Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3c12b367 by security tracker role at 2026-02-10T08:14:06+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
CVE-2026-2260 (A vulnerability was found in D-Link DCS-931L up to 1.13.0. This
affect ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2026-2259 (A vulnerability has been found in aardappel lobster up to
2025.4. Affe ...)
TODO: check
CVE-2026-2258 (A flaw has been found in aardappel lobster up to 2025.4.
Affected by t ...)
@@ -115,91 +115,91 @@ CVE-2026-25639 (Axios is a promise based HTTP client for
the browser and Node.js
CVE-2026-25528 (LangSmith Client SDKs provide SDK's for interacting with the
LangSmith ...)
TODO: check
CVE-2026-24328 (SAP TAF_APPLAUNCHER within Business Server Pages allows
unauthenticate ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2026-24327 (Due to missing authorization check in SAP Strategic Enterprise
Managem ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2026-24326 (Due to a missing authorization check in the Disconnected
Operations of ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2026-24325 (SAP BusinessObjects Enterprise does not sufficiently encode
user-contr ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2026-24324 (SAP BusinessObjects Business Intelligence Platform
(AdminTools) allows ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2026-24323 (The BSP applications allow an unauthenticated user to inject
malicious ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2026-24322 (SAP Solution Tools Plug-In (ST-PI) contains a function module
that doe ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2026-24321 (SAP Commerce Cloud exposes multiple API endpoints to
unauthenticated u ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2026-24320 (Due to improper memory management in SAP NetWeaver and ABAP
Platform ( ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2026-24319 (In SAP Business One, sensitive information is written to the
applicati ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2026-24312 (An erroneous authorization check in SAP Business Workflow
leads to pri ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2026-23689 (Due to an uncontrolled resource consumption (Denial of
Service) vulner ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2026-23688 (SAP Fiori App Manage Service Entry Sheets does not perform
necessary a ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2026-23687 (SAP NetWeaver Application Server ABAP and ABAP Platform allows
an auth ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2026-23686 (Due to a CRLF Injection vulnerability in SAP NetWeaver
Application Ser ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2026-23685 (Due to a Deserialization vulnerability in SAP NetWeaver (JMS
service), ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2026-23684 (A race condition vulnerability exists in the SAP Commerce
cloud. Becau ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2026-23681 (Due to missing authorization check in a function module in SAP
Support ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2026-1722 (The WCFM Marketplace \u2013 Multivendor Marketplace for
WooCommerce pl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-0996 (The Fluent Forms plugin for WordPress is vulnerable to Stored
Cross-Si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-0845 (The WCFM \u2013 Frontend Manager for WooCommerce along with
Bookings S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-0509 (SAP NetWeaver Application Server ABAP and ABAP Platform allows
an auth ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2026-0508 (The SAP BusinessObjects Business Intelligence Platform allows
an authe ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2026-0505 (The BSP applications allow an unauthenticated user to
manipulate user- ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2026-0490 (SAP BusinessObjects BI Platform allows an unauthenticated
attacker to ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2026-0488 (An authenticated attacker in SAP CRM and SAP S/4HANA (Scripting
Editor ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2026-0486 (In ABAP based SAP systems a remote enabled function module does
not pe ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2026-0485 (SAP BusinessObjects BI Platform allows an unauthenticated
attacker to ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2026-0484 (Due to missing authorization check in SAP NetWeaver Application
Server ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-15319 (Tanium addressed a local privilege escalation vulnerability in
Patch E ...)
- TODO: check
+ NOT-FOR-US: Tanium
CVE-2025-15318 (Tanium addressed an arbitrary file deletion vulnerability in
End-User ...)
- TODO: check
+ NOT-FOR-US: Tanium
CVE-2025-15317 (Tanium addressed an uncontrolled resource consumption
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Tanium
CVE-2025-15316 (Tanium addressed a local privilege escalation vulnerability in
Tanium ...)
- TODO: check
+ NOT-FOR-US: Tanium
CVE-2025-15315 (Tanium addressed a local privilege escalation vulnerability in
Tanium ...)
- TODO: check
+ NOT-FOR-US: Tanium
CVE-2025-15314 (Tanium addressed an arbitrary file deletion vulnerability in
end-user- ...)
- TODO: check
+ NOT-FOR-US: Tanium
CVE-2025-15313 (Tanium addressed an arbitrary file deletion vulnerability in
Tanium EU ...)
- TODO: check
+ NOT-FOR-US: Tanium
CVE-2025-15310 (Tanium addressed a local privilege escalation vulnerability in
Patch E ...)
- TODO: check
+ NOT-FOR-US: Tanium
CVE-2025-15147 (The WCFM Membership \u2013 WooCommerce Memberships for
Multivendor Mar ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13064 (A server-side injection was possible for a malicious admin to
manipula ...)
- TODO: check
+ NOT-FOR-US: Axis Communication
CVE-2025-12757 (An AXIS Camera Station Pro feature can be exploited in a way
that allo ...)
- TODO: check
+ NOT-FOR-US: Axis Communication
CVE-2025-12063 (An insecure direct object reference allowed a non-admin user
to modify ...)
- TODO: check
+ NOT-FOR-US: Axis Communication
CVE-2025-11547 (AXIS Camera Station Pro contained a flaw toperform a privilege
escalat ...)
- TODO: check
+ NOT-FOR-US: Axis Communication
CVE-2025-11142 (The VAPIX API mediaclip.cgi that did not have a sufficient
input valid ...)
- TODO: check
+ NOT-FOR-US: Axis Communication
CVE-2026-2239 [PSD loader: heap-buffer-overflow in fread_pascal_string() (no
null terminator)]
- gimp <unfixed>
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/15812
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3c12b367cd3c54fc8056a44d909f7a2d1273cf7b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3c12b367cd3c54fc8056a44d909f7a2d1273cf7b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
