Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
27917020 by security tracker role at 2025-01-28T20:12:06+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,89 @@
+CVE-2025-24800 (Hyperbridge is a hyper-scalable coprocessor for verifiable,
cross-chai ...)
+ TODO: check
+CVE-2025-24480 (A Remote Code Execution Vulnerability exists in the product
and versio ...)
+ TODO: check
+CVE-2025-24479 (A Local Code Execution Vulnerability exists in the product and
version ...)
+ TODO: check
+CVE-2025-24478 (A denial-of-service vulnerability exists in the affected
products. The ...)
+ TODO: check
+CVE-2025-23385 (In JetBrains ReSharper before 2024.3.4, 2024.2.8, and
2024.1.7, Rider ...)
+ TODO: check
+CVE-2025-23213 (Tandoor Recipes is an application for managing recipes,
planning meals ...)
+ TODO: check
+CVE-2025-23212 (Tandoor Recipes is an application for managing recipes,
planning meals ...)
+ TODO: check
+CVE-2025-23211 (Tandoor Recipes is an application for managing recipes,
planning meals ...)
+ TODO: check
+CVE-2025-23057 (A vulnerability in the web management interface of HPE Aruba
Networkin ...)
+ TODO: check
+CVE-2025-23056 (A vulnerability in the web management interface of HPE Aruba
Networkin ...)
+ TODO: check
+CVE-2025-23055 (A vulnerability in the web management interface of HPE Aruba
Networkin ...)
+ TODO: check
+CVE-2025-23054 (A vulnerability in the web-based management interface of HPE
Aruba Net ...)
+ TODO: check
+CVE-2025-23053 (A privilege escalation vulnerability exists in the web-based
managemen ...)
+ TODO: check
+CVE-2025-23045 (Computer Vision Annotation Tool (CVAT) is an interactive video
and ima ...)
+ TODO: check
+CVE-2025-22217 (Avi Load Balancer contains an unauthenticated blind SQL
Injection vuln ...)
+ TODO: check
+CVE-2025-0784 (A vulnerability has been found in Intelbras InControl up to
2.21.58 an ...)
+ TODO: check
+CVE-2025-0783 (A vulnerability, which was classified as problematic, was found
in pan ...)
+ TODO: check
+CVE-2025-0659 (A path traversal vulnerability exists in the Rockwell
Automation DataE ...)
+ TODO: check
+CVE-2025-0631 (A Credential Exposure Vulnerability exists in the
above-mentioned prod ...)
+ TODO: check
+CVE-2025-0432 (EWON Flexy 202 transmits user credentials in clear text with no
encryp ...)
+ TODO: check
+CVE-2025-0290 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
+ TODO: check
+CVE-2025-0065 (Improper Neutralization of Argument Delimiters in the
TeamViewer_servi ...)
+ TODO: check
+CVE-2024-8401 (CWE-79: Improper Neutralization of Input During Web Page
Generation (\ ...)
+ TODO: check
+CVE-2024-7881 (An unprivileged context can trigger a data memory-dependent
prefetch e ...)
+ TODO: check
+CVE-2024-6351 (A malformed packet can cause a buffer overflow in the NWK/APS
layer of ...)
+ TODO: check
+CVE-2024-40677 (In shouldSkipForInitialSUW of AdvancedPowerUsageDetail.java,
there is ...)
+ TODO: check
+CVE-2024-40676 (In checkKeyIntent of AccountManagerService.java, there is a
possible w ...)
+ TODO: check
+CVE-2024-40675 (In parseUriInternal of Intent.java, there is a possible
infinite loop ...)
+ TODO: check
+CVE-2024-40674 (In validateSsid of WifiConfigurationUtil.java, there is a
possible way ...)
+ TODO: check
+CVE-2024-40673 (In Source of ZipFile.java, there is a possible way for an
attacker to ...)
+ TODO: check
+CVE-2024-40672 (In onCreate of ChooserActivity.java, there is a possible way
to bypass ...)
+ TODO: check
+CVE-2024-40670 (In TBD of TBD, there is a possible use after free due to a
race condit ...)
+ TODO: check
+CVE-2024-40669 (In TBD of TBD, there is a possible use after free due to a
race condit ...)
+ TODO: check
+CVE-2024-40651 (In TBD of TBD, there is a possible use-after-free due to a
logic error ...)
+ TODO: check
+CVE-2024-40649 (In TBD of TBD, there is a possible use-after-free due to a
logic error ...)
+ TODO: check
+CVE-2024-34748 (In _DevmemXReservationPageAddress of devicemem_server.c, there
is a po ...)
+ TODO: check
+CVE-2024-34733 (In DevmemXIntMapPages of devicemem_server.c, there is a
possible arbit ...)
+ TODO: check
+CVE-2024-34732 (In RGXMMUCacheInvalidate of rgxmem.c, there is a possible
arbitrary co ...)
+ TODO: check
+CVE-2024-23953 (Use of Arrays.equals() in LlapSignerImpl inApache Hive to
compare mess ...)
+ TODO: check
+CVE-2024-13527 (The Philantro \u2013 Donations and Donor Management plugin for
WordPre ...)
+ TODO: check
+CVE-2024-13484 (A flaw was found in ArgoCD. The
openshift.io/cluster-monitoring label ...)
+ TODO: check
+CVE-2024-11956 (A vulnerability, which was classified as critical, has been
found in P ...)
+ TODO: check
+CVE-2024-11954 (A vulnerability classified as problematic was found in Pimcore
11.4.2. ...)
+ TODO: check
CVE-2025-24810 (Cross-site scripting vulnerability exists in Simple Image
Sizes 3.2.3 ...)
NOT-FOR-US: WordPress plugin
CVE-2025-24369 (Anubis is a tool that allows administrators to protect bots
against AI ...)
@@ -258,13 +344,13 @@ CVE-2024-0135 (NVIDIA Container Toolkit contains an
improper isolation vulnerabi
NOT-FOR-US: NVIDIA Container Toolkit
CVE-2023-50316 (IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and
6.2.0.0 throug ...)
NOT-FOR-US: IBM
-CVE-2025-0754
+CVE-2025-0754 (The vulnerability was found in OpenShift Service Mesh 2.6.3 and
2.5.6. ...)
- envoyproxy <itp> (bug #987544)
-CVE-2025-0752
+CVE-2025-0752 (A flaw was found in OpenShift Service Mesh 2.6.3 and 2.5.6.
Rate-limit ...)
- envoyproxy <itp> (bug #987544)
-CVE-2025-0750
+CVE-2025-0750 (A vulnerability was found in CRI-O. A path traversal issue in
the log ...)
- cri-o <itp> (bug #979702)
-CVE-2025-0736
+CVE-2025-0736 (A flaw was found in Infinispan, when using JGroups with
JDBC_PING. Thi ...)
NOT-FOR-US: Infinispan
CVE-2025-24783 (** UNSUPPORTED WHEN ASSIGNED ** Incorrect Usage of Seeds in
Pseudo-Ran ...)
NOT-FOR-US: Apache Cocoon
@@ -555,7 +641,7 @@ CVE-2024-12280 (The WP Customer Area WordPress plugin
through 8.2.4 does not hav
NOT-FOR-US: WordPress plugin
CVE-2023-46187 (IBM InfoSphere Master Data Management 11.6, 12.0, and 14.0 is
vulnerab ...)
NOT-FOR-US: IBM
-CVE-2025-0781 [issues in handling of Nasal code]
+CVE-2025-0781 (An attacker can bypass the sandboxing of Nasal scripts and
arbitrarily ...)
- flightgear 1:2020.3.19+dfsg-1
[bookworm] - flightgear <no-dsa> (Minor issue)
[bullseye] - flightgear <no-dsa> (Minor issue)
@@ -5027,12 +5113,12 @@ CVE-2023-37936 (A use of hard-coded cryptographic key
in Fortinet FortiSwitch ve
CVE-2023-37931 (An improper neutralization of special elements used in an sql
command ...)
NOT-FOR-US: Fortinet
CVE-2024-52006 (Git is a fast, scalable, distributed revision control system
with an u ...)
- {DSA-5850-1}
+ {DSA-5850-1 DLA-4031-1}
- git 1:2.47.2-0.1 (bug #1093042)
NOTE: https://www.openwall.com/lists/oss-security/2025/01/14/4
NOTE: Fixed by:
https://github.com/git/git/commit/b01b9b81d36759cdcd07305e78765199e1bc2060
(v2.40.4)
CVE-2024-50349 (Git is a fast, scalable, distributed revision control system
with an u ...)
- {DSA-5850-1}
+ {DSA-5850-1 DLA-4031-1}
- git 1:2.47.2-0.1 (bug #1093042)
NOTE: https://www.openwall.com/lists/oss-security/2025/01/14/4
NOTE: Fixed by:
https://github.com/git/git/commit/c903985bf7e772e2d08275c1a95c8a55ab011577
(v2.40.4)
@@ -11615,6 +11701,7 @@ CVE-2024-55232 (An IDOR vulnerability in the
manage-notes.php module in PHPGuruk
CVE-2024-55231 (An IDOR vulnerability in the edit-notes.php module of
PHPGurukul Onlin ...)
NOT-FOR-US: PHPGurukul Online Notes Sharing Management System
CVE-2024-53580 (iperf v3.17.1 was discovered to contain a segmentation
violation via t ...)
+ {DLA-4032-1}
- iperf3 3.18-1 (bug #1090931)
[bookworm] - iperf3 <no-dsa> (Minor issue)
NOTE: https://github.com/esnet/iperf/pull/1810
@@ -34603,6 +34690,7 @@ CVE-2024-8508 (NLnet Labs Unbound up to and including
version 1.21.0 contains a
NOTE: Patch:
https://nlnetlabs.nl/downloads/unbound/patch_CVE-2024-8508.diff
NOTE: Fixed by:
https://github.com/NLnetLabs/unbound/commit/b7c61d7cc256d6a174e6179622c7fa968272c259
(release-1.21.1)
CVE-2024-25590 (An attacker can publish a zone containing specific Resource
Record Set ...)
+ {DSA-5852-1}
- pdns-recursor 5.0.9-1 (bug #1083285)
[bullseye] - pdns-recursor <end-of-life> (No longer supported with
security updates in Bullseye)
NOTE: https://www.openwall.com/lists/oss-security/2024/10/03/3
@@ -56399,7 +56487,8 @@ CVE-2024-38999 (jrburke requirejs v2.3.6 was discovered
to contain a prototype p
NOTE: https://github.com/requirejs/requirejs/issues/1854
NOTE: https://github.com/requirejs/requirejs/pull/1856
NOTE:
https://github.com/requirejs/requirejs/commit/6e8a234303deaf80ef619e66a2f5c6616bb7e6d9
(2.3.7)
-CVE-2024-38998 (jrburke requirejs v2.3.6 was discovered to contain a prototype
polluti ...)
+CVE-2024-38998
+ REJECTED
- requirejs 2.3.7+ds+~2.1.37-1 (bug #1077543)
[bookworm] - requirejs <no-dsa> (Minor issue)
[bullseye] - requirejs <no-dsa> (Minor issue)
@@ -73242,6 +73331,7 @@ CVE-2024-2299 (A stored Cross-Site Scripting (XSS)
vulnerability exists in the p
CVE-2024-29212 (Due to an unsafe de-serialization method used by the Veeam
Service Pr ...)
NOT-FOR-US: Veeam
CVE-2024-26306 (iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a
server wi ...)
+ {DLA-4032-1}
- iperf3 3.17.1-1 (bug #1071751)
[bookworm] - iperf3 <ignored> (Minor issue)
[buster] - iperf3 <postponed> (Minor issue; can be fixed in next update)
@@ -136412,6 +136502,7 @@ CVE-2023-38405 (On Crestron 3-Series Control Systems
before 1.8001.0187, craftin
CVE-2023-38404 (The XPRTLD web application in Veritas InfoScale Operations
Manager (VI ...)
NOT-FOR-US: Veritas InfoScale
CVE-2023-7250 (A flaw was found in iperf, a utility for testing network
performance u ...)
+ {DLA-4032-1}
- iperf3 3.15-1
[bookworm] - iperf3 <ignored> (Minor issue)
[buster] - iperf3 <no-dsa> (Minor issue)
@@ -493145,8 +493236,8 @@ CVE-2018-9380 (In l2c_lcc_proc_pdu of l2c_fcr.cc,
there is a possible out of bou
NOT-FOR-US: Android
CVE-2018-9379 (In multiple functions of MiniThumbFile.java, there is a
possible way t ...)
NOT-FOR-US: Android
-CVE-2018-9378
- RESERVED
+CVE-2018-9378 (In BnAudioPolicyService::onTransact of IAudioPolicyService.cpp,
there ...)
+ TODO: check
CVE-2018-9377 (In getIntentForIntentSender of ActivityManagerService.java,
there is a ...)
NOT-FOR-US: Android
CVE-2018-9376 (In rpc_msg_handler and related handlers
ofdrivers/misc/mediatek/eccci/ ...)
@@ -493155,8 +493246,8 @@ CVE-2018-9375 (In multiple functions of
UserDictionaryProvider.java, there is a
NOT-FOR-US: Android
CVE-2018-9374 (In installPackageLI of PackageManagerService.java, there is a
possible ...)
NOT-FOR-US: Android
-CVE-2018-9373
- RESERVED
+CVE-2018-9373 (In TdlsexRxFrameHandle of the MTK WLAN driver, there is a
possible out ...)
+ TODO: check
CVE-2018-9372 (In cmd_flash_mmc_sparse_img of dl_commands.c, there is a
possible out ...)
NOT-FOR-US: Android
CVE-2018-9371 (In the Mediatek Preloader, there are out of bounds reads and
writes du ...)
@@ -532023,11 +532114,9 @@ CVE-2017-13320 (In impeg2d_bit_stream_flush() of
libmpeg2dec there is a possible
NOT-FOR-US: Android Media Framework
CVE-2017-13319 (In pvmp3_get_main_data_size of pvmp3_get_main_data_size.cpp,
there is ...)
NOT-FOR-US: Android Media Framework
-CVE-2017-13318
- RESERVED
+CVE-2017-13318 (In HeifDataSource::readAt of HeifDecoderImpl.cpp, there is a
possible ...)
NOT-FOR-US: Android Media Framework
-CVE-2017-13317
- RESERVED
+CVE-2017-13317 (In HeifDecoderImpl::getScanline of HeifDecoderImpl.cpp, there
is a pos ...)
NOT-FOR-US: Android Media Framework
CVE-2017-13316 (In checkPermissions of RecognitionService.java, there is a
possibleper ...)
NOT-FOR-US: Android
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2791702057e117d33edd9b4be520dbd0e5aafa4a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2791702057e117d33edd9b4be520dbd0e5aafa4a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
