Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3c6b1f46 by Salvatore Bonaccorso at 2026-03-31T07:53:41+02:00
Process some new NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2,9 +2,9 @@ CVE-2026-5170 (A user with access to the cluster with a limited
set of privilege
- mongodb <removed>
NOTE: https://jira.mongodb.org/browse/SERVER-101758
CVE-2026-5165 (A flaw was found in virtio-win, specifically within the VirtIO
Block ( ...)
- TODO: check
+ NOT-FOR-US: virtio Windows drivers
CVE-2026-5164 (A flaw was found in virtio-win. The `RhelDoUnMap()` function
does not ...)
- TODO: check
+ NOT-FOR-US: virtio Windows drivers
CVE-2026-5147 (A security flaw has been discovered in YunaiV yudao-cloud up to
2026.0 ...)
NOT-FOR-US: YunaiV yudao-cloud
CVE-2026-5128 (A sensitive information exposure vulnerability exists in
ArthurFiorett ...)
@@ -50,7 +50,7 @@ CVE-2026-3945 (An integer overflow vulnerability in the HTTP
chunked transfer en
CVE-2026-3502 (TrueConf Client downloads application update code and applies
it witho ...)
NOT-FOR-US: TrueConf Client
CVE-2026-3321 (A vulnerability of authorization bypass through user-controlled
key in ...)
- TODO: check
+ NOT-FOR-US: ON24 Q&A chat
CVE-2026-34714 (Vim before 9.2.0272 allows code execution that happens
immediately upo ...)
- vim <unfixed>
NOTE: https://github.com/vim/vim/security/advisories/GHSA-2gmj-rpqf-pxvh
@@ -94,47 +94,47 @@ CVE-2026-30557 (A Reflected Cross-Site Scripting (XSS)
vulnerability exists in S
CVE-2026-30556 (A Reflected Cross-Site Scripting (XSS) vulnerability exists in
SourceC ...)
NOT-FOR-US: SourceCodester
CVE-2026-30082 (Multiple stored cross-site scripting (XSS) vulnerabilities in
the Edit ...)
- TODO: check
+ NOT-FOR-US: IngEstate Server
CVE-2026-30077 (OpenAirInterface V2.2.0 AMF crashes when it fails to decode
the messag ...)
- TODO: check
+ NOT-FOR-US: OpenAirInterface
CVE-2026-2328 (An unauthenticated remote attacker can exploit insufficient
input vali ...)
- TODO: check
+ NOT-FOR-US: WAGO
CVE-2026-2287 (CrewAI does not properly check that Docker is still running
during run ...)
- TODO: check
+ NOT-FOR-US: CrewAI
CVE-2026-2286 (CrewAI contains a server-side request forgery vulnerability
that enabl ...)
- TODO: check
+ NOT-FOR-US: CrewAI
CVE-2026-2285 (CrewAI contains a arbitrary local file read vulnerability in
the JSON ...)
- TODO: check
+ NOT-FOR-US: CrewAI
CVE-2026-2275 (The CrewAI CodeInterpreter tool falls back to SandboxPython
when it ca ...)
- TODO: check
+ NOT-FOR-US: CrewAI
CVE-2026-29954 (In KubePlus 4.1.4, the mutating webhook and
kubeconfiggenerator compon ...)
- TODO: check
+ NOT-FOR-US: KubePlus
CVE-2026-29953 (SQL Injection vulnerability in SchemaHero 0.23.0 via the
column parame ...)
- TODO: check
+ NOT-FOR-US: SchemaHero
CVE-2026-29925 (Invoice Ninja v5.12.46 and v5.12.48 is vulnerable to
Server-Side Reque ...)
- TODO: check
+ NOT-FOR-US: Invoice Ninja
CVE-2026-29924 (Grav CMS v1.7.x and before is vulnerable to XML External
Entity (XXE) ...)
- TODO: check
+ NOT-FOR-US: Grav CMS
CVE-2026-29909 (MRCMS V3.1.2 contains an unauthenticated directory enumeration
vulnera ...)
- TODO: check
+ NOT-FOR-US: MRCMS
CVE-2026-29872 (A cross-session information disclosure vulnerability exists in
the awe ...)
- TODO: check
+ NOT-FOR-US: awesome-llm-apps
CVE-2026-29597 (Incorrect access control in the file_details.asp endpoint of
DDSN Inte ...)
- TODO: check
+ NOT-FOR-US: DDSN Interactive Acora CMS
CVE-2026-28528 (BlueKitchen BTstack versions prior to 1.8.1 contain an
out-of-bounds r ...)
- TODO: check
+ NOT-FOR-US: BlueKitchen BTstack
CVE-2026-28527 (BlueKitchen BTstack versions prior to 1.8.1 contain an
out-of-bounds r ...)
- TODO: check
+ NOT-FOR-US: BlueKitchen BTstack
CVE-2026-28526 (BlueKitchen BTstack versions prior to 1.8.1 contain an
out-of-bounds r ...)
- TODO: check
+ NOT-FOR-US: BlueKitchen BTstack
CVE-2026-27508 (Smoothwall Express versions prior to 3.1 Update 13 contain a
reflected ...)
- TODO: check
+ NOT-FOR-US: Smoothwall Express
CVE-2026-26352 (Smoothwall Express versions prior to 3.1 Update 13 contain a
stored cr ...)
- TODO: check
+ NOT-FOR-US: Smoothwall Express
CVE-2026-25704 (A Privilege Dropping / Lowering Errors/Time-of-check
Time-of-use (TOCT ...)
TODO: check
CVE-2026-1612 (AL-KO Robolinho Update Software has hard-coded AWS Access and
Secret k ...)
- TODO: check
+ NOT-FOR-US: AL-KO Robolinho Update Software
CVE-2025-66215 (OpenSC is an open source smart card tools and middleware.
Prior to ver ...)
TODO: check
CVE-2025-66038 (OpenSC is an open source smart card tools and middleware.
Prior to ver ...)
@@ -144,7 +144,7 @@ CVE-2025-66037 (OpenSC is an open source smart card tools
and middleware. Prior
CVE-2025-49010 (OpenSC is an open source smart card tools and middleware.
Prior to ver ...)
TODO: check
CVE-2025-3716 (User enumeration in ESET Protect (on-prem) viaResponse Timing.)
- TODO: check
+ NOT-FOR-US: ESET
CVE-2025-15379 (A command injection vulnerability exists in MLflow's model
serving con ...)
NOT-FOR-US: mlflow
CVE-2019-25655 (Device Monitoring Studio 8.10.00.8925 contains a denial of
service vul ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3c6b1f46f12051176092caa5207121adffb0204f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3c6b1f46f12051176092caa5207121adffb0204f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
