Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2b3e2358 by security tracker role at 2026-03-24T08:13:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,25 +1,293 @@
-CVE-2026-4680
+CVE-2026-4756 (Out-of-bounds Write vulnerability in MolotovCherry
Android-ImageMagick ...)
+ TODO: check
+CVE-2026-4755 (CWE-20 vulnerability in MolotovCherry Android-ImageMagick7.This
issue ...)
+ TODO: check
+CVE-2026-4754 (CWE-79 vulnerability in MolotovCherry Android-ImageMagick7.This
issue ...)
+ TODO: check
+CVE-2026-4753 (Out-of-bounds Read vulnerability in slajerek RetroDebugger.This
issue ...)
+ TODO: check
+CVE-2026-4752 (Use After Free vulnerability in No-Chicken Echo-Mate.This issue
affect ...)
+ TODO: check
+CVE-2026-4751 (NULL Pointer Dereference vulnerability in tmate-io tmate.This
issue af ...)
+ TODO: check
+CVE-2026-4750 (Out-of-bounds Read vulnerability in fabiangreffrath woof.This
issue af ...)
+ TODO: check
+CVE-2026-4749 (NVD-CWE-noinfo vulnerability in albfan miraclecast.This issue
affects ...)
+ TODO: check
+CVE-2026-4746 (Out-of-bounds Write vulnerability in timeplus-io proton
(base/poco/Fou ...)
+ TODO: check
+CVE-2026-4745 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
+ TODO: check
+CVE-2026-4744 (Out-of-bounds Read vulnerability in rizonesoft Notepad3
(scintilla/oni ...)
+ TODO: check
+CVE-2026-4743 (NULL Pointer Dereference vulnerability in taurusxin ncmdump
(src/utils ...)
+ TODO: check
+CVE-2026-4742 (Inconsistent Interpretation of HTTP Requests ('HTTP
Request/Response S ...)
+ TODO: check
+CVE-2026-4741 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2026-4739 (Integer Overflow or Wraparound vulnerability in
InsightSoftwareConsort ...)
+ TODO: check
+CVE-2026-4738 (Improper Restriction of Operations within the Bounds of a
Memory Buffe ...)
+ TODO: check
+CVE-2026-4737 (Use After Free vulnerability in No-Chicken Echo-Mate
(SDK/rv1106-sdk/s ...)
+ TODO: check
+CVE-2026-4736 (Improper Handling of Values vulnerability in No-Chicken
Echo-Mate (SDK ...)
+ TODO: check
+CVE-2026-4735 (Deserialization of Untrusted Data vulnerability in DTStack
chunjun (ch ...)
+ TODO: check
+CVE-2026-4734 (Improper Restriction of Operations within the Bounds of a
Memory Buffe ...)
+ TODO: check
+CVE-2026-4733 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
+CVE-2026-4732 (Out-of-bounds Read vulnerability in tildearrow furnace
(extern/libsndf ...)
+ TODO: check
+CVE-2026-4731 (Integer Overflow or Wraparound vulnerability in artraweditor
ART (rten ...)
+ TODO: check
+CVE-2026-4681 (A critical remote code execution (RCE) vulnerability has been
reported ...)
+ TODO: check
+CVE-2026-4662 (The JetEngine plugin for WordPress is vulnerable to SQL
Injection via ...)
+ TODO: check
+CVE-2026-4640 (Vitals ESP developed by Galaxy Software Services has a Missing
Authent ...)
+ TODO: check
+CVE-2026-4639 (Vitals ESP developed by Galaxy Software Services has a
Incorrect Autho ...)
+ TODO: check
+CVE-2026-4632 (A weakness has been identified in itsourcecode Online
Enrollment Syste ...)
+ TODO: check
+CVE-2026-4627 (A vulnerability was found in D-Link DIR-825 and DIR-825R
1.0.5/4.5.1. ...)
+ TODO: check
+CVE-2026-4626 (A vulnerability has been found in projectworlds Lawyer
Management Syst ...)
+ TODO: check
+CVE-2026-4625 (A flaw has been found in SourceCodester Online Admission System
1.0. T ...)
+ TODO: check
+CVE-2026-4624 (A vulnerability was detected in SourceCodester Online Library
Manageme ...)
+ TODO: check
+CVE-2026-4623 (A security vulnerability has been detected in DefaultFuction
Jeson-Cus ...)
+ TODO: check
+CVE-2026-4617 (A weakness has been identified in SourceCodester Patients
Waiting Area ...)
+ TODO: check
+CVE-2026-4616 (A security flaw has been discovered in bolo-blog \uae4c\uc9c0
2.6.4. T ...)
+ TODO: check
+CVE-2026-4615 (A vulnerability was identified in SourceCodester Online
Catering Reser ...)
+ TODO: check
+CVE-2026-4614 (A vulnerability was determined in itsourcecode sanitize or
validate th ...)
+ TODO: check
+CVE-2026-4613 (A vulnerability was found in SourceCodester E-Commerce Site
1.0. This ...)
+ TODO: check
+CVE-2026-4612 (A vulnerability has been found in itsourcecode Free Hotel
Reservation ...)
+ TODO: check
+CVE-2026-4611 (A flaw has been found in TOTOLINK X6000R
9.4.0cu.1360_B20241207/9.4.0c ...)
+ TODO: check
+CVE-2026-4597 (A security flaw has been discovered in 648540858
wvp-GB28181-pro up to ...)
+ TODO: check
+CVE-2026-4368 (Race Condition inNetScaler ADC and NetScaler Gateway when
appliance is ...)
+ TODO: check
+CVE-2026-4306 (The WP Job Portal plugin for WordPress is vulnerable to SQL
Injection ...)
+ TODO: check
+CVE-2026-4283 (The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to
unauth ...)
+ TODO: check
+CVE-2026-4066 (The Smart Custom Fields plugin for WordPress is vulnerable to
unauthor ...)
+ TODO: check
+CVE-2026-4056 (The User Registration & Membership plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2026-4021 (The Contest Gallery plugin for WordPress is vulnerable to an
authentic ...)
+ TODO: check
+CVE-2026-4001 (The Woocommerce Custom Product Addons Pro plugin for WordPress
is vuln ...)
+ TODO: check
+CVE-2026-3533 (The Jupiter X Core plugin for WordPress is vulnerable to
limited file ...)
+ TODO: check
+CVE-2026-3509 (An unauthenticated remote attacker may be able to control the
format s ...)
+ TODO: check
+CVE-2026-3260 (A flaw was found in Undertow. A remote attacker could exploit
this vul ...)
+ TODO: check
+CVE-2026-3225 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress
is vul ...)
+ TODO: check
+CVE-2026-3138 (The Product Filter for WooCommerce by WBW plugin for WordPress
is vuln ...)
+ TODO: check
+CVE-2026-3079 (The LearnDash LMS plugin for WordPress is vulnerable to blind
time-bas ...)
+ TODO: check
+CVE-2026-3055 (Insufficient input validation inNetScaler ADC and NetScaler
Gateway wh ...)
+ TODO: check
+CVE-2026-33856 (Missing Release of Memory after Effective Lifetime
vulnerability in Mo ...)
+ TODO: check
+CVE-2026-33855 (Integer Overflow or Wraparound vulnerability in MolotovCherry
Android- ...)
+ TODO: check
+CVE-2026-33854 (Out-of-bounds Write vulnerability in MolotovCherry
Android-ImageMagick ...)
+ TODO: check
+CVE-2026-33853 (NULL Pointer Dereference vulnerability in MolotovCherry
Android-ImageM ...)
+ TODO: check
+CVE-2026-33852 (Missing Release of Memory after Effective Lifetime
vulnerability in Mo ...)
+ TODO: check
+CVE-2026-33851 (Improper Restriction of Operations within the Bounds of a
Memory Buffe ...)
+ TODO: check
+CVE-2026-33850 (Out-of-bounds Write vulnerability in WujekFoliarz
DualSenseY-v2.This i ...)
+ TODO: check
+CVE-2026-33849 (Improper Restriction of Operations within the Bounds of a
Memory Buffe ...)
+ TODO: check
+CVE-2026-33848 (Improper Restriction of Operations within the Bounds of a
Memory Buffe ...)
+ TODO: check
+CVE-2026-33847 (Improper Restriction of Operations within the Bounds of a
Memory Buffe ...)
+ TODO: check
+CVE-2026-33634 (Trivy is a security scanner. On March 19, 2026, a threat actor
used co ...)
+ TODO: check
+CVE-2026-33320 (Dasel is a command-line tool and library for querying,
modifying, and ...)
+ TODO: check
+CVE-2026-33308 (Mod_gnutls is a TLS module for Apache HTTPD based on GnuTLS.
Prior to ...)
+ TODO: check
+CVE-2026-33307 (Mod_gnutls is a TLS module for Apache HTTPD based on GnuTLS.
In versio ...)
+ TODO: check
+CVE-2026-33298 (llama.cpp is an inference of several LLM models in C/C++.
Prior to b78 ...)
+ TODO: check
+CVE-2026-33290 (WPGraphQL provides a GraphQL API for WordPress sites. Prior to
version ...)
+ TODO: check
+CVE-2026-33286 (Graphiti is a framework that sits on top of models and exposes
them vi ...)
+ TODO: check
+CVE-2026-33283 (Ella Core is a 5G core designed for private networks. Versions
prior t ...)
+ TODO: check
+CVE-2026-33282 (Ella Core is a 5G core designed for private networks. Versions
prior t ...)
+ TODO: check
+CVE-2026-33281 (Ella Core is a 5G core designed for private networks. Versions
prior t ...)
+ TODO: check
+CVE-2026-33252 (The Go MCP SDK used Go's standard encoding/json. Prior to
version 1.4. ...)
+ TODO: check
+CVE-2026-33242 (Salvo is a Rust web framework. Versions 0.39.0 through 0.89.2
have a P ...)
+ TODO: check
+CVE-2026-33241 (Salvo is a Rust web framework. Prior to version 0.89.3,
Salvo's form d ...)
+ TODO: check
+CVE-2026-33211 (Tekton Pipelines project provides k8s-style resources for
declaring CI ...)
+ TODO: check
+CVE-2026-33202 (Active Storage allows users to attach cloud and local files in
Rails a ...)
+ TODO: check
+CVE-2026-33195 (Active Storage allows users to attach cloud and local files in
Rails a ...)
+ TODO: check
+CVE-2026-33176 (Active Support is a toolkit of support libraries and Ruby core
extensi ...)
+ TODO: check
+CVE-2026-33174 (Active Storage allows users to attach cloud and local files in
Rails a ...)
+ TODO: check
+CVE-2026-33173 (Active Storage allows users to attach cloud and local files in
Rails a ...)
+ TODO: check
+CVE-2026-33170 (Active Support is a toolkit of support libraries and Ruby core
extensi ...)
+ TODO: check
+CVE-2026-33169 (Active Support is a toolkit of support libraries and Ruby core
extensi ...)
+ TODO: check
+CVE-2026-33168 (Action View provides conventions and helpers for building web
pages wi ...)
+ TODO: check
+CVE-2026-33167 (Action Pack is a Rubygem for building web applications on the
Rails fr ...)
+ TODO: check
+CVE-2026-33046 (Indico is an event management system that uses
Flask-Multipass, a mult ...)
+ TODO: check
+CVE-2026-32913 (OpenClaw before 2026.3.7 contains an improper header
validation vulner ...)
+ TODO: check
+CVE-2026-32912
+ REJECTED
+CVE-2026-32911
+ REJECTED
+CVE-2026-32910
+ REJECTED
+CVE-2026-32909
+ REJECTED
+CVE-2026-32908
+ REJECTED
+CVE-2026-32907
+ REJECTED
+CVE-2026-32904
+ REJECTED
+CVE-2026-32903
+ REJECTED
+CVE-2026-32902
+ REJECTED
+CVE-2026-32901
+ REJECTED
+CVE-2026-32900
+ REJECTED
+CVE-2026-32642 (Incorrect Authorization (CWE-863)vulnerability in Apache
Artemis, Apac ...)
+ TODO: check
+CVE-2026-32300 (Connect-CMS is a content management system. In versions on the
1.x ser ...)
+ TODO: check
+CVE-2026-32299 (Connect-CMS is a content management system. In versions on the
1.x ser ...)
+ TODO: check
+CVE-2026-32279 (Connect-CMS is a content management system. In versions on the
1.x ser ...)
+ TODO: check
+CVE-2026-32278 (Connect-CMS is a content management system. In versions on the
1.x ser ...)
+ TODO: check
+CVE-2026-32277 (Connect-CMS is a content management system. In versions 1.35.0
through ...)
+ TODO: check
+CVE-2026-32276 (Connect-CMS is a content management system. In versions on the
1.x ser ...)
+ TODO: check
+CVE-2026-32066
+ REJECTED
+CVE-2026-32047
+ REJECTED
+CVE-2026-32012
+ REJECTED
+CVE-2026-2412 (The Quiz and Survey Master (QSM) plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2026-29111 (systemd, a system and service manager, (as PID 1) hits an
assert and f ...)
+ TODO: check
+CVE-2026-28483
+ REJECTED
+CVE-2026-28455
+ REJECTED
+CVE-2026-27646 (OpenClaw versions prior to 2026.3.7 contain a sandbox escape
vulnerabi ...)
+ TODO: check
+CVE-2026-27183 (OpenClaw versions prior to 2026.3.7 contain a shell approval
gating by ...)
+ TODO: check
+CVE-2026-23882 (Blinko is an AI-powered card note-taking project. Prior to
version 1.8 ...)
+ TODO: check
+CVE-2026-23488 (Blinko is an AI-powered card note-taking project. Prior to
version 1.8 ...)
+ TODO: check
+CVE-2026-23487 (Blinko is an AI-powered card note-taking project. Prior to
version 1.8 ...)
+ TODO: check
+CVE-2026-23486 (Blinko is an AI-powered card note-taking project. Prior to
version 1.8 ...)
+ TODO: check
+CVE-2026-23485 (Blinko is an AI-powered card note-taking project. Prior to
version 1.8 ...)
+ TODO: check
+CVE-2026-23484 (Blinko is an AI-powered card note-taking project. In versions
from 1.8 ...)
+ TODO: check
+CVE-2026-23483 (Blinko is an AI-powered card note-taking project. In versions
from 1.8 ...)
+ TODO: check
+CVE-2026-23482 (Blinko is an AI-powered card note-taking project. Prior to
version 1.8 ...)
+ TODO: check
+CVE-2026-23481 (Blinko is an AI-powered card note-taking project. Prior to
version 1.8 ...)
+ TODO: check
+CVE-2026-23480 (Blinko is an AI-powered card note-taking project. Prior to
version 1.8 ...)
+ TODO: check
+CVE-2026-22739 (Vulnerability in Spring Cloud when substituting the profile
parameter ...)
+ TODO: check
+CVE-2026-22173
+ REJECTED
+CVE-2025-60949 (Census CSWeb 8.0.1 allows "app/config" to be reachable via
HTTP in som ...)
+ TODO: check
+CVE-2025-60948 (Census CSWeb 8.0.1 allows stored cross-site scripting in user
supplied ...)
+ TODO: check
+CVE-2025-60947 (Census CSWeb 8.0.1 allows arbitrary file upload. A remote,
authenticat ...)
+ TODO: check
+CVE-2025-60946 (Census CSWeb 8.0.1 allows arbitrary file path input. A remote,
authent ...)
+ TODO: check
+CVE-2025-41660 (A low-privileged remote attacker may be able to replace the
boot appli ...)
+ TODO: check
+CVE-2026-4680 (Use after free in FedCM in Google Chrome prior to
146.0.7680.165 allow ...)
- chromium 146.0.7680.164-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-4679
+CVE-2026-4679 (Integer overflow in Fonts in Google Chrome prior to
146.0.7680.165 all ...)
- chromium 146.0.7680.164-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-4678
+CVE-2026-4678 (Use after free in WebGPU in Google Chrome prior to
146.0.7680.165 allo ...)
- chromium 146.0.7680.164-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-4677
+CVE-2026-4677 (Inappropriate implementation in WebAudio in Google Chrome prior
to 146 ...)
- chromium 146.0.7680.164-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-4676
+CVE-2026-4676 (Use after free in Dawn in Google Chrome prior to 146.0.7680.165
allowe ...)
- chromium 146.0.7680.164-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-4675
+CVE-2026-4675 (Heap buffer overflow in WebGL in Google Chrome prior to
146.0.7680.165 ...)
- chromium 146.0.7680.164-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-4674
+CVE-2026-4674 (Out of bounds read in CSS in Google Chrome prior to
146.0.7680.165 all ...)
- chromium 146.0.7680.164-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-4673
+CVE-2026-4673 (Heap buffer overflow in WebAudio in Google Chrome prior to
146.0.7680. ...)
- chromium 146.0.7680.164-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-4647 (A flaw was found in the GNU Binutils BFD library, a widely used
compon ...)
@@ -439,7 +707,7 @@ CVE-2019-25591 (DNSS Domain Name Search Software 2.1.8
contains a buffer overflo
NOT-FOR-US: DNSS Domain Name Search Software
CVE-2019-25590 (Axessh 4.2 contains a denial of service vulnerability in the
logging c ...)
NOT-FOR-US: Axessh
-CVE-2026-33306
+CVE-2026-33306 (bcrypt-ruby is a Ruby binding for the OpenBSD bcrypt()
password hashin ...)
- ruby-bcrypt 3.1.22-1
NOTE:
https://github.com/bcrypt-ruby/bcrypt-ruby/security/advisories/GHSA-f27w-vcwj-c954
NOTE: Fixed by:
https://github.com/bcrypt-ruby/bcrypt-ruby/commit/5faa2748331d3edc661c127ef2fbb3afcb6b02a4
(v3.1.22)
@@ -590,7 +858,7 @@ CVE-2019-25545 (Terminal Services Manager 3.2.1 contains a
local buffer overflow
NOT-FOR-US: Terminal Services Manager
CVE-2019-25544 (Pidgin 2.13.0 contains a denial of service vulnerability that
allows l ...)
TODO: check
-CVE-2026-33250
+CVE-2026-33250 (Freeciv21 is a free open source, turn-based, empire-building
strategy ...)
{DSA-6173-1}
- freeciv 3.2.4+ds-1 (bug #1131524)
NOTE: https://redmine.freeciv.org/issues/1955
@@ -6277,7 +6545,7 @@ CVE-2026-2921 (GStreamer RIFF Palette Integer Overflow
Remote Code Execution Vul
- gst-plugins-base1.0 1.28.1-1
NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0004.html
NOTE: Fixed by:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/66d1f79c78b573db714434cf08e7531bed4f4473
(main)
-CVE-2026-1940
+CVE-2026-1940 (An incomplete fix for CVE-2024-47778 allows an out-of-bounds
read in g ...)
- gst-plugins-good1.0 1.28.1-1
[trixie] - gst-plugins-good1.0 <no-dsa> (Minor issue)
[bookworm] - gst-plugins-good1.0 <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b3e23585d34c65ac8f40befac3b8e993df3b789
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b3e23585d34c65ac8f40befac3b8e993df3b789
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
