Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 1c7d2f18 by security tracker role at 2026-05-28T07:13:01+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,163 @@ +CVE-2026-9803 (A flaw was found in Keycloak's ClientRegistrationAuth component. A rem ...) + TODO: check +CVE-2026-9802 (A flaw was found in Keycloak. When revokeRefreshToken=true is enabled ...) + TODO: check +CVE-2026-9801 (A flaw was found in Keycloak. A remote attacker with high privileges, ...) + TODO: check +CVE-2026-9798 (A flaw was found in Keycloak, an open-source identity and access manag ...) + TODO: check +CVE-2026-9796 (A flaw was found in Keycloak. An authenticated administrator with the ...) + TODO: check +CVE-2026-9795 (A flaw was found in Keycloak's Fine-Grained Admin Permissions (FGAPv2) ...) + TODO: check +CVE-2026-9794 (A flaw was found in Keycloak. A remote, unauthenticated attacker can e ...) + TODO: check +CVE-2026-9793 (A flaw was found in Keycloak. When a JSON Web Encryption (JWE) encrypt ...) + TODO: check +CVE-2026-9792 (A flaw was found in Keycloak's Client Policies, specifically within th ...) + TODO: check +CVE-2026-9791 (A flaw was found in Keycloak. An authenticated user with existing orga ...) + TODO: check +CVE-2026-9789 (A Local Privilege Escalation (LPE) vulnerability affects Acer NitroSen ...) + TODO: check +CVE-2026-9759 (ROHC protocol dissector crash in Wireshark 4.6.0 to 4.6.5 and 4.4.0 to ...) + TODO: check +CVE-2026-9739 (Vulnerable to DNS rebinding attacks when using SSE (http://b/499408790 ...) + TODO: check +CVE-2026-9673 (Versions of the package json-2-csv from 3.15.0 and before 5.5.11 are v ...) + TODO: check +CVE-2026-9644 (The LiveSmart Video Chat Live Video Chat plugin for WordPress is vulne ...) + TODO: check +CVE-2026-9241 (The FOX \u2013 Currency Switcher Professional for WooCommerce plugin f ...) + TODO: check +CVE-2026-9228 (The Timetable and Event Schedule by MotoPress plugin for WordPress is ...) + TODO: check +CVE-2026-9208 (Tanium addressed an unauthorized code execution vulnerability in Conne ...) + TODO: check +CVE-2026-9009 (The Crawlomatic Multipage Scraper Post Generator plugin for WordPress ...) + TODO: check +CVE-2026-8915 (Out-of-bounds write vulnerability in Samsung Open Source Escargot allo ...) + TODO: check +CVE-2026-8364 (Gladinet Triofox Cloud Server Agent Access Service (GladServerAgentSer ...) + TODO: check +CVE-2026-8363 (A stack-based buffer overflow condition exists in WOSDeviceDropFolder. ...) + TODO: check +CVE-2026-8362 (A stack-based buffer overflow condition exists in WOSDefaultHttpModule ...) + TODO: check +CVE-2026-8361 (A path traversal vulnerability exists in WOSDefaultHttpModule.dll when ...) + TODO: check +CVE-2026-8360 (Function calls to WOSCommonUtil.dll!WOSSysInfoGetDeviceInterface() in ...) + TODO: check +CVE-2026-8359 (When processing a request with a URL path starting with /status or /sy ...) + TODO: check +CVE-2026-7802 (The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2026-7533 (The Easy Digital Downloads plugin for WordPress is vulnerable to Cross ...) + TODO: check +CVE-2026-5737 (The Independent Analytics plugin for WordPress is vulnerable to Server ...) + TODO: check +CVE-2026-4888 (The Everest Forms \u2013 Contact Form, Payment Form, Quiz, Survey & Cu ...) + TODO: check +CVE-2026-49009 (Northern.tech Mender Server v4.1.0, v4.0.1 and below, and fixed in v4. ...) + TODO: check +CVE-2026-48792 (pam_usb provides hardware authentication for Linux using ordinary remo ...) + TODO: check +CVE-2026-48066 (pam_usb provides hardware authentication for Linux using ordinary remo ...) + TODO: check +CVE-2026-48065 (pam_usb provides hardware authentication for Linux using ordinary remo ...) + TODO: check +CVE-2026-48064 (pam_usb provides hardware authentication for Linux using ordinary remo ...) + TODO: check +CVE-2026-47274 (pam_usb provides hardware authentication for Linux using ordinary remo ...) + TODO: check +CVE-2026-47273 (pam_usb provides hardware authentication for Linux using ordinary remo ...) + TODO: check +CVE-2026-47272 (pam_usb provides hardware authentication for Linux using ordinary remo ...) + TODO: check +CVE-2026-47271 (pam_usb provides hardware authentication for Linux using ordinary remo ...) + TODO: check +CVE-2026-47270 (pam_usb provides hardware authentication for Linux using ordinary remo ...) + TODO: check +CVE-2026-47269 (pam_usb provides hardware authentication for Linux using ordinary remo ...) + TODO: check +CVE-2026-47161 (RELATE is a web-based courseware package. Prior to commit d66ba5659b45 ...) + TODO: check +CVE-2026-46544 (Microsoft UFO open-source framework for intelligent automation across ...) + TODO: check +CVE-2026-46538 (Microsoft UFO open-source framework for intelligent automation across ...) + TODO: check +CVE-2026-46416 (Microsoft UFO open-source framework for intelligent automation across ...) + TODO: check +CVE-2026-46414 (Microsoft UFO open-source framework for intelligent automation across ...) + TODO: check +CVE-2026-46402 (Microsoft UFO open-source framework for intelligent automation across ...) + TODO: check +CVE-2026-45322 (Microsoft UFO open-source framework for intelligent automation across ...) + TODO: check +CVE-2026-45152 (uniget is a universal installer and updater for (container) tools. Pri ...) + TODO: check +CVE-2026-45136 (claude-code-cache-fix is a cache optimization proxy for Claude Code. F ...) + TODO: check +CVE-2026-45134 (LangSmith Client SDKs provide SDK's for interacting with the LangSmith ...) + TODO: check +CVE-2026-45108 (Himmelblau is an interoperability suite for Microsoft Azure Entra ID a ...) + TODO: check +CVE-2026-45104 (MapServer is a system for developing web-based GIS applications. From ...) + TODO: check +CVE-2026-45102 (OneUptime is an open-source monitoring and observability platform. Pri ...) + TODO: check +CVE-2026-45083 (The Goobi viewer is a web application that allows digitised material t ...) + TODO: check +CVE-2026-44888 (Pi.Alert is a WIFI / LAN intruder detector with web service monitoring ...) + TODO: check +CVE-2026-44887 (Pi.Alert is a WIFI / LAN intruder detector with web service monitoring ...) + TODO: check +CVE-2026-44886 (Pi.Alert is a WIFI / LAN intruder detector with web service monitoring ...) + TODO: check +CVE-2026-44724 (systeminformation is a System and OS information library for node.js. ...) + TODO: check +CVE-2026-44720 (OpenLearnX is an open-source, decentralized learning and assessment pl ...) + TODO: check +CVE-2026-44713 (pam_usb provides hardware authentication for Linux using ordinary remo ...) + TODO: check +CVE-2026-44712 (pam_usb provides hardware authentication for Linux using ordinary remo ...) + TODO: check +CVE-2026-44711 (pam_usb provides hardware authentication for Linux using ordinary remo ...) + TODO: check +CVE-2026-44710 (pam_usb provides hardware authentication for Linux using ordinary remo ...) + TODO: check +CVE-2026-44709 (pam_usb provides hardware authentication for Linux using ordinary remo ...) + TODO: check +CVE-2026-44681 (Authlib is a Python library which builds OAuth and OpenID Connect serv ...) + TODO: check +CVE-2026-44660 (UltraJSON is a fast JSON encoder and decoder written in pure C with bi ...) + TODO: check +CVE-2026-44590 (Sherlock hunts down social media accounts by username across social ne ...) + TODO: check +CVE-2026-44247 (Volcano is a Kubernetes-native batch scheduling system. Prior to v1.14 ...) + TODO: check +CVE-2026-42877 (FacturaScripts is an open source accounting and invoicing software. In ...) + TODO: check +CVE-2026-42197 (RELATE is a web-based courseware package. Versions prior to commit 555 ...) + TODO: check +CVE-2026-3173 (The Meta Field Block plugin for WordPress is vulnerable to Insecure Di ...) + TODO: check +CVE-2026-33552 (Northern.tech Mender Enterprise Server before 4.1.1 has Incorrect Acce ...) + TODO: check +CVE-2026-32999 (Insufficient character filtering in backup agent signing module on Com ...) + TODO: check +CVE-2026-32998 (This vulnerability in Veeam Service Provider Console allows for remote ...) + TODO: check +CVE-2026-32997 (A vulnerability allowing an authenticated user with the Backup Adminis ...) + TODO: check +CVE-2026-32996 (This vulnerability in Veeam Agent for Microsoft Windows allows for Loc ...) + TODO: check +CVE-2026-32995 (The Rocket.Chat DDP method autoTranslate.translateMessage in versions ...) + TODO: check +CVE-2026-2374 (The Login No Captcha reCAPTCHA plugin for WordPress is vulnerable to S ...) + TODO: check +CVE-2026-21785 (A misconfigured Content Security Policy (CSP) in HCL BigFix Remote Con ...) + TODO: check CVE-2026-48095 - 7zip 26.01+dfsg-1 - p7zip 16.02+transitional.1 @@ -3374,34 +3534,42 @@ CVE-2026-9360 (A security flaw has been discovered in Edimax EW-7438RPn 1.28a. A CVE-2026-4372 (A critical remote code execution vulnerability exists in all versions ...) NOT-FOR-US: HuggingFace transformers CVE-2026-48844 (Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has insec ...) + {DSA-6301-1} - roundcube 1.6.16+dfsg-1 (bug #1137507) NOTE: https://roundcube.net/news/2026/05/24/security-updates-1.6.16-and-1.7.1 NOTE: https://github.com/roundcube/roundcubemail/commit/ea1798a6fbf060abcc0ba73b2435036bf8016a5a CVE-2026-48847 (Roundcube Webmail 1.6.x before 1.6.16, and 1.7.x before 1.7.1 allows p ...) + {DSA-6301-1} - roundcube 1.6.16+dfsg-1 (bug #1137507) NOTE: https://roundcube.net/news/2026/05/24/security-updates-1.6.16-and-1.7.1 NOTE: https://github.com/roundcube/roundcubemail/commit/703318e6a59515b73b0d8aa2a91e346b02f56baa CVE-2026-48846 (In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, the r ...) + {DSA-6301-1} - roundcube 1.6.16+dfsg-1 (bug #1137507) NOTE: https://roundcube.net/news/2026/05/24/security-updates-1.6.16-and-1.7.1 NOTE: https://github.com/roundcube/roundcubemail/commit/852350486b88b35b8544e8a630fad89e99e2150a CVE-2026-48845 (In Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16 and 1.7.x before ...) + {DSA-6301-1} - roundcube 1.6.16+dfsg-1 (bug #1137507) NOTE: https://roundcube.net/news/2026/05/24/security-updates-1.6.16-and-1.7.1 NOTE: https://github.com/roundcube/roundcubemail/commit/7b52353653a67e6073b97d70eb94047132b78556 CVE-2026-48843 (Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16,and 1.7.x before 1.7 ...) + {DSA-6301-1} - roundcube 1.6.16+dfsg-1 (bug #1137507) NOTE: https://roundcube.net/news/2026/05/24/security-updates-1.6.16-and-1.7.1 NOTE: https://github.com/roundcube/roundcubemail/commit/cb3fc9041e91640ba9ba49ee7b2147c176ebf5a1 CVE-2026-48842 (Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has Pre-a ...) + {DSA-6301-1} - roundcube 1.6.16+dfsg-1 (bug #1137507) NOTE: https://roundcube.net/news/2026/05/24/security-updates-1.6.16-and-1.7.1 NOTE: https://github.com/roundcube/roundcubemail/commit/87124cc7136a48b5fa9d2b40dfead6e9dcaeaf4b CVE-2026-48848 (Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7 has insuffi ...) + {DSA-6301-1} - roundcube 1.6.16+dfsg-1 (bug #1137507) NOTE: https://roundcube.net/news/2026/05/24/security-updates-1.6.16-and-1.7.1 NOTE: https://github.com/roundcube/roundcubemail/commit/58e5263f341e6a418774fb6d2643669a3c4d8a27 CVE-2026-48849 (In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, an un ...) + {DSA-6301-1} - roundcube 1.6.16+dfsg-1 (bug #1137507) NOTE: https://roundcube.net/news/2026/05/24/security-updates-1.6.16-and-1.7.1 NOTE: https://github.com/roundcube/roundcubemail/commit/a21519187873ce962db029b6ff68e47bd7f3fd8a @@ -3791,6 +3959,7 @@ CVE-2025-32745 (Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Improp CVE-2025-26483 (Dell PowerFlex Manager, versions 4.6.2 and prior, contains an Open Red ...) NOT-FOR-US: Dell / EMC CVE-2026-48710 (Starlette is a lightweight ASGI framework/toolkit. Prior to version 1. ...) + {DSA-6302-1} - starlette <unfixed> (bug #1137375) NOTE: https://x41-dsec.de/lab/advisories/x41-2026-002-starlette/ NOTE: https://github.com/Kludex/starlette/security/advisories/GHSA-86qp-5c8j-p5mr @@ -4906,47 +5075,58 @@ CVE-2026-3593 (A use-after-free vulnerability exists within the DNS-over-HTTPS i [bullseye] - bind9 <not-affected> (Only affects Bind 9.20) NOTE: https://kb.isc.org/docs/cve-2026-3593 CVE-2026-44608 (NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a loc ...) + {DSA-6304-1} - unbound 1.25.1-1 (bug #1137187) NOTE: https://www.openwall.com/lists/oss-security/2026/05/20/5 NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2026-44608.txt CVE-2026-44390 (NLnet Labs Unbound up to and including version 1.25.0 has a vulnerabil ...) + {DSA-6304-1} - unbound 1.25.1-1 (bug #1137187) NOTE: https://www.openwall.com/lists/oss-security/2026/05/20/5 NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2026-44390.txt CVE-2026-42960 (NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to ...) + {DSA-6304-1} - unbound 1.25.1-1 (bug #1137187) NOTE: https://www.openwall.com/lists/oss-security/2026/05/20/5 NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2026-42960.txt CVE-2026-42923 (NLnet Labs Unbound up to and including version 1.25.0 has a vulnerabil ...) + {DSA-6304-1} - unbound 1.25.1-1 (bug #1137187) NOTE: https://www.openwall.com/lists/oss-security/2026/05/20/5 NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2026-42923.txt CVE-2026-42534 (NLnet Labs Unbound up to and including version 1.25.0 has a vulnerabil ...) + {DSA-6304-1} - unbound 1.25.1-1 (bug #1137187) NOTE: https://www.openwall.com/lists/oss-security/2026/05/20/5 NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2026-42534.txt CVE-2026-41292 (NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to ...) + {DSA-6304-1} - unbound 1.25.1-1 (bug #1137187) NOTE: https://www.openwall.com/lists/oss-security/2026/05/20/5 NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2026-41292.txt CVE-2026-40622 (NLnet Labs Unbound 1.16.2 up to and including version 1.25.0 has a vul ...) + {DSA-6304-1} - unbound 1.25.1-1 (bug #1137187) NOTE: https://www.openwall.com/lists/oss-security/2026/05/20/5 NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2026-40622.txt CVE-2026-32792 (NLnet Labs Unbound 1.6.2 up to and including version 1.25.0 has a deni ...) + {DSA-6304-1} - unbound 1.25.1-1 (bug #1137187; unimportant) NOTE: https://www.openwall.com/lists/oss-security/2026/05/20/5 NOTE: Debian binary packages not built with DNSCrypt support ('--enable-dnscrypt') NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2026-32792.txt CVE-2026-42959 (NLnet Labs Unbound up to and including version 1.25.0 has a denial of ...) + {DSA-6304-1} - unbound 1.25.1-1 (bug #1137187) NOTE: https://www.openwall.com/lists/oss-security/2026/05/20/5 NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2026-42959.txt CVE-2026-42944 (NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a vul ...) + {DSA-6304-1} - unbound 1.25.1-1 (bug #1137187) NOTE: https://www.openwall.com/lists/oss-security/2026/05/20/5 NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2026-42944.txt CVE-2026-33278 (NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vul ...) + {DSA-6304-1} - unbound 1.25.1-1 (bug #1137187) NOTE: https://www.openwall.com/lists/oss-security/2026/05/20/5 NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2026-33278.txt @@ -5748,7 +5928,7 @@ CVE-2025-65954 (SimpleSAMLphp-casserver is a CAS 1.0 and 2.0 compliant CAS serve NOT-FOR-US: SimpleSAMLphp-casserver CVE-2025-15609 (The Fortis for WooCommerce WordPress plugin before 1.3.1 may leak sens ...) NOT-FOR-US: WordPress plugin -CVE-2026-45137 +CVE-2026-45137 (Anchor is a framework providing several convenient developer tools for ...) NOT-FOR-US: Rust anchor-lang NOTE: https://rustsec.org/advisories/RUSTSEC-2026-0144.html CVE-2026-8843 (Creating a "2dsphere_bucket" index on a non-timeseries bucket collecti ...) @@ -127043,6 +127223,7 @@ CVE-2025-8770 (An issue has been discovered in GitLab EE affecting all versions CVE-2025-8754 (Missing Authentication for Critical Function vulnerability in ABB ABB ...) NOT-FOR-US: ABB group CVE-2025-8671 (A mismatch caused by client-triggered server-sent stream resets betwee ...) + {DSA-6303-1} - h2o <removed> [bookworm] - h2o <no-dsa> (Minor issue) [bullseye] - h2o <postponed> (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c7d2f185a9d75b1632a92a38501aae8a9962d9a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c7d2f185a9d75b1632a92a38501aae8a9962d9a You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
