[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Apr 2 08:15:00 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0b5f14d8 by security tracker role at 2026-04-02T07:14:52+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2026-5325 (A vulnerability was determined in SourceCodester Simple Customer Relat ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2026-5323 (A vulnerability was found in priyankark a11y-mcp up to 1.0.5. This vul ...)
 	TODO: check
 CVE-2026-5322 (A vulnerability has been found in AlejandroArciniegas mcp-data-vis bc5 ...)
@@ -9,7 +9,7 @@ CVE-2026-5321 (A flaw has been found in vanna-ai vanna up to 2.0.2. Affected by
 CVE-2026-5320 (A vulnerability was detected in vanna-ai vanna up to 2.0.2. Affected b ...)
 	TODO: check
 CVE-2026-5319 (A security vulnerability has been detected in itsourcecode Payroll Man ...)
-	TODO: check
+	NOT-FOR-US: itsourcecode System
 CVE-2026-5318 (A weakness has been identified in LibRaw up to 0.22.0. This impacts th ...)
 	TODO: check
 CVE-2026-5317 (A security flaw has been discovered in Nothings stb up to 1.22. This a ...)
@@ -23,21 +23,21 @@ CVE-2026-5314 (A vulnerability was found in Nothings stb up to 1.26. Impacted is
 CVE-2026-5313 (A vulnerability has been found in Nothings stb up to 2.30. This issue  ...)
 	TODO: check
 CVE-2026-5312 (A weakness has been identified in D-Link DNS-120, DNR-202L, DNS-315L,  ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2026-5311 (A security flaw has been discovered in D-Link DNS-120, DNR-202L, DNS-3 ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2026-4820 (IBM Maximo Application Suite 9.1, 9.0, 8.11, and 8.10 does not set the ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2026-4759
 	REJECTED
 CVE-2026-4364 (IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Secur ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2026-4347 (The MW WP Form plugin for WordPress is vulnerable to arbitrary file mo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-4101 (IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Secur ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2026-3987 (A path traversal vulnerability in the Fireware OS Web UI on WatchGuard ...)
-	TODO: check
+	NOT-FOR-US: WatchGuard
 CVE-2026-3882
 	REJECTED
 CVE-2026-34873 (An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impers ...)
@@ -129,41 +129,41 @@ CVE-2026-32926 (V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read
 CVE-2026-32925 (V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflo ...)
 	TODO: check
 CVE-2026-2862 (IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Secur ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2026-2475 (IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Secur ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2026-22815 (AIOHTTP is an asynchronous HTTP client/server framework for asyncio an ...)
 	TODO: check
 CVE-2026-21767 (HCL BigFix Platform is affected byinsufficient authentication. The app ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2026-21765 (HCL BigFix Platform is affected by insecure permissions on private cry ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2026-1540 (The Spam Protect for Contact Form 7 WordPress plugin before 1.2.10 all ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-1491 (IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Secur ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2026-1345 (IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Secur ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2026-1243 (IBM Content Navigator 3.0.15, 3.1.0, and 3.2.0 is vulnerable to cross- ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-66487 (IBM Aspera Shares 1.9.9 through 1.11.0 does not properly rate limit th ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-66486 (IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTML injection ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-66485 (IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTTP header in ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-66484 (IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to stored cross-s ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-66483 (IBM Aspera Shares 1.9.9 through 1.11.0 does not invalidate session aft ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-66442 (In Mbed TLS through 4.0.0, there is a compiler-induced timing side cha ...)
 	TODO: check
 CVE-2025-36375 (IBM DataPower Gateway 10.6CD 10.6.1.0 through 10.6.5.0 and IBM DataPow ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-36373 (IBM DataPower Gateway 10.6CD 10.6.1.0 through 10.6.5.0 and IBM DataPow ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-13916 (IBM Aspera Shares 1.9.9 through 1.11.0 uses weaker than expected crypt ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-0711
 	REJECTED
 CVE-2026-5310 (A vulnerability was identified in Enter Software Iperius Backup up to  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b5f14d896f320c79905606494da3a2bdfb8326f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b5f14d896f320c79905606494da3a2bdfb8326f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260402/140c620a/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list