[Git][security-tracker-team/security-tracker][master] Process some NFUs

Wed May 6 07:08:42 BST 2026


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e7ea0d57 by Salvatore Bonaccorso at 2026-05-06T08:08:22+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -23,7 +23,7 @@ CVE-2026-7833 (A weakness has been identified in EFM ipTIME C200 up to 1.092. Th
 CVE-2026-7832 (A security flaw has been discovered in IObit Advanced SystemCare 19. T ...)
 	NOT-FOR-US: IObit
 CVE-2026-7778 (An issue that could allow a dashboard configuration to be viewed from  ...)
-	TODO: check
+	NOT-FOR-US: runZero
 CVE-2026-7412 (In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, ...)
 	TODO: check
 CVE-2026-7411 (In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, ...)
@@ -116,9 +116,9 @@ CVE-2026-38431 (ERPNext v15.103.1 and before is vulnerable to Server-Side Templa
 CVE-2026-38429 (OpenCMS v20 and before is vulnerable to XML External Entity (XXE) in t ...)
 	NOT-FOR-US: OpenCMS
 CVE-2026-38428 (Kestra v1.3.3 and before is vulnerable to SQL Injection. The vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: Kestra
 CVE-2026-36356 (The GoAhead web server on MeiG Smart FORGE_SLT711 devices (firmware MD ...)
-	TODO: check
+	NOT-FOR-US: MeiG Smart FORGE_SLT711 devices
 CVE-2026-36355 (The rtl8192cd Wi-Fi kernel driver in the Realtek rtl819x Jungle SDK (a ...)
 	TODO: check
 CVE-2026-34408 (An issue was discovered in Gambio 4.9.2.0 (patched in 2024-02 v1.0.0 f ...)
@@ -128,14 +128,14 @@ CVE-2026-32689 (Allocation of Resources Without Limits or Throttling vulnerabili
 CVE-2026-31835 (Vaultwarden is a Bitwarden-compatible server written in Rust. In versi ...)
 	TODO: check
 CVE-2026-31196 (The traceroute diagnostic handler in /bin/httpd_clientside for ALTICE  ...)
-	TODO: check
+	NOT-FOR-US: ALTICE
 CVE-2026-31195 (The ping diagnostic handler in /bin/httpd_clientside for ALTICE LABS / ...)
-	TODO: check
+	NOT-FOR-US: ALTICE
 CVE-2026-30923 (ModSecurity is an open source, cross platform web application firewall ...)
 	- modsecurity <unfixed>
 	NOTE: https://github.com/owasp-modsecurity/ModSecurity/security/advisories/GHSA-qrjc-3jpc-3h2g
 CVE-2026-30246 (Fiber is a web framework for Go. In github.com/gofiber/fiber/v3 versio ...)
-	TODO: check
+	NOT-FOR-US: Fiber
 CVE-2026-29168 (Allocation of Resources Without Limits or Throttling vulnerability in  ...)
 	- apache2 2.4.67-1
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-29168



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e7ea0d5774f293f6fed4bc398838f147fe25a2ac

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e7ea0d5774f293f6fed4bc398838f147fe25a2ac
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260506/4488e63d/attachment.htm>
