[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Thu, 02 Apr 2026 00:14:12 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
30f79a20 by security tracker role at 2026-04-02T07:13:53+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,171 @@
+CVE-2026-5325 (A vulnerability was determined in SourceCodester Simple 
Customer Relat ...)
+       TODO: check
+CVE-2026-5323 (A vulnerability was found in priyankark a11y-mcp up to 1.0.5. 
This vul ...)
+       TODO: check
+CVE-2026-5322 (A vulnerability has been found in AlejandroArciniegas 
mcp-data-vis bc5 ...)
+       TODO: check
+CVE-2026-5321 (A flaw has been found in vanna-ai vanna up to 2.0.2. Affected 
by this  ...)
+       TODO: check
+CVE-2026-5320 (A vulnerability was detected in vanna-ai vanna up to 2.0.2. 
Affected b ...)
+       TODO: check
+CVE-2026-5319 (A security vulnerability has been detected in itsourcecode 
Payroll Man ...)
+       TODO: check
+CVE-2026-5318 (A weakness has been identified in LibRaw up to 0.22.0. This 
impacts th ...)
+       TODO: check
+CVE-2026-5317 (A security flaw has been discovered in Nothings stb up to 1.22. 
This a ...)
+       TODO: check
+CVE-2026-5316 (A vulnerability was identified in Nothings stb up to 1.22. The 
impacte ...)
+       TODO: check
+CVE-2026-5315 (A vulnerability was determined in Nothings stb up to 1.26. The 
affecte ...)
+       TODO: check
+CVE-2026-5314 (A vulnerability was found in Nothings stb up to 1.26. Impacted 
is the  ...)
+       TODO: check
+CVE-2026-5313 (A vulnerability has been found in Nothings stb up to 2.30. This 
issue  ...)
+       TODO: check
+CVE-2026-5312 (A weakness has been identified in D-Link DNS-120, DNR-202L, 
DNS-315L,  ...)
+       TODO: check
+CVE-2026-5311 (A security flaw has been discovered in D-Link DNS-120, 
DNR-202L, DNS-3 ...)
+       TODO: check
+CVE-2026-4820 (IBM Maximo Application Suite 9.1, 9.0, 8.11, and 8.10 does not 
set the ...)
+       TODO: check
+CVE-2026-4759
+       REJECTED
+CVE-2026-4364 (IBM Verify Identity Access Container 11.0 through 11.0.2 and 
IBM Secur ...)
+       TODO: check
+CVE-2026-4347 (The MW WP Form plugin for WordPress is vulnerable to arbitrary 
file mo ...)
+       TODO: check
+CVE-2026-4101 (IBM Verify Identity Access Container 11.0 through 11.0.2 and 
IBM Secur ...)
+       TODO: check
+CVE-2026-3987 (A path traversal vulnerability in the Fireware OS Web UI on 
WatchGuard ...)
+       TODO: check
+CVE-2026-3882
+       REJECTED
+CVE-2026-34873 (An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. 
Client impers ...)
+       TODO: check
+CVE-2026-34872 (An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 
3.6.5 and  ...)
+       TODO: check
+CVE-2026-34750 (Payload is a free and open source headless content management 
system.  ...)
+       TODO: check
+CVE-2026-34749 (Payload is a free and open source headless content management 
system.  ...)
+       TODO: check
+CVE-2026-34748 (Payload is a free and open source headless content management 
system.  ...)
+       TODO: check
+CVE-2026-34747 (Payload is a free and open source headless content management 
system.  ...)
+       TODO: check
+CVE-2026-34746 (Payload is a free and open source headless content management 
system.  ...)
+       TODO: check
+CVE-2026-34572 (CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a 
production ...)
+       TODO: check
+CVE-2026-34571 (CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a 
production ...)
+       TODO: check
+CVE-2026-34570 (CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a 
production ...)
+       TODO: check
+CVE-2026-34569 (CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a 
production ...)
+       TODO: check
+CVE-2026-34568 (CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a 
production ...)
+       TODO: check
+CVE-2026-34567 (CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a 
production ...)
+       TODO: check
+CVE-2026-34566 (CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a 
production ...)
+       TODO: check
+CVE-2026-34565 (CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a 
production ...)
+       TODO: check
+CVE-2026-34564 (CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a 
production ...)
+       TODO: check
+CVE-2026-34563 (CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a 
production ...)
+       TODO: check
+CVE-2026-34562 (CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a 
production ...)
+       TODO: check
+CVE-2026-34561 (CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a 
production ...)
+       TODO: check
+CVE-2026-34560 (CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a 
production ...)
+       TODO: check
+CVE-2026-34559 (CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a 
production ...)
+       TODO: check
+CVE-2026-34545 (OpenEXR provides the specification and reference 
implementation of the ...)
+       TODO: check
+CVE-2026-34544 (OpenEXR provides the specification and reference 
implementation of the ...)
+       TODO: check
+CVE-2026-34543 (OpenEXR provides the specification and reference 
implementation of the ...)
+       TODO: check
+CVE-2026-34531 (Flask-HTTPAuth provides Basic, Digest and Token HTTP 
authentication fo ...)
+       TODO: check
+CVE-2026-34530 (File Browser is a file managing interface for uploading, 
deleting, pre ...)
+       TODO: check
+CVE-2026-34529 (File Browser is a file managing interface for uploading, 
deleting, pre ...)
+       TODO: check
+CVE-2026-34528 (File Browser is a file managing interface for uploading, 
deleting, pre ...)
+       TODO: check
+CVE-2026-34525 (AIOHTTP is an asynchronous HTTP client/server framework for 
asyncio an ...)
+       TODO: check
+CVE-2026-34520 (AIOHTTP is an asynchronous HTTP client/server framework for 
asyncio an ...)
+       TODO: check
+CVE-2026-34519 (AIOHTTP is an asynchronous HTTP client/server framework for 
asyncio an ...)
+       TODO: check
+CVE-2026-34518 (AIOHTTP is an asynchronous HTTP client/server framework for 
asyncio an ...)
+       TODO: check
+CVE-2026-34517 (AIOHTTP is an asynchronous HTTP client/server framework for 
asyncio an ...)
+       TODO: check
+CVE-2026-34516 (AIOHTTP is an asynchronous HTTP client/server framework for 
asyncio an ...)
+       TODO: check
+CVE-2026-34515 (AIOHTTP is an asynchronous HTTP client/server framework for 
asyncio an ...)
+       TODO: check
+CVE-2026-34514 (AIOHTTP is an asynchronous HTTP client/server framework for 
asyncio an ...)
+       TODO: check
+CVE-2026-34513 (AIOHTTP is an asynchronous HTTP client/server framework for 
asyncio an ...)
+       TODO: check
+CVE-2026-34456 (Reviactyl is an open-source game server management panel built 
using L ...)
+       TODO: check
+CVE-2026-34455 (Hi.Events is an open-source event management and ticket 
selling platfo ...)
+       TODO: check
+CVE-2026-32929 (V-SFT versions 6.2.10.0 and prior contain an out-of-bounds 
read in VS6 ...)
+       TODO: check
+CVE-2026-32928 (V-SFT versions 6.2.10.0 and prior contain a stack-based buffer 
overflo ...)
+       TODO: check
+CVE-2026-32927 (V-SFT versions 6.2.10.0 and prior contain an out-of-bounds 
read vulner ...)
+       TODO: check
+CVE-2026-32926 (V-SFT versions 6.2.10.0 and prior contain an out-of-bounds 
read vulner ...)
+       TODO: check
+CVE-2026-32925 (V-SFT versions 6.2.10.0 and prior contain a stack-based buffer 
overflo ...)
+       TODO: check
+CVE-2026-2862 (IBM Verify Identity Access Container 11.0 through 11.0.2 and 
IBM Secur ...)
+       TODO: check
+CVE-2026-2475 (IBM Verify Identity Access Container 11.0 through 11.0.2 and 
IBM Secur ...)
+       TODO: check
+CVE-2026-22815 (AIOHTTP is an asynchronous HTTP client/server framework for 
asyncio an ...)
+       TODO: check
+CVE-2026-21767 (HCL BigFix Platform is affected byinsufficient authentication. 
The app ...)
+       TODO: check
+CVE-2026-21765 (HCL BigFix Platform is affected by insecure permissions on 
private cry ...)
+       TODO: check
+CVE-2026-1540 (The Spam Protect for Contact Form 7 WordPress plugin before 
1.2.10 all ...)
+       TODO: check
+CVE-2026-1491 (IBM Verify Identity Access Container 11.0 through 11.0.2 and 
IBM Secur ...)
+       TODO: check
+CVE-2026-1345 (IBM Verify Identity Access Container 11.0 through 11.0.2 and 
IBM Secur ...)
+       TODO: check
+CVE-2026-1243 (IBM Content Navigator 3.0.15, 3.1.0, and 3.2.0 is vulnerable to 
cross- ...)
+       TODO: check
+CVE-2025-66487 (IBM Aspera Shares 1.9.9 through 1.11.0 does not properly rate 
limit th ...)
+       TODO: check
+CVE-2025-66486 (IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTML 
injection ...)
+       TODO: check
+CVE-2025-66485 (IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTTP 
header in ...)
+       TODO: check
+CVE-2025-66484 (IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to stored 
cross-s ...)
+       TODO: check
+CVE-2025-66483 (IBM Aspera Shares 1.9.9 through 1.11.0 does not invalidate 
session aft ...)
+       TODO: check
+CVE-2025-66442 (In Mbed TLS through 4.0.0, there is a compiler-induced timing 
side cha ...)
+       TODO: check
+CVE-2025-36375 (IBM DataPower Gateway 10.6CD 10.6.1.0 through 10.6.5.0 and IBM 
DataPow ...)
+       TODO: check
+CVE-2025-36373 (IBM DataPower Gateway 10.6CD 10.6.1.0 through 10.6.5.0 and IBM 
DataPow ...)
+       TODO: check
+CVE-2025-13916 (IBM Aspera Shares 1.9.9 through 1.11.0 uses weaker than 
expected crypt ...)
+       TODO: check
+CVE-2025-0711
+       REJECTED
 CVE-2026-5310 (A vulnerability was identified in Enter Software Iperius Backup 
up to  ...)
        NOT-FOR-US: Enter Software Iperius Backup
 CVE-2026-5271 (pymanager included the current working directory in sys.path 
meaning m ...)
@@ -9299,6 +9467,7 @@ CVE-2026-3555 (Philips Hue Bridge Zigbee Stack Custom 
Command Handler Heap-based
 CVE-2026-3227 (A command injection vulnerability was identified in TP-Link 
TL-WR802N  ...)
        NOT-FOR-US: TPLink
 CVE-2026-3082 (GStreamer JPEG Parser Heap-based Buffer Overflow Remote Code 
Execution ...)
+       {DSA-6190-1}
        - gst-plugins-bad1.0 1.28.1-1
        NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0003.html
        NOTE: 
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/10885
@@ -11947,6 +12116,7 @@ CVE-2026-3085 (GStreamer rtpqdm2depay Heap-based Buffer 
Overflow Remote Code Exe
        NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0008.html
        NOTE: Fixed by: 
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/8349cdd35f85246e113b18e55fd11abf9cb248bf
 (main)
 CVE-2026-2923 (GStreamer DVB Subtitles Out-Of-Bounds Write Remote Code 
Execution Vuln ...)
+       {DSA-6190-1}
        - gst-plugins-bad1.0 1.28.1-1 (bug #1130059)
        NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0007.html
        NOTE: Fixed by: 
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/1b12d63b4414de80ebf5561823b6a0ac8b734eb1
 (main)
@@ -11962,7 +12132,7 @@ CVE-2026-2923 (GStreamer DVB Subtitles Out-Of-Bounds 
Write Remote Code Execution
        NOTE: Fixed by: 
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/db222d6d7971100a8ba60bd5d10a2233a38ebc46
 (1.24 branch)
        NOTE: Fixed by: 
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/6aa055e9606104be1f095896d0b292b06dfb8dd9
 (1.24 branch)
 CVE-2026-2920 (GStreamer ASF Demuxer Heap-based Buffer Overflow Remote Code 
Execution ...)
-       {DLA-4516-1}
+       {DSA-6191-1 DLA-4516-1}
        - gst-plugins-ugly1.0 1.28.1-1
        NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0006.html
        NOTE: Fixed by: 
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/37d7991168a223d0810fd1f4493ec6a8b6a510d3
 (main)
@@ -11970,7 +12140,7 @@ CVE-2026-2920 (GStreamer ASF Demuxer Heap-based Buffer 
Overflow Remote Code Exec
        NOTE: Fixed by: 
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/3dc4244f030a0af077b9f87fd8ad50d4032428ef
 (1.26.11)
        NOTE: Fixed by: 
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/9f9d1f664546d99e5ca0c3ced216e76dd08b409f
 (1.24 branch)
 CVE-2026-2922 (GStreamer RealMedia Demuxer Out-Of-Bounds Write Remote Code 
Execution  ...)
-       {DLA-4516-1}
+       {DSA-6191-1 DLA-4516-1}
        - gst-plugins-ugly1.0 1.28.1-1
        NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0005.html
        NOTE: Fixed by: 
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/8a17c9d183ca3cfb5e97ae3b3f344ba79f8859df
 (main)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/30f79a20b3545aab8317385a95c647452d612791

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/30f79a20b3545aab8317385a95c647452d612791
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to