[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
486bb7e4 by security tracker role at 2026-05-20T19:14:50+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -15,13 +15,13 @@ CVE-2026-9059 (NextGEN Gallery version prior to 4.2.1 are 
vulnerable to authenti
 CVE-2026-8598 (An undocumented configuration export port is accessible on some 
models ...)
        TODO: check
 CVE-2026-8488 (Allocation of resources without limits or throttling 
vulnerability in  ...)
-       TODO: check
+       NOT-FOR-US: Progress Software
 CVE-2026-8487 (Incorrect default permissions vulnerability in Progress 
Software MOVEi ...)
-       TODO: check
+       NOT-FOR-US: Progress Software
 CVE-2026-8486 (Allocation of resources without limits or throttling 
vulnerability in  ...)
-       TODO: check
+       NOT-FOR-US: Progress Software
 CVE-2026-8485 (Uncontrolled Memory Allocation vulnerability in Progress 
Software MOVE ...)
-       TODO: check
+       NOT-FOR-US: Progress Software
 CVE-2026-8469 (Allocation of Resources Without Limits or Throttling 
vulnerability in  ...)
        TODO: check
 CVE-2026-8467 (Code Injection vulnerability in phenixdigital phoenix_storybook 
allows ...)
@@ -29,25 +29,25 @@ CVE-2026-8467 (Code Injection vulnerability in 
phenixdigital phoenix_storybook a
 CVE-2026-8342
        REJECTED
 CVE-2026-7613 (The Cost of Goods by PixelYourSite plugin for WordPress is 
vulnerable  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-6728 (The Slider Revolution plugin for WordPress is vulnerable to 
Sensitive  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-6405 (The Anomify AI \u2013 Anomaly Detection and Alerting plugin for 
WordPr ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-5783 (Improper neutralization of input during web page generation 
('cross-si ...)
        TODO: check
 CVE-2026-5200 (The AcyMailing \u2013 An Ultimate Newsletter Plugin and 
Marketing Auto ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-4293 (The affectedKieback & Peter DDC building controllersare 
vulnerable to  ...)
        TODO: check
 CVE-2026-47068 (Authorization Bypass Through User-Controlled Key vulnerability 
in phen ...)
        TODO: check
 CVE-2026-45584 (Heap-based buffer overflow in Microsoft Defender allows an 
unauthorize ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2026-45498 (Microsoft Defender Denial of Service Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2026-45443 (Missing Authorization vulnerability in ADD-ONS.ORG PDF for 
Elementor F ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-44933 (`PluginScript` attempts to `chroot` the plugin to the 
`repoManagerRoot ...)
        TODO: check
 CVE-2026-44926 (InfoScale CmdServer before 7.4.2 mishandles access control.)
@@ -59,25 +59,25 @@ CVE-2026-44924 (InfoScale VIOM 9.1.3 allows XSS.)
 CVE-2026-44923 (SQL injection in InfoScale VIOM before v9.1.3 allows remote 
attackers  ...)
        TODO: check
 CVE-2026-42834 (Improper link resolution before file access ('link following') 
in Azur ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2026-42383 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-41091 (Improper link resolution before file access ('link following') 
in Micr ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2026-39047 (Buffer Overflow vulnerability in EPSON L14150 FL27PB allows a 
remote a ...)
        TODO: check
 CVE-2026-35070 (Dell SmartFabric Storage Software, versions prior to 1.4.5, 
contains a ...)
-       TODO: check
+       NOT-FOR-US: Dell / EMC
 CVE-2026-30691 (Cross-Site Scripting (XSS) vulnerability in 
@cyntler/react-doc-viewer  ...)
        TODO: check
 CVE-2026-27424 (Missing Authorization vulnerability in WP Chill Image Photo 
Gallery Fi ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-27405 (Missing Authorization vulnerability in Magepeople inc. 
WpBookingly all ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-25602 (Insufficient Verification of Data Authenticity vulnerability 
in Mesalv ...)
        TODO: check
 CVE-2026-24573 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-24425 (Twig versions 2.16.x and 3.9.0 through 3.25.x contain a 
sandbox bypass ...)
        TODO: check
 CVE-2026-22554 (MediaArea MediaInfoLib Channel Splitting heap-based buffer 
overflow vu ...)
@@ -87,13 +87,13 @@ CVE-2026-22315 (Incorrect Privilege Assignment 
vulnerability in Mesalvo Meona Cl
 CVE-2026-22314 (Improper Control of Generation of Code ('Code Injection') 
vulnerabilit ...)
        TODO: check
 CVE-2026-21836 (The HCL DominoIQ RAG feature isaffected bya Broken Access 
Control vuln ...)
-       TODO: check
+       NOT-FOR-US: HCL
 CVE-2026-20240 (In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.11, 
and 9.3.12 ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2026-20239 (In Splunk Enterprise versions below 10.2.2 and 10.0.5, and 
Splunk Clou ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2026-20238 (In Splunk AI Toolkit versions below 5.7.3, a low-privileged 
user that  ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2026-20223 (A vulnerability in the access validation of internal REST 
APIs of ...)
        TODO: check
 CVE-2026-20206 (A vulnerability in the BrowserBot component of Cisco 
ThousandEyes Ente ...)
@@ -101,17 +101,17 @@ CVE-2026-20206 (A vulnerability in the BrowserBot 
component of Cisco ThousandEye
 CVE-2026-20199 (A vulnerability in the SSL certificate handling of Cisco 
ThousandEyes  ...)
        TODO: check
 CVE-2026-20171 (A vulnerability in the Border Gateway Protocol 
(BGP) enforce-firs ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2026-0857 (Cleartext Storage of Sensitive Information in Memory 
vulnerability in  ...)
        TODO: check
 CVE-2026-0856 (Improper Access Control vulnerability in Mesalvo Meona Client 
Launcher ...)
        TODO: check
 CVE-2025-32750 (Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an 
Exposure of  ...)
-       TODO: check
+       NOT-FOR-US: Dell / EMC
 CVE-2025-31985 (HCL BigFix Service Management (SM) is affected by a security 
misconfig ...)
-       TODO: check
+       NOT-FOR-US: HCL
 CVE-2025-31973 (HCL BigFix Service Management (SM) is susceptible to  a 
Configuration  ...)
-       TODO: check
+       NOT-FOR-US: HCL
 CVE-2025-11954 (Cross-Site request forgery (CSRF) vulnerability in Sitemio 
Information ...)
        TODO: check
 CVE-2023-7346 (Ledger Bitcoin app versions 2.1.0 and 2.1.1 contain an address 
derivat ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/486bb7e422b3f27ea4f6a6a5b4a10e6539b54fbd

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/486bb7e422b3f27ea4f6a6a5b4a10e6539b54fbd
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits