Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a85703c9 by security tracker role at 2026-02-10T20:13:10+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3,7 +3,7 @@ CVE-2026-2303 (The mongo-go-driver repositorycontains CGo
bindings for GSSAPI (K
CVE-2026-2302 (Under specific conditions when processing a maliciously crafted
value ...)
TODO: check
CVE-2026-2268 (The Ninja Forms plugin for WordPress is vulnerable to Sensitive
Inform ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-26009 (Catalyst is a platform built for enterprise game server hosts,
game co ...)
TODO: check
CVE-2026-26003 (FastGPT is an AI Agent building platform. From 4.14.0 to
4.14.5, attac ...)
@@ -23,9 +23,9 @@ CVE-2026-25805 (Zed is a multiplayer code editor. Prior to
0.219.4, Zed does not
CVE-2026-25728 (ClipBucket v5 is an open source video sharing platform. Prior
to 5.5.3 ...)
TODO: check
CVE-2026-25656 (A vulnerability has been identified in SINEC NMS (All
versions), User ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2026-25655 (A vulnerability has been identified in SINEC NMS (All versions
< V4.0 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2026-25613 (An authorized user may disable the MongoDB server by issuing a
query a ...)
TODO: check
CVE-2026-25612 (The internal locking mechanism of the MongoDB server uses an
internal ...)
@@ -47,25 +47,25 @@ CVE-2026-24343 (Improper Neutralization of Data within
XPath Expressions ('XPath
CVE-2026-24045 (Docmost is open-source collaborative wiki and documentation
software. ...)
TODO: check
CVE-2026-23720 (A vulnerability has been identified in Simcenter Femap (All
versions < ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2026-23719 (A vulnerability has been identified in Simcenter Femap (All
versions < ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2026-23718 (A vulnerability has been identified in Simcenter Femap (All
versions < ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2026-23717 (A vulnerability has been identified in Simcenter Femap (All
versions < ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2026-23716 (A vulnerability has been identified in Simcenter Femap (All
versions < ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2026-23715 (A vulnerability has been identified in Simcenter Femap (All
versions < ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2026-23655 (Cleartext storage of sensitive information in Azure Compute
Gallery al ...)
TODO: check
CVE-2026-22923 (A vulnerability has been identified in NX (All versions <
V2512). The ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2026-22153 (An Authentication Bypass by Primary Weakness vulnerability
[CWE-305] v ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2026-21743 (A missing authorization vulnerability in Fortinet
FortiAuthenticator 6 ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2026-21537 (Improper control of generation of code ('code injection') in
Microsoft ...)
TODO: check
CVE-2026-21533 (Improper privilege management in Windows Remote Desktop allows
an auth ...)
@@ -105,93 +105,93 @@ CVE-2026-21510 (Protection mechanism failure in Windows
Shell allows an unauthor
CVE-2026-21508 (Improper authentication in Windows Storage allows an
authorized attack ...)
TODO: check
CVE-2026-21358 (InDesign Desktop versions 21.1, 20.5.1 and earlier are
affected by a H ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21357 (InDesign Desktop versions 21.1, 20.5.1 and earlier are
affected by a H ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21355 (DNG SDK versions 1.7.1 2410 and earlier are affected by an
out-of-boun ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21354 (DNG SDK versions 1.7.1 2410 and earlier are affected by an
Integer Ove ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21353 (DNG SDK versions 1.7.1 2410 and earlier are affected by an
Integer Ove ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21352 (DNG SDK versions 1.7.1 2410 and earlier are affected by an
out-of-boun ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21351 (After Effects versions 25.6 and earlier are affected by a Use
After Fr ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21350 (After Effects versions 25.6 and earlier are affected by a NULL
Pointer ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21349 (Lightroom Desktop versions 15.1 and earlier are affected by an
out-of- ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21348 (Substance3D - Modeler versions 1.22.5 and earlier are affected
by an o ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21347 (Bridge versions 15.1.3, 16.0.1 and earlier are affected by an
Integer ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21346 (Bridge versions 15.1.3, 16.0.1 and earlier are affected by an
out-of-b ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21345 (Substance3D - Stager versions 3.1.6 and earlier are affected
by an out ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21344 (Substance3D - Stager versions 3.1.6 and earlier are affected
by an out ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21343 (Substance3D - Stager versions 3.1.6 and earlier are affected
by an out ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21342 (Substance3D - Stager versions 3.1.6 and earlier are affected
by an out ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21341 (Substance3D - Stager versions 3.1.6 and earlier are affected
by an out ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21340 (Substance3D - Designer versions 15.1.0 and earlier are
affected by an ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21339 (Substance3D - Designer versions 15.1.0 and earlier are
affected by an ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21338 (Substance3D - Designer versions 15.1.0 and earlier are
affected by a N ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21337 (Substance3D - Designer versions 15.1.0 and earlier are
affected by an ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21336 (Substance3D - Designer versions 15.1.0 and earlier are
affected by a N ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21335 (Substance3D - Designer versions 15.1.0 and earlier are
affected by an ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21334 (Substance3D - Designer versions 15.1.0 and earlier are
affected by an ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21332 (InDesign Desktop versions 21.1, 20.5.1 and earlier are
affected by an ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21330 (After Effects versions 25.6 and earlier are affected by an
Access of R ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21329 (After Effects versions 25.6 and earlier are affected by a Use
After Fr ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21328 (After Effects versions 25.6 and earlier are affected by an
out-of-boun ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21327 (After Effects versions 25.6 and earlier are affected by an
out-of-boun ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21326 (After Effects versions 25.6 and earlier are affected by a Use
After Fr ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21325 (After Effects versions 25.6 and earlier are affected by an
out-of-boun ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21324 (After Effects versions 25.6 and earlier are affected by an
out-of-boun ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21323 (After Effects versions 25.6 and earlier are affected by a Use
After Fr ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21322 (After Effects versions 25.6 and earlier are affected by an
out-of-boun ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21321 (After Effects versions 25.6 and earlier are affected by an
Integer Ove ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21320 (After Effects versions 25.6 and earlier are affected by a Use
After Fr ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21319 (After Effects versions 25.6 and earlier are affected by an
Out-of-boun ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21318 (After Effects versions 25.6 and earlier are affected by an
out-of-boun ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21317 (Audition versions 25.3 and earlier are affected by an
out-of-bounds re ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21316 (Audition versions 25.3 and earlier are affected by an Access
of Memory ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21315 (Audition versions 25.3 and earlier are affected by an
Out-of-bounds Re ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21314 (Audition versions 25.3 and earlier are affected by an
out-of-bounds re ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21313 (Audition versions 25.3 and earlier are affected by an
out-of-bounds re ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21312 (Audition versions 25.3 and earlier are affected by an
out-of-bounds wr ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21261 (Out-of-bounds read in Microsoft Office Excel allows an
unauthorized at ...)
TODO: check
CVE-2026-21260 (Exposure of sensitive information to an unauthorized actor in
Microsof ...)
@@ -261,13 +261,13 @@ CVE-2026-20846 (Buffer over-read in Windows GDI+ allows
an unauthorized attacker
CVE-2026-20841 (Improper neutralization of special elements used in a command
('comman ...)
TODO: check
CVE-2026-1997 (Certain HP OfficeJet Pro printers may expose information if
Cross\u201 ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2026-1996 (Certain HP OfficeJet Pro printers may be vulnerable to
potential denia ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2026-1922 (The The Events Calendar Shortcode & Block plugin for WordPress
is vuln ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1866 (The Name Directory plugin for WordPress is vulnerable to Stored
Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1850 (Complex queries can cause excessive memory usage in MongoDB
Query Plan ...)
TODO: check
CVE-2026-1849 (MongoDB Server may experience an out-of-memory failure while
evaluatin ...)
@@ -279,15 +279,15 @@ CVE-2026-1847 (Inserting certain large documents into a
replica set could lead t
CVE-2026-1774 (CASL Ability, versions 2.4.0 through 6.7.4, contains a
prototype pollu ...)
TODO: check
CVE-2026-1603 (An authentication bypass in Ivanti Endpoint Manager before
version 202 ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2026-1602 (SQL injection in Ivanti Endpoint Manager before version 2024
SU5 allow ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2026-0653 (On TP-Link Tapo C260 v1, aguest\u2011level authenticated user
can bypa ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2026-0652 (On TP-Link Tapo C260 v1, command injection vulnerability exists
due to ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2026-0651 (On TP-Link Tapo C260 v1, path traversal is possible due to
improper ha ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2025-7636 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
TODO: check
CVE-2025-7347 (Authorization Bypass Through User-Controlled Key vulnerability
in Dini ...)
@@ -299,15 +299,15 @@ CVE-2025-6967 (Execution After Redirect (EAR)
vulnerability in Sarman Soft Softw
CVE-2025-6010
REJECTED
CVE-2025-68686 (An Exposure of Sensitive Information to an Unauthorized Actor
vulnerab ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-64157 (A use of externally-controlled format string vulnerability in
Fortinet ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-62676 (An Improper Link Resolution Before File Access ('Link
Following') vuln ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-62439 (An Improper Verification of Source of a Communication Channel
vulnerab ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-55018 (An inconsistent interpretation of http requests ('http request
smuggli ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-54514 (Improper isolation of shared resources on a system on a chip
by a mali ...)
TODO: check
CVE-2025-52536 (Improper Prevention of Lock Bit Modification in SEV firmware
could all ...)
@@ -315,7 +315,7 @@ CVE-2025-52536 (Improper Prevention of Lock Bit
Modification in SEV firmware cou
CVE-2025-52534 (Improper bound check within AMD CPU microcode can allow a
malicious gu ...)
TODO: check
CVE-2025-52436 (An Improper Neutralization of Input During Web Page Generation
('Cross ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-48517 (Insufficient Granularity of Access Control in SEV firmware
could allow ...)
TODO: check
CVE-2025-48515 (Insufficient parameter sanitization in AMD Secure Processor
(ASP) Boot ...)
@@ -325,7 +325,7 @@ CVE-2025-48514 (Insufficient Granularity of Access Control
in SEV firmware can a
CVE-2025-48509 (Missing Checks in certain functions related to RMP
initialization can ...)
TODO: check
CVE-2025-40587 (A vulnerability has been identified in Polarion V2404 (All
versions < ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-36522 (Incorrect default permissions for some Intel(R) Chipset
Software befor ...)
TODO: check
CVE-2025-36511 (Incorrect default permissions for some Intel(R) Memory and
Storage Too ...)
@@ -419,11 +419,11 @@ CVE-2025-15570 (A vulnerability was found in ckolivas
lrzip up to 0.651. This im
CVE-2025-15569 (A flaw has been found in Artifex MuPDF up to 1.26.1 on
Windows. The im ...)
TODO: check
CVE-2025-14895 (The PopupKit plugin for WordPress is vulnerable to
authorization bypas ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11242 (Server-Side Request Forgery (SSRF) vulnerability in Teknolist
Computer ...)
TODO: check
CVE-2025-11004 (The Simplicity Device Manager Tool has a Reflected XSS
(Cross-site-scr ...)
- TODO: check
+ NOT-FOR-US: Silicon Labs
CVE-2025-0031 (A use after free in the SEV firmware could allow a malicous
hypervisor ...)
TODO: check
CVE-2025-0029 (Improper handling of error condition during host-induced faults
can al ...)
@@ -433,7 +433,7 @@ CVE-2025-0012 (Improper handling of overlap between the
segmented reverse map ta
CVE-2024-54192 (An issue inTcpreplay v4.5.1 allows a local attacker to cause a
denial ...)
TODO: check
CVE-2024-52334 (A vulnerability has been identified in syngo.plaza VB30E (All
versions ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-36355 (Improper input validation in the SMM handler could allow an
attacker w ...)
TODO: check
CVE-2024-36311 (A Time-of-check time-of-use (TOCTOU) race condition in the SMM
communi ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a85703c9d68c83c1029a3c6973734529b3a91567
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a85703c9d68c83c1029a3c6973734529b3a91567
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
