[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Mar 20 20:20:09 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1be042b3 by security tracker role at 2026-03-20T20:20:01+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7,9 +7,9 @@ CVE-2026-4504 (A flaw has been found in eosphoros-ai db-gpt up to 0.7.5. This vu
 CVE-2026-4500 (A vulnerability was identified in bagofwords1 bagofwords up to 0.0.297 ...)
 	TODO: check
 CVE-2026-4499 (A vulnerability was determined in D-Link DIR-820LW 2.03. Affected is t ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2026-4497 (A vulnerability was determined in Totolink WA300 5.2cu.7112_B20190227. ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2026-4496 (A vulnerability was found in sigmade Git-MCP-Server up to 785aa159f262 ...)
 	TODO: check
 CVE-2026-4495 (A security flaw has been discovered in atjiu pybbs 6.0.0. This impacts ...)
@@ -17,41 +17,41 @@ CVE-2026-4495 (A security flaw has been discovered in atjiu pybbs 6.0.0. This im
 CVE-2026-4494 (A vulnerability was identified in atjiu pybbs 6.0.0. This affects the  ...)
 	TODO: check
 CVE-2026-4493 (A vulnerability was determined in Tenda A18 Pro 02.03.02.28. The impac ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2026-4492 (A vulnerability was found in Tenda A18 Pro 02.03.02.28. The affected e ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2026-4491 (A vulnerability has been found in Tenda A18 Pro 02.03.02.28. Impacted  ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2026-4490 (A flaw has been found in Tenda A18 Pro 02.03.02.28. This issue affects ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2026-4489 (A vulnerability was detected in Tenda A18 Pro 02.03.02.28. This vulner ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2026-4488 (A vulnerability was identified in UTT HiPER 1250GW up to 3.2.7-210907- ...)
 	TODO: check
 CVE-2026-4487 (A vulnerability was determined in UTT HiPER 1200GW up to 2.5.3-170306. ...)
 	TODO: check
 CVE-2026-4486 (A vulnerability was found in D-Link DIR-513 1.10. This affects the fun ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2026-4485 (A vulnerability has been found in itsourcecode College Management Syst ...)
-	TODO: check
+	NOT-FOR-US: itsourcecode System
 CVE-2026-4438 (Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.co ...)
 	TODO: check
 CVE-2026-4437 (Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.co ...)
 	TODO: check
 CVE-2026-4434 (Improper certificate validation in the PAM propagation WinRM connectio ...)
-	TODO: check
+	NOT-FOR-US: Devolutions
 CVE-2026-3550 (The RockPress plugin for WordPress is vulnerable to Missing Authorizat ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-33372 (An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. A ...)
-	TODO: check
+	NOT-FOR-US: Zimbra
 CVE-2026-33371 (An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. A ...)
-	TODO: check
+	NOT-FOR-US: Zimbra
 CVE-2026-33370 (An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. A ...)
-	TODO: check
+	NOT-FOR-US: Zimbra
 CVE-2026-33369 (Zimbra Collaboration (ZCS) 10.0 and 10.1 contains an LDAP injection vu ...)
-	TODO: check
+	NOT-FOR-US: Zimbra
 CVE-2026-33368 (Zimbra Collaboration Suite (ZCS) 10.0 and 10.1 contains a reflected cr ...)
-	TODO: check
+	NOT-FOR-US: Zimbra
 CVE-2026-33312 (Vikunja is an open-source self-hosted task management platform. Starti ...)
 	TODO: check
 CVE-2026-33192 (Free5GC is an open-source Linux Foundation project for 5th generation  ...)
@@ -61,13 +61,13 @@ CVE-2026-33140 (PySpector is a static analysis security testing (SAST) Framework
 CVE-2026-33139 (PySpector is a static analysis security testing (SAST) Framework engin ...)
 	TODO: check
 CVE-2026-33136 (WeGIA is a web manager for charitable institutions. Versions 3.6.6 and ...)
-	TODO: check
+	NOT-FOR-US: WeGIA
 CVE-2026-33135 (WeGIA is a web manager for charitable institutions. Versions 3.6.6 and ...)
-	TODO: check
+	NOT-FOR-US: WeGIA
 CVE-2026-33134 (WeGIA is a web manager for charitable institutions. Versions 3.6.5 and ...)
-	TODO: check
+	NOT-FOR-US: WeGIA
 CVE-2026-33133 (WeGIA is a web manager for charitable institutions. In versions 3.6.5  ...)
-	TODO: check
+	NOT-FOR-US: WeGIA
 CVE-2026-33132 (ZITADEL is an open source identity management platform. Versions prior ...)
 	TODO: check
 CVE-2026-33131 (H3 is a minimal H(TTP) framework. Versions 2.0.0-0 through 2.0.1-rc.14 ...)
@@ -145,9 +145,9 @@ CVE-2026-30579 (File Thingie 2.5.7 is vulnerable to Cross Site Scripting (XSS).
 CVE-2026-30578 (File Thinghie 2.5.7 is vulnerable to Cross Site Scripting (XSS). A mal ...)
 	TODO: check
 CVE-2026-2432 (The CM Custom Reports \u2013 Flexible reporting to track what matters  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-2421 (The ilGhera Carta Docente for WooCommerce plugin for WordPress is vuln ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-29828 (DooTask v1.6.27 has a Cross-Site Scripting (XSS) vulnerability in the  ...)
 	TODO: check
 CVE-2026-29794 (Vikunja is an open-source self-hosted task management platform. Starti ...)
@@ -157,51 +157,51 @@ CVE-2026-27625 (Stirling-PDF is a locally hosted web application that performs v
 CVE-2026-25792 (Greenshot is an open source Windows screenshot utility. Versions 1.3.3 ...)
 	TODO: check
 CVE-2026-22902 (A command injection vulnerability has been reported to affect QuNetSwi ...)
-	TODO: check
+	NOT-FOR-US: QNAP
 CVE-2026-22901 (A command injection vulnerability has been reported to affect QuNetSwi ...)
-	TODO: check
+	NOT-FOR-US: QNAP
 CVE-2026-22900 (A use of hard-coded credentials vulnerability has been reported to aff ...)
-	TODO: check
+	NOT-FOR-US: QNAP
 CVE-2026-22898 (A missing authentication for critical function vulnerability has been  ...)
-	TODO: check
+	NOT-FOR-US: QNAP
 CVE-2026-22897 (A command injection vulnerability has been reported to affect QuNetSwi ...)
-	TODO: check
+	NOT-FOR-US: QNAP
 CVE-2026-22895 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
-	TODO: check
+	NOT-FOR-US: QNAP
 CVE-2026-22324 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-22172 (OpenClaw versions prior to 2026.3.12 contain an authorization bypass v ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-0677 (Deserialization of Untrusted Data vulnerability in TotalSuite TotalCon ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-67260 (The Terrapack software, from ASTER TEC / ASTER S.p.A., with the indica ...)
 	TODO: check
 CVE-2025-63260 (SyncFusion 30.1.37 is vulnerable to Cross Site Scripting (XSS) via the ...)
 	TODO: check
 CVE-2025-62846 (An SQL injection vulnerability has been reported to affect QHora. If a ...)
-	TODO: check
+	NOT-FOR-US: QNAP
 CVE-2025-62845 (An improper neutralization of escape, meta, or control sequences vulne ...)
-	TODO: check
+	NOT-FOR-US: QNAP
 CVE-2025-62844 (A weak authentication vulnerability has been reported to affect QHora. ...)
-	TODO: check
+	NOT-FOR-US: QNAP
 CVE-2025-62843 (An improper restriction of communication channel to intended endpoints ...)
-	TODO: check
+	NOT-FOR-US: QNAP
 CVE-2025-59383 (A buffer overflow vulnerability has been reported to affect Media Stre ...)
-	TODO: check
+	NOT-FOR-US: QNAP
 CVE-2025-46598 (Bitcoin Core through 29.0 allows a denial of service via a crafted tra ...)
 	TODO: check
 CVE-2025-46597 (Bitcoin Core 0.13.0 through 29.x has an integer overflow.)
 	TODO: check
 CVE-2025-15608 (This vulnerability in AX53 v1 results from insufficient input sanitiza ...)
-	TODO: check
+	NOT-FOR-US: TPLink
 CVE-2025-15607 (A command injection vulnerability on AX53 v1 occurs in mscd debug func ...)
-	TODO: check
+	NOT-FOR-US: TPLink
 CVE-2024-44722 (SysAK v2.0 and before is vulnerable to command execution via aaa;cat / ...)
 	TODO: check
 CVE-2024-32537 (Cross-Site request forgery (CSRF) vulnerability in joshuae1974 Flash V ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2024-31119 (Improper neutralization of input during web page generation ('cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-23278 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
 	- linux <unfixed>
 	NOTE: https://git.kernel.org/linus/7cb9a23d7ae40a702577d3d8bacb7026f04ac2a9 (7.0-rc4)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1be042b3a3ce74b01eb706907c1a0bd2e86a7a5f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1be042b3a3ce74b01eb706907c1a0bd2e86a7a5f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260320/49d5bbc5/attachment.htm>

More information about the debian-security-tracker-commits mailing list