[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
a9fdffe1 by security tracker role at 2026-05-21T07:14:08+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -15,7 +15,7 @@ CVE-2026-9137 (The CSP report endpoint intended to limit 
logged CSP reports to 1
 CVE-2026-9136 (A vulnerability was identified in the ShadowAttribute proposal 
creatio ...)
        TODO: check
 CVE-2026-9133 (Active debug code exists in the ARN resolver of amazon-mq 
rabbitmq-aws ...)
-       TODO: check
+       NOT-FOR-US: Amazon
 CVE-2026-9129 (A path traversal vulnerability exists in the Altium Enterprise 
Server  ...)
        TODO: check
 CVE-2026-9126 (Use after free in DOM in Google Chrome on prior to 
148.0.7778.179 allo ...)
@@ -53,7 +53,7 @@ CVE-2026-9110 (Inappropriate implementation in UI in Google 
Chrome on Windows pr
 CVE-2026-9102 (A path traversal vulnerability exists in the Altium Enterprise 
Server  ...)
        TODO: check
 CVE-2026-9082 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
-       TODO: check
+       NOT-FOR-US: Drupal core and addons
 CVE-2026-8632 (A potential security vulnerability has been identified in the 
HP Linux ...)
        TODO: check
 CVE-2026-8631 (A potential security vulnerability has been identified in the 
HP Linux ...)
@@ -61,9 +61,9 @@ CVE-2026-8631 (A potential security vulnerability has been 
identified in the HP
 CVE-2026-8399
        REJECTED
 CVE-2026-6279 (The Avada Builder (fusion-builder) plugin for WordPress is 
vulnerable  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-4811 (The WPB Floating Menu & Categories for WordPress \u2013 Sticky 
Side Me ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-48172 (LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege 
escalat ...)
        TODO: check
 CVE-2026-47782 (Android App "RoboForm Password Manager" provided by Siber 
Systems, Inc ...)
@@ -71,7 +71,7 @@ CVE-2026-47782 (Android App "RoboForm Password Manager" 
provided by Siber System
 CVE-2026-47099 (TeleJSON prior to 6.0.0 contains a DOM-based cross-site 
scripting vuln ...)
        TODO: check
 CVE-2026-45444 (Unrestricted Upload of File with Dangerous Type vulnerability 
in WP Sw ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-40165 (authentik is an open-source identity provider. Versions 
2025.12.4 and  ...)
        TODO: check
 CVE-2026-40102 (Plane is an open-source project management tool. In versions 
1.3.0 and ...)
@@ -113,29 +113,29 @@ CVE-2026-35008 (Open ISES Tickets before 3.44.2 contains 
a reflected cross-site
 CVE-2026-35007 (Open ISES Tickets before 3.44.2 contains a reflected 
cross-site script ...)
        TODO: check
 CVE-2026-33137 (XWiki Platform is a generic wiki platform offering runtime 
services fo ...)
-       TODO: check
+       NOT-FOR-US: XWiki
 CVE-2026-2813 (ArcGIS Server contains an input validation weakness in the 
login redir ...)
-       TODO: check
+       NOT-FOR-US: Esri
 CVE-2026-2812 (ArcGIS Server contains an improper authentication vulnerability 
in an  ...)
-       TODO: check
+       NOT-FOR-US: Esri
 CVE-2026-2734 (In mlflow/mlflow versions up to 3.9.0, the 
`SearchModelVersions` REST  ...)
-       TODO: check
+       NOT-FOR-US: mlflow
 CVE-2026-26028 (CryptPad is an end-to-end encrypted collaborative office 
suite. In ver ...)
        TODO: check
 CVE-2026-24218 (NVIDIA DGX OS contains a vulnerability in the factory 
provisioning pro ...)
-       TODO: check
+       NOT-FOR-US: NVIDIA
 CVE-2026-24217 (NVIDIA BioNeMo Core for Linux contains a vulnerability where a 
user co ...)
-       TODO: check
+       NOT-FOR-US: NVIDIA
 CVE-2026-24216 (NVIDIA BioNemo for Linux contains a vulnerability where a user 
could c ...)
-       TODO: check
+       NOT-FOR-US: NVIDIA
 CVE-2026-24188 (NVIDIA TensorRT contains a vulnerability where an attacker 
could cause ...)
        TODO: check
 CVE-2026-23734 (XWiki Platform is a generic wiki platform. Versions prior to 
18.1.0-rc ...)
-       TODO: check
+       NOT-FOR-US: XWiki
 CVE-2026-1881 (The Broadstreet plugin for WordPress is vulnerable to Insecure 
Direct  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-1543 (The Avada (Fusion) Builder plugin for WordPress is vulnerable 
to Store ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-XXXX [ROHC protocol dissector crash]
        - wireshark 4.6.6-1
        [trixie] - wireshark <postponed> (Minor issue, fix along with future 
update)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a9fdffe13d01278a604144329826fcfb6c7a09f8

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a9fdffe13d01278a604144329826fcfb6c7a09f8
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits