[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Mar 20 22:04:08 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
51c770f7 by Salvatore Bonaccorso at 2026-03-20T23:03:36+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -141,41 +141,41 @@ CVE-2026-32701 (Qwik is a performance-focused JavaScript framework. Versions pri
CVE-2026-32595 (Traefik is an HTTP reverse proxy and load balancer. Versions 2.11.40 a ...)
- traefik <itp> (bug #983289)
CVE-2026-32318 (Cryptomator for IOS offers multi-platform transparent client-side encr ...)
- TODO: check
+ NOT-FOR-US: Cryptomator
CVE-2026-32317 (Cryptomator for Android offers multi-platform transparent client-side ...)
- TODO: check
+ NOT-FOR-US: Cryptomator
CVE-2026-32310 (Cryptomator encrypts data being stored on cloud infrastructure. From v ...)
- TODO: check
+ NOT-FOR-US: Cryptomator
CVE-2026-32309 (Cryptomator encrypts data being stored on cloud infrastructure. Prior ...)
- TODO: check
+ NOT-FOR-US: Cryptomator
CVE-2026-32305 (Traefik is an HTTP reverse proxy and load balancer. Versions 2.11.40 a ...)
- traefik <itp> (bug #983289)
CVE-2026-32303 (Cryptomator encrypts data being stored on cloud infrastructure. Prior ...)
- TODO: check
+ NOT-FOR-US: Cryptomator
CVE-2026-31836 (Checkmate is an open-source, self-hosted tool designed to track and mo ...)
- TODO: check
+ NOT-FOR-US: Checkmate
CVE-2026-31382 (The error_description parameter is vulnerable to Reflected XSS. An att ...)
TODO: check
CVE-2026-31381 (An attacker can extract user email addresses (PII) exposed in base64 e ...)
TODO: check
CVE-2026-30580 (File Thingie 2.5.7 is vulnerable to Directory Traversal. A malicious u ...)
- TODO: check
+ NOT-FOR-US: File Thingie
CVE-2026-30579 (File Thingie 2.5.7 is vulnerable to Cross Site Scripting (XSS). A mali ...)
- TODO: check
+ NOT-FOR-US: File Thingie
CVE-2026-30578 (File Thinghie 2.5.7 is vulnerable to Cross Site Scripting (XSS). A mal ...)
- TODO: check
+ NOT-FOR-US: File Thingie
CVE-2026-2432 (The CM Custom Reports \u2013 Flexible reporting to track what matters ...)
NOT-FOR-US: WordPress plugin
CVE-2026-2421 (The ilGhera Carta Docente for WooCommerce plugin for WordPress is vuln ...)
NOT-FOR-US: WordPress plugin
CVE-2026-29828 (DooTask v1.6.27 has a Cross-Site Scripting (XSS) vulnerability in the ...)
- TODO: check
+ NOT-FOR-US: DooTask
CVE-2026-29794 (Vikunja is an open-source self-hosted task management platform. Starti ...)
- TODO: check
+ NOT-FOR-US: Vikunja
CVE-2026-27625 (Stirling-PDF is a locally hosted web application that performs various ...)
- TODO: check
+ NOT-FOR-US: Stirling-PDF
CVE-2026-25792 (Greenshot is an open source Windows screenshot utility. Versions 1.3.3 ...)
- TODO: check
+ NOT-FOR-US: Greenshot
CVE-2026-22902 (A command injection vulnerability has been reported to affect QuNetSwi ...)
NOT-FOR-US: QNAP
CVE-2026-22901 (A command injection vulnerability has been reported to affect QuNetSwi ...)
@@ -523,11 +523,11 @@ CVE-2026-32697 (SuiteCRM is an open-source, enterprise-ready Customer Relationsh
CVE-2026-32622 (SQLBot is an intelligent data query system based on a large language m ...)
NOT-FOR-US: SQLBot
CVE-2026-32194 (Improper neutralization of special elements used in a command ('comman ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-32191 (Improper neutralization of special elements used in an os command ('os ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-32169 (Server-side request forgery (ssrf) in Azure Cloud Shell allows an unau ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-32114 (Discourse is an open-source discussion platform. Prior to versions 202 ...)
NOT-FOR-US: Discourse
CVE-2026-32099 (Discourse is an open-source discussion platform. Prior to versions 202 ...)
@@ -625,37 +625,37 @@ CVE-2026-30889 (Discourse is an open-source discussion platform. Prior to versio
CVE-2026-30888 (Discourse is an open-source discussion platform. Versions prior to 202 ...)
NOT-FOR-US: Discourse
CVE-2026-30836 (Step CA is an online certificate authority for secure, automated certi ...)
- TODO: check
+ NOT-FOR-US: Step CA
CVE-2026-29189 (SuiteCRM is an open-source, enterprise-ready Customer Relationship Man ...)
- TODO: check
+ NOT-FOR-US: SuiteCRM
CVE-2026-29109 (SuiteCRM is an open-source, enterprise-ready Customer Relationship Man ...)
- TODO: check
+ NOT-FOR-US: SuiteCRM
CVE-2026-29108 (SuiteCRM is an open-source, enterprise-ready Customer Relationship Man ...)
- TODO: check
+ NOT-FOR-US: SuiteCRM
CVE-2026-29107 (SuiteCRM is an open-source, enterprise-ready Customer Relationship Man ...)
- TODO: check
+ NOT-FOR-US: SuiteCRM
CVE-2026-29106 (SuiteCRM is an open-source, enterprise-ready Customer Relationship Man ...)
- TODO: check
+ NOT-FOR-US: SuiteCRM
CVE-2026-29105 (SuiteCRM is an open-source, enterprise-ready Customer Relationship Man ...)
- TODO: check
+ NOT-FOR-US: SuiteCRM
CVE-2026-29104 (SuiteCRM is an open-source, enterprise-ready Customer Relationship Man ...)
- TODO: check
+ NOT-FOR-US: SuiteCRM
CVE-2026-29103 (SuiteCRM is an open-source, enterprise-ready Customer Relationship Man ...)
- TODO: check
+ NOT-FOR-US: SuiteCRM
CVE-2026-29102 (SuiteCRM is an open-source, enterprise-ready Customer Relationship Man ...)
- TODO: check
+ NOT-FOR-US: SuiteCRM
CVE-2026-29101 (SuiteCRM is an open-source, enterprise-ready Customer Relationship Man ...)
- TODO: check
+ NOT-FOR-US: SuiteCRM
CVE-2026-29100 (SuiteCRM is an open-source, enterprise-ready Customer Relationship Man ...)
- TODO: check
+ NOT-FOR-US: SuiteCRM
CVE-2026-29099 (SuiteCRM is an open-source, enterprise-ready Customer Relationship Man ...)
- TODO: check
+ NOT-FOR-US: SuiteCRM
CVE-2026-29098 (SuiteCRM is an open-source, enterprise-ready Customer Relationship Man ...)
- TODO: check
+ NOT-FOR-US: SuiteCRM
CVE-2026-29097 (SuiteCRM is an open-source, enterprise-ready Customer Relationship Man ...)
- TODO: check
+ NOT-FOR-US: SuiteCRM
CVE-2026-29096 (SuiteCRM is an open-source, enterprise-ready Customer Relationship Man ...)
- TODO: check
+ NOT-FOR-US: SuiteCRM
CVE-2026-29072 (Discourse is an open-source discussion platform. Prior to versions 202 ...)
NOT-FOR-US: Discourse
CVE-2026-28282 (Discourse is an open-source discussion platform. Versions prior to 202 ...)
@@ -679,21 +679,21 @@ CVE-2026-27454 (Discourse is an open-source discussion platform. Prior to versio
CVE-2026-27166 (Discourse is an open source discussion platform. Prior to versions 202 ...)
NOT-FOR-US: Discourse
CVE-2026-26139 (Server-side request forgery (ssrf) in Microsoft Purview allows an unau ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-26138 (Server-side request forgery (ssrf) in Microsoft Purview allows an unau ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-26137 (Server-side request forgery (ssrf) in Microsoft 365 Copilot's Business ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-26136 (Improper neutralization of special elements used in a command ('comman ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-26120 (Server-side request forgery (ssrf) in Microsoft Bing allows an unautho ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-24299 (Improper neutralization of special elements used in a command ('comman ...)
NOT-FOR-US: Microsoft
CVE-2026-23659 (Exposure of sensitive information to an unauthorized actor in Azure Da ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-23658 (Insufficiently protected credentials in Azure DevOps allows an unautho ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-22737 (Use of Java scripting engine enabled (e.g. JRuby, Jython) template vie ...)
TODO: check
CVE-2026-22735 (Spring MVC and WebFlux applications are vulnerable to stream corruptio ...)
@@ -705,7 +705,7 @@ CVE-2026-22732 (When applications specify HTTP response headers for servlet appl
CVE-2026-22731 (Spring Boot applications with Actuator can be vulnerable to an "Authen ...)
NOT-FOR-US: VMware
CVE-2026-21992 (Vulnerability in the Oracle Identity Manager product of Oracle Fusion ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-33412 [Command injection via newline in glob()]
- vim <unfixed>
NOTE: https://github.com/vim/vim/security/advisories/GHSA-w5jw-f54h-x46c
@@ -884,7 +884,7 @@ CVE-2026-26939 (Missing Authorization (CWE-862) in Kibana\u2019s server-side Det
CVE-2026-26933 (Improper Validation of Array Index (CWE-129) in multiple protocol pars ...)
TODO: check
CVE-2026-26931 (Memory Allocation with Excessive Size Value (CWE-789) in the Prometheu ...)
- TODO: check
+ NOT-FOR-US: Elastic Metricbeat
CVE-2026-25928 (OpenEMR is a free and open source electronic health records and medica ...)
NOT-FOR-US: OpenEMR
CVE-2026-25744 (OpenEMR is a free and open source electronic health records and medica ...)
@@ -900,9 +900,9 @@ CVE-2026-25442 (Improper Neutralization of Input During Web Page Generation ('Cr
CVE-2026-25438 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-22558 (An Authenticated NoSQL Injection vulnerability found in UniFi Network ...)
- TODO: check
+ NOT-FOR-US: UniFi
CVE-2026-22557 (A malicious actor with access to the network could exploit a Path Trav ...)
- TODO: check
+ NOT-FOR-US: UniFi
CVE-2026-21788 (HCL Connections is vulnerable to a cross-site scripting attack where a ...)
NOT-FOR-US: HCL
CVE-2026-1005 (Integer underflow in wolfSSL packet sniffer <= 5.8.4 allows an attacke ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/51c770f70c2120854c01a26cb72d6a058c721c68
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/51c770f70c2120854c01a26cb72d6a058c721c68
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260320/1ad99899/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list