Abhijith PA pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1f7db918 by Abhijith PA at 2026-05-29T19:45:36+05:30
Add patch references for xrdp CVEs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -26857,6 +26857,7 @@ CVE-2026-35546 (AnvizCX2 Lite and CX7are vulnerable to
unauthenticated firmware
CVE-2026-35512 (xrdp is an open source RDP server. Versions through 0.10.5
have a heap ...)
- xrdp 0.10.6-1 (bug #1134339)
NOTE:
https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-jg6p-7fg8-9hh6
+ NOTE:
https://github.com/neutrinolabs/xrdp/commit/8c407ce3ed690100fd9fd259c506f526ab74ee5f
(v0.10.6)
CVE-2026-35465 (SecureDrop Client is a desktop app for journalists to securely
communi ...)
NOT-FOR-US: SecureDrop Client
CVE-2026-35402 (mcp-neo4j-cypher is an MCP server for executing Cypher queries
against ...)
@@ -26866,16 +26867,19 @@ CVE-2026-35061 (Anviz CX7 Firmwareis vulnerable to
the most recently captured te
CVE-2026-33689 (xrdp is an open source RDP server. Versions through 0.10.5
have an out ...)
- xrdp 0.10.6-1 (bug #1134339)
NOTE:
https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-92mr-6wpp-27jj
+ NOTE:
https://github.com/neutrinolabs/xrdp/commit/d1323f9bb0caebdb9ca46627579954c25599ed25
(v0.10.6)
CVE-2026-33569 (AnvizCX2 Lite and CX7 administrative sessions occur over HTTP,
enablin ...)
NOT-FOR-US: Anviz
CVE-2026-33516 (xrdp is an open source RDP server. Versions through 0.10.5
contain an ...)
- xrdp 0.10.6-1 (bug #1134339)
NOTE:
https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-rvh9-9wm3-28c7
+ NOTE:
https://github.com/neutrinolabs/xrdp/commit/d2a8802c3124c103cd0c40aba661602420d01a73
(v0.10.6)
CVE-2026-33436 (Stirling-PDF is a locally hosted web application that
facilitates vari ...)
NOT-FOR-US: Stirling-PDF
CVE-2026-33145 (xrdp is an open source RDP server. Versions through 0.10.5
allow an au ...)
- xrdp 0.10.6-1 (bug #1134339)
NOTE:
https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-rmvv-7633-fg7h
+ NOTE:
https://github.com/neutrinolabs/xrdp/commit/4174e61f38e5ebf79dade7b30634e998311e573f
(v0.10.6)
CVE-2026-33093 (Anviz CX7 Firmwareis vulnerable to an unauthenticated POST to
the devi ...)
NOT-FOR-US: Anviz
CVE-2026-32650 (Anviz CrossChex Standardis vulnerable when an attacker
manipulates the ...)
@@ -26885,17 +26889,25 @@ CVE-2026-32648 (AnvizCX2 Lite and CX7are vulnerable
to unauthenticated access th
CVE-2026-32624 (xrdp is an open source RDP server. Versions through 0.10.5
contain a h ...)
- xrdp 0.10.6-1 (bug #1134339)
NOTE:
https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-7q2g-6fjr-h6pp
+ NOTE:
https://github.com/neutrinolabs/xrdp/commit/4594d4ed9198f5fa6c1f2eb03fac96110a4e0ebb
(v0.10.6)
CVE-2026-32623 (xrdp is an open source RDP server. Versions through 0.10.5
contain a h ...)
- xrdp 0.10.6-1 (bug #1134339)
NOTE:
https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-phw3-qp59-x2v4
+ NOTE:
https://github.com/neutrinolabs/xrdp/commit/b6b610f5f7bba56fcd355bb2131adffd2ba19e5a
(v0.10.6)
CVE-2026-32324 (Anviz CX7 Firmwareis vulnerable because the application embeds
reusabl ...)
NOT-FOR-US: Anviz
CVE-2026-32107 (xrdp is an open source RDP server. In versions through 0.10.5,
the ses ...)
- xrdp 0.10.6-1 (bug #1134339)
NOTE:
https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-p5m6-7m43-pjv9
+ NOTE:
https://github.com/neutrinolabs/xrdp/commit/68b5ae9e2e3b3e040fe2174aa5fc652f0c5c67d1
(v0.10.6)
CVE-2026-32105 (xrdp is an open source RDP server. In versions through 0.10.5,
xrdp do ...)
- xrdp 0.10.6-1 (bug #1134339)
NOTE:
https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-j2jm-c596-c5q3
+ NOTE:
https://github.com/neutrinolabs/xrdp/commit/391aaf92f9f944a612b8187552c9a49dcf3a60a5
(v0.10.6)
+ NOTE:
https://github.com/neutrinolabs/xrdp/commit/fdbdb3a34917a97f372f80ce27a5a8b8720b7f59
(v0.10.6)
+ NOTE:
https://github.com/neutrinolabs/xrdp/commit/1cdfc764ac57133e4a0561697161b17383f5a06e
(v0.10.6)
+ NOTE:
https://github.com/neutrinolabs/xrdp/commit/a0b6151770f9343d0c7b8e31e3896466e8061676
(v0.10.6)
+ NOTE:
https://github.com/neutrinolabs/xrdp/commit/5e8f889f3994fe04f3a9984c53b26c00ff81f7ea
(v0.10.6)
CVE-2026-31927 (Anviz CX7 Firmwareis vulnerable to an authenticated CSV upload
which a ...)
NOT-FOR-US: Anviz
CVE-2026-2434 (The Pz-LinkCard plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1f7db9184682d890dfee5edf8f366aeecf0cc06d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1f7db9184682d890dfee5edf8f366aeecf0cc06d
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
