[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Feb 15 08:12:06 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4877c6da by security tracker role at 2025-02-15T08:11:59+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,31 @@
+CVE-2025-26819 (Monero through 0.18.3.4 before ec74ff4 does not have response limits o ...)
+ TODO: check
+CVE-2025-21401 (Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability)
+ TODO: check
+CVE-2025-1302 (Versions of the package jsonpath-plus before 10.3.0 are vulnerable to ...)
+ TODO: check
+CVE-2025-0593 (The vulnerability may allow a remote low priviledged attacker to run a ...)
+ TODO: check
+CVE-2025-0592 (The vulnerability may allow a remote low priviledged attacker to run a ...)
+ TODO: check
+CVE-2024-5462 (If Brocade Fabric OS before Fabric OS 9.2.0 configuration settings are ...)
+ TODO: check
+CVE-2024-5461 (Implementation of the Simple Network Management Protocol (SNMP) opera ...)
+ TODO: check
+CVE-2024-4282 (Brocade SANnav OVA before SANnav 2.3.1b enables SHA1 deprecated settin ...)
+ TODO: check
+CVE-2024-37375
+ REJECTED
+CVE-2024-37374
+ REJECTED
+CVE-2024-13513 (The Oliver POS \u2013 A WooCommerce Point of Sale (POS) plugin for Wor ...)
+ TODO: check
+CVE-2024-13306 (The Maps Plugin using Google Maps for WordPress WordPress plugin befo ...)
+ TODO: check
+CVE-2024-13208 (The Maps Plugin using Google Maps for WordPress WordPress plugin befo ...)
+ TODO: check
+CVE-2024-10405 (Brocade SANnav before SANnav 2.3.1b enables weak TLS ciphers on ports ...)
+ TODO: check
CVE-2025-26524 (This vulnerability exists in RupeeWeb trading platform due to missing ...)
NOT-FOR-US: RupeeWeb
CVE-2025-26523 (This vulnerability exists in RupeeWeb trading platform due to insuffic ...)
@@ -470,19 +498,19 @@ CVE-2025-21700 (In the Linux kernel, the following vulnerability has been resolv
NOTE: https://git.kernel.org/linus/bc50835e83f60f56e9bec2b392fb5544f250fb6f (6.14-rc1)
CVE-2024-3303 (An issue was discovered in GitLab EE affecting all versions starting f ...)
- gitlab <not-affected> (Specific to EE)
-CVE-2025-0998
+CVE-2025-0998 (Out of bounds memory access in V8 in Google Chrome prior to 133.0.6943 ...)
{DSA-5866-1}
- chromium 133.0.6943.98-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-0997
+CVE-2025-0997 (Use after free in Navigation in Google Chrome prior to 133.0.6943.98 a ...)
{DSA-5866-1}
- chromium 133.0.6943.98-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-0996
+CVE-2025-0996 (Inappropriate implementation in Browser UI in Google Chrome on Android ...)
{DSA-5866-1}
- chromium 133.0.6943.98-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-0995
+CVE-2025-0995 (Use after free in V8 in Google Chrome prior to 133.0.6943.98 allowed a ...)
{DSA-5866-1}
- chromium 133.0.6943.98-1
[bullseye] - chromium <end-of-life> (see #1061268)
@@ -89941,7 +89969,7 @@ CVE-2024-31145 (Certain PCI devices in a system might be assigned Reserved Memor
- xen 4.19.1-1
[bullseye] - xen <end-of-life> (EOLed in Bullseye)
NOTE: https://xenbits.xen.org/xsa/advisory-460.html
-CVE-2024-31144 [Xapi: Metadata injection attack against backup/restore functionality]
+CVE-2024-31144 (For a brief summary of Xapi terminology, see: https://xapi-project ...)
- xen-api <removed>
NOTE: https://xenbits.xen.org/xsa/advisory-459.html
CVE-2024-31143 (An optional feature of PCI MSI called "Multiple Message" allows a devi ...)
@@ -232182,8 +232210,7 @@ CVE-2022-29478
RESERVED
CVE-2022-29470 (Improper access control in the Intel\xae DTT Software before version 8 ...)
NOT-FOR-US: Intel
-CVE-2022-28693
- RESERVED
+CVE-2022-28693 (Unprotected alternative channel of return branch target prediction in ...)
NOT-FOR-US: Intel
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00707.html
CVE-2022-27877
@@ -244738,8 +244765,8 @@ CVE-2022-26124 (Improper buffer restrictions in BIOS firmware for some Intel(R)
NOT-FOR-US: Intel
CVE-2022-26086 (Uncontrolled search path element in the PresentMon software maintained ...)
NOT-FOR-US: Intel
-CVE-2022-26083
- RESERVED
+CVE-2022-26083 (Generation of weak initialization vector in an Intel(R) IPP Cryptograp ...)
+ TODO: check
CVE-2022-26074 (Incomplete cleanup in a firmware subsystem for Intel(R) SPS before ver ...)
NOT-FOR-US: Intel
CVE-2022-26072
@@ -311664,7 +311691,7 @@ CVE-2021-27799 (ean_leading_zeroes in backend/upcean.c in Zint Barcode Generator
- zint 2.9.1-1.1 (bug #983610)
NOTE: https://sourceforge.net/p/zint/tickets/218/
NOTE: https://sourceforge.net/p/zint/code/ci/7f8c8114f31c09a986597e0ba63a49f96150368a/
-CVE-2021-27798 (A vulnerability in Brocade Fabric OS versions v7.4.1b and v7.3.1d coul ...)
+CVE-2021-27798 (A vulnerability in Brocade Fabric OS versions 7.4.1b and 7.3.1d could ...)
NOT-FOR-US: Brocade
CVE-2021-27797 (Brocade Fabric OS before Brocade Fabric OS v8.2.1c, v8.1.2h, and all v ...)
NOT-FOR-US: Brocade
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4877c6da09c80eace9236c06ae3bd462fba2458c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4877c6da09c80eace9236c06ae3bd462fba2458c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250215/23347637/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list