[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Mar 30 20:14:29 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
18bc31ec by security tracker role at 2026-03-30T19:14:20+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,165 @@
+CVE-2026-5170 (A user with access to the cluster with a limited set of privilege acti ...)
+	TODO: check
+CVE-2026-5165 (A flaw was found in virtio-win, specifically within the VirtIO Block ( ...)
+	TODO: check
+CVE-2026-5164 (A flaw was found in virtio-win. The `RhelDoUnMap()` function does not  ...)
+	TODO: check
+CVE-2026-5147 (A security flaw has been discovered in YunaiV yudao-cloud up to 2026.0 ...)
+	TODO: check
+CVE-2026-5128 (A sensitive information exposure vulnerability exists in ArthurFiorett ...)
+	TODO: check
+CVE-2026-5126 (A flaw has been found in SourceCodester RSS Feed Parser 1.0. Affected  ...)
+	TODO: check
+CVE-2026-5125 (A vulnerability was detected in raine consult-llm-mcp up to 2.5.3. Aff ...)
+	TODO: check
+CVE-2026-5124 (A security vulnerability has been detected in osrg GoBGP up to 4.3.0.  ...)
+	TODO: check
+CVE-2026-5123 (A weakness has been identified in osrg GoBGP up to 4.3.0. This impacts ...)
+	TODO: check
+CVE-2026-5122 (A security flaw has been discovered in osrg GoBGP up to 4.3.0. This af ...)
+	TODO: check
+CVE-2026-5121 (A flaw was found in libarchive. On 32-bit systems, an integer overflow ...)
+	TODO: check
+CVE-2026-4425
+	REJECTED
+CVE-2026-4416 (The Performance Library component of Gigabyte Control Center has an In ...)
+	TODO: check
+CVE-2026-4415 (Gigabyte Control Center developed by GIGABYTE has an Arbitrary File Wr ...)
+	TODO: check
+CVE-2026-4315 (A Cross-Site Request Forgery (CSRF) vulnerability in the WatchGuard Fi ...)
+	TODO: check
+CVE-2026-4266 (An Insecure Deserialization vulnerability in WatchGuard Fireware OS al ...)
+	TODO: check
+CVE-2026-4046 (The iconv() function in the GNU C Library versions 2.43 and earlier ma ...)
+	TODO: check
+CVE-2026-3991 (Symantec Data Loss Prevention Windows Endpoint, prior to 25.1 MP1, 16. ...)
+	TODO: check
+CVE-2026-3945 (An integer overflow vulnerability in the HTTP chunked transfer encodin ...)
+	TODO: check
+CVE-2026-3502 (TrueConf Client downloads application update code and applies it witho ...)
+	TODO: check
+CVE-2026-3321 (A vulnerability of authorization bypass through user-controlled key in ...)
+	TODO: check
+CVE-2026-34714 (Vim before 9.2.0272 allows code execution that happens immediately upo ...)
+	TODO: check
+CVE-2026-34472 (Unauthenticated credential disclosure in the wizard interface in ZTE Z ...)
+	TODO: check
+CVE-2026-33643 (SQL Injection vulnerability in SchemaHero 0.23.0 via the column parame ...)
+	TODO: check
+CVE-2026-33373 (An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. A ...)
+	TODO: check
+CVE-2026-33032 (Nginx UI is a web user interface for the Nginx web server. In versions ...)
+	TODO: check
+CVE-2026-33030 (Nginx UI is a web user interface for the Nginx web server. In versions ...)
+	TODO: check
+CVE-2026-33029 (Nginx UI is a web user interface for the Nginx web server. Prior to ve ...)
+	TODO: check
+CVE-2026-33028 (Nginx UI is a web user interface for the Nginx web server. Prior to ve ...)
+	TODO: check
+CVE-2026-33027 (Nginx UI is a web user interface for the Nginx web server. Prior to ve ...)
+	TODO: check
+CVE-2026-30566 (A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceC ...)
+	TODO: check
+CVE-2026-30565 (A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceC ...)
+	TODO: check
+CVE-2026-30564 (A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceC ...)
+	TODO: check
+CVE-2026-30563 (A Stored Cross-Site Scripting (XSS) vulnerability exists in SourceCode ...)
+	TODO: check
+CVE-2026-30562 (A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceC ...)
+	TODO: check
+CVE-2026-30561 (A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceC ...)
+	TODO: check
+CVE-2026-30560 (A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceC ...)
+	TODO: check
+CVE-2026-30559 (A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceC ...)
+	TODO: check
+CVE-2026-30558 (A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceC ...)
+	TODO: check
+CVE-2026-30557 (A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceC ...)
+	TODO: check
+CVE-2026-30556 (A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceC ...)
+	TODO: check
+CVE-2026-30082 (Multiple stored cross-site scripting (XSS) vulnerabilities in the Edit ...)
+	TODO: check
+CVE-2026-30077 (OpenAirInterface V2.2.0 AMF crashes when it fails to decode the messag ...)
+	TODO: check
+CVE-2026-2328 (An unauthenticated remote attacker can exploit insufficient input vali ...)
+	TODO: check
+CVE-2026-2287 (CrewAI does not properly check that Docker is still running during run ...)
+	TODO: check
+CVE-2026-2286 (CrewAI contains a server-side request forgery vulnerability that enabl ...)
+	TODO: check
+CVE-2026-2285 (CrewAI contains a arbitrary local file read vulnerability in the JSON  ...)
+	TODO: check
+CVE-2026-2275 (The CrewAI CodeInterpreter tool falls back to SandboxPython when it ca ...)
+	TODO: check
+CVE-2026-29954 (In KubePlus 4.1.4, the mutating webhook and kubeconfiggenerator compon ...)
+	TODO: check
+CVE-2026-29953 (SQL Injection vulnerability in SchemaHero 0.23.0 via the column parame ...)
+	TODO: check
+CVE-2026-29925 (Invoice Ninja v5.12.46 and v5.12.48 is vulnerable to Server-Side Reque ...)
+	TODO: check
+CVE-2026-29924 (Grav CMS v1.7.x and before is vulnerable to XML External Entity (XXE)  ...)
+	TODO: check
+CVE-2026-29909 (MRCMS V3.1.2 contains an unauthenticated directory enumeration vulnera ...)
+	TODO: check
+CVE-2026-29872 (A cross-session information disclosure vulnerability exists in the awe ...)
+	TODO: check
+CVE-2026-29597 (Incorrect access control in the file_details.asp endpoint of DDSN Inte ...)
+	TODO: check
+CVE-2026-28528 (BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds r ...)
+	TODO: check
+CVE-2026-28527 (BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds r ...)
+	TODO: check
+CVE-2026-28526 (BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds r ...)
+	TODO: check
+CVE-2026-27508 (Smoothwall Express versions prior to 3.1 Update 13 contain a reflected ...)
+	TODO: check
+CVE-2026-26352 (Smoothwall Express versions prior to 3.1 Update 13 contain a stored cr ...)
+	TODO: check
+CVE-2026-25704 (A Privilege Dropping / Lowering Errors/Time-of-check Time-of-use (TOCT ...)
+	TODO: check
+CVE-2026-1612 (AL-KO Robolinho Update Software has hard-coded AWS Access and Secret k ...)
+	TODO: check
+CVE-2025-66215 (OpenSC is an open source smart card tools and middleware. Prior to ver ...)
+	TODO: check
+CVE-2025-66038 (OpenSC is an open source smart card tools and middleware. Prior to ver ...)
+	TODO: check
+CVE-2025-66037 (OpenSC is an open source smart card tools and middleware. Prior to ver ...)
+	TODO: check
+CVE-2025-49010 (OpenSC is an open source smart card tools and middleware. Prior to ver ...)
+	TODO: check
+CVE-2025-3716 (User enumeration in ESET Protect (on-prem) viaResponse Timing.)
+	TODO: check
+CVE-2025-15379 (A command injection vulnerability exists in MLflow's model serving con ...)
+	TODO: check
+CVE-2019-25655 (Device Monitoring Studio 8.10.00.8925 contains a denial of service vul ...)
+	TODO: check
+CVE-2019-25654 (Core FTP/SFTP Server 1.2 contains a buffer overflow vulnerability that ...)
+	TODO: check
+CVE-2019-25653 (Navicat for Oracle 12.1.15 contains a denial of service vulnerability  ...)
+	TODO: check
+CVE-2018-25235 (NetworkActiv Web Server 4.0 contains a buffer overflow vulnerability i ...)
+	TODO: check
+CVE-2018-25234 (SmartFTP Client 9.0.2615.0 contains a denial of service vulnerability  ...)
+	TODO: check
+CVE-2018-25233 (WebDrive 18.00.5057 contains a denial of service vulnerability that al ...)
+	TODO: check
+CVE-2018-25232 (Softros LAN Messenger 9.2 contains a denial of service vulnerability t ...)
+	TODO: check
+CVE-2018-25231 (HeidiSQL 9.5.0.5196 contains a denial of service vulnerability that al ...)
+	TODO: check
+CVE-2018-25230 (Free IP Switcher 3.1 contains a buffer overflow vulnerability that all ...)
+	TODO: check
+CVE-2018-25229 (BulletProof FTP Server 2019.0.0.50 contains a denial of service vulner ...)
+	TODO: check
+CVE-2018-25228 (NetSetMan 4.7.1 contains a buffer overflow vulnerability in the Workgr ...)
+	TODO: check
+CVE-2018-25227 (Valentina Studio 9.0.4 contains a denial of service vulnerability that ...)
+	TODO: check
+CVE-2018-25226 (FTPShell Server 6.83 contains a buffer overflow vulnerability that all ...)
+	TODO: check
 CVE-2026-4981
 	NOT-FOR-US: Red Hat Advanced Cluster Security
 CVE-2026-XXXX [SVG Animate FUNCIRI Attribute Bypass]
@@ -3234,7 +3396,7 @@ CVE-2026-21713
 	- nodejs 22.22.2+dfsg+~cs22.19.15-1
 	NOTE: https://nodejs.org/en/blog/vulnerability/march-2026-security-releases#timing-side-channel-in-hmac-verification-via-memcmp-in-crypto_hmaccc-leads-to-potential-mac-forgery-cve-2026-21713---medium
 	NOTE: Fixed by: https://github.com/nodejs/node/commit/cfb51fa9ce1da2a8c810ec35bcc7c000f8c94faf (v20.20.2)
-CVE-2026-21712
+CVE-2026-21712 (A flaw in Node.js URL processing causes an assertion failure in native ...)
 	- nodejs <not-affected> (Vulnerable code not present)
 	NOTE: https://nodejs.org/en/blog/vulnerability/march-2026-security-releases#assertion-error-in-node_urlcc-via-malformed-url-format-leads-to-nodejs-crash-cve-2026-21712---medium
 CVE-2026-21711
@@ -5585,7 +5747,7 @@ CVE-2026-33063 (free5GC is an open source 5G core network. free5GC AUSF prior to
 	NOT-FOR-US: Free5GC
 CVE-2026-33062 (free5GC is an open source 5G core network. free5GC NRF prior to versio ...)
 	NOT-FOR-US: Free5GC
-CVE-2026-33061 (exactyl is a customisable game management panel and billing system. Co ...)
+CVE-2026-33061 (Jexactyl is a customisable game management panel and billing system. C ...)
 	NOT-FOR-US: exactyl
 CVE-2026-33060 (CKAN MCP Server is a tool for querying CKAN open data portals. Version ...)
 	NOT-FOR-US: CKAN MCP Server
@@ -5674,7 +5836,7 @@ CVE-2026-32938 (SiYuan is a personal knowledge management system. In versions 3.
 CVE-2026-32937 (free5GC is an open source 5G core network. free5GC CHF prior to versio ...)
 	NOT-FOR-US: Free5GC
 CVE-2026-32935 (phpseclib is a PHP secure communications library. Projects using versi ...)
-	{DSA-6187-1 DSA-6186-1 DSA-6185-1}
+	{DSA-6187-1 DSA-6186-1 DSA-6185-1 DLA-4518-1}
 	- php-phpseclib3 3.0.50-1 (bug #1131482)
 	- php-phpseclib 2.0.52-1 (bug #1131483)
 	- phpseclib 1.0.27-1 (bug #1131484)
@@ -18457,7 +18619,7 @@ CVE-2026-25318 (Missing Authorization vulnerability in Wisernotify team WiserRev
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-25316 (Deserialization of Untrusted Data vulnerability in Brainstorm Force Ca ...)
 	NOT-FOR-US: WordPress plugin or theme
-CVE-2026-25315 (Missing Authorization vulnerability in hcaptcha hCaptcha for WP hcaptc ...)
+CVE-2026-25315 (Improperly implemented security check vulnerability in KAGG hCaptcha f ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-25314 (Missing Authorization vulnerability in WP Messiah TOP Table Of Content ...)
 	NOT-FOR-US: WordPress plugin or theme
@@ -212001,6 +212163,7 @@ CVE-2024-22272 (VMware Cloud Director contains an Improper Privilege Management
 CVE-2024-22260 (VMware Workspace One UEM update addresses an information exposure vuln ...)
 	NOT-FOR-US: VMware
 CVE-2023-52892 (In phpseclib before 1.0.22, 2.x before 2.0.46, and 3.x before 3.0.33,  ...)
+	{DLA-4518-1}
 	- phpseclib 1.0.22-1
 	[bookworm] - phpseclib 1.0.20-1+deb12u3
 	- php-phpseclib 2.0.46-1
@@ -372751,11 +372914,11 @@ CVE-2022-34136
 	RESERVED
 CVE-2022-34135
 	RESERVED
-CVE-2022-34134 (Benjamin BALET Jorani v1.0 was discovered to contain a Cross-Site Requ ...)
+CVE-2022-34134 (Jorani v1.0 was discovered to contain a Cross-Site Request Forgery (CS ...)
 	NOT-FOR-US: Benjamin BALET Jorani
-CVE-2022-34133 (Benjamin BALET Jorani v1.0 was discovered to contain a cross-site scri ...)
+CVE-2022-34133 (Jorani v1.0 was discovered to contain a cross-site scripting (XSS) vul ...)
 	NOT-FOR-US: Benjamin BALET Jorani
-CVE-2022-34132 (Benjamin BALET Jorani v1.0 was discovered to contain a SQL injection v ...)
+CVE-2022-34132 (Jorani v1.0 was discovered to contain a SQL injection vulnerability vi ...)
 	NOT-FOR-US: Benjamin BALET Jorani
 CVE-2022-34131
 	RESERVED



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18bc31ece45d844d3c62ec87fb3d578f5eda13a1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18bc31ece45d844d3c62ec87fb3d578f5eda13a1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260330/1454566b/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list