[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Mar 6 08:13:50 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9279fcc8 by security tracker role at 2026-03-06T08:13:39+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,25 +1,25 @@
 CVE-2026-3616 (A vulnerability was detected in DefaultFuction Jeson Customer Relation ...)
 	TODO: check
 CVE-2026-3613 (A vulnerability was identified in Wavlink WL-NU516U1 V240425. This vul ...)
-	TODO: check
+	NOT-FOR-US: Wavlink
 CVE-2026-3612 (A vulnerability was determined in Wavlink WL-NU516U1 V240425. This aff ...)
-	TODO: check
+	NOT-FOR-US: Wavlink
 CVE-2026-3610 (A vulnerability was found in HSC Cybersecurity Mailinspector up to 5.3 ...)
 	TODO: check
 CVE-2026-3606 (A vulnerability has been found in Ettercap 0.8.4-Garofalo. Affected by ...)
 	TODO: check
 CVE-2026-2830 (The WP All Import \u2013 Drag & Drop Import for CSV, XML, Excel & Goog ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-2593 (The Greenshift \u2013 animation and page builder blocks plugin for Wor ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-2589 (The Greenshift \u2013 animation and page builder blocks plugin for Wor ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-2446 (The PowerPack for LearnDash WordPress plugin before 1.3.0 does not hav ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-2331 (An attacker may perform unauthenticated read and write operations on s ...)
-	TODO: check
+	NOT-FOR-US: SICK AG
 CVE-2026-2330 (An attacker may access restricted filesystem areas on the device via t ...)
-	TODO: check
+	NOT-FOR-US: SICK AG
 CVE-2026-29613 (OpenClaw versions prior to 2026.2.12 contain a vulnerability in the Bl ...)
 	TODO: check
 CVE-2026-29612 (OpenClaw versions prior to 2026.2.14 decode base64-backed media inputs ...)
@@ -95,43 +95,43 @@ CVE-2026-28787 (OneUptime is a solution for monitoring and managing online servi
 CVE-2026-28785 (Ghostfolio is an open source wealth management software. Prior to vers ...)
 	TODO: check
 CVE-2026-28727 (Local privilege escalation due to insecure Unix socket permissions. Th ...)
-	TODO: check
+	NOT-FOR-US: Acronis
 CVE-2026-28726 (Sensitive information disclosure due to improper access control. The f ...)
-	TODO: check
+	NOT-FOR-US: Acronis
 CVE-2026-28725 (Sensitive information disclosure due to improper configuration of a he ...)
-	TODO: check
+	NOT-FOR-US: Acronis
 CVE-2026-28724 (Unauthorized data access due to insufficient access control validation ...)
-	TODO: check
+	NOT-FOR-US: Acronis
 CVE-2026-28723 (Unauthorized report deletion due to insufficient access control. The f ...)
-	TODO: check
+	NOT-FOR-US: Acronis
 CVE-2026-28722 (Local privilege escalation due to improper soft link handling. The fol ...)
-	TODO: check
+	NOT-FOR-US: Acronis
 CVE-2026-28721 (Local privilege escalation due to improper soft link handling. The fol ...)
-	TODO: check
+	NOT-FOR-US: Acronis
 CVE-2026-28720 (Unauthorized modification of settings due to insufficient authorizatio ...)
-	TODO: check
+	NOT-FOR-US: Acronis
 CVE-2026-28719 (Unauthorized resource manipulation due to improper authorization check ...)
-	TODO: check
+	NOT-FOR-US: Acronis
 CVE-2026-28718 (Denial of service due to insufficient input validation in authenticati ...)
-	TODO: check
+	NOT-FOR-US: Acronis
 CVE-2026-28717 (Local privilege escalation due to improper directory permissions. The  ...)
-	TODO: check
+	NOT-FOR-US: Acronis
 CVE-2026-28716 (Information disclosure and manipulation due to improper authorization  ...)
-	TODO: check
+	NOT-FOR-US: Acronis
 CVE-2026-28715 (Sensitive information disclosure due to improper authorization checks. ...)
-	TODO: check
+	NOT-FOR-US: Acronis
 CVE-2026-28714 (Unnecessary transmission of sensitive cryptographic material. The foll ...)
-	TODO: check
+	NOT-FOR-US: Acronis
 CVE-2026-28713 (Default credentials set for local privileged user in Virtual Appliance ...)
-	TODO: check
+	NOT-FOR-US: Acronis
 CVE-2026-28712 (Local privilege escalation due to DLL hijacking vulnerability. The fol ...)
-	TODO: check
+	NOT-FOR-US: Acronis
 CVE-2026-28711 (Local privilege escalation due to DLL hijacking vulnerability. The fol ...)
-	TODO: check
+	NOT-FOR-US: Acronis
 CVE-2026-28710 (Sensitive information disclosure and manipulation due to improper auth ...)
-	TODO: check
+	NOT-FOR-US: Acronis
 CVE-2026-28709 (Unauthorized resource manipulation due to improper authorization check ...)
-	TODO: check
+	NOT-FOR-US: Acronis
 CVE-2026-28685 (Kimai is a web-based multi-user time-tracking application. Prior to ve ...)
 	TODO: check
 CVE-2026-28683 (Gokapi is a self-hosted file sharing server with automatic expiration  ...)
@@ -303,7 +303,7 @@ CVE-2026-21622 (Insufficient Session Expiration vulnerability in hexpm hexpm/hex
 CVE-2026-21536 (Microsoft Devices Pricing Program Remote Code Execution Vulnerability)
 	TODO: check
 CVE-2026-1128 (The WP eCommerce WordPress plugin through 3.15.1 does not have CSRF ch ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-0848 (NLTK versions <=3.9.2 are vulnerable to arbitrary code execution due t ...)
 	TODO: check
 CVE-2025-70995 (An issue in Aranda Service Desk Web Edition (ASDK API 8.6) allows auth ...)
@@ -329,13 +329,13 @@ CVE-2025-55289 (Chamilo is a learning management system. Prior to version 1.11.3
 CVE-2025-55208 (Chamilo is a learning management system. Versions prior to 1.11.34 hav ...)
 	TODO: check
 CVE-2025-30413 (Credentials are not deleted from Acronis Agent after plan revocation.  ...)
-	TODO: check
+	NOT-FOR-US: Acronis
 CVE-2025-11792 (Local privilege escalation due to DLL hijacking vulnerability. The fol ...)
-	TODO: check
+	NOT-FOR-US: Acronis
 CVE-2025-11791 (Sensitive information disclosure and manipulation due to insufficient  ...)
-	TODO: check
+	NOT-FOR-US: Acronis
 CVE-2025-11790 (Credentials are not deleted from Acronis Agent after plan revocation.  ...)
-	TODO: check
+	NOT-FOR-US: Acronis
 CVE-2026-3598 (Use of a Broken or Risky Cryptographic Algorithm vulnerability in rust ...)
 	NOT-FOR-US: RustDesk Server Pro (not same as src:rustdesk, itp'ed #1038942)
 CVE-2026-3459 (The Drag and Drop Multiple File Upload - Contact Form 7 plugin for Wor ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9279fcc8817c54566109afcdf1106ff14db83dbb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9279fcc8817c54566109afcdf1106ff14db83dbb
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260306/cc974c2f/attachment.htm>

More information about the debian-security-tracker-commits mailing list