[SECURITY] [DLA 4517-1] roundcube security update

Debian LTS Advisory DLA-4517-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin March 30, 2026 https://wiki.debian.org/LTS Package : roundcube Version : 1.4.15+dfsg.1-1+deb11u8 CVE ID : not yet available Debian Bug : 1131182 1132268 Multiple vulnerabilities were...

MiracleLinux 4 : firefox-78.6.0-1.0.1.AXS4 (AXSA:2020-1071:28)

The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2020-1071:28 advisory. chromium-browser: Uninitialized Use in V8 CVE-2020-16042 Mozilla: Heap buffer overflow in WebGL CVE-2020-26971 Mozilla: CSS Sanitizer performed...

CVE-2026-22712

The CVE-2026-22712 issue affects the MediaWiki extension ApprovedRevs. A flaw in ParserAfterTidy causes improper encoding/escaping of output due to magic word replacement, enabling input data manipulation. Affected versions are 1.39 through 1.45. The reported impact is limited to data handling vi...

CVE-2026-22712 ApprovedRevs allows bypassing the inline CSS sanitizer

Improper Encoding or Escaping of Output due to magic word replacement in ParserAfterTidy vulnerability in The Wikimedia Foundation Mediawiki - ApprovedRevs Extension allows Input Data Manipulation.This issue affects Mediawiki - ApprovedRevs Extension: 1.45, 1.44, 1.43, 1.39...

EUVD-2019-7496

Malware in sbrugna...

EUVD-2020-19497

Malware in sbrugna...

EUVD-2023-2045

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2020-26973

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. This could have been used as a sanitizer bypass. This...

USN-6748-1: Sanitize vulnerabilities

It was discovered that Sanitize incorrectly handled noscript elements under certain circumstances. An attacker could possibly use this issue to execute a cross-site scripting XSS attack. This issue only affected Ubuntu 22.04 LTS. CVE-2023-23627 It was discovered that Sanitize incorrectly handled...

Oracle Linux 6 : thunderbird (ELSA-2020-0123)

The remote Oracle Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2020-0123 advisory. 68.4.1-2.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 68.4.1-2 - Update to 68.4.1 build1 Tenable has...

UBUNTU-CVE-2023-36823

Sanitize is an allowlist-based HTML and CSS sanitizer. Using carefully crafted input, an attacker may be able to sneak arbitrary HTML and CSS through Sanitize starting with version 3.0.0 and prior to version 6.0.2 when Sanitize is configured to use the built-in "relaxed" config or when using a...

SUSE CVE-2020-26973

Certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. This could have been used as a sanitizer bypass. This vulnerability affects Firefox 84, Thunderbird 78.6, and Firefox ESR 78.6...

Mageia: Security Advisory (MGASA-2020-0462)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

NewStart CGSL MAIN 6.02 : firefox Multiple Vulnerabilities (NS-SA-2021-0120)

The remote NewStart CGSL host, running version MAIN 6.02, has firefox packages installed that are affected by multiple vulnerabilities: - Uninitialized Use in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to obtain potentially sensitive information from process memory via a...

SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2020:14584-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2020:14584-1 advisory. - Uninitialized Use in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to obtain potentially sensitive information from...

CVE-2020-26973

The Mozilla Foundation Security Advisory describes this flaw as: Certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. This could have been used as a sanitizer bypass...

CentOS 8 : firefox (CESA-2020:5562)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2020:5562 advisory. - chromium-browser: Uninitialized Use in V8 CVE-2020-16042 - Mozilla: Heap buffer overflow in WebGL CVE-2020-26971 - Mozilla: CSS Sanitizer performed...

DEBIAN-CVE-2020-26973

Certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. This could have been used as a sanitizer bypass. This vulnerability affects Firefox 84, Thunderbird 78.6, and Firefox ESR 78.6...

CVE-2020-26973

Certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. This could have been used as a sanitizer bypass. This vulnerability affects Firefox 84, Thunderbird 78.6, and Firefox ESR 78.6...

CVE-2020-26973

Certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. This could have been used as a sanitizer bypass. This vulnerability affects Firefox 84, Thunderbird 78.6, and Firefox ESR 78.6...