[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) Wed, 11 Mar 2026 13:14:07 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
d3a8fd03 by security tracker role at 2026-03-11T20:13:47+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9,27 +9,27 @@ CVE-2026-3949 (A vulnerability was determined in strukturag 
libheif up to 1.21.2
 CVE-2026-3946 (A vulnerability was detected in PHPEMS 11.0. The affected 
element is a ...)
        TODO: check
 CVE-2026-3944 (A vulnerability was determined in itsourcecode University 
Management S ...)
-       TODO: check
+       NOT-FOR-US: itsourcecode System
 CVE-2026-3943 (A vulnerability was found in H3C ACG1000-AK230 up to 20260227. 
This af ...)
        TODO: check
 CVE-2026-3906 (WordPress core is vulnerable to unauthorized access in versions 
6.9 th ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-3848 (GitLab has remediated an issue in GitLab CE/EE affecting all 
versions  ...)
        TODO: check
 CVE-2026-3496 (The JetBooking plugin for WordPress is vulnerable to SQL 
Injection via ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-3492 (The Gravity Forms plugin for WordPress is vulnerable to Stored 
Cross-S ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-3231 (The Checkout Field Editor (Checkout Manager) for WooCommerce 
plugin fo ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-3178 (The Name Directory plugin for WordPress is vulnerable to Stored 
Cross- ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-3013 (Coppermine Photo Gallery in versions 1.6.09 through 1.6.27is 
vulnerabl ...)
        TODO: check
 CVE-2026-32234 (Parse Server is an open source backend that can be deployed to 
any inf ...)
        TODO: check
 CVE-2026-32229 (In JetBrains Hub before 2026.1 possible on sign-in account 
mismatch wi ...)
-       TODO: check
+       NOT-FOR-US: JetBrains
 CVE-2026-32098 (Parse Server is an open source backend that can be deployed to 
any inf ...)
        TODO: check
 CVE-2026-32097 (PingPong is a platform for using large language models (LLMs) 
for teac ...)
@@ -41,15 +41,15 @@ CVE-2026-32095 (Plunk is an open-source email platform 
built on top of AWS SES.
 CVE-2026-32094 (Shescape is a simple shell escape library for JavaScript. 
Prior to 2.1 ...)
        TODO: check
 CVE-2026-32063 (OpenClaw version 2026.2.19-2 prior to 2026.2.21 contains a 
command inj ...)
-       TODO: check
+       NOT-FOR-US: OpenClaw
 CVE-2026-32062 (OpenClaw versions2026.2.21-2 prior to 2026.2.22 and 
@openclaw/voice-ca ...)
-       TODO: check
+       NOT-FOR-US: OpenClaw
 CVE-2026-32061 (OpenClaw versions prior to 2026.2.17 contain a path traversal 
vulnerab ...)
-       TODO: check
+       NOT-FOR-US: OpenClaw
 CVE-2026-32060 (OpenClaw versions prior to 2026.2.14 contain a path traversal 
vulnerab ...)
-       TODO: check
+       NOT-FOR-US: OpenClaw
 CVE-2026-32059 (OpenClaw version 2026.2.22-2 prior to 2026.2.23 
tools.exec.safeBins va ...)
-       TODO: check
+       NOT-FOR-US: OpenClaw
 CVE-2026-31979 (Himmelblau is an interoperability suite for Microsoft Azure 
Entra ID a ...)
        TODO: check
 CVE-2026-31976 (xygeni-action is the GitHub Action for Xygeni Scanner. On 
March 3, 202 ...)
@@ -69,17 +69,17 @@ CVE-2026-31958 (Tornado is a Python web framework and 
asynchronous networking li
 CVE-2026-31957 (Himmelblau is an interoperability suite for Microsoft Azure 
Entra ID a ...)
        TODO: check
 CVE-2026-31954 (Emlog is an open source website building system. In 2.6.6 and 
earlier, ...)
-       TODO: check
+       NOT-FOR-US: Emlog
 CVE-2026-31901 (Parse Server is an open source backend that can be deployed to 
any inf ...)
        TODO: check
 CVE-2026-31900 (Black is the uncompromising Python code formatter. Black 
provides a Gi ...)
        TODO: check
 CVE-2026-31896 (WeGIA is a web manager for charitable institutions. Prior to 
version 3 ...)
-       TODO: check
+       NOT-FOR-US: WeGIA
 CVE-2026-31895 (WeGIA is a web manager for charitable institutions. Prior to 
version 3 ...)
-       TODO: check
+       NOT-FOR-US: WeGIA
 CVE-2026-31894 (WeGIA is a web manager for charitable institutions. In 3.6.5, 
The patc ...)
-       TODO: check
+       NOT-FOR-US: WeGIA
 CVE-2026-31892 (Argo Workflows is an open source container-native workflow 
engine for  ...)
        TODO: check
 CVE-2026-31889 (Shopware is an open commerce platform. Prior to 6.6.10.15 and 
6.7.8.1, ...)
@@ -141,17 +141,17 @@ CVE-2026-31839 (Striae is a firearms examiner's 
comparison companion. A high-sev
 CVE-2026-31813 (Supabase Auth is a JWT based API for managing users and 
issuing JWT to ...)
        TODO: check
 CVE-2026-30903 (External Control of File Name or Path in the Mail feature of 
Zoom Work ...)
-       TODO: check
+       NOT-FOR-US: Zoom
 CVE-2026-30902 (Improper Privilege Management in certain Zoom Clients for 
Windows may  ...)
-       TODO: check
+       NOT-FOR-US: Zoom
 CVE-2026-30901 (Improper Input Validation in Zoom Rooms for Windows before 
6.6.5 in Ki ...)
-       TODO: check
+       NOT-FOR-US: Zoom
 CVE-2026-30900 (Improper Check of minimum version in update functionality of 
certain Z ...)
-       TODO: check
+       NOT-FOR-US: Zoom
 CVE-2026-30868 (OPNsense is a FreeBSD based firewall and routing platform. 
Prior to 26 ...)
        TODO: check
 CVE-2026-30741 (A remote code execution (RCE) vulnerability in OpenClaw Agent 
Platform ...)
-       TODO: check
+       NOT-FOR-US: OpenClaw
 CVE-2026-30239 (OpenProject is an open-source, web-based project management 
software.  ...)
        TODO: check
 CVE-2026-30236 (OpenProject is an open-source, web-based project management 
software.  ...)
@@ -175,41 +175,41 @@ CVE-2026-27703 (RIOT is an open-source microcontroller 
operating system, designe
 CVE-2026-27478 (Unity Catalog is an open, multi-modal Catalog for data and AI. 
In 0.4. ...)
        TODO: check
 CVE-2026-24510 (Dell Alienware Command Center (AWCC), versions prior to 
6.12.24.0, con ...)
-       TODO: check
+       NOT-FOR-US: Dell / EMC
 CVE-2026-24509 (Dell Alienware Command Center (AWCC), versions prior to 
6.12.24.0, con ...)
-       TODO: check
+       NOT-FOR-US: Dell / EMC
 CVE-2026-24508 (Dell Alienware Command Center (AWCC), versions prior to 
6.12.24.0, con ...)
-       TODO: check
+       NOT-FOR-US: Dell / EMC
 CVE-2026-22248 (GLPI is an open-source asset and IT management software 
package that p ...)
        TODO: check
 CVE-2026-21888 (NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging 
Platform.  ...)
        TODO: check
 CVE-2026-20166 (In Splunk Enterprise versions below 10.2.1 and 10.0.4, and 
Splunk Clou ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2026-20165 (In Splunk Enterprise versions below 10.2.1, 10.0.4, 9.4.9, and 
9.3.10, ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2026-20164 (In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.9, and 
9.3.10, ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2026-20163 (In Splunk Enterprise versions below 10.2.0, 10.0.4, 9.4.9, and 
9.3.10, ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2026-20162 (In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.9, and 
9.3.9,  ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2026-20118 (A vulnerability in the handling of an Egress Packet Network 
Interface  ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2026-20117 (A vulnerability in the web-based management interface of Cisco 
Unified ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2026-20116 (A vulnerability in the web-based management interface of&nbsp; 
Cisco F ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2026-20074 (A vulnerability in the Intermediate System-to-Intermediate 
System (IS- ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2026-20046 (A vulnerability in task group assignment for a specific CLI 
command in ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2026-20040 (A vulnerability in the CLI of Cisco IOS XR Software could 
allow an aut ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2026-1993 (The ExactMetrics \u2013 Google Analytics Dashboard for 
WordPress plugi ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-1992 (The ExactMetrics \u2013 Google Analytics Dashboard for 
WordPress plugi ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-1732 (GitLab has remediated an issue in GitLab CE/EE affecting all 
versions  ...)
        TODO: check
 CVE-2026-1663 (GitLab has remediated an issue in GitLab CE/EE affecting all 
versions  ...)
@@ -221,7 +221,7 @@ CVE-2026-1497 (Incorrect resolving of namespaces in 
composite databases in Neo4j
 CVE-2026-1471 (Excessive caching of authentication context in Neo4j Enterprise 
editio ...)
        TODO: check
 CVE-2026-1454 (The Responsive Contact Form Builder & Lead Generation Plugin 
plugin fo ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-1230 (GitLab has remediated an issue in GitLab CE/EE affecting all 
versions  ...)
        TODO: check
 CVE-2026-1090 (GitLab has remediated an issue in GitLab CE/EE affecting all 
versions  ...)
@@ -231,9 +231,9 @@ CVE-2026-1069 (GitLab has remediated an issue in GitLab 
CE/EE affecting all vers
 CVE-2026-0602 (GitLab has remediated an issue in GitLab CE/EE affecting all 
versions  ...)
        TODO: check
 CVE-2026-0231 (An information disclosure vulnerability inPalo Alto Networks 
Cortex XD ...)
-       TODO: check
+       NOT-FOR-US: Palo Alto Networks
 CVE-2026-0230 (A problem with a protection mechanism in the Palo Alto Networks 
Cortex ...)
-       TODO: check
+       NOT-FOR-US: Palo Alto Networks
 CVE-2025-70330 (Easy Grade Pro 4.1.0.2 contains a file parsing logic flaw in 
the handl ...)
        TODO: check
 CVE-2025-70082 (An issue in Lantronix EDS3000PS v.3.1.0.0R2 allows an attacker 
to exec ...)
@@ -269,7 +269,7 @@ CVE-2025-12704 (GitLab has remediated an issue in GitLab EE 
affecting all versio
 CVE-2025-12697 (GitLab has remediated an issue in GitLab CE/EE affecting all 
versions  ...)
        TODO: check
 CVE-2025-12690 (Execution with unnecessary privileges in Forcepoint NGFW 
Engine allows ...)
-       TODO: check
+       NOT-FOR-US: Forcepoint
 CVE-2025-12576 (GitLab has remediated an issue in GitLab CE/EE affecting all 
versions  ...)
        TODO: check
 CVE-2025-12555 (GitLab has remediated an issue in GitLab CE/EE affecting all 
versions  ...)
@@ -297,7 +297,7 @@ CVE-2019-25475 (SQL Server Password Changer 1.90 contains a 
buffer overflow vuln
 CVE-2019-25474 (Easy MP3 Downloader 4.7.8.8 contains a buffer overflow 
vulnerability t ...)
        TODO: check
 CVE-2019-25472 (IntelBras Telefone IP TIP200 and 200 LITE contain an 
unauthenticated a ...)
-       TODO: check
+       NOT-FOR-US: Intelbras
 CVE-2019-25471 (FileThingie 2.5.7 contains an arbitrary file upload 
vulnerability that ...)
        TODO: check
 CVE-2019-25470 (eWON Firmware versions 12.2 to 13.0 contain an authentication 
bypass v ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d3a8fd034370179318e02b20c6888b7451668869

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d3a8fd034370179318e02b20c6888b7451668869
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Reply via email to