[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Feb 24 08:13:24 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
50f5c988 by security tracker role at 2026-02-24T08:13:16+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,13 +1,13 @@
 CVE-2026-3091 (An uncontrolled search path element vulnerability in Synology Presto C ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2026-3075 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-3070 (A vulnerability was detected in SourceCodester Modern Image Gallery Ap ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2026-3069 (A security vulnerability has been detected in itsourcecode Document Ma ...)
-	TODO: check
+	NOT-FOR-US: itsourcecode System
 CVE-2026-3068 (A weakness has been identified in itsourcecode Document Management Sys ...)
-	TODO: check
+	NOT-FOR-US: itsourcecode System
 CVE-2026-3067 (A vulnerability has been found in HummerRisk up to 1.5.0. This issue a ...)
 	TODO: check
 CVE-2026-3066 (A flaw has been found in HummerRisk up to 1.5.0. This vulnerability af ...)
@@ -31,13 +31,13 @@ CVE-2026-3050 (A flaw has been found in horilla-opensource horilla up to 1.0.2.
 CVE-2026-3049 (A vulnerability was detected in horilla-opensource horilla up to 1.0.2 ...)
 	TODO: check
 CVE-2026-3046 (A security vulnerability has been detected in itsourcecode E-Logbook w ...)
-	TODO: check
+	NOT-FOR-US: itsourcecode System
 CVE-2026-3044 (A vulnerability has been found in Tenda AC8 16.03.34.06. This affects  ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2026-3043 (A flaw has been found in itsourcecode Event Management System 1.0. The ...)
-	TODO: check
+	NOT-FOR-US: itsourcecode System
 CVE-2026-3042 (A vulnerability was detected in itsourcecode Event Management System 1 ...)
-	TODO: check
+	NOT-FOR-US: itsourcecode System
 CVE-2026-3041 (A security vulnerability has been detected in xingfuggz BaykeShop up t ...)
 	TODO: check
 CVE-2026-3040 (A vulnerability was identified in DrayTek Vigor 300B up to 1.5.1.6. Th ...)
@@ -163,7 +163,7 @@ CVE-2026-24484 (ImageMagick is free and open-source software used for editing an
 CVE-2026-24481 (ImageMagick is free and open-source software used for editing and mani ...)
 	TODO: check
 CVE-2026-24314 (Under certain conditions SAP S/4HANA (Manage Payment Media) allows an  ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2026-23694 (Aruba HiSpeed Cache (aruba-hispeed-cache) WordPress plugin versions pr ...)
 	TODO: check
 CVE-2026-23693 (ElementsKit Lite (elementskit-lite) WordPress plugin versions prior to ...)
@@ -177,17 +177,17 @@ CVE-2026-21863 (Valkey is a distributed key-value database. Prior to versions 9.
 CVE-2026-21665 (The Print Service component of Fiserv Originate Loans Peripherals (for ...)
 	TODO: check
 CVE-2026-1459 (A post-authentication command injection vulnerability in the TR-369 ce ...)
-	TODO: check
+	NOT-FOR-US: Zyxel
 CVE-2026-1229 (The CombinedMult function in the CIRCL ecc/p384 package (secp384r1 cur ...)
 	TODO: check
 CVE-2025-9120 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: OpenText
 CVE-2025-71056 (Improper session management in GCOM EPON 1GE ONU version C00R371V00B01 ...)
 	TODO: check
 CVE-2025-70328 (TOTOLINK X6000R v9.4.0cu.1498_B20250826 contains an OS command injecti ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2025-70327 (TOTOLINK X5000R v9.1.0cu_2415_B20250515 contains an argument injection ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2025-69253 (free5GC is an open-source project for 5th generation (5G) mobile core  ...)
 	TODO: check
 CVE-2025-69252 (free5gc UDM provides Unified Data Management (UDM) for free5GC, an ope ...)
@@ -209,29 +209,29 @@ CVE-2025-68930 (Versions of the Traccar open-source GPS tracking system up to an
 CVE-2025-67733 (Valkey is a distributed key-value database. Prior to versions 9.0.2, 8 ...)
 	TODO: check
 CVE-2025-40541 (An Insecure Direct Object Reference (IDOR) vulnerability exists in Ser ...)
-	TODO: check
+	NOT-FOR-US: SolarWinds
 CVE-2025-40540 (A type confusion vulnerability exists in Serv-U which when exploited,  ...)
-	TODO: check
+	NOT-FOR-US: SolarWinds
 CVE-2025-40539 (A type confusion vulnerability exists in Serv-U which when exploited,  ...)
-	TODO: check
+	NOT-FOR-US: SolarWinds
 CVE-2025-40538 (A broken access control vulnerability exists in Serv-U which when expl ...)
-	TODO: check
+	NOT-FOR-US: SolarWinds
 CVE-2025-15589 (A vulnerability was determined in MuYuCMS 2.7. Affected is the functio ...)
 	TODO: check
 CVE-2025-15386 (The Responsive Lightbox & Gallery WordPress plugin before 2.6.1 is vul ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-13943 (A post-authentication command injection vulnerability in the log file  ...)
-	TODO: check
+	NOT-FOR-US: Zyxel
 CVE-2025-13942 (A command injection vulnerability in the UPnP function of the Zyxel EX ...)
-	TODO: check
+	NOT-FOR-US: Zyxel
 CVE-2025-11848 (A null pointer dereference vulnerability in the Wake-on-LAN CGI progra ...)
-	TODO: check
+	NOT-FOR-US: Zyxel
 CVE-2025-11847 (A null pointer dereference vulnerability in the IP settings CGI progra ...)
-	TODO: check
+	NOT-FOR-US: Zyxel
 CVE-2025-11846 (A null pointer dereference vulnerability in the account settings CGI p ...)
-	TODO: check
+	NOT-FOR-US: Zyxel
 CVE-2025-11845 (A null pointer dereference vulnerability in the certificate downloader ...)
-	TODO: check
+	NOT-FOR-US: Zyxel
 CVE-2026-3063 (Inappropriate implementation in DevTools in Google Chrome prior to 145 ...)
 	- chromium <unfixed>
 	[bullseye] - chromium <end-of-life> (see #1061268)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/50f5c988680a577845f24ed0264cb8d54d1bf8a4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/50f5c988680a577845f24ed0264cb8d54d1bf8a4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260224/cdb094cb/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list