[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Thu, 15 Jan 2026 12:13:52 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
b181cf17 by security tracker role at 2026-01-15T20:13:24+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,241 @@
+CVE-2026-23766 (Istio through 1.28.2 allows iptables rule injection for 
changing firew ...)
+       TODO: check
+CVE-2026-23746 (Entrust Instant Financial Issuance (IFI) On Premise software 
(formerly ...)
+       TODO: check
+CVE-2026-23622 (Easy!Appointments is a self hosted appointment scheduler. In 
1.5.2 and ...)
+       TODO: check
+CVE-2026-23527 (H3 is a minimal H(TTP) framework built for high performance 
and portab ...)
+       TODO: check
+CVE-2026-23520 (Arcane provides modern docker management. Prior to 1.13.0, 
Arcane has  ...)
+       TODO: check
+CVE-2026-23519 (RustCrypto CMOV provides conditional move CPU intrinsics which 
are gua ...)
+       TODO: check
+CVE-2026-23511 (ZITADEL is an open source identity management platform. Prior 
to 4.9.1 ...)
+       TODO: check
+CVE-2026-23496 (Pimcore Web2Print Tools Bundle adds tools for web-to-print use 
cases t ...)
+       TODO: check
+CVE-2026-23495 (Pimcore's Admin Classic Bundle provides a Backend UI for 
Pimcore. Prio ...)
+       TODO: check
+CVE-2026-23494 (Pimcore is an Open Source Data & Experience Management 
Platform. Prior ...)
+       TODO: check
+CVE-2026-23493 (Pimcore is an Open Source Data & Experience Management 
Platform. Prior ...)
+       TODO: check
+CVE-2026-22920 (The device's passwords have not been adequately salted, making 
them vu ...)
+       TODO: check
+CVE-2026-22919 (An attacker with administrative access may inject malicious 
content in ...)
+       TODO: check
+CVE-2026-22918 (An attacker may exploit missing protection against 
clickjacking by tri ...)
+       TODO: check
+CVE-2026-22917 (Improper input handling in a system endpoint may allow 
attackers to ov ...)
+       TODO: check
+CVE-2026-22916 (An attacker with low privileges may be able to trigger 
critical system ...)
+       TODO: check
+CVE-2026-22915 (An attacker with low privileges may be able to read files from 
specifi ...)
+       TODO: check
+CVE-2026-22914 (An attacker with limited permissions may still be able to 
write files  ...)
+       TODO: check
+CVE-2026-22913 (Improper handling of a URL parameter may allow attackers to 
execute co ...)
+       TODO: check
+CVE-2026-22912 (Improper validation of a login parameter may allow attackers 
to redire ...)
+       TODO: check
+CVE-2026-22911 (Firmware update files may expose password hashes for system 
accounts,  ...)
+       TODO: check
+CVE-2026-22910 (The device is deployed with weak and publicly known default 
passwords  ...)
+       TODO: check
+CVE-2026-22909 (Certain system functions may be accessed without proper 
authorization, ...)
+       TODO: check
+CVE-2026-22908 (Uploading unvalidated container images may allow remote 
attackers to g ...)
+       TODO: check
+CVE-2026-22907 (An attacker may gain unauthorized access to the host 
filesystem, poten ...)
+       TODO: check
+CVE-2026-22867 (LaSuite Doc is a collaborative note taking, wiki and 
documentation pla ...)
+       TODO: check
+CVE-2026-22803 (SvelteKit is a framework for rapidly developing robust, 
performant web ...)
+       TODO: check
+CVE-2026-22775 (Svelte devalue is a JavaScript library that serializes values 
into str ...)
+       TODO: check
+CVE-2026-22774 (Svelte devalue is a JavaScript library that serializes values 
into str ...)
+       TODO: check
+CVE-2026-22646 (Certain error messages returned by the application expose 
internal sys ...)
+       TODO: check
+CVE-2026-22645 (The application discloses all used components, versions and 
license in ...)
+       TODO: check
+CVE-2026-22644 (Certain requests pass the authentication token in the URL as 
string qu ...)
+       TODO: check
+CVE-2026-22643 (In Grafana, an excessively long dashboard title or panel name 
will cau ...)
+       TODO: check
+CVE-2026-22642 (An open redirect vulnerability has been identified in Grafana 
OSS orga ...)
+       TODO: check
+CVE-2026-22641 (This vulnerability in Grafana's datasource proxy API allows 
authorizat ...)
+       TODO: check
+CVE-2026-22640 (An access control vulnerability was discovered in Grafana OSS 
where an ...)
+       TODO: check
+CVE-2026-22639 (Grafana is an open-source platform for monitoring and 
observability. T ...)
+       TODO: check
+CVE-2026-22638 (A cross-site scripting (XSS) vulnerability exists in Grafana 
caused by ...)
+       TODO: check
+CVE-2026-22637 (The built-in XY Chart plugin is vulnerable to a DOM XSS 
vulnerability. ...)
+       TODO: check
+CVE-2026-22265 (Roxy-WI is a web interface for managing Haproxy, Nginx, Apache 
and Kee ...)
+       TODO: check
+CVE-2026-22249 (Docmost is an open-source collaborative wiki and documentation 
softwar ...)
+       TODO: check
+CVE-2026-20076 (A vulnerability in the web-based management interface of Cisco 
Identit ...)
+       TODO: check
+CVE-2026-20075 (A vulnerability in the web-based management interface of Cisco 
Evolved ...)
+       TODO: check
+CVE-2026-20047 (A vulnerability in the web-based management interface of Cisco 
Identit ...)
+       TODO: check
+CVE-2026-0992 (A flaw was found in the libxml2 library. This uncontrolled 
resource co ...)
+       TODO: check
+CVE-2026-0990 (A flaw was found in libxml2, an XML parsing library. This 
uncontrolled ...)
+       TODO: check
+CVE-2026-0989 (A flaw was identified in the RelaxNG parser of libxml2 related 
to how  ...)
+       TODO: check
+CVE-2026-0976 (A flaw was found in Keycloak. This improper input validation 
vulnerabi ...)
+       TODO: check
+CVE-2026-0897 (Allocation of Resources Without Limits or Throttling in the 
HDF5 weigh ...)
+       TODO: check
+CVE-2026-0713 (A security vulnerability in the /apis/dashboard.grafana.app/* 
endpoint ...)
+       TODO: check
+CVE-2026-0712 (An open redirect vulnerability has been identified in Grafana 
OSS that ...)
+       TODO: check
+CVE-2026-0227 (A vulnerability in Palo Alto Networks PAN-OS software enables 
an unaut ...)
+       TODO: check
+CVE-2025-9014 (A Null Pointer Dereference vulnerability exists in the referer 
header  ...)
+       TODO: check
+CVE-2025-71019 (Tenda AX-1806 v1.0.0.1 was discovered to contain a stack 
overflow in t ...)
+       TODO: check
+CVE-2025-70744 (Tenda AX-1806 v1.0.0.1 was discovered to contain a stack 
overflow in t ...)
+       TODO: check
+CVE-2025-70656 (Tenda AX-1806 v1.0.0.1 was discovered to contain a stack 
overflow in t ...)
+       TODO: check
+CVE-2025-70310 (A heap overflow in the vorbis_to_intern() function of GPAC 
v2.4.0 allo ...)
+       TODO: check
+CVE-2025-70309 (A stack overflow in the pcmreframe_flush_packet function of 
GPAC v2.4. ...)
+       TODO: check
+CVE-2025-70308 (An out-of-bounds read in the GSF demuxer filter component of 
GPAC v2.4 ...)
+       TODO: check
+CVE-2025-70307 (A stack overflow in the dump_ttxt_sample function of GPAC 
v2.4.0 allow ...)
+       TODO: check
+CVE-2025-70305 (A stack overflow in the dmx_saf function of GPAC v2.4.0 allows 
attacke ...)
+       TODO: check
+CVE-2025-70304 (A buffer overflow in the vobsub_get_subpic_duration() function 
of GPAC ...)
+       TODO: check
+CVE-2025-70303 (A heap overflow in the uncv_parse_config() function of GPAC 
v2.4.0 all ...)
+       TODO: check
+CVE-2025-70302 (A heap overflow in the ghi_dmx_declare_opid_bin() function of 
GPAC v2. ...)
+       TODO: check
+CVE-2025-70299 (A heap overflow in the avi_parse_input_file() function of GPAC 
v2.4.0  ...)
+       TODO: check
+CVE-2025-70298 (GPAC v2.4.0 was discovered to contain an out-of-bounds read in 
the ogg ...)
+       TODO: check
+CVE-2025-67647 (SvelteKit is a framework for rapidly developing robust, 
performant web ...)
+       TODO: check
+CVE-2025-67246 (A local information disclosure vulnerability exists in the 
Ludashi dri ...)
+       TODO: check
+CVE-2025-67084 (File upload vulnerability in InvoicePlane through 1.6.3 allows 
authent ...)
+       TODO: check
+CVE-2025-67083 (Directory traversal vulnerability in InvoicePlane through 
1.6.3 allows ...)
+       TODO: check
+CVE-2025-67082 (An SQL injection vulnerability in InvoicePlane through 1.6.3 
has been  ...)
+       TODO: check
+CVE-2025-67081 (An SQL injection vulnerability in Itflow through 25.06 has 
been identi ...)
+       TODO: check
+CVE-2025-67079 (File upload vulnerability in Omnispace Agora Project before 
25.10 allo ...)
+       TODO: check
+CVE-2025-67078 (Cross site scripting (XSS) vulnerability in Omnispace Agora 
Project be ...)
+       TODO: check
+CVE-2025-67077 (File upload vulnerability in Omnispace Agora Project before 
25.10 allo ...)
+       TODO: check
+CVE-2025-67076 (Directory traversal vulnerability in Omnispace Agora Project 
before 25 ...)
+       TODO: check
+CVE-2025-66417 (GLPI is a free asset and IT management software package. From 
11.0.0,  ...)
+       TODO: check
+CVE-2025-66292 (DPanel is an open source server management panel written in 
Go. Prior  ...)
+       TODO: check
+CVE-2025-65349 (A Stored Cross-Site Scripting (XSS) vulnerability in Web 
management in ...)
+       TODO: check
+CVE-2025-64516 (GLPI is a free asset and IT management software package. Prior 
to 10.0 ...)
+       TODO: check
+CVE-2025-62193 (Sites running NOAA PMEL Live Access Server (LAS) are 
vulnerable to rem ...)
+       TODO: check
+CVE-2025-61973 (A local privilege escalation vulnerability exists during the 
installat ...)
+       TODO: check
+CVE-2025-36911 (In key-based pairing, there is a possible ID due to a logic 
error in t ...)
+       TODO: check
+CVE-2025-15265 (An SSR XSS exists in async hydration when 
attacker\u2011controlled key ...)
+       TODO: check
+CVE-2025-13859 (The AffiliateX \u2013 Amazon Affiliate Plugin plugin for 
WordPress is  ...)
+       TODO: check
+CVE-2025-13845 (CWE-416: Use After Free vulnerability that could cause remote 
code exe ...)
+       TODO: check
+CVE-2025-13844 (CWE-415: Double Free vulnerability exists that could cause 
heap memory ...)
+       TODO: check
+CVE-2025-13062 (The Supreme Modules Lite plugin for WordPress is vulnerable to 
arbitra ...)
+       TODO: check
+CVE-2025-12895 (The Kalium 3 | Creative WordPress & WooCommerce Theme theme 
for WordPr ...)
+       TODO: check
+CVE-2024-48077 (An issue in nanomq v0.22.7 allows attackers to cause a Denial 
of Servi ...)
+       TODO: check
+CVE-2021-47843 (Tagstoo 2.0.1 contains a stored cross-site scripting 
vulnerability tha ...)
+       TODO: check
+CVE-2021-47819 (ProjeQtOr Project Management 9.1.4 contains a file upload 
vulnerabilit ...)
+       TODO: check
+CVE-2021-47799 (Visual Tools DVR VX16 version 4.2.28 contains a local 
privilege escala ...)
+       TODO: check
+CVE-2021-47784 (Cyberfox Web Browser 52.9.1 contains a denial of service 
vulnerability ...)
+       TODO: check
+CVE-2021-47781 (Cmder Console Emulator 1.3.18 contains a buffer overflow 
vulnerability ...)
+       TODO: check
+CVE-2021-47777 (Build Smart ERP 21.0817 contains an unauthenticated SQL 
injection vuln ...)
+       TODO: check
+CVE-2021-47776 (Umbraco CMS v8.14.1 contains a server-side request forgery 
vulnerabili ...)
+       TODO: check
+CVE-2021-47775 (YouTube Video Grabber, now referred to as YouTube Downloader, 
1.9.9.1  ...)
+       TODO: check
+CVE-2021-47774 (Kingdia CD Extractor 3.0.2 contains a buffer overflow 
vulnerability in ...)
+       TODO: check
+CVE-2021-47773 (Dynojet Power Core 2.3.0 contains an unquoted service path 
vulnerabili ...)
+       TODO: check
+CVE-2021-47772 (10-Strike Network Inventory Explorer Pro 9.31 contains a 
buffer overfl ...)
+       TODO: check
+CVE-2021-47771 (RDP Manager 4.9.9.3 contains a denial of service vulnerability 
in conn ...)
+       TODO: check
+CVE-2021-47769 (Isshue Shopping Cart 3.5 contains a persistent cross-site 
scripting vu ...)
+       TODO: check
+CVE-2021-47768 (ImportExportTools NG 10.0.4 contains a persistent HTML 
injection vulne ...)
+       TODO: check
+CVE-2021-47767 (10-Strike Network Inventory Explorer Pro 9.31 contains an 
unquoted ser ...)
+       TODO: check
+CVE-2021-47766 (Kmaleon 1.1.0.205 contains an authenticated SQL injection 
vulnerabilit ...)
+       TODO: check
+CVE-2021-47765 (AbsoluteTelnet 11.24 contains a denial of service 
vulnerability that a ...)
+       TODO: check
+CVE-2021-47764 (AbsoluteTelnet 11.24 contains a denial of service 
vulnerability that a ...)
+       TODO: check
+CVE-2021-47763 (Aimeos 2021.10 LTS contains a SQL injection vulnerability in 
the json  ...)
+       TODO: check
+CVE-2021-47762 (HTTPDebuggerPro 9.11 contains an unquoted service path 
vulnerability t ...)
+       TODO: check
+CVE-2021-47761 (MilleGPG5 5.7.2 contains a local privilege escalation 
vulnerability th ...)
+       TODO: check
+CVE-2021-47760 (TestLink versions 1.16 through 1.19 contain an unauthenticated 
file do ...)
+       TODO: check
+CVE-2021-47759 (MTPutty 1.0.1.21 contains a sensitive information disclosure 
vulnerabi ...)
+       TODO: check
+CVE-2021-47758 (Chikitsa Patient Management System 2.0.2 contains an 
authenticated rem ...)
+       TODO: check
+CVE-2021-47757 (Chikitsa Patient Management System 2.0.2 contains an 
authenticated rem ...)
+       TODO: check
+CVE-2021-47755 (Oliver Library Server v5 contains a file download 
vulnerability that a ...)
+       TODO: check
+CVE-2021-47754 (Arunna 1.0.0 contains a cross-site request forgery 
vulnerability that  ...)
+       TODO: check
+CVE-2021-47753 (phpKF CMS 3.00 Beta y6 contains an unauthenticated file upload 
vulnera ...)
+       TODO: check
+CVE-2021-47752 (AWebServer GhostBuilding 18 contains a denial of service 
vulnerability ...)
+       TODO: check
 CVE-2026-22797 [Privilege Escalation via Identity Headers in External OAuth2 
Tokens]
        - python-keystonemiddleware <unfixed>
        NOTE: https://www.openwall.com/lists/oss-security/2026/01/15/1
@@ -1570,11 +1808,13 @@ CVE-2026-0892 (Memory safety bugs present in Firefox 
146 and Thunderbird 146. So
        - firefox 147.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-01/#CVE-2026-0892
 CVE-2026-0891 (Memory safety bugs present in Firefox ESR 140.6, Thunderbird 
ESR 140.6 ...)
+       {DSA-6101-1 DLA-4439-1}
        - firefox 147.0-1
        - firefox-esr 140.7.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-01/#CVE-2026-0891
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-03/#CVE-2026-0891
 CVE-2026-0890 (Spoofing issue in the DOM: Copy & Paste and Drag & Drop 
component. Thi ...)
+       {DSA-6101-1 DLA-4439-1}
        - firefox 147.0-1
        - firefox-esr 140.7.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-01/#CVE-2026-0890
@@ -1586,31 +1826,37 @@ CVE-2026-0888 (Information disclosure in the XML 
component. This vulnerability a
        - firefox 147.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-01/#CVE-2026-0888
 CVE-2026-0887 (Clickjacking issue, information disclosure in the PDF Viewer 
component ...)
+       {DSA-6101-1 DLA-4439-1}
        - firefox 147.0-1
        - firefox-esr 140.7.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-01/#CVE-2026-0887
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-03/#CVE-2026-0887
 CVE-2026-0886 (Incorrect boundary conditions in the Graphics component. This 
vulnerab ...)
+       {DSA-6101-1 DLA-4439-1}
        - firefox 147.0-1
        - firefox-esr 140.7.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-01/#CVE-2026-0886
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-03/#CVE-2026-0886
 CVE-2026-0885 (Use-after-free in the JavaScript: GC component. This 
vulnerability aff ...)
+       {DSA-6101-1 DLA-4439-1}
        - firefox 147.0-1
        - firefox-esr 140.7.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-01/#CVE-2026-0885
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-03/#CVE-2026-0885
 CVE-2026-0884 (Use-after-free in the JavaScript Engine component. This 
vulnerability  ...)
+       {DSA-6101-1 DLA-4439-1}
        - firefox 147.0-1
        - firefox-esr 140.7.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-01/#CVE-2026-0884
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-03/#CVE-2026-0884
 CVE-2026-0883 (Information disclosure in the Networking component. This 
vulnerability ...)
+       {DSA-6101-1 DLA-4439-1}
        - firefox 147.0-1
        - firefox-esr 140.7.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-01/#CVE-2026-0883
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-03/#CVE-2026-0883
 CVE-2026-0882 (Use-after-free in the IPC component. This vulnerability affects 
Firefo ...)
+       {DSA-6101-1 DLA-4439-1}
        - firefox 147.0-1
        - firefox-esr 140.7.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-01/#CVE-2026-0882
@@ -1619,21 +1865,25 @@ CVE-2026-0881 (Sandbox escape in the Messaging System 
component. This vulnerabil
        - firefox 147.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-01/#CVE-2026-0881
 CVE-2026-0880 (Sandbox escape due to integer overflow in the Graphics 
component. This ...)
+       {DSA-6101-1 DLA-4439-1}
        - firefox 147.0-1
        - firefox-esr 140.7.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-01/#CVE-2026-0880
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-03/#CVE-2026-0880
 CVE-2026-0879 (Sandbox escape due to incorrect boundary conditions in the 
Graphics co ...)
+       {DSA-6101-1 DLA-4439-1}
        - firefox 147.0-1
        - firefox-esr 140.7.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-01/#CVE-2026-0879
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-03/#CVE-2026-0879
 CVE-2026-0878 (Sandbox escape due to incorrect boundary conditions in the 
Graphics: C ...)
+       {DSA-6101-1 DLA-4439-1}
        - firefox 147.0-1
        - firefox-esr 140.7.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-01/#CVE-2026-0878
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-03/#CVE-2026-0878
 CVE-2026-0877 (Mitigation bypass in the DOM: Security component. This 
vulnerability a ...)
+       {DSA-6101-1 DLA-4439-1}
        - firefox 147.0-1
        - firefox-esr 140.7.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-01/#CVE-2026-0877
@@ -2795,7 +3045,7 @@ CVE-2026-22185 (OpenLDAP Lightning Memory-Mapped Database 
(LMDB) versions up to
        NOTE: https://bugs.openldap.org/show_bug.cgi?id=10421
        NOTE: Fixed by: 
https://git.openldap.org/openldap/openldap/-/commit/8e1fda85532a3c74276df38a42d234dcdfa1e40d
        NOTE: OpenLDAP bundles lmdb but does not build mdb_load.c
-CVE-2026-22184 (zlib versions up to and including 1.3.1.2 contain a global 
buffer over ...)
+CVE-2026-22184 (zlib versions up to and including 1.3.1.2 include a global 
buffer over ...)
        - zlib 1:1.2.6.dfsg-1 (unimportant)
        NOTE: https://www.openwall.com/lists/oss-security/2026/01/06/5
        NOTE: https://github.com/madler/zlib/issues/1142
@@ -11313,11 +11563,11 @@ CVE-2025-63948 (A SQL Injection vulnerability exists 
in phpMsAdmin version 2.2 i
        NOT-FOR-US: phpMsAdmin
 CVE-2025-63947 (A Reflected Cross-Site Scripting (XSS) vulnerability exists in 
phpMsAd ...)
        NOT-FOR-US: phpMsAdmin
-CVE-2025-62004 (BullWall Server Intrusion Protection services are initialized 
after lo ...)
+CVE-2025-62004 (BullWall Server Intrusion Protection (SIP) services are 
initialized af ...)
        NOT-FOR-US: BullWall
 CVE-2025-62003 (BullWall Server Intrusion Protection has a noticeable 
configuration-de ...)
        NOT-FOR-US: BullWall
-CVE-2025-62002 (BullWall Ransomware Containment relies on the number of file 
modificat ...)
+CVE-2025-62002 (BullWall Ransomware Containment considers the number of files 
modified ...)
        NOT-FOR-US: BullWall
 CVE-2025-62001 (BullWall Ransomware Containment supports configurable file and 
directo ...)
        NOT-FOR-US: BullWall
@@ -12435,7 +12685,7 @@ CVE-2025-34434 (AVideo versions prior to 20.1 with the 
ImageGallery plugin enabl
        NOT-FOR-US: WWBN AVideo
 CVE-2025-26381 (Successful exploitation of this vulnerability could allow an 
attacker  ...)
        NOT-FOR-US: Johnson Controls
-CVE-2025-20393 (Cisco is aware of a potential vulnerability.&nbsp; Cisco is 
currently  ...)
+CVE-2025-20393 (A vulnerability in the Spam Quarantine feature of Cisco 
AsyncOS Softwa ...)
        NOT-FOR-US: Cisco
 CVE-2025-14828
        REJECTED
@@ -17228,6 +17478,7 @@ CVE-2025-14328 (Privilege escalation in the Netmonitor 
component. This vulnerabi
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-94/#CVE-2025-14328
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-96/#CVE-2025-14328
 CVE-2025-14327 (Spoofing issue in the Downloads Panel component. This 
vulnerability af ...)
+       {DSA-6101-1 DLA-4439-1}
        - firefox 146.0-1
        - firefox-esr 140.7.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-92/#CVE-2025-14327



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b181cf179a2a4850055a9f3c4c7ad0140ed6ab22

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b181cf179a2a4850055a9f3c4c7ad0140ed6ab22
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to