[Git][security-tracker-team/security-tracker][master] Process some more NFUs

Tue May 5 20:54:14 BST 2026


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c1db5205 by Salvatore Bonaccorso at 2026-05-05T21:53:56+02:00
Process some more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -110,11 +110,11 @@ CVE-2026-3359 (The Form Maker by 10Web \u2013 Mobile-Friendly Drag & Drop Contac
 CVE-2026-39103 (Buffer Overflow vulnerability in GPAC before commit v391dc7f4d234988ea ...)
 	- gpac <removed>
 CVE-2026-38432 (ERPNext v15.103.1 and before is vulnerable to Cross Site Scripting (XS ...)
-	TODO: check
+	NOT-FOR-US: ERPNext
 CVE-2026-38431 (ERPNext v15.103.1 and before is vulnerable to Server-Side Template Inj ...)
-	TODO: check
+	NOT-FOR-US: ERPNext
 CVE-2026-38429 (OpenCMS v20 and before is vulnerable to XML External Entity (XXE) in t ...)
-	TODO: check
+	NOT-FOR-US: OpenCMS
 CVE-2026-38428 (Kestra v1.3.3 and before is vulnerable to SQL Injection. The vulnerabi ...)
 	TODO: check
 CVE-2026-36356 (The GoAhead web server on MeiG Smart FORGE_SLT711 devices (firmware MD ...)
@@ -122,9 +122,9 @@ CVE-2026-36356 (The GoAhead web server on MeiG Smart FORGE_SLT711 devices (firmw
 CVE-2026-36355 (The rtl8192cd Wi-Fi kernel driver in the Realtek rtl819x Jungle SDK (a ...)
 	TODO: check
 CVE-2026-34408 (An issue was discovered in Gambio 4.9.2.0 (patched in 2024-02 v1.0.0 f ...)
-	TODO: check
+	NOT-FOR-US: Gambio
 CVE-2026-32689 (Allocation of Resources Without Limits or Throttling vulnerability in  ...)
-	TODO: check
+	NOT-FOR-US: phoenix
 CVE-2026-31835 (Vaultwarden is a Bitwarden-compatible server written in Rust. In versi ...)
 	TODO: check
 CVE-2026-31196 (The traceroute diagnostic handler in /bin/httpd_clientside for ALTICE  ...)
@@ -559,9 +559,9 @@ CVE-2026-3456 (The GeekyBot \u2014 Generate AI Content Without Prompt, Chatbot a
 CVE-2026-3454 (The GenerateBlocks plugin for WordPress is vulnerable to Insecure Dire ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-3120 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: Profelis Information and Consulting Trade and Industry Limited Company SambaBox
 CVE-2026-38751 (OpenSTAManager version 2.10 and earlier contains an arbitrary file upl ...)
-	TODO: check
+	NOT-FOR-US: OpenSTAManager
 CVE-2026-38669 (wCMS v.1.4 is vulnerable to Cross Site Scripting (XSS) when creating a ...)
 	NOT-FOR-US: cCMS
 CVE-2026-37461 (An out-of-bounds read in the ParseIP6Extended function (/bgp/bgp.go) o ...)
@@ -573,7 +573,7 @@ CVE-2026-37458 (Missing input validation in the MP_REACH_NLRI component of FRRou
 CVE-2026-36365 (An issue in Lymphatus caesium-image-compressor All versions up to and  ...)
 	NOT-FOR-US: caesium-image-compressor
 CVE-2026-35228 (Vulnerability in the Oracle MCP Server Helper Tool product of Oracle O ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2026-34882
 	REJECTED
 CVE-2026-34059 (Buffer Over-read vulnerability in Apache HTTP Server.  This issue affe ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c1db5205b82d17193c13b6bbf6a17c4c262fa683

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c1db5205b82d17193c13b6bbf6a17c4c262fa683
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260505/315238d0/attachment.htm>
