[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Mar 24 20:13:26 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6e8dd26d by security tracker role at 2026-03-24T20:13:08+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,208 +1,442 @@
-CVE-2026-4721
+CVE-2026-4775 (A flaw was found in the libtiff library. A remote attacker could explo ...)
+ TODO: check
+CVE-2026-4649 (Apache Artemis before version 2.52.0 is affected by an authentication ...)
+ TODO: check
+CVE-2026-33769 (Astro is a web framework. From version 2.10.10 to before version 5.18. ...)
+ TODO: check
+CVE-2026-33768 (Astro is a web framework. Prior to version 10.0.2, the @astrojs/vercel ...)
+ TODO: check
+CVE-2026-33700 (Vikunja is an open-source self-hosted task management platform. Prior ...)
+ TODO: check
+CVE-2026-33680 (Vikunja is an open-source self-hosted task management platform. Prior ...)
+ TODO: check
+CVE-2026-33679 (Vikunja is an open-source self-hosted task management platform. Prior ...)
+ TODO: check
+CVE-2026-33678 (Vikunja is an open-source self-hosted task management platform. Prior ...)
+ TODO: check
+CVE-2026-33677 (Vikunja is an open-source self-hosted task management platform. Prior ...)
+ TODO: check
+CVE-2026-33676 (Vikunja is an open-source self-hosted task management platform. Prior ...)
+ TODO: check
+CVE-2026-33675 (Vikunja is an open-source self-hosted task management platform. Prior ...)
+ TODO: check
+CVE-2026-33668 (Vikunja is an open-source self-hosted task management platform. Starti ...)
+ TODO: check
+CVE-2026-33627 (Parse Server is an open source backend that can be deployed to any inf ...)
+ TODO: check
+CVE-2026-33624 (Parse Server is an open source backend that can be deployed to any inf ...)
+ TODO: check
+CVE-2026-33554 (ipmi-oem in FreeIPMI before 1.16.17 has exploitable buffer overflows o ...)
+ TODO: check
+CVE-2026-33539 (Parse Server is an open source backend that can be deployed to any inf ...)
+ TODO: check
+CVE-2026-33538 (Parse Server is an open source backend that can be deployed to any inf ...)
+ TODO: check
+CVE-2026-33527 (Parse Server is an open source backend that can be deployed to any inf ...)
+ TODO: check
+CVE-2026-33511 (pyLoad is a free and open-source download manager written in Python. F ...)
+ TODO: check
+CVE-2026-33509 (pyLoad is a free and open-source download manager written in Python. F ...)
+ TODO: check
+CVE-2026-33508 (Parse Server is an open source backend that can be deployed to any inf ...)
+ TODO: check
+CVE-2026-33498 (Parse Server is an open source backend that can be deployed to any inf ...)
+ TODO: check
+CVE-2026-33497 (Langflow is a tool for building and deploying AI-powered agents and wo ...)
+ TODO: check
+CVE-2026-33484 (Langflow is a tool for building and deploying AI-powered agents and wo ...)
+ TODO: check
+CVE-2026-33475 (Langflow is a tool for building and deploying AI-powered agents and wo ...)
+ TODO: check
+CVE-2026-33474 (Vikunja is an open-source self-hosted task management platform. Starti ...)
+ TODO: check
+CVE-2026-33473 (Vikunja is an open-source self-hosted task management platform. Starti ...)
+ TODO: check
+CVE-2026-33429 (Parse Server is an open source backend that can be deployed to any inf ...)
+ TODO: check
+CVE-2026-33421 (Parse Server is an open source backend that can be deployed to any inf ...)
+ TODO: check
+CVE-2026-33419 (MinIO is a high-performance object storage system. Prior to RELEASE.20 ...)
+ TODO: check
+CVE-2026-33418 (DiceBear is an avatar library for designers and developers. Prior to v ...)
+ TODO: check
+CVE-2026-33417 (Wallos is an open-source, self-hostable personal subscription tracker. ...)
+ TODO: check
+CVE-2026-33409 (Parse Server is an open source backend that can be deployed to any inf ...)
+ TODO: check
+CVE-2026-33407 (Wallos is an open-source, self-hostable personal subscription tracker. ...)
+ TODO: check
+CVE-2026-33401 (Wallos is an open-source, self-hostable personal subscription tracker. ...)
+ TODO: check
+CVE-2026-33400 (Wallos is an open-source, self-hostable personal subscription tracker. ...)
+ TODO: check
+CVE-2026-33399 (Wallos is an open-source, self-hostable personal subscription tracker. ...)
+ TODO: check
+CVE-2026-33353 (Soft Serve is a self-hostable Git server for the command line. From ve ...)
+ TODO: check
+CVE-2026-33349 (fast-xml-parser allows users to process XML from JS object without C/C ...)
+ TODO: check
+CVE-2026-33345 (solidtime is an open-source time-tracking app. Prior to version 0.11.6 ...)
+ TODO: check
+CVE-2026-33344 (Dagu is a workflow engine with a built-in Web user interface. From ver ...)
+ TODO: check
+CVE-2026-33340 (LoLLMs WEBUI provides the Web user interface for Lord of Large Languag ...)
+ TODO: check
+CVE-2026-33336 (Vikunja is an open-source self-hosted task management platform. Starti ...)
+ TODO: check
+CVE-2026-33335 (Vikunja is an open-source self-hosted task management platform. Starti ...)
+ TODO: check
+CVE-2026-33334 (Vikunja is an open-source self-hosted task management platform. Starti ...)
+ TODO: check
+CVE-2026-33332 (NiceGUI is a Python-based UI framework. Prior to version 3.9.0, NiceGU ...)
+ TODO: check
+CVE-2026-33331 (oRPC is an tool that helps build APIs that are end-to-end type-safe an ...)
+ TODO: check
+CVE-2026-33330 (FileRise is a self-hosted web file manager / WebDAV server. Prior to v ...)
+ TODO: check
+CVE-2026-33329 (FileRise is a self-hosted web file manager / WebDAV server. From versi ...)
+ TODO: check
+CVE-2026-33326 (Keystone is a content management system for Node.js. Prior to version ...)
+ TODO: check
+CVE-2026-33323 (Parse Server is an open source backend that can be deployed to any inf ...)
+ TODO: check
+CVE-2026-33322 (MinIO is a high-performance object storage system. From RELEASE.2022-1 ...)
+ TODO: check
+CVE-2026-33316 (Vikunja is an open-source self-hosted task management platform. Prior ...)
+ TODO: check
+CVE-2026-33315 (Vikunja is an open-source self-hosted task management platform. Prior ...)
+ TODO: check
+CVE-2026-33314 (pyLoad is a free and open-source download manager written in Python. P ...)
+ TODO: check
+CVE-2026-33313 (Vikunja is an open-source self-hosted task management platform. Prior ...)
+ TODO: check
+CVE-2026-33311 (DiceBear is an avatar library for designers and developers. Starting i ...)
+ TODO: check
+CVE-2026-33310 (Intake is a package for finding, investigating, loading and disseminat ...)
+ TODO: check
+CVE-2026-33309 (Langflow is a tool for building and deploying AI-powered agents and wo ...)
+ TODO: check
+CVE-2026-33162 (Craft CMS is a content management system (CMS). From version 5.3.0 to ...)
+ TODO: check
+CVE-2026-33161 (Craft CMS is a content management system (CMS). From version 4.0.0-RC1 ...)
+ TODO: check
+CVE-2026-33160 (Craft CMS is a content management system (CMS). From version 4.0.0-RC1 ...)
+ TODO: check
+CVE-2026-33159 (Craft CMS is a content management system (CMS). From version 4.0.0-RC1 ...)
+ TODO: check
+CVE-2026-33158 (Craft CMS is a content management system (CMS). From version 4.0.0-RC1 ...)
+ TODO: check
+CVE-2026-33157 (Craft CMS is a content management system (CMS). From version 5.6.0 to ...)
+ TODO: check
+CVE-2026-32948 (sbt is a build tool for Scala, Java, and others. From version 0.9.5 to ...)
+ TODO: check
+CVE-2026-32854 (LibVNCServer versions 0.9.15 and prior (fixed incommit dc78dee) contai ...)
+ TODO: check
+CVE-2026-32853 (LibVNCServer versions 0.9.15 and prior (fixed incommit 009008e) contai ...)
+ TODO: check
+CVE-2026-32647 (NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_ ...)
+ TODO: check
+CVE-2026-30932 (Froxlor is open source server administration software. Prior to versio ...)
+ TODO: check
+CVE-2026-30662 (ConcreteCMS v9.4.7 contains a Denial of Service (DoS) vulnerability in ...)
+ TODO: check
+CVE-2026-30661 (iCMS v8.0.0 contains a Cross-Site Scripting (XSS) vulnerability in the ...)
+ TODO: check
+CVE-2026-30655 (SQL injection in Solicitante::resetaSenha() in esiclivre/esiclivre v0. ...)
+ TODO: check
+CVE-2026-30653 (An issue in Free5GC v.4.2.0 and before allows a remote attacker to cau ...)
+ TODO: check
+CVE-2026-2417 (A Missing Authentication for Critical Function vulnerability in Pharos ...)
+ TODO: check
+CVE-2026-29840 (JiZhiCMS v2.5.6 and before contains a Stored Cross-Site Scripting (XSS ...)
+ TODO: check
+CVE-2026-29839 (DedeCMS v5.7.118 was discovered to contain a Cross-Site Request Forger ...)
+ TODO: check
+CVE-2026-29772 (Astro is a web framework. Prior to version 10.0.0, Astro's Server Isla ...)
+ TODO: check
+CVE-2026-28755 (NGINX Plus and NGINX Open Source have a vulnerability in the ngx_strea ...)
+ TODO: check
+CVE-2026-28753 (NGINX Plus and NGINX Open Source have a vulnerability in the ngx_mail_ ...)
+ TODO: check
+CVE-2026-27784 (The 32-bit implementation of NGINX Open Source has a vulnerability in ...)
+ TODO: check
+CVE-2026-27654 (NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_ ...)
+ TODO: check
+CVE-2026-27651 (When the ngx_mail_auth_http_modulemodule is enabled on NGINX Plus or N ...)
+ TODO: check
+CVE-2026-26809
+ REJECTED
+CVE-2026-23924 (Zabbix Agent 2 Docker plugin does not properly sanitize the 'docker.co ...)
+ TODO: check
+CVE-2026-23923 (An unauthenticated attacker can exploit the Frontend 'validate' action ...)
+ TODO: check
+CVE-2026-23921 (A low privilege Zabbix user with API access can exploit a blind SQL in ...)
+ TODO: check
+CVE-2026-23920 (Host and event action script input is validated with a regex (set by t ...)
+ TODO: check
+CVE-2026-23919 (For performance reasons Zabbix Server/Proxy reuses JavaScript (Duktape ...)
+ TODO: check
+CVE-2026-22559 (An Improper Input Validation vulnerability in UniFi Network Server may ...)
+ TODO: check
+CVE-2026-21783 (HCL Traveler is affected by sensitive information disclosure. The appl ...)
+ TODO: check
+CVE-2026-1995 (IDrive\u2019s id_service.exe process runs with elevated privileges and ...)
+ TODO: check
+CVE-2025-71275 (Zimbra Collaboration Suite (ZCS) PostJournal service version 8.8.15 co ...)
+ TODO: check
+CVE-2025-64998 (Exposure of session signing secret in Checkmk <2.4.0p23, <2.3.0p45 and ...)
+ TODO: check
+CVE-2025-11571 (Vulnerable endpoints accept user-controlled input through a URL in JSO ...)
+ TODO: check
+CVE-2019-25647 (PhreeBooks ERP 5.2.3 contains a remote code execution vulnerability in ...)
+ TODO: check
+CVE-2019-25646 (Tabs Mail Carrier 2.5.1 contains a buffer overflow vulnerability in th ...)
+ TODO: check
+CVE-2019-25645 (WinAVI iPod/3GP/MP4/PSP Converter 4.4.2 contains a denial of service v ...)
+ TODO: check
+CVE-2019-25644 (WinMPG Video Convert 9.3.5 and older versions contain a buffer overflo ...)
+ TODO: check
+CVE-2019-25643 (eNdonesia Portal v8.7 contains multiple SQL injection vulnerabilities ...)
+ TODO: check
+CVE-2019-25642 (Bootstrapy CMS contains multiple SQL injection vulnerabilities that al ...)
+ TODO: check
+CVE-2019-25641 (Netartmedia Vlog System contains an SQL injection vulnerability that a ...)
+ TODO: check
+CVE-2019-25640 (Inout Article Base CMS contains SQL injection vulnerabilities that all ...)
+ TODO: check
+CVE-2019-25639 (Matrimony Website Script M-Plus contains multiple SQL injection vulner ...)
+ TODO: check
+CVE-2019-25638 (Meeplace Business Review Script contains an SQL injection vulnerabilit ...)
+ TODO: check
+CVE-2019-25637 (X-NetStat Pro 5.63 contains a local buffer overflow vulnerability that ...)
+ TODO: check
+CVE-2019-25636 (Zeeways Jobsite CMS contains an SQL injection vulnerability that allow ...)
+ TODO: check
+CVE-2019-25635 (Zeeways Matrimony CMS contains multiple SQL injection vulnerabilities ...)
+ TODO: check
+CVE-2019-25634 (Base64 Decoder 1.1.2 contains a stack-based buffer overflow vulnerabil ...)
+ TODO: check
+CVE-2019-25633 (AIDA64 Extreme 5.99.4900 contains a structured exception handling buff ...)
+ TODO: check
+CVE-2019-25632 (phpFileManager 1.7.8 contains a local file inclusion vulnerability tha ...)
+ TODO: check
+CVE-2019-25631 (AIDA64 Business 5.99.4900 contains a structured exception handling buf ...)
+ TODO: check
+CVE-2019-25630 (PhreeBooks ERP 5.2.3 contains an arbitrary file upload vulnerability i ...)
+ TODO: check
+CVE-2019-25629 (AIDA64 Extreme 5.99.4900 contains a structured exception handler buffe ...)
+ TODO: check
+CVE-2019-25628 (Download Accelerator Plus DAP 10.0.6.0 contains a structured exception ...)
+ TODO: check
+CVE-2019-25627 (FlexHEX 2.71 contains a local buffer overflow vulnerability in the Str ...)
+ TODO: check
+CVE-2019-25626 (River Past Cam Do 3.7.6 contains a local buffer overflow vulnerability ...)
+ TODO: check
+CVE-2026-4721 (Memory safety bugs present in Firefox ESR 115.33, Firefox ESR 140.8, T ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4721
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4721
-CVE-2026-4729
+CVE-2026-4729 (Memory safety bugs present in Firefox 148 and Thunderbird 148. Some of ...)
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4729
-CVE-2026-4720
+CVE-2026-4720 (Memory safety bugs present in Firefox ESR 140.8, Thunderbird ESR 140.8 ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4720
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4720
-CVE-2026-4719
+CVE-2026-4719 (Incorrect boundary conditions in the Graphics: Text component. This vu ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4719
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4719
-CVE-2026-4718
+CVE-2026-4718 (Undefined behavior in the WebRTC: Signaling component. This vulnerabil ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4718
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4718
-CVE-2026-4728
+CVE-2026-4728 (Spoofing issue in the Privacy: Anti-Tracking component. This vulnerabi ...)
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4728
-CVE-2026-4727
+CVE-2026-4727 (Denial-of-service in the Libraries component in NSS. This vulnerabilit ...)
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4727
-CVE-2026-4726
+CVE-2026-4726 (Denial-of-service in the XML component. This vulnerability affects Fir ...)
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4726
-CVE-2026-4717
+CVE-2026-4717 (Privilege escalation in the Netmonitor component. This vulnerability a ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4717
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4717
-CVE-2026-4716
+CVE-2026-4716 (Incorrect boundary conditions, uninitialized memory in the JavaScript ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4716
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4716
-CVE-2026-4715
+CVE-2026-4715 (Uninitialized memory in the Graphics: Canvas2D component. This vulnera ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4715
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4715
-CVE-2026-4714
+CVE-2026-4714 (Incorrect boundary conditions in the Audio/Video component. This vulne ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4714
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4714
-CVE-2026-4713
+CVE-2026-4713 (Incorrect boundary conditions in the Graphics component. This vulnerab ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4713
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4713
-CVE-2026-4712
+CVE-2026-4712 (Information disclosure in the Widget: Cocoa component. This vulnerabil ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4712
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4712
-CVE-2026-4725
+CVE-2026-4725 (Sandbox escape due to use-after-free in the Graphics: Canvas2D compone ...)
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4725
-CVE-2026-4711
+CVE-2026-4711 (Use-after-free in the Widget: Cocoa component. This vulnerability affe ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4711
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4711
-CVE-2026-4710
+CVE-2026-4710 (Incorrect boundary conditions in the Audio/Video component. This vulne ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4710
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4710
-CVE-2026-4709
+CVE-2026-4709 (Incorrect boundary conditions in the Audio/Video: GMP component. This ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4709
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4709
-CVE-2026-4708
+CVE-2026-4708 (Incorrect boundary conditions in the Graphics component. This vulnerab ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4708
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4708
-CVE-2026-4707
+CVE-2026-4707 (Incorrect boundary conditions in the Graphics: Canvas2D component. Thi ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4707
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4707
-CVE-2026-4706
+CVE-2026-4706 (Incorrect boundary conditions in the Graphics: Canvas2D component. Thi ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4706
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4706
-CVE-2026-4705
+CVE-2026-4705 (Undefined behavior in the WebRTC: Signaling component. This vulnerabil ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4705
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4705
-CVE-2026-4704
+CVE-2026-4704 (Denial-of-service in the WebRTC: Signaling component. This vulnerabili ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4704
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4704
-CVE-2026-4724
+CVE-2026-4724 (Undefined behavior in the Audio/Video component. This vulnerability af ...)
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4724
-CVE-2026-4723
+CVE-2026-4723 (Use-after-free in the JavaScript Engine component. This vulnerability ...)
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4723
-CVE-2026-4702
+CVE-2026-4702 (JIT miscompilation in the JavaScript Engine component. This vulnerabil ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4702
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4702
-CVE-2026-4722
+CVE-2026-4722 (Privilege escalation in the IPC component. This vulnerability affects ...)
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4722
-CVE-2026-4701
+CVE-2026-4701 (Use-after-free in the JavaScript Engine component. This vulnerability ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4701
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4701
-CVE-2026-4700
+CVE-2026-4700 (Mitigation bypass in the Networking: HTTP component. This vulnerabilit ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4700
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4700
-CVE-2026-4699
+CVE-2026-4699 (Incorrect boundary conditions in the Layout: Text and Fonts component. ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4699
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4699
-CVE-2026-4698
+CVE-2026-4698 (JIT miscompilation in the JavaScript Engine: JIT component. This vulne ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4698
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4698
-CVE-2026-4697
+CVE-2026-4697 (Incorrect boundary conditions in the Audio/Video: Web Codecs component ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4697
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4697
-CVE-2026-4696
+CVE-2026-4696 (Use-after-free in the Layout: Text and Fonts component. This vulnerabi ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4696
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4696
-CVE-2026-4695
+CVE-2026-4695 (Incorrect boundary conditions in the Audio/Video: Web Codecs component ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4695
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4695
-CVE-2026-4694
+CVE-2026-4694 (Incorrect boundary conditions, integer overflow in the Graphics compon ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4694
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4694
-CVE-2026-4693
+CVE-2026-4693 (Incorrect boundary conditions in the Audio/Video: Playback component. ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4693
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4693
-CVE-2026-4692
+CVE-2026-4692 (Sandbox escape in the Responsive Design Mode component. This vulnerabi ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4692
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4692
-CVE-2026-4691
+CVE-2026-4691 (Use-after-free in the CSS Parsing and Computation component. This vuln ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4691
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4691
-CVE-2026-4690
+CVE-2026-4690 (Sandbox escape due to incorrect boundary conditions, integer overflow ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4690
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4690
-CVE-2026-4689
+CVE-2026-4689 (Sandbox escape due to incorrect boundary conditions, integer overflow ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4689
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4689
-CVE-2026-4688
+CVE-2026-4688 (Sandbox escape due to use-after-free in the Disability Access APIs com ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4688
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4688
-CVE-2026-4687
+CVE-2026-4687 (Sandbox escape due to incorrect boundary conditions in the Telemetry c ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4687
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4687
-CVE-2026-4686
+CVE-2026-4686 (Incorrect boundary conditions in the Graphics: Canvas2D component. Thi ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4686
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4686
-CVE-2026-4685
+CVE-2026-4685 (Incorrect boundary conditions in the Graphics: Canvas2D component. Thi ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4685
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4685
-CVE-2026-4684
+CVE-2026-4684 (Race condition, use-after-free in the Graphics: WebRender component. T ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4684
@@ -728,7 +962,7 @@ CVE-2019-25621 (Pixel Studio 2.17 contains a denial of service vulnerability tha
TODO: check
CVE-2019-25620 (Tree Studio 2.17 contains a denial of service vulnerability that allow ...)
TODO: check
-CVE-2026-33347
+CVE-2026-33347 (league/commonmark is a PHP Markdown parser. From version 2.3.0 to befo ...)
- php-league-commonmark 2.8.2-1
NOTE: https://github.com/thephpleague/commonmark/security/advisories/GHSA-hh8v-hgvp-g3f5
NOTE: Fixed by: https://github.com/thephpleague/commonmark/commit/59fb075d2101740c337c7216e3f32b36c204218b (2.8.2)
@@ -2255,7 +2489,7 @@ CVE-2026-22731 (Spring Boot applications with Actuator can be vulnerable to an "
NOT-FOR-US: VMware
CVE-2026-21992 (Vulnerability in the Oracle Identity Manager product of Oracle Fusion ...)
NOT-FOR-US: Oracle
-CVE-2026-33412 [Command injection via newline in glob()]
+CVE-2026-33412 (Vim is an open source, command line text editor. Prior to version 9.2. ...)
- vim 2:9.2.0218-1 (bug #1131450)
NOTE: https://github.com/vim/vim/security/advisories/GHSA-w5jw-f54h-x46c
NOTE: https://github.com/vim/vim/pull/19746
@@ -6578,7 +6812,7 @@ CVE-2026-23672 (Windows Universal Disk Format File System Driver (UDFS) Elevatio
NOT-FOR-US: Microsoft
CVE-2026-23671 (Concurrent execution using shared resource with improper synchronizati ...)
NOT-FOR-US: Microsoft
-CVE-2026-23669 (Use after free in Windows Print Spooler Components allows an authorize ...)
+CVE-2026-23669 (Use after free in RPC Runtime allows an authorized attacker to execute ...)
NOT-FOR-US: Microsoft
CVE-2026-23668 (Concurrent execution using shared resource with improper synchronizati ...)
NOT-FOR-US: Microsoft
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6e8dd26d28e4aa2a769a2cc55ec802012aa1ac18
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6e8dd26d28e4aa2a769a2cc55ec802012aa1ac18
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260324/fb6449ee/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list