[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Feb 3 08:13:56 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
378317a7 by security tracker role at 2026-02-03T08:13:49+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -17,15 +17,15 @@ CVE-2026-25060 (OpenList Frontend is a UI component for OpenList. Prior to 4.1.1
 CVE-2026-25059 (OpenList Frontend is a UI component for OpenList. Prior to 4.1.10, the ...)
 	TODO: check
 CVE-2026-24936 (When a specific function is enabled while joining a AD Domain from ADM ...)
-	TODO: check
+	NOT-FOR-US: Asustor
 CVE-2026-24935 (A third-party NAT traversal module fails to validate SSL/TLS certifica ...)
-	TODO: check
+	NOT-FOR-US: Asustor
 CVE-2026-24934 (The DDNS function uses an insecure HTTP connection or fails to validat ...)
-	TODO: check
+	NOT-FOR-US: Asustor
 CVE-2026-24933 (The API communication component fails to validate the SSL/TLS certific ...)
-	TODO: check
+	NOT-FOR-US: Asustor
 CVE-2026-24932 (The DDNS update function in ADM fails to properly validate the hostnam ...)
-	TODO: check
+	NOT-FOR-US: Asustor
 CVE-2026-24763 (OpenClaw (formerly  Clawdbot) is a personal AI assistant you run on yo ...)
 	TODO: check
 CVE-2026-24737 (jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, use ...)
@@ -47,7 +47,7 @@ CVE-2026-24043 (jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.
 CVE-2026-24040 (jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, the ...)
 	TODO: check
 CVE-2026-24007 (Tuleap is an Open Source Suite for management of software development  ...)
-	TODO: check
+	NOT-FOR-US: Tuleap
 CVE-2026-23997 (FacturaScripts is open-source enterprise resource planning and account ...)
 	TODO: check
 CVE-2026-23515 (Signal K Server is a server application that runs on a central hub in  ...)
@@ -65,39 +65,39 @@ CVE-2026-20704 (Cross-site request forgery vulnerability exists in WRC-X1500GS-B
 CVE-2026-1788 (: Out-of-bounds Write vulnerability in Xquic Project Xquic Server xqui ...)
 	TODO: check
 CVE-2026-1778 (Amazon SageMaker Python SDK before v3.1.1 or v2.256.0 disables TLS cer ...)
-	TODO: check
+	NOT-FOR-US: Amazon
 CVE-2026-1777 (The Amazon SageMaker Python SDK before v3.2.0 and v2.256.0 includes th ...)
-	TODO: check
+	NOT-FOR-US: Amazon
 CVE-2026-1730 (The OS DataHub Maps plugin for WordPress is vulnerable to arbitrary fi ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-1592 (Foxit PDF Editor Cloud (pdfonline) contains a stored cross-site script ...)
-	TODO: check
+	NOT-FOR-US: Foxit
 CVE-2026-1591 (Foxit PDF Editor Cloud (pdfonline) contains a stored cross-site script ...)
-	TODO: check
+	NOT-FOR-US: Foxit
 CVE-2026-1447 (The Mail Mint plugin for WordPress is vulnerable to Cross-Site Request ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-1375 (The Tutor LMS \u2013 eLearning and online course solution plugin for W ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-1371 (The Tutor LMS \u2013 eLearning and online course solution plugin for W ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-1210 (The Happy Addons for Elementor plugin for WordPress is vulnerable to S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-1065 (The Form Maker by 10Web plugin for WordPress is vulnerable to Stored C ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-1058 (The Form Maker plugin for WordPress is vulnerable to Stored Cross-Site ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-0950 (The Spectra Gutenberg Blocks \u2013 Website Builder for the Block Edit ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-0924 (BuhoCleanercontains an insecure XPC service that allows local, unprivi ...)
 	TODO: check
 CVE-2026-0909 (The WP ULike plugin for WordPress is vulnerable to Insecure Direct Obj ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-0617 (The LatePoint \u2013 Calendar Booking Plugin for Appointments and Even ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-0383 (A vulnerability in Brocade Fabric OS could allow an authenticated, loc ...)
-	TODO: check
+	NOT-FOR-US: Brocade
 CVE-2025-9711 (A vulnerability in Brocade Fabric OS before 9.2.1c3 could allow elevat ...)
-	TODO: check
+	NOT-FOR-US: Brocade
 CVE-2025-8590 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
 	TODO: check
 CVE-2025-8589 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
@@ -121,39 +121,39 @@ CVE-2025-61647 (Vulnerability in Wikimedia Foundation CheckUser. This vulnerabil
 CVE-2025-61644 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
 	TODO: check
 CVE-2025-58383 (A vulnerability in Brocade Fabric OS versions before 9.2.1c2 could all ...)
-	TODO: check
+	NOT-FOR-US: Brocade
 CVE-2025-58382 (A vulnerability in the secure configuration of authentication and  man ...)
-	TODO: check
+	NOT-FOR-US: Brocade
 CVE-2025-58381 (A  vulnerability in Brocade Fabric OS before 9.2.1c2 could allow an  a ...)
-	TODO: check
+	NOT-FOR-US: Brocade
 CVE-2025-58380 (A vulnerability in Brocade Fabric OS before 9.2.1 could allow an authe ...)
-	TODO: check
+	NOT-FOR-US: Brocade
 CVE-2025-58379 (Brocade Fabric OS before 9.2.1 has a vulnerability that could allow a  ...)
-	TODO: check
+	NOT-FOR-US: Brocade
 CVE-2025-36436 (IBM Cloud Pak for Business Automation 25.0.0 through 25.0.0 Interim Fi ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-36253 (IBM Concert 1.0.0 through 2.1.0 uses weaker than expected cryptographi ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-36238 (IBM PowerVM Hypervisor FW1110.00 through FW1110.03, FW1060.00 through  ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-36194 (IBM PowerVM Hypervisor FW1110.00 through FW1110.03, FW1060.00 through  ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-15556 (Notepad++ versions prior to 8.8.9, when using the WinGUp updater, cont ...)
 	TODO: check
 CVE-2025-14274 (The Unlimited Elements for Elementor plugin for WordPress is vulnerabl ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-13096 (IBM Business Automation Workflow containers V25.0.0 through V25.0.0-IF ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-12774 (A vulnerability in the migration script for Brocade SANnav before 3.0  ...)
-	TODO: check
+	NOT-FOR-US: Brocade
 CVE-2025-12773 (A vulnerability in update-reports-purge-settings.sh script logging for ...)
-	TODO: check
+	NOT-FOR-US: Brocade
 CVE-2025-12772 (Brocade SANnav before 2.4.0b logs the Brocade Fabric OS Switch admin p ...)
-	TODO: check
+	NOT-FOR-US: Brocade
 CVE-2025-12680 (Brocade SANnav before Brocade SANnav 2.4.0b logs database passwords in ...)
-	TODO: check
+	NOT-FOR-US: Brocade
 CVE-2025-12679 (A vulnerability in Brocade SANnav before 2.4.0b prints the  Password-B ...)
-	TODO: check
+	NOT-FOR-US: Brocade
 CVE-2026-24514
 	NOT-FOR-US: Kubernetes ingress-nginx
 CVE-2026-24513



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/378317a7ba3862fb20d4cfdd97a79fe7486a3694

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/378317a7ba3862fb20d4cfdd97a79fe7486a3694
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260203/f3968370/attachment.htm>

More information about the debian-security-tracker-commits mailing list