Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
eb7dddb4 by security tracker role at 2026-06-27T19:13:35+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,41 @@
+CVE-2026-9242 (The RegistrationMagic \u2013 Custom Registration Forms, User
Registrat ...)
+ TODO: check
+CVE-2026-9233 (The Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey
Maker plu ...)
+ TODO: check
+CVE-2026-49417 (Second, the audio buffer backing a mapping could be freed when
the dev ...)
+ TODO: check
+CVE-2026-49416 (The CONS_HISTORY ioctl handler did not adequately validate the
request ...)
+ TODO: check
+CVE-2026-49414 (The ELF image activator cleared per-process ASLR preference
flags for ...)
+ TODO: check
+CVE-2026-49413 (The Linuxulator determined whether a binary was set-user-ID or
set-gro ...)
+ TODO: check
+CVE-2026-49412 (The kernel handler for IPV6_MSFILTER dropped a serializing
lock in ord ...)
+ TODO: check
+CVE-2026-45259 (sigqueue(2) was marked as permitted in capability mode with
the introd ...)
+ TODO: check
+CVE-2026-45258 (dsp_mmap_single() validated the requested mapping by checking
the sum ...)
+ TODO: check
+CVE-2026-3462 (The Frisbii Pay plugin for WordPress is vulnerable to
unauthorized mod ...)
+ TODO: check
+CVE-2026-13295 (The Page Builder by SiteOrigin plugin for WordPress is
vulnerable to S ...)
+ TODO: check
+CVE-2026-12471 (The Spexo theme for WordPress is vulnerable to unauthorized
access due ...)
+ TODO: check
+CVE-2026-12432 (The WP Full Stripe Free plugin for WordPress is vulnerable to
Missing ...)
+ TODO: check
+CVE-2026-12399 (The Gutenverse \u2013 WordPress Blocks, Page Builder & Site
Editor plu ...)
+ TODO: check
+CVE-2026-11987 (The Dokan: AI Powered WooCommerce Multivendor Marketplace
Solution \u2 ...)
+ TODO: check
+CVE-2026-11783 (The Dokan: AI Powered WooCommerce Multivendor Marketplace
Solution \u2 ...)
+ TODO: check
+CVE-2026-11773 (The Masteriyo LMS \u2013 LMS Course Builder, Quizzes &
Certificates pl ...)
+ TODO: check
+CVE-2026-11597 (The Surbma | Infusionsoft Shortcode plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2026-11364 (The Product Specifications for WooCommerce plugin for
WordPress is vul ...)
+ TODO: check
CVE-2026-XXXX [Out-of-bounds bit clears for negative Matroska ReadOrder values]
- libass 1:0.17.5-1
[trixie] - libass <not-affected> (Vulnerable code not present)
@@ -1101,32 +1139,40 @@ CVE-2021-47986 (Parse Server before 4.10.0 contains a
supply chain vulnerability
CVE-2020-37256 (Grav before 1.6.30 contains a cross-site scripting
vulnerability in th ...)
TODO: check
CVE-2026-48750
+ {DSA-6370-1}
- incus 7.0.0-5
NOTE:
https://github.com/lxc/incus/security/advisories/GHSA-73hr-m85f-64v9
CVE-2026-48751
+ {DSA-6370-1}
- incus 7.0.0-5
NOTE:
https://github.com/lxc/incus/security/advisories/GHSA-48q5-w887-33wv
CVE-2026-48752
+ {DSA-6370-1}
- incus 7.0.0-5
NOTE:
https://github.com/lxc/incus/security/advisories/GHSA-vxp5-584q-c479
NOTE:
https://github.com/lxc/incus/commit/cbefa31ae0da8fd96361178aed3a3c631e098fef
(v7.2.0)
CVE-2026-48755
+ {DSA-6370-1}
- incus 7.0.0-5
NOTE:
https://github.com/lxc/incus/security/advisories/GHSA-v6mj-8pf4-hhw4
NOTE:
https://github.com/lxc/incus/commit/873a032a461df6b09b7586435b592873863a4e88
(v7.2.0)
CVE-2026-48769
+ {DSA-6370-1}
- incus 7.0.0-5
NOTE:
https://github.com/lxc/incus/security/advisories/GHSA-f6m5-xw2g-xc4x
NOTE:
https://github.com/lxc/incus/commit/46d6ef232186df5535c49ca9f3597cab381f9b86
(v7.2.0)
CVE-2026-55621
+ {DSA-6370-1}
- incus 7.0.0-5
NOTE:
https://github.com/lxc/incus/security/advisories/GHSA-64f3-v33m-w89f
NOTE:
https://github.com/lxc/incus/commit/2e01078366e2653712719dec82318e51c6d21b28
(v7.2.0)
CVE-2026-55622
+ {DSA-6370-1}
- incus 7.0.0-5
NOTE:
https://github.com/lxc/incus/security/advisories/GHSA-c9f5-j9c3-mhrg
NOTE:
https://github.com/lxc/incus/commit/1e3ffc53a10950e55de62ac1e0d612be597b84eb
(v7.2.0)
CVE-2026-48749
+ {DSA-6370-1}
- incus 7.0.0-5
NOTE:
https://github.com/lxc/incus/security/advisories/GHSA-2q3f-q5pq-g8wv
CVE-2026-XXXX [ZSA-2026-12]
@@ -2620,75 +2666,75 @@ CVE-2026-13311 (shell-quote prior to 1.8.5 finalizes
parsed tokens in parse() us
NOTE:
https://github.com/ljharb/shell-quote/security/advisories/GHSA-395f-4hp3-45gv
NOTE: Fixed by:
https://github.com/ljharb/shell-quote/commit/7ff5488599d01c323514f02f5efb74088dd134ec
(v1.9.0)
CVE-2026-13038 (Use after free in Autofill in Google Chrome on Windows prior
to 149.0. ...)
- {DSA-6364-1}
+ {DSA-6364-1 DLA-4654-1}
- chromium 149.0.7827.196-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-13037 (Use after free in WebView in Google Chrome on Android prior to
149.0.7 ...)
- {DSA-6364-1}
+ {DSA-6364-1 DLA-4654-1}
- chromium 149.0.7827.196-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-13036 (Use after free in Blink in Google Chrome prior to
149.0.7827.197 allow ...)
- {DSA-6364-1}
+ {DSA-6364-1 DLA-4654-1}
- chromium 149.0.7827.196-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-13035 (Use after free in Bluetooth in Google Chrome on Mac prior to
149.0.782 ...)
- {DSA-6364-1}
+ {DSA-6364-1 DLA-4654-1}
- chromium 149.0.7827.196-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-13034 (Inappropriate implementation in Passwords in Google Chrome
prior to 14 ...)
- {DSA-6364-1}
+ {DSA-6364-1 DLA-4654-1}
- chromium 149.0.7827.196-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-13033 (Out of bounds read and write in Blink>InterestGroups in Google
Chrome ...)
- {DSA-6364-1}
+ {DSA-6364-1 DLA-4654-1}
- chromium 149.0.7827.196-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-13032 (Use after free in WebGL in Google Chrome on Android prior to
149.0.782 ...)
- {DSA-6364-1}
+ {DSA-6364-1 DLA-4654-1}
- chromium 149.0.7827.196-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-13031 (Use after free in Blink in Google Chrome prior to
149.0.7827.197 allow ...)
- {DSA-6364-1}
+ {DSA-6364-1 DLA-4654-1}
- chromium 149.0.7827.196-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-13030 (Uninitialized Use in GPU in Google Chrome on Android prior to
149.0.78 ...)
- {DSA-6364-1}
+ {DSA-6364-1 DLA-4654-1}
- chromium 149.0.7827.196-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-13029 (Use after free in Web Authentication in Google Chrome prior to
149.0.7 ...)
- {DSA-6364-1}
+ {DSA-6364-1 DLA-4654-1}
- chromium 149.0.7827.196-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-13028 (Use after free in WebGL in Google Chrome on Android prior to
149.0.782 ...)
- {DSA-6364-1}
+ {DSA-6364-1 DLA-4654-1}
- chromium 149.0.7827.196-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-13027 (Use after free in FileSystem in Google Chrome prior to
149.0.7827.197 ...)
- {DSA-6364-1}
+ {DSA-6364-1 DLA-4654-1}
- chromium 149.0.7827.196-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-13026 (Use after free in Digital Credentials in Google Chrome on Mac
prior to ...)
- {DSA-6364-1}
+ {DSA-6364-1 DLA-4654-1}
- chromium 149.0.7827.196-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-13025 (Race in DevTools in Google Chrome prior to 149.0.7827.197
allowed a re ...)
- {DSA-6364-1}
+ {DSA-6364-1 DLA-4654-1}
- chromium 149.0.7827.196-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-13024 (Insufficient validation of untrusted input in Navigation in
Google Chr ...)
- {DSA-6364-1}
+ {DSA-6364-1 DLA-4654-1}
- chromium 149.0.7827.196-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-13023 (Uninitialized Use in GPU in Google Chrome prior to
149.0.7827.197 allo ...)
- {DSA-6364-1}
+ {DSA-6364-1 DLA-4654-1}
- chromium 149.0.7827.196-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-13022 (Inappropriate implementation in Autofill in Google Chrome
prior to 149 ...)
- {DSA-6364-1}
+ {DSA-6364-1 DLA-4654-1}
- chromium 149.0.7827.196-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-13021 (Inappropriate implementation in DeviceBoundSessionCredentials
in Googl ...)
- {DSA-6364-1}
+ {DSA-6364-1 DLA-4654-1}
- chromium 149.0.7827.196-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12635 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
@@ -18428,6 +18474,7 @@ CVE-2018-25428 (Paroiciel 11.20 contains an SQL
injection vulnerability that all
CVE-2018-25427 (Arm Whois 3.11 contains a stack-based buffer overflow
vulnerability th ...)
NOT-FOR-US: Arm whois
CVE-2026-50256 (A stack-based buffer overflow flaw was found in the X.Org X
server and ...)
+ {DSA-6371-1}
- xorg-server 2:21.1.23-1 (bug #1138680)
- xwayland 2:24.1.12-1 (bug #1138703)
[trixie] - xwayland <ignored> (Minor issue; Xwayland shouldn't be
running as root)
@@ -18436,6 +18483,7 @@ CVE-2026-50256 (A stack-based buffer overflow flaw was
found in the X.Org X serv
NOTE: Fixed by:
https://gitlab.freedesktop.org/xorg/xserver/-/commit/bb5158f962dc935e58ef8b4b5fcb31be201a6e07
NOTE: Fixed by:
https://gitlab.freedesktop.org/xorg/xserver/-/commit/a569eb4f36ed96a9e445ececd7e8d98c223461a0
(xorg-server-21.1.23)
CVE-2026-50257 (A use-after-free flaw was found in the X.Org X server and
Xwayland in ...)
+ {DSA-6371-1}
- xorg-server 2:21.1.23-1 (bug #1138680)
- xwayland 2:24.1.12-1 (bug #1138703)
[trixie] - xwayland <ignored> (Minor issue; Xwayland shouldn't be
running as root)
@@ -18444,6 +18492,7 @@ CVE-2026-50257 (A use-after-free flaw was found in the
X.Org X server and Xwayla
NOTE: Fixed by:
https://gitlab.freedesktop.org/xorg/xserver/-/commit/f5abfb61994471023d8c6470428c8e30c411cc0b
NOTE: Fixed by:
https://gitlab.freedesktop.org/xorg/xserver/-/commit/f304b57444be3991fd9d3389f309c6eeb056a6c4
(xorg-server-21.1.23)
CVE-2026-50258 (A stack-based buffer overflow flaw was found in the X.Org X
server and ...)
+ {DSA-6371-1}
- xorg-server 2:21.1.23-1 (bug #1138680)
- xwayland 2:24.1.12-1 (bug #1138703)
[trixie] - xwayland <ignored> (Minor issue; Xwayland shouldn't be
running as root)
@@ -18452,6 +18501,7 @@ CVE-2026-50258 (A stack-based buffer overflow flaw was
found in the X.Org X serv
NOTE: Fixed by:
https://gitlab.freedesktop.org/xorg/xserver/-/commit/543e108516428fc8c3bea91d6563ad266f9a801e
NOTE: Fixed by:
https://gitlab.freedesktop.org/xorg/xserver/-/commit/eced7e74cad4a46c3a3c17b2df13b70b8bedfc25
(xorg-server-21.1.23)
CVE-2026-50259 (A stack-based buffer overflow flaw was found in the X.Org X
server and ...)
+ {DSA-6371-1}
- xorg-server 2:21.1.23-1 (bug #1138680)
- xwayland 2:24.1.12-1 (bug #1138703)
[trixie] - xwayland <ignored> (Minor issue; Xwayland shouldn't be
running as root)
@@ -18460,6 +18510,7 @@ CVE-2026-50259 (A stack-based buffer overflow flaw was
found in the X.Org X serv
NOTE: Fixed by:
https://gitlab.freedesktop.org/xorg/xserver/-/commit/867b59b33bee669cb412f1314e47c52eacf6e00b
NOTE: Fixed by:
https://gitlab.freedesktop.org/xorg/xserver/-/commit/54c3d9fad0f2f97835da9d275b53255f4963029f
(xorg-server-21.1.23)
CVE-2026-50260 (A use-after-free flaw was found in the X.Org X server and
Xwayland in ...)
+ {DSA-6371-1}
- xorg-server 2:21.1.23-1 (bug #1138680)
- xwayland 2:24.1.12-1 (bug #1138703)
[trixie] - xwayland <ignored> (Minor issue; Xwayland shouldn't be
running as root)
@@ -18468,6 +18519,7 @@ CVE-2026-50260 (A use-after-free flaw was found in the
X.Org X server and Xwayla
NOTE: Fixed by:
https://gitlab.freedesktop.org/xorg/xserver/-/commit/f5abfb61994471023d8c6470428c8e30c411cc0b
NOTE: Fixed by:
https://gitlab.freedesktop.org/xorg/xserver/-/commit/f304b57444be3991fd9d3389f309c6eeb056a6c4
(xorg-server-21.1.23)
CVE-2026-50261 (A use-after-free flaw was found in the X.Org X server and
Xwayland in ...)
+ {DSA-6371-1}
- xorg-server 2:21.1.23-1 (bug #1138680)
- xwayland 2:24.1.12-1 (bug #1138703)
[trixie] - xwayland <ignored> (Minor issue; Xwayland shouldn't be
running as root)
@@ -18476,6 +18528,7 @@ CVE-2026-50261 (A use-after-free flaw was found in the
X.Org X server and Xwayla
NOTE: Fixed by:
https://gitlab.freedesktop.org/xorg/xserver/-/commit/bdd7bf57af208b1ddf57d4683d67104443b44812
NOTE: Fixed by:
https://gitlab.freedesktop.org/xorg/xserver/-/commit/92a167ab3fda0bee41cf97f6a40a4c01c67d85d4
(xorg-server-21.1.23)
CVE-2026-50262 (An out-of-bounds read flaw was found in the X.Org X server and
Xwaylan ...)
+ {DSA-6371-1}
- xorg-server 2:21.1.23-1 (bug #1138680)
- xwayland 2:24.1.12-1 (bug #1138703)
[trixie] - xwayland <ignored> (Minor issue; Xwayland shouldn't be
running as root)
@@ -18484,6 +18537,7 @@ CVE-2026-50262 (An out-of-bounds read flaw was found in
the X.Org X server and X
NOTE: Fixed by:
https://gitlab.freedesktop.org/xorg/xserver/-/commit/6d459e4daf715bea8abdafa8fb130be2f8a1d145
NOTE: Fixed by:
https://gitlab.freedesktop.org/xorg/xserver/-/commit/94341bd715d62ba8da4c1851f517018996da1af8
(xorg-server-21.1.23)
CVE-2026-50263 (A use-after-free flaw was found in the X.Org X server and
Xwayland in ...)
+ {DSA-6371-1}
- xorg-server 2:21.1.23-1 (bug #1138680)
- xwayland 2:24.1.12-1 (bug #1138703)
[trixie] - xwayland <ignored> (Minor issue; Xwayland shouldn't be
running as root)
@@ -18492,6 +18546,7 @@ CVE-2026-50263 (A use-after-free flaw was found in the
X.Org X server and Xwayla
NOTE: Fixed by:
https://gitlab.freedesktop.org/xorg/xserver/-/commit/ecc634f1b2f7aa473d3a267eada98c4918bf9e05
NOTE: Fixed by:
https://gitlab.freedesktop.org/xorg/xserver/-/commit/182c23f780402062ab31963776a19d5b87e25ac8
(xorg-server-21.1.23)
CVE-2026-50264 (An out-of-bounds write flaw was found in the X.Org X server
and Xwayla ...)
+ {DSA-6371-1}
- xorg-server 2:21.1.23-1 (bug #1138680)
- xwayland 2:24.1.12-1 (bug #1138703)
[trixie] - xwayland <ignored> (Minor issue; Xwayland shouldn't be
running as root)
@@ -20816,6 +20871,7 @@ CVE-2025-14042 (The Automotive Car Dealership Business
WordPress Theme for WordP
CVE-2025-11993 (The WooCommerce Infinite Scroll and Ajax Pagination plugin for
WordPre ...)
NOT-FOR-US: WordPress plugin
CVE-2026-48756
+ {DSA-6370-1}
- incus 7.0.0-2
- lxd <removed>
[trixie] - lxd <no-dsa> (Minor issue)
@@ -25160,7 +25216,7 @@ CVE-2026-9498 (A vulnerability has been found in
Dromara lamp-cloud up to 5.6.2.
NOT-FOR-US: Dromara lamp-cloud
CVE-2026-9497 (A flaw has been found in changmingxie tcc-transaction up to
2.1.0. Thi ...)
NOT-FOR-US: changmingxie tcc-transaction
-CVE-2026-9496 (Versions of the package pacote from 11.2.7 are vulnerable to
Denial of ...)
+CVE-2026-9496 (Versions of the package pacote from 11.2.7 and before 21.5.1
are vulne ...)
- npm <unfixed> (bug #1139159)
[trixie] - npm <no-dsa> (Minor issue)
[bookworm] - npm <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eb7dddb4b48391c5e77ddb3c703bf2f75fa9431d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eb7dddb4b48391c5e77ddb3c703bf2f75fa9431d
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits