[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Mar 18 08:14:09 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
410a0977 by security tracker role at 2026-03-18T08:14:01+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,181 @@
+CVE-2026-4366 (A flaw was identified in Keycloak, an identity and access management s ...)
+ TODO: check
+CVE-2026-4356 (A flaw has been found in itsourcecode University Management System 1.0 ...)
+ TODO: check
+CVE-2026-4355 (A vulnerability was detected in Portabilis i-Educar 2.11. This impacts ...)
+ TODO: check
+CVE-2026-4354 (A vulnerability was identified in TRENDnet TEW-824DRU 1.010B01/1.04B01 ...)
+ TODO: check
+CVE-2026-4349 (A vulnerability was determined in Duende IdentityServer 4. The affecte ...)
+ TODO: check
+CVE-2026-4268 (The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulne ...)
+ TODO: check
+CVE-2026-3856 (IBM Db2 Recovery Expert for Linux, UNIX and Windows 5.5 IF 2 could all ...)
+ TODO: check
+CVE-2026-3512 (The Writeprint Stylometry plugin for WordPress is vulnerable to Reflec ...)
+ TODO: check
+CVE-2026-33189
+ REJECTED
+CVE-2026-33188
+ REJECTED
+CVE-2026-33187
+ REJECTED
+CVE-2026-33058 (Kanboard is project management software focused on Kanban methodology. ...)
+ TODO: check
+CVE-2026-32842 (Edimax GS-5008PL firmware version 1.00.54 and prior contain an insecur ...)
+ TODO: check
+CVE-2026-32841 (Edimax GS-5008PL firmware version 1.00.54 and prior contain an authent ...)
+ TODO: check
+CVE-2026-32840 (Edimax GS-5008PL firmware version 1.00.54 and prior contain a stored c ...)
+ TODO: check
+CVE-2026-32839 (Edimax GS-5008PL firmware version 1.00.54 and prior contain a cross-si ...)
+ TODO: check
+CVE-2026-32838 (Edimax GS-5008PL firmware version 1.00.54 and prior use cleartext HTTP ...)
+ TODO: check
+CVE-2026-32608 (Glances is an open-source system cross-platform monitoring tool. The G ...)
+ TODO: check
+CVE-2026-32606 (IncusOS is an immutable OS image dedicated to running Incus. Prior to ...)
+ TODO: check
+CVE-2026-32596 (Glances is an open-source system cross-platform monitoring tool. Prior ...)
+ TODO: check
+CVE-2026-32268 (The Azure Blob Storage for Craft CMS plugin provides an Azure Blob Sto ...)
+ TODO: check
+CVE-2026-32266 (The Google Cloud Storage for Craft CMS plugin provides a Google Cloud ...)
+ TODO: check
+CVE-2026-32265 (The Amazon S3 for Craft CMS plugin provides an Amazon S3 integration f ...)
+ TODO: check
+CVE-2026-32256 (music-metadata is a metadata parser for audio and video media files. P ...)
+ TODO: check
+CVE-2026-32254 (Kube-router is a turnkey solution for Kubernetes networking. Prior to ...)
+ TODO: check
+CVE-2026-31938 (jsPDF is a library to generate PDFs in JavaScript. Prior to version 4. ...)
+ TODO: check
+CVE-2026-31898 (jsPDF is a library to generate PDFs in JavaScript. Prior to version 4. ...)
+ TODO: check
+CVE-2026-31891 (Cockpit is a headless content management system. Any Cockpit CMS insta ...)
+ TODO: check
+CVE-2026-31865 (Elysia is a Typescript framework for request validation, type inferenc ...)
+ TODO: check
+CVE-2026-30922 (pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the `pya ...)
+ TODO: check
+CVE-2026-30884 (mdjnelson/moodle-mod_customcert is a Moodle plugin for creating dynami ...)
+ TODO: check
+CVE-2026-2809 (Netskope was notified about a potential gap in its Endpoint DLP Module ...)
+ TODO: check
+CVE-2026-29112 (DiceBear is an avatar library for designers and developers. Prior to v ...)
+ TODO: check
+CVE-2026-29057 (Next.js is a React framework for building full-stack web applications. ...)
+ TODO: check
+CVE-2026-29056 (Kanboard is project management software focused on Kanban methodology. ...)
+ TODO: check
+CVE-2026-28674 (xiaoheiFS is a self-hosted financial and operational system for cloud ...)
+ TODO: check
+CVE-2026-28673 (xiaoheiFS is a self-hosted financial and operational system for cloud ...)
+ TODO: check
+CVE-2026-28500 (Open Neural Network Exchange (ONNX) is an open standard for machine le ...)
+ TODO: check
+CVE-2026-28499 (LeafKit is a templating language with Swift-inspired syntax. Prior to ...)
+ TODO: check
+CVE-2026-27980 (Next.js is a React framework for building full-stack web applications. ...)
+ TODO: check
+CVE-2026-27979 (Next.js is a React framework for building full-stack web applications. ...)
+ TODO: check
+CVE-2026-27978 (Next.js is a React framework for building full-stack web applications. ...)
+ TODO: check
+CVE-2026-27977 (Next.js is a React framework for building full-stack web applications. ...)
+ TODO: check
+CVE-2026-27895 (LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. ...)
+ TODO: check
+CVE-2026-27894 (LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. ...)
+ TODO: check
+CVE-2026-27811 (Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Kee ...)
+ TODO: check
+CVE-2026-27545 (OpenClaw versions prior to 2026.2.26 contain an approval bypass vulner ...)
+ TODO: check
+CVE-2026-27524 (OpenClaw versions prior to 2026.2.21 accept prototype-reserved keys in ...)
+ TODO: check
+CVE-2026-27523 (OpenClaw versions prior to 2026.2.24 contain a sandbox bind validation ...)
+ TODO: check
+CVE-2026-27522 (OpenClaw versions prior to 2026.2.24 contain a local media root bypass ...)
+ TODO: check
+CVE-2026-27459 (pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in ...)
+ TODO: check
+CVE-2026-27448 (pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in ...)
+ TODO: check
+CVE-2026-26004 (Sentry is a developer-first error tracking and performance monitoring ...)
+ TODO: check
+CVE-2026-26001 (The GLPI Inventory Plugin handles network discovery, inventory, softwa ...)
+ TODO: check
+CVE-2026-25937 (GLPI is a free Asset and IT management software package. Starting in v ...)
+ TODO: check
+CVE-2026-22730 (A critical SQL injection vulnerability in Spring AI's MariaDBFilterExp ...)
+ TODO: check
+CVE-2026-22729 (A JSONPath injection vulnerability in Spring AI's AbstractFilterExpres ...)
+ TODO: check
+CVE-2026-22727 (Unprotected internal endpoints in Cloud Foundry Capi Release 1.226.0 a ...)
+ TODO: check
+CVE-2026-22323 (A CSRF vulnerability in the Link Aggregation configuration interface a ...)
+ TODO: check
+CVE-2026-22322 (A stored cross\u2011site scripting (XSS) vulnerability in the Link Agg ...)
+ TODO: check
+CVE-2026-22321 (A stack-based buffer overflow in the device's Telnet/SSH CLI login rou ...)
+ TODO: check
+CVE-2026-22320 (A stack-based buffer overflow in the CLI's TFTP file\u2011transfer com ...)
+ TODO: check
+CVE-2026-22319 (A stack-based buffer overflow in the device's file installation workfl ...)
+ TODO: check
+CVE-2026-22318 (A stack-based buffer overflow vulnerability in the device's file trans ...)
+ TODO: check
+CVE-2026-22317 (A command injection vulnerability in the device\u2019s Root CA certifi ...)
+ TODO: check
+CVE-2026-22316 (A remote attacker with user privileges for the webUI can use the setti ...)
+ TODO: check
+CVE-2026-22217 (OpenClaw version 2026.2.22 prior to 2026.2.23 contain an arbitrary cod ...)
+ TODO: check
+CVE-2026-22181 (OpenClaw versions prior to 2026.3.2 contain a DNS pinning bypass vulne ...)
+ TODO: check
+CVE-2026-22180 (OpenClaw versions prior to 2026.3.2 contain a path-confinement bypass ...)
+ TODO: check
+CVE-2026-22179 (OpenClaw versions prior to 2026.2.22 in macOS node-host system.run con ...)
+ TODO: check
+CVE-2026-22178 (OpenClaw versions prior to 2026.2.19 construct RegExp objects directly ...)
+ TODO: check
+CVE-2026-22177 (OpenClaw versions prior to 2026.2.21 fail to filter dangerous process- ...)
+ TODO: check
+CVE-2026-22175 (OpenClaw versions prior to 2026.2.23 contain an exec approval bypass v ...)
+ TODO: check
+CVE-2026-22174 (OpenClaw versions prior to 2026.2.22 inject the x-OpenClaw-relay-token ...)
+ TODO: check
+CVE-2026-22171 (OpenClaw versions prior to 2026.2.19 contain a path traversal vulnerab ...)
+ TODO: check
+CVE-2026-22170 (OpenClaw versions prior to 2026.2.22 with the optional BlueBubbles plu ...)
+ TODO: check
+CVE-2026-22169 (OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulne ...)
+ TODO: check
+CVE-2026-22168 (OpenClaw versions prior to 2026.2.21 contain an approval-integrity mis ...)
+ TODO: check
+CVE-2026-21994 (Vulnerability in the Oracle Edge Cloud Infrastructure Designer and Vis ...)
+ TODO: check
+CVE-2026-20643 (A cross-origin issue in the Navigation API was addressed with improved ...)
+ TODO: check
+CVE-2026-1926 (The Subscriptions for WooCommerce plugin for WordPress is vulnerable t ...)
+ TODO: check
+CVE-2026-1780 (The [CR]Paid Link Manager plugin for WordPress is vulnerable to Reflec ...)
+ TODO: check
+CVE-2026-1376 (IBM i 7.6 could allow a remote attacker to cause a denial of service u ...)
+ TODO: check
+CVE-2026-1267 (IBM Planning Analytics Local 2.1.0 through 2.1.17 could allow an unaut ...)
+ TODO: check
+CVE-2026-1264 (IBM Sterling B2B Integratorand IBM Sterling File Gateway6.1.0.0 throug ...)
+ TODO: check
+CVE-2025-31703 (A vulnerability found in Dahua NVR/XVR device. A third-party malicious ...)
+ TODO: check
+CVE-2025-15363 (The Get Use APIs WordPress plugin before 2.0.10 executes imported JSO ...)
+ TODO: check
+CVE-2025-14806 (IBM Planning Analytics Local 2.1.0 through 2.1.17 could allow an attac ...)
+ TODO: check
+CVE-2025-14031 (IBM Sterling B2B Integrator andand IBM Sterling File Gateway6.1.0.0 th ...)
+ TODO: check
CVE-2026-3312
- pagure <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2443259
@@ -4576,9 +4754,9 @@ CVE-2026-27137 (When verifying a certificate chain which contains a certificate
NOTE: Fixed by: https://github.com/golang/go/commit/a761c9ff70fec8e1089897eebd104a8f31cff2d3 (go1.26.1)
CVE-2026-3234 (A flaw was found in mod_proxy_cluster. This vulnerability, a Carriage ...)
- libapache2-mod-cluster <itp> (bug #731410)
-CVE-2026-2603
+CVE-2026-2603 (A flaw was found in Keycloak. A remote attacker could bypass security ...)
- keycloak <itp> (bug #1088287)
-CVE-2026-2092
+CVE-2026-2092 (A flaw was found in Keycloak. Keycloak's Security Assertion Markup Lan ...)
- keycloak <itp> (bug #1088287)
CVE-2026-3616 (A vulnerability was detected in DefaultFuction Jeson Customer Relation ...)
NOT-FOR-US: Jeson Customer Relationship Management System
@@ -12532,7 +12710,7 @@ CVE-2026-2604
- evolution-data-server 3.56.2-8 (bug #1128332)
NOTE: https://gitlab.gnome.org/GNOME/evolution-data-server/-/issues/627
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/evolution-data-server/-/commit/afa12b6ba502e5acaa431415aa3b939ddb377382
-CVE-2026-2575
+CVE-2026-2575 (A flaw was found in Keycloak. An unauthenticated remote attacker can t ...)
- keycloak <itp> (bug #1088287)
CVE-2026-2574
- glib-networking <unfixed> (unimportant)
@@ -170395,6 +170573,7 @@ CVE-2024-49393 (In neomutt and mutt, the To and Cc email headers are not validat
NOTE: Reading protected value since: https://github.com/neomutt/neomutt/commit/06f8ff5a97ecc4763d52f75b9aedf80578fe1404 (20241002)
NOTE: Protected headers introduced in mutt 1.12
CVE-2024-11079 (A flaw was found in Ansible-Core. This vulnerability allows attackers ...)
+ {DLA-4502-1}
- ansible-core 2.18.0-2 (bug #1088106)
[bookworm] - ansible-core 2.14.18-0+deb12u1
- ansible 5.4.0-1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/410a09775f72b4fa3ae1c3548d5d53961e719439
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/410a09775f72b4fa3ae1c3548d5d53961e719439
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260318/a9450710/attachment.htm>
More information about the debian-security-tracker-commits
mailing list