[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue May 12 08:13:35 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
42dc2253 by security tracker role at 2026-05-12T07:13:30+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,11 +1,11 @@
 CVE-2026-8349 (A flaw has been found in omec-project amf up to 2.1.1. This vulnerabil ...)
 	TODO: check
 CVE-2026-8346 (A vulnerability was detected in D-Link DIR-816 1.10CNB05_R1B011D88210. ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2026-8345 (A security vulnerability has been detected in D-Link DIR-816 1.10CNB05 ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2026-8344 (A weakness has been identified in D-Link DIR-816 1.10CNB05_R1B011D8821 ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2026-8321 (A vulnerability was detected in inkeep agents 0.58.14. This vulnerabil ...)
 	TODO: check
 CVE-2026-8320 (A security vulnerability has been detected in jishenghua jshERP up to  ...)
@@ -13,13 +13,13 @@ CVE-2026-8320 (A security vulnerability has been detected in jishenghua jshERP u
 CVE-2026-8319 (A weakness has been identified in aiwaves-cn agents up to e8c4e3c2d197 ...)
 	TODO: check
 CVE-2026-7287 (** UNSUPPORTED WHEN ASSIGNED ** A buffer overflow vulnerability in the ...)
-	TODO: check
+	NOT-FOR-US: Zyxel
 CVE-2026-7257 (** UNSUPPORTED WHEN ASSIGNED ** An insecure storage of sensitive infor ...)
-	TODO: check
+	NOT-FOR-US: Zyxel
 CVE-2026-7256 (** UNSUPPORTED WHEN ASSIGNED ** A command injection vulnerability in t ...)
-	TODO: check
+	NOT-FOR-US: Zyxel
 CVE-2026-7255 (** UNSUPPORTED WHEN ASSIGNED ** An improper restriction of excessive a ...)
-	TODO: check
+	NOT-FOR-US: Zyxel
 CVE-2026-45430 (The Salesforce module before 1.x-1.0.1 for Backdrop CMS does not prope ...)
 	TODO: check
 CVE-2026-45393 (Reserved. Details will be published at disclosure.)
@@ -33,9 +33,9 @@ CVE-2026-45362 (Sangoma Switchvox before 8.4 places cleartext SIP authentication
 CVE-2026-45321 (On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious ...)
 	TODO: check
 CVE-2026-45026 (WeGIA is a web manager for charitable institutions. In versions prior  ...)
-	TODO: check
+	NOT-FOR-US: WeGIA
 CVE-2026-45025 (WeGIA is a web manager for charitable institutions. In versions prior  ...)
-	TODO: check
+	NOT-FOR-US: WeGIA
 CVE-2026-44695 (Outline is a service that allows for collaborative documentation. Prio ...)
 	TODO: check
 CVE-2026-43914 (Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to ...)
@@ -93,27 +93,27 @@ CVE-2026-43874 (WWBN AVideo is an open source video platform. In versions up to
 CVE-2026-43873 (WWBN AVideo is an open source video platform. In versions up to and in ...)
 	TODO: check
 CVE-2026-43668 (A use after free issue was addressed with improved memory management.  ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-43666 (An out-of-bounds write issue was addressed with improved bounds checki ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-43661 (A buffer overflow issue was addressed with improved memory handling. T ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-43660 (A validation issue was addressed with improved logic. This issue is fi ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-43659 (A race condition was addressed with additional validation. This issue  ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-43658 (The issue was addressed with improved memory handling. This issue is f ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-43656 (An out-of-bounds write issue was addressed with improved input validat ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-43655 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-43654 (The issue was addressed with improved memory handling. This issue is f ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-43653 (The issue was addressed with improved memory handling. This issue is f ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-43652 (A permissions issue was addressed with additional restrictions. This i ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-42888 (Audiobookshelf is a self-hosted audiobook and podcast server. Prior to ...)
 	TODO: check
 CVE-2026-42887 (Audiobookshelf is a self-hosted audiobook and podcast server. Prior to ...)
@@ -135,11 +135,11 @@ CVE-2026-42875 (External Secrets Operator reads information from a third-party s
 CVE-2026-42874 (Microdot is a minimalistic Python web framework. Prior to 2.6.1, the R ...)
 	TODO: check
 CVE-2026-42873 (WeGIA is a web manager for charitable institutions. In versions prior  ...)
-	TODO: check
+	NOT-FOR-US: WeGIA
 CVE-2026-42872 (WeGIA is a web manager for charitable institutions. In versions prior  ...)
-	TODO: check
+	NOT-FOR-US: WeGIA
 CVE-2026-42870 (WeGIA is a web manager for charitable institutions. In versions prior  ...)
-	TODO: check
+	NOT-FOR-US: WeGIA
 CVE-2026-42869 (SOCFortress CoPilot focuses on providing a single pane of glass for al ...)
 	TODO: check
 CVE-2026-42600 (MinIO is a high-performance object storage system. From RELEASE.2022-0 ...)
@@ -161,27 +161,27 @@ CVE-2026-41530 (The automatic folder creation feature of Lhaz and Lhaz+ provided
 CVE-2026-41489 (Pi-hole is a DNS sinkhole that protects devices from unwanted content  ...)
 	TODO: check
 CVE-2026-40137 (SAP TAF_APPLAUNCHER within Business Server Pages allows an unauthentic ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2026-40136 (SAP Financial Consolidation allows an authenticated attacker to discon ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2026-40135 (An OS Command Injection vulnerability exists in the SAP NetWeaver Appl ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2026-40134 (Due to insufficient authorization checks in the SAP Incentive and Comm ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2026-40133 (Due to missing authorization check in SAP S/4HANA Condition Maintenanc ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2026-40132 (Due to missing authorization check in SAP Strategic Enterprise Managem ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2026-40131 (SQL injection vulnerability exists in @sap/hdi-deploy package, where S ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2026-40129 (Due to a Code Injection vulnerability in SAP Application Server ABAP f ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2026-39871 (A path handling issue was addressed with improved logic. This issue is ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-39870 (The issue was addressed with improved memory handling. This issue is f ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-39869 (The issue was addressed with improved memory handling. This issue is f ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-37630 (An issue in QuickJS-NG v.0.12.1 allows an attacker to execute arbitrar ...)
 	TODO: check
 CVE-2026-36734 (EDIMAX BR-6428nS V3 1.15 is vulnerable to Command Injection. An authen ...)
@@ -195,181 +195,181 @@ CVE-2026-34961 (barebox prior to version 2026.04.0 contains out-of-bounds read v
 CVE-2026-34960 (barebox prior to version 2026.04.0 contains an out-of-bounds read vuln ...)
 	TODO: check
 CVE-2026-34263 (Due to improper Spring Security configuration, SAP Commerce cloud allo ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2026-34260 (SAP S/4HANA (SAP Enterprise Search for ABAP) contains a SQL injection  ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2026-34259 (Due to an OS Command Execution vulnerability in SAP Forecasting & Repl ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2026-34258 (SAPUI5 (Search UI) allows an unauthenticated attacker to manipulate sp ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2026-2614 (A vulnerability in the `_create_model_version()` handler of `mlflow/se ...)
-	TODO: check
+	NOT-FOR-US: mlflow
 CVE-2026-28996 (A race condition was addressed with additional validation. This issue  ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-28995 (A logic issue was addressed with improved restrictions. This issue is  ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-28994 (A use after free issue was addressed with improved memory management.  ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-28993 (This issue was addressed by adding an additional prompt for user conse ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-28992 (A memory corruption vulnerability was addressed with improved locking. ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-28991 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-28990 (The issue was addressed with improved memory handling. This issue is f ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-28988 (A permissions issue was addressed with additional restrictions. This i ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-28987 (A logging issue was addressed with improved data redaction. This issue ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-28986 (A race condition was addressed with additional validation. This issue  ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-28985 (A null pointer dereference was addressed with improved input validatio ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-28983 (A type confusion issue was addressed with improved checks. This issue  ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-28978 (A permissions issue was addressed with additional restrictions. This i ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-28977 (The issue was addressed with improved bounds checks. This issue is fix ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-28976 (An information leakage was addressed with additional validation. This  ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-28974 (This issue was addressed with improved checks to prevent unauthorized  ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-28972 (An out-of-bounds write issue was addressed with improved input validat ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-28971 (The issue was addressed with improved UI handling. This issue is fixed ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-28969 (A use after free issue was addressed with improved memory management.  ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-28967 (A denial-of-service issue was addressed with improved input validation ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-28965 (A privacy issue was addressed with improved checks. This issue is fixe ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-28964 (An inconsistent user interface issue was addressed with improved state ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-28963 (A privacy issue was addressed by removing the vulnerable code. This is ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-28962 (This issue was addressed with improved access restrictions. This issue ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-28961 (This issue was addressed with improved checks. This issue is fixed in  ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-28959 (A buffer overflow was addressed with improved bounds checking. This is ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-28958 (This issue was addressed with improved data protection. This issue is  ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-28957 (An issue with app access to camera metadata was addressed with improve ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-28956 (A memory corruption issue was addressed with improved input validation ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-28955 (The issue was addressed with improved memory handling. This issue is f ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-28954 (A file quarantine bypass was addressed with additional checks. This is ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-28953 (The issue was addressed with improved memory handling. This issue is f ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-28952 (An integer overflow was addressed with improved input validation. This ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-28951 (An authorization issue was addressed with improved state management. T ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-28947 (A use-after-free issue was addressed with improved memory management.  ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-28946 (A use-after-free issue was addressed with improved memory management.  ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-28944 (The issue was addressed with improved memory handling. This issue is f ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-28943 (A logging issue was addressed with improved data redaction. This issue ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-28942 (A use-after-free issue was addressed with improved memory management.  ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-28941 (The issue was addressed with improved checks. This issue is fixed in i ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-28940 (The issue was addressed with improved memory handling. This issue is f ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-28936 (The issue was addressed with improved checks. This issue is fixed in i ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-28930 (A permissions issue was addressed with additional restrictions. This i ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-28929 (A logic issue was addressed with improved checks. This issue is fixed  ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-28925 (A buffer overflow was addressed with improved bounds checking. This is ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-28924 (A race condition was addressed with improved handling of symbolic link ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-28923 (A logging issue was addressed with improved data redaction. This issue ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-28922 (This issue was addressed through improved state management. This issue ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-28920 (An information leakage was addressed with additional validation. This  ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-28919 (A consistency issue was addressed with improved state handling. This i ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-28918 (An out-of-bounds access issue was addressed with improved bounds check ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-28917 (The issue was addressed with improved input validation. This issue is  ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-28915 (A parsing issue in the handling of directory paths was addressed with  ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-28914 (A logic issue was addressed with improved file handling. This issue is ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-28913 (The issue was addressed with improved memory handling. This issue is f ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-28910 (This issue was addressed with improved permissions checking. This issu ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-28908 (A denial of service issue was addressed by removing the vulnerable cod ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-28907 (The issue was addressed with improved input validation. This issue is  ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-28906 (This issue was addressed through improved state management. This issue ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-28905 (The issue was addressed with improved memory handling. This issue is f ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-28904 (The issue was addressed with improved memory handling. This issue is f ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-28903 (The issue was addressed with improved memory handling. This issue is f ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-28902 (The issue was addressed with improved memory handling. This issue is f ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-28901 (The issue was addressed with improved memory handling. This issue is f ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-28897 (A buffer overflow was addressed with improved input validation. This i ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-28883 (A use-after-free issue was addressed with improved memory management.  ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-28873 (This issue was addressed with additional entitlement checks. This issu ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-28872 (A resource exhaustion issue was addressed with improved input validati ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-28860 (The issue was addressed with improved input validation. This issue is  ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-28848 (A buffer overflow was addressed with improved bounds checking. This is ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-28847 (The issue was addressed with improved memory handling. This issue is f ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-28846 (A buffer overflow was addressed with improved bounds checking. This is ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-28840 (A permissions issue was addressed with additional restrictions. This i ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-28830 (A race condition was addressed with additional validation. This issue  ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-28819 (An out-of-bounds write issue was addressed with improved bounds checki ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-27682 (Due to a reflected cross-site scripting (XSS) vulnerability in SAP Net ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2026-20696 (An authorization issue was addressed with improved state management. T ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-1681 (Issuing an ICMP ping via the `net ping` shell command to a device's ow ...)
-	TODO: check
+	NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2026-1185 (A configuration file on the local file system had improper input valid ...)
-	TODO: check
+	NOT-FOR-US: Axis Communication
 CVE-2026-0804 (An ACAP configuration file lacked sufficient input validation, which c ...)
-	TODO: check
+	NOT-FOR-US: Axis Communication
 CVE-2026-0802 (An ACAP configuration file lacked sufficient input validation, which c ...)
-	TODO: check
+	NOT-FOR-US: Axis Communication
 CVE-2026-0541 (ACAP applications can gain elevated privileges due to improper input v ...)
-	TODO: check
+	NOT-FOR-US: Axis Communication
 CVE-2026-0502 (Due to insufficient CSRF protection in SAP BusinessObjects Business In ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2026-7010 (HTTP::Tiny versions before 0.093 for Perl do not validate CRLF in HTTP ...)
 	- libhttp-tiny-perl <unfixed>
 	NOTE: https://lists.security.metacpan.org/cve-announce/msg/39952806/



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/42dc2253537edb77d340d9ff70f81edf7ebe396d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/42dc2253537edb77d340d9ff70f81edf7ebe396d
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260512/695a1bc5/attachment.htm>

More information about the debian-security-tracker-commits mailing list