[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Sun May 17 13:55:45 BST 2026 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3cd9886d by Moritz Muehlenhoff at 2026-05-17T14:55:27+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -35,7 +35,7 @@ CVE-2021-47955 (CouchCMS 2.2.1 contains a cross-site scripting vulnerability tha
 CVE-2021-47954 (LayerBB 1.1.4 contains an SQL injection vulnerability that allows unau ...)
 	NOT-FOR-US: LayerBB
 CVE-2021-47952 (python jsonpickle 2.0.0 contains a remote code execution vulnerability ...)
-	TODO: check
+	NOTE: Bogus CVE assignment for jsonpickle
 CVE-2021-47942 (Home Assistant Community Store (HACS) 1.10.0 contains a path traversal ...)
 	NOT-FOR-US: Home Assistant Community Store (HACS)
 CVE-2021-47934 (MyBB Timeline Plugin 1.0 contains cross-site scripting vulnerabilities ...)
@@ -57,7 +57,7 @@ CVE-2020-37241 (bloofoxCMS 0.5.2.1 contains a cross-site request forgery vulnera
 CVE-2020-37240 (Queue Management System 4.0.0 contains a stored cross-site scripting v ...)
 	NOT-FOR-US: Queue Management System
 CVE-2020-37239 (libbabl 0.1.62 contains a broken double free detection vulnerability t ...)
-	TODO: check
+	NOTE: Bogus CVE assignment for babl
 CVE-2020-37238 (CMS Made Simple 2.2.15 contains a stored cross-site scripting vulnerab ...)
 	NOT-FOR-US: CMS Made Simple
 CVE-2020-37237 (Composr CMS 10.0.34 contains a persistent cross-site scripting vulnera ...)
@@ -417,7 +417,7 @@ CVE-2026-35194 (Code injection in SQL code generation in Apache Flink 1.15.0 thr
 CVE-2026-34253 (A buffer underflow vulnerability has been identified in the ogg123 uti ...)
 	TODO: check
 CVE-2026-2031 (An Improper Access Controlvulnerability inseveral internal API endpoin ...)
-	TODO: check
+	NOT-FOR-US: Google Cloud
 CVE-2026-23695 (Cockpit CMS through version 2.14.0, patched in commit 72a83fc, contain ...)
 	NOT-FOR-US: Cockpit CMS
 CVE-2025-67437 (Medical Management System a81df1ce700a9662cb136b27af47f4cbde64156b is  ...)
@@ -595,13 +595,13 @@ CVE-2026-0438 (A System Management Mode (SMM) handler could perform a callout to
 CVE-2026-0432 (Incorrect default permissions in the installation directory for the AM ...)
 	TODO: check
 CVE-2026-0428 (Insufficient parameter sanitization in TEE SOC Driver could allow an a ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2026-0427 (Improper cleanup of shared register resources in GPU firmware could al ...)
 	TODO: check
 CVE-2025-66664 (Insufficient parameter sanitization in AMD Secure Processor (ASP) TEE  ...)
 	TODO: check
 CVE-2025-66660 (Insufficient parameter sanitization in TEE SOC Driver could allow an a ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2025-54517 (Out of bounds write in AMD AMDGV_CMD_GET_DIAG_DATA ioctl handler could ...)
 	TODO: check
 CVE-2025-54511 (Improper handling of insufficient privileges in the AMD Secure Process ...)
@@ -617,7 +617,7 @@ CVE-2025-48520 (An improper input validation vulnerability within the AMD Platfo
 CVE-2025-48519 (An improper input validation vulnerability within the AMD Platform Man ...)
 	TODO: check
 CVE-2025-48516 (Insecure default configuration state of DDR5 memory module by AGESA Bo ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2025-48513 (Use of uninitialized resource within the AMD Platform Management Frame ...)
 	TODO: check
 CVE-2025-48512 (Incorrect default permissions in the installation directory for the AM ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3cd9886da5d42a7403135475b303c35d4ee89b24

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3cd9886da5d42a7403135475b303c35d4ee89b24
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260517/306f4105/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list