[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Jun 20 08:14:05 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9103f2be by security tracker role at 2026-06-20T07:13:59+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
CVE-2026-9843 (The Database for Contact Form 7, WPforms, Elementor forms plugin for W ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-9375 (urllib3 version 2.6.3 is vulnerable to a decompression bomb bypass in ...)
TODO: check
CVE-2026-9265 (Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a heap OO ...)
@@ -27,7 +27,7 @@ CVE-2026-56073 (Cap-go before 12.128.2 contains an authentication bypass vulnera
CVE-2026-50559 (Quarkus is a Java framework for building cloud-native applications. Pr ...)
TODO: check
CVE-2026-50519 (Initialization of a resource with an insecure default in GitHub Copilo ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-49346 (libde265 is an open source implementation of the h.265 video codec. Pr ...)
TODO: check
CVE-2026-49345 (Mercator is an open source web application that enables mapping of the ...)
@@ -55,29 +55,29 @@ CVE-2026-48773 (ProxySQL is a proxy for MySQL and its forks, as well as PostgreS
CVE-2026-48772 (ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. In ...)
TODO: check
CVE-2026-48584 (Execution with unnecessary privileges in Azure Synapse allows an autho ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-48582 (Missing authorization in Microsoft Exchange Online allows an authorize ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-48129 (Kestra is an open-source, event-driven orchestration platform. Prior t ...)
TODO: check
CVE-2026-48089 (DevGuard provides vulnerability management for the full software suppl ...)
TODO: check
CVE-2026-47645 (Url redirection to untrusted site ('open redirect') in Microsoft 365 C ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-47203 (Authelia is an open-source authentication and authorization server pro ...)
TODO: check
CVE-2026-45480 (Improper authentication in Azure Active Directory allows an unauthoriz ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-42895 (Improper neutralization of special elements used in a command ('comman ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-32208 (Improper neutralization of input during web page generation ('cross-si ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-27878 (A TraceQL query in Grafana Tempo with a large exemplars hint value can ...)
TODO: check
CVE-2026-12726 (A flaw was found in the AWX GitHub webhook integration. When processin ...)
TODO: check
CVE-2026-11551 (The Branda plugin for WordPress is vulnerable to privilege escalation ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-9143 (There is an incorrect conversion between numeric types vulnerability i ...)
NOT-FOR-US: National Instruments
CVE-2026-9142 (There is an insecure default credentials vulnerability in NI grpc-devi ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9103f2be026a4c4489593724719369648b534cf1
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9103f2be026a4c4489593724719369648b534cf1
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260620/30c8b1dd/attachment.htm>
More information about the debian-security-tracker-commits
mailing list