[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Mar 26 08:13:13 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5ab4cc6c by security tracker role at 2026-03-26T08:13:06+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,209 @@
+CVE-2026-4874 (A flaw was found in Keycloak. An authenticated attacker can perform Se ...)
+ TODO: check
+CVE-2026-4850 (A security flaw has been discovered in code-projects Simple Laundry Sy ...)
+ TODO: check
+CVE-2026-4849 (A vulnerability was identified in code-projects Simple Laundry System ...)
+ TODO: check
+CVE-2026-4848 (A vulnerability was determined in dameng100 muucmf 1.9.5.20260309. Thi ...)
+ TODO: check
+CVE-2026-4847 (A vulnerability was found in dameng100 muucmf 1.9.5.20260309. The impa ...)
+ TODO: check
+CVE-2026-4846 (A vulnerability has been found in dameng100 muucmf 1.9.5.20260309. The ...)
+ TODO: check
+CVE-2026-4845 (A flaw has been found in dameng100 muucmf 1.9.5.20260309. Impacted is ...)
+ TODO: check
+CVE-2026-4844 (A vulnerability was detected in code-projects Online Food Ordering Sys ...)
+ TODO: check
+CVE-2026-4842 (A security vulnerability has been detected in itsourcecode Online Enro ...)
+ TODO: check
+CVE-2026-4841 (A weakness has been identified in code-projects Online Food Ordering S ...)
+ TODO: check
+CVE-2026-4840 (A security flaw has been discovered in Netcore Power 15AX up to 3.0.0. ...)
+ TODO: check
+CVE-2026-4839 (A vulnerability has been found in SourceCodester Food Ordering System ...)
+ TODO: check
+CVE-2026-4838 (A flaw has been found in SourceCodester Malawi Online Market 1.0. The ...)
+ TODO: check
+CVE-2026-4836 (A vulnerability was detected in code-projects Accounting System 1.0. T ...)
+ TODO: check
+CVE-2026-4835 (A security vulnerability has been detected in code-projects Accounting ...)
+ TODO: check
+CVE-2026-4833 (A weakness has been identified in Orc discount up to 3.0.1.2. This iss ...)
+ TODO: check
+CVE-2026-4831 (A security flaw has been discovered in kalcaddle kodbox 1.64. Impacted ...)
+ TODO: check
+CVE-2026-4830 (A vulnerability was identified in kalcaddle kodbox 1.64. This issue af ...)
+ TODO: check
+CVE-2026-4826 (A vulnerability was determined in SourceCodester Sales and Inventory S ...)
+ TODO: check
+CVE-2026-4825 (A vulnerability was found in SourceCodester Sales and Inventory System ...)
+ TODO: check
+CVE-2026-4824 (A vulnerability has been found in Enter Software Iperius Backup up to ...)
+ TODO: check
+CVE-2026-4823 (A flaw has been found in Enter Software Iperius Backup up to 8.7.3. Af ...)
+ TODO: check
+CVE-2026-4822 (A vulnerability was detected in Enter Software Iperius Backup bis 8.7. ...)
+ TODO: check
+CVE-2026-4758 (The WP Job Portal plugin for WordPress is vulnerable to arbitrary file ...)
+ TODO: check
+CVE-2026-4747 (Each RPCSEC_GSS data packet is validated by a routine which checks a s ...)
+ TODO: check
+CVE-2026-4652 (On a system exposing an NVMe/TCP target, a remote client can trigger a ...)
+ TODO: check
+CVE-2026-4484 (The Masteriyo LMS plugin for WordPress is vulnerable to Privilege Esca ...)
+ TODO: check
+CVE-2026-4389 (The DSGVO snippet for Leaflet Map and its Extensions plugin for WordPr ...)
+ TODO: check
+CVE-2026-4335 (The ShortPixel Image Optimizer plugin for WordPress is vulnerable to S ...)
+ TODO: check
+CVE-2026-4331 (The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPre ...)
+ TODO: check
+CVE-2026-4329 (The Blackhole for Bad Bots plugin for WordPress is vulnerable to Store ...)
+ TODO: check
+CVE-2026-4281 (The FormLift for Infusionsoft Web Forms plugin for WordPress is vulner ...)
+ TODO: check
+CVE-2026-4278 (The Simple Download Counter plugin for WordPress is vulnerable to Stor ...)
+ TODO: check
+CVE-2026-4247 (When a challenge ACK is to be sent tcp_respond() constructs and sends ...)
+ TODO: check
+CVE-2026-4075 (The BWL Advanced FAQ Manager Lite plugin for WordPress is vulnerable t ...)
+ TODO: check
+CVE-2026-3328 (The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2026-34056 (OpenEMR is a free and open source electronic health records and medica ...)
+ TODO: check
+CVE-2026-34055 (OpenEMR is a free and open source electronic health records and medica ...)
+ TODO: check
+CVE-2026-34053 (OpenEMR is a free and open source electronic health records and medica ...)
+ TODO: check
+CVE-2026-34051 (OpenEMR is a free and open source electronic health records and medica ...)
+ TODO: check
+CVE-2026-33942 (Saloon is a PHP library that gives users tools to build API integratio ...)
+ TODO: check
+CVE-2026-33934 (OpenEMR is a free and open source electronic health records and medica ...)
+ TODO: check
+CVE-2026-33933 (OpenEMR is a free and open source electronic health records and medica ...)
+ TODO: check
+CVE-2026-33932 (OpenEMR is a free and open source electronic health records and medica ...)
+ TODO: check
+CVE-2026-33931 (OpenEMR is a free and open source electronic health records and medica ...)
+ TODO: check
+CVE-2026-33918 (OpenEMR is a free and open source electronic health records and medica ...)
+ TODO: check
+CVE-2026-33917 (OpenEMR is a free and open source electronic health records and medica ...)
+ TODO: check
+CVE-2026-33915 (OpenEMR is a free and open source electronic health records and medica ...)
+ TODO: check
+CVE-2026-33914 (OpenEMR is a free and open source electronic health records and medica ...)
+ TODO: check
+CVE-2026-33913 (OpenEMR is a free and open source electronic health records and medica ...)
+ TODO: check
+CVE-2026-33912 (OpenEMR is a free and open source electronic health records and medica ...)
+ TODO: check
+CVE-2026-33911 (OpenEMR is a free and open source electronic health records and medica ...)
+ TODO: check
+CVE-2026-33910 (OpenEMR is a free and open source electronic health records and medica ...)
+ TODO: check
+CVE-2026-33909 (OpenEMR is a free and open source electronic health records and medica ...)
+ TODO: check
+CVE-2026-33348 (OpenEMR is a free and open source electronic health records and medica ...)
+ TODO: check
+CVE-2026-33287 (LiquidJS is a Shopify / GitHub Pages compatible template engine in pur ...)
+ TODO: check
+CVE-2026-33285 (LiquidJS is a Shopify / GitHub Pages compatible template engine in pur ...)
+ TODO: check
+CVE-2026-33249 (NATS-Server is a High-Performance server for NATS.io, a cloud and edge ...)
+ TODO: check
+CVE-2026-33248 (NATS-Server is a High-Performance server for NATS.io, a cloud and edge ...)
+ TODO: check
+CVE-2026-33223 (NATS-Server is a High-Performance server for NATS.io, a cloud and edge ...)
+ TODO: check
+CVE-2026-33222 (NATS-Server is a High-Performance server for NATS.io, a cloud and edge ...)
+ TODO: check
+CVE-2026-33201 (Digital Photo Frame GH-WDF10A provided by GREEN HOUSE CO., LTD. contai ...)
+ TODO: check
+CVE-2026-33183 (Saloon is a PHP library that gives users tools to build API integratio ...)
+ TODO: check
+CVE-2026-33182 (Saloon is a PHP library that gives users tools to build API integratio ...)
+ TODO: check
+CVE-2026-32680 (The installer of RATOC RAID Monitoring Manager for Windows allows to c ...)
+ TODO: check
+CVE-2026-32120 (OpenEMR is a free and open source electronic health records and medica ...)
+ TODO: check
+CVE-2026-30976 (Sonarr is a PVR for Usenet and BitTorrent users. In versions on the 4. ...)
+ TODO: check
+CVE-2026-30975 (Sonarr is a PVR for Usenet and BitTorrent users. Versions prior to 4.0 ...)
+ TODO: check
+CVE-2026-30892 (crun is an open source OCI Container Runtime fully written in C. In ve ...)
+ TODO: check
+CVE-2026-2931 (The Amelia Booking plugin for WordPress is vulnerable to Insecure Dire ...)
+ TODO: check
+CVE-2026-2485 (IBM Infosphere Information Server11.7.0.0 through11.7.1.6 is vulnerabl ...)
+ TODO: check
+CVE-2026-2484 (IBM InfoSphere Information Server11.7.0.0 through11.7.1.6is affected b ...)
+ TODO: check
+CVE-2026-2483 (IBM InfoSphere Information Server11.7.0.0 through11.7.1.6is vulnerable ...)
+ TODO: check
+CVE-2026-29187 (OpenEMR is a free and open source electronic health records and medica ...)
+ TODO: check
+CVE-2026-28760 (The installer of RATOC RAID Monitoring Manager for Windows searches th ...)
+ TODO: check
+CVE-2026-1986 (The FloristPress for Woo \u2013 Customize your eCommerce store for you ...)
+ TODO: check
+CVE-2026-1890 (The LeadConnector WordPress plugin before 3.0.22 does not have authori ...)
+ TODO: check
+CVE-2026-1561 (IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 I ...)
+ TODO: check
+CVE-2026-1430 (The WP Lightbox 2 WordPress plugin before 3.0.7 does not sanitise and ...)
+ TODO: check
+CVE-2026-1262 (IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affecte ...)
+ TODO: check
+CVE-2026-1206 (The Elementor Website Builder plugin for WordPress is vulnerable to In ...)
+ TODO: check
+CVE-2026-1015 (IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnera ...)
+ TODO: check
+CVE-2026-1014 (IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnera ...)
+ TODO: check
+CVE-2025-64648 (IBM Concert 1.0.0 through 2.2.0 transmits data in clear text that coul ...)
+ TODO: check
+CVE-2025-64647 (IBM Concert 1.0.0 through 2.2.0 uses weaker than expected cryptographi ...)
+ TODO: check
+CVE-2025-64646 (IBM Concert 1.0.0 through 2.2.0 could allow an attacker to access sens ...)
+ TODO: check
+CVE-2025-36440 (IBM Concert 1.0.0 through 2.2.0 could allow a local user to obtain sen ...)
+ TODO: check
+CVE-2025-36438 (IBM Concert 1.0.0 through 2.2.0 could allow a privileged user to perfo ...)
+ TODO: check
+CVE-2025-36422 (IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 IBM InfoSp ...)
+ TODO: check
+CVE-2025-36258 (IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 product st ...)
+ TODO: check
+CVE-2025-36187 (IBM Knowledge Catalog Standard Cartridge 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5 ...)
+ TODO: check
+CVE-2025-2535
+ REJECTED
+CVE-2025-15488 (The Responsive Plus WordPress plugin before 3.4.3 is vulnerable to ar ...)
+ TODO: check
+CVE-2025-15433 (The Shared Files WordPress plugin before 1.7.58 allows users with a r ...)
+ TODO: check
+CVE-2025-15101 (A Cross-Site Request Forgery (CSRF) vulnerability has been identified ...)
+ TODO: check
+CVE-2025-14974 (IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnera ...)
+ TODO: check
+CVE-2025-14917 (IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 I ...)
+ TODO: check
+CVE-2025-14915 (IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 I ...)
+ TODO: check
+CVE-2025-14912 (IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnera ...)
+ TODO: check
+CVE-2025-14810 (IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 does not i ...)
+ TODO: check
+CVE-2025-14808 (IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allo ...)
+ TODO: check
+CVE-2025-14807 (IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnera ...)
+ TODO: check
+CVE-2025-14684 (IBM Maximo Application Suite - Monitor Component 9.1, 9.0, 8.11, and 8 ...)
+ TODO: check
CVE-2026-33952 [DoS via WINPR_ASSERT in rts_read_auth_verifier_no_checks]
- freerdp3 3.24.2+dfsg-1
- freerdp2 <removed>
@@ -34,7 +240,7 @@ CVE-2026-33982 [Persistent Cache Allocator Mismatch - Heap OOB Read]
- freerdp3 3.24.2+dfsg-1
- freerdp2 <removed>
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8jm9-2925-g4v2
-CVE-2014-125112
+CVE-2014-125112 (Plack::Middleware::Session::Cookie versions through 0.21 for Perl allo ...)
- libplack-middleware-session-perl 0.24-1
NOTE: https://gist.github.com/miyagawa/2b8764af908a0dacd43d
NOTE: https://lists.security.metacpan.org/cve-announce/msg/38287006/
@@ -343,7 +549,7 @@ CVE-2026-26830 (pdf-image (npm package) through version 2.0.0 allows OS command
TODO: check
CVE-2026-26233 (Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2 ...)
TODO: check
-CVE-2026-25645 (Requests is a HTTP library. Prior to version 2.33.0, the function `req ...)
+CVE-2026-25645 (Requests is a HTTP library. Prior to version 2.33.0, the `requests.uti ...)
TODO: check
CVE-2026-25469 (Missing Authorization vulnerability in ViaBill for WooCommerce ViaBill ...)
NOT-FOR-US: WordPress plugin or theme
@@ -748,15 +954,15 @@ CVE-2026-3591 (A use-after-return vulnerability exists in the `named` server whe
CVE-2026-3608 (Sending a maliciously crafted message to the kea-ctrl-agent, kea-dhcp- ...)
- isc-kea 3.0.3-1
NOTE: https://kb.isc.org/docs/cve-2026-3608
-CVE-2026-33515
+CVE-2026-33515 (Squid is a caching proxy for the Web. Prior to version 7.5, due to imp ...)
- squid <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2026/03/25/4
NOTE: Fxied by: https://github.com/squid-cache/squid/commit/8138e909d2058d4401e0ad49b583afaec912b165 (SQUID_7_5)
-CVE-2026-32748
+CVE-2026-32748 (Squid is a caching proxy for the Web. Prior to version 7.5, due to pre ...)
- squid <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2026/03/25/3
NOTE: Fixed by: https://github.com/squid-cache/squid/commit/703e07d25ca6fa11f52d20bf0bb879e22ab7481b (SQUID_7_5)
-CVE-2026-33526
+CVE-2026-33526 (Squid is a caching proxy for the Web. Prior to version 7.5, due to hea ...)
- squid <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2026/03/25/2
NOTE: Fixed by: https://github.com/squid-cache/squid/commit/8a7d42f9d44befb8fcbbb619505587c8de6a1e91 (SQUID_7_5)
@@ -1791,6 +1997,7 @@ CVE-2019-25627 (FlexHEX 2.71 contains a local buffer overflow vulnerability in t
CVE-2019-25626 (River Past Cam Do 3.7.6 contains a local buffer overflow vulnerability ...)
TODO: check
CVE-2026-4721 (Memory safety bugs present in Firefox ESR 115.33, Firefox ESR 140.8, T ...)
+ {DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -1801,6 +2008,7 @@ CVE-2026-4729 (Memory safety bugs present in Firefox 148 and Thunderbird 148. So
- firefox 149.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4729
CVE-2026-4720 (Memory safety bugs present in Firefox ESR 140.8, Thunderbird ESR 140.8 ...)
+ {DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -1808,6 +2016,7 @@ CVE-2026-4720 (Memory safety bugs present in Firefox ESR 140.8, Thunderbird ESR
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4720
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4720
CVE-2026-4719 (Incorrect boundary conditions in the Graphics: Text component. This vu ...)
+ {DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -1815,6 +2024,7 @@ CVE-2026-4719 (Incorrect boundary conditions in the Graphics: Text component. Th
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4719
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4719
CVE-2026-4718 (Undefined behavior in the WebRTC: Signaling component. This vulnerabil ...)
+ {DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -1831,6 +2041,7 @@ CVE-2026-4726 (Denial-of-service in the XML component. This vulnerability affect
- firefox 149.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4726
CVE-2026-4717 (Privilege escalation in the Netmonitor component. This vulnerability a ...)
+ {DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -1838,6 +2049,7 @@ CVE-2026-4717 (Privilege escalation in the Netmonitor component. This vulnerabil
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4717
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4717
CVE-2026-4716 (Incorrect boundary conditions, uninitialized memory in the JavaScript ...)
+ {DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -1845,6 +2057,7 @@ CVE-2026-4716 (Incorrect boundary conditions, uninitialized memory in the JavaSc
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4716
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4716
CVE-2026-4715 (Uninitialized memory in the Graphics: Canvas2D component. This vulnera ...)
+ {DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -1852,6 +2065,7 @@ CVE-2026-4715 (Uninitialized memory in the Graphics: Canvas2D component. This vu
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4715
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4715
CVE-2026-4714 (Incorrect boundary conditions in the Audio/Video component. This vulne ...)
+ {DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -1859,6 +2073,7 @@ CVE-2026-4714 (Incorrect boundary conditions in the Audio/Video component. This
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4714
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4714
CVE-2026-4713 (Incorrect boundary conditions in the Graphics component. This vulnerab ...)
+ {DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -1883,6 +2098,7 @@ CVE-2026-4711 (Use-after-free in the Widget: Cocoa component. This vulnerability
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4711
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4711
CVE-2026-4710 (Incorrect boundary conditions in the Audio/Video component. This vulne ...)
+ {DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -1890,6 +2106,7 @@ CVE-2026-4710 (Incorrect boundary conditions in the Audio/Video component. This
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4710
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4710
CVE-2026-4709 (Incorrect boundary conditions in the Audio/Video: GMP component. This ...)
+ {DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -1897,6 +2114,7 @@ CVE-2026-4709 (Incorrect boundary conditions in the Audio/Video: GMP component.
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4709
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4709
CVE-2026-4708 (Incorrect boundary conditions in the Graphics component. This vulnerab ...)
+ {DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -1904,6 +2122,7 @@ CVE-2026-4708 (Incorrect boundary conditions in the Graphics component. This vul
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4708
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4708
CVE-2026-4707 (Incorrect boundary conditions in the Graphics: Canvas2D component. Thi ...)
+ {DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -1911,6 +2130,7 @@ CVE-2026-4707 (Incorrect boundary conditions in the Graphics: Canvas2D component
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4707
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4707
CVE-2026-4706 (Incorrect boundary conditions in the Graphics: Canvas2D component. Thi ...)
+ {DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -1918,6 +2138,7 @@ CVE-2026-4706 (Incorrect boundary conditions in the Graphics: Canvas2D component
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4706
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4706
CVE-2026-4705 (Undefined behavior in the WebRTC: Signaling component. This vulnerabil ...)
+ {DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -1925,6 +2146,7 @@ CVE-2026-4705 (Undefined behavior in the WebRTC: Signaling component. This vulne
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4705
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4705
CVE-2026-4704 (Denial-of-service in the WebRTC: Signaling component. This vulnerabili ...)
+ {DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -1938,6 +2160,7 @@ CVE-2026-4723 (Use-after-free in the JavaScript Engine component. This vulnerabi
- firefox 149.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4723
CVE-2026-4702 (JIT miscompilation in the JavaScript Engine component. This vulnerabil ...)
+ {DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -1948,6 +2171,7 @@ CVE-2026-4722 (Privilege escalation in the IPC component. This vulnerability aff
- firefox 149.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4722
CVE-2026-4701 (Use-after-free in the JavaScript Engine component. This vulnerability ...)
+ {DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -1955,6 +2179,7 @@ CVE-2026-4701 (Use-after-free in the JavaScript Engine component. This vulnerabi
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4701
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4701
CVE-2026-4700 (Mitigation bypass in the Networking: HTTP component. This vulnerabilit ...)
+ {DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -1962,6 +2187,7 @@ CVE-2026-4700 (Mitigation bypass in the Networking: HTTP component. This vulnera
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4700
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4700
CVE-2026-4699 (Incorrect boundary conditions in the Layout: Text and Fonts component. ...)
+ {DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -1969,6 +2195,7 @@ CVE-2026-4699 (Incorrect boundary conditions in the Layout: Text and Fonts compo
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4699
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4699
CVE-2026-4698 (JIT miscompilation in the JavaScript Engine: JIT component. This vulne ...)
+ {DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -1976,6 +2203,7 @@ CVE-2026-4698 (JIT miscompilation in the JavaScript Engine: JIT component. This
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4698
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4698
CVE-2026-4697 (Incorrect boundary conditions in the Audio/Video: Web Codecs component ...)
+ {DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -1983,6 +2211,7 @@ CVE-2026-4697 (Incorrect boundary conditions in the Audio/Video: Web Codecs comp
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4697
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4697
CVE-2026-4696 (Use-after-free in the Layout: Text and Fonts component. This vulnerabi ...)
+ {DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -1990,6 +2219,7 @@ CVE-2026-4696 (Use-after-free in the Layout: Text and Fonts component. This vuln
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4696
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4696
CVE-2026-4695 (Incorrect boundary conditions in the Audio/Video: Web Codecs component ...)
+ {DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -1997,6 +2227,7 @@ CVE-2026-4695 (Incorrect boundary conditions in the Audio/Video: Web Codecs comp
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4695
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4695
CVE-2026-4694 (Incorrect boundary conditions, integer overflow in the Graphics compon ...)
+ {DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2004,6 +2235,7 @@ CVE-2026-4694 (Incorrect boundary conditions, integer overflow in the Graphics c
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4694
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4694
CVE-2026-4693 (Incorrect boundary conditions in the Audio/Video: Playback component. ...)
+ {DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2011,6 +2243,7 @@ CVE-2026-4693 (Incorrect boundary conditions in the Audio/Video: Playback compon
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4693
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4693
CVE-2026-4692 (Sandbox escape in the Responsive Design Mode component. This vulnerabi ...)
+ {DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2018,6 +2251,7 @@ CVE-2026-4692 (Sandbox escape in the Responsive Design Mode component. This vuln
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4692
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4692
CVE-2026-4691 (Use-after-free in the CSS Parsing and Computation component. This vuln ...)
+ {DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2025,6 +2259,7 @@ CVE-2026-4691 (Use-after-free in the CSS Parsing and Computation component. This
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4691
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4691
CVE-2026-4690 (Sandbox escape due to incorrect boundary conditions, integer overflow ...)
+ {DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2032,6 +2267,7 @@ CVE-2026-4690 (Sandbox escape due to incorrect boundary conditions, integer over
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4690
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4690
CVE-2026-4689 (Sandbox escape due to incorrect boundary conditions, integer overflow ...)
+ {DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2039,6 +2275,7 @@ CVE-2026-4689 (Sandbox escape due to incorrect boundary conditions, integer over
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4689
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4689
CVE-2026-4688 (Sandbox escape due to use-after-free in the Disability Access APIs com ...)
+ {DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2046,6 +2283,7 @@ CVE-2026-4688 (Sandbox escape due to use-after-free in the Disability Access API
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4688
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4688
CVE-2026-4687 (Sandbox escape due to incorrect boundary conditions in the Telemetry c ...)
+ {DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2053,6 +2291,7 @@ CVE-2026-4687 (Sandbox escape due to incorrect boundary conditions in the Teleme
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4687
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4687
CVE-2026-4686 (Incorrect boundary conditions in the Graphics: Canvas2D component. Thi ...)
+ {DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2060,6 +2299,7 @@ CVE-2026-4686 (Incorrect boundary conditions in the Graphics: Canvas2D component
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4686
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4686
CVE-2026-4685 (Incorrect boundary conditions in the Graphics: Canvas2D component. Thi ...)
+ {DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2067,6 +2307,7 @@ CVE-2026-4685 (Incorrect boundary conditions in the Graphics: Canvas2D component
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4685
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4685
CVE-2026-4684 (Race condition, use-after-free in the Graphics: WebRender component. T ...)
+ {DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -78581,6 +78822,7 @@ CVE-2025-59378 (In guix-daemon in GNU Guix before 1618ca7, a content-addressed-m
NOTE: Fixed by: https://codeberg.org/guix/guix/commit/f607aaaaaafe19257ef09ca519d325df6ae97e05
NOTE: Fixed by: https://codeberg.org/guix/guix/commit/9202921e812708b23788b2209cdb576d456f56db
CVE-2025-59375 (libexpat in Expat before 2.7.2 allows attackers to trigger large dynam ...)
+ {DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ab4cc6cdef4fb3cf3eb72e59eae3678e87139a4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ab4cc6cdef4fb3cf3eb72e59eae3678e87139a4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260326/8c5490f1/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list