Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
98a54ee9 by security tracker role at 2025-03-12T20:12:44+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,97 +1,207 @@
-CVE-2025-27867
+CVE-2025-2240 (A flaw was found in Smallrye, where smallrye-fault-tolerance is
vulner ...)
+ TODO: check
+CVE-2025-2239 (Generation of Error Message Containing Sensitive Information
vulnerabi ...)
+ TODO: check
+CVE-2025-2002 (CWE-532: Insertion of Sensitive Information into Log Files
vulnerabili ...)
+ TODO: check
+CVE-2025-29904 (In JetBrains Ktor before 3.1.1 an HTTP Request Smuggling was
possible)
+ TODO: check
+CVE-2025-29903 (In JetBrains Runtime before 21.0.6b872.80 arbitrary dynamic
library ex ...)
+ TODO: check
+CVE-2025-27915 (An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and
10.0 and ...)
+ TODO: check
+CVE-2025-27914 (An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and
10.0 and ...)
+ TODO: check
+CVE-2025-27794 (Flarum is open-source forum software. A session hijacking
vulnerabilit ...)
+ TODO: check
+CVE-2025-27788 (JSON is a JSON implementation for Ruby. Starting in version
2.10.0 and ...)
+ TODO: check
+CVE-2025-27407 (graphql-ruby is a Ruby implementation of GraphQL. Starting in
version ...)
+ TODO: check
+CVE-2025-27017 (Apache NiFi 1.13.0 through 2.2.0 includes the username and
password us ...)
+ TODO: check
+CVE-2025-26260 (Plenti <= 0.7.16 is vulnerable to code execution. Users
uploading '.sv ...)
+ TODO: check
+CVE-2025-25975 (An issue in parse-git-config v.3.0.0 allows an attacker to
obtain sens ...)
+ TODO: check
+CVE-2025-25774 (An issue was discovered in Open5GS v2.7.2. When a UE switches
between ...)
+ TODO: check
+CVE-2025-25711 (An issue in dtp.ae tNexus Airport View v.2.8 allows a remote
attacker ...)
+ TODO: check
+CVE-2025-25709 (An issue in dtp.ae tNexus Airport View v.2.8 allows a remote
attacker ...)
+ TODO: check
+CVE-2025-25683 (AlekSIS-Core is vulnerable to Incorrect Access Control.
Unauthenticate ...)
+ TODO: check
+CVE-2025-25568 (SoftEtherVPN 5.02.5187 is vulnerable to Use after Free in the
Command. ...)
+ TODO: check
+CVE-2025-25567 (SoftEther VPN 5.02.5187 is vulnerable to Buffer Overflow in
Internat.c ...)
+ TODO: check
+CVE-2025-25566 (Memory Leak vulnerability in SoftEtherVPN 5.02.5187 allows an
attacker ...)
+ TODO: check
+CVE-2025-25565 (SoftEther VPN 5.02.5187 is vulnerable to Buffer Overflow in
the Comman ...)
+ TODO: check
+CVE-2025-22954 (Koha <= 21.11 is contains a SQL Injection vulnerability in
/serials/la ...)
+ TODO: check
+CVE-2025-21590 (An Improper Isolation or Compartmentalization vulnerability in
the ker ...)
+ TODO: check
+CVE-2025-20209 (A vulnerability in the Internet Key Exchange version 2 (IKEv2)
functio ...)
+ TODO: check
+CVE-2025-20177 (A vulnerability in the boot process of Cisco IOS XR Software
could all ...)
+ TODO: check
+CVE-2025-20146 (A vulnerability in the Layer 3 multicast feature of Cisco IOS
XR Softw ...)
+ TODO: check
+CVE-2025-20145 (A vulnerability in the access control list (ACL) processing in
the egr ...)
+ TODO: check
+CVE-2025-20144 (A vulnerability in the hybrid access control list (ACL)
processing of ...)
+ TODO: check
+CVE-2025-20143 (A vulnerability in the boot process of Cisco IOS XR Software
could all ...)
+ TODO: check
+CVE-2025-20142 (A vulnerability in the IPv4 access control list (ACL) feature
and qual ...)
+ TODO: check
+CVE-2025-20141 (A vulnerability in the handling of specific packets that are
punted fr ...)
+ TODO: check
+CVE-2025-20138 (A vulnerability in the CLI of Cisco IOS XR Software could
allow an aut ...)
+ TODO: check
+CVE-2025-20115 (A vulnerability in confederation implementation for the Border
Gateway ...)
+ TODO: check
+CVE-2025-1984 (Xerox Desktop Print Experience application contains a Local
Privilege ...)
+ TODO: check
+CVE-2025-1960 (CWE-1188: Initialization of a Resource with an Insecure Default
vulner ...)
+ TODO: check
+CVE-2025-1683 (Improper link resolution before file access in the Nomad module
of the ...)
+ TODO: check
+CVE-2025-1527 (The ShopLentor \u2013 WooCommerce Builder for Elementor &
Gutenberg +2 ...)
+ TODO: check
+CVE-2025-0884 (Unquoted Search Path or Element vulnerability in OpenText\u2122
Servic ...)
+ TODO: check
+CVE-2025-0883 (Improper Neutralization of Script in an Error Message Web Page
vulnera ...)
+ TODO: check
+CVE-2025-0813 (CWE-287: Improper Authentication vulnerability exists that
could cause ...)
+ TODO: check
+CVE-2025-0118 (A vulnerability in the Palo Alto Networks GlobalProtect app on
Windows ...)
+ TODO: check
+CVE-2025-0117 (A reliance on untrusted input for a security decision in the
GlobalPro ...)
+ TODO: check
+CVE-2025-0116 (A Denial of Service (DoS) vulnerability in Palo Alto Networks
PAN-OS s ...)
+ TODO: check
+CVE-2025-0115 (A vulnerability in the Palo Alto Networks PAN-OS software
enables an a ...)
+ TODO: check
+CVE-2025-0114 (A Denial of Service (DoS) vulnerability in the GlobalProtect
feature o ...)
+ TODO: check
+CVE-2024-52362 (IBM App Connect Enterprise Certified Container 7.2, 8.0, 8.1,
8.2, 9.0 ...)
+ TODO: check
+CVE-2024-34398 (An issue was discovered in BMC Remedy Mid Tier 7.6.04. The web
applica ...)
+ TODO: check
+CVE-2024-27763 (XPixelGroup BasicSR through 1.4.2 might locally allow code
execution i ...)
+ TODO: check
+CVE-2024-26290 (Improper Input Validation vulnerability in Avid Avid NEXIS
E-series on ...)
+ TODO: check
+CVE-2024-13872 (Bitdefender Box, versions 1.3.11.490 through 1.3.11.505, uses
the inse ...)
+ TODO: check
+CVE-2024-13871 (A command injection vulnerability exists in the
/check_image_and_trigg ...)
+ TODO: check
+CVE-2024-13870 (An improper access control vulnerability exists in Bitdefender
Box 1 ( ...)
+ TODO: check
+CVE-2024-13446 (The Workreap plugin for WordPress is vulnerable to privilege
escalatio ...)
+ TODO: check
+CVE-2024-13430 (The Page Builder: Pagelayer \u2013 Drag and Drop website
builder plugi ...)
+ TODO: check
+CVE-2024-10838 (An integer underflow during deserialization may allow any
unauthentica ...)
+ TODO: check
+CVE-2025-27867 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: Apache Felix Webconsole
-CVE-2025-29891
+CVE-2025-29891 (Bypass/Injection vulnerability in Apache Camel. This issue
affects Ap ...)
NOT-FOR-US: Apache Camel
-CVE-2025-21866 [powerpc/code-patching: Fix KASAN hit by not flagging text
patching area as VM_ALLOC]
+CVE-2025-21866 (In the Linux kernel, the following vulnerability has been
resolved: p ...)
- linux 6.12.17-1
NOTE:
https://git.kernel.org/linus/d262a192d38e527faa5984629aabda2e0d1c4f54 (6.14-rc4)
-CVE-2025-21865 [gtp: Suppress list corruption splat in
gtp_net_exit_batch_rtnl().]
+CVE-2025-21865 (In the Linux kernel, the following vulnerability has been
resolved: g ...)
- linux 6.12.17-1
NOTE:
https://git.kernel.org/linus/4ccacf86491d33d2486b62d4d44864d7101b299d (6.14-rc4)
-CVE-2025-21864 [tcp: drop secpath at the same time as we currently drop dst]
+CVE-2025-21864 (In the Linux kernel, the following vulnerability has been
resolved: t ...)
- linux 6.12.17-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/9b6412e6979f6f9e0632075f8f008937b5cd4efd (6.14-rc4)
-CVE-2025-21863 [io_uring: prevent opcode speculation]
+CVE-2025-21863 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
- linux 6.12.17-1
NOTE:
https://git.kernel.org/linus/1e988c3fe1264708f4f92109203ac5b1d65de50b (6.14-rc4)
-CVE-2025-21862 [drop_monitor: fix incorrect initialization order]
+CVE-2025-21862 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 6.12.17-1
NOTE:
https://git.kernel.org/linus/07b598c0e6f06a0f254c88dafb4ad50f8a8c6eea (6.14-rc4)
-CVE-2025-21861 [mm/migrate_device: don't add folio to be freed to LRU in
migrate_device_finalize()]
+CVE-2025-21861 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
- linux 6.12.17-1
NOTE:
https://git.kernel.org/linus/41cddf83d8b00f29fd105e7a0777366edc69a5cf (6.14-rc4)
-CVE-2025-21860 [mm/zswap: fix inconsistency when zswap_store_page() fails]
+CVE-2025-21860 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
- linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/63895d20d63b446f5049a963983489319c2ea3e2 (6.14-rc4)
-CVE-2025-21859 [USB: gadget: f_midi: f_midi_complete to call queue_work]
+CVE-2025-21859 (In the Linux kernel, the following vulnerability has been
resolved: U ...)
- linux 6.12.17-1
NOTE:
https://git.kernel.org/linus/4ab37fcb42832cdd3e9d5e50653285ca84d6686f (6.14-rc3)
-CVE-2025-21858 [geneve: Fix use-after-free in geneve_find_dev().]
+CVE-2025-21858 (In the Linux kernel, the following vulnerability has been
resolved: g ...)
- linux 6.12.17-1
NOTE:
https://git.kernel.org/linus/9593172d93b9f91c362baec4643003dc29802929 (6.14-rc4)
-CVE-2025-21857 [net/sched: cls_api: fix error handling causing NULL
dereference]
+CVE-2025-21857 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.12.17-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/071ed42cff4fcdd89025d966d48eabef59913bf2 (6.14-rc4)
-CVE-2025-21856 [s390/ism: add release function for struct device]
+CVE-2025-21856 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
- linux 6.12.17-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/915e34d5ad35a6a9e56113f852ade4a730fb88f0 (6.14-rc4)
-CVE-2025-21855 [ibmvnic: Don't reference skb after sending to VIOS]
+CVE-2025-21855 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
- linux 6.12.17-1
NOTE:
https://git.kernel.org/linus/bdf5d13aa05ec314d4385b31ac974d6c7e0997c9 (6.14-rc4)
-CVE-2025-21854 [sockmap, vsock: For connectible sockets allow only connected]
+CVE-2025-21854 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
- linux 6.12.17-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/8fb5bb169d17cdd12c2dcc2e96830ed487d77a0f (6.14-rc4)
-CVE-2025-21853 [bpf: avoid holding freeze_mutex during mmap operation]
+CVE-2025-21853 (In the Linux kernel, the following vulnerability has been
resolved: b ...)
- linux 6.12.17-1
NOTE:
https://git.kernel.org/linus/bc27c52eea189e8f7492d40739b7746d67b65beb (6.14-rc4)
-CVE-2025-21852 [net: Add rx_skb of kfree_skb to raw_tp_null_args[].]
+CVE-2025-21852 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.12.17-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/5da7e15fb5a12e78de974d8908f348e279922ce9 (6.14-rc4)
-CVE-2025-21851 [bpf: Fix softlockup in arena_map_free on 64k page kernel]
+CVE-2025-21851 (In the Linux kernel, the following vulnerability has been
resolved: b ...)
- linux 6.12.17-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/517e8a7835e8cfb398a0aeb0133de50e31cae32b (6.14-rc4)
-CVE-2025-21850 [nvmet: Fix crash when a namespace is disabled]
+CVE-2025-21850 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/4082326807072b71496501b6a0c55ffe8d5092a5 (6.14-rc4)
-CVE-2025-21849 [drm/i915/gt: Use spin_lock_irqsave() in interruptible context]
+CVE-2025-21849 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 6.12.17-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/e49477f7f78598295551d486ecc7f020d796432e (6.14-rc4)
-CVE-2025-21848 [nfp: bpf: Add check for nfp_app_ctrl_msg_alloc()]
+CVE-2025-21848 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.12.17-1
NOTE:
https://git.kernel.org/linus/878e7b11736e062514e58f3b445ff343e6705537 (6.14-rc4)
-CVE-2025-21847 [ASoC: SOF: stream-ipc: Check for cstream nullity in
sof_ipc_msg_data()]
+CVE-2025-21847 (In the Linux kernel, the following vulnerability has been
resolved: A ...)
- linux 6.12.17-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/d8d99c3b5c485f339864aeaa29f76269cc0ea975 (6.14-rc4)
-CVE-2025-21846 [acct: perform last write from workqueue]
+CVE-2025-21846 (In the Linux kernel, the following vulnerability has been
resolved: a ...)
- linux 6.12.17-1
NOTE:
https://git.kernel.org/linus/56d5f3eba3f5de0efdd556de4ef381e109b973a9 (6.14-rc4)
-CVE-2025-21845 [mtd: spi-nor: sst: Fix SST write failure]
+CVE-2025-21845 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
- linux 6.12.17-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/539bd20352832b9244238a055eb169ccf1c41ff6 (6.14-rc4)
-CVE-2025-21844 [smb: client: Add check for next_buffer in
receive_encrypted_standard()]
+CVE-2025-21844 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
- linux 6.12.17-1
NOTE:
https://git.kernel.org/linus/860ca5e50f73c2a1cef7eefc9d39d04e275417f7 (6.14-rc4)
-CVE-2024-58089 [btrfs: fix double accounting race when
btrfs_run_delalloc_range() failed]
+CVE-2024-58089 (In the Linux kernel, the following vulnerability has been
resolved: b ...)
- linux 6.12.17-1
NOTE:
https://git.kernel.org/linus/72dad8e377afa50435940adfb697e070d3556670 (6.14-rc1)
-CVE-2024-58088 [bpf: Fix deadlock when freeing cgroup storage]
+CVE-2024-58088 (In the Linux kernel, the following vulnerability has been
resolved: b ...)
- linux 6.12.17-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -517,6 +627,7 @@ CVE-2025-24439 (Substance3D - Sampler versions 4.5.2 and
earlier are affected by
CVE-2025-24431 (Acrobat Reader versions 24.001.30225, 20.005.30748,
25.001.20428 and e ...)
NOT-FOR-US: Adobe
CVE-2025-24201 (An out-of-bounds write issue was addressed with improved
checks to pre ...)
+ {DSA-5877-1}
NOT-FOR-US: Apple
CVE-2025-24084 (Untrusted pointer dereference in Windows Subsystem for Linux
allows an ...)
NOT-FOR-US: Microsoft
@@ -729,12 +840,15 @@ CVE-2025-2173 (A vulnerability was found in libzvbi up to
0.2.43. It has been cl
CVE-2025-2169 (The The WPCS \u2013 WordPress Currency Switcher Professional
plugin fo ...)
NOT-FOR-US: WordPress plugin
CVE-2025-2137 (Out of bounds read in V8 in Google Chrome prior to
134.0.6998.88 allow ...)
+ {DSA-5877-1}
- chromium 134.0.6998.88-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-2136 (Use after free in Inspector in Google Chrome prior to
134.0.6998.88 al ...)
+ {DSA-5877-1}
- chromium 134.0.6998.88-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-2135 (Type Confusion in V8 in Google Chrome prior to 134.0.6998.88
allowed a ...)
+ {DSA-5877-1}
- chromium 134.0.6998.88-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-27926 (In Nintex Automation 5.6 and 5.7 before 5.8, the K2 SmartForms
Designe ...)
@@ -809,6 +923,7 @@ CVE-2025-23188 (An authenticated user with low privileges
can exploit a missing
CVE-2025-23185 (Due to improper error handling in SAP Business Objects
Business Intell ...)
NOT-FOR-US: SAP
CVE-2025-1920 (Type Confusion in V8 in Google Chrome prior to 134.0.6998.88
allowed a ...)
+ {DSA-5877-1}
- chromium 134.0.6998.88-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-1661 (The HUSKY \u2013 Products Filter Professional for WooCommerce
plugin f ...)
@@ -1056,7 +1171,7 @@ CVE-2025-2119 (A vulnerability was found in Thinkware Car
Dashcam F800 Pro up to
NOT-FOR-US: Thinkware Car Dashcam F800 Pro
CVE-2025-2118 (A vulnerability was found in Quantico Tecnologia PRMV 6.48. It
has bee ...)
NOT-FOR-US: Quantico Tecnologia PRMV
-CVE-2025-27636 (Bypass/Injection vulnerability in Apache Camel-Bean component
under pa ...)
+CVE-2025-27636 (Bypass/Injection vulnerability in Apache Camel components
under partic ...)
NOT-FOR-US: Apache Camel
CVE-2025-2117 (A vulnerability was found in Beijing Founder Electronics
Founder Enjoy ...)
NOT-FOR-US: Beijing Founder Electronics Founder Enjoys All-Media
Acquisition and Editing System
@@ -2121,7 +2236,7 @@ CVE-2024-0141 (NVIDIA Hopper HGX for 8-GPU contains a
vulnerability in the GPU v
NOT-FOR-US: NVIDIA
CVE-2024-0114 (NVIDIA Hopper HGX for 8-GPU contains a vulnerability in the HGX
Manage ...)
NOT-FOR-US: NVIDIA
-CVE-2025-22870 [Matching of hosts against proxy patterns could improperly
treat an IPv6 zone ID as a hostname component]
+CVE-2025-22870 (Matching of hosts against proxy patterns can improperly treat
an IPv6 ...)
- golang-1.24 1.24.1-1
- golang-1.23 1.23.7-1
- golang-1.19 <removed>
@@ -85631,7 +85746,8 @@ CVE-2024-35190 (Asterisk is an open source private
branch exchange and telephony
NOTE:
https://github.com/asterisk/asterisk/commit/85241bd22936cc15760fd1f65d16c98be7aeaf6d
CVE-2024-35174 (Missing Authorization vulnerability in Flothemes Flo
Forms.This issue ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-35173 (Missing Authorization vulnerability in PluginEver Serial
Numbers for W ...)
+CVE-2024-35173
+ REJECTED
NOT-FOR-US: WordPress plugin
CVE-2024-34997 (joblib v1.4.2 was discovered to contain a deserialization
vulnerabilit ...)
- joblib <unfixed> (unimportant)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/98a54ee906c490691d90be53c54af7c41084ce76
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/98a54ee906c490691d90be53c54af7c41084ce76
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
