[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Mar 16 08:13:22 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
04a63f5d by security tracker role at 2026-03-16T08:13:15+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,237 @@
+CVE-2026-4255 (A DLL search order hijacking vulnerability in Thermalright TR-VISION H ...)
+	TODO: check
+CVE-2026-4226 (A weakness has been identified in LB-LINK BL-WR9000 2.4.9. The affecte ...)
+	TODO: check
+CVE-2026-4225 (A security flaw has been discovered in CMS Made Simple up to 2.2.21. I ...)
+	TODO: check
+CVE-2026-4223 (A vulnerability was identified in itsourcecode Payroll Management Syst ...)
+	TODO: check
+CVE-2026-4222 (A vulnerability was determined in SSCMS up to 7.4.0. This vulnerabilit ...)
+	TODO: check
+CVE-2026-4221 (A vulnerability was found in Tiandy Easy7 Integrated Management Platfo ...)
+	TODO: check
+CVE-2026-4220 (A vulnerability has been found in Technologies Integrated Management P ...)
+	TODO: check
+CVE-2026-4219 (A flaw has been found in INDEX Conferences & Exhibitions Organization  ...)
+	TODO: check
+CVE-2026-4218 (A vulnerability was detected in myAEDES App up to 1.18.4 on Android. A ...)
+	TODO: check
+CVE-2026-4217 (A security vulnerability has been detected in XREAL Nebula App up to 3 ...)
+	TODO: check
+CVE-2026-4216 (A weakness has been identified in i-SENS SmartLog App up to 2.6.8 on A ...)
+	TODO: check
+CVE-2026-4215 (A security flaw has been discovered in FlowCI flow-core-x up to 1.23.0 ...)
+	TODO: check
+CVE-2026-4214 (A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320,  ...)
+	TODO: check
+CVE-2026-4213 (A vulnerability was detected in D-Link DNS-120, DNR-202L, DNS-315L, DN ...)
+	TODO: check
+CVE-2026-4212 (A security vulnerability has been detected in D-Link DNS-120, DNR-202L ...)
+	TODO: check
+CVE-2026-4211 (A weakness has been identified in D-Link DNS-120, DNR-202L, DNS-315L,  ...)
+	TODO: check
+CVE-2026-4210 (A security flaw has been discovered in D-Link DNS-120, DNR-202L, DNS-3 ...)
+	TODO: check
+CVE-2026-4209 (A vulnerability was identified in D-Link DNS-120, DNR-202L, DNS-315L,  ...)
+	TODO: check
+CVE-2026-4207 (A vulnerability was determined in D-Link DNS-120, DNR-202L, DNS-315L,  ...)
+	TODO: check
+CVE-2026-4206 (A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-3 ...)
+	TODO: check
+CVE-2026-4205 (A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L,  ...)
+	TODO: check
+CVE-2026-4204 (A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320,  ...)
+	TODO: check
+CVE-2026-4203 (A vulnerability was detected in D-Link DNS-120, DNR-202L, DNS-315L, DN ...)
+	TODO: check
+CVE-2026-4201 (A weakness has been identified in glowxq glowxq-oj up to 6f7c723090472 ...)
+	TODO: check
+CVE-2026-4200 (A security flaw has been discovered in glowxq glowxq-oj up to 6f7c7230 ...)
+	TODO: check
+CVE-2026-4199 (A vulnerability was identified in bazinga012 mcp_code_executor up to 0 ...)
+	TODO: check
+CVE-2026-4198 (A vulnerability was determined in hypermodel-labs mcp-server-auto-comm ...)
+	TODO: check
+CVE-2026-4197 (A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-3 ...)
+	TODO: check
+CVE-2026-4196 (A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L,  ...)
+	TODO: check
+CVE-2026-4195 (A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320,  ...)
+	TODO: check
+CVE-2026-4194 (A vulnerability was detected in D-Link DNS-120, DNR-202L, DNS-315L, DN ...)
+	TODO: check
+CVE-2026-4193 (A security vulnerability has been detected in D-Link DIR-823G 1.0.2B05 ...)
+	TODO: check
+CVE-2026-4192 (A vulnerability has been found in AvinashBole quip-mcp-server 1.0.0. A ...)
+	TODO: check
+CVE-2026-4191 (A flaw has been found in JawherKl node-api-postgres up to 2.5. Affecte ...)
+	TODO: check
+CVE-2026-4190 (A vulnerability was detected in JawherKl node-api-postgres up to 2.5.  ...)
+	TODO: check
+CVE-2026-4189 (A weakness has been identified in phpipam up to 1.7.4. The impacted el ...)
+	TODO: check
+CVE-2026-4188 (A security flaw has been discovered in D-Link DIR-619L 2.06B01. The af ...)
+	TODO: check
+CVE-2026-4187 (A vulnerability was identified in Tiandy Easy7 Integrated Management P ...)
+	TODO: check
+CVE-2026-4186 (A vulnerability was determined in UEditor up to 1.4.3.2. This issue af ...)
+	TODO: check
+CVE-2026-4185 (A vulnerability was found in GPAC up to 2.5-DEV-rev2167-gcc9d617c0-mas ...)
+	TODO: check
+CVE-2026-4184 (A vulnerability was detected in D-Link DIR-816 1.10CNB05. Affected by  ...)
+	TODO: check
+CVE-2026-4183 (A security vulnerability has been detected in D-Link DIR-816 1.10CNB05 ...)
+	TODO: check
+CVE-2026-4182 (A weakness has been identified in D-Link DIR-816 1.10CNB05. This impac ...)
+	TODO: check
+CVE-2026-4181 (A security flaw has been discovered in D-Link DIR-816 1.10CNB05. This  ...)
+	TODO: check
+CVE-2026-4180 (A vulnerability was identified in D-Link DIR-816 1.10CNB05. The impact ...)
+	TODO: check
+CVE-2026-4175 (A vulnerability was determined in Aureus ERP up to 1.3.0-BETA2. The af ...)
+	TODO: check
+CVE-2026-4174 (A vulnerability has been found in Radare2 5.9.9. This issue affects th ...)
+	TODO: check
+CVE-2026-4173 (A flaw has been found in CodePhiliaX Chat2DB up to 0.3.7. This vulnera ...)
+	TODO: check
+CVE-2026-4172 (A vulnerability was detected in TRENDnet TEW-632BRP 1.010B32. This aff ...)
+	TODO: check
+CVE-2026-4171 (A security vulnerability has been detected in CodeGenieApp serverless- ...)
+	TODO: check
+CVE-2026-32778 (libexpat before 2.7.5 allows a NULL pointer dereference in the functio ...)
+	TODO: check
+CVE-2026-32777 (libexpat before 2.7.5 allows an infinite loop while parsing DTD conten ...)
+	TODO: check
+CVE-2026-32776 (libexpat before 2.7.5 allows a NULL pointer dereference with empty ext ...)
+	TODO: check
+CVE-2026-32775 (libexif through 0.6.25 has a flaw in decoding MakerNotes. If the exif_ ...)
+	TODO: check
+CVE-2026-31386 (OpenLiteSpeed and LSWS Enterprise provided by LiteSpeed Technologies c ...)
+	TODO: check
+CVE-2026-28522 (arduino-TuyaOpen before version 1.2.1 contains a null pointer derefere ...)
+	TODO: check
+CVE-2026-28521 (arduino-TuyaOpen before version 1.2.1 contains an out-of-bounds memory ...)
+	TODO: check
+CVE-2026-28520 (arduino-TuyaOpen before version 1.2.1 contains a single-byte buffer ov ...)
+	TODO: check
+CVE-2026-28519 (arduino-TuyaOpen before version 1.2.1 contains a heap-based buffer ove ...)
+	TODO: check
+CVE-2026-25083 (GROWI OpenAI thread/message API endpoints do not perform authorization ...)
+	TODO: check
+CVE-2026-21005 (Path traversal in Smart Switch prior to version 3.7.69.15 allows adjac ...)
+	TODO: check
+CVE-2026-21004 (Improper authentication in Smart Switch prior to version 3.7.69.15 all ...)
+	TODO: check
+CVE-2026-21002 (Improper verification of cryptographic signature in Galaxy Store prior ...)
+	TODO: check
+CVE-2026-21001 (Path traversal in Galaxy Store prior to version 4.6.03.8 allows local  ...)
+	TODO: check
+CVE-2026-21000 (Improper access control in Galaxy Store prior to version 4.6.03.8 allo ...)
+	TODO: check
+CVE-2026-20999 (Authentication bypass by replay in Smart Switch prior to version 3.7.6 ...)
+	TODO: check
+CVE-2026-20998 (Improper authentication in Smart Switch prior to version 3.7.69.15 all ...)
+	TODO: check
+CVE-2026-20997 (Improper verification of cryptographic signature in Smart Switch prior ...)
+	TODO: check
+CVE-2026-20996 (Use of a broken or risky cryptographic algorithm in Smart Switch prior ...)
+	TODO: check
+CVE-2026-20995 (Exposure of sensitive functionality to an unauthorized actor in Smart  ...)
+	TODO: check
+CVE-2026-20994 (URL redirection in Samsung Account prior to version 15.5.01.1 allows r ...)
+	TODO: check
+CVE-2026-20993 (Improper export of android application components in Samsung Assistant ...)
+	TODO: check
+CVE-2026-20992 (Improper authorization in Settings prior to SMR Mar-2026 Release 1 all ...)
+	TODO: check
+CVE-2026-20991 (Improper privilege management in ThemeManager prior to SMR Mar-2026 Re ...)
+	TODO: check
+CVE-2026-20990 (Improper export of android application components in Secure Folder pri ...)
+	TODO: check
+CVE-2026-20989 (Improper verification of cryptographic signature in Font Settings prio ...)
+	TODO: check
+CVE-2026-20988 (Improper verification of intent by broadcast receiver in Settings prio ...)
+	TODO: check
+CVE-2026-0639 (in OpenHarmony v6.0 and prior versions allow a local attacker case DOS ...)
+	TODO: check
+CVE-2025-6969 (in OpenHarmony v5.1.0 and prior versions allow a local attacker cause  ...)
+	TODO: check
+CVE-2025-52458 (in OpenHarmony v5.1.0 and prior versions allow a local attacker arbitr ...)
+	TODO: check
+CVE-2025-41432 (in OpenHarmony v5.1.0 and prior versions allow a local attacker arbitr ...)
+	TODO: check
+CVE-2025-26474 (in OpenHarmony v5.0.3 and prior versions allow a local attacker cause  ...)
+	TODO: check
+CVE-2025-25277 (in OpenHarmony v5.1.0 and prior versions allow a local attacker arbitr ...)
+	TODO: check
+CVE-2025-14287 (A command injection vulnerability exists in mlflow/mlflow versions bef ...)
+	TODO: check
+CVE-2025-12736 (in OpenHarmony v5.0.3 and prior versions allow a local attacker case s ...)
+	TODO: check
+CVE-2017-20224 (Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0 contains an arbitrar ...)
+	TODO: check
+CVE-2017-20223 (Telesquare SKT LTE Router SDT-CS3B1 firmware version 1.2.0 contains an ...)
+	TODO: check
+CVE-2017-20222 (Telesquare SKT LTE Router SDT-CS3B1 software version 1.2.0 contains an ...)
+	TODO: check
+CVE-2017-20221 (Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0 contains a cross-sit ...)
+	TODO: check
+CVE-2017-20220 (Serviio PRO 1.8 contains an improper access control vulnerability in t ...)
+	TODO: check
+CVE-2017-20219 (Serviio PRO 1.8 DLNA Media Streaming Server contains a DOM-based cross ...)
+	TODO: check
+CVE-2017-20218 (Serviio PRO 1.8 contains an unquoted search path vulnerability in the  ...)
+	TODO: check
+CVE-2017-20217 (Serviio PRO 1.8 contains an information disclosure vulnerability due t ...)
+	TODO: check
+CVE-2016-20036 (Wowza Streaming Engine 4.5.0 contains multiple reflected cross-site sc ...)
+	TODO: check
+CVE-2016-20035 (Wowza Streaming Engine 4.5.0 contains a cross-site request forgery vul ...)
+	TODO: check
+CVE-2016-20034 (Wowza Streaming Engine 4.5.0 contains a privilege escalation vulnerabi ...)
+	TODO: check
+CVE-2016-20033 (Wowza Streaming Engine 4.5.0 contains a local privilege escalation vul ...)
+	TODO: check
+CVE-2016-20032 (ZKTeco ZKAccess Security System 5.3.1 contains a stored cross-site scr ...)
+	TODO: check
+CVE-2016-20031 (ZKTeco ZKBioSecurity 3.0 contains a local authorization bypass vulnera ...)
+	TODO: check
+CVE-2016-20030 (ZKTeco ZKBioSecurity 3.0 contains a user enumeration vulnerability tha ...)
+	TODO: check
+CVE-2016-20029 (ZKTeco ZKBioSecurity 3.0 contains a file path manipulation vulnerabili ...)
+	TODO: check
+CVE-2016-20028 (ZKTeco ZKBioSecurity 3.0 contains a cross-site request forgery vulnera ...)
+	TODO: check
+CVE-2016-20027 (ZKTeco ZKBioSecurity 3.0 contains multiple reflected cross-site script ...)
+	TODO: check
+CVE-2016-20026 (ZKTeco ZKBioSecurity 3.0 contains hardcoded credentials in the bundled ...)
+	TODO: check
+CVE-2016-20025 (ZKTeco ZKAccess Professional 3.5.3 contains an insecure file permissio ...)
+	TODO: check
+CVE-2016-20024 (ZKTeco ZKTime.Net 3.0.1.6 contains an insecure file permissions vulner ...)
+	TODO: check
+CVE-2015-20121 (Next Click Ventures RealtyScript 4.0.2 contains SQL injection vulnerab ...)
+	TODO: check
+CVE-2015-20120 (Next Click Ventures RealtyScript 4.0.2 contains multiple time-based bl ...)
+	TODO: check
+CVE-2015-20119 (Next Click Ventures RealtyScript 4.0.2 contains a stored cross-site sc ...)
+	TODO: check
+CVE-2015-20118 (Next Click Ventures RealtyScript 4.0.2 contains a stored cross-site sc ...)
+	TODO: check
+CVE-2015-20117 (Next Click Ventures RealtyScript 4.0.2 contains a cross-site request f ...)
+	TODO: check
+CVE-2015-20116 (Next Click Ventures RealtyScript 4.0.2 fails to properly sanitize CSV  ...)
+	TODO: check
+CVE-2015-20115 (Next Click Ventures RealtyScript 4.0.2 fails to properly sanitize file ...)
+	TODO: check
+CVE-2015-20114 (Next Click Ventures RealtyScript 4.0.2 contains a cross-site scripting ...)
+	TODO: check
+CVE-2015-20113 (Next Click Ventures RealtyScript 4.0.2 contains cross-site request for ...)
+	TODO: check
+CVE-2013-20006 (Qool CMS contains multiple persistent cross-site scripting vulnerabili ...)
+	TODO: check
+CVE-2013-20005 (Qool CMS 2.0 RC2 contains a cross-site request forgery vulnerability t ...)
+	TODO: check
 CVE-2026-4179 (Issues in stm32 USB device driver (drivers/usb/device/usb_dc_stm32.c)  ...)
 	NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2026-4170 (A weakness has been identified in Topsec TopACM 3.0. Affected by this  ...)
@@ -621,9 +855,11 @@ CVE-2026-2673 (Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate th
 	NOTE: Fixed by: https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34 (openssl-3.5)
 	NOTE: Fixed by: https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f (openssl-3.6)
 CVE-2026-3910 (Inappropriate implementation in V8 in Google Chrome prior to 146.0.768 ...)
+	{DSA-6165-1}
 	- chromium 146.0.7680.80-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-3909 (Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 al ...)
+	{DSA-6165-1}
 	- chromium 146.0.7680.80-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-3891 (The Pix for WooCommerce plugin for WordPress is vulnerable to arbitrar ...)
@@ -6837,7 +7073,7 @@ CVE-2025-12981 (The Listee theme for WordPress is vulnerable to privilege escala
 	NOT-FOR-US: WordPress plugin
 CVE-2023-31364 (Improper handling of direct memory writes in the input-output memory m ...)
 	TODO: check
-CVE-2025-71264 [Crashes Opus buffer overruns]
+CVE-2025-71264 (Mumble before 1.6.870 is prone to an out-of-bounds array access, which ...)
 	- mumble 1.5.735-7 (bug #1129178)
 	[trixie] - mumble <no-dsa> (Minor issue; will be fixed via point release)
 	[bookworm] - mumble <no-dsa> (Minor issue; will be fixed via point release)
@@ -8242,7 +8478,7 @@ CVE-2026-2761 (Sandbox escape in the Graphics: WebRender component. This vulnera
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2761
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-17/#CVE-2026-2761
 CVE-2026-2760 (Sandbox escape due to incorrect boundary conditions in the Graphics: W ...)
-	{DSA-6148-1 DLA-4496-1}
+	{DSA-6152-1 DSA-6148-1 DLA-4496-1 DLA-4495-1}
 	- firefox 148.0-1
 	- firefox-esr 140.8.0esr-1
 	- thunderbird 1:140.8.0esr-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/04a63f5d08432ec3df4c59d0c001064c34da3a11

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/04a63f5d08432ec3df4c59d0c001064c34da3a11
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260316/ff31c40d/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list