[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Mar 18 09:12:19 GMT 2026 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c810087a by Moritz Muehlenhoff at 2026-03-18T10:12:01+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -38,7 +38,7 @@ CVE-2026-32608 (Glances is an open-source system cross-platform monitoring tool.
 	NOTE: https://github.com/nicolargo/glances/security/advisories/GHSA-vcv2-q258-wrg7
 	NOTE: https://github.com/nicolargo/glances/commit/6f4ec53d967478e69917078e6f73f448001bf107 (v4.5.2)
 CVE-2026-32606 (IncusOS is an immutable OS image dedicated to running Incus. Prior to  ...)
-	TODO: check
+	NOT-FOR-US: IncusOS
 CVE-2026-32596 (Glances is an open-source system cross-platform monitoring tool. Prior ...)
 	- glances <unfixed>
 	NOTE: https://github.com/nicolargo/glances/security/advisories/GHSA-wvxv-4j8q-4wjq
@@ -50,13 +50,13 @@ CVE-2026-32266 (The Google Cloud Storage for Craft CMS plugin provides a Google
 CVE-2026-32265 (The Amazon S3 for Craft CMS plugin provides an Amazon S3 integration f ...)
 	NOT-FOR-US: Craft CMS plugin
 CVE-2026-32256 (music-metadata is a metadata parser for audio and video media files. P ...)
-	TODO: check
+	NOT-FOR-US: Node music-metadata
 CVE-2026-32254 (Kube-router is a turnkey solution for Kubernetes networking. Prior to  ...)
 	NOT-FOR-US: Kube-router
 CVE-2026-31938 (jsPDF is a library to generate PDFs in JavaScript. Prior to version 4. ...)
-	TODO: check
+	- jspdf <itp> (bug #998381)
 CVE-2026-31898 (jsPDF is a library to generate PDFs in JavaScript. Prior to version 4. ...)
-	TODO: check
+	- jspdf <itp> (bug #998381)
 CVE-2026-31891 (Cockpit is a headless content management system. Any Cockpit CMS insta ...)
 	TODO: check
 CVE-2026-31865 (Elysia is a Typescript framework for request validation, type inferenc ...)
@@ -64,11 +64,11 @@ CVE-2026-31865 (Elysia is a Typescript framework for request validation, type in
 CVE-2026-30922 (pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the `pya ...)
 	TODO: check
 CVE-2026-30884 (mdjnelson/moodle-mod_customcert is a Moodle plugin for creating dynami ...)
-	TODO: check
+	NOT-FOR-US: Moodle plugin
 CVE-2026-2809 (Netskope was notified about a potential gap in its Endpoint DLP Module ...)
 	NOT-FOR-US: Netskope
 CVE-2026-29112 (DiceBear is an avatar library for designers and developers. Prior to v ...)
-	TODO: check
+	NOT-FOR-US: DiceBear
 CVE-2026-29057 (Next.js is a React framework for building full-stack web applications. ...)
 	NOT-FOR-US: Next.js
 CVE-2026-29056 (Kanboard is project management software focused on Kanban methodology. ...)
@@ -109,7 +109,7 @@ CVE-2026-27459 (pyOpenSSL is a Python wrapper around the OpenSSL library. Starti
 CVE-2026-27448 (pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in  ...)
 	TODO: check
 CVE-2026-26004 (Sentry is a developer-first error tracking and performance monitoring  ...)
-	TODO: check
+	NOT-FOR-US: Sentry
 CVE-2026-26001 (The GLPI Inventory Plugin handles network discovery, inventory, softwa ...)
 	NOT-FOR-US: GLPI plugin
 CVE-2026-25937 (GLPI is a free Asset and IT management software package. Starting in v ...)
@@ -121,21 +121,21 @@ CVE-2026-22729 (A JSONPath injection vulnerability in Spring AI's AbstractFilter
 CVE-2026-22727 (Unprotected internal endpoints in Cloud Foundry Capi Release 1.226.0 a ...)
 	TODO: check
 CVE-2026-22323 (A CSRF vulnerability in the Link Aggregation configuration interface a ...)
-	TODO: check
+	NOT-FOR-US: Phoenix Contact
 CVE-2026-22322 (A stored cross\u2011site scripting (XSS) vulnerability in the Link Agg ...)
-	TODO: check
+	NOT-FOR-US: Phoenix Contact
 CVE-2026-22321 (A stack-based buffer overflow in the device's Telnet/SSH CLI login rou ...)
-	TODO: check
+	NOT-FOR-US: Phoenix Contact
 CVE-2026-22320 (A stack-based buffer overflow in the CLI's TFTP file\u2011transfer com ...)
-	TODO: check
+	NOT-FOR-US: Phoenix Contact
 CVE-2026-22319 (A stack-based buffer overflow in the device's file installation workfl ...)
-	TODO: check
+	NOT-FOR-US: Phoenix Contact
 CVE-2026-22318 (A stack-based buffer overflow vulnerability in the device's file trans ...)
-	TODO: check
+	NOT-FOR-US: Phoenix Contact
 CVE-2026-22317 (A command injection vulnerability in the device\u2019s Root CA certifi ...)
-	TODO: check
+	NOT-FOR-US: Phoenix Contact
 CVE-2026-22316 (A remote attacker with user privileges for the webUI can use the setti ...)
-	TODO: check
+	NOT-FOR-US: Phoenix Contact
 CVE-2026-22217 (OpenClaw version 2026.2.22 prior to 2026.2.23 contain an arbitrary cod ...)
 	NOT-FOR-US: OpenClaw
 CVE-2026-22181 (OpenClaw versions prior to 2026.3.2 contain a DNS pinning bypass vulne ...)
@@ -161,7 +161,7 @@ CVE-2026-22169 (OpenClaw versions prior to 2026.2.22 contain an allowlist bypass
 CVE-2026-22168 (OpenClaw versions prior to 2026.2.21 contain an approval-integrity mis ...)
 	NOT-FOR-US: OpenClaw
 CVE-2026-21994 (Vulnerability in the Oracle Edge Cloud Infrastructure Designer and Vis ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2026-20643 (A cross-origin issue in the Navigation API was addressed with improved ...)
 	NOT-FOR-US: Apple
 CVE-2026-1926 (The Subscriptions for WooCommerce plugin for WordPress is vulnerable t ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c810087ae3ba26efeb439ff083bd28b4d99d74e4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c810087ae3ba26efeb439ff083bd28b4d99d74e4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260318/857dc778/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list