[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e794f0fa by security tracker role at 2026-03-14T08:13:03+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,93 @@
+CVE-2026-3839 (Unraid Authentication Request Path Traversal Authentication Bypass Vul ...)
+	TODO: check
+CVE-2026-3838 (Unraid Update Request Path Traversal Remote Code Execution Vulnerabili ...)
+	TODO: check
+CVE-2026-3562 (Philips Hue Bridge hk_hap Ed25519 Signature Verification Authenticatio ...)
+	TODO: check
+CVE-2026-3561 (Philips Hue Bridge hk_hap characteristics Heap-based Buffer Overflow R ...)
+	TODO: check
+CVE-2026-3560 (Philips Hue Bridge HomeKit hk_hap_pair_storage_put Heap-based Buffer O ...)
+	TODO: check
+CVE-2026-3559 (Philips Hue Bridge HomeKit Accessory Protocol Static Nonce Authenticat ...)
+	TODO: check
+CVE-2026-3558 (Philips Hue Bridge HomeKit Accessory Protocol Transient Pairing Mode A ...)
+	TODO: check
+CVE-2026-3557 (Philips Hue Bridge hap_pair_verify_handler Sub-TLV Parsing Heap-based  ...)
+	TODO: check
+CVE-2026-3556 (Philips Hue Bridge HomeKit Pair-Setup Heap-based Buffer Overflow Remot ...)
+	TODO: check
+CVE-2026-3555 (Philips Hue Bridge Zigbee Stack Custom Command Handler Heap-based Buff ...)
+	TODO: check
+CVE-2026-3227 (A command injection vulnerability was identified in TP-Link TL-WR802N  ...)
+	TODO: check
+CVE-2026-3082 (GStreamer JPEG Parser Heap-based Buffer Overflow Remote Code Execution ...)
+	TODO: check
+CVE-2026-32772 (telnet in GNU inetutils through 2.7 allows servers to read arbitrary e ...)
+	TODO: check
+CVE-2026-32732 (Lean 4 VS Code Extension is a Visual Studio Code extension for the Lea ...)
+	TODO: check
+CVE-2026-32729 (Runtipi is a personal homeserver orchestrator. Prior to 4.8.1, The Run ...)
+	TODO: check
+CVE-2026-32724 (PX4 autopilot is a flight control solution for drones. Prior to 1.17.0 ...)
+	TODO: check
+CVE-2026-32720 (The CTFer.io Monitoring component is in charge of the collection, proc ...)
+	TODO: check
+CVE-2026-32719 (AnythingLLM is an application that turns pieces of content into contex ...)
+	TODO: check
+CVE-2026-32717 (AnythingLLM is an application that turns pieces of content into contex ...)
+	TODO: check
+CVE-2026-32715 (AnythingLLM is an application that turns pieces of content into contex ...)
+	TODO: check
+CVE-2026-32713 (PX4 autopilot is a flight control solution for drones. Prior to 1.17.0 ...)
+	TODO: check
+CVE-2026-32709 (PX4 autopilot is a flight control solution for drones. Prior to 1.17.0 ...)
+	TODO: check
+CVE-2026-32708 (PX4 autopilot is a flight control solution for drones. Prior to 1.17.0 ...)
+	TODO: check
+CVE-2026-32707 (PX4 autopilot is a flight control solution for drones. Prior to 1.17.0 ...)
+	TODO: check
+CVE-2026-32706 (PX4 autopilot is a flight control solution for drones. Prior to 1.17.0 ...)
+	TODO: check
+CVE-2026-32705 (PX4 autopilot is a flight control solution for drones. Prior to 1.17.0 ...)
+	TODO: check
+CVE-2026-32704 (SiYuan is a personal knowledge management system. Prior to 3.6.1, POST ...)
+	TODO: check
+CVE-2026-32702 (Cleanuparr is a tool for automating the cleanup of unwanted or blocked ...)
+	TODO: check
+CVE-2026-32640 (SimpleEval is a library for adding evaluatable expressions into python ...)
+	TODO: check
+CVE-2026-32635 (Angular is a development platform for building mobile and desktop web  ...)
+	TODO: check
+CVE-2026-32630 (file-type detects the file type of a file, stream, or data. From 20.0. ...)
+	TODO: check
+CVE-2026-32628 (AnythingLLM is an application that turns pieces of content into contex ...)
+	TODO: check
+CVE-2026-32627 (cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTT ...)
+	TODO: check
+CVE-2026-32626 (AnythingLLM is an application that turns pieces of content into contex ...)
+	TODO: check
+CVE-2026-32621 (Apollo Federation is an architecture for declaratively composing APIs  ...)
+	TODO: check
+CVE-2026-32617 (AnythingLLM is an application that turns pieces of content into contex ...)
+	TODO: check
+CVE-2026-32616 (Pigeon is a message board/notepad/social system/blog. Prior to 1.0.201 ...)
+	TODO: check
+CVE-2026-32614 (Go ShangMi (Commercial Cryptography) Library (GMSM) is a cryptographic ...)
+	TODO: check
+CVE-2026-2493 (IceWarp collaboration Directory Traversal Information Disclosure Vulne ...)
+	TODO: check
+CVE-2026-2491 (Socomec DIRIS A-40 HTTP API Authentication Bypass Vulnerability. This  ...)
+	TODO: check
+CVE-2026-26133 (AI command injection in M365 Copilot allows an unauthorized attacker t ...)
+	TODO: check
+CVE-2026-1948 (The NEX-Forms \u2013 Ultimate Forms Plugin for WordPress plugin for Wo ...)
+	TODO: check
+CVE-2026-0977 (IBM CICS Transaction Gateway for Multiplatforms 9.3 and 10.1 could all ...)
+	TODO: check
+CVE-2026-0385 (Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability)
+	TODO: check
+CVE-2025-15060 (claude-hovercraft executeClaudeCode Command Injection Remote Code Exec ...)
+	TODO: check
 CVE-2026-4111 (A flaw was identified in the RAR5 archive decompression logic of the l ...)
 	- libarchive <unfixed>
 	NOTE: https://github.com/libarchive/libarchive/pull/2877
@@ -1669,17 +1759,22 @@ CVE-2026-27266 (Adobe Experience Manager versions 6.5.23 and earlier are affecte
 	NOT-FOR-US: Adobe
 CVE-2026-27265 (Adobe Experience Manager versions 6.5.23 and earlier are affected by a ...)
 	NOT-FOR-US: Adobe
-CVE-2026-27264 (Adobe Experience Manager versions 6.5.23 and earlier are affected by a ...)
+CVE-2026-27264
+	REJECTED
 	NOT-FOR-US: Adobe
-CVE-2026-27263 (Adobe Experience Manager versions 6.5.23 and earlier are affected by a ...)
+CVE-2026-27263
+	REJECTED
 	NOT-FOR-US: Adobe
 CVE-2026-27262 (Adobe Experience Manager versions 6.5.23 and earlier are affected by a ...)
 	NOT-FOR-US: Adobe
-CVE-2026-27261 (Adobe Experience Manager versions 6.5.23 and earlier are affected by a ...)
+CVE-2026-27261
+	REJECTED
 	NOT-FOR-US: Adobe
-CVE-2026-27260 (Adobe Experience Manager versions 6.5.23 and earlier are affected by a ...)
+CVE-2026-27260
+	REJECTED
 	NOT-FOR-US: Adobe
-CVE-2026-27259 (Adobe Experience Manager versions 6.5.23 and earlier are affected by a ...)
+CVE-2026-27259
+	REJECTED
 	NOT-FOR-US: Adobe
 CVE-2026-27257 (Adobe Experience Manager versions 6.5.23 and earlier are affected by a ...)
 	NOT-FOR-US: Adobe
@@ -2416,49 +2511,49 @@ CVE-2026-23240 (In the Linux kernel, the following vulnerability has been resolv
 CVE-2026-23239 (In the Linux kernel, the following vulnerability has been resolved:  e ...)
 	- linux 6.19.6-1
 	NOTE: https://git.kernel.org/linus/e1512c1db9e8794d8d130addd2615ec27231d994 (7.0-rc2)
-CVE-2026-3084
+CVE-2026-3084 (GStreamer H.266 Codec Parser Integer Underflow Remote Code Execution V ...)
 	- gst-plugins-bad1.0 1.28.1-1 (bug #1130059)
 	[bookworm] - gst-plugins-bad1.0 <not-affected> (Vulnerable code not present)
 	[bullseye] - gst-plugins-bad1.0 <not-affected> (Vulnerable code not present)
 	NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0011.html
 	NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/10887
 	NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/81d8a555c06e8be51da6c6344eb52f91bf2b15f6 (main)
-CVE-2026-3081
+CVE-2026-3081 (GStreamer H.266 Codec Parser Stack-based Buffer Overflow Remote Code E ...)
 	- gst-plugins-bad1.0 1.28.1-1 (bug #1130059)
 	[bookworm] - gst-plugins-bad1.0 <not-affected> (Vulnerable code not present)
 	[bullseye] - gst-plugins-bad1.0 <not-affected> (Vulnerable code not present)
 	NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0010.html
 	NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/3a4a2c220de5714ecb18822f3a3f395f04d84886 (main)
-CVE-2026-3086
+CVE-2026-3086 (GStreamer H.266 Codec Parser Out-Of-Bounds Write Remote Code Execution ...)
 	- gst-plugins-bad1.0 1.28.1-1 (bug #1130059)
 	[bookworm] - gst-plugins-bad1.0 <not-affected> (Vulnerable code not present)
 	[bullseye] - gst-plugins-bad1.0 <not-affected> (Vulnerable code not present)
 	NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0009.html
 	NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/aa1f5a80085ef65154a982dd3b23181100265c7e (main)
-CVE-2026-3083
+CVE-2026-3083 (GStreamer rtpqdm2depay Out-Of-Bounds Write Remote Code Execution Vulne ...)
 	- gst-plugins-good1.0 1.28.1-1
 	NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0008.html
 	NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/8349cdd35f85246e113b18e55fd11abf9cb248bf (main)
-CVE-2026-3085
+CVE-2026-3085 (GStreamer rtpqdm2depay Heap-based Buffer Overflow Remote Code Executio ...)
 	- gst-plugins-good1.0 1.28.1-1
 	NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0008.html
 	NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/8349cdd35f85246e113b18e55fd11abf9cb248bf (main)
-CVE-2026-2923
+CVE-2026-2923 (GStreamer DVB Subtitles Out-Of-Bounds Write Remote Code Execution Vuln ...)
 	- gst-plugins-bad1.0 1.28.1-1 (bug #1130059)
 	NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0007.html
 	NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/1b12d63b4414de80ebf5561823b6a0ac8b734eb1 (main)
 	NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/3b8253f447bcc9831dbf643d2c69b205fedbe086 (main)
 	NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/f0a84752aaa09457fcf736c93cecdff34ec0bfb2 (main)
-CVE-2026-2920
+CVE-2026-2920 (GStreamer ASF Demuxer Heap-based Buffer Overflow Remote Code Execution ...)
 	- gst-plugins-ugly1.0 1.28.1-1
 	NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0006.html
 	NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/37d7991168a223d0810fd1f4493ec6a8b6a510d3 (main)
-CVE-2026-2922
+CVE-2026-2922 (GStreamer RealMedia Demuxer Out-Of-Bounds Write Remote Code Execution  ...)
 	- gst-plugins-ugly1.0 1.28.1-1
 	NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0005.html
 	NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/8a17c9d183ca3cfb5e97ae3b3f344ba79f8859df (main)
 	NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/cfc74588fca99328419eb16921fa559739a7b503 (main)
-CVE-2026-2921
+CVE-2026-2921 (GStreamer RIFF Palette Integer Overflow Remote Code Execution Vulnerab ...)
 	- gst-plugins-base1.0 1.28.1-1
 	NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0004.html
 	NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/66d1f79c78b573db714434cf08e7531bed4f4473 (main)
@@ -15888,7 +15983,7 @@ CVE-2025-14150 (IBM webMethods Integration (on prem) - Integration Server 10.15
 	NOT-FOR-US: IBM
 CVE-2025-14079 (The ELEX WordPress HelpDesk & Customer Ticketing System plugin for Wor ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2025-13491 (IBM App Connect Enterprise Certified Containerup to 12.19.0 (Continuou ...)
+CVE-2025-13491 (IBM App Connect Enterprise Certified ContainerCD: 11.2.0 through 11.6. ...)
 	NOT-FOR-US: IBM
 CVE-2025-13416 (The ProfileGrid \u2013 User Profiles, Groups and Communities plugin fo ...)
 	NOT-FOR-US: WordPress plugin



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e794f0faa66270a1fa73f00e274cb630dd785f9a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e794f0faa66270a1fa73f00e274cb630dd785f9a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260314/76940cde/attachment-0001.htm>