Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ff5d6c7e by security tracker role at 2026-06-19T19:13:56+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,16 +1,282 @@
+CVE-2026-9143 (There is an incorrect conversion between numeric types
vulnerability i ...)
+ TODO: check
+CVE-2026-9142 (There is an insecure default credentials vulnerability in NI
grpc-devi ...)
+ TODO: check
+CVE-2026-8296 (In affected versions of Octopus Server with certain access
levels it w ...)
+ TODO: check
+CVE-2026-6798 (The 2Download Connector for 2DL Hosted Checkout plugin for
WordPress i ...)
+ TODO: check
+CVE-2026-56211 (A remote code execution vulnerability was found in libaom, the
referen ...)
+ TODO: check
+CVE-2026-56210 (A heap-buffer-overflow read vulnerability was found in libaom,
the ref ...)
+ TODO: check
+CVE-2026-56209 (An arbitrary address write vulnerability was found in libaom,
the refe ...)
+ TODO: check
+CVE-2026-56208 (A heap buffer overflow vulnerability was found in libaom, the
referenc ...)
+ TODO: check
+CVE-2026-56142 (In JetBrains Hub before 2026.1.13757, 2025.3.148033,
2025.2.148048, 20 ...)
+ TODO: check
+CVE-2026-56141 (In JetBrains Hub before 2026.1.13757, 2025.3.148033,
2025.2.148048, 20 ...)
+ TODO: check
+CVE-2026-56138 (AIL framework contains a path traversal vulnerability in the
/objects/ ...)
+ TODO: check
+CVE-2026-53915 (In JetBrains GoLand before 2026.1.3 remote code execution was
possible ...)
+ TODO: check
+CVE-2026-51846 (In Tenda AC7 v15.03.06.44, the wanSpeed parameter of the route
/goform ...)
+ TODO: check
+CVE-2026-51845 (Tenda AC7 v15.03.06.44 contains a stack buffer overflow
vulnerability ...)
+ TODO: check
+CVE-2026-51844 (Tenda AC7 v15.03.06.44 contains a stack buffer overflow
vulnerability ...)
+ TODO: check
+CVE-2026-51843 (Tenda AC7 v15.03.06.44 contains a stack buffer overflow
vulnerability ...)
+ TODO: check
+CVE-2026-50242 (In JetBrains Hub before 2026.1.13757, 2025.3.148033,
2025.2.148048, 20 ...)
+ TODO: check
+CVE-2026-4027 (A security vulnerability has been identified in FlexNet Manager
Suite ...)
+ TODO: check
+CVE-2026-4026 (A security vulnerability has been identified in FlexNet Manager
Suite ...)
+ TODO: check
+CVE-2026-49872 (Improper Authentication vulnerability in Apache APISIX. When
the cas- ...)
+ TODO: check
+CVE-2026-49871 (Cross-Site Request Forgery (CSRF) vulnerability in the
cas-auth plugin ...)
+ TODO: check
+CVE-2026-49359 (PhpWeasyPrint is a PHP library allowing PDF generation from a
URL or a ...)
+ TODO: check
+CVE-2026-49358 (PhpWeasyPrint is a PHP library allowing PDF generation from a
URL or a ...)
+ TODO: check
+CVE-2026-49357 (Line Desktop MCP is a project that, while unaffiliated with
the offici ...)
+ TODO: check
+CVE-2026-49339 (gonic is a music streaming server / free-software subsonic
server API ...)
+ TODO: check
+CVE-2026-49336 (@microsoft/kiota-http-fetchlibrary provides TypeScript
libraries for K ...)
+ TODO: check
+CVE-2026-49293 (js-toml is a TOML parser for JavaScript, fully compliant with
the TOML ...)
+ TODO: check
+CVE-2026-49291 (mcp-memory-service is a semantic memory layer for AI
applications. Pri ...)
+ TODO: check
+CVE-2026-49290 (Slopsmith is a self-contained web application for browsing,
playing, a ...)
+ TODO: check
+CVE-2026-49288 (Statamic is a Laravel and Git powered content management
system (CMS). ...)
+ TODO: check
+CVE-2026-49287 (Statamic is a Laravel and Git powered content management
system (CMS). ...)
+ TODO: check
+CVE-2026-49286 (PhpWeasyPrint is a PHP library allowing PDF generation from a
URL or a ...)
+ TODO: check
+CVE-2026-49271 (libheif is a HEIF and AVIF file format decoder and encoder.
Prior to v ...)
+ TODO: check
+CVE-2026-49260 (PhpWeasyPrint is a PHP library allowing PDF generation from a
URL or a ...)
+ TODO: check
+CVE-2026-49231 (Authentication Bypass by Spoofing vulnerability in opa plugin.
An att ...)
+ TODO: check
+CVE-2026-49230 (Improper Validation of Integrity Check Value vulnerability in
Apache A ...)
+ TODO: check
+CVE-2026-48895 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in A ...)
+ TODO: check
+CVE-2026-48141 (There is a memory leak in NI grpc-device BeginSidebandStream
that may ...)
+ TODO: check
+CVE-2026-48140 (There is an unchecked enum cast vulnerability in NI
grpc-device BeginS ...)
+ TODO: check
+CVE-2026-48139 (There is a NULL pointer dereference vulnerability in NI
grpc-device in ...)
+ TODO: check
+CVE-2026-48138 (There is an out-of-bounds read vulnerability in the NI
grpc-device str ...)
+ TODO: check
+CVE-2026-48137 (There is an untrusted pointer dereference vulnerability in the
NI grpc ...)
+ TODO: check
+CVE-2026-47341 (Authentication Bypass by Capture-replay vulnerability in
Apache APISIX ...)
+ TODO: check
+CVE-2026-47339 (Incorrect Authorization vulnerability in Apache APISIX. An
attacker c ...)
+ TODO: check
+CVE-2026-46461 (Dell Server Hardware Manager, versions prior to 3.2.2,
contains an Imp ...)
+ TODO: check
+CVE-2026-44939 (A command injection vulnerability in the Rancher Manager
cluster befor ...)
+ TODO: check
+CVE-2026-44915 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in A ...)
+ TODO: check
+CVE-2026-44087 (Insufficient Verification of Data Authenticity vulnerability
in Apache ...)
+ TODO: check
+CVE-2026-44046 (Use of Less Trusted Source vulnerability in Apache APISIX.
Attacker c ...)
+ TODO: check
+CVE-2026-41156 (Software installed and run as a non-privileged user may
conduct improp ...)
+ TODO: check
+CVE-2026-3640 (The STRABL \u2013 A checkout solution plugin for WordPress is
vulnerab ...)
+ TODO: check
+CVE-2026-39999 (Authentication Bypass by Spoofing vulnerability in Apache
APISIX. The ...)
+ TODO: check
+CVE-2026-39998 (Improper Input Validation vulnerability in Apache APISIX. The
attacke ...)
+ TODO: check
+CVE-2026-34192 (Software installed and run as a non-privileged user may
conduct improp ...)
+ TODO: check
+CVE-2026-21768 (The compose-rich-editor library (v1.0.0-rc14) used in HCL
Verse for An ...)
+ TODO: check
+CVE-2026-12706 (A use-after-free vulnerability was found in FFmpeg's RASC
video decode ...)
+ TODO: check
+CVE-2026-12622 (The GridTime 3000 GNSS Time Server has an open redirect
vulnerability ...)
+ TODO: check
+CVE-2026-12621 (Improper neutralization of input during web page generation
XSS vulne ...)
+ TODO: check
+CVE-2026-12620 (The GridTime 3000 GNSS Time Server leaks the access token in
the URL p ...)
+ TODO: check
+CVE-2026-12619 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2026-12238 (The WP Go Maps \u2013 Most Popular Map Plugin plugin for
WordPress is ...)
+ TODO: check
+CVE-2026-12104 (OS command injection in the environment and tunnel
configuration funct ...)
+ TODO: check
+CVE-2026-11941 (Cloudflare Quiche was affected by 2 use-after-free
vulnerabilities in ...)
+ TODO: check
+CVE-2026-11576 (The security fix for CVE-2025-0728 in eclipse-threadx NetX Duo
refacto ...)
+ TODO: check
+CVE-2025-71326 (AVAST Antivirus 25.11 contains an unquoted service path
vulnerability ...)
+ TODO: check
+CVE-2025-62821 (Microsoft HEIF Image Extensions 1.2.22.0 has an out-of-bounds
read bec ...)
+ TODO: check
+CVE-2023-54357 (Joomla com_booking component 2.4.9 contains an information
disclosure ...)
+ TODO: check
+CVE-2023-54353 (Chromacam 4.0.3.0 contains an unquoted service path
vulnerability in t ...)
+ TODO: check
+CVE-2022-50971 (Malwarebytes 4.5 contains an unquoted service path
vulnerability in th ...)
+ TODO: check
+CVE-2021-47985 (Brother SAPSprint 7.60 contains an unquoted service path
vulnerability ...)
+ TODO: check
+CVE-2020-37254 (Wondershare PDFelement 5.2.9 contains a privilege escalation
vulnerabi ...)
+ TODO: check
+CVE-2020-37253 (Winstep 18.06.0096 contains an unquoted service path
vulnerability in ...)
+ TODO: check
+CVE-2020-37252 (Realtek Audio Service 1.0.0.55 contains an unquoted service
path vulne ...)
+ TODO: check
+CVE-2020-37251 (RealTimes Desktop Service 18.1.4 contains an unquoted service
path vul ...)
+ TODO: check
+CVE-2020-37250 (TFTP Broadband 4.3.0.1465 contains an unquoted service path
vulnerabil ...)
+ TODO: check
+CVE-2019-25762 (Joomla! Component JoomProject 1.1.3.2 contains an information
disclosu ...)
+ TODO: check
+CVE-2019-25761 (Joomla! Component JoomCRM 1.1.1 contains an SQL injection
vulnerabilit ...)
+ TODO: check
+CVE-2019-25760 (Joomla! Component Easy Shop 1.2.3 contains a local file
inclusion vuln ...)
+ TODO: check
+CVE-2019-25759 (Joomla! Component vBizz 1.0.7 contains an SQL injection
vulnerability ...)
+ TODO: check
+CVE-2019-25758 (Joomla! Component vBizz 1.0.7 contains an unrestricted file
upload vul ...)
+ TODO: check
+CVE-2019-25757 (Joomla vWishlist 1.0.1 contains an SQL injection vulnerability
that al ...)
+ TODO: check
+CVE-2019-25756 (Joomla! Component vAccount 2.0.2 contains an SQL injection
vulnerabili ...)
+ TODO: check
+CVE-2019-25755 (Joomla Component vReview 1.9.11 contains an SQL injection
vulnerabilit ...)
+ TODO: check
+CVE-2019-25754 (Joomla Component vRestaurant 1.9.4 contains an SQL injection
vulnerabi ...)
+ TODO: check
+CVE-2019-25753 (Joomla! Component VMap 1.9.6 contains an SQL injection
vulnerability t ...)
+ TODO: check
+CVE-2019-25752 (Joomla! Component J-BusinessDirectory 4.9.7 contains an SQL
injection ...)
+ TODO: check
+CVE-2019-25751 (Joomla Component J-ClassifiedsManager 3.0.5 contains an SQL
injection ...)
+ TODO: check
+CVE-2019-25750 (Joomla Component J-MultipleHotelReservation 6.0.7 contains an
SQL inje ...)
+ TODO: check
+CVE-2019-25749 (Joomla J-CruisePortal 6.0.4 contains an SQL injection
vulnerability th ...)
+ TODO: check
+CVE-2019-25748 (Joomla JHotelReservation 6.0.7 contains an SQL injection
vulnerability ...)
+ TODO: check
+CVE-2019-25747 (Network Inventory Advisor 5.0.26.0 installs the niaservice
service wit ...)
+ TODO: check
+CVE-2017-20282 (Joomla! Component jCart for OpenCart 2.0 contains an SQL
injection vul ...)
+ TODO: check
+CVE-2017-20281 (Joomla! Component Extra Search 2.2.8 contains an SQL injection
vulnera ...)
+ TODO: check
+CVE-2017-20280 (Joomla Component Myportfolio 3.0.2 contains an SQL injection
vulnerabi ...)
+ TODO: check
+CVE-2017-20279 (Joomla Payage 2.05 contains an SQL injection vulnerability
that allows ...)
+ TODO: check
+CVE-2017-20278 (Joomla Component JoomRecipe 1.0.3 contains an SQL injection
vulnerabil ...)
+ TODO: check
+CVE-2017-20277 (Joomla JoomRecipe 1.0.4 component contains a blind SQL
injection vulne ...)
+ TODO: check
+CVE-2017-20276 (Joomla! Component SIMGenealogy 2.1.5 contains an SQL injection
vulnera ...)
+ TODO: check
+CVE-2017-20275 (Joomla! Component PHP-Bridge 1.2.3 contains an SQL injection
vulnerabi ...)
+ TODO: check
+CVE-2017-20274 (Joomla LMS King Professional 3.2.4.0 contains an SQL injection
vulnera ...)
+ TODO: check
+CVE-2017-20273 (Joomla Event Registration Pro Calendar 4.1.3 contains an SQL
injection ...)
+ TODO: check
+CVE-2017-20272 (Joomla Ultimate Property Listing 1.0.2 contains an SQL
injection vulne ...)
+ TODO: check
+CVE-2017-20271 (Joomla StreetGuessr Game 1.1.8 contains an SQL injection
vulnerability ...)
+ TODO: check
+CVE-2017-20270 (Joomla! Component Twitch Tv 1.1 contains an SQL injection
vulnerabilit ...)
+ TODO: check
+CVE-2017-20269 (Joomla! Component KissGallery 1.0.0 contains an SQL injection
vulnerab ...)
+ TODO: check
+CVE-2017-20268 (Joomla! Component Zap Calendar Lite 4.3.4 contains an SQL
injection vu ...)
+ TODO: check
+CVE-2017-20267 (Joomla! Component Calendar Planner 1.0.1 contains an SQL
injection vul ...)
+ TODO: check
+CVE-2017-20266 (Joomla SP Movie Database 1.3 contains an SQL injection
vulnerability t ...)
+ TODO: check
+CVE-2017-20265 (Joomla! Component Flip Wall 8.0 contains an SQL injection
vulnerabilit ...)
+ TODO: check
+CVE-2017-20264 (Joomla! Component Sponsor Wall 8.0 contains an SQL injection
vulnerabi ...)
+ TODO: check
+CVE-2017-20263 (Joomla! Component FocalPoint Pro/Free 1.2.3 contains an SQL
injection ...)
+ TODO: check
+CVE-2017-20262 (Joomla! Component Ajax Quiz 1.8 contains an SQL injection
vulnerabilit ...)
+ TODO: check
+CVE-2017-20261 (Joomla! Component Bargain Product VM3 1.0 contains an SQL
injection vu ...)
+ TODO: check
+CVE-2017-20260 (Joomla! Component Price Alert 3.0.2 contains an SQL injection
vulnerab ...)
+ TODO: check
+CVE-2017-20259 (Joomla OSDownloads 1.7.4 contains an SQL injection
vulnerability that ...)
+ TODO: check
+CVE-2017-20258 (Joomla! Component RPC Responsive Portfolio 1.6.1 contains an
SQL injec ...)
+ TODO: check
+CVE-2017-20257 (Joomla! Component Quiz Deluxe 3.7.4 contains an SQL injection
vulnerab ...)
+ TODO: check
+CVE-2017-20256 (Joomla Survey Force Deluxe 3.2.4 contains an SQL injection
vulnerabili ...)
+ TODO: check
+CVE-2017-20255 (Joomla! Component JB Visa 1.0 contains an SQL injection
vulnerability ...)
+ TODO: check
+CVE-2017-20254 (Joomla! Component User Bench 1.0 contains an SQL injection
vulnerabili ...)
+ TODO: check
+CVE-2017-20253 (Joomla! Component My Projects 2.0 contains an SQL injection
vulnerabil ...)
+ TODO: check
+CVE-2017-20252 (Joomla NextGen Editor 2.1.0 contains an SQL injection
vulnerability th ...)
+ TODO: check
+CVE-2016-20095 (Matrix42 Remote Control Host 3.20.0031 contains an unquoted
service pa ...)
+ TODO: check
+CVE-2016-20094 (AnyDesk 2.5.0 contains an unquoted service path vulnerability
that all ...)
+ TODO: check
+CVE-2016-20093 (Wise Care 365 4.27 and Wise Disk Cleaner 9.29 contain unquoted
service ...)
+ TODO: check
+CVE-2016-20092 (NetDrive 2.6.12 contains an unquoted service path
vulnerability in the ...)
+ TODO: check
+CVE-2016-20091 (Windows Firewall Control 4.8.6.0 contains an unquoted service
path vul ...)
+ TODO: check
+CVE-2016-20090 (Comodo Dragon Browser versions up to 52.15.25.663 contain a
privilege ...)
+ TODO: check
+CVE-2016-20089 (Iperius Remote 1.7.0 contains an unquoted service path
vulnerability t ...)
+ TODO: check
+CVE-2016-20088 (Comodo Chromodo Browser 52.15.25.664 contains an unquoted
service path ...)
+ TODO: check
+CVE-2016-20087 (Fortitude HTTP 1.0.4.0 contains an unquoted service path
vulnerability ...)
+ TODO: check
+CVE-2016-20086 (Vembu StoreGrid 4.0 contains an unquoted service path
vulnerability in ...)
+ TODO: check
+CVE-2016-20085 (Realtek High Definition Audio Driver 6.0.1.6730 contains an
unquoted s ...)
+ TODO: check
CVE-2026-55568
- guzzle 7.12.1-1
NOTE:
https://github.com/guzzle/guzzle/security/advisories/GHSA-wpwq-4j6v-78m3
CVE-2026-55767
- guzzle 7.12.1-1
NOTE:
https://github.com/guzzle/guzzle/security/advisories/GHSA-cwxw-98qj-8qjx
-CVE-2026-52910 [bpf: Free reuseport cBPF prog after RCU grace period.]
+CVE-2026-52910 (In the Linux kernel, the following vulnerability has been
resolved: b ...)
- linux 7.0.12-2
NOTE:
https://git.kernel.org/linus/18fc650ccd7fe3376eca89203668cfb8268f60df (7.1-rc3)
-CVE-2026-52909 [ip6_vti: set netns_immutable on the fallback device.]
+CVE-2026-52909 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
- linux 7.0.13-1
NOTE:
https://git.kernel.org/linus/d289d5307762d1838aaece22c6b6fcad9e8865f9 (7.1)
-CVE-2026-52908 [RDMA: During rereg_mr ensure that REREG_ACCESS is compatible]
+CVE-2026-52908 (In the Linux kernel, the following vulnerability has been
resolved: R ...)
- linux 7.0.13-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -2340,19 +2606,19 @@ CVE-2026-12412
CVE-2026-12398 (A command injection vulnerability was found in galaxy_ng. The
do_git_c ...)
NOT-FOR-US: Red Hat Ansible Automation Platform
CVE-2026-12330 (Incorrect boundary conditions in the Internationalization
component. T ...)
- {DSA-6351-1 DSA-6350-1}
+ {DSA-6351-1 DSA-6350-1 DLA-4636-1 DLA-4635-1}
- firefox-esr 140.12.0esr-1
- thunderbird 1:140.12.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12330
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12330
CVE-2026-12329 (Memory safety bug fixed in Thunderbird ESR 140.12. This
vulnerability ...)
- {DSA-6351-1 DSA-6350-1}
+ {DSA-6351-1 DSA-6350-1 DLA-4636-1 DLA-4635-1}
- firefox-esr 140.12.0esr-1
- thunderbird 1:140.12.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12329
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12329
CVE-2026-12328 (Memory safety bugs present in Firefox ESR 115.36, Firefox ESR
140.11, ...)
- {DSA-6351-1 DSA-6350-1}
+ {DSA-6351-1 DSA-6350-1 DLA-4636-1 DLA-4635-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird 1:140.12.0esr-1
@@ -2360,7 +2626,7 @@ CVE-2026-12328 (Memory safety bugs present in Firefox ESR
115.36, Firefox ESR 14
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12328
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12328
CVE-2026-12327 (Memory safety bugs present in Firefox ESR 140.11, Thunderbird
ESR 140. ...)
- {DSA-6351-1 DSA-6350-1}
+ {DSA-6351-1 DSA-6350-1 DLA-4636-1 DLA-4635-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird 1:140.12.0esr-1
@@ -2371,7 +2637,7 @@ CVE-2026-12326 (Memory safety bugs present in Firefox 151
and Thunderbird 151. S
- firefox 152.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-57/#CVE-2026-12326
CVE-2026-12325 (Denial-of-service in the Graphics: ImageLib component. This
vulnerabil ...)
- {DSA-6351-1 DSA-6350-1}
+ {DSA-6351-1 DSA-6350-1 DLA-4636-1 DLA-4635-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird 1:140.12.0esr-1
@@ -2379,7 +2645,7 @@ CVE-2026-12325 (Denial-of-service in the Graphics:
ImageLib component. This vuln
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12325
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12325
CVE-2026-12324 (Incorrect boundary conditions in the Graphics: CanvasWebGL
component. ...)
- {DSA-6351-1 DSA-6350-1}
+ {DSA-6351-1 DSA-6350-1 DLA-4636-1 DLA-4635-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird 1:140.12.0esr-1
@@ -2413,7 +2679,7 @@ CVE-2026-12316 (Mitigation bypass in the DOM: Security
component. This vulnerabi
- firefox 152.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-57/#CVE-2026-12316
CVE-2026-12315 (Mitigation bypass in the DOM: Security component. This
vulnerability w ...)
- {DSA-6351-1 DSA-6350-1}
+ {DSA-6351-1 DSA-6350-1 DLA-4636-1 DLA-4635-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird 1:140.12.0esr-1
@@ -2421,7 +2687,7 @@ CVE-2026-12315 (Mitigation bypass in the DOM: Security
component. This vulnerabi
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12315
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12315
CVE-2026-12314 (Memory safety bug fixed in Firefox 152. This vulnerability was
fixed i ...)
- {DSA-6351-1 DSA-6350-1}
+ {DSA-6351-1 DSA-6350-1 DLA-4636-1 DLA-4635-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird 1:140.12.0esr-1
@@ -2429,7 +2695,7 @@ CVE-2026-12314 (Memory safety bug fixed in Firefox 152.
This vulnerability was f
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12314
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12314
CVE-2026-12313 (Information disclosure, sandbox escape in the Security:
Process Sandbo ...)
- {DSA-6351-1 DSA-6350-1}
+ {DSA-6351-1 DSA-6350-1 DLA-4636-1 DLA-4635-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird 1:140.12.0esr-1
@@ -2437,7 +2703,7 @@ CVE-2026-12313 (Information disclosure, sandbox escape in
the Security: Process
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12313
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12313
CVE-2026-12312 (Memory safety bug fixed in Firefox 152. This vulnerability was
fixed i ...)
- {DSA-6351-1 DSA-6350-1}
+ {DSA-6351-1 DSA-6350-1 DLA-4636-1 DLA-4635-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird 1:140.12.0esr-1
@@ -2445,7 +2711,7 @@ CVE-2026-12312 (Memory safety bug fixed in Firefox 152.
This vulnerability was f
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12312
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12312
CVE-2026-12311 (Information disclosure, sandbox escape in the Security:
Process Sandbo ...)
- {DSA-6351-1 DSA-6350-1}
+ {DSA-6351-1 DSA-6350-1 DLA-4636-1 DLA-4635-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird 1:140.12.0esr-1
@@ -2453,7 +2719,7 @@ CVE-2026-12311 (Information disclosure, sandbox escape in
the Security: Process
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12311
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12311
CVE-2026-12310 (Memory safety bug fixed in Firefox 152. This vulnerability was
fixed i ...)
- {DSA-6351-1 DSA-6350-1}
+ {DSA-6351-1 DSA-6350-1 DLA-4636-1 DLA-4635-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird 1:140.12.0esr-1
@@ -2461,7 +2727,7 @@ CVE-2026-12310 (Memory safety bug fixed in Firefox 152.
This vulnerability was f
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12310
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12310
CVE-2026-12309 (Memory safety bug fixed in Firefox 152. This vulnerability was
fixed i ...)
- {DSA-6351-1 DSA-6350-1}
+ {DSA-6351-1 DSA-6350-1 DLA-4636-1 DLA-4635-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird 1:140.12.0esr-1
@@ -2469,7 +2735,7 @@ CVE-2026-12309 (Memory safety bug fixed in Firefox 152.
This vulnerability was f
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12309
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12309
CVE-2026-12308 (Memory safety bug fixed in Firefox 152. This vulnerability was
fixed i ...)
- {DSA-6351-1 DSA-6350-1}
+ {DSA-6351-1 DSA-6350-1 DLA-4636-1 DLA-4635-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird 1:140.12.0esr-1
@@ -2477,7 +2743,7 @@ CVE-2026-12308 (Memory safety bug fixed in Firefox 152.
This vulnerability was f
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12308
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12308
CVE-2026-12307 (Memory safety bug fixed in Firefox 152. This vulnerability was
fixed i ...)
- {DSA-6351-1 DSA-6350-1}
+ {DSA-6351-1 DSA-6350-1 DLA-4636-1 DLA-4635-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird 1:140.12.0esr-1
@@ -2485,7 +2751,7 @@ CVE-2026-12307 (Memory safety bug fixed in Firefox 152.
This vulnerability was f
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12307
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12307
CVE-2026-12306 (Memory safety bug fixed in Firefox 152. This vulnerability was
fixed i ...)
- {DSA-6351-1 DSA-6350-1}
+ {DSA-6351-1 DSA-6350-1 DLA-4636-1 DLA-4635-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird 1:140.12.0esr-1
@@ -2493,7 +2759,7 @@ CVE-2026-12306 (Memory safety bug fixed in Firefox 152.
This vulnerability was f
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12306
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12306
CVE-2026-12305 (Memory safety bug fixed in Firefox 152. This vulnerability was
fixed i ...)
- {DSA-6351-1 DSA-6350-1}
+ {DSA-6351-1 DSA-6350-1 DLA-4636-1 DLA-4635-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird 1:140.12.0esr-1
@@ -2501,7 +2767,7 @@ CVE-2026-12305 (Memory safety bug fixed in Firefox 152.
This vulnerability was f
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12305
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12305
CVE-2026-12304 (Same-origin policy bypass in the Networking: Cookies
component. This v ...)
- {DSA-6351-1 DSA-6350-1}
+ {DSA-6351-1 DSA-6350-1 DLA-4636-1 DLA-4635-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird 1:140.12.0esr-1
@@ -2512,7 +2778,7 @@ CVE-2026-12303 (Information disclosure due to incorrect
boundary conditions in t
- firefox 152.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-57/#CVE-2026-12303
CVE-2026-12302 (Mitigation bypass in the DOM: Security component. This
vulnerability w ...)
- {DSA-6351-1 DSA-6350-1}
+ {DSA-6351-1 DSA-6350-1 DLA-4636-1 DLA-4635-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird 1:140.12.0esr-1
@@ -2526,7 +2792,7 @@ CVE-2026-12300 (Memory safety bug fixed in Firefox 152.
This vulnerability was f
- firefox 152.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-57/#CVE-2026-12300
CVE-2026-12299 (JIT miscompilation in the DOM: Core & HTML component. This
vulnerabili ...)
- {DSA-6351-1 DSA-6350-1}
+ {DSA-6351-1 DSA-6350-1 DLA-4636-1 DLA-4635-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird 1:140.12.0esr-1
@@ -2534,7 +2800,7 @@ CVE-2026-12299 (JIT miscompilation in the DOM: Core &
HTML component. This vulne
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12299
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12299
CVE-2026-12298 (Memory safety bug fixed in Firefox 152. This vulnerability was
fixed i ...)
- {DSA-6351-1 DSA-6350-1}
+ {DSA-6351-1 DSA-6350-1 DLA-4636-1 DLA-4635-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird 1:140.12.0esr-1
@@ -2542,7 +2808,7 @@ CVE-2026-12298 (Memory safety bug fixed in Firefox 152.
This vulnerability was f
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12298
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12298
CVE-2026-12297 (Sandbox escape due to incorrect boundary conditions in the
Networking ...)
- {DSA-6351-1 DSA-6350-1}
+ {DSA-6351-1 DSA-6350-1 DLA-4636-1 DLA-4635-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird 1:140.12.0esr-1
@@ -2550,7 +2816,7 @@ CVE-2026-12297 (Sandbox escape due to incorrect boundary
conditions in the Netwo
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12297
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12297
CVE-2026-12296 (Sandbox escape in the Security: Process Sandboxing component.
This vul ...)
- {DSA-6351-1 DSA-6350-1}
+ {DSA-6351-1 DSA-6350-1 DLA-4636-1 DLA-4635-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird 1:140.12.0esr-1
@@ -2558,7 +2824,7 @@ CVE-2026-12296 (Sandbox escape in the Security: Process
Sandboxing component. Th
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12296
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12296
CVE-2026-12295 (Sandbox escape in the DOM: Navigation component. This
vulnerability wa ...)
- {DSA-6351-1 DSA-6350-1}
+ {DSA-6351-1 DSA-6350-1 DLA-4636-1 DLA-4635-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird 1:140.12.0esr-1
@@ -2566,7 +2832,7 @@ CVE-2026-12295 (Sandbox escape in the DOM: Navigation
component. This vulnerabil
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12295
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12295
CVE-2026-12294 (Sandbox escape in the DOM: Workers component. This
vulnerability was f ...)
- {DSA-6351-1 DSA-6350-1}
+ {DSA-6351-1 DSA-6350-1 DLA-4636-1 DLA-4635-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird 1:140.12.0esr-1
@@ -2577,7 +2843,7 @@ CVE-2026-12293 (Use-after-free in the Graphics: WebGPU
component. This vulnerabi
- firefox 152.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-57/#CVE-2026-12293
CVE-2026-12292 (Incorrect boundary conditions in the Web Audio component. This
vulnera ...)
- {DSA-6351-1 DSA-6350-1}
+ {DSA-6351-1 DSA-6350-1 DLA-4636-1 DLA-4635-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird 1:140.12.0esr-1
@@ -2585,7 +2851,7 @@ CVE-2026-12292 (Incorrect boundary conditions in the Web
Audio component. This v
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12292
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12292
CVE-2026-12291 (Use-after-free in the Networking: HTTP component. This
vulnerability w ...)
- {DSA-6351-1 DSA-6350-1}
+ {DSA-6351-1 DSA-6350-1 DLA-4636-1 DLA-4635-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird 1:140.12.0esr-1
@@ -2593,7 +2859,7 @@ CVE-2026-12291 (Use-after-free in the Networking: HTTP
component. This vulnerabi
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12291
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12291
CVE-2026-12290 (Memory safety bug fixed in Firefox 152. This vulnerability was
fixed i ...)
- {DSA-6351-1 DSA-6350-1}
+ {DSA-6351-1 DSA-6350-1 DLA-4636-1 DLA-4635-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird 1:140.12.0esr-1
@@ -2601,7 +2867,7 @@ CVE-2026-12290 (Memory safety bug fixed in Firefox 152.
This vulnerability was f
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12290
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12290
CVE-2026-12289 (Privilege escalation in the Graphics: WebRender component.
This vulner ...)
- {DSA-6351-1 DSA-6350-1}
+ {DSA-6351-1 DSA-6350-1 DLA-4636-1 DLA-4635-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird 1:140.12.0esr-1
@@ -3342,6 +3608,7 @@ CVE-2026-52718 (A denial of service vulnerability was
found in GStreamer's AV1 c
NOTE:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/11829 (1.26
branch)
NOTE:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/11830 (1.24
branch)
CVE-2026-52717
+ {DSA-6353-1}
- gst-libav1.0 1.28.4-1
[bookworm] - gst-libav1.0 <not-affected> (Vulnerable code not present)
[bullseye] - gst-libav1.0 <not-affected> (Vulnerable code not present)
@@ -3624,6 +3891,7 @@ CVE-2026-12186 (A weakness has been identified in GL.iNet
GL-MT3000 up to 4.4.5.
CVE-2025-15546 (The Iptanus File Upload WordPress plugin before 5.1.7 does not
impleme ...)
NOT-FOR-US: WordPress plugin
CVE-2026-11527 (Config::IniFiles versions before 3.001000 for Perl allow OS
command in ...)
+ {DSA-6354-1 DLA-4637-1}
- libconfig-inifiles-perl 3.000003-5
NOTE: https://lists.security.metacpan.org/cve-announce/msg/41004660/
NOTE: Fixed by:
https://github.com/shlomif/perl-Config-IniFiles/commit/3e48f9627fbba4dae5de35be1f735cdeb7e47fb8
(releases/3.001000)
@@ -44269,7 +44537,7 @@ CVE-2026-33706 (Chamilo LMS is a learning management
system. Prior to 1.11.38, a
NOT-FOR-US: Chamilo LMS
CVE-2026-33119 (User interface (ui) misrepresentation of critical information
in Micro ...)
NOT-FOR-US: Microsoft
-CVE-2026-33118 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
+CVE-2026-33118 (User interface (ui) misrepresentation of critical information
in Micro ...)
NOT-FOR-US: Microsoft
CVE-2026-32252 (Chartbrew is an open-source web application that can connect
directly ...)
NOT-FOR-US: Chartbrew
@@ -253688,7 +253956,7 @@ CVE-2024-20083 (In venc, there is a possible out of
bounds write due to a missin
NOT-FOR-US: Mediatek
CVE-2024-20082 (In Modem, there is a possible memory corruption due to a
missing bound ...)
NOT-FOR-US: Mediatek
-CVE-2026-3196
+CVE-2026-3196 (An integer overflow vulnerability was found in the virtio-snd
device v ...)
- qemu 1:10.2.2+ds-1 (bug #1129605)
[trixie] - qemu <no-dsa> (Minor issue)
[bookworm] - qemu <not-affected> (Vulnerable code not present)
@@ -253696,7 +253964,7 @@ CVE-2026-3196
NOTE:
https://lore.kernel.org/qemu-devel/[email protected]/
NOTE: Fixed by:
https://gitlab.com/qemu-project/qemu/-/commit/61679d7dcfa2dffc8fb115aa19b09e0e7cf5ea5c
(v11.0.0-rc0)
NOTE: Fixed by:
https://gitlab.com/qemu-project/qemu/-/commit/d84fbf241d0322f19adfbe466c60bed5f50de262
(v10.2.2)
-CVE-2026-3195
+CVE-2026-3195 (A flaw was found in QEMU. When reading input audio in the
virtio-snd d ...)
- qemu 1:10.2.2+ds-1 (bug #1129604)
[trixie] - qemu <no-dsa> (Minor issue)
[bookworm] - qemu <not-affected> (Incomplete fix for CVE-2024-7730 not
applied)
@@ -517072,7 +517340,7 @@ CVE-2021-27035 (A maliciously crafted TIFF, TIF,
PICT, TGA, or DWF files in Auto
NOT-FOR-US: Autodesk
CVE-2021-27034 (A heap-based buffer overflow could occur while parsing PICT,
PCX, RCL ...)
NOT-FOR-US: Autodesk
-CVE-2021-27033 (A Double Free vulnerability allows remote attackers to execute
arbitra ...)
+CVE-2021-27033 (A maliciously crafted PDF file, when opened by a user in
Autodesk Desi ...)
NOT-FOR-US: Autodesk
CVE-2021-27032 (Autodesk Licensing Installer was found to be vulnerable to
privilege e ...)
NOT-FOR-US: Autodesk
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ff5d6c7e66da401a94d11804f2cea64b9bd53b5b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ff5d6c7e66da401a94d11804f2cea64b9bd53b5b
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
