Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
64955119 by Salvatore Bonaccorso at 2026-03-10T17:19:36+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -97,9 +97,9 @@ CVE-2026-30918 (facileManager is a modular suite of web apps
built with the sysa
CVE-2026-30917 (Bucket is a MediaWiki extension to store and retrieve
structured data ...)
NOT-FOR-US: Bucket MediaWiki extensiom
CVE-2026-30916 (Shescape is a simple shell escape library for JavaScript.
Prior to 2.1 ...)
- TODO: check
+ NOT-FOR-US: Shescape
CVE-2026-30913 (Flarum is open-source forum software. When the
flarum/nicknames extens ...)
- TODO: check
+ NOT-FOR-US: Flarum
CVE-2026-30887 (OneUptime is a solution for monitoring and managing online
services. P ...)
NOT-FOR-US: OneUptime
CVE-2026-30885 (WWBN AVideo is an open source video platform. Prior to 25.0,
the /obje ...)
@@ -157,9 +157,9 @@ CVE-2026-28686 (ImageMagick is free and open-source
software used for editing an
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-467j-76j7-5885
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/d622bd6023310d57cec1e8f265095a1979210371
(7.1.2-16)
CVE-2026-28513 (Pocket ID is an OIDC provider that allows users to
authenticate with t ...)
- TODO: check
+ NOT-FOR-US: Pocket ID OIDC provider
CVE-2026-28512 (Pocket ID is an OIDC provider that allows users to
authenticate with t ...)
- TODO: check
+ NOT-FOR-US: Pocket ID OIDC provider
CVE-2026-28494 (ImageMagick is free and open-source software used for editing
and mani ...)
- imagemagick <unfixed>
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-932h-jw47-73jm
@@ -169,15 +169,15 @@ CVE-2026-28493 (ImageMagick is free and open-source
software used for editing an
- imagemagick <unfixed>
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r39q-jr8h-gcq2
CVE-2026-28433 (Misskey is an open source, federated social media platform.
All Misske ...)
- TODO: check
+ NOT-FOR-US: Misskey
CVE-2026-28432 (Misskey is an open source, federated social media platform.
All Misske ...)
- TODO: check
+ NOT-FOR-US: Misskey
CVE-2026-28431 (Misskey is an open source, federated social media platform.
All Misske ...)
- TODO: check
+ NOT-FOR-US: Misskey
CVE-2026-28281 (InstantCMS is a free and open source content management
system. Prior ...)
- TODO: check
+ NOT-FOR-US: Instant CMS
CVE-2026-28267 (Multiple i-\u30d5\u30a3\u30eb\u30bf\u30fc products are
configured with ...)
- TODO: check
+ NOT-FOR-US: Digital Arts
CVE-2026-27689 (Due to an uncontrolled resource consumption (Denial of
Service) vulner ...)
NOT-FOR-US: SAP
CVE-2026-27688 (Due to a missing authorization check in SAP NetWeaver
Application Serv ...)
@@ -195,9 +195,9 @@ CVE-2026-26982 (Ghostty is a cross-platform terminal
emulator. Ghostty allows co
CVE-2026-25960 (vLLM is an inference and serving engine for large language
models (LLM ...)
TODO: check
CVE-2026-25737 (Budibase is a low code platform for creating internal tools,
workflows ...)
- TODO: check
+ NOT-FOR-US: Budibase
CVE-2026-25045 (Budibase is a low code platform for creating internal tools,
workflows ...)
- TODO: check
+ NOT-FOR-US: Budibase
CVE-2026-24317 (SAP GUI for Windows allows DLL files to be loaded from
arbitrary direc ...)
NOT-FOR-US: SAP
CVE-2026-24316 (SAP NetWeaver Application Server for ABAP provides an ABAP
Report for ...)
@@ -215,7 +215,7 @@ CVE-2026-1920 (The Booking Calendar for Appointments and
Service Businesses \u20
CVE-2026-1919 (The Booking Calendar for Appointments and Service Businesses
\u2013 Bo ...)
NOT-FOR-US: WordPress plugin
CVE-2026-1776 (Camaleon CMS versions 2.4.5.0 through 2.9.0, prior to commit
f54a77e, ...)
- TODO: check
+ NOT-FOR-US: Camaleon CMS
CVE-2026-1508 (The Court Reservation WordPress plugin before 1.10.9 does not
have CS ...)
NOT-FOR-US: WordPress plugin
CVE-2026-0953 (The Tutor LMS Pro plugin for WordPress is vulnerable to
authentication ...)
@@ -223,9 +223,9 @@ CVE-2026-0953 (The Tutor LMS Pro plugin for WordPress is
vulnerable to authentic
CVE-2026-0489 (Due to insufficient validation of user-controlled input in the
URLs qu ...)
NOT-FOR-US: SAP
CVE-2025-70973 (ScadaBR 1.12.4 is vulnerable to Session Fixation. The
application assi ...)
- TODO: check
+ NOT-FOR-US: ScadaBR
CVE-2025-70028 (An issue pertaining to CWE-22: Improper Limitation of a
Pathname to a ...)
- TODO: check
+ NOT-FOR-US: Sunbird-Ed SunbirdEd-portal
CVE-2025-36173 (Affected Product(s)Version(s)InfoSphere Data Architect9.2.1)
NOT-FOR-US: IBM
CVE-2025-36105 (IBM Planning Analytics Advanced Certified Containers 3.1.0
through 3.1 ...)
@@ -233,7 +233,7 @@ CVE-2025-36105 (IBM Planning Analytics Advanced Certified
Containers 3.1.0 throu
CVE-2025-2399 (Improper Validation of Specified Index, Position, or Offset in
Input v ...)
NOT-FOR-US: Mitsubishi
CVE-2025-15603 (A security vulnerability has been detected in open-webui up to
0.6.16. ...)
- TODO: check
+ NOT-FOR-US: open-webui
CVE-2025-11158 (Hitachi Vantara Pentaho Data Integration & Analytics versions
before 1 ...)
NOT-FOR-US: Hitachi Vantana
CVE-2026-3288 (A security issue was discovered in ingress-nginx where the
`nginx.ingr ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/649551194a6de2f00d1aa57627e4a0089dbc32b6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/649551194a6de2f00d1aa57627e4a0089dbc32b6
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
