[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jan 13 20:14:05 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9954999c by security tracker role at 2026-01-13T20:13:56+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -11,39 +11,39 @@ CVE-2026-22791 (openCryptoki is a PKCS#11 library and tools for Linux and AIX. I
CVE-2026-22755 (Improper Neutralization of Special Elements used in a Command ('Comman ...)
TODO: check
CVE-2026-21306 (Substance3D - Sampler versions 5.1.0 and earlier are affected by an ou ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21305 (Substance3D - Painter versions 11.0.3 and earlier are affected by an o ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21304 (InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by a H ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21288 (Illustrator versions 29.8.3, 30.0 and earlier are affected by a NULL P ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21287 (Substance3D - Stager versions 3.1.5 and earlier are affected by a Use ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21283 (Bridge versions 15.1.2, 16.0 and earlier are affected by a Heap-based ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21281 (InCopy versions 21.0, 19.5.5 and earlier are affected by a Heap-based ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21280 (Illustrator versions 29.8.3, 30.0 and earlier are affected by an Untru ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21278 (InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by an ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21277 (InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by a H ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21276 (InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by an ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21275 (InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by an ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21274 (Dreamweaver Desktop versions 21.6 and earlier are affected by an Incor ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21272 (Dreamweaver Desktop versions 21.6 and earlier are affected by an Impro ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21271 (Dreamweaver Desktop versions 21.6 and earlier are affected by an Impro ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21268 (Dreamweaver Desktop versions 21.6 and earlier are affected by an Impro ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21267 (Dreamweaver Desktop versions 21.6 and earlier are affected by an Impro ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21265 (Windows Secure Boot stores Microsoft certificates in the UEFI KEK and ...)
TODO: check
CVE-2026-21226 (Deserialization of untrusted data in Azure Core shared client library ...)
@@ -267,47 +267,47 @@ CVE-2026-20804 (Incorrect privilege assignment in Windows Hello allows an unauth
CVE-2026-20803 (Missing authentication for critical function in SQL Server allows an a ...)
TODO: check
CVE-2026-0859 (TYPO3's mail\u2011file spool deserialization flaw lets local users wit ...)
- TODO: check
+ NOT-FOR-US: TYPO3 (core or extensions)
CVE-2026-0684 (The CP Image Store with Slideshow plugin for WordPress is vulnerable t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-0408 (A path traversal vulnerability in NETGEAR WiFi range extenders allows ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2026-0407 (An insufficient authentication vulnerability in NETGEAR WiFi range ex ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2026-0406 (An insufficient input validation vulnerability in the NETGEAR XR1000v2 ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2026-0405 (An authentication bypass vulnerability in NETGEAR Orbi devices allows ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2026-0404 (An insufficient input validation vulnerability in NETGEAR Orbi devices ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2026-0403 (An insufficient input validation vulnerability in NETGEAR Orbi routers ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2026-0386 (Improper access control in Windows Deployment Services allows an unaut ...)
TODO: check
CVE-2025-9435 (Zohocorp ManageEngine ADManager Plus versions below7230are vulnerable ...)
- TODO: check
+ NOT-FOR-US: Zoho
CVE-2025-9427 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
TODO: check
CVE-2025-8090 (Null pointer dereference in the MsgRegisterEvent() system call could a ...)
- TODO: check
+ NOT-FOR-US: Blackberry
CVE-2025-71027 (Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-71026 (Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-71025 (Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-71024 (Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-71023 (Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-70753 (Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in t ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-69992 (phpgurukul News Portal Project V4.1 has File Upload Vulnerability via ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-69991 (phpgurukul News Portal Project V4.1 is vulnerable to SQL Injection in ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-69990 (phpgurukul News Portal Project V4.1 has an Arbitrary File Deletion Vul ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-68949 (n8n is an open source workflow automation platform. From 1.36.0 to bef ...)
TODO: check
CVE-2025-68931 (Jervis is a library for Job DSL plugin scripts and shared Jenkins pipe ...)
@@ -329,7 +329,7 @@ CVE-2025-68698 (Jervis is a library for Job DSL plugin scripts and shared Jenkin
CVE-2025-68271 (OpenC3 COSMOS provides the functionality needed to send commands to an ...)
TODO: check
CVE-2025-67685 (A Server-Side Request Forgery (SSRF) vulnerability [CWE-918] vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-66698 (An issue in Semantic machines v5.4.8 allows attackers to bypass authen ...)
TODO: check
CVE-2025-65784 (Insecure permissions in Hubert Imoveis e Administracao Ltda Hub v2.0 1 ...)
@@ -337,69 +337,69 @@ CVE-2025-65784 (Insecure permissions in Hubert Imoveis e Administracao Ltda Hub
CVE-2025-65783 (An arbitrary file upload vulnerability in the /utils/uploadFile compon ...)
TODO: check
CVE-2025-64155 (An improper neutralization of special elements used in an os command ( ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-62182 (Pega Customer Service Framework versions 8.7.0 through 25.1.0 are affe ...)
TODO: check
CVE-2025-59922 (An improper neutralization of special elements used in an SQL command ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-59022 (Backend users who had access to the recycler module could delete arbit ...)
- TODO: check
+ NOT-FOR-US: TYPO3 (core or extensions)
CVE-2025-59021 (Backend users with access to the redirects module and write permission ...)
- TODO: check
+ NOT-FOR-US: TYPO3 (core or extensions)
CVE-2025-59020 (By exploiting the defVals parameter, attackers could bypass field\u201 ...)
- TODO: check
+ NOT-FOR-US: TYPO3 (core or extensions)
CVE-2025-58693 (An improper limitation of a pathname to a restricted directory ('path ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-58411 (Software installed and run as a non-privileged user may conduct improp ...)
- TODO: check
+ NOT-FOR-US: Imagination Technologies
CVE-2025-58409 (Software installed and run as a non-privileged user may conduct improp ...)
- TODO: check
+ NOT-FOR-US: Imagination Technologies
CVE-2025-55462 (A CORS misconfiguration in Eramba Community and Enterprise Editions v3 ...)
TODO: check
CVE-2025-47855 (An exposure of sensitive information to an unauthorized actor [CWE-200 ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-46685 (Dell SupportAssist OS Recovery, versions prior to 5.5.15.1, contain a ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2025-46684 (Dell SupportAssist OS Recovery, versions prior to 5.5.15.1, contain a ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2025-40944 (A vulnerability has been identified in SIMATIC ET 200AL IM 157-1 PN (6 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-40942 (A vulnerability has been identified in TeleControl Server Basic (All v ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-40805 (Affected devices do not properly enforce user authentication on specif ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-37169 (A stack overflow vulnerability exists in the AOS-10 web-based manageme ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2025-37168 (Arbitrary file deletion vulnerability have been identified in a system ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2025-37166 (A vulnerability affecting HPE Networking Instant On Access Points has ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2025-37165 (A vulnerability in the router mode configuration of HPE Instant On Acc ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2025-36640 (A vulnerability has been identified in the installation/uninstallation ...)
TODO: check
CVE-2025-25652 (In Eptura Archibus 2024.03.01.109, the "Run script" and "Server File" ...)
TODO: check
CVE-2025-25249 (A heap-based buffer overflow vulnerability in Fortinet FortiOS 7.6.0 t ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-25176 (Intermediate register values of secure workloads can be exfiltrated in ...)
- TODO: check
+ NOT-FOR-US: Imagination Technologies
CVE-2025-14507 (The EventPrime - Events Calendar, Bookings and Tickets plugin for Word ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14001 (The WP Duplicate Page plugin for WordPress is vulnerable to unauthoriz ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13774 (A vulnerability exists in Progress Flowmon ADS versions prior to 12.5. ...)
- TODO: check
+ NOT-FOR-US: Progress Software
CVE-2025-13447 (OS Command Injection Remote Code Execution Vulnerability in API in Pro ...)
- TODO: check
+ NOT-FOR-US: Progress Software
CVE-2025-13444 (OS Command Injection Remote Code Execution Vulnerability in API in Pro ...)
- TODO: check
+ NOT-FOR-US: Progress Software
CVE-2025-11669 (ZohocorpManageEngine PAM360 versions before 8202; Password Manager Pro ...)
- TODO: check
+ NOT-FOR-US: Zoho
CVE-2025-11250 (Zohocorp ManageEngine ADSelfService Plus versions before 6519 are vuln ...)
- TODO: check
+ NOT-FOR-US: Zoho
CVE-2025-10865 (Software installed and run as a non-privileged user may conduct improp ...)
- TODO: check
+ NOT-FOR-US: Imagination Technologies
CVE-2024-54855 (fabricators Ltd Vanilla OS 2 Core image v1.1.0 was discovered to conta ...)
TODO: check
CVE-2025-71101 (In the Linux kernel, the following vulnerability has been resolved: p ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9954999c98c5248a50d4875d723d8b1c3459908a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9954999c98c5248a50d4875d723d8b1c3459908a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260113/7e6534ff/attachment.htm>
More information about the debian-security-tracker-commits
mailing list