[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) Tue, 07 Apr 2026 00:16:00 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
9f0475a7 by security tracker role at 2026-04-07T07:15:36+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,51 +1,51 @@
 CVE-2026-5719 (A flaw has been found in itsourcecode Construction Management 
System 1 ...)
-       TODO: check
+       NOT-FOR-US: itsourcecode System
 CVE-2026-5709 (Unsanitized input in the FileBrowser API in AWS Research and 
Engineeri ...)
-       TODO: check
+       NOT-FOR-US: Amazon
 CVE-2026-5708 (Unsanitized control of user-modifiable attributes in the 
session creat ...)
-       TODO: check
+       NOT-FOR-US: Amazon
 CVE-2026-5707 (Unsanitized input in an OS command in the virtual desktop 
session name ...)
-       TODO: check
+       NOT-FOR-US: Amazon
 CVE-2026-5705 (A vulnerability was identified in code-projects Online Hotel 
Booking 1 ...)
-       TODO: check
+       NOT-FOR-US: code-projects
 CVE-2026-5692 (A vulnerability was found in Totolink A7100RU 
7.4cu.2313_b20191024. Th ...)
-       TODO: check
+       NOT-FOR-US: TOTOLINK
 CVE-2026-5691 (A vulnerability has been found in Totolink A7100RU 
7.4cu.2313_b2019102 ...)
-       TODO: check
+       NOT-FOR-US: TOTOLINK
 CVE-2026-5690 (A flaw has been found in Totolink A7100RU 7.4cu.2313_b20191024. 
The im ...)
-       TODO: check
+       NOT-FOR-US: TOTOLINK
 CVE-2026-5689 (A vulnerability was detected in Totolink A7100RU 
7.4cu.2313_b20191024. ...)
-       TODO: check
+       NOT-FOR-US: TOTOLINK
 CVE-2026-5688 (A security vulnerability has been detected in Totolink A7100RU 
7.4cu.2 ...)
-       TODO: check
+       NOT-FOR-US: TOTOLINK
 CVE-2026-5687 (A weakness has been identified in Tenda CX12L 16.03.53.12. This 
issue  ...)
-       TODO: check
+       NOT-FOR-US: Tenda
 CVE-2026-5686 (A security flaw has been discovered in Tenda CX12L 16.03.53.12. 
This v ...)
-       TODO: check
+       NOT-FOR-US: Tenda
 CVE-2026-5685 (A vulnerability was identified in Tenda CX12L 16.03.53.12. This 
affect ...)
-       TODO: check
+       NOT-FOR-US: Tenda
 CVE-2026-5684 (A vulnerability was determined in Tenda CX12L 16.03.53.12. 
Affected by ...)
-       TODO: check
+       NOT-FOR-US: Tenda
 CVE-2026-5683 (A vulnerability was found in Tenda CX12L 16.03.53.12. Affected 
by this ...)
-       TODO: check
+       NOT-FOR-US: Tenda
 CVE-2026-5682 (A vulnerability has been found in Meesho Online Shopping App up 
to 27. ...)
        TODO: check
 CVE-2026-5681 (A flaw has been found in itsourcecode sanitize or validate this 
input  ...)
        TODO: check
 CVE-2026-5679 (A security vulnerability has been detected in Totolink A3300R 
17.0.0cu ...)
-       TODO: check
+       NOT-FOR-US: TOTOLINK
 CVE-2026-5465 (The Booking for Appointments and Events Calendar \u2013 Amelia 
plugin  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-4079 (The SQL Chart Builder WordPress plugin before 2.3.8 does not 
properly  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-35475 (WeGIA is a Web manager for charitable institutions. Prior to 
3.6.9, th ...)
-       TODO: check
+       NOT-FOR-US: WeGIA
 CVE-2026-35474 (WeGIA is a Web manager for charitable institutions. Prior to 
3.6.9, op ...)
-       TODO: check
+       NOT-FOR-US: WeGIA
 CVE-2026-35473 (WeGIA is a Web manager for charitable institutions. Prior to 
3.6.9, an ...)
-       TODO: check
+       NOT-FOR-US: WeGIA
 CVE-2026-35472 (WeGIA is a Web manager for charitable institutions. Prior to 
3.6.9, an ...)
-       TODO: check
+       NOT-FOR-US: WeGIA
 CVE-2026-35471 (goshs is a SimpleHTTPServer written in Go. Prior to 
2.0.0-beta.3, tdel ...)
        TODO: check
 CVE-2026-35459 (pyLoad is a free and open-source download manager written in 
Python. I ...)
@@ -63,31 +63,31 @@ CVE-2026-35448 (WWBN AVideo is an open source video 
platform. In versions 26.0 a
 CVE-2026-35444 (SDL_image is a library to load images of various formats as 
SDL surfac ...)
        TODO: check
 CVE-2026-35442 (Directus is a real-time API and App dashboard for managing SQL 
databas ...)
-       TODO: check
+       NOT-FOR-US: Directus
 CVE-2026-35441 (Directus is a real-time API and App dashboard for managing SQL 
databas ...)
-       TODO: check
+       NOT-FOR-US: Directus
 CVE-2026-35413 (Directus is a real-time API and App dashboard for managing SQL 
databas ...)
-       TODO: check
+       NOT-FOR-US: Directus
 CVE-2026-35412 (Directus is a real-time API and App dashboard for managing SQL 
databas ...)
-       TODO: check
+       NOT-FOR-US: Directus
 CVE-2026-35411 (Directus is a real-time API and App dashboard for managing SQL 
databas ...)
-       TODO: check
+       NOT-FOR-US: Directus
 CVE-2026-35410 (Directus is a real-time API and App dashboard for managing SQL 
databas ...)
-       TODO: check
+       NOT-FOR-US: Directus
 CVE-2026-35409 (Directus is a real-time API and App dashboard for managing SQL 
databas ...)
-       TODO: check
+       NOT-FOR-US: Directus
 CVE-2026-35408 (Directus is a real-time API and App dashboard for managing SQL 
databas ...)
-       TODO: check
+       NOT-FOR-US: Directus
 CVE-2026-35404 (Open edX Platform enables the authoring and delivery of online 
learnin ...)
        TODO: check
 CVE-2026-35399 (WeGIA is a Web manager for charitable institutions. Prior to 
3.6.9, a  ...)
-       TODO: check
+       NOT-FOR-US: WeGIA
 CVE-2026-35398 (WeGIA is a Web manager for charitable institutions. Prior to 
3.6.9, an ...)
-       TODO: check
+       NOT-FOR-US: WeGIA
 CVE-2026-35396 (WeGIA is a Web manager for charitable institutions. Prior to 
3.6.9, an ...)
-       TODO: check
+       NOT-FOR-US: WeGIA
 CVE-2026-35395 (WeGIA is a Web manager for charitable institutions. Prior to 
3.6.9, We ...)
-       TODO: check
+       NOT-FOR-US: WeGIA
 CVE-2026-35394 (Mobile Next is an MCP server for mobile development and 
automation. Pr ...)
        TODO: check
 CVE-2026-35393 (goshs is a SimpleHTTPServer written in Go. Prior to 
2.0.0-beta.3, the  ...)
@@ -109,7 +109,7 @@ CVE-2026-35203 (ZLMediaKit is a streaming media service 
framework. the VP9 RTP p
 CVE-2026-35201 (Discount is an implementation of John Gruber's Markdown markup 
languag ...)
        TODO: check
 CVE-2026-35200 (Parse Server is an open source backend that can be deployed to 
any inf ...)
-       TODO: check
+       NOT-FOR-US: Parse Server
 CVE-2026-35199 (SymCrypt is the core cryptographic function library currently 
used by  ...)
        TODO: check
 CVE-2026-35197 (dye is a portable and respectful color library for shell 
scripts. Prio ...)
@@ -149,25 +149,25 @@ CVE-2026-34972 (OpenFGA is a high-performance and 
flexible authorization/permiss
 CVE-2026-22675 (OCS Inventory NG Server version 2.12.3 and prior contain a 
stored cros ...)
        TODO: check
 CVE-2026-20446 (In sec boot, there is a possible out of bounds write due to an 
integer ...)
-       TODO: check
+       NOT-FOR-US: MediaTek
 CVE-2026-20433 (In Modem, there is a possible out of bounds write due to a 
missing bou ...)
-       TODO: check
+       NOT-FOR-US: MediaTek
 CVE-2026-20432 (In Modem, there is a possible out of bounds write due to a 
missing bou ...)
-       TODO: check
+       NOT-FOR-US: MediaTek
 CVE-2026-20431 (In Modem, there is a possible system crash due to a logic 
error. This  ...)
-       TODO: check
+       NOT-FOR-US: MediaTek
 CVE-2026-1900 (The Link Whisper Free WordPress plugin before 0.9.1 has a 
publicly acc ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-1839 (A vulnerability in the HuggingFace Transformers library, 
specifically  ...)
        TODO: check
 CVE-2026-1114 (In parisneo/lollms version 2.1.0, the application's session 
management ...)
        TODO: check
 CVE-2026-0740 (The Ninja Forms - File Uploads plugin for WordPress is 
vulnerable to a ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-65116 (Buffer Overflow Vulnerability in JP1/IT Desktop Management 2 - 
Manager ...)
-       TODO: check
+       NOT-FOR-US: Hitachi
 CVE-2025-65115 (Remote Code Execution Vulnerabilityin JP1/IT Desktop 
Management 2 - Ma ...)
-       TODO: check
+       NOT-FOR-US: Hitachi
 CVE-2025-57834 (An issue was discovered in Samsung Mobile Processor, Wearable 
Processo ...)
        TODO: check
 CVE-2025-54602 (An issue was discovered in the Wi-Fi driver in Samsung Mobile 
Processo ...)
@@ -177,9 +177,9 @@ CVE-2025-54601 (An issue was discovered in the Wi-Fi driver 
in Samsung Mobile Pr
 CVE-2025-54328 (An issue was discovered in SMS in Samsung Mobile Processor, 
Wearable P ...)
        TODO: check
 CVE-2025-15611 (The Popup Box  WordPress plugin before 5.5.0 does not properly 
validat ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-13044 (IBM Concert 1.0.0 through 2.2.0 creates temporary files with 
predictab ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2026-4878 [Address a potential TOCTOU race condition in cap_set_file()]
        - libcap2 1:2.78-1
        [trixie] - libcap2 <no-dsa> (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f0475a7f88545bd05822dd89d526b190209e654

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f0475a7f88545bd05822dd89d526b190209e654
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Reply via email to