Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d26eb727 by security tracker role at 2026-03-18T08:14:53+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,19 +1,19 @@
CVE-2026-4366 (A flaw was identified in Keycloak, an identity and access
management s ...)
TODO: check
CVE-2026-4356 (A flaw has been found in itsourcecode University Management
System 1.0 ...)
- TODO: check
+ NOT-FOR-US: itsourcecode System
CVE-2026-4355 (A vulnerability was detected in Portabilis i-Educar 2.11. This
impacts ...)
- TODO: check
+ NOT-FOR-US: Portabilis
CVE-2026-4354 (A vulnerability was identified in TRENDnet TEW-824DRU
1.010B01/1.04B01 ...)
- TODO: check
+ NOT-FOR-US: TRENDnet
CVE-2026-4349 (A vulnerability was determined in Duende IdentityServer 4. The
affecte ...)
TODO: check
CVE-2026-4268 (The WP Go Maps (formerly WP Google Maps) plugin for WordPress
is vulne ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3856 (IBM Db2 Recovery Expert for Linux, UNIX and Windows 5.5 IF 2
could all ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-3512 (The Writeprint Stylometry plugin for WordPress is vulnerable to
Reflec ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-33189
REJECTED
CVE-2026-33188
@@ -61,11 +61,11 @@ CVE-2026-30922 (pyasn1 is a generic ASN.1 library for
Python. Prior to 0.6.3, th
CVE-2026-30884 (mdjnelson/moodle-mod_customcert is a Moodle plugin for
creating dynami ...)
TODO: check
CVE-2026-2809 (Netskope was notified about a potential gap in its Endpoint DLP
Module ...)
- TODO: check
+ NOT-FOR-US: Netskope
CVE-2026-29112 (DiceBear is an avatar library for designers and developers.
Prior to v ...)
TODO: check
CVE-2026-29057 (Next.js is a React framework for building full-stack web
applications. ...)
- TODO: check
+ NOT-FOR-US: Next.js
CVE-2026-29056 (Kanboard is project management software focused on Kanban
methodology. ...)
TODO: check
CVE-2026-28674 (xiaoheiFS is a self-hosted financial and operational system
for cloud ...)
@@ -77,13 +77,13 @@ CVE-2026-28500 (Open Neural Network Exchange (ONNX) is an
open standard for mach
CVE-2026-28499 (LeafKit is a templating language with Swift-inspired syntax.
Prior to ...)
TODO: check
CVE-2026-27980 (Next.js is a React framework for building full-stack web
applications. ...)
- TODO: check
+ NOT-FOR-US: Next.js
CVE-2026-27979 (Next.js is a React framework for building full-stack web
applications. ...)
- TODO: check
+ NOT-FOR-US: Next.js
CVE-2026-27978 (Next.js is a React framework for building full-stack web
applications. ...)
- TODO: check
+ NOT-FOR-US: Next.js
CVE-2026-27977 (Next.js is a React framework for building full-stack web
applications. ...)
- TODO: check
+ NOT-FOR-US: Next.js
CVE-2026-27895 (LDAP Account Manager (LAM) is a webfrontend for managing
entries (e.g. ...)
TODO: check
CVE-2026-27894 (LDAP Account Manager (LAM) is a webfrontend for managing
entries (e.g. ...)
@@ -91,13 +91,13 @@ CVE-2026-27894 (LDAP Account Manager (LAM) is a webfrontend
for managing entries
CVE-2026-27811 (Roxy-WI is a web interface for managing Haproxy, Nginx, Apache
and Kee ...)
TODO: check
CVE-2026-27545 (OpenClaw versions prior to 2026.2.26 contain an approval
bypass vulner ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-27524 (OpenClaw versions prior to 2026.2.21 accept prototype-reserved
keys in ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-27523 (OpenClaw versions prior to 2026.2.24 contain a sandbox bind
validation ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-27522 (OpenClaw versions prior to 2026.2.24 contain a local media
root bypass ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-27459 (pyOpenSSL is a Python wrapper around the OpenSSL library.
Starting in ...)
TODO: check
CVE-2026-27448 (pyOpenSSL is a Python wrapper around the OpenSSL library.
Starting in ...)
@@ -131,51 +131,51 @@ CVE-2026-22317 (A command injection vulnerability in the
device\u2019s Root CA c
CVE-2026-22316 (A remote attacker with user privileges for the webUI can use
the setti ...)
TODO: check
CVE-2026-22217 (OpenClaw version 2026.2.22 prior to 2026.2.23 contain an
arbitrary cod ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-22181 (OpenClaw versions prior to 2026.3.2 contain a DNS pinning
bypass vulne ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-22180 (OpenClaw versions prior to 2026.3.2 contain a path-confinement
bypass ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-22179 (OpenClaw versions prior to 2026.2.22 in macOS node-host
system.run con ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-22178 (OpenClaw versions prior to 2026.2.19 construct RegExp objects
directly ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-22177 (OpenClaw versions prior to 2026.2.21 fail to filter dangerous
process- ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-22175 (OpenClaw versions prior to 2026.2.23 contain an exec approval
bypass v ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-22174 (OpenClaw versions prior to 2026.2.22 inject the
x-OpenClaw-relay-token ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-22171 (OpenClaw versions prior to 2026.2.19 contain a path traversal
vulnerab ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-22170 (OpenClaw versions prior to 2026.2.22 with the optional
BlueBubbles plu ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-22169 (OpenClaw versions prior to 2026.2.22 contain an allowlist
bypass vulne ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-22168 (OpenClaw versions prior to 2026.2.21 contain an
approval-integrity mis ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-21994 (Vulnerability in the Oracle Edge Cloud Infrastructure Designer
and Vis ...)
TODO: check
CVE-2026-20643 (A cross-origin issue in the Navigation API was addressed with
improved ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-1926 (The Subscriptions for WooCommerce plugin for WordPress is
vulnerable t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1780 (The [CR]Paid Link Manager plugin for WordPress is vulnerable to
Reflec ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1376 (IBM i 7.6 could allow a remote attacker to cause a denial of
service u ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-1267 (IBM Planning Analytics Local 2.1.0 through 2.1.17 could allow
an unaut ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-1264 (IBM Sterling B2B Integratorand IBM Sterling File Gateway6.1.0.0
throug ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-31703 (A vulnerability found in Dahua NVR/XVR device. A third-party
malicious ...)
- TODO: check
+ NOT-FOR-US: Dahua
CVE-2025-15363 (The Get Use APIs WordPress plugin before 2.0.10 executes
imported JSO ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14806 (IBM Planning Analytics Local 2.1.0 through 2.1.17 could allow
an attac ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-14031 (IBM Sterling B2B Integrator andand IBM Sterling File
Gateway6.1.0.0 th ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-3312
- pagure <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2443259
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d26eb7278c8e55692aa6e785561937d0a171c133
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d26eb7278c8e55692aa6e785561937d0a171c133
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
