Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
46de1a49 by Salvatore Bonaccorso at 2026-03-17T22:30:47+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -6,7 +6,7 @@ CVE-2026-4358 (A specially crafted aggregation query with
$lookup by an authenti
- mongodb <removed>
NOTE: https://jira.mongodb.org/browse/SERVER-118849
CVE-2026-4324 (A flaw was found in the Katello plugin for Red Hat Satellite.
This vul ...)
- TODO: check
+ NOT-FOR-US: Katello plugin for Red Hat Satellite
CVE-2026-4319 (A vulnerability was identified in code-projects Simple Food
Order Syst ...)
NOT-FOR-US: code-projects
CVE-2026-4318 (A vulnerability was determined in UTT HiPER 810G up to
1.7.7-171114. A ...)
@@ -32,13 +32,13 @@ CVE-2026-3888 (Local privilege escalation in snapd on Linux
allows local attacke
[bookworm] - snapd <no-dsa> (Minor issue; no automatic tmpfiles.d
cleanup)
NOTE: https://www.openwall.com/lists/oss-security/2026/03/17/8
CVE-2026-3564 (A condition in ScreenConnect may allow an actor with access to
server- ...)
- TODO: check
+ NOT-FOR-US: ScreenConnect
CVE-2026-3563 (Improper input validation in the apps and endpoints
configuration in P ...)
NOT-FOR-US: Devolutions
CVE-2026-3207 (Configuration issuein Java Management Extensions (JMX) in TIBCO
BPM En ...)
NOT-FOR-US: TIBCO
CVE-2026-32981 (A path traversal vulnerability was identified in Ray Dashboard
(defaul ...)
- TODO: check
+ NOT-FOR-US: Ray Dashboard
CVE-2026-32837 (miniaudio version 0.11.25 and earlier contain a heap
out-of-bounds rea ...)
TODO: check
CVE-2026-32836 (dr_libs version 0.13.3 and earlier contain an uncontrolled
memory allo ...)
@@ -46,33 +46,33 @@ CVE-2026-32836 (dr_libs version 0.13.3 and earlier contain
an uncontrolled memor
CVE-2026-32586 (Missing Authorization vulnerability in Pluggabl Booster for
WooCommerc ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-32298 (The Angeet ES3 KVM does not properly sanitize user-supplied
variables ...)
- TODO: check
+ NOT-FOR-US: Angeet ES3 KVM
CVE-2026-32297 (The Angeet ES3 KVM allows a remote, unauthenticated attacker
to write ...)
- TODO: check
+ NOT-FOR-US: Angeet ES3 KVM
CVE-2026-32296 (Sipeed NanoKVM before 2.3.1 exposes a Wi-Fi configuration
endpoint wit ...)
- TODO: check
+ NOT-FOR-US: Sipeed NanoKVM
CVE-2026-32295 (JetKVM before 0.5.4 does not rate limit login requests,
enabling brute ...)
- TODO: check
+ NOT-FOR-US: JetKVM
CVE-2026-32294 (JetKVM prior to 0.5.4 does not verify the authenticity of
downloaded f ...)
- TODO: check
+ NOT-FOR-US: JetKVM
CVE-2026-32293 (The GL-iNet Comet (GL-RM1) KVM connects to a GL-iNet site
during boot- ...)
- TODO: check
+ NOT-FOR-US: GL-iNet Comet (GL-RM1) KVM
CVE-2026-32292 (The GL-iNet Comet (GL-RM1) KVM web interface does not limit
login requ ...)
- TODO: check
+ NOT-FOR-US: GL-iNet Comet (GL-RM1) KVM
CVE-2026-32291 (The GL-iNet Comet (GL-RM1) KVM does not require authentication
on the ...)
- TODO: check
+ NOT-FOR-US: GL-iNet Comet (GL-RM1) KVM
CVE-2026-32290 (The GL-iNet Comet (GL-RM1) KVM does not sufficiently verify
the authen ...)
- TODO: check
+ NOT-FOR-US: GL-iNet Comet (GL-RM1) KVM
CVE-2026-30911 (Apache Airflow versions 3.1.0 through 3.1.7 missing
authorization vuln ...)
TODO: check
CVE-2026-30707 (An issue was discovered in SpeedExam Online Examination System
(SaaS) ...)
- TODO: check
+ NOT-FOR-US: SpeedExam Online Examination System (SaaS)
CVE-2026-28779 (Apache Airflow versions 3.1.0 through 3.1.7session token
(_token) in c ...)
TODO: check
CVE-2026-28563 (Apache Airflow versions 3.1.0 through 3.1.7 /ui/dependencies
endpoint ...)
TODO: check
CVE-2026-28506 (Outline is a service that allows for collaborative
documentation. Prio ...)
- TODO: check
+ NOT-FOR-US: Outline
CVE-2026-26929 (Apache Airflow versions 3.0.0 through 3.1.7FastAPI DagVersion
listing ...)
TODO: check
CVE-2026-25936 (GLPI is a free Asset and IT management software package.
Starting in v ...)
@@ -187,7 +187,7 @@ CVE-2026-2454 (Mattermost versions 11.3.x <= 11.3.0, 11.2.x
<= 11.2.2, 10.11.x <
CVE-2026-2373 (The Royal Addons for Elementor \u2013 Addons and Templates Kit
for Ele ...)
NOT-FOR-US: WordPress plugin
CVE-2026-29522 (ZwickRoell Test Data Management versions prior to3.0.8 contain
a local ...)
- TODO: check
+ NOT-FOR-US: ZwickRoell Test Data Management
CVE-2026-26230 (Mattermost versions 10.11.x <= 10.11.10 fail to properly
validate perm ...)
- mattermost-server <itp> (bug #823556)
CVE-2026-21991 (A DTrace component, dtprobed, allows arbitrary file creation
through c ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/46de1a491a56a5b6bc0d501ec7780dbd1f8a9207
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/46de1a491a56a5b6bc0d501ec7780dbd1f8a9207
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
