[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Mar 20 08:14:39 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0ee574da by security tracker role at 2026-03-20T08:14:30+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -7,17 +7,17 @@ CVE-2026-4476 (A vulnerability was found in Yi Technology YI Home Camera 2 2.1.1
CVE-2026-4475 (A vulnerability has been found in Yi Technology YI Home Camera 2 2.1.1 ...)
TODO: check
CVE-2026-4474 (A flaw has been found in itsourcecode University Management System 1.0 ...)
- TODO: check
+ NOT-FOR-US: itsourcecode System
CVE-2026-4473 (A vulnerability was detected in itsourcecode Online Doctor Appointment ...)
- TODO: check
+ NOT-FOR-US: itsourcecode System
CVE-2026-4472 (A security vulnerability has been detected in itsourcecode Online Froz ...)
- TODO: check
+ NOT-FOR-US: itsourcecode System
CVE-2026-4471 (A weakness has been identified in itsourcecode Online Frozen Foods Ord ...)
- TODO: check
+ NOT-FOR-US: itsourcecode System
CVE-2026-4470 (A security flaw has been discovered in itsourcecode Online Frozen Food ...)
- TODO: check
+ NOT-FOR-US: itsourcecode System
CVE-2026-4469 (A vulnerability was identified in itsourcecode Online Frozen Foods Ord ...)
- TODO: check
+ NOT-FOR-US: itsourcecode System
CVE-2026-4468 (A vulnerability was determined in Comfast CF-AC100 2.6.0.8. Affected i ...)
TODO: check
CVE-2026-4467 (A vulnerability was found in Comfast CF-AC100 2.6.0.8. This impacts an ...)
@@ -25,17 +25,17 @@ CVE-2026-4467 (A vulnerability was found in Comfast CF-AC100 2.6.0.8. This impac
CVE-2026-4466 (A vulnerability has been found in Comfast CF-AC100 2.6.0.8. This affec ...)
TODO: check
CVE-2026-4465 (A flaw has been found in D-Link DIR-513 1.10. The impacted element is ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2026-4428 (A logic error in CRL distribution point validation in AWS-LC before 1. ...)
- TODO: check
+ NOT-FOR-US: Amazon
CVE-2026-4395 (Heap-based buffer overflow in the KCAPI ECC code path of wc_ecc_import ...)
TODO: check
CVE-2026-4159 (1-byte OOB heap read in wc_PKCS7_DecodeEnvelopedData via zero-length e ...)
TODO: check
CVE-2026-4136 (The Membership Plugin \u2013 Restrict Content plugin for WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4038 (The Aimogen Pro plugin for WordPress is vulnerable to Arbitrary Functi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3948
REJECTED
CVE-2026-3849 (Stack Buffer Overflow in wc_HpkeLabeledExtract via Oversized ECH Confi ...)
@@ -49,33 +49,33 @@ CVE-2026-3230 (Missing required cryptographic step in the TLS 1.3 client HelloRe
CVE-2026-3229 (An integer overflow vulnerability existed in the static function wolfs ...)
TODO: check
CVE-2026-33410 (Discourse is an open-source discussion platform. Versions prior to 202 ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-33408 (Discourse is an open-source discussion platform. Prior to versions 202 ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-33395 (Discourse is an open-source discussion platform. Prior to versions 202 ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-33394 (Discourse is an open-source discussion platform. Prior to versions 202 ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-33393 (Discourse is an open-source discussion platform. Prior to versions 202 ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-33355 (Discourse is an open-source discussion platform. Prior to versions 202 ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-33346 (OpenEMR is a free and open source electronic health records and medica ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2026-33321 (OpenEMR is a free and open source electronic health records and medica ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2026-33305 (OpenEMR is a free and open source electronic health records and medica ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2026-33304 (OpenEMR is a free and open source electronic health records and medica ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2026-33303 (OpenEMR is a free and open source electronic health records and medica ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2026-33302 (OpenEMR is a free and open source electronic health records and medica ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2026-33301 (OpenEMR is a free and open source electronic health records and medica ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2026-33299 (OpenEMR is a free and open source electronic health records and medica ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2026-33289 (SuiteCRM is an open-source, enterprise-ready Customer Relationship Man ...)
TODO: check
CVE-2026-33288 (SuiteCRM is an open-source, enterprise-ready Customer Relationship Man ...)
@@ -157,7 +157,7 @@ CVE-2026-32941 (Sliver is a command and control framework that uses a custom Wir
CVE-2026-32940 (SiYuan is a personal knowledge management system. In versions 3.6.0 an ...)
TODO: check
CVE-2026-32939 (DataEase is an open source data visualization analysis tool. Versions ...)
- TODO: check
+ NOT-FOR-US: DataEase
CVE-2026-32938 (SiYuan is a personal knowledge management system. In versions 3.6.0 an ...)
TODO: check
CVE-2026-32937 (free5GC is an open source 5G core network. free5GC CHF prior to versio ...)
@@ -177,7 +177,7 @@ CVE-2026-32888 (Open Source Point of Sale is a web based point-of-sale applicati
CVE-2026-32881 (ewe is a Gleam web server. ewe is a Gleam web server. Versions 0.6.0 t ...)
TODO: check
CVE-2026-32880 (ChurchCRM is an open-source church management system. Versions prior t ...)
- TODO: check
+ NOT-FOR-US: ChurchCRM
CVE-2026-32875 (UltraJSON is a fast JSON encoder and decoder written in pure C with bi ...)
TODO: check
CVE-2026-32874 (UltraJSON is a fast JSON encoder and decoder written in pure C with bi ...)
@@ -259,101 +259,101 @@ CVE-2026-32191 (Improper neutralization of special elements used in an os comman
CVE-2026-32169 (Server-side request forgery (ssrf) in Azure Cloud Shell allows an unau ...)
TODO: check
CVE-2026-32114 (Discourse is an open-source discussion platform. Prior to versions 202 ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-32099 (Discourse is an open-source discussion platform. Prior to versions 202 ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-32041 (OpenClaw versions prior to 2026.3.1 fail to properly handle authentica ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32040 (OpenClaw versions prior to 2026.2.23 contain an html injection vulnera ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32039 (OpenClaw versions prior to 2026.2.22 contain an authorization bypass v ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32038 (OpenClaw before 2026.2.24 contains a sandbox network isolation bypass ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32037 (OpenClaw versions prior to 2026.2.22 fail to consistently validate red ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32036 (OpenClaw gateway plugin versions prior to 2026.2.26 contain a path tra ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32035 (OpenClaw versions prior to 2026.3.2 fail to pass the senderIsOwner fla ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32034 (OpenClaw versions prior to 2026.2.21 contain an authentication bypass ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32033 (OpenClaw versions prior to 2026.2.24 contain a path traversal vulnerab ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32032 (OpenClaw versions prior to 2026.2.22 contain an arbitrary shell execut ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32031 (OpenClaw versions prior to 2026.2.26 server-http contains an authentic ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32030 (OpenClaw versions prior to 2026.2.19 contain a path traversal vulnerab ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32029 (OpenClaw versions prior to 2026.2.21 improperly parse the left-most X- ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32028 (OpenClaw versions prior to 2026.2.25 fail to enforce dmPolicy and allo ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32027 (OpenClaw versions prior to 2026.2.26 contain an authorization bypass v ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32026 (OpenClaw versions prior to 2026.2.24 contain an improper path validati ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32025 (OpenClaw versions prior to 2026.2.25 contain an authentication hardeni ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32024 (OpenClaw versions prior to 2026.2.22 contain a symlink traversal vulne ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32023 (OpenClaw versions prior to 2026.2.24 contain an approval gating bypass ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32022 (OpenClaw versions prior to 2026.2.21 contain a stdin-only policy bypas ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32021 (OpenClaw versions prior to 2026.2.22 contain an authorization bypass v ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32020 (OpenClaw versions prior to 2026.2.22 contain a path traversal vulnerab ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32019 (OpenClaw versions prior to 2026.2.22 contain incomplete IPv4 special-u ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32018 (OpenClaw versions prior to 2026.2.19 contain a race condition vulnerab ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32017 (OpenClaw versions prior to 2026.2.19 contain an allowlist bypass vulne ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32016 (OpenClaw versions prior to 2026.2.22 on macOS contain a path validatio ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32015 (OpenClaw versions 2026.1.21 prior to 2026.2.19 contain a path hijackin ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32014 (OpenClaw versions prior to 2026.2.26 contain a metadata spoofing vulne ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32013 (OpenClaw versions prior to 2026.2.25 contain a symlink traversal vulne ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32011 (OpenClaw versions prior to 2026.3.2 contain a denial of service vulner ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32010 (OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulne ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32009 (OpenClaw versions prior to 2026.2.24 contain a policy bypass vulnerabi ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32008 (OpenClaw versions prior to 2026.2.21 contain an improper URL scheme va ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32007 (OpenClaw versions prior to 2026.2.23 contain a path traversal vulnerab ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32006 (OpenClaw versions prior to 2026.2.26 contain an authorization bypass v ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32005 (OpenClaw versions prior to 2026.2.25 fail to enforce sender authorizat ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32004 (OpenClaw versions prior to 2026.3.2 contain an authentication bypass v ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32003 (OpenClaw versions prior to 2026.2.22 contain an environment variable i ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32002 (OpenClaw versions prior to 2026.2.23 contain a sandbox bypass vulnerab ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32001 (OpenClaw versions prior to 2026.2.22 contain an authentication bypass ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-31869 (Discourse is an open-source discussion platform. Prior to versions 202 ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-31805 (Discourse is an open-source discussion platform. Prior to versions 202 ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-30924 (qui is a web interface for managing qBittorrent instances. Versions 1. ...)
TODO: check
CVE-2026-30891 (Discourse is an open-source discussion platform. Prior to versions 202 ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-30889 (Discourse is an open-source discussion platform. Prior to versions 202 ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-30888 (Discourse is an open-source discussion platform. Versions prior to 202 ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-30836 (Step CA is an online certificate authority for secure, automated certi ...)
TODO: check
CVE-2026-29189 (SuiteCRM is an open-source, enterprise-ready Customer Relationship Man ...)
@@ -387,27 +387,27 @@ CVE-2026-29097 (SuiteCRM is an open-source, enterprise-ready Customer Relationsh
CVE-2026-29096 (SuiteCRM is an open-source, enterprise-ready Customer Relationship Man ...)
TODO: check
CVE-2026-29072 (Discourse is an open-source discussion platform. Prior to versions 202 ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-28282 (Discourse is an open-source discussion platform. Versions prior to 202 ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-27953 (ormar is a async mini ORM for Python. Versions 0.23.0 and below are vu ...)
TODO: check
CVE-2026-27936 (Discourse is an open-source discussion platform. Prior to versions 202 ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-27935 (Discourse is an open-source discussion platform. Versions prior to 202 ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-27934 (Discourse is an open-source discussion platform. Versions prior to 202 ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-27740 (Discourse is an open-source discussion platform. Versions prior to 202 ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-27570 (Discourse is an open-source discussion platform. Prior to versions 202 ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-27491 (Discourse is an open-source discussion platform. Prior to versions 202 ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-27454 (Discourse is an open-source discussion platform. Prior to versions 202 ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-27166 (Discourse is an open source discussion platform. Prior to versions 202 ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-26139 (Server-side request forgery (ssrf) in Microsoft Purview allows an unau ...)
TODO: check
CVE-2026-26138 (Server-side request forgery (ssrf) in Microsoft Purview allows an unau ...)
@@ -419,7 +419,7 @@ CVE-2026-26136 (Improper neutralization of special elements used in a command ('
CVE-2026-26120 (Server-side request forgery (ssrf) in Microsoft Bing allows an unautho ...)
TODO: check
CVE-2026-24299 (Improper neutralization of special elements used in a command ('comman ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-23659 (Exposure of sensitive information to an unauthorized actor in Azure Da ...)
TODO: check
CVE-2026-23658 (Insufficiently protected credentials in Azure DevOps allows an unautho ...)
@@ -433,7 +433,7 @@ CVE-2026-22733 (Spring Boot applications with Actuator can be vulnerable to an "
CVE-2026-22732 (When applications specify HTTP response headers for servlet applicatio ...)
TODO: check
CVE-2026-22731 (Spring Boot applications with Actuator can be vulnerable to an "Authen ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2026-21992 (Vulnerability in the Oracle Identity Manager product of Oracle Fusion ...)
TODO: check
CVE-2026-33412 [Command injection via newline in glob()]
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ee574da9c9360d05e940b033c7d0cafe71281dc
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ee574da9c9360d05e940b033c7d0cafe71281dc
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260320/3c3d6fe9/attachment.htm>
More information about the debian-security-tracker-commits
mailing list