Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3a01ec98 by Salvatore Bonaccorso at 2026-02-10T22:18:38+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2,7 +2,7 @@ CVE-2026-25531
- kanboard <unfixed>
NOTE:
https://github.com/kanboard/kanboard/security/advisories/GHSA-vrm3-3337-whp9
CVE-2026-2303 (The mongo-go-driver repositorycontains CGo bindings for GSSAPI
(Kerber ...)
- TODO: check
+ NOT-FOR-US: mongo-go-driver
CVE-2026-2302 (Under specific conditions when processing a maliciously crafted
value ...)
TODO: check
CVE-2026-2268 (The Ninja Forms plugin for WordPress is vulnerable to Sensitive
Inform ...)
@@ -50,7 +50,7 @@ CVE-2026-24885 (Kanboard is project management software
focused on Kanban method
NOTE:
https://github.com/kanboard/kanboard/security/advisories/GHSA-582j-h4w4-hwr5
NOTE: Fixed by;
https://github.com/kanboard/kanboard/commit/2c56d92783d4a3094812c2f7cba50f80a372f95e
(v1.2.50)
CVE-2026-24343 (Improper Neutralization of Data within XPath Expressions
('XPath Injec ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-24045 (Docmost is open-source collaborative wiki and documentation
software. ...)
NOT-FOR-US: Docmost
CVE-2026-23720 (A vulnerability has been identified in Simcenter Femap (All
versions < ...)
@@ -74,7 +74,7 @@ CVE-2026-22153 (An Authentication Bypass by Primary Weakness
vulnerability [CWE-
CVE-2026-21743 (A missing authorization vulnerability in Fortinet
FortiAuthenticator 6 ...)
NOT-FOR-US: Fortinet
CVE-2026-21537 (Improper control of generation of code ('code injection') in
Microsoft ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21533 (Improper privilege management in Windows Remote Desktop allows
an auth ...)
NOT-FOR-US: Microsoft
CVE-2026-21531 (Deserialization of untrusted data in Azure SDK allows an
unauthorized ...)
@@ -88,29 +88,29 @@ CVE-2026-21527 (User interface (ui) misrepresentation of
critical information in
CVE-2026-21525 (Null pointer dereference in Windows Remote Access Connection
Manager a ...)
NOT-FOR-US: Microsoft
CVE-2026-21523 (Time-of-check time-of-use (toctou) race condition in GitHub
Copilot an ...)
- TODO: check
+ NOT-FOR-US: Microsoft GitHub Copilot and Visual Studio Code
CVE-2026-21522 (Improper neutralization of special elements used in a command
('comman ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21519 (Access of resource using incompatible type ('type confusion')
in Deskt ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21518 (Improper neutralization of special elements used in a command
('comman ...)
- TODO: check
+ NOT-FOR-US: Microsoft GitHub Copilot and Visual Studio Code
CVE-2026-21517 (Improper link resolution before file access ('link following')
in Wind ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21516 (Improper neutralization of special elements used in a command
('comman ...)
- TODO: check
+ NOT-FOR-US: Microsoft GitHub Copilot
CVE-2026-21514 (Reliance on untrusted inputs in a security decision in
Microsoft Offic ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21513 (Protection mechanism failure in MSHTML Framework allows an
unauthorize ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21512 (Server-side request forgery (ssrf) in Azure DevOps Server
allows an au ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21511 (Deserialization of untrusted data in Microsoft Office Outlook
allows a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21510 (Protection mechanism failure in Windows Shell allows an
unauthorized a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21508 (Improper authentication in Windows Storage allows an
authorized attack ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21358 (InDesign Desktop versions 21.1, 20.5.1 and earlier are
affected by a H ...)
NOT-FOR-US: Adobe
CVE-2026-21357 (InDesign Desktop versions 21.1, 20.5.1 and earlier are
affected by a H ...)
@@ -200,73 +200,73 @@ CVE-2026-21313 (Audition versions 25.3 and earlier are
affected by an out-of-bou
CVE-2026-21312 (Audition versions 25.3 and earlier are affected by an
out-of-bounds wr ...)
NOT-FOR-US: Adobe
CVE-2026-21261 (Out-of-bounds read in Microsoft Office Excel allows an
unauthorized at ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21260 (Exposure of sensitive information to an unauthorized actor in
Microsof ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21259 (Heap-based buffer overflow in Microsoft Office Excel allows an
unautho ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21258 (Improper input validation in Microsoft Office Excel allows an
unauthor ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21257 (Improper neutralization of special elements used in a command
('comman ...)
- TODO: check
+ NOT-FOR-US: Microsoft GitHub Copilot and Visual Studio Code
CVE-2026-21256 (Improper neutralization of special elements used in a command
('comman ...)
- TODO: check
+ NOT-FOR-US: Microsoft GitHub Copilot and Visual Studio Code
CVE-2026-21255 (Improper access control in Windows Hyper-V allows an
authorized attack ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21253 (Use after free in Mailslot File System allows an authorized
attacker t ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21251 (Use after free in Windows Cluster Client Failover allows an
authorized ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21250 (Untrusted pointer dereference in Windows HTTP.sys allows an
authorized ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21249 (External control of file name or path in Windows NTLM allows
an unauth ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21248 (Heap-based buffer overflow in Windows Hyper-V allows an
authorized att ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21247 (Improper input validation in Windows Hyper-V allows an
authorized atta ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21246 (Heap-based buffer overflow in Microsoft Graphics Component
allows an a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21245 (Heap-based buffer overflow in Windows Kernel allows an
authorized atta ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21244 (Heap-based buffer overflow in Windows Hyper-V allows an
authorized att ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21243 (Null pointer dereference in Windows LDAP - Lightweight
Directory Acces ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21242 (Use after free in Windows Subsystem for Linux allows an
authorized att ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21241 (Use after free in Windows Ancillary Function Driver for
WinSock allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21240 (Time-of-check time-of-use (toctou) race condition in Windows
HTTP.sys ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21239 (Heap-based buffer overflow in Windows Kernel allows an
authorized atta ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21238 (Improper access control in Windows Ancillary Function Driver
for WinSo ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21237 (Concurrent execution using shared resource with improper
synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21236 (Heap-based buffer overflow in Windows Ancillary Function
Driver for Wi ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21235 (Use after free in Microsoft Graphics Component allows an
authorized at ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21234 (Concurrent execution using shared resource with improper
synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21232 (Untrusted pointer dereference in Windows HTTP.sys allows an
authorized ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21231 (Concurrent execution using shared resource with improper
synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21229 (Improper input validation in Power BI allows an authorized
attacker to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21228 (Improper certificate validation in Azure Local allows an
unauthorized ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21222 (Insertion of sensitive information into log file in Windows
Kernel all ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21218 (Improper handling of missing special element in .NET allows an
unautho ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20846 (Buffer over-read in Windows GDI+ allows an unauthorized
attacker to de ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20841 (Improper neutralization of special elements used in a command
('comman ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-1997 (Certain HP OfficeJet Pro printers may expose information if
Cross\u201 ...)
NOT-FOR-US: HP
CVE-2026-1996 (Certain HP OfficeJet Pro printers may be vulnerable to
potential denia ...)
@@ -284,7 +284,7 @@ CVE-2026-1848 (Connections received from the proxy port may
not count towards to
CVE-2026-1847 (Inserting certain large documents into a replica set could lead
to rep ...)
TODO: check
CVE-2026-1774 (CASL Ability, versions 2.4.0 through 6.7.4, contains a
prototype pollu ...)
- TODO: check
+ NOT-FOR-US: CASL Ability
CVE-2026-1603 (An authentication bypass in Ivanti Endpoint Manager before
version 202 ...)
NOT-FOR-US: Ivanti
CVE-2026-1602 (SQL injection in Ivanti Endpoint Manager before version 2024
SU5 allow ...)
@@ -296,13 +296,13 @@ CVE-2026-0652 (On TP-Link Tapo C260 v1, command injection
vulnerability exists d
CVE-2026-0651 (On TP-Link Tapo C260 v1, path traversal is possible due to
improper ha ...)
NOT-FOR-US: TP-Link
CVE-2025-7636 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: ZEUS PDKS
CVE-2025-7347 (Authorization Bypass Through User-Controlled Key vulnerability
in Dini ...)
- TODO: check
+ NOT-FOR-US: Dinibh Patrol Tracking System
CVE-2025-70347 (An issue in mquickjs before commit 74b7e (2026-01-15) allows a
local a ...)
- TODO: check
+ NOT-FOR-US: mquickjs
CVE-2025-6967 (Execution After Redirect (EAR) vulnerability in Sarman Soft
Software a ...)
- TODO: check
+ NOT-FOR-US: Sarman Soft Software nd Technology Services Industry and
Trade Ltd. Co. CMS
CVE-2025-6010
REJECTED
CVE-2025-68686 (An Exposure of Sensitive Information to an Unauthorized Actor
vulnerab ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3a01ec9804a0b8cbdb7e9c4f4305c967fdfc3642
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3a01ec9804a0b8cbdb7e9c4f4305c967fdfc3642
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
