[Git][security-tracker-team/security-tracker][master] Add new apache2 issues

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Jun 8 20:47:12 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9b2bc787 by Salvatore Bonaccorso at 2026-06-08T21:46:43+02:00
Add new apache2 issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -31,7 +31,8 @@ CVE-2026-49233 (Routinator does not properly check the module component of rsync
 CVE-2026-49232 (Routinator exits on any error when accepting incoming HTTP or RTR conn ...)
 	- routinator <itp> (bug #929024)
 CVE-2026-48913 (Use After Free vulnerability in Apache HTTP Server module mod_http2 wh ...)
-	TODO: check
+	- apache2 <unfixed>
+	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-48913
 CVE-2026-48507 (Snipe-IT is an IT asset/license management system. A vulnerability in  ...)
 	TODO: check
 CVE-2026-48488 (phpMyFAQ is an open source FAQ web application. Prior to version 4.1.4 ...)
@@ -71,13 +72,17 @@ CVE-2026-46440 (Flowise is a drag & drop user interface to build a customized la
 CVE-2026-45581 (fabric-chaincode-java is a Java based implementation of Hyperledger Fa ...)
 	TODO: check
 CVE-2026-44631 (Buffer Underwrite vulnerability in Apache HTTP Server on crafted regul ...)
-	TODO: check
+	- apache2 <unfixed>
+	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-44631
 CVE-2026-44186 (Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability i ...)
-	TODO: check
+	- apache2 <unfixed>
+	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-44186
 CVE-2026-44185 (Buffer Over-read vulnerability in Apache HTTP Server via outbound OCSP ...)
-	TODO: check
+	- apache2 <unfixed>
+	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-44185
 CVE-2026-44119 (Improper Privilege Management vulnerability in Apache HTTP Server 2.4. ...)
-	TODO: check
+	- apache2 <unfixed>
+	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-44119
 CVE-2026-43974 (Unexpected Status Code or Return Value vulnerability in ninenines gun  ...)
 	TODO: check
 CVE-2026-43973 (Uncontrolled Resource Consumption vulnerability in ninenines gun (gun_ ...)
@@ -87,7 +92,8 @@ CVE-2026-43972 (Origin Validation Error vulnerability in ninenines gun (gun_http
 CVE-2026-43966 (Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Reque ...)
 	TODO: check
 CVE-2026-43951 (Out-of-bounds Read vulnerability in Apache HTTP Server with mod_header ...)
-	TODO: check
+	- apache2 <unfixed>
+	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-43951
 CVE-2026-42863 (Flowise is a drag & drop user interface to build a customized large la ...)
 	TODO: check
 CVE-2026-42862 (Flowise is a drag & drop user interface to build a customized large la ...)
@@ -95,9 +101,11 @@ CVE-2026-42862 (Flowise is a drag & drop user interface to build a customized la
 CVE-2026-42861 (Flowise is a drag & drop user interface to build a customized large la ...)
 	TODO: check
 CVE-2026-42536 (Heap-based Buffer Overflow vulnerability in Apache HTTP Server withmod ...)
-	TODO: check
+	- apache2 <unfixed>
+	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-42536
 CVE-2026-42535 (A path handling issue in mod_dav_fs in Apache 2.4.67 and earlierallows ...)
-	TODO: check
+	- apache2 <unfixed>
+	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-42535
 CVE-2026-41724 (VMware Cloud Foundation Operations contains multiple stored cross-site ...)
 	TODO: check
 CVE-2026-41723 (VMware Cloud Foundation Operations contains multiple stored cross-site ...)
@@ -117,15 +125,19 @@ CVE-2026-36789 (Shenzhen Tenda Technology Co., Ltd Tenda AC1206 v15.03.06.23 was
 CVE-2026-36786 (Shenzhen Tenda Technology Co., Ltd Tenda FH451 V1.0.0.9 was discovered ...)
 	NOT-FOR-US: Tenda
 CVE-2026-34356 (Heap-based Buffer Overflow vulnerability in Apache HTTP Server with ma ...)
-	TODO: check
+	- apache2 <unfixed>
+	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-34356
 CVE-2026-34355 (A buffer overflow in mod_proxy_html in Apache HTTP Server 2.4.67 and e ...)
-	TODO: check
+	- apache2 <unfixed>
+	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-34355
 CVE-2026-34194 (Software installed and run as a non-privileged user may conduct improp ...)
 	NOT-FOR-US: Imagination Technologies
 CVE-2026-29170 (A cross-site scripting vulnerability exists in mod_proxy_ftp's HTML di ...)
-	TODO: check
+	- apache2 <unfixed>
+	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-29170
 CVE-2026-29167 (Use After Free vulnerability in Apache HTTP Server with mod_ldap in pe ...)
-	TODO: check
+	- apache2 <unfixed>
+	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-29167
 CVE-2026-25856 (OpenBullet2 through version 0.3.2 contains an authenticated remote cod ...)
 	TODO: check
 CVE-2026-25855 (OpenBullet2 through version 0.3.2 contains a remote code execution vul ...)
@@ -3974,6 +3986,7 @@ CVE-2026-XXXX [HTTP/2 Bomb denial of service]
 CVE-2026-49975 (Memory Allocation with Excessive Size Value vulnerability in Apache HT ...)
 	{DSA-6323-1 DLA-4620-1}
 	- apache2 2.4.67-2 (bug #1138750)
+	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-49975
 	NOTE: https://blog.calif.io/p/codex-discovered-a-hidden-http2-bomb
 	NOTE: https://github.com/icing/mod_h2/pull/324
 	NOTE: https://github.com/icing/mod_h2/commit/35c6e405390ed361189a82acd96675401ea5947c (v2.0.41)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b2bc787d19313e377a360ea174d43f14ab3c49d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b2bc787d19313e377a360ea174d43f14ab3c49d
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260608/7b8c052b/attachment.htm>

More information about the debian-security-tracker-commits mailing list