[Git][security-tracker-team/security-tracker][master] new chromium issues / NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Jun 12 08:44:51 BST 2026
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a6aa63b7 by Moritz Muehlenhoff at 2026-06-12T09:44:30+02:00
new chromium issues / NFUs
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -35,51 +35,51 @@ CVE-2026-53807 (OpenClaw before 2026.5.6 contains an authorization bypass vulner
CVE-2026-53806 (OpenClaw before 2026.5.12 contains a shell option parsing vulnerabilit ...)
NOT-FOR-US: OpenClaw
CVE-2026-53782 (Summarize before 0.17.0 contains a server-side request forgery vulnera ...)
- TODO: check
+ NOT-FOR-US: Summarize
CVE-2026-53781 (Summarize before 0.17.0 contains a resource exhaustion vulnerability t ...)
- TODO: check
+ NOT-FOR-US: Summarize
CVE-2026-50245 (Brickcom camerasallow unauthenticated access to live snapshot images v ...)
- TODO: check
+ NOT-FOR-US: Brickcom cameras
CVE-2026-50005 (Brickcom cameras ship with default credentials that allows any unauthe ...)
- TODO: check
+ NOT-FOR-US: Brickcom cameras
CVE-2026-49973 (Hermes WebUI before version 0.51.358 contains an improper access contr ...)
- TODO: check
+ NOT-FOR-US: Hermes WebUI
CVE-2026-49949 (CodexBar before 0.33.0 contains a credential forwarding vulnerability ...)
- TODO: check
+ NOT-FOR-US: CodexBar
CVE-2026-49482 (ClipBucket v5 is an open source video sharing platform. Prior to versi ...)
- TODO: check
+ NOT-FOR-US: ClipBucket
CVE-2026-49060 (Incorrect Privilege Assignment vulnerability in Hippoo Mobile App for ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-48613 (SQL injection vulnerability in phpBB profile field migration due to im ...)
- TODO: check
+ NOT-FOR-US: phpBB
CVE-2026-48612 (Improper state verification in the OAuth implementation could allow an ...)
- TODO: check
+ NOT-FOR-US: phpBB
CVE-2026-48611 (Improper authentication checks in the OAuth implementation allow accou ...)
- TODO: check
+ NOT-FOR-US: phpBB
CVE-2026-48610 (Under certain network configurations, a malicious actor with access to ...)
- TODO: check
+ NOT-FOR-US: Ubiquity
CVE-2026-47370 (A malicious actor with access to the network and low privileges could ...)
- TODO: check
+ NOT-FOR-US: Ubiquity
CVE-2026-47369 (A malicious actor with access to the network and low privileges could ...)
- TODO: check
+ NOT-FOR-US: Ubiquity
CVE-2026-47368 (A malicious actor with access to the network could exploit a Path Trav ...)
- TODO: check
+ NOT-FOR-US: Ubiquity
CVE-2026-47367 (A malicious actor with access to the network and low privileges could ...)
- TODO: check
+ NOT-FOR-US: Ubiquity
CVE-2026-47366 (Improper verification of access permissions when modifying permissions ...)
- TODO: check
+ NOT-FOR-US: phpBB
CVE-2026-47365 (Argument injection vulnerability in WordPress Toolkit before 6.11.0 as ...)
- TODO: check
+ NOT-FOR-US: WordPress Toolkit
CVE-2026-47238 (ClipBucket v5 is an open source video sharing platform. Prior to versi ...)
- TODO: check
+ NOT-FOR-US: ClipBucket
CVE-2026-46622 (SolidInvoice is an open-source invoicing platform. Prior to version 2. ...)
- TODO: check
+ NOT-FOR-US: SolidInvoice
CVE-2026-46489 (SolidInvoice is an open-source invoicing platform. Prior to version 2. ...)
- TODO: check
+ NOT-FOR-US: SolidInvoice
CVE-2026-45802 (FPDI is a collection of PHP classes that facilitate reading pages from ...)
- TODO: check
+ NOT-FOR-US: Setasign
CVE-2026-45418 (ClipBucket v5 is an open source video sharing platform. Prior to versi ...)
- TODO: check
+ NOT-FOR-US: ClipBucket
CVE-2026-45175 (Idira Endpoint Privilege Manager Agent versions prior to 26.5 exhibit ...)
NOT-FOR-US: Palo Alto Networks
CVE-2026-45174 (Idira Endpoint Privilege Manager Linux Agent versions prior to 26.5 al ...)
@@ -95,7 +95,7 @@ CVE-2026-45170 (Idira Privilege Cloud Connector versions prior 1.1.100504 under
CVE-2026-45169 (Idira Privileged Access Manager (PAM) Self-Hosted Vault versions prior ...)
NOT-FOR-US: Palo Alto Networks
CVE-2026-45060 (ClipBucket v5 is an open source video sharing platform. Prior to versi ...)
- TODO: check
+ NOT-FOR-US: ClipBucket
CVE-2026-44892 (Netty is a network application framework for development of protocol s ...)
TODO: check
CVE-2026-44890 (Netty is a network application framework for development of protocol s ...)
@@ -105,7 +105,7 @@ CVE-2026-44250 (Netty is a network application framework for development of prot
CVE-2026-44249 (Netty is a network application framework for development of protocol s ...)
TODO: check
CVE-2026-42846 (ClipBucket v5 is an open source video sharing platform. Prior to versi ...)
- TODO: check
+ NOT-FOR-US: ClipBucket
CVE-2026-42653 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-42647 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
@@ -117,69 +117,97 @@ CVE-2026-39494 (Improper Neutralization of Special Elements used in an SQL Comma
CVE-2026-20746 (Virtual attribute handling in Ping Identity PingDirectory in affected ...)
TODO: check
CVE-2026-12060 (Heptabase developed by Hepta Platforms has a Exposed Dangerous Method ...)
- TODO: check
+ NOT-FOR-US: Heptabase
CVE-2026-12059 (The SSH service of CelloOS developed by Cellopoint has an Improper Acc ...)
- TODO: check
+ NOT-FOR-US: CellosOS
CVE-2026-12038
REJECTED
CVE-2026-12035 (Use after free in Views in Google Chrome on Windows prior to 149.0.782 ...)
- TODO: check
+ - chromium <unfixed>
+ [bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12034 (Insufficient validation of untrusted input in Linux Toolkit Theming in ...)
- TODO: check
+ - chromium <unfixed>
+ [bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12033 (Out of bounds read in VideoCapture in Google Chrome prior to 149.0.782 ...)
- TODO: check
+ - chromium <unfixed>
+ [bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12032 (Inappropriate implementation in Passwords in Google Chrome on Android ...)
- TODO: check
+ - chromium <unfixed>
+ [bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12031 (Inappropriate implementation in Views in Google Chrome on Windows prio ...)
- TODO: check
+ - chromium <unfixed>
+ [bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12030 (Out of bounds write in GPU in Google Chrome on Android prior to 149.0. ...)
- TODO: check
+ - chromium <unfixed>
+ [bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12029 (Use after free in Video in Google Chrome on Windows prior to 149.0.782 ...)
- TODO: check
+ - chromium <unfixed>
+ [bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12028 (Use after free in GPU in Google Chrome on Android prior to 149.0.7827. ...)
- TODO: check
+ - chromium <unfixed>
+ [bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12027 (Inappropriate implementation in Headless in Google Chrome prior to 149 ...)
- TODO: check
+ - chromium <unfixed>
+ [bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12026 (Out of bounds read in Video in Google Chrome on ChromeOS prior to 149. ...)
- TODO: check
+ - chromium <unfixed>
+ [bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12025 (Insufficient validation of untrusted input in Network in Google Chrome ...)
- TODO: check
+ - chromium <unfixed>
+ [bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12024 (Insufficient policy enforcement in DevTools in Google Chrome prior to ...)
- TODO: check
+ - chromium <unfixed>
+ [bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12023 (Use after free in GPU in Google Chrome on Mac prior to 149.0.7827.115 ...)
- TODO: check
+ - chromium <unfixed>
+ [bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12022 (Race in Safe Browsing in Google Chrome on Mac prior to 149.0.7827.115 ...)
- TODO: check
+ - chromium <unfixed>
+ [bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12020 (Use after free in Autofill in Google Chrome on Mac prior to 149.0.7827 ...)
- TODO: check
+ - chromium <unfixed>
+ [bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12019 (Heap buffer overflow in Codecs in Google Chrome on Linux and ChromeOS ...)
- TODO: check
+ - chromium <unfixed>
+ [bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12018 (Inappropriate implementation in Mojo in Google Chrome on Windows prior ...)
- TODO: check
+ - chromium <unfixed>
+ [bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12017 (Inappropriate implementation in Extensions in Google Chrome prior to 1 ...)
- TODO: check
+ - chromium <unfixed>
+ [bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12016 (Inappropriate implementation in DevTools in Google Chrome prior to 149 ...)
- TODO: check
+ - chromium <unfixed>
+ [bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12015 (Use after free in Autofill in Google Chrome prior to 149.0.7827.115 al ...)
- TODO: check
+ - chromium <unfixed>
+ [bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12014 (Use after free in Cast in Google Chrome prior to 149.0.7827.115 allowe ...)
- TODO: check
+ - chromium <unfixed>
+ [bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12013 (Use after free in Media in Google Chrome on Windows prior to 149.0.782 ...)
- TODO: check
+ - chromium <unfixed>
+ [bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12012 (Use after free in Network in Google Chrome prior to 149.0.7827.115 all ...)
- TODO: check
+ - chromium <unfixed>
+ [bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12011 (Use after free in WebMIDI in Google Chrome on Windows prior to 149.0.7 ...)
- TODO: check
+ - chromium <unfixed>
+ [bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12010 (Heap buffer overflow in GPU in Google Chrome on Android prior to 149.0 ...)
- TODO: check
+ - chromium <unfixed>
+ [bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12009 (Insufficient validation of untrusted input in Accessibility in Google ...)
- TODO: check
+ - chromium <unfixed>
+ [bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12008 (Use after free in DigitalCredentials in Google Chrome prior to 149.0.7 ...)
- TODO: check
+ - chromium <unfixed>
+ [bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12007 (Use after free in Core in Google Chrome on Windows prior to 149.0.7827 ...)
- TODO: check
+ - chromium <unfixed>
+ [bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-11933 (A use-after-free vulnerability exists in MongoDB Server's server-side ...)
- TODO: check
+ - mongodb <removed>
CVE-2026-10676
REJECTED
CVE-2026-9694 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
@@ -441,7 +469,7 @@ CVE-2026-46643 (Snappy is a PHP library allowing thumbnail, snapshot or PDF gene
CVE-2026-46625 (JavaScript Cookie is a JavaScript API for handling cookies, client-sid ...)
TODO: check
CVE-2026-46519 (mcp-server-kubernetes is a Model Context Protocol server for Kubernete ...)
- TODO: check
+ NOT-FOR-US: mcp-server-kubernetes
CVE-2026-45783 (libp2p is a JavaScript Implementation of libp2p networking stack. Prio ...)
TODO: check
CVE-2026-45384 (bit7z is a cross-platform C++ static library that allows the compressi ...)
=====================================
data/dsa-needed.txt
=====================================
@@ -20,6 +20,8 @@ atril
--
botan3 (aron)
--
+chromium (dilinger)
+--
cups
--
dulwich
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a6aa63b70cc0e2ba82d82e4d8cc4ca53dfc72032
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a6aa63b70cc0e2ba82d82e4d8cc4ca53dfc72032
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260612/fd364e80/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list