[Git][security-tracker-team/security-tracker][master] NFus

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Jun 24 19:41:14 BST 2026



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
235c8395 by Moritz Muehlenhoff at 2026-06-24T20:40:29+02:00
NFus

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -848,15 +848,15 @@ CVE-2026-12958 (Missing symlink validation in Language Servers for AWS may allow
 CVE-2026-12957 (Improper trust boundary enforcement in Language Servers for AWS before ...)
 	NOT-FOR-US: Amazon
 CVE-2026-11772 (DRIMO CMS is vulnerable to Reflected XSS via q parameter in searching  ...)
-	TODO: check
+	NOT-FOR-US: DRIMO CMS
 CVE-2026-11374 (In ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager ...)
 	NOT-FOR-US: Zoho
 CVE-2026-10857 (Improper neutralization of input during web page generation ('cross-si ...)
-	TODO: check
+	NOT-FOR-US: AKIN e-commerce
 CVE-2026-10711 (Missing authentication for critical function vulnerability in AKIN Sof ...)
-	TODO: check
+	NOT-FOR-US: AKIN CafePlus
 CVE-2026-10609 (A missing authorization flaw was found in the OpenShift Cluster Loggin ...)
-	TODO: check
+	NOT-FOR-US: OpenShift
 CVE-2026-10521 (An high privileged remote attacker can access a hidden configuration m ...)
 	TODO: check
 CVE-2026-0864 (When using the "configparser" module to write configuration files cont ...)
@@ -864,17 +864,17 @@ CVE-2026-0864 (When using the "configparser" module to write configuration files
 CVE-2025-71382 (MuPDF before 1.27.0-rc1 contains an uncontrolled recursion vulnerabili ...)
 	TODO: check
 CVE-2025-71376 (picklescan before 0.0.29 fails to detect malicious pickle files using  ...)
-	TODO: check
+	NOT-FOR-US: picklescan
 CVE-2025-71370 (picklescan before 0.0.28 fails to detect malicious torch.jit.unsupport ...)
-	TODO: check
+	NOT-FOR-US: picklescan
 CVE-2025-71365 (picklescan before 0.0.33 fails to detect malicious pickle files that i ...)
-	TODO: check
+	NOT-FOR-US: picklescan
 CVE-2025-71341 (picklescan before 0.0.29 fails to detect the profile.Profile.runctx fu ...)
-	TODO: check
+	NOT-FOR-US: picklescan
 CVE-2025-71337 (Flowise before 3.0.10 (affected versions 3.0.7 and earlier) contains a ...)
-	TODO: check
+	NOT-FOR-US: Flowise
 CVE-2025-62180 (Pega Platform versions 8.3.0 through Infinity 25.1.2 are affected by a ...)
-	TODO: check
+	NOT-FOR-US: Pega Platform
 CVE-2025-61029 (An issue in the sqlo_untry component of openlink virtuoso-opensource v ...)
 	TODO: check
 CVE-2025-61028 (An issue in the time_t_to_dt component of openlink virtuoso-opensource ...)
@@ -898,13 +898,13 @@ CVE-2025-61019 (An issue in the sqlo_key_part_best component of openlink virtuos
 CVE-2025-61018 (An issue in the sqlo_place_dt_set component of openlink virtuoso-opens ...)
 	TODO: check
 CVE-2025-55639 (GPAC MP4Box v2.4 was discovered to contain a NULL pointer dereference  ...)
-	TODO: check
+	- gpac <removed>
 CVE-2025-15619 (HCL Connections contains a broken access control vulnerability that ma ...)
 	NOT-FOR-US: HCL
 CVE-2025-13162 (Uncontrolled Search Path Element vulnerability in ABB Control Builder  ...)
 	NOT-FOR-US: ABB group
 CVE-2023-54365 (Traefik before 2.10.5 and 3.0.0-beta4 is affected by a denial-of-servi ...)
-	TODO: check
+	- traefik <itp> (bug #983289)
 CVE-2026-44517
 	- golang-github-containers-buildah <unfixed> (bug #1140619)
 	NOTE: https://github.com/podman-container-tools/buildah/security/advisories/GHSA-49p4-px3h-rq49



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/235c839530b7b8f494c5b8686d534f4133f503e8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/235c839530b7b8f494c5b8686d534f4133f503e8
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260624/4174915f/attachment.htm>


More information about the debian-security-tracker-commits mailing list