[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Mar 19 20:12:23 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f755dc01 by security tracker role at 2026-03-19T20:12:14+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,131 @@
+CVE-2026-4427 (A flaw was found in pgproto3. A malicious or compromised PostgreSQL se ...)
+	TODO: check
+CVE-2026-4426 (A flaw was found in libarchive. An Undefined Behavior vulnerability ex ...)
+	TODO: check
+CVE-2026-4424 (A flaw was found in libarchive. This heap out-of-bounds read vulnerabi ...)
+	TODO: check
+CVE-2026-3658 (The Appointment Booking Calendar \u2014 Simply Schedule Appointments B ...)
+	TODO: check
+CVE-2026-3580 (In wolfSSL 5.8.4, constant-time masking logic in sp_256_get_entry_256_ ...)
+	TODO: check
+CVE-2026-3579 (wolfSSL 5.8.4 on RISC-V RV32I architectures lacks a constant-time soft ...)
+	TODO: check
+CVE-2026-3548 (Two buffer overflow vulnerabilities existed in the wolfSSL CRL parser  ...)
+	TODO: check
+CVE-2026-3511 (Improper Restriction of XML External Entity Reference vulnerability in ...)
+	TODO: check
+CVE-2026-3503 (Protection mechanism failure in wolfCrypt post-quantum implementations ...)
+	TODO: check
+CVE-2026-3029 (A path traversal and arbitrary file write vulnerability exist in the e ...)
+	TODO: check
+CVE-2026-32869 (OPEXUS eComplaint and eCASE before 10.2.0.0 do not correctly sanitize  ...)
+	TODO: check
+CVE-2026-32868 (OPEXUS eComplaint and eCASE before 10.2.0.0 do not correctly sanitize  ...)
+	TODO: check
+CVE-2026-32867 (OPEXUS eComplaint before version 10.1.0.0 allows an unauthenticated at ...)
+	TODO: check
+CVE-2026-32866 (OPEXUS eComplaint and eCASE before 10.2.0.0 do not correctly sanitize  ...)
+	TODO: check
+CVE-2026-32865 (OPEXUS eComplaint and eCASE before version 10.1.0.0 include the secret ...)
+	TODO: check
+CVE-2026-32843 (Location Aware Sensor System by Linkit ONE, up to commit f06bd20 (2023 ...)
+	TODO: check
+CVE-2026-32238 (OpenEMR is a free and open source electronic health records and medica ...)
+	TODO: check
+CVE-2026-32119 (OpenEMR is a free and open source electronic health records and medica ...)
+	TODO: check
+CVE-2026-30711 (Devome GRR v4.5.0 was discovered to contain multiple authenticated SQL ...)
+	TODO: check
+CVE-2026-30694 (An issue in DedeCMS v.5.7.118 and before allows a remote attacker to e ...)
+	TODO: check
+CVE-2026-30404 (The backend database management connection test feature in wgcloud v3. ...)
+	TODO: check
+CVE-2026-30403 (There is an arbitrary file read vulnerability in the test connection f ...)
+	TODO: check
+CVE-2026-30402 (An issue in wgcloud v.2.3.7 and before allows a remote attacker to exe ...)
+	TODO: check
+CVE-2026-2646 (A heap-buffer-overflow vulnerability exists in wolfSSL's wolfSSL_d2i_S ...)
+	TODO: check
+CVE-2026-2645 (In wolfSSL 5.8.2 and earlier, a logic flaw existed in the TLS 1.2 serv ...)
+	TODO: check
+CVE-2026-27070 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2026-27068 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2026-27067 (Unrestricted Upload of File with Dangerous Type vulnerability in Syari ...)
+	TODO: check
+CVE-2026-27065 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+	TODO: check
+CVE-2026-27043 (Unrestricted Upload of File with Dangerous Type vulnerability in Theme ...)
+	TODO: check
+CVE-2026-26940 (Improper Validation of Specified Quantity in Input (CWE-1284) in the T ...)
+	TODO: check
+CVE-2026-26939 (Missing Authorization (CWE-862) in Kibana\u2019s server-side Detection ...)
+	TODO: check
+CVE-2026-26933 (Improper Validation of Array Index (CWE-129) in multiple protocol pars ...)
+	TODO: check
+CVE-2026-26931 (Memory Allocation with Excessive Size Value (CWE-789) in the Prometheu ...)
+	TODO: check
+CVE-2026-25928 (OpenEMR is a free and open source electronic health records and medica ...)
+	TODO: check
+CVE-2026-25744 (OpenEMR is a free and open source electronic health records and medica ...)
+	TODO: check
+CVE-2026-25667 (ASP.NET Core Kestrel in Microsoft .NET 8.0 before 8.0.22 and .NET 9.0  ...)
+	TODO: check
+CVE-2026-25445 (Deserialization of Untrusted Data vulnerability in Membership Software ...)
+	TODO: check
+CVE-2026-25443 (Missing Authorization vulnerability in Dotstore Fraud Prevention For W ...)
+	TODO: check
+CVE-2026-25442 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2026-25438 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2026-22558 (An Authenticated NoSQL Injection vulnerability found in UniFi Network  ...)
+	TODO: check
+CVE-2026-22557 (A malicious actor with access to the network could exploit a Path Trav ...)
+	TODO: check
+CVE-2026-21788 (HCL Connections is vulnerable to a cross-site scripting attack where a ...)
+	TODO: check
+CVE-2026-1005 (Integer underflow in wolfSSL packet sniffer <= 5.8.4 allows an attacke ...)
+	TODO: check
+CVE-2026-0819 (A stack buffer overflow vulnerability exists in wolfSSL's PKCS7 Signed ...)
+	TODO: check
+CVE-2025-71260 (BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a d ...)
+	TODO: check
+CVE-2025-71259 (BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a b ...)
+	TODO: check
+CVE-2025-71258 (BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a b ...)
+	TODO: check
+CVE-2025-71257 (BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain an  ...)
+	TODO: check
+CVE-2025-69720 (ncurses v6.5 and v6.4 are vulnerable to Buffer Overflow in progs/infoc ...)
+	TODO: check
+CVE-2025-68836 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-67618 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-67115 (A path traversal vulnerability in /ftl/web/setup.cgi in Small Cell Ser ...)
+	TODO: check
+CVE-2025-67114 (Use of a deterministic credential generation algorithm in /ftl/bin/cal ...)
+	TODO: check
+CVE-2025-67113 (OS command injection in the CWMP client (/ftl/bin/cwmp) of Small Cell  ...)
+	TODO: check
+CVE-2025-67112 (Use of a hard-coded AES-256-CBC key in the configuration backup/restor ...)
+	TODO: check
+CVE-2025-62043 (Improper neutralization of input during web page generation ('cross-si ...)
+	TODO: check
+CVE-2025-60237 (Deserialization of Untrusted Data vulnerability in Themeton Finag allo ...)
+	TODO: check
+CVE-2025-60233 (Deserialization of Untrusted Data vulnerability in Themeton Zuut allow ...)
+	TODO: check
+CVE-2025-53222 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-50001 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-32223 (Authorization Bypass Through User-Controlled Key vulnerability in Them ...)
+	TODO: check
+CVE-2025-14716 (Improper Authentication vulnerability in Secomea GateManager (webserve ...)
+	TODO: check
 CVE-2026-4342
 	NOT-FOR-US: Kubernetes ingress-nginx
 CVE-2026-4407 (Out-of-bounds array write in Xpdf 4.06 and earlier, due to incorrect v ...)
@@ -4098,7 +4226,7 @@ CVE-2025-41710 (An unauthenticated remote attacker may use hardcodes credentials
 	NOT-FOR-US: Janitza
 CVE-2025-41709 (An unauthenticated remote attacker can perform a command injection via ...)
 	NOT-FOR-US: Janitza
-CVE-2025-40943 (Affected devices do not properly sanitize contents of trace files. Thi ...)
+CVE-2025-40943 (Affected devices do not properly sanitize contents of trace files.  Th ...)
 	NOT-FOR-US: Siemens
 CVE-2025-36227 (IBM Aspera Faspex 5 5.0.0 through 5.0.14.3 is vulnerable to HTTP heade ...)
 	NOT-FOR-US: IBM
@@ -13320,6 +13448,7 @@ CVE-2025-15578 (Maypole versions from 2.10 through 2.13 for Perl generates sessi
 CVE-2025-12062 (The WP Maps \u2013 Store Locator,Google Maps,OpenStreetMap,Mapbox,List ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-2604
+	{DLA-4503-1}
 	- evolution-data-server 3.56.2-8 (bug #1128332)
 	NOTE: https://gitlab.gnome.org/GNOME/evolution-data-server/-/issues/627
 	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/evolution-data-server/-/commit/afa12b6ba502e5acaa431415aa3b939ddb377382
@@ -15253,7 +15382,7 @@ CVE-2026-25990 (Pillow is a Python imaging library. From 10.3.0 to before 12.1.1
 	NOTE: Introduced with fix for https://github.com/python-pillow/Pillow/pull/7706
 	NOTE: Introduced with: https://github.com/python-pillow/Pillow/commit/c2907dc04967109391a77eea00f7d583a0a0395f (10.3.0)
 	NOTE: Fixed by: https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa (12.1.1)
-CVE-2026-2369
+CVE-2026-2369 (A flaw was found in libsoup. An integer underflow vulnerability occurs ...)
 	- libsoup3 3.6.6-1 (bug #1127843)
 	[trixie] - libsoup3 <no-dsa> (Minor issue)
 	[bookworm] - libsoup3 <no-dsa> (Minor issue)
@@ -88191,7 +88320,7 @@ CVE-2025-53713 (A vulnerability has been found in TP-Link TL-WR841N V11. The vul
 	NOT-FOR-US: TP-Link
 CVE-2025-53712 (A vulnerability has been found in TP-Link TL-WR841N V11. The vulnerabi ...)
 	NOT-FOR-US: TP-Link
-CVE-2025-53711 (A vulnerability has been found in TP-Link TL-WR841N V11. The vulnerabi ...)
+CVE-2025-53711 (A vulnerability has been found in TP-Link TL-WR841N v11, TL-WR842ND v2 ...)
 	NOT-FOR-US: TP-Link
 CVE-2025-53541 (Tuleap is an Open Source Suite created to facilitate management of sof ...)
 	NOT-FOR-US: Tuleap
@@ -920603,13 +920732,13 @@ CVE-2006-3972 (Directory traversal vulnerability in includes/operator_chattransc
 	NOT-FOR-US: Ajax Chat
 CVE-2006-3971 (Cross-site scripting (XSS) vulnerability in visitor/livesupport/chat.p ...)
 	NOT-FOR-US: Ajax Chat
-CVE-2006-10002 [Buffer overflow in XML::Parser::Expat triggered by utf8]
+CVE-2006-10002 (XML::Parser versions through 2.47 for Perl could overflow the pre-allo ...)
 	- libxml-parser-perl 2.34-4.2 (bug #378411; medium)
 	NOTE: https://lists.security.metacpan.org/cve-announce/msg/38106361/
 	NOTE: https://rt.cpan.org/Ticket/Display.html?id=19859
 	NOTE: https://github.com/cpan-authors/XML-Parser/issues/64
 	NOTE: Fixed by: https://github.com/cpan-authors/XML-Parser/commit/5361c2b7f48599718cdecbe50c5fdd88b28ffd79 (2.48)
-CVE-2006-10003 [Buffer overflow in XML::Parser::Expat triggered by deep nesting]
+CVE-2006-10003 (XML::Parser versions through 2.47 for Perl has an off-by-one heap buff ...)
 	- libxml-parser-perl 2.34-4.1 (bug #378412; medium)
 	NOTE: https://lists.security.metacpan.org/cve-announce/msg/38106362/
 	NOTE: https://rt.cpan.org/Ticket/Display.html?id=19860



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f755dc0104d80bf5c266d3034f4881afaf190ae4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f755dc0104d80bf5c266d3034f4881afaf190ae4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260319/987c2b8c/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list