Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9954999c by security tracker role at 2026-01-13T20:13:56+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -11,39 +11,39 @@ CVE-2026-22791 (openCryptoki is a PKCS#11 library and tools
for Linux and AIX. I
CVE-2026-22755 (Improper Neutralization of Special Elements used in a Command
('Comman ...)
TODO: check
CVE-2026-21306 (Substance3D - Sampler versions 5.1.0 and earlier are affected
by an ou ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21305 (Substance3D - Painter versions 11.0.3 and earlier are affected
by an o ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21304 (InDesign Desktop versions 21.0, 19.5.5 and earlier are
affected by a H ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21288 (Illustrator versions 29.8.3, 30.0 and earlier are affected by
a NULL P ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21287 (Substance3D - Stager versions 3.1.5 and earlier are affected
by a Use ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21283 (Bridge versions 15.1.2, 16.0 and earlier are affected by a
Heap-based ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21281 (InCopy versions 21.0, 19.5.5 and earlier are affected by a
Heap-based ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21280 (Illustrator versions 29.8.3, 30.0 and earlier are affected by
an Untru ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21278 (InDesign Desktop versions 21.0, 19.5.5 and earlier are
affected by an ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21277 (InDesign Desktop versions 21.0, 19.5.5 and earlier are
affected by a H ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21276 (InDesign Desktop versions 21.0, 19.5.5 and earlier are
affected by an ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21275 (InDesign Desktop versions 21.0, 19.5.5 and earlier are
affected by an ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21274 (Dreamweaver Desktop versions 21.6 and earlier are affected by
an Incor ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21272 (Dreamweaver Desktop versions 21.6 and earlier are affected by
an Impro ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21271 (Dreamweaver Desktop versions 21.6 and earlier are affected by
an Impro ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21268 (Dreamweaver Desktop versions 21.6 and earlier are affected by
an Impro ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21267 (Dreamweaver Desktop versions 21.6 and earlier are affected by
an Impro ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21265 (Windows Secure Boot stores Microsoft certificates in the UEFI
KEK and ...)
TODO: check
CVE-2026-21226 (Deserialization of untrusted data in Azure Core shared client
library ...)
@@ -267,47 +267,47 @@ CVE-2026-20804 (Incorrect privilege assignment in Windows
Hello allows an unauth
CVE-2026-20803 (Missing authentication for critical function in SQL Server
allows an a ...)
TODO: check
CVE-2026-0859 (TYPO3's mail\u2011file spool deserialization flaw lets local
users wit ...)
- TODO: check
+ NOT-FOR-US: TYPO3 (core or extensions)
CVE-2026-0684 (The CP Image Store with Slideshow plugin for WordPress is
vulnerable t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-0408 (A path traversal vulnerability in NETGEAR WiFi range extenders
allows ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2026-0407 (An insufficient authentication vulnerability in NETGEAR WiFi
range ex ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2026-0406 (An insufficient input validation vulnerability in the NETGEAR
XR1000v2 ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2026-0405 (An authentication bypass vulnerability in NETGEAR Orbi devices
allows ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2026-0404 (An insufficient input validation vulnerability in NETGEAR Orbi
devices ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2026-0403 (An insufficient input validation vulnerability in NETGEAR Orbi
routers ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2026-0386 (Improper access control in Windows Deployment Services allows
an unaut ...)
TODO: check
CVE-2025-9435 (Zohocorp ManageEngine ADManager Plus versions below7230are
vulnerable ...)
- TODO: check
+ NOT-FOR-US: Zoho
CVE-2025-9427 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
TODO: check
CVE-2025-8090 (Null pointer dereference in the MsgRegisterEvent() system call
could a ...)
- TODO: check
+ NOT-FOR-US: Blackberry
CVE-2025-71027 (Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack
overflow ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-71026 (Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack
overflow ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-71025 (Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack
overflow ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-71024 (Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack
overflow ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-71023 (Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack
overflow ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-70753 (Tenda AX-1806 v1.0.0.1 was discovered to contain a stack
overflow in t ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-69992 (phpgurukul News Portal Project V4.1 has File Upload
Vulnerability via ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-69991 (phpgurukul News Portal Project V4.1 is vulnerable to SQL
Injection in ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-69990 (phpgurukul News Portal Project V4.1 has an Arbitrary File
Deletion Vul ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-68949 (n8n is an open source workflow automation platform. From
1.36.0 to bef ...)
TODO: check
CVE-2025-68931 (Jervis is a library for Job DSL plugin scripts and shared
Jenkins pipe ...)
@@ -329,7 +329,7 @@ CVE-2025-68698 (Jervis is a library for Job DSL plugin
scripts and shared Jenkin
CVE-2025-68271 (OpenC3 COSMOS provides the functionality needed to send
commands to an ...)
TODO: check
CVE-2025-67685 (A Server-Side Request Forgery (SSRF) vulnerability [CWE-918]
vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-66698 (An issue in Semantic machines v5.4.8 allows attackers to
bypass authen ...)
TODO: check
CVE-2025-65784 (Insecure permissions in Hubert Imoveis e Administracao Ltda
Hub v2.0 1 ...)
@@ -337,69 +337,69 @@ CVE-2025-65784 (Insecure permissions in Hubert Imoveis e
Administracao Ltda Hub
CVE-2025-65783 (An arbitrary file upload vulnerability in the
/utils/uploadFile compon ...)
TODO: check
CVE-2025-64155 (An improper neutralization of special elements used in an os
command ( ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-62182 (Pega Customer Service Framework versions 8.7.0 through 25.1.0
are affe ...)
TODO: check
CVE-2025-59922 (An improper neutralization of special elements used in an SQL
command ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-59022 (Backend users who had access to the recycler module could
delete arbit ...)
- TODO: check
+ NOT-FOR-US: TYPO3 (core or extensions)
CVE-2025-59021 (Backend users with access to the redirects module and write
permission ...)
- TODO: check
+ NOT-FOR-US: TYPO3 (core or extensions)
CVE-2025-59020 (By exploiting the defVals parameter, attackers could bypass
field\u201 ...)
- TODO: check
+ NOT-FOR-US: TYPO3 (core or extensions)
CVE-2025-58693 (An improper limitation of a pathname to a restricted directory
('path ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-58411 (Software installed and run as a non-privileged user may
conduct improp ...)
- TODO: check
+ NOT-FOR-US: Imagination Technologies
CVE-2025-58409 (Software installed and run as a non-privileged user may
conduct improp ...)
- TODO: check
+ NOT-FOR-US: Imagination Technologies
CVE-2025-55462 (A CORS misconfiguration in Eramba Community and Enterprise
Editions v3 ...)
TODO: check
CVE-2025-47855 (An exposure of sensitive information to an unauthorized actor
[CWE-200 ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-46685 (Dell SupportAssist OS Recovery, versions prior to 5.5.15.1,
contain a ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2025-46684 (Dell SupportAssist OS Recovery, versions prior to 5.5.15.1,
contain a ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2025-40944 (A vulnerability has been identified in SIMATIC ET 200AL IM
157-1 PN (6 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-40942 (A vulnerability has been identified in TeleControl Server
Basic (All v ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-40805 (Affected devices do not properly enforce user authentication
on specif ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-37169 (A stack overflow vulnerability exists in the AOS-10 web-based
manageme ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2025-37168 (Arbitrary file deletion vulnerability have been identified in
a system ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2025-37166 (A vulnerability affecting HPE Networking Instant On Access
Points has ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2025-37165 (A vulnerability in the router mode configuration of HPE
Instant On Acc ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2025-36640 (A vulnerability has been identified in the
installation/uninstallation ...)
TODO: check
CVE-2025-25652 (In Eptura Archibus 2024.03.01.109, the "Run script" and
"Server File" ...)
TODO: check
CVE-2025-25249 (A heap-based buffer overflow vulnerability in Fortinet FortiOS
7.6.0 t ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-25176 (Intermediate register values of secure workloads can be
exfiltrated in ...)
- TODO: check
+ NOT-FOR-US: Imagination Technologies
CVE-2025-14507 (The EventPrime - Events Calendar, Bookings and Tickets plugin
for Word ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14001 (The WP Duplicate Page plugin for WordPress is vulnerable to
unauthoriz ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13774 (A vulnerability exists in Progress Flowmon ADS versions prior
to 12.5. ...)
- TODO: check
+ NOT-FOR-US: Progress Software
CVE-2025-13447 (OS Command Injection Remote Code Execution Vulnerability in
API in Pro ...)
- TODO: check
+ NOT-FOR-US: Progress Software
CVE-2025-13444 (OS Command Injection Remote Code Execution Vulnerability in
API in Pro ...)
- TODO: check
+ NOT-FOR-US: Progress Software
CVE-2025-11669 (ZohocorpManageEngine PAM360 versions before 8202; Password
Manager Pro ...)
- TODO: check
+ NOT-FOR-US: Zoho
CVE-2025-11250 (Zohocorp ManageEngine ADSelfService Plus versions before 6519
are vuln ...)
- TODO: check
+ NOT-FOR-US: Zoho
CVE-2025-10865 (Software installed and run as a non-privileged user may
conduct improp ...)
- TODO: check
+ NOT-FOR-US: Imagination Technologies
CVE-2024-54855 (fabricators Ltd Vanilla OS 2 Core image v1.1.0 was discovered
to conta ...)
TODO: check
CVE-2025-71101 (In the Linux kernel, the following vulnerability has been
resolved: p ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9954999c98c5248a50d4875d723d8b1c3459908a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9954999c98c5248a50d4875d723d8b1c3459908a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
