Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6a2a2a96 by security tracker role at 2026-04-01T19:14:20+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -9,19 +9,19 @@ CVE-2026-5259 (A vulnerability was determined in AutohomeCorp
frostmourne up to
CVE-2026-5199 (A writer role user in an attacker-controlled namespace could
signal, d ...)
TODO: check
CVE-2026-5175 (Improper access control in the multi-factor authentication
(MFA) manag ...)
- TODO: check
+ NOT-FOR-US: Devolutions
CVE-2026-4989 (Improper input validation in the gateway health check feature
in Devol ...)
- TODO: check
+ NOT-FOR-US: Devolutions
CVE-2026-4927 (Exposure of sensitive information in the users MFA feature in
Devoluti ...)
- TODO: check
+ NOT-FOR-US: Devolutions
CVE-2026-4925 (Improper access control in the users MFA feature in Devolutions
Server ...)
- TODO: check
+ NOT-FOR-US: Devolutions
CVE-2026-4924 (Improper authentication in the two-factor authentication (2FA)
featur ...)
- TODO: check
+ NOT-FOR-US: Devolutions
CVE-2026-4829 (Improper authentication in the external OAuth authentication
flow in D ...)
- TODO: check
+ NOT-FOR-US: Devolutions
CVE-2026-4828 (Improper authentication in the OAuth login functionality in
Devolution ...)
- TODO: check
+ NOT-FOR-US: Devolutions
CVE-2026-4370 (A vulnerability was identified in Juju from version 3.2.0 until
3.6.19 ...)
TODO: check
CVE-2026-3877 (A reflected cross-site scripting (XSS) vulnerability in the
dashboard ...)
@@ -41,7 +41,7 @@ CVE-2026-35000 (ChangeDetection.io versions prior to 0.54.7
contain a protection
CVE-2026-34999 (OpenViking versions 0.2.5 prior to 0.2.14 contain a missing
authentica ...)
TODO: check
CVE-2026-34889 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-34875 (An issue was discovered in Mbed TLS through 3.6.5 and
TF-PSA-Crypto 1. ...)
TODO: check
CVE-2026-34874 (An issue was discovered in Mbed TLS through 3.6.5 and 4.x
through 4.0. ...)
@@ -55,7 +55,7 @@ CVE-2026-34604 (Tina is a headless content management system.
Prior to version 2
CVE-2026-34603 (Tina is a headless content management system. Prior to version
2.2.2, ...)
TODO: check
CVE-2026-34510 (OpenClaw before 2026.3.22 contains a path traversal
vulnerability in W ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-34447 (Open Neural Network Exchange (ONNX) is an open standard for
machine le ...)
TODO: check
CVE-2026-34446 (Open Neural Network Exchange (ONNX) is an open standard for
machine le ...)
@@ -77,7 +77,7 @@ CVE-2026-34159 (llama.cpp is an inference of several LLM
models in C/C++. Prior
CVE-2026-34076 (Clerk JavaScript is the official JavaScript repository for
Clerk authe ...)
TODO: check
CVE-2026-34072 (Cr*nMaster (cronmaster) is a Cronjob management UI with human
readable ...)
- TODO: check
+ NOT-FOR-US: Next.js
CVE-2026-33990 (Docker Model Runner (DMR) is software used to manage, run, and
deploy ...)
TODO: check
CVE-2026-33978 (Notesnook is a note-taking app focused on user privacy & ease
of use. ...)
@@ -85,17 +85,17 @@ CVE-2026-33978 (Notesnook is a note-taking app focused on
user privacy & ease of
CVE-2026-33949 (Tina is a headless content management system. Prior to version
2.2.2, ...)
TODO: check
CVE-2026-31027 (TOTOlink A3600R v5.9c.4959 contains a buffer overflow
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2026-30643 (An issue was discovered in DedeCMS 5.7.118 allowing attackers
to execu ...)
- TODO: check
+ NOT-FOR-US: DedeCMS
CVE-2026-30573 (A Business Logic vulnerability exists in SourceCodester
Pharmacy Produ ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-30526 (A Reflected Cross-Site Scripting (XSS) vulnerability exists in
SourceC ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-30523 (A Business Logic vulnerability exists in SourceCodester Loan
Managemen ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-30522 (A Business Logic vulnerability exists in SourceCodester Loan
Managemen ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-30292 (An arbitrary file overwrite vulnerability in Docudepot PDF
Reader: PDF ...)
TODO: check
CVE-2026-30291 (An arbitrary file overwrite vulnerability in Ora Tools PDF
Reader ' Re ...)
@@ -113,11 +113,11 @@ CVE-2026-29598 (Multiple stored cross-site scripting
(XSS) vulnerabilities in th
CVE-2026-29014 (MetInfo CMS versions 7.9, 8.0, and 8.1 contain an
unauthenticated PHP ...)
TODO: check
CVE-2026-28265 (PowerStore, contains a Path Traversal vulnerability in the
Service use ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2026-27489 (Open Neural Network Exchange (ONNX) is an open standard for
machine le ...)
TODO: check
CVE-2026-27101 (Dell Secure Connect Gateway (SCG) 5.0 Appliance and
Application versio ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2026-25835 (Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse
seeds in a ...)
TODO: check
CVE-2026-25834 (Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm
Downgrade.)
@@ -129,27 +129,27 @@ CVE-2026-25601 (A vulnerability was identified in MEPIS
RM, an industrial softwa
CVE-2026-24096 (Insufficient permission validation on multiple REST API Quick
Setup en ...)
TODO: check
CVE-2026-23899 (An improper access check allows unauthorized access to
webservice endp ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2026-23898 (Lack of input validation leads to an arbitrary file deletion
vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2026-22768 (Dell AppSync, version(s) 4.6.0, contain(s) an Incorrect
Permission Ass ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2026-22767 (Dell AppSync, version(s) 4.6.0, contain(s) an UNIX Symbolic
Link (Syml ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2026-21632 (Lack of output escaping for article titles leads to XSS
vectors in var ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2026-21631 (Lack of output escaping leads to a XSS vector in the
multilingual asso ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2026-21630 (Improperly built order clauses lead to a SQL injection
vulnerability i ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2026-21629 (The ajax component was excluded from the default
logged-in-user check ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2026-20174 (A vulnerability in the Metadata update feature of Cisco Nexus
Dashboar ...)
TODO: check
CVE-2026-20160 (A vulnerability in Cisco Smart Software Manager On-Prem (SSM
On-Prem) ...)
TODO: check
CVE-2026-20155 (A vulnerability in the web-based management interface of Cisco
Evolved ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-20151 (A vulnerability in the web interface of Cisco Smart Software
Manager O ...)
TODO: check
CVE-2026-20097 (A vulnerability in the web-based management interface of Cisco
IMC cou ...)
@@ -173,13 +173,13 @@ CVE-2026-20087 (A vulnerability in the web-based
management interface of Cisco I
CVE-2026-20085 (A vulnerability in the web-based management interface of Cisco
IMC cou ...)
TODO: check
CVE-2026-20042 (A vulnerability in the configuration backup feature of Cisco
Nexus Das ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-20041 (A vulnerability in Cisco Nexus Dashboard and Cisco Nexus
Dashboard Ins ...)
TODO: check
CVE-2026-1879 (A vulnerability was detected in Harvard University IQSS
Dataverse up t ...)
TODO: check
CVE-2026-0932 (Blind server-side request forgery (SSRF) vulnerability in
legacy conne ...)
- TODO: check
+ NOT-FOR-US: M-Files
CVE-2026-0522 (A local file inclusion vulnerability in the upload/download
flow of th ...)
TODO: check
CVE-2025-67807 (The login mechanism of Sage DPW 2025_06_004 displays distinct
response ...)
@@ -189,9 +189,9 @@ CVE-2025-67806 (The login mechanism of Sage DPW 2021_06_004
displays distinct re
CVE-2025-67805 (A non-default configuration in Sage DPW 2025_06_004 allows
unauthentic ...)
TODO: check
CVE-2025-13535 (The King Addons for Elementor plugin for WordPress is
vulnerable to mu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-53828 (Ericsson Packet Core Controller (PCC) versions prior to 1.38
contain a ...)
- TODO: check
+ NOT-FOR-US: Ericsson
CVE-2024-43028 (A command injection vulnerability in the component
/jmreport/show of j ...)
TODO: check
CVE-2024-40489 (There is an injection vulnerability in jeecg boot versions
3.0.0 to 3. ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6a2a2a96a37ccfa12983ea58fce3c48dcb101daa
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6a2a2a96a37ccfa12983ea58fce3c48dcb101daa
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
