[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed May 20 20:14:09 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c88a3347 by security tracker role at 2026-05-20T19:14:03+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,121 @@
+CVE-2026-9101 (Prototype pollution in csv parsing logic during import can lead to unt ...)
+ TODO: check
+CVE-2026-9100 (The MongoDB C Driver's legacy GridFS API accepts malformed file metada ...)
+ TODO: check
+CVE-2026-9087 (A flaw was found in Keycloak. The cross-session verification proof is ...)
+ TODO: check
+CVE-2026-9084 (MISP\u2019s OIDC authentication plugin allowed automatic linking of an ...)
+ TODO: check
+CVE-2026-9065 (SureCart version prior to 4.2.1 are vulnerable to authenticated SQL in ...)
+ TODO: check
+CVE-2026-9064 (A flaw was found in 389-ds-base. The get_ldapmessage_controls_ext() fu ...)
+ TODO: check
+CVE-2026-9059 (NextGEN Gallery version prior to 4.2.1 are vulnerable to authenticated ...)
+ TODO: check
+CVE-2026-8598 (An undocumented configuration export port is accessible on some models ...)
+ TODO: check
+CVE-2026-8488 (Allocation of resources without limits or throttling vulnerability in ...)
+ TODO: check
+CVE-2026-8487 (Incorrect default permissions vulnerability in Progress Software MOVEi ...)
+ TODO: check
+CVE-2026-8486 (Allocation of resources without limits or throttling vulnerability in ...)
+ TODO: check
+CVE-2026-8485 (Uncontrolled Memory Allocation vulnerability in Progress Software MOVE ...)
+ TODO: check
+CVE-2026-8469 (Allocation of Resources Without Limits or Throttling vulnerability in ...)
+ TODO: check
+CVE-2026-8467 (Code Injection vulnerability in phenixdigital phoenix_storybook allows ...)
+ TODO: check
+CVE-2026-8342
+ REJECTED
+CVE-2026-7613 (The Cost of Goods by PixelYourSite plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2026-6728 (The Slider Revolution plugin for WordPress is vulnerable to Sensitive ...)
+ TODO: check
+CVE-2026-6405 (The Anomify AI \u2013 Anomaly Detection and Alerting plugin for WordPr ...)
+ TODO: check
+CVE-2026-5783 (Improper neutralization of input during web page generation ('cross-si ...)
+ TODO: check
+CVE-2026-5200 (The AcyMailing \u2013 An Ultimate Newsletter Plugin and Marketing Auto ...)
+ TODO: check
+CVE-2026-4293 (The affectedKieback & Peter DDC building controllersare vulnerable to ...)
+ TODO: check
+CVE-2026-47068 (Authorization Bypass Through User-Controlled Key vulnerability in phen ...)
+ TODO: check
+CVE-2026-45584 (Heap-based buffer overflow in Microsoft Defender allows an unauthorize ...)
+ TODO: check
+CVE-2026-45498 (Microsoft Defender Denial of Service Vulnerability)
+ TODO: check
+CVE-2026-45443 (Missing Authorization vulnerability in ADD-ONS.ORG PDF for Elementor F ...)
+ TODO: check
+CVE-2026-44933 (`PluginScript` attempts to `chroot` the plugin to the `repoManagerRoot ...)
+ TODO: check
+CVE-2026-44926 (InfoScale CmdServer before 7.4.2 mishandles access control.)
+ TODO: check
+CVE-2026-44925 (Cross-Site Request Forgery (CSRF) vulnerability in InfoScale v.9.1.3 O ...)
+ TODO: check
+CVE-2026-44924 (InfoScale VIOM 9.1.3 allows XSS.)
+ TODO: check
+CVE-2026-44923 (SQL injection in InfoScale VIOM before v9.1.3 allows remote attackers ...)
+ TODO: check
+CVE-2026-42834 (Improper link resolution before file access ('link following') in Azur ...)
+ TODO: check
+CVE-2026-42383 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2026-41091 (Improper link resolution before file access ('link following') in Micr ...)
+ TODO: check
+CVE-2026-39047 (Buffer Overflow vulnerability in EPSON L14150 FL27PB allows a remote a ...)
+ TODO: check
+CVE-2026-35070 (Dell SmartFabric Storage Software, versions prior to 1.4.5, contains a ...)
+ TODO: check
+CVE-2026-30691 (Cross-Site Scripting (XSS) vulnerability in @cyntler/react-doc-viewer ...)
+ TODO: check
+CVE-2026-27424 (Missing Authorization vulnerability in WP Chill Image Photo Gallery Fi ...)
+ TODO: check
+CVE-2026-27405 (Missing Authorization vulnerability in Magepeople inc. WpBookingly all ...)
+ TODO: check
+CVE-2026-25602 (Insufficient Verification of Data Authenticity vulnerability in Mesalv ...)
+ TODO: check
+CVE-2026-24573 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2026-24425 (Twig versions 2.16.x and 3.9.0 through 3.25.x contain a sandbox bypass ...)
+ TODO: check
+CVE-2026-22554 (MediaArea MediaInfoLib Channel Splitting heap-based buffer overflow vu ...)
+ TODO: check
+CVE-2026-22315 (Incorrect Privilege Assignment vulnerability in Mesalvo Meona Client L ...)
+ TODO: check
+CVE-2026-22314 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
+ TODO: check
+CVE-2026-21836 (The HCL DominoIQ RAG feature isaffected bya Broken Access Control vuln ...)
+ TODO: check
+CVE-2026-20240 (In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.11, and 9.3.12 ...)
+ TODO: check
+CVE-2026-20239 (In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Clou ...)
+ TODO: check
+CVE-2026-20238 (In Splunk AI Toolkit versions below 5.7.3, a low-privileged user that ...)
+ TODO: check
+CVE-2026-20223 (A vulnerability in the access validation of internal REST APIs of ...)
+ TODO: check
+CVE-2026-20206 (A vulnerability in the BrowserBot component of Cisco ThousandEyes Ente ...)
+ TODO: check
+CVE-2026-20199 (A vulnerability in the SSL certificate handling of Cisco ThousandEyes ...)
+ TODO: check
+CVE-2026-20171 (A vulnerability in the Border Gateway Protocol (BGP) enforce-firs ...)
+ TODO: check
+CVE-2026-0857 (Cleartext Storage of Sensitive Information in Memory vulnerability in ...)
+ TODO: check
+CVE-2026-0856 (Improper Access Control vulnerability in Mesalvo Meona Client Launcher ...)
+ TODO: check
+CVE-2025-32750 (Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Exposure of ...)
+ TODO: check
+CVE-2025-31985 (HCL BigFix Service Management (SM) is affected by a security misconfig ...)
+ TODO: check
+CVE-2025-31973 (HCL BigFix Service Management (SM) is susceptible to a Configuration ...)
+ TODO: check
+CVE-2025-11954 (Cross-Site request forgery (CSRF) vulnerability in Sitemio Information ...)
+ TODO: check
+CVE-2023-7346 (Ledger Bitcoin app versions 2.1.0 and 2.1.1 contain an address derivat ...)
+ TODO: check
CVE-2026-41073
- request-tracker5 <unfixed>
- request-tracker4 <unfixed>
@@ -40,78 +158,82 @@ CVE-2026-41999
NOTE: https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2026-06.html#incorrect-behaviour-of-views-with-tcp-proxy-requests
NOTE: https://github.com/PowerDNS/pdns/commit/6b0567a56642f22bc9338bb4a4caeaaecde40f27 (auth-5.0.5)
CVE-2026-42000
+ {DSA-6284-1}
- pdns 5.0.5-1
[bookworm] - pdns <end-of-life> (See #1119290)
[bullseye] - pdns <end-of-life> (see DLA 4471)
NOTE: https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2026-06.html#insufficient-validation-of-names-during-axfr
NOTE: https://github.com/PowerDNS/pdns/commit/7473d0e899f876507b001ba2966a82aafdce025e (auth-5.0.5)
CVE-2026-42001
+ {DSA-6284-1}
- pdns 5.0.5-1
[bookworm] - pdns <end-of-life> (See #1119290)
[bullseye] - pdns <end-of-life> (see DLA 4471)
NOTE: https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2026-06.html#insufficient-validation-of-autoprimary-soa-queries
NOTE: https://github.com/PowerDNS/pdns/commit/4459ba81e6674039e40bf15f177424f6b52cdd90 (auth-5.0.5)
CVE-2026-42002
+ {DSA-6284-1}
- pdns 5.0.5-1
[bookworm] - pdns <end-of-life> (See #1119290)
[bullseye] - pdns <end-of-life> (see DLA 4471)
NOTE: https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2026-06.html#concurrency-and-locking-defects-in-gss-tsig
NOTE: https://github.com/PowerDNS/pdns/commit/27c388790cb49a11229732ee658c047bcdec9c96 (auth-5.0.5)
CVE-2026-42396
+ {DSA-6284-1}
- pdns 5.0.5-1
[bookworm] - pdns <end-of-life> (See #1119290)
[bullseye] - pdns <end-of-life> (see DLA 4471)
NOTE: https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2026-06.html#insufficient-validation-of-member-zone-data-may-cause-catalog-zone-transfer-to-fail
NOTE: https://github.com/PowerDNS/pdns/commit/d0bc49a5355906d21e06552b5e3fd87cd5c91406 (auth-5.0.5)
-CVE-2026-3592 [Limit resolver server list size]
+CVE-2026-3592 (BIND resolvers are vulnerable to an amplified resource consumption/exh ...)
- bind9 1:9.20.23-1
NOTE: https://kb.isc.org/docs/cve-2026-3592
-CVE-2026-3039 [Fix GSS-API resource leak]
+CVE-2026-3039 (BIND servers that are configured to use TKEY-based authentication via ...)
- bind9 1:9.20.23-1
NOTE: https://kb.isc.org/docs/cve-2026-3039
-CVE-2026-5946 [Disable recursion, UPDATE, and NOTIFY for non-IN views]
+CVE-2026-5946 (Multiple flaws have been identified in `named` related to the handling ...)
- bind9 1:9.20.23-1
NOTE: https://kb.isc.org/docs/cve-2026-5946
-CVE-2026-5950 [Avoid unbounded recursion loop]
+CVE-2026-5950 (An unbounded resend loop vulnerability exists in the BIND 9 resolver s ...)
- bind9 1:9.20.23-1
NOTE: https://kb.isc.org/docs/cve-2026-5950
-CVE-2026-5947 [Fix crash in resolver when SIG(0)-signed responses are received under load]
+CVE-2026-5947 (Undefined behavior may result due to a race condition leading to a use ...)
- bind9 1:9.20.23-1
NOTE: https://kb.isc.org/docs/cve-2026-5947
-CVE-2026-3593 [Fix use-after-free error in DNS-over-HTTPS when processing HTTP/2 SETTINGS frames]
+CVE-2026-3593 (A use-after-free vulnerability exists within the DNS-over-HTTPS implem ...)
- bind9 1:9.20.23-1
NOTE: https://kb.isc.org/docs/cve-2026-3593
-CVE-2026-44608 [Use after free and crash in RPZ code (special requirements apply)]
+CVE-2026-44608 (NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a loc ...)
- unbound <unfixed> (bug #1137187)
NOTE: https://www.openwall.com/lists/oss-security/2026/05/20/5
-CVE-2026-44390 [Unbounded name compression in certain cases causes degradation of service]
+CVE-2026-44390 (NLnet Labs Unbound up to and including version 1.25.0 has a vulnerabil ...)
- unbound <unfixed> (bug #1137187)
NOTE: https://www.openwall.com/lists/oss-security/2026/05/20/5
-CVE-2026-42960 [Possible cache poisoning attack while following delegation]
+CVE-2026-42960 (NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to ...)
- unbound <unfixed> (bug #1137187)
NOTE: https://www.openwall.com/lists/oss-security/2026/05/20/5
-CVE-2026-42923 [Degradation of service with unbounded NSEC3 hash calculations]
+CVE-2026-42923 (NLnet Labs Unbound up to and including version 1.25.0 has a vulnerabil ...)
- unbound <unfixed> (bug #1137187)
NOTE: https://www.openwall.com/lists/oss-security/2026/05/20/5
-CVE-2026-42534 [Jostle logic bypass degrades resolution performance]
+CVE-2026-42534 (NLnet Labs Unbound up to and including version 1.25.0 has a vulnerabil ...)
- unbound <unfixed> (bug #1137187)
NOTE: https://www.openwall.com/lists/oss-security/2026/05/20/5
-CVE-2026-41292 [Parsing a long list of incoming EDNS options degrades performance]
+CVE-2026-41292 (NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to ...)
- unbound <unfixed> (bug #1137187)
NOTE: https://www.openwall.com/lists/oss-security/2026/05/20/5
-CVE-2026-40622 ["Ghost domain name" variant]
+CVE-2026-40622 (NLnet Labs Unbound 1.16.2 up to and including version 1.25.0 has a vul ...)
- unbound <unfixed> (bug #1137187)
NOTE: https://www.openwall.com/lists/oss-security/2026/05/20/5
-CVE-2026-32792 [Packet of death with DNSCrypt (feasibility very low]
+CVE-2026-32792 (NLnet Labs Unbound 1.6.2 up to and including version 1.25.0 has a deni ...)
- unbound <unfixed> (bug #1137187)
NOTE: https://www.openwall.com/lists/oss-security/2026/05/20/5
-CVE-2026-42959 [Crash during DNSSEC validation of malicious content]
+CVE-2026-42959 (NLnet Labs Unbound up to and including version 1.25.0 has a denial of ...)
- unbound <unfixed> (bug #1137187)
NOTE: https://www.openwall.com/lists/oss-security/2026/05/20/5
-CVE-2026-42944 [Heap overflow and crash with multiple nsid, cookie, padding EDNS options]
+CVE-2026-42944 (NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a vul ...)
- unbound <unfixed> (bug #1137187)
NOTE: https://www.openwall.com/lists/oss-security/2026/05/20/5
-CVE-2026-33278 [Possible arbitrary code execution during DNSSEC validation]
+CVE-2026-33278 (NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vul ...)
- unbound <unfixed> (bug #1137187)
NOTE: https://www.openwall.com/lists/oss-security/2026/05/20/5
CVE-2026-9057 (A broken access control issue has been identified in the Talend Admini ...)
@@ -530,23 +652,28 @@ CVE-2024-36343 (Improper input validation in the System Management Mode (SMM) co
TODO: check
CVE-2023-7345 (Ledger Live with vulnerable versions of ledgerhq/hw-app-eth prior to 6 ...)
TODO: check
-CVE-2026-29518
+CVE-2026-29518 (Rsync versions before 3.4.3 contain a time-of-check to time-of-use (TO ...)
+ {DSA-6282-1 DLA-4591-1}
- rsync 3.4.3+ds1-1
NOTE: https://download.samba.org/pub/rsync/NEWS#3.4.3
NOTE: https://www.openwall.com/lists/oss-security/2026/05/20/6
CVE-2026-43617 (Rsync version3.4.2 and prior contain an authorization bypass vulnerabi ...)
+ {DSA-6282-1 DLA-4591-1}
- rsync 3.4.3+ds1-1
NOTE: https://download.samba.org/pub/rsync/NEWS#3.4.3
NOTE: https://www.openwall.com/lists/oss-security/2026/05/20/6
CVE-2026-43618 (Rsync version3.4.2 and prior contain an integer overflow vulnerability ...)
+ {DSA-6282-1 DLA-4591-1}
- rsync 3.4.3+ds1-1
NOTE: https://download.samba.org/pub/rsync/NEWS#3.4.3
NOTE: https://www.openwall.com/lists/oss-security/2026/05/20/6
CVE-2026-43619 (Rsync version3.4.2 and prior contain symlink race condition vulnerabil ...)
+ {DSA-6282-1 DLA-4591-1}
- rsync 3.4.3+ds1-1
NOTE: https://download.samba.org/pub/rsync/NEWS#3.4.3
NOTE: https://www.openwall.com/lists/oss-security/2026/05/20/6
CVE-2026-43620 (Rsync version3.4.2 and prior contain a receiver-side out-of-bounds arr ...)
+ {DSA-6282-1 DLA-4591-1}
- rsync 3.4.3+ds1-1
NOTE: https://download.samba.org/pub/rsync/NEWS#3.4.3
NOTE: https://www.openwall.com/lists/oss-security/2026/05/20/6
@@ -574,6 +701,7 @@ CVE-2026-46529
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/papers/-/commit/1b82bf627b4d8b414a57b55a9095e6d361799d6c
NOTE: No security impact in evince-gtk3 since affected code not built in binary package.
CVE-2026-8975 (Memory safety bugs present in Thunderbird 140.10 and Thunderbird 150. ...)
+ {DSA-6283-1}
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird 1:140.11.0esr-1
@@ -581,6 +709,7 @@ CVE-2026-8975 (Memory safety bugs present in Thunderbird 140.10 and Thunderbird
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8975
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8975
CVE-2026-8974 (Memory safety bugs present in Thunderbird 140.10 and Thunderbird 150. ...)
+ {DSA-6283-1}
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird 1:140.11.0esr-1
@@ -597,6 +726,7 @@ CVE-2026-8971 (Same-origin policy bypass in the Networking: JAR component. This
- firefox 151.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8971
CVE-2026-8970 (Privilege escalation in the Security component. This vulnerability was ...)
+ {DSA-6283-1}
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird 1:140.11.0esr-1
@@ -607,6 +737,7 @@ CVE-2026-8969 (Mitigation bypass in the DOM: Security component. This vulnerabil
- firefox 151.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8969
CVE-2026-8968 (Denial-of-service due to invalid pointer in the Audio/Video: Web Codec ...)
+ {DSA-6283-1}
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird 1:140.11.0esr-1
@@ -629,6 +760,7 @@ CVE-2026-8963 (Spoofing issue in the Web Speech component. This vulnerability wa
- firefox 151.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8963
CVE-2026-8962 (Mitigation bypass in the DOM: Security component. This vulnerability w ...)
+ {DSA-6283-1}
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird 1:140.11.0esr-1
@@ -636,6 +768,7 @@ CVE-2026-8962 (Mitigation bypass in the DOM: Security component. This vulnerabil
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8962
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8962
CVE-2026-8961 (Spoofing issue in the Form Autofill component. This vulnerability was ...)
+ {DSA-6283-1}
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird 1:140.11.0esr-1
@@ -653,6 +786,7 @@ CVE-2026-8959 (Sandbox escape due to incorrect boundary conditions in the Widget
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8959
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8959
CVE-2026-8958 (Information disclosure, sandbox escape in the Security: Process Sandbo ...)
+ {DSA-6283-1}
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird 1:140.11.0esr-1
@@ -660,6 +794,7 @@ CVE-2026-8958 (Information disclosure, sandbox escape in the Security: Process S
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8958
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8958
CVE-2026-8957 (Privilege escalation in the Enterprise Policies component. This vulner ...)
+ {DSA-6283-1}
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird 1:140.11.0esr-1
@@ -667,6 +802,7 @@ CVE-2026-8957 (Privilege escalation in the Enterprise Policies component. This v
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8957
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8957
CVE-2026-8956 (Integer overflow in the Networking: JAR component. This vulnerability ...)
+ {DSA-6283-1}
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird 1:140.11.0esr-1
@@ -674,6 +810,7 @@ CVE-2026-8956 (Integer overflow in the Networking: JAR component. This vulnerabi
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8956
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8956
CVE-2026-8955 (Privilege escalation in the DOM: Workers component. This vulnerability ...)
+ {DSA-6283-1}
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird 1:140.11.0esr-1
@@ -681,6 +818,7 @@ CVE-2026-8955 (Privilege escalation in the DOM: Workers component. This vulnerab
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8955
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8955
CVE-2026-8954 (Incorrect boundary conditions, integer overflow in the Audio/Video com ...)
+ {DSA-6283-1}
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird 1:140.11.0esr-1
@@ -688,6 +826,7 @@ CVE-2026-8954 (Incorrect boundary conditions, integer overflow in the Audio/Vide
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8954
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8954
CVE-2026-8953 (Sandbox escape due to use-after-free in the Disability Access APIs com ...)
+ {DSA-6283-1}
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird 1:140.11.0esr-1
@@ -701,6 +840,7 @@ CVE-2026-8951 (Spoofing issue in the Toolbar component in Firefox for Android. T
- firefox <not-affected> (Only affects Firefox on Android)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8951
CVE-2026-8950 (Same-origin policy bypass in the Networking: HTTP component. This vuln ...)
+ {DSA-6283-1}
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird 1:140.11.0esr-1
@@ -718,6 +858,7 @@ CVE-2026-8948 (Same-origin policy bypass in the DOM: Networking component. This
- firefox 151.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8948
CVE-2026-8947 (Use-after-free in the DOM: Bindings (WebIDL) component. This vulnerabi ...)
+ {DSA-6283-1}
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird 1:140.11.0esr-1
@@ -725,6 +866,7 @@ CVE-2026-8947 (Use-after-free in the DOM: Bindings (WebIDL) component. This vuln
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8947
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8947
CVE-2026-8946 (Incorrect boundary conditions in the Audio/Video: Web Codecs component ...)
+ {DSA-6283-1}
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- thunderbird 1:140.11.0esr-1
@@ -739,7 +881,7 @@ CVE-2026-XXXX [VSV00019]
NOTE: https://vinyl-cache.org/security/VSV00019.html
NOTE: https://code.vinyl-cache.org/vinyl-cache/vinyl-cache/commit/dfc27fb4e7bf110945f5c145ce95b8de14ead77f (master)
NOTE: https://code.vinyl-cache.org/vinyl-cache/vinyl-cache/commit/037031d429e3d309ae66ebabff33aa591402f20e (6.0)
-CVE-2026-41054 [haveged: missing exit out of permission check could lead to root exploit]
+CVE-2026-41054 (In `src/havegecmd.c`, the `socket_handler` function performs a credent ...)
- haveged 1.9.21-1 (bug #1137096)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1264086
NOTE: Introduced with: https://github.com/jirka-h/haveged/commit/a2496c5de9af7e3ac3ef82a2257d14d8a0ac37fb (1.9.3)
@@ -3967,6 +4109,7 @@ CVE-2026-8429 (SPIP versions prior to 4.4.14 contain a remote code execution vul
CVE-2026-8407 (Missing authorization in the PAM module in Devolutions Server allows a ...)
NOT-FOR-US: Devolutions
CVE-2026-8401 (Sandbox escape in the Profile Backup component. This vulnerability was ...)
+ {DSA-6283-1}
- firefox 150.0.3-1
- firefox-esr 140.11.0esr-1
- thunderbird 1:140.11.0esr-1
@@ -3974,6 +4117,7 @@ CVE-2026-8401 (Sandbox escape in the Profile Backup component. This vulnerabilit
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8401
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8401
CVE-2026-8391 (Other issue in the JavaScript Engine component. This vulnerability was ...)
+ {DSA-6283-1}
- firefox 150.0.3-1
- firefox-esr 140.11.0esr-1
- thunderbird 1:140.11.0esr-1
@@ -3987,6 +4131,7 @@ CVE-2026-8389 (JIT miscompilation in the JavaScript Engine: JIT component. This
- firefox 150.0.3-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-45/#CVE-2026-8389
CVE-2026-8388 (Incorrect boundary conditions in the JavaScript Engine: JIT component. ...)
+ {DSA-6283-1}
- firefox 150.0.3-1
- firefox-esr 140.11.0esr-1
- thunderbird 1:140.11.0esr-1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c88a33476f7dd7b8aa3db959ea07344d17e53d71
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c88a33476f7dd7b8aa3db959ea07344d17e53d71
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260520/5908505c/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list