[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Feb 24 20:14:37 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2f135dc2 by security tracker role at 2026-02-24T20:14:29+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,19 +1,19 @@
 CVE-2026-3131 (Improper  access control in multiple DVLS REST API endpoints in Devolu ...)
-	TODO: check
+	NOT-FOR-US: Devolutions
 CVE-2026-3105 (SummaryThis advisory addresses a SQL injection vulnerability in the AP ...)
 	TODO: check
 CVE-2026-3102 (A vulnerability was determined in exiftool up to 13.49 on macOS. This  ...)
 	TODO: check
 CVE-2026-3101 (A vulnerability was found in Intelbras TIP 635G 1.12.3.5. This vulnera ...)
-	TODO: check
+	NOT-FOR-US: Intelbras
 CVE-2026-2664 (An out of bounds read vulnerability in the grpcfuse kernel module pres ...)
-	TODO: check
+	NOT-FOR-US: Docker products not packaged in Debian
 CVE-2026-2634 (Malicious scripts could cause desynchronization between the address ba ...)
 	TODO: check
 CVE-2026-2460 (A vulnerability exists in REB500 for an authenticated user with low-le ...)
-	TODO: check
+	NOT-FOR-US: Hitachi Energy
 CVE-2026-2459 (A vulnerability exists in REB500 for an authenticated user with Instal ...)
-	TODO: check
+	NOT-FOR-US: Hitachi Energy
 CVE-2026-27732 (WWBN AVideo is an open source video platform. Prior to version 22.0, t ...)
 	TODO: check
 CVE-2026-27590 (Caddy is an extensible server platform that uses TLS by default. Prior ...)
@@ -71,47 +71,47 @@ CVE-2026-26340 (Tattile Smart+, Vega, and Basic device families firmware version
 CVE-2026-26222 (Altec DocLink (now maintained by Beyond Limits Inc.) version 4.0.336.0 ...)
 	TODO: check
 CVE-2026-25603 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
-	TODO: check
+	NOT-FOR-US: Linksys
 CVE-2026-24241 (NVIDIA Delegated Licensing Service for all appliance platforms contain ...)
 	TODO: check
 CVE-2026-23984 (An Improper Input Validation vulnerability exists in Apache Superset t ...)
-	TODO: check
+	NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-23983 (A Sensitive Data Exposure vulnerability exists in Apache Superset allo ...)
-	TODO: check
+	NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-23982 (An Improper Authorization vulnerability exists in Apache Superset that ...)
-	TODO: check
+	NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-23980 (Improper Neutralization of Special Elements used in a SQL Command ('SQ ...)
-	TODO: check
+	NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-23969 (Apache Superset utilizes a configurable dictionary, DISALLOWED_SQL_FUN ...)
-	TODO: check
+	NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-23859 (Dell Wyse Management Suite, versions prior to WMS 5.5, contain a Clien ...)
-	TODO: check
+	NOT-FOR-US: Dell / EMC
 CVE-2026-23858 (Dell Wyse Management Suite, versions prior to WMS 5.5, contain an Impr ...)
-	TODO: check
+	NOT-FOR-US: Dell / EMC
 CVE-2026-23678 (Binardat 10G08-0800GSM network switch firmware versionV300SP10260209 a ...)
 	TODO: check
 CVE-2026-22766 (Dell Wyse Management Suite, versions prior to WMS 5.5, contain an Unre ...)
-	TODO: check
+	NOT-FOR-US: Dell / EMC
 CVE-2026-22765 (Dell Wyse Management Suite, versions prior to WMS 5.5, contain a Missi ...)
-	TODO: check
+	NOT-FOR-US: Dell / EMC
 CVE-2026-1773 (IEC 60870-5-104: Potential Denial of Service impact on reception of in ...)
-	TODO: check
+	NOT-FOR-US: Hitachi Energy
 CVE-2026-1772 (RTU500 web interface: An unprivileged user can read user management in ...)
-	TODO: check
+	NOT-FOR-US: Hitachi Energy
 CVE-2026-1768 (A permission cache poisoning vulnerability in Devolutions Server allow ...)
-	TODO: check
+	NOT-FOR-US: Devolutions
 CVE-2026-0402 (A post-authentication Out-of-bounds Read vulnerability in SonicOS allo ...)
-	TODO: check
+	NOT-FOR-US: SonicWall
 CVE-2026-0401 (A post-authentication NULL Pointer Dereference vulnerability in SonicO ...)
-	TODO: check
+	NOT-FOR-US: SonicWall
 CVE-2026-0400 (A post-authentication Format String vulnerability in SonicOS allows a  ...)
-	TODO: check
+	NOT-FOR-US: SonicWall
 CVE-2026-0399 (Multiple post-authentication stack-based buffer overflow vulnerabiliti ...)
-	TODO: check
+	NOT-FOR-US: SonicWall
 CVE-2025-69985 (FUXA 1.2.8 and prior contains an Authentication Bypass vulnerability l ...)
 	TODO: check
 CVE-2025-67445 (TOTOLINK X5000R V9.1.0cu.2415_B20250515 contains a denial-of-service v ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2025-63409 (Privilege escalation and improper access control in GCOM EPON 1GE C00R ...)
 	TODO: check
 CVE-2025-62512 (Piwigo is an open source photo gallery application for the web. In ver ...)
@@ -145,7 +145,7 @@ CVE-2024-56373 (DAG Author (who already has quite a lot of permissions) could ma
 CVE-2024-48928 (Piwigo is an open source photo gallery application for the web. In ver ...)
 	TODO: check
 CVE-2024-1524 (When the "Silent Just-In-Time Provisioning" feature is enabled for a f ...)
-	TODO: check
+	NOT-FOR-US: WSO2
 CVE-2026-2793 (Memory safety bugs present in Firefox ESR 115.32, Firefox ESR 140.7, T ...)
 	- firefox <unfixed>
 	- firefox-esr <unfixed>



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2f135dc2f546283e52a8648426dc4b5c27989e25

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2f135dc2f546283e52a8648426dc4b5c27989e25
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260224/8729c0f6/attachment.htm>

More information about the debian-security-tracker-commits mailing list