[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Jun 19 08:13:09 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6c527449 by security tracker role at 2026-06-19T07:13:02+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,141 @@
+CVE-2026-9822 (The WP Hotel Booking WordPress plugin before 2.3.1 does not enforce ca ...)
+ TODO: check
+CVE-2026-9013 (The Bogo plugin for WordPress is vulnerable to Sensitive Information E ...)
+ TODO: check
+CVE-2026-8806 (Expected Behavior Violation vulnerability in Mitsubishi Electric MELSE ...)
+ TODO: check
+CVE-2026-8805 (Integer Overflow or Wraparound vulnerability in the EtherNet/IP functi ...)
+ TODO: check
+CVE-2026-8713 (The Avada (Fusion) Builder plugin for WordPress is vulnerable to arbit ...)
+ TODO: check
+CVE-2026-8668 (A static credential embedded in Chef 360 prior to v1.7.0 permitted una ...)
+ TODO: check
+CVE-2026-8118 (The Royal Addons for Elementor \u2013 Addons and Templates Kit for Ele ...)
+ TODO: check
+CVE-2026-8100 (Impact A security issue has been identified in Chef 360 that could al ...)
+ TODO: check
+CVE-2026-7547 (The Woosa \u2013 Marktplaats for WooCommerce plugin for WordPress is v ...)
+ TODO: check
+CVE-2026-7515 (The BetterDocs Pro plugin for WordPress is vulnerable to Local File In ...)
+ TODO: check
+CVE-2026-6716
+ REJECTED
+CVE-2026-56132 (In libexpat before 2.8.2, there is a heap-based buffer overflow in doP ...)
+ TODO: check
+CVE-2026-56131 (libexpat before 2.8.2 lacks handler call depth tracking for calls to X ...)
+ TODO: check
+CVE-2026-56099 (OpenBSD before commit 6a23123 (2026-06-18) contains an out-of-bounds r ...)
+ TODO: check
+CVE-2026-56078 (PraisonAI before 1.5.115 contains a path traversal vulnerability in Mu ...)
+ TODO: check
+CVE-2026-56077 (PraisonAI before 1.5.115 contains an information disclosure vulnerabil ...)
+ TODO: check
+CVE-2026-56076 (PraisonAI before 1.5.128 contains a cross-origin agent execution vulne ...)
+ TODO: check
+CVE-2026-56075 (PraisonAI before 4.5.128 contains an arbitrary shell command execution ...)
+ TODO: check
+CVE-2026-56074 (PraisonAI before 1.5.128 caches tool approval decisions by tool name o ...)
+ TODO: check
+CVE-2026-54414 (FileRise before 3.16.0 is vulnerable to path traversal in the shared-f ...)
+ TODO: check
+CVE-2026-54130 (Missing authentication for critical function in M365 Copilot allows an ...)
+ TODO: check
+CVE-2026-54017 (Open WebUI is a self-hosted artificial intelligence platform designed ...)
+ TODO: check
+CVE-2026-52866 (An attacker within BLE communication range can monopolize the device's ...)
+ TODO: check
+CVE-2026-50034 (An attacker within BLE communication range can passively intercept wi ...)
+ TODO: check
+CVE-2026-4328 (The Advanced Import plugin for WordPress is vulnerable to Server-Side ...)
+ TODO: check
+CVE-2026-49454 (Relyra is a strict-by-default SAML 2.0 Service Provider library for El ...)
+ TODO: check
+CVE-2026-49257 (mcp-pinot is a Python-based Model Context Protocol (MCP) server for in ...)
+ TODO: check
+CVE-2026-49252 (deepstream is a server that allows clients and backend services to syn ...)
+ TODO: check
+CVE-2026-49248 (OneDev is a Git server with CI/CD, kanban, and packages. In versions 1 ...)
+ TODO: check
+CVE-2026-49205 (phpMyFAQ is an open source FAQ web application. Versions prior to 4.1 ...)
+ TODO: check
+CVE-2026-48983 (pam_usb provides hardware authentication for Linux using ordinary remo ...)
+ TODO: check
+CVE-2026-48982 (pam_usb provides hardware authentication for Linux using ordinary remo ...)
+ TODO: check
+CVE-2026-48981 (pam_usb provides hardware authentication for Linux using ordinary remo ...)
+ TODO: check
+CVE-2026-48980 (pam_usb provides hardware authentication for Linux using removable med ...)
+ TODO: check
+CVE-2026-48716 (nanobot is a personal AI assistant. In versions 0.1.5.post3 and prior, ...)
+ TODO: check
+CVE-2026-47847 (Bitnami MariaDB Galera container images and Helm chart are affected by ...)
+ TODO: check
+CVE-2026-47846 (Bitnami Cassandra container images are affected by a retained default ...)
+ TODO: check
+CVE-2026-47647 (Improper access control in Microsoft Dynamics 365 allows an authorized ...)
+ TODO: check
+CVE-2026-47633 (Exposure of sensitive information to an unauthorized actor in Cost Man ...)
+ TODO: check
+CVE-2026-46699 (conda-smithy is a tool for combining a conda recipe with configuration ...)
+ TODO: check
+CVE-2026-45696 (OpenEXR is the reference implementation and specification for the EXR ...)
+ TODO: check
+CVE-2026-44663 (OpenEXR is the reference implementation and specification for the EXR ...)
+ TODO: check
+CVE-2026-43994 (Coturn is a free open source implementation of TURN and STUN Server. V ...)
+ TODO: check
+CVE-2026-43915 (Coturn is a free open source implementation of TURN and STUN Server. V ...)
+ TODO: check
+CVE-2026-40624 (Improper input validation in AVer PTC500S, PTC115, PTC500+, and PTC115 ...)
+ TODO: check
+CVE-2026-32174 (Improper authentication in Azure Bot Service allows an authorized atta ...)
+ TODO: check
+CVE-2026-2842
+ REJECTED
+CVE-2026-25865 (Punto Switcher through 4.5.0.583 contains an unquoted search path elem ...)
+ TODO: check
+CVE-2026-22674 (Hashgraph Guardian through 3.5.0, fixed in commit ba8c566, contains a ...)
+ TODO: check
+CVE-2026-1856 (The Appointment Booking Calendar plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2026-12644 (Versions of the package ts-deepmerge before 8.0.0 are vulnerable to Un ...)
+ TODO: check
+CVE-2026-12430 (The Blocksy Companion plugin for WordPress is vulnerable to Stored Cro ...)
+ TODO: check
+CVE-2026-12157 (The BetterDocs - Knowledge Base Docs & FAQ Solution for Elementor & Bl ...)
+ TODO: check
+CVE-2026-12050 (SQL injection in pgAdmin 4's named restore point endpoint (POST /brows ...)
+ TODO: check
+CVE-2026-12049 (Open redirect in pgAdmin 4's multi-factor authentication flow. The MFA ...)
+ TODO: check
+CVE-2026-12048 (Stored cross-site scripting in pgAdmin 4's error-rendering and plan-no ...)
+ TODO: check
+CVE-2026-12047 (HTML injection in pgAdmin 4's cloud deployment module. The verify_cred ...)
+ TODO: check
+CVE-2026-12046 (Two state-mutating endpoints in pgAdmin 4's SQL Editor blueprint -- DE ...)
+ TODO: check
+CVE-2026-12045 (Read-only transaction bypass in the pgAdmin 4 AI Assistant allows an a ...)
+ TODO: check
+CVE-2026-12044 (SQL injection in pgAdmin 4 across every dialog template that renders ` ...)
+ TODO: check
+CVE-2026-11989 (The Bit integrations \u2013 Form Integration, Webhook, Spreadsheets, C ...)
+ TODO: check
+CVE-2026-11775 (The User Admin Simplifier plugin for WordPress is vulnerable to Cross- ...)
+ TODO: check
+CVE-2026-11752 (A vulnerability has been identified in armeria-xds versions 1.38.0 thr ...)
+ TODO: check
+CVE-2026-10779 (The Classified Listing \u2013 Classified ads & Business Directory plug ...)
+ TODO: check
+CVE-2026-10746
+ REJECTED
+CVE-2026-10720 (Canonical MicroCeph versions from the squid and tentacle track are vul ...)
+ TODO: check
+CVE-2026-10034 (The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to author ...)
+ TODO: check
+CVE-2025-7737 (DoS Vulnerability in 10G iSCSI Interface of Hitachi Virtual Storage Pl ...)
+ TODO: check
+CVE-2025-15661 (libssh2 through 1.11.1, fixed in commit 2dae302, contains an out-of-bo ...)
+ TODO: check
CVE-2026-55766
- php-guzzlehttp-psr7 <unfixed>
NOTE: https://github.com/guzzle/psr7/security/advisories/GHSA-vm85-hxw5-5432
@@ -1620,102 +1758,135 @@ CVE-2026-22313 (The device has a webserver that exposes a REST API authenticated
CVE-2026-22312 (The device has a webserver that exposes a REST API authenticated with ...)
NOT-FOR-US: iSAP Smart Collector
CVE-2026-12469 (Uninitialized Use in GPU in Google Chrome on Android prior to 149.0.78 ...)
+ {DSA-6352-1}
- chromium 149.0.7827.155-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12468 (Race in Updater in Google Chrome on Mac prior to 149.0.7827.155 allowe ...)
+ {DSA-6352-1}
- chromium 149.0.7827.155-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12467 (Use after free in Extensions in Google Chrome prior to 149.0.7827.155 ...)
+ {DSA-6352-1}
- chromium 149.0.7827.155-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12466 (Heap buffer overflow in WebRTC in Google Chrome on Windows prior to 14 ...)
+ {DSA-6352-1}
- chromium 149.0.7827.155-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12465 (Object lifecycle issue in Metrics in Google Chrome prior to 149.0.7827 ...)
+ {DSA-6352-1}
- chromium 149.0.7827.155-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12464 (Use after free in Browser in Google Chrome prior to 149.0.7827.155 all ...)
+ {DSA-6352-1}
- chromium 149.0.7827.155-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12463 (Inappropriate implementation in Views in Google Chrome on Linux prior ...)
+ {DSA-6352-1}
- chromium 149.0.7827.155-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12462 (Use after free in Media in Google Chrome prior to 149.0.7827.155 allow ...)
+ {DSA-6352-1}
- chromium 149.0.7827.155-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12461 (Out of bounds read in WebRTC in Google Chrome on Windows prior to 149. ...)
+ {DSA-6352-1}
- chromium 149.0.7827.155-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12460 (Insufficient policy enforcement in File System Access in Google Chrome ...)
+ {DSA-6352-1}
- chromium 149.0.7827.155-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12459 (Inappropriate implementation in Serial in Google Chrome prior to 149.0 ...)
+ {DSA-6352-1}
- chromium 149.0.7827.155-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12458 (Inappropriate implementation in Passwords in Google Chrome prior to 14 ...)
+ {DSA-6352-1}
- chromium 149.0.7827.155-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12457 (Inappropriate implementation in Extensions in Google Chrome prior to 1 ...)
+ {DSA-6352-1}
- chromium 149.0.7827.155-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12456 (Inappropriate implementation in Extensions in Google Chrome prior to 1 ...)
+ {DSA-6352-1}
- chromium 149.0.7827.155-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12455 (Use after free in Tab Strip in Google Chrome prior to 149.0.7827.155 a ...)
+ {DSA-6352-1}
- chromium 149.0.7827.155-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12454 (Race in Safe Browsing in Google Chrome on Mac prior to 149.0.7827.155 ...)
+ {DSA-6352-1}
- chromium 149.0.7827.155-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12453 (Insufficient validation of untrusted input in Input in Google Chrome p ...)
+ {DSA-6352-1}
- chromium 149.0.7827.155-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12452 (Use after free in Downloads in Google Chrome on Android prior to 149.0 ...)
+ {DSA-6352-1}
- chromium 149.0.7827.155-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12451 (Use after free in DigitalCredentials in Google Chrome prior to 149.0.7 ...)
+ {DSA-6352-1}
- chromium 149.0.7827.155-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12450 (Inappropriate implementation in Media in Google Chrome prior to 149.0. ...)
+ {DSA-6352-1}
- chromium 149.0.7827.155-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12449 (Use after free in Chromoting in Google Chrome on Windows prior to 149. ...)
+ {DSA-6352-1}
- chromium 149.0.7827.155-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12448 (Inappropriate implementation in WebView in Google Chrome on Android pr ...)
+ {DSA-6352-1}
- chromium 149.0.7827.155-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12447 (Heap buffer overflow in WebRTC in Google Chrome prior to 149.0.7827.15 ...)
+ {DSA-6352-1}
- chromium 149.0.7827.155-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12446 (Inappropriate implementation in Passwords in Google Chrome prior to 14 ...)
+ {DSA-6352-1}
- chromium 149.0.7827.155-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12445 (Use after free in Extensions in Google Chrome prior to 149.0.7827.155 ...)
+ {DSA-6352-1}
- chromium 149.0.7827.155-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12444 (Out of bounds read in Chromoting in Google Chrome on Windows prior to ...)
+ {DSA-6352-1}
- chromium 149.0.7827.155-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12443 (Use after free in Web Authentication in Google Chrome prior to 149.0.7 ...)
+ {DSA-6352-1}
- chromium 149.0.7827.155-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12442 (Use after free in Passwords in Google Chrome on Android prior to 149.0 ...)
+ {DSA-6352-1}
- chromium 149.0.7827.155-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12441 (Use after free in File Input in Google Chrome on Linux prior to 149.0. ...)
+ {DSA-6352-1}
- chromium 149.0.7827.155-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12440 (Use after free in DigitalCredentials in Google Chrome on Windows prior ...)
+ {DSA-6352-1}
- chromium 149.0.7827.155-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12439 (Use after free in Digital Credentials in Google Chrome prior to 149.0. ...)
+ {DSA-6352-1}
- chromium 149.0.7827.155-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12438 (Inappropriate implementation in WebView in Google Chrome on Android pr ...)
+ {DSA-6352-1}
- chromium 149.0.7827.155-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12437 (Use after free in WebShare in Google Chrome on Windows prior to 149.0. ...)
+ {DSA-6352-1}
- chromium 149.0.7827.155-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12425 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
@@ -2087,19 +2258,19 @@ CVE-2026-12412
CVE-2026-12398 (A command injection vulnerability was found in galaxy_ng. The do_git_c ...)
NOT-FOR-US: Red Hat Ansible Automation Platform
CVE-2026-12330 (Incorrect boundary conditions in the Internationalization component. T ...)
- {DSA-6350-1}
+ {DSA-6351-1 DSA-6350-1}
- firefox-esr 140.12.0esr-1
- thunderbird 1:140.12.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12330
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12330
CVE-2026-12329 (Memory safety bug fixed in Thunderbird ESR 140.12. This vulnerability ...)
- {DSA-6350-1}
+ {DSA-6351-1 DSA-6350-1}
- firefox-esr 140.12.0esr-1
- thunderbird 1:140.12.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12329
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12329
CVE-2026-12328 (Memory safety bugs present in Firefox ESR 115.36, Firefox ESR 140.11, ...)
- {DSA-6350-1}
+ {DSA-6351-1 DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird 1:140.12.0esr-1
@@ -2107,7 +2278,7 @@ CVE-2026-12328 (Memory safety bugs present in Firefox ESR 115.36, Firefox ESR 14
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12328
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12328
CVE-2026-12327 (Memory safety bugs present in Firefox ESR 140.11, Thunderbird ESR 140. ...)
- {DSA-6350-1}
+ {DSA-6351-1 DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird 1:140.12.0esr-1
@@ -2118,7 +2289,7 @@ CVE-2026-12326 (Memory safety bugs present in Firefox 151 and Thunderbird 151. S
- firefox 152.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-57/#CVE-2026-12326
CVE-2026-12325 (Denial-of-service in the Graphics: ImageLib component. This vulnerabil ...)
- {DSA-6350-1}
+ {DSA-6351-1 DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird 1:140.12.0esr-1
@@ -2126,7 +2297,7 @@ CVE-2026-12325 (Denial-of-service in the Graphics: ImageLib component. This vuln
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12325
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12325
CVE-2026-12324 (Incorrect boundary conditions in the Graphics: CanvasWebGL component. ...)
- {DSA-6350-1}
+ {DSA-6351-1 DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird 1:140.12.0esr-1
@@ -2160,7 +2331,7 @@ CVE-2026-12316 (Mitigation bypass in the DOM: Security component. This vulnerabi
- firefox 152.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-57/#CVE-2026-12316
CVE-2026-12315 (Mitigation bypass in the DOM: Security component. This vulnerability w ...)
- {DSA-6350-1}
+ {DSA-6351-1 DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird 1:140.12.0esr-1
@@ -2168,7 +2339,7 @@ CVE-2026-12315 (Mitigation bypass in the DOM: Security component. This vulnerabi
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12315
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12315
CVE-2026-12314 (Memory safety bug fixed in Firefox 152. This vulnerability was fixed i ...)
- {DSA-6350-1}
+ {DSA-6351-1 DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird 1:140.12.0esr-1
@@ -2176,7 +2347,7 @@ CVE-2026-12314 (Memory safety bug fixed in Firefox 152. This vulnerability was f
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12314
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12314
CVE-2026-12313 (Information disclosure, sandbox escape in the Security: Process Sandbo ...)
- {DSA-6350-1}
+ {DSA-6351-1 DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird 1:140.12.0esr-1
@@ -2184,7 +2355,7 @@ CVE-2026-12313 (Information disclosure, sandbox escape in the Security: Process
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12313
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12313
CVE-2026-12312 (Memory safety bug fixed in Firefox 152. This vulnerability was fixed i ...)
- {DSA-6350-1}
+ {DSA-6351-1 DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird 1:140.12.0esr-1
@@ -2192,7 +2363,7 @@ CVE-2026-12312 (Memory safety bug fixed in Firefox 152. This vulnerability was f
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12312
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12312
CVE-2026-12311 (Information disclosure, sandbox escape in the Security: Process Sandbo ...)
- {DSA-6350-1}
+ {DSA-6351-1 DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird 1:140.12.0esr-1
@@ -2200,7 +2371,7 @@ CVE-2026-12311 (Information disclosure, sandbox escape in the Security: Process
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12311
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12311
CVE-2026-12310 (Memory safety bug fixed in Firefox 152. This vulnerability was fixed i ...)
- {DSA-6350-1}
+ {DSA-6351-1 DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird 1:140.12.0esr-1
@@ -2208,7 +2379,7 @@ CVE-2026-12310 (Memory safety bug fixed in Firefox 152. This vulnerability was f
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12310
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12310
CVE-2026-12309 (Memory safety bug fixed in Firefox 152. This vulnerability was fixed i ...)
- {DSA-6350-1}
+ {DSA-6351-1 DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird 1:140.12.0esr-1
@@ -2216,7 +2387,7 @@ CVE-2026-12309 (Memory safety bug fixed in Firefox 152. This vulnerability was f
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12309
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12309
CVE-2026-12308 (Memory safety bug fixed in Firefox 152. This vulnerability was fixed i ...)
- {DSA-6350-1}
+ {DSA-6351-1 DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird 1:140.12.0esr-1
@@ -2224,7 +2395,7 @@ CVE-2026-12308 (Memory safety bug fixed in Firefox 152. This vulnerability was f
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12308
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12308
CVE-2026-12307 (Memory safety bug fixed in Firefox 152. This vulnerability was fixed i ...)
- {DSA-6350-1}
+ {DSA-6351-1 DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird 1:140.12.0esr-1
@@ -2232,7 +2403,7 @@ CVE-2026-12307 (Memory safety bug fixed in Firefox 152. This vulnerability was f
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12307
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12307
CVE-2026-12306 (Memory safety bug fixed in Firefox 152. This vulnerability was fixed i ...)
- {DSA-6350-1}
+ {DSA-6351-1 DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird 1:140.12.0esr-1
@@ -2240,7 +2411,7 @@ CVE-2026-12306 (Memory safety bug fixed in Firefox 152. This vulnerability was f
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12306
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12306
CVE-2026-12305 (Memory safety bug fixed in Firefox 152. This vulnerability was fixed i ...)
- {DSA-6350-1}
+ {DSA-6351-1 DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird 1:140.12.0esr-1
@@ -2248,7 +2419,7 @@ CVE-2026-12305 (Memory safety bug fixed in Firefox 152. This vulnerability was f
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12305
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12305
CVE-2026-12304 (Same-origin policy bypass in the Networking: Cookies component. This v ...)
- {DSA-6350-1}
+ {DSA-6351-1 DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird 1:140.12.0esr-1
@@ -2259,7 +2430,7 @@ CVE-2026-12303 (Information disclosure due to incorrect boundary conditions in t
- firefox 152.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-57/#CVE-2026-12303
CVE-2026-12302 (Mitigation bypass in the DOM: Security component. This vulnerability w ...)
- {DSA-6350-1}
+ {DSA-6351-1 DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird 1:140.12.0esr-1
@@ -2273,7 +2444,7 @@ CVE-2026-12300 (Memory safety bug fixed in Firefox 152. This vulnerability was f
- firefox 152.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-57/#CVE-2026-12300
CVE-2026-12299 (JIT miscompilation in the DOM: Core & HTML component. This vulnerabili ...)
- {DSA-6350-1}
+ {DSA-6351-1 DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird 1:140.12.0esr-1
@@ -2281,7 +2452,7 @@ CVE-2026-12299 (JIT miscompilation in the DOM: Core & HTML component. This vulne
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12299
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12299
CVE-2026-12298 (Memory safety bug fixed in Firefox 152. This vulnerability was fixed i ...)
- {DSA-6350-1}
+ {DSA-6351-1 DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird 1:140.12.0esr-1
@@ -2289,7 +2460,7 @@ CVE-2026-12298 (Memory safety bug fixed in Firefox 152. This vulnerability was f
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12298
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12298
CVE-2026-12297 (Sandbox escape due to incorrect boundary conditions in the Networking ...)
- {DSA-6350-1}
+ {DSA-6351-1 DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird 1:140.12.0esr-1
@@ -2297,7 +2468,7 @@ CVE-2026-12297 (Sandbox escape due to incorrect boundary conditions in the Netwo
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12297
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12297
CVE-2026-12296 (Sandbox escape in the Security: Process Sandboxing component. This vul ...)
- {DSA-6350-1}
+ {DSA-6351-1 DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird 1:140.12.0esr-1
@@ -2305,7 +2476,7 @@ CVE-2026-12296 (Sandbox escape in the Security: Process Sandboxing component. Th
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12296
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12296
CVE-2026-12295 (Sandbox escape in the DOM: Navigation component. This vulnerability wa ...)
- {DSA-6350-1}
+ {DSA-6351-1 DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird 1:140.12.0esr-1
@@ -2313,7 +2484,7 @@ CVE-2026-12295 (Sandbox escape in the DOM: Navigation component. This vulnerabil
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12295
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12295
CVE-2026-12294 (Sandbox escape in the DOM: Workers component. This vulnerability was f ...)
- {DSA-6350-1}
+ {DSA-6351-1 DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird 1:140.12.0esr-1
@@ -2324,7 +2495,7 @@ CVE-2026-12293 (Use-after-free in the Graphics: WebGPU component. This vulnerabi
- firefox 152.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-57/#CVE-2026-12293
CVE-2026-12292 (Incorrect boundary conditions in the Web Audio component. This vulnera ...)
- {DSA-6350-1}
+ {DSA-6351-1 DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird 1:140.12.0esr-1
@@ -2332,7 +2503,7 @@ CVE-2026-12292 (Incorrect boundary conditions in the Web Audio component. This v
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12292
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12292
CVE-2026-12291 (Use-after-free in the Networking: HTTP component. This vulnerability w ...)
- {DSA-6350-1}
+ {DSA-6351-1 DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird 1:140.12.0esr-1
@@ -2340,7 +2511,7 @@ CVE-2026-12291 (Use-after-free in the Networking: HTTP component. This vulnerabi
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12291
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12291
CVE-2026-12290 (Memory safety bug fixed in Firefox 152. This vulnerability was fixed i ...)
- {DSA-6350-1}
+ {DSA-6351-1 DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird 1:140.12.0esr-1
@@ -2348,7 +2519,7 @@ CVE-2026-12290 (Memory safety bug fixed in Firefox 152. This vulnerability was f
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12290
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12290
CVE-2026-12289 (Privilege escalation in the Graphics: WebRender component. This vulner ...)
- {DSA-6350-1}
+ {DSA-6351-1 DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird 1:140.12.0esr-1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c5274492036d225902d0be29dafb3fdcc7e73b4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c5274492036d225902d0be29dafb3fdcc7e73b4
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260619/5ec74a10/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list