[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jun 9 08:13:28 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f4a5975d by security tracker role at 2026-06-09T07:13:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,226 +1,398 @@
-CVE-2026-11628
+CVE-2026-9662 (The Recover Exit For WooCommerce plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2026-9185 (The 6Storage Rentals plugin for WordPress is vulnerable to Authorizati ...)
+ TODO: check
+CVE-2026-8981 (The Custom Block Builder WordPress plugin before 4.3.0 does not consi ...)
+ TODO: check
+CVE-2026-8977 (The WP GDPR Cookie Consent plugin for WordPress is vulnerable to Store ...)
+ TODO: check
+CVE-2026-8940 (The WP Meta Sort Posts plugin for WordPress is vulnerable to Cross-Sit ...)
+ TODO: check
+CVE-2026-8910 (The WP Emoticon Rating plugin for WordPress is vulnerable to Cross-Sit ...)
+ TODO: check
+CVE-2026-8909 (The WpMobi plugin for WordPress is vulnerable to Cross-Site Request Fo ...)
+ TODO: check
+CVE-2026-8907 (The WP-Ultimate-Map plugin for WordPress is vulnerable to Cross-Site R ...)
+ TODO: check
+CVE-2026-8904 (The FastPicker, an order picker and order management system (oms) for ...)
+ TODO: check
+CVE-2026-8902 (The AJAX Report Comments plugin for WordPress is vulnerable to Cross-S ...)
+ TODO: check
+CVE-2026-8895 (The kk blog card plugin for WordPress is vulnerable to Stored Cross-Si ...)
+ TODO: check
+CVE-2026-8883 (The Global Body Mass Index Calculator plugin for WordPress is vulnerab ...)
+ TODO: check
+CVE-2026-8882 (The WP ApplicantStack Jobs Display plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2026-8880 (The RomanCart Ecommerce plugin for WordPress is vulnerable to Stored C ...)
+ TODO: check
+CVE-2026-8841 (The Extra Settings for RocketChat plugin for WordPress is vulnerable t ...)
+ TODO: check
+CVE-2026-8795 (A YAML injection vulnerability exists in the Windows.Collectors.Remapp ...)
+ TODO: check
+CVE-2026-8499 (The Helpfulcrowd Product Reviews plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2026-7662 (The ePaperFlip Publisher plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2026-7556 (The FV Flowplayer Video Player plugin for WordPress is vulnerable to S ...)
+ TODO: check
+CVE-2026-5714 (The Enable Media Replace plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2026-5067 (A remote, unauthenticated attacker can trigger memory corruption in Ze ...)
+ TODO: check
+CVE-2026-4986 (The WPForms WordPress plugin before 1.10.0.5 does not verify the auth ...)
+ TODO: check
+CVE-2026-49141 (WACRM prior to commit 73041bf contain an authorization bypass vulnerab ...)
+ TODO: check
+CVE-2026-47345 (Namespace attributes are not encoded correctly during HTML serializati ...)
+ TODO: check
+CVE-2026-47344 (When ALLOW_INSECURE_RAW_TEXT is enabled, whitespace-variant closing ta ...)
+ TODO: check
+CVE-2026-46484 (Headplane is a feature-complete Web UI for Headscale. Prior to version ...)
+ TODO: check
+CVE-2026-44757 (SAP Wily Introscope Enterprise Manager allows an unauthenticated attac ...)
+ TODO: check
+CVE-2026-44755 (SAP Business Objects Business Intelligence Platform does not sufficien ...)
+ TODO: check
+CVE-2026-44754 (The Remote Function Call (RFC) modules of the Operational Data Provisi ...)
+ TODO: check
+CVE-2026-44751 (Application server ABAP does not perform necessary authorization check ...)
+ TODO: check
+CVE-2026-44750 (SAP MDG (Review Match Groups Application) does not perform the necessa ...)
+ TODO: check
+CVE-2026-44748 (SAP NetWeaver Application Server ABAP and ABAP Platform allows an auth ...)
+ TODO: check
+CVE-2026-44746 (Due to a reflected cross-site scripting (XSS) vulnerability in SAP Net ...)
+ TODO: check
+CVE-2026-44744 (SAP S/4HANA(On-Premise) contains SQL injection vulnerability in a remo ...)
+ TODO: check
+CVE-2026-44743 (Under certain conditions, when an unauthorized attacker accesses a spe ...)
+ TODO: check
+CVE-2026-44541 (Fides is an open-source privacy engineering platform. From version 2.3 ...)
+ TODO: check
+CVE-2026-41980 (Permission control vulnerability in the file preview module.Impact: Su ...)
+ TODO: check
+CVE-2026-41979 (Permission control vulnerability in the print module.Impact: Successfu ...)
+ TODO: check
+CVE-2026-41978 (Permission control vulnerability in the clone module.Impact: Successfu ...)
+ TODO: check
+CVE-2026-41975 (Permission management vulnerability in the network management module.I ...)
+ TODO: check
+CVE-2026-41855 (In an untrusted JMS environment, org.springframework.jms.support.conve ...)
+ TODO: check
+CVE-2026-41854 (Due to incorrect host parsing, applications that rely on UriComponents ...)
+ TODO: check
+CVE-2026-41853 (Spring MVC and WebFlux applications are vulnerable to Multipart reques ...)
+ TODO: check
+CVE-2026-41852 (A vulnerability in Spring Expression Language (SpEL) evaluation logic ...)
+ TODO: check
+CVE-2026-41851 (Applications which accept user-supplied Spring Expression Language (Sp ...)
+ TODO: check
+CVE-2026-41850 (Applications that evaluate user-supplied Spring Expression Language (S ...)
+ TODO: check
+CVE-2026-41849 (An integer overflow vulnerability exists in the evaluation logic of th ...)
+ TODO: check
+CVE-2026-41848 (Applications may be vulnerable to a Regular Expression Denial of Servi ...)
+ TODO: check
+CVE-2026-41847 (Spring WebFlux applications may be vulnerable to a security bypass whe ...)
+ TODO: check
+CVE-2026-41846 (Spring MVC applications which accept user-supplied values in the cssCl ...)
+ TODO: check
+CVE-2026-41845 (Due to incorrect escaping, the use of JavaScriptUtils.javaScriptEscape ...)
+ TODO: check
+CVE-2026-41844 (A Spring MVC or Spring WebFlux application which configures a mapping ...)
+ TODO: check
+CVE-2026-41843 (Spring MVC and WebFlux applications are vulnerable to Path Traversal a ...)
+ TODO: check
+CVE-2026-41842 (Spring MVC and WebFlux applications are vulnerable to Denial of Servic ...)
+ TODO: check
+CVE-2026-41841 (Spring MVC and WebFlux applications are vulnerable to Information Disc ...)
+ TODO: check
+CVE-2026-41840 (Spring WebFlux applications are vulnerable to Denial of Service (DoS) ...)
+ TODO: check
+CVE-2026-41839 (A WebFlux application with a compromised subdomain (for example, compr ...)
+ TODO: check
+CVE-2026-41838 (IDs for WebSocket sessions in the spring-websocket module are not cryp ...)
+ TODO: check
+CVE-2026-41720 (Spring LDAP's DirContextAuthenticationStrategy implementations do not ...)
+ TODO: check
+CVE-2026-41715 (In specific scenarios involving HTTP redirects from a secure to an ins ...)
+ TODO: check
+CVE-2026-41710 (An attacker can craft a large number of unique requests that trigger a ...)
+ TODO: check
+CVE-2026-41539 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
+ TODO: check
+CVE-2026-41007 (Spring HATEOAS maintains an unbounded static cache of StringLinkRelati ...)
+ TODO: check
+CVE-2026-41006 (Spring HATEOAS's internal PropertyUtils.createObjectFromProperties met ...)
+ TODO: check
+CVE-2026-40984 (In Micrometer, it is possible for a user to provide specially crafted ...)
+ TODO: check
+CVE-2026-40983 (In Micrometer, it is possible for a user to provide specially crafted ...)
+ TODO: check
+CVE-2026-40519 (Nginx Proxy Manager versions 2.9.14 through 2.15.1, fixed in commit a5 ...)
+ TODO: check
+CVE-2026-40128 (SAP NetWeaver Application Server Java (Web Container) allows an unauth ...)
+ TODO: check
+CVE-2026-27671 (Due to improper RFC protocol validation in the SAP Kernel used by the ...)
+ TODO: check
+CVE-2026-26236 (A missing authorization vulnerability has been reported to affect QuMa ...)
+ TODO: check
+CVE-2026-24315 (SAP Fiori Launchpad allows attackers to craft malicious URLs that trig ...)
+ TODO: check
+CVE-2026-11623 (A security vulnerability has been detected in tmux up to 3.6a. Affecte ...)
+ TODO: check
+CVE-2026-11621 (A weakness has been identified in Dcat-Admin up to 2.2.3-beta. This im ...)
+ TODO: check
+CVE-2026-11620 (A security flaw has been discovered in TOTOLINK EX200 4.0.3c.7646. Thi ...)
+ TODO: check
+CVE-2026-11619 (A vulnerability was identified in Dolibarr ERP CRM up to 23.0.2. The i ...)
+ TODO: check
+CVE-2026-11618 (A vulnerability was determined in DTStack Taier up to 1.4.0. The affec ...)
+ TODO: check
+CVE-2026-11603 (The Product Filter Widget for Elementor plugin for WordPress is vulner ...)
+ TODO: check
+CVE-2026-11585 (A vulnerability was determined in CodeAstro Student Attendance Managem ...)
+ TODO: check
+CVE-2026-11584 (A vulnerability was found in CodeAstro Student Attendance Management S ...)
+ TODO: check
+CVE-2026-11583 (A vulnerability has been found in CodeAstro Student Attendance Managem ...)
+ TODO: check
+CVE-2026-11582 (A flaw has been found in CodeAstro Student Attendance Management Syste ...)
+ TODO: check
+CVE-2026-11572 (Versions of the package degit before 2.8.6, from 3.0.0 and before 3.3. ...)
+ TODO: check
+CVE-2026-10862 (The Accordions plugin for WordPress is vulnerable to Stored Cross-Site ...)
+ TODO: check
+CVE-2026-10738 (The jQuery Hover Footnotes plugin for WordPress is vulnerable to Store ...)
+ TODO: check
+CVE-2026-10553 (The jQuery Hover Footnotes plugin for WordPress is vulnerable to Cross ...)
+ TODO: check
+CVE-2026-10024 (The TinyMCE shortcode Addon plugin for WordPress is vulnerable to Stor ...)
+ TODO: check
+CVE-2026-11628 (Use after free in Ozone in Google Chrome prior to 149.0.7827.103 allow ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11629
+CVE-2026-11629 (Use after free in Ozone in Google Chrome prior to 149.0.7827.103 allow ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11630
+CVE-2026-11630 (Use after free in File Input in Google Chrome prior to 149.0.7827.103 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11631
+CVE-2026-11631 (Use after free in Aura in Google Chrome on Windows prior to 149.0.7827 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11632
+CVE-2026-11632 (Use after free in TabStrip in Google Chrome prior to 149.0.7827.103 al ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11633
+CVE-2026-11633 (Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.782 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11634
+CVE-2026-11634 (Use after free in Gamepad in Google Chrome on Windows prior to 149.0.7 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11635
+CVE-2026-11635 (Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.782 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11636
+CVE-2026-11636 (Use after free in Autofill in Google Chrome on Windows prior to 149.0. ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11637
+CVE-2026-11637 (Use after free in Views in Google Chrome on Mac prior to 149.0.7827.10 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11638
+CVE-2026-11638 (Use after free in Printing in Google Chrome prior to 149.0.7827.103 al ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11639
+CVE-2026-11639 (Use after free in Compositing in Google Chrome on Mac prior to 149.0.7 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11640
+CVE-2026-11640 (Integer overflow in libyuv in Google Chrome prior to 149.0.7827.103 al ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11641
+CVE-2026-11641 (Use after free in Bluetooth in Google Chrome on Windows prior to 149.0 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11642
+CVE-2026-11642 (Use after free in Web Apps in Google Chrome prior to 149.0.7827.103 al ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11643
+CVE-2026-11643 (Use after free in Proxy in Google Chrome prior to 149.0.7827.103 allow ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11644
+CVE-2026-11644 (Use after free in Views in Google Chrome on Linux prior to 149.0.7827. ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11645
+CVE-2026-11645 (Out of bounds read and write in V8 in Google Chrome prior to 149.0.782 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11646
+CVE-2026-11646 (Use after free in ViewTransitions in Google Chrome prior to 149.0.7827 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11647
+CVE-2026-11647 (Use after free in Printing in Google Chrome on Android prior to 149.0. ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11648
+CVE-2026-11648 (Use after free in FullScreen in Google Chrome on Windows prior to 149. ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11649
+CVE-2026-11649 (Use after free in V8 in Google Chrome prior to 149.0.7827.103 allowed ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11650
+CVE-2026-11650 (Use after free in V8 in Google Chrome prior to 149.0.7827.103 allowed ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11651
+CVE-2026-11651 (Use after free in Network in Google Chrome prior to 149.0.7827.103 all ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11652
+CVE-2026-11652 (Use after free in Extensions in Google Chrome prior to 149.0.7827.103 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11653
+CVE-2026-11653 (Inappropriate implementation in Extensions in Google Chrome prior to 1 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11654
+CVE-2026-11654 (Use after free in CameraCapture in Google Chrome on Mac prior to 149.0 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11655
+CVE-2026-11655 (Integer overflow in Media in Google Chrome on Mac prior to 149.0.7827. ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11656
+CVE-2026-11656 (Use after free in ServiceWorker in Google Chrome prior to 149.0.7827.1 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11657
+CVE-2026-11657 (Use after free in Payments in Google Chrome on Mac prior to 149.0.7827 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11658
+CVE-2026-11658 (Insufficient validation of untrusted input in Extensions in Google Chr ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11659
+CVE-2026-11659 (Integer overflow in UI in Google Chrome on Linux prior to 149.0.7827.1 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11660
+CVE-2026-11660 (Insufficient validation of untrusted input in New Tab Page in Google C ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11661
+CVE-2026-11661 (Use after free in Views in Google Chrome on Windows prior to 149.0.782 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11662
+CVE-2026-11662 (Type Confusion in Bindings in Google Chrome prior to 149.0.7827.103 al ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11663
+CVE-2026-11663 (Use after free in Skia in Google Chrome prior to 149.0.7827.103 allowe ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11664
+CVE-2026-11664 (Use after free in Payments in Google Chrome prior to 149.0.7827.103 al ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11665
+CVE-2026-11665 (Out of bounds read in Dawn in Google Chrome on Windows prior to 149.0. ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11666
+CVE-2026-11666 (Insufficient validation of untrusted input in Input in Google Chrome p ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11667
+CVE-2026-11667 (Out of bounds read in WebRTC in Google Chrome prior to 149.0.7827.103 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11668
+CVE-2026-11668 (Uninitialized Use in Codecs in Google Chrome on Linux, ChromeOS prior ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11669
+CVE-2026-11669 (Out of bounds read in Media in Google Chrome on ChromeOS prior to 149. ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11670
+CVE-2026-11670 (Use after free in PDF in Google Chrome prior to 149.0.7827.103 allowed ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11671
+CVE-2026-11671 (Use after free in Navigation in Google Chrome prior to 149.0.7827.103 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11672
+CVE-2026-11672 (Heap buffer overflow in GPU in Google Chrome on Android prior to 149.0 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11673
+CVE-2026-11673 (Use after free in InterestGroups in Google Chrome prior to 149.0.7827. ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11674
+CVE-2026-11674 (Use after free in Guest View in Google Chrome prior to 149.0.7827.103 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11675
+CVE-2026-11675 (Out of bounds read in Skia in Google Chrome prior to 149.0.7827.103 al ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11676
+CVE-2026-11676 (Insufficient validation of untrusted input in Dawn in Google Chrome on ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11677
+CVE-2026-11677 (Race in Network in Google Chrome on Mac prior to 149.0.7827.103 allowe ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11678
+CVE-2026-11678 (Integer overflow in libyuv in Google Chrome prior to 149.0.7827.103 al ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11679
+CVE-2026-11679 (Use after free in Codecs in Google Chrome on Windows prior to 149.0.78 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11680
+CVE-2026-11680 (Use after free in Media in Google Chrome on Windows prior to 149.0.782 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11681
+CVE-2026-11681 (Use after free in Ozone in Google Chrome on Linux prior to 149.0.7827. ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11682
+CVE-2026-11682 (Inappropriate implementation in Views in Google Chrome on Linux prior ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11683
+CVE-2026-11683 (Use after free in WebCodecs in Google Chrome prior to 149.0.7827.103 a ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11684
+CVE-2026-11684 (Insufficient policy enforcement in Network in Google Chrome prior to 1 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11685
+CVE-2026-11685 (Inappropriate implementation in MediaCapture in Google Chrome on Mac p ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11686
+CVE-2026-11686 (Insufficient validation of untrusted input in Dawn in Google Chrome on ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11687
+CVE-2026-11687 (Use after free in Dawn in Google Chrome on Mac prior to 149.0.7827.103 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11688
+CVE-2026-11688 (Inappropriate implementation in SVG in Google Chrome prior to 149.0.78 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11689
+CVE-2026-11689 (Insufficient policy enforcement in Passwords in Google Chrome prior to ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11690
+CVE-2026-11690 (Out of bounds read and write in Media in Google Chrome on Mac prior to ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11691
+CVE-2026-11691 (Insufficient validation of untrusted input in New Tab Page in Google C ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11692
+CVE-2026-11692 (Use after free in Read Anything in Google Chrome prior to 149.0.7827.1 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11693
+CVE-2026-11693 (Inappropriate implementation in Plugins in Google Chrome prior to 149. ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11694
+CVE-2026-11694 (Use after free in ServiceWorker in Google Chrome prior to 149.0.7827.1 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11695
+CVE-2026-11695 (Inappropriate implementation in Passwords in Google Chrome prior to 14 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11696
+CVE-2026-11696 (Uninitialized Use in Video in Google Chrome on Windows prior to 149.0. ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11697
+CVE-2026-11697 (Insufficient validation of untrusted input in UI in Google Chrome prio ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11698
+CVE-2026-11698 (Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.782 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11699
+CVE-2026-11699 (Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.782 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11700
+CVE-2026-11700 (Use after free in Tracing in Google Chrome prior to 149.0.7827.103 all ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-11701
+CVE-2026-11701 (Inappropriate implementation in Guest View in Google Chrome prior to 1 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-9669
+CVE-2026-9669 (bz2.BZ2Decompressor objects could be reused after a decompression erro ...)
- python3.14 <unfixed>
- python3.13 <unfixed>
- python3.11 <removed>
@@ -30756,12 +30928,12 @@ CVE-2025-36074 (IBM Security Verify Directory (Container) 10.0.0 through 10.0.0.
NOT-FOR-US: IBM
CVE-2025-10549 (EfficientLab Controlio before v1.3.95 contains a DLL hijacking vulnera ...)
NOT-FOR-US: EfficientLab Controlio
-CVE-2026-40215
+CVE-2026-40215 (A race condition in OpenVPN 2.6.0 through 2.6.19 and 2.7_alpha1 throug ...)
{DSA-6289-1}
- openvpn 2.7.2-1
NOTE: https://community.openvpn.net/Security%20Announcements/CVE-2026-40215
NOTE: Fixed by: https://github.com/OpenVPN/openvpn/commit/4a2c827c2536aa03a1d6c7cc916689a46c067187 (v2.7.2)
-CVE-2026-35058
+CVE-2026-35058 (Improper validation of packet length during tls-crypt-v2 key extractio ...)
{DSA-6289-1}
- openvpn 2.7.2-1
NOTE: https://community.openvpn.net/Security%20Announcements/CVE-2026-35058
@@ -40105,19 +40277,19 @@ CVE-2026-28386 (Issue summary: Applications using AES-CFB128 encryption or decry
[bullseye] - openssl <not-affected> (Vulnerable code introduced later)
NOTE: https://openssl-library.org/news/secadv/20260407.txt
CVE-2026-28387 (Issue summary: An uncommon configuration of clients performing DANE TL ...)
- {DSA-6201-1}
+ {DSA-6201-1 DLA-4624-1}
- openssl 3.6.2-1
NOTE: https://openssl-library.org/news/secadv/20260407.txt
CVE-2026-28388 (Issue summary: When a delta CRL that contains a Delta CRL Indicator ex ...)
- {DSA-6201-1}
+ {DSA-6201-1 DLA-4624-1}
- openssl 3.6.2-1
NOTE: https://openssl-library.org/news/secadv/20260407.txt
CVE-2026-28389 (Issue summary: During processing of a crafted CMS EnvelopedData messag ...)
- {DSA-6201-1}
+ {DSA-6201-1 DLA-4624-1}
- openssl 3.6.2-1
NOTE: https://openssl-library.org/news/secadv/20260407.txt
CVE-2026-28390 (Issue summary: During processing of a crafted CMS EnvelopedData messag ...)
- {DSA-6201-1}
+ {DSA-6201-1 DLA-4624-1}
- openssl 3.6.2-1
NOTE: https://openssl-library.org/news/secadv/20260407.txt
CVE-2026-31789 (Issue summary: Converting an excessively large OCTET STRING value to a ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f4a5975d297018b69962efc00496801deda966d9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f4a5975d297018b69962efc00496801deda966d9
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260609/caef17a6/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list