[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Mar 28 10:47:19 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7c8d74e2 by Salvatore Bonaccorso at 2026-03-28T11:46:55+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -311,89 +311,89 @@ CVE-2026-33869 (Mastodon is a free, open-source social network server based on A
CVE-2026-33868 (Mastodon is a free, open-source social network server based on Activit ...)
- mastodon <itp> (bug #859741)
CVE-2026-33867 (WWBN AVideo is an open source video platform. In versions up to and in ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2026-33770 (WWBN AVideo is an open source video platform. In versions up to and in ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2026-33767 (WWBN AVideo is an open source video platform. In versions up to and in ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2026-33766 (WWBN AVideo is an open source video platform. In versions up to and in ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2026-33765 (Pi-hole Admin Interface is a web interface for managing Pi-hole, a net ...)
- TODO: check
+ NOT-FOR-US: Pi-Hole
CVE-2026-33764 (WWBN AVideo is an open source video platform. In versions up to and in ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2026-33763 (WWBN AVideo is an open source video platform. In versions up to and in ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2026-33761 (WWBN AVideo is an open source video platform. In versions up to and in ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2026-33759 (WWBN AVideo is an open source video platform. In versions up to and in ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2026-33758 (OpenBao is an open source identity-based secrets management system. Pr ...)
TODO: check
CVE-2026-33757 (OpenBao is an open source identity-based secrets management system. Pr ...)
TODO: check
CVE-2026-33755 (Group-Office is an enterprise customer relationship management and gro ...)
- TODO: check
+ NOT-FOR-US: Group-Office
CVE-2026-33750 (The brace-expansion library generates arbitrary strings containing a c ...)
TODO: check
CVE-2026-33748 (BuildKit is a toolkit for converting source code to build artifacts in ...)
- TODO: check
+ NOT-FOR-US: BuildKit
CVE-2026-33747 (BuildKit is a toolkit for converting source code to build artifacts in ...)
- TODO: check
+ NOT-FOR-US: BuildKit
CVE-2026-33745 (cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTT ...)
TODO: check
CVE-2026-33744 (BentoML is a Python library for building online serving systems optimi ...)
- TODO: check
+ NOT-FOR-US: BentoML
CVE-2026-33742 (Invoice Ninja is a source-available invoice, quote, project and time-t ...)
- TODO: check
+ NOT-FOR-US: Invoice Ninja
CVE-2026-33739 (FOG is a free open-source cloning/imaging/rescue suite/inventory manag ...)
- TODO: check
+ NOT-FOR-US: FOG
CVE-2026-33738 (Lychee is a free, open-source photo-management tool. Prior to version ...)
- TODO: check
+ NOT-FOR-US: Lychee
CVE-2026-33735 (MyTube is a self-hosted downloader and player for several video websit ...)
- TODO: check
+ NOT-FOR-US: MyTube
CVE-2026-33730 (Open Source Point of Sale (opensourcepos) is a web based point of sale ...)
- TODO: check
+ NOT-FOR-US: Open Source Point of Sale (opensourcepos)
CVE-2026-33729 (OpenFGA is a high-performance and flexible authorization/permission en ...)
- TODO: check
+ NOT-FOR-US: OpenFGA
CVE-2026-33728 (dd-trace-java is a Datadog APM client for Java. In versions of dd-trac ...)
TODO: check
CVE-2026-33726 (Cilium is a networking, observability, and security solution with an e ...)
TODO: check
CVE-2026-33725 (Metabase is an open source business intelligence and embedded analytic ...)
- TODO: check
+ NOT-FOR-US: Metabase
CVE-2026-33721 (MapServer is a system for developing web-based GIS applications. Start ...)
TODO: check
CVE-2026-33718 (OpenHands is software for AI-driven development. Starting in version 1 ...)
- TODO: check
+ NOT-FOR-US: OpenHands
CVE-2026-33701 (OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrum ...)
- TODO: check
+ NOT-FOR-US: OpenTelemetry
CVE-2026-33697 (Cocos AI is a confidential computing system for AI. The current implem ...)
- TODO: check
+ NOT-FOR-US: Cocos AI
CVE-2026-33693 (Lemmy is a link aggregator and forum for the fediverse. Prior to versi ...)
- TODO: check
+ NOT-FOR-US: Lemmy
CVE-2026-33687 (Sharp is a content management framework built for Laravel as a package ...)
- TODO: check
+ NOT-FOR-US: Sharp
CVE-2026-33686 (Sharp is a content management framework built for Laravel as a package ...)
- TODO: check
+ NOT-FOR-US: Sharp
CVE-2026-33682 (Streamlit is a data oriented application development framework for pyt ...)
- TODO: check
+ NOT-FOR-US: Streamlit
CVE-2026-33674 (PrestaShop is an open source e-commerce web application. Versions prio ...)
- TODO: check
+ NOT-FOR-US: PrestaShop
CVE-2026-33673 (PrestaShop is an open source e-commerce web application. Versions prio ...)
- TODO: check
+ NOT-FOR-US: PrestaShop
CVE-2026-33672 (Picomatch is a glob matcher written JavaScript. Versions prior to 4.0. ...)
TODO: check
CVE-2026-33671 (Picomatch is a glob matcher written JavaScript. Versions prior to 4.0. ...)
TODO: check
CVE-2026-33670 (SiYuan is a personal knowledge management system. Prior to version 3.6 ...)
- TODO: check
+ NOT-FOR-US: SiYuan
CVE-2026-33669 (SiYuan is a personal knowledge management system. Prior to version 3.6 ...)
- TODO: check
+ NOT-FOR-US: SiYuan
CVE-2026-33664 (Kestra is an open-source, event-driven orchestration platform Versions ...)
- TODO: check
+ NOT-FOR-US: Kestra
CVE-2026-33661 (Pay is an open-source payment SDK extension package for various Chines ...)
- TODO: check
+ NOT-FOR-US: Pay
CVE-2026-33658 (Active Storage allows users to attach cloud and local files in Rails a ...)
- rails <unfixed> (bug #1132035)
NOTE: https://github.com/rails/rails/security/advisories/GHSA-p9fm-f462-ggrg
@@ -401,67 +401,67 @@ CVE-2026-33658 (Active Storage allows users to attach cloud and local files in R
NOTE: Fixed by: https://github.com/rails/rails/commit/d7da4ef03f99035fba5add8828646f1e9173549c (v8.0.4.1)
NOTE: Fixed by: https://github.com/rails/rails/commit/b8a1665824a43d71cd6406cf9adcae842ceb1c22 (v7.2.3.1)
CVE-2026-33654 (nanobot is a personal AI assistant. Prior to version 0.1.6, an indirec ...)
- TODO: check
+ NOT-FOR-US: nanobot
CVE-2026-33653 (Ulloady is a file uploader script with multi-file upload support. A St ...)
- TODO: check
+ NOT-FOR-US: Ulloady
CVE-2026-33645 (Fireshare facilitates self-hosted media and link sharing. In version 1 ...)
- TODO: check
+ NOT-FOR-US: Fireshare
CVE-2026-33644 (Lychee is a free, open-source photo-management tool. Prior to version ...)
- TODO: check
+ NOT-FOR-US: Lychee
CVE-2026-33640 (Outline is a service that allows for collaborative documentation. Outl ...)
- TODO: check
+ NOT-FOR-US: Outline
CVE-2026-33638 (Ech0 is an open-source, self-hosted publishing platform for personal i ...)
- TODO: check
+ NOT-FOR-US: Ech0
CVE-2026-33635 (iCalendar is a Ruby library for dealing with iCalendar files in the iC ...)
TODO: check
CVE-2026-33628 (Invoice Ninja is a source-available invoice, quote, project and time-t ...)
- TODO: check
+ NOT-FOR-US: Invoice Ninja
CVE-2026-33623 (PinchTab is a standalone HTTP server that gives AI agents direct contr ...)
- TODO: check
+ NOT-FOR-US: PinchTab
CVE-2026-33622 (PinchTab is a standalone HTTP server that gives AI agents direct contr ...)
- TODO: check
+ NOT-FOR-US: PinchTab
CVE-2026-33621 (PinchTab is a standalone HTTP server that gives AI agents direct contr ...)
- TODO: check
+ NOT-FOR-US: PinchTab
CVE-2026-33620 (PinchTab is a standalone HTTP server that gives AI agents direct contr ...)
- TODO: check
+ NOT-FOR-US: PinchTab
CVE-2026-33619 (PinchTab is a standalone HTTP server that gives AI agents direct contr ...)
- TODO: check
+ NOT-FOR-US: PinchTab
CVE-2026-33559 (WordPress Plugin "OpenStreetMap" provided by MiKa contains a cross-sit ...)
- TODO: check
+ NOT-FOR-US: WordPress Plugin
CVE-2026-33545 (MobSF is a mobile application security testing tool used. Prior to ver ...)
- TODO: check
+ NOT-FOR-US: MobSF
CVE-2026-33541 (TSPortal is the WikiTide Foundation\u2019s in-house platform used by t ...)
- TODO: check
+ NOT-FOR-US: TSPortal
CVE-2026-33537 (Lychee is a free, open-source photo-management tool. The patch introdu ...)
- TODO: check
+ NOT-FOR-US: Lychee
CVE-2026-33433 (Traefik is an HTTP reverse proxy and load balancer. Prior to versions ...)
TODO: check
CVE-2026-33366 (Missing authentication for critical function vulnerability in BUFFALO ...)
- TODO: check
+ NOT-FOR-US: BUFFALO
CVE-2026-33284 (GlobaLeaks is free and open-source whistleblowing software. Prior to v ...)
- TODO: check
+ NOT-FOR-US: GlobaLeaks
CVE-2026-33280 (Hidden functionality issue exists in BUFFALO Wi-Fi router products, wh ...)
- TODO: check
+ NOT-FOR-US: BUFFALO
CVE-2026-33206 (calibre is a cross-platform e-book manager for viewing, converting, ed ...)
TODO: check
CVE-2026-33205 (calibre is a cross-platform e-book manager for viewing, converting, ed ...)
TODO: check
CVE-2026-33045 (Home Assistant is open source home automation software that puts local ...)
- TODO: check
+ NOT-FOR-US: Home Assistant
CVE-2026-33044 (Home Assistant is open source home automation software that puts local ...)
- TODO: check
+ NOT-FOR-US: Home Assistant
CVE-2026-32984 (Wazuh authd contains a heap-buffer overflow vulnerability that allows ...)
- TODO: check
+ NOT-FOR-US: Wazuh
CVE-2026-32983 (Wazuh Manager authd service in wazuh-manager packages through version ...)
- TODO: check
+ NOT-FOR-US: Wazuh
CVE-2026-32859 (ByteDance Deer-Flow versions prior to commit 5dbb362contain a stored c ...)
- TODO: check
+ NOT-FOR-US: ByteDance Deer-Flow
CVE-2026-32695 (Traefik is an HTTP reverse proxy and load balancer. Prior to versions ...)
TODO: check
CVE-2026-32678 (Authentication bypass issue exists in BUFFALO Wi-Fi router products, w ...)
- TODO: check
+ NOT-FOR-US: BUFFALO
CVE-2026-32669 (Code injection vulnerability exists in BUFFALO Wi-Fi router products. ...)
- TODO: check
+ NOT-FOR-US: BUFFALO
CVE-2026-32241 (Flannel is a network fabric for containers, designed for Kubernetes. T ...)
TODO: check
CVE-2026-32187 (Microsoft Edge (Chromium-based) Defense in Depth Vulnerability)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7c8d74e235e3b1f19efefa6c9a65b33d2dbef62f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7c8d74e235e3b1f19efefa6c9a65b33d2dbef62f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260328/66f02864/attachment.htm>
More information about the debian-security-tracker-commits
mailing list