[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Feb 10 21:19:34 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3a01ec98 by Salvatore Bonaccorso at 2026-02-10T22:18:38+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2,7 +2,7 @@ CVE-2026-25531
- kanboard <unfixed>
NOTE: https://github.com/kanboard/kanboard/security/advisories/GHSA-vrm3-3337-whp9
CVE-2026-2303 (The mongo-go-driver repositorycontains CGo bindings for GSSAPI (Kerber ...)
- TODO: check
+ NOT-FOR-US: mongo-go-driver
CVE-2026-2302 (Under specific conditions when processing a maliciously crafted value ...)
TODO: check
CVE-2026-2268 (The Ninja Forms plugin for WordPress is vulnerable to Sensitive Inform ...)
@@ -50,7 +50,7 @@ CVE-2026-24885 (Kanboard is project management software focused on Kanban method
NOTE: https://github.com/kanboard/kanboard/security/advisories/GHSA-582j-h4w4-hwr5
NOTE: Fixed by; https://github.com/kanboard/kanboard/commit/2c56d92783d4a3094812c2f7cba50f80a372f95e (v1.2.50)
CVE-2026-24343 (Improper Neutralization of Data within XPath Expressions ('XPath Injec ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-24045 (Docmost is open-source collaborative wiki and documentation software. ...)
NOT-FOR-US: Docmost
CVE-2026-23720 (A vulnerability has been identified in Simcenter Femap (All versions < ...)
@@ -74,7 +74,7 @@ CVE-2026-22153 (An Authentication Bypass by Primary Weakness vulnerability [CWE-
CVE-2026-21743 (A missing authorization vulnerability in Fortinet FortiAuthenticator 6 ...)
NOT-FOR-US: Fortinet
CVE-2026-21537 (Improper control of generation of code ('code injection') in Microsoft ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21533 (Improper privilege management in Windows Remote Desktop allows an auth ...)
NOT-FOR-US: Microsoft
CVE-2026-21531 (Deserialization of untrusted data in Azure SDK allows an unauthorized ...)
@@ -88,29 +88,29 @@ CVE-2026-21527 (User interface (ui) misrepresentation of critical information in
CVE-2026-21525 (Null pointer dereference in Windows Remote Access Connection Manager a ...)
NOT-FOR-US: Microsoft
CVE-2026-21523 (Time-of-check time-of-use (toctou) race condition in GitHub Copilot an ...)
- TODO: check
+ NOT-FOR-US: Microsoft GitHub Copilot and Visual Studio Code
CVE-2026-21522 (Improper neutralization of special elements used in a command ('comman ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21519 (Access of resource using incompatible type ('type confusion') in Deskt ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21518 (Improper neutralization of special elements used in a command ('comman ...)
- TODO: check
+ NOT-FOR-US: Microsoft GitHub Copilot and Visual Studio Code
CVE-2026-21517 (Improper link resolution before file access ('link following') in Wind ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21516 (Improper neutralization of special elements used in a command ('comman ...)
- TODO: check
+ NOT-FOR-US: Microsoft GitHub Copilot
CVE-2026-21514 (Reliance on untrusted inputs in a security decision in Microsoft Offic ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21513 (Protection mechanism failure in MSHTML Framework allows an unauthorize ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21512 (Server-side request forgery (ssrf) in Azure DevOps Server allows an au ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21511 (Deserialization of untrusted data in Microsoft Office Outlook allows a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21510 (Protection mechanism failure in Windows Shell allows an unauthorized a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21508 (Improper authentication in Windows Storage allows an authorized attack ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21358 (InDesign Desktop versions 21.1, 20.5.1 and earlier are affected by a H ...)
NOT-FOR-US: Adobe
CVE-2026-21357 (InDesign Desktop versions 21.1, 20.5.1 and earlier are affected by a H ...)
@@ -200,73 +200,73 @@ CVE-2026-21313 (Audition versions 25.3 and earlier are affected by an out-of-bou
CVE-2026-21312 (Audition versions 25.3 and earlier are affected by an out-of-bounds wr ...)
NOT-FOR-US: Adobe
CVE-2026-21261 (Out-of-bounds read in Microsoft Office Excel allows an unauthorized at ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21260 (Exposure of sensitive information to an unauthorized actor in Microsof ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21259 (Heap-based buffer overflow in Microsoft Office Excel allows an unautho ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21258 (Improper input validation in Microsoft Office Excel allows an unauthor ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21257 (Improper neutralization of special elements used in a command ('comman ...)
- TODO: check
+ NOT-FOR-US: Microsoft GitHub Copilot and Visual Studio Code
CVE-2026-21256 (Improper neutralization of special elements used in a command ('comman ...)
- TODO: check
+ NOT-FOR-US: Microsoft GitHub Copilot and Visual Studio Code
CVE-2026-21255 (Improper access control in Windows Hyper-V allows an authorized attack ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21253 (Use after free in Mailslot File System allows an authorized attacker t ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21251 (Use after free in Windows Cluster Client Failover allows an authorized ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21250 (Untrusted pointer dereference in Windows HTTP.sys allows an authorized ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21249 (External control of file name or path in Windows NTLM allows an unauth ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21248 (Heap-based buffer overflow in Windows Hyper-V allows an authorized att ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21247 (Improper input validation in Windows Hyper-V allows an authorized atta ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21246 (Heap-based buffer overflow in Microsoft Graphics Component allows an a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21245 (Heap-based buffer overflow in Windows Kernel allows an authorized atta ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21244 (Heap-based buffer overflow in Windows Hyper-V allows an authorized att ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21243 (Null pointer dereference in Windows LDAP - Lightweight Directory Acces ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21242 (Use after free in Windows Subsystem for Linux allows an authorized att ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21241 (Use after free in Windows Ancillary Function Driver for WinSock allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21240 (Time-of-check time-of-use (toctou) race condition in Windows HTTP.sys ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21239 (Heap-based buffer overflow in Windows Kernel allows an authorized atta ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21238 (Improper access control in Windows Ancillary Function Driver for WinSo ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21237 (Concurrent execution using shared resource with improper synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21236 (Heap-based buffer overflow in Windows Ancillary Function Driver for Wi ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21235 (Use after free in Microsoft Graphics Component allows an authorized at ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21234 (Concurrent execution using shared resource with improper synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21232 (Untrusted pointer dereference in Windows HTTP.sys allows an authorized ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21231 (Concurrent execution using shared resource with improper synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21229 (Improper input validation in Power BI allows an authorized attacker to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21228 (Improper certificate validation in Azure Local allows an unauthorized ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21222 (Insertion of sensitive information into log file in Windows Kernel all ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21218 (Improper handling of missing special element in .NET allows an unautho ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20846 (Buffer over-read in Windows GDI+ allows an unauthorized attacker to de ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20841 (Improper neutralization of special elements used in a command ('comman ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-1997 (Certain HP OfficeJet Pro printers may expose information if Cross\u201 ...)
NOT-FOR-US: HP
CVE-2026-1996 (Certain HP OfficeJet Pro printers may be vulnerable to potential denia ...)
@@ -284,7 +284,7 @@ CVE-2026-1848 (Connections received from the proxy port may not count towards to
CVE-2026-1847 (Inserting certain large documents into a replica set could lead to rep ...)
TODO: check
CVE-2026-1774 (CASL Ability, versions 2.4.0 through 6.7.4, contains a prototype pollu ...)
- TODO: check
+ NOT-FOR-US: CASL Ability
CVE-2026-1603 (An authentication bypass in Ivanti Endpoint Manager before version 202 ...)
NOT-FOR-US: Ivanti
CVE-2026-1602 (SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allow ...)
@@ -296,13 +296,13 @@ CVE-2026-0652 (On TP-Link Tapo C260 v1, command injection vulnerability exists d
CVE-2026-0651 (On TP-Link Tapo C260 v1, path traversal is possible due to improper ha ...)
NOT-FOR-US: TP-Link
CVE-2025-7636 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: ZEUS PDKS
CVE-2025-7347 (Authorization Bypass Through User-Controlled Key vulnerability in Dini ...)
- TODO: check
+ NOT-FOR-US: Dinibh Patrol Tracking System
CVE-2025-70347 (An issue in mquickjs before commit 74b7e (2026-01-15) allows a local a ...)
- TODO: check
+ NOT-FOR-US: mquickjs
CVE-2025-6967 (Execution After Redirect (EAR) vulnerability in Sarman Soft Software a ...)
- TODO: check
+ NOT-FOR-US: Sarman Soft Software nd Technology Services Industry and Trade Ltd. Co. CMS
CVE-2025-6010
REJECTED
CVE-2025-68686 (An Exposure of Sensitive Information to an Unauthorized Actor vulnerab ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3a01ec9804a0b8cbdb7e9c4f4305c967fdfc3642
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3a01ec9804a0b8cbdb7e9c4f4305c967fdfc3642
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260210/3f46609e/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list