[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Apr 2 21:12:14 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
68745f05 by security tracker role at 2025-04-02T20:12:06+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,43 +1,139 @@
-CVE-2025-27556 [Potential denial-of-service vulnerability in LoginView, LogoutView, and set_language() on Windows]
+CVE-2025-3099 (The Advanced Search by My Solr Server plugin for WordPress is vulnerab ...)
+ TODO: check
+CVE-2025-3098 (The Video Url plugin for WordPress is vulnerable to Reflected Cross-Si ...)
+ TODO: check
+CVE-2025-3097 (The wp Time Machine plugin for WordPress is vulnerable to Cross-Site R ...)
+ TODO: check
+CVE-2025-3063 (The Shopper Approved Reviews plugin for WordPress is vulnerable to una ...)
+ TODO: check
+CVE-2025-31728 (Jenkins AsakusaSatellite Plugin 0.1.1 and earlier does not mask Asakus ...)
+ TODO: check
+CVE-2025-31727 (Jenkins AsakusaSatellite Plugin 0.1.1 and earlier stores AsakusaSatell ...)
+ TODO: check
+CVE-2025-31726 (Jenkins Stack Hammer Plugin 1.0.6 and earlier stores Stack Hammer API ...)
+ TODO: check
+CVE-2025-31725 (Jenkins monitor-remote-job Plugin 1.0 stores passwords unencrypted in ...)
+ TODO: check
+CVE-2025-31724 (Jenkins Cadence vManager Plugin 4.0.0-282.v5096a_c2db_275 and earlier ...)
+ TODO: check
+CVE-2025-31723 (A cross-site request forgery (CSRF) vulnerability in Jenkins Simple Qu ...)
+ TODO: check
+CVE-2025-31722 (In Jenkins Templating Engine Plugin 2.5.3 and earlier, libraries defin ...)
+ TODO: check
+CVE-2025-31721 (A missing permission check in Jenkins 2.503 and earlier, LTS 2.492.2 a ...)
+ TODO: check
+CVE-2025-31720 (A missing permission check in Jenkins 2.503 and earlier, LTS 2.492.2 a ...)
+ TODO: check
+CVE-2025-31286 (An HTML injection vulnerability previously discovered in Trend Vision ...)
+ TODO: check
+CVE-2025-31285 (A broken access control vulnerability previously discovered in the Tre ...)
+ TODO: check
+CVE-2025-31284 (A broken access control vulnerability previously discovered in the Tre ...)
+ TODO: check
+CVE-2025-31283 (A broken access control vulnerability previously discovered in the Tre ...)
+ TODO: check
+CVE-2025-31282 (A broken access control vulnerability previously discovered in the Tre ...)
+ TODO: check
+CVE-2025-30090 (mime.php in SquirrelMail through 1.4.23-svn-20250401 and 1.5.x through ...)
+ TODO: check
+CVE-2025-2842 (A flaw was found in the Tempo Operator. When the Jaeger UI Monitor Tab ...)
+ TODO: check
+CVE-2025-2786 (A flaw was found in Tempo Operator, where it creates a ServiceAccount, ...)
+ TODO: check
+CVE-2025-2513 (The Smart Icons For WordPress plugin for WordPress is vulnerable to St ...)
+ TODO: check
+CVE-2025-2483 (The Gift Certificate Creator plugin for WordPress is vulnerable to Ref ...)
+ TODO: check
+CVE-2025-2005 (The Front End Users plugin for WordPress is vulnerable to arbitrary fi ...)
+ TODO: check
+CVE-2025-20212 (A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX ...)
+ TODO: check
+CVE-2025-20203 (A vulnerability in the web-based management interface of Cisco Evolved ...)
+ TODO: check
+CVE-2025-20139 (A vulnerability in chat messaging features of Cisco Enterprise Chat an ...)
+ TODO: check
+CVE-2025-20120 (A vulnerability in the web-based management interface of Cisco Evolved ...)
+ TODO: check
+CVE-2025-0154 (IBM TXSeries for Multiplatforms 9.1 and 11.1 could disclose sensitive ...)
+ TODO: check
+CVE-2025-0014 (Incorrect default permissions on the AMD Ryzen(TM) AI installation fol ...)
+ TODO: check
+CVE-2024-56476 (IBM TXSeries for Multiplatforms 9.1 and 11.1 could allow an attacker t ...)
+ TODO: check
+CVE-2024-56475 (IBM TXSeries for Multiplatforms 9.1 and 11.1is vulnerable to cross-sit ...)
+ TODO: check
+CVE-2024-56474 (IBM TXSeries for Multiplatforms 9.1 and 11.1 is vulnerable to cross-si ...)
+ TODO: check
+CVE-2024-56341 (IBM Content Navigator 3.0.11, 3.0.15, and 3.1.0 is vulnerable to cross ...)
+ TODO: check
+CVE-2024-50597 (An integer underflow vulnerability exists in the HTTP server PUT reque ...)
+ TODO: check
+CVE-2024-50596 (An integer underflow vulnerability exists in the HTTP server PUT reque ...)
+ TODO: check
+CVE-2024-50595 (An integer underflow vulnerability exists in the HTTP server PUT reque ...)
+ TODO: check
+CVE-2024-50594 (An integer underflow vulnerability exists in the HTTP server PUT reque ...)
+ TODO: check
+CVE-2024-50385 (A denial of service vulnerability exists in the NetX Component HTTP se ...)
+ TODO: check
+CVE-2024-50384 (A denial of service vulnerability exists in the NetX Component HTTP se ...)
+ TODO: check
+CVE-2024-45064 (A buffer overflow vulnerability exists in the FileX Internal RAM inter ...)
+ TODO: check
+CVE-2024-36337 (Integer overflow within AMD NPU Driver could allow a local attacker to ...)
+ TODO: check
+CVE-2024-36336 (Integer overflow within the AMD NPU Driver could allow a local attacke ...)
+ TODO: check
+CVE-2024-36328 (Integer overflow within AMD NPU Driver could allow a local attacker to ...)
+ TODO: check
+CVE-2024-25051 (IBM Jazz Reporting Service 7.0.2 and 7.0.3 does not invalidate session ...)
+ TODO: check
+CVE-2024-13637 (The Demo Awesome plugin for WordPress is vulnerable to unauthorized mo ...)
+ TODO: check
+CVE-2024-12410 (The Front End Users plugin for WordPress is vulnerable to SQL Injectio ...)
+ TODO: check
+CVE-2023-40714 (A relative path traversal in Fortinet FortiSIEM versions 7.0.0, 6.7.0 ...)
+ TODO: check
+CVE-2025-27556 (An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0. ...)
- python-django <not-affected> (Windows-specific)
NOTE: https://www.djangoproject.com/weblog/2025/apr/02/security-releases/
CVE-2025-2704
- openvpn <unfixed> (bug #1101935)
NOTE: Introduced after: https://github.com/OpenVPN/openvpn/commit/788ce35cf09aff09b79f428cdd6cfc0ff8627934 (v2.6_beta1)
NOTE: Fixed by: https://github.com/OpenVPN/openvpn/commit/d3015bfd65348db629dab51e20a9d4e2f3b23493 (v2.6.14)
-CVE-2025-21994 [ksmbd: fix incorrect validation for num_aces field of smb_acl]
+CVE-2025-21994 (In the Linux kernel, the following vulnerability has been resolved: k ...)
- linux 6.12.21-1
NOTE: https://git.kernel.org/linus/1b8b67f3c5e5169535e26efedd3e422172e2db64 (6.14-rc6)
-CVE-2025-21993 [iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic()]
+CVE-2025-21993 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.12.20-1
NOTE: https://git.kernel.org/linus/07e0d99a2f701123ad3104c0f1a1e66bce74d6e5 (6.14-rc2)
-CVE-2025-21992 [HID: ignore non-functional sensor in HP 5MP Camera]
+CVE-2025-21992 (In the Linux kernel, the following vulnerability has been resolved: H ...)
- linux 6.12.20-1
NOTE: https://git.kernel.org/linus/363236d709e75610b628c2a4337ccbe42e454b6d (6.14-rc3)
-CVE-2025-21991 [x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes]
+CVE-2025-21991 (In the Linux kernel, the following vulnerability has been resolved: x ...)
- linux 6.12.20-1
NOTE: https://git.kernel.org/linus/e3e89178a9f4a80092578af3ff3c8478f9187d59 (6.14-rc7)
-CVE-2025-21990 [drm/amdgpu: NULL-check BO's backing store when determining GFX12 PTE flags]
+CVE-2025-21990 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.12.20-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/6cc30748e17ea2a64051ceaf83a8372484e597f1 (6.14-rc7)
-CVE-2025-21989 [drm/amd/display: fix missing .is_two_pixels_per_container]
+CVE-2025-21989 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.12.20-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/e204aab79e01bc8ff750645666993ed8b719de57 (6.14-rc7)
-CVE-2025-21988 [fs/netfs/read_collect: add to next->prev_donated]
+CVE-2025-21988 (In the Linux kernel, the following vulnerability has been resolved: f ...)
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/e25cec3b76aba47a49138d2162fc809c6cd49c9e (6.13.8)
-CVE-2025-21987 [drm/amdgpu: init return value in amdgpu_ttm_clear_buffer]
+CVE-2025-21987 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.12.19-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/d3c7059b6a8600fc62cd863f1ea203b8675e63e1 (6.14-rc5)
-CVE-2025-1805
+CVE-2025-1805 (Crypt::Salt for Perl version 0.01 uses insecure rand() function when g ...)
NOT-FOR-US: Perl Crypt::Salt
CVE-2024-11735
- keycloak <itp> (bug #1088287)
@@ -971,6 +1067,7 @@ CVE-2025-3034 (Memory safety bugs present in Firefox 136 and Thunderbird 136. So
- firefox 137.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-20/#CVE-2025-3034
CVE-2025-3030 (Memory safety bugs present in Firefox 136, Thunderbird 136, Firefox ES ...)
+ {DSA-5889-1 DLA-4110-1 DLA-4109-1}
- firefox 137.0-1
- firefox-esr 128.9.0esr-1
- thunderbird 1:128.9.0esr-1
@@ -984,6 +1081,7 @@ CVE-2025-3035 (By first using the AI chatbot in one tab and later activating it
- firefox 137.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-20/#CVE-2025-3035
CVE-2025-3029 (A crafted URL containing specific Unicode characters could have hidden ...)
+ {DSA-5889-1 DLA-4110-1 DLA-4109-1}
- firefox 137.0-1
- firefox-esr 128.9.0esr-1
- thunderbird 1:128.9.0esr-1
@@ -997,6 +1095,7 @@ CVE-2025-3031 (An attacker could read 32 bits of values spilled onto the stack i
- firefox 137.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-20/#CVE-2025-3031
CVE-2025-3028 (JavaScript code running while transforming a document with the XSLTPro ...)
+ {DSA-5889-1 DLA-4110-1 DLA-4109-1}
- firefox 137.0-1
- firefox-esr 128.9.0esr-1
- thunderbird 1:128.9.0esr-1
@@ -4518,6 +4617,7 @@ CVE-2025-29806 (No cwe for this issue in Microsoft Edge (Chromium-based) allows
CVE-2025-29795 (Improper link resolution before file access ('link following') in Micr ...)
NOT-FOR-US: Microsoft
CVE-2025-27553 (Relative Path Traversal vulnerability in Apache Commons VFS before 2.1 ...)
+ {DLA-4111-1}
- commons-vfs <unfixed> (bug #1101204)
NOTE: https://www.openwall.com/lists/oss-security/2025/03/23/1
NOTE: Fixed by: https://github.com/apache/commons-vfs/commit/83d815afad4057234d9f928f6f00701bb7b51e86 (commons-vfs-2.10.0-RC1)
@@ -6869,7 +6969,8 @@ CVE-2024-28803 (Cross-site scripting (XSS) vulnerability in Italtel S.p.A. i-MCS
NOT-FOR-US: Italtel
CVE-2024-22880 (Cross Site Scripting vulnerability in Zadarma Zadarma extension v.1.0. ...)
NOT-FOR-US: Zadarma
-CVE-2024-12858 (Delta Electronics CNCSoft-G2 Version 2.1.0.16 and prior lacks proper ...)
+CVE-2024-12858
+ REJECTED
NOT-FOR-US: Delta Electronics
CVE-2024-10942 (The All-in-One WP Migration and Backup plugin for WordPress is vulnera ...)
NOT-FOR-US: WordPress plugin
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/68745f05483fa6d9c4daedfc96744793875793f0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/68745f05483fa6d9c4daedfc96744793875793f0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250402/415903a3/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list