[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Mar 18 09:00:12 GMT 2026 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0b0e1570 by Moritz Muehlenhoff at 2026-03-18T09:59:54+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2026-4366 (A flaw was identified in Keycloak, an identity and access management s ...)
-	TODO: check
+	- keycloak <itp> (bug #1088287)
 CVE-2026-4356 (A flaw has been found in itsourcecode University Management System 1.0 ...)
 	NOT-FOR-US: itsourcecode System
 CVE-2026-4355 (A vulnerability was detected in Portabilis i-Educar 2.11. This impacts ...)
@@ -7,7 +7,7 @@ CVE-2026-4355 (A vulnerability was detected in Portabilis i-Educar 2.11. This im
 CVE-2026-4354 (A vulnerability was identified in TRENDnet TEW-824DRU 1.010B01/1.04B01 ...)
 	NOT-FOR-US: TRENDnet
 CVE-2026-4349 (A vulnerability was determined in Duende IdentityServer 4. The affecte ...)
-	TODO: check
+	NOT-FOR-US: Duende IdentityServer
 CVE-2026-4268 (The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulne ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-3856 (IBM Db2 Recovery Expert for Linux, UNIX and Windows 5.5 IF 2 could all ...)
@@ -23,15 +23,15 @@ CVE-2026-33187
 CVE-2026-33058 (Kanboard is project management software focused on Kanban methodology. ...)
 	TODO: check
 CVE-2026-32842 (Edimax GS-5008PL firmware version 1.00.54 and prior contain an insecur ...)
-	TODO: check
+	NOT-FOR-US: Edimax
 CVE-2026-32841 (Edimax GS-5008PL firmware version 1.00.54 and prior contain an authent ...)
-	TODO: check
+	NOT-FOR-US: Edimax
 CVE-2026-32840 (Edimax GS-5008PL firmware version 1.00.54 and prior contain a stored c ...)
-	TODO: check
+	NOT-FOR-US: Edimax
 CVE-2026-32839 (Edimax GS-5008PL firmware version 1.00.54 and prior contain a cross-si ...)
-	TODO: check
+	NOT-FOR-US: Edimax
 CVE-2026-32838 (Edimax GS-5008PL firmware version 1.00.54 and prior use cleartext HTTP ...)
-	TODO: check
+	NOT-FOR-US: Edimax
 CVE-2026-32608 (Glances is an open-source system cross-platform monitoring tool. The G ...)
 	TODO: check
 CVE-2026-32606 (IncusOS is an immutable OS image dedicated to running Incus. Prior to  ...)
@@ -39,15 +39,15 @@ CVE-2026-32606 (IncusOS is an immutable OS image dedicated to running Incus. Pri
 CVE-2026-32596 (Glances is an open-source system cross-platform monitoring tool. Prior ...)
 	TODO: check
 CVE-2026-32268 (The Azure Blob Storage for Craft CMS plugin provides an Azure Blob Sto ...)
-	TODO: check
+	NOT-FOR-US: Craft CMS plugin
 CVE-2026-32266 (The Google Cloud Storage for Craft CMS plugin provides a Google Cloud  ...)
-	TODO: check
+	NOT-FOR-US: Craft CMS plugin
 CVE-2026-32265 (The Amazon S3 for Craft CMS plugin provides an Amazon S3 integration f ...)
-	TODO: check
+	NOT-FOR-US: Craft CMS plugin
 CVE-2026-32256 (music-metadata is a metadata parser for audio and video media files. P ...)
 	TODO: check
 CVE-2026-32254 (Kube-router is a turnkey solution for Kubernetes networking. Prior to  ...)
-	TODO: check
+	NOT-FOR-US: Kube-router
 CVE-2026-31938 (jsPDF is a library to generate PDFs in JavaScript. Prior to version 4. ...)
 	TODO: check
 CVE-2026-31898 (jsPDF is a library to generate PDFs in JavaScript. Prior to version 4. ...)
@@ -55,7 +55,7 @@ CVE-2026-31898 (jsPDF is a library to generate PDFs in JavaScript. Prior to vers
 CVE-2026-31891 (Cockpit is a headless content management system. Any Cockpit CMS insta ...)
 	TODO: check
 CVE-2026-31865 (Elysia is a Typescript framework for request validation, type inferenc ...)
-	TODO: check
+	NOT-FOR-US: Elysia
 CVE-2026-30922 (pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the `pya ...)
 	TODO: check
 CVE-2026-30884 (mdjnelson/moodle-mod_customcert is a Moodle plugin for creating dynami ...)
@@ -69,9 +69,9 @@ CVE-2026-29057 (Next.js is a React framework for building full-stack web applica
 CVE-2026-29056 (Kanboard is project management software focused on Kanban methodology. ...)
 	TODO: check
 CVE-2026-28674 (xiaoheiFS is a self-hosted financial and operational system for cloud  ...)
-	TODO: check
+	NOT-FOR-US: xiaoheiFS
 CVE-2026-28673 (xiaoheiFS is a self-hosted financial and operational system for cloud  ...)
-	TODO: check
+	NOT-FOR-US: xiaoheiFS
 CVE-2026-28500 (Open Neural Network Exchange (ONNX) is an open standard for machine le ...)
 	TODO: check
 CVE-2026-28499 (LeafKit is a templating language with Swift-inspired syntax. Prior to  ...)
@@ -89,7 +89,7 @@ CVE-2026-27895 (LDAP Account Manager (LAM) is a webfrontend for managing entries
 CVE-2026-27894 (LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. ...)
 	TODO: check
 CVE-2026-27811 (Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Kee ...)
-	TODO: check
+	NOT-FOR-US: Roxy-WI
 CVE-2026-27545 (OpenClaw versions prior to 2026.2.26 contain an approval bypass vulner ...)
 	NOT-FOR-US: OpenClaw
 CVE-2026-27524 (OpenClaw versions prior to 2026.2.21 accept prototype-reserved keys in ...)
@@ -105,9 +105,9 @@ CVE-2026-27448 (pyOpenSSL is a Python wrapper around the OpenSSL library. Starti
 CVE-2026-26004 (Sentry is a developer-first error tracking and performance monitoring  ...)
 	TODO: check
 CVE-2026-26001 (The GLPI Inventory Plugin handles network discovery, inventory, softwa ...)
-	TODO: check
+	NOT-FOR-US: GLPI plugin
 CVE-2026-25937 (GLPI is a free Asset and IT management software package. Starting in v ...)
-	TODO: check
+	- glpi <removed>
 CVE-2026-22730 (A critical SQL injection vulnerability in Spring AI's MariaDBFilterExp ...)
 	TODO: check
 CVE-2026-22729 (A JSONPath injection vulnerability in Spring AI's AbstractFilterExpres ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b0e15705e8f04db896382cc8594c3c8fcd29f5f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b0e15705e8f04db896382cc8594c3c8fcd29f5f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260318/101bc607/attachment.htm>

More information about the debian-security-tracker-commits mailing list