Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ca9fee9b by security tracker role at 2025-02-05T20:12:02+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,27 +1,143 @@
-CVE-2023-52925 [netfilter: nf_tables: don't fail inserts if duplicate has
expired]
+CVE-2025-24805 (Mobile Security Framework (MobSF) is an automated, all-in-one
mobile a ...)
+ TODO: check
+CVE-2025-24804 (Mobile Security Framework (MobSF) is an automated, all-in-one
mobile a ...)
+ TODO: check
+CVE-2025-24803 (Mobile Security Framework (MobSF) is an automated, all-in-one
mobile a ...)
+ TODO: check
+CVE-2025-24497 (When URL categorization is configured on a virtual server,
undisclosed ...)
+ TODO: check
+CVE-2025-24372 (CKAN is an open-source DMS (data management system) for
powering data ...)
+ TODO: check
+CVE-2025-24326 (When BIG-IP Advanced WAF/ASM Behavioral DoS (BADoS) TLS
Signatures fea ...)
+ TODO: check
+CVE-2025-24320 (A stored cross-site scripting (XSS) vulnerability exists in an
undiscl ...)
+ TODO: check
+CVE-2025-24319 (When BIG-IP Next Central Manager is running, undisclosed
requests to t ...)
+ TODO: check
+CVE-2025-24312 (When BIG-IP AFM is provisioned with IPS module enabled and
protocol in ...)
+ TODO: check
+CVE-2025-23419 (When multiple server blocks are configured to share the same
IP addres ...)
+ TODO: check
+CVE-2025-23415 (An insufficient verification of data authenticity
vulnerability exists ...)
+ TODO: check
+CVE-2025-23413 (When users log in through the webUI or API using local
authentication, ...)
+ TODO: check
+CVE-2025-23412 (When BIG-IP APM Access Profile is configured on a virtual
server, undi ...)
+ TODO: check
+CVE-2025-23239 (When running in Appliance mode, an authenticated remote
command inject ...)
+ TODO: check
+CVE-2025-22891 (When BIG-IP PEM Control Plane listener Virtual Server is
configured wi ...)
+ TODO: check
+CVE-2025-22846 (When SIP Session and Router ALG profiles are configured on a
Message R ...)
+ TODO: check
+CVE-2025-21117 (Dell Avamar, version 19.4 or later, contains an access token
reuse vul ...)
+ TODO: check
+CVE-2025-21091 (When SNMP v1 or v2c are disabled on the BIG-IP, undisclosed
requests c ...)
+ TODO: check
+CVE-2025-21087 (When Client or Server SSL profiles are configured on a Virtual
Server, ...)
+ TODO: check
+CVE-2025-20207 (A vulnerability in Simple Network Management Protocol (SNMP)
polling f ...)
+ TODO: check
+CVE-2025-20205 (A vulnerability in the web-based management interface of Cisco
Identit ...)
+ TODO: check
+CVE-2025-20204 (A vulnerability in the web-based management interface of Cisco
Identit ...)
+ TODO: check
+CVE-2025-20185 (A vulnerability in the implementation of the remote access
functionali ...)
+ TODO: check
+CVE-2025-20184 (A vulnerability in the web-based management interface of Cisco
AsyncOS ...)
+ TODO: check
+CVE-2025-20183 (A vulnerability in a policy-based Cisco Application Visibility
and Con ...)
+ TODO: check
+CVE-2025-20180 (A vulnerability in the web-based management interface of Cisco
AsyncOS ...)
+ TODO: check
+CVE-2025-20179 (A vulnerability in the web-based management interface of Cisco
Express ...)
+ TODO: check
+CVE-2025-20176 (A vulnerability in the SNMP subsystem of Cisco IOS Software
and Cisco ...)
+ TODO: check
+CVE-2025-20175 (A vulnerability in the SNMP subsystem of Cisco IOS Software
and Cisco ...)
+ TODO: check
+CVE-2025-20174 (A vulnerability in the SNMP subsystem of Cisco IOS Software
and Cisco ...)
+ TODO: check
+CVE-2025-20173 (A vulnerability in the SNMP subsystem of Cisco IOS Software
and Cisco ...)
+ TODO: check
+CVE-2025-20172 (A vulnerability in the SNMP subsystem of Cisco IOS Software,
Cisco IOS ...)
+ TODO: check
+CVE-2025-20171 (A vulnerability in the SNMP subsystem of Cisco IOS Software
and Cisco ...)
+ TODO: check
+CVE-2025-20170 (A vulnerability in the SNMP subsystem of Cisco IOS Software
and Cisco ...)
+ TODO: check
+CVE-2025-20169 (A vulnerability in the SNMP subsystem of Cisco IOS Software
and Cisco ...)
+ TODO: check
+CVE-2025-20125 (A vulnerability in an API of Cisco ISE could allow an
authenticated, r ...)
+ TODO: check
+CVE-2025-20124 (A vulnerability in an API of Cisco ISE could allow an
authenticated, r ...)
+ TODO: check
+CVE-2025-20058 (When a BIG-IP message routing profile is configured on a
virtual serve ...)
+ TODO: check
+CVE-2025-20045 (When SIP session Application Level Gateway mode (ALG) profile
with Pas ...)
+ TODO: check
+CVE-2025-20029 (Command injection vulnerability exists in iControl REST and
BIG-IP TMO ...)
+ TODO: check
+CVE-2025-0858 (A vulnerability was discovered in the firmware builds up to
8.2.1.0820 ...)
+ TODO: check
+CVE-2024-9631 (An issue was discovered in GitLab CE/EE affecting all versions
startin ...)
+ TODO: check
+CVE-2024-9097 (ManageEngine Endpoint Central versions before11.3.2440.09 are
vulnerab ...)
+ TODO: check
+CVE-2024-6356 (An issue was discovered in GitLab EE affecting all versions
starting f ...)
+ TODO: check
+CVE-2024-56135 (Improper Input Validation vulnerability of Authenticated User
in Progr ...)
+ TODO: check
+CVE-2024-56134 (Improper Input Validation vulnerability of Authenticated User
in Progr ...)
+ TODO: check
+CVE-2024-56133 (Improper Input Validation vulnerability of Authenticated User
in Progr ...)
+ TODO: check
+CVE-2024-56132 (Improper Input Validation vulnerability of Authenticated User
in Progr ...)
+ TODO: check
+CVE-2024-56131 (Improper Input Validation vulnerability of Authenticated User
in Progr ...)
+ TODO: check
+CVE-2024-52365 (IBM Cloud Pak for Business Automation18.0.0, 18.0.1, 18.0.2,
19.0.1, 1 ...)
+ TODO: check
+CVE-2024-52364 (IBM Cloud Pak for Business Automation18.0.0, 18.0.1, 18.0.2,
19.0.1, 1 ...)
+ TODO: check
+CVE-2024-49352 (IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4,
12.0.0, 1 ...)
+ TODO: check
+CVE-2024-49348 (IBM Cloud Pak for Business Automation18.0.0, 18.0.1, 18.0.2,
19.0.1, 1 ...)
+ TODO: check
+CVE-2024-42207 (HCL iAutomate is affected by a session fixation vulnerability.
An atta ...)
+ TODO: check
+CVE-2024-3976 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
+ TODO: check
+CVE-2024-39564 (This is a similar, but different vulnerability than the issue
reported ...)
+ TODO: check
+CVE-2024-2878 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
+ TODO: check
+CVE-2024-1539 (An issue has been discovered in GitLab EE affecting all
versions start ...)
+ TODO: check
+CVE-2023-52925 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.4.13-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/7845914f45f066497ac75b30c50dbc735e84e884 (6.5-rc7)
-CVE-2023-52924 [netfilter: nf_tables: don't skip expired elements during walk]
+CVE-2023-52924 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.4.11-1
[bookworm] - linux 6.1.64-1
[bullseye] - linux 5.10.205-1
NOTE:
https://git.kernel.org/linus/24138933b97b055d486e8064b4a1721702442a9b (6.5-rc6)
-CVE-2025-0167 [netrc and default credential leak]
+CVE-2025-0167 (When asked to use a `.netrc` file for credentials **and** to
follow HT ...)
- curl <unfixed>
[bullseye] - curl <not-affected> (Vulnerable code introduced later)
NOTE: https://curl.se/docs/CVE-2025-0167.html
NOTE: Introduced with:
https://github.com/curl/curl/commit/46620b97431e19c53ce82e55055c85830f088cf4
(curl-7_76_0)
NOTE: Fixed by:
https://github.com/curl/curl/commit/0e120c5b925e8ca75d5319e319e5ce4b8080d8eb
(curl-8_12_0)
-CVE-2025-0665 [eventfd double close]
+CVE-2025-0665 (libcurl would wrongly close the same eventfd file descriptor
twice whe ...)
- curl <unfixed>
[bookworm] - curl <not-affected> (Vulnerable code not present)
[bullseye] - curl <not-affected> (Vulnerable code not present)
NOTE: https://curl.se/docs/CVE-2025-0665.html
NOTE: Introduced with:
https://github.com/curl/curl/commit/92124838c6b7e09e3f35ff84e1eb63cf0105c9b5
(curl-8_11_1)
NOTE: Fixed by:
https://github.com/curl/curl/commit/ff5091aa9f73802e894b1cbdf24ab84e103200e2
(curl-8_12_0)
-CVE-2025-0725 [gzip integer overflow]
+CVE-2025-0725 (When libcurl is asked to perform automatic gzip decompression
of conte ...)
- curl <unfixed> (unimportant)
NOTE: https://curl.se/docs/CVE-2025-0725.html
NOTE: Introduced with:
https://github.com/curl/curl/commit/019c4088cfcca0d2b7c5cc4f52ca5dac0c616089
(curl-7_10_5)
@@ -217,6 +333,7 @@ CVE-2025-1020 (Memory safety bugs present in Firefox 134
and Thunderbird 134. So
- firefox 135.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-07/#CVE-2025-1020
CVE-2025-1017 (Memory safety bugs present in Firefox 134, Thunderbird 134,
Firefox ES ...)
+ {DSA-5858-1}
- firefox 135.0-1
- firefox-esr 128.7.0esr-1
- thunderbird <unfixed>
@@ -224,6 +341,7 @@ CVE-2025-1017 (Memory safety bugs present in Firefox 134,
Thunderbird 134, Firef
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-09/#CVE-2025-1017
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-10/#CVE-2025-1017
CVE-2025-1016 (Memory safety bugs present in Firefox 134, Thunderbird 134,
Firefox ES ...)
+ {DSA-5858-1}
- firefox 135.0-1
- firefox-esr 128.7.0esr-1
- thunderbird <unfixed>
@@ -234,6 +352,7 @@ CVE-2025-1015 (The Thunderbird Address Book URI fields
contained unsanitized lin
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-10/#CVE-2025-1015
CVE-2025-1014 (Certificate length was not properly checked when added to a
certificat ...)
+ {DSA-5858-1}
- firefox 135.0-1
- firefox-esr 128.7.0esr-1
- thunderbird <unfixed>
@@ -241,6 +360,7 @@ CVE-2025-1014 (Certificate length was not properly checked
when added to a certi
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-09/#CVE-2025-1014
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-10/#CVE-2025-1014
CVE-2025-1013 (A race condition could have led to private browsing tabs being
opened ...)
+ {DSA-5858-1}
- firefox 135.0-1
- firefox-esr 128.7.0esr-1
- thunderbird <unfixed>
@@ -251,6 +371,7 @@ CVE-2025-1019 (The z-order of the browser windows could be
manipulated to hide t
- firefox 135.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-07/#CVE-2025-1019
CVE-2025-1012 (A race during concurrent delazification could have led to a
use-after- ...)
+ {DSA-5858-1}
- firefox 135.0-1
- firefox-esr 128.7.0esr-1
- thunderbird <unfixed>
@@ -258,6 +379,7 @@ CVE-2025-1012 (A race during concurrent delazification
could have led to a use-a
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-09/#CVE-2025-1012
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-10/#CVE-2025-1012
CVE-2025-1011 (A bug in WebAssembly code generation could have lead to a
crash. It ma ...)
+ {DSA-5858-1}
- firefox 135.0-1
- firefox-esr 128.7.0esr-1
- thunderbird <unfixed>
@@ -268,6 +390,7 @@ CVE-2025-1018 (The fullscreen notification is prematurely
hidden when fullscreen
- firefox 135.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-07/#CVE-2025-1018
CVE-2025-1010 (An attacker could have caused a use-after-free via the Custom
Highligh ...)
+ {DSA-5858-1}
- firefox 135.0-1
- firefox-esr 128.7.0esr-1
- thunderbird <unfixed>
@@ -275,6 +398,7 @@ CVE-2025-1010 (An attacker could have caused a
use-after-free via the Custom Hig
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-09/#CVE-2025-1010
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-10/#CVE-2025-1010
CVE-2025-1009 (An attacker could have caused a use-after-free via crafted XSLT
data, ...)
+ {DSA-5858-1}
- firefox 135.0-1
- firefox-esr 128.7.0esr-1
- thunderbird <unfixed>
@@ -4816,7 +4940,7 @@ CVE-2024-10498 (CWE-119: Improper Restriction of
Operations within the Bounds of
NOT-FOR-US: Schneider Electric
CVE-2024-10497 (CWE-639: Authorization Bypass Through User-Controlled Key
vulnerabilit ...)
NOT-FOR-US: Schneider Electric
-CVE-2024-7596 [networkmanager: UDP encapsulation protocol excessive trust]
+CVE-2024-7596 (Proposed Generic UDP Encapsulation (GUE) (IETF Draft) do not
validate ...)
NOT-FOR-US: IP tunnel protocol issue
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2317264
NOTE: https://papers.mathyvanhoef.com/usenix2025-tunnels.pdf
@@ -4824,7 +4948,7 @@ CVE-2024-7596 [networkmanager: UDP encapsulation protocol
excessive trust]
NOTE:
https://www.top10vpn.com/research/tunneling-protocol-vulnerability/
NOTE: https://kb.cert.org/vuls/id/199397
NOTE: https://www.openwall.com/lists/oss-security/2025/01/21/10
-CVE-2024-7595 [networkmanager: GRE & GRE6 protocol excessive trust]
+CVE-2024-7595 (GRE and GRE6 Protocols (RFC2784) do not validate or verify the
source ...)
NOT-FOR-US: IP tunnel protocol issue
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2317262
NOTE: https://papers.mathyvanhoef.com/usenix2025-tunnels.pdf
@@ -19559,6 +19683,7 @@ CVE-2024-11698 (A flaw in handling fullscreen
transitions may have inadvertently
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-64/#CVE-2024-11698
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-68/#CVE-2024-11698
CVE-2024-11704 (A double-free issue could have occurred in
`sec_pkcs7_decoder_start_de ...)
+ {DSA-5858-1}
- firefox 134.0-1
- firefox-esr <unfixed>
- thunderbird <unfixed>
@@ -51733,7 +51858,8 @@ CVE-2024-41072 (In the Linux kernel, the following
vulnerability has been resolv
- linux 6.9.11-1
[bookworm] - linux 6.1.106-1
NOTE:
https://git.kernel.org/linus/6ef09cdc5ba0f93826c09d810c141a8d103a80fc (6.10-rc5)
-CVE-2024-41071 (In the Linux kernel, the following vulnerability has been
resolved: w ...)
+CVE-2024-41071
+ REJECTED
{DLA-4008-1}
- linux 6.9.11-1
[bookworm] - linux 6.1.115-1
@@ -55846,7 +55972,7 @@ CVE-2024-0619 (The Payflex Payment Gateway plugin for
WordPress is vulnerable to
CVE-2016-15039 (A vulnerability classified as critical was found in mhuertos
phpLDAPad ...)
- phpldapadmin 1.2.6.3-0.1
NOTE:
https://github.com/leenooks/phpLDAPadmin/commit/dd6e9583a2eb2ca085583765e8a63df5904cb036
(1.2.4)
-CVE-2024-5528
+CVE-2024-5528 (An issue was discovered in GitLab CE/EE affecting all versions
prior t ...)
[experimental] - gitlab 16.11.6-1
- gitlab <unfixed>
CVE-2024-2880 (An issue was discovered in GitLab CE/EE affecting all versions
startin ...)
@@ -103674,7 +103800,7 @@ CVE-2024-1300 (A vulnerability in the Eclipse Vert.x
toolkit causes a memory lea
CVE-2024-1066 (An issue has been discovered in GitLab EE affecting all
versions from ...)
- gitlab 16.6.7-1
NOTE:
https://about.gitlab.com/releases/2024/02/07/security-release-gitlab-16-8-2-released/#resource-exhaustion-using-graphql-vulnerabilitiescountbyday
-CVE-2023-6386 [ReDoS in CI/CD Pipeline Editor while verifying Pipeline syntax]
+CVE-2023-6386 (A denial of service vulnerability was identified in GitLab
CE/EE, affe ...)
- gitlab 16.6.7-1
NOTE:
https://about.gitlab.com/releases/2024/02/07/security-release-gitlab-16-8-2-released/#redos-in-ci/cd-pipeline-editor-while-verifying-pipeline-syntax
CVE-2023-6840 (An issue has been discovered in GitLab EE affecting all
versions from ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca9fee9beb502444d5e9dbeb6a8a7b9f40509204
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca9fee9beb502444d5e9dbeb6a8a7b9f40509204
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
