[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Mar 30 20:15:13 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b30eaa31 by security tracker role at 2026-03-30T19:15:07+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9,7 +9,7 @@ CVE-2026-5147 (A security flaw has been discovered in YunaiV yudao-cloud up to 2
 CVE-2026-5128 (A sensitive information exposure vulnerability exists in ArthurFiorett ...)
 	TODO: check
 CVE-2026-5126 (A flaw has been found in SourceCodester RSS Feed Parser 1.0. Affected  ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2026-5125 (A vulnerability was detected in raine consult-llm-mcp up to 2.5.3. Aff ...)
 	TODO: check
 CVE-2026-5124 (A security vulnerability has been detected in osrg GoBGP up to 4.3.0.  ...)
@@ -27,13 +27,13 @@ CVE-2026-4416 (The Performance Library component of Gigabyte Control Center has
 CVE-2026-4415 (Gigabyte Control Center developed by GIGABYTE has an Arbitrary File Wr ...)
 	TODO: check
 CVE-2026-4315 (A Cross-Site Request Forgery (CSRF) vulnerability in the WatchGuard Fi ...)
-	TODO: check
+	NOT-FOR-US: WatchGuard
 CVE-2026-4266 (An Insecure Deserialization vulnerability in WatchGuard Fireware OS al ...)
-	TODO: check
+	NOT-FOR-US: WatchGuard
 CVE-2026-4046 (The iconv() function in the GNU C Library versions 2.43 and earlier ma ...)
 	TODO: check
 CVE-2026-3991 (Symantec Data Loss Prevention Windows Endpoint, prior to 25.1 MP1, 16. ...)
-	TODO: check
+	NOT-FOR-US: Symantec
 CVE-2026-3945 (An integer overflow vulnerability in the HTTP chunked transfer encodin ...)
 	TODO: check
 CVE-2026-3502 (TrueConf Client downloads application update code and applies it witho ...)
@@ -47,7 +47,7 @@ CVE-2026-34472 (Unauthenticated credential disclosure in the wizard interface in
 CVE-2026-33643 (SQL Injection vulnerability in SchemaHero 0.23.0 via the column parame ...)
 	TODO: check
 CVE-2026-33373 (An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. A ...)
-	TODO: check
+	NOT-FOR-US: Zimbra
 CVE-2026-33032 (Nginx UI is a web user interface for the Nginx web server. In versions ...)
 	TODO: check
 CVE-2026-33030 (Nginx UI is a web user interface for the Nginx web server. In versions ...)
@@ -59,27 +59,27 @@ CVE-2026-33028 (Nginx UI is a web user interface for the Nginx web server. Prior
 CVE-2026-33027 (Nginx UI is a web user interface for the Nginx web server. Prior to ve ...)
 	TODO: check
 CVE-2026-30566 (A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceC ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2026-30565 (A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceC ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2026-30564 (A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceC ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2026-30563 (A Stored Cross-Site Scripting (XSS) vulnerability exists in SourceCode ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2026-30562 (A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceC ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2026-30561 (A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceC ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2026-30560 (A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceC ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2026-30559 (A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceC ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2026-30558 (A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceC ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2026-30557 (A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceC ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2026-30556 (A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceC ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2026-30082 (Multiple stored cross-site scripting (XSS) vulnerabilities in the Edit ...)
 	TODO: check
 CVE-2026-30077 (OpenAirInterface V2.2.0 AMF crashes when it fails to decode the messag ...)
@@ -133,7 +133,7 @@ CVE-2025-49010 (OpenSC is an open source smart card tools and middleware. Prior
 CVE-2025-3716 (User enumeration in ESET Protect (on-prem) viaResponse Timing.)
 	TODO: check
 CVE-2025-15379 (A command injection vulnerability exists in MLflow's model serving con ...)
-	TODO: check
+	NOT-FOR-US: mlflow
 CVE-2019-25655 (Device Monitoring Studio 8.10.00.8925 contains a denial of service vul ...)
 	TODO: check
 CVE-2019-25654 (Core FTP/SFTP Server 1.2 contains a buffer overflow vulnerability that ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b30eaa31157d1daf5127ca9ca1997795468cd653

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b30eaa31157d1daf5127ca9ca1997795468cd653
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260330/c7f4347c/attachment.htm>

More information about the debian-security-tracker-commits mailing list