[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Fri Jan 23 08:14:12 GMT 2026


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
60383400 by security tracker role at 2026-01-23T08:14:03+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -19,7 +19,7 @@ CVE-2026-24335
 CVE-2026-24334
 	REJECTED
 CVE-2026-24307 (Improper validation of specified type of input in M365 Copilot allows  ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-24306 (Improper access control in Azure Front Door (AFD) allows an unauthoriz ...)
 	TODO: check
 CVE-2026-24305 (Azure Entra ID Elevation of Privilege Vulnerability)
@@ -69,11 +69,11 @@ CVE-2026-20750 (Gitea does not properly validate project ownership in organizati
 CVE-2026-20736 (Gitea does not properly verify repository context when deleting attach ...)
 	TODO: check
 CVE-2026-20613 (The ArchiveReader.extractContents() function used by cctl image load a ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2026-1201 (An Authorization Bypass Through User-Controlled Key vulnerability in H ...)
 	TODO: check
 CVE-2026-0927 (The KiviCare \u2013 Clinic & Patient Management System (EHR) plugin fo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-0798 (Gitea may send release notification emails for private repositories to ...)
 	TODO: check
 CVE-2026-0796 (ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execut ...)
@@ -179,7 +179,7 @@ CVE-2025-25051 (An attacker could decrypt sensitive data, impersonate legitimate
 CVE-2025-22234 (The fix applied in CVE-2025-22228 inadvertently broke the timing attac ...)
 	TODO: check
 CVE-2025-15522 (The Uncanny Automator \u2013 Easy Automation, Integration, Webhooks &  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-15351 (Anritsu VectorStar CHX File Parsing Deserialization of Untrusted Data  ...)
 	TODO: check
 CVE-2025-15350 (Anritsu VectorStar CHX File Parsing Deserialization of Untrusted Data  ...)
@@ -201,11 +201,11 @@ CVE-2025-14751 (A low-privileged user can bypass account credentials without con
 CVE-2025-14750 (The web application does not sufficiently verify inputs that are assum ...)
 	TODO: check
 CVE-2025-14745 (The RSS Aggregator \u2013 RSS Import, News Feeds, Feed to Post, and Au ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-14069 (The Schema & Structured Data for WP & AMP plugin for WordPress is vuln ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11976 (The The BuddyPress plugin for WordPress is vulnerable to arbitrary sho ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-24117 (Rekor is a software supply chain transparency log. In versions 1.4.3 a ...)
 	- rekor <unfixed>
 	NOTE: https://github.com/sigstore/rekor/security/advisories/GHSA-4c4x-jm2x-pf9j



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60383400b8a941227ce6f89ba244e132460e9eb7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60383400b8a941227ce6f89ba244e132460e9eb7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260123/5960960f/attachment.htm>
