[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Jun 5 08:22:23 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
539a011b by Salvatore Bonaccorso at 2026-06-05T09:21:57+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -175,36 +175,36 @@ CVE-2026-41178 (OpenTelemetry-Go is the Go implementation of OpenTelemetry. Vers
CVE-2026-41065 (Tautulli is a Python based monitoring and tracking tool for Plex Media ...)
NOT-FOR-US: Tautulli
CVE-2026-41011 (PackagePersister.validate_tgz builds "tar -tf #{tgz} 2>&1" where tgz = ...)
- TODO: check
+ NOT-FOR-US: CloudFoundry
CVE-2026-41010 (ReleaseJob#unpack builds job_dir = File.join(@release_dir, 'jobs', nam ...)
NOT-FOR-US: VMware
CVE-2026-40898 (quic-go is an implementation of the QUIC protocol in Go. Prior to vers ...)
- golang-github-lucas-clemente-quic-go <unfixed>
NOTE: https://github.com/quic-go/quic-go/security/advisories/GHSA-vvgj-x9jq-8cj9
CVE-2026-40605 (Tautulli is a Python based monitoring and tracking tool for Plex Media ...)
- TODO: check
+ NOT-FOR-US: Tautulli
CVE-2026-40495 (FOSSBilling is a free, open-source billing and client management syste ...)
- TODO: check
+ NOT-FOR-US: FOSSBilling
CVE-2026-3820 (There is a vulnerability in the Supermicro BMC SMTP service at Superm ...)
NOT-FOR-US: Supermicro
CVE-2026-38570 (bacnet_stack 1.3.1 contains an Out-of-bounds Read in bacnet_tag_number ...)
- TODO: check
+ NOT-FOR-US: BACnet Stack
CVE-2026-37700 (Cross Site Scripting vulnerability in MaxSite CMS v.109.2 allows a rem ...)
- TODO: check
+ NOT-FOR-US: MaxSite CMS
CVE-2026-36499 (A missing upper-bound check in the udpif_set_threads() function of Ope ...)
TODO: check
CVE-2026-36182 (GNCC GP5 v7.1.76 was discovered to utilize a weak hashing algorithm to ...)
- TODO: check
+ NOT-FOR-US: GNCC GP5
CVE-2026-36180 (A lack of runtime integrity in GNCC GP5 v7.1.76 allows physically-prox ...)
- TODO: check
+ NOT-FOR-US: GNCC GP5
CVE-2026-36178 (The factory reset functionality in GNCC GP5 v7.1.76 fails to clear sen ...)
- TODO: check
+ NOT-FOR-US: GNCC GP5
CVE-2026-36176 (GNCC GP5 v7.1.76 was discovered to store pre-signed Backblaze B2 uploa ...)
- TODO: check
+ NOT-FOR-US: GNCC GP5
CVE-2026-36175 (An issue in the U-Boot component of GNCC GP5 v7.1.76 allows physically ...)
- TODO: check
+ NOT-FOR-US: GNCC GP5
CVE-2026-36174 (GNCC GP5 v7.1.76 was discovered to store sensitive wireless network in ...)
- TODO: check
+ NOT-FOR-US: GNCC GP5
CVE-2026-35906 (An undocumented debug CGI endpoint in T3 Technology CPE models T625Pro ...)
TODO: check
CVE-2026-35905 (T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03, and T7281 v1 ...)
@@ -500,49 +500,49 @@ CVE-2026-40290 (OP-TEE is a Trusted Execution Environment (TEE) designed as comp
- optee-os <unfixed> (bug #1138878)
NOTE: https://github.com/OP-TEE/optee_os/security/advisories/GHSA-332c-xr93-849m
CVE-2026-39107 (A Cross Site Scripting vulnerability exists in the Kimi AI v1.0 web in ...)
- TODO: check
+ NOT-FOR-US: Kimi AI
CVE-2026-37462 (An integer underflow in the BGPUpdate.DecodeFromBytes function (/bgp/b ...)
TODO: check
CVE-2026-37460 (Missing input validation in the rfapiRibBi2Ri() function (rfapi_rib.c) ...)
TODO: check
CVE-2026-36748 (RockRMS v16.13 and before v.17.7.0 is vulnerable to Cross Site Scripti ...)
- TODO: check
+ NOT-FOR-US: RockRMS
CVE-2026-36618 (Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 responds to v ...)
- TODO: check
+ NOT-FOR-US: Mercusys
CVE-2026-36616 (Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 contains hard ...)
- TODO: check
+ NOT-FOR-US: Mercusys
CVE-2026-36615 (Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 exposes an un ...)
- TODO: check
+ NOT-FOR-US: Mercusys
CVE-2026-36613 (Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 returns 128 b ...)
- TODO: check
+ NOT-FOR-US: Mercusys
CVE-2026-36612 (Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 enables WPS 2 ...)
- TODO: check
+ NOT-FOR-US: Mercusys
CVE-2026-36611 (Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 returns 128 b ...)
- TODO: check
+ NOT-FOR-US: Mercusys
CVE-2026-36610 (Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 transmits DDN ...)
- TODO: check
+ NOT-FOR-US: Mercusys
CVE-2026-36609 (Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 uses a ...)
- TODO: check
+ NOT-FOR-US: Mercusys
CVE-2026-36608 (Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 allows ...)
- TODO: check
+ NOT-FOR-US: Mercusys
CVE-2026-36607 (Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 allows ...)
- TODO: check
+ NOT-FOR-US: Mercusys
CVE-2026-36606 (Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 encryp ...)
- TODO: check
+ NOT-FOR-US: Mercusys
CVE-2026-36605 (Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 is vul ...)
- TODO: check
+ NOT-FOR-US: Mercusys
CVE-2026-36604 (Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 does n ...)
- TODO: check
+ NOT-FOR-US: Mercusys
CVE-2026-36603 (Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 expose ...)
- TODO: check
+ NOT-FOR-US: Mercusys
CVE-2026-36602 (Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 disclo ...)
- TODO: check
+ NOT-FOR-US: Mercusys
CVE-2026-36576 (An OS command injection vulnerability in the app.py component of openl ...)
TODO: check
CVE-2026-36574 (A DLL hijacking vulnerability in Wassimulator (GitHub) CactusViewer v2 ...)
TODO: check
CVE-2026-36460 (Dovestones Softwares ADPhonebook before v4.0.1.1 is vulnerable to a Cr ...)
- TODO: check
+ NOT-FOR-US: Dovestones Softwares ADPhonebook
CVE-2026-35085 (A remote attacker with user privileges can exploit a stack buffer over ...)
TODO: check
CVE-2026-35084 (A remote attacker with user privileges can exploit a stack buffer over ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/539a011bd7be91570d946bea254fbedac5814054
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/539a011bd7be91570d946bea254fbedac5814054
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260605/ef62ac3b/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list