[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Jun 20 08:14:05 BST 2026



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9103f2be by security tracker role at 2026-06-20T07:13:59+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2026-9843 (The Database for Contact Form 7, WPforms, Elementor forms plugin for W ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-9375 (urllib3 version 2.6.3 is vulnerable to a decompression bomb bypass in  ...)
 	TODO: check
 CVE-2026-9265 (Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a heap OO ...)
@@ -27,7 +27,7 @@ CVE-2026-56073 (Cap-go before 12.128.2 contains an authentication bypass vulnera
 CVE-2026-50559 (Quarkus is a Java framework for building cloud-native applications. Pr ...)
 	TODO: check
 CVE-2026-50519 (Initialization of a resource with an insecure default in GitHub Copilo ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-49346 (libde265 is an open source implementation of the h.265 video codec. Pr ...)
 	TODO: check
 CVE-2026-49345 (Mercator is an open source web application that enables mapping of the ...)
@@ -55,29 +55,29 @@ CVE-2026-48773 (ProxySQL is a proxy for MySQL and its forks, as well as PostgreS
 CVE-2026-48772 (ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. In ...)
 	TODO: check
 CVE-2026-48584 (Execution with unnecessary privileges in Azure Synapse allows an autho ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-48582 (Missing authorization in Microsoft Exchange Online allows an authorize ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-48129 (Kestra is an open-source, event-driven orchestration platform. Prior t ...)
 	TODO: check
 CVE-2026-48089 (DevGuard provides vulnerability management for the full software suppl ...)
 	TODO: check
 CVE-2026-47645 (Url redirection to untrusted site ('open redirect') in Microsoft 365 C ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-47203 (Authelia is an open-source authentication and authorization server pro ...)
 	TODO: check
 CVE-2026-45480 (Improper authentication in Azure Active Directory allows an unauthoriz ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-42895 (Improper neutralization of special elements used in a command ('comman ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-32208 (Improper neutralization of input during web page generation ('cross-si ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-27878 (A TraceQL query in Grafana Tempo with a large exemplars hint value can ...)
 	TODO: check
 CVE-2026-12726 (A flaw was found in the AWX GitHub webhook integration. When processin ...)
 	TODO: check
 CVE-2026-11551 (The Branda plugin for WordPress is vulnerable to privilege escalation  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-9143 (There is an incorrect conversion between numeric types vulnerability i ...)
 	NOT-FOR-US: National Instruments
 CVE-2026-9142 (There is an insecure default credentials vulnerability in NI grpc-devi ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9103f2be026a4c4489593724719369648b534cf1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9103f2be026a4c4489593724719369648b534cf1
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260620/30c8b1dd/attachment.htm>


More information about the debian-security-tracker-commits mailing list