[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu May 28 08:13:09 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1c7d2f18 by security tracker role at 2026-05-28T07:13:01+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,163 @@
+CVE-2026-9803 (A flaw was found in Keycloak's ClientRegistrationAuth component. A rem ...)
+	TODO: check
+CVE-2026-9802 (A flaw was found in Keycloak. When revokeRefreshToken=true is enabled  ...)
+	TODO: check
+CVE-2026-9801 (A flaw was found in Keycloak. A remote attacker with high privileges,  ...)
+	TODO: check
+CVE-2026-9798 (A flaw was found in Keycloak, an open-source identity and access manag ...)
+	TODO: check
+CVE-2026-9796 (A flaw was found in Keycloak. An authenticated administrator with the  ...)
+	TODO: check
+CVE-2026-9795 (A flaw was found in Keycloak's Fine-Grained Admin Permissions (FGAPv2) ...)
+	TODO: check
+CVE-2026-9794 (A flaw was found in Keycloak. A remote, unauthenticated attacker can e ...)
+	TODO: check
+CVE-2026-9793 (A flaw was found in Keycloak. When a JSON Web Encryption (JWE) encrypt ...)
+	TODO: check
+CVE-2026-9792 (A flaw was found in Keycloak's Client Policies, specifically within th ...)
+	TODO: check
+CVE-2026-9791 (A flaw was found in Keycloak. An authenticated user with existing orga ...)
+	TODO: check
+CVE-2026-9789 (A Local Privilege Escalation (LPE) vulnerability affects Acer NitroSen ...)
+	TODO: check
+CVE-2026-9759 (ROHC protocol dissector crash in Wireshark 4.6.0 to 4.6.5 and 4.4.0 to ...)
+	TODO: check
+CVE-2026-9739 (Vulnerable to DNS rebinding attacks when using SSE (http://b/499408790 ...)
+	TODO: check
+CVE-2026-9673 (Versions of the package json-2-csv from 3.15.0 and before 5.5.11 are v ...)
+	TODO: check
+CVE-2026-9644 (The LiveSmart Video Chat Live Video Chat plugin for WordPress is vulne ...)
+	TODO: check
+CVE-2026-9241 (The FOX \u2013 Currency Switcher Professional for WooCommerce plugin f ...)
+	TODO: check
+CVE-2026-9228 (The Timetable and Event Schedule by MotoPress plugin for WordPress is  ...)
+	TODO: check
+CVE-2026-9208 (Tanium addressed an unauthorized code execution vulnerability in Conne ...)
+	TODO: check
+CVE-2026-9009 (The Crawlomatic Multipage Scraper Post Generator plugin for WordPress  ...)
+	TODO: check
+CVE-2026-8915 (Out-of-bounds write vulnerability in Samsung Open Source Escargot allo ...)
+	TODO: check
+CVE-2026-8364 (Gladinet Triofox Cloud Server Agent Access Service (GladServerAgentSer ...)
+	TODO: check
+CVE-2026-8363 (A stack-based buffer overflow condition exists in WOSDeviceDropFolder. ...)
+	TODO: check
+CVE-2026-8362 (A stack-based buffer overflow condition exists in WOSDefaultHttpModule ...)
+	TODO: check
+CVE-2026-8361 (A path traversal vulnerability exists in WOSDefaultHttpModule.dll when ...)
+	TODO: check
+CVE-2026-8360 (Function calls to WOSCommonUtil.dll!WOSSysInfoGetDeviceInterface() in  ...)
+	TODO: check
+CVE-2026-8359 (When processing a request with a URL path starting with /status or /sy ...)
+	TODO: check
+CVE-2026-7802 (The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to ...)
+	TODO: check
+CVE-2026-7533 (The Easy Digital Downloads plugin for WordPress is vulnerable to Cross ...)
+	TODO: check
+CVE-2026-5737 (The Independent Analytics plugin for WordPress is vulnerable to Server ...)
+	TODO: check
+CVE-2026-4888 (The Everest Forms \u2013 Contact Form, Payment Form, Quiz, Survey & Cu ...)
+	TODO: check
+CVE-2026-49009 (Northern.tech Mender Server v4.1.0, v4.0.1 and below, and fixed in v4. ...)
+	TODO: check
+CVE-2026-48792 (pam_usb provides hardware authentication for Linux using ordinary remo ...)
+	TODO: check
+CVE-2026-48066 (pam_usb provides hardware authentication for Linux using ordinary remo ...)
+	TODO: check
+CVE-2026-48065 (pam_usb provides hardware authentication for Linux using ordinary remo ...)
+	TODO: check
+CVE-2026-48064 (pam_usb provides hardware authentication for Linux using ordinary remo ...)
+	TODO: check
+CVE-2026-47274 (pam_usb provides hardware authentication for Linux using ordinary remo ...)
+	TODO: check
+CVE-2026-47273 (pam_usb provides hardware authentication for Linux using ordinary remo ...)
+	TODO: check
+CVE-2026-47272 (pam_usb provides hardware authentication for Linux using ordinary remo ...)
+	TODO: check
+CVE-2026-47271 (pam_usb provides hardware authentication for Linux using ordinary remo ...)
+	TODO: check
+CVE-2026-47270 (pam_usb provides hardware authentication for Linux using ordinary remo ...)
+	TODO: check
+CVE-2026-47269 (pam_usb provides hardware authentication for Linux using ordinary remo ...)
+	TODO: check
+CVE-2026-47161 (RELATE is a web-based courseware package. Prior to commit d66ba5659b45 ...)
+	TODO: check
+CVE-2026-46544 (Microsoft UFO open-source framework for intelligent automation across  ...)
+	TODO: check
+CVE-2026-46538 (Microsoft UFO open-source framework for intelligent automation across  ...)
+	TODO: check
+CVE-2026-46416 (Microsoft UFO open-source framework for intelligent automation across  ...)
+	TODO: check
+CVE-2026-46414 (Microsoft UFO open-source framework for intelligent automation across  ...)
+	TODO: check
+CVE-2026-46402 (Microsoft UFO open-source framework for intelligent automation across  ...)
+	TODO: check
+CVE-2026-45322 (Microsoft UFO open-source framework for intelligent automation across  ...)
+	TODO: check
+CVE-2026-45152 (uniget is a universal installer and updater for (container) tools. Pri ...)
+	TODO: check
+CVE-2026-45136 (claude-code-cache-fix is a cache optimization proxy for Claude Code. F ...)
+	TODO: check
+CVE-2026-45134 (LangSmith Client SDKs provide SDK's for interacting with the LangSmith ...)
+	TODO: check
+CVE-2026-45108 (Himmelblau is an interoperability suite for Microsoft Azure Entra ID a ...)
+	TODO: check
+CVE-2026-45104 (MapServer is a system for developing web-based GIS applications. From  ...)
+	TODO: check
+CVE-2026-45102 (OneUptime is an open-source monitoring and observability platform. Pri ...)
+	TODO: check
+CVE-2026-45083 (The Goobi viewer is a web application that allows digitised material t ...)
+	TODO: check
+CVE-2026-44888 (Pi.Alert is a WIFI / LAN intruder detector with web service monitoring ...)
+	TODO: check
+CVE-2026-44887 (Pi.Alert is a WIFI / LAN intruder detector with web service monitoring ...)
+	TODO: check
+CVE-2026-44886 (Pi.Alert is a WIFI / LAN intruder detector with web service monitoring ...)
+	TODO: check
+CVE-2026-44724 (systeminformation is a System and OS information library for node.js.  ...)
+	TODO: check
+CVE-2026-44720 (OpenLearnX is an open-source, decentralized learning and assessment pl ...)
+	TODO: check
+CVE-2026-44713 (pam_usb provides hardware authentication for Linux using ordinary remo ...)
+	TODO: check
+CVE-2026-44712 (pam_usb provides hardware authentication for Linux using ordinary remo ...)
+	TODO: check
+CVE-2026-44711 (pam_usb provides hardware authentication for Linux using ordinary remo ...)
+	TODO: check
+CVE-2026-44710 (pam_usb provides hardware authentication for Linux using ordinary remo ...)
+	TODO: check
+CVE-2026-44709 (pam_usb provides hardware authentication for Linux using ordinary remo ...)
+	TODO: check
+CVE-2026-44681 (Authlib is a Python library which builds OAuth and OpenID Connect serv ...)
+	TODO: check
+CVE-2026-44660 (UltraJSON is a fast JSON encoder and decoder written in pure C with bi ...)
+	TODO: check
+CVE-2026-44590 (Sherlock hunts down social media accounts by username across social ne ...)
+	TODO: check
+CVE-2026-44247 (Volcano is a Kubernetes-native batch scheduling system. Prior to v1.14 ...)
+	TODO: check
+CVE-2026-42877 (FacturaScripts is an open source accounting and invoicing software. In ...)
+	TODO: check
+CVE-2026-42197 (RELATE is a web-based courseware package. Versions prior to commit 555 ...)
+	TODO: check
+CVE-2026-3173 (The Meta Field Block plugin for WordPress is vulnerable to Insecure Di ...)
+	TODO: check
+CVE-2026-33552 (Northern.tech Mender Enterprise Server before 4.1.1 has Incorrect Acce ...)
+	TODO: check
+CVE-2026-32999 (Insufficient character filtering in backup agent signing module on Com ...)
+	TODO: check
+CVE-2026-32998 (This vulnerability in Veeam Service Provider Console allows for remote ...)
+	TODO: check
+CVE-2026-32997 (A vulnerability allowing an authenticated user with the Backup Adminis ...)
+	TODO: check
+CVE-2026-32996 (This vulnerability in Veeam Agent for Microsoft Windows allows for Loc ...)
+	TODO: check
+CVE-2026-32995 (The Rocket.Chat DDP method autoTranslate.translateMessage in versions  ...)
+	TODO: check
+CVE-2026-2374 (The Login No Captcha reCAPTCHA plugin for WordPress is vulnerable to S ...)
+	TODO: check
+CVE-2026-21785 (A misconfigured Content Security Policy (CSP) in HCL BigFix Remote Con ...)
+	TODO: check
 CVE-2026-48095
 	- 7zip 26.01+dfsg-1
 	- p7zip 16.02+transitional.1
@@ -3374,34 +3534,42 @@ CVE-2026-9360 (A security flaw has been discovered in Edimax EW-7438RPn 1.28a. A
 CVE-2026-4372 (A critical remote code execution vulnerability exists in all versions  ...)
 	NOT-FOR-US: HuggingFace transformers
 CVE-2026-48844 (Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has insec ...)
+	{DSA-6301-1}
 	- roundcube 1.6.16+dfsg-1 (bug #1137507)
 	NOTE: https://roundcube.net/news/2026/05/24/security-updates-1.6.16-and-1.7.1
 	NOTE: https://github.com/roundcube/roundcubemail/commit/ea1798a6fbf060abcc0ba73b2435036bf8016a5a
 CVE-2026-48847 (Roundcube Webmail 1.6.x before 1.6.16, and 1.7.x before 1.7.1 allows p ...)
+	{DSA-6301-1}
 	- roundcube 1.6.16+dfsg-1 (bug #1137507)
 	NOTE: https://roundcube.net/news/2026/05/24/security-updates-1.6.16-and-1.7.1
 	NOTE: https://github.com/roundcube/roundcubemail/commit/703318e6a59515b73b0d8aa2a91e346b02f56baa
 CVE-2026-48846 (In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, the r ...)
+	{DSA-6301-1}
 	- roundcube 1.6.16+dfsg-1 (bug #1137507)
 	NOTE: https://roundcube.net/news/2026/05/24/security-updates-1.6.16-and-1.7.1
 	NOTE: https://github.com/roundcube/roundcubemail/commit/852350486b88b35b8544e8a630fad89e99e2150a
 CVE-2026-48845 (In Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16 and 1.7.x before  ...)
+	{DSA-6301-1}
 	- roundcube 1.6.16+dfsg-1 (bug #1137507)
 	NOTE: https://roundcube.net/news/2026/05/24/security-updates-1.6.16-and-1.7.1
 	NOTE: https://github.com/roundcube/roundcubemail/commit/7b52353653a67e6073b97d70eb94047132b78556
 CVE-2026-48843 (Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16,and 1.7.x before 1.7 ...)
+	{DSA-6301-1}
 	- roundcube 1.6.16+dfsg-1 (bug #1137507)
 	NOTE: https://roundcube.net/news/2026/05/24/security-updates-1.6.16-and-1.7.1
 	NOTE: https://github.com/roundcube/roundcubemail/commit/cb3fc9041e91640ba9ba49ee7b2147c176ebf5a1
 CVE-2026-48842 (Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has Pre-a ...)
+	{DSA-6301-1}
 	- roundcube 1.6.16+dfsg-1 (bug #1137507)
 	NOTE: https://roundcube.net/news/2026/05/24/security-updates-1.6.16-and-1.7.1
 	NOTE: https://github.com/roundcube/roundcubemail/commit/87124cc7136a48b5fa9d2b40dfead6e9dcaeaf4b
 CVE-2026-48848 (Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7 has insuffi ...)
+	{DSA-6301-1}
 	- roundcube 1.6.16+dfsg-1 (bug #1137507)
 	NOTE: https://roundcube.net/news/2026/05/24/security-updates-1.6.16-and-1.7.1
 	NOTE: https://github.com/roundcube/roundcubemail/commit/58e5263f341e6a418774fb6d2643669a3c4d8a27
 CVE-2026-48849 (In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, an un ...)
+	{DSA-6301-1}
 	- roundcube 1.6.16+dfsg-1 (bug #1137507)
 	NOTE: https://roundcube.net/news/2026/05/24/security-updates-1.6.16-and-1.7.1
 	NOTE: https://github.com/roundcube/roundcubemail/commit/a21519187873ce962db029b6ff68e47bd7f3fd8a
@@ -3791,6 +3959,7 @@ CVE-2025-32745 (Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Improp
 CVE-2025-26483 (Dell PowerFlex Manager, versions 4.6.2 and prior, contains an Open Red ...)
 	NOT-FOR-US: Dell / EMC
 CVE-2026-48710 (Starlette is a lightweight ASGI framework/toolkit. Prior to version 1. ...)
+	{DSA-6302-1}
 	- starlette <unfixed> (bug #1137375)
 	NOTE: https://x41-dsec.de/lab/advisories/x41-2026-002-starlette/
 	NOTE: https://github.com/Kludex/starlette/security/advisories/GHSA-86qp-5c8j-p5mr
@@ -4906,47 +5075,58 @@ CVE-2026-3593 (A use-after-free vulnerability exists within the DNS-over-HTTPS i
 	[bullseye] - bind9 <not-affected> (Only affects Bind 9.20)
 	NOTE: https://kb.isc.org/docs/cve-2026-3593
 CVE-2026-44608 (NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a loc ...)
+	{DSA-6304-1}
 	- unbound 1.25.1-1 (bug #1137187)
 	NOTE: https://www.openwall.com/lists/oss-security/2026/05/20/5
 	NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2026-44608.txt
 CVE-2026-44390 (NLnet Labs Unbound up to and including version 1.25.0 has a vulnerabil ...)
+	{DSA-6304-1}
 	- unbound 1.25.1-1 (bug #1137187)
 	NOTE: https://www.openwall.com/lists/oss-security/2026/05/20/5
 	NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2026-44390.txt
 CVE-2026-42960 (NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to ...)
+	{DSA-6304-1}
 	- unbound 1.25.1-1 (bug #1137187)
 	NOTE: https://www.openwall.com/lists/oss-security/2026/05/20/5
 	NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2026-42960.txt
 CVE-2026-42923 (NLnet Labs Unbound up to and including version 1.25.0 has a vulnerabil ...)
+	{DSA-6304-1}
 	- unbound 1.25.1-1 (bug #1137187)
 	NOTE: https://www.openwall.com/lists/oss-security/2026/05/20/5
 	NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2026-42923.txt
 CVE-2026-42534 (NLnet Labs Unbound up to and including version 1.25.0 has a vulnerabil ...)
+	{DSA-6304-1}
 	- unbound 1.25.1-1 (bug #1137187)
 	NOTE: https://www.openwall.com/lists/oss-security/2026/05/20/5
 	NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2026-42534.txt
 CVE-2026-41292 (NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to ...)
+	{DSA-6304-1}
 	- unbound 1.25.1-1 (bug #1137187)
 	NOTE: https://www.openwall.com/lists/oss-security/2026/05/20/5
 	NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2026-41292.txt
 CVE-2026-40622 (NLnet Labs Unbound 1.16.2 up to and including version 1.25.0 has a vul ...)
+	{DSA-6304-1}
 	- unbound 1.25.1-1 (bug #1137187)
 	NOTE: https://www.openwall.com/lists/oss-security/2026/05/20/5
 	NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2026-40622.txt
 CVE-2026-32792 (NLnet Labs Unbound 1.6.2 up to and including version 1.25.0 has a deni ...)
+	{DSA-6304-1}
 	- unbound 1.25.1-1 (bug #1137187; unimportant)
 	NOTE: https://www.openwall.com/lists/oss-security/2026/05/20/5
 	NOTE: Debian binary packages not built with DNSCrypt support ('--enable-dnscrypt')
 	NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2026-32792.txt
 CVE-2026-42959 (NLnet Labs Unbound up to and including version 1.25.0 has a denial of  ...)
+	{DSA-6304-1}
 	- unbound 1.25.1-1 (bug #1137187)
 	NOTE: https://www.openwall.com/lists/oss-security/2026/05/20/5
 	NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2026-42959.txt
 CVE-2026-42944 (NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a vul ...)
+	{DSA-6304-1}
 	- unbound 1.25.1-1 (bug #1137187)
 	NOTE: https://www.openwall.com/lists/oss-security/2026/05/20/5
 	NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2026-42944.txt
 CVE-2026-33278 (NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vul ...)
+	{DSA-6304-1}
 	- unbound 1.25.1-1 (bug #1137187)
 	NOTE: https://www.openwall.com/lists/oss-security/2026/05/20/5
 	NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2026-33278.txt
@@ -5748,7 +5928,7 @@ CVE-2025-65954 (SimpleSAMLphp-casserver is a CAS 1.0 and 2.0 compliant CAS serve
 	NOT-FOR-US: SimpleSAMLphp-casserver
 CVE-2025-15609 (The Fortis for WooCommerce WordPress plugin before 1.3.1 may leak sens ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2026-45137
+CVE-2026-45137 (Anchor is a framework providing several convenient developer tools for ...)
 	NOT-FOR-US: Rust anchor-lang
 	NOTE: https://rustsec.org/advisories/RUSTSEC-2026-0144.html
 CVE-2026-8843 (Creating a "2dsphere_bucket" index on a non-timeseries bucket collecti ...)
@@ -127043,6 +127223,7 @@ CVE-2025-8770 (An issue has been discovered in GitLab EE affecting all versions
 CVE-2025-8754 (Missing Authentication for Critical Function vulnerability in ABB ABB  ...)
 	NOT-FOR-US: ABB group
 CVE-2025-8671 (A mismatch caused by client-triggered server-sent stream resets betwee ...)
+	{DSA-6303-1}
 	- h2o <removed>
 	[bookworm] - h2o <no-dsa> (Minor issue)
 	[bullseye] - h2o <postponed> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c7d2f185a9d75b1632a92a38501aae8a9962d9a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c7d2f185a9d75b1632a92a38501aae8a9962d9a
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260528/5a6f9da2/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list