[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Sat, 30 May 2026 12:43:09 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
b5f8293a by Salvatore Bonaccorso at 2026-05-30T21:41:46+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1208,7 +1208,7 @@ CVE-2026-42070 (Mantis Bug Tracker (MantisBT) is an open 
source issue tracker. P
 CVE-2026-41897 (Mantis Bug Tracker (MantisBT) is an open source issue tracker. 
From 1. ...)
        - mantis <removed>
 CVE-2026-39929 (Lakeside SysTrack Agent versions prior to 11.2.1.28, 
11.3.0.38, 11.4.0 ...)
-       TODO: check
+       NOT-FOR-US: Lakeside SysTrack Agent
 CVE-2026-35277 (Vulnerability in Oracle REST Data Services (component: Core).  
Support ...)
        NOT-FOR-US: Oracle
 CVE-2026-35266 (Vulnerability in Oracle REST Data Services (component: Core).  
Support ...)
@@ -1660,17 +1660,17 @@ CVE-2026-41141 (EspoCRM is an open source customer 
relationship management appli
 CVE-2026-40914 (A vulnerability exists in Apache Artemis whereby an 
application using  ...)
        TODO: check
 CVE-2026-38707 (A command injection vulnerability exists in the IPSec VPN 
feature of I ...)
-       TODO: check
+       NOT-FOR-US: InHand
 CVE-2026-38704 (A command injection vulnerability exists in the WireGuard VPN 
feature  ...)
-       TODO: check
+       NOT-FOR-US: InHand
 CVE-2026-38703 (A command injection vulnerability exists in the ZeroTier VPN 
feature o ...)
-       TODO: check
+       NOT-FOR-US: InHand
 CVE-2026-38702 (A command injection vulnerability exists in the Admin Access 
feature o ...)
-       TODO: check
+       NOT-FOR-US: InHand
 CVE-2026-37579 (An issue in SMSGate sms-core<=2.1.13.6 allows a remote 
attacker to exe ...)
-       TODO: check
+       NOT-FOR-US: SMSGate sms-core
 CVE-2026-37266 (An issue in Responsive File Manager Responsive FileManager 
Version 9.1 ...)
-       TODO: check
+       NOT-FOR-US: Responsive File Manager
 CVE-2026-35676 (phpMyFAQ before 4.1.3 contains an unauthenticated password 
reset vulne ...)
        TODO: check
 CVE-2026-35675 (phpMyFAQ before 4.1.3 contains an authentication bypass 
vulnerability  ...)
@@ -3079,15 +3079,15 @@ CVE-2026-3279 (The Enable jQuery Migrate Helper plugin 
for WordPress is vulnerab
 CVE-2026-3001 (The Gutenverse plugin for WordPress is vulnerable to Reflected 
Cross-S ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-38945 (Command injection in Raynet rvia version 12.6 Update 8 and 
previous ve ...)
-       TODO: check
+       NOT-FOR-US: Raynet
 CVE-2026-38931 (A stored cross-site scripting (XSS) vulnerability in the 
/admin/config ...)
        TODO: check
 CVE-2026-38930 (OpenRapid RapidCMS v1.3.1 was discovered to contain an 
authentication  ...)
-       TODO: check
+       NOT-FOR-US: OpenRapid RapidCMS
 CVE-2026-38808 (SQL Injection vulnerability in uzy-ssm-mall v1.1.0 allows a 
remote att ...)
-       TODO: check
+       NOT-FOR-US: uzy-ssm-mall
 CVE-2026-38807 (Insecure Permissions vulnerability in kvf-admin v1.0.0 allows 
a remote ...)
-       TODO: check
+       NOT-FOR-US: kvf-admin
 CVE-2026-38427 (An issue in fetch_jpg() in xdrv_10_scripter.ino in Tasmota 
through 15. ...)
        TODO: check
 CVE-2026-38426 (Buffer Overflow vulnerability in arendst Tasmota v.15.3.0.3 
and before ...)
@@ -3101,11 +3101,11 @@ CVE-2026-37712 (An issue in Dolibarr ERP/CRM v.22.0.0 
through v.22.0.4 and v.24.
 CVE-2026-37711 (An issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and 
v.24.0.0-al ...)
        TODO: check
 CVE-2026-36540 (Netis AC1200 Router NC21 V4.0.1.4296 is vulnerable to 
unauthenticated  ...)
-       TODO: check
+       NOT-FOR-US: Netis
 CVE-2026-36539 (Netis AC1200 Router NC21 V4.0.1.4296 exposes a CGI endpoint 
/cgi-bin/s ...)
-       TODO: check
+       NOT-FOR-US: Netis
 CVE-2026-36538 (Netis AC1200 Router NC21 V4.0.1.4296 contains a hard-coded 
root creden ...)
-       TODO: check
+       NOT-FOR-US: Netis
 CVE-2026-36045 (picoclaw <=v0.1.2 and earlier is vulnerable to OS command 
injection vi ...)
        TODO: check
 CVE-2026-36044 (@pensar/apex <= 0.0.58 is vulnerable to OS command injection 
via the s ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b5f8293ab315d52eeaaa4c698389853d5a0384da

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b5f8293ab315d52eeaaa4c698389853d5a0384da
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to