Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f3570786 by security tracker role at 2026-02-17T20:17:20+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
CVE-2026-2630 (A Command Injection vulnerability exists where an
authenticated, remot ...)
- TODO: check
+ NOT-FOR-US: Tenable
CVE-2026-2620 (A weakness has been identified in Huace Monitoring and Early
Warning S ...)
TODO: check
CVE-2026-2618 (A vulnerability was determined in Beetel 777VR1 up to 01.00.09.
This i ...)
@@ -9,39 +9,39 @@ CVE-2026-2617 (A vulnerability was found in Beetel 777VR1 up
to 01.00.09. This a
CVE-2026-2616 (A vulnerability has been found in Beetel 777VR1 up to 01.00.09.
The im ...)
TODO: check
CVE-2026-2615 (A flaw has been found in Wavlink WL-NU516U1 up to 20251208. The
affect ...)
- TODO: check
+ NOT-FOR-US: Wavlink
CVE-2026-2608 (The Kadence Blocks \u2014 Page Builder Toolkit for Gutenberg
Editor pl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-2247 (SQL injection vulnerability (SQLi) in Clicldeu SaaS,
specifically in t ...)
TODO: check
CVE-2026-26736 (TOTOLINK A3002RU_V3 V3.0.0-B20220304.1804 was discovered to
contain a ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2026-26732 (TOTOLINK A3002RU V2.1.1-B20211108.1455 was discovered to
contain a sta ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2026-26731 (TOTOLINK A3002RU V2.1.1-B20211108.1455 was discovered to
contain a sta ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2026-25903 (Apache NiFi 1.1.0 through 2.7.2 are missing authorization when
updatin ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-24734 (Improper Input Validation vulnerability in Apache Tomcat
Native, Apach ...)
TODO: check
CVE-2026-24733 (Improper Input Validation vulnerability in Apache Tomcat.
Tomcat did ...)
TODO: check
CVE-2026-23861 (Dell Unisphere for PowerMax vApp, version(s) 9.2.4.x,
contain(s) an Im ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2026-23648 (Glory RBG-100 recycler systems using the ISPK-08 software
component co ...)
TODO: check
CVE-2026-23647 (Glory RBG-100 recycler systems using the ISPK-08 software
component co ...)
TODO: check
CVE-2026-22769 (Dell RecoverPoint for Virtual Machines, versions prior to
6.0.3.1 HF1, ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2026-22208 (OpenS100 (the reference implementation S-100 viewer) prior to
commit 7 ...)
TODO: check
CVE-2026-1452
REJECTED
CVE-2026-1216 (The RSS Aggregator plugin for WordPress is vulnerable to
Reflected Cro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-0102 (Under specific conditions, a malicious webpage may trigger
autofill po ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-8303 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
TODO: check
CVE-2025-7706 (Missing Authentication for Critical Function vulnerability in
TUBITAK ...)
@@ -67,53 +67,53 @@ CVE-2025-65753 (An issue in the TLS certification mechanism
of Guardian Gryphon
CVE-2025-59793 (Rocket TRUfusion Enterprise through 7.10.5 exposes the
endpoint at /ax ...)
TODO: check
CVE-2025-36598 (Dell Avamar, versions prior to 19.12 with patch 338905,
contains an Im ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2025-36597 (Dell Avamar, versions prior to 19.12 with patch 338905,
contains an Im ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2025-36425 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect
Server) 11.5 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-36247 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect
Server) 11.5 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-36243 (IBM Concert 1.0.0 through 2.1.0 is vulnerable to server-side
request f ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-36019 (IBM Concert 1.0.0 through 2.1.0 for Z hub framework is
vulnerable to c ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-36018 (IBM Concert 1.0.0 through 2.1.0 for Z hub componentis
vulnerable to cr ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-33130 (IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0
could allow ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-33124 (IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0
could allow ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-33101 (IBM Concert 1.0.0 through 2.1.0 could allow an attacker to
obtain sens ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-33089 (IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker
to obtai ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-32355 (Rocket TRUfusion Enterprise through 7.10.4.0 uses a reverse
proxy to h ...)
TODO: check
CVE-2025-27904 (IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2
Recovery E ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-27903 (IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2
Recovery E ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-27901 (IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2
Recovery E ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-14689 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect
Server) 12.1 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-13867 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect
Server) 11.5 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-13108 (IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0
could allow ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-12755 (IBM MQ Operator (SC2 v3.2.0\u20133.8.1, LTS
v2.0.0\u20132.0.29) and IB ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-55271 (A Cross-Site Request Forgery (CSRF) vulnerability has been
identified ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2024-55270 (phpgurukul Student Management System 1.0 is vulnerable to SQL
Injectio ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2024-43178 (IBM Concert 1.0.0 through 2.1.0 uses weaker than expected
cryptographi ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-31118 (Missing Authorization vulnerability in Smartypants SP Project
& Docume ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2023-38265 (IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and
2.3.5.0 c ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-25087 (Use After Free vulnerability in Apache Arrow C++. This issue
affects ...)
- apache-arrow 23.0.1-1
NOTE: https://github.com/apache/arrow/pull/48925
@@ -332034,7 +332034,7 @@ CVE-2022-41656
CVE-2022-41655 (Auth. (subscriber+) Sensitive Data Exposure vulnerability in
Phone Ord ...)
NOT-FOR-US: WordPress plugin
CVE-2022-41650 (Missing Authorization vulnerability in Paul Custom Content by
Country ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2022-41647
RESERVED
CVE-2022-41643 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Acce ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f3570786ae4f35856efc0cd9d2f6e31f7cb855d5
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f3570786ae4f35856efc0cd9d2f6e31f7cb855d5
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
