Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ca8e3dd4 by security tracker role at 2026-05-23T07:13:06+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,25 +1,25 @@
CVE-2026-9284 (The WooCommerce PayPal Payments plugin for WordPress is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6898 (The Wishlist Member plugin for WordPress is vulnerable to
unauthorized ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6897 (The Wishlist Member plugin for WordPress is vulnerable to
unauthorized ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6895 (The WishList Member plugin for WordPress is vulnerable to
Missing Auth ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6419 (The WishList Member plugin for WordPress is vulnerable to
Privilege Es ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-5843 (The MLX inference backend in Docker Model Runner on macOS uses
the MLX ...)
- TODO: check
+ NOT-FOR-US: Docker products not packaged in Debian
CVE-2026-5817 (The vllm-metal inference backend in Docker Model Runner on
macOS uncon ...)
- TODO: check
+ NOT-FOR-US: Docker products not packaged in Debian
CVE-2026-47280 (Improper authentication in Azure Resource Manager (ARM) allows
an unau ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-45659 (Deserialization of untrusted data in Microsoft Office
SharePoint allow ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-42901 (Origin validation error in Microsoft Entra ID allows an
unauthorized a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-42827 (Improper neutralization of special elements used in a command
('comman ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-41149 (Mermaid is a JavaScript tool that uses Markdown-inspired text
to creat ...)
TODO: check
CVE-2026-41148 (Mermaid is a JavaScript tool that uses Markdown-inspired text
to creat ...)
@@ -27,9 +27,9 @@ CVE-2026-41148 (Mermaid is a JavaScript tool that uses
Markdown-inspired text to
CVE-2026-41147 (NukeViet CMS is a multi Content Management System. Versions
4.5.07 and ...)
TODO: check
CVE-2026-41104 (Deserialization of untrusted data in Microsoft Planetary
Computer Pro ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-41090 (Improper neutralization of special elements used in a command
('comman ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-41074 (RT is an open source, enterprise-grade issue and ticket
tracking syste ...)
TODO: check
CVE-2026-41071 (libheif is a HEIF and AVIF file format decoder and encoder. In
version ...)
@@ -49,25 +49,25 @@ CVE-2026-40597 (Mantis Bug Tracker (MantisBT) is an open
source issue tracker. I
CVE-2026-40596 (Mantis Bug Tracker (MantisBT) is an open source issue tracker.
Version ...)
TODO: check
CVE-2026-40412 (Unrestricted upload of file with dangerous type in Azure
Orbital Spati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-40411 (Improper input validation in Azure Virtual Network Gateway
allows an a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-40295 (Devise is an authentication solution for Rails based on
Warden. In ver ...)
TODO: check
CVE-2026-3294 (An authentication logic vulnerability in multiple TP-Link range
extend ...)
- TODO: check
+ NOT-FOR-US: TPLink
CVE-2026-39824 (NewNTUnicodeString does not check for string length overflow.
When pro ...)
TODO: check
CVE-2026-35430 (Authorization bypass through user-controlled key in Azure
Privileged I ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-33843 (Authentication bypass using an alternate path or channel in
Microsoft ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-26147 (Improper input validation in Azure Compute Gallery allows an
authorize ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-23663 (Improper privilege management in Azure Entra ID allows an
unauthorized ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-23652 (Improper neutralization of special elements used in a command
('comman ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-9291 (Insecure deserialization in the job results processing
component in Am ...)
NOT-FOR-US: Amazon
CVE-2026-9277 (shell-quote's `quote()` function did not validate object-token
inputs ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca8e3dd40a040b220fe22f39d1430d77fb53de70
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca8e3dd40a040b220fe22f39d1430d77fb53de70
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
