[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Jun 23 20:14:51 BST 2026



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
29c6e033 by security tracker role at 2026-06-23T19:14:46+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -75,7 +75,7 @@ CVE-2026-55423 (Langflow is a tool for building and deploying AI-powered agents
 CVE-2026-55255 (Langflow is a tool for building and deploying AI-powered agents and wo ...)
 	TODO: check
 CVE-2026-55249 (@rtk-ai/rtk-rewrite transparently rewrites shell commands executed via ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-54892 (Inefficient algorithmic complexity in Plug's nested-parameter decoder  ...)
 	TODO: check
 CVE-2026-54324 (Daytona is a secure and elastic infrastructure runtime for AI-generate ...)
@@ -183,7 +183,7 @@ CVE-2026-50019 (yt-dlp is a command-line audio/video downloader. From 2023.09.24
 CVE-2026-4983 (Open VSX Registry does not sanitize SVG files uploaded as extension ic ...)
 	TODO: check
 CVE-2026-4610 (The ProfileGrid \u2013 User Profiles, Groups and Communities plugin fo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-49983 (Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2. ...)
 	TODO: check
 CVE-2026-49860 (Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2. ...)
@@ -225,7 +225,7 @@ CVE-2026-44789 (n8n is an open source workflow automation platform. Prior to 1.1
 CVE-2026-44726 (Deno is a JavaScript, TypeScript, and WebAssembly runtime. From 2.0.0  ...)
 	TODO: check
 CVE-2026-44089 (TotolinkEX1200L router is vulnerable to Buffer Overflow in the login f ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2026-42867 (Langflow is a tool for building and deploying AI-powered agents and wo ...)
 	TODO: check
 CVE-2026-35019 (NetComm NF20MESH routers running firmware R6B031 and earlier contain a ...)
@@ -243,13 +243,13 @@ CVE-2026-13007 (Tenable Identity Exposure contains multiple unauthenticated API
 CVE-2026-12969 (An out-of-bounds read vulnerability exists in dnsmasq's find_soa() fun ...)
 	TODO: check
 CVE-2026-12958 (Missing symlink validation in Language Servers for AWS may allow an ar ...)
-	TODO: check
+	NOT-FOR-US: Amazon
 CVE-2026-12957 (Improper trust boundary enforcement in Language Servers for AWS before ...)
-	TODO: check
+	NOT-FOR-US: Amazon
 CVE-2026-11772 (DRIMO CMS is vulnerable to Reflected XSS via q parameter in searching  ...)
 	TODO: check
 CVE-2026-11374 (In ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager ...)
-	TODO: check
+	NOT-FOR-US: Zoho
 CVE-2026-10857 (Improper neutralization of input during web page generation ('cross-si ...)
 	TODO: check
 CVE-2026-10711 (Missing authentication for critical function vulnerability in AKIN Sof ...)
@@ -299,9 +299,9 @@ CVE-2025-61018 (An issue in the sqlo_place_dt_set component of openlink virtuoso
 CVE-2025-55639 (GPAC MP4Box v2.4 was discovered to contain a NULL pointer dereference  ...)
 	TODO: check
 CVE-2025-15619 (HCL Connections contains a broken access control vulnerability that ma ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2025-13162 (Uncontrolled Search Path Element vulnerability in ABB Control Builder  ...)
-	TODO: check
+	NOT-FOR-US: ABB group
 CVE-2023-54365 (Traefik before 2.10.5 and 3.0.0-beta4 is affected by a denial-of-servi ...)
 	TODO: check
 CVE-2026-44517
@@ -594052,11 +594052,11 @@ CVE-2020-9715 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 202
 CVE-2020-9714 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
 	NOT-FOR-US: Adobe
 CVE-2020-9713 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2020-9712 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
 	NOT-FOR-US: Adobe
 CVE-2020-9711 (Acrobat Reader versions 2020.009.20074, 2020.001.30002, 2017.011.30171 ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2020-9710 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
 	NOT-FOR-US: Adobe
 CVE-2020-9709
@@ -594088,7 +594088,7 @@ CVE-2020-9697 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 202
 CVE-2020-9696 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
 	NOT-FOR-US: Adobe
 CVE-2020-9695 (Acrobat Reader versions 2020.009.20074, 2020.001.30002, 2017.011.30171 ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2020-9694 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
 	NOT-FOR-US: Adobe
 CVE-2020-9693 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/29c6e033f071f1bcce2fc0f69aba0429751fe0e6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/29c6e033f071f1bcce2fc0f69aba0429751fe0e6
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260623/6974986b/attachment.htm>


More information about the debian-security-tracker-commits mailing list