pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/doc
Module Name: pkgsrc
Committed By: leot
Date: Sat Jan 3 21:29:14 UTC 2026
Modified Files:
pkgsrc/doc: pkg-vulnerabilities
Log Message:
pkg-vulnerabilities: add last 24-36 hours CVEs
+ cpp-httplib, gitea, gpsd, libtpms, messagelib,
wabt (not fixed)
To generate a diff of this commit:
cvs rdiff -u -r1.697 -r1.698 pkgsrc/doc/pkg-vulnerabilities
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/doc/pkg-vulnerabilities
diff -u pkgsrc/doc/pkg-vulnerabilities:1.697 pkgsrc/doc/pkg-vulnerabilities:1.698
--- pkgsrc/doc/pkg-vulnerabilities:1.697 Sat Jan 3 21:19:16 2026
+++ pkgsrc/doc/pkg-vulnerabilities Sat Jan 3 21:29:14 2026
@@ -1,30 +1,13 @@
-# $NetBSD: pkg-vulnerabilities,v 1.697 2026/01/03 21:19:16 leot Exp $
#
#FORMAT 1.0.0
#
-# Please read "Handling packages with security problems" in the pkgsrc
-# guide before editing this file.
#
-# Note: NEVER remove entries from this file; this should document *all*
-# known package vulnerabilities so it is entirely appropriate to have
-# multiple entries in this file for a single package, and to contain
-# entries for packages which have been removed from pkgsrc.
#
-# New entries should be added at the end of this file.
#
-# Please ask pkgsrc-security to update the copy on ftp.NetBSD.org after
-# making changes to this file.
#
-# The command to run for this update is "./pkg-vuln-update.sh", but it needs
-# access to the private GPG key for pkgsrc-security.
#
-# If you have comments/additions/corrections, please contact
-# pkgsrc-security%NetBSD.org@localhost.
#
-# Note: If this file format changes, please do not forget to update
-# pkgsrc/mk/scripts/genreadme.awk which also parses this file.
#
-# package type of exploit URL
cfengine<1.5.3nb3 remote-root-shell https://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2000-013.txt.asc
navigator<4.75 remote-user-access http://www.cert.org/advisories/CA-2000-15.html
navigator<4.74 remote-user-shell https://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2000-011.txt.asc
@@ -1020,7 +1003,6 @@ postgresql-lib<7.3.9 remote-code-executi
postgresql73-lib<7.3.9 remote-code-execution https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0245
postgresql74-lib<7.4.7 remote-code-execution https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0245
postgresql80-lib<8.0.1 remote-code-execution https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0245
-# intagg not installed
#postgresql73-lib-7.3.[0-9]* denial-of-service https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0246
#postgresql74-lib-7.4.[0-9]* denial-of-service https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0246
#postgresql80-lib-8.0.[0-9]* denial-of-service https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0246
@@ -3689,7 +3671,6 @@ gitweb<1.5.6.6 remote-system-access ht
gitweb<1.5.6.6 remote-system-access https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5517
ganglia-monitor-core<3.1.2 remote-system-access http://secunia.com/advisories/33506/
xdg-utils<1.1.0rc1 remote-system-access https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0386
-# N/A; see https://security-tracker.debian.org/tracker/CVE-2009-0068
#xdg-utils-[0-9]* remote-system-access https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0068
tnftpd<20081009 cross-site-scripting http://securityreason.com/achievement_securityalert/56
libmikmod<3.2.0 remote-denial-of-service http://secunia.com/advisories/33485/
@@ -12612,7 +12593,6 @@ tcpdump<4.9.2 heap-overflow https://nv
tcpdump<4.9.2 heap-overflow https://nvd.nist.gov/vuln/detail/CVE-2017-11542
tcpdump<4.9.2 buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2017-11543
exiv2<0.27 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2017-11553
-# in stills2dv, not libjpeg-turbo-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2017-9614
libid3tag-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2017-11550
libid3tag-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2017-11551
sox-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2017-11332
@@ -14859,7 +14839,6 @@ awstats-[0-9]* information-disclosure ht
binutils<2.31 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2018-8945
zabbix<3.4.1 man-in-the-middle https://nvd.nist.gov/vuln/detail/CVE-2017-2825
nasm<2.14 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2018-10254
-# reported against tiff, see https://gitlab.com/libtiff/libtiff/-/issues/128
jpeg<9d null-pointer-dereference https://nvd.nist.gov/vuln/detail/CVE-2018-10126
mupdf<1.14.0 infinite-loop https://nvd.nist.gov/vuln/detail/CVE-2018-10289
curl<7.52.0 buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2016-9586
@@ -18875,7 +18854,6 @@ opensc-[0-9]* arbitrary-file-write https
p5-File-Temp-[0-9]* symlink-attack https://nvd.nist.gov/vuln/detail/CVE-2011-4116
perl-[0-9]* symlink-attack https://nvd.nist.gov/vuln/detail/CVE-2011-4116
p5-Module-Metadata<1.000015 arbitrary-code-execution https://nvd.nist.gov/vuln/detail/CVE-2013-1437
-# Disputed: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=726578
#pwgen-[0-9]* weak-password-generator https://nvd.nist.gov/vuln/detail/CVE-2013-4441
py{26,27,33,34}-tornado<3.2.2 information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2014-9720
qt5-qtbase<5.15.0 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2015-9541
@@ -21286,9 +21264,7 @@ py{36,37,38,39}-django>=2.2<2.2.24 acces
py{36,37,38,39}-django>=3<3.2.4 access-bypass https://nvd.nist.gov/vuln/detail/CVE-2021-33571
rabbitmq<3.8.16 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2021-22116
wireshark<3.4.6 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2021-22222
-# rejected
#ansible-[0-9]* information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2021-3532
-# rejected
#ansible-[0-9]* information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2021-3533
apache>=2.4.6<2.4.48 authorization-bypass https://nvd.nist.gov/vuln/detail/CVE-2019-17567
apache>=2.4.41<2.4.48 null-pointer-dereference https://nvd.nist.gov/vuln/detail/CVE-2020-13950
@@ -21332,7 +21308,6 @@ firefox78<78.11 multiple-vulnerabilitie
mozjs78<78.11 multiple-vulnerabilities https://www.mozilla.org/en-US/security/advisories/mfsa2021-24/
tor-browser<10.0.17 multiple-vulnerabilities https://www.mozilla.org/en-US/security/advisories/mfsa2021-24/
thunderbird<78.11 multiple-vulnerabilities https://www.mozilla.org/en-US/security/advisories/mfsa2021-26/
-# rejected
#ImageMagick-[0-9]* memory-leak https://nvd.nist.gov/vuln/detail/CVE-2021-34183
ampache<4.4.3 code-injection https://nvd.nist.gov/vuln/detail/CVE-2021-32644
djvulibre-lib<3.5.29 out-of-bounds-write https://nvd.nist.gov/vuln/detail/CVE-2021-32490
@@ -21787,9 +21762,7 @@ mbedtls<2.24.0 sensitive-information-dis
mbedtls<2.25.0 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-36475
mit-krb5<1.18.5 null-pointer-dereference https://nvd.nist.gov/vuln/detail/CVE-2021-37750
ffmpeg4<4.4.1 buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2021-38171
-# not reproducible? https://github.com/Exiv2/exiv2/issues/759
#exiv2-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-18774
-# not reproducible? https://github.com/Exiv2/exiv2/issues/760
#exiv2-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-18773
exiv2<0.27.1 buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2020-18771
plib-[0-9]* integer-overflow https://nvd.nist.gov/vuln/detail/CVE-2021-38714
@@ -22842,7 +22815,6 @@ grafana<8.3.5 information-disclosure ht
htmldoc<1.9.15 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-0534
jenkins<2.334 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-0538
kate<21.12.2 arbitrary-code-execution https://nvd.nist.gov/vuln/detail/CVE-2022-23853
-# "can't be fixed" according to https://bugzilla.redhat.com/show_bug.cgi?id=2054686
#git-base-[0-9]* information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2022-24975
php{56,73,74,80,81}-concrete5<9.0 cross-site-request-forgery https://nvd.nist.gov/vuln/detail/CVE-2021-22954
php{56,73,74,80,81}-piwigo-[0-9]* cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2021-45357
@@ -23295,7 +23267,6 @@ php{56,73,74,80,81}-piwigo-[0-9]* sql-in
powerdns<4.4.3 security-bypass https://nvd.nist.gov/vuln/detail/CVE-2022-27227
powerdns-recursor<4.4.8 security-bypass https://nvd.nist.gov/vuln/detail/CVE-2022-27227
ruby{25,26,27,30,31}-nokogiri<1.13.4 xml-external-entity https://nvd.nist.gov/vuln/detail/CVE-2022-24836
-# affects ghostpcl, not part of standard ghostscript, see e.g. https://ubuntu.com/security/CVE-2022-1350
#ghostscript-agpl-[0-9]* memory-corruption https://nvd.nist.gov/vuln/detail/CVE-2022-1350
neomutt<20220415 buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2022-1328
php{56,73,74,80,81}-memcached<2.1.0 cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2022-26635
@@ -27237,7 +27208,6 @@ chromium<138.0.7204.168 heap-corruption
php{56,73,74,80,81,82,83,84}-xdebug-[0-9]* command-injection https://nvd.nist.gov/vuln/detail/CVE-2015-10141
apache<2.4.65 invalid-validation https://nvd.nist.gov/vuln/detail/CVE-2025-54090
py{27,39,310,311,312,313}-mezzanine<6.1.1 cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2025-50481
-# disputed because abuse of the commands network protocol is not a violation of the Redis Security Model
#redis-[0-9]* memory-corruption https://nvd.nist.gov/vuln/detail/CVE-2025-46686
thunderbird<140 multiple-vulnerabilities https://www.mozilla.org/en-US/security/advisories/mfsa2025-54/
thunderbird<128.12 multiple-vulnerabilities https://www.mozilla.org/security/advisories/mfsa2025-55/
@@ -27279,7 +27249,6 @@ openexr<3.3.3 heap-overflow https://n
openexr<3.3.3 null-pointer-dereference https://nvd.nist.gov/vuln/detail/CVE-2025-48073
openexr<3.3.3 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2025-48074
php{56,74,81,82,83,84}-piwigo<15.0.0 sql-injection https://nvd.nist.gov/vuln/detail/CVE-2024-43018
-# https://github.com/jpadilla/pyjwt/issues/1080
#py{27,39,310,311,312,313}-JWT-[0-9]* weak-encryption https://nvd.nist.gov/vuln/detail/CVE-2025-45768
qemu>=10.0.0 unspecified https://nvd.nist.gov/vuln/detail/CVE-2025-54566
qemu>=10.0.0 unspecified https://nvd.nist.gov/vuln/detail/CVE-2025-54567
@@ -27405,7 +27374,6 @@ postgresql-server>=15<15.14 code-injecti
postgresql-server>=16<16.10 code-injection https://nvd.nist.gov/vuln/detail/CVE-2025-8715
postgresql-server>=17<17.6 code-injection https://nvd.nist.gov/vuln/detail/CVE-2025-8715
proftpd<1.3.3d backdoor https://nvd.nist.gov/vuln/detail/CVE-2010-20103
-# disputed, this is how Python's import works
#py{27,39,310,311,312,313}-future-[0-9]* arbitrary-code-execution https://nvd.nist.gov/vuln/detail/CVE-2025-50817
py{27,39,310,311,312,313}-pdf<6.0.0 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2025-55197
retroarch<1.21.0 out-of-bounds-read https://nvd.nist.gov/vuln/detail/CVE-2025-9136
@@ -27562,7 +27530,6 @@ xenkernel418-[0-9]* race-condition htt
xenkernel420<4.20.2 null-pointer-dereference https://nvd.nist.gov/vuln/detail/CVE-2025-27466
xenkernel420<4.20.2 null-pointer-dereference https://nvd.nist.gov/vuln/detail/CVE-2025-58142
xenkernel420<4.20.2 race-condition https://nvd.nist.gov/vuln/detail/CVE-2025-58143
-# xenkernel for ARM, not packaged in pkgsrc
#xenkernel-[0-9]* null-pointer-dereference https://nvd.nist.gov/vuln/detail/CVE-2025-58144
#xenkernel-[0-9]* privilege-escalation https://nvd.nist.gov/vuln/detail/CVE-2025-58145
zabbix-server-{mysql,postgresql}>=7.0<7.0.14 information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2025-27238
@@ -27742,7 +27709,6 @@ ap24-auth-openidc<2.4.13.2 denial-of-ser
ap24-auth-openidc<2.4.15.2 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2024-24814
ap24-auth-openidc<2.4.16.11 information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2025-31492
ap24-auth-openidc<2.4.13.2 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2025-3891
-# disputed by upstream, see https://modsecurity.org/20241011/about-cve-2024-46292-2024-october/
#ap24-modsecurity-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2024-46292
ap24-modsecurity<2.9.9 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2025-47947
ffmpeg5<5.1.7 out-of-bounds-write https://nvd.nist.gov/vuln/detail/CVE-2025-59728
@@ -28121,7 +28087,6 @@ dav1d<1.2.0 denial-of-service https://nv
dav1d<1.4.0 integer-overflow https://nvd.nist.gov/vuln/detail/CVE-2024-1580
dbus<1.15.6 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2023-34969
dmidecode<3.5 arbitrary-file-write https://nvd.nist.gov/vuln/detail/CVE-2023-30630
-# not an issue in pkgsrc due how it is installed
#dnscrypt-proxy-[0-9]* privilege-escalation https://nvd.nist.gov/vuln/detail/CVE-2024-36587
dnsdist>=1.9.0<1.9.4 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2024-25581
dnsdist<1.9.10 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2025-30193
@@ -28395,13 +28360,8 @@ frr<10.1.2 invalid-validation https://nv
tiff<4.7.0 buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2023-3164
ganglia-webfrontend-[0-9]* cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2024-52762
ganglia-webfrontend-[0-9]* cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2024-52763
-# disputed by the GCC project as missed hardening bug, not a vulnerability
#gcc-[0-9]* security-bypass https://nvd.nist.gov/vuln/detail/CVE-2023-4039
-# not considered a vulnerability issue, --no-absolute-filenames option should
-# be used instead:
-# <https://lists.gnu.org/archive/html/bug-cpio/2024-03/msg00000.html>
#gcpio-[0-9]* symlink-attack https://nvd.nist.gov/vuln/detail/CVE-2023-7216
-# not reproducible, rejected by uptsream
#gdal-lib-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2025-29480
gdb<14.1 stack-overflow https://nvd.nist.gov/vuln/detail/CVE-2023-39128
gdb<14.0 use-after-free https://nvd.nist.gov/vuln/detail/CVE-2023-39129
@@ -28498,7 +28458,6 @@ zabbix-agent<6.0.18 code-injection https
gindent<2.2.14 heap-overflow https://nvd.nist.gov/vuln/detail/CVE-2023-40305
gindent<2.2.14 heap-overflow https://nvd.nist.gov/vuln/detail/CVE-2024-0911
git-base<2.6.1 sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2024-50338
-# disputed: https://lore.kernel.org/git/aQd_iisOrwX909Fr%fruit.crustytoothpaste.net@localhost/T/#t
#git-base-[0-9]* input-validation https://nvd.nist.gov/vuln/detail/CVE-2024-52005
git-base<2.26.1 sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2024-52006
git-lfs<3.6.1 sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2024-53263
@@ -28516,7 +28475,6 @@ glib2<2.82.5 integer-overflow https://nv
glib2<2.84.2 buffer-underflow https://nvd.nist.gov/vuln/detail/CVE-2025-4373
global<6.6.13 arbitrary-code-execution https://nvd.nist.gov/vuln/detail/CVE-2024-38448
glslang-[0-9]* null-pointer-dereference https://nvd.nist.gov/vuln/detail/CVE-2025-3010
-# disputed by upstream, considered a feature
#gnome-settings-daemon-[0-9]* unspecified https://nvd.nist.gov/vuln/detail/CVE-2024-38394
gnome-shell<44.5 security-bypass https://nvd.nist.gov/vuln/detail/CVE-2023-43090
gnome-shell<44.5 security-bypass https://nvd.nist.gov/vuln/detail/CVE-2023-50977
@@ -28697,7 +28655,6 @@ bitcoin<30.0 denial-of-service https://n
bitcoin<30.0 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2025-54605
consul<1.22.0 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2025-11374
consul<1.22.0 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2025-11375
-# Questionable, needs to change the configuration files, see <https://www.openwall.com/lists/oss-security/2025/10/27/1>
#dnsmasq-[0-9]* heap-overflow https://nvd.nist.gov/vuln/detail/CVE-2025-12198
#dnsmasq-[0-9]* null-pointer-dereference https://nvd.nist.gov/vuln/detail/CVE-2025-12199
#dnsmasq-[0-9]* null-pointer-dereference https://nvd.nist.gov/vuln/detail/CVE-2025-12200
@@ -28755,7 +28712,6 @@ moodle<5.0.3 improper-authentication h
moodle<5.0.3 brute-force https://nvd.nist.gov/vuln/detail/CVE-2025-62399
moodle<5.0.3 information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2025-62400
moodle<5.0.3 improper-authorization https://nvd.nist.gov/vuln/detail/CVE-2025-62401
-# Only alpha and beta releases affected, never packaged in pkgsrc
#openvpn>=2.7_alpha1<2.7_beta1 command-injection https://nvd.nist.gov/vuln/detail/CVE-2025-10680
py{27,39,310,311,312,313,314}-authlib<1.6.5 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2025-62706
py{27,39,310,311,312,313,314}-pdf<6.1.3 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2025-62707
@@ -28814,7 +28770,6 @@ gstreamer1<1.24.10 out-of-bounds-read ht
gstreamer1<1.24.10 out-of-bounds-read https://nvd.nist.gov/vuln/detail/CVE-2024-47778
gstreamer1<1.24.10 use-after-free https://nvd.nist.gov/vuln/detail/CVE-2024-47834
gstreamer1<1.24.10 null-pointer-dereference https://nvd.nist.gov/vuln/detail/CVE-2024-47835
-# Gstreamer Installer, not used by pkgsrc
#gstreamer1-[0-9]* privilege-escalation https://nvd.nist.gov/vuln/detail/CVE-2025-2759
gstreamer1<1.26.1 stack-overflow https://nvd.nist.gov/vuln/detail/CVE-2025-3887
gstreamer1<1.222.4 integer-overflow https://nvd.nist.gov/vuln/detail/CVE-2023-37327
@@ -28868,7 +28823,6 @@ chromium<140.0.7339.80 arbitrary-code-ex
chromium<140.0.7339.80 information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2025-12909
chromium<140.0.7339.80 sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2025-12910
chromium<140.0.7339.80 ui-spoofing https://nvd.nist.gov/vuln/detail/CVE-2025-12911
-# wolfssh not supported in pkgsrc
#curl<8.17.0 man-in-the-middle-attack https://nvd.nist.gov/vuln/detail/CVE-2025-10966
ffmpeg5<5.1.7 null-pointer-dereference https://nvd.nist.gov/vuln/detail/CVE-2025-7700
ffmpeg6<6.1.3 null-pointer-dereference https://nvd.nist.gov/vuln/detail/CVE-2025-7700
@@ -28999,7 +28953,6 @@ tinyproxy<1.11.3 integer-overflow https:
wireshark<4.6.1 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2025-13674
webkit-gtk<2.50.2 multiple-vulnerabilities https://webkitgtk.org/security/WSA-2025-0008.html
kissfft-[0-9]* heap-overflow https://nvd.nist.gov/vuln/detail/CVE-2025-34297
-# Only alpha, beta and rc1 affected
#openvpn>=2.7_alpha1<2.7rc2 out-of-bounds-read https://nvd.nist.gov/vuln/detail/CVE-2025-12106
python310-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2025-13836
python311-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2025-13836
@@ -29219,3 +29172,11 @@ sox-[0-9]* floating-point-exception http
lua51-[0-9]* eol https://ftp.NetBSD.org/pub/NetBSD/packages/vulns/eol-packages
lua52-[0-9]* eol https://ftp.NetBSD.org/pub/NetBSD/packages/vulns/eol-packages
lua53-[0-9]* eol https://ftp.NetBSD.org/pub/NetBSD/packages/vulns/eol-packages
+cpp-httplib<0.30.0 server-side-request-forgery https://nvd.nist.gov/vuln/detail/CVE-2026-21428
+gitea<1.25.2 timing-side-channel https://nvd.nist.gov/vuln/detail/CVE-2025-69413
+gpsd<3.27.1 out-of-bounds-write https://nvd.nist.gov/vuln/detail/CVE-2025-67268
+gpsd<3.27.1 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2025-67269
+libtpms<0.10.2 insufficiently-random-numbers https://nvd.nist.gov/vuln/detail/CVE-2026-21444
+messagelib<25.11.90 improper-certificate-validation https://nvd.nist.gov/vuln/detail/CVE-2025-69412
+wabt-[0-9]* memory-corruption https://nvd.nist.gov/vuln/detail/CVE-2025-15411
+wabt-[0-9]* out-of-bounds-read https://nvd.nist.gov/vuln/detail/CVE-2025-15412
Home |
Main Index |
Thread Index |
Old Index