Bastian Germann pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9ce3517c by Bastian Germann at 2026-05-11T18:27:58+02:00
Add some mongoose CVEs affecting swupdate
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -9192,8 +9192,10 @@ CVE-2026-6987 (A vulnerability was detected in PicoClaw
up to 0.2.4. Impacted is
NOT-FOR-US: PicoClaw
CVE-2026-6986 (A security vulnerability has been detected in Cesanta Mongoose
up to 7 ...)
- mongoose <not-affected> (Fixed before or with initial upload)
+ - swupdate 2025.12+dfsg-10
CVE-2026-6985 (A weakness has been identified in Cesanta Mongoose up to 7.20.
This vu ...)
- mongoose <not-affected> (Fixed before or with initial upload)
+ - swupdate 2025.12+dfsg-10
CVE-2026-6984 (A security flaw has been discovered in AstrBotDevs AstrBot up
to 4.22. ...)
NOT-FOR-US: AstrBotDevs AstrBot
CVE-2026-6983 (A vulnerability was identified in pagekit up to 1.0.18.
Affected by th ...)
@@ -22173,10 +22175,13 @@ CVE-2026-5326 (A vulnerability was identified in
SourceCodester Leave Applicatio
NOT-FOR-US: SourceCodester
CVE-2026-5246 (A vulnerability was determined in Cesanta Mongoose up to 7.20.
Affecte ...)
- mongoose <not-affected> (Fixed before or with initial upload)
+ - swupdate 2025.12+dfsg-10
CVE-2026-5245 (A vulnerability was found in Cesanta Mongoose up to 7.20. This
impacts ...)
- mongoose <not-affected> (Fixed before or with initial upload)
+ - swupdate 2025.12+dfsg-10
CVE-2026-5244 (A vulnerability has been found in Cesanta Mongoose up to 7.20.
This af ...)
- mongoose <not-affected> (Fixed before or with initial upload)
+ - swupdate 2025.12+dfsg-10
CVE-2026-5032 (The W3 Total Cache plugin for WordPress is vulnerable to
information e ...)
NOT-FOR-US: WordPress plugin
CVE-2026-4636 (A flaw was found in Keycloak. An authenticated user with the
uma_prote ...)
@@ -41995,10 +42000,13 @@ CVE-2026-2969 (A flaw has been found in
datapizza-labs datapizza-ai 0.0.2. Affec
NOT-FOR-US: datapizza-labs datapizza-ai
CVE-2026-2968 (A vulnerability was detected in Cesanta Mongoose up to 7.20.
This impa ...)
- mongoose <not-affected> (Fixed before or with initial upload, also
see bug #1135115)
+ - swupdate 2025.12+dfsg-10
CVE-2026-2967 (A security vulnerability has been detected in Cesanta Mongoose
up to 7 ...)
- mongoose <not-affected> (Fixed before or with initial upload, also
see bug #1135115)
+ - swupdate 2025.12+dfsg-10
CVE-2026-2966 (A weakness has been identified in Cesanta Mongoose up to 7.20.
The imp ...)
- mongoose <not-affected> (Fixed before or with initial upload, also
see bug #1135115)
+ - swupdate 2025.12+dfsg-10
CVE-2026-2965 (A security flaw has been discovered in 07FLYCMS, 07FLY-CMS and
07FlyCR ...)
NOT-FOR-US: 07FLYCMS, 07FLY-CMS and 07FlyCRM
CVE-2026-2964 (A vulnerability was identified in higuma web-audio-recorder-js
0.1/0.1 ...)
@@ -98937,6 +98945,7 @@ CVE-2025-55795 (The openml/openml.org web application
version v2.0.20241110 uses
NOT-FOR-US: openml/openml.org web application
CVE-2025-51495 (An integer overflow vulnerability exists in the WebSocket
component of ...)
- mongoose <not-affected> (Fixed before or with initial upload)
+ - swupdate 2025.12+dfsg-1
NOTE: https://github.com/cesanta/mongoose/pull/3131
NOTE:
https://github.com/cesanta/mongoose/commit/cdc439bc38570048541b2ac6b9c326da87bf4a0a
(7.18)
CVE-2025-43400 (An out-of-bounds write issue was addressed with improved
bounds checki ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9ce3517c0cbe98342059922c360625a0012420c2
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9ce3517c0cbe98342059922c360625a0012420c2
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
