[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Apr 30 08:13:15 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1509d541 by security tracker role at 2026-04-30T07:13:09+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,177 @@
+CVE-2026-7470 (A flaw has been found in Tenda 4G300 US_4G300V1.0Mt_V1.01.42_CN_TDC01. ...)
+ TODO: check
+CVE-2026-7469 (A vulnerability was detected in Tenda 4G300 US_4G300V1.0Mt_V1.01.42_CN ...)
+ TODO: check
+CVE-2026-7468 (A security vulnerability has been detected in 1024-lab smart-admin up ...)
+ TODO: check
+CVE-2026-7447 (A flaw has been found in SourceCodester Pet Grooming Management Softwa ...)
+ TODO: check
+CVE-2026-7446 (A vulnerability was detected in VetCoders mcp-server-semgrep 1.0.0. Th ...)
+ TODO: check
+CVE-2026-7445 (A security vulnerability has been detected in ZachHandley ZMCPTools up ...)
+ TODO: check
+CVE-2026-7443 (A weakness has been identified in BurtTheCoder mcp-dnstwist up to 1.0. ...)
+ TODO: check
+CVE-2026-7426 (Insufficient validation of the prefix length field in IPv6 Router Adve ...)
+ TODO: check
+CVE-2026-7425 (Insufficient option length validation in the IPv6 Router Advertisement ...)
+ TODO: check
+CVE-2026-7420 (A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-21 ...)
+ TODO: check
+CVE-2026-7419 (A vulnerability was identified in UTT HiPER 1250GW up to 3.2.7-210907- ...)
+ TODO: check
+CVE-2026-7418 (A vulnerability was determined in UTT HiPER 1250GW up to 3.2.7-210907- ...)
+ TODO: check
+CVE-2026-7417 (A vulnerability was found in Algovate xhs-mcp 0.8.11. This affects the ...)
+ TODO: check
+CVE-2026-7416 (A vulnerability was found in PolarVista xcode-mcp-server 1.0.0. This i ...)
+ TODO: check
+CVE-2026-7410 (A vulnerability has been found in SourceCodester Pizzafy Ecommerce Sys ...)
+ TODO: check
+CVE-2026-7409 (A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. ...)
+ TODO: check
+CVE-2026-7408 (A vulnerability was detected in SourceCodester Pizzafy Ecommerce Syste ...)
+ TODO: check
+CVE-2026-7407 (A security vulnerability has been detected in SourceCodester Pizzafy E ...)
+ TODO: check
+CVE-2026-7404 (A weakness has been identified in getsimpletool mcpo-simple-server up ...)
+ TODO: check
+CVE-2026-7403 (A security flaw has been discovered in geldata gel-mcp 0.1.0. This imp ...)
+ TODO: check
+CVE-2026-7401 (A vulnerability was detected in SourceCodester CET Automated Grading S ...)
+ TODO: check
+CVE-2026-7400 (A security vulnerability has been detected in geekgod382 filesystem-mc ...)
+ TODO: check
+CVE-2026-7379 (Memory leak in sharkd 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial ...)
+ TODO: check
+CVE-2026-7378 (Crash in sharkd 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of se ...)
+ TODO: check
+CVE-2026-7376 (Crash in sharkd 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of se ...)
+ TODO: check
+CVE-2026-7375 (UDS protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4 ...)
+ TODO: check
+CVE-2026-6870 (GSM RP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 ...)
+ TODO: check
+CVE-2026-6869 (WebSocket protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4 ...)
+ TODO: check
+CVE-2026-6868 (HTTP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to ...)
+ TODO: check
+CVE-2026-6867 (SMB2 protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to ...)
+ TODO: check
+CVE-2026-6538 (BEEP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to ...)
+ TODO: check
+CVE-2026-6537 (ZigBee protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 ...)
+ TODO: check
+CVE-2026-6536 (DLMS/COSEM protocol dissector infinite loop in Wireshark 4.6.0 to 4.6. ...)
+ TODO: check
+CVE-2026-6535 (Dissection engine zlib decompression crash in Wireshark 4.6.0 to 4.6.4 ...)
+ TODO: check
+CVE-2026-6534 (USB HID protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 a ...)
+ TODO: check
+CVE-2026-6533 (Dissection engine LZ77 decompression crash in Wireshark 4.6.0 to 4.6.4 ...)
+ TODO: check
+CVE-2026-6532 (Kismet protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 ...)
+ TODO: check
+CVE-2026-6531 (SANE protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and ...)
+ TODO: check
+CVE-2026-6530 (DCP-ETSI protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4. ...)
+ TODO: check
+CVE-2026-6529 (iLBC audio codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 ...)
+ TODO: check
+CVE-2026-6528 (TLS protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 allow ...)
+ TODO: check
+CVE-2026-6527 (ASN.1 PER protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4 ...)
+ TODO: check
+CVE-2026-6526 (RTSP protocol dissector crash in Wireshark 4.6.0 to 4.6.4)
+ TODO: check
+CVE-2026-6524 (MySQL protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 t ...)
+ TODO: check
+CVE-2026-6523 (GNW protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4 ...)
+ TODO: check
+CVE-2026-6522 (RPKI-Router protocol dissector infinite loop in Wireshark 4.6.0 to 4.6 ...)
+ TODO: check
+CVE-2026-6521 (OpenFlow v5 protocol dissector infinite loops in Wireshark 4.6.0 to 4. ...)
+ TODO: check
+CVE-2026-6520 (OpenFlow v6 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6 ...)
+ TODO: check
+CVE-2026-6519 (MBIM protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and ...)
+ TODO: check
+CVE-2026-6221
+ REJECTED
+CVE-2026-5657 (iLBC codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allow ...)
+ TODO: check
+CVE-2026-5655 (SDP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 allows denial ...)
+ TODO: check
+CVE-2026-5654 (AMR-NB codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 all ...)
+ TODO: check
+CVE-2026-5653 (DCP-ETSI protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4. ...)
+ TODO: check
+CVE-2026-5409 (Monero protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 ...)
+ TODO: check
+CVE-2026-5408 (BT-DHT protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 ...)
+ TODO: check
+CVE-2026-5407 (SMB2 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and ...)
+ TODO: check
+CVE-2026-5406 (FC-SWILS protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4. ...)
+ TODO: check
+CVE-2026-5402 (TLS protocol dissector heap overflow in Wireshark 4.6.0 to 4.6.4 allow ...)
+ TODO: check
+CVE-2026-5401 (AFP Spotlight protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and ...)
+ TODO: check
+CVE-2026-5299 (ICMPv6 PvD protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4. ...)
+ TODO: check
+CVE-2026-41226 (Open redirect vulnerability exists in Multiple laser printers and MFPs ...)
+ TODO: check
+CVE-2026-34965 (Cockpit CMS contains an authenticated remote code execution vulnerabil ...)
+ TODO: check
+CVE-2026-1858 (wget2 accepts a server certificate with incorrect Key Usage (KU) or Ex ...)
+ TODO: check
+CVE-2025-50328 (A vulnerability in B1 Free Archiver v1.5.86 allows files extracted fro ...)
+ TODO: check
+CVE-2025-13030 (All versions of the package django-mdeditor are vulnerable to Missing ...)
+ TODO: check
+CVE-2018-25318 (Tenda FH303/A300 firmware V5.07.68_EN contains a session weakness vuln ...)
+ TODO: check
+CVE-2018-25317 (Tenda W3002R/A302/W309R wireless routers version V5.07.64_en contain a ...)
+ TODO: check
+CVE-2018-25316 (Tenda W308R v2 V5.07.48 contains a cookie session weakness vulnerabili ...)
+ TODO: check
+CVE-2018-25315 (Alloksoft Video joiner 4.6.1217 contains a buffer overflow vulnerabili ...)
+ TODO: check
+CVE-2018-25314 (Allok soft WMV to AVI MPEG DVD WMV Converter 4.6.1217 contains a buffe ...)
+ TODO: check
+CVE-2018-25313 (SysGauge 4.5.18 contains a buffer overflow vulnerability in the proxy ...)
+ TODO: check
+CVE-2018-25312 (LifeSize ClearSea 3.1.4 contains directory traversal vulnerabilities t ...)
+ TODO: check
+CVE-2018-25311 (VideoFlow Digital Video Protection DVP 2.10 contains an authenticated ...)
+ TODO: check
+CVE-2018-25310 (VideoFlow Digital Video Protection DVP 2.10 contains an authenticated ...)
+ TODO: check
+CVE-2018-25309 (MyBB Recent threads 17.0 contains a persistent cross-site scripting vu ...)
+ TODO: check
+CVE-2018-25308 (BuddyPress Xprofile Custom Fields Type 2.6.3 contains a remote code ex ...)
+ TODO: check
+CVE-2018-25307 (SysGauge Pro 4.6.12 contains a local buffer overflow vulnerability in ...)
+ TODO: check
+CVE-2018-25306 (PDFunite 0.41.0 contains a buffer overflow vulnerability that allows l ...)
+ TODO: check
+CVE-2018-25305 (librsvg2-bin 2.40.13 contains a buffer overflow vulnerability that all ...)
+ TODO: check
+CVE-2018-25304 (Free Download Manager 2.0 Built 417 contains a local buffer overflow v ...)
+ TODO: check
+CVE-2018-25303 (Allok Video to DVD Burner 2.6.1217 contains a stack-based buffer overf ...)
+ TODO: check
+CVE-2018-25302 (Allok AVI to DVD SVCD VCD Converter 4.0.1217 contains a structured exc ...)
+ TODO: check
+CVE-2018-25301 (Easy MPEG to DVD Burner 1.7.11 contains a structured exception handlin ...)
+ TODO: check
+CVE-2018-25300 (XATABoost CMS 1.0.0 contains a union-based SQL injection vulnerability ...)
+ TODO: check
+CVE-2018-25299 (Prime95 29.4b8 contains a local buffer overflow vulnerability that all ...)
+ TODO: check
+CVE-2018-25298 (Merge PACS 7.0 contains a cross-site request forgery vulnerability tha ...)
+ TODO: check
CVE-2026-5419
- gnutls28 <unfixed>
NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-13
@@ -37,7 +211,7 @@ CVE-2026-42009
CVE-2026-33846
- gnutls28 <unfixed>
NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-1
-CVE-2026-7381
+CVE-2026-7381 (Plack::Middleware::XSendfile versions through 1.0053 for Perl can allo ...)
- libplack-perl <unfixed>
NOTE: https://lists.security.metacpan.org/cve-announce/msg/39467666/
CVE-2026-40684 [Possible crash with malicious DNS data when using musl libc]
@@ -152,7 +326,7 @@ CVE-2026-42248 (Ollama for Windows does not perform integrity or authenticity ve
TODO: check
CVE-2026-41952 (Local privilege escalation due to improper input validation. The follo ...)
NOT-FOR-US: Acronis
-CVE-2026-41940 (cPanel and WHM versions prior to 11.110.0.97, 11.118.0.63, 11.126.0.54 ...)
+CVE-2026-41940 (cPanel and WHM versions after 11.40 contain an authentication bypass v ...)
NOT-FOR-US: cPanel
CVE-2026-41499 (Wazuh is a free and open source platform used for threat prevention, d ...)
NOT-FOR-US: Wazuh
@@ -6879,7 +7053,7 @@ CVE-2025-15635 (Cross-Site Request Forgery (CSRF) vulnerability in ZAYTECH Smart
NOT-FOR-US: WordPress plugin or theme
CVE-2025-15621 (Insufficiently Protected Credentials in Sparx Systems Pty Ltd. Sparx E ...)
NOT-FOR-US: Sparx
-CVE-2025-15610 (Deserialization of untrusted data vulnerability in OpenText, Inc Right ...)
+CVE-2025-15610 (The .NET Remoting framework used by OpenText Fax (RightFax) includes k ...)
NOT-FOR-US: OpenText
CVE-2025-14868 (The Career Section plugin for WordPress is vulnerable to Cross-Site Re ...)
NOT-FOR-US: WordPress plugin
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1509d541fc8976c1befb4bc6e0950c7e6285c6ea
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1509d541fc8976c1befb4bc6e0950c7e6285c6ea
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260430/368aa820/attachment.htm>
More information about the debian-security-tracker-commits
mailing list