Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
28b0986f by Moritz Muehlenhoff at 2026-06-28T00:26:55+02:00
new shiro issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1401,7 +1401,8 @@ CVE-2026-56767 (Maxun before 0.0.42 contains a 
cross-tenant insecure direct obje
 CVE-2026-56766 (Hydra through 9.7, fixed in commit 9cc84c2, contains a stack 
buffer ov ...)
        NOT-FOR-US: Hydra
 CVE-2026-56130 ("Remember me" cookie age is not verified on the server. This 
potential ...)
-       TODO: check
+       - shiro <unfixed>
+       NOTE: https://www.openwall.com/lists/oss-security/2026/06/24/8
 CVE-2026-56129 (Generic IO & Memory Access driver for PCs provided by TOSHIBA 
CORPORAT ...)
        NOT-FOR-US: Dynabook Inc.
 CVE-2026-56123 (socat versions 1.8.0.0 through 1.8.1.1 contain a heap-based 
buffer ove ...)
@@ -1409,7 +1410,8 @@ CVE-2026-56123 (socat versions 1.8.0.0 through 1.8.1.1 
contain a heap-based buff
 CVE-2026-56122 (Winstone Servlet Engine through 0.9.10 contains a path 
traversal vulne ...)
        NOT-FOR-US: Winstone Servlet Container
 CVE-2026-56091 (When using Apache Shiro with the shiro-guice module in a web 
servlet c ...)
-       TODO: check
+       - shiro <unfixed>
+       NOTE: https://lists.apache.org/thread/onmtxmy2qonbpx7xlw3o34x8sctv47r7
 CVE-2026-56071 (Unauthenticated Cross Site Scripting (XSS) in Forminator <= 
1.53.1 ver ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2026-56054 (Subscriber Arbitrary File Deletion in JS Help Desk <= 3.1.1 
versions.)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/28b0986f800679221871a88869a3575adeeff485

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/28b0986f800679221871a88869a3575adeeff485
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to