[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Apr 24 20:14:42 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4707af1b by security tracker role at 2026-04-24T19:14:36+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
 CVE-2026-6912 (Improperly controlled modification of dynamically-determined object at ...)
-	TODO: check
+	NOT-FOR-US: Amazon
 CVE-2026-6911 (Missing JWT signature verification in AWS Ops Wheel allows unauthentic ...)
-	TODO: check
+	NOT-FOR-US: Amazon
 CVE-2026-6272 (A client holding only a read JWT scope can still register itself as a  ...)
 	TODO: check
 CVE-2026-6043 (P4 Server versions prior to 2026.1 are configured with insecure defaul ...)
@@ -9,7 +9,7 @@ CVE-2026-6043 (P4 Server versions prior to 2026.1 are configured with insecure d
 CVE-2026-4313 (AdaptiveGRC is vulnerable to Stored XSS via text type fields across th ...)
 	TODO: check
 CVE-2026-4078 (The ITERAS plugin for WordPress is vulnerable to Stored Cross-Site Scr ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-42095 (bookserver in KDE Arianna before 26.04.1 allows attackers to read file ...)
 	TODO: check
 CVE-2026-42044 (Axios is a promise based HTTP client for the browser and Node.js. From ...)
@@ -83,9 +83,9 @@ CVE-2026-40690 (The asset dependency graph did not restrict nodes by the viewer'
 CVE-2026-40609
 	REJECTED
 CVE-2026-3569 (The Liaison Site Prober plugin for WordPress is vulnerable to Informat ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-3565 (The Taqnix plugin for WordPress is vulnerable to Cross-Site Request Fo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-39920 (BridgeHead FileStore versions prior to 24A (released in early 2024) ex ...)
 	TODO: check
 CVE-2026-38743 (The authenticated /ui/dagsendpoint did not enforce per-DAG access cont ...)
@@ -383,23 +383,23 @@ CVE-2026-31050 (Cross Site Scripting vulnerability in Hostbill v.2025-11-24 and
 CVE-2026-30368 (A client-side authorization flaw in Lightspeed Classroom v5.1.2.176377 ...)
 	TODO: check
 CVE-2026-25660 (CodeChecker is an analyzer tooling, defect database and viewer extensi ...)
-	TODO: check
+	NOT-FOR-US: Ericsson
 CVE-2026-23902 (Incorrect Authorization vulnerability in Apache DolphinScheduler allow ...)
-	TODO: check
+	NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-21728 (Tempo queries with large limits can cause large memory allocations whi ...)
 	TODO: check
 CVE-2026-21515 (Exposure of sensitive information to an unauthorized actor in Azure IO ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-67259 (A Broken Access Control vulnerability exists in ClassroomIO v0.1.13 wh ...)
 	TODO: check
 CVE-2025-62233 (Deserialization of Untrusted Data vulnerability in Apache DolphinSched ...)
-	TODO: check
+	NOT-FOR-US: Apache software not packaged in Debian
 CVE-2025-61872 (Mahara before 25.04.2 and 24.04.11 are vulnerable to displaying result ...)
 	TODO: check
 CVE-2025-59308 (In Mahara before 24.04.10 and 25 before 25.04.1, an institution admini ...)
 	TODO: check
 CVE-2025-11762 (The HubSpot All-In-One Marketing - Forms, Popups, Live Chat plugin for ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-40466 (Improper Input Validation, Improper Control of Generation of Code ('Co ...)
 	- activemq <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2026/04/23/4



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4707af1bf4e0e8efc4479a9b9b99fc8fe54889bd

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4707af1bf4e0e8efc4479a9b9b99fc8fe54889bd
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260424/28bef75e/attachment.htm>

More information about the debian-security-tracker-commits mailing list