[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) Thu, 19 Mar 2026 13:13:18 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
386ad0d6 by security tracker role at 2026-03-19T20:12:58+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5,7 +5,7 @@ CVE-2026-4426 (A flaw was found in libarchive. An Undefined 
Behavior vulnerabili
 CVE-2026-4424 (A flaw was found in libarchive. This heap out-of-bounds read 
vulnerabi ...)
        TODO: check
 CVE-2026-3658 (The Appointment Booking Calendar \u2014 Simply Schedule 
Appointments B ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-3580 (In wolfSSL 5.8.4, constant-time masking logic in 
sp_256_get_entry_256_ ...)
        TODO: check
 CVE-2026-3579 (wolfSSL 5.8.4 on RISC-V RV32I architectures lacks a 
constant-time soft ...)
@@ -31,13 +31,13 @@ CVE-2026-32865 (OPEXUS eComplaint and eCASE before version 
10.1.0.0 include the
 CVE-2026-32843 (Location Aware Sensor System by Linkit ONE, up to commit 
f06bd20 (2023 ...)
        TODO: check
 CVE-2026-32238 (OpenEMR is a free and open source electronic health records 
and medica ...)
-       TODO: check
+       NOT-FOR-US: OpenEMR
 CVE-2026-32119 (OpenEMR is a free and open source electronic health records 
and medica ...)
-       TODO: check
+       NOT-FOR-US: OpenEMR
 CVE-2026-30711 (Devome GRR v4.5.0 was discovered to contain multiple 
authenticated SQL ...)
        TODO: check
 CVE-2026-30694 (An issue in DedeCMS v.5.7.118 and before allows a remote 
attacker to e ...)
-       TODO: check
+       NOT-FOR-US: DedeCMS
 CVE-2026-30404 (The backend database management connection test feature in 
wgcloud v3. ...)
        TODO: check
 CVE-2026-30403 (There is an arbitrary file read vulnerability in the test 
connection f ...)
@@ -49,15 +49,15 @@ CVE-2026-2646 (A heap-buffer-overflow vulnerability exists 
in wolfSSL's wolfSSL_
 CVE-2026-2645 (In wolfSSL 5.8.2 and earlier, a logic flaw existed in the TLS 
1.2 serv ...)
        TODO: check
 CVE-2026-27070 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-27068 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-27067 (Unrestricted Upload of File with Dangerous Type vulnerability 
in Syari ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-27065 (Improper Control of Filename for Include/Require Statement in 
PHP Prog ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-27043 (Unrestricted Upload of File with Dangerous Type vulnerability 
in Theme ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-26940 (Improper Validation of Specified Quantity in Input (CWE-1284) 
in the T ...)
        TODO: check
 CVE-2026-26939 (Missing Authorization (CWE-862) in Kibana\u2019s server-side 
Detection ...)
@@ -67,25 +67,25 @@ CVE-2026-26933 (Improper Validation of Array Index 
(CWE-129) in multiple protoco
 CVE-2026-26931 (Memory Allocation with Excessive Size Value (CWE-789) in the 
Prometheu ...)
        TODO: check
 CVE-2026-25928 (OpenEMR is a free and open source electronic health records 
and medica ...)
-       TODO: check
+       NOT-FOR-US: OpenEMR
 CVE-2026-25744 (OpenEMR is a free and open source electronic health records 
and medica ...)
-       TODO: check
+       NOT-FOR-US: OpenEMR
 CVE-2026-25667 (ASP.NET Core Kestrel in Microsoft .NET 8.0 before 8.0.22 and 
.NET 9.0  ...)
        TODO: check
 CVE-2026-25445 (Deserialization of Untrusted Data vulnerability in Membership 
Software ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-25443 (Missing Authorization vulnerability in Dotstore Fraud 
Prevention For W ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-25442 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-25438 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-22558 (An Authenticated NoSQL Injection vulnerability found in UniFi 
Network  ...)
        TODO: check
 CVE-2026-22557 (A malicious actor with access to the network could exploit a 
Path Trav ...)
        TODO: check
 CVE-2026-21788 (HCL Connections is vulnerable to a cross-site scripting attack 
where a ...)
-       TODO: check
+       NOT-FOR-US: HCL
 CVE-2026-1005 (Integer underflow in wolfSSL packet sniffer <= 5.8.4 allows an 
attacke ...)
        TODO: check
 CVE-2026-0819 (A stack buffer overflow vulnerability exists in wolfSSL's PKCS7 
Signed ...)
@@ -101,9 +101,9 @@ CVE-2025-71257 (BMC FootPrints ITSM versions 20.20.02 
through 20.24.01.001 conta
 CVE-2025-69720 (ncurses v6.5 and v6.4 are vulnerable to Buffer Overflow in 
progs/infoc ...)
        TODO: check
 CVE-2025-68836 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2025-67618 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2025-67115 (A path traversal vulnerability in /ftl/web/setup.cgi in Small 
Cell Ser ...)
        TODO: check
 CVE-2025-67114 (Use of a deterministic credential generation algorithm in 
/ftl/bin/cal ...)
@@ -113,17 +113,17 @@ CVE-2025-67113 (OS command injection in the CWMP client 
(/ftl/bin/cwmp) of Small
 CVE-2025-67112 (Use of a hard-coded AES-256-CBC key in the configuration 
backup/restor ...)
        TODO: check
 CVE-2025-62043 (Improper neutralization of input during web page generation 
('cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2025-60237 (Deserialization of Untrusted Data vulnerability in Themeton 
Finag allo ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2025-60233 (Deserialization of Untrusted Data vulnerability in Themeton 
Zuut allow ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2025-53222 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2025-50001 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2025-32223 (Authorization Bypass Through User-Controlled Key vulnerability 
in Them ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2025-14716 (Improper Authentication vulnerability in Secomea GateManager 
(webserve ...)
        TODO: check
 CVE-2026-4342



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/386ad0d6738fae6f58f7684f659e4d0966d780a8

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/386ad0d6738fae6f58f7684f659e4d0966d780a8
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Reply via email to