[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Apr 30 08:13:57 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a3773087 by security tracker role at 2026-04-30T07:13:50+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,11 +1,11 @@
 CVE-2026-7470 (A flaw has been found in Tenda 4G300 US_4G300V1.0Mt_V1.01.42_CN_TDC01. ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2026-7469 (A vulnerability was detected in Tenda 4G300 US_4G300V1.0Mt_V1.01.42_CN ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2026-7468 (A security vulnerability has been detected in 1024-lab smart-admin up  ...)
 	TODO: check
 CVE-2026-7447 (A flaw has been found in SourceCodester Pet Grooming Management Softwa ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2026-7446 (A vulnerability was detected in VetCoders mcp-server-semgrep 1.0.0. Th ...)
 	TODO: check
 CVE-2026-7445 (A security vulnerability has been detected in ZachHandley ZMCPTools up ...)
@@ -13,9 +13,9 @@ CVE-2026-7445 (A security vulnerability has been detected in ZachHandley ZMCPToo
 CVE-2026-7443 (A weakness has been identified in BurtTheCoder mcp-dnstwist up to 1.0. ...)
 	TODO: check
 CVE-2026-7426 (Insufficient validation of the prefix length field in IPv6 Router Adve ...)
-	TODO: check
+	NOT-FOR-US: Amazon
 CVE-2026-7425 (Insufficient option length validation in the IPv6 Router Advertisement ...)
-	TODO: check
+	NOT-FOR-US: Amazon
 CVE-2026-7420 (A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-21 ...)
 	TODO: check
 CVE-2026-7419 (A vulnerability was identified in UTT HiPER 1250GW up to 3.2.7-210907- ...)
@@ -27,19 +27,19 @@ CVE-2026-7417 (A vulnerability was found in Algovate xhs-mcp 0.8.11. This affect
 CVE-2026-7416 (A vulnerability was found in PolarVista xcode-mcp-server 1.0.0. This i ...)
 	TODO: check
 CVE-2026-7410 (A vulnerability has been found in SourceCodester Pizzafy Ecommerce Sys ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2026-7409 (A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0.  ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2026-7408 (A vulnerability was detected in SourceCodester Pizzafy Ecommerce Syste ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2026-7407 (A security vulnerability has been detected in SourceCodester Pizzafy E ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2026-7404 (A weakness has been identified in getsimpletool mcpo-simple-server up  ...)
 	TODO: check
 CVE-2026-7403 (A security flaw has been discovered in geldata gel-mcp 0.1.0. This imp ...)
 	TODO: check
 CVE-2026-7401 (A vulnerability was detected in SourceCodester CET Automated Grading S ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2026-7400 (A security vulnerability has been detected in geekgod382 filesystem-mc ...)
 	TODO: check
 CVE-2026-7379 (Memory leak in sharkd 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial ...)
@@ -131,11 +131,11 @@ CVE-2025-50328 (A vulnerability in B1 Free Archiver v1.5.86 allows files extract
 CVE-2025-13030 (All versions of the package django-mdeditor are vulnerable to Missing  ...)
 	TODO: check
 CVE-2018-25318 (Tenda FH303/A300 firmware V5.07.68_EN contains a session weakness vuln ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2018-25317 (Tenda W3002R/A302/W309R wireless routers version V5.07.64_en contain a ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2018-25316 (Tenda W308R v2 V5.07.48 contains a cookie session weakness vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2018-25315 (Alloksoft Video joiner 4.6.1217 contains a buffer overflow vulnerabili ...)
 	TODO: check
 CVE-2018-25314 (Allok soft WMV to AVI MPEG DVD WMV Converter 4.6.1217 contains a buffe ...)
@@ -149,7 +149,7 @@ CVE-2018-25311 (VideoFlow Digital Video Protection DVP 2.10 contains an authenti
 CVE-2018-25310 (VideoFlow Digital Video Protection DVP 2.10 contains an authenticated  ...)
 	TODO: check
 CVE-2018-25309 (MyBB Recent threads 17.0 contains a persistent cross-site scripting vu ...)
-	TODO: check
+	NOT-FOR-US: MyBB
 CVE-2018-25308 (BuddyPress Xprofile Custom Fields Type 2.6.3 contains a remote code ex ...)
 	TODO: check
 CVE-2018-25307 (SysGauge Pro 4.6.12 contains a local buffer overflow vulnerability in  ...)
@@ -853,7 +853,7 @@ CVE-2026-4911 (The Booking Package plugin for WordPress is vulnerable to Price M
 CVE-2026-4805 (The Woostify plugin for WordPress is vulnerable to Stored Cross-Site S ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-41873 (** UNSUPPORTED WHEN ASSIGNED ** Inconsistent Interpretation of HTTP Re ...)
-	TODO: check
+	NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-41607 (Out-of-bounds Read vulnerability in Apache Thrift.  This issue affects ...)
 	- thrift <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2026/04/28/2



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a37730877bfe703f2f621fb803665f144b4feb66

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a37730877bfe703f2f621fb803665f144b4feb66
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260430/c4dad94c/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list