[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Apr 2 08:14:01 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
30f79a20 by security tracker role at 2026-04-02T07:13:53+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,171 @@
+CVE-2026-5325 (A vulnerability was determined in SourceCodester Simple Customer Relat ...)
+ TODO: check
+CVE-2026-5323 (A vulnerability was found in priyankark a11y-mcp up to 1.0.5. This vul ...)
+ TODO: check
+CVE-2026-5322 (A vulnerability has been found in AlejandroArciniegas mcp-data-vis bc5 ...)
+ TODO: check
+CVE-2026-5321 (A flaw has been found in vanna-ai vanna up to 2.0.2. Affected by this ...)
+ TODO: check
+CVE-2026-5320 (A vulnerability was detected in vanna-ai vanna up to 2.0.2. Affected b ...)
+ TODO: check
+CVE-2026-5319 (A security vulnerability has been detected in itsourcecode Payroll Man ...)
+ TODO: check
+CVE-2026-5318 (A weakness has been identified in LibRaw up to 0.22.0. This impacts th ...)
+ TODO: check
+CVE-2026-5317 (A security flaw has been discovered in Nothings stb up to 1.22. This a ...)
+ TODO: check
+CVE-2026-5316 (A vulnerability was identified in Nothings stb up to 1.22. The impacte ...)
+ TODO: check
+CVE-2026-5315 (A vulnerability was determined in Nothings stb up to 1.26. The affecte ...)
+ TODO: check
+CVE-2026-5314 (A vulnerability was found in Nothings stb up to 1.26. Impacted is the ...)
+ TODO: check
+CVE-2026-5313 (A vulnerability has been found in Nothings stb up to 2.30. This issue ...)
+ TODO: check
+CVE-2026-5312 (A weakness has been identified in D-Link DNS-120, DNR-202L, DNS-315L, ...)
+ TODO: check
+CVE-2026-5311 (A security flaw has been discovered in D-Link DNS-120, DNR-202L, DNS-3 ...)
+ TODO: check
+CVE-2026-4820 (IBM Maximo Application Suite 9.1, 9.0, 8.11, and 8.10 does not set the ...)
+ TODO: check
+CVE-2026-4759
+ REJECTED
+CVE-2026-4364 (IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Secur ...)
+ TODO: check
+CVE-2026-4347 (The MW WP Form plugin for WordPress is vulnerable to arbitrary file mo ...)
+ TODO: check
+CVE-2026-4101 (IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Secur ...)
+ TODO: check
+CVE-2026-3987 (A path traversal vulnerability in the Fireware OS Web UI on WatchGuard ...)
+ TODO: check
+CVE-2026-3882
+ REJECTED
+CVE-2026-34873 (An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impers ...)
+ TODO: check
+CVE-2026-34872 (An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 3.6.5 and ...)
+ TODO: check
+CVE-2026-34750 (Payload is a free and open source headless content management system. ...)
+ TODO: check
+CVE-2026-34749 (Payload is a free and open source headless content management system. ...)
+ TODO: check
+CVE-2026-34748 (Payload is a free and open source headless content management system. ...)
+ TODO: check
+CVE-2026-34747 (Payload is a free and open source headless content management system. ...)
+ TODO: check
+CVE-2026-34746 (Payload is a free and open source headless content management system. ...)
+ TODO: check
+CVE-2026-34572 (CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production ...)
+ TODO: check
+CVE-2026-34571 (CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production ...)
+ TODO: check
+CVE-2026-34570 (CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production ...)
+ TODO: check
+CVE-2026-34569 (CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production ...)
+ TODO: check
+CVE-2026-34568 (CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production ...)
+ TODO: check
+CVE-2026-34567 (CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production ...)
+ TODO: check
+CVE-2026-34566 (CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production ...)
+ TODO: check
+CVE-2026-34565 (CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production ...)
+ TODO: check
+CVE-2026-34564 (CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production ...)
+ TODO: check
+CVE-2026-34563 (CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production ...)
+ TODO: check
+CVE-2026-34562 (CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production ...)
+ TODO: check
+CVE-2026-34561 (CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production ...)
+ TODO: check
+CVE-2026-34560 (CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production ...)
+ TODO: check
+CVE-2026-34559 (CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production ...)
+ TODO: check
+CVE-2026-34545 (OpenEXR provides the specification and reference implementation of the ...)
+ TODO: check
+CVE-2026-34544 (OpenEXR provides the specification and reference implementation of the ...)
+ TODO: check
+CVE-2026-34543 (OpenEXR provides the specification and reference implementation of the ...)
+ TODO: check
+CVE-2026-34531 (Flask-HTTPAuth provides Basic, Digest and Token HTTP authentication fo ...)
+ TODO: check
+CVE-2026-34530 (File Browser is a file managing interface for uploading, deleting, pre ...)
+ TODO: check
+CVE-2026-34529 (File Browser is a file managing interface for uploading, deleting, pre ...)
+ TODO: check
+CVE-2026-34528 (File Browser is a file managing interface for uploading, deleting, pre ...)
+ TODO: check
+CVE-2026-34525 (AIOHTTP is an asynchronous HTTP client/server framework for asyncio an ...)
+ TODO: check
+CVE-2026-34520 (AIOHTTP is an asynchronous HTTP client/server framework for asyncio an ...)
+ TODO: check
+CVE-2026-34519 (AIOHTTP is an asynchronous HTTP client/server framework for asyncio an ...)
+ TODO: check
+CVE-2026-34518 (AIOHTTP is an asynchronous HTTP client/server framework for asyncio an ...)
+ TODO: check
+CVE-2026-34517 (AIOHTTP is an asynchronous HTTP client/server framework for asyncio an ...)
+ TODO: check
+CVE-2026-34516 (AIOHTTP is an asynchronous HTTP client/server framework for asyncio an ...)
+ TODO: check
+CVE-2026-34515 (AIOHTTP is an asynchronous HTTP client/server framework for asyncio an ...)
+ TODO: check
+CVE-2026-34514 (AIOHTTP is an asynchronous HTTP client/server framework for asyncio an ...)
+ TODO: check
+CVE-2026-34513 (AIOHTTP is an asynchronous HTTP client/server framework for asyncio an ...)
+ TODO: check
+CVE-2026-34456 (Reviactyl is an open-source game server management panel built using L ...)
+ TODO: check
+CVE-2026-34455 (Hi.Events is an open-source event management and ticket selling platfo ...)
+ TODO: check
+CVE-2026-32929 (V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read in VS6 ...)
+ TODO: check
+CVE-2026-32928 (V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflo ...)
+ TODO: check
+CVE-2026-32927 (V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulner ...)
+ TODO: check
+CVE-2026-32926 (V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulner ...)
+ TODO: check
+CVE-2026-32925 (V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflo ...)
+ TODO: check
+CVE-2026-2862 (IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Secur ...)
+ TODO: check
+CVE-2026-2475 (IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Secur ...)
+ TODO: check
+CVE-2026-22815 (AIOHTTP is an asynchronous HTTP client/server framework for asyncio an ...)
+ TODO: check
+CVE-2026-21767 (HCL BigFix Platform is affected byinsufficient authentication. The app ...)
+ TODO: check
+CVE-2026-21765 (HCL BigFix Platform is affected by insecure permissions on private cry ...)
+ TODO: check
+CVE-2026-1540 (The Spam Protect for Contact Form 7 WordPress plugin before 1.2.10 all ...)
+ TODO: check
+CVE-2026-1491 (IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Secur ...)
+ TODO: check
+CVE-2026-1345 (IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Secur ...)
+ TODO: check
+CVE-2026-1243 (IBM Content Navigator 3.0.15, 3.1.0, and 3.2.0 is vulnerable to cross- ...)
+ TODO: check
+CVE-2025-66487 (IBM Aspera Shares 1.9.9 through 1.11.0 does not properly rate limit th ...)
+ TODO: check
+CVE-2025-66486 (IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTML injection ...)
+ TODO: check
+CVE-2025-66485 (IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTTP header in ...)
+ TODO: check
+CVE-2025-66484 (IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to stored cross-s ...)
+ TODO: check
+CVE-2025-66483 (IBM Aspera Shares 1.9.9 through 1.11.0 does not invalidate session aft ...)
+ TODO: check
+CVE-2025-66442 (In Mbed TLS through 4.0.0, there is a compiler-induced timing side cha ...)
+ TODO: check
+CVE-2025-36375 (IBM DataPower Gateway 10.6CD 10.6.1.0 through 10.6.5.0 and IBM DataPow ...)
+ TODO: check
+CVE-2025-36373 (IBM DataPower Gateway 10.6CD 10.6.1.0 through 10.6.5.0 and IBM DataPow ...)
+ TODO: check
+CVE-2025-13916 (IBM Aspera Shares 1.9.9 through 1.11.0 uses weaker than expected crypt ...)
+ TODO: check
+CVE-2025-0711
+ REJECTED
CVE-2026-5310 (A vulnerability was identified in Enter Software Iperius Backup up to ...)
NOT-FOR-US: Enter Software Iperius Backup
CVE-2026-5271 (pymanager included the current working directory in sys.path meaning m ...)
@@ -9299,6 +9467,7 @@ CVE-2026-3555 (Philips Hue Bridge Zigbee Stack Custom Command Handler Heap-based
CVE-2026-3227 (A command injection vulnerability was identified in TP-Link TL-WR802N ...)
NOT-FOR-US: TPLink
CVE-2026-3082 (GStreamer JPEG Parser Heap-based Buffer Overflow Remote Code Execution ...)
+ {DSA-6190-1}
- gst-plugins-bad1.0 1.28.1-1
NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0003.html
NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/10885
@@ -11947,6 +12116,7 @@ CVE-2026-3085 (GStreamer rtpqdm2depay Heap-based Buffer Overflow Remote Code Exe
NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0008.html
NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/8349cdd35f85246e113b18e55fd11abf9cb248bf (main)
CVE-2026-2923 (GStreamer DVB Subtitles Out-Of-Bounds Write Remote Code Execution Vuln ...)
+ {DSA-6190-1}
- gst-plugins-bad1.0 1.28.1-1 (bug #1130059)
NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0007.html
NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/1b12d63b4414de80ebf5561823b6a0ac8b734eb1 (main)
@@ -11962,7 +12132,7 @@ CVE-2026-2923 (GStreamer DVB Subtitles Out-Of-Bounds Write Remote Code Execution
NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/db222d6d7971100a8ba60bd5d10a2233a38ebc46 (1.24 branch)
NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/6aa055e9606104be1f095896d0b292b06dfb8dd9 (1.24 branch)
CVE-2026-2920 (GStreamer ASF Demuxer Heap-based Buffer Overflow Remote Code Execution ...)
- {DLA-4516-1}
+ {DSA-6191-1 DLA-4516-1}
- gst-plugins-ugly1.0 1.28.1-1
NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0006.html
NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/37d7991168a223d0810fd1f4493ec6a8b6a510d3 (main)
@@ -11970,7 +12140,7 @@ CVE-2026-2920 (GStreamer ASF Demuxer Heap-based Buffer Overflow Remote Code Exec
NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/3dc4244f030a0af077b9f87fd8ad50d4032428ef (1.26.11)
NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/9f9d1f664546d99e5ca0c3ced216e76dd08b409f (1.24 branch)
CVE-2026-2922 (GStreamer RealMedia Demuxer Out-Of-Bounds Write Remote Code Execution ...)
- {DLA-4516-1}
+ {DSA-6191-1 DLA-4516-1}
- gst-plugins-ugly1.0 1.28.1-1
NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0005.html
NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/8a17c9d183ca3cfb5e97ae3b3f344ba79f8859df (main)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/30f79a20b3545aab8317385a95c647452d612791
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/30f79a20b3545aab8317385a95c647452d612791
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260402/3182dc43/attachment.htm>
More information about the debian-security-tracker-commits
mailing list