Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c88a3347 by security tracker role at 2026-05-20T19:14:03+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,121 @@
+CVE-2026-9101 (Prototype pollution in csv parsing logic during import can lead
to unt ...)
+ TODO: check
+CVE-2026-9100 (The MongoDB C Driver's legacy GridFS API accepts malformed file
metada ...)
+ TODO: check
+CVE-2026-9087 (A flaw was found in Keycloak. The cross-session verification
proof is ...)
+ TODO: check
+CVE-2026-9084 (MISP\u2019s OIDC authentication plugin allowed automatic
linking of an ...)
+ TODO: check
+CVE-2026-9065 (SureCart version prior to 4.2.1 are vulnerable to authenticated
SQL in ...)
+ TODO: check
+CVE-2026-9064 (A flaw was found in 389-ds-base. The
get_ldapmessage_controls_ext() fu ...)
+ TODO: check
+CVE-2026-9059 (NextGEN Gallery version prior to 4.2.1 are vulnerable to
authenticated ...)
+ TODO: check
+CVE-2026-8598 (An undocumented configuration export port is accessible on some
models ...)
+ TODO: check
+CVE-2026-8488 (Allocation of resources without limits or throttling
vulnerability in ...)
+ TODO: check
+CVE-2026-8487 (Incorrect default permissions vulnerability in Progress
Software MOVEi ...)
+ TODO: check
+CVE-2026-8486 (Allocation of resources without limits or throttling
vulnerability in ...)
+ TODO: check
+CVE-2026-8485 (Uncontrolled Memory Allocation vulnerability in Progress
Software MOVE ...)
+ TODO: check
+CVE-2026-8469 (Allocation of Resources Without Limits or Throttling
vulnerability in ...)
+ TODO: check
+CVE-2026-8467 (Code Injection vulnerability in phenixdigital phoenix_storybook
allows ...)
+ TODO: check
+CVE-2026-8342
+ REJECTED
+CVE-2026-7613 (The Cost of Goods by PixelYourSite plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2026-6728 (The Slider Revolution plugin for WordPress is vulnerable to
Sensitive ...)
+ TODO: check
+CVE-2026-6405 (The Anomify AI \u2013 Anomaly Detection and Alerting plugin for
WordPr ...)
+ TODO: check
+CVE-2026-5783 (Improper neutralization of input during web page generation
('cross-si ...)
+ TODO: check
+CVE-2026-5200 (The AcyMailing \u2013 An Ultimate Newsletter Plugin and
Marketing Auto ...)
+ TODO: check
+CVE-2026-4293 (The affectedKieback & Peter DDC building controllersare
vulnerable to ...)
+ TODO: check
+CVE-2026-47068 (Authorization Bypass Through User-Controlled Key vulnerability
in phen ...)
+ TODO: check
+CVE-2026-45584 (Heap-based buffer overflow in Microsoft Defender allows an
unauthorize ...)
+ TODO: check
+CVE-2026-45498 (Microsoft Defender Denial of Service Vulnerability)
+ TODO: check
+CVE-2026-45443 (Missing Authorization vulnerability in ADD-ONS.ORG PDF for
Elementor F ...)
+ TODO: check
+CVE-2026-44933 (`PluginScript` attempts to `chroot` the plugin to the
`repoManagerRoot ...)
+ TODO: check
+CVE-2026-44926 (InfoScale CmdServer before 7.4.2 mishandles access control.)
+ TODO: check
+CVE-2026-44925 (Cross-Site Request Forgery (CSRF) vulnerability in InfoScale
v.9.1.3 O ...)
+ TODO: check
+CVE-2026-44924 (InfoScale VIOM 9.1.3 allows XSS.)
+ TODO: check
+CVE-2026-44923 (SQL injection in InfoScale VIOM before v9.1.3 allows remote
attackers ...)
+ TODO: check
+CVE-2026-42834 (Improper link resolution before file access ('link following')
in Azur ...)
+ TODO: check
+CVE-2026-42383 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2026-41091 (Improper link resolution before file access ('link following')
in Micr ...)
+ TODO: check
+CVE-2026-39047 (Buffer Overflow vulnerability in EPSON L14150 FL27PB allows a
remote a ...)
+ TODO: check
+CVE-2026-35070 (Dell SmartFabric Storage Software, versions prior to 1.4.5,
contains a ...)
+ TODO: check
+CVE-2026-30691 (Cross-Site Scripting (XSS) vulnerability in
@cyntler/react-doc-viewer ...)
+ TODO: check
+CVE-2026-27424 (Missing Authorization vulnerability in WP Chill Image Photo
Gallery Fi ...)
+ TODO: check
+CVE-2026-27405 (Missing Authorization vulnerability in Magepeople inc.
WpBookingly all ...)
+ TODO: check
+CVE-2026-25602 (Insufficient Verification of Data Authenticity vulnerability
in Mesalv ...)
+ TODO: check
+CVE-2026-24573 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-24425 (Twig versions 2.16.x and 3.9.0 through 3.25.x contain a
sandbox bypass ...)
+ TODO: check
+CVE-2026-22554 (MediaArea MediaInfoLib Channel Splitting heap-based buffer
overflow vu ...)
+ TODO: check
+CVE-2026-22315 (Incorrect Privilege Assignment vulnerability in Mesalvo Meona
Client L ...)
+ TODO: check
+CVE-2026-22314 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
+ TODO: check
+CVE-2026-21836 (The HCL DominoIQ RAG feature isaffected bya Broken Access
Control vuln ...)
+ TODO: check
+CVE-2026-20240 (In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.11,
and 9.3.12 ...)
+ TODO: check
+CVE-2026-20239 (In Splunk Enterprise versions below 10.2.2 and 10.0.5, and
Splunk Clou ...)
+ TODO: check
+CVE-2026-20238 (In Splunk AI Toolkit versions below 5.7.3, a low-privileged
user that ...)
+ TODO: check
+CVE-2026-20223 (A vulnerability in the access validation of internal REST
APIs of ...)
+ TODO: check
+CVE-2026-20206 (A vulnerability in the BrowserBot component of Cisco
ThousandEyes Ente ...)
+ TODO: check
+CVE-2026-20199 (A vulnerability in the SSL certificate handling of Cisco
ThousandEyes ...)
+ TODO: check
+CVE-2026-20171 (A vulnerability in the Border Gateway Protocol
(BGP) enforce-firs ...)
+ TODO: check
+CVE-2026-0857 (Cleartext Storage of Sensitive Information in Memory
vulnerability in ...)
+ TODO: check
+CVE-2026-0856 (Improper Access Control vulnerability in Mesalvo Meona Client
Launcher ...)
+ TODO: check
+CVE-2025-32750 (Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an
Exposure of ...)
+ TODO: check
+CVE-2025-31985 (HCL BigFix Service Management (SM) is affected by a security
misconfig ...)
+ TODO: check
+CVE-2025-31973 (HCL BigFix Service Management (SM) is susceptible to a
Configuration ...)
+ TODO: check
+CVE-2025-11954 (Cross-Site request forgery (CSRF) vulnerability in Sitemio
Information ...)
+ TODO: check
+CVE-2023-7346 (Ledger Bitcoin app versions 2.1.0 and 2.1.1 contain an address
derivat ...)
+ TODO: check
CVE-2026-41073
- request-tracker5 <unfixed>
- request-tracker4 <unfixed>
@@ -40,78 +158,82 @@ CVE-2026-41999
NOTE:
https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2026-06.html#incorrect-behaviour-of-views-with-tcp-proxy-requests
NOTE:
https://github.com/PowerDNS/pdns/commit/6b0567a56642f22bc9338bb4a4caeaaecde40f27
(auth-5.0.5)
CVE-2026-42000
+ {DSA-6284-1}
- pdns 5.0.5-1
[bookworm] - pdns <end-of-life> (See #1119290)
[bullseye] - pdns <end-of-life> (see DLA 4471)
NOTE:
https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2026-06.html#insufficient-validation-of-names-during-axfr
NOTE:
https://github.com/PowerDNS/pdns/commit/7473d0e899f876507b001ba2966a82aafdce025e
(auth-5.0.5)
CVE-2026-42001
+ {DSA-6284-1}
- pdns 5.0.5-1
[bookworm] - pdns <end-of-life> (See #1119290)
[bullseye] - pdns <end-of-life> (see DLA 4471)
NOTE:
https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2026-06.html#insufficient-validation-of-autoprimary-soa-queries
NOTE:
https://github.com/PowerDNS/pdns/commit/4459ba81e6674039e40bf15f177424f6b52cdd90
(auth-5.0.5)
CVE-2026-42002
+ {DSA-6284-1}
- pdns 5.0.5-1
[bookworm] - pdns <end-of-life> (See #1119290)
[bullseye] - pdns <end-of-life> (see DLA 4471)
NOTE:
https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2026-06.html#concurrency-and-locking-defects-in-gss-tsig
NOTE:
https://github.com/PowerDNS/pdns/commit/27c388790cb49a11229732ee658c047bcdec9c96
(auth-5.0.5)
CVE-2026-42396
+ {DSA-6284-1}
- pdns 5.0.5-1
[bookworm] - pdns <end-of-life> (See #1119290)
[bullseye] - pdns <end-of-life> (see DLA 4471)
NOTE:
https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2026-06.html#insufficient-validation-of-member-zone-data-may-cause-catalog-zone-transfer-to-fail
NOTE:
https://github.com/PowerDNS/pdns/commit/d0bc49a5355906d21e06552b5e3fd87cd5c91406
(auth-5.0.5)
-CVE-2026-3592 [Limit resolver server list size]
+CVE-2026-3592 (BIND resolvers are vulnerable to an amplified resource
consumption/exh ...)
- bind9 1:9.20.23-1
NOTE: https://kb.isc.org/docs/cve-2026-3592
-CVE-2026-3039 [Fix GSS-API resource leak]
+CVE-2026-3039 (BIND servers that are configured to use TKEY-based
authentication via ...)
- bind9 1:9.20.23-1
NOTE: https://kb.isc.org/docs/cve-2026-3039
-CVE-2026-5946 [Disable recursion, UPDATE, and NOTIFY for non-IN views]
+CVE-2026-5946 (Multiple flaws have been identified in `named` related to the
handling ...)
- bind9 1:9.20.23-1
NOTE: https://kb.isc.org/docs/cve-2026-5946
-CVE-2026-5950 [Avoid unbounded recursion loop]
+CVE-2026-5950 (An unbounded resend loop vulnerability exists in the BIND 9
resolver s ...)
- bind9 1:9.20.23-1
NOTE: https://kb.isc.org/docs/cve-2026-5950
-CVE-2026-5947 [Fix crash in resolver when SIG(0)-signed responses are received
under load]
+CVE-2026-5947 (Undefined behavior may result due to a race condition leading
to a use ...)
- bind9 1:9.20.23-1
NOTE: https://kb.isc.org/docs/cve-2026-5947
-CVE-2026-3593 [Fix use-after-free error in DNS-over-HTTPS when processing
HTTP/2 SETTINGS frames]
+CVE-2026-3593 (A use-after-free vulnerability exists within the DNS-over-HTTPS
implem ...)
- bind9 1:9.20.23-1
NOTE: https://kb.isc.org/docs/cve-2026-3593
-CVE-2026-44608 [Use after free and crash in RPZ code (special requirements
apply)]
+CVE-2026-44608 (NLnet Labs Unbound 1.14.0 up to and including version 1.25.0
has a loc ...)
- unbound <unfixed> (bug #1137187)
NOTE: https://www.openwall.com/lists/oss-security/2026/05/20/5
-CVE-2026-44390 [Unbounded name compression in certain cases causes degradation
of service]
+CVE-2026-44390 (NLnet Labs Unbound up to and including version 1.25.0 has a
vulnerabil ...)
- unbound <unfixed> (bug #1137187)
NOTE: https://www.openwall.com/lists/oss-security/2026/05/20/5
-CVE-2026-42960 [Possible cache poisoning attack while following delegation]
+CVE-2026-42960 (NLnet Labs Unbound up to and including version 1.25.0 is
vulnerable to ...)
- unbound <unfixed> (bug #1137187)
NOTE: https://www.openwall.com/lists/oss-security/2026/05/20/5
-CVE-2026-42923 [Degradation of service with unbounded NSEC3 hash calculations]
+CVE-2026-42923 (NLnet Labs Unbound up to and including version 1.25.0 has a
vulnerabil ...)
- unbound <unfixed> (bug #1137187)
NOTE: https://www.openwall.com/lists/oss-security/2026/05/20/5
-CVE-2026-42534 [Jostle logic bypass degrades resolution performance]
+CVE-2026-42534 (NLnet Labs Unbound up to and including version 1.25.0 has a
vulnerabil ...)
- unbound <unfixed> (bug #1137187)
NOTE: https://www.openwall.com/lists/oss-security/2026/05/20/5
-CVE-2026-41292 [Parsing a long list of incoming EDNS options degrades
performance]
+CVE-2026-41292 (NLnet Labs Unbound up to and including version 1.25.0 is
vulnerable to ...)
- unbound <unfixed> (bug #1137187)
NOTE: https://www.openwall.com/lists/oss-security/2026/05/20/5
-CVE-2026-40622 ["Ghost domain name" variant]
+CVE-2026-40622 (NLnet Labs Unbound 1.16.2 up to and including version 1.25.0
has a vul ...)
- unbound <unfixed> (bug #1137187)
NOTE: https://www.openwall.com/lists/oss-security/2026/05/20/5
-CVE-2026-32792 [Packet of death with DNSCrypt (feasibility very low]
+CVE-2026-32792 (NLnet Labs Unbound 1.6.2 up to and including version 1.25.0
has a deni ...)
- unbound <unfixed> (bug #1137187)
NOTE: https://www.openwall.com/lists/oss-security/2026/05/20/5
-CVE-2026-42959 [Crash during DNSSEC validation of malicious content]
+CVE-2026-42959 (NLnet Labs Unbound up to and including version 1.25.0 has a
denial of ...)
- unbound <unfixed> (bug #1137187)
NOTE: https://www.openwall.com/lists/oss-security/2026/05/20/5
-CVE-2026-42944 [Heap overflow and crash with multiple nsid, cookie, padding
EDNS options]
+CVE-2026-42944 (NLnet Labs Unbound 1.14.0 up to and including version 1.25.0
has a vul ...)
- unbound <unfixed> (bug #1137187)
NOTE: https://www.openwall.com/lists/oss-security/2026/05/20/5
-CVE-2026-33278 [Possible arbitrary code execution during DNSSEC validation]
+CVE-2026-33278 (NLnet Labs Unbound 1.19.1 up to and including version 1.25.0
has a vul ...)
- unbound <unfixed> (bug #1137187)
NOTE: https://www.openwall.com/lists/oss-security/2026/05/20/5
CVE-2026-9057 (A broken access control issue has been identified in the Talend
Admini ...)
@@ -530,23 +652,28 @@ CVE-2024-36343 (Improper input validation in the System
Management Mode (SMM) co
TODO: check
CVE-2023-7345 (Ledger Live with vulnerable versions of ledgerhq/hw-app-eth
prior to 6 ...)
TODO: check
-CVE-2026-29518
+CVE-2026-29518 (Rsync versions before 3.4.3 contain a time-of-check to
time-of-use (TO ...)
+ {DSA-6282-1 DLA-4591-1}
- rsync 3.4.3+ds1-1
NOTE: https://download.samba.org/pub/rsync/NEWS#3.4.3
NOTE: https://www.openwall.com/lists/oss-security/2026/05/20/6
CVE-2026-43617 (Rsync version3.4.2 and prior contain an authorization bypass
vulnerabi ...)
+ {DSA-6282-1 DLA-4591-1}
- rsync 3.4.3+ds1-1
NOTE: https://download.samba.org/pub/rsync/NEWS#3.4.3
NOTE: https://www.openwall.com/lists/oss-security/2026/05/20/6
CVE-2026-43618 (Rsync version3.4.2 and prior contain an integer overflow
vulnerability ...)
+ {DSA-6282-1 DLA-4591-1}
- rsync 3.4.3+ds1-1
NOTE: https://download.samba.org/pub/rsync/NEWS#3.4.3
NOTE: https://www.openwall.com/lists/oss-security/2026/05/20/6
CVE-2026-43619 (Rsync version3.4.2 and prior contain symlink race condition
vulnerabil ...)
+ {DSA-6282-1 DLA-4591-1}
- rsync 3.4.3+ds1-1
NOTE: https://download.samba.org/pub/rsync/NEWS#3.4.3
NOTE: https://www.openwall.com/lists/oss-security/2026/05/20/6
CVE-2026-43620 (Rsync version3.4.2 and prior contain a receiver-side
out-of-bounds arr ...)
+ {DSA-6282-1 DLA-4591-1}
- rsync 3.4.3+ds1-1
NOTE: https://download.samba.org/pub/rsync/NEWS#3.4.3
NOTE: https://www.openwall.com/lists/oss-security/2026/05/20/6
@@ -574,6 +701,7 @@ CVE-2026-46529
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/papers/-/commit/1b82bf627b4d8b414a57b55a9095e6d361799d6c
NOTE: No security impact in evince-gtk3 since affected code not built
in binary package.
CVE-2026-8975 (Memory safety bugs present in Thunderbird 140.10 and
Thunderbird 150. ...)
+ {DSA-6283-1}
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird 1:140.11.0esr-1
@@ -581,6 +709,7 @@ CVE-2026-8975 (Memory safety bugs present in Thunderbird
140.10 and Thunderbird
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8975
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8975
CVE-2026-8974 (Memory safety bugs present in Thunderbird 140.10 and
Thunderbird 150. ...)
+ {DSA-6283-1}
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird 1:140.11.0esr-1
@@ -597,6 +726,7 @@ CVE-2026-8971 (Same-origin policy bypass in the Networking:
JAR component. This
- firefox 151.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8971
CVE-2026-8970 (Privilege escalation in the Security component. This
vulnerability was ...)
+ {DSA-6283-1}
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird 1:140.11.0esr-1
@@ -607,6 +737,7 @@ CVE-2026-8969 (Mitigation bypass in the DOM: Security
component. This vulnerabil
- firefox 151.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8969
CVE-2026-8968 (Denial-of-service due to invalid pointer in the Audio/Video:
Web Codec ...)
+ {DSA-6283-1}
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird 1:140.11.0esr-1
@@ -629,6 +760,7 @@ CVE-2026-8963 (Spoofing issue in the Web Speech component.
This vulnerability wa
- firefox 151.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8963
CVE-2026-8962 (Mitigation bypass in the DOM: Security component. This
vulnerability w ...)
+ {DSA-6283-1}
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird 1:140.11.0esr-1
@@ -636,6 +768,7 @@ CVE-2026-8962 (Mitigation bypass in the DOM: Security
component. This vulnerabil
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8962
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8962
CVE-2026-8961 (Spoofing issue in the Form Autofill component. This
vulnerability was ...)
+ {DSA-6283-1}
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird 1:140.11.0esr-1
@@ -653,6 +786,7 @@ CVE-2026-8959 (Sandbox escape due to incorrect boundary
conditions in the Widget
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8959
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8959
CVE-2026-8958 (Information disclosure, sandbox escape in the Security: Process
Sandbo ...)
+ {DSA-6283-1}
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird 1:140.11.0esr-1
@@ -660,6 +794,7 @@ CVE-2026-8958 (Information disclosure, sandbox escape in
the Security: Process S
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8958
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8958
CVE-2026-8957 (Privilege escalation in the Enterprise Policies component. This
vulner ...)
+ {DSA-6283-1}
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird 1:140.11.0esr-1
@@ -667,6 +802,7 @@ CVE-2026-8957 (Privilege escalation in the Enterprise
Policies component. This v
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8957
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8957
CVE-2026-8956 (Integer overflow in the Networking: JAR component. This
vulnerability ...)
+ {DSA-6283-1}
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird 1:140.11.0esr-1
@@ -674,6 +810,7 @@ CVE-2026-8956 (Integer overflow in the Networking: JAR
component. This vulnerabi
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8956
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8956
CVE-2026-8955 (Privilege escalation in the DOM: Workers component. This
vulnerability ...)
+ {DSA-6283-1}
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird 1:140.11.0esr-1
@@ -681,6 +818,7 @@ CVE-2026-8955 (Privilege escalation in the DOM: Workers
component. This vulnerab
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8955
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8955
CVE-2026-8954 (Incorrect boundary conditions, integer overflow in the
Audio/Video com ...)
+ {DSA-6283-1}
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird 1:140.11.0esr-1
@@ -688,6 +826,7 @@ CVE-2026-8954 (Incorrect boundary conditions, integer
overflow in the Audio/Vide
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8954
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8954
CVE-2026-8953 (Sandbox escape due to use-after-free in the Disability Access
APIs com ...)
+ {DSA-6283-1}
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird 1:140.11.0esr-1
@@ -701,6 +840,7 @@ CVE-2026-8951 (Spoofing issue in the Toolbar component in
Firefox for Android. T
- firefox <not-affected> (Only affects Firefox on Android)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8951
CVE-2026-8950 (Same-origin policy bypass in the Networking: HTTP component.
This vuln ...)
+ {DSA-6283-1}
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird 1:140.11.0esr-1
@@ -718,6 +858,7 @@ CVE-2026-8948 (Same-origin policy bypass in the DOM:
Networking component. This
- firefox 151.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8948
CVE-2026-8947 (Use-after-free in the DOM: Bindings (WebIDL) component. This
vulnerabi ...)
+ {DSA-6283-1}
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird 1:140.11.0esr-1
@@ -725,6 +866,7 @@ CVE-2026-8947 (Use-after-free in the DOM: Bindings (WebIDL)
component. This vuln
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8947
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8947
CVE-2026-8946 (Incorrect boundary conditions in the Audio/Video: Web Codecs
component ...)
+ {DSA-6283-1}
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird 1:140.11.0esr-1
@@ -739,7 +881,7 @@ CVE-2026-XXXX [VSV00019]
NOTE: https://vinyl-cache.org/security/VSV00019.html
NOTE:
https://code.vinyl-cache.org/vinyl-cache/vinyl-cache/commit/dfc27fb4e7bf110945f5c145ce95b8de14ead77f
(master)
NOTE:
https://code.vinyl-cache.org/vinyl-cache/vinyl-cache/commit/037031d429e3d309ae66ebabff33aa591402f20e
(6.0)
-CVE-2026-41054 [haveged: missing exit out of permission check could lead to
root exploit]
+CVE-2026-41054 (In `src/havegecmd.c`, the `socket_handler` function performs a
credent ...)
- haveged 1.9.21-1 (bug #1137096)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1264086
NOTE: Introduced with:
https://github.com/jirka-h/haveged/commit/a2496c5de9af7e3ac3ef82a2257d14d8a0ac37fb
(1.9.3)
@@ -3967,6 +4109,7 @@ CVE-2026-8429 (SPIP versions prior to 4.4.14 contain a
remote code execution vul
CVE-2026-8407 (Missing authorization in the PAM module in Devolutions Server
allows a ...)
NOT-FOR-US: Devolutions
CVE-2026-8401 (Sandbox escape in the Profile Backup component. This
vulnerability was ...)
+ {DSA-6283-1}
- firefox 150.0.3-1
- firefox-esr 140.11.0esr-1
- thunderbird 1:140.11.0esr-1
@@ -3974,6 +4117,7 @@ CVE-2026-8401 (Sandbox escape in the Profile Backup
component. This vulnerabilit
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8401
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8401
CVE-2026-8391 (Other issue in the JavaScript Engine component. This
vulnerability was ...)
+ {DSA-6283-1}
- firefox 150.0.3-1
- firefox-esr 140.11.0esr-1
- thunderbird 1:140.11.0esr-1
@@ -3987,6 +4131,7 @@ CVE-2026-8389 (JIT miscompilation in the JavaScript
Engine: JIT component. This
- firefox 150.0.3-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-45/#CVE-2026-8389
CVE-2026-8388 (Incorrect boundary conditions in the JavaScript Engine: JIT
component. ...)
+ {DSA-6283-1}
- firefox 150.0.3-1
- firefox-esr 140.11.0esr-1
- thunderbird 1:140.11.0esr-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c88a33476f7dd7b8aa3db959ea07344d17e53d71
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c88a33476f7dd7b8aa3db959ea07344d17e53d71
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
