Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
60383400 by security tracker role at 2026-01-23T08:14:03+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -19,7 +19,7 @@ CVE-2026-24335
CVE-2026-24334
REJECTED
CVE-2026-24307 (Improper validation of specified type of input in M365 Copilot
allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-24306 (Improper access control in Azure Front Door (AFD) allows an
unauthoriz ...)
TODO: check
CVE-2026-24305 (Azure Entra ID Elevation of Privilege Vulnerability)
@@ -69,11 +69,11 @@ CVE-2026-20750 (Gitea does not properly validate project
ownership in organizati
CVE-2026-20736 (Gitea does not properly verify repository context when
deleting attach ...)
TODO: check
CVE-2026-20613 (The ArchiveReader.extractContents() function used by cctl
image load a ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-1201 (An Authorization Bypass Through User-Controlled Key
vulnerability in H ...)
TODO: check
CVE-2026-0927 (The KiviCare \u2013 Clinic & Patient Management System (EHR)
plugin fo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-0798 (Gitea may send release notification emails for private
repositories to ...)
TODO: check
CVE-2026-0796 (ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code
Execut ...)
@@ -179,7 +179,7 @@ CVE-2025-25051 (An attacker could decrypt sensitive data,
impersonate legitimate
CVE-2025-22234 (The fix applied in CVE-2025-22228 inadvertently broke the
timing attac ...)
TODO: check
CVE-2025-15522 (The Uncanny Automator \u2013 Easy Automation, Integration,
Webhooks & ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-15351 (Anritsu VectorStar CHX File Parsing Deserialization of
Untrusted Data ...)
TODO: check
CVE-2025-15350 (Anritsu VectorStar CHX File Parsing Deserialization of
Untrusted Data ...)
@@ -201,11 +201,11 @@ CVE-2025-14751 (A low-privileged user can bypass account
credentials without con
CVE-2025-14750 (The web application does not sufficiently verify inputs that
are assum ...)
TODO: check
CVE-2025-14745 (The RSS Aggregator \u2013 RSS Import, News Feeds, Feed to
Post, and Au ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14069 (The Schema & Structured Data for WP & AMP plugin for WordPress
is vuln ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11976 (The The BuddyPress plugin for WordPress is vulnerable to
arbitrary sho ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-24117 (Rekor is a software supply chain transparency log. In versions
1.4.3 a ...)
- rekor <unfixed>
NOTE:
https://github.com/sigstore/rekor/security/advisories/GHSA-4c4x-jm2x-pf9j
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60383400b8a941227ce6f89ba244e132460e9eb7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60383400b8a941227ce6f89ba244e132460e9eb7
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
