Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
05812218 by Salvatore Bonaccorso at 2026-07-03T20:42:56+02:00
Add Debian bug reference for activemq issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3197,13 +3197,13 @@ CVE-2026-58010 (A flaw was found in GLib. An off-by-one
error can occur in the g
NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/5134 (2.88.1)
NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/5135 (2.86.5)
CVE-2026-54475 (Missing Authorization vulnerability in Apache ActiveMQ Broker,
Apache ...)
- - activemq <unfixed>
+ - activemq <unfixed> (bug #1141385)
NOTE: https://lists.apache.org/thread/85f3q7mkh71y7qwyn6wvgw0bw4jl06ys
CVE-2026-53917 (Memory Allocation with Excessive Size Value vulnerability in
Apache Ac ...)
- - activemq <unfixed>
+ - activemq <unfixed> (bug #1141385)
NOTE: https://lists.apache.org/thread/grrd1mwgkgblqjbwkkq6dvmdxd9ov2dx
CVE-2026-53916 (Memory Allocation with Excessive Size Value vulnerability in
Apache Ac ...)
- - activemq <unfixed>
+ - activemq <unfixed> (bug #1141385)
NOTE: https://lists.apache.org/thread/07hjsj88hqgsb7vvg6ttsj56ts9vjs5n
CVE-2026-53692 (Redeight CMS version 1.0 uses the MD5 algorithm without a salt
to stor ...)
NOT-FOR-US: Redeight CMS
@@ -3220,13 +3220,13 @@ CVE-2026-53432 (fzf is vulnerable toInteger Overflow
leading to crash in FuzzyMa
NOTE: Fixed by:
https://github.com/junegunn/fzf/commit/ccedd064ca56921a4235219516b3d834f60e7b91
(v0.73.0)
NOTE: Crash in CLI tool, no security impact
CVE-2026-52760 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- - activemq <unfixed>
+ - activemq <unfixed> (bug #1141385)
NOTE: https://lists.apache.org/thread/d3mhyo2116nomz2lwxppyy4pclvdxq3n
CVE-2026-50750 (Denial of Service via Out of Memory vulnerability in Apache
ActiveMQ B ...)
- - activemq <unfixed>
+ - activemq <unfixed> (bug #1141385)
NOTE: https://lists.apache.org/thread/nhkmbdym61yp6wwy0dny8w1p46sm87kr
CVE-2026-50734 (Memory Allocation with Excessive Size Value vulnerability in
Apache Ac ...)
- - activemq <unfixed>
+ - activemq <unfixed> (bug #1141385)
NOTE: https://lists.apache.org/thread/nxso951fnvf72qf9m475mpz4yf931xk0
CVE-2026-4629 (A flaw was found in Keycloak. A highly privileged user with
`manage-cl ...)
- keycloak <itp> (bug #1088287)
@@ -3245,15 +3245,15 @@ CVE-2026-4360 (In the Tarfile.extract() function, the
filter parameter is not pa
NOTE:
https://github.com/python/cpython/commit/5e0ef3f1afe892e4f64eb83368db57ac4c40cba0
(3.14 branch)
NOTE:
https://github.com/python/cpython/commit/eee3ddf0ca10283cc7fea724aae9cd8665f8d15e
(3.13 branch)
CVE-2026-49877 (Improper Authorization vulnerability in Apache ActiveMQ. An
authentic ...)
- - activemq <unfixed>
+ - activemq <unfixed> (bug #1141385)
NOTE: https://lists.apache.org/thread/w82vtc3q02j5ot94tnyy1197y3wb98hl
CVE-2026-49451 (The OpenAPI.NET SDK contains a useful object model for OpenAPI
documen ...)
NOT-FOR-US: OpenAPI.NET SDK
CVE-2026-49434 (Improper Input Validation vulnerability in Apache ActiveMQ
Broker, Apa ...)
- - activemq <unfixed>
+ - activemq <unfixed> (bug #1141385)
NOTE: https://lists.apache.org/thread/hcjh7kdk4l85tb9ksmvcnkhso1ngj50o
CVE-2026-49432 (Improper Input Validation vulnerability in Apache ActiveMQ,
Apache Act ...)
- - activemq <unfixed>
+ - activemq <unfixed> (bug #1141385)
NOTE: https://lists.apache.org/thread/fsjb26605syqr8xks249h8gkp86t55d2
CVE-2026-48315 (ColdFusion versions 2025.9, 2023.20 and earlier are affected
by an Imp ...)
NOT-FOR-US: Adobe
@@ -23082,10 +23082,10 @@ CVE-2026-7770 (IBM i Access Family 1.1.5.0 through
1.1.9.12 IBM i Access Client
CVE-2026-49361 (Apache Fluss versions prior to 0.9.1 configure the Netty
LengthFieldBa ...)
NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-49270 (Exposure of Sensitive Information Through Metadata
vulnerability in Ap ...)
- - activemq <unfixed>
+ - activemq <unfixed> (bug #1141385)
NOTE: https://www.openwall.com/lists/oss-security/2026/05/31/22
CVE-2026-49157 (Incorrect Default Permissions vulnerability in Apache
ActiveMQ. This ...)
- - activemq <unfixed>
+ - activemq <unfixed> (bug #1141385)
NOTE: https://www.openwall.com/lists/oss-security/2026/05/31/21
CVE-2026-49121 (AI Tensor Engine for ROCm (AITER) through 0.1.14 contains an
unauthent ...)
NOT-FOR-US: AI Tensor Engine for ROCm (AITER)
@@ -23122,7 +23122,7 @@ CVE-2026-48187 (An uncontrolled allocation of resources
without limits or thrott
CVE-2026-47294 (Improper neutralization of special elements used in an os
command ('os ...)
NOT-FOR-US: Microsoft
CVE-2026-46605 (Incomplete authorization by Apache ActiveMQ server before
versions v6. ...)
- - activemq <unfixed>
+ - activemq <unfixed> (bug #1141385)
NOTE: https://www.openwall.com/lists/oss-security/2026/05/31/20
CVE-2026-45810 (Nextcloud is an open source content collaboration platform. In
Nextclo ...)
- nextcloud-server <itp> (bug #941708)
@@ -23149,7 +23149,7 @@ CVE-2026-45544 (Nextcloud is an open source content
collaboration platform. From
CVE-2026-45543 (Nextcloud is an open source content collaboration platform.
From versi ...)
NOT-FOR-US: Nextcloud Forms
CVE-2026-45505 (Improper Input Validation, Improper Control of Generation of
Code ('Co ...)
- - activemq <unfixed>
+ - activemq <unfixed> (bug #1141385)
NOTE: https://www.openwall.com/lists/oss-security/2026/05/31/19
CVE-2026-45302 (parse-nested-form-data is a tiny node module for parsing
FormData by n ...)
NOT-FOR-US: parse-nested-form-data
@@ -23239,10 +23239,10 @@ CVE-2026-42672 (Improper Neutralization of Special
Elements used in an SQL Comma
CVE-2026-42671 (Missing Authorization vulnerability in Paolo GeoDirectory
allows Explo ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-42588 (Improper Input Validation, Improper Control of Generation of
Code ('Co ...)
- - activemq <unfixed>
+ - activemq <unfixed> (bug #1141385)
NOTE: https://www.openwall.com/lists/oss-security/2026/05/31/18
CVE-2026-42253 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- - activemq <unfixed>
+ - activemq <unfixed> (bug #1141385)
NOTE: https://www.openwall.com/lists/oss-security/2026/05/31/17
CVE-2026-42251 (Use of hard-coded credentials in KS-SOMED allowed an
unauthorized atta ...)
NOT-FOR-US: KS-SOMED
@@ -76899,7 +76899,7 @@ CVE-2025-66944 (SQL Injection vulnerability in vran-dev
databaseir v.1.0.7 and b
CVE-2025-66678 (An issue in the HwRwDrv.sys component of Nil Hardware Editor
Hardware ...)
NOT-FOR-US: Nil Hardware Editor
CVE-2025-66168 (WARNING: Users of 6.x should upgrade to 6.2.4 or later as the
fix was ...)
- - activemq <unfixed>
+ - activemq <unfixed> (bug #1141385)
NOTE: https://www.openwall.com/lists/oss-security/2026/03/03/5
NOTE: https://issues.apache.org/jira/browse/AMQ-9810
NOTE: Fixed by:
https://github.com/apache/activemq/commit/3f0720c085b24f25c98e414fefc007bc42470ee3
(activemq-5.19.2)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/05812218816f1a37d48192f6bbab1136450259b5
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/05812218816f1a37d48192f6bbab1136450259b5
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits