[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Mar 5 20:14:19 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
740ebc0c by security tracker role at 2026-03-05T20:14:10+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,9 +1,9 @@
 CVE-2026-3598 (Use of a Broken or Risky Cryptographic Algorithm vulnerability in rust ...)
 	TODO: check
 CVE-2026-3459 (The Drag and Drop Multiple File Upload - Contact Form 7 plugin for Wor ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-3236 (In affected versions of Octopus Server it was possible to create a new ...)
-	TODO: check
+	NOT-FOR-US: Octopus Deploy
 CVE-2026-3047 (A flaw was found in org.keycloak.broker.saml. When a disabled Security ...)
 	TODO: check
 CVE-2026-3009 (A security flaw in the IdentityBrokerService.performLogin endpoint of  ...)
@@ -35,7 +35,7 @@ CVE-2026-30784 (Missing Authorization, Missing Authentication for Critical Funct
 CVE-2026-30783 (A vulnerability in rustdesk-client RustDesk Client rustdesk-client on  ...)
 	TODO: check
 CVE-2026-2599 (The Database for Contact Form 7, WPforms, Elementor forms plugin for W ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-29054 (Traefik is an HTTP reverse proxy and load balancer. From version 2.11. ...)
 	TODO: check
 CVE-2026-28790 (OliveTin gives access to predefined shell commands from a web interfac ...)
@@ -43,17 +43,17 @@ CVE-2026-28790 (OliveTin gives access to predefined shell commands from a web in
 CVE-2026-28789 (OliveTin gives access to predefined shell commands from a web interfac ...)
 	TODO: check
 CVE-2026-28551 (Race condition vulnerability in the device security management module. ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2026-28549 (Race condition vulnerability in the permission management service.Impa ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2026-28548 (Vulnerability of improper verification in the email application.Impact ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2026-28547 (Vulnerability of uninitialized pointer access in the scanning module.I ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2026-28546 (Buffer overflow vulnerability in the scanning module.Impact: Successfu ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2026-28542 (Permission bypass vulnerability in the system service framework.Impact ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2026-28353 (Trivy Vulnerability Scanner is a VS Code extension that helps find vul ...)
 	TODO: check
 CVE-2026-28350 (lxml_html_clean is a project for HTML cleaning functionalities copied  ...)
@@ -119,27 +119,27 @@ CVE-2026-25048 (xgrammar is an open-source library for efficient, flexible, and
 CVE-2026-24457 (An unsafe parsing of OpenMQ's configuration, allows a remote attacker  ...)
 	TODO: check
 CVE-2026-21628 (A improperly secured file management feature allows uploads of dangero ...)
-	TODO: check
+	NOT-FOR-US: Joomla
 CVE-2026-21621 (Incorrect Authorization vulnerability in hexpm hexpm/hexpm ('Elixir.He ...)
 	TODO: check
 CVE-2026-1720 (The WowOptin: Next-Gen Popup Maker \u2013 Create Stunning Popups and O ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-1605 (In Eclipse Jetty, versions 12.0.0-12.0.31 and 12.1.0-12.0.5, class Gzi ...)
 	TODO: check
 CVE-2025-7375 (A denial-of-service (DoS) vulnerability was identified in Omada EAP610 ...)
-	TODO: check
+	NOT-FOR-US: TPLink
 CVE-2025-70616 (A stack buffer overflow vulnerability exists in the Wincor Nixdorf wnB ...)
 	TODO: check
 CVE-2025-70233 (Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the cu ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2025-70232 (Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the cu ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2025-70231 (D-Link DIR-513 version 1.10 contains a critical-level vulnerability. W ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2025-70230 (Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the cu ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2025-70229 (Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the cu ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2025-69534 (Python-Markdown version 3.8 contain a vulnerability where malformed HT ...)
 	TODO: check
 CVE-2025-64166 (Mercurius is a GraphQL adapter for Fastify. Prior to version 16.4.0, a ...)
@@ -147,7 +147,7 @@ CVE-2025-64166 (Mercurius is a GraphQL adapter for Fastify. Prior to version 16.
 CVE-2025-45691 (An Arbitrary File Read vulnerability exists in the ImageTextPromptValu ...)
 	TODO: check
 CVE-2025-29165 (An issue in D-Link DIR-1253 MESH V1.6.1684 allows an attacker to escal ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2025-13476 (Rakuten Viber Cloak mode in Android v25.7.2.0g and Windows v25.6.0.0\u ...)
 	TODO: check
 CVE-2025-13350 (Ubuntu Linux 6.8 GA retains the legacy AF_UNIX garbage collector but b ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/740ebc0cde4981aea3e17c25cf56349b3db865c9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/740ebc0cde4981aea3e17c25cf56349b3db865c9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260305/a5506ac9/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list