[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Tue, 17 Mar 2026 01:13:43 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
623a0044 by security tracker role at 2026-03-17T08:13:20+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,42 @@
-CVE-2026-4177 [heap buffer overflow in the YAML emitter]
+CVE-2026-4312 (GCB/FCB Audit Software developed by DrangSoft has a Missing 
Authentica ...)
+       TODO: check
+CVE-2026-4308 (A weakness has been identified in frdel/agent0ai agent-zero 
0.9.7. Thi ...)
+       TODO: check
+CVE-2026-4307 (A security flaw has been discovered in frdel/agent0ai 
agent-zero 0.9.7 ...)
+       TODO: check
+CVE-2026-4289 (A security vulnerability has been detected in Tiandy Easy7 
Integrated  ...)
+       TODO: check
+CVE-2026-4288 (A weakness has been identified in Tiandy Easy7 Integrated 
Management P ...)
+       TODO: check
+CVE-2026-4287 (A security flaw has been discovered in Tiandy Easy7 Integrated 
Managem ...)
+       TODO: check
+CVE-2026-4285 (A vulnerability was identified in taoofagi easegen-admin up to 
8f87936 ...)
+       TODO: check
+CVE-2026-4284 (A vulnerability was determined in taoofagi easegen-admin up to 
8f87936 ...)
+       TODO: check
+CVE-2026-4258 (All versions of the package sjcl are vulnerable to Improper 
Verificati ...)
+       TODO: check
+CVE-2026-3237 (In affected versions of Octopus Server it was possible for a 
low privi ...)
+       TODO: check
+CVE-2026-2579 (The WowStore \u2013 Store Builder & Product Blocks for 
WooCommerce plu ...)
+       TODO: check
+CVE-2026-2454 (Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x 
<= 10. ...)
+       TODO: check
+CVE-2026-2373 (The Royal Addons for Elementor \u2013 Addons and Templates Kit 
for Ele ...)
+       TODO: check
+CVE-2026-29522 (ZwickRoell Test Data Management versions prior to3.0.8 contain 
a local ...)
+       TODO: check
+CVE-2026-26230 (Mattermost versions 10.11.x <= 10.11.10 fail to properly 
validate perm ...)
+       TODO: check
+CVE-2026-21991 (A DTrace component, dtprobed, allows arbitrary file creation 
through c ...)
+       TODO: check
+CVE-2026-1629 (Mattermost versions 10.11.x <= 10.11.10 Fail to invalidate 
cached perm ...)
+       TODO: check
+CVE-2025-69902 (A command injection vulnerability in the minimal_wrapper.py 
component  ...)
+       TODO: check
+CVE-2025-50881 (The `flow/admin/moniteur.php` script in Use It Flow 
administration web ...)
+       TODO: check
+CVE-2026-4177 (YAML::Syck versions through 1.36 for Perl has several potential 
securi ...)
        - libyaml-syck-perl 1.36-2
        NOTE: https://lists.security.metacpan.org/cve-announce/msg/38035745/
        NOTE: 
https://github.com/cpan-authors/YAML-Syck/commit/e8844a31c8cf0052914b198fc784ed4e6b8ae69e
@@ -1470,7 +1508,7 @@ CVE-2025-66955 (Local File Inclusion in Contact Plan, 
E-Mail, SMS and Fax compon
        NOT-FOR-US: Asseco SEE Live
 CVE-2025-61154 (Heap buffer overflow vulnerability in LibreDWG versions 
v0.13.3.7571 u ...)
        - libredwg <itp> (bug #595191)
-CVE-2025-13913 (Inductive Automation Ignition Softwareis vulnerable to an 
unauthentica ...)
+CVE-2025-13913 (If an Ignition user imports an external file with a specially 
crafted  ...)
        NOT-FOR-US: Inductive Automation Ignition Software
 CVE-2025-13462 (The "tarfile" module would still apply normalization of 
AREGTYPE (\x00 ...)
        TODO: check
@@ -24851,7 +24889,7 @@ CVE-2026-22797 (An issue was discovered in OpenStack 
keystonemiddleware 10.5 thr
        NOTE: https://www.openwall.com/lists/oss-security/2026/01/15/1
        NOTE: https://bugs.launchpad.net/keystonemiddleware/+bug/2129018
        NOTE: Introduced with: 
https://github.com/openstack/keystonemiddleware/commit/de15a610e160defb367b224258498727384d10a8
 (10.5.0)
-CVE-2026-0708
+CVE-2026-0708 (A flaw was found in libucl. A remote attacker could exploit 
this by pr ...)
        NOTE: https://github.com/vstakhov/libucl/issues/323
        TODO: check if impacts security wise rspamd, which embeds libucl and 
uses it a compile time
 CVE-2026-0871 (A flaw was found in Keycloak. An administrator with 
`manage-users` per ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/623a00442a19d7288cd122b5b0b28cb59d70a80d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/623a00442a19d7288cd122b5b0b28cb59d70a80d
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to