Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4b9b287d by security tracker role at 2026-03-03T20:15:13+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
CVE-2026-3494 (In MariaDB server version through 11.8.5, when server audit
plugin is ...)
- TODO: check
+ NOT-FOR-US: Amazon
CVE-2026-3484 (A vulnerability was detected in PhialsBasement nmap-mcp-server
up to b ...)
TODO: check
CVE-2026-3465 (A vulnerability was determined in Tuya App and SDK 24.07.11 on
Android ...)
@@ -11,47 +11,47 @@ CVE-2026-3437 (An Improper Restriction of Operations within
the Bounds of a Memo
CVE-2026-3351 (Improper authorization in the API endpoint GET
/1.0/certificates in Ca ...)
TODO: check
CVE-2026-3344 (A vulnerability in WatchGuard Fireware OS may allow an attacker
to byp ...)
- TODO: check
+ NOT-FOR-US: WatchGuard
CVE-2026-3343 (A reflected cross-site scripting (XSS) vulnerability in the
Fireware O ...)
- TODO: check
+ NOT-FOR-US: WatchGuard
CVE-2026-3342 (An Out-of-bounds Write vulnerability in WatchGuard Fireware OS
may all ...)
- TODO: check
+ NOT-FOR-US: WatchGuard
CVE-2026-3136 (An improper authorizationvulnerability in GitHub Trigger
Comment Contr ...)
TODO: check
CVE-2026-2915 (HP System Event Utility might allow denial of service with
elevated ar ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2026-2637 (iBoysoft NTFS for Mac contains a local privilege escalation
vulnerabil ...)
TODO: check
CVE-2026-2606 (IBM webMethods API Gateway (on-prem) 10.11 through
10.11_Fix3210.15 to ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-2568 (The WP Zendesk for Contact Form 7, WPForms, Elementor,
Formidable and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-29022 (dr_libs version 0.14.4 and earlier (fixed in commit 8a7258c)
contain a ...)
TODO: check
CVE-2026-28518 (OpenViking versions 0.2.1 and prior, fixed in commit46b3e76,
contain a ...)
TODO: check
CVE-2026-26892 (Sourcecodester Logistic Hub Parcel's Management System v1.0 is
vulnera ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-26891 (Sourcecodester Logistic Hub Parcel's Management System v1.0 is
vulnera ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-26890 (Sourcecodester Pharmacy Point of Sale System v1.0 is
vulnerable to SQL ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-26889 (Sourcecodester Pharmacy Point of Sale System v1.0 is
vulnerable to SQL ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-26888 (Sourcecodester Pharmacy Point of Sale System v1.0 is
vulnerable to SQL ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-26887 (Sourcecodester Pharmacy Point of Sale System v1.0 is
vulnerable to SQL ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-26886 (Sourcecodester Online Men's Salon Management System v1.0 is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-26885 (Sourcecodester Online Men's Salon Management System v1.0 is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-26884 (Sourcecodester Online Men's Salon Management System v1.0 is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-26883 (Sourcecodester Online Men's Salon Management System v1.0 is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-24103 (A buffer overflow vulnerability was discovered in
goform/formSetMacFil ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-22891 (A heap-based buffer overflow vulnerability exists in the Intan
CLP par ...)
TODO: check
CVE-2026-22886 (OpenMQ exposes a TCP-based management service (imqbrokerd)
that by def ...)
@@ -59,15 +59,15 @@ CVE-2026-22886 (OpenMQ exposes a TCP-based management
service (imqbrokerd) that
CVE-2026-20777 (A heap-based buffer overflow vulnerability exists in the
Nicolet WFT p ...)
TODO: check
CVE-2026-1265 (IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is
vulnera ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-0540 (DOMPurify 3.1.3 through 3.3.1 and 2.5.3 through 2.5.8, fixed in
commit ...)
TODO: check
CVE-2025-70821 (renren-secuity before v5.5.0 is vulnerable to SQL Injection in
the Bas ...)
TODO: check
CVE-2025-70236 (Stack buffer overflow vulnerability in D-Link DIR-513 v1.10
via the cu ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2025-69765 (Tenda AX3 firmware v16.03.12.11 contains a stack overflow in
formGetIp ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-67840 (Multiple authenticated OS command injection vulnerabilities
exist in t ...)
TODO: check
CVE-2025-66945 (A path traversal vulnerability exists in the ZIP extraction
API of Zdi ...)
@@ -95,31 +95,31 @@ CVE-2025-62815 (An issue was discovered in Samsung Mobile
Processor Exynos 1380,
CVE-2025-62814 (An issue was discovered in Samsung Mobile Processor Exynos
1280, 2200, ...)
TODO: check
CVE-2025-59060 (Hostname verification bypass issue in Apache Ranger
NiFiRegistryClient ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2025-59059 (Remote Code Execution Vulnerability in
NashornScriptEngineCreator is r ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2025-57622 (An issue in Step-Video-T2V allows a remote attacker to execute
arbitra ...)
TODO: check
CVE-2025-52365 (A command injection vulnerability in the szc script of the
ccurtsinger ...)
TODO: check
CVE-2025-36364 (IBM DevOps Plan 3.0.0 through 3.0.5 allows web page cache to
be stored ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-36363 (IBM DevOps Plan 3.0.0 through 3.0.5 uses an inadequate account
lockout ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-15599 (DOMPurify 3.1.3 through 3.2.6 and 2.5.3 through 2.5.8 contain
a cross- ...)
TODO: check
CVE-2025-15598 (A vulnerability was found in Dataease SQLBot up to 1.5.1. This
impacts ...)
TODO: check
CVE-2025-14923 (IBM WebSphere Application Server - Liberty 17.0.0.3 through
26.0.0.2 I ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-14604 (IBM Storage Scale IBM S through rage Scale 5.2.3.0 - 5.2.3.5,
and IBM ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-13734 (IBM Engineering Requirements Management DOORS Next 7.1, and
7.2 could ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-13616 (IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0
returns sensit ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-13490 (p.p1 {margin: 0.0px 0.0px 12.0px 0.0px; font: 15.0px
'Helvetica Neue'; ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-55027 (Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was
discovered to st ...)
TODO: check
CVE-2024-55026 (An issue in the reset_pj.cgi endpoint of Weintek cMT-3072XH2
easyweb v ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4b9b287ddbf5aa27e50f5280d471b4d79e0b739a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4b9b287ddbf5aa27e50f5280d471b4d79e0b739a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
