[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed May 20 20:14:56 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
486bb7e4 by security tracker role at 2026-05-20T19:14:50+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -15,13 +15,13 @@ CVE-2026-9059 (NextGEN Gallery version prior to 4.2.1 are vulnerable to authenti
 CVE-2026-8598 (An undocumented configuration export port is accessible on some models ...)
 	TODO: check
 CVE-2026-8488 (Allocation of resources without limits or throttling vulnerability in  ...)
-	TODO: check
+	NOT-FOR-US: Progress Software
 CVE-2026-8487 (Incorrect default permissions vulnerability in Progress Software MOVEi ...)
-	TODO: check
+	NOT-FOR-US: Progress Software
 CVE-2026-8486 (Allocation of resources without limits or throttling vulnerability in  ...)
-	TODO: check
+	NOT-FOR-US: Progress Software
 CVE-2026-8485 (Uncontrolled Memory Allocation vulnerability in Progress Software MOVE ...)
-	TODO: check
+	NOT-FOR-US: Progress Software
 CVE-2026-8469 (Allocation of Resources Without Limits or Throttling vulnerability in  ...)
 	TODO: check
 CVE-2026-8467 (Code Injection vulnerability in phenixdigital phoenix_storybook allows ...)
@@ -29,25 +29,25 @@ CVE-2026-8467 (Code Injection vulnerability in phenixdigital phoenix_storybook a
 CVE-2026-8342
 	REJECTED
 CVE-2026-7613 (The Cost of Goods by PixelYourSite plugin for WordPress is vulnerable  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-6728 (The Slider Revolution plugin for WordPress is vulnerable to Sensitive  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-6405 (The Anomify AI \u2013 Anomaly Detection and Alerting plugin for WordPr ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-5783 (Improper neutralization of input during web page generation ('cross-si ...)
 	TODO: check
 CVE-2026-5200 (The AcyMailing \u2013 An Ultimate Newsletter Plugin and Marketing Auto ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-4293 (The affectedKieback & Peter DDC building controllersare vulnerable to  ...)
 	TODO: check
 CVE-2026-47068 (Authorization Bypass Through User-Controlled Key vulnerability in phen ...)
 	TODO: check
 CVE-2026-45584 (Heap-based buffer overflow in Microsoft Defender allows an unauthorize ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-45498 (Microsoft Defender Denial of Service Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-45443 (Missing Authorization vulnerability in ADD-ONS.ORG PDF for Elementor F ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-44933 (`PluginScript` attempts to `chroot` the plugin to the `repoManagerRoot ...)
 	TODO: check
 CVE-2026-44926 (InfoScale CmdServer before 7.4.2 mishandles access control.)
@@ -59,25 +59,25 @@ CVE-2026-44924 (InfoScale VIOM 9.1.3 allows XSS.)
 CVE-2026-44923 (SQL injection in InfoScale VIOM before v9.1.3 allows remote attackers  ...)
 	TODO: check
 CVE-2026-42834 (Improper link resolution before file access ('link following') in Azur ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-42383 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-41091 (Improper link resolution before file access ('link following') in Micr ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-39047 (Buffer Overflow vulnerability in EPSON L14150 FL27PB allows a remote a ...)
 	TODO: check
 CVE-2026-35070 (Dell SmartFabric Storage Software, versions prior to 1.4.5, contains a ...)
-	TODO: check
+	NOT-FOR-US: Dell / EMC
 CVE-2026-30691 (Cross-Site Scripting (XSS) vulnerability in @cyntler/react-doc-viewer  ...)
 	TODO: check
 CVE-2026-27424 (Missing Authorization vulnerability in WP Chill Image Photo Gallery Fi ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-27405 (Missing Authorization vulnerability in Magepeople inc. WpBookingly all ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-25602 (Insufficient Verification of Data Authenticity vulnerability in Mesalv ...)
 	TODO: check
 CVE-2026-24573 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-24425 (Twig versions 2.16.x and 3.9.0 through 3.25.x contain a sandbox bypass ...)
 	TODO: check
 CVE-2026-22554 (MediaArea MediaInfoLib Channel Splitting heap-based buffer overflow vu ...)
@@ -87,13 +87,13 @@ CVE-2026-22315 (Incorrect Privilege Assignment vulnerability in Mesalvo Meona Cl
 CVE-2026-22314 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
 	TODO: check
 CVE-2026-21836 (The HCL DominoIQ RAG feature isaffected bya Broken Access Control vuln ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2026-20240 (In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.11, and 9.3.12 ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2026-20239 (In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Clou ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2026-20238 (In Splunk AI Toolkit versions below 5.7.3, a low-privileged user that  ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2026-20223 (A vulnerability in the access validation of internal REST APIs of ...)
 	TODO: check
 CVE-2026-20206 (A vulnerability in the BrowserBot component of Cisco ThousandEyes Ente ...)
@@ -101,17 +101,17 @@ CVE-2026-20206 (A vulnerability in the BrowserBot component of Cisco ThousandEye
 CVE-2026-20199 (A vulnerability in the SSL certificate handling of Cisco ThousandEyes  ...)
 	TODO: check
 CVE-2026-20171 (A vulnerability in the Border Gateway Protocol (BGP) enforce-firs ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2026-0857 (Cleartext Storage of Sensitive Information in Memory vulnerability in  ...)
 	TODO: check
 CVE-2026-0856 (Improper Access Control vulnerability in Mesalvo Meona Client Launcher ...)
 	TODO: check
 CVE-2025-32750 (Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Exposure of  ...)
-	TODO: check
+	NOT-FOR-US: Dell / EMC
 CVE-2025-31985 (HCL BigFix Service Management (SM) is affected by a security misconfig ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2025-31973 (HCL BigFix Service Management (SM) is susceptible to  a Configuration  ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2025-11954 (Cross-Site request forgery (CSRF) vulnerability in Sitemio Information ...)
 	TODO: check
 CVE-2023-7346 (Ledger Bitcoin app versions 2.1.0 and 2.1.1 contain an address derivat ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/486bb7e422b3f27ea4f6a6a5b4a10e6539b54fbd

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/486bb7e422b3f27ea4f6a6a5b4a10e6539b54fbd
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260520/5024a964/attachment.htm>

More information about the debian-security-tracker-commits mailing list