[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Apr 7 08:15:45 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9f0475a7 by security tracker role at 2026-04-07T07:15:36+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,51 +1,51 @@
 CVE-2026-5719 (A flaw has been found in itsourcecode Construction Management System 1 ...)
-	TODO: check
+	NOT-FOR-US: itsourcecode System
 CVE-2026-5709 (Unsanitized input in the FileBrowser API in AWS Research and Engineeri ...)
-	TODO: check
+	NOT-FOR-US: Amazon
 CVE-2026-5708 (Unsanitized control of user-modifiable attributes in the session creat ...)
-	TODO: check
+	NOT-FOR-US: Amazon
 CVE-2026-5707 (Unsanitized input in an OS command in the virtual desktop session name ...)
-	TODO: check
+	NOT-FOR-US: Amazon
 CVE-2026-5705 (A vulnerability was identified in code-projects Online Hotel Booking 1 ...)
-	TODO: check
+	NOT-FOR-US: code-projects
 CVE-2026-5692 (A vulnerability was found in Totolink A7100RU 7.4cu.2313_b20191024. Th ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2026-5691 (A vulnerability has been found in Totolink A7100RU 7.4cu.2313_b2019102 ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2026-5690 (A flaw has been found in Totolink A7100RU 7.4cu.2313_b20191024. The im ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2026-5689 (A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2026-5688 (A security vulnerability has been detected in Totolink A7100RU 7.4cu.2 ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2026-5687 (A weakness has been identified in Tenda CX12L 16.03.53.12. This issue  ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2026-5686 (A security flaw has been discovered in Tenda CX12L 16.03.53.12. This v ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2026-5685 (A vulnerability was identified in Tenda CX12L 16.03.53.12. This affect ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2026-5684 (A vulnerability was determined in Tenda CX12L 16.03.53.12. Affected by ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2026-5683 (A vulnerability was found in Tenda CX12L 16.03.53.12. Affected by this ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2026-5682 (A vulnerability has been found in Meesho Online Shopping App up to 27. ...)
 	TODO: check
 CVE-2026-5681 (A flaw has been found in itsourcecode sanitize or validate this input  ...)
 	TODO: check
 CVE-2026-5679 (A security vulnerability has been detected in Totolink A3300R 17.0.0cu ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2026-5465 (The Booking for Appointments and Events Calendar \u2013 Amelia plugin  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-4079 (The SQL Chart Builder WordPress plugin before 2.3.8 does not properly  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-35475 (WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, th ...)
-	TODO: check
+	NOT-FOR-US: WeGIA
 CVE-2026-35474 (WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, op ...)
-	TODO: check
+	NOT-FOR-US: WeGIA
 CVE-2026-35473 (WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an ...)
-	TODO: check
+	NOT-FOR-US: WeGIA
 CVE-2026-35472 (WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an ...)
-	TODO: check
+	NOT-FOR-US: WeGIA
 CVE-2026-35471 (goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.3, tdel ...)
 	TODO: check
 CVE-2026-35459 (pyLoad is a free and open-source download manager written in Python. I ...)
@@ -63,31 +63,31 @@ CVE-2026-35448 (WWBN AVideo is an open source video platform. In versions 26.0 a
 CVE-2026-35444 (SDL_image is a library to load images of various formats as SDL surfac ...)
 	TODO: check
 CVE-2026-35442 (Directus is a real-time API and App dashboard for managing SQL databas ...)
-	TODO: check
+	NOT-FOR-US: Directus
 CVE-2026-35441 (Directus is a real-time API and App dashboard for managing SQL databas ...)
-	TODO: check
+	NOT-FOR-US: Directus
 CVE-2026-35413 (Directus is a real-time API and App dashboard for managing SQL databas ...)
-	TODO: check
+	NOT-FOR-US: Directus
 CVE-2026-35412 (Directus is a real-time API and App dashboard for managing SQL databas ...)
-	TODO: check
+	NOT-FOR-US: Directus
 CVE-2026-35411 (Directus is a real-time API and App dashboard for managing SQL databas ...)
-	TODO: check
+	NOT-FOR-US: Directus
 CVE-2026-35410 (Directus is a real-time API and App dashboard for managing SQL databas ...)
-	TODO: check
+	NOT-FOR-US: Directus
 CVE-2026-35409 (Directus is a real-time API and App dashboard for managing SQL databas ...)
-	TODO: check
+	NOT-FOR-US: Directus
 CVE-2026-35408 (Directus is a real-time API and App dashboard for managing SQL databas ...)
-	TODO: check
+	NOT-FOR-US: Directus
 CVE-2026-35404 (Open edX Platform enables the authoring and delivery of online learnin ...)
 	TODO: check
 CVE-2026-35399 (WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, a  ...)
-	TODO: check
+	NOT-FOR-US: WeGIA
 CVE-2026-35398 (WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an ...)
-	TODO: check
+	NOT-FOR-US: WeGIA
 CVE-2026-35396 (WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an ...)
-	TODO: check
+	NOT-FOR-US: WeGIA
 CVE-2026-35395 (WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, We ...)
-	TODO: check
+	NOT-FOR-US: WeGIA
 CVE-2026-35394 (Mobile Next is an MCP server for mobile development and automation. Pr ...)
 	TODO: check
 CVE-2026-35393 (goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.3, the  ...)
@@ -109,7 +109,7 @@ CVE-2026-35203 (ZLMediaKit is a streaming media service framework. the VP9 RTP p
 CVE-2026-35201 (Discount is an implementation of John Gruber's Markdown markup languag ...)
 	TODO: check
 CVE-2026-35200 (Parse Server is an open source backend that can be deployed to any inf ...)
-	TODO: check
+	NOT-FOR-US: Parse Server
 CVE-2026-35199 (SymCrypt is the core cryptographic function library currently used by  ...)
 	TODO: check
 CVE-2026-35197 (dye is a portable and respectful color library for shell scripts. Prio ...)
@@ -149,25 +149,25 @@ CVE-2026-34972 (OpenFGA is a high-performance and flexible authorization/permiss
 CVE-2026-22675 (OCS Inventory NG Server version 2.12.3 and prior contain a stored cros ...)
 	TODO: check
 CVE-2026-20446 (In sec boot, there is a possible out of bounds write due to an integer ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2026-20433 (In Modem, there is a possible out of bounds write due to a missing bou ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2026-20432 (In Modem, there is a possible out of bounds write due to a missing bou ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2026-20431 (In Modem, there is a possible system crash due to a logic error. This  ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2026-1900 (The Link Whisper Free WordPress plugin before 0.9.1 has a publicly acc ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-1839 (A vulnerability in the HuggingFace Transformers library, specifically  ...)
 	TODO: check
 CVE-2026-1114 (In parisneo/lollms version 2.1.0, the application's session management ...)
 	TODO: check
 CVE-2026-0740 (The Ninja Forms - File Uploads plugin for WordPress is vulnerable to a ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-65116 (Buffer Overflow Vulnerability in JP1/IT Desktop Management 2 - Manager ...)
-	TODO: check
+	NOT-FOR-US: Hitachi
 CVE-2025-65115 (Remote Code Execution Vulnerabilityin JP1/IT Desktop Management 2 - Ma ...)
-	TODO: check
+	NOT-FOR-US: Hitachi
 CVE-2025-57834 (An issue was discovered in Samsung Mobile Processor, Wearable Processo ...)
 	TODO: check
 CVE-2025-54602 (An issue was discovered in the Wi-Fi driver in Samsung Mobile Processo ...)
@@ -177,9 +177,9 @@ CVE-2025-54601 (An issue was discovered in the Wi-Fi driver in Samsung Mobile Pr
 CVE-2025-54328 (An issue was discovered in SMS in Samsung Mobile Processor, Wearable P ...)
 	TODO: check
 CVE-2025-15611 (The Popup Box  WordPress plugin before 5.5.0 does not properly validat ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-13044 (IBM Concert 1.0.0 through 2.2.0 creates temporary files with predictab ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2026-4878 [Address a potential TOCTOU race condition in cap_set_file()]
 	- libcap2 1:2.78-1
 	[trixie] - libcap2 <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f0475a7f88545bd05822dd89d526b190209e654

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f0475a7f88545bd05822dd89d526b190209e654
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260407/b7540c94/attachment.htm>

More information about the debian-security-tracker-commits mailing list