Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a35dd4e2 by Moritz Muehlenhoff at 2026-06-18T08:49:45+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -331,11 +331,11 @@ CVE-2026-28576 (In Contacts Provider, there is a possible
way to access the cont
CVE-2026-28575 (In PackageInstaller.Session#transfer of
frameworks/base/services/core/ ...)
NOT-FOR-US: Android
CVE-2026-27870 (An attacker with access via network to the Regesta Smart
HD-PLC of the ...)
- TODO: check
+ NOT-FOR-US: Regesta Smart HD-PLC
CVE-2026-27869 (An attacker with access via network to the Regesta Smart
HD-PLC of the ...)
- TODO: check
+ NOT-FOR-US: Regesta Smart HD-PLC
CVE-2026-27868 (An attacker with access via network to the Regesta Smart
HD-PLC of the ...)
- TODO: check
+ NOT-FOR-US: Regesta Smart HD-PLC
CVE-2026-27410 (Unauthenticated Deserialization of untrusted data in Slimstat
Analytic ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-27400 (Unauthenticated Arbitrary File Deletion in BookPro <= 1.1.0
versions.)
@@ -389,23 +389,23 @@ CVE-2026-20266 (In Splunk AI Toolkit versions below
5.7.4, a user who holds the
CVE-2026-20265 (In Splunk AI Toolkit versions below 5.7.4, a low-privileged
user that ...)
NOT-FOR-US: Cisco
CVE-2026-20246 (A vulnerability in the vmadmin CLI of Cisco Umbrella Virtual
Appliance ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-20220 (A vulnerability in the web-based management interface of Cisco
Crosswo ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-20190 (A vulnerability in Cisco ISE and ISE-PIC could allow an
unauthenticate ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-20181 (A vulnerability in Cisco ISE and ISE-PIC could allow an
authenticated, ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-20178 (A vulnerability in the browser-based version of Cisco Webex
App could ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-1288 (A maliciously crafted RFA file, when converted to FormIt via
\u201cCon ...)
NOT-FOR-US: Autodesk
CVE-2026-12528 (A flaw was found in 389 Directory Server in the
__aclp__normalize_aclt ...)
TODO: check
CVE-2026-12515 (A flaw was found in Katello's of Red Hat Satellite. A content
upload f ...)
- TODO: check
+ NOT-FOR-US: Red Hat Satellite
CVE-2026-12491 (A flaw was found in vLLM, an open-source library for large
language mo ...)
- TODO: check
+ - vllm <itp> (bug #1095237)
CVE-2026-12199 (A vulnerability in `nltk.app.wordnet_app` up to version 3.9.3
allows u ...)
TODO: check
CVE-2026-12165 (The Contest Gallery \u2013 Upload & Vote Photos, Media, Sell
with PayP ...)
@@ -455,15 +455,15 @@ CVE-2026-0064 (In multiple places, there is a possible
persistent denial of serv
CVE-2026-0063 (In setAllowedCarriers of PhoneInterfaceManager.java, there is a
possib ...)
NOT-FOR-US: Android
CVE-2025-71325 (picklescan before 0.0.27 contains a parsing logic error in the
_list_g ...)
- TODO: check
+ NOT-FOR-US: picklescan
CVE-2025-71323 (picklescan before 0.0.33 fails to block the ctypes module,
allowing at ...)
- TODO: check
+ NOT-FOR-US: picklescan
CVE-2025-71322 (PickleScan before 0.0.33 fails to include the pty.spawn
function in it ...)
- TODO: check
+ NOT-FOR-US: picklescan
CVE-2025-71321 (picklescan before 0.0.33 contains an arbitrary file writing
vulnerabil ...)
- TODO: check
+ NOT-FOR-US: picklescan
CVE-2025-71320 (picklescan before 0.0.33 contains an incomplete deny-list that
fails t ...)
- TODO: check
+ NOT-FOR-US: picklescan
CVE-2025-69189 (Missing Authorization vulnerability in EMV JobBank allows
Exploiting I ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-69179 (Unauthenticated Privilege Escalation in Support Ticket
Management Syst ...)
@@ -529,7 +529,7 @@ CVE-2025-69106 (Unauthenticated Local File Inclusion in
Imba <= 1.5.0 versions.)
CVE-2025-68524 (Unauthenticated Cross Site Scripting (XSS) in Avante < 3.0.5
versions.)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-66391 (In Citrix Cloud through 2025-11-10, an account with read-only
access c ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-62340 (HCL iControl was affected by Inadequate Session Timeout
vulnerability. ...)
NOT-FOR-US: HCL
CVE-2025-60236 (Deserialization of Untrusted Data vulnerability in EMV
Creatify allows ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a35dd4e2562bfc4676ee9e53ec634272ed5bdc4b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a35dd4e2562bfc4676ee9e53ec634272ed5bdc4b
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
