Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
18bc31ec by security tracker role at 2026-03-30T19:14:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,165 @@
+CVE-2026-5170 (A user with access to the cluster with a limited set of
privilege acti ...)
+ TODO: check
+CVE-2026-5165 (A flaw was found in virtio-win, specifically within the VirtIO
Block ( ...)
+ TODO: check
+CVE-2026-5164 (A flaw was found in virtio-win. The `RhelDoUnMap()` function
does not ...)
+ TODO: check
+CVE-2026-5147 (A security flaw has been discovered in YunaiV yudao-cloud up to
2026.0 ...)
+ TODO: check
+CVE-2026-5128 (A sensitive information exposure vulnerability exists in
ArthurFiorett ...)
+ TODO: check
+CVE-2026-5126 (A flaw has been found in SourceCodester RSS Feed Parser 1.0.
Affected ...)
+ TODO: check
+CVE-2026-5125 (A vulnerability was detected in raine consult-llm-mcp up to
2.5.3. Aff ...)
+ TODO: check
+CVE-2026-5124 (A security vulnerability has been detected in osrg GoBGP up to
4.3.0. ...)
+ TODO: check
+CVE-2026-5123 (A weakness has been identified in osrg GoBGP up to 4.3.0. This
impacts ...)
+ TODO: check
+CVE-2026-5122 (A security flaw has been discovered in osrg GoBGP up to 4.3.0.
This af ...)
+ TODO: check
+CVE-2026-5121 (A flaw was found in libarchive. On 32-bit systems, an integer
overflow ...)
+ TODO: check
+CVE-2026-4425
+ REJECTED
+CVE-2026-4416 (The Performance Library component of Gigabyte Control Center
has an In ...)
+ TODO: check
+CVE-2026-4415 (Gigabyte Control Center developed by GIGABYTE has an Arbitrary
File Wr ...)
+ TODO: check
+CVE-2026-4315 (A Cross-Site Request Forgery (CSRF) vulnerability in the
WatchGuard Fi ...)
+ TODO: check
+CVE-2026-4266 (An Insecure Deserialization vulnerability in WatchGuard
Fireware OS al ...)
+ TODO: check
+CVE-2026-4046 (The iconv() function in the GNU C Library versions 2.43 and
earlier ma ...)
+ TODO: check
+CVE-2026-3991 (Symantec Data Loss Prevention Windows Endpoint, prior to 25.1
MP1, 16. ...)
+ TODO: check
+CVE-2026-3945 (An integer overflow vulnerability in the HTTP chunked transfer
encodin ...)
+ TODO: check
+CVE-2026-3502 (TrueConf Client downloads application update code and applies
it witho ...)
+ TODO: check
+CVE-2026-3321 (A vulnerability of authorization bypass through user-controlled
key in ...)
+ TODO: check
+CVE-2026-34714 (Vim before 9.2.0272 allows code execution that happens
immediately upo ...)
+ TODO: check
+CVE-2026-34472 (Unauthenticated credential disclosure in the wizard interface
in ZTE Z ...)
+ TODO: check
+CVE-2026-33643 (SQL Injection vulnerability in SchemaHero 0.23.0 via the
column parame ...)
+ TODO: check
+CVE-2026-33373 (An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and
10.1. A ...)
+ TODO: check
+CVE-2026-33032 (Nginx UI is a web user interface for the Nginx web server. In
versions ...)
+ TODO: check
+CVE-2026-33030 (Nginx UI is a web user interface for the Nginx web server. In
versions ...)
+ TODO: check
+CVE-2026-33029 (Nginx UI is a web user interface for the Nginx web server.
Prior to ve ...)
+ TODO: check
+CVE-2026-33028 (Nginx UI is a web user interface for the Nginx web server.
Prior to ve ...)
+ TODO: check
+CVE-2026-33027 (Nginx UI is a web user interface for the Nginx web server.
Prior to ve ...)
+ TODO: check
+CVE-2026-30566 (A Reflected Cross-Site Scripting (XSS) vulnerability exists in
SourceC ...)
+ TODO: check
+CVE-2026-30565 (A Reflected Cross-Site Scripting (XSS) vulnerability exists in
SourceC ...)
+ TODO: check
+CVE-2026-30564 (A Reflected Cross-Site Scripting (XSS) vulnerability exists in
SourceC ...)
+ TODO: check
+CVE-2026-30563 (A Stored Cross-Site Scripting (XSS) vulnerability exists in
SourceCode ...)
+ TODO: check
+CVE-2026-30562 (A Reflected Cross-Site Scripting (XSS) vulnerability exists in
SourceC ...)
+ TODO: check
+CVE-2026-30561 (A Reflected Cross-Site Scripting (XSS) vulnerability exists in
SourceC ...)
+ TODO: check
+CVE-2026-30560 (A Reflected Cross-Site Scripting (XSS) vulnerability exists in
SourceC ...)
+ TODO: check
+CVE-2026-30559 (A Reflected Cross-Site Scripting (XSS) vulnerability exists in
SourceC ...)
+ TODO: check
+CVE-2026-30558 (A Reflected Cross-Site Scripting (XSS) vulnerability exists in
SourceC ...)
+ TODO: check
+CVE-2026-30557 (A Reflected Cross-Site Scripting (XSS) vulnerability exists in
SourceC ...)
+ TODO: check
+CVE-2026-30556 (A Reflected Cross-Site Scripting (XSS) vulnerability exists in
SourceC ...)
+ TODO: check
+CVE-2026-30082 (Multiple stored cross-site scripting (XSS) vulnerabilities in
the Edit ...)
+ TODO: check
+CVE-2026-30077 (OpenAirInterface V2.2.0 AMF crashes when it fails to decode
the messag ...)
+ TODO: check
+CVE-2026-2328 (An unauthenticated remote attacker can exploit insufficient
input vali ...)
+ TODO: check
+CVE-2026-2287 (CrewAI does not properly check that Docker is still running
during run ...)
+ TODO: check
+CVE-2026-2286 (CrewAI contains a server-side request forgery vulnerability
that enabl ...)
+ TODO: check
+CVE-2026-2285 (CrewAI contains a arbitrary local file read vulnerability in
the JSON ...)
+ TODO: check
+CVE-2026-2275 (The CrewAI CodeInterpreter tool falls back to SandboxPython
when it ca ...)
+ TODO: check
+CVE-2026-29954 (In KubePlus 4.1.4, the mutating webhook and
kubeconfiggenerator compon ...)
+ TODO: check
+CVE-2026-29953 (SQL Injection vulnerability in SchemaHero 0.23.0 via the
column parame ...)
+ TODO: check
+CVE-2026-29925 (Invoice Ninja v5.12.46 and v5.12.48 is vulnerable to
Server-Side Reque ...)
+ TODO: check
+CVE-2026-29924 (Grav CMS v1.7.x and before is vulnerable to XML External
Entity (XXE) ...)
+ TODO: check
+CVE-2026-29909 (MRCMS V3.1.2 contains an unauthenticated directory enumeration
vulnera ...)
+ TODO: check
+CVE-2026-29872 (A cross-session information disclosure vulnerability exists in
the awe ...)
+ TODO: check
+CVE-2026-29597 (Incorrect access control in the file_details.asp endpoint of
DDSN Inte ...)
+ TODO: check
+CVE-2026-28528 (BlueKitchen BTstack versions prior to 1.8.1 contain an
out-of-bounds r ...)
+ TODO: check
+CVE-2026-28527 (BlueKitchen BTstack versions prior to 1.8.1 contain an
out-of-bounds r ...)
+ TODO: check
+CVE-2026-28526 (BlueKitchen BTstack versions prior to 1.8.1 contain an
out-of-bounds r ...)
+ TODO: check
+CVE-2026-27508 (Smoothwall Express versions prior to 3.1 Update 13 contain a
reflected ...)
+ TODO: check
+CVE-2026-26352 (Smoothwall Express versions prior to 3.1 Update 13 contain a
stored cr ...)
+ TODO: check
+CVE-2026-25704 (A Privilege Dropping / Lowering Errors/Time-of-check
Time-of-use (TOCT ...)
+ TODO: check
+CVE-2026-1612 (AL-KO Robolinho Update Software has hard-coded AWS Access and
Secret k ...)
+ TODO: check
+CVE-2025-66215 (OpenSC is an open source smart card tools and middleware.
Prior to ver ...)
+ TODO: check
+CVE-2025-66038 (OpenSC is an open source smart card tools and middleware.
Prior to ver ...)
+ TODO: check
+CVE-2025-66037 (OpenSC is an open source smart card tools and middleware.
Prior to ver ...)
+ TODO: check
+CVE-2025-49010 (OpenSC is an open source smart card tools and middleware.
Prior to ver ...)
+ TODO: check
+CVE-2025-3716 (User enumeration in ESET Protect (on-prem) viaResponse Timing.)
+ TODO: check
+CVE-2025-15379 (A command injection vulnerability exists in MLflow's model
serving con ...)
+ TODO: check
+CVE-2019-25655 (Device Monitoring Studio 8.10.00.8925 contains a denial of
service vul ...)
+ TODO: check
+CVE-2019-25654 (Core FTP/SFTP Server 1.2 contains a buffer overflow
vulnerability that ...)
+ TODO: check
+CVE-2019-25653 (Navicat for Oracle 12.1.15 contains a denial of service
vulnerability ...)
+ TODO: check
+CVE-2018-25235 (NetworkActiv Web Server 4.0 contains a buffer overflow
vulnerability i ...)
+ TODO: check
+CVE-2018-25234 (SmartFTP Client 9.0.2615.0 contains a denial of service
vulnerability ...)
+ TODO: check
+CVE-2018-25233 (WebDrive 18.00.5057 contains a denial of service vulnerability
that al ...)
+ TODO: check
+CVE-2018-25232 (Softros LAN Messenger 9.2 contains a denial of service
vulnerability t ...)
+ TODO: check
+CVE-2018-25231 (HeidiSQL 9.5.0.5196 contains a denial of service vulnerability
that al ...)
+ TODO: check
+CVE-2018-25230 (Free IP Switcher 3.1 contains a buffer overflow vulnerability
that all ...)
+ TODO: check
+CVE-2018-25229 (BulletProof FTP Server 2019.0.0.50 contains a denial of
service vulner ...)
+ TODO: check
+CVE-2018-25228 (NetSetMan 4.7.1 contains a buffer overflow vulnerability in
the Workgr ...)
+ TODO: check
+CVE-2018-25227 (Valentina Studio 9.0.4 contains a denial of service
vulnerability that ...)
+ TODO: check
+CVE-2018-25226 (FTPShell Server 6.83 contains a buffer overflow vulnerability
that all ...)
+ TODO: check
CVE-2026-4981
NOT-FOR-US: Red Hat Advanced Cluster Security
CVE-2026-XXXX [SVG Animate FUNCIRI Attribute Bypass]
@@ -3234,7 +3396,7 @@ CVE-2026-21713
- nodejs 22.22.2+dfsg+~cs22.19.15-1
NOTE:
https://nodejs.org/en/blog/vulnerability/march-2026-security-releases#timing-side-channel-in-hmac-verification-via-memcmp-in-crypto_hmaccc-leads-to-potential-mac-forgery-cve-2026-21713---medium
NOTE: Fixed by:
https://github.com/nodejs/node/commit/cfb51fa9ce1da2a8c810ec35bcc7c000f8c94faf
(v20.20.2)
-CVE-2026-21712
+CVE-2026-21712 (A flaw in Node.js URL processing causes an assertion failure
in native ...)
- nodejs <not-affected> (Vulnerable code not present)
NOTE:
https://nodejs.org/en/blog/vulnerability/march-2026-security-releases#assertion-error-in-node_urlcc-via-malformed-url-format-leads-to-nodejs-crash-cve-2026-21712---medium
CVE-2026-21711
@@ -5585,7 +5747,7 @@ CVE-2026-33063 (free5GC is an open source 5G core
network. free5GC AUSF prior to
NOT-FOR-US: Free5GC
CVE-2026-33062 (free5GC is an open source 5G core network. free5GC NRF prior
to versio ...)
NOT-FOR-US: Free5GC
-CVE-2026-33061 (exactyl is a customisable game management panel and billing
system. Co ...)
+CVE-2026-33061 (Jexactyl is a customisable game management panel and billing
system. C ...)
NOT-FOR-US: exactyl
CVE-2026-33060 (CKAN MCP Server is a tool for querying CKAN open data portals.
Version ...)
NOT-FOR-US: CKAN MCP Server
@@ -5674,7 +5836,7 @@ CVE-2026-32938 (SiYuan is a personal knowledge management
system. In versions 3.
CVE-2026-32937 (free5GC is an open source 5G core network. free5GC CHF prior
to versio ...)
NOT-FOR-US: Free5GC
CVE-2026-32935 (phpseclib is a PHP secure communications library. Projects
using versi ...)
- {DSA-6187-1 DSA-6186-1 DSA-6185-1}
+ {DSA-6187-1 DSA-6186-1 DSA-6185-1 DLA-4518-1}
- php-phpseclib3 3.0.50-1 (bug #1131482)
- php-phpseclib 2.0.52-1 (bug #1131483)
- phpseclib 1.0.27-1 (bug #1131484)
@@ -18457,7 +18619,7 @@ CVE-2026-25318 (Missing Authorization vulnerability in
Wisernotify team WiserRev
NOT-FOR-US: WordPress plugin or theme
CVE-2026-25316 (Deserialization of Untrusted Data vulnerability in Brainstorm
Force Ca ...)
NOT-FOR-US: WordPress plugin or theme
-CVE-2026-25315 (Missing Authorization vulnerability in hcaptcha hCaptcha for
WP hcaptc ...)
+CVE-2026-25315 (Improperly implemented security check vulnerability in KAGG
hCaptcha f ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-25314 (Missing Authorization vulnerability in WP Messiah TOP Table Of
Content ...)
NOT-FOR-US: WordPress plugin or theme
@@ -212001,6 +212163,7 @@ CVE-2024-22272 (VMware Cloud Director contains an
Improper Privilege Management
CVE-2024-22260 (VMware Workspace One UEM update addresses an information
exposure vuln ...)
NOT-FOR-US: VMware
CVE-2023-52892 (In phpseclib before 1.0.22, 2.x before 2.0.46, and 3.x before
3.0.33, ...)
+ {DLA-4518-1}
- phpseclib 1.0.22-1
[bookworm] - phpseclib 1.0.20-1+deb12u3
- php-phpseclib 2.0.46-1
@@ -372751,11 +372914,11 @@ CVE-2022-34136
RESERVED
CVE-2022-34135
RESERVED
-CVE-2022-34134 (Benjamin BALET Jorani v1.0 was discovered to contain a
Cross-Site Requ ...)
+CVE-2022-34134 (Jorani v1.0 was discovered to contain a Cross-Site Request
Forgery (CS ...)
NOT-FOR-US: Benjamin BALET Jorani
-CVE-2022-34133 (Benjamin BALET Jorani v1.0 was discovered to contain a
cross-site scri ...)
+CVE-2022-34133 (Jorani v1.0 was discovered to contain a cross-site scripting
(XSS) vul ...)
NOT-FOR-US: Benjamin BALET Jorani
-CVE-2022-34132 (Benjamin BALET Jorani v1.0 was discovered to contain a SQL
injection v ...)
+CVE-2022-34132 (Jorani v1.0 was discovered to contain a SQL injection
vulnerability vi ...)
NOT-FOR-US: Benjamin BALET Jorani
CVE-2022-34131
RESERVED
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18bc31ece45d844d3c62ec87fb3d578f5eda13a1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18bc31ece45d844d3c62ec87fb3d578f5eda13a1
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
