Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c810087a by Moritz Muehlenhoff at 2026-03-18T10:12:01+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -38,7 +38,7 @@ CVE-2026-32608 (Glances is an open-source system
cross-platform monitoring tool.
NOTE:
https://github.com/nicolargo/glances/security/advisories/GHSA-vcv2-q258-wrg7
NOTE:
https://github.com/nicolargo/glances/commit/6f4ec53d967478e69917078e6f73f448001bf107
(v4.5.2)
CVE-2026-32606 (IncusOS is an immutable OS image dedicated to running Incus.
Prior to ...)
- TODO: check
+ NOT-FOR-US: IncusOS
CVE-2026-32596 (Glances is an open-source system cross-platform monitoring
tool. Prior ...)
- glances <unfixed>
NOTE:
https://github.com/nicolargo/glances/security/advisories/GHSA-wvxv-4j8q-4wjq
@@ -50,13 +50,13 @@ CVE-2026-32266 (The Google Cloud Storage for Craft CMS
plugin provides a Google
CVE-2026-32265 (The Amazon S3 for Craft CMS plugin provides an Amazon S3
integration f ...)
NOT-FOR-US: Craft CMS plugin
CVE-2026-32256 (music-metadata is a metadata parser for audio and video media
files. P ...)
- TODO: check
+ NOT-FOR-US: Node music-metadata
CVE-2026-32254 (Kube-router is a turnkey solution for Kubernetes networking.
Prior to ...)
NOT-FOR-US: Kube-router
CVE-2026-31938 (jsPDF is a library to generate PDFs in JavaScript. Prior to
version 4. ...)
- TODO: check
+ - jspdf <itp> (bug #998381)
CVE-2026-31898 (jsPDF is a library to generate PDFs in JavaScript. Prior to
version 4. ...)
- TODO: check
+ - jspdf <itp> (bug #998381)
CVE-2026-31891 (Cockpit is a headless content management system. Any Cockpit
CMS insta ...)
TODO: check
CVE-2026-31865 (Elysia is a Typescript framework for request validation, type
inferenc ...)
@@ -64,11 +64,11 @@ CVE-2026-31865 (Elysia is a Typescript framework for
request validation, type in
CVE-2026-30922 (pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3,
the `pya ...)
TODO: check
CVE-2026-30884 (mdjnelson/moodle-mod_customcert is a Moodle plugin for
creating dynami ...)
- TODO: check
+ NOT-FOR-US: Moodle plugin
CVE-2026-2809 (Netskope was notified about a potential gap in its Endpoint DLP
Module ...)
NOT-FOR-US: Netskope
CVE-2026-29112 (DiceBear is an avatar library for designers and developers.
Prior to v ...)
- TODO: check
+ NOT-FOR-US: DiceBear
CVE-2026-29057 (Next.js is a React framework for building full-stack web
applications. ...)
NOT-FOR-US: Next.js
CVE-2026-29056 (Kanboard is project management software focused on Kanban
methodology. ...)
@@ -109,7 +109,7 @@ CVE-2026-27459 (pyOpenSSL is a Python wrapper around the
OpenSSL library. Starti
CVE-2026-27448 (pyOpenSSL is a Python wrapper around the OpenSSL library.
Starting in ...)
TODO: check
CVE-2026-26004 (Sentry is a developer-first error tracking and performance
monitoring ...)
- TODO: check
+ NOT-FOR-US: Sentry
CVE-2026-26001 (The GLPI Inventory Plugin handles network discovery,
inventory, softwa ...)
NOT-FOR-US: GLPI plugin
CVE-2026-25937 (GLPI is a free Asset and IT management software package.
Starting in v ...)
@@ -121,21 +121,21 @@ CVE-2026-22729 (A JSONPath injection vulnerability in
Spring AI's AbstractFilter
CVE-2026-22727 (Unprotected internal endpoints in Cloud Foundry Capi Release
1.226.0 a ...)
TODO: check
CVE-2026-22323 (A CSRF vulnerability in the Link Aggregation configuration
interface a ...)
- TODO: check
+ NOT-FOR-US: Phoenix Contact
CVE-2026-22322 (A stored cross\u2011site scripting (XSS) vulnerability in the
Link Agg ...)
- TODO: check
+ NOT-FOR-US: Phoenix Contact
CVE-2026-22321 (A stack-based buffer overflow in the device's Telnet/SSH CLI
login rou ...)
- TODO: check
+ NOT-FOR-US: Phoenix Contact
CVE-2026-22320 (A stack-based buffer overflow in the CLI's TFTP
file\u2011transfer com ...)
- TODO: check
+ NOT-FOR-US: Phoenix Contact
CVE-2026-22319 (A stack-based buffer overflow in the device's file
installation workfl ...)
- TODO: check
+ NOT-FOR-US: Phoenix Contact
CVE-2026-22318 (A stack-based buffer overflow vulnerability in the device's
file trans ...)
- TODO: check
+ NOT-FOR-US: Phoenix Contact
CVE-2026-22317 (A command injection vulnerability in the device\u2019s Root CA
certifi ...)
- TODO: check
+ NOT-FOR-US: Phoenix Contact
CVE-2026-22316 (A remote attacker with user privileges for the webUI can use
the setti ...)
- TODO: check
+ NOT-FOR-US: Phoenix Contact
CVE-2026-22217 (OpenClaw version 2026.2.22 prior to 2026.2.23 contain an
arbitrary cod ...)
NOT-FOR-US: OpenClaw
CVE-2026-22181 (OpenClaw versions prior to 2026.3.2 contain a DNS pinning
bypass vulne ...)
@@ -161,7 +161,7 @@ CVE-2026-22169 (OpenClaw versions prior to 2026.2.22
contain an allowlist bypass
CVE-2026-22168 (OpenClaw versions prior to 2026.2.21 contain an
approval-integrity mis ...)
NOT-FOR-US: OpenClaw
CVE-2026-21994 (Vulnerability in the Oracle Edge Cloud Infrastructure Designer
and Vis ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-20643 (A cross-origin issue in the Navigation API was addressed with
improved ...)
NOT-FOR-US: Apple
CVE-2026-1926 (The Subscriptions for WooCommerce plugin for WordPress is
vulnerable t ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c810087ae3ba26efeb439ff083bd28b4d99d74e4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c810087ae3ba26efeb439ff083bd28b4d99d74e4
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
