[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue May 19 08:14:19 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4db9697c by security tracker role at 2026-05-19T07:13:53+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
 CVE-2026-8851 (SOGo 5.12.7 contains a SQL injection vulnerability in the Access Contr ...)
 	TODO: check
 CVE-2026-8838 (Unsafe use of Python's eval() on server-received data in the vector_in ...)
-	TODO: check
+	NOT-FOR-US: Amazon
 CVE-2026-8830 (A flaw was found in Keycloak. An authenticated user can bypass configu ...)
 	TODO: check
 CVE-2026-8814 (Versions of the package exifreader before 4.39.0 are vulnerable to Imp ...)
@@ -9,7 +9,7 @@ CVE-2026-8814 (Versions of the package exifreader before 4.39.0 are vulnerable t
 CVE-2026-8813 (This affects versions of the package exifreader before 4.39.0. A craft ...)
 	TODO: check
 CVE-2026-4137 (In mlflow/mlflow versions prior to 3.11.0, the `get_or_create_nfs_tmp_ ...)
-	TODO: check
+	NOT-FOR-US: mlflow
 CVE-2026-47311 (Heap-based buffer overflow vulnerability in Samsung Open Source Escarg ...)
 	TODO: check
 CVE-2026-47310 (Use after free vulnerability in Samsung Open Source Escargot allows Po ...)
@@ -33,9 +33,9 @@ CVE-2026-45245 (Summarize prior to 0.15.1 contains a vulnerability in the hover
 CVE-2026-45244 (Summarize prior to 0.15.1 contains a missing authorization vulnerabili ...)
 	TODO: check
 CVE-2026-33565 (in OpenHarmony v6.0 and prior versions allow a local attacker cause DO ...)
-	TODO: check
+	NOT-FOR-US: OpenHarmony
 CVE-2026-33514 (Discourse is an open-source discussion platform. In versions prior to  ...)
-	TODO: check
+	NOT-FOR-US: Discourse
 CVE-2026-33234 (AutoGPT is a workflow automation platform for creating, deploying, and ...)
 	TODO: check
 CVE-2026-33233 (AutoGPT is a workflow automation platform for creating, deploying, and ...)
@@ -51,13 +51,13 @@ CVE-2026-32323 (Mullvad VPN is a VPN client app for desktop and mobile. When usi
 CVE-2026-32312 (GLPI is a free asset and IT management software package. In versions 1 ...)
 	TODO: check
 CVE-2026-32244 (Discourse is an open-source discussion platform. In versions prior to  ...)
-	TODO: check
+	NOT-FOR-US: Discourse
 CVE-2026-30950 (AutoGPT is a workflow automation platform for creating, deploying, and ...)
 	TODO: check
 CVE-2026-28751 (in OpenHarmony v6.0 and prior versions allow a local attacker cause DO ...)
-	TODO: check
+	NOT-FOR-US: OpenHarmony
 CVE-2026-28733 (in OpenHarmony v6.0 and prior versions allow a local attacker arbitrar ...)
-	TODO: check
+	NOT-FOR-US: OpenHarmony
 CVE-2026-27964 (FacturaScripts is an open source accounting and invoicing software. Ve ...)
 	TODO: check
 CVE-2026-27892 (FacturaScripts is an open source accounting and invoicing software. In ...)
@@ -65,37 +65,37 @@ CVE-2026-27892 (FacturaScripts is an open source accounting and invoicing softwa
 CVE-2026-27891 (FacturaScripts is an open source accounting and invoicing software. Ve ...)
 	TODO: check
 CVE-2026-27781 (in OpenHarmony v6.0 and prior versions allow a local attacker cause DO ...)
-	TODO: check
+	NOT-FOR-US: OpenHarmony
 CVE-2026-27766 (in OpenHarmony v6.0 and prior versions allow a local attacker cause in ...)
-	TODO: check
+	NOT-FOR-US: OpenHarmony
 CVE-2026-27737 (BigBlueButton is an open-source virtual classroom. In versions prior t ...)
 	TODO: check
 CVE-2026-27648 (in OpenHarmony v6.0 and prior versions allow a remote attacker arbitra ...)
-	TODO: check
+	NOT-FOR-US: OpenHarmony
 CVE-2026-27130 (Dokploy is a free, self-hostable Platform as a Service (PaaS). Version ...)
 	TODO: check
 CVE-2026-26978 (FreePBX is an open source IP PBX. In versions below 16.0.71 and 17.0.6 ...)
 	TODO: check
 CVE-2026-25850 (in OpenHarmony v6.0 and prior versions allow a local attacker cause in ...)
-	TODO: check
+	NOT-FOR-US: OpenHarmony
 CVE-2026-25781 (in OpenHarmony v6.0 and prior versions allow a local attacker cause DO ...)
-	TODO: check
+	NOT-FOR-US: OpenHarmony
 CVE-2026-25244 (WebdriverIO is a test automation framework for unit, e2e and component ...)
 	TODO: check
 CVE-2026-25110 (in OpenHarmony v6.0 and prior versions allow a local attacker cause DO ...)
-	TODO: check
+	NOT-FOR-US: OpenHarmony
 CVE-2026-24792 (in OpenHarmony v6.0 and prior versions allow a remote attacker arbitra ...)
-	TODO: check
+	NOT-FOR-US: OpenHarmony
 CVE-2026-22810 (Joplin is an open source note-taking and to-do application that organi ...)
 	TODO: check
 CVE-2026-22069 (A local privilege escalation vulnerability exists in O+ Connect becaus ...)
 	TODO: check
 CVE-2026-21789 (HCL Connections contains a broken access control vulnerability that ma ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2025-65954 (SimpleSAMLphp-casserver is a CAS 1.0 and 2.0 compliant CAS server in t ...)
 	TODO: check
 CVE-2025-15609 (The Fortis for WooCommerce WordPress plugin before 1.3.1 may leak sens ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-45137
 	NOT-FOR-US: Rust anchor-lang
 	NOTE: https://rustsec.org/advisories/RUSTSEC-2026-0144.html



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4db9697cf4d5baa314d39390cf45af689f080e8d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4db9697cf4d5baa314d39390cf45af689f080e8d
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260519/825a134d/attachment.htm>

More information about the debian-security-tracker-commits mailing list