[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat May 23 08:13:13 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ca8e3dd4 by security tracker role at 2026-05-23T07:13:06+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,25 +1,25 @@
 CVE-2026-9284 (The WooCommerce PayPal Payments plugin for WordPress is vulnerable to  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-6898 (The Wishlist Member plugin for WordPress is vulnerable to unauthorized ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-6897 (The Wishlist Member plugin for WordPress is vulnerable to unauthorized ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-6895 (The WishList Member plugin for WordPress is vulnerable to Missing Auth ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-6419 (The WishList Member plugin for WordPress is vulnerable to Privilege Es ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-5843 (The MLX inference backend in Docker Model Runner on macOS uses the MLX ...)
-	TODO: check
+	NOT-FOR-US: Docker products not packaged in Debian
 CVE-2026-5817 (The vllm-metal inference backend in Docker Model Runner on macOS uncon ...)
-	TODO: check
+	NOT-FOR-US: Docker products not packaged in Debian
 CVE-2026-47280 (Improper authentication in Azure Resource Manager (ARM) allows an unau ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-45659 (Deserialization of untrusted data in Microsoft Office SharePoint allow ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-42901 (Origin validation error in Microsoft Entra ID allows an unauthorized a ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-42827 (Improper neutralization of special elements used in a command ('comman ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-41149 (Mermaid is a JavaScript tool that uses Markdown-inspired text to creat ...)
 	TODO: check
 CVE-2026-41148 (Mermaid is a JavaScript tool that uses Markdown-inspired text to creat ...)
@@ -27,9 +27,9 @@ CVE-2026-41148 (Mermaid is a JavaScript tool that uses Markdown-inspired text to
 CVE-2026-41147 (NukeViet CMS is a multi Content Management System. Versions 4.5.07 and ...)
 	TODO: check
 CVE-2026-41104 (Deserialization of untrusted data in Microsoft Planetary Computer Pro  ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-41090 (Improper neutralization of special elements used in a command ('comman ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-41074 (RT is an open source, enterprise-grade issue and ticket tracking syste ...)
 	TODO: check
 CVE-2026-41071 (libheif is a HEIF and AVIF file format decoder and encoder. In version ...)
@@ -49,25 +49,25 @@ CVE-2026-40597 (Mantis Bug Tracker (MantisBT) is an open source issue tracker. I
 CVE-2026-40596 (Mantis Bug Tracker (MantisBT) is an open source issue tracker. Version ...)
 	TODO: check
 CVE-2026-40412 (Unrestricted upload of file with dangerous type in Azure Orbital Spati ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-40411 (Improper input validation in Azure Virtual Network Gateway allows an a ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-40295 (Devise is an authentication solution for Rails based on Warden. In ver ...)
 	TODO: check
 CVE-2026-3294 (An authentication logic vulnerability in multiple TP-Link range extend ...)
-	TODO: check
+	NOT-FOR-US: TPLink
 CVE-2026-39824 (NewNTUnicodeString does not check for string length overflow. When pro ...)
 	TODO: check
 CVE-2026-35430 (Authorization bypass through user-controlled key in Azure Privileged I ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-33843 (Authentication bypass using an alternate path or channel in Microsoft  ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-26147 (Improper input validation in Azure Compute Gallery allows an authorize ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-23663 (Improper privilege management in Azure Entra ID allows an unauthorized ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-23652 (Improper neutralization of special elements used in a command ('comman ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-9291 (Insecure deserialization in the job results processing component in Am ...)
 	NOT-FOR-US: Amazon
 CVE-2026-9277 (shell-quote's `quote()` function did not validate object-token inputs  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca8e3dd40a040b220fe22f39d1430d77fb53de70

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca8e3dd40a040b220fe22f39d1430d77fb53de70
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260523/3632565c/attachment.htm>

More information about the debian-security-tracker-commits mailing list