Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f755dc01 by security tracker role at 2026-03-19T20:12:14+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,131 @@
+CVE-2026-4427 (A flaw was found in pgproto3. A malicious or compromised
PostgreSQL se ...)
+ TODO: check
+CVE-2026-4426 (A flaw was found in libarchive. An Undefined Behavior
vulnerability ex ...)
+ TODO: check
+CVE-2026-4424 (A flaw was found in libarchive. This heap out-of-bounds read
vulnerabi ...)
+ TODO: check
+CVE-2026-3658 (The Appointment Booking Calendar \u2014 Simply Schedule
Appointments B ...)
+ TODO: check
+CVE-2026-3580 (In wolfSSL 5.8.4, constant-time masking logic in
sp_256_get_entry_256_ ...)
+ TODO: check
+CVE-2026-3579 (wolfSSL 5.8.4 on RISC-V RV32I architectures lacks a
constant-time soft ...)
+ TODO: check
+CVE-2026-3548 (Two buffer overflow vulnerabilities existed in the wolfSSL CRL
parser ...)
+ TODO: check
+CVE-2026-3511 (Improper Restriction of XML External Entity Reference
vulnerability in ...)
+ TODO: check
+CVE-2026-3503 (Protection mechanism failure in wolfCrypt post-quantum
implementations ...)
+ TODO: check
+CVE-2026-3029 (A path traversal and arbitrary file write vulnerability exist
in the e ...)
+ TODO: check
+CVE-2026-32869 (OPEXUS eComplaint and eCASE before 10.2.0.0 do not correctly
sanitize ...)
+ TODO: check
+CVE-2026-32868 (OPEXUS eComplaint and eCASE before 10.2.0.0 do not correctly
sanitize ...)
+ TODO: check
+CVE-2026-32867 (OPEXUS eComplaint before version 10.1.0.0 allows an
unauthenticated at ...)
+ TODO: check
+CVE-2026-32866 (OPEXUS eComplaint and eCASE before 10.2.0.0 do not correctly
sanitize ...)
+ TODO: check
+CVE-2026-32865 (OPEXUS eComplaint and eCASE before version 10.1.0.0 include
the secret ...)
+ TODO: check
+CVE-2026-32843 (Location Aware Sensor System by Linkit ONE, up to commit
f06bd20 (2023 ...)
+ TODO: check
+CVE-2026-32238 (OpenEMR is a free and open source electronic health records
and medica ...)
+ TODO: check
+CVE-2026-32119 (OpenEMR is a free and open source electronic health records
and medica ...)
+ TODO: check
+CVE-2026-30711 (Devome GRR v4.5.0 was discovered to contain multiple
authenticated SQL ...)
+ TODO: check
+CVE-2026-30694 (An issue in DedeCMS v.5.7.118 and before allows a remote
attacker to e ...)
+ TODO: check
+CVE-2026-30404 (The backend database management connection test feature in
wgcloud v3. ...)
+ TODO: check
+CVE-2026-30403 (There is an arbitrary file read vulnerability in the test
connection f ...)
+ TODO: check
+CVE-2026-30402 (An issue in wgcloud v.2.3.7 and before allows a remote
attacker to exe ...)
+ TODO: check
+CVE-2026-2646 (A heap-buffer-overflow vulnerability exists in wolfSSL's
wolfSSL_d2i_S ...)
+ TODO: check
+CVE-2026-2645 (In wolfSSL 5.8.2 and earlier, a logic flaw existed in the TLS
1.2 serv ...)
+ TODO: check
+CVE-2026-27070 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-27068 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-27067 (Unrestricted Upload of File with Dangerous Type vulnerability
in Syari ...)
+ TODO: check
+CVE-2026-27065 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2026-27043 (Unrestricted Upload of File with Dangerous Type vulnerability
in Theme ...)
+ TODO: check
+CVE-2026-26940 (Improper Validation of Specified Quantity in Input (CWE-1284)
in the T ...)
+ TODO: check
+CVE-2026-26939 (Missing Authorization (CWE-862) in Kibana\u2019s server-side
Detection ...)
+ TODO: check
+CVE-2026-26933 (Improper Validation of Array Index (CWE-129) in multiple
protocol pars ...)
+ TODO: check
+CVE-2026-26931 (Memory Allocation with Excessive Size Value (CWE-789) in the
Prometheu ...)
+ TODO: check
+CVE-2026-25928 (OpenEMR is a free and open source electronic health records
and medica ...)
+ TODO: check
+CVE-2026-25744 (OpenEMR is a free and open source electronic health records
and medica ...)
+ TODO: check
+CVE-2026-25667 (ASP.NET Core Kestrel in Microsoft .NET 8.0 before 8.0.22 and
.NET 9.0 ...)
+ TODO: check
+CVE-2026-25445 (Deserialization of Untrusted Data vulnerability in Membership
Software ...)
+ TODO: check
+CVE-2026-25443 (Missing Authorization vulnerability in Dotstore Fraud
Prevention For W ...)
+ TODO: check
+CVE-2026-25442 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-25438 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-22558 (An Authenticated NoSQL Injection vulnerability found in UniFi
Network ...)
+ TODO: check
+CVE-2026-22557 (A malicious actor with access to the network could exploit a
Path Trav ...)
+ TODO: check
+CVE-2026-21788 (HCL Connections is vulnerable to a cross-site scripting attack
where a ...)
+ TODO: check
+CVE-2026-1005 (Integer underflow in wolfSSL packet sniffer <= 5.8.4 allows an
attacke ...)
+ TODO: check
+CVE-2026-0819 (A stack buffer overflow vulnerability exists in wolfSSL's PKCS7
Signed ...)
+ TODO: check
+CVE-2025-71260 (BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001
contain a d ...)
+ TODO: check
+CVE-2025-71259 (BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001
contain a b ...)
+ TODO: check
+CVE-2025-71258 (BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001
contain a b ...)
+ TODO: check
+CVE-2025-71257 (BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001
contain an ...)
+ TODO: check
+CVE-2025-69720 (ncurses v6.5 and v6.4 are vulnerable to Buffer Overflow in
progs/infoc ...)
+ TODO: check
+CVE-2025-68836 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-67618 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-67115 (A path traversal vulnerability in /ftl/web/setup.cgi in Small
Cell Ser ...)
+ TODO: check
+CVE-2025-67114 (Use of a deterministic credential generation algorithm in
/ftl/bin/cal ...)
+ TODO: check
+CVE-2025-67113 (OS command injection in the CWMP client (/ftl/bin/cwmp) of
Small Cell ...)
+ TODO: check
+CVE-2025-67112 (Use of a hard-coded AES-256-CBC key in the configuration
backup/restor ...)
+ TODO: check
+CVE-2025-62043 (Improper neutralization of input during web page generation
('cross-si ...)
+ TODO: check
+CVE-2025-60237 (Deserialization of Untrusted Data vulnerability in Themeton
Finag allo ...)
+ TODO: check
+CVE-2025-60233 (Deserialization of Untrusted Data vulnerability in Themeton
Zuut allow ...)
+ TODO: check
+CVE-2025-53222 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-50001 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-32223 (Authorization Bypass Through User-Controlled Key vulnerability
in Them ...)
+ TODO: check
+CVE-2025-14716 (Improper Authentication vulnerability in Secomea GateManager
(webserve ...)
+ TODO: check
CVE-2026-4342
NOT-FOR-US: Kubernetes ingress-nginx
CVE-2026-4407 (Out-of-bounds array write in Xpdf 4.06 and earlier, due to
incorrect v ...)
@@ -4098,7 +4226,7 @@ CVE-2025-41710 (An unauthenticated remote attacker may
use hardcodes credentials
NOT-FOR-US: Janitza
CVE-2025-41709 (An unauthenticated remote attacker can perform a command
injection via ...)
NOT-FOR-US: Janitza
-CVE-2025-40943 (Affected devices do not properly sanitize contents of trace
files. Thi ...)
+CVE-2025-40943 (Affected devices do not properly sanitize contents of trace
files. Th ...)
NOT-FOR-US: Siemens
CVE-2025-36227 (IBM Aspera Faspex 5 5.0.0 through 5.0.14.3 is vulnerable to
HTTP heade ...)
NOT-FOR-US: IBM
@@ -13320,6 +13448,7 @@ CVE-2025-15578 (Maypole versions from 2.10 through 2.13
for Perl generates sessi
CVE-2025-12062 (The WP Maps \u2013 Store Locator,Google
Maps,OpenStreetMap,Mapbox,List ...)
NOT-FOR-US: WordPress plugin
CVE-2026-2604
+ {DLA-4503-1}
- evolution-data-server 3.56.2-8 (bug #1128332)
NOTE: https://gitlab.gnome.org/GNOME/evolution-data-server/-/issues/627
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/evolution-data-server/-/commit/afa12b6ba502e5acaa431415aa3b939ddb377382
@@ -15253,7 +15382,7 @@ CVE-2026-25990 (Pillow is a Python imaging library.
From 10.3.0 to before 12.1.1
NOTE: Introduced with fix for
https://github.com/python-pillow/Pillow/pull/7706
NOTE: Introduced with:
https://github.com/python-pillow/Pillow/commit/c2907dc04967109391a77eea00f7d583a0a0395f
(10.3.0)
NOTE: Fixed by:
https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa
(12.1.1)
-CVE-2026-2369
+CVE-2026-2369 (A flaw was found in libsoup. An integer underflow vulnerability
occurs ...)
- libsoup3 3.6.6-1 (bug #1127843)
[trixie] - libsoup3 <no-dsa> (Minor issue)
[bookworm] - libsoup3 <no-dsa> (Minor issue)
@@ -88191,7 +88320,7 @@ CVE-2025-53713 (A vulnerability has been found in
TP-Link TL-WR841N V11. The vul
NOT-FOR-US: TP-Link
CVE-2025-53712 (A vulnerability has been found in TP-Link TL-WR841N V11. The
vulnerabi ...)
NOT-FOR-US: TP-Link
-CVE-2025-53711 (A vulnerability has been found in TP-Link TL-WR841N V11. The
vulnerabi ...)
+CVE-2025-53711 (A vulnerability has been found in TP-Link TL-WR841N v11,
TL-WR842ND v2 ...)
NOT-FOR-US: TP-Link
CVE-2025-53541 (Tuleap is an Open Source Suite created to facilitate
management of sof ...)
NOT-FOR-US: Tuleap
@@ -920603,13 +920732,13 @@ CVE-2006-3972 (Directory traversal vulnerability in
includes/operator_chattransc
NOT-FOR-US: Ajax Chat
CVE-2006-3971 (Cross-site scripting (XSS) vulnerability in
visitor/livesupport/chat.p ...)
NOT-FOR-US: Ajax Chat
-CVE-2006-10002 [Buffer overflow in XML::Parser::Expat triggered by utf8]
+CVE-2006-10002 (XML::Parser versions through 2.47 for Perl could overflow the
pre-allo ...)
- libxml-parser-perl 2.34-4.2 (bug #378411; medium)
NOTE: https://lists.security.metacpan.org/cve-announce/msg/38106361/
NOTE: https://rt.cpan.org/Ticket/Display.html?id=19859
NOTE: https://github.com/cpan-authors/XML-Parser/issues/64
NOTE: Fixed by:
https://github.com/cpan-authors/XML-Parser/commit/5361c2b7f48599718cdecbe50c5fdd88b28ffd79
(2.48)
-CVE-2006-10003 [Buffer overflow in XML::Parser::Expat triggered by deep
nesting]
+CVE-2006-10003 (XML::Parser versions through 2.47 for Perl has an off-by-one
heap buff ...)
- libxml-parser-perl 2.34-4.1 (bug #378412; medium)
NOTE: https://lists.security.metacpan.org/cve-announce/msg/38106362/
NOTE: https://rt.cpan.org/Ticket/Display.html?id=19860
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f755dc0104d80bf5c266d3034f4881afaf190ae4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f755dc0104d80bf5c266d3034f4881afaf190ae4
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
