Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2f135dc2 by security tracker role at 2026-02-24T20:14:29+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,19 +1,19 @@
CVE-2026-3131 (Improper access control in multiple DVLS REST API endpoints in
Devolu ...)
- TODO: check
+ NOT-FOR-US: Devolutions
CVE-2026-3105 (SummaryThis advisory addresses a SQL injection vulnerability in
the AP ...)
TODO: check
CVE-2026-3102 (A vulnerability was determined in exiftool up to 13.49 on
macOS. This ...)
TODO: check
CVE-2026-3101 (A vulnerability was found in Intelbras TIP 635G 1.12.3.5. This
vulnera ...)
- TODO: check
+ NOT-FOR-US: Intelbras
CVE-2026-2664 (An out of bounds read vulnerability in the grpcfuse kernel
module pres ...)
- TODO: check
+ NOT-FOR-US: Docker products not packaged in Debian
CVE-2026-2634 (Malicious scripts could cause desynchronization between the
address ba ...)
TODO: check
CVE-2026-2460 (A vulnerability exists in REB500 for an authenticated user with
low-le ...)
- TODO: check
+ NOT-FOR-US: Hitachi Energy
CVE-2026-2459 (A vulnerability exists in REB500 for an authenticated user with
Instal ...)
- TODO: check
+ NOT-FOR-US: Hitachi Energy
CVE-2026-27732 (WWBN AVideo is an open source video platform. Prior to version
22.0, t ...)
TODO: check
CVE-2026-27590 (Caddy is an extensible server platform that uses TLS by
default. Prior ...)
@@ -71,47 +71,47 @@ CVE-2026-26340 (Tattile Smart+, Vega, and Basic device
families firmware version
CVE-2026-26222 (Altec DocLink (now maintained by Beyond Limits Inc.) version
4.0.336.0 ...)
TODO: check
CVE-2026-25603 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: Linksys
CVE-2026-24241 (NVIDIA Delegated Licensing Service for all appliance platforms
contain ...)
TODO: check
CVE-2026-23984 (An Improper Input Validation vulnerability exists in Apache
Superset t ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-23983 (A Sensitive Data Exposure vulnerability exists in Apache
Superset allo ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-23982 (An Improper Authorization vulnerability exists in Apache
Superset that ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-23980 (Improper Neutralization of Special Elements used in a SQL
Command ('SQ ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-23969 (Apache Superset utilizes a configurable dictionary,
DISALLOWED_SQL_FUN ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-23859 (Dell Wyse Management Suite, versions prior to WMS 5.5, contain
a Clien ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2026-23858 (Dell Wyse Management Suite, versions prior to WMS 5.5, contain
an Impr ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2026-23678 (Binardat 10G08-0800GSM network switch firmware
versionV300SP10260209 a ...)
TODO: check
CVE-2026-22766 (Dell Wyse Management Suite, versions prior to WMS 5.5, contain
an Unre ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2026-22765 (Dell Wyse Management Suite, versions prior to WMS 5.5, contain
a Missi ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2026-1773 (IEC 60870-5-104: Potential Denial of Service impact on
reception of in ...)
- TODO: check
+ NOT-FOR-US: Hitachi Energy
CVE-2026-1772 (RTU500 web interface: An unprivileged user can read user
management in ...)
- TODO: check
+ NOT-FOR-US: Hitachi Energy
CVE-2026-1768 (A permission cache poisoning vulnerability in Devolutions
Server allow ...)
- TODO: check
+ NOT-FOR-US: Devolutions
CVE-2026-0402 (A post-authentication Out-of-bounds Read vulnerability in
SonicOS allo ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2026-0401 (A post-authentication NULL Pointer Dereference vulnerability in
SonicO ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2026-0400 (A post-authentication Format String vulnerability in SonicOS
allows a ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2026-0399 (Multiple post-authentication stack-based buffer overflow
vulnerabiliti ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2025-69985 (FUXA 1.2.8 and prior contains an Authentication Bypass
vulnerability l ...)
TODO: check
CVE-2025-67445 (TOTOLINK X5000R V9.1.0cu.2415_B20250515 contains a
denial-of-service v ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-63409 (Privilege escalation and improper access control in GCOM EPON
1GE C00R ...)
TODO: check
CVE-2025-62512 (Piwigo is an open source photo gallery application for the
web. In ver ...)
@@ -145,7 +145,7 @@ CVE-2024-56373 (DAG Author (who already has quite a lot of
permissions) could ma
CVE-2024-48928 (Piwigo is an open source photo gallery application for the
web. In ver ...)
TODO: check
CVE-2024-1524 (When the "Silent Just-In-Time Provisioning" feature is enabled
for a f ...)
- TODO: check
+ NOT-FOR-US: WSO2
CVE-2026-2793 (Memory safety bugs present in Firefox ESR 115.32, Firefox ESR
140.7, T ...)
- firefox <unfixed>
- firefox-esr <unfixed>
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2f135dc2f546283e52a8648426dc4b5c27989e25
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2f135dc2f546283e52a8648426dc4b5c27989e25
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
