Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7a7fb20a by security tracker role at 2026-01-17T20:13:42+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,31 @@
+CVE-2026-1063 (A vulnerability has been found in bastillion-io Bastillion up
to 4.0.1 ...)
+ TODO: check
+CVE-2026-1062 (A flaw has been found in xiweicheng TMS up to 2.28.0. This
affects the ...)
+ TODO: check
+CVE-2026-1061 (A vulnerability was detected in xiweicheng TMS up to 2.28.0.
Affected ...)
+ TODO: check
+CVE-2026-1059 (A security vulnerability has been detected in FeMiner wms up to
9cad1f ...)
+ TODO: check
+CVE-2026-1050 (A flaw has been found in risesoft-y9 Digital-Infrastructure up
to 9.6. ...)
+ TODO: check
+CVE-2026-1049 (A security vulnerability has been detected in LigeroSmart up to
6.1.26 ...)
+ TODO: check
+CVE-2026-1048 (A weakness has been identified in LigeroSmart up to 6.1.26.
Impacted i ...)
+ TODO: check
+CVE-2026-0725 (The Integrate Dynamics 365 CRM plugin for WordPress is
vulnerable to S ...)
+ TODO: check
+CVE-2025-8615 (The CubeWP plugin for WordPress is vulnerable to Stored
Cross-Site Scr ...)
+ TODO: check
+CVE-2025-15532 (A security flaw has been discovered in Open5GS up to 2.7.5.
This issue ...)
+ TODO: check
+CVE-2025-15531 (A vulnerability was identified in Open5GS up to 2.7.5. This
vulnerabil ...)
+ TODO: check
+CVE-2025-15530 (A vulnerability was determined in Open5GS up to 2.7.6. This
affects th ...)
+ TODO: check
+CVE-2025-14078 (The PAYGENT for WooCommerce plugin for WordPress is vulnerable
to Miss ...)
+ TODO: check
+CVE-2025-10484 (The Registration & Login with Mobile Phone Number for
WooCommerce plug ...)
+ TODO: check
CVE-2026-23800 (Incorrect Privilege Assignment vulnerability in Modular DS
modular-con ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-23745 (node-tar is a Tar for Node.js. The node-tar library (<= 7.5.2)
fails t ...)
@@ -2448,7 +2476,7 @@ CVE-2026-0892 (Memory safety bugs present in Firefox 146
and Thunderbird 146. So
- firefox 147.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-01/#CVE-2026-0892
CVE-2026-0891 (Memory safety bugs present in Firefox ESR 140.6, Thunderbird
ESR 140.6 ...)
- {DSA-6101-1 DLA-4439-1}
+ {DSA-6103-1 DSA-6101-1 DLA-4439-1}
- firefox 147.0-1
- firefox-esr 140.7.0esr-1
- thunderbird 1:140.7.0esr-1
@@ -2456,7 +2484,7 @@ CVE-2026-0891 (Memory safety bugs present in Firefox ESR
140.6, Thunderbird ESR
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-03/#CVE-2026-0891
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-05/#CVE-2026-0891
CVE-2026-0890 (Spoofing issue in the DOM: Copy & Paste and Drag & Drop
component. Thi ...)
- {DSA-6101-1 DLA-4439-1}
+ {DSA-6103-1 DSA-6101-1 DLA-4439-1}
- firefox 147.0-1
- firefox-esr 140.7.0esr-1
- thunderbird 1:140.7.0esr-1
@@ -2470,7 +2498,7 @@ CVE-2026-0888 (Information disclosure in the XML
component. This vulnerability a
- firefox 147.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-01/#CVE-2026-0888
CVE-2026-0887 (Clickjacking issue, information disclosure in the PDF Viewer
component ...)
- {DSA-6101-1 DLA-4439-1}
+ {DSA-6103-1 DSA-6101-1 DLA-4439-1}
- firefox 147.0-1
- firefox-esr 140.7.0esr-1
- thunderbird 1:140.7.0esr-1
@@ -2478,7 +2506,7 @@ CVE-2026-0887 (Clickjacking issue, information disclosure
in the PDF Viewer comp
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-03/#CVE-2026-0887
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-05/#CVE-2026-0887
CVE-2026-0886 (Incorrect boundary conditions in the Graphics component. This
vulnerab ...)
- {DSA-6101-1 DLA-4439-1}
+ {DSA-6103-1 DSA-6101-1 DLA-4439-1}
- firefox 147.0-1
- firefox-esr 140.7.0esr-1
- thunderbird 1:140.7.0esr-1
@@ -2486,7 +2514,7 @@ CVE-2026-0886 (Incorrect boundary conditions in the
Graphics component. This vul
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-03/#CVE-2026-0886
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-05/#CVE-2026-0886
CVE-2026-0885 (Use-after-free in the JavaScript: GC component. This
vulnerability aff ...)
- {DSA-6101-1 DLA-4439-1}
+ {DSA-6103-1 DSA-6101-1 DLA-4439-1}
- firefox 147.0-1
- firefox-esr 140.7.0esr-1
- thunderbird 1:140.7.0esr-1
@@ -2494,7 +2522,7 @@ CVE-2026-0885 (Use-after-free in the JavaScript: GC
component. This vulnerabilit
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-03/#CVE-2026-0885
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-05/#CVE-2026-0885
CVE-2026-0884 (Use-after-free in the JavaScript Engine component. This
vulnerability ...)
- {DSA-6101-1 DLA-4439-1}
+ {DSA-6103-1 DSA-6101-1 DLA-4439-1}
- firefox 147.0-1
- firefox-esr 140.7.0esr-1
- thunderbird 1:140.7.0esr-1
@@ -2502,7 +2530,7 @@ CVE-2026-0884 (Use-after-free in the JavaScript Engine
component. This vulnerabi
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-03/#CVE-2026-0884
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-05/#CVE-2026-0884
CVE-2026-0883 (Information disclosure in the Networking component. This
vulnerability ...)
- {DSA-6101-1 DLA-4439-1}
+ {DSA-6103-1 DSA-6101-1 DLA-4439-1}
- firefox 147.0-1
- firefox-esr 140.7.0esr-1
- thunderbird 1:140.7.0esr-1
@@ -2510,7 +2538,7 @@ CVE-2026-0883 (Information disclosure in the Networking
component. This vulnerab
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-03/#CVE-2026-0883
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-05/#CVE-2026-0883
CVE-2026-0882 (Use-after-free in the IPC component. This vulnerability affects
Firefo ...)
- {DSA-6101-1 DLA-4439-1}
+ {DSA-6103-1 DSA-6101-1 DLA-4439-1}
- firefox 147.0-1
- firefox-esr 140.7.0esr-1
- thunderbird 1:140.7.0esr-1
@@ -2521,7 +2549,7 @@ CVE-2026-0881 (Sandbox escape in the Messaging System
component. This vulnerabil
- firefox 147.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-01/#CVE-2026-0881
CVE-2026-0880 (Sandbox escape due to integer overflow in the Graphics
component. This ...)
- {DSA-6101-1 DLA-4439-1}
+ {DSA-6103-1 DSA-6101-1 DLA-4439-1}
- firefox 147.0-1
- firefox-esr 140.7.0esr-1
- thunderbird 1:140.7.0esr-1
@@ -2529,7 +2557,7 @@ CVE-2026-0880 (Sandbox escape due to integer overflow in
the Graphics component.
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-03/#CVE-2026-0880
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-05/#CVE-2026-0880
CVE-2026-0879 (Sandbox escape due to incorrect boundary conditions in the
Graphics co ...)
- {DSA-6101-1 DLA-4439-1}
+ {DSA-6103-1 DSA-6101-1 DLA-4439-1}
- firefox 147.0-1
- firefox-esr 140.7.0esr-1
- thunderbird 1:140.7.0esr-1
@@ -2537,7 +2565,7 @@ CVE-2026-0879 (Sandbox escape due to incorrect boundary
conditions in the Graphi
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-03/#CVE-2026-0879
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-05/#CVE-2026-0879
CVE-2026-0878 (Sandbox escape due to incorrect boundary conditions in the
Graphics: C ...)
- {DSA-6101-1 DLA-4439-1}
+ {DSA-6103-1 DSA-6101-1 DLA-4439-1}
- firefox 147.0-1
- firefox-esr 140.7.0esr-1
- thunderbird 1:140.7.0esr-1
@@ -2545,7 +2573,7 @@ CVE-2026-0878 (Sandbox escape due to incorrect boundary
conditions in the Graphi
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-03/#CVE-2026-0878
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-05/#CVE-2026-0878
CVE-2026-0877 (Mitigation bypass in the DOM: Security component. This
vulnerability a ...)
- {DSA-6101-1 DLA-4439-1}
+ {DSA-6103-1 DSA-6101-1 DLA-4439-1}
- firefox 147.0-1
- firefox-esr 140.7.0esr-1
- thunderbird 1:140.7.0esr-1
@@ -3787,6 +3815,7 @@ CVE-2026-21682 (iccDEV provides a set of libraries and
tools that allow for the
CVE-2026-21681 (iccDEV provides a set of libraries and tools that allow for
the intera ...)
NOT-FOR-US: iccDEV
CVE-2026-21441 (urllib3 is an HTTP client library for Python. urllib3's
streaming API ...)
+ {DSA-6102-1}
- python-urllib3 2.5.0-2 (bug #1125062)
NOTE:
https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99
NOTE:
https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b
(2.6.3)
@@ -18148,7 +18177,7 @@ CVE-2025-14328 (Privilege escalation in the Netmonitor
component. This vulnerabi
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-94/#CVE-2025-14328
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-96/#CVE-2025-14328
CVE-2025-14327 (Spoofing issue in the Downloads Panel component. This
vulnerability af ...)
- {DSA-6101-1 DLA-4439-1}
+ {DSA-6103-1 DSA-6101-1 DLA-4439-1}
- firefox 146.0-1
- firefox-esr 140.7.0esr-1
- thunderbird 1:140.7.0esr-1
@@ -20117,7 +20146,7 @@ CVE-2025-66471 (urllib3 is a user-friendly HTTP client
library for Python. Start
NOTE: The fix requires an updated src:brotli >= 1.2.0 for the fix to be
effective,
NOTE: which adds the optional output_buffer_limit option to avoid these
attacks.
CVE-2025-66418 (urllib3 is a user-friendly HTTP client library for Python.
Starting in ...)
- {DLA-4421-1}
+ {DSA-6102-1 DLA-4421-1}
- python-urllib3 2.5.0-1.1 (bug #1122030)
NOTE: https://www.openwall.com/lists/oss-security/2025/12/05/4
NOTE:
https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a7fb20ab88a9643fac8c36aaf60c6f197ffc325
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a7fb20ab88a9643fac8c36aaf60c6f197ffc325
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
