Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4dc14e39 by security tracker role at 2026-02-25T20:13:32+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,209 @@
+CVE-2026-3221 (Sensitive user account information is not encrypted in the
database i ...)
+ TODO: check
+CVE-2026-3206 (Improper Resource Shutdown or Release vulnerability in KrakenD,
SLU Kr ...)
+ TODO: check
+CVE-2026-3203 (RF4CE Profile protocol dissector crash in Wireshark 4.6.0 to
4.6.3 and ...)
+ TODO: check
+CVE-2026-3202 (NTS-KE protocol dissector crash in Wireshark 4.6.0 to 4.6.3
allows den ...)
+ TODO: check
+CVE-2026-3201 (USB HID protocol dissector memory exhaustion in Wireshark 4.6.0
to 4.6 ...)
+ TODO: check
+CVE-2026-3197
+ REJECTED
+CVE-2026-3194 (A flaw has been found in Chia Blockchain 2.1.0. The affected
element i ...)
+ TODO: check
+CVE-2026-3193 (A vulnerability was detected in Chia Blockchain 2.1.0. Impacted
is an ...)
+ TODO: check
+CVE-2026-3192 (A security vulnerability has been detected in Chia Blockchain
2.1.0. T ...)
+ TODO: check
+CVE-2026-3189 (A weakness has been identified in feiyuchuixue sz-boot-parent
up to 1. ...)
+ TODO: check
+CVE-2026-3188 (A security flaw has been discovered in feiyuchuixue
sz-boot-parent up ...)
+ TODO: check
+CVE-2026-3187 (A vulnerability was identified in feiyuchuixue sz-boot-parent
up to 1. ...)
+ TODO: check
+CVE-2026-3186 (A vulnerability was determined in feiyuchuixue sz-boot-parent
up to 1. ...)
+ TODO: check
+CVE-2026-3185 (A vulnerability was found in feiyuchuixue sz-boot-parent up to
1.3.2-b ...)
+ TODO: check
+CVE-2026-3171 (A flaw has been found in SourceCodester/Patrick Mvuma Patients
Waiting ...)
+ TODO: check
+CVE-2026-3118 (A security flaw was identified in the Orchestrator Plugin of
Red Hat D ...)
+ TODO: check
+CVE-2026-2878 (In Progress\xae Telerik\xae UI for AJAX, versions prior to
2026.1.225, ...)
+ TODO: check
+CVE-2026-2636 (This vulnerability is caused by a CWE\u2011159: "Improper
Handling of ...)
+ TODO: check
+CVE-2026-2624 (Missing Authentication for Critical Function vulnerability in
ePati Cy ...)
+ TODO: check
+CVE-2026-2479 (The Responsive Lightbox & Gallery plugin for WordPress is
vulnerable t ...)
+ TODO: check
+CVE-2026-2416 (The Geo Mashup plugin for WordPress is vulnerable to SQL
Injection via ...)
+ TODO: check
+CVE-2026-2410 (The Disable Admin Notices \u2013 Hide Dashboard Notifications
plugin f ...)
+ TODO: check
+CVE-2026-2367 (The Secure Copy Content Protection and Content Locking plugin
for Word ...)
+ TODO: check
+CVE-2026-2301 (The Post Duplicator plugin for WordPress is vulnerable to
unauthorized ...)
+ TODO: check
+CVE-2026-28196 (In JetBrains TeamCity before 2025.11.3 disabling versioned
settings le ...)
+ TODO: check
+CVE-2026-28195 (In JetBrains TeamCity before 2025.11.3 missing authorization
allowed p ...)
+ TODO: check
+CVE-2026-28194 (In JetBrains TeamCity before 2025.11.3 open redirect was
possible in t ...)
+ TODO: check
+CVE-2026-28193 (In JetBrains YouTrack before 2025.3.121962 apps were able to
send requ ...)
+ TODO: check
+CVE-2026-27850 (Due to an improperly configured firewall rule, the router will
accept ...)
+ TODO: check
+CVE-2026-27849 (Due to missing neutralization of special elements, OS commands
can be ...)
+ TODO: check
+CVE-2026-27848 (Due to missing neutralization of special elements, OS commands
can be ...)
+ TODO: check
+CVE-2026-27847 (Due to improper neutralization of special elements, SQL
statements can ...)
+ TODO: check
+CVE-2026-27846 (Due to missing authentication, a user with physical access to
the devi ...)
+ TODO: check
+CVE-2026-27795 (LangChain is a framework for building LLM-powered
applications. Prior ...)
+ TODO: check
+CVE-2026-27794 (LangGraph Checkpoint defines the base interface for LangGraph
checkpoi ...)
+ TODO: check
+CVE-2026-27739 (The Angular SSR is a server-rise rendering tool for Angular
applicatio ...)
+ TODO: check
+CVE-2026-27738 (The Angular SSR is a server-rise rendering tool for Angular
applicatio ...)
+ TODO: check
+CVE-2026-27736 (BigBlueButton is an open-source virtual classroom. In versions
on the ...)
+ TODO: check
+CVE-2026-27730 (esm.sh is a no-build content delivery network (CDN) for web
developmen ...)
+ TODO: check
+CVE-2026-27728 (OneUptime is a solution for monitoring and managing online
services. P ...)
+ TODO: check
+CVE-2026-27727 (mchange-commons-java, a library that provides Java utilities,
includes ...)
+ TODO: check
+CVE-2026-27706 (Plane is an an open-source project management tool. Prior to
version 1 ...)
+ TODO: check
+CVE-2026-27705 (Plane is an an open-source project management tool. Prior to
version 1 ...)
+ TODO: check
+CVE-2026-27704 (The Dart and Flutter SDKs provide software development kits
for the Da ...)
+ TODO: check
+CVE-2026-27702 (Budibase is a low code platform for creating internal tools,
workflows ...)
+ TODO: check
+CVE-2026-27701 (LiveCode is an open-source, client-side code playground. Prior
to comm ...)
+ TODO: check
+CVE-2026-27700 (Hono is a Web application framework that provides support for
any Java ...)
+ TODO: check
+CVE-2026-27699 (The `basic-ftp` FTP client library for Node.js contains a path
travers ...)
+ TODO: check
+CVE-2026-27695 (zae-limiter is a rate limiting library using the token bucket
algorith ...)
+ TODO: check
+CVE-2026-27692 (iccDEV provides a set of libraries and tools for working with
ICC colo ...)
+ TODO: check
+CVE-2026-27691 (iccDEV provides a set of libraries and tools for working with
ICC colo ...)
+ TODO: check
+CVE-2026-26717 (An issue in OpenFUN Richie (LMS) in
src/richie/apps/courses/api.py. Th ...)
+ TODO: check
+CVE-2026-26104 (A flaw was found in the udisks storage management daemon that
allows u ...)
+ TODO: check
+CVE-2026-26103 (A flaw was found in the udisks storage management daemon that
exposes ...)
+ TODO: check
+CVE-2026-25930 (OpenEMR is a free and open source electronic health records
and medica ...)
+ TODO: check
+CVE-2026-25929 (OpenEMR is a free and open source electronic health records
and medica ...)
+ TODO: check
+CVE-2026-25927 (OpenEMR is a free and open source electronic health records
and medica ...)
+ TODO: check
+CVE-2026-25746 (OpenEMR is a free and open source electronic health records
and medica ...)
+ TODO: check
+CVE-2026-25743 (OpenEMR is a free and open source electronic health records
and medica ...)
+ TODO: check
+CVE-2026-25701 (An Insecure Temporary File vulnerability in openSUSE
sdbootutil allows ...)
+ TODO: check
+CVE-2026-25554 (OpenSIPS versions 3.1 before 3.6.4 containing the auth_jwt
module (pri ...)
+ TODO: check
+CVE-2026-25476 (OpenEMR is a free and open source electronic health records
and medica ...)
+ TODO: check
+CVE-2026-25220 (OpenEMR is a free and open source electronic health records
and medica ...)
+ TODO: check
+CVE-2026-25164 (OpenEMR is a free and open source electronic health records
and medica ...)
+ TODO: check
+CVE-2026-25138 (Rucio is a software framework that provides functionality to
organize, ...)
+ TODO: check
+CVE-2026-25136 (Rucio is a software framework that provides functionality to
organize, ...)
+ TODO: check
+CVE-2026-24908 (OpenEMR is a free and open source electronic health records
and medica ...)
+ TODO: check
+CVE-2026-24890 (OpenEMR is a free and open source electronic health records
and medica ...)
+ TODO: check
+CVE-2026-24487 (OpenEMR is a free and open source electronic health records
and medica ...)
+ TODO: check
+CVE-2026-24005 (Kruise provides automated management of large-scale
applications on Ku ...)
+ TODO: check
+CVE-2026-23627 (OpenEMR is a free and open source electronic health records
and medica ...)
+ TODO: check
+CVE-2026-22866 (Ethereum Name Service (ENS) is a distributed, open, and
extensible nam ...)
+ TODO: check
+CVE-2026-22720 (VMware Aria Operations contains a stored cross-site scripting
vulnerab ...)
+ TODO: check
+CVE-2026-22719 (VMware Aria Operations contains a command injection
vulnerability. A m ...)
+ TODO: check
+CVE-2026-21902 (An Incorrect Permission Assignment for Critical Resource
vulnerability ...)
+ TODO: check
+CVE-2026-21725 (A time-of-create-to-time-of-use (TOCTOU) vulnerability lets
recently d ...)
+ TODO: check
+CVE-2026-20133 (A vulnerability in Cisco Catalyst SD-WAN Manager could allow
an unauth ...)
+ TODO: check
+CVE-2026-20129 (A vulnerability in the API user authentication of Cisco
Catalyst SD-WA ...)
+ TODO: check
+CVE-2026-20128 (A vulnerability in the Data Collection Agent (DCA) feature of
Cisco Ca ...)
+ TODO: check
+CVE-2026-20127 (A vulnerability in the peering authentication in Cisco
Catalyst SD-WAN ...)
+ TODO: check
+CVE-2026-20126 (A vulnerability in Cisco Catalyst SD-WAN Manager could allow
an authen ...)
+ TODO: check
+CVE-2026-20122 (A vulnerability in the API of Cisco Catalyst SD-WAN Manager
could allo ...)
+ TODO: check
+CVE-2026-20107 (A vulnerability in the Object Model CLI component of Cisco
Application ...)
+ TODO: check
+CVE-2026-20099 (A vulnerability in the web-based management interface of Cisco
FXOS So ...)
+ TODO: check
+CVE-2026-20091 (A vulnerability in the web-based management interface of Cisco
FXOS So ...)
+ TODO: check
+CVE-2026-20051 (A vulnerability with the Ethernet VPN (EVPN) Layer 2 ingress
packet pr ...)
+ TODO: check
+CVE-2026-20048 (A vulnerability in the Simple Network Management Protocol
(SNMP) subsy ...)
+ TODO: check
+CVE-2026-20037 (A vulnerability in the NX-OS CLI privilege levels of Cisco UCS
Manager ...)
+ TODO: check
+CVE-2026-20036 (A vulnerability in the CLI and web-based management interface
of Cisco ...)
+ TODO: check
+CVE-2026-20033 (A vulnerability in Cisco Nexus 9000 Series Fabric Switches in
ACI mode ...)
+ TODO: check
+CVE-2026-20010 (A vulnerability in the Link Layer Discovery Protocol (LLDP)
feature of ...)
+ TODO: check
+CVE-2026-1929 (The Advanced Woo Labels plugin for WordPress is vulnerable to
Remote C ...)
+ TODO: check
+CVE-2026-1916 (The WPGSI: Spreadsheet Integration plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2026-0704 (In affected version of Octopus Deploy it was possible to remove
files ...)
+ TODO: check
+CVE-2025-69771 (An arbitrary file upload vulnerability in the subtitle loading
functio ...)
+ TODO: check
+CVE-2025-67860 (A vulnerability has been identified in the NeuVector scanner
where the ...)
+ TODO: check
+CVE-2025-67601 (A vulnerability has been identified within Rancher Manager,
where usin ...)
+ TODO: check
+CVE-2025-62878 (A malicious user can manipulate the parameters.pathPatternto
create Pe ...)
+ TODO: check
+CVE-2025-50180 (esm.sh is a no-build content delivery network (CDN) for web
developmen ...)
+ TODO: check
+CVE-2025-3525 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
+ TODO: check
+CVE-2025-1242 (The administrative credentials can be extracted through
application AP ...)
+ TODO: check
+CVE-2025-14742 (The WP Recipe Maker plugin for WordPress is vulnerable to
unauthorized ...)
+ TODO: check
+CVE-2025-14103 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
+ TODO: check
CVE-2026-27015
- freerdp3 3.23.0+dfsg-1
- freerdp2 <removed>
@@ -118,11 +324,11 @@ CVE-2026-2914 (CyberArk Endpoint Privilege Manager Agent
versions 25.10.0 and lo
NOT-FOR-US: Palo Alto Networks
CVE-2026-27822 (RustFS is a distributed object storage system built in Rust.
Prior to ...)
NOT-FOR-US: RustFS
-CVE-2026-27747 (The SPIP interface_traduction_objets plugin versions prior
to4.3.3 con ...)
+CVE-2026-27747 (The SPIP interface_traduction_objets plugin versions prior
to2.2.2 con ...)
NOT-FOR-US: SPIP interface_traduction_objets plugi
CVE-2026-27746 (The SPIP jeux plugin versions prior to4.1.1 contain a
reflected cross- ...)
NOT-FOR-US: SPIP jeux plugin
-CVE-2026-27745 (The SPIP interface_traduction_objets plugin versions prior
to4.3.3 con ...)
+CVE-2026-27745 (The SPIP interface_traduction_objets plugin versions prior
to2.2.2 con ...)
NOT-FOR-US: SPIP interface_traduction_objets plugin
CVE-2026-27744 (The SPIP tickets plugin versions prior to4.3.3 contain an
unauthentica ...)
NOT-FOR-US: SPIP tickets plugin
@@ -418,11 +624,13 @@ CVE-2024-48928 (Piwigo is an open source photo gallery
application for the web.
CVE-2024-1524 (When the "Silent Just-In-Time Provisioning" feature is enabled
for a f ...)
NOT-FOR-US: WSO2
CVE-2026-2793 (Memory safety bugs present in Firefox ESR 115.32, Firefox ESR
140.7, T ...)
+ {DSA-6148-1}
- firefox <unfixed>
- firefox-esr 140.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2793
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2793
CVE-2026-2792 (Memory safety bugs present in Firefox ESR 140.7, Thunderbird
ESR 140.7 ...)
+ {DSA-6148-1}
- firefox <unfixed>
- firefox-esr 140.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2792
@@ -431,11 +639,13 @@ CVE-2026-2807 (Memory safety bugs present in Firefox 147
and Thunderbird 147. So
- firefox <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2807
CVE-2026-2791 (Mitigation bypass in the Networking: Cache component. This
vulnerabili ...)
+ {DSA-6148-1}
- firefox <unfixed>
- firefox-esr 140.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2791
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2791
CVE-2026-2790 (Same-origin policy bypass in the Networking: JAR component.
This vulne ...)
+ {DSA-6148-1}
- firefox <unfixed>
- firefox-esr 140.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2790
@@ -444,16 +654,19 @@ CVE-2026-2806 (Uninitialized memory in the Graphics: Text
component. This vulner
- firefox <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2806
CVE-2026-2789 (Use-after-free in the Graphics: ImageLib component. This
vulnerability ...)
+ {DSA-6148-1}
- firefox <unfixed>
- firefox-esr 140.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2789
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2789
CVE-2026-2788 (Incorrect boundary conditions in the Audio/Video: GMP
component. This ...)
+ {DSA-6148-1}
- firefox <unfixed>
- firefox-esr 140.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2788
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2788
CVE-2026-2787 (Use-after-free in the DOM: Window and Location component. This
vulnera ...)
+ {DSA-6148-1}
- firefox <unfixed>
- firefox-esr 140.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2787
@@ -462,6 +675,7 @@ CVE-2026-2805 (Invalid pointer in the DOM: Core & HTML
component. This vulnerabi
- firefox <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2805
CVE-2026-2786 (Use-after-free in the JavaScript Engine component. This
vulnerability ...)
+ {DSA-6148-1}
- firefox <unfixed>
- firefox-esr 140.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2786
@@ -470,11 +684,13 @@ CVE-2026-2804 (Use-after-free in the JavaScript:
WebAssembly component. This vul
- firefox <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2804
CVE-2026-2785 (Invalid pointer in the JavaScript Engine component. This
vulnerability ...)
+ {DSA-6148-1}
- firefox <unfixed>
- firefox-esr 140.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2785
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2785
CVE-2026-2784 (Mitigation bypass in the DOM: Security component. This
vulnerability a ...)
+ {DSA-6148-1}
- firefox <unfixed>
- firefox-esr 140.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2784
@@ -486,11 +702,13 @@ CVE-2026-2802 (Race condition in the JavaScript: GC
component. This vulnerabilit
- firefox <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2802
CVE-2026-2783 (Information disclosure due to JIT miscompilation in the
JavaScript Eng ...)
+ {DSA-6148-1}
- firefox <unfixed>
- firefox-esr 140.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2783
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2783
CVE-2026-2782 (Privilege escalation in the Netmonitor component. This
vulnerability a ...)
+ {DSA-6148-1}
- firefox <unfixed>
- firefox-esr 140.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2782
@@ -499,6 +717,7 @@ CVE-2026-2801 (Incorrect boundary conditions in the
JavaScript: WebAssembly comp
- firefox <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2801
CVE-2026-2781 (Integer overflow in the Libraries component in NSS. This
vulnerability ...)
+ {DSA-6148-1}
- firefox <unfixed>
- firefox-esr 140.8.0esr-1
- nss 2:3.121-1
@@ -507,6 +726,7 @@ CVE-2026-2781 (Integer overflow in the Libraries component
in NSS. This vulnerab
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=2009552 (private)
NOTE: Fixed by: https://hg.mozilla.org/projects/nss/rev/245385e16fa6
CVE-2026-2780 (Privilege escalation in the Netmonitor component. This
vulnerability a ...)
+ {DSA-6148-1}
- firefox <unfixed>
- firefox-esr 140.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2780
@@ -515,16 +735,19 @@ CVE-2026-2800 (Spoofing issue in the WebAuthn component
in Firefox for Android.
- firefox <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2800
CVE-2026-2779 (Incorrect boundary conditions in the Networking: JAR component.
This v ...)
+ {DSA-6148-1}
- firefox <unfixed>
- firefox-esr 140.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2779
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2779
CVE-2026-2778 (Sandbox escape due to incorrect boundary conditions in the DOM:
Core & ...)
+ {DSA-6148-1}
- firefox <unfixed>
- firefox-esr 140.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2778
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2778
CVE-2026-2777 (Privilege escalation in the Messaging System component. This
vulnerabi ...)
+ {DSA-6148-1}
- firefox <unfixed>
- firefox-esr 140.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2777
@@ -535,31 +758,37 @@ CVE-2026-2776 (Sandbox escape due to incorrect boundary
conditions in the Teleme
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2776
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2776
CVE-2026-2775 (Mitigation bypass in the DOM: HTML Parser component. This
vulnerabilit ...)
+ {DSA-6148-1}
- firefox <unfixed>
- firefox-esr 140.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2775
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2775
CVE-2026-2774 (Integer overflow in the Audio/Video component. This
vulnerability affe ...)
+ {DSA-6148-1}
- firefox <unfixed>
- firefox-esr 140.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2774
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2774
CVE-2026-2773 (Incorrect boundary conditions in the Web Audio component. This
vulnera ...)
+ {DSA-6148-1}
- firefox <unfixed>
- firefox-esr 140.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2773
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2773
CVE-2026-2772 (Use-after-free in the Audio/Video: Playback component. This
vulnerabil ...)
+ {DSA-6148-1}
- firefox <unfixed>
- firefox-esr 140.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2772
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2772
CVE-2026-2771 (Undefined behavior in the DOM: Core & HTML component. This
vulnerabili ...)
+ {DSA-6148-1}
- firefox <unfixed>
- firefox-esr 140.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2771
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2771
CVE-2026-2770 (Use-after-free in the DOM: Bindings (WebIDL) component. This
vulnerabi ...)
+ {DSA-6148-1}
- firefox <unfixed>
- firefox-esr 140.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2770
@@ -568,6 +797,7 @@ CVE-2026-2799 (Use-after-free in the DOM: Core & HTML
component. This vulnerabil
- firefox <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2799
CVE-2026-2769 (Use-after-free in the Storage: IndexedDB component. This
vulnerability ...)
+ {DSA-6148-1}
- firefox <unfixed>
- firefox-esr 140.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2769
@@ -576,21 +806,25 @@ CVE-2026-2798 (Use-after-free in the DOM: Core & HTML
component. This vulnerabil
- firefox <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2798
CVE-2026-2768 (Sandbox escape in the Storage: IndexedDB component. This
vulnerability ...)
+ {DSA-6148-1}
- firefox <unfixed>
- firefox-esr 140.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2768
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2768
CVE-2026-2767 (Use-after-free in the JavaScript: WebAssembly component. This
vulnerab ...)
+ {DSA-6148-1}
- firefox <unfixed>
- firefox-esr 140.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2767
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2767
CVE-2026-2766 (Use-after-free in the JavaScript Engine: JIT component. This
vulnerabi ...)
+ {DSA-6148-1}
- firefox <unfixed>
- firefox-esr 140.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2766
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2766
CVE-2026-2765 (Use-after-free in the JavaScript Engine component. This
vulnerability ...)
+ {DSA-6148-1}
- firefox <unfixed>
- firefox-esr 140.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2765
@@ -602,26 +836,31 @@ CVE-2026-2796 (JIT miscompilation in the JavaScript:
WebAssembly component. This
- firefox <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2796
CVE-2026-2764 (JIT miscompilation, use-after-free in the JavaScript Engine:
JIT compo ...)
+ {DSA-6148-1}
- firefox <unfixed>
- firefox-esr 140.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2764
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2764
CVE-2026-2763 (Use-after-free in the JavaScript Engine component. This
vulnerability ...)
+ {DSA-6148-1}
- firefox <unfixed>
- firefox-esr 140.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2763
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2763
CVE-2026-2762 (Integer overflow in the JavaScript: Standard Library component.
This v ...)
+ {DSA-6148-1}
- firefox <unfixed>
- firefox-esr 140.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2762
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2762
CVE-2026-2761 (Sandbox escape in the Graphics: WebRender component. This
vulnerabilit ...)
+ {DSA-6148-1}
- firefox <unfixed>
- firefox-esr 140.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2761
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2761
CVE-2026-2760 (Sandbox escape due to incorrect boundary conditions in the
Graphics: W ...)
+ {DSA-6148-1}
- firefox <unfixed>
- firefox-esr 140.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2760
@@ -630,11 +869,13 @@ CVE-2026-2795 (Use-after-free in the JavaScript: GC
component. This vulnerabilit
- firefox <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2795
CVE-2026-2759 (Incorrect boundary conditions in the Graphics: ImageLib
component. Thi ...)
+ {DSA-6148-1}
- firefox <unfixed>
- firefox-esr 140.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2759
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2759
CVE-2026-2758 (Use-after-free in the JavaScript: GC component. This
vulnerability aff ...)
+ {DSA-6148-1}
- firefox <unfixed>
- firefox-esr 140.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2758
@@ -643,6 +884,7 @@ CVE-2026-2794 (Information disclosure due to uninitialized
memory in Firefox and
- firefox <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2794
CVE-2026-2757 (Incorrect boundary conditions in the WebRTC: Audio/Video
component. Th ...)
+ {DSA-6148-1}
- firefox <unfixed>
- firefox-esr 140.8.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2757
@@ -7256,7 +7498,7 @@ CVE-2026-1584
NOTE: Introduced with:
https://gitlab.com/gnutls/gnutls/-/commit/33034a91c2c1f38bad19e747d3021885d54bfb44
(3.8.11)
NOTE: Fixed by:
https://gitlab.com/gnutls/gnutls/-/commit/acf67a4a68bc6d9ab7b882469c67f6cf28db56a0
(3.8.12)
CVE-2025-14831 (A flaw was found in GnuTLS. This vulnerability allows a denial
of serv ...)
- {DSA-6140-1}
+ {DSA-6140-1 DLA-4492-1}
- gnutls28 3.8.12-1
NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1773
NOTE: Prequisite:
https://gitlab.com/gnutls/gnutls/-/commit/0b2377dfccd99be641bf3f1a0de9f0dc8dc0d4b1
(3.8.12)
@@ -12014,7 +12256,7 @@ CVE-2025-11187 (Issue summary: PBMAC1 parameters in
PKCS#12 files are missing va
NOTE: Fixed by:
https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e
(openssl-3.5.5)
NOTE: Testcases:
https://github.com/openssl/openssl/commit/4583982d252797c133ce4139b7f78d2942d2bcdb
(openssl-3.5.5)
NOTE: Testcases:
https://github.com/openssl/openssl/commit/c716acac5e0e2216bcf3ab54036f0ef31ebe1b52
(openssl-3.5.5)
-CVE-2025-15467 (Issue summary: Parsing CMS AuthEnvelopedData message with
maliciously ...)
+CVE-2025-15467 (Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData
message ...)
{DSA-6113-1}
- openssl 3.5.5-1
[bullseye] - openssl <not-affected> (Vulnerable code introduced later)
@@ -39774,6 +40016,7 @@ CVE-2025-11003 (The UiPress lite | Effortless custom
dashboards, admin themes an
CVE-2025-10938 (The UiPress lite plugin for WordPress is vulnerable to
Sensitive Infor ...)
NOT-FOR-US: WordPress plugin
CVE-2025-9820 (A flaw was found in the GnuTLS library, specifically in the
gnutls_pkc ...)
+ {DLA-4492-1}
[experimental] - gnutls28 3.8.11-1
- gnutls28 3.8.11-3 (bug #1121146)
[trixie] - gnutls28 3.8.9-3+deb13u1
@@ -79837,13 +80080,13 @@ CVE-2025-30086 (CNCF Harbor 2.13.x before 2.13.1 and
2.12.x before 2.12.4 allows
NOT-FOR-US: Harbor
CVE-2025-2329 (In high traffic environments, a Silicon Labs OpenThread RCP
(see impac ...)
NOT-FOR-US: Silicon Labs
-CVE-2025-29631 (An issue in Gardyn 4 allows a remote attacker execute
arbitrary code)
+CVE-2025-29631 (Gardyn Home Kit firmware before master.619, Home Kit Mobile
Applicatio ...)
NOT-FOR-US: Gardyn
CVE-2025-29630 (An issue in Gardyn 4 allows a remote attacker with the
corresponding s ...)
NOT-FOR-US: Gardyn
-CVE-2025-29629 (An issue in Gardyn 4 allows a remote attacker to obtain
sensitive info ...)
+CVE-2025-29629 (Gardyn Home Kit firmware before master.619, Home Kit Mobile
Applicatio ...)
NOT-FOR-US: Gardyn
-CVE-2025-29628 (An issue in Gardyn 4 allows a remote attacker to obtain
sensitive info ...)
+CVE-2025-29628 (A Gardyn Azure IoT Hub connection string is downloaded over an
insecur ...)
NOT-FOR-US: Gardyn
CVE-2024-48730 (The default configuration in ETSI Open-Source MANO (OSM)
v.14.x, v.15. ...)
NOT-FOR-US: ETSI Open-Source MANO (OSM)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4dc14e3976d3351adb0777b125aebc1956ca32f7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4dc14e3976d3351adb0777b125aebc1956ca32f7
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
