Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6c527449 by security tracker role at 2026-06-19T07:13:02+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,141 @@
+CVE-2026-9822 (The WP Hotel Booking WordPress plugin before 2.3.1 does not
enforce ca ...)
+ TODO: check
+CVE-2026-9013 (The Bogo plugin for WordPress is vulnerable to Sensitive
Information E ...)
+ TODO: check
+CVE-2026-8806 (Expected Behavior Violation vulnerability in Mitsubishi
Electric MELSE ...)
+ TODO: check
+CVE-2026-8805 (Integer Overflow or Wraparound vulnerability in the EtherNet/IP
functi ...)
+ TODO: check
+CVE-2026-8713 (The Avada (Fusion) Builder plugin for WordPress is vulnerable
to arbit ...)
+ TODO: check
+CVE-2026-8668 (A static credential embedded in Chef 360 prior to v1.7.0
permitted una ...)
+ TODO: check
+CVE-2026-8118 (The Royal Addons for Elementor \u2013 Addons and Templates Kit
for Ele ...)
+ TODO: check
+CVE-2026-8100 (Impact A security issue has been identified in Chef 360 that
could al ...)
+ TODO: check
+CVE-2026-7547 (The Woosa \u2013 Marktplaats for WooCommerce plugin for
WordPress is v ...)
+ TODO: check
+CVE-2026-7515 (The BetterDocs Pro plugin for WordPress is vulnerable to Local
File In ...)
+ TODO: check
+CVE-2026-6716
+ REJECTED
+CVE-2026-56132 (In libexpat before 2.8.2, there is a heap-based buffer
overflow in doP ...)
+ TODO: check
+CVE-2026-56131 (libexpat before 2.8.2 lacks handler call depth tracking for
calls to X ...)
+ TODO: check
+CVE-2026-56099 (OpenBSD before commit 6a23123 (2026-06-18) contains an
out-of-bounds r ...)
+ TODO: check
+CVE-2026-56078 (PraisonAI before 1.5.115 contains a path traversal
vulnerability in Mu ...)
+ TODO: check
+CVE-2026-56077 (PraisonAI before 1.5.115 contains an information disclosure
vulnerabil ...)
+ TODO: check
+CVE-2026-56076 (PraisonAI before 1.5.128 contains a cross-origin agent
execution vulne ...)
+ TODO: check
+CVE-2026-56075 (PraisonAI before 4.5.128 contains an arbitrary shell command
execution ...)
+ TODO: check
+CVE-2026-56074 (PraisonAI before 1.5.128 caches tool approval decisions by
tool name o ...)
+ TODO: check
+CVE-2026-54414 (FileRise before 3.16.0 is vulnerable to path traversal in the
shared-f ...)
+ TODO: check
+CVE-2026-54130 (Missing authentication for critical function in M365 Copilot
allows an ...)
+ TODO: check
+CVE-2026-54017 (Open WebUI is a self-hosted artificial intelligence platform
designed ...)
+ TODO: check
+CVE-2026-52866 (An attacker within BLE communication range can monopolize the
device's ...)
+ TODO: check
+CVE-2026-50034 (An attacker within BLE communication range can passively
intercept wi ...)
+ TODO: check
+CVE-2026-4328 (The Advanced Import plugin for WordPress is vulnerable to
Server-Side ...)
+ TODO: check
+CVE-2026-49454 (Relyra is a strict-by-default SAML 2.0 Service Provider
library for El ...)
+ TODO: check
+CVE-2026-49257 (mcp-pinot is a Python-based Model Context Protocol (MCP)
server for in ...)
+ TODO: check
+CVE-2026-49252 (deepstream is a server that allows clients and backend
services to syn ...)
+ TODO: check
+CVE-2026-49248 (OneDev is a Git server with CI/CD, kanban, and packages. In
versions 1 ...)
+ TODO: check
+CVE-2026-49205 (phpMyFAQ is an open source FAQ web application. Versions prior
to 4.1 ...)
+ TODO: check
+CVE-2026-48983 (pam_usb provides hardware authentication for Linux using
ordinary remo ...)
+ TODO: check
+CVE-2026-48982 (pam_usb provides hardware authentication for Linux using
ordinary remo ...)
+ TODO: check
+CVE-2026-48981 (pam_usb provides hardware authentication for Linux using
ordinary remo ...)
+ TODO: check
+CVE-2026-48980 (pam_usb provides hardware authentication for Linux using
removable med ...)
+ TODO: check
+CVE-2026-48716 (nanobot is a personal AI assistant. In versions 0.1.5.post3
and prior, ...)
+ TODO: check
+CVE-2026-47847 (Bitnami MariaDB Galera container images and Helm chart are
affected by ...)
+ TODO: check
+CVE-2026-47846 (Bitnami Cassandra container images are affected by a retained
default ...)
+ TODO: check
+CVE-2026-47647 (Improper access control in Microsoft Dynamics 365 allows an
authorized ...)
+ TODO: check
+CVE-2026-47633 (Exposure of sensitive information to an unauthorized actor in
Cost Man ...)
+ TODO: check
+CVE-2026-46699 (conda-smithy is a tool for combining a conda recipe with
configuration ...)
+ TODO: check
+CVE-2026-45696 (OpenEXR is the reference implementation and specification for
the EXR ...)
+ TODO: check
+CVE-2026-44663 (OpenEXR is the reference implementation and specification for
the EXR ...)
+ TODO: check
+CVE-2026-43994 (Coturn is a free open source implementation of TURN and STUN
Server. V ...)
+ TODO: check
+CVE-2026-43915 (Coturn is a free open source implementation of TURN and STUN
Server. V ...)
+ TODO: check
+CVE-2026-40624 (Improper input validation in AVer PTC500S, PTC115, PTC500+,
and PTC115 ...)
+ TODO: check
+CVE-2026-32174 (Improper authentication in Azure Bot Service allows an
authorized atta ...)
+ TODO: check
+CVE-2026-2842
+ REJECTED
+CVE-2026-25865 (Punto Switcher through 4.5.0.583 contains an unquoted search
path elem ...)
+ TODO: check
+CVE-2026-22674 (Hashgraph Guardian through 3.5.0, fixed in commit ba8c566,
contains a ...)
+ TODO: check
+CVE-2026-1856 (The Appointment Booking Calendar plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2026-12644 (Versions of the package ts-deepmerge before 8.0.0 are
vulnerable to Un ...)
+ TODO: check
+CVE-2026-12430 (The Blocksy Companion plugin for WordPress is vulnerable to
Stored Cro ...)
+ TODO: check
+CVE-2026-12157 (The BetterDocs - Knowledge Base Docs & FAQ Solution for
Elementor & Bl ...)
+ TODO: check
+CVE-2026-12050 (SQL injection in pgAdmin 4's named restore point endpoint
(POST /brows ...)
+ TODO: check
+CVE-2026-12049 (Open redirect in pgAdmin 4's multi-factor authentication flow.
The MFA ...)
+ TODO: check
+CVE-2026-12048 (Stored cross-site scripting in pgAdmin 4's error-rendering and
plan-no ...)
+ TODO: check
+CVE-2026-12047 (HTML injection in pgAdmin 4's cloud deployment module. The
verify_cred ...)
+ TODO: check
+CVE-2026-12046 (Two state-mutating endpoints in pgAdmin 4's SQL Editor
blueprint -- DE ...)
+ TODO: check
+CVE-2026-12045 (Read-only transaction bypass in the pgAdmin 4 AI Assistant
allows an a ...)
+ TODO: check
+CVE-2026-12044 (SQL injection in pgAdmin 4 across every dialog template that
renders ` ...)
+ TODO: check
+CVE-2026-11989 (The Bit integrations \u2013 Form Integration, Webhook,
Spreadsheets, C ...)
+ TODO: check
+CVE-2026-11775 (The User Admin Simplifier plugin for WordPress is vulnerable
to Cross- ...)
+ TODO: check
+CVE-2026-11752 (A vulnerability has been identified in armeria-xds versions
1.38.0 thr ...)
+ TODO: check
+CVE-2026-10779 (The Classified Listing \u2013 Classified ads & Business
Directory plug ...)
+ TODO: check
+CVE-2026-10746
+ REJECTED
+CVE-2026-10720 (Canonical MicroCeph versions from the squid and tentacle track
are vul ...)
+ TODO: check
+CVE-2026-10034 (The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable
to author ...)
+ TODO: check
+CVE-2025-7737 (DoS Vulnerability in 10G iSCSI Interface of Hitachi Virtual
Storage Pl ...)
+ TODO: check
+CVE-2025-15661 (libssh2 through 1.11.1, fixed in commit 2dae302, contains an
out-of-bo ...)
+ TODO: check
CVE-2026-55766
- php-guzzlehttp-psr7 <unfixed>
NOTE:
https://github.com/guzzle/psr7/security/advisories/GHSA-vm85-hxw5-5432
@@ -1620,102 +1758,135 @@ CVE-2026-22313 (The device has a webserver that
exposes a REST API authenticated
CVE-2026-22312 (The device has a webserver that exposes a REST API
authenticated with ...)
NOT-FOR-US: iSAP Smart Collector
CVE-2026-12469 (Uninitialized Use in GPU in Google Chrome on Android prior to
149.0.78 ...)
+ {DSA-6352-1}
- chromium 149.0.7827.155-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12468 (Race in Updater in Google Chrome on Mac prior to
149.0.7827.155 allowe ...)
+ {DSA-6352-1}
- chromium 149.0.7827.155-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12467 (Use after free in Extensions in Google Chrome prior to
149.0.7827.155 ...)
+ {DSA-6352-1}
- chromium 149.0.7827.155-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12466 (Heap buffer overflow in WebRTC in Google Chrome on Windows
prior to 14 ...)
+ {DSA-6352-1}
- chromium 149.0.7827.155-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12465 (Object lifecycle issue in Metrics in Google Chrome prior to
149.0.7827 ...)
+ {DSA-6352-1}
- chromium 149.0.7827.155-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12464 (Use after free in Browser in Google Chrome prior to
149.0.7827.155 all ...)
+ {DSA-6352-1}
- chromium 149.0.7827.155-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12463 (Inappropriate implementation in Views in Google Chrome on
Linux prior ...)
+ {DSA-6352-1}
- chromium 149.0.7827.155-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12462 (Use after free in Media in Google Chrome prior to
149.0.7827.155 allow ...)
+ {DSA-6352-1}
- chromium 149.0.7827.155-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12461 (Out of bounds read in WebRTC in Google Chrome on Windows prior
to 149. ...)
+ {DSA-6352-1}
- chromium 149.0.7827.155-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12460 (Insufficient policy enforcement in File System Access in
Google Chrome ...)
+ {DSA-6352-1}
- chromium 149.0.7827.155-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12459 (Inappropriate implementation in Serial in Google Chrome prior
to 149.0 ...)
+ {DSA-6352-1}
- chromium 149.0.7827.155-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12458 (Inappropriate implementation in Passwords in Google Chrome
prior to 14 ...)
+ {DSA-6352-1}
- chromium 149.0.7827.155-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12457 (Inappropriate implementation in Extensions in Google Chrome
prior to 1 ...)
+ {DSA-6352-1}
- chromium 149.0.7827.155-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12456 (Inappropriate implementation in Extensions in Google Chrome
prior to 1 ...)
+ {DSA-6352-1}
- chromium 149.0.7827.155-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12455 (Use after free in Tab Strip in Google Chrome prior to
149.0.7827.155 a ...)
+ {DSA-6352-1}
- chromium 149.0.7827.155-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12454 (Race in Safe Browsing in Google Chrome on Mac prior to
149.0.7827.155 ...)
+ {DSA-6352-1}
- chromium 149.0.7827.155-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12453 (Insufficient validation of untrusted input in Input in Google
Chrome p ...)
+ {DSA-6352-1}
- chromium 149.0.7827.155-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12452 (Use after free in Downloads in Google Chrome on Android prior
to 149.0 ...)
+ {DSA-6352-1}
- chromium 149.0.7827.155-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12451 (Use after free in DigitalCredentials in Google Chrome prior to
149.0.7 ...)
+ {DSA-6352-1}
- chromium 149.0.7827.155-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12450 (Inappropriate implementation in Media in Google Chrome prior
to 149.0. ...)
+ {DSA-6352-1}
- chromium 149.0.7827.155-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12449 (Use after free in Chromoting in Google Chrome on Windows prior
to 149. ...)
+ {DSA-6352-1}
- chromium 149.0.7827.155-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12448 (Inappropriate implementation in WebView in Google Chrome on
Android pr ...)
+ {DSA-6352-1}
- chromium 149.0.7827.155-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12447 (Heap buffer overflow in WebRTC in Google Chrome prior to
149.0.7827.15 ...)
+ {DSA-6352-1}
- chromium 149.0.7827.155-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12446 (Inappropriate implementation in Passwords in Google Chrome
prior to 14 ...)
+ {DSA-6352-1}
- chromium 149.0.7827.155-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12445 (Use after free in Extensions in Google Chrome prior to
149.0.7827.155 ...)
+ {DSA-6352-1}
- chromium 149.0.7827.155-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12444 (Out of bounds read in Chromoting in Google Chrome on Windows
prior to ...)
+ {DSA-6352-1}
- chromium 149.0.7827.155-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12443 (Use after free in Web Authentication in Google Chrome prior to
149.0.7 ...)
+ {DSA-6352-1}
- chromium 149.0.7827.155-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12442 (Use after free in Passwords in Google Chrome on Android prior
to 149.0 ...)
+ {DSA-6352-1}
- chromium 149.0.7827.155-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12441 (Use after free in File Input in Google Chrome on Linux prior
to 149.0. ...)
+ {DSA-6352-1}
- chromium 149.0.7827.155-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12440 (Use after free in DigitalCredentials in Google Chrome on
Windows prior ...)
+ {DSA-6352-1}
- chromium 149.0.7827.155-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12439 (Use after free in Digital Credentials in Google Chrome prior
to 149.0. ...)
+ {DSA-6352-1}
- chromium 149.0.7827.155-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12438 (Inappropriate implementation in WebView in Google Chrome on
Android pr ...)
+ {DSA-6352-1}
- chromium 149.0.7827.155-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12437 (Use after free in WebShare in Google Chrome on Windows prior
to 149.0. ...)
+ {DSA-6352-1}
- chromium 149.0.7827.155-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12425 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
@@ -2087,19 +2258,19 @@ CVE-2026-12412
CVE-2026-12398 (A command injection vulnerability was found in galaxy_ng. The
do_git_c ...)
NOT-FOR-US: Red Hat Ansible Automation Platform
CVE-2026-12330 (Incorrect boundary conditions in the Internationalization
component. T ...)
- {DSA-6350-1}
+ {DSA-6351-1 DSA-6350-1}
- firefox-esr 140.12.0esr-1
- thunderbird 1:140.12.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12330
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12330
CVE-2026-12329 (Memory safety bug fixed in Thunderbird ESR 140.12. This
vulnerability ...)
- {DSA-6350-1}
+ {DSA-6351-1 DSA-6350-1}
- firefox-esr 140.12.0esr-1
- thunderbird 1:140.12.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12329
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12329
CVE-2026-12328 (Memory safety bugs present in Firefox ESR 115.36, Firefox ESR
140.11, ...)
- {DSA-6350-1}
+ {DSA-6351-1 DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird 1:140.12.0esr-1
@@ -2107,7 +2278,7 @@ CVE-2026-12328 (Memory safety bugs present in Firefox ESR
115.36, Firefox ESR 14
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12328
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12328
CVE-2026-12327 (Memory safety bugs present in Firefox ESR 140.11, Thunderbird
ESR 140. ...)
- {DSA-6350-1}
+ {DSA-6351-1 DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird 1:140.12.0esr-1
@@ -2118,7 +2289,7 @@ CVE-2026-12326 (Memory safety bugs present in Firefox 151
and Thunderbird 151. S
- firefox 152.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-57/#CVE-2026-12326
CVE-2026-12325 (Denial-of-service in the Graphics: ImageLib component. This
vulnerabil ...)
- {DSA-6350-1}
+ {DSA-6351-1 DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird 1:140.12.0esr-1
@@ -2126,7 +2297,7 @@ CVE-2026-12325 (Denial-of-service in the Graphics:
ImageLib component. This vuln
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12325
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12325
CVE-2026-12324 (Incorrect boundary conditions in the Graphics: CanvasWebGL
component. ...)
- {DSA-6350-1}
+ {DSA-6351-1 DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird 1:140.12.0esr-1
@@ -2160,7 +2331,7 @@ CVE-2026-12316 (Mitigation bypass in the DOM: Security
component. This vulnerabi
- firefox 152.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-57/#CVE-2026-12316
CVE-2026-12315 (Mitigation bypass in the DOM: Security component. This
vulnerability w ...)
- {DSA-6350-1}
+ {DSA-6351-1 DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird 1:140.12.0esr-1
@@ -2168,7 +2339,7 @@ CVE-2026-12315 (Mitigation bypass in the DOM: Security
component. This vulnerabi
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12315
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12315
CVE-2026-12314 (Memory safety bug fixed in Firefox 152. This vulnerability was
fixed i ...)
- {DSA-6350-1}
+ {DSA-6351-1 DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird 1:140.12.0esr-1
@@ -2176,7 +2347,7 @@ CVE-2026-12314 (Memory safety bug fixed in Firefox 152.
This vulnerability was f
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12314
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12314
CVE-2026-12313 (Information disclosure, sandbox escape in the Security:
Process Sandbo ...)
- {DSA-6350-1}
+ {DSA-6351-1 DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird 1:140.12.0esr-1
@@ -2184,7 +2355,7 @@ CVE-2026-12313 (Information disclosure, sandbox escape in
the Security: Process
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12313
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12313
CVE-2026-12312 (Memory safety bug fixed in Firefox 152. This vulnerability was
fixed i ...)
- {DSA-6350-1}
+ {DSA-6351-1 DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird 1:140.12.0esr-1
@@ -2192,7 +2363,7 @@ CVE-2026-12312 (Memory safety bug fixed in Firefox 152.
This vulnerability was f
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12312
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12312
CVE-2026-12311 (Information disclosure, sandbox escape in the Security:
Process Sandbo ...)
- {DSA-6350-1}
+ {DSA-6351-1 DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird 1:140.12.0esr-1
@@ -2200,7 +2371,7 @@ CVE-2026-12311 (Information disclosure, sandbox escape in
the Security: Process
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12311
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12311
CVE-2026-12310 (Memory safety bug fixed in Firefox 152. This vulnerability was
fixed i ...)
- {DSA-6350-1}
+ {DSA-6351-1 DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird 1:140.12.0esr-1
@@ -2208,7 +2379,7 @@ CVE-2026-12310 (Memory safety bug fixed in Firefox 152.
This vulnerability was f
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12310
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12310
CVE-2026-12309 (Memory safety bug fixed in Firefox 152. This vulnerability was
fixed i ...)
- {DSA-6350-1}
+ {DSA-6351-1 DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird 1:140.12.0esr-1
@@ -2216,7 +2387,7 @@ CVE-2026-12309 (Memory safety bug fixed in Firefox 152.
This vulnerability was f
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12309
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12309
CVE-2026-12308 (Memory safety bug fixed in Firefox 152. This vulnerability was
fixed i ...)
- {DSA-6350-1}
+ {DSA-6351-1 DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird 1:140.12.0esr-1
@@ -2224,7 +2395,7 @@ CVE-2026-12308 (Memory safety bug fixed in Firefox 152.
This vulnerability was f
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12308
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12308
CVE-2026-12307 (Memory safety bug fixed in Firefox 152. This vulnerability was
fixed i ...)
- {DSA-6350-1}
+ {DSA-6351-1 DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird 1:140.12.0esr-1
@@ -2232,7 +2403,7 @@ CVE-2026-12307 (Memory safety bug fixed in Firefox 152.
This vulnerability was f
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12307
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12307
CVE-2026-12306 (Memory safety bug fixed in Firefox 152. This vulnerability was
fixed i ...)
- {DSA-6350-1}
+ {DSA-6351-1 DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird 1:140.12.0esr-1
@@ -2240,7 +2411,7 @@ CVE-2026-12306 (Memory safety bug fixed in Firefox 152.
This vulnerability was f
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12306
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12306
CVE-2026-12305 (Memory safety bug fixed in Firefox 152. This vulnerability was
fixed i ...)
- {DSA-6350-1}
+ {DSA-6351-1 DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird 1:140.12.0esr-1
@@ -2248,7 +2419,7 @@ CVE-2026-12305 (Memory safety bug fixed in Firefox 152.
This vulnerability was f
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12305
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12305
CVE-2026-12304 (Same-origin policy bypass in the Networking: Cookies
component. This v ...)
- {DSA-6350-1}
+ {DSA-6351-1 DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird 1:140.12.0esr-1
@@ -2259,7 +2430,7 @@ CVE-2026-12303 (Information disclosure due to incorrect
boundary conditions in t
- firefox 152.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-57/#CVE-2026-12303
CVE-2026-12302 (Mitigation bypass in the DOM: Security component. This
vulnerability w ...)
- {DSA-6350-1}
+ {DSA-6351-1 DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird 1:140.12.0esr-1
@@ -2273,7 +2444,7 @@ CVE-2026-12300 (Memory safety bug fixed in Firefox 152.
This vulnerability was f
- firefox 152.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-57/#CVE-2026-12300
CVE-2026-12299 (JIT miscompilation in the DOM: Core & HTML component. This
vulnerabili ...)
- {DSA-6350-1}
+ {DSA-6351-1 DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird 1:140.12.0esr-1
@@ -2281,7 +2452,7 @@ CVE-2026-12299 (JIT miscompilation in the DOM: Core &
HTML component. This vulne
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12299
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12299
CVE-2026-12298 (Memory safety bug fixed in Firefox 152. This vulnerability was
fixed i ...)
- {DSA-6350-1}
+ {DSA-6351-1 DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird 1:140.12.0esr-1
@@ -2289,7 +2460,7 @@ CVE-2026-12298 (Memory safety bug fixed in Firefox 152.
This vulnerability was f
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12298
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12298
CVE-2026-12297 (Sandbox escape due to incorrect boundary conditions in the
Networking ...)
- {DSA-6350-1}
+ {DSA-6351-1 DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird 1:140.12.0esr-1
@@ -2297,7 +2468,7 @@ CVE-2026-12297 (Sandbox escape due to incorrect boundary
conditions in the Netwo
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12297
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12297
CVE-2026-12296 (Sandbox escape in the Security: Process Sandboxing component.
This vul ...)
- {DSA-6350-1}
+ {DSA-6351-1 DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird 1:140.12.0esr-1
@@ -2305,7 +2476,7 @@ CVE-2026-12296 (Sandbox escape in the Security: Process
Sandboxing component. Th
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12296
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12296
CVE-2026-12295 (Sandbox escape in the DOM: Navigation component. This
vulnerability wa ...)
- {DSA-6350-1}
+ {DSA-6351-1 DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird 1:140.12.0esr-1
@@ -2313,7 +2484,7 @@ CVE-2026-12295 (Sandbox escape in the DOM: Navigation
component. This vulnerabil
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12295
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12295
CVE-2026-12294 (Sandbox escape in the DOM: Workers component. This
vulnerability was f ...)
- {DSA-6350-1}
+ {DSA-6351-1 DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird 1:140.12.0esr-1
@@ -2324,7 +2495,7 @@ CVE-2026-12293 (Use-after-free in the Graphics: WebGPU
component. This vulnerabi
- firefox 152.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-57/#CVE-2026-12293
CVE-2026-12292 (Incorrect boundary conditions in the Web Audio component. This
vulnera ...)
- {DSA-6350-1}
+ {DSA-6351-1 DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird 1:140.12.0esr-1
@@ -2332,7 +2503,7 @@ CVE-2026-12292 (Incorrect boundary conditions in the Web
Audio component. This v
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12292
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12292
CVE-2026-12291 (Use-after-free in the Networking: HTTP component. This
vulnerability w ...)
- {DSA-6350-1}
+ {DSA-6351-1 DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird 1:140.12.0esr-1
@@ -2340,7 +2511,7 @@ CVE-2026-12291 (Use-after-free in the Networking: HTTP
component. This vulnerabi
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12291
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12291
CVE-2026-12290 (Memory safety bug fixed in Firefox 152. This vulnerability was
fixed i ...)
- {DSA-6350-1}
+ {DSA-6351-1 DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird 1:140.12.0esr-1
@@ -2348,7 +2519,7 @@ CVE-2026-12290 (Memory safety bug fixed in Firefox 152.
This vulnerability was f
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12290
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12290
CVE-2026-12289 (Privilege escalation in the Graphics: WebRender component.
This vulner ...)
- {DSA-6350-1}
+ {DSA-6351-1 DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird 1:140.12.0esr-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c5274492036d225902d0be29dafb3fdcc7e73b4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c5274492036d225902d0be29dafb3fdcc7e73b4
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
