Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
48de3d64 by security tracker role at 2026-06-12T07:13:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,187 @@
+CVE-2026-9271 (Vulnerability Title)
+ TODO: check
+CVE-2026-9269 (The Secure Copy Content Protection and Content Locking
WordPress plugi ...)
+ TODO: check
+CVE-2026-9125 (The Presto Player plugin for WordPress is vulnerable to Stored
Cross-S ...)
+ TODO: check
+CVE-2026-6250 (An authenticated format string vulnerability exists in the
ONVIF servi ...)
+ TODO: check
+CVE-2026-53819 (OpenClaw before 2026.5.27 contains an arbitrary code execution
vulnera ...)
+ TODO: check
+CVE-2026-53818 (OpenClaw before 2026.4.24 contains an authorization bypass
vulnerabili ...)
+ TODO: check
+CVE-2026-53817 (OpenClaw before 2026.5.22 contains a locality validation
vulnerability ...)
+ TODO: check
+CVE-2026-53816 (OpenClaw before 2026.5.18 contains an insufficient provenance
validati ...)
+ TODO: check
+CVE-2026-53815 (OpenClaw before 2026.5.19 contains an authorization bypass
vulnerabili ...)
+ TODO: check
+CVE-2026-53814 (OpenClaw before 2026.5.20 contains a privilege escalation
vulnerabilit ...)
+ TODO: check
+CVE-2026-53813 (OpenClaw before 2026.4.25 contains a path traversal
vulnerability in m ...)
+ TODO: check
+CVE-2026-53812 (OpenClaw before 2026.5.18 contains a server-side request
forgery vulne ...)
+ TODO: check
+CVE-2026-53811 (OpenClaw before 2026.5.7 contains a privilege escalation
vulnerability ...)
+ TODO: check
+CVE-2026-53810 (OpenClaw before 2026.5.18 contains a code execution
vulnerability wher ...)
+ TODO: check
+CVE-2026-53809 (OpenClaw before 2026.4.25 contains a policy bypass
vulnerability in em ...)
+ TODO: check
+CVE-2026-53808 (OpenClaw before 2026.5.6 contains an approval policy bypass
vulnerabil ...)
+ TODO: check
+CVE-2026-53807 (OpenClaw before 2026.5.6 contains an authorization bypass
vulnerabilit ...)
+ TODO: check
+CVE-2026-53806 (OpenClaw before 2026.5.12 contains a shell option parsing
vulnerabilit ...)
+ TODO: check
+CVE-2026-53782 (Summarize before 0.17.0 contains a server-side request forgery
vulnera ...)
+ TODO: check
+CVE-2026-53781 (Summarize before 0.17.0 contains a resource exhaustion
vulnerability t ...)
+ TODO: check
+CVE-2026-50245 (Brickcom camerasallow unauthenticated access to live snapshot
images v ...)
+ TODO: check
+CVE-2026-50005 (Brickcom cameras ship with default credentials that allows any
unauthe ...)
+ TODO: check
+CVE-2026-49973 (Hermes WebUI before version 0.51.358 contains an improper
access contr ...)
+ TODO: check
+CVE-2026-49949 (CodexBar before 0.33.0 contains a credential forwarding
vulnerability ...)
+ TODO: check
+CVE-2026-49482 (ClipBucket v5 is an open source video sharing platform. Prior
to versi ...)
+ TODO: check
+CVE-2026-49060 (Incorrect Privilege Assignment vulnerability in Hippoo Mobile
App for ...)
+ TODO: check
+CVE-2026-48613 (SQL injection vulnerability in phpBB profile field migration
due to im ...)
+ TODO: check
+CVE-2026-48612 (Improper state verification in the OAuth implementation could
allow an ...)
+ TODO: check
+CVE-2026-48611 (Improper authentication checks in the OAuth implementation
allow accou ...)
+ TODO: check
+CVE-2026-48610 (Under certain network configurations, a malicious actor with
access to ...)
+ TODO: check
+CVE-2026-47370 (A malicious actor with access to the network and low
privileges could ...)
+ TODO: check
+CVE-2026-47369 (A malicious actor with access to the network and low
privileges could ...)
+ TODO: check
+CVE-2026-47368 (A malicious actor with access to the network could exploit a
Path Trav ...)
+ TODO: check
+CVE-2026-47367 (A malicious actor with access to the network and low
privileges could ...)
+ TODO: check
+CVE-2026-47366 (Improper verification of access permissions when modifying
permissions ...)
+ TODO: check
+CVE-2026-47365 (Argument injection vulnerability in WordPress Toolkit before
6.11.0 as ...)
+ TODO: check
+CVE-2026-47238 (ClipBucket v5 is an open source video sharing platform. Prior
to versi ...)
+ TODO: check
+CVE-2026-46622 (SolidInvoice is an open-source invoicing platform. Prior to
version 2. ...)
+ TODO: check
+CVE-2026-46489 (SolidInvoice is an open-source invoicing platform. Prior to
version 2. ...)
+ TODO: check
+CVE-2026-45802 (FPDI is a collection of PHP classes that facilitate reading
pages from ...)
+ TODO: check
+CVE-2026-45418 (ClipBucket v5 is an open source video sharing platform. Prior
to versi ...)
+ TODO: check
+CVE-2026-45175 (Idira Endpoint Privilege Manager Agent versions prior to 26.5
exhibit ...)
+ TODO: check
+CVE-2026-45174 (Idira Endpoint Privilege Manager Linux Agent versions prior to
26.5 al ...)
+ TODO: check
+CVE-2026-45173 (Idira Identity Browser Extension (Chrome, Firefox, and Edge
builds) ve ...)
+ TODO: check
+CVE-2026-45172 (Due to incomplete input validation in Idira Privileged Session
Manager ...)
+ TODO: check
+CVE-2026-45171 (Incomplete input validation and improperly configured folder
permissio ...)
+ TODO: check
+CVE-2026-45170 (Idira Privilege Cloud Connector versions prior 1.1.100504
under specif ...)
+ TODO: check
+CVE-2026-45169 (Idira Privileged Access Manager (PAM) Self-Hosted Vault
versions prior ...)
+ TODO: check
+CVE-2026-45060 (ClipBucket v5 is an open source video sharing platform. Prior
to versi ...)
+ TODO: check
+CVE-2026-44892 (Netty is a network application framework for development of
protocol s ...)
+ TODO: check
+CVE-2026-44890 (Netty is a network application framework for development of
protocol s ...)
+ TODO: check
+CVE-2026-44250 (Netty is a network application framework for development of
protocol s ...)
+ TODO: check
+CVE-2026-44249 (Netty is a network application framework for development of
protocol s ...)
+ TODO: check
+CVE-2026-42846 (ClipBucket v5 is an open source video sharing platform. Prior
to versi ...)
+ TODO: check
+CVE-2026-42653 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-42647 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2026-41005 (Cloud Foundry UAA incorrectly treated XML encryption to the
Service Pr ...)
+ TODO: check
+CVE-2026-39494 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2026-20746 (Virtual attribute handling in Ping Identity PingDirectory in
affected ...)
+ TODO: check
+CVE-2026-12060 (Heptabase developed by Hepta Platforms has a Exposed Dangerous
Method ...)
+ TODO: check
+CVE-2026-12059 (The SSH service of CelloOS developed by Cellopoint has an
Improper Acc ...)
+ TODO: check
+CVE-2026-12038
+ REJECTED
+CVE-2026-12035 (Use after free in Views in Google Chrome on Windows prior to
149.0.782 ...)
+ TODO: check
+CVE-2026-12034 (Insufficient validation of untrusted input in Linux Toolkit
Theming in ...)
+ TODO: check
+CVE-2026-12033 (Out of bounds read in VideoCapture in Google Chrome prior to
149.0.782 ...)
+ TODO: check
+CVE-2026-12032 (Inappropriate implementation in Passwords in Google Chrome on
Android ...)
+ TODO: check
+CVE-2026-12031 (Inappropriate implementation in Views in Google Chrome on
Windows prio ...)
+ TODO: check
+CVE-2026-12030 (Out of bounds write in GPU in Google Chrome on Android prior
to 149.0. ...)
+ TODO: check
+CVE-2026-12029 (Use after free in Video in Google Chrome on Windows prior to
149.0.782 ...)
+ TODO: check
+CVE-2026-12028 (Use after free in GPU in Google Chrome on Android prior to
149.0.7827. ...)
+ TODO: check
+CVE-2026-12027 (Inappropriate implementation in Headless in Google Chrome
prior to 149 ...)
+ TODO: check
+CVE-2026-12026 (Out of bounds read in Video in Google Chrome on ChromeOS prior
to 149. ...)
+ TODO: check
+CVE-2026-12025 (Insufficient validation of untrusted input in Network in
Google Chrome ...)
+ TODO: check
+CVE-2026-12024 (Insufficient policy enforcement in DevTools in Google Chrome
prior to ...)
+ TODO: check
+CVE-2026-12023 (Use after free in GPU in Google Chrome on Mac prior to
149.0.7827.115 ...)
+ TODO: check
+CVE-2026-12022 (Race in Safe Browsing in Google Chrome on Mac prior to
149.0.7827.115 ...)
+ TODO: check
+CVE-2026-12020 (Use after free in Autofill in Google Chrome on Mac prior to
149.0.7827 ...)
+ TODO: check
+CVE-2026-12019 (Heap buffer overflow in Codecs in Google Chrome on Linux and
ChromeOS ...)
+ TODO: check
+CVE-2026-12018 (Inappropriate implementation in Mojo in Google Chrome on
Windows prior ...)
+ TODO: check
+CVE-2026-12017 (Inappropriate implementation in Extensions in Google Chrome
prior to 1 ...)
+ TODO: check
+CVE-2026-12016 (Inappropriate implementation in DevTools in Google Chrome
prior to 149 ...)
+ TODO: check
+CVE-2026-12015 (Use after free in Autofill in Google Chrome prior to
149.0.7827.115 al ...)
+ TODO: check
+CVE-2026-12014 (Use after free in Cast in Google Chrome prior to
149.0.7827.115 allowe ...)
+ TODO: check
+CVE-2026-12013 (Use after free in Media in Google Chrome on Windows prior to
149.0.782 ...)
+ TODO: check
+CVE-2026-12012 (Use after free in Network in Google Chrome prior to
149.0.7827.115 all ...)
+ TODO: check
+CVE-2026-12011 (Use after free in WebMIDI in Google Chrome on Windows prior to
149.0.7 ...)
+ TODO: check
+CVE-2026-12010 (Heap buffer overflow in GPU in Google Chrome on Android prior
to 149.0 ...)
+ TODO: check
+CVE-2026-12009 (Insufficient validation of untrusted input in Accessibility in
Google ...)
+ TODO: check
+CVE-2026-12008 (Use after free in DigitalCredentials in Google Chrome prior to
149.0.7 ...)
+ TODO: check
+CVE-2026-12007 (Use after free in Core in Google Chrome on Windows prior to
149.0.7827 ...)
+ TODO: check
+CVE-2026-11933 (A use-after-free vulnerability exists in MongoDB Server's
server-side ...)
+ TODO: check
+CVE-2026-10676
+ REJECTED
CVE-2026-9694 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- gitlab <removed>
CVE-2026-9648 (The crypton-x509-validation Haskell library fails to enforce
X.509 Nam ...)
@@ -6122,7 +6306,7 @@ CVE-2026-46739 (Net::Statsd versions before 0.13 for Perl
allow metric injection
NOTE: Fixed by:
https://github.com/cosimo/perl5-net-statsd/commit/a10b10173d6751991b7ade14b86dd272439d2283
(0.13)
NOTE: Testcase:
https://github.com/cosimo/perl5-net-statsd/commit/583dfdf0385120768d6cfca7264a6ebf337ff377
(0.13)
CVE-2026-50292 (In libinput before 1.30.4 and 1.31.x before 1.31.3,
libinput-device-gr ...)
- {DSA-6339-1}
+ {DSA-6339-1 DLA-4626-1}
- libinput 1.31.3-1
NOTE: https://gitlab.freedesktop.org/libinput/libinput/-/work_items/1296
NOTE: Fixed by:
https://gitlab.freedesktop.org/libinput/libinput/-/commit/76f0d8a7f57e2868882864b4611281f12f704b55
(main)
@@ -9918,7 +10102,7 @@ CVE-2026-47753
[trixie] - incus <not-affected> (Vulnerable code not present)
NOTE: https://github.com/lxc/incus/pull/3425
NOTE:
https://github.com/lxc/incus/security/advisories/GHSA-8g7m-96c8-8wwc
-CVE-2026-52726 [dulwich: Submodule clone allows writing to arbitrary path]
+CVE-2026-52726 (Dulwich is a pure-Python implementation of the Git file
formats and pr ...)
- dulwich 1.2.5-1
NOTE:
https://github.com/jelmer/dulwich/security/advisories/GHSA-gfhv-vqv2-4544
NOTE:
https://github.com/jelmer/dulwich/commit/1ca18147a1d03b61c2ae203c46bf0b2a2f5dd421
(dulwich-1.2.5)
@@ -436891,6 +437075,7 @@ CVE-2022-1217 (The Custom TinyMCE Shortcode Button
WordPress plugin through 1.1
CVE-2022-1216 (The Advanced Image Sitemap WordPress plugin through 1.2 does
not sanit ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1215 (A format string vulnerability was found in libinput)
+ {DLA-4626-1}
- libinput 1.20.1-1
[buster] - libinput <no-dsa> (Minor issue)
[stretch] - libinput <not-affected> (Vulnerable code introduced later)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/48de3d64315e6713de0d53aace1df440eca69ca7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/48de3d64315e6713de0d53aace1df440eca69ca7
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
