Skip to content

Commit fbc9397

Browse files
iamleotiamleot
committed
pkg-vulnerabilities: add last days CVEs
+ asterisk, calibre, chromium, codeblocks (no details, probably not reported upstream, assume not fixed), dnsmasq, glpi, gnupg22, go, libsoup (fixed upstream, latest stable release affected), magento, micropython (fixed upstream, next release should contain the fix), moodle, mupdf, phppgadmin, py-django, py-wagtail, vim
1 parent 84565a2 commit fbc9397

1 file changed

Lines changed: 62 additions & 1 deletion

File tree

doc/pkg-vulnerabilities

Lines changed: 62 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
# $NetBSD: pkg-vulnerabilities,v 1.728 2026/02/07 10:35:49 leot Exp $
1+
# $NetBSD: pkg-vulnerabilities,v 1.729 2026/02/08 14:01:54 leot Exp $
22
#
33
#FORMAT 1.0.0
44
#
@@ -29655,3 +29655,64 @@ mediawiki<1.43.6 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2025-674
2965529655
mediawiki<1.43.6 cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2025-67483
2965629656
mediawiki<1.43.6 security-bypass https://nvd.nist.gov/vuln/detail/CVE-2025-67484
2965729657
mediawiki<1.43.2 information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2025-6927
29658+
asterisk<20.18.2 cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2026-23738
29659+
asterisk>=21<21.12.1 cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2026-23738
29660+
asterisk>=22<22.8.2 cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2026-23738
29661+
asterisk>=23<23.2.2 cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2026-23738
29662+
asterisk<20.18.2 xml-external-entity https://nvd.nist.gov/vuln/detail/CVE-2026-23739
29663+
asterisk>=21<21.12.1 xml-external-entity https://nvd.nist.gov/vuln/detail/CVE-2026-23739
29664+
asterisk>=22<22.8.2 xml-external-entity https://nvd.nist.gov/vuln/detail/CVE-2026-23739
29665+
asterisk>=23<23.2.2 xml-external-entity https://nvd.nist.gov/vuln/detail/CVE-2026-23739
29666+
asterisk<20.18.2 arbitrary-file-overwrite https://nvd.nist.gov/vuln/detail/CVE-2026-23740
29667+
asterisk>=21<21.12.1 arbitrary-file-overwrite https://nvd.nist.gov/vuln/detail/CVE-2026-23740
29668+
asterisk>=22<22.8.2 arbitrary-file-overwrite https://nvd.nist.gov/vuln/detail/CVE-2026-23740
29669+
asterisk>=23<23.2.2 arbitrary-file-overwrite https://nvd.nist.gov/vuln/detail/CVE-2026-23740
29670+
asterisk<20.18.2 privilege-escalation https://nvd.nist.gov/vuln/detail/CVE-2026-23741
29671+
asterisk>=21<21.12.1 privilege-escalation https://nvd.nist.gov/vuln/detail/CVE-2026-23741
29672+
asterisk>=22<22.8.2 privilege-escalation https://nvd.nist.gov/vuln/detail/CVE-2026-23741
29673+
asterisk>=23<23.2.2 privilege-escalation https://nvd.nist.gov/vuln/detail/CVE-2026-23741
29674+
calibre<9.2.0 path-traversal https://nvd.nist.gov/vuln/detail/CVE-2026-25635
29675+
calibre<9.2.0 path-traversal https://nvd.nist.gov/vuln/detail/CVE-2026-25636
29676+
calibre<9.2.0 arbitrary-code-execution https://nvd.nist.gov/vuln/detail/CVE-2026-25731
29677+
chromium<144.0.7559.132 heap-overflow https://nvd.nist.gov/vuln/detail/CVE-2026-1861
29678+
chromium<144.0.7559.132 memory-corruption https://nvd.nist.gov/vuln/detail/CVE-2026-1862
29679+
codeblocks-[0-9]* buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2020-37121
29680+
dnsmasq<2.80 stack-overflow https://nvd.nist.gov/vuln/detail/CVE-2020-37127
29681+
php{56,74,81,82,83,84}-glpi<10.0.23 sql-injection https://nvd.nist.gov/vuln/detail/CVE-2026-22044
29682+
php{56,74,81,82,83,84}-glpi>=11<11.0.5 server-side-request-forgery https://nvd.nist.gov/vuln/detail/CVE-2026-22247
29683+
php{56,74,81,82,83,84}-glpi<10.0.23 session-fixation https://nvd.nist.gov/vuln/detail/CVE-2026-23624
29684+
gnupg2<2.5.17 stack-overflow https://nvd.nist.gov/vuln/detail/CVE-2026-24882
29685+
go123<1.23.9 path-traversal https://nvd.nist.gov/vuln/detail/CVE-2025-22873
29686+
go124<1.24.3 path-traversal https://nvd.nist.gov/vuln/detail/CVE-2025-22873
29687+
go124<1.24.13 path-traversal https://nvd.nist.gov/vuln/detail/CVE-2025-61732
29688+
go125<1.25.7 path-traversal https://nvd.nist.gov/vuln/detail/CVE-2025-61732
29689+
go124<1.24.13 security-bypass https://nvd.nist.gov/vuln/detail/CVE-2025-68121
29690+
go125<1.25.7 security-bypass https://nvd.nist.gov/vuln/detail/CVE-2025-68121
29691+
libsoup-[0-9]* http-request-smuggling https://nvd.nist.gov/vuln/detail/CVE-2026-1801
29692+
magento<20.16.1 sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2026-25523
29693+
micropython<1.28.0 memory-corruption https://nvd.nist.gov/vuln/detail/CVE-2026-1998
29694+
moodle<5.0.4 information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2025-67848
29695+
moodle<5.0.4 cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2025-67849
29696+
moodle<5.0.4 cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2025-67850
29697+
moodle<5.0.4 input-validation https://nvd.nist.gov/vuln/detail/CVE-2025-67851
29698+
moodle<5.0.4 open-redirect https://nvd.nist.gov/vuln/detail/CVE-2025-67852
29699+
moodle<5.0.4 brute-force https://nvd.nist.gov/vuln/detail/CVE-2025-67853
29700+
moodle<5.0.4 cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2025-67855
29701+
moodle<5.0.4 privilege-escalation https://nvd.nist.gov/vuln/detail/CVE-2025-67856
29702+
moodle<5.0.4 sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2025-67857
29703+
mupdf<1.27.1 double-free https://nvd.nist.gov/vuln/detail/CVE-2026-25556
29704+
php{56,74,81,82,83,84}-phppgadmin<9.122 command-injection https://nvd.nist.gov/vuln/detail/CVE-2026-1707
29705+
py{27,310,311,312,313,314}-django<4.2.28 timing-attack https://nvd.nist.gov/vuln/detail/CVE-2025-13473
29706+
py{27,310,311,312,313,314}-django>=5<5.2.11 timing-attack https://nvd.nist.gov/vuln/detail/CVE-2025-13473
29707+
py{27,310,311,312,313,314}-django<4.2.28 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2025-14550
29708+
py{27,310,311,312,313,314}-django>=5<5.2.11 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2025-14550
29709+
py{27,310,311,312,313,314}-django<4.2.28 sql-injection https://nvd.nist.gov/vuln/detail/CVE-2026-1207
29710+
py{27,310,311,312,313,314}-django>=5<5.2.11 sql-injection https://nvd.nist.gov/vuln/detail/CVE-2026-1207
29711+
py{27,310,311,312,313,314}-django<4.2.28 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2026-1285
29712+
py{27,310,311,312,313,314}-django>=5<5.2.11 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2026-1285
29713+
py{27,310,311,312,313,314}-django<4.2.28 sql-injection https://nvd.nist.gov/vuln/detail/CVE-2026-1287
29714+
py{27,310,311,312,313,314}-django>=5<5.2.11 sql-injection https://nvd.nist.gov/vuln/detail/CVE-2026-1287
29715+
py{27,310,311,312,313,314}-django<4.2.28 sql-injection https://nvd.nist.gov/vuln/detail/CVE-2026-1312
29716+
py{27,310,311,312,313,314}-django>=5<5.2.11 sql-injection https://nvd.nist.gov/vuln/detail/CVE-2026-1312
29717+
py{27,310,311,312,313,314}-wagtail<7.2.2 improper-authorization https://nvd.nist.gov/vuln/detail/CVE-2026-25517
29718+
vim<9.1.2132 heap-overflow https://nvd.nist.gov/vuln/detail/CVE-2026-25749

0 commit comments

Comments
 (0)