Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0b0e1570 by Moritz Muehlenhoff at 2026-03-18T09:59:54+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
CVE-2026-4366 (A flaw was identified in Keycloak, an identity and access
management s ...)
- TODO: check
+ - keycloak <itp> (bug #1088287)
CVE-2026-4356 (A flaw has been found in itsourcecode University Management
System 1.0 ...)
NOT-FOR-US: itsourcecode System
CVE-2026-4355 (A vulnerability was detected in Portabilis i-Educar 2.11. This
impacts ...)
@@ -7,7 +7,7 @@ CVE-2026-4355 (A vulnerability was detected in Portabilis
i-Educar 2.11. This im
CVE-2026-4354 (A vulnerability was identified in TRENDnet TEW-824DRU
1.010B01/1.04B01 ...)
NOT-FOR-US: TRENDnet
CVE-2026-4349 (A vulnerability was determined in Duende IdentityServer 4. The
affecte ...)
- TODO: check
+ NOT-FOR-US: Duende IdentityServer
CVE-2026-4268 (The WP Go Maps (formerly WP Google Maps) plugin for WordPress
is vulne ...)
NOT-FOR-US: WordPress plugin
CVE-2026-3856 (IBM Db2 Recovery Expert for Linux, UNIX and Windows 5.5 IF 2
could all ...)
@@ -23,15 +23,15 @@ CVE-2026-33187
CVE-2026-33058 (Kanboard is project management software focused on Kanban
methodology. ...)
TODO: check
CVE-2026-32842 (Edimax GS-5008PL firmware version 1.00.54 and prior contain an
insecur ...)
- TODO: check
+ NOT-FOR-US: Edimax
CVE-2026-32841 (Edimax GS-5008PL firmware version 1.00.54 and prior contain an
authent ...)
- TODO: check
+ NOT-FOR-US: Edimax
CVE-2026-32840 (Edimax GS-5008PL firmware version 1.00.54 and prior contain a
stored c ...)
- TODO: check
+ NOT-FOR-US: Edimax
CVE-2026-32839 (Edimax GS-5008PL firmware version 1.00.54 and prior contain a
cross-si ...)
- TODO: check
+ NOT-FOR-US: Edimax
CVE-2026-32838 (Edimax GS-5008PL firmware version 1.00.54 and prior use
cleartext HTTP ...)
- TODO: check
+ NOT-FOR-US: Edimax
CVE-2026-32608 (Glances is an open-source system cross-platform monitoring
tool. The G ...)
TODO: check
CVE-2026-32606 (IncusOS is an immutable OS image dedicated to running Incus.
Prior to ...)
@@ -39,15 +39,15 @@ CVE-2026-32606 (IncusOS is an immutable OS image dedicated
to running Incus. Pri
CVE-2026-32596 (Glances is an open-source system cross-platform monitoring
tool. Prior ...)
TODO: check
CVE-2026-32268 (The Azure Blob Storage for Craft CMS plugin provides an Azure
Blob Sto ...)
- TODO: check
+ NOT-FOR-US: Craft CMS plugin
CVE-2026-32266 (The Google Cloud Storage for Craft CMS plugin provides a
Google Cloud ...)
- TODO: check
+ NOT-FOR-US: Craft CMS plugin
CVE-2026-32265 (The Amazon S3 for Craft CMS plugin provides an Amazon S3
integration f ...)
- TODO: check
+ NOT-FOR-US: Craft CMS plugin
CVE-2026-32256 (music-metadata is a metadata parser for audio and video media
files. P ...)
TODO: check
CVE-2026-32254 (Kube-router is a turnkey solution for Kubernetes networking.
Prior to ...)
- TODO: check
+ NOT-FOR-US: Kube-router
CVE-2026-31938 (jsPDF is a library to generate PDFs in JavaScript. Prior to
version 4. ...)
TODO: check
CVE-2026-31898 (jsPDF is a library to generate PDFs in JavaScript. Prior to
version 4. ...)
@@ -55,7 +55,7 @@ CVE-2026-31898 (jsPDF is a library to generate PDFs in
JavaScript. Prior to vers
CVE-2026-31891 (Cockpit is a headless content management system. Any Cockpit
CMS insta ...)
TODO: check
CVE-2026-31865 (Elysia is a Typescript framework for request validation, type
inferenc ...)
- TODO: check
+ NOT-FOR-US: Elysia
CVE-2026-30922 (pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3,
the `pya ...)
TODO: check
CVE-2026-30884 (mdjnelson/moodle-mod_customcert is a Moodle plugin for
creating dynami ...)
@@ -69,9 +69,9 @@ CVE-2026-29057 (Next.js is a React framework for building
full-stack web applica
CVE-2026-29056 (Kanboard is project management software focused on Kanban
methodology. ...)
TODO: check
CVE-2026-28674 (xiaoheiFS is a self-hosted financial and operational system
for cloud ...)
- TODO: check
+ NOT-FOR-US: xiaoheiFS
CVE-2026-28673 (xiaoheiFS is a self-hosted financial and operational system
for cloud ...)
- TODO: check
+ NOT-FOR-US: xiaoheiFS
CVE-2026-28500 (Open Neural Network Exchange (ONNX) is an open standard for
machine le ...)
TODO: check
CVE-2026-28499 (LeafKit is a templating language with Swift-inspired syntax.
Prior to ...)
@@ -89,7 +89,7 @@ CVE-2026-27895 (LDAP Account Manager (LAM) is a webfrontend
for managing entries
CVE-2026-27894 (LDAP Account Manager (LAM) is a webfrontend for managing
entries (e.g. ...)
TODO: check
CVE-2026-27811 (Roxy-WI is a web interface for managing Haproxy, Nginx, Apache
and Kee ...)
- TODO: check
+ NOT-FOR-US: Roxy-WI
CVE-2026-27545 (OpenClaw versions prior to 2026.2.26 contain an approval
bypass vulner ...)
NOT-FOR-US: OpenClaw
CVE-2026-27524 (OpenClaw versions prior to 2026.2.21 accept prototype-reserved
keys in ...)
@@ -105,9 +105,9 @@ CVE-2026-27448 (pyOpenSSL is a Python wrapper around the
OpenSSL library. Starti
CVE-2026-26004 (Sentry is a developer-first error tracking and performance
monitoring ...)
TODO: check
CVE-2026-26001 (The GLPI Inventory Plugin handles network discovery,
inventory, softwa ...)
- TODO: check
+ NOT-FOR-US: GLPI plugin
CVE-2026-25937 (GLPI is a free Asset and IT management software package.
Starting in v ...)
- TODO: check
+ - glpi <removed>
CVE-2026-22730 (A critical SQL injection vulnerability in Spring AI's
MariaDBFilterExp ...)
TODO: check
CVE-2026-22729 (A JSONPath injection vulnerability in Spring AI's
AbstractFilterExpres ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b0e15705e8f04db896382cc8594c3c8fcd29f5f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b0e15705e8f04db896382cc8594c3c8fcd29f5f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
