Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8a32eb80 by security tracker role at 2026-03-10T20:14:20+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
CVE-2026-3862 (Cross-site Scripting (XSS) allows an attacker to submit
specially craf ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2026-3854 (An improper neutralization of special elements vulnerability
was ident ...)
- TODO: check
+ NOT-FOR-US: Github Enterprise Server
CVE-2026-3847 (Memory safety bugs present in Firefox 148.0.2. Some of these
bugs show ...)
TODO: check
CVE-2026-3846 (Same-origin policy bypass in the CSS Parsing and Computation
component ...)
@@ -11,17 +11,17 @@ CVE-2026-3845 (Heap buffer overflow in the Audio/Video:
Playback component in Fi
CVE-2026-3843 (Nefteprodukttekhnika BUK TS-G Gas Station Automation System
2.9.1 on L ...)
TODO: check
CVE-2026-3582 (An Incorrect Authorization vulnerability was identified in
GitHub Ente ...)
- TODO: check
+ NOT-FOR-US: Github Enterprise Server
CVE-2026-3483 (An exposed dangerous method in Ivanti DSM before version
2026.1.1 allo ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2026-3370
REJECTED
CVE-2026-3315 (Incorrect Default Permissions, : Execution with Unnecessary
Privileges ...)
TODO: check
CVE-2026-3306 (An improper authorization vulnerability was identified in
GitHub Enter ...)
- TODO: check
+ NOT-FOR-US: Github Enterprise Server
CVE-2026-3228 (The NextScripts: Social Networks Auto-Poster plugin for
WordPress is v ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-31797 (iccDEV provides a set of libraries and tools for working with
ICC colo ...)
TODO: check
CVE-2026-31796 (iccDEV provides a set of libraries and tools for working with
ICC colo ...)
@@ -83,7 +83,7 @@ CVE-2026-30945 (StudioCMS is a server-side-rendered, Astro
native, headless cont
CVE-2026-30944 (StudioCMS is a server-side-rendered, Astro native, headless
content ma ...)
TODO: check
CVE-2026-30942 (Flare is a Next.js-based, self-hostable file sharing platform
that int ...)
- TODO: check
+ NOT-FOR-US: Next.js
CVE-2026-30941 (Parse Server is an open source backend that can be deployed to
any inf ...)
TODO: check
CVE-2026-30939 (Parse Server is an open source backend that can be deployed to
any inf ...)
@@ -99,21 +99,21 @@ CVE-2026-30930 (Glances is an open-source system
cross-platform monitoring tool.
CVE-2026-30928 (Glances is an open-source system cross-platform monitoring
tool. Prior ...)
TODO: check
CVE-2026-30897 (A stack-based buffer overflow vulnerability in Fortinet
FortiWeb 8.0.0 ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2026-2742 (An authentication bypass vulnerability exists in Vaadin 14.0.0
through ...)
TODO: check
CVE-2026-2741 (Specially crafted ZIP archives can escape the intended
extraction dire ...)
TODO: check
CVE-2026-2724 (The Unlimited Elements for Elementor plugin for WordPress is
vulnerabl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-2713 (IBM Trusteer Rapport installer 3.5.2309.290 IBM Trusteer
Rapport could ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-2339 (Missing Authentication for Critical Function vulnerability in
TUBITAK ...)
TODO: check
CVE-2026-2273 (CWE-94: Improper Control of Generation of Code ('Code
Injection') vuln ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2026-2266 (An improper neutralization of input vulnerability was
identified in Gi ...)
- TODO: check
+ NOT-FOR-US: Github Enterprise Server
CVE-2026-29177 (Craft Commerce is an ecommerce platform for Craft CMS. Prior
to 4.10.2 ...)
TODO: check
CVE-2026-29176 (Craft Commerce is an ecommerce platform for Craft CMS. Prior
to 5.5.3, ...)
@@ -137,37 +137,37 @@ CVE-2026-27826 (MCP Atlassian is a Model Context Protocol
(MCP) server for Atlas
CVE-2026-27825 (MCP Atlassian is a Model Context Protocol (MCP) server for
Atlassian p ...)
TODO: check
CVE-2026-27661 (A vulnerability has been identified in SINEC Security Monitor
(All ver ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2026-27281 (DNG SDK versions 1.7.1 2471 and earlier are affected by an
Integer Ove ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-27280 (DNG SDK versions 1.7.1 2471 and earlier are affected by an
out-of-boun ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-27279 (Substance3D - Stager versions 3.1.7 and earlier are affected
by an out ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-27277 (Substance3D - Stager versions 3.1.7 and earlier are affected
by a Use ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-27276 (Substance3D - Stager versions 3.1.7 and earlier are affected
by a Use ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-27275 (Substance3D - Stager versions 3.1.7 and earlier are affected
by an out ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-27274 (Substance3D - Stager versions 3.1.7 and earlier are affected
by an out ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-27273 (Substance3D - Stager versions 3.1.7 and earlier are affected
by an out ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-27269 (Premiere Pro versions 25.5 and earlier are affected by an
out-of-bound ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-27219 (Substance3D - Painter versions 11.1.2 and earlier are affected
by an O ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-27218 (Substance3D - Painter versions 11.1.2 and earlier are affected
by a NU ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-27217 (Substance3D - Painter versions 11.1.2 and earlier are affected
by a NU ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-27216 (Substance3D - Painter versions 11.1.2 and earlier are affected
by an o ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-27215 (Substance3D - Painter versions 11.1.2 and earlier are affected
by a NU ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-27214 (Substance3D - Painter versions 11.1.2 and earlier are affected
by a NU ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-26801 (Server-Side Request Forgery (SSRF) vulnerability in pdfmake
versions 0 ...)
TODO: check
CVE-2026-26742 (PX4 Autopilot versions 1.12.x through 1.15.x contain a
protection mech ...)
@@ -189,7 +189,7 @@ CVE-2026-26308 (Envoy is a high-performance
edge/middle/service proxy. Prior to
CVE-2026-26148 (External initialization of trusted variables or data stores in
Azure E ...)
TODO: check
CVE-2026-26144 (Improper neutralization of input during web page generation
('cross-si ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-26141 (Improper authentication in Azure Arc allows an authorized
attacker to ...)
TODO: check
CVE-2026-26134 (Integer overflow or wraparound in Microsoft Office allows an
authorize ...)
@@ -237,23 +237,23 @@ CVE-2026-26106 (Improper input validation in Microsoft
Office SharePoint allows
CVE-2026-26105 (Improper neutralization of input during web page generation
('cross-si ...)
TODO: check
CVE-2026-25972 (An improper neutralization of input during web page generation
('cross ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2026-25836 (An improper neutralization of special elements used in an os
command ( ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2026-25689 (An improper neutralization of argument delimiters in a command
('argum ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2026-25605 (A vulnerability has been identified in SICAM SIAPP SDK (All
versions < ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2026-25573 (A vulnerability has been identified in SICAM SIAPP SDK (All
versions < ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2026-25572 (A vulnerability has been identified in SICAM SIAPP SDK (All
versions < ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2026-25571 (A vulnerability has been identified in SICAM SIAPP SDK (All
versions < ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2026-25570 (A vulnerability has been identified in SICAM SIAPP SDK (All
versions < ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2026-25569 (A vulnerability has been identified in SICAM SIAPP SDK (All
versions < ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2026-25190 (Untrusted search path in Windows GDI allows an unauthorized
attacker t ...)
TODO: check
CVE-2026-25189 (Use after free in Windows DWM Core Library allows an
authorized attack ...)
@@ -301,9 +301,9 @@ CVE-2026-25166 (Deserialization of untrusted data in
Windows System Image Manage
CVE-2026-25165 (Null pointer dereference in Windows Performance Counters
allows an aut ...)
TODO: check
CVE-2026-24641 (A NULL Pointer Dereference vulnerability [CWE-476]
vulnerability in Fo ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2026-24640 (A Stack-based Buffer Overflow vulnerability [CWE-121]
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2026-24297 (Concurrent execution using shared resource with improper
synchronizati ...)
TODO: check
CVE-2026-24296 (Concurrent execution using shared resource with improper
synchronizati ...)
@@ -333,9 +333,9 @@ CVE-2026-24283 (Heap-based buffer overflow in Windows File
Server allows an auth
CVE-2026-24282 (Out-of-bounds read in Push Message Routing Service allows an
authorize ...)
TODO: check
CVE-2026-24018 (A UNIX symbolic link (Symlink) following vulnerability in
Fortinet For ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2026-24017 (An Improper Control of Interaction Frequency vulnerability
[CWE-799] v ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2026-23907 (This issue affects the ExtractEmbeddedFiles example inApache
PDFBox: ...)
TODO: check
CVE-2026-23868 (Giflib contains a double-free vulnerability that is the result
of a sh ...)
@@ -369,41 +369,41 @@ CVE-2026-23656 (Insufficient verification of data
authenticity in Windows App In
CVE-2026-23654 (Dependency on vulnerable third-party component in GitHub Repo:
zero-sh ...)
TODO: check
CVE-2026-22629 (An improper restriction of excessive authentication attempts
vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2026-22628 (An improper access control vulnerability in Fortinet
FortiSwitchAXFixe ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2026-22627 (A buffer copy without checking size of input ('classic buffer
overflow ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2026-22614 (The encryption mechanism used in Eaton's EasySoft project file
wasinse ...)
- TODO: check
+ NOT-FOR-US: Eaton
CVE-2026-22572 (An authentication bypass using an alternate path or channel
vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2026-21791 (HCL Sametime for Android is impacted by a sensitive
information disclo ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2026-21365 (Substance3D - Painter versions 11.1.2 and earlier are affected
by an o ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21364 (Substance3D - Painter versions 11.1.2 and earlier are affected
by a NU ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21363 (Substance3D - Painter versions 11.1.2 and earlier are affected
by a NU ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21262 (Improper access control in SQL Server allows an authorized
attacker to ...)
TODO: check
CVE-2026-20967 (Improper input validation in System Center Operations Manager
allows a ...)
TODO: check
CVE-2026-1286 (CWE-502: Deserialization of untrusted data vulnerability exists
that c ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2026-1261 (The MetForm Pro plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-70251 (Stack buffer overflow vulnerability in D-Link DIR-513 v1.10
via the we ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2025-70249 (Stack buffer overflow vulnerability in D-Link DIR-513 v1.10
via the cu ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2025-70247 (Stack buffer overflow vulnerability in D-Link DIR-513 v1.10
via the cu ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2025-70246 (Stack buffer overflow vulnerability in D-Link DIR-513 v1.10
via the cu ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2025-70227 (Stack buffer overflow vulnerability in D-Link DIR-513 v1.10
via the ne ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2025-70129 (If the anti spam-captcha functionality in PluXml versions
5.8.22 and e ...)
TODO: check
CVE-2025-70128 (A Stored Cross-Site Scripting (XSS) vulnerability exists in
the PluXml ...)
@@ -415,33 +415,33 @@ CVE-2025-69615 (Incorrect Access Control via missing 2FA
rate-limiting allowing
CVE-2025-69614 (Incorrect Access Control via activation token reuse on the
password-re ...)
TODO: check
CVE-2025-68648 (A use of externally-controlled format string vulnerability in
Fortinet ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-68482 (A improper certificate validation vulnerability in Fortinet
FortiAnaly ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-66178 (A improper neutralization of special elements used in an os
command (' ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-56422 (A deserialization vulnerability in LimeSurvey before
v6.15.0+250623 al ...)
TODO: check
CVE-2025-56421 (SQL Injection vulnerability in LimeSurvey before
v.6.15.4+250710 allow ...)
TODO: check
CVE-2025-55717 (A cleartext storage of sensitive information vulnerability
[CWE-312] v ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-54820 (A Stack-based Buffer Overflow vulnerability [CWE-121]
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-54659 (An Improper Limitation of a Pathname to a Restricted Directory
('Path ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-53706
REJECTED
CVE-2025-53608 (An Improper Neutralization of Input During Web Page Generation
('Cross ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-49784 (An improper neutralization of special elements used in an sql
command ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-48840 (An authentication bypass by spoofing vulnerability in Fortinet
FortiWe ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-48611 (In DeviceId of DeviceId.java, there is a possible desync in
persistenc ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2025-48418 (A hidden functionality vulnerability in Fortinet FortiAnalyzer
7.6.0 t ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-41712 (An unauthenticated remote attacker who tricks a user to upload
a manip ...)
TODO: check
CVE-2025-41711 (An unauthenticated remote attacker can use firmware images to
extract ...)
@@ -451,21 +451,21 @@ CVE-2025-41710 (An unauthenticated remote attacker may
use hardcodes credentials
CVE-2025-41709 ([PROBLEMTYPE] in [COMPONENT] in [VENDOR] [PRODUCT] [VERSION]
on [PLATF ...)
TODO: check
CVE-2025-40943 (Affected devices do not properly sanitize contents of trace
files. Thi ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-36227 (IBM Aspera Faspex 5 5.0.0 through 5.0.14.3 is vulnerable to
HTTP heade ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-36226 (IBM Aspera Faspex 5 5.0.0 through 5.0.14.3 is vulnerable to
cross-site ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-27769 (A vulnerability has been identified in Heliox Flex 180 kW EV
Charging ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-13957 (CWE-798: Use of Hard-coded Credentials vulnerability exists
that could ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2025-13902 (CWE-79 Improper Neutralization of Input During Web Page
Generation ('C ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2025-13901 (CWE-404 Improper Resource Shutdown or Release vulnerability
exists tha ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2025-11739 (CWE\u2011502: Deserialization of Untrusted Data vulnerability
exists t ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2022-4977
REJECTED
CVE-2026-23240 (In the Linux kernel, the following vulnerability has been
resolved: t ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8a32eb806500544bab4b378e0bb7972b09dfbbda
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8a32eb806500544bab4b378e0bb7972b09dfbbda
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
