[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Tue, 11 Mar 2025 10:07:27 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
efbb7c41 by security tracker role at 2025-03-10T20:12:11+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,127 @@
+CVE-2025-2153 (A vulnerability, which was classified as critical, was found in 
HDF5 1 ...)
+       TODO: check
+CVE-2025-2152 (A vulnerability, which was classified as critical, has been 
found in O ...)
+       TODO: check
+CVE-2025-2151 (A vulnerability classified as critical was found in Open Asset 
Import  ...)
+       TODO: check
+CVE-2025-2149 (A vulnerability was found in PyTorch 2.6.0+cu124. It has been 
rated as ...)
+       TODO: check
+CVE-2025-2148 (A vulnerability was found in PyTorch 2.6.0+cu124. It has been 
declared ...)
+       TODO: check
+CVE-2025-2147 (A vulnerability was found in Beijing Zhide Intelligent Internet 
Techno ...)
+       TODO: check
+CVE-2025-27913 (Passbolt API before 5, if the server is misconfigured (with an 
incorre ...)
+       TODO: check
+CVE-2025-27616 (Vela is a Pipeline Automation (CI/CD) framework built on Linux 
contain ...)
+       TODO: check
+CVE-2025-27615 (umatiGateway is software for connecting OPC Unified 
Architecture serve ...)
+       TODO: check
+CVE-2025-27257 (Insufficient Verification of Data Authenticity vulnerability 
in GE Ver ...)
+       TODO: check
+CVE-2025-27256 (Missing Authentication for Critical Function vulnerability in 
GE Verno ...)
+       TODO: check
+CVE-2025-27255 (Use of Hard-coded Credentials vulnerability in GE Vernova 
EnerVista UR ...)
+       TODO: check
+CVE-2025-27254 (Improper Authentication vulnerability in GE Vernova EnerVista 
UR Setup ...)
+       TODO: check
+CVE-2025-27253 (An improper input validation in GE Vernova UR IED family 
devices from  ...)
+       TODO: check
+CVE-2025-27136 (LocalS3 is an Amazon S3 mock service for testing and local 
development ...)
+       TODO: check
+CVE-2025-26936 (Improper Control of Generation of Code ('Code Injection') 
vulnerabilit ...)
+       TODO: check
+CVE-2025-26933 (Improper Control of Filename for Include/Require Statement in 
PHP Prog ...)
+       TODO: check
+CVE-2025-26916 (Improper Control of Filename for Include/Require Statement in 
PHP Prog ...)
+       TODO: check
+CVE-2025-26910 (Cross-Site Request Forgery (CSRF) vulnerability in Iqonic 
Design WPBoo ...)
+       TODO: check
+CVE-2025-26696 (Certain crafted MIME email messages that claimed to contain an 
encrypt ...)
+       TODO: check
+CVE-2025-26695 (When requesting an OpenPGP key from a WKD server, an incorrect 
padding ...)
+       TODO: check
+CVE-2025-25977 (An issue in canvg v.4.0.2 allows an attacker to execute 
arbitrary code ...)
+       TODO: check
+CVE-2025-25940 (VisiCut 2.1 allows code execution via Insecure XML 
Deserialization in  ...)
+       TODO: check
+CVE-2025-25620 (Unifiedtransform 2.0 is vulnerable to Cross Site Scripting 
(XSS) in th ...)
+       TODO: check
+CVE-2025-25616 (Unifiedtransform 2.0 is vulnerable to Incorrect Access 
Control, which  ...)
+       TODO: check
+CVE-2025-25615 (Unifiedtransform 2.0 is vulnerable to Incorrect Access Control 
which a ...)
+       TODO: check
+CVE-2025-25614 (Incorrect Access Control in Unifiedtransform 2.0 leads to 
Privilege Es ...)
+       TODO: check
+CVE-2025-25382 (An issue in the Property Tax Payment Portal in Information 
Kerala Miss ...)
+       TODO: check
+CVE-2025-25306 (Misskey is an open source, federated social media platform. 
The patch  ...)
+       TODO: check
+CVE-2025-24813 (Path Equivalence: 'file.Name' (Internal Dot) leading toRemote 
Code Exe ...)
+       TODO: check
+CVE-2025-24387 (A vulnerability in OTRS Application Server allows session 
hijacking du ...)
+       TODO: check
+CVE-2025-22603 (AutoGPT is a platform that allows users to create, deploy, and 
manage  ...)
+       TODO: check
+CVE-2025-1945 (picklescan before 0.0.23 fails to detect malicious pickle files 
inside ...)
+       TODO: check
+CVE-2025-1944 (picklescan before 0.0.23 is vulnerable to a ZIP archive 
manipulation a ...)
+       TODO: check
+CVE-2025-1497 (A vulnerability, that could result in Remote Code Execution 
(RCE), has ...)
+       TODO: check
+CVE-2025-1296 (Nomad Community and Nomad Enterprise (\u201cNomad\u201d) are 
vulnerabl ...)
+       TODO: check
+CVE-2024-57492 (An issue in redoxOS relibc before commit 98aa4ea5 allows a 
local attac ...)
+       TODO: check
+CVE-2024-56188 (there is a possible way to crash the modem due to a missing 
null check ...)
+       TODO: check
+CVE-2024-56187 (In ppcfw_deny_sec_dram_access of ppcfw.c, there is a possible 
arbitrar ...)
+       TODO: check
+CVE-2024-56186 (In closeChannel of secureelementimpl.cpp, there is a possible 
out of b ...)
+       TODO: check
+CVE-2024-56185 (In ProtocolUnsolOnSSAdapter::GetServiceClass() of 
protocolcalladapter. ...)
+       TODO: check
+CVE-2024-56184 (In static long dev_send of tipc_dev_ql, there is a possible 
out of bou ...)
+       TODO: check
+CVE-2024-55199 (A Stored Cross Site Scripting (XSS) vulnerability in Celk 
Sistemas Cel ...)
+       TODO: check
+CVE-2024-54560 (A logic issue was addressed with improved checks. This issue 
is fixed  ...)
+       TODO: check
+CVE-2024-54558 (A clickjacking issue was addressed with improved 
out-of-process view h ...)
+       TODO: check
+CVE-2024-54546 (The issue was addressed with improved memory handling. This 
issue is f ...)
+       TODO: check
+CVE-2024-54473 (This issue was addressed with improved redaction of sensitive 
informat ...)
+       TODO: check
+CVE-2024-54469 (The issue was addressed with improved checks. This issue is 
fixed in m ...)
+       TODO: check
+CVE-2024-54467 (A cookie management issue was addressed with improved state 
management ...)
+       TODO: check
+CVE-2024-54463 (This issue was addressed with improved entitlements. This 
issue is fix ...)
+       TODO: check
+CVE-2024-53307 (A reflected cross-site scripting (XSS) vulnerability in the 
/mw/ endpo ...)
+       TODO: check
+CVE-2024-52905 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 
6.1.2.6 a ...)
+       TODO: check
+CVE-2024-52812 (LF Edge eKuiper is an internet-of-things data analytics and 
stream pro ...)
+       TODO: check
+CVE-2024-47109 (IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 
through  ...)
+       TODO: check
+CVE-2024-44227 (The issue was addressed with improved memory handling. This 
issue is f ...)
+       TODO: check
+CVE-2024-44192 (The issue was addressed with improved checks. This issue is 
fixed in w ...)
+       TODO: check
+CVE-2024-44179 (This issue was addressed by restricting options offered on a 
locked de ...)
+       TODO: check
+CVE-2024-13919 (The Laravel framework versions between 11.9.0 and 11.35.1 are 
suscepti ...)
+       TODO: check
+CVE-2024-13918 (The Laravel framework versions between 11.9.0 and 11.35.1 are 
suscepti ...)
+       TODO: check
+CVE-2024-12604 (Cleartext Storage of Sensitive Information in an Environment 
Variable, ...)
+       TODO: check
+CVE-2022-48610 (This issue was addressed through improved state management. 
This issue ...)
+       TODO: check
+CVE-2022-43454 (A double free issue was addressed with improved memory 
management. Thi ...)
+       TODO: check
 CVE-2025-2150 (The C&Cm@il from HGiga has a Stored Cross-Site Scripting (XSS) 
vulnera ...)
        NOT-FOR-US: HGiga
 CVE-2025-2133 (A vulnerability classified as problematic was found in ftcms 
2.1. Affe ...)
@@ -333,7 +457,7 @@ CVE-2025-21835 (In the Linux kernel, the following 
vulnerability has been resolv
        - linux 6.12.16-1
        [bookworm] - linux 6.1.129-1
        NOTE: 
https://git.kernel.org/linus/da1668997052ed1cb00322e1f3b63702615c9429 (6.14-rc3)
-CVE-2025-26865
+CVE-2025-26865 (Improper Neutralization of Special Elements Used in a Template 
Engine  ...)
        NOT-FOR-US: Apache OFBiz
 CVE-2025-XXXX [RUSTSEC-2025-0009]
        - rust-ring <unfixed>
@@ -1261,7 +1385,7 @@ CVE-2025-1943 (Memory safety bugs present in Firefox 135 
and Thunderbird 135. So
        - firefox 136.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-14/#CVE-2025-1943
 CVE-2025-1938 (Memory safety bugs present in Firefox 135, Thunderbird 135, 
Firefox ES ...)
-       {DSA-5876-1 DSA-5874-1 DLA-4078-1}
+       {DSA-5876-1 DSA-5874-1 DLA-4081-1 DLA-4078-1}
        - firefox 136.0-1
        - firefox-esr 128.8.0esr-1
        - thunderbird 1:128.8.0esr-1
@@ -1269,7 +1393,7 @@ CVE-2025-1938 (Memory safety bugs present in Firefox 135, 
Thunderbird 135, Firef
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-16/#CVE-2025-1938
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-18/#CVE-2025-1938
 CVE-2025-1937 (Memory safety bugs present in Firefox 135, Thunderbird 135, 
Firefox ES ...)
-       {DSA-5876-1 DSA-5874-1 DLA-4078-1}
+       {DSA-5876-1 DSA-5874-1 DLA-4081-1 DLA-4078-1}
        - firefox 136.0-1
        - firefox-esr 128.8.0esr-1
        - thunderbird 1:128.8.0esr-1
@@ -1277,7 +1401,7 @@ CVE-2025-1937 (Memory safety bugs present in Firefox 135, 
Thunderbird 135, Firef
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-16/#CVE-2025-1937
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-18/#CVE-2025-1937
 CVE-2025-1936 (jar: URLs retrieve local file content packaged in a ZIP 
archive. The n ...)
-       {DSA-5876-1 DSA-5874-1 DLA-4078-1}
+       {DSA-5876-1 DSA-5874-1 DLA-4081-1 DLA-4078-1}
        - firefox 136.0-1
        - firefox-esr 128.8.0esr-1
        - thunderbird 1:128.8.0esr-1
@@ -1285,7 +1409,7 @@ CVE-2025-1936 (jar: URLs retrieve local file content 
packaged in a ZIP archive.
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-16/#CVE-2025-1936
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-18/#CVE-2025-1936
 CVE-2025-1935 (A web page could trick a user into setting that site as the 
default ha ...)
-       {DSA-5876-1 DSA-5874-1 DLA-4078-1}
+       {DSA-5876-1 DSA-5874-1 DLA-4081-1 DLA-4078-1}
        - firefox 136.0-1
        - firefox-esr 128.8.0esr-1
        - thunderbird 1:128.8.0esr-1
@@ -1299,7 +1423,7 @@ CVE-2025-1941 (Under certain circumstances, a user opt-in 
setting that Focus sho
        - firefox <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-14/#CVE-2025-1941
 CVE-2025-1934 (It was possible to interrupt the processing of a RegExp bailout 
and ru ...)
-       {DSA-5876-1 DSA-5874-1 DLA-4078-1}
+       {DSA-5876-1 DSA-5874-1 DLA-4081-1 DLA-4078-1}
        - firefox 136.0-1
        - firefox-esr 128.8.0esr-1
        - thunderbird 1:128.8.0esr-1
@@ -1310,7 +1434,7 @@ CVE-2025-1940 (A select option could partially obscure 
the confirmation prompt s
        - firefox <not-affected> (Only affects Firefox on Android)
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-14/#CVE-2025-1940
 CVE-2025-1933 (On 64-bit CPUs, when the JIT compiles WASM i32 return values 
they can  ...)
-       {DSA-5876-1 DSA-5874-1 DLA-4078-1}
+       {DSA-5876-1 DSA-5874-1 DLA-4081-1 DLA-4078-1}
        - firefox 136.0-1
        - firefox-esr 128.8.0esr-1
        - thunderbird 1:128.8.0esr-1
@@ -1318,7 +1442,7 @@ CVE-2025-1933 (On 64-bit CPUs, when the JIT compiles WASM 
i32 return values they
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-16/#CVE-2025-1933
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-18/#CVE-2025-1932
 CVE-2025-1932 (An inconsistent comparator in xslt/txNodeSorter could have 
resulted in ...)
-       {DSA-5876-1 DSA-5874-1 DLA-4078-1}
+       {DSA-5876-1 DSA-5874-1 DLA-4081-1 DLA-4078-1}
        - firefox 136.0-1
        - firefox-esr 128.8.0esr-1
        - thunderbird 1:128.8.0esr-1
@@ -1326,7 +1450,7 @@ CVE-2025-1932 (An inconsistent comparator in 
xslt/txNodeSorter could have result
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-16/#CVE-2025-1932
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-18/#CVE-2025-1932
 CVE-2025-1931 (It was possible to cause a use-after-free in the content 
process side  ...)
-       {DSA-5876-1 DSA-5874-1 DLA-4078-1}
+       {DSA-5876-1 DSA-5874-1 DLA-4081-1 DLA-4078-1}
        - firefox 136.0-1
        - firefox-esr 128.8.0esr-1
        - thunderbird 1:128.8.0esr-1
@@ -21863,7 +21987,7 @@ CVE-2024-43764 (In onPrimaryClipChanged of 
ClipboardListener.java, there is a po
 CVE-2024-43762 (In multiple locations, there is a possible way to avoid 
unbinding of a ...)
        NOT-FOR-US: Android
 CVE-2024-43097 (In resizeToAtLeast of SkRegion.cpp, there is a possible out of 
bounds  ...)
-       {DSA-5876-1 DSA-5874-1 DLA-4078-1}
+       {DSA-5876-1 DSA-5874-1 DLA-4081-1 DLA-4078-1}
        - firefox-esr 128.8.0esr-1
        - thunderbird 1:128.8.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-16/#CVE-2024-43097



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/efbb7c410eb3ac94b4bbd63f48b84ab7693a785a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/efbb7c410eb3ac94b4bbd63f48b84ab7693a785a
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to