnerability in themebeez Orchid Store orchid-s ...)
+ TODO: check
+CVE-2026-24609 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2026-24608 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2026-24607 (Missing Authorization vulnerability in wptravelengine Travel Monster t ...)
+ TODO: check
+CVE-2026-24606 (Missing Authorization vulnerability in Web Impian Bayarcash WooCommerc ...)
+ TODO: check
+CVE-2026-24605 (Missing Authorization vulnerability in pencilwp X Addons for Elementor ...)
+ TODO: check
+CVE-2026-24604 (Missing Authorization vulnerability in themebeez Simple GDPR Cookie Co ...)
+ TODO: check
+CVE-2026-24603 (Missing Authorization vulnerability in themebeez Universal Google Adse ...)
+ TODO: check
+CVE-2026-24602 (Missing Authorization vulnerability in Raptive Raptive Ads adthrive-ad ...)
+ TODO: check
+CVE-2026-24601 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2026-24600 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2026-24599 (Authorization Bypass Through User-Controlled Key vulnerability in XLPl ...)
+ TODO: check
+CVE-2026-24598 (Missing Authorization vulnerability in bestwebsoft Multilanguage by Be ...)
+ TODO: check
+CVE-2026-24596 (Cross-Site Request Forgery (CSRF) vulnerability in marynixie Related P ...)
+ TODO: check
+CVE-2026-24595 (Missing Authorization vulnerability in zohocrm Zoho CRM Lead Magnet zo ...)
+ TODO: check
+CVE-2026-24594 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2026-24593 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
+ TODO: check
+CVE-2026-24591 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2026-24589 (Insertion of Sensitive Information Into Sent Data vulnerability in Car ...)
+ TODO: check
+CVE-2026-24588 (Missing Authorization vulnerability in topdevs Smart Product Viewer sm ...)
+ TODO: check
+CVE-2026-24587 (Missing Authorization vulnerability in kutsy AJAX Hits Counter + Popul ...)
+ TODO: check
+CVE-2026-24585 (Missing Authorization vulnerability in Hyyan Abo Fakher Hyyan WooComme ...)
+ TODO: check
+CVE-2026-24584 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2026-24583 (Missing Authorization vulnerability in sumup SumUp Payment Gateway For ...)
+ TODO: check
+CVE-2026-24581 (Missing Authorization vulnerability in WP Swings Points and Rewards fo ...)
+ TODO: check
+CVE-2026-24580 (Missing Authorization vulnerability in Ecwid by Lightspeed Ecommerce S ...)
+ TODO: check
+CVE-2026-24579 (Missing Authorization vulnerability in WP Messiah Ai Image Alt Text Ge ...)
+ TODO: check
+CVE-2026-24578 (Missing Authorization vulnerability in Jahid Hasan Admin login URL Cha ...)
+ TODO: check
+CVE-2026-24577 (Missing Authorization vulnerability in Genetech Products Pie Register ...)
+ TODO: check
+CVE-2026-24576 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2026-24572 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2026-24571 (Missing Authorization vulnerability in boxnow BOX NOW Delivery box-now ...)
+ TODO: check
+CVE-2026-24570 (Missing Authorization vulnerability in WisdmLabs Edwiser Bridge edwise ...)
+ TODO: check
+CVE-2026-24569 (Missing Authorization vulnerability in Sully Media Library File Size m ...)
+ TODO: check
+CVE-2026-24568 (Missing Authorization vulnerability in WP Travel WP Travel wp-travel a ...)
+ TODO: check
+CVE-2026-24567 (Missing Authorization vulnerability in briarinc Anything Order by Term ...)
+ TODO: check
+CVE-2026-24566 (Missing Authorization vulnerability in iNET iNET Webkit inet-webkit al ...)
+ TODO: check
+CVE-2026-24565 (Insertion of Sensitive Information Into Sent Data vulnerability in bPl ...)
+ TODO: check
+CVE-2026-24564 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...)
+ TODO: check
+CVE-2026-24563 (Missing Authorization vulnerability in Ashan Perera LifePress lifepres ...)
+ TODO: check
+CVE-2026-24562 (Missing Authorization vulnerability in Ryviu Ryviu – Product Rev ...)
+ TODO: check
+CVE-2026-24561 (Missing Authorization vulnerability in Mahmudul Hasan Arif FluentBoard ...)
+ TODO: check
+CVE-2026-24560 (Missing Authorization vulnerability in Cloudinary Cloudinary cloudinar ...)
+ TODO: check
+CVE-2026-24559 (Insertion of Sensitive Information Into Sent Data vulnerability in CRM ...)
+ TODO: check
+CVE-2026-24558 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2026-24557 (Insertion of Sensitive Information Into Sent Data vulnerability in WEN ...)
+ TODO: check
+CVE-2026-24556 (Missing Authorization vulnerability in wpdive ElementCamp element-camp ...)
+ TODO: check
+CVE-2026-24555 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2026-24553 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
+ TODO: check
+CVE-2026-24551 (Missing Authorization vulnerability in monetagwp Monetag Official Plug ...)
+ TODO: check
+CVE-2026-24550 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2026-24549 (Cross-Site Request Forgery (CSRF) vulnerability in Paolo GeoDirectory ...)
+ TODO: check
+CVE-2026-24548 (Server-Side Request Forgery (SSRF) vulnerability in Prince Radio Playe ...)
+ TODO: check
+CVE-2026-24544 (Missing Authorization vulnerability in Harmonic Design HD Quiz hd-quiz ...)
+ TODO: check
+CVE-2026-24543 (Missing Authorization vulnerability in Horea Radu Materialis Companion ...)
+ TODO: check
+CVE-2026-24542 (Cross-Site Request Forgery (CSRF) vulnerability in John James Jacoby W ...)
+ TODO: check
+CVE-2026-24541 (Missing Authorization vulnerability in mkscripts Download After Email ...)
+ TODO: check
+CVE-2026-24540 (Missing Authorization vulnerability in Prince Integrate Google Drive i ...)
+ TODO: check
+CVE-2026-24539 (Missing Authorization vulnerability in ABCdatos Protecci\xf3n de datos ...)
+ TODO: check
+CVE-2026-24538 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2026-24536 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
+ TODO: check
+CVE-2026-24535 (Missing Authorization vulnerability in webdevstudios Automatic Feature ...)
+ TODO: check
+CVE-2026-24534 (Missing Authorization vulnerability in uPress Booter booter-bots-crawl ...)
+ TODO: check
+CVE-2026-24532 (Missing Authorization vulnerability in SiteLock SiteLock Security site ...)
+ TODO: check
+CVE-2026-24531 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2026-24530 (Missing Authorization vulnerability in sheepfish WebP Conversion webp- ...)
+ TODO: check
+CVE-2026-24529 (Missing Authorization vulnerability in Alejandro Quick Restaurant Rese ...)
+ TODO: check
+CVE-2026-24528 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2026-24526 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2026-24525 (Missing Authorization vulnerability in CloudPanel CLP Varnish Cache cl ...)
+ TODO: check
+CVE-2026-24524 (Missing Authorization vulnerability in Essekia Tablesome tablesome all ...)
+ TODO: check
+CVE-2026-24523 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
+ TODO: check
+CVE-2026-24522 (Missing Authorization vulnerability in MyThemeShop WP Subscribe wp-sub ...)
+ TODO: check
+CVE-2026-24521 (Cross-Site Request Forgery (CSRF) vulnerability in Timur Kamaev Kama T ...)
+ TODO: check
+CVE-2026-24423 (SmarterTools SmarterMail versions prior to build 9511 contain an unaut ...)
+ TODO: check
+CVE-2026-22276 (Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versi ...)
+ TODO: check
+CVE-2026-22275 (Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versi ...)
+ TODO: check
+CVE-2026-22274 (Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versi ...)
+ TODO: check
+CVE-2026-22273 (Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versi ...)
+ TODO: check
+CVE-2026-22271 (Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versi ...)
+ TODO: check
+CVE-2026-21867
+ REJECTED
+CVE-2026-1364 (IAQS and I6 developed by JNC has a Missing Authentication vulnerabilit ...)
+ TODO: check
+CVE-2026-1363 (IAQS and I6 developed by JNC has a Client-Side Enforcement of Server-S ...)
+ TODO: check
+CVE-2026-1299 (The email module, specifically the "BytesGenerator" class, didn\u2019 ...)
+ TODO: check
+CVE-2026-0994 (A denial-of-service (DoS) vulnerability exists in google.protobuf.json ...)
+ TODO: check
+CVE-2026-0914 (The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2025-71177 (LavaLite CMS versions up to and including 10.1.0 contain a stored cros ...)
+ TODO: check
+CVE-2025-70986 (Incorrect access control in the selectDept function of RuoYi v4.8.2 al ...)
+ TODO: check
+CVE-2025-70985 (Incorrect access control in the update function of RuoYi v4.8.2 allows ...)
+ TODO: check
+CVE-2025-70983 (Incorrect access control in the authRoutes function of SpringBlade v4. ...)
+ TODO: check
+CVE-2025-69908 (An unauthenticated information disclosure vulnerability in Newgen Omni ...)
+ TODO: check
+CVE-2025-69907 (An unauthenticated information disclosure vulnerability exists in Newg ...)
+ TODO: check
+CVE-2025-67231 (A reflected cross-site scripting (XSS) vulnerability in ToDesktop Buil ...)
+ TODO: check
+CVE-2025-67230 (Improper permissions in the handler for the Custom URL Scheme in ToDes ...)
+ TODO: check
+CVE-2025-67229 (An improper certificate validation vulnerability exists in ToDesktop B ...)
+ TODO: check
+CVE-2025-67125 (A signed integer overflow in docopt.cpp v0.6.2 (LeafPattern::match in ...)
+ TODO: check
+CVE-2025-67124 (A TOCTOU and symlink race in svenstaro/miniserve 0.32.0 upload finaliz ...)
+ TODO: check
+CVE-2025-66720 (Null pointer dereference in free5gc pcf 1.4.0 in file internal/sbi/pro ...)
+ TODO: check
+CVE-2025-66719 (An issue was discovered in Free5gc NRF 1.4.0. In the access-token gene ...)
+ TODO: check
+CVE-2025-4320 (Authentication Bypass by Primary Weakness, Weak Password Recovery Mech ...)
+ TODO: check
+CVE-2025-4319 (Improper Restriction of Excessive Authentication Attempts, Weak Passwo ...)
+ TODO: check
+CVE-2025-46699 (Dell Data Protection Advisor, versions prior to 19.12, contains an Imp ...)
+ TODO: check
+CVE-2025-2204 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2025-14947 (The All-in-One Video Gallery plugin for WordPress is vulnerable to una ...)
+ TODO: check
+CVE-2025-14866 (The Melapress Role Editor plugin for WordPress is vulnerable to Privil ...)
+ TODO: check
+CVE-2025-13921 (The weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI ...)
+ TODO: check
+CVE-2021-47906 (BloofoxCMS 0.5.2.1 contains a stored cross-site scripting vulnerabilit ...)
+ TODO: check
+CVE-2021-47905 (MyBB Delete Account Plugin 1.4 contains a cross-site scripting vulnera ...)
+ TODO: check
+CVE-2021-47904 (PhreeBooks 5.2.3 contains an authenticated file upload vulnerability i ...)
+ TODO: check
+CVE-2021-47903 (LiteSpeed Web Server Enterprise 5.4.11 contains an authenticated comma ...)
+ TODO: check
+CVE-2021-47899 (YetiShare File Hosting Script 5.1.0 contains a server-side request for ...)
+ TODO: check
+CVE-2021-47898 (Epson USB Display 1.6.0.0 contains an unquoted service path vulnerabil ...)
+ TODO: check
+CVE-2021-47897 (PEEL Shopping 9.3.0 contains a stored cross-site scripting vulnerabili ...)
+ TODO: check
+CVE-2021-47896 (PDF Complete Corporate Edition 4.1.45 contains an unquoted service pat ...)
+ TODO: check
+CVE-2021-47895 (Nsauditor 3.2.2.0 contains a denial of service vulnerability that allo ...)
+ TODO: check
+CVE-2021-47894 (Managed Switch Port Mapping Tool 2.85.2 contains a denial of service v ...)
+ TODO: check
+CVE-2021-47893 (AgataSoft PingMaster Pro 2.1 contains a denial of service vulnerabilit ...)
+ TODO: check
+CVE-2021-47892 (PEEL Shopping 9.3.0 contains a stored cross-site scripting vulnerabili ...)
+ TODO: check
+CVE-2021-47891 (Unified Remote 3.9.0.2463 contains a remote code execution vulnerabili ...)
+ TODO: check
+CVE-2021-47890 (LogonExpert 8.1 contains an unquoted service path vulnerability in the ...)
+ TODO: check
+CVE-2021-47889 (Softros LAN Messenger 9.6.4 contains an unquoted service path vulnerab ...)
+ TODO: check
+CVE-2021-47888 (Textpattern versions prior to 4.8.3 contain an authenticated remote co ...)
+ TODO: check
+CVE-2021-47881 (dataSIMS Avionics ARINC 664-1 version 4.5.3 contains a local buffer ov ...)
+ TODO: check
+CVE-2018-25132 (MyBB Trending Widget Plugin 1.2 contains a cross-site scripting vulner ...)
+ TODO: check
+CVE-2018-25116 (MyBB Thread Redirect Plugin 0.2.1 contains a cross-site scripting vuln ...)
+ TODO: check
+CVE-2026-22995 (In the Linux kernel, the following vulnerability has been resolved: u ...)
- linux <unfixed>
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/f0d385f6689f37a2828c686fb279121df006b4cb (6.19-rc5)
-CVE-2026-22994 [bpf: Fix reference count leak in bpf_prog_test_run_xdp()]
+CVE-2026-22994 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux <unfixed>
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/ec69daabe45256f98ac86c651b8ad1b2574489a7 (6.19-rc6)
-CVE-2026-22993 [idpf: Fix RSS LUT NULL ptr issue after soft reset]
+CVE-2026-22993 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/ebecca5b093895da801b3eba1a55b4ec4027d196 (6.19-rc5)
-CVE-2026-22992 [libceph: return the handler error from mon_handle_auth_done()]
+CVE-2026-22992 (In the Linux kernel, the following vulnerability has been resolved: l ...)
- linux <unfixed>
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/e84b48d31b5008932c0a0902982809fbaa1d3b70 (6.19-rc5)
-CVE-2026-22991 [libceph: make free_choose_arg_map() resilient to partial allocation]
+CVE-2026-22991 (In the Linux kernel, the following vulnerability has been resolved: l ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/e3fe30e57649c551757a02e1cad073c47e1e075e (6.19-rc5)
-CVE-2026-22990 [libceph: replace overzealous BUG_ON in osdmap_apply_incremental()]
+CVE-2026-22990 (In the Linux kernel, the following vulnerability has been resolved: l ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/e00c3f71b5cf75681dbd74ee3f982a99cb690c2b (6.19-rc5)
-CVE-2026-22989 [nfsd: check that server is running in unlock_filesystem]
+CVE-2026-22989 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/d0424066fcd294977f310964bed6f2a487fa4515 (6.19-rc5)
-CVE-2026-22988 [arp: do not assume dev_hard_header() does not change skb->head]
+CVE-2026-22988 (In the Linux kernel, the following vulnerability has been resolved: a ...)
- linux <unfixed>
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/c92510f5e3f82ba11c95991824a41e59a9c5ed81 (6.19-rc5)
-CVE-2026-22987 [net/sched: act_api: avoid dereferencing ERR_PTR in tcf_idrinfo_destroy]
+CVE-2026-22987 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux <unfixed>
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/adb25a46dc0a43173f5ea5f5f58fc8ba28970c7c (6.19-rc5)
-CVE-2026-22986 [gpiolib: fix race condition for gdev->srcu]
+CVE-2026-22986 (In the Linux kernel, the following vulnerability has been resolved: g ...)
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/a7ac22d53d0990152b108c3f4fe30df45fcb0181 (6.19-rc5)
-CVE-2026-22985 [idpf: Fix RSS LUT NULL pointer crash on early ethtool operations]
+CVE-2026-22985 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/83f38f210b85676f40ba8586b5a8edae19b56995 (6.19-rc5)
-CVE-2026-22984 [libceph: prevent potential out-of-bounds reads in handle_auth_done()]
+CVE-2026-22984 (In the Linux kernel, the following vulnerability has been resolved: l ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/818156caffbf55cb4d368f9c3cac64e458fb49c9 (6.19-rc5)
-CVE-2026-22983 [net: do not write to msg_get_inq in callee]
+CVE-2026-22983 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux <unfixed>
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/7d11e047eda5f98514ae62507065ac961981c025 (6.19-rc5)
-CVE-2026-22982 [net: mscc: ocelot: Fix crash when adding interface under a lag]
+CVE-2026-22982 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux <unfixed>
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/34f3ff52cb9fa7dbf04f5c734fcc4cb6ed5d1a95 (6.19-rc5)
-CVE-2026-22981 [idpf: detach and close netdevs while handling a reset]
+CVE-2026-22981 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/2e281e1155fc476c571c0bd2ffbfe28ab829a5c3 (6.19-rc5)
-CVE-2026-22980 [nfsd: provide locking for v4_end_grace]
+CVE-2026-22980 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/2857bd59feb63fcf40fe4baf55401baea6b4feb4 (6.19-rc5)
-CVE-2026-22979 [net: fix memory leak in skb_segment_list for GRO packets]
+CVE-2026-22979 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux <unfixed>
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/238e03d0466239410b72294b79494e43d4fabe77 (6.19-rc5)
-CVE-2026-22978 [wifi: avoid kernel-infoleak from struct iw_point]
+CVE-2026-22978 (In the Linux kernel, the following vulnerability has been resolved: w ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/21cbf883d073abbfe09e3924466aa5e0449e7261 (6.19-rc5)
-CVE-2025-71161 [dm-verity: disable recursive forward error correction]
+CVE-2025-71161 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/d9f3e47d3fae0c101d9094bc956ed24e7a0ee801 (6.19-rc1)
-CVE-2025-71160 [netfilter: nf_tables: avoid chain re-validation if possible]
+CVE-2025-71160 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/8e1a1bc4f5a42747c08130b8242ebebd1210b32f (6.19-rc2)
-CVE-2025-71159 [btrfs: fix use-after-free warning in btrfs_get_or_create_delayed_node()]
+CVE-2025-71159 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux <unfixed>
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/83f59076a1ae6f5c6845d6f7ed3a1a373d883684 (6.19-rc5)
-CVE-2025-71158 [gpio: mpsse: ensure worker is torn down]
+CVE-2025-71158 (In the Linux kernel, the following vulnerability has been resolved: g ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/179ef1127d7a4f09f0e741fa9f30b8a8e7886271 (6.19-rc1)
-CVE-2025-71155 [KVM: s390: Fix gmap_helper_zap_one_page() again]
+CVE-2025-71155 (In the Linux kernel, the following vulnerability has been resolved: K ...)
- linux 6.18.5-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/2f393c228cc519ddf19b8c6c05bf15723241aa96 (6.19-rc1)
-CVE-2025-71157 [RDMA/core: always drop device refcount in ib_del_sub_device_and_put()]
+CVE-2025-71157 (In the Linux kernel, the following vulnerability has been resolved: R ...)
- linux 6.18.5-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/fa3c411d21ebc26ffd175c7256c37cefa35020aa (6.19-rc4)
-CVE-2025-71156 [gve: defer interrupt enabling until NAPI registration]
+CVE-2025-71156 (In the Linux kernel, the following vulnerability has been resolved: g ...)
- linux 6.18.5-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/3d970eda003441f66551a91fda16478ac0711617 (6.19-rc4)
-CVE-2025-71154 [net: usb: rtl8150: fix memory leak on usb_submit_urb() failure]
+CVE-2025-71154 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.18.5-1
NOTE: https://git.kernel.org/linus/12cab1191d9890097171156d06bfa8d31f1e39c8 (6.19-rc4)
-CVE-2025-71153 [ksmbd: Fix memory leak in get_file_all_info()]
+CVE-2025-71153 (In the Linux kernel, the following vulnerability has been resolved: k ...)
- linux 6.18.5-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/0c56693b06a68476ba113db6347e7897475f9e4c (6.19-rc4)
-CVE-2025-71152 [net: dsa: properly keep track of conduit reference]
+CVE-2025-71152 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.18.5-1
NOTE: https://git.kernel.org/linus/06e219f6a706c367c93051f408ac61417643d2f9 (6.19-rc4)
-CVE-2025-71151 [cifs: Fix memory and information leak in smb3_reconfigure()]
+CVE-2025-71151 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux 6.18.3-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/cb6d5aa9c0f10074f1ad056c3e2278ad2cc7ec8d (6.19-rc3)
-CVE-2025-71150 [ksmbd: Fix refcount leak when invalid session is found on session lookup]
+CVE-2025-71150 (In the Linux kernel, the following vulnerability has been resolved: k ...)
- linux 6.18.3-1
NOTE: https://git.kernel.org/linus/cafb57f7bdd57abba87725eb4e82bbdca4959644 (6.19-rc2)
-CVE-2025-71149 [io_uring/poll: correctly handle io_poll_add() return value on update]
+CVE-2025-71149 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.18.3-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/84230ad2d2afbf0c44c32967e525c0ad92e26b4e (6.19-rc1)
-CVE-2025-71148 [net/handshake: restore destructor on submit failure]
+CVE-2025-71148 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.18.3-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/6af2a01d65f89e73c1cbb9267f8880d83a88cee4 (6.19-rc2)
-CVE-2025-71147 [KEYS: trusted: Fix a memory leak in tpm2_load_cmd]
+CVE-2025-71147 (In the Linux kernel, the following vulnerability has been resolved: K ...)
- linux 6.18.3-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/62cd5d480b9762ce70d720a81fa5b373052ae05f (6.19-rc1)
-CVE-2025-71146 [netfilter: nf_conncount: fix leaked ct in error paths]
+CVE-2025-71146 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.18.3-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/2e2a720766886190a6d35c116794693aabd332b6 (6.19-rc2)
-CVE-2025-71145 [usb: phy: isp1301: fix non-OF device reference imbalance]
+CVE-2025-71145 (In the Linux kernel, the following vulnerability has been resolved: u ...)
- linux <not-affected> (Vulnerable code not present)
CVE-2026-24515 (In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy ...)
- expat 2.7.3-2 (bug #1126277)
@@ -1284,10 +1578,12 @@ CVE-2023-32719
CVE-2023-32718
REJECTED
CVE-2026-23954 (Incus is a system container and virtual machine manager. Versions 6.21 ...)
+ {DSA-6109-1}
- incus 6.0.5-8
- lxd <removed>
NOTE: https://github.com/lxc/incus/security/advisories/GHSA-7f67-crqm-jgh7
CVE-2026-23953 (Incus is a system container and virtual machine manager. In versions 6 ...)
+ {DSA-6109-1}
- incus 6.0.5-8
- lxd <removed>
NOTE: https://github.com/lxc/incus/security/advisories/GHSA-x6jc-phwx-hp32
@@ -5727,7 +6023,7 @@ CVE-2025-67133 (An issue in Hero Motocorp Vida V1 Pro 2.0.7 allows a local attac
NOT-FOR-US: Hero Motocorp Vida V1 Pro
CVE-2025-67070 (A vulnerability exists in Intelbras CFTV IP NVD 9032 R Ftd V2.800.00IB ...)
NOT-FOR-US: Intelbras
-CVE-2025-67004 (An Information Disclosure vulnerability in CouchCMS 2.4 allow an Admin ...)
+CVE-2025-67004 (** Disputed ** An Information Disclosure vulnerability in CouchCMS 2.4 ...)
NOT-FOR-US: CouchCMS
CVE-2025-66744 (In Yonyou YonBIP v3 and before, the LoginWithV8 interface in the serie ...)
NOT-FOR-US: Yonyou YonBIP
@@ -15992,7 +16288,7 @@ CVE-2024-46062 (Miniconda3 macOS installers before 23.11.0-1 contain a local pri
NOT-FOR-US: Miniconda3 macOS installers
CVE-2024-46060 (Anaconda3 macOS installers before 2024.06-1 contain a local privilege ...)
NOT-FOR-US: Anaconda3 macOS installers
-CVE-2024-29371 (In jose4j before 0.9.5, an attacker can cause a Denial-of-Service (DoS ...)
+CVE-2024-29371 (In jose4j before 0.9.6, an attacker can cause a Denial-of-Service (DoS ...)
- libjose4j-java 0.9.6-1
NOTE: https://bitbucket.org/b_c/jose4j/issues/220/vuln-zip-bomb-attack
NOTE: Fixed by: https://bitbucket.org/b_c/jose4j/commits/19a90a64c47bb07c4aa5462f1316d5c293d81fcf
@@ -368454,8 +368750,8 @@ CVE-2022-0691 (Authorization Bypass Through User-Controlled Key in NPM url-parse
[stretch] - node-url-parse <end-of-life> (Nodejs in stretch not covered by security support)
NOTE: https://huntr.dev/bounties/57124ed5-4b68-4934-8325-2c546257f2e4
NOTE: https://github.com/unshiftio/url-parse/commit/0e3fb542d60ddbf6933f22eb9b1e06e25eaa5b63 (1.5.9)
-CVE-2022-25369
- RESERVED
+CVE-2022-25369 (An issue was discovered in Dynamicweb before 9.12.8. An attacker can a ...)
+ TODO: check
CVE-2022-25368 (Spectre BHB is a variant of Spectre-v2 in which malicious code uses th ...)
NOTE: https://amperecomputing.com/products/security-bulletins/impact-of-spectre-bhb-on-ampere.html
NOTE: This is a CVE specific for the impact of Spectre-BHB on Ampere
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0737408b9cddd6006242acfbfdab519f522ebaf8
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0737408b9cddd6006242acfbfdab519f522ebaf8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260123/a09d0647/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list