[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) Fri, 20 Mar 2026 13:20:18 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
1be042b3 by security tracker role at 2026-03-20T20:20:01+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7,9 +7,9 @@ CVE-2026-4504 (A flaw has been found in eosphoros-ai db-gpt up 
to 0.7.5. This vu
 CVE-2026-4500 (A vulnerability was identified in bagofwords1 bagofwords up to 
0.0.297 ...)
        TODO: check
 CVE-2026-4499 (A vulnerability was determined in D-Link DIR-820LW 2.03. 
Affected is t ...)
-       TODO: check
+       NOT-FOR-US: D-Link
 CVE-2026-4497 (A vulnerability was determined in Totolink WA300 
5.2cu.7112_B20190227. ...)
-       TODO: check
+       NOT-FOR-US: TOTOLINK
 CVE-2026-4496 (A vulnerability was found in sigmade Git-MCP-Server up to 
785aa159f262 ...)
        TODO: check
 CVE-2026-4495 (A security flaw has been discovered in atjiu pybbs 6.0.0. This 
impacts ...)
@@ -17,41 +17,41 @@ CVE-2026-4495 (A security flaw has been discovered in atjiu 
pybbs 6.0.0. This im
 CVE-2026-4494 (A vulnerability was identified in atjiu pybbs 6.0.0. This 
affects the  ...)
        TODO: check
 CVE-2026-4493 (A vulnerability was determined in Tenda A18 Pro 02.03.02.28. 
The impac ...)
-       TODO: check
+       NOT-FOR-US: Tenda
 CVE-2026-4492 (A vulnerability was found in Tenda A18 Pro 02.03.02.28. The 
affected e ...)
-       TODO: check
+       NOT-FOR-US: Tenda
 CVE-2026-4491 (A vulnerability has been found in Tenda A18 Pro 02.03.02.28. 
Impacted  ...)
-       TODO: check
+       NOT-FOR-US: Tenda
 CVE-2026-4490 (A flaw has been found in Tenda A18 Pro 02.03.02.28. This issue 
affects ...)
-       TODO: check
+       NOT-FOR-US: Tenda
 CVE-2026-4489 (A vulnerability was detected in Tenda A18 Pro 02.03.02.28. This 
vulner ...)
-       TODO: check
+       NOT-FOR-US: Tenda
 CVE-2026-4488 (A vulnerability was identified in UTT HiPER 1250GW up to 
3.2.7-210907- ...)
        TODO: check
 CVE-2026-4487 (A vulnerability was determined in UTT HiPER 1200GW up to 
2.5.3-170306. ...)
        TODO: check
 CVE-2026-4486 (A vulnerability was found in D-Link DIR-513 1.10. This affects 
the fun ...)
-       TODO: check
+       NOT-FOR-US: D-Link
 CVE-2026-4485 (A vulnerability has been found in itsourcecode College 
Management Syst ...)
-       TODO: check
+       NOT-FOR-US: itsourcecode System
 CVE-2026-4438 (Calling gethostbyaddr or gethostbyaddr_r with a configured 
nsswitch.co ...)
        TODO: check
 CVE-2026-4437 (Calling gethostbyaddr or gethostbyaddr_r with a configured 
nsswitch.co ...)
        TODO: check
 CVE-2026-4434 (Improper certificate validation in the PAM propagation WinRM 
connectio ...)
-       TODO: check
+       NOT-FOR-US: Devolutions
 CVE-2026-3550 (The RockPress plugin for WordPress is vulnerable to Missing 
Authorizat ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-33372 (An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 
10.1. A ...)
-       TODO: check
+       NOT-FOR-US: Zimbra
 CVE-2026-33371 (An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 
10.1. A ...)
-       TODO: check
+       NOT-FOR-US: Zimbra
 CVE-2026-33370 (An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 
10.1. A ...)
-       TODO: check
+       NOT-FOR-US: Zimbra
 CVE-2026-33369 (Zimbra Collaboration (ZCS) 10.0 and 10.1 contains an LDAP 
injection vu ...)
-       TODO: check
+       NOT-FOR-US: Zimbra
 CVE-2026-33368 (Zimbra Collaboration Suite (ZCS) 10.0 and 10.1 contains a 
reflected cr ...)
-       TODO: check
+       NOT-FOR-US: Zimbra
 CVE-2026-33312 (Vikunja is an open-source self-hosted task management 
platform. Starti ...)
        TODO: check
 CVE-2026-33192 (Free5GC is an open-source Linux Foundation project for 5th 
generation  ...)
@@ -61,13 +61,13 @@ CVE-2026-33140 (PySpector is a static analysis security 
testing (SAST) Framework
 CVE-2026-33139 (PySpector is a static analysis security testing (SAST) 
Framework engin ...)
        TODO: check
 CVE-2026-33136 (WeGIA is a web manager for charitable institutions. Versions 
3.6.6 and ...)
-       TODO: check
+       NOT-FOR-US: WeGIA
 CVE-2026-33135 (WeGIA is a web manager for charitable institutions. Versions 
3.6.6 and ...)
-       TODO: check
+       NOT-FOR-US: WeGIA
 CVE-2026-33134 (WeGIA is a web manager for charitable institutions. Versions 
3.6.5 and ...)
-       TODO: check
+       NOT-FOR-US: WeGIA
 CVE-2026-33133 (WeGIA is a web manager for charitable institutions. In 
versions 3.6.5  ...)
-       TODO: check
+       NOT-FOR-US: WeGIA
 CVE-2026-33132 (ZITADEL is an open source identity management platform. 
Versions prior ...)
        TODO: check
 CVE-2026-33131 (H3 is a minimal H(TTP) framework. Versions 2.0.0-0 through 
2.0.1-rc.14 ...)
@@ -145,9 +145,9 @@ CVE-2026-30579 (File Thingie 2.5.7 is vulnerable to Cross 
Site Scripting (XSS).
 CVE-2026-30578 (File Thinghie 2.5.7 is vulnerable to Cross Site Scripting 
(XSS). A mal ...)
        TODO: check
 CVE-2026-2432 (The CM Custom Reports \u2013 Flexible reporting to track what 
matters  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-2421 (The ilGhera Carta Docente for WooCommerce plugin for WordPress 
is vuln ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-29828 (DooTask v1.6.27 has a Cross-Site Scripting (XSS) vulnerability 
in the  ...)
        TODO: check
 CVE-2026-29794 (Vikunja is an open-source self-hosted task management 
platform. Starti ...)
@@ -157,51 +157,51 @@ CVE-2026-27625 (Stirling-PDF is a locally hosted web 
application that performs v
 CVE-2026-25792 (Greenshot is an open source Windows screenshot utility. 
Versions 1.3.3 ...)
        TODO: check
 CVE-2026-22902 (A command injection vulnerability has been reported to affect 
QuNetSwi ...)
-       TODO: check
+       NOT-FOR-US: QNAP
 CVE-2026-22901 (A command injection vulnerability has been reported to affect 
QuNetSwi ...)
-       TODO: check
+       NOT-FOR-US: QNAP
 CVE-2026-22900 (A use of hard-coded credentials vulnerability has been 
reported to aff ...)
-       TODO: check
+       NOT-FOR-US: QNAP
 CVE-2026-22898 (A missing authentication for critical function vulnerability 
has been  ...)
-       TODO: check
+       NOT-FOR-US: QNAP
 CVE-2026-22897 (A command injection vulnerability has been reported to affect 
QuNetSwi ...)
-       TODO: check
+       NOT-FOR-US: QNAP
 CVE-2026-22895 (A cross-site scripting (XSS) vulnerability has been reported 
to affect ...)
-       TODO: check
+       NOT-FOR-US: QNAP
 CVE-2026-22324 (Improper Control of Filename for Include/Require Statement in 
PHP Prog ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-22172 (OpenClaw versions prior to 2026.3.12 contain an authorization 
bypass v ...)
-       TODO: check
+       NOT-FOR-US: OpenClaw
 CVE-2026-0677 (Deserialization of Untrusted Data vulnerability in TotalSuite 
TotalCon ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2025-67260 (The Terrapack software, from ASTER TEC / ASTER S.p.A., with 
the indica ...)
        TODO: check
 CVE-2025-63260 (SyncFusion 30.1.37 is vulnerable to Cross Site Scripting (XSS) 
via the ...)
        TODO: check
 CVE-2025-62846 (An SQL injection vulnerability has been reported to affect 
QHora. If a ...)
-       TODO: check
+       NOT-FOR-US: QNAP
 CVE-2025-62845 (An improper neutralization of escape, meta, or control 
sequences vulne ...)
-       TODO: check
+       NOT-FOR-US: QNAP
 CVE-2025-62844 (A weak authentication vulnerability has been reported to 
affect QHora. ...)
-       TODO: check
+       NOT-FOR-US: QNAP
 CVE-2025-62843 (An improper restriction of communication channel to intended 
endpoints ...)
-       TODO: check
+       NOT-FOR-US: QNAP
 CVE-2025-59383 (A buffer overflow vulnerability has been reported to affect 
Media Stre ...)
-       TODO: check
+       NOT-FOR-US: QNAP
 CVE-2025-46598 (Bitcoin Core through 29.0 allows a denial of service via a 
crafted tra ...)
        TODO: check
 CVE-2025-46597 (Bitcoin Core 0.13.0 through 29.x has an integer overflow.)
        TODO: check
 CVE-2025-15608 (This vulnerability in AX53 v1 results from insufficient input 
sanitiza ...)
-       TODO: check
+       NOT-FOR-US: TPLink
 CVE-2025-15607 (A command injection vulnerability on AX53 v1 occurs in mscd 
debug func ...)
-       TODO: check
+       NOT-FOR-US: TPLink
 CVE-2024-44722 (SysAK v2.0 and before is vulnerable to command execution via 
aaa;cat / ...)
        TODO: check
 CVE-2024-32537 (Cross-Site request forgery (CSRF) vulnerability in joshuae1974 
Flash V ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2024-31119 (Improper neutralization of input during web page generation 
('cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-23278 (In the Linux kernel, the following vulnerability has been 
resolved:  n ...)
        - linux <unfixed>
        NOTE: 
https://git.kernel.org/linus/7cb9a23d7ae40a702577d3d8bacb7026f04ac2a9 (7.0-rc4)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1be042b3a3ce74b01eb706907c1a0bd2e86a7a5f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1be042b3a3ce74b01eb706907c1a0bd2e86a7a5f
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Reply via email to