[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Mar 17 20:14:38 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c88a7c73 by security tracker role at 2026-03-17T20:14:32+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5,31 +5,31 @@ CVE-2026-4358 (A specially crafted aggregation query with $lookup by an authenti
 CVE-2026-4324 (A flaw was found in the Katello plugin for Red Hat Satellite. This vul ...)
 	TODO: check
 CVE-2026-4319 (A vulnerability was identified in code-projects Simple Food Order Syst ...)
-	TODO: check
+	NOT-FOR-US: code-projects
 CVE-2026-4318 (A vulnerability was determined in UTT HiPER 810G up to 1.7.7-171114. A ...)
 	TODO: check
 CVE-2026-4295 (Improper trust boundary enforcement in Kiro IDE before version 0.8.0 o ...)
-	TODO: check
+	NOT-FOR-US: Amazon
 CVE-2026-4271 (A flaw was found in libsoup, a library for handling HTTP requests. Thi ...)
 	TODO: check
 CVE-2026-4208 (The extension fails to properly reset the generated MFA code after suc ...)
-	TODO: check
+	NOT-FOR-US: TYPO3 (core or extensions)
 CVE-2026-4202 (The extension fails to verify, if an authenticated user has permission ...)
-	TODO: check
+	NOT-FOR-US: TYPO3 (core or extensions)
 CVE-2026-4148 (A use-after-free vulnerability can be triggered in sharded clusters by ...)
 	TODO: check
 CVE-2026-4147 (An authenticated user with the read role may read limited amounts of u ...)
 	TODO: check
 CVE-2026-4064 (Missing authorization checks on multiple gRPC service endpoints in Pow ...)
-	TODO: check
+	NOT-FOR-US: Devolutions
 CVE-2026-3888 (Local privilege escalation in snapd on Linux allows local attackers to ...)
 	TODO: check
 CVE-2026-3564 (A condition in ScreenConnect may allow an actor with access to server- ...)
 	TODO: check
 CVE-2026-3563 (Improper input validation in the apps and endpoints configuration in P ...)
-	TODO: check
+	NOT-FOR-US: Devolutions
 CVE-2026-3207 (Configuration issuein Java Management Extensions (JMX) in TIBCO BPM En ...)
-	TODO: check
+	NOT-FOR-US: TIBCO
 CVE-2026-32981 (A path traversal vulnerability was identified in Ray Dashboard (defaul ...)
 	TODO: check
 CVE-2026-32837 (miniaudio version 0.11.25 and earlier contain a heap out-of-bounds rea ...)
@@ -37,7 +37,7 @@ CVE-2026-32837 (miniaudio version 0.11.25 and earlier contain a heap out-of-boun
 CVE-2026-32836 (dr_libs version 0.13.3 and earlier contain an uncontrolled memory allo ...)
 	TODO: check
 CVE-2026-32586 (Missing Authorization vulnerability in Pluggabl Booster for WooCommerc ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-32298 (The Angeet ES3 KVM does not properly sanitize user-supplied variables  ...)
 	TODO: check
 CVE-2026-32297 (The Angeet ES3 KVM allows a remote, unauthenticated attacker to write  ...)
@@ -91,11 +91,11 @@ CVE-2026-22882 (An out-of-bounds read vulnerability exists in the EMF functional
 CVE-2026-21886 (OpenCTI is an open source platform for managing cyber threat intellige ...)
 	TODO: check
 CVE-2026-21570 (This High severity RCE (Remote Code Execution) vulnerability was intro ...)
-	TODO: check
+	NOT-FOR-US: Atlassian
 CVE-2026-20726 (An out-of-bounds read vulnerability exists in the EMF functionality of ...)
 	TODO: check
 CVE-2026-1323 (The extension fails to properly define allowed classes used when deser ...)
-	TODO: check
+	NOT-FOR-US: TYPO3 (core or extensions)
 CVE-2025-66633 (An out-of-bounds read vulnerability exists in the EMF functionality of ...)
 	TODO: check
 CVE-2025-66617 (An out-of-bounds read vulnerability exists in the EMF functionality of ...)
@@ -123,7 +123,7 @@ CVE-2025-62500 (An out-of-bounds read vulnerability exists in the EMF functional
 CVE-2025-62403 (An out-of-bounds read vulnerability exists in the EMF functionality of ...)
 	TODO: check
 CVE-2025-62320 (HTML Injection can be carried out in Product when a web application do ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2025-61979 (An out-of-bounds read vulnerability exists in the EMF functionality of ...)
 	TODO: check
 CVE-2025-61952 (An out-of-bounds read vulnerability exists in the EMF functionality of ...)
@@ -133,11 +133,11 @@ CVE-2025-58427 (An out-of-bounds read vulnerability exists in the EMF functional
 CVE-2025-47873 (An out-of-bounds read vulnerability exists in the EMF functionality of ...)
 	TODO: check
 CVE-2025-31966 (HCL Sametime is vulnerable to broken server-side validation. While the ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2025-15584 (Netskope was notified about a potential gap in its Endpoint DLP Module ...)
-	TODO: check
+	NOT-FOR-US: Netskope
 CVE-2025-13406 (NULL Pointer Dereference vulnerability in Softing Industrial Automatio ...)
-	TODO: check
+	NOT-FOR-US: Softing
 CVE-2026-32953 [Error in Protocol Implementation]
 	- golang-github-tillitis-tkeyclient 1.3.0-1 (bug #1131010)
 	[trixie] - golang-github-tillitis-tkeyclient <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c88a7c735664ee08099faf252b5aeba075f027b0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c88a7c735664ee08099faf252b5aeba075f027b0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260317/2fea2e9e/attachment.htm>

More information about the debian-security-tracker-commits mailing list