Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b65f6efc by security tracker role at 2026-04-06T19:13:30+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,21 +1,327 @@
-CVE-2026-31410 [ksmbd: use volume UUID in FS_OBJECT_ID_INFORMATION]
+CVE-2026-5704 (A flaw was found in tar. A remote attacker could exploit this
vulnerab ...)
+ TODO: check
+CVE-2026-5678 (A weakness has been identified in Totolink A7100RU
7.4cu.2313_b2019102 ...)
+ TODO: check
+CVE-2026-5677 (A security flaw has been discovered in Totolink A7100RU
7.4cu.2313_b20 ...)
+ TODO: check
+CVE-2026-5676 (A vulnerability was identified in Totolink A8000R
5.9c.681_B20180413. ...)
+ TODO: check
+CVE-2026-5675 (A vulnerability was found in itsourcecode Construction
Management Syst ...)
+ TODO: check
+CVE-2026-5673 (A flaw was found in libtheora. This heap-based out-of-bounds
read vuln ...)
+ TODO: check
+CVE-2026-5672 (A vulnerability has been found in code-projects Simple IT
Discussion F ...)
+ TODO: check
+CVE-2026-5671 (A vulnerability was determined in Cyber-III
Student-Management-System ...)
+ TODO: check
+CVE-2026-5670 (A vulnerability was found in Cyber-III
Student-Management-System up to ...)
+ TODO: check
+CVE-2026-5669 (A vulnerability has been found in Cyber-III
Student-Management-System ...)
+ TODO: check
+CVE-2026-5668 (A flaw has been found in Cyber-III Student-Management-System up
to 1a9 ...)
+ TODO: check
+CVE-2026-5666 (A vulnerability was detected in code-projects Online FIR System
1.0. A ...)
+ TODO: check
+CVE-2026-5665 (A security vulnerability has been detected in code-projects
Online FIR ...)
+ TODO: check
+CVE-2026-5664
+ REJECTED
+CVE-2026-5663 (A security flaw has been discovered in OFFIS DCMTK up to 3.7.0.
This i ...)
+ TODO: check
+CVE-2026-5661 (A vulnerability was identified in Free5GC 4.2.0. This affects
an unkno ...)
+ TODO: check
+CVE-2026-5660 (A vulnerability was determined in itsourcecode Construction
Management ...)
+ TODO: check
+CVE-2026-5659 (A vulnerability was found in pytries datrie up to 0.8.3. The
affected ...)
+ TODO: check
+CVE-2026-5650 (A vulnerability was found in code-projects Online Application
System f ...)
+ TODO: check
+CVE-2026-5649 (A vulnerability has been found in code-projects Online
Application Sys ...)
+ TODO: check
+CVE-2026-5648 (A flaw has been found in code-projects Simple Laundry System
1.0. This ...)
+ TODO: check
+CVE-2026-5647 (A vulnerability was detected in code-projects Online Shoe Store
1.0. T ...)
+ TODO: check
+CVE-2026-5646 (A security vulnerability has been detected in code-projects
Easy Blog ...)
+ TODO: check
+CVE-2026-5645 (A weakness has been identified in projectworlds Car Rental
System 1.0. ...)
+ TODO: check
+CVE-2026-5644 (A security flaw has been discovered in Cyber-III
Student-Management-Sy ...)
+ TODO: check
+CVE-2026-5643 (A vulnerability was identified in Cyber-III
Student-Management-System ...)
+ TODO: check
+CVE-2026-5642 (A vulnerability was determined in Cyber-III
Student-Management-System ...)
+ TODO: check
+CVE-2026-5641 (A vulnerability was found in PHPGurukul Online Shopping Portal
Project ...)
+ TODO: check
+CVE-2026-5640 (A vulnerability has been found in PHPGurukul Online Shopping
Portal Pr ...)
+ TODO: check
+CVE-2026-5639 (A flaw has been found in PHPGurukul Online Shopping Portal
Project 2.1 ...)
+ TODO: check
+CVE-2026-5638 (A vulnerability was detected in HerikLyma CPPWebFramework up to
3.1. T ...)
+ TODO: check
+CVE-2026-5637 (A security vulnerability has been detected in projectworlds Car
Rental ...)
+ TODO: check
+CVE-2026-5636 (A weakness has been identified in PHPGurukul Online Shopping
Portal Pr ...)
+ TODO: check
+CVE-2026-5635 (A security flaw has been discovered in PHPGurukul Online
Shopping Port ...)
+ TODO: check
+CVE-2026-5634 (A vulnerability was identified in projectworlds Car Rental
Project 1.0 ...)
+ TODO: check
+CVE-2026-5633 (A vulnerability was determined in assafelovic gpt-researcher up
to 3.4 ...)
+ TODO: check
+CVE-2026-3524 (Mattermost Plugin Legal Hold versions <=1.1.4 fail to halt
request pro ...)
+ TODO: check
+CVE-2026-37977 (A flaw was found in Keycloak. A remote attacker can exploit a
Cross-Or ...)
+ TODO: check
+CVE-2026-35470 (OpenSTAManager is an open source management software for
technical ass ...)
+ TODO: check
+CVE-2026-35209 (defu is software that allows uers to assign default properties
recursi ...)
+ TODO: check
+CVE-2026-35177 (Vim is an open source, command line text editor. Prior to
9.2.0280, a ...)
+ TODO: check
+CVE-2026-35175 (Ajenti is a Linux and BSD modular server admin panel. Prior to
2.2.15, ...)
+ TODO: check
+CVE-2026-35174 (Chyrp Lite is an ultra-lightweight blogging engine. Prior to
2026.01, ...)
+ TODO: check
+CVE-2026-35173 (Chyrp Lite is an ultra-lightweight blogging engine. Prior to
2026.01, ...)
+ TODO: check
+CVE-2026-35171 (Kedro is a toolbox for production-ready data science. Prior to
1.3.0, ...)
+ TODO: check
+CVE-2026-35167 (Kedro is a toolbox for production-ready data science. Prior to
1.3.0, ...)
+ TODO: check
+CVE-2026-35166 (Hugo is a static site generator. From 0.60.0 to before
0.159.2, links ...)
+ TODO: check
+CVE-2026-35164 (Brave CMS is an open-source CMS. Prior to 2.0.6, an
unrestricted file ...)
+ TODO: check
+CVE-2026-35052 (D-Tale is the combination of a Flask back-end and a React
front-end to ...)
+ TODO: check
+CVE-2026-35050 (text-generation-webui is an open-source web interface for
running Larg ...)
+ TODO: check
+CVE-2026-35047 (Brave CMS is an open-source CMS. Prior to 2.0.6, an
Unrestricted File ...)
+ TODO: check
+CVE-2026-35046 (Tandoor Recipes is an application for managing recipes,
planning meals ...)
+ TODO: check
+CVE-2026-35045 (Tandoor Recipes is an application for managing recipes,
planning meals ...)
+ TODO: check
+CVE-2026-35044 (BentoML is a Python library for building online serving
systems optimi ...)
+ TODO: check
+CVE-2026-35043 (BentoML is a Python library for building online serving
systems optimi ...)
+ TODO: check
+CVE-2026-35042 (fast-jwt provides fast JSON Web Token (JWT) implementation. In
6.1.0 a ...)
+ TODO: check
+CVE-2026-35039 (fast-jwt provides fast JSON Web Token (JWT) implementation.
From 0.0.1 ...)
+ TODO: check
+CVE-2026-35037 (Ech0 is an open-source, self-hosted publishing platform for
personal i ...)
+ TODO: check
+CVE-2026-35036 (Ech0 is an open-source, self-hosted publishing platform for
personal i ...)
+ TODO: check
+CVE-2026-35035 (CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a
production ...)
+ TODO: check
+CVE-2026-35030 (LiteLLM is a proxy server (AI Gateway) to call LLM APIs in
OpenAI (or ...)
+ TODO: check
+CVE-2026-35029 (LiteLLM is a proxy server (AI Gateway) to call LLM APIs in
OpenAI (or ...)
+ TODO: check
+CVE-2026-34992 (Antrea is a Kubernetes networking solution intended to be
Kubernetes n ...)
+ TODO: check
+CVE-2026-34989 (CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a
production ...)
+ TODO: check
+CVE-2026-34986 (Go JOSE provides an implementation of the Javascript Object
Signing an ...)
+ TODO: check
+CVE-2026-34981 (The whisperX API is a tool for enhancing and analyzing audio
content. ...)
+ TODO: check
+CVE-2026-34977 (Aperi'Solve is an open-source steganalysis web platform. Prior
to 3.2. ...)
+ TODO: check
+CVE-2026-34976 (Dgraph is an open source distributed GraphQL database. Prior
to 25.3.1 ...)
+ TODO: check
+CVE-2026-34975 (Plunk is an open-source email platform built on top of AWS
SES. Prior ...)
+ TODO: check
+CVE-2026-34969 (Nhost is an open source Firebase alternative with GraphQL.
Prior to 0. ...)
+ TODO: check
+CVE-2026-34951 (Workbench is a suite of tools for administrators and
developers to int ...)
+ TODO: check
+CVE-2026-34950 (fast-jwt provides fast JSON Web Token (JWT) implementation. In
6.1.0 a ...)
+ TODO: check
+CVE-2026-34940 (KubeAI is an AI inference operator for kubernetes. Prior to
0.23.2, th ...)
+ TODO: check
+CVE-2026-34897 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-34885 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2026-34841 (Bruno is an open source IDE for exploring and testing APIs.
Prior to 3 ...)
+ TODO: check
+CVE-2026-34783 (Ferret is a declarative system for working with web data.
Prior to 2.0 ...)
+ TODO: check
+CVE-2026-34764 (Electron is a framework for writing cross-platform desktop
application ...)
+ TODO: check
+CVE-2026-34756 (vLLM is an inference and serving engine for large language
models (LLM ...)
+ TODO: check
+CVE-2026-34755 (vLLM is an inference and serving engine for large language
models (LLM ...)
+ TODO: check
+CVE-2026-34753 (vLLM is an inference and serving engine for large language
models (LLM ...)
+ TODO: check
+CVE-2026-34589 (OpenEXR provides the specification and reference
implementation of the ...)
+ TODO: check
+CVE-2026-34588 (OpenEXR provides the specification and reference
implementation of the ...)
+ TODO: check
+CVE-2026-34444 (Lupa integrates the runtimes of Lua or LuaJIT2 into CPython.
In 2.6 an ...)
+ TODO: check
+CVE-2026-34402 (ChurchCRM is an open-source church management system. Prior to
7.1.0, ...)
+ TODO: check
+CVE-2026-34380 (OpenEXR provides the specification and reference
implementation of the ...)
+ TODO: check
+CVE-2026-34379 (OpenEXR provides the specification and reference
implementation of the ...)
+ TODO: check
+CVE-2026-34378 (OpenEXR provides the specification and reference
implementation of the ...)
+ TODO: check
+CVE-2026-34217 (SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36,
a scope ...)
+ TODO: check
+CVE-2026-34211 (SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36,
the @ny ...)
+ TODO: check
+CVE-2026-34208 (SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36,
Sandbox ...)
+ TODO: check
+CVE-2026-34148 (Fedify is a TypeScript library for building federated server
apps powe ...)
+ TODO: check
+CVE-2026-33817 (Index out-of-range when encountering a branch page with zero
elements ...)
+ TODO: check
+CVE-2026-33752 (curl_cffi is the a Python binding for curl. Prior to 0.15.0,
curl_cffi ...)
+ TODO: check
+CVE-2026-33727 (Pi-hole is a Linux network-level advertisement and Internet
tracker bl ...)
+ TODO: check
+CVE-2026-33540 (Distribution is a toolkit to pack, ship, store, and deliver
container ...)
+ TODO: check
+CVE-2026-33510 (Homarr is an open-source dashboard. Prior to 1.57.0, a
DOM-based Cross ...)
+ TODO: check
+CVE-2026-33406 (Pi-hole Admin Interface is a web interface for managing
Pi-hole, a net ...)
+ TODO: check
+CVE-2026-33405 (Pi-hole Admin Interface is a web interface for managing
Pi-hole, a net ...)
+ TODO: check
+CVE-2026-33404 (Pi-hole Admin Interface is a web interface for managing
Pi-hole, a net ...)
+ TODO: check
+CVE-2026-33403 (Pi-hole Admin Interface is a web interface for managing
Pi-hole, a net ...)
+ TODO: check
+CVE-2026-32602 (Homarr is an open-source dashboard. Prior to 1.57.0, the user
registra ...)
+ TODO: check
+CVE-2026-31354 (Multiple authenticated stored cross-site scripting (XSS)
vulnerabiliti ...)
+ TODO: check
+CVE-2026-31353 (An authenticated stored cross-site scripting (XSS)
vulnerability in th ...)
+ TODO: check
+CVE-2026-31352 (An authenticated stored cross-site scripting (XSS)
vulnerability in th ...)
+ TODO: check
+CVE-2026-31351 (An authenticated stored cross-site scripting (XSS)
vulnerability in th ...)
+ TODO: check
+CVE-2026-31350 (An authenticated stored cross-site scripting (XSS)
vulnerability in Fe ...)
+ TODO: check
+CVE-2026-31313 (An authenticated stored cross-site scripting (XSS)
vulnerability in th ...)
+ TODO: check
+CVE-2026-31153 (A stored cross-site scripting (XSS) vulnerability in Bynder
v0.1.394 a ...)
+ TODO: check
+CVE-2026-31151 (An issue in the login mechanism of Kaleris YMS v7.2.2.1 allows
attacke ...)
+ TODO: check
+CVE-2026-31150 (Incorrect access control in Kaleris YMS v7.2.2.1 allows
authenticated ...)
+ TODO: check
+CVE-2026-31067 (A remote command execution (RCE) vulnerability in the
/goform/formRele ...)
+ TODO: check
+CVE-2026-31066 (UTT Aggressive HiPER 810G v3v1.7.7-171114 was discovered to
contain a ...)
+ TODO: check
+CVE-2026-31065 (UTT Aggressive 520W v3v1.7.7-180627 was discovered to contain
a buffer ...)
+ TODO: check
+CVE-2026-31063 (UTT Aggressive HiPER 1200GW v2.5.3-170306 was discovered to
contain a ...)
+ TODO: check
+CVE-2026-31062 (UTT Aggressive 520W v3v1.7.7-180627 was discovered to contain
a buffer ...)
+ TODO: check
+CVE-2026-31061 (UTT Aggressive HiPER 810G v3v1.7.7-171114 was discovered to
contain a ...)
+ TODO: check
+CVE-2026-31060 (UTT Aggressive HiPER 810G v3v1.7.7-171114 was discovered to
contain a ...)
+ TODO: check
+CVE-2026-31059 (A remote command execution (RCE) vulnerability in the
/goform/formDia ...)
+ TODO: check
+CVE-2026-31058 (UTT Aggressive HiPER 1200GW v2.5.3-170306 was discovered to
contain a ...)
+ TODO: check
+CVE-2026-31053 (A double free vulnerability exists in librz/bin/format/le/le.c
in the ...)
+ TODO: check
+CVE-2026-30613 (An information disclosure vulnerability exists in AZIOT 1 Node
Smart S ...)
+ TODO: check
+CVE-2026-30078 (OpenAirInterface V2.2.0 AMF crashes when it receives an NGAP
message w ...)
+ TODO: check
+CVE-2026-29047 (GLPI is a free asset and IT management software package. From
10.0.0 t ...)
+ TODO: check
+CVE-2026-26263 (GLPI is a free asset and IT management software package. From
11.0.0 t ...)
+ TODO: check
+CVE-2026-26027 (GLPI is a free asset and IT management software package. From
11.0.0 t ...)
+ TODO: check
+CVE-2026-26026 (GLPI is a free asset and IT management software package. From
11.0.0 t ...)
+ TODO: check
+CVE-2026-25932 (GLPI is a Free Asset and IT Management Software package. From
0.60 to ...)
+ TODO: check
+CVE-2026-21382 (Memory Corruption when handling power management requests with
imprope ...)
+ TODO: check
+CVE-2026-21381 (Transient DOS when receiving a service data frame with
excessive lengt ...)
+ TODO: check
+CVE-2026-21380 (Memory Corruption when using deprecated DMABUF IOCTL calls to
manage v ...)
+ TODO: check
+CVE-2026-21378 (Memory Corruption when accessing an output buffer without
validating i ...)
+ TODO: check
+CVE-2026-21376 (Memory Corruption when accessing an output buffer without
validating i ...)
+ TODO: check
+CVE-2026-21375 (Memory Corruption when accessing an output buffer without
validating i ...)
+ TODO: check
+CVE-2026-21374 (Memory Corruption when processing auxiliary sensor
input/output contro ...)
+ TODO: check
+CVE-2026-21373 (Memory Corruption when accessing an output buffer without
validating i ...)
+ TODO: check
+CVE-2026-21372 (Memory Corruption when sending IOCTL requests with invalid
buffer size ...)
+ TODO: check
+CVE-2026-21371 (Memory Corruption when retrieving output buffer with
insufficient size ...)
+ TODO: check
+CVE-2026-21367 (Transient DOS when processing nonstandard FILS Discovery
Frames with o ...)
+ TODO: check
+CVE-2026-0049 (In onHeaderDecoded of LocalImageResolver.java, there is a
possible per ...)
+ TODO: check
+CVE-2025-61166 (An open redirect in Ascertia SigningHub User v10.0 allows
attackers to ...)
+ TODO: check
+CVE-2025-59440 (An issue was discovered in USIM in Samsung Mobile Processor,
Wearable ...)
+ TODO: check
+CVE-2025-58349 (An issue was discovered in L2 in Samsung Mobile Processor,
Wearable Pr ...)
+ TODO: check
+CVE-2025-57835 (An issue was discovered in RRC in Samsung Mobile Processor,
Wearable P ...)
+ TODO: check
+CVE-2025-54324 (An issue was discovered in NAS in Samsung Mobile Processor,
Wearable P ...)
+ TODO: check
+CVE-2025-48651 (N/A)
+ TODO: check
+CVE-2025-47400 (Cryptographic issue while copying data to a destination buffer
without ...)
+ TODO: check
+CVE-2025-47392 (Memory corruption when decoding corrupted satellite data files
with in ...)
+ TODO: check
+CVE-2025-47391 (Memory corruption while processing a frame request from user.)
+ TODO: check
+CVE-2025-47390 (Memory corruption while preprocessing IOCTL request in JPEG
driver.)
+ TODO: check
+CVE-2025-47389 (Memory corruption when buffer copy operation fails due to
integer over ...)
+ TODO: check
+CVE-2025-47374 (Memory Corruption when accessing freed memory due to
concurrent fence ...)
+ TODO: check
+CVE-2024-14032 (Twitch Studio version 0.114.8 and prior contain a privilege
escalation ...)
+ TODO: check
+CVE-2026-31410 (In the Linux kernel, the following vulnerability has been
resolved: k ...)
- linux 6.19.10-1
NOTE:
https://git.kernel.org/linus/3a64125730cabc34fccfbc230c2667c2e14f7308 (7.0-rc5)
-CVE-2026-31409 [ksmbd: unset conn->binding on failed binding request]
+CVE-2026-31409 (In the Linux kernel, the following vulnerability has been
resolved: k ...)
- linux 6.19.10-1
NOTE:
https://git.kernel.org/linus/282343cf8a4a5a3603b1cb0e17a7083e4a593b03 (7.0-rc5)
-CVE-2026-31408 [Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to
missing sock_hold]
+CVE-2026-31408 (In the Linux kernel, the following vulnerability has been
resolved: B ...)
- linux 6.19.11-1
NOTE:
https://git.kernel.org/linus/598dbba9919c5e36c54fe1709b557d64120cb94b (7.0-rc6)
-CVE-2026-31407 [netfilter: conntrack: add missing netlink policy validations]
+CVE-2026-31407 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.19.10-1
NOTE:
https://git.kernel.org/linus/f900e1d77ee0ef87bfb5ab3fe60f0b3d8ad5ba05 (7.0-rc5)
-CVE-2026-31406 [xfrm: Fix work re-schedule after cancel in
xfrm_nat_keepalive_net_fini()]
+CVE-2026-31406 (In the Linux kernel, the following vulnerability has been
resolved: x ...)
- linux 6.19.11-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/daf8e3b253aa760ff9e96c7768a464bc1d6b3c90 (7.0-rc6)
-CVE-2026-31405 [media: dvb-net: fix OOB access in ULE extension header tables]
+CVE-2026-31405 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
- linux 6.19.10-1
NOTE:
https://git.kernel.org/linus/24d87712727a5017ad142d63940589a36cd25647 (7.0-rc3)
CVE-2026-5632 (A vulnerability was found in assafelovic gpt-researcher up to
3.4.3. T ...)
@@ -2295,7 +2601,7 @@ CVE-2026-23401 (In the Linux kernel, the following
vulnerability has been resolv
- linux 6.19.11-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/aad885e774966e97b675dfe928da164214a71605 (7.0-rc6)
-CVE-2026-34982
+CVE-2026-34982 (Vim is an open source, command line text editor. Prior to
version 9.2. ...)
- vim <unfixed> (bug #1132450)
NOTE: https://github.com/vim/vim/security/advisories/GHSA-8h6p-m6gr-mpw9
NOTE: Fixed by:
https://github.com/vim/vim/commit/75661a66a1db1e1f3f1245c615f13a7de44c0587
(v9.2.0276)
@@ -79790,7 +80096,8 @@ CVE-2025-57960 (Cross-Site Request Forgery (CSRF)
vulnerability in TravelMap Tra
NOT-FOR-US: WordPress plugin or theme
CVE-2025-57959 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
-CVE-2025-57958 (Missing Authorization vulnerability in WPXPO WowAddons
product-addons ...)
+CVE-2025-57958
+ REJECTED
NOT-FOR-US: WordPress plugin or theme
CVE-2025-57957 (Missing Authorization vulnerability in wpcraft WooMS wooms
allows Expl ...)
NOT-FOR-US: WordPress plugin or theme
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b65f6efcd3a541919c8e4047323c23d8723b3a6d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b65f6efcd3a541919c8e4047323c23d8723b3a6d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
