Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
cc08eee5 by Salvatore Bonaccorso at 2026-03-05T23:05:20+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -39,9 +39,9 @@ CVE-2026-2599 (The Database for Contact Form 7, WPforms,
Elementor forms plugin
CVE-2026-29054 (Traefik is an HTTP reverse proxy and load balancer. From
version 2.11. ...)
- traefik <itp> (bug #983289)
CVE-2026-28790 (OliveTin gives access to predefined shell commands from a web
interfac ...)
- TODO: check
+ NOT-FOR-US: OliveTin
CVE-2026-28789 (OliveTin gives access to predefined shell commands from a web
interfac ...)
- TODO: check
+ NOT-FOR-US: OliveTin
CVE-2026-28551 (Race condition vulnerability in the device security management
module. ...)
NOT-FOR-US: Huawei
CVE-2026-28549 (Race condition vulnerability in the permission management
service.Impa ...)
@@ -63,57 +63,57 @@ CVE-2026-28348 (lxml_html_clean is a project for HTML
cleaning functionalities c
CVE-2026-28343 (CKEditor 5 is a modern JavaScript rich-text editor with an MVC
archite ...)
TODO: check
CVE-2026-28342 (OliveTin gives access to predefined shell commands from a web
interfac ...)
- TODO: check
+ NOT-FOR-US: OliveTin
CVE-2026-28287 (FreePBX is an open source IP PBX. From versions 16.0.17.2 to
before 16 ...)
- TODO: check
+ NOT-FOR-US: FreePBX
CVE-2026-28284 (FreePBX is an open source IP PBX. Prior to versions 16.0.10
and 17.0.5 ...)
- TODO: check
+ NOT-FOR-US: FreePBX
CVE-2026-28277 (LangGraph SQLite Checkpoint is an implementation of LangGraph
Checkpoi ...)
- TODO: check
+ NOT-FOR-US: LangGraph SQLite Checkpoint
CVE-2026-28223 (Wagtail is an open source content management system built on
Django. P ...)
- TODO: check
+ NOT-FOR-US: Wagtail CMS
CVE-2026-28222 (Wagtail is an open source content management system built on
Django. P ...)
- TODO: check
+ NOT-FOR-US: Wagtail CMS
CVE-2026-28210 (FreePBX is an open source IP PBX. Prior to versions 16.0.49
and 17.0.7 ...)
- TODO: check
+ NOT-FOR-US: FreePBX
CVE-2026-28209 (FreePBX is an open source IP PBX. From versions 16.0.17.2 to
before 16 ...)
- TODO: check
+ NOT-FOR-US: FreePBX
CVE-2026-27944 (Nginx UI is a web user interface for the Nginx web server.
Prior to ve ...)
- TODO: check
+ NOT-FOR-US: Nginx UI
CVE-2026-27750 (Avira Internet Security contains a time-of-check time-of-use
(TOCTOU) ...)
- TODO: check
+ NOT-FOR-US: Avira
CVE-2026-27749 (Avira Internet Security contains a deserialization of
untrusted data v ...)
- TODO: check
+ NOT-FOR-US: Avira
CVE-2026-27748 (Avira Internet Security contains an improper link resolution
vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Avira
CVE-2026-27723 (OpenProject is an open-source, web-based project management
software. ...)
- TODO: check
+ NOT-FOR-US: OpenProject
CVE-2026-27023 (Twenty is an open source CRM. Prior to version 1.18, the SSRF
protecti ...)
- TODO: check
+ NOT-FOR-US: Twenty CRM
CVE-2026-26999 (Traefik is an HTTP reverse proxy and load balancer. Prior to
versions ...)
- traefik <itp> (bug #983289)
CVE-2026-26998 (Traefik is an HTTP reverse proxy and load balancer. Prior to
versions ...)
- traefik <itp> (bug #983289)
CVE-2026-26418 (Missing authentication and authorization in the web API of
Tata Consul ...)
- TODO: check
+ NOT-FOR-US: Tata Consultancy Services Cognix Recon Client
CVE-2026-26417 (A broken access control vulnerability in the password reset
functional ...)
- TODO: check
+ NOT-FOR-US: Tata Consultancy Services Cognix Recon Client
CVE-2026-26416 (An authorization bypass vulnerability in Tata Consultancy
Services Cog ...)
- TODO: check
+ NOT-FOR-US: Tata Consultancy Services Cognix Recon Client
CVE-2026-26377 (Cross Site Scripting vulnerability in Koha 25.11 and before
allows a r ...)
TODO: check
CVE-2026-26276 (Gogs is an open source self-hosted Git service. Prior to
version 0.14. ...)
- TODO: check
+ NOT-FOR-US: Go Git Service
CVE-2026-26196 (Gogs is an open source self-hosted Git service. Prior to
version 0.14. ...)
- TODO: check
+ NOT-FOR-US: Go Git Service
CVE-2026-26195 (Gogs is an open source self-hosted Git service. Prior to
version 0.14. ...)
- TODO: check
+ NOT-FOR-US: Go Git Service
CVE-2026-26194 (Gogs is an open source self-hosted Git service. Prior to
version 0.14. ...)
- TODO: check
+ NOT-FOR-US: Go Git Service
CVE-2026-26022 (Gogs is an open source self-hosted Git service. Prior to
version 0.14. ...)
- TODO: check
+ NOT-FOR-US: Go Git Service
CVE-2026-25921 (Gogs is an open source self-hosted Git service. Prior to
version 0.14. ...)
- TODO: check
+ NOT-FOR-US: Go Git Service
CVE-2026-25048 (xgrammar is an open-source library for efficient, flexible,
and portab ...)
TODO: check
CVE-2026-24457 (An unsafe parsing of OpenMQ's configuration, allows a remote
attacker ...)
@@ -210,7 +210,7 @@ CVE-2026-29052 (The Calendar module for HumHub enables
users to create one-time
CVE-2026-29045 (Hono is a Web application framework that provides support for
any Java ...)
NOT-FOR-US: Hono
CVE-2026-29000 (pac4j-jwt versions prior to 4.5.9, 5.7.9, and 6.3.3 contain an
authent ...)
- TODO: check
+ NOT-FOR-US: pac4j-jwt
CVE-2026-28552 (Out-of-bounds write vulnerability in the IMS module.Impact:
Successful ...)
NOT-FOR-US: Huawei
CVE-2026-28550 (Race condition vulnerability in the security control
module.Impact: Su ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc08eee5a3c939fa2a0139d78c624c439cfbb278
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc08eee5a3c939fa2a0139d78c624c439cfbb278
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
