[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Mar 26 20:16:00 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
92e6c954 by security tracker role at 2026-03-26T20:15:49+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,13 +1,325 @@
-CVE-2026-23398 [icmp: fix NULL pointer dereference in icmp_tag_validation()]
+CVE-2026-4926 (Impact: A bad regular expression is generated any time you have multi ...)
+ TODO: check
+CVE-2026-4923 (Impact: When using multiple wildcards, combined with at least one par ...)
+ TODO: check
+CVE-2026-4897 (A flaw was found in polkit. A local user can exploit this by providing ...)
+ TODO: check
+CVE-2026-4887 (A flaw was found in GIMP. This issue is a heap buffer over-read in GIM ...)
+ TODO: check
+CVE-2026-4877 (A security flaw has been discovered in itsourcecode Payroll Management ...)
+ TODO: check
+CVE-2026-4876 (A vulnerability was identified in itsourcecode Free Hotel Reservation ...)
+ TODO: check
+CVE-2026-4875 (A vulnerability was determined in itsourcecode Free Hotel Reservation ...)
+ TODO: check
+CVE-2026-4867 (Impact: A bad regular expression is generated any time you have three ...)
+ TODO: check
+CVE-2026-4862 (A security vulnerability has been detected in UTT HiPER 1250GW up to 3 ...)
+ TODO: check
+CVE-2026-4861 (A weakness has been identified in Wavlink WL-NU516U1 260227. This vuln ...)
+ TODO: check
+CVE-2026-4860 (A security flaw has been discovered in 648540858 wvp-GB28181-pro up to ...)
+ TODO: check
+CVE-2026-4809 (plank/laravel-mediable through version 6.4.0 can allow upload of a dan ...)
+ TODO: check
+CVE-2026-4274 (Mattermost versions 11.2.x <= 11.2.2, 10.11.x <= 10.11.10, 11.4.x <= 1 ...)
+ TODO: check
+CVE-2026-4263 (Vulnerability of incorrect authorization inHiJiffy Chatbot allows an a ...)
+ TODO: check
+CVE-2026-4262 (Vulnerability of incorrect authorization inHiJiffy Chatbot allows an a ...)
+ TODO: check
+CVE-2026-3116 (Mattermost Plugins versions <=11.4 11.0.4 11.1.3 11.3.2 10.11.11.0 fai ...)
+ TODO: check
+CVE-2026-3115 (Mattermost versions 11.2.x <= 11.2.2, 10.11.x <= 10.11.10, 11.4.x <= 1 ...)
+ TODO: check
+CVE-2026-3114 (Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2 ...)
+ TODO: check
+CVE-2026-3113 (Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2 ...)
+ TODO: check
+CVE-2026-3112 (Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2 ...)
+ TODO: check
+CVE-2026-3109 (Mattermost Plugins versions <=11.4 10.11.11.0 fail to validate webhook ...)
+ TODO: check
+CVE-2026-3108 (Mattermost versions 11.2.x <= 11.2.2, 10.11.x <= 10.11.10, 11.4.x <= 1 ...)
+ TODO: check
+CVE-2026-34071 (Stirling-PDF is a locally hosted web application that allows you to pe ...)
+ TODO: check
+CVE-2026-33732 (srvx is a universal server based on web standards. Prior to version 0. ...)
+ TODO: check
+CVE-2026-33632 (ClearanceKit intercepts file-system access events on macOS and enforce ...)
+ TODO: check
+CVE-2026-33631 (ClearanceKit intercepts file-system access events on macOS and enforce ...)
+ TODO: check
+CVE-2026-33536 (ImageMagick is free and open-source software used for editing and mani ...)
+ TODO: check
+CVE-2026-33535 (ImageMagick is free and open-source software used for editing and mani ...)
+ TODO: check
+CVE-2026-33532 (`yaml` is a YAML parser and serialiser for JavaScript. Parsing a YAML ...)
+ TODO: check
+CVE-2026-33531 (InvenTree is an Open Source Inventory Management System. Prior to vers ...)
+ TODO: check
+CVE-2026-33530 (InvenTree is an Open Source Inventory Management System. Prior to vers ...)
+ TODO: check
+CVE-2026-33529 (Zoraxy is a general purpose HTTP reverse proxy and forwarding tool. Pr ...)
+ TODO: check
+CVE-2026-33528 (GoDoxy is a reverse proxy and container orchestrator for self-hosters. ...)
+ TODO: check
+CVE-2026-33525 (Authelia is an open-source authentication and authorization server pro ...)
+ TODO: check
+CVE-2026-33506 (Ory Polis, formerly known as BoxyHQ Jackson, bridges or proxies a SAML ...)
+ TODO: check
+CVE-2026-33505 (Ory Keto is am open source authorization server for managing permissio ...)
+ TODO: check
+CVE-2026-33504 (Ory Hydra is an OAuth 2.0 Server and OpenID Connect Provider. Prior to ...)
+ TODO: check
+CVE-2026-33503 (Ory Kratos is an identity, user management and authentication system f ...)
+ TODO: check
+CVE-2026-33496 (ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control ...)
+ TODO: check
+CVE-2026-33495 (ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control ...)
+ TODO: check
+CVE-2026-33494 (ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control ...)
+ TODO: check
+CVE-2026-33491 (Zen C is a systems programming language that compiles to human-readabl ...)
+ TODO: check
+CVE-2026-33490 (H3 is a minimal H(TTP) framework. In versions 2.0.0-0 through 2.0.1-rc ...)
+ TODO: check
+CVE-2026-33487 (goxmlsig provides XML Digital Signatures implemented in Go. Prior to v ...)
+ TODO: check
+CVE-2026-33486 (Roadiz is a polymorphic content management system based on a node syst ...)
+ TODO: check
+CVE-2026-33481 (Syft is a a CLI tool and Go library for generating a Software Bill of ...)
+ TODO: check
+CVE-2026-33477 (FileRise is a self-hosted web-based file manager with multi-file uploa ...)
+ TODO: check
+CVE-2026-33470 (Frigate is a network video recorder (NVR) with realtime local object d ...)
+ TODO: check
+CVE-2026-33469 (Frigate is a network video recorder (NVR) with realtime local object d ...)
+ TODO: check
+CVE-2026-33468 (Kysely is a type-safe TypeScript SQL query builder. Prior to version 0 ...)
+ TODO: check
+CVE-2026-33442 (Kysely is a type-safe TypeScript SQL query builder. In versions 0.28.1 ...)
+ TODO: check
+CVE-2026-33438 (Stirling-PDF is a locally hosted web application that allows you to pe ...)
+ TODO: check
+CVE-2026-33430 (Briefcase is a tool for converting a Python project into a standalone ...)
+ TODO: check
+CVE-2026-33413 (etcd is a distributed key-value store for the data of a distributed sy ...)
+ TODO: check
+CVE-2026-33402 (Sakai is a Collaboration and Learning Environment (CLE). In versions 2 ...)
+ TODO: check
+CVE-2026-33397 (The Angular SSR is a server-rise rendering tool for Angular applicatio ...)
+ TODO: check
+CVE-2026-33396 (OneUptime is an open-source monitoring and observability platform. Pri ...)
+ TODO: check
+CVE-2026-33343 (etcd is a distributed key-value store for the data of a distributed sy ...)
+ TODO: check
+CVE-2026-33153 (Tandoor Recipes is an application for managing recipes, planning meals ...)
+ TODO: check
+CVE-2026-33152 (Tandoor Recipes is an application for managing recipes, planning meals ...)
+ TODO: check
+CVE-2026-33149 (Tandoor Recipes is an application for managing recipes, planning meals ...)
+ TODO: check
+CVE-2026-33148 (Tandoor Recipes is an application for managing recipes, planning meals ...)
+ TODO: check
+CVE-2026-33015 (EVerest is an EV charging software stack. Prior to version 2026.02.0, ...)
+ TODO: check
+CVE-2026-33014 (EVerest is an EV charging software stack. Prior to version 2026.02.0, ...)
+ TODO: check
+CVE-2026-33009 (EVerest is an EV charging software stack. Versions prior to 2026.02.0 ...)
+ TODO: check
+CVE-2026-32857 (Firecrawl version 2.8.0 and prior contain a server-side request forger ...)
+ TODO: check
+CVE-2026-32846 (OpenClaw through 2026.3.23 (fixed in commit 4797bbc) contains a path t ...)
+ TODO: check
+CVE-2026-32287 (Boolean XPath expressions that evaluate to true can cause an infinite ...)
+ TODO: check
+CVE-2026-32286 (The DataRow.Decode function fails to properly validate field lengths. ...)
+ TODO: check
+CVE-2026-32285 (The Delete function fails to properly validate offsets when processing ...)
+ TODO: check
+CVE-2026-32284 (The msgpack decoder fails to properly validate the input buffer length ...)
+ TODO: check
+CVE-2026-30463 (Daylight Studio FuelCMS v1.5.2 was discovered to contain a SQL injecti ...)
+ TODO: check
+CVE-2026-30458 (An issue in Daylight Studio FuelCMS v1.5.2 allows attackers to exfiltr ...)
+ TODO: check
+CVE-2026-30457 (An issue in the /parser/dwoo component of Daylight Studio FuelCMS v1.5 ...)
+ TODO: check
+CVE-2026-30162 (Cross Site Scripting (xss) vulnerability in Timo 2.0.3 via crafted lin ...)
+ TODO: check
+CVE-2026-2511 (The JS Help Desk \u2013 AI-Powered Support & Ticketing System plugin f ...)
+ TODO: check
+CVE-2026-2389 (The Complianz \u2013 GDPR/CCPA Cookie Consent plugin for WordPress is ...)
+ TODO: check
+CVE-2026-2231 (The Fluent Booking plugin for WordPress is vulnerable to Stored Cross- ...)
+ TODO: check
+CVE-2026-29976 (Buffer Overflow vulnerability in ZerBea hcxpcapngtool v. 7.0.1-43-g2ee ...)
+ TODO: check
+CVE-2026-29969 (A cross-site scripting (XSS) vulnerability in the wff_cols_pref.css.as ...)
+ TODO: check
+CVE-2026-29934 (A reflected cross-site scripting (XSS) vulnerability in the /admin/men ...)
+ TODO: check
+CVE-2026-29933 (A reflected cross-site scripting (XSS) vulnerability in the /index/log ...)
+ TODO: check
+CVE-2026-29905 (Kirby CMS through 5.1.4 allows an authenticated user with 'Editor' per ...)
+ TODO: check
+CVE-2026-29055 (Tandoor Recipes is an application for managing recipes, planning meals ...)
+ TODO: check
+CVE-2026-29044 (EVerest is an EV charging software stack. Prior to version 2026.02.0, ...)
+ TODO: check
+CVE-2026-28503 (Tandoor Recipes is an application for managing recipes, planning meals ...)
+ TODO: check
+CVE-2026-28298 (SolarWinds Observability Self-Hosted was found to be affected by a sto ...)
+ TODO: check
+CVE-2026-28297 (SolarWinds Observability Self-Hosted was found to be affected by a sto ...)
+ TODO: check
+CVE-2026-27828 (EVerest is an EV charging software stack. Prior to version 2026.02.0, ...)
+ TODO: check
+CVE-2026-27816 (EVerest is an EV charging software stack. Prior to versions to 2026.02 ...)
+ TODO: check
+CVE-2026-27815 (EVerest is an EV charging software stack. Prior to versions to 2026.02 ...)
+ TODO: check
+CVE-2026-27814 (EVerest is an EV charging software stack. Versions prior to 2026.02.0 ...)
+ TODO: check
+CVE-2026-27813 (EVerest is an EV charging software stack. Versions prior to 2026.02.0 ...)
+ TODO: check
+CVE-2026-27664 (A vulnerability has been identified in CPCI85 Central Processing/Commu ...)
+ TODO: check
+CVE-2026-27663 (A vulnerability has been identified in CPCI85 Central Processing/Commu ...)
+ TODO: check
+CVE-2026-26213 (thingino-firmware versions up to the firmware-2026-03-16 release conta ...)
+ TODO: check
+CVE-2026-26074 (EVerest is an EV charging software stack. Versions prior to 2026.02.0 ...)
+ TODO: check
+CVE-2026-26073 (EVerest is an EV charging software stack. Versions prior to 2026.02.0 ...)
+ TODO: check
+CVE-2026-26072 (EVerest is an EV charging software stack. Versions prior to 2026.02.0 ...)
+ TODO: check
+CVE-2026-26071 (EVerest is an EV charging software stack. Versions prior to 2026.02.0 ...)
+ TODO: check
+CVE-2026-26070 (EVerest is an EV charging software stack. Versions prior to 2026.02.0 ...)
+ TODO: check
+CVE-2026-26008 (EVerest is an EV charging software stack. Versions prior to 2026.02.0 ...)
+ TODO: check
+CVE-2026-24068 (The VSL privileged helper does utilize NSXPC for IPC. The implementati ...)
+ TODO: check
+CVE-2026-23995 (EVerest is an EV charging software stack. Prior to version 2026.02.0, ...)
+ TODO: check
+CVE-2026-22790 (EVerest is an EV charging software stack. Prior to version 2026.02.0, ...)
+ TODO: check
+CVE-2026-22593 (EVerest is an EV charging software stack. Prior to version 2026.02.0, ...)
+ TODO: check
+CVE-2026-1961 (A flaw was found in Foreman. A remote attacker could exploit a command ...)
+ TODO: check
+CVE-2026-1032 (The Conditional Menus plugin for WordPress is vulnerable to Cross-Site ...)
+ TODO: check
+CVE-2025-55277 (HCL Aftermarket DPC is affected by Use of Vulnerable/Outdated Versions ...)
+ TODO: check
+CVE-2025-55276 (HCL Aftermarket DPC is affected by Internal IP Disclosure vulnerabilit ...)
+ TODO: check
+CVE-2025-55275 (HCL Aftermarket DPC is affected by Admin Session Concurrency vulnerabi ...)
+ TODO: check
+CVE-2025-55274 (HCL Aftermarket DPC is affected by Cross-Origin Resource Sharing vulne ...)
+ TODO: check
+CVE-2025-55273 (HCL Aftermarket DPC is affected by Cross Domain Script Include vulnera ...)
+ TODO: check
+CVE-2025-55272 (HCL Aftermarket DPC is affected by Banner Disclosure vulnerability whe ...)
+ TODO: check
+CVE-2025-55271 (HCL Aftermarket DPC is affected by HTTP Response Splitting vulnerabili ...)
+ TODO: check
+CVE-2025-55270 (HCL Aftermarket DPC is affected by Improper Input Validation which all ...)
+ TODO: check
+CVE-2025-55269 (HCL Aftermarket DPC is affected by Weak Password Policy vulnerability, ...)
+ TODO: check
+CVE-2025-55268 (HCL Aftermarket DPC is affected by Spamming Vulnerability which can al ...)
+ TODO: check
+CVE-2025-55267 (HCL Aftermarket DPC is affected by Unrestricted File Upload vulnerabil ...)
+ TODO: check
+CVE-2025-55266 (HCL Aftermarket DPC is affected by Session Fixation which allows attac ...)
+ TODO: check
+CVE-2025-55265 (HCL Aftermarket DPC is affected by File Discovery which allows attacke ...)
+ TODO: check
+CVE-2025-55264 (HCL Aftermarket DPC is affected by Failure to Invalidate Session on Pa ...)
+ TODO: check
+CVE-2025-55263 (HCL Aftermarket DPC is affected by Hardcoded Sensitive Data which allo ...)
+ TODO: check
+CVE-2025-55262 (HCL Aftermarket DPC is affected by SQL Injection which allows attacker ...)
+ TODO: check
+CVE-2025-55261 (HCL Aftermarket DPC is affected by Missing Functional Level Access Con ...)
+ TODO: check
+CVE-2025-41368 (Problem in the Small HTTP Server v3.06.36 service. An authenticated pa ...)
+ TODO: check
+CVE-2025-41359 (Vulnerability related to an unquoted service path in Small HTTP Server ...)
+ TODO: check
+CVE-2025-41027 (Reflected Cross Site Scripting (XSS) vulnerabilities in GDTaller. Thes ...)
+ TODO: check
+CVE-2025-41026 (Reflected Cross Site Scripting (XSS) vulnerabilities in GDTaller. Thes ...)
+ TODO: check
+CVE-2023-7338 (Ruckus Unleashed contains a remote code execution vulnerability in the ...)
+ TODO: check
+CVE-2021-4474 (Ruckus Access Point products contain an arbitrary file read vulnerabil ...)
+ TODO: check
+CVE-2019-25650 (River Past CamDo 3.7.6 contains a structured exception handler (SEH) b ...)
+ TODO: check
+CVE-2019-25649 (River Past Audio Converter 7.7.16 contains a local buffer overflow vul ...)
+ TODO: check
+CVE-2019-25648 (MyVideoConverter Pro 3.14 contains a local buffer overflow vulnerabili ...)
+ TODO: check
+CVE-2018-25219 (PassFab Excel Password Recovery 8.3.1 contains a structured exception ...)
+ TODO: check
+CVE-2018-25218 (PassFab RAR Password Recovery 9.3.2 contains a structured exception ha ...)
+ TODO: check
+CVE-2018-25217 (PDF Explorer 1.5.66.2 contains a structured exception handler (SEH) ov ...)
+ TODO: check
+CVE-2018-25216 (AnyBurn 4.3 contains a local buffer overflow vulnerability that allows ...)
+ TODO: check
+CVE-2018-25215 (Excel Password Recovery Professional 8.2.0.0 contains a local buffer o ...)
+ TODO: check
+CVE-2018-25214 (MegaPing contains a local buffer overflow vulnerability that allows lo ...)
+ TODO: check
+CVE-2018-25213 (Nsauditor 3.0.28.0 contains a structured exception handling buffer ove ...)
+ TODO: check
+CVE-2018-25212 (Boxoft wav-wma Converter 1.0 contains a local buffer overflow vulnerab ...)
+ TODO: check
+CVE-2018-25211 (Allok Video Splitter 3.1.1217 contains a buffer overflow vulnerability ...)
+ TODO: check
+CVE-2018-25210 (WebOfisi E-Ticaret 4.0 contains an SQL injection vulnerability in the ...)
+ TODO: check
+CVE-2018-25209 (OpenBiz Cubi Lite 3.0.8 contains a SQL injection vulnerability in the ...)
+ TODO: check
+CVE-2018-25208 (qdPM 9.1 contains an SQL injection vulnerability that allows unauthent ...)
+ TODO: check
+CVE-2018-25207 (Online Quiz Maker 1.0 contains SQL injection vulnerabilities in the ca ...)
+ TODO: check
+CVE-2018-25206 (KomSeo Cart 1.3 contains an SQL injection vulnerability that allows at ...)
+ TODO: check
+CVE-2018-25205 (ASP.NET jVideo Kit 1.0 contains an SQL injection vulnerability that al ...)
+ TODO: check
+CVE-2018-25204 (Library CMS 1.0 contains an SQL injection vulnerability that allows un ...)
+ TODO: check
+CVE-2018-25203 (Online Store System CMS 1.0 contains an SQL injection vulnerability th ...)
+ TODO: check
+CVE-2018-25202 (SAT CFDI 3.3 contains an SQL injection vulnerability that allows attac ...)
+ TODO: check
+CVE-2018-25201 (School Management System CMS 1.0 contains an SQL injection vulnerabili ...)
+ TODO: check
+CVE-2018-25195 (Wecodex Hotel CMS 1.0 contains an SQL injection vulnerability in the a ...)
+ TODO: check
+CVE-2018-25185 (Wecodex Restaurant CMS 1.0 contains an SQL injection vulnerability tha ...)
+ TODO: check
+CVE-2018-25183 (Shipping System CMS 1.0 contains an SQL injection vulnerability that a ...)
+ TODO: check
+CVE-2026-23398 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/614aefe56af8e13331e50220c936fc0689cf5675 (7.0-rc5)
-CVE-2026-23397 [nfnetlink_osf: validate individual option lengths in fingerprints]
+CVE-2026-23397 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/dbdfaae9609629a9569362e3b8f33d0a20fd783c (7.0-rc5)
-CVE-2026-23396 [wifi: mac80211: fix NULL deref in mesh_matches_local()]
+CVE-2026-23396 (In the Linux kernel, the following vulnerability has been resolved: w ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/c73bb9a2d33bf81f6eecaa0f474b6c6dbe9855bd (7.0-rc5)
-CVE-2026-33416 [Use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE`]
+CVE-2026-33416 (LIBPNG is a reference library for use in applications that read, creat ...)
- libpng1.6 <unfixed>
NOTE: https://github.com/pnggroup/libpng/security/advisories/GHSA-m4pc-p4q3-4c7j
NOTE: https://github.com/pnggroup/libpng/pull/824
@@ -15,7 +327,7 @@ CVE-2026-33416 [Use-after-free via pointer aliasing in `png_set_tRNS` and `png_s
NOTE: Fixed by: https://github.com/pnggroup/libpng/commit/a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25 (v1.6.56)
NOTE: Fixed by: https://github.com/pnggroup/libpng/commit/7ea9eea884a2328cc7fdcb3c0c00246a50d90667 (v1.6.56)
NOTE: Fixed by: https://github.com/pnggroup/libpng/commit/c1b0318b393c90679e6fa5bc1d329fd5d5012ec1 (v1.6.56)
-CVE-2026-33636 [Out-of-bounds read/write in the palette expansion on ARM Neon]
+CVE-2026-33636 (LIBPNG is a reference library for use in applications that read, creat ...)
- libpng1.6 <unfixed>
NOTE: https://github.com/pnggroup/libpng/security/advisories/GHSA-wjr5-c57x-95m2
NOTE: Introduced with: https://github.com/pnggroup/libpng/commit/7734cda20cf1236aef60f3bbd2267c97bbb40869 (v1.6.36)
@@ -1779,9 +2091,11 @@ CVE-2025-33216 (NVIDIA SNAP-4 Container contains a vulnerability in the configur
CVE-2025-33215 (NVIDIA SNAP-4 Container contains a vulnerability in the VIRTIO-BLK com ...)
TODO: check
CVE-2026-4371 (A malicious mail server could send malformed strings with negative len ...)
+ {DSA-6179-1}
- thunderbird 1:140.9.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4371
CVE-2026-3889 (Spoofing issue in Thunderbird. This vulnerability affects Thunderbird ...)
+ {DSA-6179-1}
- thunderbird 1:140.9.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-3889
CVE-2026-3836
@@ -2062,7 +2376,7 @@ CVE-2019-25627 (FlexHEX 2.71 contains a local buffer overflow vulnerability in t
CVE-2019-25626 (River Past Cam Do 3.7.6 contains a local buffer overflow vulnerability ...)
NOT-FOR-US: River Past Cam Do
CVE-2026-4721 (Memory safety bugs present in Firefox ESR 115.33, Firefox ESR 140.8, T ...)
- {DSA-6178-1}
+ {DSA-6179-1 DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2073,7 +2387,7 @@ CVE-2026-4729 (Memory safety bugs present in Firefox 148 and Thunderbird 148. So
- firefox 149.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4729
CVE-2026-4720 (Memory safety bugs present in Firefox ESR 140.8, Thunderbird ESR 140.8 ...)
- {DSA-6178-1}
+ {DSA-6179-1 DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2081,7 +2395,7 @@ CVE-2026-4720 (Memory safety bugs present in Firefox ESR 140.8, Thunderbird ESR
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4720
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4720
CVE-2026-4719 (Incorrect boundary conditions in the Graphics: Text component. This vu ...)
- {DSA-6178-1}
+ {DSA-6179-1 DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2089,7 +2403,7 @@ CVE-2026-4719 (Incorrect boundary conditions in the Graphics: Text component. Th
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4719
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4719
CVE-2026-4718 (Undefined behavior in the WebRTC: Signaling component. This vulnerabil ...)
- {DSA-6178-1}
+ {DSA-6179-1 DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2106,7 +2420,7 @@ CVE-2026-4726 (Denial-of-service in the XML component. This vulnerability affect
- firefox 149.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4726
CVE-2026-4717 (Privilege escalation in the Netmonitor component. This vulnerability a ...)
- {DSA-6178-1}
+ {DSA-6179-1 DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2114,7 +2428,7 @@ CVE-2026-4717 (Privilege escalation in the Netmonitor component. This vulnerabil
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4717
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4717
CVE-2026-4716 (Incorrect boundary conditions, uninitialized memory in the JavaScript ...)
- {DSA-6178-1}
+ {DSA-6179-1 DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2122,7 +2436,7 @@ CVE-2026-4716 (Incorrect boundary conditions, uninitialized memory in the JavaSc
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4716
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4716
CVE-2026-4715 (Uninitialized memory in the Graphics: Canvas2D component. This vulnera ...)
- {DSA-6178-1}
+ {DSA-6179-1 DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2130,7 +2444,7 @@ CVE-2026-4715 (Uninitialized memory in the Graphics: Canvas2D component. This vu
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4715
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4715
CVE-2026-4714 (Incorrect boundary conditions in the Audio/Video component. This vulne ...)
- {DSA-6178-1}
+ {DSA-6179-1 DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2138,7 +2452,7 @@ CVE-2026-4714 (Incorrect boundary conditions in the Audio/Video component. This
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4714
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4714
CVE-2026-4713 (Incorrect boundary conditions in the Graphics component. This vulnerab ...)
- {DSA-6178-1}
+ {DSA-6179-1 DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2163,7 +2477,7 @@ CVE-2026-4711 (Use-after-free in the Widget: Cocoa component. This vulnerability
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4711
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4711
CVE-2026-4710 (Incorrect boundary conditions in the Audio/Video component. This vulne ...)
- {DSA-6178-1}
+ {DSA-6179-1 DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2171,7 +2485,7 @@ CVE-2026-4710 (Incorrect boundary conditions in the Audio/Video component. This
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4710
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4710
CVE-2026-4709 (Incorrect boundary conditions in the Audio/Video: GMP component. This ...)
- {DSA-6178-1}
+ {DSA-6179-1 DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2179,7 +2493,7 @@ CVE-2026-4709 (Incorrect boundary conditions in the Audio/Video: GMP component.
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4709
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4709
CVE-2026-4708 (Incorrect boundary conditions in the Graphics component. This vulnerab ...)
- {DSA-6178-1}
+ {DSA-6179-1 DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2187,7 +2501,7 @@ CVE-2026-4708 (Incorrect boundary conditions in the Graphics component. This vul
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4708
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4708
CVE-2026-4707 (Incorrect boundary conditions in the Graphics: Canvas2D component. Thi ...)
- {DSA-6178-1}
+ {DSA-6179-1 DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2195,7 +2509,7 @@ CVE-2026-4707 (Incorrect boundary conditions in the Graphics: Canvas2D component
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4707
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4707
CVE-2026-4706 (Incorrect boundary conditions in the Graphics: Canvas2D component. Thi ...)
- {DSA-6178-1}
+ {DSA-6179-1 DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2203,7 +2517,7 @@ CVE-2026-4706 (Incorrect boundary conditions in the Graphics: Canvas2D component
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4706
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4706
CVE-2026-4705 (Undefined behavior in the WebRTC: Signaling component. This vulnerabil ...)
- {DSA-6178-1}
+ {DSA-6179-1 DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2211,7 +2525,7 @@ CVE-2026-4705 (Undefined behavior in the WebRTC: Signaling component. This vulne
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4705
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4705
CVE-2026-4704 (Denial-of-service in the WebRTC: Signaling component. This vulnerabili ...)
- {DSA-6178-1}
+ {DSA-6179-1 DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2225,7 +2539,7 @@ CVE-2026-4723 (Use-after-free in the JavaScript Engine component. This vulnerabi
- firefox 149.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4723
CVE-2026-4702 (JIT miscompilation in the JavaScript Engine component. This vulnerabil ...)
- {DSA-6178-1}
+ {DSA-6179-1 DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2236,7 +2550,7 @@ CVE-2026-4722 (Privilege escalation in the IPC component. This vulnerability aff
- firefox 149.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4722
CVE-2026-4701 (Use-after-free in the JavaScript Engine component. This vulnerability ...)
- {DSA-6178-1}
+ {DSA-6179-1 DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2244,7 +2558,7 @@ CVE-2026-4701 (Use-after-free in the JavaScript Engine component. This vulnerabi
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4701
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4701
CVE-2026-4700 (Mitigation bypass in the Networking: HTTP component. This vulnerabilit ...)
- {DSA-6178-1}
+ {DSA-6179-1 DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2252,7 +2566,7 @@ CVE-2026-4700 (Mitigation bypass in the Networking: HTTP component. This vulnera
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4700
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4700
CVE-2026-4699 (Incorrect boundary conditions in the Layout: Text and Fonts component. ...)
- {DSA-6178-1}
+ {DSA-6179-1 DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2260,7 +2574,7 @@ CVE-2026-4699 (Incorrect boundary conditions in the Layout: Text and Fonts compo
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4699
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4699
CVE-2026-4698 (JIT miscompilation in the JavaScript Engine: JIT component. This vulne ...)
- {DSA-6178-1}
+ {DSA-6179-1 DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2268,7 +2582,7 @@ CVE-2026-4698 (JIT miscompilation in the JavaScript Engine: JIT component. This
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4698
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4698
CVE-2026-4697 (Incorrect boundary conditions in the Audio/Video: Web Codecs component ...)
- {DSA-6178-1}
+ {DSA-6179-1 DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2276,7 +2590,7 @@ CVE-2026-4697 (Incorrect boundary conditions in the Audio/Video: Web Codecs comp
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4697
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4697
CVE-2026-4696 (Use-after-free in the Layout: Text and Fonts component. This vulnerabi ...)
- {DSA-6178-1}
+ {DSA-6179-1 DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2284,7 +2598,7 @@ CVE-2026-4696 (Use-after-free in the Layout: Text and Fonts component. This vuln
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4696
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4696
CVE-2026-4695 (Incorrect boundary conditions in the Audio/Video: Web Codecs component ...)
- {DSA-6178-1}
+ {DSA-6179-1 DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2292,7 +2606,7 @@ CVE-2026-4695 (Incorrect boundary conditions in the Audio/Video: Web Codecs comp
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4695
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4695
CVE-2026-4694 (Incorrect boundary conditions, integer overflow in the Graphics compon ...)
- {DSA-6178-1}
+ {DSA-6179-1 DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2300,7 +2614,7 @@ CVE-2026-4694 (Incorrect boundary conditions, integer overflow in the Graphics c
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4694
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4694
CVE-2026-4693 (Incorrect boundary conditions in the Audio/Video: Playback component. ...)
- {DSA-6178-1}
+ {DSA-6179-1 DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2308,7 +2622,7 @@ CVE-2026-4693 (Incorrect boundary conditions in the Audio/Video: Playback compon
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4693
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4693
CVE-2026-4692 (Sandbox escape in the Responsive Design Mode component. This vulnerabi ...)
- {DSA-6178-1}
+ {DSA-6179-1 DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2316,7 +2630,7 @@ CVE-2026-4692 (Sandbox escape in the Responsive Design Mode component. This vuln
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4692
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4692
CVE-2026-4691 (Use-after-free in the CSS Parsing and Computation component. This vuln ...)
- {DSA-6178-1}
+ {DSA-6179-1 DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2324,7 +2638,7 @@ CVE-2026-4691 (Use-after-free in the CSS Parsing and Computation component. This
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4691
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4691
CVE-2026-4690 (Sandbox escape due to incorrect boundary conditions, integer overflow ...)
- {DSA-6178-1}
+ {DSA-6179-1 DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2332,7 +2646,7 @@ CVE-2026-4690 (Sandbox escape due to incorrect boundary conditions, integer over
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4690
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4690
CVE-2026-4689 (Sandbox escape due to incorrect boundary conditions, integer overflow ...)
- {DSA-6178-1}
+ {DSA-6179-1 DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2340,7 +2654,7 @@ CVE-2026-4689 (Sandbox escape due to incorrect boundary conditions, integer over
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4689
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4689
CVE-2026-4688 (Sandbox escape due to use-after-free in the Disability Access APIs com ...)
- {DSA-6178-1}
+ {DSA-6179-1 DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2348,7 +2662,7 @@ CVE-2026-4688 (Sandbox escape due to use-after-free in the Disability Access API
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4688
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4688
CVE-2026-4687 (Sandbox escape due to incorrect boundary conditions in the Telemetry c ...)
- {DSA-6178-1}
+ {DSA-6179-1 DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2356,7 +2670,7 @@ CVE-2026-4687 (Sandbox escape due to incorrect boundary conditions in the Teleme
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4687
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4687
CVE-2026-4686 (Incorrect boundary conditions in the Graphics: Canvas2D component. Thi ...)
- {DSA-6178-1}
+ {DSA-6179-1 DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2364,7 +2678,7 @@ CVE-2026-4686 (Incorrect boundary conditions in the Graphics: Canvas2D component
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4686
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4686
CVE-2026-4685 (Incorrect boundary conditions in the Graphics: Canvas2D component. Thi ...)
- {DSA-6178-1}
+ {DSA-6179-1 DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2372,7 +2686,7 @@ CVE-2026-4685 (Incorrect boundary conditions in the Graphics: Canvas2D component
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4685
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4685
CVE-2026-4684 (Race condition, use-after-free in the Graphics: WebRender component. T ...)
- {DSA-6178-1}
+ {DSA-6179-1 DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2875,11 +3189,11 @@ CVE-2026-31850 (Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37
NOT-FOR-US: Nexxt Solutions Nebula 300+ firmware
CVE-2026-31849 (Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does ...)
NOT-FOR-US: Nexxt Solutions Nebula 300+ firmware
-CVE-2026-31848 (Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 store ...)
+CVE-2026-31848 (Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 uses ...)
NOT-FOR-US: Nexxt Solutions Nebula 300+ firmware
CVE-2026-31847 (Hidden functionality in the /goform/setSysTools endpoint in Nexxt Solu ...)
NOT-FOR-US: Nexxt Solutions Nebula 300+ firmware
-CVE-2026-31846 (An unauthenticated credential disclosure vulnerability in the /goform/ ...)
+CVE-2026-31846 (Missing authentication in the /goform/ate endpoint in Nexxt Solutions ...)
NOT-FOR-US: Nexxt Solutions Nebula 300+ firmware
CVE-2026-30886 (New API is a large language mode (LLM) gateway and artificial intellig ...)
NOT-FOR-US: New API
@@ -4736,7 +5050,7 @@ CVE-2025-71258 (BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 conta
NOT-FOR-US: BMC FootPrints ITSM
CVE-2025-71257 (BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain an ...)
NOT-FOR-US: BMC FootPrints ITSM
-CVE-2025-69720 (ncurses v6.5 and v6.4 are vulnerable to Buffer Overflow in progs/infoc ...)
+CVE-2025-69720 (The infocmp command-line tool in ncurses before 6.5-20251213 has a sta ...)
- ncurses <unfixed>
NOTE: https://github.com/Cao-Wuhui/CVE-2025-69720
TODO: check upstream status
@@ -6997,7 +7311,7 @@ CVE-2026-22215 (wpDiscuz before 7.6.47 contains a cross-site request forgery vul
NOT-FOR-US: wpDiscuz
CVE-2026-22210 (wpDiscuz before 7.6.47 contains a cross-site scripting vulnerability t ...)
NOT-FOR-US: wpDiscuz
-CVE-2026-22209 (thingino-firmware up to commit e3f6a41 (published on 2026-03-15) conta ...)
+CVE-2026-22209 (wpDiscuz before 7.6.47 contains a cross-site scripting vulnerability i ...)
NOT-FOR-US: wpDiscuz
CVE-2026-22204 (wpDiscuz before 7.6.47 contains an email header injection vulnerabilit ...)
NOT-FOR-US: wpDiscuz
@@ -7671,7 +7985,7 @@ CVE-2023-43010 (The issue was addressed with improved memory handling. This issu
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
[bullseye] - wpewebkit <end-of-life> (see #1035997)
NOTE: https://webkitgtk.org/security/WSA-2026-0001.html
-CVE-2026-2436
+CVE-2026-2436 (A flaw was found in libsoup's SoupServer. A remote attacker could expl ...)
- libsoup3 <unfixed> (bug #1130498)
[trixie] - libsoup3 <no-dsa> (Minor issue)
[bookworm] - libsoup3 <no-dsa> (Minor issue)
@@ -13699,7 +14013,7 @@ CVE-2026-1311 (The Worry Proof Backup plugin for WordPress is vulnerable to Path
NOT-FOR-US: WordPress plugin
CVE-2026-0542 (ServiceNow has addressed a remote code execution vulnerability that wa ...)
NOT-FOR-US: ServiceNow
-CVE-2026-3190
+CVE-2026-3190 (A flaw was found in Keycloak. The User-Managed Access (UMA) 2.0 Protec ...)
- keycloak <itp> (bug #1088287)
CVE-2026-3184 [Access control bypass due to improper hostname canonicalization]
[experimental] - util-linux 2.42~rc1-1
@@ -14225,7 +14539,7 @@ CVE-2026-27624 (Coturn is a free open source implementation of TURN and STUN Ser
- coturn <unfixed> (bug #1129267)
NOTE: https://github.com/coturn/coturn/security/advisories/GHSA-j8mm-mpf8-gvjg
NOTE: https://github.com/coturn/coturn/commit/b80eb898ba26552600770162c26a8ae7f3661b0b (4.9.0)
-CVE-2026-3121
+CVE-2026-3121 (A flaw was found in Keycloak. An administrator with `manage-clients` p ...)
- keycloak <itp> (bug #1088287)
CVE-2026-3099 (A flaw was found in Libsoup. The server-side digest authentication imp ...)
- libsoup3 <unfixed> (bug #1129316)
@@ -78900,7 +79214,7 @@ CVE-2025-59378 (In guix-daemon in GNU Guix before 1618ca7, a content-addressed-m
NOTE: Fixed by: https://codeberg.org/guix/guix/commit/f607aaaaaafe19257ef09ca519d325df6ae97e05
NOTE: Fixed by: https://codeberg.org/guix/guix/commit/9202921e812708b23788b2209cdb576d456f56db
CVE-2025-59375 (libexpat in Expat before 2.7.2 allows attackers to trigger large dynam ...)
- {DSA-6178-1}
+ {DSA-6179-1 DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/92e6c9544893ae54291dc22a577c0be96d72af05
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/92e6c9544893ae54291dc22a577c0be96d72af05
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260326/84ff24ba/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list