Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e5e55da8 by Salvatore Bonaccorso at 2026-06-08T22:48:09+02:00
Add Debian bug reference for apache2 issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -31,7 +31,7 @@ CVE-2026-49233 (Routinator does not properly check the module
component of rsync
CVE-2026-49232 (Routinator exits on any error when accepting incoming HTTP or
RTR conn ...)
- routinator <itp> (bug #929024)
CVE-2026-48913 (Use After Free vulnerability in Apache HTTP Server module
mod_http2 wh ...)
- - apache2 <unfixed>
+ - apache2 <unfixed> (bug #1139340)
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-48913
CVE-2026-48507 (Snipe-IT is an IT asset/license management system. A
vulnerability in ...)
- snipe-it <itp> (bug #1005172)
@@ -72,16 +72,16 @@ CVE-2026-46440 (Flowise is a drag & drop user interface to
build a customized la
CVE-2026-45581 (fabric-chaincode-java is a Java based implementation of
Hyperledger Fa ...)
NOT-FOR-US: fabric-chaincode-java
CVE-2026-44631 (Buffer Underwrite vulnerability in Apache HTTP Server on
crafted regul ...)
- - apache2 <unfixed>
+ - apache2 <unfixed> (bug #1139340)
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-44631
CVE-2026-44186 (Loop with Unreachable Exit Condition ('Infinite Loop')
vulnerability i ...)
- - apache2 <unfixed>
+ - apache2 <unfixed> (bug #1139340)
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-44186
CVE-2026-44185 (Buffer Over-read vulnerability in Apache HTTP Server via
outbound OCSP ...)
- - apache2 <unfixed>
+ - apache2 <unfixed> (bug #1139340)
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-44185
CVE-2026-44119 (Improper Privilege Management vulnerability in Apache HTTP
Server 2.4. ...)
- - apache2 <unfixed>
+ - apache2 <unfixed> (bug #1139340)
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-44119
CVE-2026-43974 (Unexpected Status Code or Return Value vulnerability in
ninenines gun ...)
TODO: check
@@ -92,7 +92,7 @@ CVE-2026-43972 (Origin Validation Error vulnerability in
ninenines gun (gun_http
CVE-2026-43966 (Improper Neutralization of CRLF Sequences in HTTP Headers
('HTTP Reque ...)
TODO: check
CVE-2026-43951 (Out-of-bounds Read vulnerability in Apache HTTP Server with
mod_header ...)
- - apache2 <unfixed>
+ - apache2 <unfixed> (bug #1139340)
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-43951
CVE-2026-42863 (Flowise is a drag & drop user interface to build a customized
large la ...)
NOT-FOR-US: Flowise
@@ -101,10 +101,10 @@ CVE-2026-42862 (Flowise is a drag & drop user interface
to build a customized la
CVE-2026-42861 (Flowise is a drag & drop user interface to build a customized
large la ...)
NOT-FOR-US: Flowise
CVE-2026-42536 (Heap-based Buffer Overflow vulnerability in Apache HTTP Server
withmod ...)
- - apache2 <unfixed>
+ - apache2 <unfixed> (bug #1139340)
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-42536
CVE-2026-42535 (A path handling issue in mod_dav_fs in Apache 2.4.67 and
earlierallows ...)
- - apache2 <unfixed>
+ - apache2 <unfixed> (bug #1139340)
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-42535
CVE-2026-41724 (VMware Cloud Foundation Operations contains multiple stored
cross-site ...)
NOT-FOR-US: VMware
@@ -125,18 +125,18 @@ CVE-2026-36789 (Shenzhen Tenda Technology Co., Ltd Tenda
AC1206 v15.03.06.23 was
CVE-2026-36786 (Shenzhen Tenda Technology Co., Ltd Tenda FH451 V1.0.0.9 was
discovered ...)
NOT-FOR-US: Tenda
CVE-2026-34356 (Heap-based Buffer Overflow vulnerability in Apache HTTP Server
with ma ...)
- - apache2 <unfixed>
+ - apache2 <unfixed> (bug #1139340)
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-34356
CVE-2026-34355 (A buffer overflow in mod_proxy_html in Apache HTTP Server
2.4.67 and e ...)
- - apache2 <unfixed>
+ - apache2 <unfixed> (bug #1139340)
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-34355
CVE-2026-34194 (Software installed and run as a non-privileged user may
conduct improp ...)
NOT-FOR-US: Imagination Technologies
CVE-2026-29170 (A cross-site scripting vulnerability exists in mod_proxy_ftp's
HTML di ...)
- - apache2 <unfixed>
+ - apache2 <unfixed> (bug #1139340)
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-29170
CVE-2026-29167 (Use After Free vulnerability in Apache HTTP Server with
mod_ldap in pe ...)
- - apache2 <unfixed>
+ - apache2 <unfixed> (bug #1139340)
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-29167
CVE-2026-25856 (OpenBullet2 through version 0.3.2 contains an authenticated
remote cod ...)
TODO: check
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e5e55da83c05f9fc0b16869fa5d4357080762af6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e5e55da83c05f9fc0b16869fa5d4357080762af6
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
