[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri May 8 20:14:50 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5ad4a1fe by security tracker role at 2026-05-08T19:14:45+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2026-8178 (An issue exists in Amazon Redshift JDBC Driver versions prior to 2.2.2 ...)
-	TODO: check
+	NOT-FOR-US: Amazon
 CVE-2026-8153 (OS command injection in Dashboard Server interface in Universal Robots ...)
 	TODO: check
 CVE-2026-8077 (Lack of proper authorization implementation in the CashDro 3 web admin ...)
@@ -9,17 +9,17 @@ CVE-2026-8076 (Weak credentials in the CashDro 3 web administration panel, versi
 CVE-2026-7864 (SEPPmail Secure Email Gateway before version 15.0.4 exposes server env ...)
 	TODO: check
 CVE-2026-7650 (The E2Pdf \u2013 Export Pdf Tool for WordPress plugin for WordPress is ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-7475 (The Sky Addons plugin for WordPress is vulnerable to Stored Cross-Site ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-7330 (The Auto Affiliate Links plugin for WordPress is vulnerable to Stored  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-6213 (A vulnerability in Remote SparkSparkView beforebuild 1122 allows an at ...)
 	TODO: check
 CVE-2026-5341 (The NMR Strava activities plugin for WordPress is vulnerable to Stored ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-5127 (The User Frontend: AI Powered Frontend Posting, User Directory, Profil ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-44928 (In uriparser before 1.0.2, the function family EqualsUri can misclassi ...)
 	TODO: check
 CVE-2026-44927 (In uriparser before 1.0.2, there is pointer difference truncation to i ...)
@@ -137,7 +137,7 @@ CVE-2026-41070 (openvpn-auth-oauth2 is a plugin/management interface client for
 CVE-2026-3318 (Open redirection vulnerability in the latest demo version of the Cradl ...)
 	TODO: check
 CVE-2026-39816 (The optional extension component TinkerpopClientService is missing the ...)
-	TODO: check
+	NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-38361 (An issue in fohrloop dash-uploader v.0.1.0 through v.0.7.0a2 allows a  ...)
 	TODO: check
 CVE-2026-38360 (Directory Traversal vulnerability in fohrloop dash-uploader v.0.1.0 th ...)
@@ -147,7 +147,7 @@ CVE-2026-37431 (Beauty Parlour Management System v1.1 was discovered to contain
 CVE-2026-34354 (Akamai Guardicore Platform Agent (GPA) and Zero Trust Client on Linux  ...)
 	TODO: check
 CVE-2026-32803 (Dell PowerScale OneFS versions 9.5.0.0 through 9.5.1.6, 9.6.0.0 throug ...)
-	TODO: check
+	NOT-FOR-US: Dell / EMC
 CVE-2026-29975 (lwjson 1.8.1 contains an improper input validation vulnerability in th ...)
 	TODO: check
 CVE-2026-29974 (An issue was discovered in kosma minmea 0.3.0. The minmea_scan functio ...)
@@ -161,21 +161,21 @@ CVE-2026-29202 (Insufficient input validation of the `plugin` parameter of the `
 CVE-2026-29201 (Insufficient input validation of the feature file name in `feature::LO ...)
 	TODO: check
 CVE-2026-25199 (Instances deployed via the Proxmox extension allow unauthorized access ...)
-	TODO: check
+	NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-25077 (Account users are allowed by default to register templates to be downl ...)
-	TODO: check
+	NOT-FOR-US: Apache software not packaged in Debian
 CVE-2025-69233 (Due to multiple time-of-check time-of-use race conditions in the resou ...)
-	TODO: check
+	NOT-FOR-US: Apache software not packaged in Debian
 CVE-2025-67486 (Dolibarr is an enterprise resource planning (ERP) and customer relatio ...)
 	TODO: check
 CVE-2025-66467 (Missing MinIO policy cleanup on bucket deletion via Apache CloudStack  ...)
-	TODO: check
+	NOT-FOR-US: Apache software not packaged in Debian
 CVE-2025-66172 (The CloudStack Backup plugin has an improper access logic in versions  ...)
-	TODO: check
+	NOT-FOR-US: Apache software not packaged in Debian
 CVE-2025-66171 (The CloudStack Backup plugin has an improper access logic in versions  ...)
-	TODO: check
+	NOT-FOR-US: Apache software not packaged in Debian
 CVE-2025-66170 (The CloudStack Backup plugin has an improper authorization logic in ve ...)
-	TODO: check
+	NOT-FOR-US: Apache software not packaged in Debian
 CVE-2022-50994 (DrayTek Vigor 2960 firmware versions prior to 1.5.1.4 contain an OS co ...)
 	TODO: check
 CVE-2026-6659 (Crypt::PasswdMD5 versions through 1.42 for Perl generates insecure ran ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ad4a1fe991c5e1753dffcfcf68b817237d9ab30

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ad4a1fe991c5e1753dffcfcf68b817237d9ab30
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260508/6f4208a6/attachment.htm>

More information about the debian-security-tracker-commits mailing list