Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9103f2be by security tracker role at 2026-06-20T07:13:59+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
CVE-2026-9843 (The Database for Contact Form 7, WPforms, Elementor forms
plugin for W ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-9375 (urllib3 version 2.6.3 is vulnerable to a decompression bomb
bypass in ...)
TODO: check
CVE-2026-9265 (Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a
heap OO ...)
@@ -27,7 +27,7 @@ CVE-2026-56073 (Cap-go before 12.128.2 contains an
authentication bypass vulnera
CVE-2026-50559 (Quarkus is a Java framework for building cloud-native
applications. Pr ...)
TODO: check
CVE-2026-50519 (Initialization of a resource with an insecure default in
GitHub Copilo ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-49346 (libde265 is an open source implementation of the h.265 video
codec. Pr ...)
TODO: check
CVE-2026-49345 (Mercator is an open source web application that enables
mapping of the ...)
@@ -55,29 +55,29 @@ CVE-2026-48773 (ProxySQL is a proxy for MySQL and its
forks, as well as PostgreS
CVE-2026-48772 (ProxySQL is a proxy for MySQL and its forks, as well as
PostgreSQL. In ...)
TODO: check
CVE-2026-48584 (Execution with unnecessary privileges in Azure Synapse allows
an autho ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-48582 (Missing authorization in Microsoft Exchange Online allows an
authorize ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-48129 (Kestra is an open-source, event-driven orchestration platform.
Prior t ...)
TODO: check
CVE-2026-48089 (DevGuard provides vulnerability management for the full
software suppl ...)
TODO: check
CVE-2026-47645 (Url redirection to untrusted site ('open redirect') in
Microsoft 365 C ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-47203 (Authelia is an open-source authentication and authorization
server pro ...)
TODO: check
CVE-2026-45480 (Improper authentication in Azure Active Directory allows an
unauthoriz ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-42895 (Improper neutralization of special elements used in a command
('comman ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-32208 (Improper neutralization of input during web page generation
('cross-si ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-27878 (A TraceQL query in Grafana Tempo with a large exemplars hint
value can ...)
TODO: check
CVE-2026-12726 (A flaw was found in the AWX GitHub webhook integration. When
processin ...)
TODO: check
CVE-2026-11551 (The Branda plugin for WordPress is vulnerable to privilege
escalation ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-9143 (There is an incorrect conversion between numeric types
vulnerability i ...)
NOT-FOR-US: National Instruments
CVE-2026-9142 (There is an insecure default credentials vulnerability in NI
grpc-devi ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9103f2be026a4c4489593724719369648b534cf1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9103f2be026a4c4489593724719369648b534cf1
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
