[Git][security-tracker-team/security-tracker][master] automatic update

Tue Mar 17 08:13:28 GMT 2026


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
623a0044 by security tracker role at 2026-03-17T08:13:20+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,42 @@
-CVE-2026-4177 [heap buffer overflow in the YAML emitter]
+CVE-2026-4312 (GCB/FCB Audit Software developed by DrangSoft has a Missing Authentica ...)
+	TODO: check
+CVE-2026-4308 (A weakness has been identified in frdel/agent0ai agent-zero 0.9.7. Thi ...)
+	TODO: check
+CVE-2026-4307 (A security flaw has been discovered in frdel/agent0ai agent-zero 0.9.7 ...)
+	TODO: check
+CVE-2026-4289 (A security vulnerability has been detected in Tiandy Easy7 Integrated  ...)
+	TODO: check
+CVE-2026-4288 (A weakness has been identified in Tiandy Easy7 Integrated Management P ...)
+	TODO: check
+CVE-2026-4287 (A security flaw has been discovered in Tiandy Easy7 Integrated Managem ...)
+	TODO: check
+CVE-2026-4285 (A vulnerability was identified in taoofagi easegen-admin up to 8f87936 ...)
+	TODO: check
+CVE-2026-4284 (A vulnerability was determined in taoofagi easegen-admin up to 8f87936 ...)
+	TODO: check
+CVE-2026-4258 (All versions of the package sjcl are vulnerable to Improper Verificati ...)
+	TODO: check
+CVE-2026-3237 (In affected versions of Octopus Server it was possible for a low privi ...)
+	TODO: check
+CVE-2026-2579 (The WowStore \u2013 Store Builder & Product Blocks for WooCommerce plu ...)
+	TODO: check
+CVE-2026-2454 (Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10. ...)
+	TODO: check
+CVE-2026-2373 (The Royal Addons for Elementor \u2013 Addons and Templates Kit for Ele ...)
+	TODO: check
+CVE-2026-29522 (ZwickRoell Test Data Management versions prior to3.0.8 contain a local ...)
+	TODO: check
+CVE-2026-26230 (Mattermost versions 10.11.x <= 10.11.10 fail to properly validate perm ...)
+	TODO: check
+CVE-2026-21991 (A DTrace component, dtprobed, allows arbitrary file creation through c ...)
+	TODO: check
+CVE-2026-1629 (Mattermost versions 10.11.x <= 10.11.10 Fail to invalidate cached perm ...)
+	TODO: check
+CVE-2025-69902 (A command injection vulnerability in the minimal_wrapper.py component  ...)
+	TODO: check
+CVE-2025-50881 (The `flow/admin/moniteur.php` script in Use It Flow administration web ...)
+	TODO: check
+CVE-2026-4177 (YAML::Syck versions through 1.36 for Perl has several potential securi ...)
 	- libyaml-syck-perl 1.36-2
 	NOTE: https://lists.security.metacpan.org/cve-announce/msg/38035745/
 	NOTE: https://github.com/cpan-authors/YAML-Syck/commit/e8844a31c8cf0052914b198fc784ed4e6b8ae69e
@@ -1470,7 +1508,7 @@ CVE-2025-66955 (Local File Inclusion in Contact Plan, E-Mail, SMS and Fax compon
 	NOT-FOR-US: Asseco SEE Live
 CVE-2025-61154 (Heap buffer overflow vulnerability in LibreDWG versions v0.13.3.7571 u ...)
 	- libredwg <itp> (bug #595191)
-CVE-2025-13913 (Inductive Automation Ignition Softwareis vulnerable to an unauthentica ...)
+CVE-2025-13913 (If an Ignition user imports an external file with a specially crafted  ...)
 	NOT-FOR-US: Inductive Automation Ignition Software
 CVE-2025-13462 (The "tarfile" module would still apply normalization of AREGTYPE (\x00 ...)
 	TODO: check
@@ -24851,7 +24889,7 @@ CVE-2026-22797 (An issue was discovered in OpenStack keystonemiddleware 10.5 thr
 	NOTE: https://www.openwall.com/lists/oss-security/2026/01/15/1
 	NOTE: https://bugs.launchpad.net/keystonemiddleware/+bug/2129018
 	NOTE: Introduced with: https://github.com/openstack/keystonemiddleware/commit/de15a610e160defb367b224258498727384d10a8 (10.5.0)
-CVE-2026-0708
+CVE-2026-0708 (A flaw was found in libucl. A remote attacker could exploit this by pr ...)
 	NOTE: https://github.com/vstakhov/libucl/issues/323
 	TODO: check if impacts security wise rspamd, which embeds libucl and uses it a compile time
 CVE-2026-0871 (A flaw was found in Keycloak. An administrator with `manage-users` per ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/623a00442a19d7288cd122b5b0b28cb59d70a80d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/623a00442a19d7288cd122b5b0b28cb59d70a80d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260317/1d73bd57/attachment-0001.htm>
