Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0ee574da by security tracker role at 2026-03-20T08:14:30+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -7,17 +7,17 @@ CVE-2026-4476 (A vulnerability was found in Yi Technology YI
Home Camera 2 2.1.1
CVE-2026-4475 (A vulnerability has been found in Yi Technology YI Home Camera
2 2.1.1 ...)
TODO: check
CVE-2026-4474 (A flaw has been found in itsourcecode University Management
System 1.0 ...)
- TODO: check
+ NOT-FOR-US: itsourcecode System
CVE-2026-4473 (A vulnerability was detected in itsourcecode Online Doctor
Appointment ...)
- TODO: check
+ NOT-FOR-US: itsourcecode System
CVE-2026-4472 (A security vulnerability has been detected in itsourcecode
Online Froz ...)
- TODO: check
+ NOT-FOR-US: itsourcecode System
CVE-2026-4471 (A weakness has been identified in itsourcecode Online Frozen
Foods Ord ...)
- TODO: check
+ NOT-FOR-US: itsourcecode System
CVE-2026-4470 (A security flaw has been discovered in itsourcecode Online
Frozen Food ...)
- TODO: check
+ NOT-FOR-US: itsourcecode System
CVE-2026-4469 (A vulnerability was identified in itsourcecode Online Frozen
Foods Ord ...)
- TODO: check
+ NOT-FOR-US: itsourcecode System
CVE-2026-4468 (A vulnerability was determined in Comfast CF-AC100 2.6.0.8.
Affected i ...)
TODO: check
CVE-2026-4467 (A vulnerability was found in Comfast CF-AC100 2.6.0.8. This
impacts an ...)
@@ -25,17 +25,17 @@ CVE-2026-4467 (A vulnerability was found in Comfast
CF-AC100 2.6.0.8. This impac
CVE-2026-4466 (A vulnerability has been found in Comfast CF-AC100 2.6.0.8.
This affec ...)
TODO: check
CVE-2026-4465 (A flaw has been found in D-Link DIR-513 1.10. The impacted
element is ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2026-4428 (A logic error in CRL distribution point validation in AWS-LC
before 1. ...)
- TODO: check
+ NOT-FOR-US: Amazon
CVE-2026-4395 (Heap-based buffer overflow in the KCAPI ECC code path of
wc_ecc_import ...)
TODO: check
CVE-2026-4159 (1-byte OOB heap read in wc_PKCS7_DecodeEnvelopedData via
zero-length e ...)
TODO: check
CVE-2026-4136 (The Membership Plugin \u2013 Restrict Content plugin for
WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4038 (The Aimogen Pro plugin for WordPress is vulnerable to Arbitrary
Functi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3948
REJECTED
CVE-2026-3849 (Stack Buffer Overflow in wc_HpkeLabeledExtract via Oversized
ECH Confi ...)
@@ -49,33 +49,33 @@ CVE-2026-3230 (Missing required cryptographic step in the
TLS 1.3 client HelloRe
CVE-2026-3229 (An integer overflow vulnerability existed in the static
function wolfs ...)
TODO: check
CVE-2026-33410 (Discourse is an open-source discussion platform. Versions
prior to 202 ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-33408 (Discourse is an open-source discussion platform. Prior to
versions 202 ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-33395 (Discourse is an open-source discussion platform. Prior to
versions 202 ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-33394 (Discourse is an open-source discussion platform. Prior to
versions 202 ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-33393 (Discourse is an open-source discussion platform. Prior to
versions 202 ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-33355 (Discourse is an open-source discussion platform. Prior to
versions 202 ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-33346 (OpenEMR is a free and open source electronic health records
and medica ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2026-33321 (OpenEMR is a free and open source electronic health records
and medica ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2026-33305 (OpenEMR is a free and open source electronic health records
and medica ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2026-33304 (OpenEMR is a free and open source electronic health records
and medica ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2026-33303 (OpenEMR is a free and open source electronic health records
and medica ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2026-33302 (OpenEMR is a free and open source electronic health records
and medica ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2026-33301 (OpenEMR is a free and open source electronic health records
and medica ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2026-33299 (OpenEMR is a free and open source electronic health records
and medica ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2026-33289 (SuiteCRM is an open-source, enterprise-ready Customer
Relationship Man ...)
TODO: check
CVE-2026-33288 (SuiteCRM is an open-source, enterprise-ready Customer
Relationship Man ...)
@@ -157,7 +157,7 @@ CVE-2026-32941 (Sliver is a command and control framework
that uses a custom Wir
CVE-2026-32940 (SiYuan is a personal knowledge management system. In versions
3.6.0 an ...)
TODO: check
CVE-2026-32939 (DataEase is an open source data visualization analysis tool.
Versions ...)
- TODO: check
+ NOT-FOR-US: DataEase
CVE-2026-32938 (SiYuan is a personal knowledge management system. In versions
3.6.0 an ...)
TODO: check
CVE-2026-32937 (free5GC is an open source 5G core network. free5GC CHF prior
to versio ...)
@@ -177,7 +177,7 @@ CVE-2026-32888 (Open Source Point of Sale is a web based
point-of-sale applicati
CVE-2026-32881 (ewe is a Gleam web server. ewe is a Gleam web server. Versions
0.6.0 t ...)
TODO: check
CVE-2026-32880 (ChurchCRM is an open-source church management system. Versions
prior t ...)
- TODO: check
+ NOT-FOR-US: ChurchCRM
CVE-2026-32875 (UltraJSON is a fast JSON encoder and decoder written in pure C
with bi ...)
TODO: check
CVE-2026-32874 (UltraJSON is a fast JSON encoder and decoder written in pure C
with bi ...)
@@ -259,101 +259,101 @@ CVE-2026-32191 (Improper neutralization of special
elements used in an os comman
CVE-2026-32169 (Server-side request forgery (ssrf) in Azure Cloud Shell allows
an unau ...)
TODO: check
CVE-2026-32114 (Discourse is an open-source discussion platform. Prior to
versions 202 ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-32099 (Discourse is an open-source discussion platform. Prior to
versions 202 ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-32041 (OpenClaw versions prior to 2026.3.1 fail to properly handle
authentica ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32040 (OpenClaw versions prior to 2026.2.23 contain an html injection
vulnera ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32039 (OpenClaw versions prior to 2026.2.22 contain an authorization
bypass v ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32038 (OpenClaw before 2026.2.24 contains a sandbox network isolation
bypass ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32037 (OpenClaw versions prior to 2026.2.22 fail to consistently
validate red ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32036 (OpenClaw gateway plugin versions prior to 2026.2.26 contain a
path tra ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32035 (OpenClaw versions prior to 2026.3.2 fail to pass the
senderIsOwner fla ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32034 (OpenClaw versions prior to 2026.2.21 contain an authentication
bypass ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32033 (OpenClaw versions prior to 2026.2.24 contain a path traversal
vulnerab ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32032 (OpenClaw versions prior to 2026.2.22 contain an arbitrary
shell execut ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32031 (OpenClaw versions prior to 2026.2.26 server-http contains an
authentic ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32030 (OpenClaw versions prior to 2026.2.19 contain a path traversal
vulnerab ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32029 (OpenClaw versions prior to 2026.2.21 improperly parse the
left-most X- ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32028 (OpenClaw versions prior to 2026.2.25 fail to enforce dmPolicy
and allo ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32027 (OpenClaw versions prior to 2026.2.26 contain an authorization
bypass v ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32026 (OpenClaw versions prior to 2026.2.24 contain an improper path
validati ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32025 (OpenClaw versions prior to 2026.2.25 contain an authentication
hardeni ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32024 (OpenClaw versions prior to 2026.2.22 contain a symlink
traversal vulne ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32023 (OpenClaw versions prior to 2026.2.24 contain an approval
gating bypass ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32022 (OpenClaw versions prior to 2026.2.21 contain a stdin-only
policy bypas ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32021 (OpenClaw versions prior to 2026.2.22 contain an authorization
bypass v ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32020 (OpenClaw versions prior to 2026.2.22 contain a path traversal
vulnerab ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32019 (OpenClaw versions prior to 2026.2.22 contain incomplete IPv4
special-u ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32018 (OpenClaw versions prior to 2026.2.19 contain a race condition
vulnerab ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32017 (OpenClaw versions prior to 2026.2.19 contain an allowlist
bypass vulne ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32016 (OpenClaw versions prior to 2026.2.22 on macOS contain a path
validatio ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32015 (OpenClaw versions 2026.1.21 prior to 2026.2.19 contain a path
hijackin ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32014 (OpenClaw versions prior to 2026.2.26 contain a metadata
spoofing vulne ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32013 (OpenClaw versions prior to 2026.2.25 contain a symlink
traversal vulne ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32011 (OpenClaw versions prior to 2026.3.2 contain a denial of
service vulner ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32010 (OpenClaw versions prior to 2026.2.22 contain an allowlist
bypass vulne ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32009 (OpenClaw versions prior to 2026.2.24 contain a policy bypass
vulnerabi ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32008 (OpenClaw versions prior to 2026.2.21 contain an improper URL
scheme va ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32007 (OpenClaw versions prior to 2026.2.23 contain a path traversal
vulnerab ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32006 (OpenClaw versions prior to 2026.2.26 contain an authorization
bypass v ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32005 (OpenClaw versions prior to 2026.2.25 fail to enforce sender
authorizat ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32004 (OpenClaw versions prior to 2026.3.2 contain an authentication
bypass v ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32003 (OpenClaw versions prior to 2026.2.22 contain an environment
variable i ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32002 (OpenClaw versions prior to 2026.2.23 contain a sandbox bypass
vulnerab ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32001 (OpenClaw versions prior to 2026.2.22 contain an authentication
bypass ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-31869 (Discourse is an open-source discussion platform. Prior to
versions 202 ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-31805 (Discourse is an open-source discussion platform. Prior to
versions 202 ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-30924 (qui is a web interface for managing qBittorrent instances.
Versions 1. ...)
TODO: check
CVE-2026-30891 (Discourse is an open-source discussion platform. Prior to
versions 202 ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-30889 (Discourse is an open-source discussion platform. Prior to
versions 202 ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-30888 (Discourse is an open-source discussion platform. Versions
prior to 202 ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-30836 (Step CA is an online certificate authority for secure,
automated certi ...)
TODO: check
CVE-2026-29189 (SuiteCRM is an open-source, enterprise-ready Customer
Relationship Man ...)
@@ -387,27 +387,27 @@ CVE-2026-29097 (SuiteCRM is an open-source,
enterprise-ready Customer Relationsh
CVE-2026-29096 (SuiteCRM is an open-source, enterprise-ready Customer
Relationship Man ...)
TODO: check
CVE-2026-29072 (Discourse is an open-source discussion platform. Prior to
versions 202 ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-28282 (Discourse is an open-source discussion platform. Versions
prior to 202 ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-27953 (ormar is a async mini ORM for Python. Versions 0.23.0 and
below are vu ...)
TODO: check
CVE-2026-27936 (Discourse is an open-source discussion platform. Prior to
versions 202 ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-27935 (Discourse is an open-source discussion platform. Versions
prior to 202 ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-27934 (Discourse is an open-source discussion platform. Versions
prior to 202 ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-27740 (Discourse is an open-source discussion platform. Versions
prior to 202 ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-27570 (Discourse is an open-source discussion platform. Prior to
versions 202 ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-27491 (Discourse is an open-source discussion platform. Prior to
versions 202 ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-27454 (Discourse is an open-source discussion platform. Prior to
versions 202 ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-27166 (Discourse is an open source discussion platform. Prior to
versions 202 ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-26139 (Server-side request forgery (ssrf) in Microsoft Purview allows
an unau ...)
TODO: check
CVE-2026-26138 (Server-side request forgery (ssrf) in Microsoft Purview allows
an unau ...)
@@ -419,7 +419,7 @@ CVE-2026-26136 (Improper neutralization of special elements
used in a command ('
CVE-2026-26120 (Server-side request forgery (ssrf) in Microsoft Bing allows an
unautho ...)
TODO: check
CVE-2026-24299 (Improper neutralization of special elements used in a command
('comman ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-23659 (Exposure of sensitive information to an unauthorized actor in
Azure Da ...)
TODO: check
CVE-2026-23658 (Insufficiently protected credentials in Azure DevOps allows an
unautho ...)
@@ -433,7 +433,7 @@ CVE-2026-22733 (Spring Boot applications with Actuator can
be vulnerable to an "
CVE-2026-22732 (When applications specify HTTP response headers for servlet
applicatio ...)
TODO: check
CVE-2026-22731 (Spring Boot applications with Actuator can be vulnerable to an
"Authen ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2026-21992 (Vulnerability in the Oracle Identity Manager product of Oracle
Fusion ...)
TODO: check
CVE-2026-33412 [Command injection via newline in glob()]
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ee574da9c9360d05e940b033c7d0cafe71281dc
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ee574da9c9360d05e940b033c7d0cafe71281dc
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
