Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d9b27bf7 by Salvatore Bonaccorso at 2026-02-21T10:02:20+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,15 +1,15 @@
CVE-2026-2865 (A vulnerability was found in itsourcecode Agri-Trading Online
Shopping ...)
NOT-FOR-US: itsourcecode System
CVE-2026-2864 (A vulnerability has been found in feng_ha_ha/megagao ssm-erp
and produ ...)
- TODO: check
+ NOT-FOR-US: feng_ha_ha/megagao ssm-erp
CVE-2026-2863 (A flaw has been found in feng_ha_ha/megagao ssm-erp and
production_ssm ...)
- TODO: check
+ NOT-FOR-US: feng_ha_ha/megagao ssm-erp
CVE-2026-2861 (A vulnerability was detected in Foswiki up to 2.1.10. The
affected ele ...)
- foswiki <itp> (bug #509864)
CVE-2026-2860 (A security vulnerability has been detected in
feng_ha_ha/megagao ssm-e ...)
- TODO: check
+ NOT-FOR-US: feng_ha_ha/megagao ssm-erp
CVE-2026-2858 (A vulnerability was identified in wren-lang wren up to 0.4.0.
This aff ...)
- TODO: check
+ NOT-FOR-US: wren-lang wren
CVE-2026-2857 (A vulnerability was determined in D-Link DWR-M960 1.01.07.
Affected by ...)
NOT-FOR-US: D-Link
CVE-2026-2856 (A vulnerability was found in D-Link DWR-M960 1.01.07. Affected
by this ...)
@@ -69,29 +69,29 @@ CVE-2026-27528
CVE-2026-27527
REJECTED
CVE-2026-27471 (ERP is a free and open source Enterprise Resource Planning
tool. In ve ...)
- TODO: check
+ NOT-FOR-US: Frappe ERP
CVE-2026-27470 (ZoneMinder is a free, open source closed-circuit television
software a ...)
- zoneminder <unfixed> (unimportant)
NOTE:
https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-r6gm-478g-f2c4
NOTE: Only supported for trusted users/behind auth
CVE-2026-27469 (Isso is a lightweight commenting server written in Python and
JavaScri ...)
- TODO: check
+ NOT-FOR-US: Isso
CVE-2026-27467 (BigBlueButton is an open-source virtual classroom. In versions
3.0.19 ...)
- TODO: check
+ NOT-FOR-US: BigBlueButton
CVE-2026-27466 (BigBlueButton is an open-source virtual classroom. In versions
3.0.21 ...)
- TODO: check
+ NOT-FOR-US: BigBlueButton
CVE-2026-27464 (Metabase is an open-source data analytics platform. In
versions prior ...)
- TODO: check
+ NOT-FOR-US: Metabase
CVE-2026-27458 (LinkAce is a self-hosted archive to collect website links.
Versions 2. ...)
- TODO: check
+ NOT-FOR-US: LinkAce
CVE-2026-27452 (ASN.1 TypeScript ESM library, including codecs for Basic
Encoding Rule ...)
- TODO: check
+ NOT-FOR-US: JonathanWilbur asn1-ts (not the same as node-asn1)
CVE-2026-27212 (Swiper is a free and mobile touch slider with hardware
accelerated tra ...)
- TODO: check
+ NOT-FOR-US: Swiper
CVE-2026-27211 (Cloud Hypervisor is a Virtual Machine Monitor for Cloud
workloads. Ver ...)
TODO: check
CVE-2026-27210 (Pannellum is a lightweight, free, and open source panorama
viewer for ...)
- TODO: check
+ NOT-FOR-US: Pannellum
CVE-2026-27205 (Flask is a web server gateway interface (WSGI) web application
framewo ...)
TODO: check
CVE-2026-27203 (eBay API MCP Server is an open source local MCP server
providing AI as ...)
@@ -779,7 +779,7 @@ CVE-2026-2739 (This affects versions of the package bn.js
before 5.2.3. Calling
NOTE: https://github.com/indutny/bn.js/pull/317
NOTE: Fixed by:
https://github.com/indutny/bn.js/commit/33df26b5771e824f303a79ec6407409376baa64b
(v5.2.3)
CVE-2026-2738 (Buffer overflow in ovpn\u2011dco\u2011winversion 2.8.0 allows
local at ...)
- TODO: check
+ NOT-FOR-US: OpenVPN ovpn-dco for Windows
CVE-2026-2605 (Tanium addressed an insertion of sensitive information into log
file v ...)
NOT-FOR-US: Tanium
CVE-2026-2435 (Tanium addressed a SQL injection vulnerability in Asset.)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d9b27bf78a6f726bd9e1ae4903259cee5aedd704
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d9b27bf78a6f726bd9e1ae4903259cee5aedd704
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
