[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Jun 12 20:14:02 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2a7e36e1 by security tracker role at 2026-06-12T19:13:56+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,297 @@
+CVE-2026-9641 (Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default al ...)
+ TODO: check
+CVE-2026-9638 (Crypt::PBKDF2 versions before 0.261630 for Perl generate insecure rand ...)
+ TODO: check
+CVE-2026-9266 (A Missing Required Cryptographic Step vulnerability has been identifie ...)
+ TODO: check
+CVE-2026-8828 (A lack of authorization validation in version 1.0.0 or later of the Ch ...)
+ TODO: check
+CVE-2026-8694 (Improper access control in Devolutions PowerShell Universal 2026.1.7 a ...)
+ TODO: check
+CVE-2026-7387 (Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10. ...)
+ TODO: check
+CVE-2026-7368 (The Yarbo cloud does not enforce per-device or per-user authorization. ...)
+ TODO: check
+CVE-2026-7184 (Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10. ...)
+ TODO: check
+CVE-2026-6961 (Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10. ...)
+ TODO: check
+CVE-2026-6853 (Improper restriction of excessive authentication attempts vulnerabilit ...)
+ TODO: check
+CVE-2026-6739 (Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10. ...)
+ TODO: check
+CVE-2026-6689 (Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10. ...)
+ TODO: check
+CVE-2026-6211 (Unrestricted upload of file with dangerous type vulnerability in Globa ...)
+ TODO: check
+CVE-2026-6046 (Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10. ...)
+ TODO: check
+CVE-2026-5792 (Authentication bypass by spoofing vulnerability in Hedef Media Promoti ...)
+ TODO: check
+CVE-2026-54133 (jmespath.php allows users to use JMESPath, software for declaratively ...)
+ TODO: check
+CVE-2026-54102
+ REJECTED
+CVE-2026-54101
+ REJECTED
+CVE-2026-53982 (Capgo Console prior to 12.28.2 contains a denial-of-service vulnerabil ...)
+ TODO: check
+CVE-2026-53981 (Cap-go prior to 12.128.2 contains an account takeover vulnerability in ...)
+ TODO: check
+CVE-2026-53787 (Amasty Order Attributes for Magento 2 before version 4.0.0 contains an ...)
+ TODO: check
+CVE-2026-53726 (Parse Server is an open source backend that can be deployed to any inf ...)
+ TODO: check
+CVE-2026-53725 (Parse Server is an open source backend that can be deployed to any inf ...)
+ TODO: check
+CVE-2026-53724 (Parse Server is an open source backend that can be deployed to any inf ...)
+ TODO: check
+CVE-2026-53722 (Nuxt is an open-source web development framework for Vue.js. Prior to ...)
+ TODO: check
+CVE-2026-53721 (Nuxt is an open-source web development framework for Vue.js. From vers ...)
+ TODO: check
+CVE-2026-53568 (Frappe is a full-stack web application framework. Prior to versions 15 ...)
+ TODO: check
+CVE-2026-53408 (Improper Authorization in Handler for Custom URL Scheme in Zoom Workpl ...)
+ TODO: check
+CVE-2026-53407 (Improper Authorization in Handler for Custom URL Scheme in Zoom Workpl ...)
+ TODO: check
+CVE-2026-53406 (Insufficient Verification of Data Authenticity in Remote Control for Z ...)
+ TODO: check
+CVE-2026-50645 (There is no restriction on the amount of attachment headers that a mes ...)
+ TODO: check
+CVE-2026-50634 (A vulnerability in Apache CXF'sJwsJsonContainerRequestFilter can be ex ...)
+ TODO: check
+CVE-2026-50633 (A JNDI Injection vulnerability has been discovered in Apache CXF's JCA ...)
+ TODO: check
+CVE-2026-50632 (A further incomplete fix fora previous advisory CVE-2026-44417(Untrust ...)
+ TODO: check
+CVE-2026-50631 (A race condition in AbstractOAuthDataProvider allows concurrent reques ...)
+ TODO: check
+CVE-2026-50630 (A CRLF injection vulnerability exists in the OAuth2 AuthorizationUtils ...)
+ TODO: check
+CVE-2026-50629 (The 'clientId' parameter from incoming HTTP requests is directly conca ...)
+ TODO: check
+CVE-2026-50628 (A logic error in OAuthRequestFilter rejects legitimate requests origin ...)
+ TODO: check
+CVE-2026-50627 (The JwtAccessTokenValidator class in Apache CXF fails to validate the ...)
+ TODO: check
+CVE-2026-50623 (An authentication bypass vulnerability exists in the OAuth2 TokenIntro ...)
+ TODO: check
+CVE-2026-50560 (Netty is a network application framework for development of protocol s ...)
+ TODO: check
+CVE-2026-50244 (The Naxclow platform exposes a registration endpoint that accepts sign ...)
+ TODO: check
+CVE-2026-50108 (The Naxclow platform API that returns device relay registration detail ...)
+ TODO: check
+CVE-2026-50101 (Naxclow devices use a server-side, per-device relay credential that ne ...)
+ TODO: check
+CVE-2026-50099 (During WiFi association, Naxclow device firmware prints the host netwo ...)
+ TODO: check
+CVE-2026-50091 (Aqara Home Android (com.lumiunited.aqarahome) 6.0.0 (and white-label c ...)
+ TODO: check
+CVE-2026-50090 (The Aqara Cloud OAuth Authorization Endpoint (open-cn.aqara.com/oauth/ ...)
+ TODO: check
+CVE-2026-50089 (The Aqara IAM/SSO Gateway (gw-builder.aqara.com) provides an open redi ...)
+ TODO: check
+CVE-2026-50088 (The Aqara Developer Portal (developer.aqara.com) and shared test envir ...)
+ TODO: check
+CVE-2026-50087 (The Aqara IAM/SSO gateway (gw-builder.aqara.com) exhibits a cross-orig ...)
+ TODO: check
+CVE-2026-50086 (The Aqara IAM/SSO gateway (gw-builder.aqara.com) exposes bidirectional ...)
+ TODO: check
+CVE-2026-50085 (The Aqara Board service (op-test.aqara.com) accepts arbitrary MQTT com ...)
+ TODO: check
+CVE-2026-50084 (The Aqara Cloud Production API (open-cn.aqara.com/v3.0/open/api) would ...)
+ TODO: check
+CVE-2026-50083 (The Aqara IAM/SSO Gateway (gw-builder.aqara.com) used a hardcoded OAut ...)
+ TODO: check
+CVE-2026-50082 (The Aqara Cloud Developer Portal (developer.aqara.com) issued a develo ...)
+ TODO: check
+CVE-2026-50026 (Frappe is a full-stack web application framework. Prior to versions 15 ...)
+ TODO: check
+CVE-2026-50020 (Netty is a network application framework for development of protocol s ...)
+ TODO: check
+CVE-2026-50011 (Netty is a network application framework for development of protocol s ...)
+ TODO: check
+CVE-2026-50010 (Netty is a network application framework for development of protocol s ...)
+ TODO: check
+CVE-2026-50009 (Netty is a network application framework for development of protocol s ...)
+ TODO: check
+CVE-2026-50008 (Parse Server is an open source backend that can be deployed to any inf ...)
+ TODO: check
+CVE-2026-49993 (Nuxt is an open-source web development framework for Vue.js. In @nuxt/ ...)
+ TODO: check
+CVE-2026-49875 (Apache CXF's EndpointReferenceUtils and W3CMultiSchemaFactory classes ...)
+ TODO: check
+CVE-2026-49347 (Quest Bot is an opensource Discord Bot. Prior to version 1.1.8, any us ...)
+ TODO: check
+CVE-2026-48914 (A flaw was found in QEMU's virtio-blk device. The issue arises because ...)
+ TODO: check
+CVE-2026-48748 (Netty is a network application framework for development of protocol s ...)
+ TODO: check
+CVE-2026-48558 (SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions cont ...)
+ TODO: check
+CVE-2026-48485 (Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, the la ...)
+ TODO: check
+CVE-2026-48059 (Netty is a network application framework for development of protocol s ...)
+ TODO: check
+CVE-2026-48043 (Netty is a network application framework for development of protocol s ...)
+ TODO: check
+CVE-2026-48006 (Netty is a network application framework for development of protocol s ...)
+ TODO: check
+CVE-2026-47965 (Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are aff ...)
+ TODO: check
+CVE-2026-47739 (Frappe is a full-stack web application framework. Prior to versions 15 ...)
+ TODO: check
+CVE-2026-47691 (Netty is a network application framework for development of protocol s ...)
+ TODO: check
+CVE-2026-47248 (Parse Server is an open source backend that can be deployed to any inf ...)
+ TODO: check
+CVE-2026-47244 (Netty is a network application framework for development of protocol s ...)
+ TODO: check
+CVE-2026-47236 (Solidtime is an open-source time-tracking app. Prior to version 0.12.2 ...)
+ TODO: check
+CVE-2026-47225 (Typesense is a fast, typo-tolerant search engine. Prior to versions 29 ...)
+ TODO: check
+CVE-2026-47224 (NanaZip is the 7-Zip derivative intended for the modern Windows experi ...)
+ TODO: check
+CVE-2026-47223 (NanaZip is the 7-Zip derivative intended for the modern Windows experi ...)
+ TODO: check
+CVE-2026-47222 (NanaZip is the 7-Zip derivative intended for the modern Windows experi ...)
+ TODO: check
+CVE-2026-47216 (Typesense is a fast, typo-tolerant search engine. Prior to versions 29 ...)
+ TODO: check
+CVE-2026-47210 (vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, ...)
+ TODO: check
+CVE-2026-47209 (vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, ...)
+ TODO: check
+CVE-2026-47208 (vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, ...)
+ TODO: check
+CVE-2026-47200 (Nuxt is an open-source web development framework for Vue.js. In Nuxt v ...)
+ TODO: check
+CVE-2026-47197 (Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, a mode ...)
+ TODO: check
+CVE-2026-47196 (Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, the au ...)
+ TODO: check
+CVE-2026-47195 (Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, the pu ...)
+ TODO: check
+CVE-2026-47190 (IPAM is the IP address Manager for Cluster API Provider Metal3. Prior ...)
+ TODO: check
+CVE-2026-47182 (Frappe is a full-stack web application framework. Prior to version 16. ...)
+ TODO: check
+CVE-2026-47141 (vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, ...)
+ TODO: check
+CVE-2026-47140 (vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, ...)
+ TODO: check
+CVE-2026-47139 (vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, ...)
+ TODO: check
+CVE-2026-47138 (Parse Server is an open source backend that can be deployed to any inf ...)
+ TODO: check
+CVE-2026-47137 (vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, ...)
+ TODO: check
+CVE-2026-47135 (vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, ...)
+ TODO: check
+CVE-2026-47131 (vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, ...)
+ TODO: check
+CVE-2026-46690 (unbounded_spsc is an "unbounded" extension of bounded_spsc_queue. In v ...)
+ TODO: check
+CVE-2026-46342 (Nuxt is an open-source web development framework for Vue.js. In Nuxt v ...)
+ TODO: check
+CVE-2026-46340 (Netty is a network application framework for development of protocol s ...)
+ TODO: check
+CVE-2026-45833 (A code injection vulnerability in version 0.4.17 or later of the Chrom ...)
+ TODO: check
+CVE-2026-45832 (All V1 collection-level endpoints in ChromaDB's Python project pass No ...)
+ TODO: check
+CVE-2026-45831 (The SimpleRBACAuthorizationProvider authorization provider in versions ...)
+ TODO: check
+CVE-2026-45830 (A lack of authorization validation in version 0.4.17 or later of the C ...)
+ TODO: check
+CVE-2026-45674 (Netty is a network application framework for development of protocol s ...)
+ TODO: check
+CVE-2026-45673 (Netty is a network application framework for development of protocol s ...)
+ TODO: check
+CVE-2026-45670 (Nuxt is an open-source web development framework for Vue.js. In @nuxt/ ...)
+ TODO: check
+CVE-2026-45669 (Nuxt is an open-source web development framework for Vue.js. From vers ...)
+ TODO: check
+CVE-2026-45536 (Netty is a network application framework for development of protocol s ...)
+ TODO: check
+CVE-2026-45416 (Netty is a network application framework for development of protocol s ...)
+ TODO: check
+CVE-2026-44976 (Frappe is a full-stack web application framework. Prior to version 16. ...)
+ TODO: check
+CVE-2026-44975 (Frappe is a full-stack web application framework. Prior to versions 15 ...)
+ TODO: check
+CVE-2026-44967 (OpenTelemetry-cpp is the C++ implementation of OpenTelemetry. Prior to ...)
+ TODO: check
+CVE-2026-44894 (Netty is a network application framework for development of protocol s ...)
+ TODO: check
+CVE-2026-44893 (Netty is a network application framework for development of protocol s ...)
+ TODO: check
+CVE-2026-44208 (Frappe is a full-stack web application framework. Prior to versions 15 ...)
+ TODO: check
+CVE-2026-44207 (Frappe is a full-stack web application framework. Prior to versions 15 ...)
+ TODO: check
+CVE-2026-44206 (Frappe is a full-stack web application framework. Prior to versions 15 ...)
+ TODO: check
+CVE-2026-44205 (Frappe is a full-stack web application framework. Prior to version 15. ...)
+ TODO: check
+CVE-2026-42947 (A flaw in Naxclow's platform\u2019s onboarding workflow allows an atta ...)
+ TODO: check
+CVE-2026-42932 (Naxclow device identifiers use fixed manufacturing prefixes combined w ...)
+ TODO: check
+CVE-2026-42306 (Moby is an open source container framework. In Docker Engine prior to ...)
+ TODO: check
+CVE-2026-41581 (Frappe is a full-stack web application framework. Prior to versions 15 ...)
+ TODO: check
+CVE-2026-41568 (Moby is an open source container framework. In Docker Engine prior to ...)
+ TODO: check
+CVE-2026-40677 (The use of insecure HTTP transport within AMD optional tools could all ...)
+ TODO: check
+CVE-2026-3840 (A vulnerability in Kedro version 1.2.0 allows an attacker to exploit p ...)
+ TODO: check
+CVE-2026-3433 (Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10. ...)
+ TODO: check
+CVE-2026-28742 (Naxclow devices use a uniform request-signing scheme based on a hard-c ...)
+ TODO: check
+CVE-2026-1836 (The system stores the username and password from the login form after ...)
+ TODO: check
+CVE-2026-12143 (form-data is a library for creating readable multipart/form-data strea ...)
+ TODO: check
+CVE-2026-12066 (A security flaw has been discovered in PbootCMS up to 3.2.12. This vul ...)
+ TODO: check
+CVE-2026-12065 (A vulnerability was identified in Groww Stock, Mutual Fund, Gold App u ...)
+ TODO: check
+CVE-2026-12058 (The connection confirmation pop-up of a specific feature in the PcSuit ...)
+ TODO: check
+CVE-2026-12043 (Improper handling of HPACK dynamic table size updates in the AWS Commo ...)
+ TODO: check
+CVE-2026-11967 (MobaXterm Personal Edition (Portable), in its 26.3 version (Build 5154 ...)
+ TODO: check
+CVE-2026-11879 (MobaXterm Personal Edition (Portable), in its 26.3 version (Build 5154 ...)
+ TODO: check
+CVE-2026-11849 (The iRM-IEI Remote Management developed by IEI Integration Corp has a ...)
+ TODO: check
+CVE-2026-11848 (TheiRM-IEI Remote Management developed by IEI Integration Corp has a M ...)
+ TODO: check
+CVE-2026-11847 (The iVEC-IEI Virtualization Edge Computer developed by IEI Integratio ...)
+ TODO: check
+CVE-2026-11846 (The iVEC-IEI Virtualization Edge Computer developed by IEI Integration ...)
+ TODO: check
+CVE-2026-11845 (TheiVEC-IEI Virtualization Edge Computer developed by IEI Integration ...)
+ TODO: check
+CVE-2026-11844 (The iVEC-IEI Virtualization Edge Computer developed by IEI Integration ...)
+ TODO: check
+CVE-2026-11535 (An unauthorized access vulnerability exists in the PcSuite APP. The vu ...)
+ TODO: check
+CVE-2026-10715 (Camaleon CMS 2.9.2 contains an improper authorization vulnerability in ...)
+ TODO: check
+CVE-2026-10557 (The Yarbo Android and iOS applications contain hard-coded MQTT broker ...)
+ TODO: check
+CVE-2017-20240 (Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timi ...)
+ TODO: check
CVE-2026-50012
- squid 7.6-1
NOTE: https://www.openwall.com/lists/oss-security/2026/06/12/1
@@ -1338,9 +1632,11 @@ CVE-2026-49839
- jq 1.8.1-8
NOTE: https://github.com/jqlang/jq/security/advisories/GHSA-cfh2-vwfq-qfmm
CVE-2026-44236
+ {DSA-6343-1}
- librabbitmq 0.16.0-1
NOTE: https://github.com/alanxz/rabbitmq-c/security/advisories/GHSA-jh48-qjf5-fx5v
CVE-2026-44235
+ {DSA-6343-1}
- librabbitmq 0.16.0-1
NOTE: https://github.com/alanxz/rabbitmq-c/security/advisories/GHSA-9mmv-r8g3-qp46
CVE-2026-9279 (Logseq exposes an IPC handler that allows the renderer process to exec ...)
@@ -3107,6 +3403,7 @@ CVE-2026-49233 (Routinator does not properly check the module component of rsync
CVE-2026-49232 (Routinator exits on any error when accepting incoming HTTP or RTR conn ...)
- routinator <itp> (bug #929024)
CVE-2026-48913 (Use After Free vulnerability in Apache HTTP Server module mod_http2 wh ...)
+ {DLA-4629-1}
- apache2 2.4.68-1 (bug #1139340)
[trixie] - apache2 <no-dsa> (Minor issue)
[bookworm] - apache2 <no-dsa> (Minor issue)
@@ -3153,24 +3450,28 @@ CVE-2026-46440 (Flowise is a drag & drop user interface to build a customized la
CVE-2026-45581 (fabric-chaincode-java is a Java based implementation of Hyperledger Fa ...)
NOT-FOR-US: fabric-chaincode-java
CVE-2026-44631 (Buffer Underwrite vulnerability in Apache HTTP Server on crafted regul ...)
+ {DLA-4629-1}
- apache2 2.4.68-1 (bug #1139340)
[trixie] - apache2 <no-dsa> (Minor issue)
[bookworm] - apache2 <no-dsa> (Minor issue)
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-44631
NOTE: Fixed by: https://github.com/apache/httpd/commit/7d9f3cfb10b0fe70df7358d26d7b1f374ea1a0cb (2.4.68-rc1-candidate)
CVE-2026-44186 (Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability i ...)
+ {DLA-4629-1}
- apache2 2.4.68-1 (bug #1139340)
[trixie] - apache2 <no-dsa> (Minor issue)
[bookworm] - apache2 <no-dsa> (Minor issue)
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-44186
NOTE: Fixed by: https://github.com/apache/httpd/commit/414de374a06549b2c6710cbcff81c3821379f75c (2.4.68-rc1-candidate)
CVE-2026-44185 (Buffer Over-read vulnerability in Apache HTTP Server via outbound OCSP ...)
+ {DLA-4629-1}
- apache2 2.4.68-1 (bug #1139340)
[trixie] - apache2 <no-dsa> (Minor issue)
[bookworm] - apache2 <no-dsa> (Minor issue)
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-44185
NOTE: Fixed by: https://github.com/apache/httpd/commit/32b7e2e66477020ba75b78ab43fb8890ec292ad2 (2.4.68-rc1-candidate)
CVE-2026-44119 (Improper Privilege Management vulnerability in Apache HTTP Server 2.4. ...)
+ {DLA-4629-1}
- apache2 2.4.68-1 (bug #1139340)
[trixie] - apache2 <no-dsa> (Minor issue)
[bookworm] - apache2 <no-dsa> (Minor issue)
@@ -3185,6 +3486,7 @@ CVE-2026-43972 (Origin Validation Error vulnerability in ninenines gun (gun_http
CVE-2026-43966 (Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Reque ...)
TODO: check
CVE-2026-43951 (Out-of-bounds Read vulnerability in Apache HTTP Server with mod_header ...)
+ {DLA-4629-1}
- apache2 2.4.68-1 (bug #1139340)
[trixie] - apache2 <no-dsa> (Minor issue)
[bookworm] - apache2 <no-dsa> (Minor issue)
@@ -3197,6 +3499,7 @@ CVE-2026-42862 (Flowise is a drag & drop user interface to build a customized la
CVE-2026-42861 (Flowise is a drag & drop user interface to build a customized large la ...)
NOT-FOR-US: Flowise
CVE-2026-42536 (Heap-based Buffer Overflow vulnerability in Apache HTTP Server withmod ...)
+ {DLA-4629-1}
- apache2 2.4.68-1 (bug #1139340)
[trixie] - apache2 <no-dsa> (Minor issue)
[bookworm] - apache2 <no-dsa> (Minor issue)
@@ -3204,6 +3507,7 @@ CVE-2026-42536 (Heap-based Buffer Overflow vulnerability in Apache HTTP Server w
NOTE: Fixed by: https://github.com/apache/httpd/commit/fa5d85bbc832a587c3c5bca7c19fb21df96b5df0 (trunk)
NOTE: Fixed by: https://github.com/apache/httpd/commit/cb1f79c0ce66393c48657b19df754f16b79af543 (2.4.68-rc1-candidate)
CVE-2026-42535 (A path handling issue in mod_dav_fs in Apache 2.4.67 and earlierallows ...)
+ {DLA-4629-1}
- apache2 2.4.68-1 (bug #1139340)
[trixie] - apache2 <no-dsa> (Minor issue)
[bookworm] - apache2 <no-dsa> (Minor issue)
@@ -3229,6 +3533,7 @@ CVE-2026-36789 (Shenzhen Tenda Technology Co., Ltd Tenda AC1206 v15.03.06.23 was
CVE-2026-36786 (Shenzhen Tenda Technology Co., Ltd Tenda FH451 V1.0.0.9 was discovered ...)
NOT-FOR-US: Tenda
CVE-2026-34356 (Heap-based Buffer Overflow vulnerability in Apache HTTP Server with ma ...)
+ {DLA-4629-1}
- apache2 2.4.68-1 (bug #1139340)
[trixie] - apache2 <no-dsa> (Minor issue)
[bookworm] - apache2 <no-dsa> (Minor issue)
@@ -3236,6 +3541,7 @@ CVE-2026-34356 (Heap-based Buffer Overflow vulnerability in Apache HTTP Server w
NOTE: Fixed by: https://github.com/apache/httpd/commit/403269396d24404e2576a9b20f96cd0b10574048 (2.4.68-rc1-candidate)
NOTE: Fixed by: https://github.com/apache/httpd/commit/a70753d294292e8c9f68758cfe3550d83f812129 (trunk)
CVE-2026-34355 (A buffer overflow in mod_proxy_html in Apache HTTP Server 2.4.67 and e ...)
+ {DLA-4629-1}
- apache2 2.4.68-1 (bug #1139340)
[trixie] - apache2 <no-dsa> (Minor issue)
[bookworm] - apache2 <no-dsa> (Minor issue)
@@ -3244,6 +3550,7 @@ CVE-2026-34355 (A buffer overflow in mod_proxy_html in Apache HTTP Server 2.4.67
CVE-2026-34194 (Software installed and run as a non-privileged user may conduct improp ...)
NOT-FOR-US: Imagination Technologies
CVE-2026-29170 (A cross-site scripting vulnerability exists in mod_proxy_ftp's HTML di ...)
+ {DLA-4629-1}
- apache2 2.4.68-1 (bug #1139340)
[trixie] - apache2 <no-dsa> (Minor issue)
[bookworm] - apache2 <no-dsa> (Minor issue)
@@ -3251,6 +3558,7 @@ CVE-2026-29170 (A cross-site scripting vulnerability exists in mod_proxy_ftp's H
NOTE: Fixed by: https://github.com/apache/httpd/commit/e86bf540f166b3a322f7e7f9cd4aad4cd44deee6 (trunk)
NOTE: Fixed by: https://github.com/apache/httpd/commit/04641bce75a2734ad8150f9a6bc84fc5205e852b (2.4.68-rc1-candidate)
CVE-2026-29167 (Use After Free vulnerability in Apache HTTP Server with mod_ldap in pe ...)
+ {DLA-4629-1}
- apache2 2.4.68-1 (bug #1139340)
[trixie] - apache2 <no-dsa> (Minor issue)
[bookworm] - apache2 <no-dsa> (Minor issue)
@@ -3719,28 +4027,28 @@ CVE-2026-11448 (A weakness has been identified in GL.iNet GL-MT3000 up to 4.4.5.
NOT-FOR-US: GL.iNet
CVE-2026-11447 (A security flaw has been discovered in GL.iNet GL-MT3000 up to 4.4.5. ...)
NOT-FOR-US: GL.iNet
-CVE-2026-44173
+CVE-2026-44173 (MariaDB server is a community developed fork of MySQL server. From ver ...)
- mariadb 1:11.8.8-1
NOTE: https://mariadb.com/docs/release-notes/community-server/11.8/11.8.7
-CVE-2026-44172
+CVE-2026-44172 (MariaDB server is a community developed fork of MySQL server. In versi ...)
- mariadb 1:11.8.8-1
NOTE: https://mariadb.com/docs/release-notes/community-server/11.8/11.8.7
-CVE-2026-44171
+CVE-2026-44171 (MariaDB server is a community developed fork of MySQL server. From ver ...)
- mariadb 1:11.8.8-1
NOTE: https://mariadb.com/docs/release-notes/community-server/11.8/11.8.7
-CVE-2026-44170
+CVE-2026-44170 (MariaDB server is a community developed fork of MySQL server. From ver ...)
- mariadb 1:11.8.8-1
NOTE: https://mariadb.com/docs/release-notes/community-server/11.8/11.8.7
-CVE-2026-44169
+CVE-2026-44169 (MariaDB server is a community developed fork of MySQL server. From ver ...)
- mariadb 1:11.8.8-1
NOTE: https://mariadb.com/docs/release-notes/community-server/11.8/11.8.7
-CVE-2026-44168
+CVE-2026-44168 (MariaDB server is a community developed fork of MySQL server. From ver ...)
- mariadb 1:11.8.8-1
NOTE: https://mariadb.com/docs/release-notes/community-server/11.8/11.8.7
-CVE-2026-48165
+CVE-2026-48165 (MariaDB server is a community developed fork of MySQL server. From ver ...)
- mariadb 1:11.8.8-1
NOTE: https://mariadb.com/docs/release-notes/community-server/11.8/11.8.8
-CVE-2026-48163
+CVE-2026-48163 (MariaDB server is a community developed fork of MySQL server. From ver ...)
- mariadb 1:11.8.8-1
NOTE: https://mariadb.com/docs/release-notes/community-server/11.8/11.8.8
CVE-2026-49261 (MariaDB server is a community developed fork of MySQL server. Versions ...)
@@ -12019,6 +12327,7 @@ CVE-2025-70116 (A NULL pointer dereference in GPAC MP4Box: when parsing certain
[bullseye] - gpac <end-of-life> (EOLed in debian-security-support)
NOTE: https://github.com/gpac/gpac/issues/3345
CVE-2025-70103 (Heap buffer overflow vulnerability in libjxl 0.12.0 via crafted PBM im ...)
+ {DSA-6342-1}
- jpeg-xl <unfixed> (bug #1138575)
NOTE: https://www.openwall.com/lists/oss-security/2026/05/30/7
NOTE: https://github.com/libjxl/libjxl/issues/4337
@@ -276266,13 +276575,13 @@ CVE-2023-46280 (A vulnerability has been identified in Security Configuration To
NOT-FOR-US: Siemens
CVE-2023-45586 (An insufficient verification of data authenticity vulnerability [CWE-3 ...)
NOT-FOR-US: FortiGuard
-CVE-2023-45583 (A use of externally-controlled format string in Fortinet FortiProxy ve ...)
+CVE-2023-45583 (A use of externally-controlled format string vulnerability in Fortinet ...)
NOT-FOR-US: FortiGuard
CVE-2023-44247 (A double free vulnerability [CWE-415] vulnerability in Fortinet FortiO ...)
NOT-FOR-US: FortiGuard
CVE-2023-40720 (An authorization bypass through user-controlled key vulnerability [CWE ...)
NOT-FOR-US: FortiGuard
-CVE-2023-36640 (A use of externally-controlled format string in Fortinet FortiProxy ve ...)
+CVE-2023-36640 (A use of externally-controlled format string vulnerability in Fortinet ...)
NOT-FOR-US: FortiNet
CVE-2023-35841 (Exposed IOCTL with Insufficient Access Control in Phoenix WinFlash Dri ...)
NOT-FOR-US: Phoenix
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2a7e36e18ae9eb815183fb4c66bf41f787c9bcd9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2a7e36e18ae9eb815183fb4c66bf41f787c9bcd9
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260612/a9f0c053/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list