[Git][security-tracker-team/security-tracker][master] new apache2 issues
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Tue May 5 11:16:18 BST 2026
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
10cd6b38 by Moritz Muehlenhoff at 2026-05-05T12:06:01+02:00
new apache2 issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -282,17 +282,35 @@ CVE-2026-35228 (Vulnerability in the Oracle MCP Server Helper Tool product of Or
CVE-2026-34882
REJECTED
CVE-2026-34059 (Buffer Over-read vulnerability in Apache HTTP Server. This issue affe ...)
- TODO: check
+ - apache2 <unfixed>
+ NOTE: https://www.openwall.com/lists/oss-security/2026/05/04/17
+ NOTE: https://httpd.apache.org/security/vulnerabilities_24.html
+ NOTE: https://github.com/apache/httpd/commit/a3d32288317a87b1398825f2167e0ae083ed43da (2.4.67-rc1-candidate)
CVE-2026-34032 (Improper Null Termination, Out-of-bounds Read vulnerability in Apache ...)
- TODO: check
+ - apache2 <unfixed>
+ NOTE: https://www.openwall.com/lists/oss-security/2026/05/04/16
+ NOTE: https://httpd.apache.org/security/vulnerabilities_24.html
+ NOTE: https://github.com/apache/httpd/commit/b8def8fe323f7f67d0e03bb83c67d66bd8d7fcb2 (2.4.67-rc1-candidate)
CVE-2026-33857 (Out-of-bounds Read vulnerability in mod_proxy_ajp of Apache HTTP Ser ...)
- TODO: check
+ - apache2 <unfixed>
+ NOTE: https://www.openwall.com/lists/oss-security/2026/05/04/15
+ NOTE: https://httpd.apache.org/security/vulnerabilities_24.html
+ NOTE: https://github.com/apache/httpd/commit/493eb23e5cc18c3a7be53977c182ff5d1360c64c (2.4.67-rc1-candidate)
CVE-2026-33523 (HTTP response splitting vulnerability in multiple Apache HTTP Server m ...)
- TODO: check
+ - apache2 <unfixed>
+ NOTE: https://www.openwall.com/lists/oss-security/2026/05/04/23
+ NOTE: https://httpd.apache.org/security/vulnerabilities_24.html
+ NOTE: https://github.com/apache/httpd/commit/0218d4b9c1c0706df4bd7a3e3b15f71d4b66126a (2.4.67-rc1-candidate)
CVE-2026-33007 (A NULL pointer dereference in the mod_authn_socache in Apache HTTP Ser ...)
- TODO: check
+ - apache2 <unfixed>
+ NOTE: https://www.openwall.com/lists/oss-security/2026/05/04/22
+ NOTE: https://httpd.apache.org/security/vulnerabilities_24.html
+ NOTE: https://github.com/apache/httpd/commit/d80685a9e0241d99e94aa2fc0aa491d90c4ae9e8 (2.4.67-rc1-candidate)
CVE-2026-33006 (A timing attack against mod_auth_digest in Apache HTTP Server 2.4.66 a ...)
- TODO: check
+ - apache2 <unfixed>
+ NOTE: https://www.openwall.com/lists/oss-security/2026/05/04/21
+ NOTE: https://httpd.apache.org/security/vulnerabilities_24.html
+ NOTE: https://github.com/apache/httpd/commit/4833b58c484c4eb8b429887b472bf4967cf88320 (2.4.67-rc1-candidate)
CVE-2026-32834 (Easy PayPal Events & Tickets plugin for WordPress version 1.3 and earl ...)
TODO: check
CVE-2026-31205 (Cross Site Scripting vulnerability in Pluck CMS before v.4.7.21dev all ...)
@@ -308,7 +326,10 @@ CVE-2026-2729 (The Forminator plugin for WordPress is vulnerable to authorizatio
CVE-2026-29514 (NetBox versions 4.3.5 through 4.5.4 contain a remote code execution vu ...)
TODO: check
CVE-2026-29169 (A NULL pointer dereference in mod_dav_lock in Apache HTTP Server 2.4.6 ...)
- TODO: check
+ - apache2 <unfixed>
+ NOTE: http://www.openwall.com/lists/oss-security/2026/05/04/20
+ NOTE: https://httpd.apache.org/security/vulnerabilities_24.html
+ NOTE: https://github.com/apache/httpd/commit/225dc070adba11040b774cf641e1d8bc79941643 (2.4.67-rc1-candidate)
CVE-2026-29004 (BusyBox before commit 42202bf contains a heap buffer overflow vulnerab ...)
TODO: check
CVE-2026-26956 (vm2 is an open source vm/sandbox for Node.js. In version 3.10.4, vm2 i ...)
@@ -330,9 +351,15 @@ CVE-2026-24118 (vm2 is an open source vm/sandbox for Node.js. Prior to version 3
CVE-2026-24082 (Memory Corruption when copying data from a freed source while executin ...)
NOT-FOR-US: Qualcomm
CVE-2026-24072 (An escalation of privilege bug in various modules in Apache HTTP 2.4.6 ...)
- TODO: check
+ - apache2 <unfixed>
+ NOTE: https://www.openwall.com/lists/oss-security/2026/05/04/18
+ NOTE: https://httpd.apache.org/security/vulnerabilities_24.html
+ NOTE: https://github.com/apache/httpd/commit/05e6c5086d6792b9105f88e1664b2614087f79d5 (2.4.67-rc1-candidate)
CVE-2026-23918 (Double Free and possible RCE vulnerability in Apache HTTP Server with ...)
- TODO: check
+ - apache2 <unfixed>
+ NOTE: https://www.openwall.com/lists/oss-security/2026/05/04/19
+ NOTE: https://httpd.apache.org/security/vulnerabilities_24.html
+ NOTE: https://github.com/apache/httpd/commit/e41e84e08e6186460e77a8357b5d5c571d33bd76 (2.4.67-rc1-candidate)
CVE-2026-1921 (The Loco Translate plugin for WordPress is vulnerable to Path Traversa ...)
NOT-FOR-US: WordPress plugin
CVE-2026-0073 (In adbd_tls_verify_cert of auth.cpp, there is a possible bypass of wir ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/10cd6b38ca6365c5bb421ac7ec32e34a0ebf64ad
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/10cd6b38ca6365c5bb421ac7ec32e34a0ebf64ad
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260505/dbed09a4/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list