[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Apr 29 08:13:12 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
28a01b98 by security tracker role at 2026-04-29T07:13:05+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -17,15 +17,15 @@ CVE-2026-7305 (A weakness has been identified in Xuxueli xxl-job up to 3.3.2. Th
 CVE-2026-7303 (A security flaw has been discovered in Xuxueli xxl-job up to 3.3.2. Im ...)
 	TODO: check
 CVE-2026-7297 (A vulnerability was determined in SourceCodester Pizzafy Ecommerce Sys ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2026-7296 (A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1 ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2026-7295 (A vulnerability has been found in SourceCodester Pizzafy Ecommerce Sys ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2026-7294 (A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0.  ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2026-7293 (A vulnerability was detected in SourceCodester Pizzafy Ecommerce Syste ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2026-7292 (A security vulnerability has been detected in o2oa up to 10.0. This im ...)
 	TODO: check
 CVE-2026-6807 (A vulnerability in GRASSMARLIN v3.2.1 allows crafted session data to   ...)
@@ -35,121 +35,121 @@ CVE-2026-5822
 CVE-2026-42615 (GCHQ CyberChef before 11.0.0 allows XSS via Show Base64 offsets, as de ...)
 	TODO: check
 CVE-2026-42432 (OpenClaw before 2026.4.8 contains a privilege escalation vulnerability ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-42431 (OpenClaw before 2026.4.8 contains a security bypass vulnerability in n ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-42430 (OpenClaw before 2026.4.8 contains a server-side request forgery vulner ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-42429 (OpenClaw before 2026.4.8 contains a privilege escalation vulnerability ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-42428 (OpenClaw versions before 2026.4.8 fail to enforce integrity verificati ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-42427 (OpenClaw before 2026.4.8 contains a remote code execution vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-42426 (OpenClaw before 2026.4.8 contains an improper authorization vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-42424 (OpenClaw before 2026.4.8 treats shared reply MEDIA paths as trusted, a ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-42423 (OpenClaw before 2026.4.8 contains an approval-timeout fallback mechani ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-42422 (OpenClaw before 2026.4.8 contains a role bypass vulnerability in the d ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-42421 (OpenClaw before 2026.4.8 contains a session management vulnerability w ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-42420 (OpenClaw before 2026.4.8 contains improper input validation in base64  ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-41916 (OpenClaw before 2026.4.8 contains an authentication state management v ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-41915 (OpenClaw before 2026.4.8 fails to remove git plumbing environment vari ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-41914 (OpenClaw before 2026.4.8 contains a server-side request forgery vulner ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-41913 (OpenClaw before 2026.4.4 contains a race condition vulnerability in sh ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-41912 (OpenClaw before 2026.4.8 contains a server-side request forgery policy ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-41911 (OpenClaw before 2026.4.8 contains a filesystem policy bypass vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-41910 (OpenClaw before 2026.4.8 omits owner-only enforcement for cross-channe ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-41649 (Outline is a service that allows for collaborative documentation. The  ...)
 	TODO: check
 CVE-2026-41446 (Snap One WattBox 800 and 820 series firmware versions prior to 2.10.0. ...)
 	TODO: check
 CVE-2026-41408 (OpenClaw before 2026.3.31 contains a resource exhaustion vulnerability ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-41407 (OpenClaw before 2026.4.2 contains a timing side channel vulnerability  ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-41406 (OpenClaw before 2026.3.31 contains a sender allowlist bypass vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-41405 (OpenClaw before 2026.3.31 parses MS Teams webhook request bodies befor ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-41404 (OpenClaw before 2026.3.31 contains an incomplete scope-clearing vulner ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-41403 (OpenClaw before 2026.3.31 misclassifies proxied remote requests as loo ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-41402 (OpenClaw before 2026.3.31 contains a scope bypass vulnerability in web ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-41400 (OpenClaw before 2026.3.31 contains an incomplete fix for CVE-2026-3206 ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-41399 (OpenClaw before 2026.3.28 accepts unbounded concurrent unauthenticated ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-41398 (OpenClaw before 2026.4.2 contains an improper access control vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-41397 (OpenClaw before 2026.3.31 contains a sandbox escape vulnerability allo ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-41396 (OpenClaw before 2026.3.31 allows workspace .env files to override the  ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-41395 (OpenClaw before 2026.3.28 contains a webhook replay vulnerability in P ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-41394 (OpenClaw before 2026.3.31 contains an authentication bypass vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-41393 (OpenClaw before 2026.3.31 contains a wide-area discovery vulnerability ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-41392 (OpenClaw before 2026.3.31 contains an exec allowlist bypass vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-41391 (OpenClaw before 2026.3.31 fails to properly sanitize PIP_INDEX_URL and ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-41390 (OpenClaw before 2026.3.28 contains an exec allowlist bypass vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-41388 (OpenClaw before 2026.3.31 contains a configuration management vulnerab ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-41387 (OpenClaw before 2026.3.22 contains an incomplete host environment vari ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-41386 (OpenClaw before 2026.3.22 contains a privilege escalation vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-41385 (OpenClaw before 2026.3.31 stores Nostr privateKey as plaintext in conf ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-41384 (OpenClaw before 2026.3.24 contains an environment variable injection v ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-41383 (OpenClaw before 2026.4.2 contains an arbitrary directory deletion vuln ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-41382 (OpenClaw before 2026.3.31 contains an authorization bypass vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-41381 (OpenClaw before 2026.3.31 contains an access control bypass vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-41380 (OpenClaw before 2026.3.28 contains an execution approval vulnerability ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-41379 (OpenClaw before 2026.3.28 contains a privilege escalation vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-41378 (OpenClaw before 2026.3.31 contains a privilege escalation vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-41377 (OpenClaw before 2026.3.31 contains a fail-open vulnerability in the pl ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-41376 (OpenClaw before 2026.3.31 contains an allowlist bypass vulnerability i ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-41375 (OpenClaw before 2026.3.28 contains an authorization bypass vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-41374 (OpenClaw before 2026.3.31 performs Discord audio preflight transcripti ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-41373 (OpenClaw before 2026.3.31 contains an incomplete host-env-security-pol ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-3893 (The Carlson VASCO-B GNSS Receiver lacks an authentication mechanism,   ...)
 	TODO: check
 CVE-2026-37750 (A reflected Cross-Site Scripting (XSS) vulnerability in School Managem ...)
 	TODO: check
 CVE-2026-35155 (Dell iDRAC10, versions 1.20.70.50 and 1.30.05.10, contains an Insuffic ...)
-	TODO: check
+	NOT-FOR-US: Dell / EMC
 CVE-2026-33467 (Improper Verification of Cryptographic Signature (CWE-347) in Elastic  ...)
 	TODO: check
 CVE-2026-24231 (NVIDIA NemoClaw contains a vulnerability in the validateEndpointUrl()  ...)
@@ -163,9 +163,9 @@ CVE-2026-24186 (NVIDIA FLARE SDK  contains a vulnerability in FOBS, where an att
 CVE-2026-24178 (NVIDIA NVFlare Dashboard contains a vulnerability in the user manageme ...)
 	TODO: check
 CVE-2026-23773 (Dell Disk Library for Mainframe, version(s) DLm 8700/2700 contain(s) a ...)
-	TODO: check
+	NOT-FOR-US: Dell / EMC
 CVE-2026-21023 (Insufficient verification of data authenticity in PackageManagerServic ...)
-	TODO: check
+	NOT-FOR-US: Samsung Mobile
 CVE-2026-42215
 	- python-git <unfixed>
 	NOTE: https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-rpm5-65cw-6hj4



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/28a01b98bf92ffa960256b93846cea3980f0f38c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/28a01b98bf92ffa960256b93846cea3980f0f38c
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260429/6e8438ca/attachment.htm>

More information about the debian-security-tracker-commits mailing list