Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
aeb1e8bf by security tracker role at 2026-04-02T19:13:50+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
CVE-2026-5429 (Unsanitized input during web page generation in the Kiro Agent
webview ...)
- TODO: check
+ NOT-FOR-US: Amazon
CVE-2026-5418 (A vulnerability was identified in appsmithorg appsmith up to
1.97. Imp ...)
TODO: check
CVE-2026-5417 (A vulnerability was determined in Dataease SQLbot up to 1.6.0.
This is ...)
@@ -11,23 +11,23 @@ CVE-2026-5413 (A vulnerability was identified in Newgen
OmniDocs up to 12.0.00.
CVE-2026-5370 (A vulnerability was identified in krayin laravel-crm up to 2.2.
Impact ...)
TODO: check
CVE-2026-5368 (A vulnerability was determined in projectworlds Car Rental
Project 1.0 ...)
- TODO: check
+ NOT-FOR-US: Project Worlds
CVE-2026-5360 (A vulnerability has been found in Free5GC 4.2.0. The affected
element ...)
TODO: check
CVE-2026-5355 (A vulnerability has been found in Trendnet TEW-657BRM 1.00.1.
Affected ...)
- TODO: check
+ NOT-FOR-US: TRENDnet
CVE-2026-5354 (A flaw has been found in Trendnet TEW-657BRM 1.00.1. Affected
by this ...)
- TODO: check
+ NOT-FOR-US: TRENDnet
CVE-2026-5353 (A vulnerability was detected in Trendnet TEW-657BRM 1.00.1.
Affected i ...)
- TODO: check
+ NOT-FOR-US: TRENDnet
CVE-2026-5352 (A security vulnerability has been detected in Trendnet
TEW-657BRM 1.00 ...)
- TODO: check
+ NOT-FOR-US: TRENDnet
CVE-2026-5351 (A weakness has been identified in Trendnet TEW-657BRM 1.00.1.
This aff ...)
- TODO: check
+ NOT-FOR-US: TRENDnet
CVE-2026-5350 (A security flaw has been discovered in Trendnet TEW-657BRM
1.00.1. The ...)
- TODO: check
+ NOT-FOR-US: TRENDnet
CVE-2026-5349 (A vulnerability was identified in Trendnet TEW-657BRM 1.00.1.
The affe ...)
- TODO: check
+ NOT-FOR-US: TRENDnet
CVE-2026-5346 (A vulnerability was determined in huimeicloud hm_editor up to
2.2.3. I ...)
TODO: check
CVE-2026-5344 (A security vulnerability has been detected in Textpattern up to
4.9.1. ...)
@@ -35,11 +35,11 @@ CVE-2026-5344 (A security vulnerability has been detected
in Textpattern up to 4
CVE-2026-5342 (A flaw has been found in LibRaw up to 0.22.0. This affects the
functio ...)
TODO: check
CVE-2026-5339 (A vulnerability was detected in Tenda G103 1.0.0.5. The
impacted eleme ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-5338 (A security vulnerability has been detected in Tenda G103
1.0.0.5. The ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-5334 (A weakness has been identified in itsourcecode Online
Enrollment Syste ...)
- TODO: check
+ NOT-FOR-US: itsourcecode System
CVE-2026-5333 (A security flaw has been discovered in DefaultFuction
Content-Manageme ...)
TODO: check
CVE-2026-5332 (A vulnerability was identified in Xiaopi Panel 1.0.0. This
vulnerabili ...)
@@ -47,13 +47,13 @@ CVE-2026-5332 (A vulnerability was identified in Xiaopi
Panel 1.0.0. This vulner
CVE-2026-5331 (A vulnerability was determined in OpenCart 4.1.0.3. This
affects an un ...)
TODO: check
CVE-2026-5330 (A vulnerability was found in SourceCodester/mayuri_k Best
Courier Mana ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-5328 (A weakness has been identified in shsuishang modulithshop up to
829bac ...)
TODO: check
CVE-2026-5327 (A security flaw has been discovered in efforthye
fast-filesystem-mcp u ...)
TODO: check
CVE-2026-5326 (A vulnerability was identified in SourceCodester Leave
Application Sys ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-5246 (A vulnerability was determined in Cesanta Mongoose up to 7.20.
Affecte ...)
TODO: check
CVE-2026-5245 (A vulnerability was found in Cesanta Mongoose up to 7.20. This
impacts ...)
@@ -61,7 +61,7 @@ CVE-2026-5245 (A vulnerability was found in Cesanta Mongoose
up to 7.20. This im
CVE-2026-5244 (A vulnerability has been found in Cesanta Mongoose up to 7.20.
This af ...)
TODO: check
CVE-2026-5032 (The W3 Total Cache plugin for WordPress is vulnerable to
information e ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4636 (A flaw was found in Keycloak. An authenticated user with the
uma_prote ...)
TODO: check
CVE-2026-4634 (A flaw was found in Keycloak. An unauthenticated attacker can
exploit ...)
@@ -73,7 +73,7 @@ CVE-2026-4282 (A flaw was found in Keycloak. The
SingleUseObjectProvider, a glob
CVE-2026-3872 (A flaw was found in Keycloak. This issue allows an attacker,
who contr ...)
TODO: check
CVE-2026-3692 (In Progress Flowmon versions prior to 12.5.8, a vulnerability
exists w ...)
- TODO: check
+ NOT-FOR-US: Progress Software
CVE-2026-35414 (OpenSSH before 10.3 mishandles the authorized_keys principals
option i ...)
TODO: check
CVE-2026-35388 (OpenSSH before 10.3 omits connection multiplexing confirmation
for pro ...)
@@ -95,7 +95,7 @@ CVE-2026-34974 (phpMyFAQ is an open source FAQ web
application. Prior to version
CVE-2026-34973 (phpMyFAQ is an open source FAQ web application. Prior to
version 4.1.1 ...)
TODO: check
CVE-2026-34890 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-34877 (An issue was discovered in Mbed TLS versions from 2.19.0 up to
3.6.5, ...)
TODO: check
CVE-2026-34876 (An issue was discovered in Mbed TLS 3.x before 3.6.6. An
out-of-bounds ...)
@@ -249,23 +249,23 @@ CVE-2026-34523 (SillyTavern is a locally installed user
interface that allows us
CVE-2026-34522 (SillyTavern is a locally installed user interface that allows
users to ...)
TODO: check
CVE-2026-34426 (OpenClaw versions prior to commit b57b680contain an approval
bypass vu ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-34425 (OpenClaw versions prior to commit 8aceaf5 contain a preflight
validati ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-34230 (Rack is a modular Ruby web server interface. Prior to versions
2.2.23, ...)
TODO: check
CVE-2026-34124 (A denial-of-service vulnerability was identified in TP-Link
Tapo C520W ...)
- TODO: check
+ NOT-FOR-US: TPLink
CVE-2026-34122 (A stack-based buffer overflow vulnerability was identified in
TP-Link ...)
- TODO: check
+ NOT-FOR-US: TPLink
CVE-2026-34121 (An authentication bypass vulnerability within the HTTP
handling of the ...)
- TODO: check
+ NOT-FOR-US: TPLink
CVE-2026-34120 (A heap-based buffer overflow vulnerability was identified in
TP-Link T ...)
- TODO: check
+ NOT-FOR-US: TPLink
CVE-2026-34119 (A heap-based buffer overflow vulnerability was identified in
TP-Link T ...)
- TODO: check
+ NOT-FOR-US: TPLink
CVE-2026-34118 (A heap-based buffer overflow vulnerability was identified in
TP-Link T ...)
- TODO: check
+ NOT-FOR-US: TPLink
CVE-2026-34083 (Signal K Server is a server application that runs on a central
hub in ...)
TODO: check
CVE-2026-33951 (Signal K Server is a server application that runs on a central
hub in ...)
@@ -291,7 +291,7 @@ CVE-2026-33544 (Tinyauth is an authentication and
authorization server. Prior to
CVE-2026-33533 (Glances is an open-source system cross-platform monitoring
tool. Prior ...)
TODO: check
CVE-2026-33271 (Local privilege escalation due to insecure folder permissions.
The fol ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2026-32871 (FastMCP is a Pythonic way to build MCP servers and clients.
Prior to v ...)
TODO: check
CVE-2026-32762 (Rack is a modular Ruby web server interface. From versions
3.0.0.beta1 ...)
@@ -319,11 +319,11 @@ CVE-2026-30603 (An issue in the firmware update mechanism
of Qianniao QN-L23PA09
CVE-2026-30332 (A Time-of-Check to Time-of-Use (TOCTOU) race condition
vulnerability i ...)
TODO: check
CVE-2026-2737 (A vulnerability exists in Progress Flowmon versions prior to
12.5.8 an ...)
- TODO: check
+ NOT-FOR-US: Progress Software
CVE-2026-2701 (Authenticated user can upload a malicious file to the server
and execu ...)
- TODO: check
+ NOT-FOR-US: Progress Software
CVE-2026-2699 (Customer Managed ShareFile Storage Zones Controller (SZC)
allows an un ...)
- TODO: check
+ NOT-FOR-US: Progress Software
CVE-2026-29782 (OpenSTAManager is an open source management software for
technical ass ...)
TODO: check
CVE-2026-29144 (SEPPmail Secure Email Gateway before version 15.0.3 allows an
attacker ...)
@@ -357,9 +357,9 @@ CVE-2026-29131 (SEPPmail Secure Email Gateway before
version 15.0.3 allows attac
CVE-2026-28805 (OpenSTAManager is an open source management software for
technical ass ...)
TODO: check
CVE-2026-28728 (Local privilege escalation due to DLL hijacking vulnerability.
The fol ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2026-27774 (Local privilege escalation due to DLL hijacking vulnerability.
The fol ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2026-26962 (Rack is a modular Ruby web server interface. From version
3.2.0 to bef ...)
TODO: check
CVE-2026-26961 (Rack is a modular Ruby web server interface. Prior to versions
2.2.23, ...)
@@ -373,41 +373,41 @@ CVE-2026-26895 (User enumeration vulnerability in
/pwreset.php in osTicket v1.18
CVE-2026-25212 (An issue was discovered in Percona PMM before 3.7. Because an
internal ...)
TODO: check
CVE-2026-0688 (The Webmention plugin for WordPress is vulnerable to
Server-Side Reque ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-0686 (The Webmention plugin for WordPress is vulnerable to
Server-Side Reque ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-0634 (Code execution in AssistFeedbackService of TECNO Pova7 Pro 5G
on Andro ...)
- TODO: check
+ NOT-FOR-US: TECNO Mobile
CVE-2025-65114 (Apache Traffic Server allows request smuggling if chunked
messages are ...)
TODO: check
CVE-2025-58136 (A bug in POST request handling causes a crash under a certain
conditio ...)
TODO: check
CVE-2025-43264 (The issue was addressed with improved memory handling. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-43257 (This issue was addressed with improved handling of symlinks.
This issu ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-43238 (An integer overflow was addressed with improved input
validation. This ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-43236 (A type confusion issue was addressed with improved memory
handling. Th ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-43219 (The issue was addressed with improved memory handling. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-43210 (An out-of-bounds access issue was addressed with improved
bounds check ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-43202 (This issue was addressed with improved memory handling. This
issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2024-44303 (The issue was addressed with improved checks. This issue is
fixed in m ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2024-44286 (This issue was addressed through improved state management.
This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2024-44250 (A permissions issue was addressed with additional
restrictions. This i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2024-44219 (A permissions issue was addressed with additional
restrictions. This i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2024-40858 (A permissions issue was addressed with additional
restrictions. This i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2024-40849 (A race condition was addressed with additional validation.
This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-7342 (HiSecOS web server contains a privilege escalation
vulnerability that ...)
TODO: check
CVE-2026-27456 [util-linux: mount(8) TOCTOU symlink attack via loop device]
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aeb1e8bfd4e51605e811f5a102d908c7b5d3681c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aeb1e8bfd4e51605e811f5a102d908c7b5d3681c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
