Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
10cd6b38 by Moritz Muehlenhoff at 2026-05-05T12:06:01+02:00
new apache2 issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -282,17 +282,35 @@ CVE-2026-35228 (Vulnerability in the Oracle MCP Server
Helper Tool product of Or
CVE-2026-34882
REJECTED
CVE-2026-34059 (Buffer Over-read vulnerability in Apache HTTP Server. This
issue affe ...)
- TODO: check
+ - apache2 <unfixed>
+ NOTE: https://www.openwall.com/lists/oss-security/2026/05/04/17
+ NOTE: https://httpd.apache.org/security/vulnerabilities_24.html
+ NOTE:
https://github.com/apache/httpd/commit/a3d32288317a87b1398825f2167e0ae083ed43da
(2.4.67-rc1-candidate)
CVE-2026-34032 (Improper Null Termination, Out-of-bounds Read vulnerability in
Apache ...)
- TODO: check
+ - apache2 <unfixed>
+ NOTE: https://www.openwall.com/lists/oss-security/2026/05/04/16
+ NOTE: https://httpd.apache.org/security/vulnerabilities_24.html
+ NOTE:
https://github.com/apache/httpd/commit/b8def8fe323f7f67d0e03bb83c67d66bd8d7fcb2
(2.4.67-rc1-candidate)
CVE-2026-33857 (Out-of-bounds Read vulnerability in mod_proxy_ajp of Apache
HTTP Ser ...)
- TODO: check
+ - apache2 <unfixed>
+ NOTE: https://www.openwall.com/lists/oss-security/2026/05/04/15
+ NOTE: https://httpd.apache.org/security/vulnerabilities_24.html
+ NOTE:
https://github.com/apache/httpd/commit/493eb23e5cc18c3a7be53977c182ff5d1360c64c
(2.4.67-rc1-candidate)
CVE-2026-33523 (HTTP response splitting vulnerability in multiple Apache HTTP
Server m ...)
- TODO: check
+ - apache2 <unfixed>
+ NOTE: https://www.openwall.com/lists/oss-security/2026/05/04/23
+ NOTE: https://httpd.apache.org/security/vulnerabilities_24.html
+ NOTE:
https://github.com/apache/httpd/commit/0218d4b9c1c0706df4bd7a3e3b15f71d4b66126a
(2.4.67-rc1-candidate)
CVE-2026-33007 (A NULL pointer dereference in the mod_authn_socache in Apache
HTTP Ser ...)
- TODO: check
+ - apache2 <unfixed>
+ NOTE: https://www.openwall.com/lists/oss-security/2026/05/04/22
+ NOTE: https://httpd.apache.org/security/vulnerabilities_24.html
+ NOTE:
https://github.com/apache/httpd/commit/d80685a9e0241d99e94aa2fc0aa491d90c4ae9e8
(2.4.67-rc1-candidate)
CVE-2026-33006 (A timing attack against mod_auth_digest in Apache HTTP Server
2.4.66 a ...)
- TODO: check
+ - apache2 <unfixed>
+ NOTE: https://www.openwall.com/lists/oss-security/2026/05/04/21
+ NOTE: https://httpd.apache.org/security/vulnerabilities_24.html
+ NOTE:
https://github.com/apache/httpd/commit/4833b58c484c4eb8b429887b472bf4967cf88320
(2.4.67-rc1-candidate)
CVE-2026-32834 (Easy PayPal Events & Tickets plugin for WordPress version 1.3
and earl ...)
TODO: check
CVE-2026-31205 (Cross Site Scripting vulnerability in Pluck CMS before
v.4.7.21dev all ...)
@@ -308,7 +326,10 @@ CVE-2026-2729 (The Forminator plugin for WordPress is
vulnerable to authorizatio
CVE-2026-29514 (NetBox versions 4.3.5 through 4.5.4 contain a remote code
execution vu ...)
TODO: check
CVE-2026-29169 (A NULL pointer dereference in mod_dav_lock in Apache HTTP
Server 2.4.6 ...)
- TODO: check
+ - apache2 <unfixed>
+ NOTE: http://www.openwall.com/lists/oss-security/2026/05/04/20
+ NOTE: https://httpd.apache.org/security/vulnerabilities_24.html
+ NOTE:
https://github.com/apache/httpd/commit/225dc070adba11040b774cf641e1d8bc79941643
(2.4.67-rc1-candidate)
CVE-2026-29004 (BusyBox before commit 42202bf contains a heap buffer overflow
vulnerab ...)
TODO: check
CVE-2026-26956 (vm2 is an open source vm/sandbox for Node.js. In version
3.10.4, vm2 i ...)
@@ -330,9 +351,15 @@ CVE-2026-24118 (vm2 is an open source vm/sandbox for
Node.js. Prior to version 3
CVE-2026-24082 (Memory Corruption when copying data from a freed source while
executin ...)
NOT-FOR-US: Qualcomm
CVE-2026-24072 (An escalation of privilege bug in various modules in Apache
HTTP 2.4.6 ...)
- TODO: check
+ - apache2 <unfixed>
+ NOTE: https://www.openwall.com/lists/oss-security/2026/05/04/18
+ NOTE: https://httpd.apache.org/security/vulnerabilities_24.html
+ NOTE:
https://github.com/apache/httpd/commit/05e6c5086d6792b9105f88e1664b2614087f79d5
(2.4.67-rc1-candidate)
CVE-2026-23918 (Double Free and possible RCE vulnerability in Apache HTTP
Server with ...)
- TODO: check
+ - apache2 <unfixed>
+ NOTE: https://www.openwall.com/lists/oss-security/2026/05/04/19
+ NOTE: https://httpd.apache.org/security/vulnerabilities_24.html
+ NOTE:
https://github.com/apache/httpd/commit/e41e84e08e6186460e77a8357b5d5c571d33bd76
(2.4.67-rc1-candidate)
CVE-2026-1921 (The Loco Translate plugin for WordPress is vulnerable to Path
Traversa ...)
NOT-FOR-US: WordPress plugin
CVE-2026-0073 (In adbd_tls_verify_cert of auth.cpp, there is a possible bypass
of wir ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/10cd6b38ca6365c5bb421ac7ec32e34a0ebf64ad
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/10cd6b38ca6365c5bb421ac7ec32e34a0ebf64ad
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
