Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
235c8395 by Moritz Muehlenhoff at 2026-06-24T20:40:29+02:00
NFus
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -848,15 +848,15 @@ CVE-2026-12958 (Missing symlink validation in Language
Servers for AWS may allow
CVE-2026-12957 (Improper trust boundary enforcement in Language Servers for
AWS before ...)
NOT-FOR-US: Amazon
CVE-2026-11772 (DRIMO CMS is vulnerable to Reflected XSS via q parameter in
searching ...)
- TODO: check
+ NOT-FOR-US: DRIMO CMS
CVE-2026-11374 (In ManageEngine ADSelfService Plus, RecoveryManager Plus, M365
Manager ...)
NOT-FOR-US: Zoho
CVE-2026-10857 (Improper neutralization of input during web page generation
('cross-si ...)
- TODO: check
+ NOT-FOR-US: AKIN e-commerce
CVE-2026-10711 (Missing authentication for critical function vulnerability in
AKIN Sof ...)
- TODO: check
+ NOT-FOR-US: AKIN CafePlus
CVE-2026-10609 (A missing authorization flaw was found in the OpenShift
Cluster Loggin ...)
- TODO: check
+ NOT-FOR-US: OpenShift
CVE-2026-10521 (An high privileged remote attacker can access a hidden
configuration m ...)
TODO: check
CVE-2026-0864 (When using the "configparser" module to write configuration
files cont ...)
@@ -864,17 +864,17 @@ CVE-2026-0864 (When using the "configparser" module to
write configuration files
CVE-2025-71382 (MuPDF before 1.27.0-rc1 contains an uncontrolled recursion
vulnerabili ...)
TODO: check
CVE-2025-71376 (picklescan before 0.0.29 fails to detect malicious pickle
files using ...)
- TODO: check
+ NOT-FOR-US: picklescan
CVE-2025-71370 (picklescan before 0.0.28 fails to detect malicious
torch.jit.unsupport ...)
- TODO: check
+ NOT-FOR-US: picklescan
CVE-2025-71365 (picklescan before 0.0.33 fails to detect malicious pickle
files that i ...)
- TODO: check
+ NOT-FOR-US: picklescan
CVE-2025-71341 (picklescan before 0.0.29 fails to detect the
profile.Profile.runctx fu ...)
- TODO: check
+ NOT-FOR-US: picklescan
CVE-2025-71337 (Flowise before 3.0.10 (affected versions 3.0.7 and earlier)
contains a ...)
- TODO: check
+ NOT-FOR-US: Flowise
CVE-2025-62180 (Pega Platform versions 8.3.0 through Infinity 25.1.2 are
affected by a ...)
- TODO: check
+ NOT-FOR-US: Pega Platform
CVE-2025-61029 (An issue in the sqlo_untry component of openlink
virtuoso-opensource v ...)
TODO: check
CVE-2025-61028 (An issue in the time_t_to_dt component of openlink
virtuoso-opensource ...)
@@ -898,13 +898,13 @@ CVE-2025-61019 (An issue in the sqlo_key_part_best
component of openlink virtuos
CVE-2025-61018 (An issue in the sqlo_place_dt_set component of openlink
virtuoso-opens ...)
TODO: check
CVE-2025-55639 (GPAC MP4Box v2.4 was discovered to contain a NULL pointer
dereference ...)
- TODO: check
+ - gpac <removed>
CVE-2025-15619 (HCL Connections contains a broken access control vulnerability
that ma ...)
NOT-FOR-US: HCL
CVE-2025-13162 (Uncontrolled Search Path Element vulnerability in ABB Control
Builder ...)
NOT-FOR-US: ABB group
CVE-2023-54365 (Traefik before 2.10.5 and 3.0.0-beta4 is affected by a
denial-of-servi ...)
- TODO: check
+ - traefik <itp> (bug #983289)
CVE-2026-44517
- golang-github-containers-buildah <unfixed> (bug #1140619)
NOTE:
https://github.com/podman-container-tools/buildah/security/advisories/GHSA-49p4-px3h-rq49
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/235c839530b7b8f494c5b8686d534f4133f503e8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/235c839530b7b8f494c5b8686d534f4133f503e8
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits