[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Jan 17 20:15:07 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7a7fb20a by security tracker role at 2026-01-17T20:13:42+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,31 @@
+CVE-2026-1063 (A vulnerability has been found in bastillion-io Bastillion up to 4.0.1 ...)
+ TODO: check
+CVE-2026-1062 (A flaw has been found in xiweicheng TMS up to 2.28.0. This affects the ...)
+ TODO: check
+CVE-2026-1061 (A vulnerability was detected in xiweicheng TMS up to 2.28.0. Affected ...)
+ TODO: check
+CVE-2026-1059 (A security vulnerability has been detected in FeMiner wms up to 9cad1f ...)
+ TODO: check
+CVE-2026-1050 (A flaw has been found in risesoft-y9 Digital-Infrastructure up to 9.6. ...)
+ TODO: check
+CVE-2026-1049 (A security vulnerability has been detected in LigeroSmart up to 6.1.26 ...)
+ TODO: check
+CVE-2026-1048 (A weakness has been identified in LigeroSmart up to 6.1.26. Impacted i ...)
+ TODO: check
+CVE-2026-0725 (The Integrate Dynamics 365 CRM plugin for WordPress is vulnerable to S ...)
+ TODO: check
+CVE-2025-8615 (The CubeWP plugin for WordPress is vulnerable to Stored Cross-Site Scr ...)
+ TODO: check
+CVE-2025-15532 (A security flaw has been discovered in Open5GS up to 2.7.5. This issue ...)
+ TODO: check
+CVE-2025-15531 (A vulnerability was identified in Open5GS up to 2.7.5. This vulnerabil ...)
+ TODO: check
+CVE-2025-15530 (A vulnerability was determined in Open5GS up to 2.7.6. This affects th ...)
+ TODO: check
+CVE-2025-14078 (The PAYGENT for WooCommerce plugin for WordPress is vulnerable to Miss ...)
+ TODO: check
+CVE-2025-10484 (The Registration & Login with Mobile Phone Number for WooCommerce plug ...)
+ TODO: check
CVE-2026-23800 (Incorrect Privilege Assignment vulnerability in Modular DS modular-con ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-23745 (node-tar is a Tar for Node.js. The node-tar library (<= 7.5.2) fails t ...)
@@ -2448,7 +2476,7 @@ CVE-2026-0892 (Memory safety bugs present in Firefox 146 and Thunderbird 146. So
- firefox 147.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-01/#CVE-2026-0892
CVE-2026-0891 (Memory safety bugs present in Firefox ESR 140.6, Thunderbird ESR 140.6 ...)
- {DSA-6101-1 DLA-4439-1}
+ {DSA-6103-1 DSA-6101-1 DLA-4439-1}
- firefox 147.0-1
- firefox-esr 140.7.0esr-1
- thunderbird 1:140.7.0esr-1
@@ -2456,7 +2484,7 @@ CVE-2026-0891 (Memory safety bugs present in Firefox ESR 140.6, Thunderbird ESR
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-03/#CVE-2026-0891
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-05/#CVE-2026-0891
CVE-2026-0890 (Spoofing issue in the DOM: Copy & Paste and Drag & Drop component. Thi ...)
- {DSA-6101-1 DLA-4439-1}
+ {DSA-6103-1 DSA-6101-1 DLA-4439-1}
- firefox 147.0-1
- firefox-esr 140.7.0esr-1
- thunderbird 1:140.7.0esr-1
@@ -2470,7 +2498,7 @@ CVE-2026-0888 (Information disclosure in the XML component. This vulnerability a
- firefox 147.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-01/#CVE-2026-0888
CVE-2026-0887 (Clickjacking issue, information disclosure in the PDF Viewer component ...)
- {DSA-6101-1 DLA-4439-1}
+ {DSA-6103-1 DSA-6101-1 DLA-4439-1}
- firefox 147.0-1
- firefox-esr 140.7.0esr-1
- thunderbird 1:140.7.0esr-1
@@ -2478,7 +2506,7 @@ CVE-2026-0887 (Clickjacking issue, information disclosure in the PDF Viewer comp
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-03/#CVE-2026-0887
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-05/#CVE-2026-0887
CVE-2026-0886 (Incorrect boundary conditions in the Graphics component. This vulnerab ...)
- {DSA-6101-1 DLA-4439-1}
+ {DSA-6103-1 DSA-6101-1 DLA-4439-1}
- firefox 147.0-1
- firefox-esr 140.7.0esr-1
- thunderbird 1:140.7.0esr-1
@@ -2486,7 +2514,7 @@ CVE-2026-0886 (Incorrect boundary conditions in the Graphics component. This vul
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-03/#CVE-2026-0886
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-05/#CVE-2026-0886
CVE-2026-0885 (Use-after-free in the JavaScript: GC component. This vulnerability aff ...)
- {DSA-6101-1 DLA-4439-1}
+ {DSA-6103-1 DSA-6101-1 DLA-4439-1}
- firefox 147.0-1
- firefox-esr 140.7.0esr-1
- thunderbird 1:140.7.0esr-1
@@ -2494,7 +2522,7 @@ CVE-2026-0885 (Use-after-free in the JavaScript: GC component. This vulnerabilit
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-03/#CVE-2026-0885
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-05/#CVE-2026-0885
CVE-2026-0884 (Use-after-free in the JavaScript Engine component. This vulnerability ...)
- {DSA-6101-1 DLA-4439-1}
+ {DSA-6103-1 DSA-6101-1 DLA-4439-1}
- firefox 147.0-1
- firefox-esr 140.7.0esr-1
- thunderbird 1:140.7.0esr-1
@@ -2502,7 +2530,7 @@ CVE-2026-0884 (Use-after-free in the JavaScript Engine component. This vulnerabi
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-03/#CVE-2026-0884
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-05/#CVE-2026-0884
CVE-2026-0883 (Information disclosure in the Networking component. This vulnerability ...)
- {DSA-6101-1 DLA-4439-1}
+ {DSA-6103-1 DSA-6101-1 DLA-4439-1}
- firefox 147.0-1
- firefox-esr 140.7.0esr-1
- thunderbird 1:140.7.0esr-1
@@ -2510,7 +2538,7 @@ CVE-2026-0883 (Information disclosure in the Networking component. This vulnerab
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-03/#CVE-2026-0883
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-05/#CVE-2026-0883
CVE-2026-0882 (Use-after-free in the IPC component. This vulnerability affects Firefo ...)
- {DSA-6101-1 DLA-4439-1}
+ {DSA-6103-1 DSA-6101-1 DLA-4439-1}
- firefox 147.0-1
- firefox-esr 140.7.0esr-1
- thunderbird 1:140.7.0esr-1
@@ -2521,7 +2549,7 @@ CVE-2026-0881 (Sandbox escape in the Messaging System component. This vulnerabil
- firefox 147.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-01/#CVE-2026-0881
CVE-2026-0880 (Sandbox escape due to integer overflow in the Graphics component. This ...)
- {DSA-6101-1 DLA-4439-1}
+ {DSA-6103-1 DSA-6101-1 DLA-4439-1}
- firefox 147.0-1
- firefox-esr 140.7.0esr-1
- thunderbird 1:140.7.0esr-1
@@ -2529,7 +2557,7 @@ CVE-2026-0880 (Sandbox escape due to integer overflow in the Graphics component.
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-03/#CVE-2026-0880
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-05/#CVE-2026-0880
CVE-2026-0879 (Sandbox escape due to incorrect boundary conditions in the Graphics co ...)
- {DSA-6101-1 DLA-4439-1}
+ {DSA-6103-1 DSA-6101-1 DLA-4439-1}
- firefox 147.0-1
- firefox-esr 140.7.0esr-1
- thunderbird 1:140.7.0esr-1
@@ -2537,7 +2565,7 @@ CVE-2026-0879 (Sandbox escape due to incorrect boundary conditions in the Graphi
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-03/#CVE-2026-0879
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-05/#CVE-2026-0879
CVE-2026-0878 (Sandbox escape due to incorrect boundary conditions in the Graphics: C ...)
- {DSA-6101-1 DLA-4439-1}
+ {DSA-6103-1 DSA-6101-1 DLA-4439-1}
- firefox 147.0-1
- firefox-esr 140.7.0esr-1
- thunderbird 1:140.7.0esr-1
@@ -2545,7 +2573,7 @@ CVE-2026-0878 (Sandbox escape due to incorrect boundary conditions in the Graphi
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-03/#CVE-2026-0878
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-05/#CVE-2026-0878
CVE-2026-0877 (Mitigation bypass in the DOM: Security component. This vulnerability a ...)
- {DSA-6101-1 DLA-4439-1}
+ {DSA-6103-1 DSA-6101-1 DLA-4439-1}
- firefox 147.0-1
- firefox-esr 140.7.0esr-1
- thunderbird 1:140.7.0esr-1
@@ -3787,6 +3815,7 @@ CVE-2026-21682 (iccDEV provides a set of libraries and tools that allow for the
CVE-2026-21681 (iccDEV provides a set of libraries and tools that allow for the intera ...)
NOT-FOR-US: iccDEV
CVE-2026-21441 (urllib3 is an HTTP client library for Python. urllib3's streaming API ...)
+ {DSA-6102-1}
- python-urllib3 2.5.0-2 (bug #1125062)
NOTE: https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99
NOTE: https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b (2.6.3)
@@ -18148,7 +18177,7 @@ CVE-2025-14328 (Privilege escalation in the Netmonitor component. This vulnerabi
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-94/#CVE-2025-14328
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-96/#CVE-2025-14328
CVE-2025-14327 (Spoofing issue in the Downloads Panel component. This vulnerability af ...)
- {DSA-6101-1 DLA-4439-1}
+ {DSA-6103-1 DSA-6101-1 DLA-4439-1}
- firefox 146.0-1
- firefox-esr 140.7.0esr-1
- thunderbird 1:140.7.0esr-1
@@ -20117,7 +20146,7 @@ CVE-2025-66471 (urllib3 is a user-friendly HTTP client library for Python. Start
NOTE: The fix requires an updated src:brotli >= 1.2.0 for the fix to be effective,
NOTE: which adds the optional output_buffer_limit option to avoid these attacks.
CVE-2025-66418 (urllib3 is a user-friendly HTTP client library for Python. Starting in ...)
- {DLA-4421-1}
+ {DSA-6102-1 DLA-4421-1}
- python-urllib3 2.5.0-1.1 (bug #1122030)
NOTE: https://www.openwall.com/lists/oss-security/2025/12/05/4
NOTE: https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a7fb20ab88a9643fac8c36aaf60c6f197ffc325
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a7fb20ab88a9643fac8c36aaf60c6f197ffc325
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260117/3b9a4d64/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list