[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jan 27 08:13:06 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
963ab16f by security tracker role at 2026-01-27T08:12:58+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,71 @@
+CVE-2026-24686 (go-tuf is a Go implementation of The Update Framework (TUF). go-tuf's ...)
+ TODO: check
+CVE-2026-24490 (MobSF is a mobile application security testing tool used. Prior to ver ...)
+ TODO: check
+CVE-2026-24489 (Gakido is a Python HTTP client focused on browser impersonation and an ...)
+ TODO: check
+CVE-2026-24486 (Python-Multipart is a streaming multipart parser for Python. Prior to ...)
+ TODO: check
+CVE-2026-24480 (QGIS is a free, open source, cross platform geographical information s ...)
+ TODO: check
+CVE-2026-24479 (HUSTOF is an open source online judge based on PHP/C++/MySQL/Linux for ...)
+ TODO: check
+CVE-2026-24478 (AnythingLLM is an application that turns pieces of content into contex ...)
+ TODO: check
+CVE-2026-24477 (AnythingLLM is an application that turns pieces of content into contex ...)
+ TODO: check
+CVE-2026-24476 (Shaarli is a personal bookmarking service. Prior to version 0.16.0, cr ...)
+ TODO: check
+CVE-2026-24470 (Skipper is an HTTP router and reverse proxy for service composition. P ...)
+ TODO: check
+CVE-2026-24408 (sigstore-python is a Python tool for generating and verifying Sigstore ...)
+ TODO: check
+CVE-2026-24400 (AssertJ provides Fluent testing assertions for Java and the Java Virtu ...)
+ TODO: check
+CVE-2026-24131 (pnpm is a package manager. Prior to version 10.28.2, when pnpm process ...)
+ TODO: check
+CVE-2026-24123 (BentoML is a Python library for building online serving systems optimi ...)
+ TODO: check
+CVE-2026-24056 (pnpm is a package manager. Prior to version 10.28.2, when pnpm install ...)
+ TODO: check
+CVE-2026-24003 (EVerest is an EV charging software stack. In versions up to and includ ...)
+ TODO: check
+CVE-2026-23890 (pnpm is a package manager. Prior to version 10.28.1, a path traversal ...)
+ TODO: check
+CVE-2026-23889 (pnpm is a package manager. Prior to version 10.28.1, a path traversal ...)
+ TODO: check
+CVE-2026-23888 (pnpm is a package manager. Prior to version 10.28.1, a path traversal ...)
+ TODO: check
+CVE-2026-23683 (SAP Fiori App Intercompany Balance Reconciliation does not perform nec ...)
+ TODO: check
+CVE-2026-22709 (vm2 is an open source vm/sandbox for Node.js. In vm2 prior to version ...)
+ TODO: check
+CVE-2026-22696 (dcap-qvl implements the quote verification logic for DCAP (Data Center ...)
+ TODO: check
+CVE-2026-21408 (beat-access for Windows version 3.0.3 and prior contains an issue with ...)
+ TODO: check
+CVE-2026-1449 (A flaw has been found in Hisense TransTech Smart Bus Management System ...)
+ TODO: check
+CVE-2026-1448 (A vulnerability was detected in D-Link DIR-615 up to 4.10. This impact ...)
+ TODO: check
+CVE-2026-1445 (A vulnerability was found in iJason-Liu Books_Manager up to 298ba73638 ...)
+ TODO: check
+CVE-2026-1444 (A vulnerability has been found in iJason-Liu Books_Manager up to 298ba ...)
+ TODO: check
+CVE-2026-1443 (A flaw has been found in code-projects Online Music Site 1.0. Affected ...)
+ TODO: check
+CVE-2026-1361 (ASDA-Soft Stack-based Buffer Overflow Vulnerability)
+ TODO: check
+CVE-2025-59473 (SQL Injection vulnerability in the Structure for Admin authenticated u ...)
+ TODO: check
+CVE-2025-59472 (A denial of service vulnerability exists in Next.js versions with Part ...)
+ TODO: check
+CVE-2025-59471 (A denial of service vulnerability exists in self-hosted Next.js applic ...)
+ TODO: check
+CVE-2025-30248 (DLL hijacking in the WD Discovery Installer in Western Digital WD Disc ...)
+ TODO: check
+CVE-2025-14971 (The Link Invoice Payment for WooCommerce plugin for WordPress is vulne ...)
+ TODO: check
CVE-2026-24440 (Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0. ...)
NOT-FOR-US: Tenda
CVE-2026-24439 (Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0. ...)
@@ -2398,7 +2466,7 @@ CVE-2026-21947 (Vulnerability in Oracle Java SE (component: JavaFX). Supported
CVE-2026-21946 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle ...)
NOT-FOR-US: Oracle
CVE-2026-21945 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
- {DSA-6110-1 DLA-4457-1 DLA-4456-1}
+ {DSA-6112-1 DSA-6110-1 DLA-4457-1 DLA-4456-1}
- openjdk-8 <unfixed> (bug #1126119)
- openjdk-11 11.0.30+7-1
- openjdk-17 17.0.18+8-1
@@ -2428,7 +2496,7 @@ CVE-2026-21935 (Vulnerability in the Oracle Solaris product of Oracle Systems (c
CVE-2026-21934 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
NOT-FOR-US: Oracle
CVE-2026-21933 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
- {DSA-6110-1 DLA-4457-1 DLA-4456-1}
+ {DSA-6112-1 DSA-6110-1 DLA-4457-1 DLA-4456-1}
- openjdk-8 <unfixed> (bug #1126119)
- openjdk-11 11.0.30+7-1
- openjdk-17 17.0.18+8-1
@@ -2436,7 +2504,7 @@ CVE-2026-21933 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Ora
- openjdk-25 25.0.2+10-1
NOTE: https://openjdk.org/groups/vulnerability/advisories/2026-01-20
CVE-2026-21932 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
- {DSA-6110-1 DLA-4457-1 DLA-4456-1}
+ {DSA-6112-1 DSA-6110-1 DLA-4457-1 DLA-4456-1}
- openjdk-8 <unfixed> (bug #1126119)
- openjdk-11 11.0.30+7-1
- openjdk-17 17.0.18+8-1
@@ -2456,7 +2524,7 @@ CVE-2026-21927 (Vulnerability in the Oracle Solaris product of Oracle Systems (c
CVE-2026-21926 (Vulnerability in the Siebel CRM Deployment product of Oracle Siebel CR ...)
NOT-FOR-US: Oracle
CVE-2026-21925 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
- {DSA-6110-1 DLA-4457-1 DLA-4456-1}
+ {DSA-6112-1 DSA-6110-1 DLA-4457-1 DLA-4456-1}
- openjdk-8 <unfixed> (bug #1126119)
- openjdk-11 11.0.30+7-1
- openjdk-17 17.0.18+8-1
@@ -2867,7 +2935,7 @@ CVE-2026-22022 (Deployments of Apache Solr 5.3.0 through 9.10.0 that rely on Sol
CVE-2026-22444 (The "create core" API of Apache Solr 8.6 through 9.10.0 lacks sufficie ...)
- lucene-solr <not-affected> (Vulnerable code introduced later)
CVE-2026-23952 (ImageMagick is free and open-source software used for editing and mani ...)
- {DLA-4448-1}
+ {DSA-6111-1 DLA-4448-1}
- imagemagick 8:7.1.2.13+dfsg1-1 (bug #1126077)
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5vx3-wx4q-6cj8
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/1eefab41bc0ab1c6c2c1fd3e4a49e3ee1849751d (7.1.2-13)
@@ -2919,7 +2987,7 @@ CVE-2026-23880 (OnboardLite is a comprehensive membership lifecycle platform bui
CVE-2026-23877 (Swing Music is a self-hosted music player for local audio files. Prior ...)
NOT-FOR-US: Swing Music
CVE-2026-23876 (ImageMagick is free and open-source software used for editing and mani ...)
- {DLA-4448-1}
+ {DSA-6111-1 DLA-4448-1}
- imagemagick 8:7.1.2.13+dfsg1-1 (bug #1126076)
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r49w-jqq3-3gx8
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/2fae24192b78fdfdd27d766fd21d90aeac6ea8b8 (7.1.2-13)
@@ -2927,7 +2995,7 @@ CVE-2026-23876 (ImageMagick is free and open-source software used for editing an
CVE-2026-23875 (CrawlChat is an open-source, AI-powered platform that transforms techn ...)
NOT-FOR-US: CrawlChat
CVE-2026-23874 (ImageMagick is free and open-source software used for editing and mani ...)
- {DLA-4448-1}
+ {DSA-6111-1 DLA-4448-1}
- imagemagick 8:7.1.2.13+dfsg1-1 (bug #1126075)
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-9vj4-wc7r-p844
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/2a09644b10a5b146e0a7c63b778bd74a112ebec3 (7.1.2-13)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/963ab16f94de2710007937872a0a9529b6b0a23e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/963ab16f94de2710007937872a0a9529b6b0a23e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260127/be462be4/attachment.htm>
More information about the debian-security-tracker-commits
mailing list