[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Mar 14 17:24:23 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
51423662 by Salvatore Bonaccorso at 2026-03-14T18:23:28+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -78,11 +78,11 @@ CVE-2026-32616 (Pigeon is a message board/notepad/social system/blog. Prior to 1
 CVE-2026-32614 (Go ShangMi (Commercial Cryptography) Library (GMSM) is a cryptographic ...)
 	NOT-FOR-US: Go ShangMi
 CVE-2026-2493 (IceWarp collaboration Directory Traversal Information Disclosure Vulne ...)
-	TODO: check
+	NOT-FOR-US: IceWarp
 CVE-2026-2491 (Socomec DIRIS A-40 HTTP API Authentication Bypass Vulnerability. This  ...)
-	TODO: check
+	NOT-FOR-US: Socomec
 CVE-2026-26133 (AI command injection in M365 Copilot allows an unauthorized attacker t ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-1948 (The NEX-Forms \u2013 Ultimate Forms Plugin for WordPress plugin for Wo ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-0977 (IBM CICS Transaction Gateway for Multiplatforms 9.3 and 10.1 could all ...)
@@ -490,7 +490,7 @@ CVE-2026-29078 (Lexbor is a web browser engine library. Prior to 2.7.0, the ISO\
 	- lexbor <unfixed> (bug #1130747)
 	NOTE: https://github.com/lexbor/lexbor/security/advisories/GHSA-mrwr-xh7f-96v3
 CVE-2026-26954 (SandboxJS is a JavaScript sandboxing library. Prior to 0.8.34, it is p ...)
-	TODO: check
+	NOT-FOR-US: SandboxJS Node module
 CVE-2026-24097 (Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0 ...)
 	TODO: check
 CVE-2026-23943 (Improper Handling of Highly Compressed Data (Compression Bomb) vulnera ...)
@@ -620,15 +620,15 @@ CVE-2026-2229 (ImpactThe undici WebSocket client is vulnerable to a denial-of-se
 	NOTE: https://github.com/nodejs/undici/commit/e9e2997ed18bff6ae389712d5f0e169f8a6546a0 (v6.24.0)
 	NOTE: https://github.com/nodejs/undici/commit/cb79c5704ac47e42ce01a72269994fc70e377536 (v7.24.0)
 CVE-2026-25823 (HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmwa ...)
-	TODO: check
+	NOT-FOR-US: HMS Networks Ewon Flexy
 CVE-2026-25819 (HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmwa ...)
-	TODO: check
+	NOT-FOR-US: HMS Networks Ewon Flexy
 CVE-2026-25818 (HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmwa ...)
-	TODO: check
+	NOT-FOR-US: HMS Networks Ewon Flexy
 CVE-2026-25817 (HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmwa ...)
-	TODO: check
+	NOT-FOR-US: HMS Networks Ewon Flexy
 CVE-2026-25076 (Anchore Enterprise versions before 5.25.1 contain an SQL injection vul ...)
-	TODO: check
+	NOT-FOR-US: Anchore Enterprise
 CVE-2026-22216 (wpDiscuz before 7.6.47 contains a missing rate limiting vulnerability  ...)
 	TODO: check
 CVE-2026-22215 (wpDiscuz before 7.6.47 contains a cross-site request forgery vulnerabi ...)
@@ -2299,51 +2299,51 @@ CVE-2026-25570 (A vulnerability has been identified in SICAM SIAPP SDK (All vers
 CVE-2026-25569 (A vulnerability has been identified in SICAM SIAPP SDK (All versions < ...)
 	NOT-FOR-US: Siemens
 CVE-2026-25190 (Untrusted search path in Windows GDI allows an unauthorized attacker t ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-25189 (Use after free in Windows DWM Core Library allows an authorized attack ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-25188 (Heap-based buffer overflow in Windows Telephony Service allows an unau ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-25187 (Improper link resolution before file access ('link following') in Winl ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-25186 (Exposure of sensitive information to an unauthorized actor in Windows  ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-25185 (Exposure of sensitive information to an unauthorized actor in Windows  ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-25181 (Out-of-bounds read in Windows GDI+ allows an unauthorized attacker to  ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-25180 (Out-of-bounds read in Microsoft Graphics Component allows an unauthori ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-25179 (Improper validation of specified type of input in Windows Ancillary Fu ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-25178 (Use after free in Windows Ancillary Function Driver for WinSock allows ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-25177 (Improper restriction of names for files and other resources in Active  ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-25176 (Improper access control in Windows Ancillary Function Driver for WinSo ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-25175 (Out-of-bounds read in Windows NTFS allows an authorized attacker to el ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-25174 (Out-of-bounds read in Windows Extensible File Allocation allows an aut ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-25173 (Integer overflow or wraparound in Windows Routing and Remote Access Se ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-25172 (Integer overflow or wraparound in Windows Routing and Remote Access Se ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-25171 (Use after free in Windows Authentication Methods allows an authorized  ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-25170 (Use after free in Windows Hyper-V allows an authorized attacker to ele ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-25169 (Divide by zero in Microsoft Graphics Component allows an unauthorized  ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-25168 (Null pointer dereference in Microsoft Graphics Component allows an una ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-25167 (Use after free in Microsoft Brokering File System allows an unauthoriz ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-25166 (Deserialization of untrusted data in Windows System Image Manager allo ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-25165 (Null pointer dereference in Windows Performance Counters allows an aut ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-24641 (A NULL Pointer Dereference vulnerability [CWE-476] vulnerability in Fo ...)
 	NOT-FOR-US: Fortinet
 CVE-2026-24640 (A Stack-based Buffer Overflow vulnerability [CWE-121] vulnerability in ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/51423662fe9df25780c857589f60e36ab4cbd4ea

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/51423662fe9df25780c857589f60e36ab4cbd4ea
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260314/ecc8151f/attachment.htm>

More information about the debian-security-tracker-commits mailing list