Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6e8dd26d by security tracker role at 2026-03-24T20:13:08+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,208 +1,442 @@
-CVE-2026-4721
+CVE-2026-4775 (A flaw was found in the libtiff library. A remote attacker
could explo ...)
+ TODO: check
+CVE-2026-4649 (Apache Artemis before version 2.52.0 is affected by an
authentication ...)
+ TODO: check
+CVE-2026-33769 (Astro is a web framework. From version 2.10.10 to before
version 5.18. ...)
+ TODO: check
+CVE-2026-33768 (Astro is a web framework. Prior to version 10.0.2, the
@astrojs/vercel ...)
+ TODO: check
+CVE-2026-33700 (Vikunja is an open-source self-hosted task management
platform. Prior ...)
+ TODO: check
+CVE-2026-33680 (Vikunja is an open-source self-hosted task management
platform. Prior ...)
+ TODO: check
+CVE-2026-33679 (Vikunja is an open-source self-hosted task management
platform. Prior ...)
+ TODO: check
+CVE-2026-33678 (Vikunja is an open-source self-hosted task management
platform. Prior ...)
+ TODO: check
+CVE-2026-33677 (Vikunja is an open-source self-hosted task management
platform. Prior ...)
+ TODO: check
+CVE-2026-33676 (Vikunja is an open-source self-hosted task management
platform. Prior ...)
+ TODO: check
+CVE-2026-33675 (Vikunja is an open-source self-hosted task management
platform. Prior ...)
+ TODO: check
+CVE-2026-33668 (Vikunja is an open-source self-hosted task management
platform. Starti ...)
+ TODO: check
+CVE-2026-33627 (Parse Server is an open source backend that can be deployed to
any inf ...)
+ TODO: check
+CVE-2026-33624 (Parse Server is an open source backend that can be deployed to
any inf ...)
+ TODO: check
+CVE-2026-33554 (ipmi-oem in FreeIPMI before 1.16.17 has exploitable buffer
overflows o ...)
+ TODO: check
+CVE-2026-33539 (Parse Server is an open source backend that can be deployed to
any inf ...)
+ TODO: check
+CVE-2026-33538 (Parse Server is an open source backend that can be deployed to
any inf ...)
+ TODO: check
+CVE-2026-33527 (Parse Server is an open source backend that can be deployed to
any inf ...)
+ TODO: check
+CVE-2026-33511 (pyLoad is a free and open-source download manager written in
Python. F ...)
+ TODO: check
+CVE-2026-33509 (pyLoad is a free and open-source download manager written in
Python. F ...)
+ TODO: check
+CVE-2026-33508 (Parse Server is an open source backend that can be deployed to
any inf ...)
+ TODO: check
+CVE-2026-33498 (Parse Server is an open source backend that can be deployed to
any inf ...)
+ TODO: check
+CVE-2026-33497 (Langflow is a tool for building and deploying AI-powered
agents and wo ...)
+ TODO: check
+CVE-2026-33484 (Langflow is a tool for building and deploying AI-powered
agents and wo ...)
+ TODO: check
+CVE-2026-33475 (Langflow is a tool for building and deploying AI-powered
agents and wo ...)
+ TODO: check
+CVE-2026-33474 (Vikunja is an open-source self-hosted task management
platform. Starti ...)
+ TODO: check
+CVE-2026-33473 (Vikunja is an open-source self-hosted task management
platform. Starti ...)
+ TODO: check
+CVE-2026-33429 (Parse Server is an open source backend that can be deployed to
any inf ...)
+ TODO: check
+CVE-2026-33421 (Parse Server is an open source backend that can be deployed to
any inf ...)
+ TODO: check
+CVE-2026-33419 (MinIO is a high-performance object storage system. Prior to
RELEASE.20 ...)
+ TODO: check
+CVE-2026-33418 (DiceBear is an avatar library for designers and developers.
Prior to v ...)
+ TODO: check
+CVE-2026-33417 (Wallos is an open-source, self-hostable personal subscription
tracker. ...)
+ TODO: check
+CVE-2026-33409 (Parse Server is an open source backend that can be deployed to
any inf ...)
+ TODO: check
+CVE-2026-33407 (Wallos is an open-source, self-hostable personal subscription
tracker. ...)
+ TODO: check
+CVE-2026-33401 (Wallos is an open-source, self-hostable personal subscription
tracker. ...)
+ TODO: check
+CVE-2026-33400 (Wallos is an open-source, self-hostable personal subscription
tracker. ...)
+ TODO: check
+CVE-2026-33399 (Wallos is an open-source, self-hostable personal subscription
tracker. ...)
+ TODO: check
+CVE-2026-33353 (Soft Serve is a self-hostable Git server for the command line.
From ve ...)
+ TODO: check
+CVE-2026-33349 (fast-xml-parser allows users to process XML from JS object
without C/C ...)
+ TODO: check
+CVE-2026-33345 (solidtime is an open-source time-tracking app. Prior to
version 0.11.6 ...)
+ TODO: check
+CVE-2026-33344 (Dagu is a workflow engine with a built-in Web user interface.
From ver ...)
+ TODO: check
+CVE-2026-33340 (LoLLMs WEBUI provides the Web user interface for Lord of Large
Languag ...)
+ TODO: check
+CVE-2026-33336 (Vikunja is an open-source self-hosted task management
platform. Starti ...)
+ TODO: check
+CVE-2026-33335 (Vikunja is an open-source self-hosted task management
platform. Starti ...)
+ TODO: check
+CVE-2026-33334 (Vikunja is an open-source self-hosted task management
platform. Starti ...)
+ TODO: check
+CVE-2026-33332 (NiceGUI is a Python-based UI framework. Prior to version
3.9.0, NiceGU ...)
+ TODO: check
+CVE-2026-33331 (oRPC is an tool that helps build APIs that are end-to-end
type-safe an ...)
+ TODO: check
+CVE-2026-33330 (FileRise is a self-hosted web file manager / WebDAV server.
Prior to v ...)
+ TODO: check
+CVE-2026-33329 (FileRise is a self-hosted web file manager / WebDAV server.
From versi ...)
+ TODO: check
+CVE-2026-33326 (Keystone is a content management system for Node.js. Prior to
version ...)
+ TODO: check
+CVE-2026-33323 (Parse Server is an open source backend that can be deployed to
any inf ...)
+ TODO: check
+CVE-2026-33322 (MinIO is a high-performance object storage system. From
RELEASE.2022-1 ...)
+ TODO: check
+CVE-2026-33316 (Vikunja is an open-source self-hosted task management
platform. Prior ...)
+ TODO: check
+CVE-2026-33315 (Vikunja is an open-source self-hosted task management
platform. Prior ...)
+ TODO: check
+CVE-2026-33314 (pyLoad is a free and open-source download manager written in
Python. P ...)
+ TODO: check
+CVE-2026-33313 (Vikunja is an open-source self-hosted task management
platform. Prior ...)
+ TODO: check
+CVE-2026-33311 (DiceBear is an avatar library for designers and developers.
Starting i ...)
+ TODO: check
+CVE-2026-33310 (Intake is a package for finding, investigating, loading and
disseminat ...)
+ TODO: check
+CVE-2026-33309 (Langflow is a tool for building and deploying AI-powered
agents and wo ...)
+ TODO: check
+CVE-2026-33162 (Craft CMS is a content management system (CMS). From version
5.3.0 to ...)
+ TODO: check
+CVE-2026-33161 (Craft CMS is a content management system (CMS). From version
4.0.0-RC1 ...)
+ TODO: check
+CVE-2026-33160 (Craft CMS is a content management system (CMS). From version
4.0.0-RC1 ...)
+ TODO: check
+CVE-2026-33159 (Craft CMS is a content management system (CMS). From version
4.0.0-RC1 ...)
+ TODO: check
+CVE-2026-33158 (Craft CMS is a content management system (CMS). From version
4.0.0-RC1 ...)
+ TODO: check
+CVE-2026-33157 (Craft CMS is a content management system (CMS). From version
5.6.0 to ...)
+ TODO: check
+CVE-2026-32948 (sbt is a build tool for Scala, Java, and others. From version
0.9.5 to ...)
+ TODO: check
+CVE-2026-32854 (LibVNCServer versions 0.9.15 and prior (fixed incommit
dc78dee) contai ...)
+ TODO: check
+CVE-2026-32853 (LibVNCServer versions 0.9.15 and prior (fixed incommit
009008e) contai ...)
+ TODO: check
+CVE-2026-32647 (NGINX Open Source and NGINX Plus have a vulnerability in the
ngx_http_ ...)
+ TODO: check
+CVE-2026-30932 (Froxlor is open source server administration software. Prior
to versio ...)
+ TODO: check
+CVE-2026-30662 (ConcreteCMS v9.4.7 contains a Denial of Service (DoS)
vulnerability in ...)
+ TODO: check
+CVE-2026-30661 (iCMS v8.0.0 contains a Cross-Site Scripting (XSS)
vulnerability in the ...)
+ TODO: check
+CVE-2026-30655 (SQL injection in Solicitante::resetaSenha() in
esiclivre/esiclivre v0. ...)
+ TODO: check
+CVE-2026-30653 (An issue in Free5GC v.4.2.0 and before allows a remote
attacker to cau ...)
+ TODO: check
+CVE-2026-2417 (A Missing Authentication for Critical Function vulnerability in
Pharos ...)
+ TODO: check
+CVE-2026-29840 (JiZhiCMS v2.5.6 and before contains a Stored Cross-Site
Scripting (XSS ...)
+ TODO: check
+CVE-2026-29839 (DedeCMS v5.7.118 was discovered to contain a Cross-Site
Request Forger ...)
+ TODO: check
+CVE-2026-29772 (Astro is a web framework. Prior to version 10.0.0, Astro's
Server Isla ...)
+ TODO: check
+CVE-2026-28755 (NGINX Plus and NGINX Open Source have a vulnerability in the
ngx_strea ...)
+ TODO: check
+CVE-2026-28753 (NGINX Plus and NGINX Open Source have a vulnerability in the
ngx_mail_ ...)
+ TODO: check
+CVE-2026-27784 (The 32-bit implementation of NGINX Open Source has a
vulnerability in ...)
+ TODO: check
+CVE-2026-27654 (NGINX Open Source and NGINX Plus have a vulnerability in the
ngx_http_ ...)
+ TODO: check
+CVE-2026-27651 (When the ngx_mail_auth_http_modulemodule is enabled on NGINX
Plus or N ...)
+ TODO: check
+CVE-2026-26809
+ REJECTED
+CVE-2026-23924 (Zabbix Agent 2 Docker plugin does not properly sanitize the
'docker.co ...)
+ TODO: check
+CVE-2026-23923 (An unauthenticated attacker can exploit the Frontend
'validate' action ...)
+ TODO: check
+CVE-2026-23921 (A low privilege Zabbix user with API access can exploit a
blind SQL in ...)
+ TODO: check
+CVE-2026-23920 (Host and event action script input is validated with a regex
(set by t ...)
+ TODO: check
+CVE-2026-23919 (For performance reasons Zabbix Server/Proxy reuses JavaScript
(Duktape ...)
+ TODO: check
+CVE-2026-22559 (An Improper Input Validation vulnerability in UniFi Network
Server may ...)
+ TODO: check
+CVE-2026-21783 (HCL Traveler is affected by sensitive information disclosure.
The appl ...)
+ TODO: check
+CVE-2026-1995 (IDrive\u2019s id_service.exe process runs with elevated
privileges and ...)
+ TODO: check
+CVE-2025-71275 (Zimbra Collaboration Suite (ZCS) PostJournal service version
8.8.15 co ...)
+ TODO: check
+CVE-2025-64998 (Exposure of session signing secret in Checkmk <2.4.0p23,
<2.3.0p45 and ...)
+ TODO: check
+CVE-2025-11571 (Vulnerable endpoints accept user-controlled input through a
URL in JSO ...)
+ TODO: check
+CVE-2019-25647 (PhreeBooks ERP 5.2.3 contains a remote code execution
vulnerability in ...)
+ TODO: check
+CVE-2019-25646 (Tabs Mail Carrier 2.5.1 contains a buffer overflow
vulnerability in th ...)
+ TODO: check
+CVE-2019-25645 (WinAVI iPod/3GP/MP4/PSP Converter 4.4.2 contains a denial of
service v ...)
+ TODO: check
+CVE-2019-25644 (WinMPG Video Convert 9.3.5 and older versions contain a buffer
overflo ...)
+ TODO: check
+CVE-2019-25643 (eNdonesia Portal v8.7 contains multiple SQL injection
vulnerabilities ...)
+ TODO: check
+CVE-2019-25642 (Bootstrapy CMS contains multiple SQL injection vulnerabilities
that al ...)
+ TODO: check
+CVE-2019-25641 (Netartmedia Vlog System contains an SQL injection
vulnerability that a ...)
+ TODO: check
+CVE-2019-25640 (Inout Article Base CMS contains SQL injection vulnerabilities
that all ...)
+ TODO: check
+CVE-2019-25639 (Matrimony Website Script M-Plus contains multiple SQL
injection vulner ...)
+ TODO: check
+CVE-2019-25638 (Meeplace Business Review Script contains an SQL injection
vulnerabilit ...)
+ TODO: check
+CVE-2019-25637 (X-NetStat Pro 5.63 contains a local buffer overflow
vulnerability that ...)
+ TODO: check
+CVE-2019-25636 (Zeeways Jobsite CMS contains an SQL injection vulnerability
that allow ...)
+ TODO: check
+CVE-2019-25635 (Zeeways Matrimony CMS contains multiple SQL injection
vulnerabilities ...)
+ TODO: check
+CVE-2019-25634 (Base64 Decoder 1.1.2 contains a stack-based buffer overflow
vulnerabil ...)
+ TODO: check
+CVE-2019-25633 (AIDA64 Extreme 5.99.4900 contains a structured exception
handling buff ...)
+ TODO: check
+CVE-2019-25632 (phpFileManager 1.7.8 contains a local file inclusion
vulnerability tha ...)
+ TODO: check
+CVE-2019-25631 (AIDA64 Business 5.99.4900 contains a structured exception
handling buf ...)
+ TODO: check
+CVE-2019-25630 (PhreeBooks ERP 5.2.3 contains an arbitrary file upload
vulnerability i ...)
+ TODO: check
+CVE-2019-25629 (AIDA64 Extreme 5.99.4900 contains a structured exception
handler buffe ...)
+ TODO: check
+CVE-2019-25628 (Download Accelerator Plus DAP 10.0.6.0 contains a structured
exception ...)
+ TODO: check
+CVE-2019-25627 (FlexHEX 2.71 contains a local buffer overflow vulnerability in
the Str ...)
+ TODO: check
+CVE-2019-25626 (River Past Cam Do 3.7.6 contains a local buffer overflow
vulnerability ...)
+ TODO: check
+CVE-2026-4721 (Memory safety bugs present in Firefox ESR 115.33, Firefox ESR
140.8, T ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4721
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4721
-CVE-2026-4729
+CVE-2026-4729 (Memory safety bugs present in Firefox 148 and Thunderbird 148.
Some of ...)
- firefox <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4729
-CVE-2026-4720
+CVE-2026-4720 (Memory safety bugs present in Firefox ESR 140.8, Thunderbird
ESR 140.8 ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4720
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4720
-CVE-2026-4719
+CVE-2026-4719 (Incorrect boundary conditions in the Graphics: Text component.
This vu ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4719
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4719
-CVE-2026-4718
+CVE-2026-4718 (Undefined behavior in the WebRTC: Signaling component. This
vulnerabil ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4718
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4718
-CVE-2026-4728
+CVE-2026-4728 (Spoofing issue in the Privacy: Anti-Tracking component. This
vulnerabi ...)
- firefox <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4728
-CVE-2026-4727
+CVE-2026-4727 (Denial-of-service in the Libraries component in NSS. This
vulnerabilit ...)
- firefox <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4727
-CVE-2026-4726
+CVE-2026-4726 (Denial-of-service in the XML component. This vulnerability
affects Fir ...)
- firefox <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4726
-CVE-2026-4717
+CVE-2026-4717 (Privilege escalation in the Netmonitor component. This
vulnerability a ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4717
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4717
-CVE-2026-4716
+CVE-2026-4716 (Incorrect boundary conditions, uninitialized memory in the
JavaScript ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4716
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4716
-CVE-2026-4715
+CVE-2026-4715 (Uninitialized memory in the Graphics: Canvas2D component. This
vulnera ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4715
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4715
-CVE-2026-4714
+CVE-2026-4714 (Incorrect boundary conditions in the Audio/Video component.
This vulne ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4714
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4714
-CVE-2026-4713
+CVE-2026-4713 (Incorrect boundary conditions in the Graphics component. This
vulnerab ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4713
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4713
-CVE-2026-4712
+CVE-2026-4712 (Information disclosure in the Widget: Cocoa component. This
vulnerabil ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4712
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4712
-CVE-2026-4725
+CVE-2026-4725 (Sandbox escape due to use-after-free in the Graphics: Canvas2D
compone ...)
- firefox <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4725
-CVE-2026-4711
+CVE-2026-4711 (Use-after-free in the Widget: Cocoa component. This
vulnerability affe ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4711
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4711
-CVE-2026-4710
+CVE-2026-4710 (Incorrect boundary conditions in the Audio/Video component.
This vulne ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4710
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4710
-CVE-2026-4709
+CVE-2026-4709 (Incorrect boundary conditions in the Audio/Video: GMP
component. This ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4709
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4709
-CVE-2026-4708
+CVE-2026-4708 (Incorrect boundary conditions in the Graphics component. This
vulnerab ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4708
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4708
-CVE-2026-4707
+CVE-2026-4707 (Incorrect boundary conditions in the Graphics: Canvas2D
component. Thi ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4707
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4707
-CVE-2026-4706
+CVE-2026-4706 (Incorrect boundary conditions in the Graphics: Canvas2D
component. Thi ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4706
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4706
-CVE-2026-4705
+CVE-2026-4705 (Undefined behavior in the WebRTC: Signaling component. This
vulnerabil ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4705
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4705
-CVE-2026-4704
+CVE-2026-4704 (Denial-of-service in the WebRTC: Signaling component. This
vulnerabili ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4704
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4704
-CVE-2026-4724
+CVE-2026-4724 (Undefined behavior in the Audio/Video component. This
vulnerability af ...)
- firefox <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4724
-CVE-2026-4723
+CVE-2026-4723 (Use-after-free in the JavaScript Engine component. This
vulnerability ...)
- firefox <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4723
-CVE-2026-4702
+CVE-2026-4702 (JIT miscompilation in the JavaScript Engine component. This
vulnerabil ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4702
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4702
-CVE-2026-4722
+CVE-2026-4722 (Privilege escalation in the IPC component. This vulnerability
affects ...)
- firefox <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4722
-CVE-2026-4701
+CVE-2026-4701 (Use-after-free in the JavaScript Engine component. This
vulnerability ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4701
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4701
-CVE-2026-4700
+CVE-2026-4700 (Mitigation bypass in the Networking: HTTP component. This
vulnerabilit ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4700
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4700
-CVE-2026-4699
+CVE-2026-4699 (Incorrect boundary conditions in the Layout: Text and Fonts
component. ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4699
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4699
-CVE-2026-4698
+CVE-2026-4698 (JIT miscompilation in the JavaScript Engine: JIT component.
This vulne ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4698
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4698
-CVE-2026-4697
+CVE-2026-4697 (Incorrect boundary conditions in the Audio/Video: Web Codecs
component ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4697
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4697
-CVE-2026-4696
+CVE-2026-4696 (Use-after-free in the Layout: Text and Fonts component. This
vulnerabi ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4696
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4696
-CVE-2026-4695
+CVE-2026-4695 (Incorrect boundary conditions in the Audio/Video: Web Codecs
component ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4695
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4695
-CVE-2026-4694
+CVE-2026-4694 (Incorrect boundary conditions, integer overflow in the Graphics
compon ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4694
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4694
-CVE-2026-4693
+CVE-2026-4693 (Incorrect boundary conditions in the Audio/Video: Playback
component. ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4693
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4693
-CVE-2026-4692
+CVE-2026-4692 (Sandbox escape in the Responsive Design Mode component. This
vulnerabi ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4692
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4692
-CVE-2026-4691
+CVE-2026-4691 (Use-after-free in the CSS Parsing and Computation component.
This vuln ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4691
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4691
-CVE-2026-4690
+CVE-2026-4690 (Sandbox escape due to incorrect boundary conditions, integer
overflow ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4690
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4690
-CVE-2026-4689
+CVE-2026-4689 (Sandbox escape due to incorrect boundary conditions, integer
overflow ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4689
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4689
-CVE-2026-4688
+CVE-2026-4688 (Sandbox escape due to use-after-free in the Disability Access
APIs com ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4688
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4688
-CVE-2026-4687
+CVE-2026-4687 (Sandbox escape due to incorrect boundary conditions in the
Telemetry c ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4687
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4687
-CVE-2026-4686
+CVE-2026-4686 (Incorrect boundary conditions in the Graphics: Canvas2D
component. Thi ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4686
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4686
-CVE-2026-4685
+CVE-2026-4685 (Incorrect boundary conditions in the Graphics: Canvas2D
component. Thi ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4685
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4685
-CVE-2026-4684
+CVE-2026-4684 (Race condition, use-after-free in the Graphics: WebRender
component. T ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4684
@@ -728,7 +962,7 @@ CVE-2019-25621 (Pixel Studio 2.17 contains a denial of
service vulnerability tha
TODO: check
CVE-2019-25620 (Tree Studio 2.17 contains a denial of service vulnerability
that allow ...)
TODO: check
-CVE-2026-33347
+CVE-2026-33347 (league/commonmark is a PHP Markdown parser. From version 2.3.0
to befo ...)
- php-league-commonmark 2.8.2-1
NOTE:
https://github.com/thephpleague/commonmark/security/advisories/GHSA-hh8v-hgvp-g3f5
NOTE: Fixed by:
https://github.com/thephpleague/commonmark/commit/59fb075d2101740c337c7216e3f32b36c204218b
(2.8.2)
@@ -2255,7 +2489,7 @@ CVE-2026-22731 (Spring Boot applications with Actuator
can be vulnerable to an "
NOT-FOR-US: VMware
CVE-2026-21992 (Vulnerability in the Oracle Identity Manager product of Oracle
Fusion ...)
NOT-FOR-US: Oracle
-CVE-2026-33412 [Command injection via newline in glob()]
+CVE-2026-33412 (Vim is an open source, command line text editor. Prior to
version 9.2. ...)
- vim 2:9.2.0218-1 (bug #1131450)
NOTE: https://github.com/vim/vim/security/advisories/GHSA-w5jw-f54h-x46c
NOTE: https://github.com/vim/vim/pull/19746
@@ -6578,7 +6812,7 @@ CVE-2026-23672 (Windows Universal Disk Format File System
Driver (UDFS) Elevatio
NOT-FOR-US: Microsoft
CVE-2026-23671 (Concurrent execution using shared resource with improper
synchronizati ...)
NOT-FOR-US: Microsoft
-CVE-2026-23669 (Use after free in Windows Print Spooler Components allows an
authorize ...)
+CVE-2026-23669 (Use after free in RPC Runtime allows an authorized attacker to
execute ...)
NOT-FOR-US: Microsoft
CVE-2026-23668 (Concurrent execution using shared resource with improper
synchronizati ...)
NOT-FOR-US: Microsoft
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6e8dd26d28e4aa2a769a2cc55ec802012aa1ac18
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6e8dd26d28e4aa2a769a2cc55ec802012aa1ac18
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
