Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5ab4cc6c by security tracker role at 2026-03-26T08:13:06+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,209 @@
+CVE-2026-4874 (A flaw was found in Keycloak. An authenticated attacker can
perform Se ...)
+ TODO: check
+CVE-2026-4850 (A security flaw has been discovered in code-projects Simple
Laundry Sy ...)
+ TODO: check
+CVE-2026-4849 (A vulnerability was identified in code-projects Simple Laundry
System ...)
+ TODO: check
+CVE-2026-4848 (A vulnerability was determined in dameng100 muucmf
1.9.5.20260309. Thi ...)
+ TODO: check
+CVE-2026-4847 (A vulnerability was found in dameng100 muucmf 1.9.5.20260309.
The impa ...)
+ TODO: check
+CVE-2026-4846 (A vulnerability has been found in dameng100 muucmf
1.9.5.20260309. The ...)
+ TODO: check
+CVE-2026-4845 (A flaw has been found in dameng100 muucmf 1.9.5.20260309.
Impacted is ...)
+ TODO: check
+CVE-2026-4844 (A vulnerability was detected in code-projects Online Food
Ordering Sys ...)
+ TODO: check
+CVE-2026-4842 (A security vulnerability has been detected in itsourcecode
Online Enro ...)
+ TODO: check
+CVE-2026-4841 (A weakness has been identified in code-projects Online Food
Ordering S ...)
+ TODO: check
+CVE-2026-4840 (A security flaw has been discovered in Netcore Power 15AX up to
3.0.0. ...)
+ TODO: check
+CVE-2026-4839 (A vulnerability has been found in SourceCodester Food Ordering
System ...)
+ TODO: check
+CVE-2026-4838 (A flaw has been found in SourceCodester Malawi Online Market
1.0. The ...)
+ TODO: check
+CVE-2026-4836 (A vulnerability was detected in code-projects Accounting System
1.0. T ...)
+ TODO: check
+CVE-2026-4835 (A security vulnerability has been detected in code-projects
Accounting ...)
+ TODO: check
+CVE-2026-4833 (A weakness has been identified in Orc discount up to 3.0.1.2.
This iss ...)
+ TODO: check
+CVE-2026-4831 (A security flaw has been discovered in kalcaddle kodbox 1.64.
Impacted ...)
+ TODO: check
+CVE-2026-4830 (A vulnerability was identified in kalcaddle kodbox 1.64. This
issue af ...)
+ TODO: check
+CVE-2026-4826 (A vulnerability was determined in SourceCodester Sales and
Inventory S ...)
+ TODO: check
+CVE-2026-4825 (A vulnerability was found in SourceCodester Sales and Inventory
System ...)
+ TODO: check
+CVE-2026-4824 (A vulnerability has been found in Enter Software Iperius Backup
up to ...)
+ TODO: check
+CVE-2026-4823 (A flaw has been found in Enter Software Iperius Backup up to
8.7.3. Af ...)
+ TODO: check
+CVE-2026-4822 (A vulnerability was detected in Enter Software Iperius Backup
bis 8.7. ...)
+ TODO: check
+CVE-2026-4758 (The WP Job Portal plugin for WordPress is vulnerable to
arbitrary file ...)
+ TODO: check
+CVE-2026-4747 (Each RPCSEC_GSS data packet is validated by a routine which
checks a s ...)
+ TODO: check
+CVE-2026-4652 (On a system exposing an NVMe/TCP target, a remote client can
trigger a ...)
+ TODO: check
+CVE-2026-4484 (The Masteriyo LMS plugin for WordPress is vulnerable to
Privilege Esca ...)
+ TODO: check
+CVE-2026-4389 (The DSGVO snippet for Leaflet Map and its Extensions plugin for
WordPr ...)
+ TODO: check
+CVE-2026-4335 (The ShortPixel Image Optimizer plugin for WordPress is
vulnerable to S ...)
+ TODO: check
+CVE-2026-4331 (The Blog2Social: Social Media Auto Post & Scheduler plugin for
WordPre ...)
+ TODO: check
+CVE-2026-4329 (The Blackhole for Bad Bots plugin for WordPress is vulnerable
to Store ...)
+ TODO: check
+CVE-2026-4281 (The FormLift for Infusionsoft Web Forms plugin for WordPress is
vulner ...)
+ TODO: check
+CVE-2026-4278 (The Simple Download Counter plugin for WordPress is vulnerable
to Stor ...)
+ TODO: check
+CVE-2026-4247 (When a challenge ACK is to be sent tcp_respond() constructs and
sends ...)
+ TODO: check
+CVE-2026-4075 (The BWL Advanced FAQ Manager Lite plugin for WordPress is
vulnerable t ...)
+ TODO: check
+CVE-2026-3328 (The Frontend Admin by DynamiApps plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2026-34056 (OpenEMR is a free and open source electronic health records
and medica ...)
+ TODO: check
+CVE-2026-34055 (OpenEMR is a free and open source electronic health records
and medica ...)
+ TODO: check
+CVE-2026-34053 (OpenEMR is a free and open source electronic health records
and medica ...)
+ TODO: check
+CVE-2026-34051 (OpenEMR is a free and open source electronic health records
and medica ...)
+ TODO: check
+CVE-2026-33942 (Saloon is a PHP library that gives users tools to build API
integratio ...)
+ TODO: check
+CVE-2026-33934 (OpenEMR is a free and open source electronic health records
and medica ...)
+ TODO: check
+CVE-2026-33933 (OpenEMR is a free and open source electronic health records
and medica ...)
+ TODO: check
+CVE-2026-33932 (OpenEMR is a free and open source electronic health records
and medica ...)
+ TODO: check
+CVE-2026-33931 (OpenEMR is a free and open source electronic health records
and medica ...)
+ TODO: check
+CVE-2026-33918 (OpenEMR is a free and open source electronic health records
and medica ...)
+ TODO: check
+CVE-2026-33917 (OpenEMR is a free and open source electronic health records
and medica ...)
+ TODO: check
+CVE-2026-33915 (OpenEMR is a free and open source electronic health records
and medica ...)
+ TODO: check
+CVE-2026-33914 (OpenEMR is a free and open source electronic health records
and medica ...)
+ TODO: check
+CVE-2026-33913 (OpenEMR is a free and open source electronic health records
and medica ...)
+ TODO: check
+CVE-2026-33912 (OpenEMR is a free and open source electronic health records
and medica ...)
+ TODO: check
+CVE-2026-33911 (OpenEMR is a free and open source electronic health records
and medica ...)
+ TODO: check
+CVE-2026-33910 (OpenEMR is a free and open source electronic health records
and medica ...)
+ TODO: check
+CVE-2026-33909 (OpenEMR is a free and open source electronic health records
and medica ...)
+ TODO: check
+CVE-2026-33348 (OpenEMR is a free and open source electronic health records
and medica ...)
+ TODO: check
+CVE-2026-33287 (LiquidJS is a Shopify / GitHub Pages compatible template
engine in pur ...)
+ TODO: check
+CVE-2026-33285 (LiquidJS is a Shopify / GitHub Pages compatible template
engine in pur ...)
+ TODO: check
+CVE-2026-33249 (NATS-Server is a High-Performance server for NATS.io, a cloud
and edge ...)
+ TODO: check
+CVE-2026-33248 (NATS-Server is a High-Performance server for NATS.io, a cloud
and edge ...)
+ TODO: check
+CVE-2026-33223 (NATS-Server is a High-Performance server for NATS.io, a cloud
and edge ...)
+ TODO: check
+CVE-2026-33222 (NATS-Server is a High-Performance server for NATS.io, a cloud
and edge ...)
+ TODO: check
+CVE-2026-33201 (Digital Photo Frame GH-WDF10A provided by GREEN HOUSE CO.,
LTD. contai ...)
+ TODO: check
+CVE-2026-33183 (Saloon is a PHP library that gives users tools to build API
integratio ...)
+ TODO: check
+CVE-2026-33182 (Saloon is a PHP library that gives users tools to build API
integratio ...)
+ TODO: check
+CVE-2026-32680 (The installer of RATOC RAID Monitoring Manager for Windows
allows to c ...)
+ TODO: check
+CVE-2026-32120 (OpenEMR is a free and open source electronic health records
and medica ...)
+ TODO: check
+CVE-2026-30976 (Sonarr is a PVR for Usenet and BitTorrent users. In versions
on the 4. ...)
+ TODO: check
+CVE-2026-30975 (Sonarr is a PVR for Usenet and BitTorrent users. Versions
prior to 4.0 ...)
+ TODO: check
+CVE-2026-30892 (crun is an open source OCI Container Runtime fully written in
C. In ve ...)
+ TODO: check
+CVE-2026-2931 (The Amelia Booking plugin for WordPress is vulnerable to
Insecure Dire ...)
+ TODO: check
+CVE-2026-2485 (IBM Infosphere Information Server11.7.0.0 through11.7.1.6 is
vulnerabl ...)
+ TODO: check
+CVE-2026-2484 (IBM InfoSphere Information Server11.7.0.0 through11.7.1.6is
affected b ...)
+ TODO: check
+CVE-2026-2483 (IBM InfoSphere Information Server11.7.0.0 through11.7.1.6is
vulnerable ...)
+ TODO: check
+CVE-2026-29187 (OpenEMR is a free and open source electronic health records
and medica ...)
+ TODO: check
+CVE-2026-28760 (The installer of RATOC RAID Monitoring Manager for Windows
searches th ...)
+ TODO: check
+CVE-2026-1986 (The FloristPress for Woo \u2013 Customize your eCommerce store
for you ...)
+ TODO: check
+CVE-2026-1890 (The LeadConnector WordPress plugin before 3.0.22 does not have
authori ...)
+ TODO: check
+CVE-2026-1561 (IBM WebSphere Application Server - Liberty 17.0.0.3 through
26.0.0.3 I ...)
+ TODO: check
+CVE-2026-1430 (The WP Lightbox 2 WordPress plugin before 3.0.7 does not
sanitise and ...)
+ TODO: check
+CVE-2026-1262 (IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is
affecte ...)
+ TODO: check
+CVE-2026-1206 (The Elementor Website Builder plugin for WordPress is
vulnerable to In ...)
+ TODO: check
+CVE-2026-1015 (IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is
vulnera ...)
+ TODO: check
+CVE-2026-1014 (IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is
vulnera ...)
+ TODO: check
+CVE-2025-64648 (IBM Concert 1.0.0 through 2.2.0 transmits data in clear text
that coul ...)
+ TODO: check
+CVE-2025-64647 (IBM Concert 1.0.0 through 2.2.0 uses weaker than expected
cryptographi ...)
+ TODO: check
+CVE-2025-64646 (IBM Concert 1.0.0 through 2.2.0 could allow an attacker to
access sens ...)
+ TODO: check
+CVE-2025-36440 (IBM Concert 1.0.0 through 2.2.0 could allow a local user to
obtain sen ...)
+ TODO: check
+CVE-2025-36438 (IBM Concert 1.0.0 through 2.2.0 could allow a privileged user
to perfo ...)
+ TODO: check
+CVE-2025-36422 (IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6
IBM InfoSp ...)
+ TODO: check
+CVE-2025-36258 (IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6
product st ...)
+ TODO: check
+CVE-2025-36187 (IBM Knowledge Catalog Standard Cartridge 5.0.0, 5.0.1, 5.0.2,
5.0.3, 5 ...)
+ TODO: check
+CVE-2025-2535
+ REJECTED
+CVE-2025-15488 (The Responsive Plus WordPress plugin before 3.4.3 is
vulnerable to ar ...)
+ TODO: check
+CVE-2025-15433 (The Shared Files WordPress plugin before 1.7.58 allows users
with a r ...)
+ TODO: check
+CVE-2025-15101 (A Cross-Site Request Forgery (CSRF) vulnerability has been
identified ...)
+ TODO: check
+CVE-2025-14974 (IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is
vulnera ...)
+ TODO: check
+CVE-2025-14917 (IBM WebSphere Application Server - Liberty 17.0.0.3 through
26.0.0.3 I ...)
+ TODO: check
+CVE-2025-14915 (IBM WebSphere Application Server - Liberty 17.0.0.3 through
26.0.0.3 I ...)
+ TODO: check
+CVE-2025-14912 (IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is
vulnera ...)
+ TODO: check
+CVE-2025-14810 (IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6
does not i ...)
+ TODO: check
+CVE-2025-14808 (IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6
could allo ...)
+ TODO: check
+CVE-2025-14807 (IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is
vulnera ...)
+ TODO: check
+CVE-2025-14684 (IBM Maximo Application Suite - Monitor Component 9.1, 9.0,
8.11, and 8 ...)
+ TODO: check
CVE-2026-33952 [DoS via WINPR_ASSERT in rts_read_auth_verifier_no_checks]
- freerdp3 3.24.2+dfsg-1
- freerdp2 <removed>
@@ -34,7 +240,7 @@ CVE-2026-33982 [Persistent Cache Allocator Mismatch - Heap
OOB Read]
- freerdp3 3.24.2+dfsg-1
- freerdp2 <removed>
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8jm9-2925-g4v2
-CVE-2014-125112
+CVE-2014-125112 (Plack::Middleware::Session::Cookie versions through 0.21 for
Perl allo ...)
- libplack-middleware-session-perl 0.24-1
NOTE: https://gist.github.com/miyagawa/2b8764af908a0dacd43d
NOTE: https://lists.security.metacpan.org/cve-announce/msg/38287006/
@@ -343,7 +549,7 @@ CVE-2026-26830 (pdf-image (npm package) through version
2.0.0 allows OS command
TODO: check
CVE-2026-26233 (Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x
<= 11.2 ...)
TODO: check
-CVE-2026-25645 (Requests is a HTTP library. Prior to version 2.33.0, the
function `req ...)
+CVE-2026-25645 (Requests is a HTTP library. Prior to version 2.33.0, the
`requests.uti ...)
TODO: check
CVE-2026-25469 (Missing Authorization vulnerability in ViaBill for WooCommerce
ViaBill ...)
NOT-FOR-US: WordPress plugin or theme
@@ -748,15 +954,15 @@ CVE-2026-3591 (A use-after-return vulnerability exists in
the `named` server whe
CVE-2026-3608 (Sending a maliciously crafted message to the kea-ctrl-agent,
kea-dhcp- ...)
- isc-kea 3.0.3-1
NOTE: https://kb.isc.org/docs/cve-2026-3608
-CVE-2026-33515
+CVE-2026-33515 (Squid is a caching proxy for the Web. Prior to version 7.5,
due to imp ...)
- squid <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2026/03/25/4
NOTE: Fxied by:
https://github.com/squid-cache/squid/commit/8138e909d2058d4401e0ad49b583afaec912b165
(SQUID_7_5)
-CVE-2026-32748
+CVE-2026-32748 (Squid is a caching proxy for the Web. Prior to version 7.5,
due to pre ...)
- squid <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2026/03/25/3
NOTE: Fixed by:
https://github.com/squid-cache/squid/commit/703e07d25ca6fa11f52d20bf0bb879e22ab7481b
(SQUID_7_5)
-CVE-2026-33526
+CVE-2026-33526 (Squid is a caching proxy for the Web. Prior to version 7.5,
due to hea ...)
- squid <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2026/03/25/2
NOTE: Fixed by:
https://github.com/squid-cache/squid/commit/8a7d42f9d44befb8fcbbb619505587c8de6a1e91
(SQUID_7_5)
@@ -1791,6 +1997,7 @@ CVE-2019-25627 (FlexHEX 2.71 contains a local buffer
overflow vulnerability in t
CVE-2019-25626 (River Past Cam Do 3.7.6 contains a local buffer overflow
vulnerability ...)
TODO: check
CVE-2026-4721 (Memory safety bugs present in Firefox ESR 115.33, Firefox ESR
140.8, T ...)
+ {DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -1801,6 +2008,7 @@ CVE-2026-4729 (Memory safety bugs present in Firefox 148
and Thunderbird 148. So
- firefox 149.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4729
CVE-2026-4720 (Memory safety bugs present in Firefox ESR 140.8, Thunderbird
ESR 140.8 ...)
+ {DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -1808,6 +2016,7 @@ CVE-2026-4720 (Memory safety bugs present in Firefox ESR
140.8, Thunderbird ESR
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4720
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4720
CVE-2026-4719 (Incorrect boundary conditions in the Graphics: Text component.
This vu ...)
+ {DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -1815,6 +2024,7 @@ CVE-2026-4719 (Incorrect boundary conditions in the
Graphics: Text component. Th
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4719
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4719
CVE-2026-4718 (Undefined behavior in the WebRTC: Signaling component. This
vulnerabil ...)
+ {DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -1831,6 +2041,7 @@ CVE-2026-4726 (Denial-of-service in the XML component.
This vulnerability affect
- firefox 149.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4726
CVE-2026-4717 (Privilege escalation in the Netmonitor component. This
vulnerability a ...)
+ {DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -1838,6 +2049,7 @@ CVE-2026-4717 (Privilege escalation in the Netmonitor
component. This vulnerabil
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4717
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4717
CVE-2026-4716 (Incorrect boundary conditions, uninitialized memory in the
JavaScript ...)
+ {DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -1845,6 +2057,7 @@ CVE-2026-4716 (Incorrect boundary conditions,
uninitialized memory in the JavaSc
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4716
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4716
CVE-2026-4715 (Uninitialized memory in the Graphics: Canvas2D component. This
vulnera ...)
+ {DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -1852,6 +2065,7 @@ CVE-2026-4715 (Uninitialized memory in the Graphics:
Canvas2D component. This vu
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4715
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4715
CVE-2026-4714 (Incorrect boundary conditions in the Audio/Video component.
This vulne ...)
+ {DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -1859,6 +2073,7 @@ CVE-2026-4714 (Incorrect boundary conditions in the
Audio/Video component. This
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4714
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4714
CVE-2026-4713 (Incorrect boundary conditions in the Graphics component. This
vulnerab ...)
+ {DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -1883,6 +2098,7 @@ CVE-2026-4711 (Use-after-free in the Widget: Cocoa
component. This vulnerability
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4711
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4711
CVE-2026-4710 (Incorrect boundary conditions in the Audio/Video component.
This vulne ...)
+ {DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -1890,6 +2106,7 @@ CVE-2026-4710 (Incorrect boundary conditions in the
Audio/Video component. This
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4710
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4710
CVE-2026-4709 (Incorrect boundary conditions in the Audio/Video: GMP
component. This ...)
+ {DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -1897,6 +2114,7 @@ CVE-2026-4709 (Incorrect boundary conditions in the
Audio/Video: GMP component.
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4709
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4709
CVE-2026-4708 (Incorrect boundary conditions in the Graphics component. This
vulnerab ...)
+ {DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -1904,6 +2122,7 @@ CVE-2026-4708 (Incorrect boundary conditions in the
Graphics component. This vul
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4708
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4708
CVE-2026-4707 (Incorrect boundary conditions in the Graphics: Canvas2D
component. Thi ...)
+ {DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -1911,6 +2130,7 @@ CVE-2026-4707 (Incorrect boundary conditions in the
Graphics: Canvas2D component
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4707
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4707
CVE-2026-4706 (Incorrect boundary conditions in the Graphics: Canvas2D
component. Thi ...)
+ {DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -1918,6 +2138,7 @@ CVE-2026-4706 (Incorrect boundary conditions in the
Graphics: Canvas2D component
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4706
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4706
CVE-2026-4705 (Undefined behavior in the WebRTC: Signaling component. This
vulnerabil ...)
+ {DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -1925,6 +2146,7 @@ CVE-2026-4705 (Undefined behavior in the WebRTC:
Signaling component. This vulne
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4705
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4705
CVE-2026-4704 (Denial-of-service in the WebRTC: Signaling component. This
vulnerabili ...)
+ {DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -1938,6 +2160,7 @@ CVE-2026-4723 (Use-after-free in the JavaScript Engine
component. This vulnerabi
- firefox 149.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4723
CVE-2026-4702 (JIT miscompilation in the JavaScript Engine component. This
vulnerabil ...)
+ {DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -1948,6 +2171,7 @@ CVE-2026-4722 (Privilege escalation in the IPC component.
This vulnerability aff
- firefox 149.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4722
CVE-2026-4701 (Use-after-free in the JavaScript Engine component. This
vulnerability ...)
+ {DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -1955,6 +2179,7 @@ CVE-2026-4701 (Use-after-free in the JavaScript Engine
component. This vulnerabi
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4701
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4701
CVE-2026-4700 (Mitigation bypass in the Networking: HTTP component. This
vulnerabilit ...)
+ {DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -1962,6 +2187,7 @@ CVE-2026-4700 (Mitigation bypass in the Networking: HTTP
component. This vulnera
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4700
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4700
CVE-2026-4699 (Incorrect boundary conditions in the Layout: Text and Fonts
component. ...)
+ {DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -1969,6 +2195,7 @@ CVE-2026-4699 (Incorrect boundary conditions in the
Layout: Text and Fonts compo
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4699
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4699
CVE-2026-4698 (JIT miscompilation in the JavaScript Engine: JIT component.
This vulne ...)
+ {DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -1976,6 +2203,7 @@ CVE-2026-4698 (JIT miscompilation in the JavaScript
Engine: JIT component. This
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4698
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4698
CVE-2026-4697 (Incorrect boundary conditions in the Audio/Video: Web Codecs
component ...)
+ {DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -1983,6 +2211,7 @@ CVE-2026-4697 (Incorrect boundary conditions in the
Audio/Video: Web Codecs comp
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4697
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4697
CVE-2026-4696 (Use-after-free in the Layout: Text and Fonts component. This
vulnerabi ...)
+ {DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -1990,6 +2219,7 @@ CVE-2026-4696 (Use-after-free in the Layout: Text and
Fonts component. This vuln
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4696
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4696
CVE-2026-4695 (Incorrect boundary conditions in the Audio/Video: Web Codecs
component ...)
+ {DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -1997,6 +2227,7 @@ CVE-2026-4695 (Incorrect boundary conditions in the
Audio/Video: Web Codecs comp
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4695
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4695
CVE-2026-4694 (Incorrect boundary conditions, integer overflow in the Graphics
compon ...)
+ {DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2004,6 +2235,7 @@ CVE-2026-4694 (Incorrect boundary conditions, integer
overflow in the Graphics c
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4694
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4694
CVE-2026-4693 (Incorrect boundary conditions in the Audio/Video: Playback
component. ...)
+ {DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2011,6 +2243,7 @@ CVE-2026-4693 (Incorrect boundary conditions in the
Audio/Video: Playback compon
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4693
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4693
CVE-2026-4692 (Sandbox escape in the Responsive Design Mode component. This
vulnerabi ...)
+ {DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2018,6 +2251,7 @@ CVE-2026-4692 (Sandbox escape in the Responsive Design
Mode component. This vuln
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4692
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4692
CVE-2026-4691 (Use-after-free in the CSS Parsing and Computation component.
This vuln ...)
+ {DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2025,6 +2259,7 @@ CVE-2026-4691 (Use-after-free in the CSS Parsing and
Computation component. This
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4691
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4691
CVE-2026-4690 (Sandbox escape due to incorrect boundary conditions, integer
overflow ...)
+ {DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2032,6 +2267,7 @@ CVE-2026-4690 (Sandbox escape due to incorrect boundary
conditions, integer over
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4690
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4690
CVE-2026-4689 (Sandbox escape due to incorrect boundary conditions, integer
overflow ...)
+ {DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2039,6 +2275,7 @@ CVE-2026-4689 (Sandbox escape due to incorrect boundary
conditions, integer over
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4689
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4689
CVE-2026-4688 (Sandbox escape due to use-after-free in the Disability Access
APIs com ...)
+ {DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2046,6 +2283,7 @@ CVE-2026-4688 (Sandbox escape due to use-after-free in
the Disability Access API
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4688
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4688
CVE-2026-4687 (Sandbox escape due to incorrect boundary conditions in the
Telemetry c ...)
+ {DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2053,6 +2291,7 @@ CVE-2026-4687 (Sandbox escape due to incorrect boundary
conditions in the Teleme
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4687
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4687
CVE-2026-4686 (Incorrect boundary conditions in the Graphics: Canvas2D
component. Thi ...)
+ {DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2060,6 +2299,7 @@ CVE-2026-4686 (Incorrect boundary conditions in the
Graphics: Canvas2D component
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4686
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4686
CVE-2026-4685 (Incorrect boundary conditions in the Graphics: Canvas2D
component. Thi ...)
+ {DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2067,6 +2307,7 @@ CVE-2026-4685 (Incorrect boundary conditions in the
Graphics: Canvas2D component
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4685
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4685
CVE-2026-4684 (Race condition, use-after-free in the Graphics: WebRender
component. T ...)
+ {DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -78581,6 +78822,7 @@ CVE-2025-59378 (In guix-daemon in GNU Guix before
1618ca7, a content-addressed-m
NOTE: Fixed by:
https://codeberg.org/guix/guix/commit/f607aaaaaafe19257ef09ca519d325df6ae97e05
NOTE: Fixed by:
https://codeberg.org/guix/guix/commit/9202921e812708b23788b2209cdb576d456f56db
CVE-2025-59375 (libexpat in Expat before 2.7.2 allows attackers to trigger
large dynam ...)
+ {DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ab4cc6cdef4fb3cf3eb72e59eae3678e87139a4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ab4cc6cdef4fb3cf3eb72e59eae3678e87139a4
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
