Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
243eed17 by Salvatore Bonaccorso at 2026-01-15T21:22:38+01:00
Process some NFUs
- - - - -
eaf83903 by Salvatore Bonaccorso at 2026-01-15T21:22:40+01:00
Add CVE-2026-0976/keycloak
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,9 +1,9 @@
CVE-2026-23766 (Istio through 1.28.2 allows iptables rule injection for
changing firew ...)
- TODO: check
+ NOT-FOR-US: Istio
CVE-2026-23746 (Entrust Instant Financial Issuance (IFI) On Premise software
(formerly ...)
- TODO: check
+ NOT-FOR-US: Entrust Instant Financial Issuance (IFI) On Premise software
CVE-2026-23622 (Easy!Appointments is a self hosted appointment scheduler. In
1.5.2 and ...)
- TODO: check
+ NOT-FOR-US: Easy!Appointments
CVE-2026-23527 (H3 is a minimal H(TTP) framework built for high performance
and portab ...)
TODO: check
CVE-2026-23520 (Arcane provides modern docker management. Prior to 1.13.0,
Arcane has ...)
@@ -11,15 +11,15 @@ CVE-2026-23520 (Arcane provides modern docker management.
Prior to 1.13.0, Arcan
CVE-2026-23519 (RustCrypto CMOV provides conditional move CPU intrinsics which
are gua ...)
TODO: check
CVE-2026-23511 (ZITADEL is an open source identity management platform. Prior
to 4.9.1 ...)
- TODO: check
+ NOT-FOR-US: Zitadel
CVE-2026-23496 (Pimcore Web2Print Tools Bundle adds tools for web-to-print use
cases t ...)
- TODO: check
+ NOT-FOR-US: Pimcore
CVE-2026-23495 (Pimcore's Admin Classic Bundle provides a Backend UI for
Pimcore. Prio ...)
- TODO: check
+ NOT-FOR-US: Pimcore
CVE-2026-23494 (Pimcore is an Open Source Data & Experience Management
Platform. Prior ...)
- TODO: check
+ NOT-FOR-US: Pimcore
CVE-2026-23493 (Pimcore is an Open Source Data & Experience Management
Platform. Prior ...)
- TODO: check
+ NOT-FOR-US: Pimcore
CVE-2026-22920 (The device's passwords have not been adequately salted, making
them vu ...)
NOT-FOR-US: SICK AG
CVE-2026-22919 (An attacker with administrative access may inject malicious
content in ...)
@@ -49,7 +49,7 @@ CVE-2026-22908 (Uploading unvalidated container images may
allow remote attacker
CVE-2026-22907 (An attacker may gain unauthorized access to the host
filesystem, poten ...)
NOT-FOR-US: SICK AG
CVE-2026-22867 (LaSuite Doc is a collaborative note taking, wiki and
documentation pla ...)
- TODO: check
+ NOT-FOR-US: LaSuite Doc
CVE-2026-22803 (SvelteKit is a framework for rapidly developing robust,
performant web ...)
TODO: check
CVE-2026-22775 (Svelte devalue is a JavaScript library that serializes values
into str ...)
@@ -93,7 +93,7 @@ CVE-2026-0990 (A flaw was found in libxml2, an XML parsing
library. This uncontr
CVE-2026-0989 (A flaw was identified in the RelaxNG parser of libxml2 related
to how ...)
TODO: check
CVE-2026-0976 (A flaw was found in Keycloak. This improper input validation
vulnerabi ...)
- TODO: check
+ - keycloak <itp> (bug #1088287)
CVE-2026-0897 (Allocation of Resources Without Limits or Throttling in the
HDF5 weigh ...)
TODO: check
CVE-2026-0713 (A security vulnerability in the /apis/dashboard.grafana.app/*
endpoint ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5a974272cccd735b938c9d7902e9fb52e34bf8e1...eaf8390388aa0aebb5bca1543ef5a44f207873ad
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5a974272cccd735b938c9d7902e9fb52e34bf8e1...eaf8390388aa0aebb5bca1543ef5a44f207873ad
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
