[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Feb 20 08:13:57 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9c0307d6 by security tracker role at 2026-02-20T08:13:50+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -17,31 +17,31 @@ CVE-2026-2739 (This affects versions of the package bn.js before 5.2.3. Calling
 CVE-2026-2738 (Buffer overflow in ovpn\u2011dco\u2011winversion 2.8.0 allows local at ...)
 	TODO: check
 CVE-2026-2605 (Tanium addressed an insertion of sensitive information into log file v ...)
-	TODO: check
+	NOT-FOR-US: Tanium
 CVE-2026-2435 (Tanium addressed a SQL injection vulnerability in Asset.)
-	TODO: check
+	NOT-FOR-US: Tanium
 CVE-2026-2408 (Tanium addressed a use-after-free vulnerability in the Cloud Workloads ...)
-	TODO: check
+	NOT-FOR-US: Tanium
 CVE-2026-2384 (The Quiz Maker plugin for WordPress is vulnerable to Stored Cross-Site ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-2350 (Tanium addressed an insertion of sensitive information into log file v ...)
-	TODO: check
+	NOT-FOR-US: Tanium
 CVE-2026-27476 (RustFly 2.0.0 contains a command injection vulnerability in its remote ...)
 	TODO: check
 CVE-2026-27440 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-27387 (Missing Authorization vulnerability in designinvento DirectoryPress di ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-27368 (Missing Authorization vulnerability in SeedProd Coming Soon Page, Unde ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-27360 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-27343 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-27328 (Missing Authorization vulnerability in DevsBlink EduBlink edublink all ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-27327 (Missing Authorization vulnerability in YayCommerce YayMail \u2013 WooC ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-27325
 	REJECTED
 CVE-2026-27324
@@ -89,7 +89,7 @@ CVE-2026-26995
 CVE-2026-26994 (uTLS is a fork of crypto/tls, created to customize ClientHello for fin ...)
 	TODO: check
 CVE-2026-26993 (Flare is a Next.js-based, self-hostable file sharing platform that int ...)
-	TODO: check
+	NOT-FOR-US: Next.js
 CVE-2026-26992 (LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitorin ...)
 	TODO: check
 CVE-2026-26991 (LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitorin ...)
@@ -183,31 +183,31 @@ CVE-2026-24122 (Cosign provides code signing and transparency for containers and
 CVE-2026-21535 (Improper access control in Microsoft Teams allows an unauthorized atta ...)
 	TODO: check
 CVE-2026-1658 (User Interface (UI) Misrepresentation of Critical Information vulnerab ...)
-	TODO: check
+	NOT-FOR-US: OpenText
 CVE-2026-1292 (Tanium addressed an insertion of sensitive information into log file v ...)
-	TODO: check
+	NOT-FOR-US: Tanium
 CVE-2025-9208 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	NOT-FOR-US: OpenText
 CVE-2025-8055 (Server-Side Request Forgery (SSRF) vulnerability in OpenText\u2122 XM  ...)
-	TODO: check
+	NOT-FOR-US: OpenText
 CVE-2025-8054 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
-	TODO: check
+	NOT-FOR-US: OpenText
 CVE-2025-67305 (In RUCKUS Network Director (RND) < 4.5.0.56, the OVA appliance contain ...)
 	TODO: check
 CVE-2025-59819 (This vulnerability allows authenticated attackers to read an arbitrary ...)
 	TODO: check
 CVE-2025-30416 (Sensitive data disclosure and manipulation due to missing authorizatio ...)
-	TODO: check
+	NOT-FOR-US: Acronis
 CVE-2025-30412 (Sensitive data disclosure and manipulation due to improper authenticat ...)
-	TODO: check
+	NOT-FOR-US: Acronis
 CVE-2025-30411 (Sensitive data disclosure and manipulation due to improper authenticat ...)
-	TODO: check
+	NOT-FOR-US: Acronis
 CVE-2025-30410 (Sensitive data disclosure and manipulation due to missing authenticati ...)
-	TODO: check
+	NOT-FOR-US: Acronis
 CVE-2025-13672 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	NOT-FOR-US: OpenText
 CVE-2025-13671 (Cross-Site Request Forgery (CSRF) vulnerability in OpenText\u2122 Web  ...)
-	TODO: check
+	NOT-FOR-US: OpenText
 CVE-2026-2708 [libsoup: HTTP/1 request smuggling primitives accepted (CL.CL and TE+CL) in soup_headers_parse()]
 	- libsoup3 <unfixed>
 	- libsoup2.4 <removed>



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c0307d64c98e0c839e583afd9b7a2806b9013a5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c0307d64c98e0c839e583afd9b7a2806b9013a5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260220/847201fd/attachment.htm>

More information about the debian-security-tracker-commits mailing list