Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2a7e36e1 by security tracker role at 2026-06-12T19:13:56+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,297 @@
+CVE-2026-9641 (Crypt::PBKDF2 versions before 0.261630 for Perl have a weak
default al ...)
+ TODO: check
+CVE-2026-9638 (Crypt::PBKDF2 versions before 0.261630 for Perl generate
insecure rand ...)
+ TODO: check
+CVE-2026-9266 (A Missing Required Cryptographic Step vulnerability has been
identifie ...)
+ TODO: check
+CVE-2026-8828 (A lack of authorization validation in version 1.0.0 or later of
the Ch ...)
+ TODO: check
+CVE-2026-8694 (Improper access control in Devolutions PowerShell Universal
2026.1.7 a ...)
+ TODO: check
+CVE-2026-7387 (Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x
<= 10. ...)
+ TODO: check
+CVE-2026-7368 (The Yarbo cloud does not enforce per-device or per-user
authorization. ...)
+ TODO: check
+CVE-2026-7184 (Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x
<= 10. ...)
+ TODO: check
+CVE-2026-6961 (Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x
<= 10. ...)
+ TODO: check
+CVE-2026-6853 (Improper restriction of excessive authentication attempts
vulnerabilit ...)
+ TODO: check
+CVE-2026-6739 (Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x
<= 10. ...)
+ TODO: check
+CVE-2026-6689 (Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x
<= 10. ...)
+ TODO: check
+CVE-2026-6211 (Unrestricted upload of file with dangerous type vulnerability
in Globa ...)
+ TODO: check
+CVE-2026-6046 (Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x
<= 10. ...)
+ TODO: check
+CVE-2026-5792 (Authentication bypass by spoofing vulnerability in Hedef Media
Promoti ...)
+ TODO: check
+CVE-2026-54133 (jmespath.php allows users to use JMESPath, software for
declaratively ...)
+ TODO: check
+CVE-2026-54102
+ REJECTED
+CVE-2026-54101
+ REJECTED
+CVE-2026-53982 (Capgo Console prior to 12.28.2 contains a denial-of-service
vulnerabil ...)
+ TODO: check
+CVE-2026-53981 (Cap-go prior to 12.128.2 contains an account takeover
vulnerability in ...)
+ TODO: check
+CVE-2026-53787 (Amasty Order Attributes for Magento 2 before version 4.0.0
contains an ...)
+ TODO: check
+CVE-2026-53726 (Parse Server is an open source backend that can be deployed to
any inf ...)
+ TODO: check
+CVE-2026-53725 (Parse Server is an open source backend that can be deployed to
any inf ...)
+ TODO: check
+CVE-2026-53724 (Parse Server is an open source backend that can be deployed to
any inf ...)
+ TODO: check
+CVE-2026-53722 (Nuxt is an open-source web development framework for Vue.js.
Prior to ...)
+ TODO: check
+CVE-2026-53721 (Nuxt is an open-source web development framework for Vue.js.
From vers ...)
+ TODO: check
+CVE-2026-53568 (Frappe is a full-stack web application framework. Prior to
versions 15 ...)
+ TODO: check
+CVE-2026-53408 (Improper Authorization in Handler for Custom URL Scheme in
Zoom Workpl ...)
+ TODO: check
+CVE-2026-53407 (Improper Authorization in Handler for Custom URL Scheme in
Zoom Workpl ...)
+ TODO: check
+CVE-2026-53406 (Insufficient Verification of Data Authenticity in Remote
Control for Z ...)
+ TODO: check
+CVE-2026-50645 (There is no restriction on the amount of attachment headers
that a mes ...)
+ TODO: check
+CVE-2026-50634 (A vulnerability in Apache CXF'sJwsJsonContainerRequestFilter
can be ex ...)
+ TODO: check
+CVE-2026-50633 (A JNDI Injection vulnerability has been discovered in Apache
CXF's JCA ...)
+ TODO: check
+CVE-2026-50632 (A further incomplete fix fora previous advisory
CVE-2026-44417(Untrust ...)
+ TODO: check
+CVE-2026-50631 (A race condition in AbstractOAuthDataProvider allows
concurrent reques ...)
+ TODO: check
+CVE-2026-50630 (A CRLF injection vulnerability exists in the OAuth2
AuthorizationUtils ...)
+ TODO: check
+CVE-2026-50629 (The 'clientId' parameter from incoming HTTP requests is
directly conca ...)
+ TODO: check
+CVE-2026-50628 (A logic error in OAuthRequestFilter rejects legitimate
requests origin ...)
+ TODO: check
+CVE-2026-50627 (The JwtAccessTokenValidator class in Apache CXF fails to
validate the ...)
+ TODO: check
+CVE-2026-50623 (An authentication bypass vulnerability exists in the OAuth2
TokenIntro ...)
+ TODO: check
+CVE-2026-50560 (Netty is a network application framework for development of
protocol s ...)
+ TODO: check
+CVE-2026-50244 (The Naxclow platform exposes a registration endpoint that
accepts sign ...)
+ TODO: check
+CVE-2026-50108 (The Naxclow platform API that returns device relay
registration detail ...)
+ TODO: check
+CVE-2026-50101 (Naxclow devices use a server-side, per-device relay credential
that ne ...)
+ TODO: check
+CVE-2026-50099 (During WiFi association, Naxclow device firmware prints the
host netwo ...)
+ TODO: check
+CVE-2026-50091 (Aqara Home Android (com.lumiunited.aqarahome) 6.0.0 (and
white-label c ...)
+ TODO: check
+CVE-2026-50090 (The Aqara Cloud OAuth Authorization Endpoint
(open-cn.aqara.com/oauth/ ...)
+ TODO: check
+CVE-2026-50089 (The Aqara IAM/SSO Gateway (gw-builder.aqara.com) provides an
open redi ...)
+ TODO: check
+CVE-2026-50088 (The Aqara Developer Portal (developer.aqara.com) and shared
test envir ...)
+ TODO: check
+CVE-2026-50087 (The Aqara IAM/SSO gateway (gw-builder.aqara.com) exhibits a
cross-orig ...)
+ TODO: check
+CVE-2026-50086 (The Aqara IAM/SSO gateway (gw-builder.aqara.com) exposes
bidirectional ...)
+ TODO: check
+CVE-2026-50085 (The Aqara Board service (op-test.aqara.com) accepts arbitrary
MQTT com ...)
+ TODO: check
+CVE-2026-50084 (The Aqara Cloud Production API
(open-cn.aqara.com/v3.0/open/api) would ...)
+ TODO: check
+CVE-2026-50083 (The Aqara IAM/SSO Gateway (gw-builder.aqara.com) used a
hardcoded OAut ...)
+ TODO: check
+CVE-2026-50082 (The Aqara Cloud Developer Portal (developer.aqara.com) issued
a develo ...)
+ TODO: check
+CVE-2026-50026 (Frappe is a full-stack web application framework. Prior to
versions 15 ...)
+ TODO: check
+CVE-2026-50020 (Netty is a network application framework for development of
protocol s ...)
+ TODO: check
+CVE-2026-50011 (Netty is a network application framework for development of
protocol s ...)
+ TODO: check
+CVE-2026-50010 (Netty is a network application framework for development of
protocol s ...)
+ TODO: check
+CVE-2026-50009 (Netty is a network application framework for development of
protocol s ...)
+ TODO: check
+CVE-2026-50008 (Parse Server is an open source backend that can be deployed to
any inf ...)
+ TODO: check
+CVE-2026-49993 (Nuxt is an open-source web development framework for Vue.js.
In @nuxt/ ...)
+ TODO: check
+CVE-2026-49875 (Apache CXF's EndpointReferenceUtils and W3CMultiSchemaFactory
classes ...)
+ TODO: check
+CVE-2026-49347 (Quest Bot is an opensource Discord Bot. Prior to version
1.1.8, any us ...)
+ TODO: check
+CVE-2026-48914 (A flaw was found in QEMU's virtio-blk device. The issue arises
because ...)
+ TODO: check
+CVE-2026-48748 (Netty is a network application framework for development of
protocol s ...)
+ TODO: check
+CVE-2026-48558 (SimpleHelp versions 5.5.15 and prior and 6.0 pre-release
versions cont ...)
+ TODO: check
+CVE-2026-48485 (Quest Bot is an opensource Discord Bot. Prior to version
1.1.6, the la ...)
+ TODO: check
+CVE-2026-48059 (Netty is a network application framework for development of
protocol s ...)
+ TODO: check
+CVE-2026-48043 (Netty is a network application framework for development of
protocol s ...)
+ TODO: check
+CVE-2026-48006 (Netty is a network application framework for development of
protocol s ...)
+ TODO: check
+CVE-2026-47965 (Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier
are aff ...)
+ TODO: check
+CVE-2026-47739 (Frappe is a full-stack web application framework. Prior to
versions 15 ...)
+ TODO: check
+CVE-2026-47691 (Netty is a network application framework for development of
protocol s ...)
+ TODO: check
+CVE-2026-47248 (Parse Server is an open source backend that can be deployed to
any inf ...)
+ TODO: check
+CVE-2026-47244 (Netty is a network application framework for development of
protocol s ...)
+ TODO: check
+CVE-2026-47236 (Solidtime is an open-source time-tracking app. Prior to
version 0.12.2 ...)
+ TODO: check
+CVE-2026-47225 (Typesense is a fast, typo-tolerant search engine. Prior to
versions 29 ...)
+ TODO: check
+CVE-2026-47224 (NanaZip is the 7-Zip derivative intended for the modern
Windows experi ...)
+ TODO: check
+CVE-2026-47223 (NanaZip is the 7-Zip derivative intended for the modern
Windows experi ...)
+ TODO: check
+CVE-2026-47222 (NanaZip is the 7-Zip derivative intended for the modern
Windows experi ...)
+ TODO: check
+CVE-2026-47216 (Typesense is a fast, typo-tolerant search engine. Prior to
versions 29 ...)
+ TODO: check
+CVE-2026-47210 (vm2 is an open source vm/sandbox for Node.js. Prior to version
3.11.4, ...)
+ TODO: check
+CVE-2026-47209 (vm2 is an open source vm/sandbox for Node.js. Prior to version
3.11.4, ...)
+ TODO: check
+CVE-2026-47208 (vm2 is an open source vm/sandbox for Node.js. Prior to version
3.11.4, ...)
+ TODO: check
+CVE-2026-47200 (Nuxt is an open-source web development framework for Vue.js.
In Nuxt v ...)
+ TODO: check
+CVE-2026-47197 (Quest Bot is an opensource Discord Bot. Prior to version
1.1.6, a mode ...)
+ TODO: check
+CVE-2026-47196 (Quest Bot is an opensource Discord Bot. Prior to version
1.1.6, the au ...)
+ TODO: check
+CVE-2026-47195 (Quest Bot is an opensource Discord Bot. Prior to version
1.1.6, the pu ...)
+ TODO: check
+CVE-2026-47190 (IPAM is the IP address Manager for Cluster API Provider
Metal3. Prior ...)
+ TODO: check
+CVE-2026-47182 (Frappe is a full-stack web application framework. Prior to
version 16. ...)
+ TODO: check
+CVE-2026-47141 (vm2 is an open source vm/sandbox for Node.js. Prior to version
3.11.4, ...)
+ TODO: check
+CVE-2026-47140 (vm2 is an open source vm/sandbox for Node.js. Prior to version
3.11.4, ...)
+ TODO: check
+CVE-2026-47139 (vm2 is an open source vm/sandbox for Node.js. Prior to version
3.11.4, ...)
+ TODO: check
+CVE-2026-47138 (Parse Server is an open source backend that can be deployed to
any inf ...)
+ TODO: check
+CVE-2026-47137 (vm2 is an open source vm/sandbox for Node.js. Prior to version
3.11.4, ...)
+ TODO: check
+CVE-2026-47135 (vm2 is an open source vm/sandbox for Node.js. Prior to version
3.11.4, ...)
+ TODO: check
+CVE-2026-47131 (vm2 is an open source vm/sandbox for Node.js. Prior to version
3.11.4, ...)
+ TODO: check
+CVE-2026-46690 (unbounded_spsc is an "unbounded" extension of
bounded_spsc_queue. In v ...)
+ TODO: check
+CVE-2026-46342 (Nuxt is an open-source web development framework for Vue.js.
In Nuxt v ...)
+ TODO: check
+CVE-2026-46340 (Netty is a network application framework for development of
protocol s ...)
+ TODO: check
+CVE-2026-45833 (A code injection vulnerability in version 0.4.17 or later of
the Chrom ...)
+ TODO: check
+CVE-2026-45832 (All V1 collection-level endpoints in ChromaDB's Python project
pass No ...)
+ TODO: check
+CVE-2026-45831 (The SimpleRBACAuthorizationProvider authorization provider in
versions ...)
+ TODO: check
+CVE-2026-45830 (A lack of authorization validation in version 0.4.17 or later
of the C ...)
+ TODO: check
+CVE-2026-45674 (Netty is a network application framework for development of
protocol s ...)
+ TODO: check
+CVE-2026-45673 (Netty is a network application framework for development of
protocol s ...)
+ TODO: check
+CVE-2026-45670 (Nuxt is an open-source web development framework for Vue.js.
In @nuxt/ ...)
+ TODO: check
+CVE-2026-45669 (Nuxt is an open-source web development framework for Vue.js.
From vers ...)
+ TODO: check
+CVE-2026-45536 (Netty is a network application framework for development of
protocol s ...)
+ TODO: check
+CVE-2026-45416 (Netty is a network application framework for development of
protocol s ...)
+ TODO: check
+CVE-2026-44976 (Frappe is a full-stack web application framework. Prior to
version 16. ...)
+ TODO: check
+CVE-2026-44975 (Frappe is a full-stack web application framework. Prior to
versions 15 ...)
+ TODO: check
+CVE-2026-44967 (OpenTelemetry-cpp is the C++ implementation of OpenTelemetry.
Prior to ...)
+ TODO: check
+CVE-2026-44894 (Netty is a network application framework for development of
protocol s ...)
+ TODO: check
+CVE-2026-44893 (Netty is a network application framework for development of
protocol s ...)
+ TODO: check
+CVE-2026-44208 (Frappe is a full-stack web application framework. Prior to
versions 15 ...)
+ TODO: check
+CVE-2026-44207 (Frappe is a full-stack web application framework. Prior to
versions 15 ...)
+ TODO: check
+CVE-2026-44206 (Frappe is a full-stack web application framework. Prior to
versions 15 ...)
+ TODO: check
+CVE-2026-44205 (Frappe is a full-stack web application framework. Prior to
version 15. ...)
+ TODO: check
+CVE-2026-42947 (A flaw in Naxclow's platform\u2019s onboarding workflow allows
an atta ...)
+ TODO: check
+CVE-2026-42932 (Naxclow device identifiers use fixed manufacturing prefixes
combined w ...)
+ TODO: check
+CVE-2026-42306 (Moby is an open source container framework. In Docker Engine
prior to ...)
+ TODO: check
+CVE-2026-41581 (Frappe is a full-stack web application framework. Prior to
versions 15 ...)
+ TODO: check
+CVE-2026-41568 (Moby is an open source container framework. In Docker Engine
prior to ...)
+ TODO: check
+CVE-2026-40677 (The use of insecure HTTP transport within AMD optional tools
could all ...)
+ TODO: check
+CVE-2026-3840 (A vulnerability in Kedro version 1.2.0 allows an attacker to
exploit p ...)
+ TODO: check
+CVE-2026-3433 (Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x
<= 10. ...)
+ TODO: check
+CVE-2026-28742 (Naxclow devices use a uniform request-signing scheme based on
a hard-c ...)
+ TODO: check
+CVE-2026-1836 (The system stores the username and password from the login form
after ...)
+ TODO: check
+CVE-2026-12143 (form-data is a library for creating readable
multipart/form-data strea ...)
+ TODO: check
+CVE-2026-12066 (A security flaw has been discovered in PbootCMS up to 3.2.12.
This vul ...)
+ TODO: check
+CVE-2026-12065 (A vulnerability was identified in Groww Stock, Mutual Fund,
Gold App u ...)
+ TODO: check
+CVE-2026-12058 (The connection confirmation pop-up of a specific feature in
the PcSuit ...)
+ TODO: check
+CVE-2026-12043 (Improper handling of HPACK dynamic table size updates in the
AWS Commo ...)
+ TODO: check
+CVE-2026-11967 (MobaXterm Personal Edition (Portable), in its 26.3 version
(Build 5154 ...)
+ TODO: check
+CVE-2026-11879 (MobaXterm Personal Edition (Portable), in its 26.3 version
(Build 5154 ...)
+ TODO: check
+CVE-2026-11849 (The iRM-IEI Remote Management developed by IEI Integration
Corp has a ...)
+ TODO: check
+CVE-2026-11848 (TheiRM-IEI Remote Management developed by IEI Integration Corp
has a M ...)
+ TODO: check
+CVE-2026-11847 (The iVEC-IEI Virtualization Edge Computer developed by IEI
Integratio ...)
+ TODO: check
+CVE-2026-11846 (The iVEC-IEI Virtualization Edge Computer developed by IEI
Integration ...)
+ TODO: check
+CVE-2026-11845 (TheiVEC-IEI Virtualization Edge Computer developed by IEI
Integration ...)
+ TODO: check
+CVE-2026-11844 (The iVEC-IEI Virtualization Edge Computer developed by IEI
Integration ...)
+ TODO: check
+CVE-2026-11535 (An unauthorized access vulnerability exists in the PcSuite
APP. The vu ...)
+ TODO: check
+CVE-2026-10715 (Camaleon CMS 2.9.2 contains an improper authorization
vulnerability in ...)
+ TODO: check
+CVE-2026-10557 (The Yarbo Android and iOS applications contain hard-coded MQTT
broker ...)
+ TODO: check
+CVE-2017-20240 (Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable
to timi ...)
+ TODO: check
CVE-2026-50012
- squid 7.6-1
NOTE: https://www.openwall.com/lists/oss-security/2026/06/12/1
@@ -1338,9 +1632,11 @@ CVE-2026-49839
- jq 1.8.1-8
NOTE:
https://github.com/jqlang/jq/security/advisories/GHSA-cfh2-vwfq-qfmm
CVE-2026-44236
+ {DSA-6343-1}
- librabbitmq 0.16.0-1
NOTE:
https://github.com/alanxz/rabbitmq-c/security/advisories/GHSA-jh48-qjf5-fx5v
CVE-2026-44235
+ {DSA-6343-1}
- librabbitmq 0.16.0-1
NOTE:
https://github.com/alanxz/rabbitmq-c/security/advisories/GHSA-9mmv-r8g3-qp46
CVE-2026-9279 (Logseq exposes an IPC handler that allows the renderer process
to exec ...)
@@ -3107,6 +3403,7 @@ CVE-2026-49233 (Routinator does not properly check the
module component of rsync
CVE-2026-49232 (Routinator exits on any error when accepting incoming HTTP or
RTR conn ...)
- routinator <itp> (bug #929024)
CVE-2026-48913 (Use After Free vulnerability in Apache HTTP Server module
mod_http2 wh ...)
+ {DLA-4629-1}
- apache2 2.4.68-1 (bug #1139340)
[trixie] - apache2 <no-dsa> (Minor issue)
[bookworm] - apache2 <no-dsa> (Minor issue)
@@ -3153,24 +3450,28 @@ CVE-2026-46440 (Flowise is a drag & drop user interface
to build a customized la
CVE-2026-45581 (fabric-chaincode-java is a Java based implementation of
Hyperledger Fa ...)
NOT-FOR-US: fabric-chaincode-java
CVE-2026-44631 (Buffer Underwrite vulnerability in Apache HTTP Server on
crafted regul ...)
+ {DLA-4629-1}
- apache2 2.4.68-1 (bug #1139340)
[trixie] - apache2 <no-dsa> (Minor issue)
[bookworm] - apache2 <no-dsa> (Minor issue)
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-44631
NOTE: Fixed by:
https://github.com/apache/httpd/commit/7d9f3cfb10b0fe70df7358d26d7b1f374ea1a0cb
(2.4.68-rc1-candidate)
CVE-2026-44186 (Loop with Unreachable Exit Condition ('Infinite Loop')
vulnerability i ...)
+ {DLA-4629-1}
- apache2 2.4.68-1 (bug #1139340)
[trixie] - apache2 <no-dsa> (Minor issue)
[bookworm] - apache2 <no-dsa> (Minor issue)
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-44186
NOTE: Fixed by:
https://github.com/apache/httpd/commit/414de374a06549b2c6710cbcff81c3821379f75c
(2.4.68-rc1-candidate)
CVE-2026-44185 (Buffer Over-read vulnerability in Apache HTTP Server via
outbound OCSP ...)
+ {DLA-4629-1}
- apache2 2.4.68-1 (bug #1139340)
[trixie] - apache2 <no-dsa> (Minor issue)
[bookworm] - apache2 <no-dsa> (Minor issue)
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-44185
NOTE: Fixed by:
https://github.com/apache/httpd/commit/32b7e2e66477020ba75b78ab43fb8890ec292ad2
(2.4.68-rc1-candidate)
CVE-2026-44119 (Improper Privilege Management vulnerability in Apache HTTP
Server 2.4. ...)
+ {DLA-4629-1}
- apache2 2.4.68-1 (bug #1139340)
[trixie] - apache2 <no-dsa> (Minor issue)
[bookworm] - apache2 <no-dsa> (Minor issue)
@@ -3185,6 +3486,7 @@ CVE-2026-43972 (Origin Validation Error vulnerability in
ninenines gun (gun_http
CVE-2026-43966 (Improper Neutralization of CRLF Sequences in HTTP Headers
('HTTP Reque ...)
TODO: check
CVE-2026-43951 (Out-of-bounds Read vulnerability in Apache HTTP Server with
mod_header ...)
+ {DLA-4629-1}
- apache2 2.4.68-1 (bug #1139340)
[trixie] - apache2 <no-dsa> (Minor issue)
[bookworm] - apache2 <no-dsa> (Minor issue)
@@ -3197,6 +3499,7 @@ CVE-2026-42862 (Flowise is a drag & drop user interface
to build a customized la
CVE-2026-42861 (Flowise is a drag & drop user interface to build a customized
large la ...)
NOT-FOR-US: Flowise
CVE-2026-42536 (Heap-based Buffer Overflow vulnerability in Apache HTTP Server
withmod ...)
+ {DLA-4629-1}
- apache2 2.4.68-1 (bug #1139340)
[trixie] - apache2 <no-dsa> (Minor issue)
[bookworm] - apache2 <no-dsa> (Minor issue)
@@ -3204,6 +3507,7 @@ CVE-2026-42536 (Heap-based Buffer Overflow vulnerability
in Apache HTTP Server w
NOTE: Fixed by:
https://github.com/apache/httpd/commit/fa5d85bbc832a587c3c5bca7c19fb21df96b5df0
(trunk)
NOTE: Fixed by:
https://github.com/apache/httpd/commit/cb1f79c0ce66393c48657b19df754f16b79af543
(2.4.68-rc1-candidate)
CVE-2026-42535 (A path handling issue in mod_dav_fs in Apache 2.4.67 and
earlierallows ...)
+ {DLA-4629-1}
- apache2 2.4.68-1 (bug #1139340)
[trixie] - apache2 <no-dsa> (Minor issue)
[bookworm] - apache2 <no-dsa> (Minor issue)
@@ -3229,6 +3533,7 @@ CVE-2026-36789 (Shenzhen Tenda Technology Co., Ltd Tenda
AC1206 v15.03.06.23 was
CVE-2026-36786 (Shenzhen Tenda Technology Co., Ltd Tenda FH451 V1.0.0.9 was
discovered ...)
NOT-FOR-US: Tenda
CVE-2026-34356 (Heap-based Buffer Overflow vulnerability in Apache HTTP Server
with ma ...)
+ {DLA-4629-1}
- apache2 2.4.68-1 (bug #1139340)
[trixie] - apache2 <no-dsa> (Minor issue)
[bookworm] - apache2 <no-dsa> (Minor issue)
@@ -3236,6 +3541,7 @@ CVE-2026-34356 (Heap-based Buffer Overflow vulnerability
in Apache HTTP Server w
NOTE: Fixed by:
https://github.com/apache/httpd/commit/403269396d24404e2576a9b20f96cd0b10574048
(2.4.68-rc1-candidate)
NOTE: Fixed by:
https://github.com/apache/httpd/commit/a70753d294292e8c9f68758cfe3550d83f812129
(trunk)
CVE-2026-34355 (A buffer overflow in mod_proxy_html in Apache HTTP Server
2.4.67 and e ...)
+ {DLA-4629-1}
- apache2 2.4.68-1 (bug #1139340)
[trixie] - apache2 <no-dsa> (Minor issue)
[bookworm] - apache2 <no-dsa> (Minor issue)
@@ -3244,6 +3550,7 @@ CVE-2026-34355 (A buffer overflow in mod_proxy_html in
Apache HTTP Server 2.4.67
CVE-2026-34194 (Software installed and run as a non-privileged user may
conduct improp ...)
NOT-FOR-US: Imagination Technologies
CVE-2026-29170 (A cross-site scripting vulnerability exists in mod_proxy_ftp's
HTML di ...)
+ {DLA-4629-1}
- apache2 2.4.68-1 (bug #1139340)
[trixie] - apache2 <no-dsa> (Minor issue)
[bookworm] - apache2 <no-dsa> (Minor issue)
@@ -3251,6 +3558,7 @@ CVE-2026-29170 (A cross-site scripting vulnerability
exists in mod_proxy_ftp's H
NOTE: Fixed by:
https://github.com/apache/httpd/commit/e86bf540f166b3a322f7e7f9cd4aad4cd44deee6
(trunk)
NOTE: Fixed by:
https://github.com/apache/httpd/commit/04641bce75a2734ad8150f9a6bc84fc5205e852b
(2.4.68-rc1-candidate)
CVE-2026-29167 (Use After Free vulnerability in Apache HTTP Server with
mod_ldap in pe ...)
+ {DLA-4629-1}
- apache2 2.4.68-1 (bug #1139340)
[trixie] - apache2 <no-dsa> (Minor issue)
[bookworm] - apache2 <no-dsa> (Minor issue)
@@ -3719,28 +4027,28 @@ CVE-2026-11448 (A weakness has been identified in
GL.iNet GL-MT3000 up to 4.4.5.
NOT-FOR-US: GL.iNet
CVE-2026-11447 (A security flaw has been discovered in GL.iNet GL-MT3000 up to
4.4.5. ...)
NOT-FOR-US: GL.iNet
-CVE-2026-44173
+CVE-2026-44173 (MariaDB server is a community developed fork of MySQL server.
From ver ...)
- mariadb 1:11.8.8-1
NOTE:
https://mariadb.com/docs/release-notes/community-server/11.8/11.8.7
-CVE-2026-44172
+CVE-2026-44172 (MariaDB server is a community developed fork of MySQL server.
In versi ...)
- mariadb 1:11.8.8-1
NOTE:
https://mariadb.com/docs/release-notes/community-server/11.8/11.8.7
-CVE-2026-44171
+CVE-2026-44171 (MariaDB server is a community developed fork of MySQL server.
From ver ...)
- mariadb 1:11.8.8-1
NOTE:
https://mariadb.com/docs/release-notes/community-server/11.8/11.8.7
-CVE-2026-44170
+CVE-2026-44170 (MariaDB server is a community developed fork of MySQL server.
From ver ...)
- mariadb 1:11.8.8-1
NOTE:
https://mariadb.com/docs/release-notes/community-server/11.8/11.8.7
-CVE-2026-44169
+CVE-2026-44169 (MariaDB server is a community developed fork of MySQL server.
From ver ...)
- mariadb 1:11.8.8-1
NOTE:
https://mariadb.com/docs/release-notes/community-server/11.8/11.8.7
-CVE-2026-44168
+CVE-2026-44168 (MariaDB server is a community developed fork of MySQL server.
From ver ...)
- mariadb 1:11.8.8-1
NOTE:
https://mariadb.com/docs/release-notes/community-server/11.8/11.8.7
-CVE-2026-48165
+CVE-2026-48165 (MariaDB server is a community developed fork of MySQL server.
From ver ...)
- mariadb 1:11.8.8-1
NOTE:
https://mariadb.com/docs/release-notes/community-server/11.8/11.8.8
-CVE-2026-48163
+CVE-2026-48163 (MariaDB server is a community developed fork of MySQL server.
From ver ...)
- mariadb 1:11.8.8-1
NOTE:
https://mariadb.com/docs/release-notes/community-server/11.8/11.8.8
CVE-2026-49261 (MariaDB server is a community developed fork of MySQL server.
Versions ...)
@@ -12019,6 +12327,7 @@ CVE-2025-70116 (A NULL pointer dereference in GPAC
MP4Box: when parsing certain
[bullseye] - gpac <end-of-life> (EOLed in debian-security-support)
NOTE: https://github.com/gpac/gpac/issues/3345
CVE-2025-70103 (Heap buffer overflow vulnerability in libjxl 0.12.0 via
crafted PBM im ...)
+ {DSA-6342-1}
- jpeg-xl <unfixed> (bug #1138575)
NOTE: https://www.openwall.com/lists/oss-security/2026/05/30/7
NOTE: https://github.com/libjxl/libjxl/issues/4337
@@ -276266,13 +276575,13 @@ CVE-2023-46280 (A vulnerability has been identified
in Security Configuration To
NOT-FOR-US: Siemens
CVE-2023-45586 (An insufficient verification of data authenticity
vulnerability [CWE-3 ...)
NOT-FOR-US: FortiGuard
-CVE-2023-45583 (A use of externally-controlled format string in Fortinet
FortiProxy ve ...)
+CVE-2023-45583 (A use of externally-controlled format string vulnerability in
Fortinet ...)
NOT-FOR-US: FortiGuard
CVE-2023-44247 (A double free vulnerability [CWE-415] vulnerability in
Fortinet FortiO ...)
NOT-FOR-US: FortiGuard
CVE-2023-40720 (An authorization bypass through user-controlled key
vulnerability [CWE ...)
NOT-FOR-US: FortiGuard
-CVE-2023-36640 (A use of externally-controlled format string in Fortinet
FortiProxy ve ...)
+CVE-2023-36640 (A use of externally-controlled format string vulnerability in
Fortinet ...)
NOT-FOR-US: FortiNet
CVE-2023-35841 (Exposed IOCTL with Insufficient Access Control in Phoenix
WinFlash Dri ...)
NOT-FOR-US: Phoenix
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2a7e36e18ae9eb815183fb4c66bf41f787c9bcd9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2a7e36e18ae9eb815183fb4c66bf41f787c9bcd9
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
