[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Mar 24 08:15:34 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2b3e2358 by security tracker role at 2026-03-24T08:13:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,25 +1,293 @@
-CVE-2026-4680
+CVE-2026-4756 (Out-of-bounds Write vulnerability in MolotovCherry Android-ImageMagick ...)
+ TODO: check
+CVE-2026-4755 (CWE-20 vulnerability in MolotovCherry Android-ImageMagick7.This issue ...)
+ TODO: check
+CVE-2026-4754 (CWE-79 vulnerability in MolotovCherry Android-ImageMagick7.This issue ...)
+ TODO: check
+CVE-2026-4753 (Out-of-bounds Read vulnerability in slajerek RetroDebugger.This issue ...)
+ TODO: check
+CVE-2026-4752 (Use After Free vulnerability in No-Chicken Echo-Mate.This issue affect ...)
+ TODO: check
+CVE-2026-4751 (NULL Pointer Dereference vulnerability in tmate-io tmate.This issue af ...)
+ TODO: check
+CVE-2026-4750 (Out-of-bounds Read vulnerability in fabiangreffrath woof.This issue af ...)
+ TODO: check
+CVE-2026-4749 (NVD-CWE-noinfo vulnerability in albfan miraclecast.This issue affects ...)
+ TODO: check
+CVE-2026-4746 (Out-of-bounds Write vulnerability in timeplus-io proton (base/poco/Fou ...)
+ TODO: check
+CVE-2026-4745 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
+ TODO: check
+CVE-2026-4744 (Out-of-bounds Read vulnerability in rizonesoft Notepad3 (scintilla/oni ...)
+ TODO: check
+CVE-2026-4743 (NULL Pointer Dereference vulnerability in taurusxin ncmdump (src/utils ...)
+ TODO: check
+CVE-2026-4742 (Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response S ...)
+ TODO: check
+CVE-2026-4741 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2026-4739 (Integer Overflow or Wraparound vulnerability in InsightSoftwareConsort ...)
+ TODO: check
+CVE-2026-4738 (Improper Restriction of Operations within the Bounds of a Memory Buffe ...)
+ TODO: check
+CVE-2026-4737 (Use After Free vulnerability in No-Chicken Echo-Mate (SDK/rv1106-sdk/s ...)
+ TODO: check
+CVE-2026-4736 (Improper Handling of Values vulnerability in No-Chicken Echo-Mate (SDK ...)
+ TODO: check
+CVE-2026-4735 (Deserialization of Untrusted Data vulnerability in DTStack chunjun (ch ...)
+ TODO: check
+CVE-2026-4734 (Improper Restriction of Operations within the Bounds of a Memory Buffe ...)
+ TODO: check
+CVE-2026-4733 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+ TODO: check
+CVE-2026-4732 (Out-of-bounds Read vulnerability in tildearrow furnace (extern/libsndf ...)
+ TODO: check
+CVE-2026-4731 (Integer Overflow or Wraparound vulnerability in artraweditor ART (rten ...)
+ TODO: check
+CVE-2026-4681 (A critical remote code execution (RCE) vulnerability has been reported ...)
+ TODO: check
+CVE-2026-4662 (The JetEngine plugin for WordPress is vulnerable to SQL Injection via ...)
+ TODO: check
+CVE-2026-4640 (Vitals ESP developed by Galaxy Software Services has a Missing Authent ...)
+ TODO: check
+CVE-2026-4639 (Vitals ESP developed by Galaxy Software Services has a Incorrect Autho ...)
+ TODO: check
+CVE-2026-4632 (A weakness has been identified in itsourcecode Online Enrollment Syste ...)
+ TODO: check
+CVE-2026-4627 (A vulnerability was found in D-Link DIR-825 and DIR-825R 1.0.5/4.5.1. ...)
+ TODO: check
+CVE-2026-4626 (A vulnerability has been found in projectworlds Lawyer Management Syst ...)
+ TODO: check
+CVE-2026-4625 (A flaw has been found in SourceCodester Online Admission System 1.0. T ...)
+ TODO: check
+CVE-2026-4624 (A vulnerability was detected in SourceCodester Online Library Manageme ...)
+ TODO: check
+CVE-2026-4623 (A security vulnerability has been detected in DefaultFuction Jeson-Cus ...)
+ TODO: check
+CVE-2026-4617 (A weakness has been identified in SourceCodester Patients Waiting Area ...)
+ TODO: check
+CVE-2026-4616 (A security flaw has been discovered in bolo-blog \uae4c\uc9c0 2.6.4. T ...)
+ TODO: check
+CVE-2026-4615 (A vulnerability was identified in SourceCodester Online Catering Reser ...)
+ TODO: check
+CVE-2026-4614 (A vulnerability was determined in itsourcecode sanitize or validate th ...)
+ TODO: check
+CVE-2026-4613 (A vulnerability was found in SourceCodester E-Commerce Site 1.0. This ...)
+ TODO: check
+CVE-2026-4612 (A vulnerability has been found in itsourcecode Free Hotel Reservation ...)
+ TODO: check
+CVE-2026-4611 (A flaw has been found in TOTOLINK X6000R 9.4.0cu.1360_B20241207/9.4.0c ...)
+ TODO: check
+CVE-2026-4597 (A security flaw has been discovered in 648540858 wvp-GB28181-pro up to ...)
+ TODO: check
+CVE-2026-4368 (Race Condition inNetScaler ADC and NetScaler Gateway when appliance is ...)
+ TODO: check
+CVE-2026-4306 (The WP Job Portal plugin for WordPress is vulnerable to SQL Injection ...)
+ TODO: check
+CVE-2026-4283 (The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to unauth ...)
+ TODO: check
+CVE-2026-4066 (The Smart Custom Fields plugin for WordPress is vulnerable to unauthor ...)
+ TODO: check
+CVE-2026-4056 (The User Registration & Membership plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2026-4021 (The Contest Gallery plugin for WordPress is vulnerable to an authentic ...)
+ TODO: check
+CVE-2026-4001 (The Woocommerce Custom Product Addons Pro plugin for WordPress is vuln ...)
+ TODO: check
+CVE-2026-3533 (The Jupiter X Core plugin for WordPress is vulnerable to limited file ...)
+ TODO: check
+CVE-2026-3509 (An unauthenticated remote attacker may be able to control the format s ...)
+ TODO: check
+CVE-2026-3260 (A flaw was found in Undertow. A remote attacker could exploit this vul ...)
+ TODO: check
+CVE-2026-3225 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vul ...)
+ TODO: check
+CVE-2026-3138 (The Product Filter for WooCommerce by WBW plugin for WordPress is vuln ...)
+ TODO: check
+CVE-2026-3079 (The LearnDash LMS plugin for WordPress is vulnerable to blind time-bas ...)
+ TODO: check
+CVE-2026-3055 (Insufficient input validation inNetScaler ADC and NetScaler Gateway wh ...)
+ TODO: check
+CVE-2026-33856 (Missing Release of Memory after Effective Lifetime vulnerability in Mo ...)
+ TODO: check
+CVE-2026-33855 (Integer Overflow or Wraparound vulnerability in MolotovCherry Android- ...)
+ TODO: check
+CVE-2026-33854 (Out-of-bounds Write vulnerability in MolotovCherry Android-ImageMagick ...)
+ TODO: check
+CVE-2026-33853 (NULL Pointer Dereference vulnerability in MolotovCherry Android-ImageM ...)
+ TODO: check
+CVE-2026-33852 (Missing Release of Memory after Effective Lifetime vulnerability in Mo ...)
+ TODO: check
+CVE-2026-33851 (Improper Restriction of Operations within the Bounds of a Memory Buffe ...)
+ TODO: check
+CVE-2026-33850 (Out-of-bounds Write vulnerability in WujekFoliarz DualSenseY-v2.This i ...)
+ TODO: check
+CVE-2026-33849 (Improper Restriction of Operations within the Bounds of a Memory Buffe ...)
+ TODO: check
+CVE-2026-33848 (Improper Restriction of Operations within the Bounds of a Memory Buffe ...)
+ TODO: check
+CVE-2026-33847 (Improper Restriction of Operations within the Bounds of a Memory Buffe ...)
+ TODO: check
+CVE-2026-33634 (Trivy is a security scanner. On March 19, 2026, a threat actor used co ...)
+ TODO: check
+CVE-2026-33320 (Dasel is a command-line tool and library for querying, modifying, and ...)
+ TODO: check
+CVE-2026-33308 (Mod_gnutls is a TLS module for Apache HTTPD based on GnuTLS. Prior to ...)
+ TODO: check
+CVE-2026-33307 (Mod_gnutls is a TLS module for Apache HTTPD based on GnuTLS. In versio ...)
+ TODO: check
+CVE-2026-33298 (llama.cpp is an inference of several LLM models in C/C++. Prior to b78 ...)
+ TODO: check
+CVE-2026-33290 (WPGraphQL provides a GraphQL API for WordPress sites. Prior to version ...)
+ TODO: check
+CVE-2026-33286 (Graphiti is a framework that sits on top of models and exposes them vi ...)
+ TODO: check
+CVE-2026-33283 (Ella Core is a 5G core designed for private networks. Versions prior t ...)
+ TODO: check
+CVE-2026-33282 (Ella Core is a 5G core designed for private networks. Versions prior t ...)
+ TODO: check
+CVE-2026-33281 (Ella Core is a 5G core designed for private networks. Versions prior t ...)
+ TODO: check
+CVE-2026-33252 (The Go MCP SDK used Go's standard encoding/json. Prior to version 1.4. ...)
+ TODO: check
+CVE-2026-33242 (Salvo is a Rust web framework. Versions 0.39.0 through 0.89.2 have a P ...)
+ TODO: check
+CVE-2026-33241 (Salvo is a Rust web framework. Prior to version 0.89.3, Salvo's form d ...)
+ TODO: check
+CVE-2026-33211 (Tekton Pipelines project provides k8s-style resources for declaring CI ...)
+ TODO: check
+CVE-2026-33202 (Active Storage allows users to attach cloud and local files in Rails a ...)
+ TODO: check
+CVE-2026-33195 (Active Storage allows users to attach cloud and local files in Rails a ...)
+ TODO: check
+CVE-2026-33176 (Active Support is a toolkit of support libraries and Ruby core extensi ...)
+ TODO: check
+CVE-2026-33174 (Active Storage allows users to attach cloud and local files in Rails a ...)
+ TODO: check
+CVE-2026-33173 (Active Storage allows users to attach cloud and local files in Rails a ...)
+ TODO: check
+CVE-2026-33170 (Active Support is a toolkit of support libraries and Ruby core extensi ...)
+ TODO: check
+CVE-2026-33169 (Active Support is a toolkit of support libraries and Ruby core extensi ...)
+ TODO: check
+CVE-2026-33168 (Action View provides conventions and helpers for building web pages wi ...)
+ TODO: check
+CVE-2026-33167 (Action Pack is a Rubygem for building web applications on the Rails fr ...)
+ TODO: check
+CVE-2026-33046 (Indico is an event management system that uses Flask-Multipass, a mult ...)
+ TODO: check
+CVE-2026-32913 (OpenClaw before 2026.3.7 contains an improper header validation vulner ...)
+ TODO: check
+CVE-2026-32912
+ REJECTED
+CVE-2026-32911
+ REJECTED
+CVE-2026-32910
+ REJECTED
+CVE-2026-32909
+ REJECTED
+CVE-2026-32908
+ REJECTED
+CVE-2026-32907
+ REJECTED
+CVE-2026-32904
+ REJECTED
+CVE-2026-32903
+ REJECTED
+CVE-2026-32902
+ REJECTED
+CVE-2026-32901
+ REJECTED
+CVE-2026-32900
+ REJECTED
+CVE-2026-32642 (Incorrect Authorization (CWE-863)vulnerability in Apache Artemis, Apac ...)
+ TODO: check
+CVE-2026-32300 (Connect-CMS is a content management system. In versions on the 1.x ser ...)
+ TODO: check
+CVE-2026-32299 (Connect-CMS is a content management system. In versions on the 1.x ser ...)
+ TODO: check
+CVE-2026-32279 (Connect-CMS is a content management system. In versions on the 1.x ser ...)
+ TODO: check
+CVE-2026-32278 (Connect-CMS is a content management system. In versions on the 1.x ser ...)
+ TODO: check
+CVE-2026-32277 (Connect-CMS is a content management system. In versions 1.35.0 through ...)
+ TODO: check
+CVE-2026-32276 (Connect-CMS is a content management system. In versions on the 1.x ser ...)
+ TODO: check
+CVE-2026-32066
+ REJECTED
+CVE-2026-32047
+ REJECTED
+CVE-2026-32012
+ REJECTED
+CVE-2026-2412 (The Quiz and Survey Master (QSM) plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2026-29111 (systemd, a system and service manager, (as PID 1) hits an assert and f ...)
+ TODO: check
+CVE-2026-28483
+ REJECTED
+CVE-2026-28455
+ REJECTED
+CVE-2026-27646 (OpenClaw versions prior to 2026.3.7 contain a sandbox escape vulnerabi ...)
+ TODO: check
+CVE-2026-27183 (OpenClaw versions prior to 2026.3.7 contain a shell approval gating by ...)
+ TODO: check
+CVE-2026-23882 (Blinko is an AI-powered card note-taking project. Prior to version 1.8 ...)
+ TODO: check
+CVE-2026-23488 (Blinko is an AI-powered card note-taking project. Prior to version 1.8 ...)
+ TODO: check
+CVE-2026-23487 (Blinko is an AI-powered card note-taking project. Prior to version 1.8 ...)
+ TODO: check
+CVE-2026-23486 (Blinko is an AI-powered card note-taking project. Prior to version 1.8 ...)
+ TODO: check
+CVE-2026-23485 (Blinko is an AI-powered card note-taking project. Prior to version 1.8 ...)
+ TODO: check
+CVE-2026-23484 (Blinko is an AI-powered card note-taking project. In versions from 1.8 ...)
+ TODO: check
+CVE-2026-23483 (Blinko is an AI-powered card note-taking project. In versions from 1.8 ...)
+ TODO: check
+CVE-2026-23482 (Blinko is an AI-powered card note-taking project. Prior to version 1.8 ...)
+ TODO: check
+CVE-2026-23481 (Blinko is an AI-powered card note-taking project. Prior to version 1.8 ...)
+ TODO: check
+CVE-2026-23480 (Blinko is an AI-powered card note-taking project. Prior to version 1.8 ...)
+ TODO: check
+CVE-2026-22739 (Vulnerability in Spring Cloud when substituting the profile parameter ...)
+ TODO: check
+CVE-2026-22173
+ REJECTED
+CVE-2025-60949 (Census CSWeb 8.0.1 allows "app/config" to be reachable via HTTP in som ...)
+ TODO: check
+CVE-2025-60948 (Census CSWeb 8.0.1 allows stored cross-site scripting in user supplied ...)
+ TODO: check
+CVE-2025-60947 (Census CSWeb 8.0.1 allows arbitrary file upload. A remote, authenticat ...)
+ TODO: check
+CVE-2025-60946 (Census CSWeb 8.0.1 allows arbitrary file path input. A remote, authent ...)
+ TODO: check
+CVE-2025-41660 (A low-privileged remote attacker may be able to replace the boot appli ...)
+ TODO: check
+CVE-2026-4680 (Use after free in FedCM in Google Chrome prior to 146.0.7680.165 allow ...)
- chromium 146.0.7680.164-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-4679
+CVE-2026-4679 (Integer overflow in Fonts in Google Chrome prior to 146.0.7680.165 all ...)
- chromium 146.0.7680.164-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-4678
+CVE-2026-4678 (Use after free in WebGPU in Google Chrome prior to 146.0.7680.165 allo ...)
- chromium 146.0.7680.164-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-4677
+CVE-2026-4677 (Inappropriate implementation in WebAudio in Google Chrome prior to 146 ...)
- chromium 146.0.7680.164-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-4676
+CVE-2026-4676 (Use after free in Dawn in Google Chrome prior to 146.0.7680.165 allowe ...)
- chromium 146.0.7680.164-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-4675
+CVE-2026-4675 (Heap buffer overflow in WebGL in Google Chrome prior to 146.0.7680.165 ...)
- chromium 146.0.7680.164-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-4674
+CVE-2026-4674 (Out of bounds read in CSS in Google Chrome prior to 146.0.7680.165 all ...)
- chromium 146.0.7680.164-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-4673
+CVE-2026-4673 (Heap buffer overflow in WebAudio in Google Chrome prior to 146.0.7680. ...)
- chromium 146.0.7680.164-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-4647 (A flaw was found in the GNU Binutils BFD library, a widely used compon ...)
@@ -439,7 +707,7 @@ CVE-2019-25591 (DNSS Domain Name Search Software 2.1.8 contains a buffer overflo
NOT-FOR-US: DNSS Domain Name Search Software
CVE-2019-25590 (Axessh 4.2 contains a denial of service vulnerability in the logging c ...)
NOT-FOR-US: Axessh
-CVE-2026-33306
+CVE-2026-33306 (bcrypt-ruby is a Ruby binding for the OpenBSD bcrypt() password hashin ...)
- ruby-bcrypt 3.1.22-1
NOTE: https://github.com/bcrypt-ruby/bcrypt-ruby/security/advisories/GHSA-f27w-vcwj-c954
NOTE: Fixed by: https://github.com/bcrypt-ruby/bcrypt-ruby/commit/5faa2748331d3edc661c127ef2fbb3afcb6b02a4 (v3.1.22)
@@ -590,7 +858,7 @@ CVE-2019-25545 (Terminal Services Manager 3.2.1 contains a local buffer overflow
NOT-FOR-US: Terminal Services Manager
CVE-2019-25544 (Pidgin 2.13.0 contains a denial of service vulnerability that allows l ...)
TODO: check
-CVE-2026-33250
+CVE-2026-33250 (Freeciv21 is a free open source, turn-based, empire-building strategy ...)
{DSA-6173-1}
- freeciv 3.2.4+ds-1 (bug #1131524)
NOTE: https://redmine.freeciv.org/issues/1955
@@ -6277,7 +6545,7 @@ CVE-2026-2921 (GStreamer RIFF Palette Integer Overflow Remote Code Execution Vul
- gst-plugins-base1.0 1.28.1-1
NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0004.html
NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/66d1f79c78b573db714434cf08e7531bed4f4473 (main)
-CVE-2026-1940
+CVE-2026-1940 (An incomplete fix for CVE-2024-47778 allows an out-of-bounds read in g ...)
- gst-plugins-good1.0 1.28.1-1
[trixie] - gst-plugins-good1.0 <no-dsa> (Minor issue)
[bookworm] - gst-plugins-good1.0 <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b3e23585d34c65ac8f40befac3b8e993df3b789
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b3e23585d34c65ac8f40befac3b8e993df3b789
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260324/769ce60e/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list