Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
743e73e5 by Salvatore Bonaccorso at 2026-02-26T12:31:21+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -61,43 +61,43 @@ CVE-2026-27950 (FreeRDP is a free implementation of the
Remote Desktop Protocol.
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-rvfg-86cr-5r6p
NOTE: Fixed by:
https://github.com/FreeRDP/FreeRDP/commit/5f62aa11c1bdf00f94c40ea9ebb260a752740b80
(3.23.0)
CVE-2026-27948 (Copyparty is a portable file server. In versions prior to
1.20.9, an X ...)
- TODO: check
+ NOT-FOR-US: Copyparty
CVE-2026-27946 (ZITADEL is an open source identity management platform. Prior
to versi ...)
- TODO: check
+ NOT-FOR-US: Zitadel
CVE-2026-27945 (ZITADEL is an open source identity management platform.
Zitadel Action ...)
- TODO: check
+ NOT-FOR-US: Zitadel
CVE-2026-27943 (OpenEMR is a free and open source electronic health records
and medica ...)
NOT-FOR-US: OpenEMR
CVE-2026-27942 (fast-xml-parser allows users to validate XML, parse XML to JS
object, ...)
TODO: check
CVE-2026-27941 (OpenLIT is an open source platform for AI engineering. Prior
to versio ...)
- TODO: check
+ NOT-FOR-US: OpenLIT
CVE-2026-27938 (WPGraphQL provides a GraphQL API for WordPress sites. Prior to
version ...)
- TODO: check
+ NOT-FOR-US: WPGraphQL
CVE-2026-27933 (Manyfold is an open source, self-hosted web application for
managing a ...)
- TODO: check
+ NOT-FOR-US: Manyfold
CVE-2026-27904 (minimatch is a minimal matching utility for converting glob
expression ...)
TODO: check
CVE-2026-27903 (minimatch is a minimal matching utility for converting glob
expression ...)
TODO: check
CVE-2026-27902 (Svelte performance oriented web framework. Prior to version
5.53.5, er ...)
- TODO: check
+ NOT-FOR-US: Svelte
CVE-2026-27901 (Svelte performance oriented web framework. Prior to version
5.53.5, th ...)
- TODO: check
+ NOT-FOR-US: Svelte
CVE-2026-27900 (The Terraform Provider for Linode versions prior to v3.9.0
logged sens ...)
- TODO: check
+ NOT-FOR-US: Terraform Provider for Linode
CVE-2026-27899 (WireGuard Portal (or wg-portal) is a web-based configuration
portal fo ...)
TODO: check
CVE-2026-27896 (The Go MCP SDK used Go's standard encoding/json.Unmarshal for
JSON-RPC ...)
- TODO: check
+ NOT-FOR-US: Go MCP SDK
CVE-2026-27888 (pypdf is a free and open-source pure-python PDF library. Prior
to 6.7. ...)
TODO: check
CVE-2026-27887 (Spin is an open source developer tool for building and running
serverl ...)
TODO: check
CVE-2026-27884 (NetExec is a network execution tool. Prior to version 1.5.1,
the modul ...)
- TODO: check
+ NOT-FOR-US: NetExec
CVE-2026-27840 (ZITADEL is an open source identity management platform.
Starting in ve ...)
- TODO: check
+ NOT-FOR-US: Zitadel
CVE-2026-27837 (Dottie provides nested object access and manipulation in
JavaScript. V ...)
TODO: check
CVE-2026-27831 (rldns is an open source DNS server. Version 2.3 has a
heap-based out-o ...)
@@ -105,21 +105,21 @@ CVE-2026-27831 (rldns is an open source DNS server.
Version 2.3 has a heap-based
CVE-2026-27830 (c3p0, a JDBC Connection pooling library, is vulnerable to
attack via m ...)
TODO: check
CVE-2026-27829 (Astro is a web framework. In versions 9.0.0 through 9.5.3, a
bug in As ...)
- TODO: check
+ NOT-FOR-US: Astro
CVE-2026-27821 (GPAC is an open-source multimedia framework. In versions up to
and inc ...)
TODO: check
CVE-2026-27819 (Vikunja is an open-source self-hosted task management
platform. Prior ...)
- TODO: check
+ NOT-FOR-US: Vikunja
CVE-2026-27818 (TerriaJS-Server is a NodeJS Express server for TerriaJS, a
library for ...)
- TODO: check
+ NOT-FOR-US: TerriaJS-Server
CVE-2026-27812 (Sub2API is an AI API gateway platform designed to distribute
and manag ...)
- TODO: check
+ NOT-FOR-US: Sub2API
CVE-2026-27809 (psd-tools is a Python package for working with Adobe Photoshop
PSD fil ...)
TODO: check
CVE-2026-27808 (Mailpit is an email testing tool and API for developers. Prior
to vers ...)
- TODO: check
+ NOT-FOR-US: Mailpit
CVE-2026-27804 (Parse Server is an open source backend that can be deployed to
any inf ...)
- TODO: check
+ NOT-FOR-US: Parse Server
CVE-2026-27800 (Zed, a code editor, has a Zip Slip (Path Traversal)
vulnerability exis ...)
TODO: check
CVE-2026-27799 (ImageMagick is free and open-source software used for editing
and mani ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/743e73e5a6cf851c4daab846d3ed4df114280a6e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/743e73e5a6cf851c4daab846d3ed4df114280a6e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
