[Git][security-tracker-team/security-tracker][master] new shiro issues

Moritz Muehlenhoff (@jmm) jmm at debian.org
Sat Jun 27 23:27:31 BST 2026



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
28b0986f by Moritz Muehlenhoff at 2026-06-28T00:26:55+02:00
new shiro issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1401,7 +1401,8 @@ CVE-2026-56767 (Maxun before 0.0.42 contains a cross-tenant insecure direct obje
 CVE-2026-56766 (Hydra through 9.7, fixed in commit 9cc84c2, contains a stack buffer ov ...)
 	NOT-FOR-US: Hydra
 CVE-2026-56130 ("Remember me" cookie age is not verified on the server. This potential ...)
-	TODO: check
+	- shiro <unfixed>
+	NOTE: https://www.openwall.com/lists/oss-security/2026/06/24/8
 CVE-2026-56129 (Generic IO & Memory Access driver for PCs provided by TOSHIBA CORPORAT ...)
 	NOT-FOR-US: Dynabook Inc.
 CVE-2026-56123 (socat versions 1.8.0.0 through 1.8.1.1 contain a heap-based buffer ove ...)
@@ -1409,7 +1410,8 @@ CVE-2026-56123 (socat versions 1.8.0.0 through 1.8.1.1 contain a heap-based buff
 CVE-2026-56122 (Winstone Servlet Engine through 0.9.10 contains a path traversal vulne ...)
 	NOT-FOR-US: Winstone Servlet Container
 CVE-2026-56091 (When using Apache Shiro with the shiro-guice module in a web servlet c ...)
-	TODO: check
+	- shiro <unfixed>
+	NOTE: https://lists.apache.org/thread/onmtxmy2qonbpx7xlw3o34x8sctv47r7
 CVE-2026-56071 (Unauthenticated Cross Site Scripting (XSS) in Forminator <= 1.53.1 ver ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-56054 (Subscriber Arbitrary File Deletion in JS Help Desk <= 3.1.1 versions.)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/28b0986f800679221871a88869a3575adeeff485

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/28b0986f800679221871a88869a3575adeeff485
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260627/b63bca3d/attachment.htm>


More information about the debian-security-tracker-commits mailing list