Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ca56a3a0 by Salvatore Bonaccorso at 2026-03-03T21:40:52+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,13 +1,13 @@
CVE-2026-3494 (In MariaDB server version through 11.8.5, when server audit
plugin is ...)
NOT-FOR-US: Amazon
CVE-2026-3484 (A vulnerability was detected in PhialsBasement nmap-mcp-server
up to b ...)
- TODO: check
+ NOT-FOR-US: PhialsBasement nmap-mcp-server
CVE-2026-3465 (A vulnerability was determined in Tuya App and SDK 24.07.11 on
Android ...)
- TODO: check
+ NOT-FOR-US: Tuya App and SDK
CVE-2026-3463 (A weakness has been identified in xlnt-community xlnt up to
1.6.1. Imp ...)
- TODO: check
+ NOT-FOR-US: xlnt-community xlnt
CVE-2026-3437 (An Improper Restriction of Operations within the Bounds of a
Memory Bu ...)
- TODO: check
+ NOT-FOR-US: Portwell Engineering Toolkits
CVE-2026-3351 (Improper authorization in the API endpoint GET
/1.0/certificates in Ca ...)
TODO: check
CVE-2026-3344 (A vulnerability in WatchGuard Fireware OS may allow an attacker
to byp ...)
@@ -17,11 +17,11 @@ CVE-2026-3343 (A reflected cross-site scripting (XSS)
vulnerability in the Firew
CVE-2026-3342 (An Out-of-bounds Write vulnerability in WatchGuard Fireware OS
may all ...)
NOT-FOR-US: WatchGuard
CVE-2026-3136 (An improper authorizationvulnerability in GitHub Trigger
Comment Contr ...)
- TODO: check
+ NOT-FOR-US: Google Cloud
CVE-2026-2915 (HP System Event Utility might allow denial of service with
elevated ar ...)
NOT-FOR-US: HP
CVE-2026-2637 (iBoysoft NTFS for Mac contains a local privilege escalation
vulnerabil ...)
- TODO: check
+ NOT-FOR-US: iBoysoft NTFS for Mac
CVE-2026-2606 (IBM webMethods API Gateway (on-prem) 10.11 through
10.11_Fix3210.15 to ...)
NOT-FOR-US: IBM
CVE-2026-2568 (The WP Zendesk for Contact Form 7, WPForms, Elementor,
Formidable and ...)
@@ -29,7 +29,7 @@ CVE-2026-2568 (The WP Zendesk for Contact Form 7, WPForms,
Elementor, Formidable
CVE-2026-29022 (dr_libs version 0.14.4 and earlier (fixed in commit 8a7258c)
contain a ...)
TODO: check
CVE-2026-28518 (OpenViking versions 0.2.1 and prior, fixed in commit46b3e76,
contain a ...)
- TODO: check
+ NOT-FOR-US: OpenViking
CVE-2026-26892 (Sourcecodester Logistic Hub Parcel's Management System v1.0 is
vulnera ...)
NOT-FOR-US: SourceCodester
CVE-2026-26891 (Sourcecodester Logistic Hub Parcel's Management System v1.0 is
vulnera ...)
@@ -55,7 +55,7 @@ CVE-2026-24103 (A buffer overflow vulnerability was
discovered in goform/formSet
CVE-2026-22891 (A heap-based buffer overflow vulnerability exists in the Intan
CLP par ...)
TODO: check
CVE-2026-22886 (OpenMQ exposes a TCP-based management service (imqbrokerd)
that by def ...)
- TODO: check
+ NOT-FOR-US: OpenMQ
CVE-2026-20777 (A heap-based buffer overflow vulnerability exists in the
Nicolet WFT p ...)
TODO: check
CVE-2026-1265 (IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is
vulnera ...)
@@ -63,43 +63,43 @@ CVE-2026-1265 (IBM InfoSphere Information Server 11.7.0.0
through 11.7.1.6 is vu
CVE-2026-0540 (DOMPurify 3.1.3 through 3.3.1 and 2.5.3 through 2.5.8, fixed in
commit ...)
TODO: check
CVE-2025-70821 (renren-secuity before v5.5.0 is vulnerable to SQL Injection in
the Bas ...)
- TODO: check
+ NOT-FOR-US: renren-secuity
CVE-2025-70236 (Stack buffer overflow vulnerability in D-Link DIR-513 v1.10
via the cu ...)
NOT-FOR-US: D-Link
CVE-2025-69765 (Tenda AX3 firmware v16.03.12.11 contains a stack overflow in
formGetIp ...)
NOT-FOR-US: Tenda
CVE-2025-67840 (Multiple authenticated OS command injection vulnerabilities
exist in t ...)
- TODO: check
+ NOT-FOR-US: Cohesity (formerly Stone Ram) TranZman
CVE-2025-66945 (A path traversal vulnerability exists in the ZIP extraction
API of Zdi ...)
- TODO: check
+ NOT-FOR-US: Zdir Pro
CVE-2025-66680 (An issue in the WiseDelfile64.sys component of WiseCleaner
Wise Force ...)
- TODO: check
+ NOT-FOR-US: WiseCleaner Wise Force Deleter
CVE-2025-66363 (An issue was discovered in LBS in Samsung Mobile Processor
Exynos 2200 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-64736 (An out-of-bounds read vulnerability exists in the ABF parsing
function ...)
TODO: check
CVE-2025-63912 (Cohesity TranZman Migration Appliance Release 4.0 Build 14614
was disc ...)
- TODO: check
+ NOT-FOR-US: Cohesity TranZman Migration Appliance
CVE-2025-63911 (Cohesity TranZman Migration Appliance Release 4.0 Build 14614
was disc ...)
- TODO: check
+ NOT-FOR-US: Cohesity TranZman Migration Appliance
CVE-2025-63910 (An authenticated arbitrary file upload vulnerability in
Cohesity TranZ ...)
- TODO: check
+ NOT-FOR-US: Cohesity TranZman Migration Appliance
CVE-2025-63909 (Incorrect access control in the component
/opt/SRLtzm/bin/TapeDumper o ...)
- TODO: check
+ NOT-FOR-US: Cohesity TranZman Migration Appliance
CVE-2025-62817 (An issue was discovered in Samsung Mobile Processor Exynos
1280, 2200, ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-62816 (An issue was discovered in Samsung Mobile Processor Exynos
1280, 2200, ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-62815 (An issue was discovered in Samsung Mobile Processor Exynos
1380, 1480, ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-62814 (An issue was discovered in Samsung Mobile Processor Exynos
1280, 2200, ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-59060 (Hostname verification bypass issue in Apache Ranger
NiFiRegistryClient ...)
NOT-FOR-US: Apache software not packaged in Debian
CVE-2025-59059 (Remote Code Execution Vulnerability in
NashornScriptEngineCreator is r ...)
NOT-FOR-US: Apache software not packaged in Debian
CVE-2025-57622 (An issue in Step-Video-T2V allows a remote attacker to execute
arbitra ...)
- TODO: check
+ NOT-FOR-US: Step-Video-T2V
CVE-2025-52365 (A command injection vulnerability in the szc script of the
ccurtsinger ...)
TODO: check
CVE-2025-36364 (IBM DevOps Plan 3.0.0 through 3.0.5 allows web page cache to
be stored ...)
@@ -148,7 +148,7 @@ CVE-2026-25673 (An issue was discovered in 6.0 before
6.0.3, 5.2 before 5.2.12,
- python-django <not-affected> (Windows-specific)
NOTE:
https://www.djangoproject.com/weblog/2026/mar/03/security-releases/
CVE-2026-3455 (Versions of the package mailparser before 3.9.3 are vulnerable
to Cros ...)
- TODO: check
+ NOT-FOR-US: nodemailer mailparser Node.js module
CVE-2026-3449 (Versions of the package @tootallnate/once before 3.0.1 are
vulnerable ...)
NOT-FOR-US: tootallnate/once
CVE-2026-3338 (Improper signature validation in PKCS7_verify() in AWS-LC
allows an un ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca56a3a01f29706070b4f09bcdea165f7f6601ac
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca56a3a01f29706070b4f09bcdea165f7f6601ac
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
