[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Feb 10 08:14:12 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3c12b367 by security tracker role at 2026-02-10T08:14:06+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2026-2260 (A vulnerability was found in D-Link DCS-931L up to 1.13.0. This affect ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2026-2259 (A vulnerability has been found in aardappel lobster up to 2025.4. Affe ...)
 	TODO: check
 CVE-2026-2258 (A flaw has been found in aardappel lobster up to 2025.4. Affected by t ...)
@@ -115,91 +115,91 @@ CVE-2026-25639 (Axios is a promise based HTTP client for the browser and Node.js
 CVE-2026-25528 (LangSmith Client SDKs provide SDK's for interacting with the LangSmith ...)
 	TODO: check
 CVE-2026-24328 (SAP TAF_APPLAUNCHER within Business Server Pages allows unauthenticate ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2026-24327 (Due to missing authorization check in SAP Strategic Enterprise Managem ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2026-24326 (Due to a missing authorization check in the Disconnected Operations of ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2026-24325 (SAP BusinessObjects Enterprise does not sufficiently encode user-contr ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2026-24324 (SAP BusinessObjects Business Intelligence Platform (AdminTools) allows ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2026-24323 (The BSP applications allow an unauthenticated user to inject malicious ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2026-24322 (SAP Solution Tools Plug-In (ST-PI) contains a function module that doe ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2026-24321 (SAP Commerce Cloud exposes multiple API endpoints to unauthenticated u ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2026-24320 (Due to improper memory management in SAP NetWeaver and ABAP Platform ( ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2026-24319 (In SAP Business One, sensitive information is written to the applicati ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2026-24312 (An erroneous authorization check in SAP Business Workflow leads to pri ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2026-23689 (Due to an uncontrolled resource consumption (Denial of Service) vulner ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2026-23688 (SAP Fiori App Manage Service Entry Sheets does not perform necessary a ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2026-23687 (SAP NetWeaver Application Server ABAP and ABAP Platform allows an auth ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2026-23686 (Due to a CRLF Injection vulnerability in SAP NetWeaver Application Ser ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2026-23685 (Due to a Deserialization vulnerability in SAP NetWeaver (JMS service), ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2026-23684 (A race condition vulnerability exists in the SAP Commerce cloud. Becau ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2026-23681 (Due to missing authorization check in a function module in SAP Support ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2026-1722 (The WCFM Marketplace \u2013 Multivendor Marketplace for WooCommerce pl ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-0996 (The Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-0845 (The WCFM \u2013 Frontend Manager for WooCommerce along with Bookings S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-0509 (SAP NetWeaver Application Server ABAP and ABAP Platform allows an auth ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2026-0508 (The SAP BusinessObjects Business Intelligence Platform allows an authe ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2026-0505 (The BSP applications allow an unauthenticated user to manipulate user- ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2026-0490 (SAP BusinessObjects BI Platform allows an unauthenticated attacker to  ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2026-0488 (An authenticated attacker in SAP CRM and SAP S/4HANA (Scripting Editor ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2026-0486 (In ABAP based SAP systems a remote enabled function module does not pe ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2026-0485 (SAP BusinessObjects BI Platform allows an unauthenticated attacker to  ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2026-0484 (Due to missing authorization check in SAP NetWeaver Application Server ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2025-15319 (Tanium addressed a local privilege escalation vulnerability in Patch E ...)
-	TODO: check
+	NOT-FOR-US: Tanium
 CVE-2025-15318 (Tanium addressed an arbitrary file deletion vulnerability in End-User  ...)
-	TODO: check
+	NOT-FOR-US: Tanium
 CVE-2025-15317 (Tanium addressed an uncontrolled resource consumption vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: Tanium
 CVE-2025-15316 (Tanium addressed a local privilege escalation vulnerability in Tanium  ...)
-	TODO: check
+	NOT-FOR-US: Tanium
 CVE-2025-15315 (Tanium addressed a local privilege escalation vulnerability in Tanium  ...)
-	TODO: check
+	NOT-FOR-US: Tanium
 CVE-2025-15314 (Tanium addressed an arbitrary file deletion vulnerability in end-user- ...)
-	TODO: check
+	NOT-FOR-US: Tanium
 CVE-2025-15313 (Tanium addressed an arbitrary file deletion vulnerability in Tanium EU ...)
-	TODO: check
+	NOT-FOR-US: Tanium
 CVE-2025-15310 (Tanium addressed a local privilege escalation vulnerability in Patch E ...)
-	TODO: check
+	NOT-FOR-US: Tanium
 CVE-2025-15147 (The WCFM Membership \u2013 WooCommerce Memberships for Multivendor Mar ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-13064 (A server-side injection was possible for a malicious admin to manipula ...)
-	TODO: check
+	NOT-FOR-US: Axis Communication
 CVE-2025-12757 (An AXIS Camera Station Pro feature can be exploited in a way that allo ...)
-	TODO: check
+	NOT-FOR-US: Axis Communication
 CVE-2025-12063 (An insecure direct object reference allowed a non-admin user to modify ...)
-	TODO: check
+	NOT-FOR-US: Axis Communication
 CVE-2025-11547 (AXIS Camera Station Pro contained a flaw toperform a privilege escalat ...)
-	TODO: check
+	NOT-FOR-US: Axis Communication
 CVE-2025-11142 (The VAPIX API mediaclip.cgi that did not have a sufficient input valid ...)
-	TODO: check
+	NOT-FOR-US: Axis Communication
 CVE-2026-2239 [PSD loader: heap-buffer-overflow in fread_pascal_string() (no null terminator)]
 	- gimp <unfixed>
 	NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/15812



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3c12b367cd3c54fc8056a44d909f7a2d1273cf7b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3c12b367cd3c54fc8056a44d909f7a2d1273cf7b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260210/81bbea78/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list