[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Apr 2 20:13:58 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
aeb1e8bf by security tracker role at 2026-04-02T19:13:50+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
CVE-2026-5429 (Unsanitized input during web page generation in the Kiro Agent webview ...)
- TODO: check
+ NOT-FOR-US: Amazon
CVE-2026-5418 (A vulnerability was identified in appsmithorg appsmith up to 1.97. Imp ...)
TODO: check
CVE-2026-5417 (A vulnerability was determined in Dataease SQLbot up to 1.6.0. This is ...)
@@ -11,23 +11,23 @@ CVE-2026-5413 (A vulnerability was identified in Newgen OmniDocs up to 12.0.00.
CVE-2026-5370 (A vulnerability was identified in krayin laravel-crm up to 2.2. Impact ...)
TODO: check
CVE-2026-5368 (A vulnerability was determined in projectworlds Car Rental Project 1.0 ...)
- TODO: check
+ NOT-FOR-US: Project Worlds
CVE-2026-5360 (A vulnerability has been found in Free5GC 4.2.0. The affected element ...)
TODO: check
CVE-2026-5355 (A vulnerability has been found in Trendnet TEW-657BRM 1.00.1. Affected ...)
- TODO: check
+ NOT-FOR-US: TRENDnet
CVE-2026-5354 (A flaw has been found in Trendnet TEW-657BRM 1.00.1. Affected by this ...)
- TODO: check
+ NOT-FOR-US: TRENDnet
CVE-2026-5353 (A vulnerability was detected in Trendnet TEW-657BRM 1.00.1. Affected i ...)
- TODO: check
+ NOT-FOR-US: TRENDnet
CVE-2026-5352 (A security vulnerability has been detected in Trendnet TEW-657BRM 1.00 ...)
- TODO: check
+ NOT-FOR-US: TRENDnet
CVE-2026-5351 (A weakness has been identified in Trendnet TEW-657BRM 1.00.1. This aff ...)
- TODO: check
+ NOT-FOR-US: TRENDnet
CVE-2026-5350 (A security flaw has been discovered in Trendnet TEW-657BRM 1.00.1. The ...)
- TODO: check
+ NOT-FOR-US: TRENDnet
CVE-2026-5349 (A vulnerability was identified in Trendnet TEW-657BRM 1.00.1. The affe ...)
- TODO: check
+ NOT-FOR-US: TRENDnet
CVE-2026-5346 (A vulnerability was determined in huimeicloud hm_editor up to 2.2.3. I ...)
TODO: check
CVE-2026-5344 (A security vulnerability has been detected in Textpattern up to 4.9.1. ...)
@@ -35,11 +35,11 @@ CVE-2026-5344 (A security vulnerability has been detected in Textpattern up to 4
CVE-2026-5342 (A flaw has been found in LibRaw up to 0.22.0. This affects the functio ...)
TODO: check
CVE-2026-5339 (A vulnerability was detected in Tenda G103 1.0.0.5. The impacted eleme ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-5338 (A security vulnerability has been detected in Tenda G103 1.0.0.5. The ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-5334 (A weakness has been identified in itsourcecode Online Enrollment Syste ...)
- TODO: check
+ NOT-FOR-US: itsourcecode System
CVE-2026-5333 (A security flaw has been discovered in DefaultFuction Content-Manageme ...)
TODO: check
CVE-2026-5332 (A vulnerability was identified in Xiaopi Panel 1.0.0. This vulnerabili ...)
@@ -47,13 +47,13 @@ CVE-2026-5332 (A vulnerability was identified in Xiaopi Panel 1.0.0. This vulner
CVE-2026-5331 (A vulnerability was determined in OpenCart 4.1.0.3. This affects an un ...)
TODO: check
CVE-2026-5330 (A vulnerability was found in SourceCodester/mayuri_k Best Courier Mana ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-5328 (A weakness has been identified in shsuishang modulithshop up to 829bac ...)
TODO: check
CVE-2026-5327 (A security flaw has been discovered in efforthye fast-filesystem-mcp u ...)
TODO: check
CVE-2026-5326 (A vulnerability was identified in SourceCodester Leave Application Sys ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-5246 (A vulnerability was determined in Cesanta Mongoose up to 7.20. Affecte ...)
TODO: check
CVE-2026-5245 (A vulnerability was found in Cesanta Mongoose up to 7.20. This impacts ...)
@@ -61,7 +61,7 @@ CVE-2026-5245 (A vulnerability was found in Cesanta Mongoose up to 7.20. This im
CVE-2026-5244 (A vulnerability has been found in Cesanta Mongoose up to 7.20. This af ...)
TODO: check
CVE-2026-5032 (The W3 Total Cache plugin for WordPress is vulnerable to information e ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4636 (A flaw was found in Keycloak. An authenticated user with the uma_prote ...)
TODO: check
CVE-2026-4634 (A flaw was found in Keycloak. An unauthenticated attacker can exploit ...)
@@ -73,7 +73,7 @@ CVE-2026-4282 (A flaw was found in Keycloak. The SingleUseObjectProvider, a glob
CVE-2026-3872 (A flaw was found in Keycloak. This issue allows an attacker, who contr ...)
TODO: check
CVE-2026-3692 (In Progress Flowmon versions prior to 12.5.8, a vulnerability exists w ...)
- TODO: check
+ NOT-FOR-US: Progress Software
CVE-2026-35414 (OpenSSH before 10.3 mishandles the authorized_keys principals option i ...)
TODO: check
CVE-2026-35388 (OpenSSH before 10.3 omits connection multiplexing confirmation for pro ...)
@@ -95,7 +95,7 @@ CVE-2026-34974 (phpMyFAQ is an open source FAQ web application. Prior to version
CVE-2026-34973 (phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1 ...)
TODO: check
CVE-2026-34890 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-34877 (An issue was discovered in Mbed TLS versions from 2.19.0 up to 3.6.5, ...)
TODO: check
CVE-2026-34876 (An issue was discovered in Mbed TLS 3.x before 3.6.6. An out-of-bounds ...)
@@ -249,23 +249,23 @@ CVE-2026-34523 (SillyTavern is a locally installed user interface that allows us
CVE-2026-34522 (SillyTavern is a locally installed user interface that allows users to ...)
TODO: check
CVE-2026-34426 (OpenClaw versions prior to commit b57b680contain an approval bypass vu ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-34425 (OpenClaw versions prior to commit 8aceaf5 contain a preflight validati ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-34230 (Rack is a modular Ruby web server interface. Prior to versions 2.2.23, ...)
TODO: check
CVE-2026-34124 (A denial-of-service vulnerability was identified in TP-Link Tapo C520W ...)
- TODO: check
+ NOT-FOR-US: TPLink
CVE-2026-34122 (A stack-based buffer overflow vulnerability was identified in TP-Link ...)
- TODO: check
+ NOT-FOR-US: TPLink
CVE-2026-34121 (An authentication bypass vulnerability within the HTTP handling of the ...)
- TODO: check
+ NOT-FOR-US: TPLink
CVE-2026-34120 (A heap-based buffer overflow vulnerability was identified in TP-Link T ...)
- TODO: check
+ NOT-FOR-US: TPLink
CVE-2026-34119 (A heap-based buffer overflow vulnerability was identified in TP-Link T ...)
- TODO: check
+ NOT-FOR-US: TPLink
CVE-2026-34118 (A heap-based buffer overflow vulnerability was identified in TP-Link T ...)
- TODO: check
+ NOT-FOR-US: TPLink
CVE-2026-34083 (Signal K Server is a server application that runs on a central hub in ...)
TODO: check
CVE-2026-33951 (Signal K Server is a server application that runs on a central hub in ...)
@@ -291,7 +291,7 @@ CVE-2026-33544 (Tinyauth is an authentication and authorization server. Prior to
CVE-2026-33533 (Glances is an open-source system cross-platform monitoring tool. Prior ...)
TODO: check
CVE-2026-33271 (Local privilege escalation due to insecure folder permissions. The fol ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2026-32871 (FastMCP is a Pythonic way to build MCP servers and clients. Prior to v ...)
TODO: check
CVE-2026-32762 (Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 ...)
@@ -319,11 +319,11 @@ CVE-2026-30603 (An issue in the firmware update mechanism of Qianniao QN-L23PA09
CVE-2026-30332 (A Time-of-Check to Time-of-Use (TOCTOU) race condition vulnerability i ...)
TODO: check
CVE-2026-2737 (A vulnerability exists in Progress Flowmon versions prior to 12.5.8 an ...)
- TODO: check
+ NOT-FOR-US: Progress Software
CVE-2026-2701 (Authenticated user can upload a malicious file to the server and execu ...)
- TODO: check
+ NOT-FOR-US: Progress Software
CVE-2026-2699 (Customer Managed ShareFile Storage Zones Controller (SZC) allows an un ...)
- TODO: check
+ NOT-FOR-US: Progress Software
CVE-2026-29782 (OpenSTAManager is an open source management software for technical ass ...)
TODO: check
CVE-2026-29144 (SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker ...)
@@ -357,9 +357,9 @@ CVE-2026-29131 (SEPPmail Secure Email Gateway before version 15.0.3 allows attac
CVE-2026-28805 (OpenSTAManager is an open source management software for technical ass ...)
TODO: check
CVE-2026-28728 (Local privilege escalation due to DLL hijacking vulnerability. The fol ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2026-27774 (Local privilege escalation due to DLL hijacking vulnerability. The fol ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2026-26962 (Rack is a modular Ruby web server interface. From version 3.2.0 to bef ...)
TODO: check
CVE-2026-26961 (Rack is a modular Ruby web server interface. Prior to versions 2.2.23, ...)
@@ -373,41 +373,41 @@ CVE-2026-26895 (User enumeration vulnerability in /pwreset.php in osTicket v1.18
CVE-2026-25212 (An issue was discovered in Percona PMM before 3.7. Because an internal ...)
TODO: check
CVE-2026-0688 (The Webmention plugin for WordPress is vulnerable to Server-Side Reque ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-0686 (The Webmention plugin for WordPress is vulnerable to Server-Side Reque ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-0634 (Code execution in AssistFeedbackService of TECNO Pova7 Pro 5G on Andro ...)
- TODO: check
+ NOT-FOR-US: TECNO Mobile
CVE-2025-65114 (Apache Traffic Server allows request smuggling if chunked messages are ...)
TODO: check
CVE-2025-58136 (A bug in POST request handling causes a crash under a certain conditio ...)
TODO: check
CVE-2025-43264 (The issue was addressed with improved memory handling. This issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-43257 (This issue was addressed with improved handling of symlinks. This issu ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-43238 (An integer overflow was addressed with improved input validation. This ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-43236 (A type confusion issue was addressed with improved memory handling. Th ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-43219 (The issue was addressed with improved memory handling. This issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-43210 (An out-of-bounds access issue was addressed with improved bounds check ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-43202 (This issue was addressed with improved memory handling. This issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2024-44303 (The issue was addressed with improved checks. This issue is fixed in m ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2024-44286 (This issue was addressed through improved state management. This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2024-44250 (A permissions issue was addressed with additional restrictions. This i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2024-44219 (A permissions issue was addressed with additional restrictions. This i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2024-40858 (A permissions issue was addressed with additional restrictions. This i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2024-40849 (A race condition was addressed with additional validation. This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-7342 (HiSecOS web server contains a privilege escalation vulnerability that ...)
TODO: check
CVE-2026-27456 [util-linux: mount(8) TOCTOU symlink attack via loop device]
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aeb1e8bfd4e51605e811f5a102d908c7b5d3681c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aeb1e8bfd4e51605e811f5a102d908c7b5d3681c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260402/e383fa48/attachment.htm>
More information about the debian-security-tracker-commits
mailing list