Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f4a5975d by security tracker role at 2026-06-09T07:13:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,226 +1,398 @@
-CVE-2026-11628
+CVE-2026-9662 (The Recover Exit For WooCommerce plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2026-9185 (The 6Storage Rentals plugin for WordPress is vulnerable to
Authorizati ...)
+ TODO: check
+CVE-2026-8981 (The Custom Block Builder WordPress plugin before 4.3.0 does
not consi ...)
+ TODO: check
+CVE-2026-8977 (The WP GDPR Cookie Consent plugin for WordPress is vulnerable
to Store ...)
+ TODO: check
+CVE-2026-8940 (The WP Meta Sort Posts plugin for WordPress is vulnerable to
Cross-Sit ...)
+ TODO: check
+CVE-2026-8910 (The WP Emoticon Rating plugin for WordPress is vulnerable to
Cross-Sit ...)
+ TODO: check
+CVE-2026-8909 (The WpMobi plugin for WordPress is vulnerable to Cross-Site
Request Fo ...)
+ TODO: check
+CVE-2026-8907 (The WP-Ultimate-Map plugin for WordPress is vulnerable to
Cross-Site R ...)
+ TODO: check
+CVE-2026-8904 (The FastPicker, an order picker and order management system
(oms) for ...)
+ TODO: check
+CVE-2026-8902 (The AJAX Report Comments plugin for WordPress is vulnerable to
Cross-S ...)
+ TODO: check
+CVE-2026-8895 (The kk blog card plugin for WordPress is vulnerable to Stored
Cross-Si ...)
+ TODO: check
+CVE-2026-8883 (The Global Body Mass Index Calculator plugin for WordPress is
vulnerab ...)
+ TODO: check
+CVE-2026-8882 (The WP ApplicantStack Jobs Display plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2026-8880 (The RomanCart Ecommerce plugin for WordPress is vulnerable to
Stored C ...)
+ TODO: check
+CVE-2026-8841 (The Extra Settings for RocketChat plugin for WordPress is
vulnerable t ...)
+ TODO: check
+CVE-2026-8795 (A YAML injection vulnerability exists in the
Windows.Collectors.Remapp ...)
+ TODO: check
+CVE-2026-8499 (The Helpfulcrowd Product Reviews plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2026-7662 (The ePaperFlip Publisher plugin for WordPress is vulnerable to
Stored ...)
+ TODO: check
+CVE-2026-7556 (The FV Flowplayer Video Player plugin for WordPress is
vulnerable to S ...)
+ TODO: check
+CVE-2026-5714 (The Enable Media Replace plugin for WordPress is vulnerable to
Stored ...)
+ TODO: check
+CVE-2026-5067 (A remote, unauthenticated attacker can trigger memory
corruption in Ze ...)
+ TODO: check
+CVE-2026-4986 (The WPForms WordPress plugin before 1.10.0.5 does not verify
the auth ...)
+ TODO: check
+CVE-2026-49141 (WACRM prior to commit 73041bf contain an authorization bypass
vulnerab ...)
+ TODO: check
+CVE-2026-47345 (Namespace attributes are not encoded correctly during HTML
serializati ...)
+ TODO: check
+CVE-2026-47344 (When ALLOW_INSECURE_RAW_TEXT is enabled, whitespace-variant
closing ta ...)
+ TODO: check
+CVE-2026-46484 (Headplane is a feature-complete Web UI for Headscale. Prior to
version ...)
+ TODO: check
+CVE-2026-44757 (SAP Wily Introscope Enterprise Manager allows an
unauthenticated attac ...)
+ TODO: check
+CVE-2026-44755 (SAP Business Objects Business Intelligence Platform does not
sufficien ...)
+ TODO: check
+CVE-2026-44754 (The Remote Function Call (RFC) modules of the Operational Data
Provisi ...)
+ TODO: check
+CVE-2026-44751 (Application server ABAP does not perform necessary
authorization check ...)
+ TODO: check
+CVE-2026-44750 (SAP MDG (Review Match Groups Application) does not perform the
necessa ...)
+ TODO: check
+CVE-2026-44748 (SAP NetWeaver Application Server ABAP and ABAP Platform allows
an auth ...)
+ TODO: check
+CVE-2026-44746 (Due to a reflected cross-site scripting (XSS) vulnerability in
SAP Net ...)
+ TODO: check
+CVE-2026-44744 (SAP S/4HANA(On-Premise) contains SQL injection vulnerability
in a remo ...)
+ TODO: check
+CVE-2026-44743 (Under certain conditions, when an unauthorized attacker
accesses a spe ...)
+ TODO: check
+CVE-2026-44541 (Fides is an open-source privacy engineering platform. From
version 2.3 ...)
+ TODO: check
+CVE-2026-41980 (Permission control vulnerability in the file preview
module.Impact: Su ...)
+ TODO: check
+CVE-2026-41979 (Permission control vulnerability in the print module.Impact:
Successfu ...)
+ TODO: check
+CVE-2026-41978 (Permission control vulnerability in the clone module.Impact:
Successfu ...)
+ TODO: check
+CVE-2026-41975 (Permission management vulnerability in the network management
module.I ...)
+ TODO: check
+CVE-2026-41855 (In an untrusted JMS environment,
org.springframework.jms.support.conve ...)
+ TODO: check
+CVE-2026-41854 (Due to incorrect host parsing, applications that rely on
UriComponents ...)
+ TODO: check
+CVE-2026-41853 (Spring MVC and WebFlux applications are vulnerable to
Multipart reques ...)
+ TODO: check
+CVE-2026-41852 (A vulnerability in Spring Expression Language (SpEL)
evaluation logic ...)
+ TODO: check
+CVE-2026-41851 (Applications which accept user-supplied Spring Expression
Language (Sp ...)
+ TODO: check
+CVE-2026-41850 (Applications that evaluate user-supplied Spring Expression
Language (S ...)
+ TODO: check
+CVE-2026-41849 (An integer overflow vulnerability exists in the evaluation
logic of th ...)
+ TODO: check
+CVE-2026-41848 (Applications may be vulnerable to a Regular Expression Denial
of Servi ...)
+ TODO: check
+CVE-2026-41847 (Spring WebFlux applications may be vulnerable to a security
bypass whe ...)
+ TODO: check
+CVE-2026-41846 (Spring MVC applications which accept user-supplied values in
the cssCl ...)
+ TODO: check
+CVE-2026-41845 (Due to incorrect escaping, the use of
JavaScriptUtils.javaScriptEscape ...)
+ TODO: check
+CVE-2026-41844 (A Spring MVC or Spring WebFlux application which configures a
mapping ...)
+ TODO: check
+CVE-2026-41843 (Spring MVC and WebFlux applications are vulnerable to Path
Traversal a ...)
+ TODO: check
+CVE-2026-41842 (Spring MVC and WebFlux applications are vulnerable to Denial
of Servic ...)
+ TODO: check
+CVE-2026-41841 (Spring MVC and WebFlux applications are vulnerable to
Information Disc ...)
+ TODO: check
+CVE-2026-41840 (Spring WebFlux applications are vulnerable to Denial of
Service (DoS) ...)
+ TODO: check
+CVE-2026-41839 (A WebFlux application with a compromised subdomain (for
example, compr ...)
+ TODO: check
+CVE-2026-41838 (IDs for WebSocket sessions in the spring-websocket module are
not cryp ...)
+ TODO: check
+CVE-2026-41720 (Spring LDAP's DirContextAuthenticationStrategy implementations
do not ...)
+ TODO: check
+CVE-2026-41715 (In specific scenarios involving HTTP redirects from a secure
to an ins ...)
+ TODO: check
+CVE-2026-41710 (An attacker can craft a large number of unique requests that
trigger a ...)
+ TODO: check
+CVE-2026-41539 (A cross-site scripting (XSS) vulnerability has been reported
to affect ...)
+ TODO: check
+CVE-2026-41007 (Spring HATEOAS maintains an unbounded static cache of
StringLinkRelati ...)
+ TODO: check
+CVE-2026-41006 (Spring HATEOAS's internal
PropertyUtils.createObjectFromProperties met ...)
+ TODO: check
+CVE-2026-40984 (In Micrometer, it is possible for a user to provide specially
crafted ...)
+ TODO: check
+CVE-2026-40983 (In Micrometer, it is possible for a user to provide specially
crafted ...)
+ TODO: check
+CVE-2026-40519 (Nginx Proxy Manager versions 2.9.14 through 2.15.1, fixed in
commit a5 ...)
+ TODO: check
+CVE-2026-40128 (SAP NetWeaver Application Server Java (Web Container) allows
an unauth ...)
+ TODO: check
+CVE-2026-27671 (Due to improper RFC protocol validation in the SAP Kernel used
by the ...)
+ TODO: check
+CVE-2026-26236 (A missing authorization vulnerability has been reported to
affect QuMa ...)
+ TODO: check
+CVE-2026-24315 (SAP Fiori Launchpad allows attackers to craft malicious URLs
that trig ...)
+ TODO: check
+CVE-2026-11623 (A security vulnerability has been detected in tmux up to 3.6a.
Affecte ...)
+ TODO: check
+CVE-2026-11621 (A weakness has been identified in Dcat-Admin up to 2.2.3-beta.
This im ...)
+ TODO: check
+CVE-2026-11620 (A security flaw has been discovered in TOTOLINK EX200
4.0.3c.7646. Thi ...)
+ TODO: check
+CVE-2026-11619 (A vulnerability was identified in Dolibarr ERP CRM up to
23.0.2. The i ...)
+ TODO: check
+CVE-2026-11618 (A vulnerability was determined in DTStack Taier up to 1.4.0.
The affec ...)
+ TODO: check
+CVE-2026-11603 (The Product Filter Widget for Elementor plugin for WordPress
is vulner ...)
+ TODO: check
+CVE-2026-11585 (A vulnerability was determined in CodeAstro Student Attendance
Managem ...)
+ TODO: check
+CVE-2026-11584 (A vulnerability was found in CodeAstro Student Attendance
Management S ...)
+ TODO: check
+CVE-2026-11583 (A vulnerability has been found in CodeAstro Student Attendance
Managem ...)
+ TODO: check
+CVE-2026-11582 (A flaw has been found in CodeAstro Student Attendance
Management Syste ...)
+ TODO: check
+CVE-2026-11572 (Versions of the package degit before 2.8.6, from 3.0.0 and
before 3.3. ...)
+ TODO: check
+CVE-2026-10862 (The Accordions plugin for WordPress is vulnerable to Stored
Cross-Site ...)
+ TODO: check
+CVE-2026-10738 (The jQuery Hover Footnotes plugin for WordPress is vulnerable
to Store ...)
+ TODO: check
+CVE-2026-10553 (The jQuery Hover Footnotes plugin for WordPress is vulnerable
to Cross ...)
+ TODO: check
+CVE-2026-10024 (The TinyMCE shortcode Addon plugin for WordPress is vulnerable
to Stor ...)
+ TODO: check
+CVE-2026-11628 (Use after free in Ozone in Google Chrome prior to
149.0.7827.103 allow ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11629
+CVE-2026-11629 (Use after free in Ozone in Google Chrome prior to
149.0.7827.103 allow ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11630
+CVE-2026-11630 (Use after free in File Input in Google Chrome prior to
149.0.7827.103 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11631
+CVE-2026-11631 (Use after free in Aura in Google Chrome on Windows prior to
149.0.7827 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11632
+CVE-2026-11632 (Use after free in TabStrip in Google Chrome prior to
149.0.7827.103 al ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11633
+CVE-2026-11633 (Use after free in Bluetooth in Google Chrome on Mac prior to
149.0.782 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11634
+CVE-2026-11634 (Use after free in Gamepad in Google Chrome on Windows prior to
149.0.7 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11635
+CVE-2026-11635 (Use after free in Bluetooth in Google Chrome on Mac prior to
149.0.782 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11636
+CVE-2026-11636 (Use after free in Autofill in Google Chrome on Windows prior
to 149.0. ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11637
+CVE-2026-11637 (Use after free in Views in Google Chrome on Mac prior to
149.0.7827.10 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11638
+CVE-2026-11638 (Use after free in Printing in Google Chrome prior to
149.0.7827.103 al ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11639
+CVE-2026-11639 (Use after free in Compositing in Google Chrome on Mac prior to
149.0.7 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11640
+CVE-2026-11640 (Integer overflow in libyuv in Google Chrome prior to
149.0.7827.103 al ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11641
+CVE-2026-11641 (Use after free in Bluetooth in Google Chrome on Windows prior
to 149.0 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11642
+CVE-2026-11642 (Use after free in Web Apps in Google Chrome prior to
149.0.7827.103 al ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11643
+CVE-2026-11643 (Use after free in Proxy in Google Chrome prior to
149.0.7827.103 allow ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11644
+CVE-2026-11644 (Use after free in Views in Google Chrome on Linux prior to
149.0.7827. ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11645
+CVE-2026-11645 (Out of bounds read and write in V8 in Google Chrome prior to
149.0.782 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11646
+CVE-2026-11646 (Use after free in ViewTransitions in Google Chrome prior to
149.0.7827 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11647
+CVE-2026-11647 (Use after free in Printing in Google Chrome on Android prior
to 149.0. ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11648
+CVE-2026-11648 (Use after free in FullScreen in Google Chrome on Windows prior
to 149. ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11649
+CVE-2026-11649 (Use after free in V8 in Google Chrome prior to 149.0.7827.103
allowed ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11650
+CVE-2026-11650 (Use after free in V8 in Google Chrome prior to 149.0.7827.103
allowed ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11651
+CVE-2026-11651 (Use after free in Network in Google Chrome prior to
149.0.7827.103 all ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11652
+CVE-2026-11652 (Use after free in Extensions in Google Chrome prior to
149.0.7827.103 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11653
+CVE-2026-11653 (Inappropriate implementation in Extensions in Google Chrome
prior to 1 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11654
+CVE-2026-11654 (Use after free in CameraCapture in Google Chrome on Mac prior
to 149.0 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11655
+CVE-2026-11655 (Integer overflow in Media in Google Chrome on Mac prior to
149.0.7827. ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11656
+CVE-2026-11656 (Use after free in ServiceWorker in Google Chrome prior to
149.0.7827.1 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11657
+CVE-2026-11657 (Use after free in Payments in Google Chrome on Mac prior to
149.0.7827 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11658
+CVE-2026-11658 (Insufficient validation of untrusted input in Extensions in
Google Chr ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11659
+CVE-2026-11659 (Integer overflow in UI in Google Chrome on Linux prior to
149.0.7827.1 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11660
+CVE-2026-11660 (Insufficient validation of untrusted input in New Tab Page in
Google C ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11661
+CVE-2026-11661 (Use after free in Views in Google Chrome on Windows prior to
149.0.782 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11662
+CVE-2026-11662 (Type Confusion in Bindings in Google Chrome prior to
149.0.7827.103 al ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11663
+CVE-2026-11663 (Use after free in Skia in Google Chrome prior to
149.0.7827.103 allowe ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11664
+CVE-2026-11664 (Use after free in Payments in Google Chrome prior to
149.0.7827.103 al ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11665
+CVE-2026-11665 (Out of bounds read in Dawn in Google Chrome on Windows prior
to 149.0. ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11666
+CVE-2026-11666 (Insufficient validation of untrusted input in Input in Google
Chrome p ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11667
+CVE-2026-11667 (Out of bounds read in WebRTC in Google Chrome prior to
149.0.7827.103 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11668
+CVE-2026-11668 (Uninitialized Use in Codecs in Google Chrome on Linux,
ChromeOS prior ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11669
+CVE-2026-11669 (Out of bounds read in Media in Google Chrome on ChromeOS prior
to 149. ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11670
+CVE-2026-11670 (Use after free in PDF in Google Chrome prior to 149.0.7827.103
allowed ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11671
+CVE-2026-11671 (Use after free in Navigation in Google Chrome prior to
149.0.7827.103 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11672
+CVE-2026-11672 (Heap buffer overflow in GPU in Google Chrome on Android prior
to 149.0 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11673
+CVE-2026-11673 (Use after free in InterestGroups in Google Chrome prior to
149.0.7827. ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11674
+CVE-2026-11674 (Use after free in Guest View in Google Chrome prior to
149.0.7827.103 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11675
+CVE-2026-11675 (Out of bounds read in Skia in Google Chrome prior to
149.0.7827.103 al ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11676
+CVE-2026-11676 (Insufficient validation of untrusted input in Dawn in Google
Chrome on ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11677
+CVE-2026-11677 (Race in Network in Google Chrome on Mac prior to
149.0.7827.103 allowe ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11678
+CVE-2026-11678 (Integer overflow in libyuv in Google Chrome prior to
149.0.7827.103 al ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11679
+CVE-2026-11679 (Use after free in Codecs in Google Chrome on Windows prior to
149.0.78 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11680
+CVE-2026-11680 (Use after free in Media in Google Chrome on Windows prior to
149.0.782 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11681
+CVE-2026-11681 (Use after free in Ozone in Google Chrome on Linux prior to
149.0.7827. ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11682
+CVE-2026-11682 (Inappropriate implementation in Views in Google Chrome on
Linux prior ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11683
+CVE-2026-11683 (Use after free in WebCodecs in Google Chrome prior to
149.0.7827.103 a ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11684
+CVE-2026-11684 (Insufficient policy enforcement in Network in Google Chrome
prior to 1 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11685
+CVE-2026-11685 (Inappropriate implementation in MediaCapture in Google Chrome
on Mac p ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11686
+CVE-2026-11686 (Insufficient validation of untrusted input in Dawn in Google
Chrome on ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11687
+CVE-2026-11687 (Use after free in Dawn in Google Chrome on Mac prior to
149.0.7827.103 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11688
+CVE-2026-11688 (Inappropriate implementation in SVG in Google Chrome prior to
149.0.78 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11689
+CVE-2026-11689 (Insufficient policy enforcement in Passwords in Google Chrome
prior to ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11690
+CVE-2026-11690 (Out of bounds read and write in Media in Google Chrome on Mac
prior to ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11691
+CVE-2026-11691 (Insufficient validation of untrusted input in New Tab Page in
Google C ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11692
+CVE-2026-11692 (Use after free in Read Anything in Google Chrome prior to
149.0.7827.1 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11693
+CVE-2026-11693 (Inappropriate implementation in Plugins in Google Chrome prior
to 149. ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11694
+CVE-2026-11694 (Use after free in ServiceWorker in Google Chrome prior to
149.0.7827.1 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11695
+CVE-2026-11695 (Inappropriate implementation in Passwords in Google Chrome
prior to 14 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11696
+CVE-2026-11696 (Uninitialized Use in Video in Google Chrome on Windows prior
to 149.0. ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11697
+CVE-2026-11697 (Insufficient validation of untrusted input in UI in Google
Chrome prio ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11698
+CVE-2026-11698 (Use after free in Bluetooth in Google Chrome on Mac prior to
149.0.782 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11699
+CVE-2026-11699 (Use after free in Bluetooth in Google Chrome on Mac prior to
149.0.782 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11700
+CVE-2026-11700 (Use after free in Tracing in Google Chrome prior to
149.0.7827.103 all ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11701
+CVE-2026-11701 (Inappropriate implementation in Guest View in Google Chrome
prior to 1 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-9669
+CVE-2026-9669 (bz2.BZ2Decompressor objects could be reused after a
decompression erro ...)
- python3.14 <unfixed>
- python3.13 <unfixed>
- python3.11 <removed>
@@ -30756,12 +30928,12 @@ CVE-2025-36074 (IBM Security Verify Directory
(Container) 10.0.0 through 10.0.0.
NOT-FOR-US: IBM
CVE-2025-10549 (EfficientLab Controlio before v1.3.95 contains a DLL hijacking
vulnera ...)
NOT-FOR-US: EfficientLab Controlio
-CVE-2026-40215
+CVE-2026-40215 (A race condition in OpenVPN 2.6.0 through 2.6.19 and
2.7_alpha1 throug ...)
{DSA-6289-1}
- openvpn 2.7.2-1
NOTE:
https://community.openvpn.net/Security%20Announcements/CVE-2026-40215
NOTE: Fixed by:
https://github.com/OpenVPN/openvpn/commit/4a2c827c2536aa03a1d6c7cc916689a46c067187
(v2.7.2)
-CVE-2026-35058
+CVE-2026-35058 (Improper validation of packet length during tls-crypt-v2 key
extractio ...)
{DSA-6289-1}
- openvpn 2.7.2-1
NOTE:
https://community.openvpn.net/Security%20Announcements/CVE-2026-35058
@@ -40105,19 +40277,19 @@ CVE-2026-28386 (Issue summary: Applications using
AES-CFB128 encryption or decry
[bullseye] - openssl <not-affected> (Vulnerable code introduced later)
NOTE: https://openssl-library.org/news/secadv/20260407.txt
CVE-2026-28387 (Issue summary: An uncommon configuration of clients performing
DANE TL ...)
- {DSA-6201-1}
+ {DSA-6201-1 DLA-4624-1}
- openssl 3.6.2-1
NOTE: https://openssl-library.org/news/secadv/20260407.txt
CVE-2026-28388 (Issue summary: When a delta CRL that contains a Delta CRL
Indicator ex ...)
- {DSA-6201-1}
+ {DSA-6201-1 DLA-4624-1}
- openssl 3.6.2-1
NOTE: https://openssl-library.org/news/secadv/20260407.txt
CVE-2026-28389 (Issue summary: During processing of a crafted CMS
EnvelopedData messag ...)
- {DSA-6201-1}
+ {DSA-6201-1 DLA-4624-1}
- openssl 3.6.2-1
NOTE: https://openssl-library.org/news/secadv/20260407.txt
CVE-2026-28390 (Issue summary: During processing of a crafted CMS
EnvelopedData messag ...)
- {DSA-6201-1}
+ {DSA-6201-1 DLA-4624-1}
- openssl 3.6.2-1
NOTE: https://openssl-library.org/news/secadv/20260407.txt
CVE-2026-31789 (Issue summary: Converting an excessively large OCTET STRING
value to a ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f4a5975d297018b69962efc00496801deda966d9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f4a5975d297018b69962efc00496801deda966d9
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
