[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Jun 18 07:49:58 BST 2026 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a35dd4e2 by Moritz Muehlenhoff at 2026-06-18T08:49:45+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -331,11 +331,11 @@ CVE-2026-28576 (In Contacts Provider, there is a possible way to access the cont
 CVE-2026-28575 (In PackageInstaller.Session#transfer of frameworks/base/services/core/ ...)
 	NOT-FOR-US: Android
 CVE-2026-27870 (An attacker with access via network to the Regesta Smart HD-PLC of the ...)
-	TODO: check
+	NOT-FOR-US: Regesta Smart HD-PLC
 CVE-2026-27869 (An attacker with access via network to the Regesta Smart HD-PLC of the ...)
-	TODO: check
+	NOT-FOR-US: Regesta Smart HD-PLC
 CVE-2026-27868 (An attacker with access via network to the Regesta Smart HD-PLC of the ...)
-	TODO: check
+	NOT-FOR-US: Regesta Smart HD-PLC
 CVE-2026-27410 (Unauthenticated Deserialization of untrusted data in Slimstat Analytic ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-27400 (Unauthenticated Arbitrary File Deletion in BookPro <= 1.1.0 versions.)
@@ -389,23 +389,23 @@ CVE-2026-20266 (In Splunk AI Toolkit versions below 5.7.4, a user who holds the
 CVE-2026-20265 (In Splunk AI Toolkit versions below 5.7.4, a low-privileged user that  ...)
 	NOT-FOR-US: Cisco
 CVE-2026-20246 (A vulnerability in the vmadmin CLI of Cisco Umbrella Virtual Appliance ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2026-20220 (A vulnerability in the web-based management interface of Cisco Crosswo ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2026-20190 (A vulnerability in Cisco ISE and ISE-PIC could allow an unauthenticate ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2026-20181 (A vulnerability in Cisco ISE and ISE-PIC could allow an authenticated, ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2026-20178 (A vulnerability in the browser-based version of Cisco Webex App could  ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2026-1288 (A maliciously crafted RFA file, when converted to FormIt via \u201cCon ...)
 	NOT-FOR-US: Autodesk
 CVE-2026-12528 (A flaw was found in 389 Directory Server in the __aclp__normalize_aclt ...)
 	TODO: check
 CVE-2026-12515 (A flaw was found in Katello's of Red Hat Satellite. A content upload f ...)
-	TODO: check
+	NOT-FOR-US: Red Hat Satellite
 CVE-2026-12491 (A flaw was found in vLLM, an open-source library for large language mo ...)
-	TODO: check
+	- vllm <itp> (bug #1095237)
 CVE-2026-12199 (A vulnerability in `nltk.app.wordnet_app` up to version 3.9.3 allows u ...)
 	TODO: check
 CVE-2026-12165 (The Contest Gallery \u2013 Upload & Vote Photos, Media, Sell with PayP ...)
@@ -455,15 +455,15 @@ CVE-2026-0064 (In multiple places, there is a possible persistent denial of serv
 CVE-2026-0063 (In setAllowedCarriers of PhoneInterfaceManager.java, there is a possib ...)
 	NOT-FOR-US: Android
 CVE-2025-71325 (picklescan before 0.0.27 contains a parsing logic error in the _list_g ...)
-	TODO: check
+	NOT-FOR-US: picklescan
 CVE-2025-71323 (picklescan before 0.0.33 fails to block the ctypes module, allowing at ...)
-	TODO: check
+	NOT-FOR-US: picklescan
 CVE-2025-71322 (PickleScan before 0.0.33 fails to include the pty.spawn function in it ...)
-	TODO: check
+	NOT-FOR-US: picklescan
 CVE-2025-71321 (picklescan before 0.0.33 contains an arbitrary file writing vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: picklescan
 CVE-2025-71320 (picklescan before 0.0.33 contains an incomplete deny-list that fails t ...)
-	TODO: check
+	NOT-FOR-US: picklescan
 CVE-2025-69189 (Missing Authorization vulnerability in EMV JobBank allows Exploiting I ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-69179 (Unauthenticated Privilege Escalation in Support Ticket Management Syst ...)
@@ -529,7 +529,7 @@ CVE-2025-69106 (Unauthenticated Local File Inclusion in Imba <= 1.5.0 versions.)
 CVE-2025-68524 (Unauthenticated Cross Site Scripting (XSS) in Avante < 3.0.5 versions.)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-66391 (In Citrix Cloud through 2025-11-10, an account with read-only access c ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2025-62340 (HCL iControl was affected by Inadequate Session Timeout vulnerability. ...)
 	NOT-FOR-US: HCL
 CVE-2025-60236 (Deserialization of Untrusted Data vulnerability in EMV Creatify allows ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a35dd4e2562bfc4676ee9e53ec634272ed5bdc4b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a35dd4e2562bfc4676ee9e53ec634272ed5bdc4b
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260618/4bebc45d/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list