Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0758c75f by security tracker role at 2026-03-12T20:13:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,255 @@
-CVE-2026-28356 [Denial of Service via maliciously crafted HTTP or multipart
segment headers]
+CVE-2026-4045 (A flaw has been found in projectsend up to r1945. This impacts
an unkn ...)
+ TODO: check
+CVE-2026-4044 (A vulnerability was detected in projectsend up to r1945. This
affects ...)
+ TODO: check
+CVE-2026-4043 (A security vulnerability has been detected in Tenda i12
1.0.0.6(2204). ...)
+ TODO: check
+CVE-2026-4042 (A weakness has been identified in Tenda i12 1.0.0.6(2204). The
affecte ...)
+ TODO: check
+CVE-2026-4041 (A security flaw has been discovered in Tenda i12 1.0.0.6(2204).
Impact ...)
+ TODO: check
+CVE-2026-4040 (A vulnerability was identified in OpenClaw up to 2026.2.17.
This issue ...)
+ TODO: check
+CVE-2026-4039 (A vulnerability was determined in OpenClaw 2026.2.19-2. This
vulnerabi ...)
+ TODO: check
+CVE-2026-4016 (A security vulnerability has been detected in GPAC 26.03-DEV.
Affected ...)
+ TODO: check
+CVE-2026-4015 (A weakness has been identified in GPAC 26.03-DEV. Affected is
the func ...)
+ TODO: check
+CVE-2026-3989 (SGLangs `replay_request_dump.py` contains an insecure
pickle.load() wi ...)
+ TODO: check
+CVE-2026-3841 (A command injection vulnerability has been identified in the
Telnet co ...)
+ TODO: check
+CVE-2026-3497 (Vulnerability in the OpenSSH GSSAPI delta included in various
Linux di ...)
+ TODO: check
+CVE-2026-3060 (SGLang' encoder parallel disaggregation system is vulnerable to
unauth ...)
+ TODO: check
+CVE-2026-3059 (SGLang's multimodal generation module is vulnerable to
unauthenticated ...)
+ TODO: check
+CVE-2026-32274 (Black is the uncompromising Python code formatter. Prior to
26.3.1, Bl ...)
+ TODO: check
+CVE-2026-32269 (Parse Server is an open source backend that can be deployed to
any inf ...)
+ TODO: check
+CVE-2026-32260 (Deno is a JavaScript, TypeScript, and WebAssembly runtime.
From 2.7.0 ...)
+ TODO: check
+CVE-2026-32259 (ImageMagick is free and open-source software used for editing
and mani ...)
+ TODO: check
+CVE-2026-32251 (Tolgee is an open-source localization platform. Prior to
3.166.3, the ...)
+ TODO: check
+CVE-2026-32249 (Vim is an open source, command line text editor. From 9.1.0011
to befo ...)
+ TODO: check
+CVE-2026-32248 (Parse Server is an open source backend that can be deployed to
any inf ...)
+ TODO: check
+CVE-2026-32247 (Graphiti is a framework for building and querying temporal
context gra ...)
+ TODO: check
+CVE-2026-32246 (Tinyauth is an authentication and authorization server. Prior
to 5.0.3 ...)
+ TODO: check
+CVE-2026-32245 (Tinyauth is an authentication and authorization server. Prior
to 5.0.3 ...)
+ TODO: check
+CVE-2026-32242 (Parse Server is an open source backend that can be deployed to
any inf ...)
+ TODO: check
+CVE-2026-32240 (Cap'n Proto is a data interchange format and capability-based
RPC syst ...)
+ TODO: check
+CVE-2026-32239 (Cap'n Proto is a data interchange format and capability-based
RPC syst ...)
+ TODO: check
+CVE-2026-32237 (Backstage is an open framework for building developer portals.
Prior t ...)
+ TODO: check
+CVE-2026-32236 (Backstage is an open framework for building developer portals.
Prior t ...)
+ TODO: check
+CVE-2026-32235 (Backstage is an open framework for building developer portals.
Prior t ...)
+ TODO: check
+CVE-2026-32232 (ZeptoClaw is a personal AI assistant. Prior to 0.7.6, there is
a Dangl ...)
+ TODO: check
+CVE-2026-32231 (ZeptoClaw is a personal AI assistant. Prior to 0.7.6, the
generic webh ...)
+ TODO: check
+CVE-2026-32230 (Uptime Kuma is an open source, self-hosted monitoring tool.
From 2.0.0 ...)
+ TODO: check
+CVE-2026-32142 (Shopware is an open commerce platform. /api/_info/config route
exposes ...)
+ TODO: check
+CVE-2026-32141 (flatted is a circular JSON parser. Prior to 3.4.0, flatted's
parse() f ...)
+ TODO: check
+CVE-2026-32140 (Dataease is an open source data visualization analysis tool.
Prior to ...)
+ TODO: check
+CVE-2026-32139 (Dataease is an open source data visualization analysis tool.
In DataEa ...)
+ TODO: check
+CVE-2026-32138 (NEXULEAN is a cybersecurity portfolio & service platform for
an Ethica ...)
+ TODO: check
+CVE-2026-32137 (Dataease is an open source data visualization analysis tool.
Prior to ...)
+ TODO: check
+CVE-2026-32129 (soroban-poseidon provides Poseidon and Poseidon2 cryptographic
hash fu ...)
+ TODO: check
+CVE-2026-32116 (Magic Wormhole makes it possible to get arbitrary-sized files
and dire ...)
+ TODO: check
+CVE-2026-32100 (Shopware is an open commerce platform. /api/_info/config route
exposes ...)
+ TODO: check
+CVE-2026-31890 (Inspektor Gadget is a set of tools and framework for data
collection a ...)
+ TODO: check
+CVE-2026-31873 (Unhead is a document head and template manager. Prior to
2.1.11, The l ...)
+ TODO: check
+CVE-2026-31860 (Unhead is a document head and template manager. Prior to
2.1.11, useHe ...)
+ TODO: check
+CVE-2026-31841 (Hyperterse is a tool-first MCP framework for building AI-ready
backend ...)
+ TODO: check
+CVE-2026-2987 (The Simple Ajax Chat plugin for WordPress is vulnerable to
Stored Cros ...)
+ TODO: check
+CVE-2026-2514 (In Progress Flowmon ADS versions prior to 12.5.5 and 13.0.3, a
vulnera ...)
+ TODO: check
+CVE-2026-2513 (A vulnerability exists in Progress Flowmon ADS versions prior
to 12.5. ...)
+ TODO: check
+CVE-2026-29066 (Tina is a headless content management system. Prior to 2.1.8,
the Tina ...)
+ TODO: check
+CVE-2026-28793 (Tina is a headless content management system. Prior to 2.1.8,
the Tina ...)
+ TODO: check
+CVE-2026-28792 (Tina is a headless content management system. Prior to 2.1.8 ,
the Tin ...)
+ TODO: check
+CVE-2026-28791 (Tina is a headless content management system. Prior to 2.1.7,
a path t ...)
+ TODO: check
+CVE-2026-28384 (An improper sanitization of the compression_algorithm
parameter in Can ...)
+ TODO: check
+CVE-2026-28256 (A Use of Hard-coded, Security-relevant Constants vulnerability
in Tran ...)
+ TODO: check
+CVE-2026-28255 (A Use of Hard-coded Credentials vulnerability in Trane Tracer
SC, Trac ...)
+ TODO: check
+CVE-2026-28254 (A Missing Authorization vulnerability in Trane Tracer SC,
Tracer SC+, ...)
+ TODO: check
+CVE-2026-28253 (A Memory Allocation with Excessive Size Value vulnerability in
Trane T ...)
+ TODO: check
+CVE-2026-28252 (A Use of a Broken or Risky Cryptographic Algorithm
vulnerability in Tr ...)
+ TODO: check
+CVE-2026-27940 (llama.cpp is an inference of several LLM models in C/C++.
Prior to b81 ...)
+ TODO: check
+CVE-2026-26795 (GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a
command inject ...)
+ TODO: check
+CVE-2026-26794 (GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a SQL
injection ...)
+ TODO: check
+CVE-2026-26793 (GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a
command inject ...)
+ TODO: check
+CVE-2026-26792 (GL-iNet GL-AR300M16 v4.3.11 was discovered to contain multiple
command ...)
+ TODO: check
+CVE-2026-26791 (GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a
command inject ...)
+ TODO: check
+CVE-2026-25529 (Postal is an open source SMTP server. Postal versions less
than 3.3.5 ...)
+ TODO: check
+CVE-2026-24125 (Tina is a headless content management system. Prior to 2.1.2,
TinaCMS ...)
+ TODO: check
+CVE-2026-21887 (OpenCTI is an open source platform for managing cyber threat
intellige ...)
+ TODO: check
+CVE-2026-21708 (A vulnerability allowing a Backup Viewer to perform remote
code execut ...)
+ TODO: check
+CVE-2026-21672 (A vulnerability allowing local privilege escalation on
Windows-based V ...)
+ TODO: check
+CVE-2026-21671 (A vulnerability allowing an authenticated user with the Backup
Adminis ...)
+ TODO: check
+CVE-2026-21670 (A vulnerability allowing a low-privileged user to extract
saved SSH cr ...)
+ TODO: check
+CVE-2026-21669 (A vulnerability allowing an authenticated domain user to
perform remot ...)
+ TODO: check
+CVE-2026-21668 (A vulnerability allowing an authenticated domain user to
bypass restri ...)
+ TODO: check
+CVE-2026-21667 (A vulnerability allowing an authenticated domain user to
perform remot ...)
+ TODO: check
+CVE-2026-21666 (A vulnerability allowing an authenticated domain user to
perform remot ...)
+ TODO: check
+CVE-2026-1525 (Undici allows duplicate HTTPContent-Lengthheaders when they are
provid ...)
+ TODO: check
+CVE-2026-0809 (Use of a custom token encoding algorithm in Streamsoft
Presti\u017c so ...)
+ TODO: check
+CVE-2025-70873 (An information disclosure issue in the zipfileInflate function
in the ...)
+ TODO: check
+CVE-2025-70245 (Stack buffer overflow vulnerability in D-Link DIR-513 v1.10
via the cu ...)
+ TODO: check
+CVE-2025-66955 (Local File Inclusion in Contact Plan, E-Mail, SMS and Fax
components i ...)
+ TODO: check
+CVE-2025-61154 (Heap buffer overflow vulnerability in LibreDWG versions
v0.13.3.7571 u ...)
+ TODO: check
+CVE-2025-13913 (Inductive Automation Ignition Softwareis vulnerable to an
unauthentica ...)
+ TODO: check
+CVE-2025-13462 (The "tarfile" module would still apply normalization of
AREGTYPE (\x00 ...)
+ TODO: check
+CVE-2019-25543 (Netartmedia Real Estate Portal 5.0 contains an SQL injection
vulnerabi ...)
+ TODO: check
+CVE-2019-25542 (Netartmedia Real Estate Portal 5.0 contains a SQL injection
vulnerabil ...)
+ TODO: check
+CVE-2019-25541 (Netartmedia PHP Mall 4.1 contains multiple SQL injection
vulnerabiliti ...)
+ TODO: check
+CVE-2019-25540 (Netartmedia PHP Mall 4.1 contains multiple SQL injection
vulnerabiliti ...)
+ TODO: check
+CVE-2019-25539 (202CMS v10 beta contains a blind SQL injection vulnerability
that allo ...)
+ TODO: check
+CVE-2019-25538 (202CMS v10 beta contains an SQL injection vulnerability that
allows un ...)
+ TODO: check
+CVE-2019-25537 (Netartmedia Event Portal 2.0 contains a time-based blind SQL
injection ...)
+ TODO: check
+CVE-2019-25536 (Netartmedia PHP Real Estate Agency 4.0 contains an SQL
injection vulne ...)
+ TODO: check
+CVE-2019-25535 (Netartmedia PHP Dating Site contains a SQL injection
vulnerability tha ...)
+ TODO: check
+CVE-2019-25534 (Netartmedia PHP Car Dealer contains an SQL injection
vulnerability tha ...)
+ TODO: check
+CVE-2019-25533 (Netartmedia PHP Business Directory 4.2 contains an SQL
injection vulne ...)
+ TODO: check
+CVE-2019-25532 (Netartmedia Jobs Portal 6.1 contains an SQL injection
vulnerability th ...)
+ TODO: check
+CVE-2019-25531 (Netartmedia Deals Portal contains an SQL injection
vulnerability in th ...)
+ TODO: check
+CVE-2019-25530 (uHotelBooking System contains an SQL injection vulnerability
that allo ...)
+ TODO: check
+CVE-2019-25529 (Placeto CMS Alpha rv.4 contains an SQL injection vulnerability
that al ...)
+ TODO: check
+CVE-2019-25528 (Inout EasyRooms Ultimate Edition v1.0 contains an SQL
injection vulner ...)
+ TODO: check
+CVE-2019-25527 (Inout EasyRooms Ultimate Edition v1.0 contains an SQL
injection vulner ...)
+ TODO: check
+CVE-2019-25526 (Inout EasyRooms Ultimate Edition v1.0 contains an SQL
injection vulner ...)
+ TODO: check
+CVE-2019-25525 (Inout EasyRooms Ultimate Edition v1.0 contains an SQL
injection vulner ...)
+ TODO: check
+CVE-2019-25524 (XooGallery Latest contains an SQL injection vulnerability that
allows ...)
+ TODO: check
+CVE-2019-25523 (XooGallery Latest contains an SQL injection vulnerability that
allows ...)
+ TODO: check
+CVE-2019-25522 (XooGallery Latest contains multiple SQL injection
vulnerabilities that ...)
+ TODO: check
+CVE-2019-25521 (XooGallery Latest contains an SQL injection vulnerability that
allows ...)
+ TODO: check
+CVE-2019-25520 (Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an
authentication b ...)
+ TODO: check
+CVE-2019-25519 (Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL
injection vu ...)
+ TODO: check
+CVE-2019-25518 (Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL
injection vu ...)
+ TODO: check
+CVE-2019-25517 (Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL
injection vu ...)
+ TODO: check
+CVE-2019-25516 (Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL
injection vu ...)
+ TODO: check
+CVE-2019-25515 (Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an
authentication b ...)
+ TODO: check
+CVE-2019-25514 (Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL
injection vu ...)
+ TODO: check
+CVE-2019-25513 (Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL
injection vu ...)
+ TODO: check
+CVE-2019-25512 (Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL
injection vu ...)
+ TODO: check
+CVE-2019-25511 (Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL
injection vu ...)
+ TODO: check
+CVE-2019-25510 (Jettweb PHP Hazir Haber Sitesi Scripti V2 contains an
authentication b ...)
+ TODO: check
+CVE-2019-25509 (XooDigital Latest contains an SQL injection vulnerability that
allows ...)
+ TODO: check
+CVE-2019-25508 (Jettweb Php Hazir Ilan Sitesi Scripti V2 contains an SQL
injection vul ...)
+ TODO: check
+CVE-2019-25488 (Jettweb Hazir Rent A Car Scripti V4 contains multiple SQL
injection vu ...)
+ TODO: check
+CVE-2019-25482 (Jettweb PHP Hazir Rent A Car Sitesi Scripti V2 contains an SQL
injecti ...)
+ TODO: check
+CVE-2019-25481 (iScripts ReserveLogic contains an SQL injection vulnerability
that all ...)
+ TODO: check
+CVE-2019-25479 (Inout RealEstate contains an SQL injection vulnerability that
allows u ...)
+ TODO: check
+CVE-2019-25473 (Clinic Pro contains a SQL injection vulnerability that allows
authenti ...)
+ TODO: check
+CVE-2026-28356 (multipart is a fast multipart/form-data parser for python.
Prior to 1. ...)
+ {DSA-6161-1}
- multipart 1.3.1-1
NOTE:
https://github.com/defnull/multipart/security/advisories/GHSA-p2m9-wcp5-6qw3
NOTE: Fixed by:
https://github.com/defnull/multipart/commit/7e4fe6faaf64b2088faa5533a1a1c21c3c94c60c
(v1.3.1)
@@ -2719,7 +2970,7 @@ CVE-2026-27137 (When verifying a certificate chain which
contains a certificate
- golang-1.15 <not-affected> (Vulnerable code not present)
NOTE: https://github.com/golang/go/issues/77952
NOTE: Fixed by:
https://github.com/golang/go/commit/a761c9ff70fec8e1089897eebd104a8f31cff2d3
(go1.26.1)
-CVE-2026-3234
+CVE-2026-3234 (A flaw was found in mod_proxy_cluster. This vulnerability, a
Carriage ...)
- libapache2-mod-cluster <itp> (bug #731410)
CVE-2026-2603
- keycloak <itp> (bug #1088287)
@@ -4468,7 +4719,7 @@ CVE-2025-13687 (IBM DataStage on Cloud Pak for Data 5.1.2
through 5.3.0 could al
NOT-FOR-US: IBM
CVE-2025-13686 (IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could
allow an ...)
NOT-FOR-US: IBM
-CVE-2026-2376
+CVE-2026-2376 (A flaw was found in mirror-registry where an authenticated user
can tr ...)
NOT-FOR-US: mirror-registry for Quay
CVE-2026-3494 (In MariaDB server version through 11.8.5, when server audit
plugin is ...)
NOT-FOR-US: Amazon
@@ -6675,7 +6926,7 @@ CVE-2026-27624 (Coturn is a free open source
implementation of TURN and STUN Ser
NOTE:
https://github.com/coturn/coturn/commit/b80eb898ba26552600770162c26a8ae7f3661b0b
(4.9.0)
CVE-2026-3121
- keycloak <itp> (bug #1088287)
-CVE-2026-3099
+CVE-2026-3099 (A flaw was found in Libsoup. The server-side digest
authentication imp ...)
- libsoup3 <unfixed> (bug #1129316)
[trixie] - libsoup3 <no-dsa> (Minor issue)
[bookworm] - libsoup3 <no-dsa> (Minor issue)
@@ -12592,7 +12843,7 @@ CVE-2026-2369
NOTE: Introduced with:
https://gitlab.gnome.org/GNOME/libsoup/-/commit/f182429e5b1fc034050510da20c93256c4fa9652
(3.6.1)
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/libsoup/-/commit/b91bbd7d7888c85b17a8b33173caa806dff51681
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/libsoup/-/commit/af4bde990270b825b7d110a495cc65de9e2ec32f
(3.6.6)
-CVE-2026-2366
+CVE-2026-2366 (A flaw was found in Keycloak. An authorization bypass
vulnerability in ...)
- keycloak <itp> (bug #1088287)
CVE-2026-2361 (PostgreSQL Anonymizer contains a vulnerability that allows a
user to g ...)
NOT-FOR-US: PostgreSQL Anonymizer
@@ -93682,7 +93933,7 @@ CVE-2025-48939 (tarteaucitron.js is a compliant and
accessible cookie banner. Pr
NOT-FOR-US: tarteaucitron
CVE-2025-45938 (Akeles Out of Office Assistant for Jira 4.0.1 is vulberable to
Cross S ...)
NOT-FOR-US: Akeles Out of Office Assistant for Jira
-CVE-2025-45809 (BerriAI litellm v1.65.4 was discovered to contain a SQL
injection vuln ...)
+CVE-2025-45809 (SQL Injection vulnerability in BerriAI LiteLLM before 1.81.0
allows at ...)
NOT-FOR-US: BerriAI/litellm
CVE-2025-43713 (ASNA Assist and ASNA Registrar before 2025-03-31 allow
deserialization ...)
NOT-FOR-US: ASNA Assist and ASNA Registrar
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0758c75fece62aeb35cb0cb43e30948517b3bd29
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0758c75fece62aeb35cb0cb43e30948517b3bd29
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
