pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/doc
Module Name: pkgsrc
Committed By: leot
Date: Sat Jan 3 21:36:23 UTC 2026
Modified Files:
pkgsrc/doc: pkg-vulnerabilities
Log Message:
pkg-vulnerabilities: revert to r1.697
Revert to 1.697 in order to readd all comments that were accidentally removed as
port of commit r1.698.
To generate a diff of this commit:
cvs rdiff -u -r1.698 -r1.699 pkgsrc/doc/pkg-vulnerabilities
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/doc/pkg-vulnerabilities
diff -u pkgsrc/doc/pkg-vulnerabilities:1.698 pkgsrc/doc/pkg-vulnerabilities:1.699
--- pkgsrc/doc/pkg-vulnerabilities:1.698 Sat Jan 3 21:29:14 2026
+++ pkgsrc/doc/pkg-vulnerabilities Sat Jan 3 21:36:23 2026
@@ -1,13 +1,30 @@
+# $NetBSD: pkg-vulnerabilities,v 1.699 2026/01/03 21:36:23 leot Exp $
#
#FORMAT 1.0.0
#
+# Please read "Handling packages with security problems" in the pkgsrc
+# guide before editing this file.
#
+# Note: NEVER remove entries from this file; this should document *all*
+# known package vulnerabilities so it is entirely appropriate to have
+# multiple entries in this file for a single package, and to contain
+# entries for packages which have been removed from pkgsrc.
#
+# New entries should be added at the end of this file.
#
+# Please ask pkgsrc-security to update the copy on ftp.NetBSD.org after
+# making changes to this file.
#
+# The command to run for this update is "./pkg-vuln-update.sh", but it needs
+# access to the private GPG key for pkgsrc-security.
#
+# If you have comments/additions/corrections, please contact
+# pkgsrc-security%NetBSD.org@localhost.
#
+# Note: If this file format changes, please do not forget to update
+# pkgsrc/mk/scripts/genreadme.awk which also parses this file.
#
+# package type of exploit URL
cfengine<1.5.3nb3 remote-root-shell https://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2000-013.txt.asc
navigator<4.75 remote-user-access http://www.cert.org/advisories/CA-2000-15.html
navigator<4.74 remote-user-shell https://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2000-011.txt.asc
@@ -1003,6 +1020,7 @@ postgresql-lib<7.3.9 remote-code-executi
postgresql73-lib<7.3.9 remote-code-execution https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0245
postgresql74-lib<7.4.7 remote-code-execution https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0245
postgresql80-lib<8.0.1 remote-code-execution https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0245
+# intagg not installed
#postgresql73-lib-7.3.[0-9]* denial-of-service https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0246
#postgresql74-lib-7.4.[0-9]* denial-of-service https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0246
#postgresql80-lib-8.0.[0-9]* denial-of-service https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0246
@@ -3671,6 +3689,7 @@ gitweb<1.5.6.6 remote-system-access ht
gitweb<1.5.6.6 remote-system-access https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5517
ganglia-monitor-core<3.1.2 remote-system-access http://secunia.com/advisories/33506/
xdg-utils<1.1.0rc1 remote-system-access https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0386
+# N/A; see https://security-tracker.debian.org/tracker/CVE-2009-0068
#xdg-utils-[0-9]* remote-system-access https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0068
tnftpd<20081009 cross-site-scripting http://securityreason.com/achievement_securityalert/56
libmikmod<3.2.0 remote-denial-of-service http://secunia.com/advisories/33485/
@@ -12593,6 +12612,7 @@ tcpdump<4.9.2 heap-overflow https://nv
tcpdump<4.9.2 heap-overflow https://nvd.nist.gov/vuln/detail/CVE-2017-11542
tcpdump<4.9.2 buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2017-11543
exiv2<0.27 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2017-11553
+# in stills2dv, not libjpeg-turbo-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2017-9614
libid3tag-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2017-11550
libid3tag-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2017-11551
sox-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2017-11332
@@ -14839,6 +14859,7 @@ awstats-[0-9]* information-disclosure ht
binutils<2.31 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2018-8945
zabbix<3.4.1 man-in-the-middle https://nvd.nist.gov/vuln/detail/CVE-2017-2825
nasm<2.14 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2018-10254
+# reported against tiff, see https://gitlab.com/libtiff/libtiff/-/issues/128
jpeg<9d null-pointer-dereference https://nvd.nist.gov/vuln/detail/CVE-2018-10126
mupdf<1.14.0 infinite-loop https://nvd.nist.gov/vuln/detail/CVE-2018-10289
curl<7.52.0 buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2016-9586
@@ -18854,6 +18875,7 @@ opensc-[0-9]* arbitrary-file-write https
p5-File-Temp-[0-9]* symlink-attack https://nvd.nist.gov/vuln/detail/CVE-2011-4116
perl-[0-9]* symlink-attack https://nvd.nist.gov/vuln/detail/CVE-2011-4116
p5-Module-Metadata<1.000015 arbitrary-code-execution https://nvd.nist.gov/vuln/detail/CVE-2013-1437
+# Disputed: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=726578
#pwgen-[0-9]* weak-password-generator https://nvd.nist.gov/vuln/detail/CVE-2013-4441
py{26,27,33,34}-tornado<3.2.2 information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2014-9720
qt5-qtbase<5.15.0 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2015-9541
@@ -21264,7 +21286,9 @@ py{36,37,38,39}-django>=2.2<2.2.24 acces
py{36,37,38,39}-django>=3<3.2.4 access-bypass https://nvd.nist.gov/vuln/detail/CVE-2021-33571
rabbitmq<3.8.16 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2021-22116
wireshark<3.4.6 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2021-22222
+# rejected
#ansible-[0-9]* information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2021-3532
+# rejected
#ansible-[0-9]* information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2021-3533
apache>=2.4.6<2.4.48 authorization-bypass https://nvd.nist.gov/vuln/detail/CVE-2019-17567
apache>=2.4.41<2.4.48 null-pointer-dereference https://nvd.nist.gov/vuln/detail/CVE-2020-13950
@@ -21308,6 +21332,7 @@ firefox78<78.11 multiple-vulnerabilitie
mozjs78<78.11 multiple-vulnerabilities https://www.mozilla.org/en-US/security/advisories/mfsa2021-24/
tor-browser<10.0.17 multiple-vulnerabilities https://www.mozilla.org/en-US/security/advisories/mfsa2021-24/
thunderbird<78.11 multiple-vulnerabilities https://www.mozilla.org/en-US/security/advisories/mfsa2021-26/
+# rejected
#ImageMagick-[0-9]* memory-leak https://nvd.nist.gov/vuln/detail/CVE-2021-34183
ampache<4.4.3 code-injection https://nvd.nist.gov/vuln/detail/CVE-2021-32644
djvulibre-lib<3.5.29 out-of-bounds-write https://nvd.nist.gov/vuln/detail/CVE-2021-32490
@@ -21762,7 +21787,9 @@ mbedtls<2.24.0 sensitive-information-dis
mbedtls<2.25.0 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-36475
mit-krb5<1.18.5 null-pointer-dereference https://nvd.nist.gov/vuln/detail/CVE-2021-37750
ffmpeg4<4.4.1 buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2021-38171
+# not reproducible? https://github.com/Exiv2/exiv2/issues/759
#exiv2-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-18774
+# not reproducible? https://github.com/Exiv2/exiv2/issues/760
#exiv2-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-18773
exiv2<0.27.1 buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2020-18771
plib-[0-9]* integer-overflow https://nvd.nist.gov/vuln/detail/CVE-2021-38714
@@ -22815,6 +22842,7 @@ grafana<8.3.5 information-disclosure ht
htmldoc<1.9.15 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-0534
jenkins<2.334 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-0538
kate<21.12.2 arbitrary-code-execution https://nvd.nist.gov/vuln/detail/CVE-2022-23853
+# "can't be fixed" according to https://bugzilla.redhat.com/show_bug.cgi?id=2054686
#git-base-[0-9]* information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2022-24975
php{56,73,74,80,81}-concrete5<9.0 cross-site-request-forgery https://nvd.nist.gov/vuln/detail/CVE-2021-22954
php{56,73,74,80,81}-piwigo-[0-9]* cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2021-45357
@@ -23267,6 +23295,7 @@ php{56,73,74,80,81}-piwigo-[0-9]* sql-in
powerdns<4.4.3 security-bypass https://nvd.nist.gov/vuln/detail/CVE-2022-27227
powerdns-recursor<4.4.8 security-bypass https://nvd.nist.gov/vuln/detail/CVE-2022-27227
ruby{25,26,27,30,31}-nokogiri<1.13.4 xml-external-entity https://nvd.nist.gov/vuln/detail/CVE-2022-24836
+# affects ghostpcl, not part of standard ghostscript, see e.g. https://ubuntu.com/security/CVE-2022-1350
#ghostscript-agpl-[0-9]* memory-corruption https://nvd.nist.gov/vuln/detail/CVE-2022-1350
neomutt<20220415 buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2022-1328
php{56,73,74,80,81}-memcached<2.1.0 cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2022-26635
@@ -27208,6 +27237,7 @@ chromium<138.0.7204.168 heap-corruption
php{56,73,74,80,81,82,83,84}-xdebug-[0-9]* command-injection https://nvd.nist.gov/vuln/detail/CVE-2015-10141
apache<2.4.65 invalid-validation https://nvd.nist.gov/vuln/detail/CVE-2025-54090
py{27,39,310,311,312,313}-mezzanine<6.1.1 cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2025-50481
+# disputed because abuse of the commands network protocol is not a violation of the Redis Security Model
#redis-[0-9]* memory-corruption https://nvd.nist.gov/vuln/detail/CVE-2025-46686
thunderbird<140 multiple-vulnerabilities https://www.mozilla.org/en-US/security/advisories/mfsa2025-54/
thunderbird<128.12 multiple-vulnerabilities https://www.mozilla.org/security/advisories/mfsa2025-55/
@@ -27249,6 +27279,7 @@ openexr<3.3.3 heap-overflow https://n
openexr<3.3.3 null-pointer-dereference https://nvd.nist.gov/vuln/detail/CVE-2025-48073
openexr<3.3.3 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2025-48074
php{56,74,81,82,83,84}-piwigo<15.0.0 sql-injection https://nvd.nist.gov/vuln/detail/CVE-2024-43018
+# https://github.com/jpadilla/pyjwt/issues/1080
#py{27,39,310,311,312,313}-JWT-[0-9]* weak-encryption https://nvd.nist.gov/vuln/detail/CVE-2025-45768
qemu>=10.0.0 unspecified https://nvd.nist.gov/vuln/detail/CVE-2025-54566
qemu>=10.0.0 unspecified https://nvd.nist.gov/vuln/detail/CVE-2025-54567
@@ -27374,6 +27405,7 @@ postgresql-server>=15<15.14 code-injecti
postgresql-server>=16<16.10 code-injection https://nvd.nist.gov/vuln/detail/CVE-2025-8715
postgresql-server>=17<17.6 code-injection https://nvd.nist.gov/vuln/detail/CVE-2025-8715
proftpd<1.3.3d backdoor https://nvd.nist.gov/vuln/detail/CVE-2010-20103
+# disputed, this is how Python's import works
#py{27,39,310,311,312,313}-future-[0-9]* arbitrary-code-execution https://nvd.nist.gov/vuln/detail/CVE-2025-50817
py{27,39,310,311,312,313}-pdf<6.0.0 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2025-55197
retroarch<1.21.0 out-of-bounds-read https://nvd.nist.gov/vuln/detail/CVE-2025-9136
@@ -27530,6 +27562,7 @@ xenkernel418-[0-9]* race-condition htt
xenkernel420<4.20.2 null-pointer-dereference https://nvd.nist.gov/vuln/detail/CVE-2025-27466
xenkernel420<4.20.2 null-pointer-dereference https://nvd.nist.gov/vuln/detail/CVE-2025-58142
xenkernel420<4.20.2 race-condition https://nvd.nist.gov/vuln/detail/CVE-2025-58143
+# xenkernel for ARM, not packaged in pkgsrc
#xenkernel-[0-9]* null-pointer-dereference https://nvd.nist.gov/vuln/detail/CVE-2025-58144
#xenkernel-[0-9]* privilege-escalation https://nvd.nist.gov/vuln/detail/CVE-2025-58145
zabbix-server-{mysql,postgresql}>=7.0<7.0.14 information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2025-27238
@@ -27709,6 +27742,7 @@ ap24-auth-openidc<2.4.13.2 denial-of-ser
ap24-auth-openidc<2.4.15.2 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2024-24814
ap24-auth-openidc<2.4.16.11 information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2025-31492
ap24-auth-openidc<2.4.13.2 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2025-3891
+# disputed by upstream, see https://modsecurity.org/20241011/about-cve-2024-46292-2024-october/
#ap24-modsecurity-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2024-46292
ap24-modsecurity<2.9.9 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2025-47947
ffmpeg5<5.1.7 out-of-bounds-write https://nvd.nist.gov/vuln/detail/CVE-2025-59728
@@ -28087,6 +28121,7 @@ dav1d<1.2.0 denial-of-service https://nv
dav1d<1.4.0 integer-overflow https://nvd.nist.gov/vuln/detail/CVE-2024-1580
dbus<1.15.6 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2023-34969
dmidecode<3.5 arbitrary-file-write https://nvd.nist.gov/vuln/detail/CVE-2023-30630
+# not an issue in pkgsrc due how it is installed
#dnscrypt-proxy-[0-9]* privilege-escalation https://nvd.nist.gov/vuln/detail/CVE-2024-36587
dnsdist>=1.9.0<1.9.4 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2024-25581
dnsdist<1.9.10 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2025-30193
@@ -28360,8 +28395,13 @@ frr<10.1.2 invalid-validation https://nv
tiff<4.7.0 buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2023-3164
ganglia-webfrontend-[0-9]* cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2024-52762
ganglia-webfrontend-[0-9]* cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2024-52763
+# disputed by the GCC project as missed hardening bug, not a vulnerability
#gcc-[0-9]* security-bypass https://nvd.nist.gov/vuln/detail/CVE-2023-4039
+# not considered a vulnerability issue, --no-absolute-filenames option should
+# be used instead:
+# <https://lists.gnu.org/archive/html/bug-cpio/2024-03/msg00000.html>
#gcpio-[0-9]* symlink-attack https://nvd.nist.gov/vuln/detail/CVE-2023-7216
+# not reproducible, rejected by uptsream
#gdal-lib-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2025-29480
gdb<14.1 stack-overflow https://nvd.nist.gov/vuln/detail/CVE-2023-39128
gdb<14.0 use-after-free https://nvd.nist.gov/vuln/detail/CVE-2023-39129
@@ -28458,6 +28498,7 @@ zabbix-agent<6.0.18 code-injection https
gindent<2.2.14 heap-overflow https://nvd.nist.gov/vuln/detail/CVE-2023-40305
gindent<2.2.14 heap-overflow https://nvd.nist.gov/vuln/detail/CVE-2024-0911
git-base<2.6.1 sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2024-50338
+# disputed: https://lore.kernel.org/git/aQd_iisOrwX909Fr%fruit.crustytoothpaste.net@localhost/T/#t
#git-base-[0-9]* input-validation https://nvd.nist.gov/vuln/detail/CVE-2024-52005
git-base<2.26.1 sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2024-52006
git-lfs<3.6.1 sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2024-53263
@@ -28475,6 +28516,7 @@ glib2<2.82.5 integer-overflow https://nv
glib2<2.84.2 buffer-underflow https://nvd.nist.gov/vuln/detail/CVE-2025-4373
global<6.6.13 arbitrary-code-execution https://nvd.nist.gov/vuln/detail/CVE-2024-38448
glslang-[0-9]* null-pointer-dereference https://nvd.nist.gov/vuln/detail/CVE-2025-3010
+# disputed by upstream, considered a feature
#gnome-settings-daemon-[0-9]* unspecified https://nvd.nist.gov/vuln/detail/CVE-2024-38394
gnome-shell<44.5 security-bypass https://nvd.nist.gov/vuln/detail/CVE-2023-43090
gnome-shell<44.5 security-bypass https://nvd.nist.gov/vuln/detail/CVE-2023-50977
@@ -28655,6 +28697,7 @@ bitcoin<30.0 denial-of-service https://n
bitcoin<30.0 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2025-54605
consul<1.22.0 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2025-11374
consul<1.22.0 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2025-11375
+# Questionable, needs to change the configuration files, see <https://www.openwall.com/lists/oss-security/2025/10/27/1>
#dnsmasq-[0-9]* heap-overflow https://nvd.nist.gov/vuln/detail/CVE-2025-12198
#dnsmasq-[0-9]* null-pointer-dereference https://nvd.nist.gov/vuln/detail/CVE-2025-12199
#dnsmasq-[0-9]* null-pointer-dereference https://nvd.nist.gov/vuln/detail/CVE-2025-12200
@@ -28712,6 +28755,7 @@ moodle<5.0.3 improper-authentication h
moodle<5.0.3 brute-force https://nvd.nist.gov/vuln/detail/CVE-2025-62399
moodle<5.0.3 information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2025-62400
moodle<5.0.3 improper-authorization https://nvd.nist.gov/vuln/detail/CVE-2025-62401
+# Only alpha and beta releases affected, never packaged in pkgsrc
#openvpn>=2.7_alpha1<2.7_beta1 command-injection https://nvd.nist.gov/vuln/detail/CVE-2025-10680
py{27,39,310,311,312,313,314}-authlib<1.6.5 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2025-62706
py{27,39,310,311,312,313,314}-pdf<6.1.3 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2025-62707
@@ -28770,6 +28814,7 @@ gstreamer1<1.24.10 out-of-bounds-read ht
gstreamer1<1.24.10 out-of-bounds-read https://nvd.nist.gov/vuln/detail/CVE-2024-47778
gstreamer1<1.24.10 use-after-free https://nvd.nist.gov/vuln/detail/CVE-2024-47834
gstreamer1<1.24.10 null-pointer-dereference https://nvd.nist.gov/vuln/detail/CVE-2024-47835
+# Gstreamer Installer, not used by pkgsrc
#gstreamer1-[0-9]* privilege-escalation https://nvd.nist.gov/vuln/detail/CVE-2025-2759
gstreamer1<1.26.1 stack-overflow https://nvd.nist.gov/vuln/detail/CVE-2025-3887
gstreamer1<1.222.4 integer-overflow https://nvd.nist.gov/vuln/detail/CVE-2023-37327
@@ -28823,6 +28868,7 @@ chromium<140.0.7339.80 arbitrary-code-ex
chromium<140.0.7339.80 information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2025-12909
chromium<140.0.7339.80 sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2025-12910
chromium<140.0.7339.80 ui-spoofing https://nvd.nist.gov/vuln/detail/CVE-2025-12911
+# wolfssh not supported in pkgsrc
#curl<8.17.0 man-in-the-middle-attack https://nvd.nist.gov/vuln/detail/CVE-2025-10966
ffmpeg5<5.1.7 null-pointer-dereference https://nvd.nist.gov/vuln/detail/CVE-2025-7700
ffmpeg6<6.1.3 null-pointer-dereference https://nvd.nist.gov/vuln/detail/CVE-2025-7700
@@ -28953,6 +28999,7 @@ tinyproxy<1.11.3 integer-overflow https:
wireshark<4.6.1 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2025-13674
webkit-gtk<2.50.2 multiple-vulnerabilities https://webkitgtk.org/security/WSA-2025-0008.html
kissfft-[0-9]* heap-overflow https://nvd.nist.gov/vuln/detail/CVE-2025-34297
+# Only alpha, beta and rc1 affected
#openvpn>=2.7_alpha1<2.7rc2 out-of-bounds-read https://nvd.nist.gov/vuln/detail/CVE-2025-12106
python310-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2025-13836
python311-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2025-13836
@@ -29172,11 +29219,3 @@ sox-[0-9]* floating-point-exception http
lua51-[0-9]* eol https://ftp.NetBSD.org/pub/NetBSD/packages/vulns/eol-packages
lua52-[0-9]* eol https://ftp.NetBSD.org/pub/NetBSD/packages/vulns/eol-packages
lua53-[0-9]* eol https://ftp.NetBSD.org/pub/NetBSD/packages/vulns/eol-packages
-cpp-httplib<0.30.0 server-side-request-forgery https://nvd.nist.gov/vuln/detail/CVE-2026-21428
-gitea<1.25.2 timing-side-channel https://nvd.nist.gov/vuln/detail/CVE-2025-69413
-gpsd<3.27.1 out-of-bounds-write https://nvd.nist.gov/vuln/detail/CVE-2025-67268
-gpsd<3.27.1 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2025-67269
-libtpms<0.10.2 insufficiently-random-numbers https://nvd.nist.gov/vuln/detail/CVE-2026-21444
-messagelib<25.11.90 improper-certificate-validation https://nvd.nist.gov/vuln/detail/CVE-2025-69412
-wabt-[0-9]* memory-corruption https://nvd.nist.gov/vuln/detail/CVE-2025-15411
-wabt-[0-9]* out-of-bounds-read https://nvd.nist.gov/vuln/detail/CVE-2025-15412
Home |
Main Index |
Thread Index |
Old Index