[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Apr 6 20:14:53 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
223ecc86 by security tracker role at 2026-04-06T19:14:44+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,17 +1,17 @@
CVE-2026-5704 (A flaw was found in tar. A remote attacker could exploit this vulnerab ...)
TODO: check
CVE-2026-5678 (A weakness has been identified in Totolink A7100RU 7.4cu.2313_b2019102 ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2026-5677 (A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20 ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2026-5676 (A vulnerability was identified in Totolink A8000R 5.9c.681_B20180413. ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2026-5675 (A vulnerability was found in itsourcecode Construction Management Syst ...)
- TODO: check
+ NOT-FOR-US: itsourcecode System
CVE-2026-5673 (A flaw was found in libtheora. This heap-based out-of-bounds read vuln ...)
TODO: check
CVE-2026-5672 (A vulnerability has been found in code-projects Simple IT Discussion F ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2026-5671 (A vulnerability was determined in Cyber-III Student-Management-System ...)
TODO: check
CVE-2026-5670 (A vulnerability was found in Cyber-III Student-Management-System up to ...)
@@ -21,9 +21,9 @@ CVE-2026-5669 (A vulnerability has been found in Cyber-III Student-Management-Sy
CVE-2026-5668 (A flaw has been found in Cyber-III Student-Management-System up to 1a9 ...)
TODO: check
CVE-2026-5666 (A vulnerability was detected in code-projects Online FIR System 1.0. A ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2026-5665 (A security vulnerability has been detected in code-projects Online FIR ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2026-5664
REJECTED
CVE-2026-5663 (A security flaw has been discovered in OFFIS DCMTK up to 3.7.0. This i ...)
@@ -31,21 +31,21 @@ CVE-2026-5663 (A security flaw has been discovered in OFFIS DCMTK up to 3.7.0. T
CVE-2026-5661 (A vulnerability was identified in Free5GC 4.2.0. This affects an unkno ...)
TODO: check
CVE-2026-5660 (A vulnerability was determined in itsourcecode Construction Management ...)
- TODO: check
+ NOT-FOR-US: itsourcecode System
CVE-2026-5659 (A vulnerability was found in pytries datrie up to 0.8.3. The affected ...)
TODO: check
CVE-2026-5650 (A vulnerability was found in code-projects Online Application System f ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2026-5649 (A vulnerability has been found in code-projects Online Application Sys ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2026-5648 (A flaw has been found in code-projects Simple Laundry System 1.0. This ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2026-5647 (A vulnerability was detected in code-projects Online Shoe Store 1.0. T ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2026-5646 (A security vulnerability has been detected in code-projects Easy Blog ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2026-5645 (A weakness has been identified in projectworlds Car Rental System 1.0. ...)
- TODO: check
+ NOT-FOR-US: Project Worlds
CVE-2026-5644 (A security flaw has been discovered in Cyber-III Student-Management-Sy ...)
TODO: check
CVE-2026-5643 (A vulnerability was identified in Cyber-III Student-Management-System ...)
@@ -53,21 +53,21 @@ CVE-2026-5643 (A vulnerability was identified in Cyber-III Student-Management-Sy
CVE-2026-5642 (A vulnerability was determined in Cyber-III Student-Management-System ...)
TODO: check
CVE-2026-5641 (A vulnerability was found in PHPGurukul Online Shopping Portal Project ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2026-5640 (A vulnerability has been found in PHPGurukul Online Shopping Portal Pr ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2026-5639 (A flaw has been found in PHPGurukul Online Shopping Portal Project 2.1 ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2026-5638 (A vulnerability was detected in HerikLyma CPPWebFramework up to 3.1. T ...)
TODO: check
CVE-2026-5637 (A security vulnerability has been detected in projectworlds Car Rental ...)
- TODO: check
+ NOT-FOR-US: Project Worlds
CVE-2026-5636 (A weakness has been identified in PHPGurukul Online Shopping Portal Pr ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2026-5635 (A security flaw has been discovered in PHPGurukul Online Shopping Port ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2026-5634 (A vulnerability was identified in projectworlds Car Rental Project 1.0 ...)
- TODO: check
+ NOT-FOR-US: Project Worlds
CVE-2026-5633 (A vulnerability was determined in assafelovic gpt-researcher up to 3.4 ...)
TODO: check
CVE-2026-3524 (Mattermost Plugin Legal Hold versions <=1.1.4 fail to halt request pro ...)
@@ -145,9 +145,9 @@ CVE-2026-34950 (fast-jwt provides fast JSON Web Token (JWT) implementation. In 6
CVE-2026-34940 (KubeAI is an AI inference operator for kubernetes. Prior to 0.23.2, th ...)
TODO: check
CVE-2026-34897 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-34885 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-34841 (Bruno is an open source IDE for exploring and testing APIs. Prior to 3 ...)
TODO: check
CVE-2026-34783 (Ferret is a declarative system for working with web data. Prior to 2.0 ...)
@@ -167,7 +167,7 @@ CVE-2026-34588 (OpenEXR provides the specification and reference implementation
CVE-2026-34444 (Lupa integrates the runtimes of Lua or LuaJIT2 into CPython. In 2.6 an ...)
TODO: check
CVE-2026-34402 (ChurchCRM is an open-source church management system. Prior to 7.1.0, ...)
- TODO: check
+ NOT-FOR-US: ChurchCRM
CVE-2026-34380 (OpenEXR provides the specification and reference implementation of the ...)
TODO: check
CVE-2026-34379 (OpenEXR provides the specification and reference implementation of the ...)
@@ -255,29 +255,29 @@ CVE-2026-26026 (GLPI is a free asset and IT management software package. From 11
CVE-2026-25932 (GLPI is a Free Asset and IT Management Software package. From 0.60 to ...)
TODO: check
CVE-2026-21382 (Memory Corruption when handling power management requests with imprope ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2026-21381 (Transient DOS when receiving a service data frame with excessive lengt ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2026-21380 (Memory Corruption when using deprecated DMABUF IOCTL calls to manage v ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2026-21378 (Memory Corruption when accessing an output buffer without validating i ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2026-21376 (Memory Corruption when accessing an output buffer without validating i ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2026-21375 (Memory Corruption when accessing an output buffer without validating i ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2026-21374 (Memory Corruption when processing auxiliary sensor input/output contro ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2026-21373 (Memory Corruption when accessing an output buffer without validating i ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2026-21372 (Memory Corruption when sending IOCTL requests with invalid buffer size ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2026-21371 (Memory Corruption when retrieving output buffer with insufficient size ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2026-21367 (Transient DOS when processing nonstandard FILS Discovery Frames with o ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2026-0049 (In onHeaderDecoded of LocalImageResolver.java, there is a possible per ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2025-61166 (An open redirect in Ascertia SigningHub User v10.0 allows attackers to ...)
TODO: check
CVE-2025-59440 (An issue was discovered in USIM in Samsung Mobile Processor, Wearable ...)
@@ -289,19 +289,19 @@ CVE-2025-57835 (An issue was discovered in RRC in Samsung Mobile Processor, Wear
CVE-2025-54324 (An issue was discovered in NAS in Samsung Mobile Processor, Wearable P ...)
TODO: check
CVE-2025-48651 (N/A)
- TODO: check
+ NOT-FOR-US: Android
CVE-2025-47400 (Cryptographic issue while copying data to a destination buffer without ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2025-47392 (Memory corruption when decoding corrupted satellite data files with in ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2025-47391 (Memory corruption while processing a frame request from user.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2025-47390 (Memory corruption while preprocessing IOCTL request in JPEG driver.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2025-47389 (Memory corruption when buffer copy operation fails due to integer over ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2025-47374 (Memory Corruption when accessing freed memory due to concurrent fence ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-14032 (Twitch Studio version 0.114.8 and prior contain a privilege escalation ...)
TODO: check
CVE-2026-31410 (In the Linux kernel, the following vulnerability has been resolved: k ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/223ecc86f788c8ce35822f4e29ea07743f086650
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/223ecc86f788c8ce35822f4e29ea07743f086650
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260406/28836397/attachment.htm>
More information about the debian-security-tracker-commits
mailing list