[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu May 21 20:14:37 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b3841a9b by security tracker role at 2026-05-21T19:14:31+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,11 +3,11 @@ CVE-2026-9157 (Improper input validation, Unrestricted upload of file with dange
 CVE-2026-9089 (The ConnectWise Automate\u2122 Agent does not fully verify the authent ...)
 	TODO: check
 CVE-2026-5434 (Honeywell Control Network Module (CNM)contains insertion of sensitive  ...)
-	TODO: check
+	NOT-FOR-US: Honeywell
 CVE-2026-5433 (Honeywell Control Network Module (CNM)contains command injection vulne ...)
-	TODO: check
+	NOT-FOR-US: Honeywell
 CVE-2026-5118 (The Divi Form Builder plugin for WordPress is vulnerable to privilege  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-4858 (Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4 ...)
 	TODO: check
 CVE-2026-4055 (Mattermost versions 11.5.x <= 11.5.1 fail to validate team-level run_c ...)
@@ -87,7 +87,7 @@ CVE-2026-48214 (Open ISES Tickets before 3.44.2 contains a reflected cross-site
 CVE-2026-48213 (Open ISES Tickets before 3.44.2 contains a reflected cross-site script ...)
 	TODO: check
 CVE-2026-48207 (Deserialization of untrusted data in Apache Fory PyFory. PyFory's Redu ...)
-	TODO: check
+	NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-45760 ((Externally Controlled Reference to a Resource in Another Sphere), (Au ...)
 	TODO: check
 CVE-2026-45255 (When bsdinstall or bsdconfig are prompted to scan for nearby Wi-Fi net ...)
@@ -101,37 +101,37 @@ CVE-2026-45252 (When a fusefs file system implements extended attributes, the ke
 CVE-2026-45251 (A file descriptor can be closed while a thread is blocked in a poll(2) ...)
 	TODO: check
 CVE-2026-45208 (A time-of-check time-of-use vulnerability in the Apex One/SEP agent co ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2026-45207 (An origin validation vulnerability in the Apex One/SEP agent could all ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2026-45206 (An origin validation vulnerability in the Apex One/SEP agent could all ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2026-39593 (Missing Authorization vulnerability in VillaTheme HAPPY allows Exploit ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-39531 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-39461 (libcasper(3) communicates with helper processes via UNIX domain socket ...)
 	TODO: check
 CVE-2026-36189 (Buffer Overflow vulnerability in Uncrustify Project Affected v.Uncrust ...)
 	TODO: check
 CVE-2026-34930 (An origin validation vulnerability in the Apex One/SEP agent could all ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2026-34929 (An origin validation vulnerability in the Apex One/SEP agent could all ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2026-34928 (An origin validation vulnerability in the Apex One/SEP agent could all ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2026-34927 (An origin validation vulnerability in the Apex One/SEP agent could all ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2026-34926 (A directory traversal vulnerability in the Apex One (on-premise) serve ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2026-2740 (Zohocorp ManageEngine ADSelfService Plus version before 6525, DataSecu ...)
-	TODO: check
+	NOT-FOR-US: Zoho
 CVE-2026-28764 (MediaArea MediaInfoLib LXF element parsing heap-based buffer overflow  ...)
 	TODO: check
 CVE-2026-27393 (Missing Authorization vulnerability in Tobias CF7 WOW Styler allows Ex ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-27349 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-22880 (Mattermost Mobile Apps versions <=2.37 11.4 2.0.37 11.0.4 11.1.3 11.3. ...)
 	TODO: check
 CVE-2026-1816 (Improper restriction of excessive authentication attempts vulnerabilit ...)
@@ -141,21 +141,21 @@ CVE-2026-1815 (Insufficient session expiration vulnerability in Turkiye Electric
 CVE-2026-0393 (The affected product may expose credentials remotely between low privi ...)
 	TODO: check
 CVE-2025-71217 (An origin validation error vulnerability in the Trend Micro Apex One ( ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2025-71216 (A time-of-check time-of-use vulnerability in the Trend Micro Apex One  ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2025-71215 (A time-of-check time-of-use vulnerability in the Trend Micro Apex One  ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2025-71214 (An origin validation error vulnerability in the Trend Micro Apex One ( ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2025-71213 (An origin validation error vulnerability in Trend Micro Apex One could ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2025-71212 (A link following vulnerability in the Trend Micro Apex One scan engine ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2025-71211 (A vulnerability in the Trend Micro Apex One management console could a ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2025-71210 (A vulnerability in the Trend Micro Apex One management console could a ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2025-13479 (Authorization bypass through User-Controlled key vulnerability in PosC ...)
 	TODO: check
 CVE-2025-13477 (Exposure of private personal information to an unauthorized actor, Ins ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b3841a9b28426e2d360a2621b922f08988780791

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b3841a9b28426e2d360a2621b922f08988780791
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260521/892d0a7a/attachment.htm>

More information about the debian-security-tracker-commits mailing list