Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5ce8852f by Salvatore Bonaccorso at 2026-03-05T09:41:12+01:00
Process some NFUs
- - - - -
20a7b1bd by Salvatore Bonaccorso at 2026-03-05T09:41:14+01:00
Add CVE-2026-29053/ghost, itp'ed
- - - - -
819885b2 by Salvatore Bonaccorso at 2026-03-05T09:41:15+01:00
Add CVE-2026-27982/django-allauth
- - - - -
e3034b5d by Salvatore Bonaccorso at 2026-03-05T09:41:17+01:00
Add some new issues in vaultwarden, itp'ed
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5,17 +5,17 @@ CVE-2026-3072 (The Media Library Assistant plugin for
WordPress is vulnerable to
CVE-2026-3034 (The OoohBoi Steroids for Elementor plugin for WordPress is
vulnerable ...)
NOT-FOR-US: WordPress plugin
CVE-2026-30777 (EC-CUBE provided by EC-CUBE CO.,LTD. contains a multi-factor
authentic ...)
- TODO: check
+ NOT-FOR-US: EC-CUBE
CVE-2026-2899 (The Fluent Forms Pro Add On Pack plugin for WordPress is
vulnerable to ...)
NOT-FOR-US: WordPress plugin
CVE-2026-2893 (The Page and Post Clone plugin for WordPress is vulnerable to
SQL Inje ...)
NOT-FOR-US: WordPress plugin
CVE-2026-2836 (A cache poisoning vulnerability has been found in the Pingora
HTTP pro ...)
- TODO: check
+ NOT-FOR-US: Pingora
CVE-2026-2835 (An HTTP Request Smuggling vulnerability (CWE-444) has been
found in Pi ...)
- TODO: check
+ NOT-FOR-US: Pingora
CVE-2026-2833 (An HTTP request smuggling vulnerability (CWE-444) was found in
Pingora ...)
- TODO: check
+ NOT-FOR-US: Pingora
CVE-2026-2743 (Arbitrary File Write via Path Traversal upload to Remote Code
Executio ...)
TODO: check
CVE-2026-2418 (The Login with Salesforce WordPress plugin through 1.0.2 does
not vali ...)
@@ -25,31 +25,31 @@ CVE-2026-2365 (The Fluent Forms Pro plugin for WordPress is
vulnerable to Stored
CVE-2026-2297 (The import hook in CPython that handles legacy *.pyc files
(Sourceless ...)
TODO: check
CVE-2026-29128 (IDC SFX2100 Satellite Receiver firmware ships with multiple
daemon con ...)
- TODO: check
+ NOT-FOR-US: IDC SFX2100 Satellite Receiver firmware
CVE-2026-29127 (The IDC SFX2100 Satellite Receiver sets overly permissive file
system ...)
- TODO: check
+ NOT-FOR-US: IDC SFX2100 Satellite Receiver firmware
CVE-2026-29126 (Incorrect permission assignment (world-writable file) in
/etc/udhcpc/d ...)
- TODO: check
+ NOT-FOR-US: International Data Casting (IDC) SFX2100 Satellite Receiver
CVE-2026-29125 (IDC SFX2100 Satalite Recievers set the `/etc/resolv.conf` file
to be w ...)
- TODO: check
+ NOT-FOR-US: IDC SFX2100 Satellite Receiver
CVE-2026-29124 (Multiple SUID root-owned binaries are found in
/home/monitor/terminal, ...)
- TODO: check
+ NOT-FOR-US: International Data Casting (IDC) SFX2100 Satellite Receiver
CVE-2026-29123 (A SUID root-owned binary in /home/xd/terminal/XDTerminalin
Internation ...)
- TODO: check
+ NOT-FOR-US: International Data Casting (IDC) SFX2100 Satellite Receiver
CVE-2026-29122 (International Data Casting (IDC) SFX2100 satellite receiver
comes with ...)
- TODO: check
+ NOT-FOR-US: International Data Casting (IDC) SFX2100 Satellite Receiver
CVE-2026-29121 (International Data Casting (IDC) SFX2100 satellite receiver
comes with ...)
- TODO: check
+ NOT-FOR-US: International Data Casting (IDC) SFX2100 Satellite Receiver
CVE-2026-29086 (Hono is a Web application framework that provides support for
any Java ...)
- TODO: check
+ NOT-FOR-US: Hono
CVE-2026-29085 (Hono is a Web application framework that provides support for
any Java ...)
- TODO: check
+ NOT-FOR-US: Hono
CVE-2026-29053 (Ghost is a Node.js content management system. From version
0.7.2 to 6. ...)
- TODO: check
+ - ghost <itp> (bug #892150)
CVE-2026-29052 (The Calendar module for HumHub enables users to create
one-time or rec ...)
- TODO: check
+ NOT-FOR-US: Calendar module for HumHub
CVE-2026-29045 (Hono is a Web application framework that provides support for
any Java ...)
- TODO: check
+ NOT-FOR-US: Hono
CVE-2026-29000 (pac4j-jwt versions prior to 4.5.9, 5.7.9, and 6.3.3 contain an
authent ...)
TODO: check
CVE-2026-28552 (Out-of-bounds write vulnerability in the IMS module.Impact:
Successful ...)
@@ -343,15 +343,16 @@ CVE-2026-27984 (Improper Control of Generation of Code
('Code Injection') vulner
CVE-2026-27983 (Incorrect Privilege Assignment vulnerability in designthemes
LMS Eleme ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-27982 (An open redirect vulnerability exists in django-allauth
versions prior ...)
- TODO: check
+ - django-allauth <unfixed>
+ NOTE: https://allauth.org/news/2026/02/django-allauth-65.14.1-released/
CVE-2026-27898 (Vaultwarden is an unofficial Bitwarden compatible server
written in Ru ...)
- TODO: check
+ - vaultwarden <itp> (bug #1067023)
CVE-2026-27803 (Vaultwarden is an unofficial Bitwarden compatible server
written in Ru ...)
- TODO: check
+ - vaultwarden <itp> (bug #1067023)
CVE-2026-27802 (Vaultwarden is an unofficial Bitwarden compatible server
written in Ru ...)
- TODO: check
+ - vaultwarden <itp> (bug #1067023)
CVE-2026-27801 (Vaultwarden is an unofficial Bitwarden compatible server
written in Ru ...)
- TODO: check
+ - vaultwarden <itp> (bug #1067023)
CVE-2026-27541 (Incorrect Privilege Assignment vulnerability in Josh Kohlbach
Wholesal ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-27439 (Deserialization of Untrusted Data vulnerability in ThemeREX
Dentario d ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/89499fb380f46cbc6024bcfde919a9853290677e...e3034b5d4d60032df463a2b5d5638275702cf309
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/89499fb380f46cbc6024bcfde919a9853290677e...e3034b5d4d60032df463a2b5d5638275702cf309
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
