[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Mon, 10 Feb 2025 12:12:48 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
c6000b06 by security tracker role at 2025-02-10T20:12:04+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,38 +1,134 @@
-CVE-2025-21693 [mm: zswap: properly synchronize freeing resources during CPU 
hotunplug]
+CVE-2025-25247 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-25188 (Hickory DNS is a Rust based DNS client, server, and resolver. 
A vulner ...)
+       TODO: check
+CVE-2025-25186 (Net::IMAP implements Internet Message Access Protocol (IMAP) 
client fu ...)
+       TODO: check
+CVE-2025-24892 (OpenProject is open-source, web-based project management 
software. In  ...)
+       TODO: check
+CVE-2025-24200 (An authorization issue was addressed with improved state 
management. T ...)
+       TODO: check
+CVE-2025-24031 (PAM-PKCS#11 is a Linux-PAM login module that allows a X.509 
certificat ...)
+       TODO: check
+CVE-2025-24016 (Wazuh is a free and open source platform used for threat 
prevention, d ...)
+       TODO: check
+CVE-2025-1193 (Improper host validation in the certificate validation 
component in De ...)
+       TODO: check
+CVE-2025-1175 (Reflected Cross-Site Scripting (XSS) vulnerability in Kelio 
Visio 1, K ...)
+       TODO: check
+CVE-2025-1155 (A vulnerability, which was classified as problematic, was found 
in Web ...)
+       TODO: check
+CVE-2025-1154 (A vulnerability, which was classified as critical, has been 
found in x ...)
+       TODO: check
+CVE-2025-1153 (A vulnerability classified as problematic was found in GNU 
Binutils 2. ...)
+       TODO: check
+CVE-2025-1152 (A vulnerability classified as problematic has been found in GNU 
Binuti ...)
+       TODO: check
+CVE-2025-1151 (A vulnerability was found in GNU Binutils 2.43. It has been 
rated as p ...)
+       TODO: check
+CVE-2025-1150 (A vulnerability was found in GNU Binutils 2.43. It has been 
declared a ...)
+       TODO: check
+CVE-2025-1149 (A vulnerability was found in GNU Binutils 2.43. It has been 
classified ...)
+       TODO: check
+CVE-2025-1148 (A vulnerability was found in GNU Binutils 2.43 and classified 
as probl ...)
+       TODO: check
+CVE-2025-1147 (A vulnerability has been found in GNU Binutils 2.43 and 
classified as  ...)
+       TODO: check
+CVE-2025-1099 (The TP-Link Tapo C500 V1 and V2 are a pan-and-tilt outdoor 
Wi-Fi secur ...)
+       TODO: check
+CVE-2024-8685 (Path-Traversal vulnerability in Revolution Pi version 
2022-07-28-revpi ...)
+       TODO: check
+CVE-2024-8684 (OS Command Injection vulnerability in Revolution Pi version 
2022-07-28 ...)
+       TODO: check
+CVE-2024-8550 (A Local File Inclusion (LFI) vulnerability exists in the 
/load-workflo ...)
+       TODO: check
+CVE-2024-57409 (A stored cross-site scripting (XSS) vulnerability in the 
Parameter Lis ...)
+       TODO: check
+CVE-2024-57408 (An arbitrary file upload vulnerability in the component 
/comm/upload o ...)
+       TODO: check
+CVE-2024-57407 (An arbitrary file upload vulnerability in the component 
/userPicture o ...)
+       TODO: check
+CVE-2024-57178 (An SQL injection vulnerability exists in Stock-Forecaster 
<=01-04-2020 ...)
+       TODO: check
+CVE-2024-57177 (A host header injection vulnerability exists in the NPM 
package of per ...)
+       TODO: check
+CVE-2024-54954 (OneBlog v2.3.6 was discovered to contain a template injection 
vulnerab ...)
+       TODO: check
+CVE-2024-48170 (PHPGurukul Small CRM 3.0 is vulnerable to Cross Site Scripting 
(XSS) v ...)
+       TODO: check
+CVE-2024-46437 (A sensitive information disclosure vulnerability in the Tenda 
W18E V16 ...)
+       TODO: check
+CVE-2024-46436 (Hardcoded credentials in Tenda W18E V16.01.0.8(1625) allows 
unauthenti ...)
+       TODO: check
+CVE-2024-46435 (A stack overflow vulnerability in the Tenda W18E 
V16.01.0.8(1625) web  ...)
+       TODO: check
+CVE-2024-46434 (Tenda W18E V16.01.0.8(1625) suffers from authentication bypass 
in the  ...)
+       TODO: check
+CVE-2024-46433 (A default credentials vulnerability in Tenda W18E 
V16.01.0.8(1625) all ...)
+       TODO: check
+CVE-2024-46432 (Tenda W18E V16.01.0.8(1625) is vulnerable to Incorrect Access 
Control. ...)
+       TODO: check
+CVE-2024-46431 (Tenda W18E V16.01.0.8(1625) is vulnerable to Buffer Overflow. 
An attac ...)
+       TODO: check
+CVE-2024-46430 (Tenda W18E V16.01.0.8(1625) is vulnerable to Incorrect Access 
Control. ...)
+       TODO: check
+CVE-2024-46429 (A hardcoded credentials vulnerability in Tenda W18E 
V16.01.0.8(1625) a ...)
+       TODO: check
+CVE-2024-42513 (Vulnerability in the OPC UA .NET Standard Stack before 
1.5.374.158 all ...)
+       TODO: check
+CVE-2024-42512 (Vulnerability in the OPC UA .NET Standard Stack before 
1.5.374.158 all ...)
+       TODO: check
+CVE-2024-27859 (The issue was addressed with improved memory handling. This 
issue is f ...)
+       TODO: check
+CVE-2024-13059 (A vulnerability in mintplex-labs/anything-llm prior to version 
1.3.1 a ...)
+       TODO: check
+CVE-2024-13011 (The WP Foodbakery plugin for WordPress is vulnerable to 
arbitrary file ...)
+       TODO: check
+CVE-2024-13010 (The WP Foodbakery plugin for WordPress is vulnerable to 
Reflected Cros ...)
+       TODO: check
+CVE-2024-11831 (A flaw was found in npm-serialize-javascript. The 
vulnerability occurs ...)
+       TODO: check
+CVE-2024-11621 (Missing certificate validation in Devolutions Remote Desktop 
Manager o ...)
+       TODO: check
+CVE-2024-10649 (wandb/openui latest commit 
c945bb859979659add5f490a874140ad17c56a5d co ...)
+       TODO: check
+CVE-2024-10334 (A vulnerability exists in the VideONet product included in the 
listed  ...)
+       TODO: check
+CVE-2025-21693 (In the Linux kernel, the following vulnerability has been 
resolved:  m ...)
        - linux 6.12.12-1
        [bullseye] - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/12dcb0ef540629a281533f9dedc1b6b8e14cfb65 (6.13)
-CVE-2025-21692 [net: sched: fix ets qdisc OOB Indexing]
+CVE-2025-21692 (In the Linux kernel, the following vulnerability has been 
resolved:  n ...)
        - linux 6.12.12-1
        [bookworm] - linux 6.1.128-1
        NOTE: 
https://git.kernel.org/linus/d62b04fca4340a0d468d7853bd66e511935a18cb (6.14-rc1)
-CVE-2025-21691 [cachestat: fix page cache statistics permission checking]
+CVE-2025-21691 (In the Linux kernel, the following vulnerability has been 
resolved:  c ...)
        - linux 6.12.12-1
        [bookworm] - linux <not-affected> (Vulnerable code not present)
        [bullseye] - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/5f537664e705b0bf8b7e329861f20128534f6a83 (6.14-rc1)
-CVE-2025-21690 [scsi: storvsc: Ratelimit warning logs to prevent VM denial of 
service]
+CVE-2025-21690 (In the Linux kernel, the following vulnerability has been 
resolved:  s ...)
        - linux 6.12.12-1
        [bookworm] - linux 6.1.128-1
        NOTE: 
https://git.kernel.org/linus/d2138eab8cde61e0e6f62d0713e45202e8457d6d (6.14-rc1)
-CVE-2025-21689 [USB: serial: quatech2: fix null-ptr-deref in 
qt2_process_read_urb()]
+CVE-2025-21689 (In the Linux kernel, the following vulnerability has been 
resolved:  U ...)
        - linux 6.12.12-1
        [bookworm] - linux 6.1.128-1
        NOTE: 
https://git.kernel.org/linus/575a5adf48b06a2980c9eeffedf699ed5534fade (6.14-rc1)
-CVE-2025-21688 [drm/v3d: Assign job pointer to NULL before signaling the fence]
+CVE-2025-21688 (In the Linux kernel, the following vulnerability has been 
resolved:  d ...)
        - linux 6.12.12-1
        [bookworm] - linux 6.1.128-1
        NOTE: 
https://git.kernel.org/linus/6e64d6b3a3c39655de56682ec83e894978d23412 (6.14-rc1)
-CVE-2025-21687 [vfio/platform: check the bounds of read/write syscalls]
+CVE-2025-21687 (In the Linux kernel, the following vulnerability has been 
resolved:  v ...)
        - linux 6.12.12-1
        [bookworm] - linux 6.1.128-1
        NOTE: 
https://git.kernel.org/linus/ce9ff21ea89d191e477a02ad7eabf4f996b80a69 (6.14-rc1)
-CVE-2025-21686 [io_uring/rsrc: require cloned buffers to share accounting 
contexts]
+CVE-2025-21686 (In the Linux kernel, the following vulnerability has been 
resolved:  i ...)
        - linux 6.12.12-1
        [bookworm] - linux <not-affected> (Vulnerable code not present)
        [bullseye] - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/19d340a2988d4f3e673cded9dde405d727d7e248 (6.14-rc1)
-CVE-2024-57950 [drm/amd/display: Initialize denominator defaults to 1]
+CVE-2024-57950 (In the Linux kernel, the following vulnerability has been 
resolved:  d ...)
        - linux 6.12.12-1
        NOTE: 
https://git.kernel.org/linus/36b23e3baf9129d5b6c3a3a85b6b7ffb75ae287c (6.13)
 CVE-2025-21685 (In the Linux kernel, the following vulnerability has been 
resolved:  p ...)
@@ -283,7 +379,7 @@ CVE-2024-35106 (NEXTU FLETA AX1500 WIFI6 v1.0.3 was 
discovered to contain a buff
        NOT-FOR-US: NEXTU FLETA AX1500 WIFI6
 CVE-2024-10383 (An issue has been discovered in the gitlab-web-ide-vscode-fork 
compone ...)
        TODO: check
-CVE-2025-24032
+CVE-2025-24032 (PAM-PKCS#11 is a Linux-PAM login module that allows a X.509 
certificat ...)
        - pam-pkcs11 0.6.13-1
        NOTE: 
https://github.com/OpenSC/pam_pkcs11/commit/b665b287ff955bbbd9539252ff9f9e2754c3fb48
 (pam_pkcs11-0.6.13)
        NOTE: 
https://github.com/OpenSC/pam_pkcs11/commit/d9530167966a77115db6e885d459382a2e52ee9e
 (pam_pkcs11-0.6.13)
@@ -361,14 +457,14 @@ CVE-2024-13492 (The Guten Free Options WordPress plugin 
through 0.9.5 does not s
        NOT-FOR-US: WordPress plugin
 CVE-2024-13352 (The Legull WordPress plugin through 1.2.2 does not sanitise 
and escape ...)
        NOT-FOR-US: WordPress plugin
-CVE-2024-12243
+CVE-2024-12243 (A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 
data pr ...)
        [experimental] - gnutls28 3.8.9-1
        - gnutls28 3.8.9-2
        NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-02-07
        NOTE: 
https://lists.gnupg.org/pipermail/gnutls-help/2025-February/004875.html
        NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1553
        NOTE: Fixed by: 
https://gitlab.com/gnutls/gnutls/-/commit/4760bc63531e3f5039e70ede91a20e1194410892
 (3.8.9)
-CVE-2024-12133
+CVE-2024-12133 (A flaw in libtasn1 causes inefficient handling of specific 
certificate ...)
        - libtasn1-6 4.20.0-1 (bug #1095406)
        NOTE: https://www.openwall.com/lists/oss-security/2025/02/06/6
        NOTE: https://gitlab.com/gnutls/libtasn1/-/issues/52
@@ -2926,6 +3022,7 @@ CVE-2025-24537 (Cross-Site Request Forgery (CSRF) 
vulnerability in The Events Ca
 CVE-2025-24533 (Cross-Site Request Forgery (CSRF) vulnerability in MetaSlider 
Responsi ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-24368 (Cacti is an open source performance and fault management 
framework. So ...)
+       {DSA-5862-1}
        - cacti 1.2.28+ds1-4 (bug #1094574)
        NOTE: 
https://github.com/Cacti/cacti/security/advisories/GHSA-f9c7-7rc3-574c
        NOTE: Backend fixed by: 
https://github.com/Cacti/cacti/commit/8b516cb9a73322ad532231e74000c2ee097b495e 
(release/1.2.27)
@@ -2934,6 +3031,7 @@ CVE-2025-24368 (Cacti is an open source performance and 
fault management framewo
        NOTE: Frontend regression: https://github.com/Cacti/cacti/issues/6090
        NOTE: Frontend fix optional: 
https://github.com/Cacti/cacti/pull/6094#issuecomment-2643321503
 CVE-2025-24367 (Cacti is an open source performance and fault management 
framework. An ...)
+       {DSA-5862-1}
        - cacti 1.2.28+ds1-4 (bug #1094574; unimportant)
        NOTE: 
https://github.com/Cacti/cacti/security/advisories/GHSA-fxrq-fr7h-9rqq
        NOTE: Fixed by: 
https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0
@@ -2973,6 +3071,7 @@ CVE-2025-23457 (Improper Neutralization of Input During 
Web Page Generation ('Cr
 CVE-2025-23197 (matrix-hookshot is a Matrix bot for connecting to external 
services li ...)
        NOT-FOR-US: matrix-hookshot
 CVE-2025-22604 (Cacti is an open source performance and fault management 
framework. Du ...)
+       {DSA-5862-1}
        - cacti 1.2.28+ds1-4 (bug #1094574)
        NOTE: 
https://github.com/Cacti/cacti/security/advisories/GHSA-c5j8-jxj3-hh36
        NOTE: Fixed by: 
https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0
@@ -3063,6 +3162,7 @@ CVE-2024-54146 (Cacti is an open source performance and 
fault management framewo
        NOTE: Proposed fix: https://github.com/Cacti/cacti/pull/6096
        NOTE: Fixed by: 
https://github.com/Cacti/cacti/commit/7fa60c03ad4a69c701ac6b77c85a8927df7acd51
 CVE-2024-54145 (Cacti is an open source performance and fault management 
framework. Ca ...)
+       {DSA-5862-1}
        - cacti 1.2.28+ds1-4 (bug #1094574)
        NOTE: 
https://github.com/Cacti/cacti/security/advisories/GHSA-fh3x-69rr-qqpp
        NOTE: Fixed by: 
https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0
@@ -3079,6 +3179,7 @@ CVE-2024-48417 (Edimax AC1200 Wi-Fi 5 Dual-Band Router 
BR-6476AC 1.06 is vulnera
 CVE-2024-48416 (Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 is 
vulnerable to ...)
        NOT-FOR-US: Edimax
 CVE-2024-45598 (Cacti is an open source performance and fault management 
framework. Pr ...)
+       {DSA-5862-1}
        - cacti 1.2.28+ds1-4 (bug #1094574)
        NOTE: 
https://github.com/Cacti/cacti/security/advisories/GHSA-pv2c-97pp-vxwg
        NOTE: Fixed by: 
https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0
@@ -5951,7 +6052,7 @@ CVE-2024-55511 (A null pointer dereference vulnerability 
in Macrium Reflect prio
        NOT-FOR-US: Macrium Reflect
 CVE-2024-54660 (A JNDI injection issue was discovered in Cloudera JDBC 
Connector for H ...)
        NOT-FOR-US: Cloudera JDBC Connector for Haadoop
-CVE-2024-54658 [Processing web content may lead to a denial-of-service]
+CVE-2024-54658 (The issue was addressed with improved memory handling. This 
issue is f ...)
        {DSA-5684-1}
        - webkit2gtk 2.44.0-1
        - wpewebkit 2.44.1-1
@@ -7708,7 +7809,7 @@ CVE-2024-12747 (A flaw was found in rsync. This 
vulnerability arises from a race
        - rsync 3.3.0+ds1-3
        NOTE: https://www.openwall.com/lists/oss-security/2025/01/14/3
        NOTE: Fixed by: 
https://git.samba.org/?p=rsync.git;a=commit;h=0590b09d9a34ae72741b91ec0708a820650198b0
 (v3.4.0)
-CVE-2024-12088 (A flaw was found in rsync. When using the `--safe-links` 
option, rsync ...)
+CVE-2024-12088 (A flaw was found in rsync. When using the `--safe-links` 
option, the r ...)
        {DSA-5843-1 DLA-4015-1}
        - rsync 3.3.0+ds1-3
        NOTE: https://www.openwall.com/lists/oss-security/2025/01/14/3
@@ -36403,21 +36504,25 @@ CVE-2024-43697 (in OpenHarmony v4.1.0 and prior 
versions allow a local attacker
 CVE-2024-43696 (in OpenHarmony v4.1.0 and prior versions allow a local 
attacker cause  ...)
        NOT-FOR-US: OpenHarmony
 CVE-2024-43365 (Cacti is an open source performance and fault management 
framework. Th ...)
+       {DSA-5862-1}
        - cacti 1.2.28+ds1-1
        NOTE: 
https://github.com/Cacti/cacti/security/advisories/GHSA-49f2-hwx9-qffr
        NOTE: Fixed by: 
https://github.com/Cacti/cacti/commit/e03f605dca8da56ecc7d321103a5842cd32007b0 
(release/1.2.28)
        NOTE: Fixed by: 
https://github.com/Cacti/cacti/commit/059d107fade96cde3743f1e2d444ce52beb92321 
(release/1.2.28)
 CVE-2024-43364 (Cacti is an open source performance and fault management 
framework. Th ...)
+       {DSA-5862-1}
        - cacti 1.2.28+ds1-1
        NOTE: 
https://github.com/Cacti/cacti/security/advisories/GHSA-fgc6-g8gc-wcg5
        NOTE: Fixed by: 
https://github.com/Cacti/cacti/commit/e03f605dca8da56ecc7d321103a5842cd32007b0 
(release/1.2.28)
        NOTE: Fixed by: 
https://github.com/Cacti/cacti/commit/059d107fade96cde3743f1e2d444ce52beb92321 
(release/1.2.28)
 CVE-2024-43363 (Cacti is an open source performance and fault management 
framework. An ...)
+       {DSA-5862-1}
        - cacti 1.2.28+ds1-1 (unimportant)
        NOTE: 
https://github.com/Cacti/cacti/security/advisories/GHSA-gxq4-mv8h-6qj4
        NOTE: Fixed by: 
https://github.com/Cacti/cacti/commit/3adc71a2b97506bf26c21935e1e6f30d58fe88e3 
(release/1.2.28)
        NOTE: Negligible security impact as exploitability depends on writable 
web root for cacti
 CVE-2024-43362 (Cacti is an open source performance and fault management 
framework. Th ...)
+       {DSA-5862-1}
        - cacti 1.2.28+ds1-1
        NOTE: 
https://github.com/Cacti/cacti/security/advisories/GHSA-wh9c-v56x-v77c
        NOTE: Fixed by: 
https://github.com/Cacti/cacti/commit/3f64e7c1a63e36d0e826c34f05ad20b6683b27ff 
(release/1.2.28)
@@ -75836,6 +75941,7 @@ CVE-2024-28277 (In Sourcecodester School Task Manager 
v1.0, a vulnerability was
 CVE-2024-28276 (Sourcecodester School Task Manager 1.0 is vulnerable to Cross 
Site Scr ...)
        NOT-FOR-US: Sourcecodester School Task Manager
 CVE-2024-27082 (Cacti provides an operational monitoring and fault management 
framewor ...)
+       {DSA-5862-1}
        - cacti 1.2.27+ds1-1
        [bullseye] - cacti <not-affected> (Vulnerable code not present)
        NOTE: GitHub GHSA: 
https://github.com/Cacti/cacti/security/advisories/GHSA-j868-7vjp-rp9h



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c6000b067969c6a49b7b38149a5661c58933f817

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c6000b067969c6a49b7b38149a5661c58933f817
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to