Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5195a478 by Salvatore Bonaccorso at 2026-02-10T22:00:38+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -37,7 +37,7 @@ CVE-2026-25610 (An authorized user may trigger a server crash
by running a $geoN
CVE-2026-25609 (Incorrect validation of the profile command may result in the
determin ...)
- mongodb <removed>
CVE-2026-25577 (Emmett is a framework designed to simplify your development
process. P ...)
- TODO: check
+ NOT-FOR-US: Emmett framework
CVE-2026-25530 (Kanboard is project management software focused on Kanban
methodology. ...)
- kanboard <unfixed>
NOTE:
https://github.com/kanboard/kanboard/security/advisories/GHSA-6rxw-vvvj-r93q
@@ -49,7 +49,7 @@ CVE-2026-24885 (Kanboard is project management software
focused on Kanban method
CVE-2026-24343 (Improper Neutralization of Data within XPath Expressions
('XPath Injec ...)
TODO: check
CVE-2026-24045 (Docmost is open-source collaborative wiki and documentation
software. ...)
- TODO: check
+ NOT-FOR-US: Docmost
CVE-2026-23720 (A vulnerability has been identified in Simcenter Femap (All
versions < ...)
NOT-FOR-US: Siemens
CVE-2026-23719 (A vulnerability has been identified in Simcenter Femap (All
versions < ...)
@@ -63,7 +63,7 @@ CVE-2026-23716 (A vulnerability has been identified in
Simcenter Femap (All vers
CVE-2026-23715 (A vulnerability has been identified in Simcenter Femap (All
versions < ...)
NOT-FOR-US: Siemens
CVE-2026-23655 (Cleartext storage of sensitive information in Azure Compute
Gallery al ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-22923 (A vulnerability has been identified in NX (All versions <
V2512). The ...)
NOT-FOR-US: Siemens
CVE-2026-22153 (An Authentication Bypass by Primary Weakness vulnerability
[CWE-305] v ...)
@@ -73,17 +73,17 @@ CVE-2026-21743 (A missing authorization vulnerability in
Fortinet FortiAuthentic
CVE-2026-21537 (Improper control of generation of code ('code injection') in
Microsoft ...)
TODO: check
CVE-2026-21533 (Improper privilege management in Windows Remote Desktop allows
an auth ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21531 (Deserialization of untrusted data in Azure SDK allows an
unauthorized ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21529 (Improper neutralization of input during web page generation
('cross-si ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21528 (Binding to an unrestricted ip address in Azure IoT SDK allows
an unaut ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21527 (User interface (ui) misrepresentation of critical information
in Micro ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21525 (Null pointer dereference in Windows Remote Access Connection
Manager a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21523 (Time-of-check time-of-use (toctou) race condition in GitHub
Copilot an ...)
TODO: check
CVE-2026-21522 (Improper neutralization of special elements used in a command
('comman ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5195a4781e6b3cdcf67697fc874c00cffe4b2d50
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5195a4781e6b3cdcf67697fc874c00cffe4b2d50
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
