Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
28b0986f by Moritz Muehlenhoff at 2026-06-28T00:26:55+02:00
new shiro issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1401,7 +1401,8 @@ CVE-2026-56767 (Maxun before 0.0.42 contains a
cross-tenant insecure direct obje
CVE-2026-56766 (Hydra through 9.7, fixed in commit 9cc84c2, contains a stack
buffer ov ...)
NOT-FOR-US: Hydra
CVE-2026-56130 ("Remember me" cookie age is not verified on the server. This
potential ...)
- TODO: check
+ - shiro <unfixed>
+ NOTE: https://www.openwall.com/lists/oss-security/2026/06/24/8
CVE-2026-56129 (Generic IO & Memory Access driver for PCs provided by TOSHIBA
CORPORAT ...)
NOT-FOR-US: Dynabook Inc.
CVE-2026-56123 (socat versions 1.8.0.0 through 1.8.1.1 contain a heap-based
buffer ove ...)
@@ -1409,7 +1410,8 @@ CVE-2026-56123 (socat versions 1.8.0.0 through 1.8.1.1
contain a heap-based buff
CVE-2026-56122 (Winstone Servlet Engine through 0.9.10 contains a path
traversal vulne ...)
NOT-FOR-US: Winstone Servlet Container
CVE-2026-56091 (When using Apache Shiro with the shiro-guice module in a web
servlet c ...)
- TODO: check
+ - shiro <unfixed>
+ NOTE: https://lists.apache.org/thread/onmtxmy2qonbpx7xlw3o34x8sctv47r7
CVE-2026-56071 (Unauthenticated Cross Site Scripting (XSS) in Forminator <=
1.53.1 ver ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-56054 (Subscriber Arbitrary File Deletion in JS Help Desk <= 3.1.1
versions.)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/28b0986f800679221871a88869a3575adeeff485
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/28b0986f800679221871a88869a3575adeeff485
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits