[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat May 30 08:13:25 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
034768da by security tracker role at 2026-05-30T07:13:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,63 @@
+CVE-2026-9831 (A race condition in the shared Extreme Platform ONE IAM Gateway API-ke ...)
+ TODO: check
+CVE-2026-4387 (StrongDM Desktop Application before 23.74.0 (Desktop Client before 53. ...)
+ TODO: check
+CVE-2026-48811 (FreeScout is a free help desk and shared inbox built with PHP's Larave ...)
+ TODO: check
+CVE-2026-48810 (FreeScout is a free help desk and shared inbox built with PHP's Larave ...)
+ TODO: check
+CVE-2026-48557 (Spatie Laravel Media Library before version 11.23.0 contains a file up ...)
+ TODO: check
+CVE-2026-48555 (Spatie Laravel Media Library before version 11.23.0 contains a server- ...)
+ TODO: check
+CVE-2026-47266 (Formie is a Craft CMS plugin for creating forms. Prior to 2.2.21 and 3 ...)
+ TODO: check
+CVE-2026-47123 (FreeScout is a free help desk and shared inbox built with PHP's Larave ...)
+ TODO: check
+CVE-2026-46599 (The TIFF decoder does not place a limit on the size of PackBits-compre ...)
+ TODO: check
+CVE-2026-46527 (cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTT ...)
+ TODO: check
+CVE-2026-46385 (iskorotkov/avro is a fast Go Avro codec. Prior to 2.33.0, the Avro arr ...)
+ TODO: check
+CVE-2026-46384 (iskorotkov/avro is a fast Go Avro codec. Prior to 2.33.0, several Avro ...)
+ TODO: check
+CVE-2026-45700 (FreeRDP is a free implementation of the Remote Desktop Protocol. Prior ...)
+ TODO: check
+CVE-2026-45697 (Formie is a Craft CMS plugin for creating forms. Prior to 2.2.20 and 3 ...)
+ TODO: check
+CVE-2026-45613 (Rizin is a UNIX-like reverse engineering framework and command-line to ...)
+ TODO: check
+CVE-2026-45372 (cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTT ...)
+ TODO: check
+CVE-2026-45352 (cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTT ...)
+ TODO: check
+CVE-2026-45324 (Rizin is a UNIX-like reverse engineering framework and command-line to ...)
+ TODO: check
+CVE-2026-45294 (FreeScout is a free help desk and shared inbox built with PHP's Larave ...)
+ TODO: check
+CVE-2026-45151 (NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. ...)
+ TODO: check
+CVE-2026-45149 (The brace-expansion library generates arbitrary strings containing a c ...)
+ TODO: check
+CVE-2026-44640 (NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. ...)
+ TODO: check
+CVE-2026-44422 (FreeRDP is a free implementation of the Remote Desktop Protocol. Prior ...)
+ TODO: check
+CVE-2026-44421 (FreeRDP is a free implementation of the Remote Desktop Protocol. Prior ...)
+ TODO: check
+CVE-2026-44420 (FreeRDP is a free implementation of the Remote Desktop Protocol. Prior ...)
+ TODO: check
+CVE-2026-44287 (FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, the J ...)
+ TODO: check
+CVE-2026-44285 (FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, a Ser ...)
+ TODO: check
+CVE-2026-42500 (Decoding a paletted BMP file with an out-of-range palette index result ...)
+ TODO: check
+CVE-2026-34127 (A stored cross-site scripting (XSS) vulnerability has been identified ...)
+ TODO: check
+CVE-2026-10110 (A vulnerability was detected in code-projects Student Details Manageme ...)
+ TODO: check
CVE-2026-9811 (A stored Cross-Site Scripting (XSS) vulnerability exists in the projec ...)
NOT-FOR-US: Mautic
CVE-2026-9809 (A stored Cross-Site Scripting (XSS) vulnerability exists in the Projec ...)
@@ -420,7 +480,7 @@ CVE-2018-25383 (Free MP3 CD Ripper 2.8 contains a stack-based buffer overflow vu
TODO: check
CVE-2018-25382 (Zechat 1.5 contains an SQL injection vulnerability that allows unauthe ...)
TODO: check
-CVE-2026-48840 [PROXY-protocol uninitialised-stack information disclosure]
+CVE-2026-48840 (Exim 4.88 before 4.99.4, in some proxy configurations, mishandles cert ...)
{DSA-6309-1}
- exim4 4.99.3-2
NOTE: https://www.openwall.com/lists/oss-security/2026/05/29/3
@@ -36577,13 +36637,13 @@ CVE-2026-35093 (A flaw was found in libinput. A local attacker who can place a s
NOTE: Fixed by: https://gitlab.freedesktop.org/libinput/libinput/-/commit/49f9a815170fe4178cca8dd3a3e591486aa508a3 (1.31.1)
NOTE: Fixed by: https://gitlab.freedesktop.org/libinput/libinput/-/commit/7819c23eaf61b8501169b124baf984edcaf9e5ff (1.30.3)
CVE-2026-35092 (A flaw was found in Corosync. An integer overflow vulnerability in Cor ...)
- {DSA-6261-1}
+ {DSA-6261-1 DLA-4608-1}
- corosync 3.1.10-2 (bug #1133837)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2453814
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2453169
NOTE: https://github.com/corosync/corosync/commit/4082294f5094a7591e4e00658c5a605f05d644f1
CVE-2026-35091 (A flaw was found in Corosync. A remote unauthenticated attacker can ex ...)
- {DSA-6261-1}
+ {DSA-6261-1 DLA-4608-1}
- corosync 3.1.10-2 (bug #1133838)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2453813
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2453169
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/034768da58532c6d73f536c889bc611dfcfaae2b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/034768da58532c6d73f536c889bc611dfcfaae2b
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260530/2308e6a6/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list