[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Feb 25 20:13:40 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4dc14e39 by security tracker role at 2026-02-25T20:13:32+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,209 @@
+CVE-2026-3221 (Sensitive user account information is not encrypted in the database i ...)
+ TODO: check
+CVE-2026-3206 (Improper Resource Shutdown or Release vulnerability in KrakenD, SLU Kr ...)
+ TODO: check
+CVE-2026-3203 (RF4CE Profile protocol dissector crash in Wireshark 4.6.0 to 4.6.3 and ...)
+ TODO: check
+CVE-2026-3202 (NTS-KE protocol dissector crash in Wireshark 4.6.0 to 4.6.3 allows den ...)
+ TODO: check
+CVE-2026-3201 (USB HID protocol dissector memory exhaustion in Wireshark 4.6.0 to 4.6 ...)
+ TODO: check
+CVE-2026-3197
+ REJECTED
+CVE-2026-3194 (A flaw has been found in Chia Blockchain 2.1.0. The affected element i ...)
+ TODO: check
+CVE-2026-3193 (A vulnerability was detected in Chia Blockchain 2.1.0. Impacted is an ...)
+ TODO: check
+CVE-2026-3192 (A security vulnerability has been detected in Chia Blockchain 2.1.0. T ...)
+ TODO: check
+CVE-2026-3189 (A weakness has been identified in feiyuchuixue sz-boot-parent up to 1. ...)
+ TODO: check
+CVE-2026-3188 (A security flaw has been discovered in feiyuchuixue sz-boot-parent up ...)
+ TODO: check
+CVE-2026-3187 (A vulnerability was identified in feiyuchuixue sz-boot-parent up to 1. ...)
+ TODO: check
+CVE-2026-3186 (A vulnerability was determined in feiyuchuixue sz-boot-parent up to 1. ...)
+ TODO: check
+CVE-2026-3185 (A vulnerability was found in feiyuchuixue sz-boot-parent up to 1.3.2-b ...)
+ TODO: check
+CVE-2026-3171 (A flaw has been found in SourceCodester/Patrick Mvuma Patients Waiting ...)
+ TODO: check
+CVE-2026-3118 (A security flaw was identified in the Orchestrator Plugin of Red Hat D ...)
+ TODO: check
+CVE-2026-2878 (In Progress\xae Telerik\xae UI for AJAX, versions prior to 2026.1.225, ...)
+ TODO: check
+CVE-2026-2636 (This vulnerability is caused by a CWE\u2011159: "Improper Handling of ...)
+ TODO: check
+CVE-2026-2624 (Missing Authentication for Critical Function vulnerability in ePati Cy ...)
+ TODO: check
+CVE-2026-2479 (The Responsive Lightbox & Gallery plugin for WordPress is vulnerable t ...)
+ TODO: check
+CVE-2026-2416 (The Geo Mashup plugin for WordPress is vulnerable to SQL Injection via ...)
+ TODO: check
+CVE-2026-2410 (The Disable Admin Notices \u2013 Hide Dashboard Notifications plugin f ...)
+ TODO: check
+CVE-2026-2367 (The Secure Copy Content Protection and Content Locking plugin for Word ...)
+ TODO: check
+CVE-2026-2301 (The Post Duplicator plugin for WordPress is vulnerable to unauthorized ...)
+ TODO: check
+CVE-2026-28196 (In JetBrains TeamCity before 2025.11.3 disabling versioned settings le ...)
+ TODO: check
+CVE-2026-28195 (In JetBrains TeamCity before 2025.11.3 missing authorization allowed p ...)
+ TODO: check
+CVE-2026-28194 (In JetBrains TeamCity before 2025.11.3 open redirect was possible in t ...)
+ TODO: check
+CVE-2026-28193 (In JetBrains YouTrack before 2025.3.121962 apps were able to send requ ...)
+ TODO: check
+CVE-2026-27850 (Due to an improperly configured firewall rule, the router will accept ...)
+ TODO: check
+CVE-2026-27849 (Due to missing neutralization of special elements, OS commands can be ...)
+ TODO: check
+CVE-2026-27848 (Due to missing neutralization of special elements, OS commands can be ...)
+ TODO: check
+CVE-2026-27847 (Due to improper neutralization of special elements, SQL statements can ...)
+ TODO: check
+CVE-2026-27846 (Due to missing authentication, a user with physical access to the devi ...)
+ TODO: check
+CVE-2026-27795 (LangChain is a framework for building LLM-powered applications. Prior ...)
+ TODO: check
+CVE-2026-27794 (LangGraph Checkpoint defines the base interface for LangGraph checkpoi ...)
+ TODO: check
+CVE-2026-27739 (The Angular SSR is a server-rise rendering tool for Angular applicatio ...)
+ TODO: check
+CVE-2026-27738 (The Angular SSR is a server-rise rendering tool for Angular applicatio ...)
+ TODO: check
+CVE-2026-27736 (BigBlueButton is an open-source virtual classroom. In versions on the ...)
+ TODO: check
+CVE-2026-27730 (esm.sh is a no-build content delivery network (CDN) for web developmen ...)
+ TODO: check
+CVE-2026-27728 (OneUptime is a solution for monitoring and managing online services. P ...)
+ TODO: check
+CVE-2026-27727 (mchange-commons-java, a library that provides Java utilities, includes ...)
+ TODO: check
+CVE-2026-27706 (Plane is an an open-source project management tool. Prior to version 1 ...)
+ TODO: check
+CVE-2026-27705 (Plane is an an open-source project management tool. Prior to version 1 ...)
+ TODO: check
+CVE-2026-27704 (The Dart and Flutter SDKs provide software development kits for the Da ...)
+ TODO: check
+CVE-2026-27702 (Budibase is a low code platform for creating internal tools, workflows ...)
+ TODO: check
+CVE-2026-27701 (LiveCode is an open-source, client-side code playground. Prior to comm ...)
+ TODO: check
+CVE-2026-27700 (Hono is a Web application framework that provides support for any Java ...)
+ TODO: check
+CVE-2026-27699 (The `basic-ftp` FTP client library for Node.js contains a path travers ...)
+ TODO: check
+CVE-2026-27695 (zae-limiter is a rate limiting library using the token bucket algorith ...)
+ TODO: check
+CVE-2026-27692 (iccDEV provides a set of libraries and tools for working with ICC colo ...)
+ TODO: check
+CVE-2026-27691 (iccDEV provides a set of libraries and tools for working with ICC colo ...)
+ TODO: check
+CVE-2026-26717 (An issue in OpenFUN Richie (LMS) in src/richie/apps/courses/api.py. Th ...)
+ TODO: check
+CVE-2026-26104 (A flaw was found in the udisks storage management daemon that allows u ...)
+ TODO: check
+CVE-2026-26103 (A flaw was found in the udisks storage management daemon that exposes ...)
+ TODO: check
+CVE-2026-25930 (OpenEMR is a free and open source electronic health records and medica ...)
+ TODO: check
+CVE-2026-25929 (OpenEMR is a free and open source electronic health records and medica ...)
+ TODO: check
+CVE-2026-25927 (OpenEMR is a free and open source electronic health records and medica ...)
+ TODO: check
+CVE-2026-25746 (OpenEMR is a free and open source electronic health records and medica ...)
+ TODO: check
+CVE-2026-25743 (OpenEMR is a free and open source electronic health records and medica ...)
+ TODO: check
+CVE-2026-25701 (An Insecure Temporary File vulnerability in openSUSE sdbootutil allows ...)
+ TODO: check
+CVE-2026-25554 (OpenSIPS versions 3.1 before 3.6.4 containing the auth_jwt module (pri ...)
+ TODO: check
+CVE-2026-25476 (OpenEMR is a free and open source electronic health records and medica ...)
+ TODO: check
+CVE-2026-25220 (OpenEMR is a free and open source electronic health records and medica ...)
+ TODO: check
+CVE-2026-25164 (OpenEMR is a free and open source electronic health records and medica ...)
+ TODO: check
+CVE-2026-25138 (Rucio is a software framework that provides functionality to organize, ...)
+ TODO: check
+CVE-2026-25136 (Rucio is a software framework that provides functionality to organize, ...)
+ TODO: check
+CVE-2026-24908 (OpenEMR is a free and open source electronic health records and medica ...)
+ TODO: check
+CVE-2026-24890 (OpenEMR is a free and open source electronic health records and medica ...)
+ TODO: check
+CVE-2026-24487 (OpenEMR is a free and open source electronic health records and medica ...)
+ TODO: check
+CVE-2026-24005 (Kruise provides automated management of large-scale applications on Ku ...)
+ TODO: check
+CVE-2026-23627 (OpenEMR is a free and open source electronic health records and medica ...)
+ TODO: check
+CVE-2026-22866 (Ethereum Name Service (ENS) is a distributed, open, and extensible nam ...)
+ TODO: check
+CVE-2026-22720 (VMware Aria Operations contains a stored cross-site scripting vulnerab ...)
+ TODO: check
+CVE-2026-22719 (VMware Aria Operations contains a command injection vulnerability. A m ...)
+ TODO: check
+CVE-2026-21902 (An Incorrect Permission Assignment for Critical Resource vulnerability ...)
+ TODO: check
+CVE-2026-21725 (A time-of-create-to-time-of-use (TOCTOU) vulnerability lets recently d ...)
+ TODO: check
+CVE-2026-20133 (A vulnerability in Cisco Catalyst SD-WAN Manager could allow an unauth ...)
+ TODO: check
+CVE-2026-20129 (A vulnerability in the API user authentication of Cisco Catalyst SD-WA ...)
+ TODO: check
+CVE-2026-20128 (A vulnerability in the Data Collection Agent (DCA) feature of Cisco Ca ...)
+ TODO: check
+CVE-2026-20127 (A vulnerability in the peering authentication in Cisco Catalyst SD-WAN ...)
+ TODO: check
+CVE-2026-20126 (A vulnerability in Cisco Catalyst SD-WAN Manager could allow an authen ...)
+ TODO: check
+CVE-2026-20122 (A vulnerability in the API of Cisco Catalyst SD-WAN Manager could allo ...)
+ TODO: check
+CVE-2026-20107 (A vulnerability in the Object Model CLI component of Cisco Application ...)
+ TODO: check
+CVE-2026-20099 (A vulnerability in the web-based management interface of Cisco FXOS So ...)
+ TODO: check
+CVE-2026-20091 (A vulnerability in the web-based management interface of Cisco FXOS So ...)
+ TODO: check
+CVE-2026-20051 (A vulnerability with the Ethernet VPN (EVPN) Layer 2 ingress packet pr ...)
+ TODO: check
+CVE-2026-20048 (A vulnerability in the Simple Network Management Protocol (SNMP) subsy ...)
+ TODO: check
+CVE-2026-20037 (A vulnerability in the NX-OS CLI privilege levels of Cisco UCS Manager ...)
+ TODO: check
+CVE-2026-20036 (A vulnerability in the CLI and web-based management interface of Cisco ...)
+ TODO: check
+CVE-2026-20033 (A vulnerability in Cisco Nexus 9000 Series Fabric Switches in ACI mode ...)
+ TODO: check
+CVE-2026-20010 (A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of ...)
+ TODO: check
+CVE-2026-1929 (The Advanced Woo Labels plugin for WordPress is vulnerable to Remote C ...)
+ TODO: check
+CVE-2026-1916 (The WPGSI: Spreadsheet Integration plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2026-0704 (In affected version of Octopus Deploy it was possible to remove files ...)
+ TODO: check
+CVE-2025-69771 (An arbitrary file upload vulnerability in the subtitle loading functio ...)
+ TODO: check
+CVE-2025-67860 (A vulnerability has been identified in the NeuVector scanner where the ...)
+ TODO: check
+CVE-2025-67601 (A vulnerability has been identified within Rancher Manager, where usin ...)
+ TODO: check
+CVE-2025-62878 (A malicious user can manipulate the parameters.pathPatternto create Pe ...)
+ TODO: check
+CVE-2025-50180 (esm.sh is a no-build content delivery network (CDN) for web developmen ...)
+ TODO: check
+CVE-2025-3525 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
+ TODO: check
+CVE-2025-1242 (The administrative credentials can be extracted through application AP ...)
+ TODO: check
+CVE-2025-14742 (The WP Recipe Maker plugin for WordPress is vulnerable to unauthorized ...)
+ TODO: check
+CVE-2025-14103 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
+ TODO: check
CVE-2026-27015
- freerdp3 3.23.0+dfsg-1
- freerdp2 <removed>
@@ -118,11 +324,11 @@ CVE-2026-2914 (CyberArk Endpoint Privilege Manager Agent versions 25.10.0 and lo
NOT-FOR-US: Palo Alto Networks
CVE-2026-27822 (RustFS is a distributed object storage system built in Rust. Prior to ...)
NOT-FOR-US: RustFS
-CVE-2026-27747 (The SPIP interface_traduction_objets plugin versions prior to4.3.3 con ...)
+CVE-2026-27747 (The SPIP interface_traduction_objets plugin versions prior to2.2.2 con ...)
NOT-FOR-US: SPIP interface_traduction_objets plugi
CVE-2026-27746 (The SPIP jeux plugin versions prior to4.1.1 contain a reflected cross- ...)
NOT-FOR-US: SPIP jeux plugin
-CVE-2026-27745 (The SPIP interface_traduction_objets plugin versions prior to4.3.3 con ...)
+CVE-2026-27745 (The SPIP interface_traduction_objets plugin versions prior to2.2.2 con ...)
NOT-FOR-US: SPIP interface_traduction_objets plugin
CVE-2026-27744 (The SPIP tickets plugin versions prior to4.3.3 contain an unauthentica ...)
NOT-FOR-US: SPIP tickets plugin
@@ -418,11 +624,13 @@ CVE-2024-48928 (Piwigo is an open source photo gallery application for the web.
CVE-2024-1524 (When the "Silent Just-In-Time Provisioning" feature is enabled for a f ...)
NOT-FOR-US: WSO2
CVE-2026-2793 (Memory safety bugs present in Firefox ESR 115.32, Firefox ESR 140.7, T ...)
+ {DSA-6148-1}
- firefox <unfixed>
- firefox-esr 140.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2793
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2793
CVE-2026-2792 (Memory safety bugs present in Firefox ESR 140.7, Thunderbird ESR 140.7 ...)
+ {DSA-6148-1}
- firefox <unfixed>
- firefox-esr 140.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2792
@@ -431,11 +639,13 @@ CVE-2026-2807 (Memory safety bugs present in Firefox 147 and Thunderbird 147. So
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2807
CVE-2026-2791 (Mitigation bypass in the Networking: Cache component. This vulnerabili ...)
+ {DSA-6148-1}
- firefox <unfixed>
- firefox-esr 140.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2791
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2791
CVE-2026-2790 (Same-origin policy bypass in the Networking: JAR component. This vulne ...)
+ {DSA-6148-1}
- firefox <unfixed>
- firefox-esr 140.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2790
@@ -444,16 +654,19 @@ CVE-2026-2806 (Uninitialized memory in the Graphics: Text component. This vulner
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2806
CVE-2026-2789 (Use-after-free in the Graphics: ImageLib component. This vulnerability ...)
+ {DSA-6148-1}
- firefox <unfixed>
- firefox-esr 140.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2789
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2789
CVE-2026-2788 (Incorrect boundary conditions in the Audio/Video: GMP component. This ...)
+ {DSA-6148-1}
- firefox <unfixed>
- firefox-esr 140.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2788
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2788
CVE-2026-2787 (Use-after-free in the DOM: Window and Location component. This vulnera ...)
+ {DSA-6148-1}
- firefox <unfixed>
- firefox-esr 140.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2787
@@ -462,6 +675,7 @@ CVE-2026-2805 (Invalid pointer in the DOM: Core & HTML component. This vulnerabi
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2805
CVE-2026-2786 (Use-after-free in the JavaScript Engine component. This vulnerability ...)
+ {DSA-6148-1}
- firefox <unfixed>
- firefox-esr 140.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2786
@@ -470,11 +684,13 @@ CVE-2026-2804 (Use-after-free in the JavaScript: WebAssembly component. This vul
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2804
CVE-2026-2785 (Invalid pointer in the JavaScript Engine component. This vulnerability ...)
+ {DSA-6148-1}
- firefox <unfixed>
- firefox-esr 140.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2785
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2785
CVE-2026-2784 (Mitigation bypass in the DOM: Security component. This vulnerability a ...)
+ {DSA-6148-1}
- firefox <unfixed>
- firefox-esr 140.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2784
@@ -486,11 +702,13 @@ CVE-2026-2802 (Race condition in the JavaScript: GC component. This vulnerabilit
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2802
CVE-2026-2783 (Information disclosure due to JIT miscompilation in the JavaScript Eng ...)
+ {DSA-6148-1}
- firefox <unfixed>
- firefox-esr 140.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2783
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2783
CVE-2026-2782 (Privilege escalation in the Netmonitor component. This vulnerability a ...)
+ {DSA-6148-1}
- firefox <unfixed>
- firefox-esr 140.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2782
@@ -499,6 +717,7 @@ CVE-2026-2801 (Incorrect boundary conditions in the JavaScript: WebAssembly comp
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2801
CVE-2026-2781 (Integer overflow in the Libraries component in NSS. This vulnerability ...)
+ {DSA-6148-1}
- firefox <unfixed>
- firefox-esr 140.8.0esr-1
- nss 2:3.121-1
@@ -507,6 +726,7 @@ CVE-2026-2781 (Integer overflow in the Libraries component in NSS. This vulnerab
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=2009552 (private)
NOTE: Fixed by: https://hg.mozilla.org/projects/nss/rev/245385e16fa6
CVE-2026-2780 (Privilege escalation in the Netmonitor component. This vulnerability a ...)
+ {DSA-6148-1}
- firefox <unfixed>
- firefox-esr 140.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2780
@@ -515,16 +735,19 @@ CVE-2026-2800 (Spoofing issue in the WebAuthn component in Firefox for Android.
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2800
CVE-2026-2779 (Incorrect boundary conditions in the Networking: JAR component. This v ...)
+ {DSA-6148-1}
- firefox <unfixed>
- firefox-esr 140.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2779
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2779
CVE-2026-2778 (Sandbox escape due to incorrect boundary conditions in the DOM: Core & ...)
+ {DSA-6148-1}
- firefox <unfixed>
- firefox-esr 140.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2778
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2778
CVE-2026-2777 (Privilege escalation in the Messaging System component. This vulnerabi ...)
+ {DSA-6148-1}
- firefox <unfixed>
- firefox-esr 140.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2777
@@ -535,31 +758,37 @@ CVE-2026-2776 (Sandbox escape due to incorrect boundary conditions in the Teleme
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2776
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2776
CVE-2026-2775 (Mitigation bypass in the DOM: HTML Parser component. This vulnerabilit ...)
+ {DSA-6148-1}
- firefox <unfixed>
- firefox-esr 140.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2775
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2775
CVE-2026-2774 (Integer overflow in the Audio/Video component. This vulnerability affe ...)
+ {DSA-6148-1}
- firefox <unfixed>
- firefox-esr 140.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2774
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2774
CVE-2026-2773 (Incorrect boundary conditions in the Web Audio component. This vulnera ...)
+ {DSA-6148-1}
- firefox <unfixed>
- firefox-esr 140.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2773
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2773
CVE-2026-2772 (Use-after-free in the Audio/Video: Playback component. This vulnerabil ...)
+ {DSA-6148-1}
- firefox <unfixed>
- firefox-esr 140.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2772
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2772
CVE-2026-2771 (Undefined behavior in the DOM: Core & HTML component. This vulnerabili ...)
+ {DSA-6148-1}
- firefox <unfixed>
- firefox-esr 140.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2771
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2771
CVE-2026-2770 (Use-after-free in the DOM: Bindings (WebIDL) component. This vulnerabi ...)
+ {DSA-6148-1}
- firefox <unfixed>
- firefox-esr 140.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2770
@@ -568,6 +797,7 @@ CVE-2026-2799 (Use-after-free in the DOM: Core & HTML component. This vulnerabil
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2799
CVE-2026-2769 (Use-after-free in the Storage: IndexedDB component. This vulnerability ...)
+ {DSA-6148-1}
- firefox <unfixed>
- firefox-esr 140.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2769
@@ -576,21 +806,25 @@ CVE-2026-2798 (Use-after-free in the DOM: Core & HTML component. This vulnerabil
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2798
CVE-2026-2768 (Sandbox escape in the Storage: IndexedDB component. This vulnerability ...)
+ {DSA-6148-1}
- firefox <unfixed>
- firefox-esr 140.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2768
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2768
CVE-2026-2767 (Use-after-free in the JavaScript: WebAssembly component. This vulnerab ...)
+ {DSA-6148-1}
- firefox <unfixed>
- firefox-esr 140.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2767
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2767
CVE-2026-2766 (Use-after-free in the JavaScript Engine: JIT component. This vulnerabi ...)
+ {DSA-6148-1}
- firefox <unfixed>
- firefox-esr 140.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2766
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2766
CVE-2026-2765 (Use-after-free in the JavaScript Engine component. This vulnerability ...)
+ {DSA-6148-1}
- firefox <unfixed>
- firefox-esr 140.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2765
@@ -602,26 +836,31 @@ CVE-2026-2796 (JIT miscompilation in the JavaScript: WebAssembly component. This
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2796
CVE-2026-2764 (JIT miscompilation, use-after-free in the JavaScript Engine: JIT compo ...)
+ {DSA-6148-1}
- firefox <unfixed>
- firefox-esr 140.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2764
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2764
CVE-2026-2763 (Use-after-free in the JavaScript Engine component. This vulnerability ...)
+ {DSA-6148-1}
- firefox <unfixed>
- firefox-esr 140.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2763
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2763
CVE-2026-2762 (Integer overflow in the JavaScript: Standard Library component. This v ...)
+ {DSA-6148-1}
- firefox <unfixed>
- firefox-esr 140.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2762
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2762
CVE-2026-2761 (Sandbox escape in the Graphics: WebRender component. This vulnerabilit ...)
+ {DSA-6148-1}
- firefox <unfixed>
- firefox-esr 140.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2761
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2761
CVE-2026-2760 (Sandbox escape due to incorrect boundary conditions in the Graphics: W ...)
+ {DSA-6148-1}
- firefox <unfixed>
- firefox-esr 140.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2760
@@ -630,11 +869,13 @@ CVE-2026-2795 (Use-after-free in the JavaScript: GC component. This vulnerabilit
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2795
CVE-2026-2759 (Incorrect boundary conditions in the Graphics: ImageLib component. Thi ...)
+ {DSA-6148-1}
- firefox <unfixed>
- firefox-esr 140.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2759
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2759
CVE-2026-2758 (Use-after-free in the JavaScript: GC component. This vulnerability aff ...)
+ {DSA-6148-1}
- firefox <unfixed>
- firefox-esr 140.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2758
@@ -643,6 +884,7 @@ CVE-2026-2794 (Information disclosure due to uninitialized memory in Firefox and
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2794
CVE-2026-2757 (Incorrect boundary conditions in the WebRTC: Audio/Video component. Th ...)
+ {DSA-6148-1}
- firefox <unfixed>
- firefox-esr 140.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2757
@@ -7256,7 +7498,7 @@ CVE-2026-1584
NOTE: Introduced with: https://gitlab.com/gnutls/gnutls/-/commit/33034a91c2c1f38bad19e747d3021885d54bfb44 (3.8.11)
NOTE: Fixed by: https://gitlab.com/gnutls/gnutls/-/commit/acf67a4a68bc6d9ab7b882469c67f6cf28db56a0 (3.8.12)
CVE-2025-14831 (A flaw was found in GnuTLS. This vulnerability allows a denial of serv ...)
- {DSA-6140-1}
+ {DSA-6140-1 DLA-4492-1}
- gnutls28 3.8.12-1
NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1773
NOTE: Prequisite: https://gitlab.com/gnutls/gnutls/-/commit/0b2377dfccd99be641bf3f1a0de9f0dc8dc0d4b1 (3.8.12)
@@ -12014,7 +12256,7 @@ CVE-2025-11187 (Issue summary: PBMAC1 parameters in PKCS#12 files are missing va
NOTE: Fixed by: https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e (openssl-3.5.5)
NOTE: Testcases: https://github.com/openssl/openssl/commit/4583982d252797c133ce4139b7f78d2942d2bcdb (openssl-3.5.5)
NOTE: Testcases: https://github.com/openssl/openssl/commit/c716acac5e0e2216bcf3ab54036f0ef31ebe1b52 (openssl-3.5.5)
-CVE-2025-15467 (Issue summary: Parsing CMS AuthEnvelopedData message with maliciously ...)
+CVE-2025-15467 (Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message ...)
{DSA-6113-1}
- openssl 3.5.5-1
[bullseye] - openssl <not-affected> (Vulnerable code introduced later)
@@ -39774,6 +40016,7 @@ CVE-2025-11003 (The UiPress lite | Effortless custom dashboards, admin themes an
CVE-2025-10938 (The UiPress lite plugin for WordPress is vulnerable to Sensitive Infor ...)
NOT-FOR-US: WordPress plugin
CVE-2025-9820 (A flaw was found in the GnuTLS library, specifically in the gnutls_pkc ...)
+ {DLA-4492-1}
[experimental] - gnutls28 3.8.11-1
- gnutls28 3.8.11-3 (bug #1121146)
[trixie] - gnutls28 3.8.9-3+deb13u1
@@ -79837,13 +80080,13 @@ CVE-2025-30086 (CNCF Harbor 2.13.x before 2.13.1 and 2.12.x before 2.12.4 allows
NOT-FOR-US: Harbor
CVE-2025-2329 (In high traffic environments, a Silicon Labs OpenThread RCP (see impac ...)
NOT-FOR-US: Silicon Labs
-CVE-2025-29631 (An issue in Gardyn 4 allows a remote attacker execute arbitrary code)
+CVE-2025-29631 (Gardyn Home Kit firmware before master.619, Home Kit Mobile Applicatio ...)
NOT-FOR-US: Gardyn
CVE-2025-29630 (An issue in Gardyn 4 allows a remote attacker with the corresponding s ...)
NOT-FOR-US: Gardyn
-CVE-2025-29629 (An issue in Gardyn 4 allows a remote attacker to obtain sensitive info ...)
+CVE-2025-29629 (Gardyn Home Kit firmware before master.619, Home Kit Mobile Applicatio ...)
NOT-FOR-US: Gardyn
-CVE-2025-29628 (An issue in Gardyn 4 allows a remote attacker to obtain sensitive info ...)
+CVE-2025-29628 (A Gardyn Azure IoT Hub connection string is downloaded over an insecur ...)
NOT-FOR-US: Gardyn
CVE-2024-48730 (The default configuration in ETSI Open-Source MANO (OSM) v.14.x, v.15. ...)
NOT-FOR-US: ETSI Open-Source MANO (OSM)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4dc14e3976d3351adb0777b125aebc1956ca32f7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4dc14e3976d3351adb0777b125aebc1956ca32f7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260225/7d54e94a/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list