Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
76a05579 by Salvatore Bonaccorso at 2026-06-01T17:42:07+02:00
Review first batch of CVES for node-systeminformation
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2733,7 +2733,7 @@ CVE-2026-44887 (Pi.Alert is a WIFI / LAN intruder
detector with web service moni
CVE-2026-44886 (Pi.Alert is a WIFI / LAN intruder detector with web service
monitoring ...)
NOT-FOR-US: Pi.Alert
CVE-2026-44724 (systeminformation is a System and OS information library for
node.js. ...)
- - node-systeminformation <undetermined>
+ - node-systeminformation <not-affected> (Fixed before initial upload to
Debian)
CVE-2026-44720 (OpenLearnX is an open-source, decentralized learning and
assessment pl ...)
NOT-FOR-US: OpenLearnX
CVE-2026-44713 (pam_usb provides hardware authentication for Linux using
ordinary remo ...)
@@ -57697,9 +57697,9 @@ CVE-2026-26337 (Hyland Alfresco Transformation Service
allows unauthenticated at
CVE-2026-26336 (Hyland Alfresco allows unauthenticated attackers to read
arbitrary fil ...)
NOT-FOR-US: Hyland
CVE-2026-26318 (systeminformation is a System and OS information library for
node.js. ...)
- - node-systeminformation <undetermined>
+ - node-systeminformation <not-affected> (Fixed before initial upload to
Debian)
CVE-2026-26280 (systeminformation is a System and OS information library for
node.js. ...)
- - node-systeminformation <undetermined>
+ - node-systeminformation <not-affected> (Fixed before initial upload to
Debian)
CVE-2026-26278 (fast-xml-parser allows users to validate XML, parse XML to JS
object, ...)
- node-webfont <undetermined>
NOTE:
https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-jmr7-xgp7-cmfj
@@ -85687,7 +85687,7 @@ CVE-2025-68156 (Expr is an expression language and
expression evaluation for Go.
CVE-2025-68155 (@vitejs/plugin-rs provides React Server Components (RSC)
support for V ...)
NOT-FOR-US: React Server Components (RSC) support plugin for Vite
CVE-2025-68154 (systeminformation is a System and OS information library for
node.js. ...)
- - node-systeminformation <undetermined>
+ - node-systeminformation <not-affected> (Fixed before initial upload to
Debian)
CVE-2025-68150 (Parse Server is an open source backend that can be deployed to
any inf ...)
NOT-FOR-US: Parse Server
CVE-2025-68146 (filelock is a platform-independent file lock for Python. In
versions p ...)
@@ -205384,7 +205384,7 @@ CVE-2024-56357 (grist-core is a spreadsheet hosting
server. A user visiting a ma
CVE-2024-56335 (vaultwarden is an unofficial Bitwarden compatible server
written in Ru ...)
- vaultwarden <itp> (bug #1067023)
CVE-2024-56334 (systeminformation is a System and OS information library for
node.js. ...)
- - node-systeminformation <undetermined>
+ - node-systeminformation <not-affected> (Fixed before initial upload to
Debian)
CVE-2024-55509 (SQL injection vulnerability in CodeAstro Complaint Management
System v ...)
NOT-FOR-US: CodeAstro Complaint Management System
CVE-2024-40875 (There is a cross-site scripting vulnerability in the
management consol ...)
@@ -322333,7 +322333,7 @@ CVE-2023-43236 (D-Link DIR-816 A2 v1.10CNB05 was
discovered to contain a stack o
CVE-2023-43235 (D-Link DIR-823G v1.0.2B05 was discovered to contain a stack
overflow v ...)
NOT-FOR-US: D-Link
CVE-2023-42810 (systeminformation is a System Information Library for Node.JS.
Version ...)
- - node-systeminformation <undetermined>
+ - node-systeminformation <not-affected> (Fixed before initial upload to
Debian)
CVE-2023-42807 (Frappe LMS is an open source learning management system. In
versions 1 ...)
NOT-FOR-US: Frappe Framework
CVE-2023-42806 (Hydra is the layer-two scalability solution for Cardano. Prior
to vers ...)
@@ -518809,7 +518809,7 @@ CVE-2021-21390 (MinIO is an open-source high
performance object storage service
CVE-2021-21389 (BuddyPress is an open source WordPress plugin to build a
community sit ...)
NOT-FOR-US: BuddyPress WordPress plugin
CVE-2021-21388 (systeminformation is an open source system and OS information
library ...)
- - node-systeminformation <undetermined>
+ - node-systeminformation <not-affected> (Fixed before initial upload to
Debian)
CVE-2021-21387 (Wrongthink peer-to-peer, end-to-end encrypted messenger with
PeerJS an ...)
NOT-FOR-US: Wrongthink
CVE-2021-21386 (APKLeaks is an open-source project for scanning APK file for
URIs, end ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76a055798f2d1260af52ee8cd9855d313ed5d75d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76a055798f2d1260af52ee8cd9855d313ed5d75d
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
