Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
04a63f5d by security tracker role at 2026-03-16T08:13:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,237 @@
+CVE-2026-4255 (A DLL search order hijacking vulnerability in Thermalright
TR-VISION H ...)
+ TODO: check
+CVE-2026-4226 (A weakness has been identified in LB-LINK BL-WR9000 2.4.9. The
affecte ...)
+ TODO: check
+CVE-2026-4225 (A security flaw has been discovered in CMS Made Simple up to
2.2.21. I ...)
+ TODO: check
+CVE-2026-4223 (A vulnerability was identified in itsourcecode Payroll
Management Syst ...)
+ TODO: check
+CVE-2026-4222 (A vulnerability was determined in SSCMS up to 7.4.0. This
vulnerabilit ...)
+ TODO: check
+CVE-2026-4221 (A vulnerability was found in Tiandy Easy7 Integrated Management
Platfo ...)
+ TODO: check
+CVE-2026-4220 (A vulnerability has been found in Technologies Integrated
Management P ...)
+ TODO: check
+CVE-2026-4219 (A flaw has been found in INDEX Conferences & Exhibitions
Organization ...)
+ TODO: check
+CVE-2026-4218 (A vulnerability was detected in myAEDES App up to 1.18.4 on
Android. A ...)
+ TODO: check
+CVE-2026-4217 (A security vulnerability has been detected in XREAL Nebula App
up to 3 ...)
+ TODO: check
+CVE-2026-4216 (A weakness has been identified in i-SENS SmartLog App up to
2.6.8 on A ...)
+ TODO: check
+CVE-2026-4215 (A security flaw has been discovered in FlowCI flow-core-x up to
1.23.0 ...)
+ TODO: check
+CVE-2026-4214 (A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L,
DNS-320, ...)
+ TODO: check
+CVE-2026-4213 (A vulnerability was detected in D-Link DNS-120, DNR-202L,
DNS-315L, DN ...)
+ TODO: check
+CVE-2026-4212 (A security vulnerability has been detected in D-Link DNS-120,
DNR-202L ...)
+ TODO: check
+CVE-2026-4211 (A weakness has been identified in D-Link DNS-120, DNR-202L,
DNS-315L, ...)
+ TODO: check
+CVE-2026-4210 (A security flaw has been discovered in D-Link DNS-120,
DNR-202L, DNS-3 ...)
+ TODO: check
+CVE-2026-4209 (A vulnerability was identified in D-Link DNS-120, DNR-202L,
DNS-315L, ...)
+ TODO: check
+CVE-2026-4207 (A vulnerability was determined in D-Link DNS-120, DNR-202L,
DNS-315L, ...)
+ TODO: check
+CVE-2026-4206 (A vulnerability was found in D-Link DNS-120, DNR-202L,
DNS-315L, DNS-3 ...)
+ TODO: check
+CVE-2026-4205 (A vulnerability has been found in D-Link DNS-120, DNR-202L,
DNS-315L, ...)
+ TODO: check
+CVE-2026-4204 (A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L,
DNS-320, ...)
+ TODO: check
+CVE-2026-4203 (A vulnerability was detected in D-Link DNS-120, DNR-202L,
DNS-315L, DN ...)
+ TODO: check
+CVE-2026-4201 (A weakness has been identified in glowxq glowxq-oj up to
6f7c723090472 ...)
+ TODO: check
+CVE-2026-4200 (A security flaw has been discovered in glowxq glowxq-oj up to
6f7c7230 ...)
+ TODO: check
+CVE-2026-4199 (A vulnerability was identified in bazinga012 mcp_code_executor
up to 0 ...)
+ TODO: check
+CVE-2026-4198 (A vulnerability was determined in hypermodel-labs
mcp-server-auto-comm ...)
+ TODO: check
+CVE-2026-4197 (A vulnerability was found in D-Link DNS-120, DNR-202L,
DNS-315L, DNS-3 ...)
+ TODO: check
+CVE-2026-4196 (A vulnerability has been found in D-Link DNS-120, DNR-202L,
DNS-315L, ...)
+ TODO: check
+CVE-2026-4195 (A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L,
DNS-320, ...)
+ TODO: check
+CVE-2026-4194 (A vulnerability was detected in D-Link DNS-120, DNR-202L,
DNS-315L, DN ...)
+ TODO: check
+CVE-2026-4193 (A security vulnerability has been detected in D-Link DIR-823G
1.0.2B05 ...)
+ TODO: check
+CVE-2026-4192 (A vulnerability has been found in AvinashBole quip-mcp-server
1.0.0. A ...)
+ TODO: check
+CVE-2026-4191 (A flaw has been found in JawherKl node-api-postgres up to 2.5.
Affecte ...)
+ TODO: check
+CVE-2026-4190 (A vulnerability was detected in JawherKl node-api-postgres up
to 2.5. ...)
+ TODO: check
+CVE-2026-4189 (A weakness has been identified in phpipam up to 1.7.4. The
impacted el ...)
+ TODO: check
+CVE-2026-4188 (A security flaw has been discovered in D-Link DIR-619L 2.06B01.
The af ...)
+ TODO: check
+CVE-2026-4187 (A vulnerability was identified in Tiandy Easy7 Integrated
Management P ...)
+ TODO: check
+CVE-2026-4186 (A vulnerability was determined in UEditor up to 1.4.3.2. This
issue af ...)
+ TODO: check
+CVE-2026-4185 (A vulnerability was found in GPAC up to
2.5-DEV-rev2167-gcc9d617c0-mas ...)
+ TODO: check
+CVE-2026-4184 (A vulnerability was detected in D-Link DIR-816 1.10CNB05.
Affected by ...)
+ TODO: check
+CVE-2026-4183 (A security vulnerability has been detected in D-Link DIR-816
1.10CNB05 ...)
+ TODO: check
+CVE-2026-4182 (A weakness has been identified in D-Link DIR-816 1.10CNB05.
This impac ...)
+ TODO: check
+CVE-2026-4181 (A security flaw has been discovered in D-Link DIR-816
1.10CNB05. This ...)
+ TODO: check
+CVE-2026-4180 (A vulnerability was identified in D-Link DIR-816 1.10CNB05. The
impact ...)
+ TODO: check
+CVE-2026-4175 (A vulnerability was determined in Aureus ERP up to 1.3.0-BETA2.
The af ...)
+ TODO: check
+CVE-2026-4174 (A vulnerability has been found in Radare2 5.9.9. This issue
affects th ...)
+ TODO: check
+CVE-2026-4173 (A flaw has been found in CodePhiliaX Chat2DB up to 0.3.7. This
vulnera ...)
+ TODO: check
+CVE-2026-4172 (A vulnerability was detected in TRENDnet TEW-632BRP 1.010B32.
This aff ...)
+ TODO: check
+CVE-2026-4171 (A security vulnerability has been detected in CodeGenieApp
serverless- ...)
+ TODO: check
+CVE-2026-32778 (libexpat before 2.7.5 allows a NULL pointer dereference in the
functio ...)
+ TODO: check
+CVE-2026-32777 (libexpat before 2.7.5 allows an infinite loop while parsing
DTD conten ...)
+ TODO: check
+CVE-2026-32776 (libexpat before 2.7.5 allows a NULL pointer dereference with
empty ext ...)
+ TODO: check
+CVE-2026-32775 (libexif through 0.6.25 has a flaw in decoding MakerNotes. If
the exif_ ...)
+ TODO: check
+CVE-2026-31386 (OpenLiteSpeed and LSWS Enterprise provided by LiteSpeed
Technologies c ...)
+ TODO: check
+CVE-2026-28522 (arduino-TuyaOpen before version 1.2.1 contains a null pointer
derefere ...)
+ TODO: check
+CVE-2026-28521 (arduino-TuyaOpen before version 1.2.1 contains an
out-of-bounds memory ...)
+ TODO: check
+CVE-2026-28520 (arduino-TuyaOpen before version 1.2.1 contains a single-byte
buffer ov ...)
+ TODO: check
+CVE-2026-28519 (arduino-TuyaOpen before version 1.2.1 contains a heap-based
buffer ove ...)
+ TODO: check
+CVE-2026-25083 (GROWI OpenAI thread/message API endpoints do not perform
authorization ...)
+ TODO: check
+CVE-2026-21005 (Path traversal in Smart Switch prior to version 3.7.69.15
allows adjac ...)
+ TODO: check
+CVE-2026-21004 (Improper authentication in Smart Switch prior to version
3.7.69.15 all ...)
+ TODO: check
+CVE-2026-21002 (Improper verification of cryptographic signature in Galaxy
Store prior ...)
+ TODO: check
+CVE-2026-21001 (Path traversal in Galaxy Store prior to version 4.6.03.8
allows local ...)
+ TODO: check
+CVE-2026-21000 (Improper access control in Galaxy Store prior to version
4.6.03.8 allo ...)
+ TODO: check
+CVE-2026-20999 (Authentication bypass by replay in Smart Switch prior to
version 3.7.6 ...)
+ TODO: check
+CVE-2026-20998 (Improper authentication in Smart Switch prior to version
3.7.69.15 all ...)
+ TODO: check
+CVE-2026-20997 (Improper verification of cryptographic signature in Smart
Switch prior ...)
+ TODO: check
+CVE-2026-20996 (Use of a broken or risky cryptographic algorithm in Smart
Switch prior ...)
+ TODO: check
+CVE-2026-20995 (Exposure of sensitive functionality to an unauthorized actor
in Smart ...)
+ TODO: check
+CVE-2026-20994 (URL redirection in Samsung Account prior to version 15.5.01.1
allows r ...)
+ TODO: check
+CVE-2026-20993 (Improper export of android application components in Samsung
Assistant ...)
+ TODO: check
+CVE-2026-20992 (Improper authorization in Settings prior to SMR Mar-2026
Release 1 all ...)
+ TODO: check
+CVE-2026-20991 (Improper privilege management in ThemeManager prior to SMR
Mar-2026 Re ...)
+ TODO: check
+CVE-2026-20990 (Improper export of android application components in Secure
Folder pri ...)
+ TODO: check
+CVE-2026-20989 (Improper verification of cryptographic signature in Font
Settings prio ...)
+ TODO: check
+CVE-2026-20988 (Improper verification of intent by broadcast receiver in
Settings prio ...)
+ TODO: check
+CVE-2026-0639 (in OpenHarmony v6.0 and prior versions allow a local attacker
case DOS ...)
+ TODO: check
+CVE-2025-6969 (in OpenHarmony v5.1.0 and prior versions allow a local attacker
cause ...)
+ TODO: check
+CVE-2025-52458 (in OpenHarmony v5.1.0 and prior versions allow a local
attacker arbitr ...)
+ TODO: check
+CVE-2025-41432 (in OpenHarmony v5.1.0 and prior versions allow a local
attacker arbitr ...)
+ TODO: check
+CVE-2025-26474 (in OpenHarmony v5.0.3 and prior versions allow a local
attacker cause ...)
+ TODO: check
+CVE-2025-25277 (in OpenHarmony v5.1.0 and prior versions allow a local
attacker arbitr ...)
+ TODO: check
+CVE-2025-14287 (A command injection vulnerability exists in mlflow/mlflow
versions bef ...)
+ TODO: check
+CVE-2025-12736 (in OpenHarmony v5.0.3 and prior versions allow a local
attacker case s ...)
+ TODO: check
+CVE-2017-20224 (Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0 contains an
arbitrar ...)
+ TODO: check
+CVE-2017-20223 (Telesquare SKT LTE Router SDT-CS3B1 firmware version 1.2.0
contains an ...)
+ TODO: check
+CVE-2017-20222 (Telesquare SKT LTE Router SDT-CS3B1 software version 1.2.0
contains an ...)
+ TODO: check
+CVE-2017-20221 (Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0 contains a
cross-sit ...)
+ TODO: check
+CVE-2017-20220 (Serviio PRO 1.8 contains an improper access control
vulnerability in t ...)
+ TODO: check
+CVE-2017-20219 (Serviio PRO 1.8 DLNA Media Streaming Server contains a
DOM-based cross ...)
+ TODO: check
+CVE-2017-20218 (Serviio PRO 1.8 contains an unquoted search path vulnerability
in the ...)
+ TODO: check
+CVE-2017-20217 (Serviio PRO 1.8 contains an information disclosure
vulnerability due t ...)
+ TODO: check
+CVE-2016-20036 (Wowza Streaming Engine 4.5.0 contains multiple reflected
cross-site sc ...)
+ TODO: check
+CVE-2016-20035 (Wowza Streaming Engine 4.5.0 contains a cross-site request
forgery vul ...)
+ TODO: check
+CVE-2016-20034 (Wowza Streaming Engine 4.5.0 contains a privilege escalation
vulnerabi ...)
+ TODO: check
+CVE-2016-20033 (Wowza Streaming Engine 4.5.0 contains a local privilege
escalation vul ...)
+ TODO: check
+CVE-2016-20032 (ZKTeco ZKAccess Security System 5.3.1 contains a stored
cross-site scr ...)
+ TODO: check
+CVE-2016-20031 (ZKTeco ZKBioSecurity 3.0 contains a local authorization bypass
vulnera ...)
+ TODO: check
+CVE-2016-20030 (ZKTeco ZKBioSecurity 3.0 contains a user enumeration
vulnerability tha ...)
+ TODO: check
+CVE-2016-20029 (ZKTeco ZKBioSecurity 3.0 contains a file path manipulation
vulnerabili ...)
+ TODO: check
+CVE-2016-20028 (ZKTeco ZKBioSecurity 3.0 contains a cross-site request forgery
vulnera ...)
+ TODO: check
+CVE-2016-20027 (ZKTeco ZKBioSecurity 3.0 contains multiple reflected
cross-site script ...)
+ TODO: check
+CVE-2016-20026 (ZKTeco ZKBioSecurity 3.0 contains hardcoded credentials in the
bundled ...)
+ TODO: check
+CVE-2016-20025 (ZKTeco ZKAccess Professional 3.5.3 contains an insecure file
permissio ...)
+ TODO: check
+CVE-2016-20024 (ZKTeco ZKTime.Net 3.0.1.6 contains an insecure file
permissions vulner ...)
+ TODO: check
+CVE-2015-20121 (Next Click Ventures RealtyScript 4.0.2 contains SQL injection
vulnerab ...)
+ TODO: check
+CVE-2015-20120 (Next Click Ventures RealtyScript 4.0.2 contains multiple
time-based bl ...)
+ TODO: check
+CVE-2015-20119 (Next Click Ventures RealtyScript 4.0.2 contains a stored
cross-site sc ...)
+ TODO: check
+CVE-2015-20118 (Next Click Ventures RealtyScript 4.0.2 contains a stored
cross-site sc ...)
+ TODO: check
+CVE-2015-20117 (Next Click Ventures RealtyScript 4.0.2 contains a cross-site
request f ...)
+ TODO: check
+CVE-2015-20116 (Next Click Ventures RealtyScript 4.0.2 fails to properly
sanitize CSV ...)
+ TODO: check
+CVE-2015-20115 (Next Click Ventures RealtyScript 4.0.2 fails to properly
sanitize file ...)
+ TODO: check
+CVE-2015-20114 (Next Click Ventures RealtyScript 4.0.2 contains a cross-site
scripting ...)
+ TODO: check
+CVE-2015-20113 (Next Click Ventures RealtyScript 4.0.2 contains cross-site
request for ...)
+ TODO: check
+CVE-2013-20006 (Qool CMS contains multiple persistent cross-site scripting
vulnerabili ...)
+ TODO: check
+CVE-2013-20005 (Qool CMS 2.0 RC2 contains a cross-site request forgery
vulnerability t ...)
+ TODO: check
CVE-2026-4179 (Issues in stm32 USB device driver
(drivers/usb/device/usb_dc_stm32.c) ...)
NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2026-4170 (A weakness has been identified in Topsec TopACM 3.0. Affected
by this ...)
@@ -621,9 +855,11 @@ CVE-2026-2673 (Issue summary: An OpenSSL TLS 1.3 server
may fail to negotiate th
NOTE: Fixed by:
https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34
(openssl-3.5)
NOTE: Fixed by:
https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f
(openssl-3.6)
CVE-2026-3910 (Inappropriate implementation in V8 in Google Chrome prior to
146.0.768 ...)
+ {DSA-6165-1}
- chromium 146.0.7680.80-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-3909 (Out of bounds write in Skia in Google Chrome prior to
146.0.7680.75 al ...)
+ {DSA-6165-1}
- chromium 146.0.7680.80-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-3891 (The Pix for WooCommerce plugin for WordPress is vulnerable to
arbitrar ...)
@@ -6837,7 +7073,7 @@ CVE-2025-12981 (The Listee theme for WordPress is
vulnerable to privilege escala
NOT-FOR-US: WordPress plugin
CVE-2023-31364 (Improper handling of direct memory writes in the input-output
memory m ...)
TODO: check
-CVE-2025-71264 [Crashes Opus buffer overruns]
+CVE-2025-71264 (Mumble before 1.6.870 is prone to an out-of-bounds array
access, which ...)
- mumble 1.5.735-7 (bug #1129178)
[trixie] - mumble <no-dsa> (Minor issue; will be fixed via point
release)
[bookworm] - mumble <no-dsa> (Minor issue; will be fixed via point
release)
@@ -8242,7 +8478,7 @@ CVE-2026-2761 (Sandbox escape in the Graphics: WebRender
component. This vulnera
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2761
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-17/#CVE-2026-2761
CVE-2026-2760 (Sandbox escape due to incorrect boundary conditions in the
Graphics: W ...)
- {DSA-6148-1 DLA-4496-1}
+ {DSA-6152-1 DSA-6148-1 DLA-4496-1 DLA-4495-1}
- firefox 148.0-1
- firefox-esr 140.8.0esr-1
- thunderbird 1:140.8.0esr-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/04a63f5d08432ec3df4c59d0c001064c34da3a11
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/04a63f5d08432ec3df4c59d0c001064c34da3a11
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
