[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jan 29 20:13:38 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7a6b20ec by security tracker role at 2026-01-29T20:13:32+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,193 @@
+CVE-2026-25068 (alsa-lib versions 1.2.2 up to and including 1.2.15.2, prior to commit  ...)
+	TODO: check
+CVE-2026-24780 (AutoGPT is a platform that allows users to create, deploy, and manage  ...)
+	TODO: check
+CVE-2026-24687 (Umbraco Forms is a form builder that integrates with the Umbraco conte ...)
+	TODO: check
+CVE-2026-24414 (The Icinga PowerShell Framework provides configuration and check possi ...)
+	TODO: check
+CVE-2026-24413 (Icinga 2 is an open source monitoring system. Starting in version 2.3. ...)
+	TODO: check
+CVE-2026-24054 (Kata Containers is an open source project focusing on a standard imple ...)
+	TODO: check
+CVE-2026-23896 (immich is a high performance self-hosted photo and video management so ...)
+	TODO: check
+CVE-2026-23571 (A command injection vulnerability was discovered in TeamViewer DEX (fo ...)
+	TODO: check
+CVE-2026-23570 (A missing validation of a user-controlled value in the TeamViewer DEX  ...)
+	TODO: check
+CVE-2026-23569 (An out-of-bounds read vulnerability in the TeamViewer DEX Client (form ...)
+	TODO: check
+CVE-2026-23568 (An out-of-bounds read vulnerability in the TeamViewer DEX Client (form ...)
+	TODO: check
+CVE-2026-23567 (An integer underflow in the UDP command handler of the TeamViewer DEX  ...)
+	TODO: check
+CVE-2026-23566 (A vulnerability in TeamViewer DEX Client (former 1E Client) - Content  ...)
+	TODO: check
+CVE-2026-23565 (A vulnerability in TeamViewer DEX Client (former 1E Client) - Content  ...)
+	TODO: check
+CVE-2026-23564 (A vulnerability in TeamViewer DEX Client (former 1E Client) - Content  ...)
+	TODO: check
+CVE-2026-23563 (Improper Link Resolution Before File Access (invoked by 1E\u2011Explor ...)
+	TODO: check
+CVE-2026-22806 (vCluster Platform provides a Kubernetes platform for managing virtual  ...)
+	TODO: check
+CVE-2026-22764 (Dell OpenManage Network Integration, versions prior to 3.9, contains a ...)
+	TODO: check
+CVE-2026-1616 (The $uri$args concatenation in nginx configuration file present in Ope ...)
+	TODO: check
+CVE-2026-1610 (A vulnerability was found in Tenda AX12 Pro V2 16.03.49.24_cn. Affecte ...)
+	TODO: check
+CVE-2026-1601 (A weakness has been identified in Totolink A7000R 4.1cu.4154. The impa ...)
+	TODO: check
+CVE-2026-1600 (A vulnerability was identified in Bdtask Bhojon All-In-One Restaurant  ...)
+	TODO: check
+CVE-2026-1599 (A vulnerability was determined in Bdtask Bhojon All-In-One Restaurant  ...)
+	TODO: check
+CVE-2026-1598 (A vulnerability was found in Bdtask Bhojon All-In-One Restaurant Manag ...)
+	TODO: check
+CVE-2026-1597 (A vulnerability has been found in Bdtask SalesERP up to 20260116. This ...)
+	TODO: check
+CVE-2026-1596 (A flaw has been found in D-Link DWR-M961 1.1.47. This vulnerability af ...)
+	TODO: check
+CVE-2026-1595 (A vulnerability was detected in itsourcecode Society Management System ...)
+	TODO: check
+CVE-2026-1594 (A security vulnerability has been detected in itsourcecode Society Man ...)
+	TODO: check
+CVE-2026-1593 (A weakness has been identified in itsourcecode Society Management Syst ...)
+	TODO: check
+CVE-2026-1590 (A vulnerability was identified in itsourcecode School Management Syste ...)
+	TODO: check
+CVE-2026-1589 (A vulnerability was determined in itsourcecode School Management Syste ...)
+	TODO: check
+CVE-2026-1588 (A vulnerability was found in jishenghua jshERP up to 3.6. The impacted ...)
+	TODO: check
+CVE-2026-1587 (A vulnerability has been found in Open5GS up to 2.7.6. The affected el ...)
+	TODO: check
+CVE-2026-1586 (A flaw has been found in Open5GS up to 2.7.5. Impacted is the function ...)
+	TODO: check
+CVE-2026-1469 (Stored Cross-Site Scripting (XSS) in RLE NOVA's PlanManager. This vuln ...)
+	TODO: check
+CVE-2026-1457 (An authenticated buffer handling flaw in TP-Link VIGI C385 V1 Web API  ...)
+	TODO: check
+CVE-2026-1453 (A missing authentication for critical function vulnerability in KiloVi ...)
+	TODO: check
+CVE-2026-1188 (In the Eclipse OMR port library component since release 0.2.0, an API  ...)
+	TODO: check
+CVE-2026-0936 (An Insertion of Sensitive Information into Log File vulnerability in B ...)
+	TODO: check
+CVE-2025-7714 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2025-7713 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2025-7016 (Improper Access Control vulnerability in Ak\u0131n Software Computer I ...)
+	TODO: check
+CVE-2025-7015 (Session Fixation vulnerability in Ak\u0131n Software Computer Import E ...)
+	TODO: check
+CVE-2025-7014 (Session Fixation vulnerability in QR Menu Pro Smart Menu Systems Menu  ...)
+	TODO: check
+CVE-2025-7013 (Authorization Bypass Through User-Controlled Key vulnerability in QR M ...)
+	TODO: check
+CVE-2025-71011 (An input validation vulnerability in the flow.Tensor.new_empty/flow.Te ...)
+	TODO: check
+CVE-2025-71009 (An input validation vulnerability in the flow.scatter/flow.scatter_add ...)
+	TODO: check
+CVE-2025-71008 (A segmentation violation in the oneflow._oneflow_internal.autograd.Fun ...)
+	TODO: check
+CVE-2025-69929 (An issue in N3uron Web User Interface v.1.21.7-240207.1047 allows a re ...)
+	TODO: check
+CVE-2025-69749 (Cross Site Scripting vulnerability in tale v.2.0.5 allows an attacker  ...)
+	TODO: check
+CVE-2025-69604 (An issue in Shirt Pocket's SuperDuper! 3.11 and earlier allow a local  ...)
+	TODO: check
+CVE-2025-69516 (A Server-Side Template Injection (SSTI) vulnerability in the /reportin ...)
+	TODO: check
+CVE-2025-63658 (A stack overflow in the mk_http_index_lookup function (mk_server/mk_ht ...)
+	TODO: check
+CVE-2025-63657 (An out-of-bounds read in the mk_mimetype_find function (mk_server/mk_m ...)
+	TODO: check
+CVE-2025-63656 (An out-of-bounds read in the header_cmp function (mk_server/mk_http_pa ...)
+	TODO: check
+CVE-2025-63655 (A NULL pointer dereference in the mk_http_range_parse function (mk_ser ...)
+	TODO: check
+CVE-2025-63653 (An out-of-bounds read in the mk_vhost_fdt_close function (mk_server/mk ...)
+	TODO: check
+CVE-2025-63652 (A use-after-free in the mk_http_request_end function (mk_server/mk_htt ...)
+	TODO: check
+CVE-2025-63651 (A use-after-free in the mk_string_char_search function (mk_core/mk_str ...)
+	TODO: check
+CVE-2025-63650 (An out-of-bounds read in the mk_ptr_to_buf in mk_core function (mk_mem ...)
+	TODO: check
+CVE-2025-63649 (An out-of-bounds read in the http_parser_transfer_encoding_chunked fun ...)
+	TODO: check
+CVE-2025-62514 (Parsec is a cloud-based application for cryptographically secure file  ...)
+	TODO: check
+CVE-2025-45160 (A HTML injection vulnerability exists in the file upload functionality ...)
+	TODO: check
+CVE-2025-15550 (birkir prime <= 0.4.0.beta.0 contains a cross-site request forgery vul ...)
+	TODO: check
+CVE-2025-15549 (FluentCMS 2026 contains a stored cross-site scripting vulnerability th ...)
+	TODO: check
+CVE-2025-15548 (Some VX800v v1.0 web interface endpoints transmit sensitive informatio ...)
+	TODO: check
+CVE-2025-15545 (The backup restore function does not properly validate unexpected or u ...)
+	TODO: check
+CVE-2025-15543 (Improper link resolution in USB HTTP access path in VX800v v1.0 allows ...)
+	TODO: check
+CVE-2025-15542 (Improper handling of exceptional conditions in VX800v v1.0 in SIP proc ...)
+	TODO: check
+CVE-2025-15541 (Improper link resolution in the VX800v v1.0 SFTP service allows authen ...)
+	TODO: check
+CVE-2025-13905 (CWE-276: Incorrect Default Permissions vulnerability exists that could ...)
+	TODO: check
+CVE-2025-13399 (A weakness in the web interface\u2019s application layer encryption in ...)
+	TODO: check
+CVE-2020-37021 (10-Strike Bandwidth Monitor 3.9 contains an unquoted service path vuln ...)
+	TODO: check
+CVE-2020-37020 (SonarQube 8.3.1 contains an unquoted service path vulnerability that a ...)
+	TODO: check
+CVE-2020-37018 (GOautodial 4.0 contains a persistent cross-site scripting vulnerabilit ...)
+	TODO: check
+CVE-2020-37017 (CodeMeter 6.60 contains an unquoted service path vulnerability that al ...)
+	TODO: check
+CVE-2020-37016 (BarcodeOCR 19.3.6 contains an unquoted service path vulnerability that ...)
+	TODO: check
+CVE-2020-37015 (Ruijie Networks Switch eWeb S29_RGOS 11.4 contains a directory travers ...)
+	TODO: check
+CVE-2020-37013 (Audio Playback Recorder 3.2.2 contains a local buffer overflow vulnera ...)
+	TODO: check
+CVE-2020-37012 (Tea LaTex 1.0 contains a remote code execution vulnerability that allo ...)
+	TODO: check
+CVE-2020-37011 (Gnome Fonts Viewer 3.34.0 contains a heap corruption vulnerability tha ...)
+	TODO: check
+CVE-2020-37010 (BearShare Lite 5.2.5 contains a buffer overflow vulnerability in the A ...)
+	TODO: check
+CVE-2020-37009 (MedDream PACS Server 6.8.3.751 contains an authenticated remote code e ...)
+	TODO: check
+CVE-2020-37008 (EasyPMS 1.0.0 contains an authentication bypass vulnerability that all ...)
+	TODO: check
+CVE-2020-37007 (Liman 0.7 contains a cross-site request forgery vulnerability that all ...)
+	TODO: check
+CVE-2020-37006 (berliCRM 1.0.24 contains a SQL injection vulnerability in the 'src_rec ...)
+	TODO: check
+CVE-2020-37005 (TimeClock Software 1.01 contains an authenticated time-based SQL injec ...)
+	TODO: check
+CVE-2020-37004 (Ultimate Project Manager CRM PRO 2.0.5 contains a blind SQL injection  ...)
+	TODO: check
+CVE-2020-37002 (Ajenti 2.1.36 contains an authentication bypass vulnerability that all ...)
+	TODO: check
+CVE-2020-37001 (Frigate Professional 3.36.0.9 contains a local buffer overflow vulnera ...)
+	TODO: check
+CVE-2020-37000 (Free MP3 CD Ripper 2.8 contains a stack buffer overflow vulnerability  ...)
+	TODO: check
+CVE-2020-36999 (Elaniin CMS 1.0 contains an authentication bypass vulnerability that a ...)
+	TODO: check
+CVE-2020-36997 (BacklinkSpeed 2.4 contains a buffer overflow vulnerability that allows ...)
+	TODO: check
+CVE-2020-36995 (Mocha Telnet Lite for iOS 4.2 contains a denial of service vulnerabili ...)
+	TODO: check
+CVE-2020-36994 (QlikView 12.50.20000.0 contains a denial of service vulnerability in t ...)
+	TODO: check
 CVE-2026-24682
 	- freerdp3 3.22.0+dfsg-1
 	- freerdp2 <removed>
@@ -195,7 +385,7 @@ CVE-2025-69602 (A session fixation vulnerability exists in 66biolinks v62.0.0 by
 	NOT-FOR-US: 66biolinks
 CVE-2025-69601 (A directory traversal (Zip Slip) vulnerability exists in the \u201cSta ...)
 	NOT-FOR-US: 66biolinks
-CVE-2025-69517 (An issue in Amidaware Inc Tactical RMM v1.3.1 and before allows a remo ...)
+CVE-2025-69517 (An HTML injection vulnerability in Amidaware Inc Tactical RMM v1.3.1 a ...)
 	NOT-FOR-US: Amidaware Inc Tactical RMM
 CVE-2025-69289 (Discourse is an open source discussion platform. A privilege escalatio ...)
 	NOT-FOR-US: Discourse
@@ -11950,6 +12140,7 @@ CVE-2025-56332 (Authentication Bypass in fosrl/pangolin v1.6.2 and before allows
 CVE-2025-52835 (Cross-Site Request Forgery (CSRF) vulnerability in ConoHa by GMO WING  ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-50343 (An issue was discovered in matio 1.5.28. A heap-based memory corruptio ...)
+	{DLA-4459-1}
 	[experimental] - libmatio 1.5.30-1
 	- libmatio 1.5.30-2 (bug #1124797)
 	[trixie] - libmatio <no-dsa> (Minor issue, revisit when fixed upstream)
@@ -111095,6 +111286,7 @@ CVE-2025-2340 (A vulnerability was found in otale Tale Blog 2.0.5. It has been d
 CVE-2025-2339 (A vulnerability was found in otale Tale Blog 2.0.5. It has been classi ...)
 	NOT-FOR-US: Tale Blog
 CVE-2025-2338 (A vulnerability, which was classified as critical, was found in tbeu m ...)
+	{DLA-4459-1}
 	- libmatio 1.5.29-1 (bug #1104247)
 	[trixie] - libmatio <no-dsa> (Minor issue)
 	[bookworm] - libmatio <no-dsa> (Minor issue)
@@ -357217,6 +357409,7 @@ CVE-2022-1516 (A NULL pointer dereference flaw was found in the Linux kernel\u20
 	NOTE: Fixed by: https://git.kernel.org/linus/7781607938c8371d4c2b243527430241c62e39c2 (5.18-rc1)
 	NOTE: CONFIG_X25 is not set in Debian
 CVE-2022-1515 (A memory leak was discovered in matio 1.5.21 and earlier in Mat_VarRea ...)
+	{DLA-4459-1}
 	- libmatio 1.5.22-1
 	[buster] - libmatio <no-dsa> (Minor issue)
 	NOTE: https://github.com/tbeu/matio/issues/186



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a6b20ec672e03b984840a22084210e298e8c139

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a6b20ec672e03b984840a22084210e298e8c139
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260129/2b1285e4/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list