Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
eb7dddb4 by security tracker role at 2026-06-27T19:13:35+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,41 @@
+CVE-2026-9242 (The RegistrationMagic \u2013 Custom Registration Forms, User 
Registrat ...)
+       TODO: check
+CVE-2026-9233 (The Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey 
Maker plu ...)
+       TODO: check
+CVE-2026-49417 (Second, the audio buffer backing a mapping could be freed when 
the dev ...)
+       TODO: check
+CVE-2026-49416 (The CONS_HISTORY ioctl handler did not adequately validate the 
request ...)
+       TODO: check
+CVE-2026-49414 (The ELF image activator cleared per-process ASLR preference 
flags for  ...)
+       TODO: check
+CVE-2026-49413 (The Linuxulator determined whether a binary was set-user-ID or 
set-gro ...)
+       TODO: check
+CVE-2026-49412 (The kernel handler for IPV6_MSFILTER dropped a serializing 
lock in ord ...)
+       TODO: check
+CVE-2026-45259 (sigqueue(2) was marked as permitted in capability mode with 
the introd ...)
+       TODO: check
+CVE-2026-45258 (dsp_mmap_single() validated the requested mapping by checking 
the sum  ...)
+       TODO: check
+CVE-2026-3462 (The Frisbii Pay plugin for WordPress is vulnerable to 
unauthorized mod ...)
+       TODO: check
+CVE-2026-13295 (The Page Builder by SiteOrigin plugin for WordPress is 
vulnerable to S ...)
+       TODO: check
+CVE-2026-12471 (The Spexo theme for WordPress is vulnerable to unauthorized 
access due ...)
+       TODO: check
+CVE-2026-12432 (The WP Full Stripe Free plugin for WordPress is vulnerable to 
Missing  ...)
+       TODO: check
+CVE-2026-12399 (The Gutenverse \u2013 WordPress Blocks, Page Builder & Site 
Editor plu ...)
+       TODO: check
+CVE-2026-11987 (The Dokan: AI Powered WooCommerce Multivendor Marketplace 
Solution \u2 ...)
+       TODO: check
+CVE-2026-11783 (The Dokan: AI Powered WooCommerce Multivendor Marketplace 
Solution \u2 ...)
+       TODO: check
+CVE-2026-11773 (The Masteriyo LMS \u2013 LMS Course Builder, Quizzes & 
Certificates pl ...)
+       TODO: check
+CVE-2026-11597 (The Surbma | Infusionsoft Shortcode plugin for WordPress is 
vulnerable ...)
+       TODO: check
+CVE-2026-11364 (The Product Specifications for WooCommerce plugin for 
WordPress is vul ...)
+       TODO: check
 CVE-2026-XXXX [Out-of-bounds bit clears for negative Matroska ReadOrder values]
        - libass 1:0.17.5-1
        [trixie] - libass <not-affected> (Vulnerable code not present)
@@ -1101,32 +1139,40 @@ CVE-2021-47986 (Parse Server before 4.10.0 contains a 
supply chain vulnerability
 CVE-2020-37256 (Grav before 1.6.30 contains a cross-site scripting 
vulnerability in th ...)
        TODO: check
 CVE-2026-48750
+       {DSA-6370-1}
        - incus 7.0.0-5
        NOTE: 
https://github.com/lxc/incus/security/advisories/GHSA-73hr-m85f-64v9
 CVE-2026-48751
+       {DSA-6370-1}
        - incus 7.0.0-5
        NOTE: 
https://github.com/lxc/incus/security/advisories/GHSA-48q5-w887-33wv
 CVE-2026-48752
+       {DSA-6370-1}
        - incus 7.0.0-5
        NOTE: 
https://github.com/lxc/incus/security/advisories/GHSA-vxp5-584q-c479
        NOTE: 
https://github.com/lxc/incus/commit/cbefa31ae0da8fd96361178aed3a3c631e098fef 
(v7.2.0)
 CVE-2026-48755
+       {DSA-6370-1}
        - incus 7.0.0-5
        NOTE: 
https://github.com/lxc/incus/security/advisories/GHSA-v6mj-8pf4-hhw4
        NOTE: 
https://github.com/lxc/incus/commit/873a032a461df6b09b7586435b592873863a4e88 
(v7.2.0)
 CVE-2026-48769
+       {DSA-6370-1}
        - incus 7.0.0-5
        NOTE: 
https://github.com/lxc/incus/security/advisories/GHSA-f6m5-xw2g-xc4x
        NOTE: 
https://github.com/lxc/incus/commit/46d6ef232186df5535c49ca9f3597cab381f9b86 
(v7.2.0)
 CVE-2026-55621
+       {DSA-6370-1}
        - incus 7.0.0-5
        NOTE: 
https://github.com/lxc/incus/security/advisories/GHSA-64f3-v33m-w89f
        NOTE: 
https://github.com/lxc/incus/commit/2e01078366e2653712719dec82318e51c6d21b28 
(v7.2.0)
 CVE-2026-55622
+       {DSA-6370-1}
        - incus 7.0.0-5
        NOTE: 
https://github.com/lxc/incus/security/advisories/GHSA-c9f5-j9c3-mhrg
        NOTE: 
https://github.com/lxc/incus/commit/1e3ffc53a10950e55de62ac1e0d612be597b84eb 
(v7.2.0)
 CVE-2026-48749
+       {DSA-6370-1}
        - incus 7.0.0-5
        NOTE: 
https://github.com/lxc/incus/security/advisories/GHSA-2q3f-q5pq-g8wv
 CVE-2026-XXXX [ZSA-2026-12]
@@ -2620,75 +2666,75 @@ CVE-2026-13311 (shell-quote prior to 1.8.5 finalizes 
parsed tokens in parse() us
        NOTE: 
https://github.com/ljharb/shell-quote/security/advisories/GHSA-395f-4hp3-45gv
        NOTE: Fixed by: 
https://github.com/ljharb/shell-quote/commit/7ff5488599d01c323514f02f5efb74088dd134ec
 (v1.9.0)
 CVE-2026-13038 (Use after free in Autofill in Google Chrome on Windows prior 
to 149.0. ...)
-       {DSA-6364-1}
+       {DSA-6364-1 DLA-4654-1}
        - chromium 149.0.7827.196-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-13037 (Use after free in WebView in Google Chrome on Android prior to 
149.0.7 ...)
-       {DSA-6364-1}
+       {DSA-6364-1 DLA-4654-1}
        - chromium 149.0.7827.196-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-13036 (Use after free in Blink in Google Chrome prior to 
149.0.7827.197 allow ...)
-       {DSA-6364-1}
+       {DSA-6364-1 DLA-4654-1}
        - chromium 149.0.7827.196-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-13035 (Use after free in Bluetooth in Google Chrome on Mac prior to 
149.0.782 ...)
-       {DSA-6364-1}
+       {DSA-6364-1 DLA-4654-1}
        - chromium 149.0.7827.196-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-13034 (Inappropriate implementation in Passwords in Google Chrome 
prior to 14 ...)
-       {DSA-6364-1}
+       {DSA-6364-1 DLA-4654-1}
        - chromium 149.0.7827.196-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-13033 (Out of bounds read and write in Blink>InterestGroups in Google 
Chrome  ...)
-       {DSA-6364-1}
+       {DSA-6364-1 DLA-4654-1}
        - chromium 149.0.7827.196-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-13032 (Use after free in WebGL in Google Chrome on Android prior to 
149.0.782 ...)
-       {DSA-6364-1}
+       {DSA-6364-1 DLA-4654-1}
        - chromium 149.0.7827.196-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-13031 (Use after free in Blink in Google Chrome prior to 
149.0.7827.197 allow ...)
-       {DSA-6364-1}
+       {DSA-6364-1 DLA-4654-1}
        - chromium 149.0.7827.196-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-13030 (Uninitialized Use in GPU in Google Chrome on Android prior to 
149.0.78 ...)
-       {DSA-6364-1}
+       {DSA-6364-1 DLA-4654-1}
        - chromium 149.0.7827.196-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-13029 (Use after free in Web Authentication in Google Chrome prior to 
149.0.7 ...)
-       {DSA-6364-1}
+       {DSA-6364-1 DLA-4654-1}
        - chromium 149.0.7827.196-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-13028 (Use after free in WebGL in Google Chrome on Android prior to 
149.0.782 ...)
-       {DSA-6364-1}
+       {DSA-6364-1 DLA-4654-1}
        - chromium 149.0.7827.196-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-13027 (Use after free in FileSystem in Google Chrome prior to 
149.0.7827.197  ...)
-       {DSA-6364-1}
+       {DSA-6364-1 DLA-4654-1}
        - chromium 149.0.7827.196-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-13026 (Use after free in Digital Credentials in Google Chrome on Mac 
prior to ...)
-       {DSA-6364-1}
+       {DSA-6364-1 DLA-4654-1}
        - chromium 149.0.7827.196-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-13025 (Race in DevTools in Google Chrome prior to 149.0.7827.197 
allowed a re ...)
-       {DSA-6364-1}
+       {DSA-6364-1 DLA-4654-1}
        - chromium 149.0.7827.196-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-13024 (Insufficient validation of untrusted input in Navigation in 
Google Chr ...)
-       {DSA-6364-1}
+       {DSA-6364-1 DLA-4654-1}
        - chromium 149.0.7827.196-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-13023 (Uninitialized Use in GPU in Google Chrome prior to 
149.0.7827.197 allo ...)
-       {DSA-6364-1}
+       {DSA-6364-1 DLA-4654-1}
        - chromium 149.0.7827.196-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-13022 (Inappropriate implementation in Autofill in Google Chrome 
prior to 149 ...)
-       {DSA-6364-1}
+       {DSA-6364-1 DLA-4654-1}
        - chromium 149.0.7827.196-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-13021 (Inappropriate implementation in DeviceBoundSessionCredentials 
in Googl ...)
-       {DSA-6364-1}
+       {DSA-6364-1 DLA-4654-1}
        - chromium 149.0.7827.196-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-12635 (GitLab has remediated an issue in GitLab CE/EE affecting all 
versions  ...)
@@ -18428,6 +18474,7 @@ CVE-2018-25428 (Paroiciel 11.20 contains an SQL 
injection vulnerability that all
 CVE-2018-25427 (Arm Whois 3.11 contains a stack-based buffer overflow 
vulnerability th ...)
        NOT-FOR-US: Arm whois
 CVE-2026-50256 (A stack-based buffer overflow flaw was found in the X.Org X 
server and ...)
+       {DSA-6371-1}
        - xorg-server 2:21.1.23-1 (bug #1138680)
        - xwayland 2:24.1.12-1 (bug #1138703)
        [trixie] - xwayland <ignored> (Minor issue; Xwayland shouldn't be 
running as root)
@@ -18436,6 +18483,7 @@ CVE-2026-50256 (A stack-based buffer overflow flaw was 
found in the X.Org X serv
        NOTE: Fixed by: 
https://gitlab.freedesktop.org/xorg/xserver/-/commit/bb5158f962dc935e58ef8b4b5fcb31be201a6e07
        NOTE: Fixed by: 
https://gitlab.freedesktop.org/xorg/xserver/-/commit/a569eb4f36ed96a9e445ececd7e8d98c223461a0
 (xorg-server-21.1.23)
 CVE-2026-50257 (A use-after-free flaw was found in the X.Org X server and 
Xwayland in  ...)
+       {DSA-6371-1}
        - xorg-server 2:21.1.23-1 (bug #1138680)
        - xwayland 2:24.1.12-1 (bug #1138703)
        [trixie] - xwayland <ignored> (Minor issue; Xwayland shouldn't be 
running as root)
@@ -18444,6 +18492,7 @@ CVE-2026-50257 (A use-after-free flaw was found in the 
X.Org X server and Xwayla
        NOTE: Fixed by: 
https://gitlab.freedesktop.org/xorg/xserver/-/commit/f5abfb61994471023d8c6470428c8e30c411cc0b
        NOTE: Fixed by: 
https://gitlab.freedesktop.org/xorg/xserver/-/commit/f304b57444be3991fd9d3389f309c6eeb056a6c4
 (xorg-server-21.1.23)
 CVE-2026-50258 (A stack-based buffer overflow flaw was found in the X.Org X 
server and ...)
+       {DSA-6371-1}
        - xorg-server 2:21.1.23-1 (bug #1138680)
        - xwayland 2:24.1.12-1 (bug #1138703)
        [trixie] - xwayland <ignored> (Minor issue; Xwayland shouldn't be 
running as root)
@@ -18452,6 +18501,7 @@ CVE-2026-50258 (A stack-based buffer overflow flaw was 
found in the X.Org X serv
        NOTE: Fixed by: 
https://gitlab.freedesktop.org/xorg/xserver/-/commit/543e108516428fc8c3bea91d6563ad266f9a801e
        NOTE: Fixed by: 
https://gitlab.freedesktop.org/xorg/xserver/-/commit/eced7e74cad4a46c3a3c17b2df13b70b8bedfc25
 (xorg-server-21.1.23)
 CVE-2026-50259 (A stack-based buffer overflow flaw was found in the X.Org X 
server and ...)
+       {DSA-6371-1}
        - xorg-server 2:21.1.23-1 (bug #1138680)
        - xwayland 2:24.1.12-1 (bug #1138703)
        [trixie] - xwayland <ignored> (Minor issue; Xwayland shouldn't be 
running as root)
@@ -18460,6 +18510,7 @@ CVE-2026-50259 (A stack-based buffer overflow flaw was 
found in the X.Org X serv
        NOTE: Fixed by: 
https://gitlab.freedesktop.org/xorg/xserver/-/commit/867b59b33bee669cb412f1314e47c52eacf6e00b
        NOTE: Fixed by: 
https://gitlab.freedesktop.org/xorg/xserver/-/commit/54c3d9fad0f2f97835da9d275b53255f4963029f
 (xorg-server-21.1.23)
 CVE-2026-50260 (A use-after-free flaw was found in the X.Org X server and 
Xwayland in  ...)
+       {DSA-6371-1}
        - xorg-server 2:21.1.23-1 (bug #1138680)
        - xwayland 2:24.1.12-1 (bug #1138703)
        [trixie] - xwayland <ignored> (Minor issue; Xwayland shouldn't be 
running as root)
@@ -18468,6 +18519,7 @@ CVE-2026-50260 (A use-after-free flaw was found in the 
X.Org X server and Xwayla
        NOTE: Fixed by: 
https://gitlab.freedesktop.org/xorg/xserver/-/commit/f5abfb61994471023d8c6470428c8e30c411cc0b
        NOTE: Fixed by: 
https://gitlab.freedesktop.org/xorg/xserver/-/commit/f304b57444be3991fd9d3389f309c6eeb056a6c4
 (xorg-server-21.1.23)
 CVE-2026-50261 (A use-after-free flaw was found in the X.Org X server and 
Xwayland in  ...)
+       {DSA-6371-1}
        - xorg-server 2:21.1.23-1 (bug #1138680)
        - xwayland 2:24.1.12-1 (bug #1138703)
        [trixie] - xwayland <ignored> (Minor issue; Xwayland shouldn't be 
running as root)
@@ -18476,6 +18528,7 @@ CVE-2026-50261 (A use-after-free flaw was found in the 
X.Org X server and Xwayla
        NOTE: Fixed by: 
https://gitlab.freedesktop.org/xorg/xserver/-/commit/bdd7bf57af208b1ddf57d4683d67104443b44812
        NOTE: Fixed by: 
https://gitlab.freedesktop.org/xorg/xserver/-/commit/92a167ab3fda0bee41cf97f6a40a4c01c67d85d4
 (xorg-server-21.1.23)
 CVE-2026-50262 (An out-of-bounds read flaw was found in the X.Org X server and 
Xwaylan ...)
+       {DSA-6371-1}
        - xorg-server 2:21.1.23-1 (bug #1138680)
        - xwayland 2:24.1.12-1 (bug #1138703)
        [trixie] - xwayland <ignored> (Minor issue; Xwayland shouldn't be 
running as root)
@@ -18484,6 +18537,7 @@ CVE-2026-50262 (An out-of-bounds read flaw was found in 
the X.Org X server and X
        NOTE: Fixed by: 
https://gitlab.freedesktop.org/xorg/xserver/-/commit/6d459e4daf715bea8abdafa8fb130be2f8a1d145
        NOTE: Fixed by: 
https://gitlab.freedesktop.org/xorg/xserver/-/commit/94341bd715d62ba8da4c1851f517018996da1af8
 (xorg-server-21.1.23)
 CVE-2026-50263 (A use-after-free flaw was found in the X.Org X server and 
Xwayland in  ...)
+       {DSA-6371-1}
        - xorg-server 2:21.1.23-1 (bug #1138680)
        - xwayland 2:24.1.12-1 (bug #1138703)
        [trixie] - xwayland <ignored> (Minor issue; Xwayland shouldn't be 
running as root)
@@ -18492,6 +18546,7 @@ CVE-2026-50263 (A use-after-free flaw was found in the 
X.Org X server and Xwayla
        NOTE: Fixed by: 
https://gitlab.freedesktop.org/xorg/xserver/-/commit/ecc634f1b2f7aa473d3a267eada98c4918bf9e05
        NOTE: Fixed by: 
https://gitlab.freedesktop.org/xorg/xserver/-/commit/182c23f780402062ab31963776a19d5b87e25ac8
 (xorg-server-21.1.23)
 CVE-2026-50264 (An out-of-bounds write flaw was found in the X.Org X server 
and Xwayla ...)
+       {DSA-6371-1}
        - xorg-server 2:21.1.23-1 (bug #1138680)
        - xwayland 2:24.1.12-1 (bug #1138703)
        [trixie] - xwayland <ignored> (Minor issue; Xwayland shouldn't be 
running as root)
@@ -20816,6 +20871,7 @@ CVE-2025-14042 (The Automotive Car Dealership Business 
WordPress Theme for WordP
 CVE-2025-11993 (The WooCommerce Infinite Scroll and Ajax Pagination plugin for 
WordPre ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-48756
+       {DSA-6370-1}
        - incus 7.0.0-2
        - lxd <removed>
        [trixie] - lxd <no-dsa> (Minor issue)
@@ -25160,7 +25216,7 @@ CVE-2026-9498 (A vulnerability has been found in 
Dromara lamp-cloud up to 5.6.2.
        NOT-FOR-US: Dromara lamp-cloud
 CVE-2026-9497 (A flaw has been found in changmingxie tcc-transaction up to 
2.1.0. Thi ...)
        NOT-FOR-US: changmingxie tcc-transaction
-CVE-2026-9496 (Versions of the package pacote from 11.2.7 are vulnerable to 
Denial of ...)
+CVE-2026-9496 (Versions of the package pacote from 11.2.7 and before 21.5.1 
are vulne ...)
        - npm <unfixed> (bug #1139159)
        [trixie] - npm <no-dsa> (Minor issue)
        [bookworm] - npm <no-dsa> (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eb7dddb4b48391c5e77ddb3c703bf2f75fa9431d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eb7dddb4b48391c5e77ddb3c703bf2f75fa9431d
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to