[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) Fri, 22 May 2026 12:21:37 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
62f4e9df by security tracker role at 2026-05-22T19:21:13+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,41 +1,41 @@
 CVE-2026-9291 (Insecure deserialization in the job results processing 
component in Am ...)
-       TODO: check
+       NOT-FOR-US: Amazon
 CVE-2026-9277 (shell-quote's `quote()` function did not validate object-token 
inputs  ...)
        TODO: check
 CVE-2026-9256 (NGINX Plus and NGINX Open Source have a vulnerability in the 
ngx_http_ ...)
        TODO: check
 CVE-2026-9255 (Missing input source validation in the tool authorization 
prompt in Ki ...)
-       TODO: check
+       NOT-FOR-US: Amazon
 CVE-2026-9251 (Missing authorization in the entry status management feature in 
Devolu ...)
-       TODO: check
+       NOT-FOR-US: Devolutions
 CVE-2026-9249 (Unverified password change in Devolutions Server allows an 
attacker to ...)
-       TODO: check
+       NOT-FOR-US: Devolutions
 CVE-2026-9248 (Authorization bypass in the entry duplication feature in 
Devolutions S ...)
-       TODO: check
+       NOT-FOR-US: Devolutions
 CVE-2026-9247 (Insufficient logging in the entry export feature in Devolutions 
Server ...)
-       TODO: check
+       NOT-FOR-US: Devolutions
 CVE-2026-9246 (Improper access control in the entry documentation and 
attachment feat ...)
-       TODO: check
+       NOT-FOR-US: Devolutions
 CVE-2026-9245 (Improper input validation in the external authentication 
provider flow ...)
-       TODO: check
+       NOT-FOR-US: Devolutions
 CVE-2026-9224 (Missing authorization in the user profile update feature in 
Devolution ...)
-       TODO: check
+       NOT-FOR-US: Devolutions
 CVE-2026-9223 (Missing authorization in the vault import feature in 
Devolutions Serve ...)
-       TODO: check
+       NOT-FOR-US: Devolutions
 CVE-2026-9047 (Improper handling of factor key state in the multi-factor 
authenticati ...)
-       TODO: check
+       NOT-FOR-US: Devolutions
 CVE-2026-9011 (The Ditty \u2013 Responsive News Tickers, Sliders, and Lists 
plugin fo ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-8997 (vifm is vulnerable to a heap buffer overflow during the history 
merge  ...)
        TODO: check
 CVE-2026-8992 (An improper certificate validation vulnerability in Ivanti 
Secure Acce ...)
-       TODO: check
+       NOT-FOR-US: Ivanti
 CVE-2026-8692 (The Vedrixa Forms \u2013 User Registration Form, Signup Form & 
Drag &  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-8684 (The MotoPress Hotel Booking plugin for WordPress is vulnerable 
to auth ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-8679 (The AudioIgniter plugin for WordPress is vulnerable to Insecure 
Direct ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-8673 (Unprotected transport of credentials vulnerability in syslink 
software ...)
        TODO: check
 CVE-2026-8672 (Use of default password vulnerability in syslink software AG 
Avantra o ...)
@@ -45,9 +45,9 @@ CVE-2026-8671 (Insertion of sensitive information into log 
file vulnerability in
 CVE-2026-8670 (Insufficient session expiration vulnerability in syslink 
software AG A ...)
        TODO: check
 CVE-2026-8477 (Improper enforcement of the sealed-entry workflow in the entry 
sensiti ...)
-       TODO: check
+       NOT-FOR-US: Devolutions
 CVE-2026-8381 (A broken access control vulnerability exists in the TeamViewer 
DEX Pla ...)
-       TODO: check
+       NOT-FOR-US: TeamViewer
 CVE-2026-8353 (Concrete CMS version 9.0 to 9.5.0 is vulnerable to Stored XSS 
via page ...)
        TODO: check
 CVE-2026-8347 (Concrete CMS 9.5.0 and below is vulnerable to IDOR + 
wrong-authorizati ...)
@@ -55,15 +55,15 @@ CVE-2026-8347 (Concrete CMS 9.5.0 and below is vulnerable 
to IDOR + wrong-author
 CVE-2026-8340 (Concrete CMS 9.5.0 and below is vulnerable to CSRF via 
Backend\File::a ...)
        TODO: check
 CVE-2026-7798 (The FluentCRM \u2013 Email Newsletter, Automation, Email 
Marketing, Em ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-7636 (The Slider by Soliloquy \u2013 Responsive Image Slider for 
WordPress p ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-7615 (The Widget Context plugin for WordPress is vulnerable to 
Cross-Site Re ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-7325 (Improper authorization in the Active Directory browsing feature 
in Dev ...)
-       TODO: check
+       NOT-FOR-US: Devolutions
 CVE-2026-6406 (The Docker CLI --use-api-socket flag bypasses Enhanced 
Container Isola ...)
-       TODO: check
+       NOT-FOR-US: Docker products not packaged in Debian
 CVE-2026-5755 (Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.2, 11.5.x 
<= 11.5 ...)
        TODO: check
 CVE-2026-5740 (Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x 
<= 11.4 ...)
@@ -71,9 +71,9 @@ CVE-2026-5740 (Mattermost versions 11.6.x <= 11.6.0, 11.5.x 
<= 11.5.3, 11.4.x <=
 CVE-2026-5308 (Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x 
<= 11.4 ...)
        TODO: check
 CVE-2026-5171 (Improper access control in the entry activity log feature in 
Devolutio ...)
-       TODO: check
+       NOT-FOR-US: Devolutions
 CVE-2026-5072 (A bitwise shift vulnerability in Zephyr's PTP subsystem allows 
a remot ...)
-       TODO: check
+       NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2026-4646 (Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x 
<= 11.4 ...)
        TODO: check
 CVE-2026-4635 (Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x 
<= 11.4 ...)
@@ -83,11 +83,11 @@ CVE-2026-48700 (An issue was discovered in all versions of 
PCManFM-Qt starting f
 CVE-2026-46727 (An issue was discovered in Ruby 4 before 4.0.5. A race 
condition leadi ...)
        TODO: check
 CVE-2026-44930 (An LDAP injection vulnerability in the LDAP Certificate 
repository of  ...)
-       TODO: check
+       NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-44618 (Insecure XML parser configuration in Apache CXF's WS-Transfer 
module m ...)
-       TODO: check
+       NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-44417 (The fix forCVE-2025-48913: Apache CXF: Untrusted JMS 
configuration can ...)
-       TODO: check
+       NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-42627 (In Arm ArmNN through 2026-03-27, an integer overflow in 
TensorShape::G ...)
        TODO: check
 CVE-2026-42626 (HP ENVY 5000 series printers VERBASPP1N003.2237A.00 do not 
properly ma ...)
@@ -127,7 +127,7 @@ CVE-2026-36228 (Buffer Overflow vulnerability in Easy Chat 
Server 3.1 allows a r
 CVE-2026-36227 (Directory Traversal vulnerability in Easy Chat Server 3.1 
allows a rem ...)
        TODO: check
 CVE-2026-36226 (Cross Site Scripting vulnerability in Advantech 
WebAccess/SCADA 8.0-20 ...)
-       TODO: check
+       NOT-FOR-US: Advantech
 CVE-2026-34207 (TypeBot is a chatbot builder tool. In versions prior to 
3.16.0, SSRF p ...)
        TODO: check
 CVE-2026-33712 (Typebot is a chatbot builder tool. In versions 3.15.2 and 
prior, the p ...)
@@ -153,21 +153,21 @@ CVE-2026-25607 (Use of a weak password encoding algorithm 
in STER software allow
 CVE-2026-25606 (A SQL injection vulnerability has been identified in STER. 
Improper ne ...)
        TODO: check
 CVE-2025-46371 (Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) a Use 
of a Brok ...)
-       TODO: check
+       NOT-FOR-US: Dell / EMC
 CVE-2025-45145 (Directory traversal in Follett Software's Destiny Library 
Manager 22_0 ...)
        TODO: check
 CVE-2025-32751 (Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an 
Insecure Sto ...)
-       TODO: check
+       NOT-FOR-US: Dell / EMC
 CVE-2025-32749 (Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an 
Exposure of  ...)
-       TODO: check
+       NOT-FOR-US: Dell / EMC
 CVE-2025-32747 (Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an 
Incorrect Pr ...)
-       TODO: check
+       NOT-FOR-US: Dell / EMC
 CVE-2025-32746 (Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an 
Insecure Sto ...)
-       TODO: check
+       NOT-FOR-US: Dell / EMC
 CVE-2025-32745 (Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an 
Improper Cer ...)
-       TODO: check
+       NOT-FOR-US: Dell / EMC
 CVE-2025-26483 (Dell PowerFlex Manager, versions 4.6.2 and prior, contains an 
Open Red ...)
-       TODO: check
+       NOT-FOR-US: Dell / EMC
 CVE-2026-XXXX [starlette Ignore malformed Host header when constructing 
request.url]
        - starlette <unfixed>
        NOTE: https://x41-dsec.de/lab/advisories/x41-2026-002-starlette/
@@ -404634,7 +404634,7 @@ CVE-2022-34365 (WMS 3.7 contains a Path Traversal 
Vulnerability in Device API. A
 CVE-2022-34364 (Dell BSAFE SSL-J, versions before 6.5 and version 7.0 contain 
a debug  ...)
        NOT-FOR-US: Dell
 CVE-2022-34363 (Dell Unisphere for PowerMax vApp version prior to 10.0.0.2, 
contains a ...)
-       TODO: check
+       NOT-FOR-US: Dell / EMC
 CVE-2022-2193 (Insecure Direct Object Reference vulnerability in HYPR Server 
before v ...)
        NOT-FOR-US: HYPR
 CVE-2022-2192 (Forced Browsing vulnerability in HYPR Server version 6.10 to 
6.15.1 al ...)
@@ -413263,7 +413263,7 @@ CVE-2022-31233 (Unisphere for PowerMax versions 
before 9.2.3.15 contain a privil
 CVE-2022-31232 (SmartFabric storage software version 1.0.0 contains a 
Command-Injectio ...)
        NOT-FOR-US: SmartFabric storage software
 CVE-2022-31231 (Dell ECS, versions 3.5 and 3.6, contain an Improper Access 
Control in  ...)
-       TODO: check
+       NOT-FOR-US: Dell / EMC
 CVE-2022-31230 (Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain broken or 
risky c ...)
        NOT-FOR-US: Dell
 CVE-2022-31229 (Dell PowerScale OneFS, 8.2.x through 9.3.0.x, contain an error 
message ...)
@@ -510124,7 +510124,7 @@ CVE-2021-21510 (Dell iDRAC8 versions prior to 
2.75.100.75 contain a host header
 CVE-2021-21509
        RESERVED
 CVE-2021-21508 (Dell VxRail versions before 7.0.200 contain a Plain-text 
Password Stor ...)
-       TODO: check
+       NOT-FOR-US: Dell / EMC
 CVE-2021-21507 (Dell EMC Networking X-Series firmware versions prior to 
3.0.1.8 and De ...)
        NOT-FOR-US: EMC
 CVE-2021-21506 (PowerScale OneFS 8.1.2,8.2.2 and 9.1.0 contains an improper 
input sani ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/62f4e9dfe4cbb74ae4c74050343860d187152781

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/62f4e9dfe4cbb74ae4c74050343860d187152781
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Reply via email to