[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Thu Apr 30 20:14:36 BST 2026


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
418a86e7 by security tracker role at 2026-04-30T19:14:27+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
 CVE-2026-7500 (When Keycloak is started with `--features-disabled=account,account-api ...)
 	TODO: check
 CVE-2026-7461 (Improper neutralization of inputs used in an OS command in the FSx Win ...)
-	TODO: check
+	NOT-FOR-US: Amazon
 CVE-2026-7402 (Improper Control of Interaction Frequency vulnerability in MeWare Soft ...)
 	TODO: check
 CVE-2026-7399 (Authorization bypass through User-Controlled key vulnerability in MeWa ...)
@@ -17,17 +17,17 @@ CVE-2026-7164 (Incorrect packet validation allowed unbounded recursion parsing S
 CVE-2026-7163 (A vulnerability in the assisted-service REST API, an optional Assisted ...)
 	TODO: check
 CVE-2026-6498 (The Five Star Restaurant Reservations plugin for WordPress is vulnerab ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-5174 (Improper input validation vulnerability in Progress Software MOVEit Au ...)
-	TODO: check
+	NOT-FOR-US: Progress Software
 CVE-2026-5080 (Dancer::Session::Abstract versions through 1.3522 for Perl generates s ...)
 	TODO: check
 CVE-2026-4670 (Authentication bypass by primary weakness vulnerability in Progress So ...)
-	TODO: check
+	NOT-FOR-US: Progress Software
 CVE-2026-42800 (NULL pointer dereference vulnerability in ASR1903 in ASR Lapwing_Linux ...)
-	TODO: check
+	NOT-FOR-US: ASR Microelectronics
 CVE-2026-42799 (Out-of-bounds read vulnerability in ASR Kestrel (nr_fw modules) allows ...)
-	TODO: check
+	NOT-FOR-US: ASR Microelectronics
 CVE-2026-42798 (Little CMS (lcms2) 2.16 through 2.18 before 2.19 has an integer overfl ...)
 	TODO: check
 CVE-2026-42512 (As dhclient is building an environment to pass to dhclient-script, it  ...)
@@ -109,7 +109,7 @@ CVE-2026-32148 (Insufficient Verification of Data Authenticity vulnerability in
 CVE-2026-31693 (In the Linux kernel, the following vulnerability has been resolved:  c ...)
 	TODO: check
 CVE-2026-2892 (The Otter Blocks plugin for WordPress is vulnerable to Purchase Verifi ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-22070 (ColorOS Assistant has an unauthenticated start-download channel, leadi ...)
 	TODO: check
 CVE-2026-1493 (LEX Baza Dokument\xf3w is vulnerable to DOM-based XSS in "em"cookie pa ...)
@@ -127,7 +127,7 @@ CVE-2025-51846 (CryptPad 2025.3.1 allows unbounded WebSocket frame flood. A remo
 CVE-2025-14576 (Insufficient validation of node IDs in Qt SVG module allows arbitrary  ...)
 	TODO: check
 CVE-2025-14543 (Improper Restriction of XML External Entity Reference vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: RTI Connext
 CVE-2025-13890
 	REJECTED
 CVE-2024-39847 (Unauthenticated attackers can exploit a weakness in the XML parser fun ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/418a86e7c6ccfd45a592c4617854689ca5cb7047

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/418a86e7c6ccfd45a592c4617854689ca5cb7047
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260430/40db77e6/attachment.htm>
