[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
710c3fc7 by security tracker role at 2026-01-30T08:14:02+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -47,25 +47,25 @@ CVE-2026-24729 (An unrestricted upload of file with 
dangerous type vulnerability
 CVE-2026-24728 (A missing authentication for critical function vulnerability 
in the /s ...)
        TODO: check
 CVE-2026-24714 (Some end of service NETGEAR products provide "TelnetEnable" 
functional ...)
-       TODO: check
+       NOT-FOR-US: Netgear
 CVE-2026-1680 (Improper access control in the WCF endpoint in Edgemo (now 
owned by Da ...)
        TODO: check
 CVE-2026-1665 (A command injection vulnerability exists in nvm (Node Version 
Manager) ...)
        TODO: check
 CVE-2026-1638 (A security flaw has been discovered in Tenda AC21 
1.1.1.1/1.dmzip/16.0 ...)
-       TODO: check
+       NOT-FOR-US: Tenda
 CVE-2026-1637 (A vulnerability was identified in Tenda AC21 16.03.08.16. The 
affected ...)
-       TODO: check
+       NOT-FOR-US: Tenda
 CVE-2026-1625 (A vulnerability was detected in D-Link DWR-M961 1.1.47. The 
impacted e ...)
-       TODO: check
+       NOT-FOR-US: D-Link
 CVE-2026-1624 (A security vulnerability has been detected in D-Link DWR-M961 
1.1.47.  ...)
-       TODO: check
+       NOT-FOR-US: D-Link
 CVE-2026-1623 (A weakness has been identified in Totolink A7000R 4.1cu.4154. 
Impacted ...)
-       TODO: check
+       NOT-FOR-US: TOTOLINK
 CVE-2026-1340 (A code injection in Ivanti Endpoint Manager Mobile allowing 
attackers  ...)
-       TODO: check
+       NOT-FOR-US: Ivanti
 CVE-2026-1281 (A code injection in Ivanti Endpoint Manager Mobile allowing 
attackers  ...)
-       TODO: check
+       NOT-FOR-US: Ivanti
 CVE-2026-0963 (An input neutralization vulnerability in the File Operations 
API Endpo ...)
        TODO: check
 CVE-2026-0805 (An input neutralization vulnerability in the Backup 
Configuration comp ...)
@@ -75,7 +75,7 @@ CVE-2025-15322 (Tanium addressed an improper access controls 
vulnerability in Ta
 CVE-2025-15288 (Tanium addressed an improper access controls vulnerability in 
Interact ...)
        TODO: check
 CVE-2025-12899 (A flaw in Zephyr\u2019s network stack allows an IPv4 packet 
containing ...)
-       TODO: check
+       NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2026-25210 (In libexpat before 2.7.4, the doContent function does not 
properly det ...)
        - expat <unfixed>
        NOTE: Fixed by: 
https://github.com/libexpat/libexpat/commit/7ddea353ad3795f7222441274d4d9a155b523cba



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/710c3fc71d2787dd1286338e77ed5970283007e6

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/710c3fc71d2787dd1286338e77ed5970283007e6
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits