[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Fri, 05 Jun 2026 00:22:39 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
539a011b by Salvatore Bonaccorso at 2026-06-05T09:21:57+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -175,36 +175,36 @@ CVE-2026-41178 (OpenTelemetry-Go is the Go implementation 
of OpenTelemetry. Vers
 CVE-2026-41065 (Tautulli is a Python based monitoring and tracking tool for 
Plex Media ...)
        NOT-FOR-US: Tautulli
 CVE-2026-41011 (PackagePersister.validate_tgz builds "tar -tf #{tgz} 2>&1" 
where tgz = ...)
-       TODO: check
+       NOT-FOR-US: CloudFoundry
 CVE-2026-41010 (ReleaseJob#unpack builds job_dir = File.join(@release_dir, 
'jobs', nam ...)
        NOT-FOR-US: VMware
 CVE-2026-40898 (quic-go is an implementation of the QUIC protocol in Go. Prior 
to vers ...)
        - golang-github-lucas-clemente-quic-go <unfixed>
        NOTE: 
https://github.com/quic-go/quic-go/security/advisories/GHSA-vvgj-x9jq-8cj9
 CVE-2026-40605 (Tautulli is a Python based monitoring and tracking tool for 
Plex Media ...)
-       TODO: check
+       NOT-FOR-US: Tautulli
 CVE-2026-40495 (FOSSBilling is a free, open-source billing and client 
management syste ...)
-       TODO: check
+       NOT-FOR-US: FOSSBilling
 CVE-2026-3820 (There is a vulnerability in the Supermicro BMC  SMTP service at 
Superm ...)
        NOT-FOR-US: Supermicro
 CVE-2026-38570 (bacnet_stack 1.3.1 contains an Out-of-bounds Read in 
bacnet_tag_number ...)
-       TODO: check
+       NOT-FOR-US: BACnet Stack
 CVE-2026-37700 (Cross Site Scripting vulnerability in MaxSite CMS v.109.2 
allows a rem ...)
-       TODO: check
+       NOT-FOR-US: MaxSite CMS
 CVE-2026-36499 (A missing upper-bound check in the udpif_set_threads() 
function of Ope ...)
        TODO: check
 CVE-2026-36182 (GNCC GP5 v7.1.76 was discovered to utilize a weak hashing 
algorithm to ...)
-       TODO: check
+       NOT-FOR-US: GNCC GP5
 CVE-2026-36180 (A lack of runtime integrity in GNCC GP5 v7.1.76 allows 
physically-prox ...)
-       TODO: check
+       NOT-FOR-US: GNCC GP5
 CVE-2026-36178 (The factory reset functionality in GNCC GP5 v7.1.76 fails to 
clear sen ...)
-       TODO: check
+       NOT-FOR-US: GNCC GP5
 CVE-2026-36176 (GNCC GP5 v7.1.76 was discovered to store pre-signed Backblaze 
B2 uploa ...)
-       TODO: check
+       NOT-FOR-US: GNCC GP5
 CVE-2026-36175 (An issue in the U-Boot component of GNCC GP5 v7.1.76 allows 
physically ...)
-       TODO: check
+       NOT-FOR-US: GNCC GP5
 CVE-2026-36174 (GNCC GP5 v7.1.76 was discovered to store sensitive wireless 
network in ...)
-       TODO: check
+       NOT-FOR-US: GNCC GP5
 CVE-2026-35906 (An undocumented debug CGI endpoint in T3 Technology CPE models 
T625Pro ...)
        TODO: check
 CVE-2026-35905 (T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03, and 
T7281 v1 ...)
@@ -500,49 +500,49 @@ CVE-2026-40290 (OP-TEE is a Trusted Execution Environment 
(TEE) designed as comp
        - optee-os <unfixed> (bug #1138878)
        NOTE: 
https://github.com/OP-TEE/optee_os/security/advisories/GHSA-332c-xr93-849m
 CVE-2026-39107 (A Cross Site Scripting vulnerability exists in the Kimi AI 
v1.0 web in ...)
-       TODO: check
+       NOT-FOR-US: Kimi AI
 CVE-2026-37462 (An integer underflow in the BGPUpdate.DecodeFromBytes function 
(/bgp/b ...)
        TODO: check
 CVE-2026-37460 (Missing input validation in the rfapiRibBi2Ri() function 
(rfapi_rib.c) ...)
        TODO: check
 CVE-2026-36748 (RockRMS v16.13 and before v.17.7.0 is vulnerable to Cross Site 
Scripti ...)
-       TODO: check
+       NOT-FOR-US: RockRMS
 CVE-2026-36618 (Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 
responds to v ...)
-       TODO: check
+       NOT-FOR-US: Mercusys
 CVE-2026-36616 (Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 
contains hard ...)
-       TODO: check
+       NOT-FOR-US: Mercusys
 CVE-2026-36615 (Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 
exposes an un ...)
-       TODO: check
+       NOT-FOR-US: Mercusys
 CVE-2026-36613 (Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 
returns 128 b ...)
-       TODO: check
+       NOT-FOR-US: Mercusys
 CVE-2026-36612 (Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 
enables WPS 2 ...)
-       TODO: check
+       NOT-FOR-US: Mercusys
 CVE-2026-36611 (Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 
returns 128 b ...)
-       TODO: check
+       NOT-FOR-US: Mercusys
 CVE-2026-36610 (Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 
transmits DDN ...)
-       TODO: check
+       NOT-FOR-US: Mercusys
 CVE-2026-36609 (Mercusys AC12G (EU) V1 router with firmware 
AC12G(EU)_V1_200909 uses a ...)
-       TODO: check
+       NOT-FOR-US: Mercusys
 CVE-2026-36608 (Mercusys AC12G (EU) V1 router with firmware 
AC12G(EU)_V1_200909 allows ...)
-       TODO: check
+       NOT-FOR-US: Mercusys
 CVE-2026-36607 (Mercusys AC12G (EU) V1 router with firmware 
AC12G(EU)_V1_200909 allows ...)
-       TODO: check
+       NOT-FOR-US: Mercusys
 CVE-2026-36606 (Mercusys AC12G (EU) V1 router with firmware 
AC12G(EU)_V1_200909 encryp ...)
-       TODO: check
+       NOT-FOR-US: Mercusys
 CVE-2026-36605 (Mercusys AC12G (EU) V1 router with firmware 
AC12G(EU)_V1_200909 is vul ...)
-       TODO: check
+       NOT-FOR-US: Mercusys
 CVE-2026-36604 (Mercusys AC12G (EU) V1 router with firmware 
AC12G(EU)_V1_200909 does n ...)
-       TODO: check
+       NOT-FOR-US: Mercusys
 CVE-2026-36603 (Mercusys AC12G (EU) V1 router with firmware 
AC12G(EU)_V1_200909 expose ...)
-       TODO: check
+       NOT-FOR-US: Mercusys
 CVE-2026-36602 (Mercusys AC12G (EU) V1 router with firmware 
AC12G(EU)_V1_200909 disclo ...)
-       TODO: check
+       NOT-FOR-US: Mercusys
 CVE-2026-36576 (An OS command injection vulnerability in the app.py component 
of openl ...)
        TODO: check
 CVE-2026-36574 (A DLL hijacking vulnerability in Wassimulator (GitHub) 
CactusViewer v2 ...)
        TODO: check
 CVE-2026-36460 (Dovestones Softwares ADPhonebook before v4.0.1.1 is vulnerable 
to a Cr ...)
-       TODO: check
+       NOT-FOR-US: Dovestones Softwares ADPhonebook
 CVE-2026-35085 (A remote attacker with user privileges can exploit a stack 
buffer over ...)
        TODO: check
 CVE-2026-35084 (A remote attacker with user privileges can exploit a stack 
buffer over ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/539a011bd7be91570d946bea254fbedac5814054

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/539a011bd7be91570d946bea254fbedac5814054
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to