[Git][security-tracker-team/security-tracker][master] Add some mongoose CVEs affecting swupdate

Bastian Germann (@bage) bage at debian.org
Mon May 11 17:28:27 BST 2026 


Bastian Germann pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9ce3517c by Bastian Germann at 2026-05-11T18:27:58+02:00
Add some mongoose CVEs affecting swupdate

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9192,8 +9192,10 @@ CVE-2026-6987 (A vulnerability was detected in PicoClaw up to 0.2.4. Impacted is
 	NOT-FOR-US: PicoClaw
 CVE-2026-6986 (A security vulnerability has been detected in Cesanta Mongoose up to 7 ...)
 	- mongoose <not-affected> (Fixed before or with initial upload)
+	- swupdate 2025.12+dfsg-10
 CVE-2026-6985 (A weakness has been identified in Cesanta Mongoose up to 7.20. This vu ...)
 	- mongoose <not-affected> (Fixed before or with initial upload)
+	- swupdate 2025.12+dfsg-10
 CVE-2026-6984 (A security flaw has been discovered in AstrBotDevs AstrBot up to 4.22. ...)
 	NOT-FOR-US: AstrBotDevs AstrBot
 CVE-2026-6983 (A vulnerability was identified in pagekit up to 1.0.18. Affected by th ...)
@@ -22173,10 +22175,13 @@ CVE-2026-5326 (A vulnerability was identified in SourceCodester Leave Applicatio
 	NOT-FOR-US: SourceCodester
 CVE-2026-5246 (A vulnerability was determined in Cesanta Mongoose up to 7.20. Affecte ...)
 	- mongoose <not-affected> (Fixed before or with initial upload)
+	- swupdate 2025.12+dfsg-10
 CVE-2026-5245 (A vulnerability was found in Cesanta Mongoose up to 7.20. This impacts ...)
 	- mongoose <not-affected> (Fixed before or with initial upload)
+	- swupdate 2025.12+dfsg-10
 CVE-2026-5244 (A vulnerability has been found in Cesanta Mongoose up to 7.20. This af ...)
 	- mongoose <not-affected> (Fixed before or with initial upload)
+	- swupdate 2025.12+dfsg-10
 CVE-2026-5032 (The W3 Total Cache plugin for WordPress is vulnerable to information e ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-4636 (A flaw was found in Keycloak. An authenticated user with the uma_prote ...)
@@ -41995,10 +42000,13 @@ CVE-2026-2969 (A flaw has been found in datapizza-labs datapizza-ai 0.0.2. Affec
 	NOT-FOR-US: datapizza-labs datapizza-ai
 CVE-2026-2968 (A vulnerability was detected in Cesanta Mongoose up to 7.20. This impa ...)
 	- mongoose <not-affected> (Fixed before or with initial upload, also see bug #1135115)
+	- swupdate 2025.12+dfsg-10
 CVE-2026-2967 (A security vulnerability has been detected in Cesanta Mongoose up to 7 ...)
 	- mongoose <not-affected> (Fixed before or with initial upload, also see bug #1135115)
+	- swupdate 2025.12+dfsg-10
 CVE-2026-2966 (A weakness has been identified in Cesanta Mongoose up to 7.20. The imp ...)
 	- mongoose <not-affected> (Fixed before or with initial upload, also see bug #1135115)
+	- swupdate 2025.12+dfsg-10
 CVE-2026-2965 (A security flaw has been discovered in 07FLYCMS, 07FLY-CMS and 07FlyCR ...)
 	NOT-FOR-US: 07FLYCMS, 07FLY-CMS and 07FlyCRM
 CVE-2026-2964 (A vulnerability was identified in higuma web-audio-recorder-js 0.1/0.1 ...)
@@ -98937,6 +98945,7 @@ CVE-2025-55795 (The openml/openml.org web application version v2.0.20241110 uses
 	NOT-FOR-US: openml/openml.org web application
 CVE-2025-51495 (An integer overflow vulnerability exists in the WebSocket component of ...)
 	- mongoose <not-affected> (Fixed before or with initial upload)
+	- swupdate 2025.12+dfsg-1
 	NOTE: https://github.com/cesanta/mongoose/pull/3131
 	NOTE: https://github.com/cesanta/mongoose/commit/cdc439bc38570048541b2ac6b9c326da87bf4a0a (7.18)
 CVE-2025-43400 (An out-of-bounds write issue was addressed with improved bounds checki ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9ce3517c0cbe98342059922c360625a0012420c2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9ce3517c0cbe98342059922c360625a0012420c2
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260511/6b1b31fd/attachment.htm>

More information about the debian-security-tracker-commits mailing list