[Git][security-tracker-team/security-tracker][master] Process new NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Mar 10 20:39:56 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ae2e6206 by Salvatore Bonaccorso at 2026-03-10T21:39:15+01:00
Process new NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -12,7 +12,7 @@ CVE-2026-3845 (Heap buffer overflow in the Audio/Video: Playback component in Fi
- firefox <not-affected> (Only affects Firefox on Android)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-19/#CVE-2026-3845
CVE-2026-3843 (Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 on L ...)
- TODO: check
+ NOT-FOR-US: Nefteprodukttekhnika BUK TS-G Gas Station Automation System
CVE-2026-3582 (An Incorrect Authorization vulnerability was identified in GitHub Ente ...)
NOT-FOR-US: Github Enterprise Server
CVE-2026-3483 (An exposed dangerous method in Ivanti DSM before version 2026.1.1 allo ...)
@@ -20,83 +20,83 @@ CVE-2026-3483 (An exposed dangerous method in Ivanti DSM before version 2026.1.1
CVE-2026-3370
REJECTED
CVE-2026-3315 (Incorrect Default Permissions, : Execution with Unnecessary Privileges ...)
- TODO: check
+ NOT-FOR-US: Visionline
CVE-2026-3306 (An improper authorization vulnerability was identified in GitHub Enter ...)
NOT-FOR-US: Github Enterprise Server
CVE-2026-3228 (The NextScripts: Social Networks Auto-Poster plugin for WordPress is v ...)
NOT-FOR-US: WordPress plugin
CVE-2026-31797 (iccDEV provides a set of libraries and tools for working with ICC colo ...)
- TODO: check
+ NOT-FOR-US: iccDEV
CVE-2026-31796 (iccDEV provides a set of libraries and tools for working with ICC colo ...)
- TODO: check
+ NOT-FOR-US: iccDEV
CVE-2026-31795 (iccDEV provides a set of libraries and tools for working with ICC colo ...)
- TODO: check
+ NOT-FOR-US: iccDEV
CVE-2026-31794 (iccDEV provides a set of libraries and tools for working with ICC colo ...)
- TODO: check
+ NOT-FOR-US: iccDEV
CVE-2026-31793 (iccDEV provides a set of libraries and tools for working with ICC colo ...)
- TODO: check
+ NOT-FOR-US: iccDEV
CVE-2026-31792 (iccDEV provides a set of libraries and tools for working with ICC colo ...)
- TODO: check
+ NOT-FOR-US: iccDEV
CVE-2026-30987 (iccDEV provides a set of libraries and tools for working with ICC colo ...)
- TODO: check
+ NOT-FOR-US: iccDEV
CVE-2026-30986 (iccDEV provides a set of libraries and tools for working with ICC colo ...)
- TODO: check
+ NOT-FOR-US: iccDEV
CVE-2026-30985 (iccDEV provides a set of libraries and tools for working with ICC colo ...)
- TODO: check
+ NOT-FOR-US: iccDEV
CVE-2026-30984 (iccDEV provides a set of libraries and tools for working with ICC colo ...)
- TODO: check
+ NOT-FOR-US: iccDEV
CVE-2026-30983 (iccDEV provides a set of libraries and tools for working with ICC colo ...)
- TODO: check
+ NOT-FOR-US: iccDEV
CVE-2026-30982 (iccDEV provides a set of libraries and tools for working with ICC colo ...)
- TODO: check
+ NOT-FOR-US: iccDEV
CVE-2026-30981 (iccDEV provides a set of libraries and tools for working with ICC colo ...)
- TODO: check
+ NOT-FOR-US: iccDEV
CVE-2026-30980 (iccDEV provides a set of libraries and tools for working with ICC colo ...)
- TODO: check
+ NOT-FOR-US: iccDEV
CVE-2026-30979 (iccDEV provides a set of libraries and tools for working with ICC colo ...)
- TODO: check
+ NOT-FOR-US: iccDEV
CVE-2026-30978 (iccDEV provides a set of libraries and tools for working with ICC colo ...)
- TODO: check
+ NOT-FOR-US: iccDEV
CVE-2026-30977 (RenderBlocking is a MediaWiki extension that allows interface administ ...)
TODO: check
CVE-2026-30974 (Copyparty is a portable file server. Prior to v1.20.11., the nohtml co ...)
- TODO: check
+ NOT-FOR-US: Copyparty
CVE-2026-30973 (Appium is an automation framework that provides WebDriver-based automa ...)
- TODO: check
+ NOT-FOR-US: Appium
CVE-2026-30970 (Coral Server is open collaboration infrastructure that enables communi ...)
- TODO: check
+ NOT-FOR-US: Coral Server
CVE-2026-30969 (Coral Server is open collaboration infrastructure that enables communi ...)
- TODO: check
+ NOT-FOR-US: Coral Server
CVE-2026-30968 (Coral Server is open collaboration infrastructure that enables communi ...)
- TODO: check
+ NOT-FOR-US: Coral Server
CVE-2026-30964 (web-auth/webauthn-lib is an open source set of PHP libraries and a Sym ...)
TODO: check
CVE-2026-30960 (rssn is a scientific computing library for Rust, combining a high-perf ...)
TODO: check
CVE-2026-30959 (OneUptime is a solution for monitoring and managing online services. T ...)
- TODO: check
+ NOT-FOR-US: OneUptime
CVE-2026-30958 (OneUptime is a solution for monitoring and managing online services. P ...)
- TODO: check
+ NOT-FOR-US: OneUptime
CVE-2026-30957 (OneUptime is a solution for monitoring and managing online services. P ...)
- TODO: check
+ NOT-FOR-US: OneUptime
CVE-2026-30956 (OneUptime is a solution for monitoring and managing online services. P ...)
- TODO: check
+ NOT-FOR-US: OneUptime
CVE-2026-30945 (StudioCMS is a server-side-rendered, Astro native, headless content ma ...)
- TODO: check
+ NOT-FOR-US: StudioCMS
CVE-2026-30944 (StudioCMS is a server-side-rendered, Astro native, headless content ma ...)
- TODO: check
+ NOT-FOR-US: StudioCMS
CVE-2026-30942 (Flare is a Next.js-based, self-hostable file sharing platform that int ...)
NOT-FOR-US: Next.js
CVE-2026-30941 (Parse Server is an open source backend that can be deployed to any inf ...)
- TODO: check
+ NOT-FOR-US: Parse Server
CVE-2026-30939 (Parse Server is an open source backend that can be deployed to any inf ...)
- TODO: check
+ NOT-FOR-US: Parse Server
CVE-2026-30938 (Parse Server is an open source backend that can be deployed to any inf ...)
- TODO: check
+ NOT-FOR-US: Parse Server
CVE-2026-30934 (FileBrowser Quantum is a free, self-hosted, web-based file manager. Pr ...)
- TODO: check
+ NOT-FOR-US: FileBrowser Quantum
CVE-2026-30933 (FileBrowser Quantum is a free, self-hosted, web-based file manager. Pr ...)
- TODO: check
+ NOT-FOR-US: FileBrowser Quantum
CVE-2026-30930 (Glances is an open-source system cross-platform monitoring tool. Prior ...)
TODO: check
CVE-2026-30928 (Glances is an open-source system cross-platform monitoring tool. Prior ...)
@@ -118,21 +118,21 @@ CVE-2026-2273 (CWE-94: Improper Control of Generation of Code ('Code Injection')
CVE-2026-2266 (An improper neutralization of input vulnerability was identified in Gi ...)
NOT-FOR-US: Github Enterprise Server
CVE-2026-29177 (Craft Commerce is an ecommerce platform for Craft CMS. Prior to 4.10.2 ...)
- TODO: check
+ NOT-FOR-US: Craft Commerce
CVE-2026-29176 (Craft Commerce is an ecommerce platform for Craft CMS. Prior to 5.5.3, ...)
- TODO: check
+ NOT-FOR-US: Craft Commerce
CVE-2026-29175 (Craft Commerce is an ecommerce platform for Craft CMS. Prior to 5.5.3, ...)
- TODO: check
+ NOT-FOR-US: Craft Commerce
CVE-2026-29174 (Craft Commerce is an ecommerce platform for Craft CMS. Prior to 5.5.3, ...)
- TODO: check
+ NOT-FOR-US: Craft Commerce
CVE-2026-29173 (Craft Commerce is an ecommerce platform for Craft CMS. Prior to 4.10.2 ...)
- TODO: check
+ NOT-FOR-US: Craft Commerce
CVE-2026-29172 (Craft Commerce is an ecommerce platform for Craft CMS. Prior to 4.10.2 ...)
- TODO: check
+ NOT-FOR-US: Craft Commerce
CVE-2026-29113 (Craft is a content management system (CMS). Prior to 4.17.4 and 5.9.7, ...)
- TODO: check
+ NOT-FOR-US: Craft CMS
CVE-2026-28495 (GetSimple CMS is a content management system. The massiveAdmin plugin ...)
- TODO: check
+ NOT-FOR-US: GetSimple CMS
CVE-2026-28292 (`simple-git`, an interface for running git commands in any node.js app ...)
TODO: check
CVE-2026-27826 (MCP Atlassian is a Model Context Protocol (MCP) server for Atlassian p ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ae2e6206eef66d025678c2151fd732971927f0e1
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ae2e6206eef66d025678c2151fd732971927f0e1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260310/9ed6a2c2/attachment.htm>
More information about the debian-security-tracker-commits
mailing list