[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jan 15 20:14:27 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5a974272 by security tracker role at 2026-01-15T20:14:15+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -21,33 +21,33 @@ CVE-2026-23494 (Pimcore is an Open Source Data & Experience Management Platform.
 CVE-2026-23493 (Pimcore is an Open Source Data & Experience Management Platform. Prior ...)
 	TODO: check
 CVE-2026-22920 (The device's passwords have not been adequately salted, making them vu ...)
-	TODO: check
+	NOT-FOR-US: SICK AG
 CVE-2026-22919 (An attacker with administrative access may inject malicious content in ...)
-	TODO: check
+	NOT-FOR-US: SICK AG
 CVE-2026-22918 (An attacker may exploit missing protection against clickjacking by tri ...)
-	TODO: check
+	NOT-FOR-US: SICK AG
 CVE-2026-22917 (Improper input handling in a system endpoint may allow attackers to ov ...)
-	TODO: check
+	NOT-FOR-US: SICK AG
 CVE-2026-22916 (An attacker with low privileges may be able to trigger critical system ...)
-	TODO: check
+	NOT-FOR-US: SICK AG
 CVE-2026-22915 (An attacker with low privileges may be able to read files from specifi ...)
-	TODO: check
+	NOT-FOR-US: SICK AG
 CVE-2026-22914 (An attacker with limited permissions may still be able to write files  ...)
-	TODO: check
+	NOT-FOR-US: SICK AG
 CVE-2026-22913 (Improper handling of a URL parameter may allow attackers to execute co ...)
-	TODO: check
+	NOT-FOR-US: SICK AG
 CVE-2026-22912 (Improper validation of a login parameter may allow attackers to redire ...)
-	TODO: check
+	NOT-FOR-US: SICK AG
 CVE-2026-22911 (Firmware update files may expose password hashes for system accounts,  ...)
-	TODO: check
+	NOT-FOR-US: SICK AG
 CVE-2026-22910 (The device is deployed with weak and publicly known default passwords  ...)
-	TODO: check
+	NOT-FOR-US: SICK AG
 CVE-2026-22909 (Certain system functions may be accessed without proper authorization, ...)
-	TODO: check
+	NOT-FOR-US: SICK AG
 CVE-2026-22908 (Uploading unvalidated container images may allow remote attackers to g ...)
-	TODO: check
+	NOT-FOR-US: SICK AG
 CVE-2026-22907 (An attacker may gain unauthorized access to the host filesystem, poten ...)
-	TODO: check
+	NOT-FOR-US: SICK AG
 CVE-2026-22867 (LaSuite Doc is a collaborative note taking, wiki and documentation pla ...)
 	TODO: check
 CVE-2026-22803 (SvelteKit is a framework for rapidly developing robust, performant web ...)
@@ -57,35 +57,35 @@ CVE-2026-22775 (Svelte devalue is a JavaScript library that serializes values in
 CVE-2026-22774 (Svelte devalue is a JavaScript library that serializes values into str ...)
 	TODO: check
 CVE-2026-22646 (Certain error messages returned by the application expose internal sys ...)
-	TODO: check
+	NOT-FOR-US: SICK AG
 CVE-2026-22645 (The application discloses all used components, versions and license in ...)
-	TODO: check
+	NOT-FOR-US: SICK AG
 CVE-2026-22644 (Certain requests pass the authentication token in the URL as string qu ...)
-	TODO: check
+	NOT-FOR-US: SICK AG
 CVE-2026-22643 (In Grafana, an excessively long dashboard title or panel name will cau ...)
-	TODO: check
+	NOT-FOR-US: SICK AG
 CVE-2026-22642 (An open redirect vulnerability has been identified in Grafana OSS orga ...)
-	TODO: check
+	NOT-FOR-US: SICK AG
 CVE-2026-22641 (This vulnerability in Grafana's datasource proxy API allows authorizat ...)
-	TODO: check
+	NOT-FOR-US: SICK AG
 CVE-2026-22640 (An access control vulnerability was discovered in Grafana OSS where an ...)
-	TODO: check
+	NOT-FOR-US: SICK AG
 CVE-2026-22639 (Grafana is an open-source platform for monitoring and observability. T ...)
-	TODO: check
+	NOT-FOR-US: SICK AG
 CVE-2026-22638 (A cross-site scripting (XSS) vulnerability exists in Grafana caused by ...)
-	TODO: check
+	NOT-FOR-US: SICK AG
 CVE-2026-22637 (The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability. ...)
-	TODO: check
+	NOT-FOR-US: SICK AG
 CVE-2026-22265 (Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Kee ...)
 	TODO: check
 CVE-2026-22249 (Docmost is an open-source collaborative wiki and documentation softwar ...)
 	TODO: check
 CVE-2026-20076 (A vulnerability in the web-based management interface of Cisco Identit ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2026-20075 (A vulnerability in the web-based management interface of Cisco Evolved ...)
 	TODO: check
 CVE-2026-20047 (A vulnerability in the web-based management interface of Cisco Identit ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2026-0992 (A flaw was found in the libxml2 library. This uncontrolled resource co ...)
 	TODO: check
 CVE-2026-0990 (A flaw was found in libxml2, an XML parsing library. This uncontrolled ...)
@@ -97,19 +97,19 @@ CVE-2026-0976 (A flaw was found in Keycloak. This improper input validation vuln
 CVE-2026-0897 (Allocation of Resources Without Limits or Throttling in the HDF5 weigh ...)
 	TODO: check
 CVE-2026-0713 (A security vulnerability in the /apis/dashboard.grafana.app/* endpoint ...)
-	TODO: check
+	NOT-FOR-US: SICK AG
 CVE-2026-0712 (An open redirect vulnerability has been identified in Grafana OSS that ...)
-	TODO: check
+	NOT-FOR-US: SICK AG
 CVE-2026-0227 (A vulnerability in Palo Alto Networks PAN-OS software enables an unaut ...)
-	TODO: check
+	NOT-FOR-US: Palo Alto Networks
 CVE-2025-9014 (A Null Pointer Dereference vulnerability exists in the referer header  ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2025-71019 (Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in t ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-70744 (Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in t ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-70656 (Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in t ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-70310 (A heap overflow in the vorbis_to_intern() function of GPAC v2.4.0 allo ...)
 	TODO: check
 CVE-2025-70309 (A stack overflow in the pcmreframe_flush_packet function of GPAC v2.4. ...)
@@ -163,19 +163,19 @@ CVE-2025-62193 (Sites running NOAA PMEL Live Access Server (LAS) are vulnerable
 CVE-2025-61973 (A local privilege escalation vulnerability exists during the installat ...)
 	TODO: check
 CVE-2025-36911 (In key-based pairing, there is a possible ID due to a logic error in t ...)
-	TODO: check
+	NOT-FOR-US: Google devices
 CVE-2025-15265 (An SSR XSS exists in async hydration when attacker\u2011controlled key ...)
 	TODO: check
 CVE-2025-13859 (The AffiliateX \u2013 Amazon Affiliate Plugin plugin for WordPress is  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-13845 (CWE-416: Use After Free vulnerability that could cause remote code exe ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2025-13844 (CWE-415: Double Free vulnerability exists that could cause heap memory ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2025-13062 (The Supreme Modules Lite plugin for WordPress is vulnerable to arbitra ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-12895 (The Kalium 3 | Creative WordPress & WooCommerce Theme theme for WordPr ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-48077 (An issue in nanomq v0.22.7 allows attackers to cause a Denial of Servi ...)
 	TODO: check
 CVE-2021-47843 (Tagstoo 2.0.1 contains a stored cross-site scripting vulnerability tha ...)
@@ -191,7 +191,7 @@ CVE-2021-47781 (Cmder Console Emulator 1.3.18 contains a buffer overflow vulnera
 CVE-2021-47777 (Build Smart ERP 21.0817 contains an unauthenticated SQL injection vuln ...)
 	TODO: check
 CVE-2021-47776 (Umbraco CMS v8.14.1 contains a server-side request forgery vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: Umbraco CMS
 CVE-2021-47775 (YouTube Video Grabber, now referred to as YouTube Downloader, 1.9.9.1  ...)
 	TODO: check
 CVE-2021-47774 (Kingdia CD Extractor 3.0.2 contains a buffer overflow vulnerability in ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a974272cccd735b938c9d7902e9fb52e34bf8e1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a974272cccd735b938c9d7902e9fb52e34bf8e1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260115/d1ac7a20/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list