[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed May 6 20:14:38 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
362ab1ea by security tracker role at 2026-05-06T19:14:32+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -265,33 +265,33 @@ CVE-2026-7875 (NanoClaw contains a host/container filesystem boundary vulnerabil
 CVE-2026-7841 (A remote code execution vulnerability exists in Notification Settings  ...)
 	TODO: check
 CVE-2026-7457 (The LatePoint plugin for WordPress is vulnerable to Stored Cross-Site  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-7448 (The LatePoint \u2013 Calendar Booking Plugin for Appointments and Even ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-7332 (The LatePoint \u2013 Calendar Booking Plugin for Appointments and Even ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-6863 (Velociraptor versions prior to 0.76.4 contain a cross organization aut ...)
 	TODO: check
 CVE-2026-6860 (A TCP client can perform a TLS handshake and present the server name e ...)
-	TODO: check
+	NOT-FOR-US: Eclipse
 CVE-2026-6788 (Uncontrolled Search Path Element vulnerabilityin WatchGuard Agent on W ...)
-	TODO: check
+	NOT-FOR-US: WatchGuard
 CVE-2026-6787 (Use of Hard-coded Cryptographic Key vulnerability in WatchGuard Agent  ...)
-	TODO: check
+	NOT-FOR-US: WatchGuard
 CVE-2026-6672 (The Affiliate Program Suite \u2014 SliceWP Affiliates plugin for WordP ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-6420 (A flaw was found in Keylime. An attacker with root access on an enroll ...)
 	TODO: check
 CVE-2026-6344 (The Fluent Forms plugin for WordPress is vulnerable to Arbitrary File  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-6210 (A type confusion vulnerability in Qt SVG allows an attacker to cause a ...)
 	TODO: check
 CVE-2026-43975 (FolderUploadsFileManager in Apache Wicket does not validate or sanitiz ...)
-	TODO: check
+	NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-43646 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-42509 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-42503 (gopls by default communicates via pipe. However, -port and -listen fla ...)
 	TODO: check
 CVE-2026-41938 (Vvveb before version 1.0.8.2 contains an unrestricted file upload vuln ...)
@@ -305,15 +305,15 @@ CVE-2026-41931 (Vvveb before version 1.0.8.2 contains an information disclosure
 CVE-2026-41930 (Vvveb before version 1.0.8.2 contains a hard-coded credentials vulnera ...)
 	TODO: check
 CVE-2026-41288 (Incorrect permission assignment for a resource in the patch management ...)
-	TODO: check
+	NOT-FOR-US: WatchGuard
 CVE-2026-41287 (Stack-based Buffer Overflow vulnerability in the WatchGuard Agent disc ...)
-	TODO: check
+	NOT-FOR-US: WatchGuard
 CVE-2026-41286 (Stack-based Buffer Overflow vulnerability in the WatchGuard Agent disc ...)
-	TODO: check
+	NOT-FOR-US: WatchGuard
 CVE-2026-40010 (Missing invocation of Servlet http web request method changeSessionId  ...)
-	TODO: check
+	NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-40001 (There is a local privilege escalation vulnerability in the ZTE PROCESS ...)
-	TODO: check
+	NOT-FOR-US: ZTE
 CVE-2026-36358 (Cross Site Scripting vulnerability in Juzaweb CMS v.5.0.0 allows a rem ...)
 	TODO: check
 CVE-2026-35255 (Vulnerability in the OracleCloud Native Environment Command Line Inter ...)
@@ -341,21 +341,21 @@ CVE-2026-23926 (An authenticated (non-super) administrator can create a maintena
 CVE-2026-23870 (A denial of service vulnerability could be triggered by sending specia ...)
 	TODO: check
 CVE-2026-21661 (Uncontrolled Search Path Element vulnerability in JohnsonControls AC20 ...)
-	TODO: check
+	NOT-FOR-US: Johnson Controls
 CVE-2026-20219 (A vulnerability in the REST API of Cisco Slido could have allowed an a ...)
 	TODO: check
 CVE-2026-20195 (A vulnerability in an identity management API endpoint of Cisco ISE co ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2026-20193 (A vulnerability in the RADIUS Policy API endpoints of Cisco ISE could  ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2026-20189 (A vulnerability in the log file download functionality of Cisco Prime  ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2026-20188 (A vulnerability in the connection-handling mechanism of Cisco Crosswor ...)
 	TODO: check
 CVE-2026-20185 (A vulnerability in the Simple Network Management Protocol (SNMP) subsy ...)
 	TODO: check
 CVE-2026-20172 (A vulnerability in the Lite Agent feature of Cisco Enterprise Chat and ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2026-20169 (A vulnerability in the web-based management interface of Cisco IoT Fie ...)
 	TODO: check
 CVE-2026-20168 (A vulnerability in the web-based management interface of Cisco IoT Fie ...)
@@ -367,47 +367,47 @@ CVE-2026-20035 (A vulnerability in the web UI of Cisco Unity Connection Web Inbo
 CVE-2026-20034 (A vulnerability in the web-based management interface of Cisco Unity C ...)
 	TODO: check
 CVE-2026-1719 (The Gravity Bookings Premium plugin for WordPress is vulnerable to SQL ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-0300 (A buffer overflow vulnerability in the User-ID\u2122 Authentication Po ...)
-	TODO: check
+	NOT-FOR-US: Palo Alto Networks
 CVE-2025-62345 (HCL BigFix RunBookAI is affected by a Continued availability of Less-S ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2025-59854 (HCL DFXAnalytics is affected by an Insecure Security Header Configurat ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2025-59853 (HCL DFXAnalytics is affected by an Improper Error Handling vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2025-59852 (HCL  DFXAnalytics  is affected by an Insufficient Transport Layer Prot ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2025-59851 (HCL DFXAnalytics is affected by a Using Components with Known Vulnerab ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2025-52613 (HCL BigFix Service Management (SM) is affected by use of a vulnerable  ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2025-31984 (HCL BigFix Service Management (SM) is affected by a security misconfig ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2025-31983 (HCL BigFix Service Management (SM) is affected by a security misconfig ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2025-31982 (HCL BigFix Service Management (SM) had directories that were not linke ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2025-31978 (HCL BigFix Service Management (SM) does not adequately sanitize or saf ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2025-31976 (HCL BigFix Service Management (SM) is vulnerable to insufficiently pro ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2025-31975 (HCL BigFix Service Management (SM) is affected by an Information Discl ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2025-31974 (HCL BigFix Service Management (SM) is susceptible to a Root File Syste ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2025-31970 (HCL DFXAnalytics is affected by an Insecure Security Header configurat ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2025-31960 (HCL BigFix Service Management (SM) is vulnerable to information exposu ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2025-31959 (HCL BigFix Service Management (SM) application fails to strip EXIF met ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2025-31957 (HHCL BigFix Service Management (SM) is affected by a Cross\u2011Site R ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2025-31951 (HCL BigFix RunBookAI is affected by a Unvalidated Command Input / Pote ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2024-30151 (HCL BigFix Service Management (SX)  is affected by a Broken Access Con ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2026-40562 (Gazelle versions through 0.49 for Perl allows HTTP Request Smuggling v ...)
 	NOTE: Perl Gazelle
 	NOTE: https://lists.security.metacpan.org/cve-announce/msg/39783440/



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/362ab1ea1c263a6e6dd8f63881fea6d985a73aa3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/362ab1ea1c263a6e6dd8f63881fea6d985a73aa3
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260506/7fd28903/attachment.htm>

More information about the debian-security-tracker-commits mailing list