[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat May 30 20:42:58 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b5f8293a by Salvatore Bonaccorso at 2026-05-30T21:41:46+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1208,7 +1208,7 @@ CVE-2026-42070 (Mantis Bug Tracker (MantisBT) is an open source issue tracker. P
 CVE-2026-41897 (Mantis Bug Tracker (MantisBT) is an open source issue tracker. From 1. ...)
 	- mantis <removed>
 CVE-2026-39929 (Lakeside SysTrack Agent versions prior to 11.2.1.28, 11.3.0.38, 11.4.0 ...)
-	TODO: check
+	NOT-FOR-US: Lakeside SysTrack Agent
 CVE-2026-35277 (Vulnerability in Oracle REST Data Services (component: Core).  Support ...)
 	NOT-FOR-US: Oracle
 CVE-2026-35266 (Vulnerability in Oracle REST Data Services (component: Core).  Support ...)
@@ -1660,17 +1660,17 @@ CVE-2026-41141 (EspoCRM is an open source customer relationship management appli
 CVE-2026-40914 (A vulnerability exists in Apache Artemis whereby an application using  ...)
 	TODO: check
 CVE-2026-38707 (A command injection vulnerability exists in the IPSec VPN feature of I ...)
-	TODO: check
+	NOT-FOR-US: InHand
 CVE-2026-38704 (A command injection vulnerability exists in the WireGuard VPN feature  ...)
-	TODO: check
+	NOT-FOR-US: InHand
 CVE-2026-38703 (A command injection vulnerability exists in the ZeroTier VPN feature o ...)
-	TODO: check
+	NOT-FOR-US: InHand
 CVE-2026-38702 (A command injection vulnerability exists in the Admin Access feature o ...)
-	TODO: check
+	NOT-FOR-US: InHand
 CVE-2026-37579 (An issue in SMSGate sms-core<=2.1.13.6 allows a remote attacker to exe ...)
-	TODO: check
+	NOT-FOR-US: SMSGate sms-core
 CVE-2026-37266 (An issue in Responsive File Manager Responsive FileManager Version 9.1 ...)
-	TODO: check
+	NOT-FOR-US: Responsive File Manager
 CVE-2026-35676 (phpMyFAQ before 4.1.3 contains an unauthenticated password reset vulne ...)
 	TODO: check
 CVE-2026-35675 (phpMyFAQ before 4.1.3 contains an authentication bypass vulnerability  ...)
@@ -3079,15 +3079,15 @@ CVE-2026-3279 (The Enable jQuery Migrate Helper plugin for WordPress is vulnerab
 CVE-2026-3001 (The Gutenverse plugin for WordPress is vulnerable to Reflected Cross-S ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-38945 (Command injection in Raynet rvia version 12.6 Update 8 and previous ve ...)
-	TODO: check
+	NOT-FOR-US: Raynet
 CVE-2026-38931 (A stored cross-site scripting (XSS) vulnerability in the /admin/config ...)
 	TODO: check
 CVE-2026-38930 (OpenRapid RapidCMS v1.3.1 was discovered to contain an authentication  ...)
-	TODO: check
+	NOT-FOR-US: OpenRapid RapidCMS
 CVE-2026-38808 (SQL Injection vulnerability in uzy-ssm-mall v1.1.0 allows a remote att ...)
-	TODO: check
+	NOT-FOR-US: uzy-ssm-mall
 CVE-2026-38807 (Insecure Permissions vulnerability in kvf-admin v1.0.0 allows a remote ...)
-	TODO: check
+	NOT-FOR-US: kvf-admin
 CVE-2026-38427 (An issue in fetch_jpg() in xdrv_10_scripter.ino in Tasmota through 15. ...)
 	TODO: check
 CVE-2026-38426 (Buffer Overflow vulnerability in arendst Tasmota v.15.3.0.3 and before ...)
@@ -3101,11 +3101,11 @@ CVE-2026-37712 (An issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.
 CVE-2026-37711 (An issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.0.0-al ...)
 	TODO: check
 CVE-2026-36540 (Netis AC1200 Router NC21 V4.0.1.4296 is vulnerable to unauthenticated  ...)
-	TODO: check
+	NOT-FOR-US: Netis
 CVE-2026-36539 (Netis AC1200 Router NC21 V4.0.1.4296 exposes a CGI endpoint /cgi-bin/s ...)
-	TODO: check
+	NOT-FOR-US: Netis
 CVE-2026-36538 (Netis AC1200 Router NC21 V4.0.1.4296 contains a hard-coded root creden ...)
-	TODO: check
+	NOT-FOR-US: Netis
 CVE-2026-36045 (picoclaw <=v0.1.2 and earlier is vulnerable to OS command injection vi ...)
 	TODO: check
 CVE-2026-36044 (@pensar/apex <= 0.0.58 is vulnerable to OS command injection via the s ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b5f8293ab315d52eeaaa4c698389853d5a0384da

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b5f8293ab315d52eeaaa4c698389853d5a0384da
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260530/dadf87b9/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list