Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3c0f8743 by Salvatore Bonaccorso at 2026-03-31T21:33:08+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -114,9 +114,9 @@ CVE-2026-34043 (Serialize JavaScript to a superset of JSON
that includes regular
NOTE:
https://github.com/yahoo/serialize-javascript/security/advisories/GHSA-qj8w-gfj5-8c6v
NOTE:
https://github.com/yahoo/serialize-javascript/commit/f147e90269b58bb6e539cfdf3d0e20d6ad14204b
(v7.0.5)
CVE-2026-34042 (act is a project which allows for local running of github
actions. Pri ...)
- TODO: check
+ NOT-FOR-US: nektos act
CVE-2026-34041 (act is a project which allows for local running of github
actions. Pri ...)
- TODO: check
+ NOT-FOR-US: nektos act
CVE-2026-34040 (Moby is an open source container framework. Prior to version
29.3.1, a ...)
TODO: check
CVE-2026-34036 (Dolibarr is an enterprise resource planning (ERP) and customer
relatio ...)
@@ -124,7 +124,7 @@ CVE-2026-34036 (Dolibarr is an enterprise resource planning
(ERP) and customer r
CVE-2026-33997 (Moby is an open source container framework. Prior to version
29.3.1, a ...)
TODO: check
CVE-2026-33026 (Nginx UI is a web user interface for the Nginx web server.
Prior to ve ...)
- TODO: check
+ NOT-FOR-US: Nginx UI
CVE-2026-32884 (Botan is a C++ cryptography library. Prior to version 3.11.0,
during p ...)
TODO: check
CVE-2026-32883 (Botan is a C++ cryptography library. From version 3.0.0 to
before vers ...)
@@ -134,49 +134,49 @@ CVE-2026-32877 (Botan is a C++ cryptography library. From
version 2.3.0 to befor
CVE-2026-32794 (Improper Certificate Validation vulnerability in Apache
Airflow Provid ...)
TODO: check
CVE-2026-32734 (baserCMS is a website development framework. Prior to version
5.2.3, b ...)
- TODO: check
+ NOT-FOR-US: baserCMS
CVE-2026-32727 (SciTokens is a reference library for generating and using
SciTokens. P ...)
- TODO: check
+ NOT-FOR-US: SciTokens Library
CVE-2026-32716 (SciTokens is a reference library for generating and using
SciTokens. P ...)
- TODO: check
+ NOT-FOR-US: SciTokens Library
CVE-2026-32714 (SciTokens is a reference library for generating and using
SciTokens. P ...)
- TODO: check
+ NOT-FOR-US: SciTokens Library
CVE-2026-32696 (NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging
Platform. ...)
- TODO: check
+ NOT-FOR-US: NanoMQ
CVE-2026-32275 (Tautulli is a Python based monitoring and tracking tool for
Plex Media ...)
- TODO: check
+ NOT-FOR-US: Tautulli
CVE-2026-31946 (OpenOlat is an open source web-based e-learning platform for
teaching, ...)
- TODO: check
+ NOT-FOR-US: OpenOlat
CVE-2026-31831 (Tautulli is a Python based monitoring and tracking tool for
Plex Media ...)
- TODO: check
+ NOT-FOR-US: Tautulli
CVE-2026-31804 (Tautulli is a Python based monitoring and tracking tool for
Plex Media ...)
- TODO: check
+ NOT-FOR-US: Tautulli
CVE-2026-31799 (Tautulli is a Python based monitoring and tracking tool for
Plex Media ...)
- TODO: check
+ NOT-FOR-US: Tautulli
CVE-2026-30940 (baserCMS is a website development framework. Prior to version
5.2.3, a ...)
- TODO: check
+ NOT-FOR-US: baserCMS
CVE-2026-30880 (baserCMS is a website development framework. Prior to version
5.2.3, b ...)
- TODO: check
+ NOT-FOR-US: baserCMS
CVE-2026-30879 (baserCMS is a website development framework. Prior to version
5.2.3, b ...)
- TODO: check
+ NOT-FOR-US: baserCMS
CVE-2026-30878 (baserCMS is a website development framework. Prior to version
5.2.3, a ...)
- TODO: check
+ NOT-FOR-US: baserCMS
CVE-2026-30877 (baserCMS is a website development framework. Prior to version
5.2.3, t ...)
- TODO: check
+ NOT-FOR-US: baserCMS
CVE-2026-30313 (DSAI-Cline's command auto-approval module contains a critical
OS comma ...)
- TODO: check
+ NOT-FOR-US: DSAI-Cline
CVE-2026-30308 (In its design for automatic terminal command execution, HAI
Build Code ...)
- TODO: check
+ NOT-FOR-US: HAI Build Code Generator
CVE-2026-30307 (Roo Code's command auto-approval module contains a critical OS
command ...)
- TODO: check
+ NOT-FOR-US: Roo Code
CVE-2026-30306 (In its design for automatic terminal command execution,
SakaDev offers ...)
- TODO: check
+ NOT-FOR-US: SakaDev
CVE-2026-30305 (Syntx's command auto-approval module contains a critical OS
command in ...)
- TODO: check
+ NOT-FOR-US: Syntx
CVE-2026-28505 (Tautulli is a Python based monitoring and tracking tool for
Plex Media ...)
- TODO: check
+ NOT-FOR-US: Tautulli
CVE-2026-28228 (OpenOlat is an open source web-based e-learning platform for
teaching, ...)
- TODO: check
+ NOT-FOR-US: OpenOlat
CVE-2026-27697 (baserCMS is a website development framework. Prior to version
5.2.3, b ...)
TODO: check
CVE-2026-27599 (CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a
production ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3c0f87439b4697baa56c3d86a7e84f8b50d5999b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3c0f87439b4697baa56c3d86a7e84f8b50d5999b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
