[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Sun, 22 Mar 2026 01:14:13 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
0fbd7a8b by security tracker role at 2026-03-22T08:13:03+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,50 @@
-CVE-2026-33549
+CVE-2026-4540 (A vulnerability was detected in projectworlds Online Notes 
Sharing Sys ...)
+       TODO: check
+CVE-2026-4539 (A security flaw has been discovered in pygments up to 2.19.2. 
The impa ...)
+       TODO: check
+CVE-2026-4538 (A vulnerability was identified in PyTorch 2.10.0. The affected 
element ...)
+       TODO: check
+CVE-2026-4537 (A vulnerability was determined in Cudy TR1200 
R46-2.4.15-20250721-1640 ...)
+       TODO: check
+CVE-2026-4536 (A vulnerability was found in Acrel Environmental Monitoring 
Cloud Plat ...)
+       TODO: check
+CVE-2026-4535 (A vulnerability has been found in Tenda FH451 1.0.0.9. This 
vulnerabil ...)
+       TODO: check
+CVE-2026-4534 (A flaw has been found in Tenda FH451 1.0.0.9. This affects the 
functio ...)
+       TODO: check
+CVE-2026-4533 (A vulnerability was detected in code-projects Simple Food 
Ordering Sys ...)
+       TODO: check
+CVE-2026-4532 (A security vulnerability has been detected in code-projects 
Simple Foo ...)
+       TODO: check
+CVE-2026-4531 (A weakness has been identified in Free5GC 4.1.0. Affected is 
the funct ...)
+       TODO: check
+CVE-2026-4530 (A security flaw has been discovered in apconw Aix-DB up to 
1.2.3. This ...)
+       TODO: check
+CVE-2026-4529 (A vulnerability was identified in D-Link DHP-1320 1.00WWB04. 
This affe ...)
+       TODO: check
+CVE-2026-4528 (A vulnerability was determined in trueleaf ApiFlow 0.9.7. The 
impacted ...)
+       TODO: check
+CVE-2026-4314 (The 'The Ultimate WordPress Toolkit \u2013 WP Extended' plugin 
for Wor ...)
+       TODO: check
+CVE-2026-3629 (The Import and export users and customers plugin for WordPress 
is vuln ...)
+       TODO: check
+CVE-2026-3427 (The Yoast SEO \u2013 Advanced SEO with real-time guidance and 
built-in ...)
+       TODO: check
+CVE-2019-25589 (ZOC Terminal 7.23.4 contains a buffer overflow vulnerability 
in the Sh ...)
+       TODO: check
+CVE-2019-25588 (BulletProof FTP Server 2019.0.0.50 contains a denial of 
service vulner ...)
+       TODO: check
+CVE-2019-25587 (BulletProof FTP Server 2019.0.0.50 contains a denial of 
service vulner ...)
+       TODO: check
+CVE-2019-25586 (Deluge 1.3.15 contains a denial of service vulnerability that 
allows l ...)
+       TODO: check
+CVE-2019-25585 (Deluge 1.3.15 contains a denial of service vulnerability that 
allows l ...)
+       TODO: check
+CVE-2019-25584 (RarmaRadio 2.72.3 contains a buffer overflow vulnerability in 
the Serv ...)
+       TODO: check
+CVE-2019-25583 (RarmaRadio 2.72.3 contains a denial of service vulnerability 
in the Us ...)
+       TODO: check
+CVE-2026-33549 (SPIP 4.4.10 through 4.4.12 before 4.4.13 allows unintended 
privilege a ...)
        - spip 4.4.13+dfsg-1
        NOTE: 
https://blog.spip.net/Mise-a-jour-de-securite-sortie-de-SPIP-4-4-13.html
        NOTE: https://git.spip.net/spip/prive/-/merge_requests/131
@@ -2301,10 +2347,10 @@ CVE-2025-14031 (IBM Sterling B2B Integrator andand IBM 
Sterling File Gateway6.1.
 CVE-2026-3312
        - pagure <unfixed>
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2443259
-CVE-2025-71276 [prevent xss with events, tasks and contacts categories]
+CVE-2025-71276 (SOGo before 5.12.5 is prone to a XSS vulnerability with 
events, tasks, ...)
        - sogo <unfixed>
        NOTE: Fixed by: 
https://github.com/Alinto/sogo/commit/e9b3f2a43d7557e8416f6749df4ab4f9128af2d1 
(SOGo-5.12.5)
-CVE-2026-33550 [properly change the totp code after disabling it]
+CVE-2026-33550 (SOGo before 5.12.5 does not renew the OTP if a user 
disables/enables i ...)
        - sogo <unfixed>
        NOTE: Fixed by: 
https://github.com/Alinto/sogo/commit/83d4c522f87cfde0ba543837d9b24c3479083ec2 
(SOGo-5.12.5)
 CVE-2026-4359 (A compromised third party cloud server or man-in-the-middle 
attacker c ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0fbd7a8b5c23366f2a895610988b79acf077defa

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0fbd7a8b5c23366f2a895610988b79acf077defa
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to