Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
410a0977 by security tracker role at 2026-03-18T08:14:01+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,181 @@
+CVE-2026-4366 (A flaw was identified in Keycloak, an identity and access
management s ...)
+ TODO: check
+CVE-2026-4356 (A flaw has been found in itsourcecode University Management
System 1.0 ...)
+ TODO: check
+CVE-2026-4355 (A vulnerability was detected in Portabilis i-Educar 2.11. This
impacts ...)
+ TODO: check
+CVE-2026-4354 (A vulnerability was identified in TRENDnet TEW-824DRU
1.010B01/1.04B01 ...)
+ TODO: check
+CVE-2026-4349 (A vulnerability was determined in Duende IdentityServer 4. The
affecte ...)
+ TODO: check
+CVE-2026-4268 (The WP Go Maps (formerly WP Google Maps) plugin for WordPress
is vulne ...)
+ TODO: check
+CVE-2026-3856 (IBM Db2 Recovery Expert for Linux, UNIX and Windows 5.5 IF 2
could all ...)
+ TODO: check
+CVE-2026-3512 (The Writeprint Stylometry plugin for WordPress is vulnerable to
Reflec ...)
+ TODO: check
+CVE-2026-33189
+ REJECTED
+CVE-2026-33188
+ REJECTED
+CVE-2026-33187
+ REJECTED
+CVE-2026-33058 (Kanboard is project management software focused on Kanban
methodology. ...)
+ TODO: check
+CVE-2026-32842 (Edimax GS-5008PL firmware version 1.00.54 and prior contain an
insecur ...)
+ TODO: check
+CVE-2026-32841 (Edimax GS-5008PL firmware version 1.00.54 and prior contain an
authent ...)
+ TODO: check
+CVE-2026-32840 (Edimax GS-5008PL firmware version 1.00.54 and prior contain a
stored c ...)
+ TODO: check
+CVE-2026-32839 (Edimax GS-5008PL firmware version 1.00.54 and prior contain a
cross-si ...)
+ TODO: check
+CVE-2026-32838 (Edimax GS-5008PL firmware version 1.00.54 and prior use
cleartext HTTP ...)
+ TODO: check
+CVE-2026-32608 (Glances is an open-source system cross-platform monitoring
tool. The G ...)
+ TODO: check
+CVE-2026-32606 (IncusOS is an immutable OS image dedicated to running Incus.
Prior to ...)
+ TODO: check
+CVE-2026-32596 (Glances is an open-source system cross-platform monitoring
tool. Prior ...)
+ TODO: check
+CVE-2026-32268 (The Azure Blob Storage for Craft CMS plugin provides an Azure
Blob Sto ...)
+ TODO: check
+CVE-2026-32266 (The Google Cloud Storage for Craft CMS plugin provides a
Google Cloud ...)
+ TODO: check
+CVE-2026-32265 (The Amazon S3 for Craft CMS plugin provides an Amazon S3
integration f ...)
+ TODO: check
+CVE-2026-32256 (music-metadata is a metadata parser for audio and video media
files. P ...)
+ TODO: check
+CVE-2026-32254 (Kube-router is a turnkey solution for Kubernetes networking.
Prior to ...)
+ TODO: check
+CVE-2026-31938 (jsPDF is a library to generate PDFs in JavaScript. Prior to
version 4. ...)
+ TODO: check
+CVE-2026-31898 (jsPDF is a library to generate PDFs in JavaScript. Prior to
version 4. ...)
+ TODO: check
+CVE-2026-31891 (Cockpit is a headless content management system. Any Cockpit
CMS insta ...)
+ TODO: check
+CVE-2026-31865 (Elysia is a Typescript framework for request validation, type
inferenc ...)
+ TODO: check
+CVE-2026-30922 (pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3,
the `pya ...)
+ TODO: check
+CVE-2026-30884 (mdjnelson/moodle-mod_customcert is a Moodle plugin for
creating dynami ...)
+ TODO: check
+CVE-2026-2809 (Netskope was notified about a potential gap in its Endpoint DLP
Module ...)
+ TODO: check
+CVE-2026-29112 (DiceBear is an avatar library for designers and developers.
Prior to v ...)
+ TODO: check
+CVE-2026-29057 (Next.js is a React framework for building full-stack web
applications. ...)
+ TODO: check
+CVE-2026-29056 (Kanboard is project management software focused on Kanban
methodology. ...)
+ TODO: check
+CVE-2026-28674 (xiaoheiFS is a self-hosted financial and operational system
for cloud ...)
+ TODO: check
+CVE-2026-28673 (xiaoheiFS is a self-hosted financial and operational system
for cloud ...)
+ TODO: check
+CVE-2026-28500 (Open Neural Network Exchange (ONNX) is an open standard for
machine le ...)
+ TODO: check
+CVE-2026-28499 (LeafKit is a templating language with Swift-inspired syntax.
Prior to ...)
+ TODO: check
+CVE-2026-27980 (Next.js is a React framework for building full-stack web
applications. ...)
+ TODO: check
+CVE-2026-27979 (Next.js is a React framework for building full-stack web
applications. ...)
+ TODO: check
+CVE-2026-27978 (Next.js is a React framework for building full-stack web
applications. ...)
+ TODO: check
+CVE-2026-27977 (Next.js is a React framework for building full-stack web
applications. ...)
+ TODO: check
+CVE-2026-27895 (LDAP Account Manager (LAM) is a webfrontend for managing
entries (e.g. ...)
+ TODO: check
+CVE-2026-27894 (LDAP Account Manager (LAM) is a webfrontend for managing
entries (e.g. ...)
+ TODO: check
+CVE-2026-27811 (Roxy-WI is a web interface for managing Haproxy, Nginx, Apache
and Kee ...)
+ TODO: check
+CVE-2026-27545 (OpenClaw versions prior to 2026.2.26 contain an approval
bypass vulner ...)
+ TODO: check
+CVE-2026-27524 (OpenClaw versions prior to 2026.2.21 accept prototype-reserved
keys in ...)
+ TODO: check
+CVE-2026-27523 (OpenClaw versions prior to 2026.2.24 contain a sandbox bind
validation ...)
+ TODO: check
+CVE-2026-27522 (OpenClaw versions prior to 2026.2.24 contain a local media
root bypass ...)
+ TODO: check
+CVE-2026-27459 (pyOpenSSL is a Python wrapper around the OpenSSL library.
Starting in ...)
+ TODO: check
+CVE-2026-27448 (pyOpenSSL is a Python wrapper around the OpenSSL library.
Starting in ...)
+ TODO: check
+CVE-2026-26004 (Sentry is a developer-first error tracking and performance
monitoring ...)
+ TODO: check
+CVE-2026-26001 (The GLPI Inventory Plugin handles network discovery,
inventory, softwa ...)
+ TODO: check
+CVE-2026-25937 (GLPI is a free Asset and IT management software package.
Starting in v ...)
+ TODO: check
+CVE-2026-22730 (A critical SQL injection vulnerability in Spring AI's
MariaDBFilterExp ...)
+ TODO: check
+CVE-2026-22729 (A JSONPath injection vulnerability in Spring AI's
AbstractFilterExpres ...)
+ TODO: check
+CVE-2026-22727 (Unprotected internal endpoints in Cloud Foundry Capi Release
1.226.0 a ...)
+ TODO: check
+CVE-2026-22323 (A CSRF vulnerability in the Link Aggregation configuration
interface a ...)
+ TODO: check
+CVE-2026-22322 (A stored cross\u2011site scripting (XSS) vulnerability in the
Link Agg ...)
+ TODO: check
+CVE-2026-22321 (A stack-based buffer overflow in the device's Telnet/SSH CLI
login rou ...)
+ TODO: check
+CVE-2026-22320 (A stack-based buffer overflow in the CLI's TFTP
file\u2011transfer com ...)
+ TODO: check
+CVE-2026-22319 (A stack-based buffer overflow in the device's file
installation workfl ...)
+ TODO: check
+CVE-2026-22318 (A stack-based buffer overflow vulnerability in the device's
file trans ...)
+ TODO: check
+CVE-2026-22317 (A command injection vulnerability in the device\u2019s Root CA
certifi ...)
+ TODO: check
+CVE-2026-22316 (A remote attacker with user privileges for the webUI can use
the setti ...)
+ TODO: check
+CVE-2026-22217 (OpenClaw version 2026.2.22 prior to 2026.2.23 contain an
arbitrary cod ...)
+ TODO: check
+CVE-2026-22181 (OpenClaw versions prior to 2026.3.2 contain a DNS pinning
bypass vulne ...)
+ TODO: check
+CVE-2026-22180 (OpenClaw versions prior to 2026.3.2 contain a path-confinement
bypass ...)
+ TODO: check
+CVE-2026-22179 (OpenClaw versions prior to 2026.2.22 in macOS node-host
system.run con ...)
+ TODO: check
+CVE-2026-22178 (OpenClaw versions prior to 2026.2.19 construct RegExp objects
directly ...)
+ TODO: check
+CVE-2026-22177 (OpenClaw versions prior to 2026.2.21 fail to filter dangerous
process- ...)
+ TODO: check
+CVE-2026-22175 (OpenClaw versions prior to 2026.2.23 contain an exec approval
bypass v ...)
+ TODO: check
+CVE-2026-22174 (OpenClaw versions prior to 2026.2.22 inject the
x-OpenClaw-relay-token ...)
+ TODO: check
+CVE-2026-22171 (OpenClaw versions prior to 2026.2.19 contain a path traversal
vulnerab ...)
+ TODO: check
+CVE-2026-22170 (OpenClaw versions prior to 2026.2.22 with the optional
BlueBubbles plu ...)
+ TODO: check
+CVE-2026-22169 (OpenClaw versions prior to 2026.2.22 contain an allowlist
bypass vulne ...)
+ TODO: check
+CVE-2026-22168 (OpenClaw versions prior to 2026.2.21 contain an
approval-integrity mis ...)
+ TODO: check
+CVE-2026-21994 (Vulnerability in the Oracle Edge Cloud Infrastructure Designer
and Vis ...)
+ TODO: check
+CVE-2026-20643 (A cross-origin issue in the Navigation API was addressed with
improved ...)
+ TODO: check
+CVE-2026-1926 (The Subscriptions for WooCommerce plugin for WordPress is
vulnerable t ...)
+ TODO: check
+CVE-2026-1780 (The [CR]Paid Link Manager plugin for WordPress is vulnerable to
Reflec ...)
+ TODO: check
+CVE-2026-1376 (IBM i 7.6 could allow a remote attacker to cause a denial of
service u ...)
+ TODO: check
+CVE-2026-1267 (IBM Planning Analytics Local 2.1.0 through 2.1.17 could allow
an unaut ...)
+ TODO: check
+CVE-2026-1264 (IBM Sterling B2B Integratorand IBM Sterling File Gateway6.1.0.0
throug ...)
+ TODO: check
+CVE-2025-31703 (A vulnerability found in Dahua NVR/XVR device. A third-party
malicious ...)
+ TODO: check
+CVE-2025-15363 (The Get Use APIs WordPress plugin before 2.0.10 executes
imported JSO ...)
+ TODO: check
+CVE-2025-14806 (IBM Planning Analytics Local 2.1.0 through 2.1.17 could allow
an attac ...)
+ TODO: check
+CVE-2025-14031 (IBM Sterling B2B Integrator andand IBM Sterling File
Gateway6.1.0.0 th ...)
+ TODO: check
CVE-2026-3312
- pagure <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2443259
@@ -4576,9 +4754,9 @@ CVE-2026-27137 (When verifying a certificate chain which
contains a certificate
NOTE: Fixed by:
https://github.com/golang/go/commit/a761c9ff70fec8e1089897eebd104a8f31cff2d3
(go1.26.1)
CVE-2026-3234 (A flaw was found in mod_proxy_cluster. This vulnerability, a
Carriage ...)
- libapache2-mod-cluster <itp> (bug #731410)
-CVE-2026-2603
+CVE-2026-2603 (A flaw was found in Keycloak. A remote attacker could bypass
security ...)
- keycloak <itp> (bug #1088287)
-CVE-2026-2092
+CVE-2026-2092 (A flaw was found in Keycloak. Keycloak's Security Assertion
Markup Lan ...)
- keycloak <itp> (bug #1088287)
CVE-2026-3616 (A vulnerability was detected in DefaultFuction Jeson Customer
Relation ...)
NOT-FOR-US: Jeson Customer Relationship Management System
@@ -12532,7 +12710,7 @@ CVE-2026-2604
- evolution-data-server 3.56.2-8 (bug #1128332)
NOTE: https://gitlab.gnome.org/GNOME/evolution-data-server/-/issues/627
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/evolution-data-server/-/commit/afa12b6ba502e5acaa431415aa3b939ddb377382
-CVE-2026-2575
+CVE-2026-2575 (A flaw was found in Keycloak. An unauthenticated remote
attacker can t ...)
- keycloak <itp> (bug #1088287)
CVE-2026-2574
- glib-networking <unfixed> (unimportant)
@@ -170395,6 +170573,7 @@ CVE-2024-49393 (In neomutt and mutt, the To and Cc
email headers are not validat
NOTE: Reading protected value since:
https://github.com/neomutt/neomutt/commit/06f8ff5a97ecc4763d52f75b9aedf80578fe1404
(20241002)
NOTE: Protected headers introduced in mutt 1.12
CVE-2024-11079 (A flaw was found in Ansible-Core. This vulnerability allows
attackers ...)
+ {DLA-4502-1}
- ansible-core 2.18.0-2 (bug #1088106)
[bookworm] - ansible-core 2.14.18-0+deb12u1
- ansible 5.4.0-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/410a09775f72b4fa3ae1c3548d5d53961e719439
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/410a09775f72b4fa3ae1c3548d5d53961e719439
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
