Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
70922707 by Salvatore Bonaccorso at 2026-02-26T21:33:24+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
CVE-2026-3071 (Deserialization of untrusted data in the LanguageModel class of
Flair ...)
- TODO: check
+ NOT-FOR-US: LanguageModel class of Flair
CVE-2026-2680 (Reflected Cross-Site Scripting (XSS) on the A3factura web
platform, in ...)
TODO: check
CVE-2026-2679 (Reflected Cross-Site Scripting (XSS) on the A3factura web
platform, in ...)
@@ -25,9 +25,9 @@ CVE-2026-28131 (Insertion of Sensitive Information Into Sent
Data vulnerability
CVE-2026-28083 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-27510 (Unitree Go2 firmware versions 1.1.7 through 1.1.11, when used
with the ...)
- TODO: check
+ NOT-FOR-US: Unitree Go2 firmware
CVE-2026-27509 (Unitree Go2 firmware versions V1.1.7 through V1.1.9 and
V1.1.11 (EDU) ...)
- TODO: check
+ NOT-FOR-US: Unitree Go2 firmware
CVE-2026-27141 (Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will
cause a ...)
TODO: check
CVE-2026-26979 (Discourse is an open source discussion platform. Prior to
versions 202 ...)
@@ -195,7 +195,7 @@ CVE-2026-27901 (Svelte performance oriented web framework.
Prior to version 5.53
CVE-2026-27900 (The Terraform Provider for Linode versions prior to v3.9.0
logged sens ...)
NOT-FOR-US: Terraform Provider for Linode
CVE-2026-27899 (WireGuard Portal (or wg-portal) is a web-based configuration
portal fo ...)
- TODO: check
+ NOT-FOR-US: WireGuard Portal
CVE-2026-27896 (The Go MCP SDK used Go's standard encoding/json.Unmarshal for
JSON-RPC ...)
NOT-FOR-US: Go MCP SDK
CVE-2026-27888 (pypdf is a free and open-source pure-python PDF library. Prior
to 6.7. ...)
@@ -205,7 +205,7 @@ CVE-2026-27888 (pypdf is a free and open-source pure-python
PDF library. Prior t
NOTE: https://github.com/py-pdf/pypdf/pull/3658
NOTE: Fixed by:
https://github.com/py-pdf/pypdf/commit/7a4c8246ed48d9d328fb596942271da47b6d109c
(6.7.3)
CVE-2026-27887 (Spin is an open source developer tool for building and running
serverl ...)
- TODO: check
+ NOT-FOR-US: Spin
CVE-2026-27884 (NetExec is a network execution tool. Prior to version 1.5.1,
the modul ...)
NOT-FOR-US: NetExec
CVE-2026-27840 (ZITADEL is an open source identity management platform.
Starting in ve ...)
@@ -248,45 +248,45 @@ CVE-2026-27798 (ImageMagick is free and open-source
software used for editing an
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/0377e60b3c0d766bd7271221c95d9ee54f6a3738
(7.1.2-14)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/59edeec2b2adf2ca37454d622f3bca2a61893146
(6.9.13-39)
CVE-2026-27735 (Model Context Protocol Servers is a collection of reference
implementa ...)
- TODO: check
+ NOT-FOR-US: Model Context Protocol Servers
CVE-2026-27711 (NanaZip is an open source file archive. Starting in version
5.0.1252.0 ...)
- TODO: check
+ NOT-FOR-US: NanaZip
CVE-2026-27710 (NanaZip is an open source file archive. Starting in version
5.0.1252.0 ...)
- TODO: check
+ NOT-FOR-US: NanaZip
CVE-2026-27709 (NanaZip is an open source file archive. Starting in version
5.0.1252.0 ...)
- TODO: check
+ NOT-FOR-US: NanaZip
CVE-2026-27635 (Manyfold is an open source, self-hosted web application for
managing a ...)
TODO: check
CVE-2026-27633 (TinyWeb is a web server (HTTP, HTTPS) written in Delphi for
Win32. Ver ...)
- TODO: check
+ NOT-FOR-US: TinyWeb
CVE-2026-27630 (TinyWeb is a web server (HTTP, HTTPS) written in Delphi for
Win32. Ver ...)
- TODO: check
+ NOT-FOR-US: TinyWeb
CVE-2026-27616 (Vikunja is an open-source self-hosted task management
platform. Prior ...)
- TODO: check
+ NOT-FOR-US: Vikunja
CVE-2026-27613 (TinyWeb is a web server (HTTP, HTTPS) written in Delphi for
Win32. A v ...)
- TODO: check
+ NOT-FOR-US: TinyWeb
CVE-2026-27578 (n8n is an open source workflow automation platform. Prior to
versions ...)
- TODO: check
+ NOT-FOR-US: n8n
CVE-2026-27577 (n8n is an open source workflow automation platform. Prior to
versions ...)
- TODO: check
+ NOT-FOR-US: n8n
CVE-2026-27575 (Vikunja is an open-source self-hosted task management
platform. Prior ...)
- TODO: check
+ NOT-FOR-US: Vikunja
CVE-2026-27498 (n8n is an open source workflow automation platform. Prior to
versions ...)
- TODO: check
+ NOT-FOR-US: n8n
CVE-2026-27497 (n8n is an open source workflow automation platform. Prior to
versions ...)
- TODO: check
+ NOT-FOR-US: n8n
CVE-2026-27495 (n8n is an open source workflow automation platform. Prior to
versions ...)
- TODO: check
+ NOT-FOR-US: n8n
CVE-2026-27494 (n8n is an open source workflow automation platform. Prior to
versions ...)
- TODO: check
+ NOT-FOR-US: n8n
CVE-2026-27493 (n8n is an open source workflow automation platform. Prior to
versions ...)
- TODO: check
+ NOT-FOR-US: n8n
CVE-2026-27465 (Fleet is open source device management software. In versions
prior to ...)
- TODO: check
+ NOT-FOR-US: Fleet
CVE-2026-27148 (Storybook is a frontend workshop for building user interface
component ...)
- TODO: check
+ NOT-FOR-US: Storybook
CVE-2026-27116 (Vikunja is an open-source self-hosted task management
platform. Prior ...)
- TODO: check
+ NOT-FOR-US: Vikunja
CVE-2026-26985 (LORIS (Longitudinal Online Research and Imaging System) is a
self-host ...)
TODO: check
CVE-2026-26984 (LORIS (Longitudinal Online Research and Imaging System) is a
self-host ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/709227077cf1a6fdd5d50c9e0c0f7b309c22b60b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/709227077cf1a6fdd5d50c9e0c0f7b309c22b60b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
