Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
80a507d4 by Salvatore Bonaccorso at 2026-01-13T21:43:25+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -12,7 +12,7 @@ CVE-2026-22791 (openCryptoki is a PKCS#11 library and tools
for Linux and AIX. I
NOTE: Introduced with:
https://github.com/opencryptoki/opencryptoki/commit/785d7577e1477d12fbe235554e7e7b24f2de34b7
(v3.25.0)
NOTE: Fixed by:
https://github.com/opencryptoki/opencryptoki/commit/e37e9127deeeb7bf3c3c4d852c594256c57ec3a8
CVE-2026-22755 (Improper Neutralization of Special Elements used in a Command
('Comman ...)
- TODO: check
+ NOT-FOR-US: Vivotek
CVE-2026-21306 (Substance3D - Sampler versions 5.1.0 and earlier are affected
by an ou ...)
NOT-FOR-US: Adobe
CVE-2026-21305 (Substance3D - Painter versions 11.0.3 and earlier are affected
by an o ...)
@@ -50,225 +50,225 @@ CVE-2026-21267 (Dreamweaver Desktop versions 21.6 and
earlier are affected by an
CVE-2026-21265 (Windows Secure Boot stores Microsoft certificates in the UEFI
KEK and ...)
TODO: check
CVE-2026-21226 (Deserialization of untrusted data in Azure Core shared client
library ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21224 (Stack-based buffer overflow in Azure Connected Machine Agent
allows an ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21221 (Concurrent execution using shared resource with improper
synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21219 (Use after free in Inbox COM Objects allows an unauthorized
attacker to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20965 (Improper verification of cryptographic signature in Windows
Admin Cent ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20963 (Deserialization of untrusted data in Microsoft Office
SharePoint allow ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20962 (Use of uninitialized resource in Dynamic Root of Trust for
Measurement ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20959 (Improper neutralization of input during web page generation
('cross-si ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20958 (Server-side request forgery (ssrf) in Microsoft Office
SharePoint allo ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20957 (Integer underflow (wrap or wraparound) in Microsoft Office
Excel allow ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20956 (Untrusted pointer dereference in Microsoft Office Excel allows
an unau ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20955 (Untrusted pointer dereference in Microsoft Office Excel allows
an unau ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20953 (Use after free in Microsoft Office allows an unauthorized
attacker to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20952 (Use after free in Microsoft Office allows an unauthorized
attacker to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20951 (Improper input validation in Microsoft Office SharePoint
allows an una ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20950 (Use after free in Microsoft Office Excel allows an
unauthorized attack ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20949 (Improper access control in Microsoft Office Excel allows an
unauthoriz ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20948 (Untrusted pointer dereference in Microsoft Office Word allows
an unaut ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20947 (Improper neutralization of special elements used in an sql
command ('s ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20946 (Out-of-bounds read in Microsoft Office Excel allows an
unauthorized at ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20944 (Out-of-bounds read in Microsoft Office Word allows an
unauthorized att ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20943 (Untrusted search path in Microsoft Office allows an
unauthorized attac ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20941 (Improper link resolution before file access ('link following')
in Host ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20940 (Heap-based buffer overflow in Windows Cloud Files Mini Filter
Driver a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20939 (Exposure of sensitive information to an unauthorized actor in
Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20938 (Untrusted pointer dereference in Windows Virtualization-Based
Security ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20937 (Exposure of sensitive information to an unauthorized actor in
Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20936 (Out-of-bounds read in Windows NDIS allows an authorized
attacker to di ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20935 (Untrusted pointer dereference in Windows Virtualization-Based
Security ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20934 (Concurrent execution using shared resource with improper
synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20932 (Exposure of sensitive information to an unauthorized actor in
Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20931 (External control of file name or path in Windows Telephony
Service all ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20929 (Improper access control in Windows HTTP.sys allows an
authorized attac ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20927 (Concurrent execution using shared resource with improper
synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20926 (Concurrent execution using shared resource with improper
synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20925 (External control of file name or path in Windows NTLM allows
an unauth ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20924 (Use after free in Windows Management Services allows an
authorized att ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20923 (Use after free in Windows Management Services allows an
authorized att ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20922 (Heap-based buffer overflow in Windows NTFS allows an
authorized attack ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20921 (Concurrent execution using shared resource with improper
synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20920 (Use after free in Windows Win32K - ICOMP allows an authorized
attacker ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20919 (Concurrent execution using shared resource with improper
synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20918 (Concurrent execution using shared resource with improper
synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20877 (Use after free in Windows Management Services allows an
authorized att ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20876 (Heap-based buffer overflow in Windows Virtualization-Based
Security (V ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20875 (Null pointer dereference in Windows Local Security Authority
Subsystem ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20874 (Concurrent execution using shared resource with improper
synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20873 (Concurrent execution using shared resource with improper
synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20872 (External control of file name or path in Windows NTLM allows
an unauth ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20871 (Use after free in Desktop Windows Manager allows an authorized
attacke ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20870 (Use after free in Windows Win32K - ICOMP allows an authorized
attacker ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20869 (Concurrent execution using shared resource with improper
synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20868 (Heap-based buffer overflow in Windows Routing and Remote
Access Servic ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20867 (Concurrent execution using shared resource with improper
synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20866 (Concurrent execution using shared resource with improper
synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20865 (Use after free in Windows Management Services allows an
authorized att ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20864 (Heap-based buffer overflow in Connected Devices Platform
Service (Cdps ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20863 (Double free in Windows Win32K - ICOMP allows an authorized
attacker to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20862 (Exposure of sensitive information to an unauthorized actor in
Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20861 (Concurrent execution using shared resource with improper
synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20860 (Access of resource using incompatible type ('type confusion')
in Windo ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20859 (Use after free in Windows Kernel-Mode Drivers allows an
authorized att ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20858 (Use after free in Windows Management Services allows an
authorized att ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20857 (Untrusted pointer dereference in Windows Cloud Files Mini
Filter Drive ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20856 (Improper input validation in Windows Server Update Service
allows an u ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20854 (Use after free in Windows Local Security Authority Subsystem
Service ( ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20853 (Concurrent execution using shared resource with improper
synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20852 (Incorrect privilege assignment in Windows Hello allows an
unauthorized ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20851 (Out-of-bounds read in Capability Access Management Service
(camsvc) al ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20849 (Reliance on untrusted inputs in a security decision in Windows
Kerbero ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20848 (Concurrent execution using shared resource with improper
synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20847 (Exposure of sensitive information to an unauthorized actor in
Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20844 (Use after free in Windows Clipboard Server allows an
unauthorized atta ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20843 (Improper access control in Windows Routing and Remote Access
Service ( ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20842 (Use after free in Windows DWM allows an authorized attacker to
elevate ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20840 (Heap-based buffer overflow in Windows NTFS allows an
authorized attack ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20839 (Improper access control in Windows Client-Side Caching (CSC)
Service a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20838 (Generation of error message containing sensitive information
in Window ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20837 (Heap-based buffer overflow in Windows Media allows an
unauthorized att ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20836 (Concurrent execution using shared resource with improper
synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20835 (Out-of-bounds read in Capability Access Management Service
(camsvc) al ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20834 (Absolute path traversal in Windows Shell allows an
unauthorized attack ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20833 (Use of a broken or risky cryptographic algorithm in Windows
Kerberos a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20832 (Windows Remote Procedure Call Interface Definition Language
(IDL) Elev ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20831 (Time-of-check time-of-use (toctou) race condition in Windows
Ancillary ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20830 (Concurrent execution using shared resource with improper
synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20829 (Out-of-bounds read in Windows TPM allows an authorized
attacker to dis ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20828 (Out-of-bounds read in Windows Internet Connection Sharing
(ICS) allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20827 (Exposure of sensitive information to an unauthorized actor in
Tablet W ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20826 (Concurrent execution using shared resource with improper
synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20825 (Improper access control in Windows Hyper-V allows an
authorized attack ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20824 (Protection mechanism failure in Windows Remote Assistance
allows an un ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20823 (Exposure of sensitive information to an unauthorized actor in
Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20822 (Use after free in Microsoft Graphics Component allows an
authorized at ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20821 (Exposure of sensitive information to an unauthorized actor in
Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20820 (Heap-based buffer overflow in Windows Common Log File System
Driver al ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20819 (Untrusted pointer dereference in Windows Virtualization-Based
Security ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20818 (Insertion of sensitive information into log file in Windows
Kernel all ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20817 (Improper handling of insufficient permissions or privileges in
Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20816 (Time-of-check time-of-use (toctou) race condition in Windows
Installer ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20815 (Concurrent execution using shared resource with improper
synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20814 (Concurrent execution using shared resource with improper
synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20812 (Improper input validation in Windows LDAP - Lightweight
Directory Acce ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20811 (Access of resource using incompatible type ('type confusion')
in Windo ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20810 (Free of memory not on the heap in Windows Ancillary Function
Driver fo ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20809 (Time-of-check time-of-use (toctou) race condition in Windows
Kernel Me ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20808 (Concurrent execution using shared resource with improper
synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20805 (Exposure of sensitive information to an unauthorized actor in
Desktop ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20804 (Incorrect privilege assignment in Windows Hello allows an
unauthorized ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20803 (Missing authentication for critical function in SQL Server
allows an a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-0859 (TYPO3's mail\u2011file spool deserialization flaw lets local
users wit ...)
NOT-FOR-US: TYPO3 (core or extensions)
CVE-2026-0684 (The CP Image Store with Slideshow plugin for WordPress is
vulnerable t ...)
@@ -870,7 +870,7 @@ CVE-2026-22214 (RIOT OS versions up to and including
2026.01-devel-317 contain a
CVE-2026-22213 (RIOT OS versions up to and including 2026.01-devel-317 contain
a stack ...)
NOT-FOR-US: RIOT OS
CVE-2026-22212 (TinyOS versions up to and including 2.1.2 contain a
stack-based buffer ...)
- TODO: check
+ NOT-FOR-US: TinyOS
CVE-2026-0514 (Due to a Cross-Site Scripting (XSS) vulnerability in SAP
Business Conn ...)
NOT-FOR-US: SAP
CVE-2026-0513 (Due to an Open Redirect Vulnerability in SAP Supplier
Relationship Man ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/80a507d4c786ccaf20e6880d9fdcef103ed0814d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/80a507d4c786ccaf20e6880d9fdcef103ed0814d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
