Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4ab03db9 by Salvatore Bonaccorso at 2026-01-23T10:15:05+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -22,37 +22,37 @@ CVE-2026-24334
CVE-2026-24307 (Improper validation of specified type of input in M365 Copilot
allows ...)
NOT-FOR-US: Microsoft
CVE-2026-24306 (Improper access control in Azure Front Door (AFD) allows an
unauthoriz ...)
- TODO: check
+ NOT-FOR-US: Azure Front Door (AFD)
CVE-2026-24305 (Azure Entra ID Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Azure Entra ID
CVE-2026-24304 (Improper access control in Azure Resource Manager allows an
authorized ...)
- TODO: check
+ NOT-FOR-US: Azure Resource Manager
CVE-2026-24138 (FOG is a free open-source cloning/imaging/rescue
suite/inventory manag ...)
- TODO: check
+ NOT-FOR-US: FOG
CVE-2026-24137 (sigstore framework is a common go library shared across
sigstore servi ...)
TODO: check
CVE-2026-24132 (Orval generates type-safe JS clients (TypeScript) from any
valid OpenA ...)
- TODO: check
+ NOT-FOR-US: Orval
CVE-2026-24130 (Moonraker is a Python web server providing API access to
Klipper 3D pr ...)
- TODO: check
+ NOT-FOR-US: Moonraker
CVE-2026-24129 (Runtipi is a Docker-based, personal homeserver orchestrator
that facil ...)
- TODO: check
+ NOT-FOR-US: Runtipi
CVE-2026-24124 (Dragonfly is an open source P2P-based file distribution and
image acce ...)
TODO: check
CVE-2026-24058 (Soft Serve is a self-hostable Git server for the command line.
Version ...)
TODO: check
CVE-2026-23988 (Rufus is a utility that helps format and create bootable USB
flash dri ...)
- TODO: check
+ NOT-FOR-US: Rufus
CVE-2026-21524 (Exposure of sensitive information to an unauthorized actor in
Azure Da ...)
- TODO: check
+ NOT-FOR-US: Azure Data Explorer
CVE-2026-21521 (Improper neutralization of escape, meta, or control sequences
in Copil ...)
- TODO: check
+ NOT-FOR-US: Copilot
CVE-2026-21520 (Exposure of Sensitive Information to an Unauthorized Actor in
Copilot ...)
- TODO: check
+ NOT-FOR-US: Copilot
CVE-2026-21264 (Improper neutralization of input during web page generation
('cross-si ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-21227 (Improper limitation of a pathname to a restricted directory
('path tra ...)
- TODO: check
+ NOT-FOR-US: Azure Logic Apps
CVE-2026-20912 (Gitea does not properly validate repository ownership when
linking att ...)
- gitea <removed>
CVE-2026-20904 (Gitea does not properly validate ownership when toggling
OpenID URI vi ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4ab03db93f7f35935279f49c7fb96cd1570f4825
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4ab03db93f7f35935279f49c7fb96cd1570f4825
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
