[Git][security-tracker-team/security-tracker][master] Some CVEs need re-evaluation, node-systeminformation is packaged

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Jun 1 14:38:22 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
173e38a3 by Salvatore Bonaccorso at 2026-06-01T15:37:45+02:00
Some CVEs need re-evaluation, node-systeminformation is packaged

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2727,7 +2727,7 @@ CVE-2026-44887 (Pi.Alert is a WIFI / LAN intruder detector with web service moni
 CVE-2026-44886 (Pi.Alert is a WIFI / LAN intruder detector with web service monitoring ...)
 	NOT-FOR-US: Pi.Alert
 CVE-2026-44724 (systeminformation is a System and OS information library for node.js.  ...)
-	NOT-FOR-US: systeminformation Node.js module
+	- node-systeminformation <undetermined>
 CVE-2026-44720 (OpenLearnX is an open-source, decentralized learning and assessment pl ...)
 	NOT-FOR-US: OpenLearnX
 CVE-2026-44713 (pam_usb provides hardware authentication for Linux using ordinary remo ...)
@@ -57691,9 +57691,9 @@ CVE-2026-26337 (Hyland Alfresco Transformation Service allows unauthenticated at
 CVE-2026-26336 (Hyland Alfresco allows unauthenticated attackers to read arbitrary fil ...)
 	NOT-FOR-US: Hyland
 CVE-2026-26318 (systeminformation is a System and OS information library for node.js.  ...)
-	NOT-FOR-US: systeminformation Node.js module
+	- node-systeminformation <undetermined>
 CVE-2026-26280 (systeminformation is a System and OS information library for node.js.  ...)
-	NOT-FOR-US: systeminformation Node.js module
+	- node-systeminformation <undetermined>
 CVE-2026-26278 (fast-xml-parser allows users to validate XML, parse XML to JS object,  ...)
 	- node-webfont <undetermined>
 	NOTE: https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-jmr7-xgp7-cmfj
@@ -85681,7 +85681,7 @@ CVE-2025-68156 (Expr is an expression language and expression evaluation for Go.
 CVE-2025-68155 (@vitejs/plugin-rs provides React Server Components (RSC) support for V ...)
 	NOT-FOR-US: React Server Components (RSC) support plugin for Vite
 CVE-2025-68154 (systeminformation is a System and OS information library for node.js.  ...)
-	NOT-FOR-US: systeminformation Node.js module
+	- node-systeminformation <undetermined>
 CVE-2025-68150 (Parse Server is an open source backend that can be deployed to any inf ...)
 	NOT-FOR-US: Parse Server
 CVE-2025-68146 (filelock is a platform-independent file lock for Python. In versions p ...)
@@ -205378,7 +205378,7 @@ CVE-2024-56357 (grist-core is a spreadsheet hosting server. A user visiting a ma
 CVE-2024-56335 (vaultwarden is an unofficial Bitwarden compatible server written in Ru ...)
 	- vaultwarden <itp> (bug #1067023)
 CVE-2024-56334 (systeminformation is a System and OS information library for node.js.  ...)
-	NOT-FOR-US: Node systeminformation
+	- node-systeminformation <undetermined>
 CVE-2024-55509 (SQL injection vulnerability in CodeAstro Complaint Management System v ...)
 	NOT-FOR-US: CodeAstro Complaint Management System
 CVE-2024-40875 (There is a cross-site scripting vulnerability in the management consol ...)
@@ -322327,7 +322327,7 @@ CVE-2023-43236 (D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack o
 CVE-2023-43235 (D-Link DIR-823G v1.0.2B05 was discovered to contain a stack overflow v ...)
 	NOT-FOR-US: D-Link
 CVE-2023-42810 (systeminformation is a System Information Library for Node.JS. Version ...)
-	NOT-FOR-US: Node systeminformation
+	- node-systeminformation <undetermined>
 CVE-2023-42807 (Frappe LMS is an open source learning management system. In versions 1 ...)
 	NOT-FOR-US: Frappe Framework
 CVE-2023-42806 (Hydra is the layer-two scalability solution for Cardano. Prior to vers ...)
@@ -518803,7 +518803,7 @@ CVE-2021-21390 (MinIO is an open-source high performance object storage service
 CVE-2021-21389 (BuddyPress is an open source WordPress plugin to build a community sit ...)
 	NOT-FOR-US: BuddyPress WordPress plugin
 CVE-2021-21388 (systeminformation is an open source system and OS information library  ...)
-	NOT-FOR-US: Node systeminformation
+	- node-systeminformation <undetermined>
 CVE-2021-21387 (Wrongthink peer-to-peer, end-to-end encrypted messenger with PeerJS an ...)
 	NOT-FOR-US: Wrongthink
 CVE-2021-21386 (APKLeaks is an open-source project for scanning APK file for URIs, end ...)
@@ -519017,7 +519017,7 @@ CVE-2021-21317 (uap-core in an open-source npm package which contains the core o
 CVE-2021-21316 (less-openui5 is an npm package which enables building OpenUI5 themes w ...)
 	NOT-FOR-US: less-openui5 npm package
 CVE-2021-21315 (The System Information Library for Node.JS (npm package "systeminforma ...)
-	NOT-FOR-US: Node systeminformation
+	- node-systeminformation <undetermined>
 CVE-2021-21314 (GLPI is open source software which stands for Gestionnaire Libre de Pa ...)
 	- glpi <removed> (unimportant)
 	NOTE: Only supported behind an authenticated HTTP zone
@@ -537411,7 +537411,7 @@ CVE-2020-26302 (is.js is a general-purpose check library. Versions 0.9.0 and pri
 CVE-2020-26301 (ssh2 is client and server modules written in pure JavaScript for node. ...)
 	NOT-FOR-US: Node ssh2
 CVE-2020-26300 (systeminformation is an npm package that provides system and OS inform ...)
-	NOT-FOR-US: Node systeminformation
+	- node-systeminformation <undetermined>
 CVE-2020-26299 (ftp-srv is an open-source FTP server designed to be simple yet configu ...)
 	NOT-FOR-US: Node ftp-srv
 CVE-2020-26298 (Redcarpet is a Ruby library for Markdown processing. In Redcarpet befo ...)
@@ -537473,7 +537473,7 @@ CVE-2020-26275 (The Jupyter Server provides the backend (i.e. the core services,
 	- jupyter-server 1.1.1-1
 	NOTE: https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-9f66-54xg-pc2c
 CVE-2020-26274 (In systeminformation (npm package) before version 4.31.1 there is a co ...)
-	NOT-FOR-US: Node systeminformation
+	- node-systeminformation <undetermined>
 CVE-2020-26273 (osquery is a SQL powered operating system instrumentation, monitoring, ...)
 	- osquery <itp> (bug #803502)
 CVE-2020-26272 (The Electron framework lets users write cross-platform desktop applica ...)
@@ -537559,7 +537559,7 @@ CVE-2020-26247 (Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parse
 CVE-2020-26246 (Pimcore is an open source digital experience platform. In Pimcore befo ...)
 	NOT-FOR-US: Pimcore
 CVE-2020-26245 (npm package systeminformation before version 4.30.5 is vulnerable to P ...)
-	NOT-FOR-US: Node systeminformation
+	- node-systeminformation <undetermined>
 CVE-2020-26244 (Python oic is a Python OpenID Connect implementation. In Python oic be ...)
 	NOT-FOR-US: Python oic
 CVE-2020-26243 (Nanopb is a small code-size Protocol Buffers implementation. In Nanopb ...)
@@ -583866,7 +583866,7 @@ CVE-2020-7780 (This affects the package com.softwaremill.akka-http-session:core_
 CVE-2020-7779 (All versions of package djvalidator are vulnerable to Regular Expressi ...)
 	NOT-FOR-US: Node djvalidator
 CVE-2020-7778 (This affects the package systeminformation before 4.30.2. The attacker ...)
-	NOT-FOR-US: Node systeminformation
+	- node-systeminformation <undetermined>
 CVE-2020-7777 (This affects all versions of package jsen. If an attacker can control  ...)
 	NOT-FOR-US: Node jsen
 CVE-2020-7776 (This affects the package phpoffice/phpspreadsheet from 0.0.0. The libr ...)
@@ -583929,7 +583929,7 @@ CVE-2020-7754 (This affects the package npm-user-validate before 1.0.1. The rege
 CVE-2020-7753 (All versions of package trim are vulnerable to Regular Expression Deni ...)
 	NOT-FOR-US: Node trim
 CVE-2020-7752 (This affects the package systeminformation before 4.27.11. This packag ...)
-	NOT-FOR-US: Node systeminformation
+	- node-systeminformation <undetermined>
 CVE-2020-7751 (pathval before version 1.1.1 is vulnerable to prototype pollution.)
 	- node-pathval 1.1.0-4 (bug #972895)
 	[buster] - node-pathval 1.1.0-3+deb10u1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/173e38a30c494b5ea99a78b3d41180d8e8541ff4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/173e38a30c494b5ea99a78b3d41180d8e8541ff4
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260601/bb3eb779/attachment.htm>

More information about the debian-security-tracker-commits mailing list