[Git][security-tracker-team/security-tracker][master] new activemq issues

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7f26d2eb by Moritz Muehlenhoff at 2026-06-01T23:21:21+02:00
new activemq issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -27,9 +27,11 @@ CVE-2026-7770 (IBM i Access Family 1.1.5.0 through 1.1.9.12 IBM i Access Client
 CVE-2026-49361 (Apache Fluss versions prior to 0.9.1 configure the Netty LengthFieldBa ...)
 	NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-49270 (Exposure of Sensitive Information Through Metadata vulnerability in Ap ...)
-	TODO: check
+	- activemq <unfixed>
+	NOTE: https://www.openwall.com/lists/oss-security/2026/05/31/22
 CVE-2026-49157 (Incorrect Default Permissions vulnerability in Apache ActiveMQ.  This  ...)
-	TODO: check
+	- activemq <unfixed>
+	NOTE: https://www.openwall.com/lists/oss-security/2026/05/31/21
 CVE-2026-49121 (AI Tensor Engine for ROCm (AITER) through 0.1.14 contains an unauthent ...)
 	TODO: check
 CVE-2026-48879 (Incorrect Privilege Assignment vulnerability in Sergey AIWU allows Pri ...)
@@ -61,7 +63,8 @@ CVE-2026-48187 (An uncontrolled allocation of resources without limits or thrott
 CVE-2026-47294 (Deserialization of untrusted data in Microsoft Office SharePoint allow ...)
 	NOT-FOR-US: Microsoft
 CVE-2026-46605 (Incomplete authorization by Apache ActiveMQ server before versions v6. ...)
-	TODO: check
+	- activemq <unfixed>
+	NOTE: https://www.openwall.com/lists/oss-security/2026/05/31/20
 CVE-2026-45810 (Nextcloud is an open source content collaboration platform. In Nextclo ...)
 	- nextcloud-server <itp> (bug #941708)
 CVE-2026-45729 (Thor Vector Graphics (ThorVG) is a production-ready vector graphics en ...)
@@ -87,7 +90,8 @@ CVE-2026-45544 (Nextcloud is an open source content collaboration platform. From
 CVE-2026-45543 (Nextcloud is an open source content collaboration platform. From versi ...)
 	NOT-FOR-US: Nextcloud Forms
 CVE-2026-45505 (Improper Input Validation, Improper Control of Generation of Code ('Co ...)
-	TODO: check
+	- activemq <unfixed>
+	NOTE: https://www.openwall.com/lists/oss-security/2026/05/31/19
 CVE-2026-45302 (parse-nested-form-data is a tiny node module for parsing FormData by n ...)
 	NOT-FOR-US: parse-nested-form-data
 CVE-2026-45286 (Nextcloud is an open source content collaboration platform. From versi ...)
@@ -175,9 +179,11 @@ CVE-2026-42672 (Improper Neutralization of Special Elements used in an SQL Comma
 CVE-2026-42671 (Missing Authorization vulnerability in Paolo GeoDirectory allows Explo ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-42588 (Improper Input Validation, Improper Control of Generation of Code ('Co ...)
-	TODO: check
+	- activemq <unfixed>
+	NOTE: https://www.openwall.com/lists/oss-security/2026/05/31/18
 CVE-2026-42253 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	- activemq <unfixed>
+	NOTE: https://www.openwall.com/lists/oss-security/2026/05/31/17
 CVE-2026-42251 (Use of hard-coded credentials in KS-SOMED allowed an unauthorized atta ...)
 	NOT-FOR-US: KS-SOMED
 CVE-2026-41013 (Input validation bypass in SMB volume mount handling in CloudFoundry F ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f26d2eb67530f061512ba18c6dad6c64bff3b3f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f26d2eb67530f061512ba18c6dad6c64bff3b3f
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260601/0501bf01/attachment.htm>