Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9c0307d6 by security tracker role at 2026-02-20T08:13:50+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -17,31 +17,31 @@ CVE-2026-2739 (This affects versions of the package bn.js
before 5.2.3. Calling
CVE-2026-2738 (Buffer overflow in ovpn\u2011dco\u2011winversion 2.8.0 allows
local at ...)
TODO: check
CVE-2026-2605 (Tanium addressed an insertion of sensitive information into log
file v ...)
- TODO: check
+ NOT-FOR-US: Tanium
CVE-2026-2435 (Tanium addressed a SQL injection vulnerability in Asset.)
- TODO: check
+ NOT-FOR-US: Tanium
CVE-2026-2408 (Tanium addressed a use-after-free vulnerability in the Cloud
Workloads ...)
- TODO: check
+ NOT-FOR-US: Tanium
CVE-2026-2384 (The Quiz Maker plugin for WordPress is vulnerable to Stored
Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-2350 (Tanium addressed an insertion of sensitive information into log
file v ...)
- TODO: check
+ NOT-FOR-US: Tanium
CVE-2026-27476 (RustFly 2.0.0 contains a command injection vulnerability in
its remote ...)
TODO: check
CVE-2026-27440 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-27387 (Missing Authorization vulnerability in designinvento
DirectoryPress di ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-27368 (Missing Authorization vulnerability in SeedProd Coming Soon
Page, Unde ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-27360 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-27343 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-27328 (Missing Authorization vulnerability in DevsBlink EduBlink
edublink all ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-27327 (Missing Authorization vulnerability in YayCommerce YayMail
\u2013 WooC ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-27325
REJECTED
CVE-2026-27324
@@ -89,7 +89,7 @@ CVE-2026-26995
CVE-2026-26994 (uTLS is a fork of crypto/tls, created to customize ClientHello
for fin ...)
TODO: check
CVE-2026-26993 (Flare is a Next.js-based, self-hostable file sharing platform
that int ...)
- TODO: check
+ NOT-FOR-US: Next.js
CVE-2026-26992 (LibreNMS is an auto-discovering PHP/MySQL/SNMP based network
monitorin ...)
TODO: check
CVE-2026-26991 (LibreNMS is an auto-discovering PHP/MySQL/SNMP based network
monitorin ...)
@@ -183,31 +183,31 @@ CVE-2026-24122 (Cosign provides code signing and
transparency for containers and
CVE-2026-21535 (Improper access control in Microsoft Teams allows an
unauthorized atta ...)
TODO: check
CVE-2026-1658 (User Interface (UI) Misrepresentation of Critical Information
vulnerab ...)
- TODO: check
+ NOT-FOR-US: OpenText
CVE-2026-1292 (Tanium addressed an insertion of sensitive information into log
file v ...)
- TODO: check
+ NOT-FOR-US: Tanium
CVE-2025-9208 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: OpenText
CVE-2025-8055 (Server-Side Request Forgery (SSRF) vulnerability in
OpenText\u2122 XM ...)
- TODO: check
+ NOT-FOR-US: OpenText
CVE-2025-8054 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: OpenText
CVE-2025-67305 (In RUCKUS Network Director (RND) < 4.5.0.56, the OVA appliance
contain ...)
TODO: check
CVE-2025-59819 (This vulnerability allows authenticated attackers to read an
arbitrary ...)
TODO: check
CVE-2025-30416 (Sensitive data disclosure and manipulation due to missing
authorizatio ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2025-30412 (Sensitive data disclosure and manipulation due to improper
authenticat ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2025-30411 (Sensitive data disclosure and manipulation due to improper
authenticat ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2025-30410 (Sensitive data disclosure and manipulation due to missing
authenticati ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2025-13672 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: OpenText
CVE-2025-13671 (Cross-Site Request Forgery (CSRF) vulnerability in
OpenText\u2122 Web ...)
- TODO: check
+ NOT-FOR-US: OpenText
CVE-2026-2708 [libsoup: HTTP/1 request smuggling primitives accepted (CL.CL
and TE+CL) in soup_headers_parse()]
- libsoup3 <unfixed>
- libsoup2.4 <removed>
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c0307d64c98e0c839e583afd9b7a2806b9013a5
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c0307d64c98e0c839e583afd9b7a2806b9013a5
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
