Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9b2bc787 by Salvatore Bonaccorso at 2026-06-08T21:46:43+02:00
Add new apache2 issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -31,7 +31,8 @@ CVE-2026-49233 (Routinator does not properly check the module
component of rsync
CVE-2026-49232 (Routinator exits on any error when accepting incoming HTTP or
RTR conn ...)
- routinator <itp> (bug #929024)
CVE-2026-48913 (Use After Free vulnerability in Apache HTTP Server module
mod_http2 wh ...)
- TODO: check
+ - apache2 <unfixed>
+ NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-48913
CVE-2026-48507 (Snipe-IT is an IT asset/license management system. A
vulnerability in ...)
TODO: check
CVE-2026-48488 (phpMyFAQ is an open source FAQ web application. Prior to
version 4.1.4 ...)
@@ -71,13 +72,17 @@ CVE-2026-46440 (Flowise is a drag & drop user interface to
build a customized la
CVE-2026-45581 (fabric-chaincode-java is a Java based implementation of
Hyperledger Fa ...)
TODO: check
CVE-2026-44631 (Buffer Underwrite vulnerability in Apache HTTP Server on
crafted regul ...)
- TODO: check
+ - apache2 <unfixed>
+ NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-44631
CVE-2026-44186 (Loop with Unreachable Exit Condition ('Infinite Loop')
vulnerability i ...)
- TODO: check
+ - apache2 <unfixed>
+ NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-44186
CVE-2026-44185 (Buffer Over-read vulnerability in Apache HTTP Server via
outbound OCSP ...)
- TODO: check
+ - apache2 <unfixed>
+ NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-44185
CVE-2026-44119 (Improper Privilege Management vulnerability in Apache HTTP
Server 2.4. ...)
- TODO: check
+ - apache2 <unfixed>
+ NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-44119
CVE-2026-43974 (Unexpected Status Code or Return Value vulnerability in
ninenines gun ...)
TODO: check
CVE-2026-43973 (Uncontrolled Resource Consumption vulnerability in ninenines
gun (gun_ ...)
@@ -87,7 +92,8 @@ CVE-2026-43972 (Origin Validation Error vulnerability in
ninenines gun (gun_http
CVE-2026-43966 (Improper Neutralization of CRLF Sequences in HTTP Headers
('HTTP Reque ...)
TODO: check
CVE-2026-43951 (Out-of-bounds Read vulnerability in Apache HTTP Server with
mod_header ...)
- TODO: check
+ - apache2 <unfixed>
+ NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-43951
CVE-2026-42863 (Flowise is a drag & drop user interface to build a customized
large la ...)
TODO: check
CVE-2026-42862 (Flowise is a drag & drop user interface to build a customized
large la ...)
@@ -95,9 +101,11 @@ CVE-2026-42862 (Flowise is a drag & drop user interface to
build a customized la
CVE-2026-42861 (Flowise is a drag & drop user interface to build a customized
large la ...)
TODO: check
CVE-2026-42536 (Heap-based Buffer Overflow vulnerability in Apache HTTP Server
withmod ...)
- TODO: check
+ - apache2 <unfixed>
+ NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-42536
CVE-2026-42535 (A path handling issue in mod_dav_fs in Apache 2.4.67 and
earlierallows ...)
- TODO: check
+ - apache2 <unfixed>
+ NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-42535
CVE-2026-41724 (VMware Cloud Foundation Operations contains multiple stored
cross-site ...)
TODO: check
CVE-2026-41723 (VMware Cloud Foundation Operations contains multiple stored
cross-site ...)
@@ -117,15 +125,19 @@ CVE-2026-36789 (Shenzhen Tenda Technology Co., Ltd Tenda
AC1206 v15.03.06.23 was
CVE-2026-36786 (Shenzhen Tenda Technology Co., Ltd Tenda FH451 V1.0.0.9 was
discovered ...)
NOT-FOR-US: Tenda
CVE-2026-34356 (Heap-based Buffer Overflow vulnerability in Apache HTTP Server
with ma ...)
- TODO: check
+ - apache2 <unfixed>
+ NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-34356
CVE-2026-34355 (A buffer overflow in mod_proxy_html in Apache HTTP Server
2.4.67 and e ...)
- TODO: check
+ - apache2 <unfixed>
+ NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-34355
CVE-2026-34194 (Software installed and run as a non-privileged user may
conduct improp ...)
NOT-FOR-US: Imagination Technologies
CVE-2026-29170 (A cross-site scripting vulnerability exists in mod_proxy_ftp's
HTML di ...)
- TODO: check
+ - apache2 <unfixed>
+ NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-29170
CVE-2026-29167 (Use After Free vulnerability in Apache HTTP Server with
mod_ldap in pe ...)
- TODO: check
+ - apache2 <unfixed>
+ NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-29167
CVE-2026-25856 (OpenBullet2 through version 0.3.2 contains an authenticated
remote cod ...)
TODO: check
CVE-2026-25855 (OpenBullet2 through version 0.3.2 contains a remote code
execution vul ...)
@@ -3974,6 +3986,7 @@ CVE-2026-XXXX [HTTP/2 Bomb denial of service]
CVE-2026-49975 (Memory Allocation with Excessive Size Value vulnerability in
Apache HT ...)
{DSA-6323-1 DLA-4620-1}
- apache2 2.4.67-2 (bug #1138750)
+ NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-49975
NOTE: https://blog.calif.io/p/codex-discovered-a-hidden-http2-bomb
NOTE: https://github.com/icing/mod_h2/pull/324
NOTE:
https://github.com/icing/mod_h2/commit/35c6e405390ed361189a82acd96675401ea5947c
(v2.0.41)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b2bc787d19313e377a360ea174d43f14ab3c49d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b2bc787d19313e377a360ea174d43f14ab3c49d
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
