Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3d465124 by Salvatore Bonaccorso at 2026-02-21T10:32:35+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -23,7 +23,7 @@ CVE-2026-2492 (TensorFlow HDF5 Library Uncontrolled Search
Path Element Local Pr
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-26-116/
NOTE: Fixed by:
https://github.com/tensorflow/tensorflow/commit/46e7f7fb144fd11cf6d17c23dd47620328d77082
(v2.21.0-rc0)
CVE-2026-2490 (RustDesk Client for Windows Transfer File Link Following
Information D ...)
- TODO: check
+ NOT-FOR-US: RustDesk Client for Windows
CVE-2026-2048 (GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution
Vulner ...)
TODO: check
CVE-2026-2047 (GIMP ICNS File Parsing Heap-based Buffer Overflow Remote Code
Executio ...)
@@ -91,69 +91,69 @@ CVE-2026-27452 (ASN.1 TypeScript ESM library, including
codecs for Basic Encodin
CVE-2026-27212 (Swiper is a free and mobile touch slider with hardware
accelerated tra ...)
NOT-FOR-US: Swiper
CVE-2026-27211 (Cloud Hypervisor is a Virtual Machine Monitor for Cloud
workloads. Ver ...)
- TODO: check
+ NOT-FOR-US: Cloud Hypervisor
CVE-2026-27210 (Pannellum is a lightweight, free, and open source panorama
viewer for ...)
NOT-FOR-US: Pannellum
CVE-2026-27205 (Flask is a web server gateway interface (WSGI) web application
framewo ...)
TODO: check
CVE-2026-27203 (eBay API MCP Server is an open source local MCP server
providing AI as ...)
- TODO: check
+ NOT-FOR-US: eBay API MCP Server
CVE-2026-27202 (GetSimple CMS is a content management system. All versions of
GetSimpl ...)
- TODO: check
+ NOT-FOR-US: GetSimple CMS
CVE-2026-27199 (Werkzeug is a comprehensive WSGI web application library.
Versions 3.1 ...)
TODO: check
CVE-2026-27198 (Formwork is a flat file-based Content Management System (CMS).
In vers ...)
- TODO: check
+ NOT-FOR-US: Formwork CMS
CVE-2026-27197 (Sentry is a developer-first error tracking and performance
monitoring ...)
- TODO: check
+ NOT-FOR-US: Sentry
CVE-2026-27196 (Statmatic is a Laravel and Git powered content management
system (CMS) ...)
- TODO: check
+ NOT-FOR-US: Statmatic CMS
CVE-2026-27194 (D-Tale is a visualizer for pandas data structures. Versions
prior to 3 ...)
- TODO: check
+ NOT-FOR-US: D-Tale
CVE-2026-27193 (Feathersjs is a framework for creating web APIs and real-time
applicat ...)
- TODO: check
+ NOT-FOR-US: Feathersjs
CVE-2026-27192 (Feathersjs is a framework for creating web APIs and real-time
applicat ...)
- TODO: check
+ NOT-FOR-US: Feathersjs
CVE-2026-27191 (Feathersjs is a framework for creating web APIs and real-time
applicat ...)
- TODO: check
+ NOT-FOR-US: Feathersjs
CVE-2026-27190 (Deno is a JavaScript, TypeScript, and WebAssembly runtime.
Prior to 2. ...)
- TODO: check
+ NOT-FOR-US: Deno
CVE-2026-27189 (OpenSift is an AI study tool that sifts through large datasets
using s ...)
- TODO: check
+ NOT-FOR-US: OpenSift
CVE-2026-27170 (OpenSift is an AI study tool that sifts through large datasets
using s ...)
- TODO: check
+ NOT-FOR-US: OpenSift
CVE-2026-27169 (OpenSift is an AI study tool that sifts through large datasets
using s ...)
- TODO: check
+ NOT-FOR-US: OpenSift
CVE-2026-27168 (SAIL is a cross-platform library for loading and saving images
with su ...)
TODO: check
CVE-2026-27161 (GetSimple CMS is a content management system. All versions of
GetSimpl ...)
- TODO: check
+ NOT-FOR-US: GetSimple CMS
CVE-2026-27147 (GetSimple CMS is a content management system. All versions of
GetSimpl ...)
- TODO: check
+ NOT-FOR-US: GetSimple CMS
CVE-2026-27146 (GetSimple CMS is a content management system. All versions of
GetSimpl ...)
- TODO: check
+ NOT-FOR-US: GetSimple CMS
CVE-2026-27134 (Strimzi provides a way to run an Apache Kafka cluster on
Kubernetes or ...)
- TODO: check
+ NOT-FOR-US: Strimzi
CVE-2026-27133 (Strimzi provides a way to run an Apache Kafka cluster on
Kubernetes or ...)
- TODO: check
+ NOT-FOR-US: Strimzi
CVE-2026-27125 (svelte performance oriented web framework. Prior to 5.51.5, in
server- ...)
- TODO: check
+ NOT-FOR-US: svelte
CVE-2026-27122 (svelte performance oriented web framework. Prior to 5.51.5,
when using ...)
- TODO: check
+ NOT-FOR-US: svelte
CVE-2026-27121 (svelte performance oriented web framework. Versions of svelte
prior to ...)
- TODO: check
+ NOT-FOR-US: svelte
CVE-2026-27120 (Leafkit is a templating language with Swift-inspired syntax.
Prior to ...)
- TODO: check
+ NOT-FOR-US: Leafkit
CVE-2026-27119 (svelte performance oriented web framework. From 5.39.3,
<=5.51.4, in c ...)
- TODO: check
+ NOT-FOR-US: svelte
CVE-2026-27118 (SvelteKit is a framework for rapidly developing robust,
performant web ...)
- TODO: check
+ NOT-FOR-US: SvelteKit
CVE-2026-27113 (Liquid Prompt is an adaptive prompt for Bash and Zsh. Starting
in comm ...)
TODO: check
CVE-2026-27112 (Kargo manages and automates the promotion of software
artifacts. From ...)
- TODO: check
+ NOT-FOR-US: Kargo
CVE-2026-27111 (Kargo manages and automates the promotion of software
artifacts. From ...)
- TODO: check
+ NOT-FOR-US: Kargo
CVE-2026-27026 (pypdf is a free and open-source pure-python PDF library. Prior
to 6.7. ...)
TODO: check
CVE-2026-27025 (pypdf is a free and open-source pure-python PDF library. Prior
to 6.7. ...)
@@ -161,9 +161,9 @@ CVE-2026-27025 (pypdf is a free and open-source pure-python
PDF library. Prior t
CVE-2026-27024 (pypdf is a free and open-source pure-python PDF library. Prior
to 6.7. ...)
TODO: check
CVE-2026-27022 (@langchain/langgraph-checkpoint-redis is the Redis checkpoint
and stor ...)
- TODO: check
+ NOT-FOR-US: langchain/langgraph-checkpoint-redis
CVE-2026-27020 (Photobooth prior to 1.0.1 has a cross-site scripting (XSS)
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Photobooth
CVE-2026-26047 (A denial-of-service vulnerability was identified in
Moodle\u2019s TeX ...)
TODO: check
CVE-2026-26046 (A vulnerability was found in a Moodle TeX filter
administrative settin ...)
@@ -173,7 +173,7 @@ CVE-2026-26045 (A flaw was identified in Moodle\u2019s
backup restore functional
CVE-2026-25896 (fast-xml-parser allows users to validate XML, parse XML to JS
object, ...)
TODO: check
CVE-2026-24892 (openITCOCKPIT is an open source monitoring tool built for
different mo ...)
- TODO: check
+ NOT-FOR-US: openITCOCKPIT
CVE-2026-0797 (GIMP ICO File Parsing Heap-based Buffer Overflow Remote Code
Execution ...)
TODO: check
CVE-2026-0777 (Xmind Attachment Insufficient UI Warning Remote Code Execution
Vulnera ...)
@@ -235,11 +235,11 @@ CVE-2026-2818 (A zip-slip path traversal vulnerability in
Spring Data Geode's im
CVE-2026-2486 (The Master Addons For Elementor plugin for WordPress is
vulnerable to ...)
NOT-FOR-US: WordPress plugin
CVE-2026-2473 (Predictable bucket naming in Vertex AI Experiments in Google
Cloud Ver ...)
- TODO: check
+ NOT-FOR-US: Google Cloud Vertex AI
CVE-2026-2472 (Stored Cross-Site Scripting (XSS) in the
_genai/_evals_visualization c ...)
- TODO: check
+ NOT-FOR-US: Google Cloud Vertex AI
CVE-2026-2333 (Improper Neutralization of Special Elements used in a Command
('Comman ...)
- TODO: check
+ NOT-FOR-US: Owl opds
CVE-2026-27506 (SVXportal version 2.5 and prior contain a stored cross-site
scripting ...)
NOT-FOR-US: SVXportal
CVE-2026-27505 (SVXportal version 2.5 and prior contain a stored cross-site
scripting ...)
@@ -271,31 +271,31 @@ CVE-2026-26722 (An issue in Key Systems Inc Global
Facilities Management Softwar
CVE-2026-26721 (An issue in Key Systems Inc Global Facilities Management
Software v.20 ...)
NOT-FOR-US: Key Systems Inc Global Facilities Management Software
CVE-2026-26102 (Incorrect Permission Assignment for Critical Resource in Owl
opds 2.2. ...)
- TODO: check
+ NOT-FOR-US: Owl opds
CVE-2026-26101 (Incorrect Permission Assignment for Critical Resource in Owl
opds 2.2. ...)
- TODO: check
+ NOT-FOR-US: Owl opds
CVE-2026-26100 (Incorrect Permission Assignment for Critical Resource in Owl
opds 2.2. ...)
- TODO: check
+ NOT-FOR-US: Owl opds
CVE-2026-26099 (Uncontrolled Search Path Element in Owl opds 2.2.0.4 allows
Leveraging ...)
- TODO: check
+ NOT-FOR-US: Owl opds
CVE-2026-26098 (Uncontrolled Search Path Element in Owl opds 2.2.0.4 allows
Leveraging ...)
- TODO: check
+ NOT-FOR-US: Owl opds
CVE-2026-26097 (Uncontrolled Search Path Element in Owl opds 2.2.0.4 allows
Leveraging ...)
- TODO: check
+ NOT-FOR-US: Owl opds
CVE-2026-26096 (Incorrect Permission Assignment for Critical Resource in Owl
opds 2.2. ...)
- TODO: check
+ NOT-FOR-US: Owl opds
CVE-2026-26095 (Incorrect Permission Assignment for Critical Resource in Owl
opds 2.2. ...)
- TODO: check
+ NOT-FOR-US: Owl opds
CVE-2026-26093 (Improper Neutralization of Special Elements used in a Command
('Comman ...)
- TODO: check
+ NOT-FOR-US: Owl opds
CVE-2026-26050 (The installer for
\u30b8\u30e7\u30d6\u30ed\u30b0\u96c6\u8a08/\u5206\u6 ...)
NOT-FOR-US: Ricoh
CVE-2026-26049 (The web management interface of the device renders the
passwords in a ...)
- TODO: check
+ NOT-FOR-US: Jinan USR IOT Technology Limited (PUSR)
CVE-2026-26048 (The Wi-Fi router is vulnerable to de-authentication attacks
due to the ...)
- TODO: check
+ NOT-FOR-US: Jinan USR IOT Technology Limited (PUSR)
CVE-2026-25715 (The web management interface of the device allows the
administrator u ...)
- TODO: check
+ NOT-FOR-US: Jinan USR IOT Technology Limited (PUSR)
CVE-2026-24959 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-24956 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
@@ -321,11 +321,11 @@ CVE-2026-24941 (Missing Authorization vulnerability in
wpjobportal WP Job Portal
CVE-2026-24891 (openITCOCKPIT is an open source monitoring tool built for
different mo ...)
NOT-FOR-US: openITCOCKPIT
CVE-2026-24790 (The underlying PLC of the device can be remotely influenced,
without p ...)
- TODO: check
+ NOT-FOR-US: Welker
CVE-2026-24455 (The embedded web interface of the device does not support
HTTPS/TLS fo ...)
- TODO: check
+ NOT-FOR-US: Jinan USR IOT Technology Limited (PUSR)
CVE-2026-22885 (A vulnerability exists in EnOcean SmartServer IoT version
4.60.009 and ...)
- TODO: check
+ NOT-FOR-US: EnOcean SmartServer IoT
CVE-2026-22384 (Deserialization of Untrusted Data vulnerability in leafcolor
Applay - ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-22383 (Authorization Bypass Through User-Controlled Key vulnerability
in Mika ...)
@@ -397,7 +397,7 @@ CVE-2026-21627 (The vulnerability was rooted in how the
Tassos Framework plugin
CVE-2026-21620 (Relative Path Traversal, Improper Isolation or
Compartmentalization vu ...)
TODO: check
CVE-2026-20761 (A vulnerability exists in EnOcean SmartServer IoT version
4.60.009 and ...)
- TODO: check
+ NOT-FOR-US: EnOcean SmartServer IoT
CVE-2026-1842 (HyperCloud versions 2.3.5 through 2.6.8 improperly allowed
refresh tok ...)
TODO: check
CVE-2025-70833 (An Authentication Bypass vulnerability in Smanga 3.2.7 allows
an unaut ...)
@@ -950,7 +950,7 @@ CVE-2026-26286 (SillyTavern is a locally installed user
interface that allows us
CVE-2026-26282 (NanaZip is an open source file archive Starting in version
5.0.1252.0 ...)
NOT-FOR-US: NanaZip
CVE-2026-26275 (httpsig-hyper is a hyper extension for http message
signatures. An iss ...)
- TODO: check
+ NOT-FOR-US: httpsig-hyper
CVE-2026-26065 (calibre is a cross-platform e-book manager for viewing,
converting, ed ...)
- calibre 9.3.0+ds+~0.10.5-1
NOTE:
https://github.com/kovidgoyal/calibre/security/advisories/GHSA-vmfh-7mr7-pp2w
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3d46512448e69becf6e8b39df270ffc2cfb6318b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3d46512448e69becf6e8b39df270ffc2cfb6318b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
