Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c7579a87 by security tracker role at 2026-04-05T07:13:00+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,49 @@
+CVE-2026-5590 (A race condition during TCP connection teardown can cause
tcp_recv() t ...)
+ TODO: check
+CVE-2026-5546 (A flaw has been found in Campcodes Complete Online Learning
Management ...)
+ TODO: check
+CVE-2026-5544 (A security flaw has been discovered in UTT HiPER 1250GW up to
3.2.7-21 ...)
+ TODO: check
+CVE-2026-5543 (A vulnerability was identified in PHPGurukul User Registration
& Login ...)
+ TODO: check
+CVE-2026-5542 (A vulnerability was determined in code-projects Simple Laundry
System ...)
+ TODO: check
+CVE-2026-5541 (A vulnerability was found in code-projects Simple Laundry
System 1.0. ...)
+ TODO: check
+CVE-2026-5540 (A vulnerability has been found in code-projects Simple Laundry
System ...)
+ TODO: check
+CVE-2026-5539 (A flaw has been found in code-projects Simple Laundry System
1.0. This ...)
+ TODO: check
+CVE-2026-5538 (A vulnerability was detected in QingdaoU OnlineJudge up to
1.6.1. Affe ...)
+ TODO: check
+CVE-2026-5537 (A security vulnerability has been detected in halex CourseSEL
up to 1. ...)
+ TODO: check
+CVE-2026-5536 (A weakness has been identified in FedML-AI FedML up to 0.8.9.
Affected ...)
+ TODO: check
+CVE-2026-5535 (A security flaw has been discovered in FedML-AI FedML up to
0.8.9. Thi ...)
+ TODO: check
+CVE-2026-5534 (A vulnerability was identified in itsourcecode Online
Enrollment Syste ...)
+ TODO: check
+CVE-2026-5533 (A vulnerability was determined in badlogic pi-mono 0.58.4. The
impacte ...)
+ TODO: check
+CVE-2026-5532 (A vulnerability was found in ScrapeGraphAI scrapegraph-ai up to
1.74.0 ...)
+ TODO: check
+CVE-2026-5531 (A vulnerability has been found in SourceCodester Student Result
Manage ...)
+ TODO: check
+CVE-2026-5530 (A flaw has been found in Ollama up to 18.1. This issue affects
some un ...)
+ TODO: check
+CVE-2026-5529 (A vulnerability was detected in Dromara lamp-cloud up to 5.8.1.
This v ...)
+ TODO: check
+CVE-2026-5528 (A security vulnerability has been detected in MoussaabBadla
code-scree ...)
+ TODO: check
+CVE-2026-5527 (A weakness has been identified in Tenda 4G03 Pro
1.0/1.0re/01.bin/04.0 ...)
+ TODO: check
+CVE-2026-5526 (A security flaw has been discovered in Tenda 4G03 Pro up to
1.0/1.1/04 ...)
+ TODO: check
+CVE-2018-25246 (Wikipedia 12.0 contains a denial of service vulnerability that
allows ...)
+ TODO: check
+CVE-2016-20054 (Nodcms contains a cross-site request forgery vulnerability
that allows ...)
+ TODO: check
CVE-2026-5425 (The Widgets for Social Photo Feed plugin for WordPress is
vulnerable t ...)
NOT-FOR-US: WordPress plugin
CVE-2026-4896 (The WCFM \u2013 Frontend Manager for WooCommerce along with
Bookings S ...)
@@ -3012,7 +3058,7 @@ CVE-2018-25226 (FTPShell Server 6.83 contains a buffer
overflow vulnerability th
CVE-2026-4981
NOT-FOR-US: Red Hat Advanced Cluster Security
CVE-2026-35545 (An issue was discovered in Roundcube Webmail before 1.5.15 and
1.6.15. ...)
- {DLA-4517-1}
+ {DSA-6196-1 DLA-4517-1}
- roundcube 1.6.15+dfsg-1 (bug #1132268)
NOTE:
https://roundcube.net/news/2026/03/29/security-updates-1.7-rc6-1.6.15-1.5.15
NOTE: Fixed by:
https://github.com/roundcube/roundcubemail/commit/7ad62de184368bf42c0f522d1aacc030f5ddcc46
(1.7-rc6)
@@ -9876,21 +9922,21 @@ CVE-2026-2046
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/15289
NOTE: Building of optional Plug-In for Amiga IFF/ILBM not enabled.
CVE-2026-35540 (An issue was discovered in Roundcube Webmail 1.6.0 before
1.6.14. Insu ...)
- {DLA-4517-1}
+ {DSA-6196-1 DLA-4517-1}
- roundcube 1.6.14+dfsg-1 (bug #1131182)
NOTE:
https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14
NOTE:
https://i0.rs/blog/turning-a-roundcube-link-tag-into-a-zero-day-ssrf-and-data-exfiltration/
NOTE: Fixed by:
https://github.com/roundcube/roundcubemail/commit/579b68eff90650a5c782e153debd66c765648942
(1.7-rc5)
NOTE: Fixed by:
https://github.com/roundcube/roundcubemail/commit/27ec6cc9cb25e1ef8b4d4ef39ce76d619caa6870
(1.6.14)
CVE-2026-35539 (An issue was discovered in Roundcube Webmail before 1.5.14 and
1.6.14. ...)
- {DLA-4517-1}
+ {DSA-6196-1 DLA-4517-1}
- roundcube 1.6.14+dfsg-1 (bug #1131182)
NOTE:
https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14
NOTE: Fixed by:
https://github.com/roundcube/roundcubemail/commit/1b30edf5369668c92fe91dae3d52e477c808aa4f
(1.7-rc5)
NOTE: Fixed by:
https://github.com/roundcube/roundcubemail/commit/10a6d1fa8acac85c727b0a6ae4a6642bfa27bea1
(1.6.14)
NOTE: fixed by:
https://github.com/roundcube/roundcubemail/commit/d742954ccbcdee7020f8f2e7c49ce0fca5a0efab
(1.5.14)
CVE-2026-35544 (An issue was discovered in Roundcube Webmail before 1.5.14 and
1.6.14. ...)
- {DLA-4517-1}
+ {DSA-6196-1 DLA-4517-1}
- roundcube 1.6.14+dfsg-1 (bug #1131182)
NOTE:
https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14
NOTE:
https://nullcathedral.com/posts/2026-03-18-roundcube-round-two-three-more-sanitizer-bypasses/#css-position-fixed-important
@@ -9898,7 +9944,7 @@ CVE-2026-35544 (An issue was discovered in Roundcube
Webmail before 1.5.14 and 1
NOTE: Fixed by:
https://github.com/roundcube/roundcubemail/commit/099009b9c8e1d3c636fb9a5af72f7c2596018662
(1.6.14)
NOTE: fixed by:
https://github.com/roundcube/roundcubemail/commit/57dec0c127b98e0c8e3b9c26c80049b9c4bcaea7
(1.5.14)
CVE-2026-35542 (An issue was discovered in Roundcube Webmail before 1.5.14 and
1.6.14. ...)
- {DLA-4517-1}
+ {DSA-6196-1 DLA-4517-1}
- roundcube 1.6.14+dfsg-1 (bug #1131182)
NOTE:
https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14
NOTE:
https://nullcathedral.com/posts/2026-03-18-roundcube-round-two-three-more-sanitizer-bypasses/#body-backgrounds-unquoted-url
@@ -9908,7 +9954,7 @@ CVE-2026-35542 (An issue was discovered in Roundcube
Webmail before 1.5.14 and 1
NOTE: Fixed by:
https://github.com/roundcube/roundcubemail/commit/e052328e3dc75f13adc2e314eaa4096ac21084ad
(1.5.14)
NOTE: Regression fix:
https://github.com/roundcube/roundcubemail/commit/d8799ed7e869f5cfda54fb35692be3aca1bdd924
(1.5.15)
CVE-2026-35543 (An issue was discovered in Roundcube Webmail before 1.5.14 and
1.6.14. ...)
- {DLA-4517-1}
+ {DSA-6196-1 DLA-4517-1}
- roundcube 1.6.14+dfsg-1 (bug #1131182)
NOTE:
https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14
NOTE:
https://nullcathedral.com/posts/2026-03-18-roundcube-round-two-three-more-sanitizer-bypasses/#smil-animations-values-and-by
@@ -9916,7 +9962,7 @@ CVE-2026-35543 (An issue was discovered in Roundcube
Webmail before 1.5.14 and 1
NOTE: Fixed by:
https://github.com/roundcube/roundcubemail/commit/39471343ee081ce1d31696c456a2c163462daae3
(1.6.14)
NOTE: Fixed by:
https://github.com/roundcube/roundcubemail/commit/1a63e01542bff42aaa71c00c4c279a09ef31f20c
(1.5.14)
CVE-2026-35538 (An issue was discovered in Roundcube Webmail before 1.5.14 and
1.6.14. ...)
- {DLA-4517-1}
+ {DSA-6196-1 DLA-4517-1}
- roundcube 1.6.14+dfsg-1 (bug #1131182)
NOTE:
https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14
NOTE: Fixed by:
https://github.com/roundcube/roundcubemail/commit/5fe8a69956a9683a4269f3ad2a68e18deebf8a15
(1.7-rc5)
@@ -9925,13 +9971,14 @@ CVE-2026-35538 (An issue was discovered in Roundcube
Webmail before 1.5.14 and 1
NOTE: Fixed by:
https://github.com/roundcube/roundcubemail/commit/7daf5aa9c190ccc75bb31672d8fee9938877fd64
(1.5.14)
NOTE: Regression fix:
https://github.com/roundcube/roundcubemail/commit/c360f32adc8754aea91dcc347edcf394108ca110
(1.5.15)
CVE-2026-35541 (An issue was discovered in Roundcube Webmail before 1.5.14 and
1.6.14. ...)
- {DLA-4517-1}
+ {DSA-6196-1 DLA-4517-1}
- roundcube 1.6.14+dfsg-1 (bug #1131182)
NOTE:
https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14
NOTE: Fixed by:
https://github.com/roundcube/roundcubemail/commit/6a275676a8043083c05c961914d830b79e2490d4
(1.7-rc5)
NOTE: Fixed by:
https://github.com/roundcube/roundcubemail/commit/6fa2bddc59b9c9fd31cad4a9e2954a208d793dce
(1.6.14)
NOTE: Fixed by:
https://github.com/roundcube/roundcubemail/commit/2e6a99b2a38110907ea8d3be8e59ec3d5802c394
(1.5.14)
CVE-2026-35537 (An issue was discovered in Roundcube Webmail before 1.5.14 and
1.6.14. ...)
+ {DSA-6196-1}
- roundcube 1.6.14+dfsg-1 (bug #1131182)
[bullseye] - roundcube <not-affected> (Vulnerable code introduced
later, 1.4.x doesn't use Guzzle)
NOTE:
https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c7579a87308c161a815418f7468401218bbc6a86
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c7579a87308c161a815418f7468401218bbc6a86
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
