[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) Tue, 24 Feb 2026 00:13:32 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
50f5c988 by security tracker role at 2026-02-24T08:13:16+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,13 +1,13 @@
 CVE-2026-3091 (An uncontrolled search path element vulnerability in Synology 
Presto C ...)
-       TODO: check
+       NOT-FOR-US: Synology
 CVE-2026-3075 (Exposure of Sensitive System Information to an Unauthorized 
Control Sp ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-3070 (A vulnerability was detected in SourceCodester Modern Image 
Gallery Ap ...)
-       TODO: check
+       NOT-FOR-US: SourceCodester
 CVE-2026-3069 (A security vulnerability has been detected in itsourcecode 
Document Ma ...)
-       TODO: check
+       NOT-FOR-US: itsourcecode System
 CVE-2026-3068 (A weakness has been identified in itsourcecode Document 
Management Sys ...)
-       TODO: check
+       NOT-FOR-US: itsourcecode System
 CVE-2026-3067 (A vulnerability has been found in HummerRisk up to 1.5.0. This 
issue a ...)
        TODO: check
 CVE-2026-3066 (A flaw has been found in HummerRisk up to 1.5.0. This 
vulnerability af ...)
@@ -31,13 +31,13 @@ CVE-2026-3050 (A flaw has been found in horilla-opensource 
horilla up to 1.0.2.
 CVE-2026-3049 (A vulnerability was detected in horilla-opensource horilla up 
to 1.0.2 ...)
        TODO: check
 CVE-2026-3046 (A security vulnerability has been detected in itsourcecode 
E-Logbook w ...)
-       TODO: check
+       NOT-FOR-US: itsourcecode System
 CVE-2026-3044 (A vulnerability has been found in Tenda AC8 16.03.34.06. This 
affects  ...)
-       TODO: check
+       NOT-FOR-US: Tenda
 CVE-2026-3043 (A flaw has been found in itsourcecode Event Management System 
1.0. The ...)
-       TODO: check
+       NOT-FOR-US: itsourcecode System
 CVE-2026-3042 (A vulnerability was detected in itsourcecode Event Management 
System 1 ...)
-       TODO: check
+       NOT-FOR-US: itsourcecode System
 CVE-2026-3041 (A security vulnerability has been detected in xingfuggz 
BaykeShop up t ...)
        TODO: check
 CVE-2026-3040 (A vulnerability was identified in DrayTek Vigor 300B up to 
1.5.1.6. Th ...)
@@ -163,7 +163,7 @@ CVE-2026-24484 (ImageMagick is free and open-source 
software used for editing an
 CVE-2026-24481 (ImageMagick is free and open-source software used for editing 
and mani ...)
        TODO: check
 CVE-2026-24314 (Under certain conditions SAP S/4HANA (Manage Payment Media) 
allows an  ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2026-23694 (Aruba HiSpeed Cache (aruba-hispeed-cache) WordPress plugin 
versions pr ...)
        TODO: check
 CVE-2026-23693 (ElementsKit Lite (elementskit-lite) WordPress plugin versions 
prior to ...)
@@ -177,17 +177,17 @@ CVE-2026-21863 (Valkey is a distributed key-value 
database. Prior to versions 9.
 CVE-2026-21665 (The Print Service component of Fiserv Originate Loans 
Peripherals (for ...)
        TODO: check
 CVE-2026-1459 (A post-authentication command injection vulnerability in the 
TR-369 ce ...)
-       TODO: check
+       NOT-FOR-US: Zyxel
 CVE-2026-1229 (The CombinedMult function in the CIRCL ecc/p384 package 
(secp384r1 cur ...)
        TODO: check
 CVE-2025-9120 (Improper Control of Generation of Code ('Code Injection') 
vulnerabilit ...)
-       TODO: check
+       NOT-FOR-US: OpenText
 CVE-2025-71056 (Improper session management in GCOM EPON 1GE ONU version 
C00R371V00B01 ...)
        TODO: check
 CVE-2025-70328 (TOTOLINK X6000R v9.4.0cu.1498_B20250826 contains an OS command 
injecti ...)
-       TODO: check
+       NOT-FOR-US: TOTOLINK
 CVE-2025-70327 (TOTOLINK X5000R v9.1.0cu_2415_B20250515 contains an argument 
injection ...)
-       TODO: check
+       NOT-FOR-US: TOTOLINK
 CVE-2025-69253 (free5GC is an open-source project for 5th generation (5G) 
mobile core  ...)
        TODO: check
 CVE-2025-69252 (free5gc UDM provides Unified Data Management (UDM) for 
free5GC, an ope ...)
@@ -209,29 +209,29 @@ CVE-2025-68930 (Versions of the Traccar open-source GPS 
tracking system up to an
 CVE-2025-67733 (Valkey is a distributed key-value database. Prior to versions 
9.0.2, 8 ...)
        TODO: check
 CVE-2025-40541 (An Insecure Direct Object Reference (IDOR) vulnerability 
exists in Ser ...)
-       TODO: check
+       NOT-FOR-US: SolarWinds
 CVE-2025-40540 (A type confusion vulnerability exists in Serv-U which when 
exploited,  ...)
-       TODO: check
+       NOT-FOR-US: SolarWinds
 CVE-2025-40539 (A type confusion vulnerability exists in Serv-U which when 
exploited,  ...)
-       TODO: check
+       NOT-FOR-US: SolarWinds
 CVE-2025-40538 (A broken access control vulnerability exists in Serv-U which 
when expl ...)
-       TODO: check
+       NOT-FOR-US: SolarWinds
 CVE-2025-15589 (A vulnerability was determined in MuYuCMS 2.7. Affected is the 
functio ...)
        TODO: check
 CVE-2025-15386 (The Responsive Lightbox & Gallery WordPress plugin before 
2.6.1 is vul ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-13943 (A post-authentication command injection vulnerability in the 
log file  ...)
-       TODO: check
+       NOT-FOR-US: Zyxel
 CVE-2025-13942 (A command injection vulnerability in the UPnP function of the 
Zyxel EX ...)
-       TODO: check
+       NOT-FOR-US: Zyxel
 CVE-2025-11848 (A null pointer dereference vulnerability in the Wake-on-LAN 
CGI progra ...)
-       TODO: check
+       NOT-FOR-US: Zyxel
 CVE-2025-11847 (A null pointer dereference vulnerability in the IP settings 
CGI progra ...)
-       TODO: check
+       NOT-FOR-US: Zyxel
 CVE-2025-11846 (A null pointer dereference vulnerability in the account 
settings CGI p ...)
-       TODO: check
+       NOT-FOR-US: Zyxel
 CVE-2025-11845 (A null pointer dereference vulnerability in the certificate 
downloader ...)
-       TODO: check
+       NOT-FOR-US: Zyxel
 CVE-2026-3063 (Inappropriate implementation in DevTools in Google Chrome prior 
to 145 ...)
        - chromium <unfixed>
        [bullseye] - chromium <end-of-life> (see #1061268)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/50f5c988680a577845f24ed0264cb8d54d1bf8a4

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/50f5c988680a577845f24ed0264cb8d54d1bf8a4
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Reply via email to