[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jan 28 20:12:12 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
27917020 by security tracker role at 2025-01-28T20:12:06+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,89 @@
+CVE-2025-24800 (Hyperbridge is a hyper-scalable coprocessor for verifiable, cross-chai ...)
+ TODO: check
+CVE-2025-24480 (A Remote Code Execution Vulnerability exists in the product and versio ...)
+ TODO: check
+CVE-2025-24479 (A Local Code Execution Vulnerability exists in the product and version ...)
+ TODO: check
+CVE-2025-24478 (A denial-of-service vulnerability exists in the affected products. The ...)
+ TODO: check
+CVE-2025-23385 (In JetBrains ReSharper before 2024.3.4, 2024.2.8, and 2024.1.7, Rider ...)
+ TODO: check
+CVE-2025-23213 (Tandoor Recipes is an application for managing recipes, planning meals ...)
+ TODO: check
+CVE-2025-23212 (Tandoor Recipes is an application for managing recipes, planning meals ...)
+ TODO: check
+CVE-2025-23211 (Tandoor Recipes is an application for managing recipes, planning meals ...)
+ TODO: check
+CVE-2025-23057 (A vulnerability in the web management interface of HPE Aruba Networkin ...)
+ TODO: check
+CVE-2025-23056 (A vulnerability in the web management interface of HPE Aruba Networkin ...)
+ TODO: check
+CVE-2025-23055 (A vulnerability in the web management interface of HPE Aruba Networkin ...)
+ TODO: check
+CVE-2025-23054 (A vulnerability in the web-based management interface of HPE Aruba Net ...)
+ TODO: check
+CVE-2025-23053 (A privilege escalation vulnerability exists in the web-based managemen ...)
+ TODO: check
+CVE-2025-23045 (Computer Vision Annotation Tool (CVAT) is an interactive video and ima ...)
+ TODO: check
+CVE-2025-22217 (Avi Load Balancer contains an unauthenticated blind SQL Injection vuln ...)
+ TODO: check
+CVE-2025-0784 (A vulnerability has been found in Intelbras InControl up to 2.21.58 an ...)
+ TODO: check
+CVE-2025-0783 (A vulnerability, which was classified as problematic, was found in pan ...)
+ TODO: check
+CVE-2025-0659 (A path traversal vulnerability exists in the Rockwell Automation DataE ...)
+ TODO: check
+CVE-2025-0631 (A Credential Exposure Vulnerability exists in the above-mentioned prod ...)
+ TODO: check
+CVE-2025-0432 (EWON Flexy 202 transmits user credentials in clear text with no encryp ...)
+ TODO: check
+CVE-2025-0290 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ TODO: check
+CVE-2025-0065 (Improper Neutralization of Argument Delimiters in the TeamViewer_servi ...)
+ TODO: check
+CVE-2024-8401 (CWE-79: Improper Neutralization of Input During Web Page Generation (\ ...)
+ TODO: check
+CVE-2024-7881 (An unprivileged context can trigger a data memory-dependent prefetch e ...)
+ TODO: check
+CVE-2024-6351 (A malformed packet can cause a buffer overflow in the NWK/APS layer of ...)
+ TODO: check
+CVE-2024-40677 (In shouldSkipForInitialSUW of AdvancedPowerUsageDetail.java, there is ...)
+ TODO: check
+CVE-2024-40676 (In checkKeyIntent of AccountManagerService.java, there is a possible w ...)
+ TODO: check
+CVE-2024-40675 (In parseUriInternal of Intent.java, there is a possible infinite loop ...)
+ TODO: check
+CVE-2024-40674 (In validateSsid of WifiConfigurationUtil.java, there is a possible way ...)
+ TODO: check
+CVE-2024-40673 (In Source of ZipFile.java, there is a possible way for an attacker to ...)
+ TODO: check
+CVE-2024-40672 (In onCreate of ChooserActivity.java, there is a possible way to bypass ...)
+ TODO: check
+CVE-2024-40670 (In TBD of TBD, there is a possible use after free due to a race condit ...)
+ TODO: check
+CVE-2024-40669 (In TBD of TBD, there is a possible use after free due to a race condit ...)
+ TODO: check
+CVE-2024-40651 (In TBD of TBD, there is a possible use-after-free due to a logic error ...)
+ TODO: check
+CVE-2024-40649 (In TBD of TBD, there is a possible use-after-free due to a logic error ...)
+ TODO: check
+CVE-2024-34748 (In _DevmemXReservationPageAddress of devicemem_server.c, there is a po ...)
+ TODO: check
+CVE-2024-34733 (In DevmemXIntMapPages of devicemem_server.c, there is a possible arbit ...)
+ TODO: check
+CVE-2024-34732 (In RGXMMUCacheInvalidate of rgxmem.c, there is a possible arbitrary co ...)
+ TODO: check
+CVE-2024-23953 (Use of Arrays.equals() in LlapSignerImpl inApache Hive to compare mess ...)
+ TODO: check
+CVE-2024-13527 (The Philantro \u2013 Donations and Donor Management plugin for WordPre ...)
+ TODO: check
+CVE-2024-13484 (A flaw was found in ArgoCD. The openshift.io/cluster-monitoring label ...)
+ TODO: check
+CVE-2024-11956 (A vulnerability, which was classified as critical, has been found in P ...)
+ TODO: check
+CVE-2024-11954 (A vulnerability classified as problematic was found in Pimcore 11.4.2. ...)
+ TODO: check
CVE-2025-24810 (Cross-site scripting vulnerability exists in Simple Image Sizes 3.2.3 ...)
NOT-FOR-US: WordPress plugin
CVE-2025-24369 (Anubis is a tool that allows administrators to protect bots against AI ...)
@@ -258,13 +344,13 @@ CVE-2024-0135 (NVIDIA Container Toolkit contains an improper isolation vulnerabi
NOT-FOR-US: NVIDIA Container Toolkit
CVE-2023-50316 (IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 throug ...)
NOT-FOR-US: IBM
-CVE-2025-0754
+CVE-2025-0754 (The vulnerability was found in OpenShift Service Mesh 2.6.3 and 2.5.6. ...)
- envoyproxy <itp> (bug #987544)
-CVE-2025-0752
+CVE-2025-0752 (A flaw was found in OpenShift Service Mesh 2.6.3 and 2.5.6. Rate-limit ...)
- envoyproxy <itp> (bug #987544)
-CVE-2025-0750
+CVE-2025-0750 (A vulnerability was found in CRI-O. A path traversal issue in the log ...)
- cri-o <itp> (bug #979702)
-CVE-2025-0736
+CVE-2025-0736 (A flaw was found in Infinispan, when using JGroups with JDBC_PING. Thi ...)
NOT-FOR-US: Infinispan
CVE-2025-24783 (** UNSUPPORTED WHEN ASSIGNED ** Incorrect Usage of Seeds in Pseudo-Ran ...)
NOT-FOR-US: Apache Cocoon
@@ -555,7 +641,7 @@ CVE-2024-12280 (The WP Customer Area WordPress plugin through 8.2.4 does not hav
NOT-FOR-US: WordPress plugin
CVE-2023-46187 (IBM InfoSphere Master Data Management 11.6, 12.0, and 14.0 is vulnerab ...)
NOT-FOR-US: IBM
-CVE-2025-0781 [issues in handling of Nasal code]
+CVE-2025-0781 (An attacker can bypass the sandboxing of Nasal scripts and arbitrarily ...)
- flightgear 1:2020.3.19+dfsg-1
[bookworm] - flightgear <no-dsa> (Minor issue)
[bullseye] - flightgear <no-dsa> (Minor issue)
@@ -5027,12 +5113,12 @@ CVE-2023-37936 (A use of hard-coded cryptographic key in Fortinet FortiSwitch ve
CVE-2023-37931 (An improper neutralization of special elements used in an sql command ...)
NOT-FOR-US: Fortinet
CVE-2024-52006 (Git is a fast, scalable, distributed revision control system with an u ...)
- {DSA-5850-1}
+ {DSA-5850-1 DLA-4031-1}
- git 1:2.47.2-0.1 (bug #1093042)
NOTE: https://www.openwall.com/lists/oss-security/2025/01/14/4
NOTE: Fixed by: https://github.com/git/git/commit/b01b9b81d36759cdcd07305e78765199e1bc2060 (v2.40.4)
CVE-2024-50349 (Git is a fast, scalable, distributed revision control system with an u ...)
- {DSA-5850-1}
+ {DSA-5850-1 DLA-4031-1}
- git 1:2.47.2-0.1 (bug #1093042)
NOTE: https://www.openwall.com/lists/oss-security/2025/01/14/4
NOTE: Fixed by: https://github.com/git/git/commit/c903985bf7e772e2d08275c1a95c8a55ab011577 (v2.40.4)
@@ -11615,6 +11701,7 @@ CVE-2024-55232 (An IDOR vulnerability in the manage-notes.php module in PHPGuruk
CVE-2024-55231 (An IDOR vulnerability in the edit-notes.php module of PHPGurukul Onlin ...)
NOT-FOR-US: PHPGurukul Online Notes Sharing Management System
CVE-2024-53580 (iperf v3.17.1 was discovered to contain a segmentation violation via t ...)
+ {DLA-4032-1}
- iperf3 3.18-1 (bug #1090931)
[bookworm] - iperf3 <no-dsa> (Minor issue)
NOTE: https://github.com/esnet/iperf/pull/1810
@@ -34603,6 +34690,7 @@ CVE-2024-8508 (NLnet Labs Unbound up to and including version 1.21.0 contains a
NOTE: Patch: https://nlnetlabs.nl/downloads/unbound/patch_CVE-2024-8508.diff
NOTE: Fixed by: https://github.com/NLnetLabs/unbound/commit/b7c61d7cc256d6a174e6179622c7fa968272c259 (release-1.21.1)
CVE-2024-25590 (An attacker can publish a zone containing specific Resource Record Set ...)
+ {DSA-5852-1}
- pdns-recursor 5.0.9-1 (bug #1083285)
[bullseye] - pdns-recursor <end-of-life> (No longer supported with security updates in Bullseye)
NOTE: https://www.openwall.com/lists/oss-security/2024/10/03/3
@@ -56399,7 +56487,8 @@ CVE-2024-38999 (jrburke requirejs v2.3.6 was discovered to contain a prototype p
NOTE: https://github.com/requirejs/requirejs/issues/1854
NOTE: https://github.com/requirejs/requirejs/pull/1856
NOTE: https://github.com/requirejs/requirejs/commit/6e8a234303deaf80ef619e66a2f5c6616bb7e6d9 (2.3.7)
-CVE-2024-38998 (jrburke requirejs v2.3.6 was discovered to contain a prototype polluti ...)
+CVE-2024-38998
+ REJECTED
- requirejs 2.3.7+ds+~2.1.37-1 (bug #1077543)
[bookworm] - requirejs <no-dsa> (Minor issue)
[bullseye] - requirejs <no-dsa> (Minor issue)
@@ -73242,6 +73331,7 @@ CVE-2024-2299 (A stored Cross-Site Scripting (XSS) vulnerability exists in the p
CVE-2024-29212 (Due to an unsafe de-serialization method used by the Veeam Service Pr ...)
NOT-FOR-US: Veeam
CVE-2024-26306 (iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server wi ...)
+ {DLA-4032-1}
- iperf3 3.17.1-1 (bug #1071751)
[bookworm] - iperf3 <ignored> (Minor issue)
[buster] - iperf3 <postponed> (Minor issue; can be fixed in next update)
@@ -136412,6 +136502,7 @@ CVE-2023-38405 (On Crestron 3-Series Control Systems before 1.8001.0187, craftin
CVE-2023-38404 (The XPRTLD web application in Veritas InfoScale Operations Manager (VI ...)
NOT-FOR-US: Veritas InfoScale
CVE-2023-7250 (A flaw was found in iperf, a utility for testing network performance u ...)
+ {DLA-4032-1}
- iperf3 3.15-1
[bookworm] - iperf3 <ignored> (Minor issue)
[buster] - iperf3 <no-dsa> (Minor issue)
@@ -493145,8 +493236,8 @@ CVE-2018-9380 (In l2c_lcc_proc_pdu of l2c_fcr.cc, there is a possible out of bou
NOT-FOR-US: Android
CVE-2018-9379 (In multiple functions of MiniThumbFile.java, there is a possible way t ...)
NOT-FOR-US: Android
-CVE-2018-9378
- RESERVED
+CVE-2018-9378 (In BnAudioPolicyService::onTransact of IAudioPolicyService.cpp, there ...)
+ TODO: check
CVE-2018-9377 (In getIntentForIntentSender of ActivityManagerService.java, there is a ...)
NOT-FOR-US: Android
CVE-2018-9376 (In rpc_msg_handler and related handlers ofdrivers/misc/mediatek/eccci/ ...)
@@ -493155,8 +493246,8 @@ CVE-2018-9375 (In multiple functions of UserDictionaryProvider.java, there is a
NOT-FOR-US: Android
CVE-2018-9374 (In installPackageLI of PackageManagerService.java, there is a possible ...)
NOT-FOR-US: Android
-CVE-2018-9373
- RESERVED
+CVE-2018-9373 (In TdlsexRxFrameHandle of the MTK WLAN driver, there is a possible out ...)
+ TODO: check
CVE-2018-9372 (In cmd_flash_mmc_sparse_img of dl_commands.c, there is a possible out ...)
NOT-FOR-US: Android
CVE-2018-9371 (In the Mediatek Preloader, there are out of bounds reads and writes du ...)
@@ -532023,11 +532114,9 @@ CVE-2017-13320 (In impeg2d_bit_stream_flush() of libmpeg2dec there is a possible
NOT-FOR-US: Android Media Framework
CVE-2017-13319 (In pvmp3_get_main_data_size of pvmp3_get_main_data_size.cpp, there is ...)
NOT-FOR-US: Android Media Framework
-CVE-2017-13318
- RESERVED
+CVE-2017-13318 (In HeifDataSource::readAt of HeifDecoderImpl.cpp, there is a possible ...)
NOT-FOR-US: Android Media Framework
-CVE-2017-13317
- RESERVED
+CVE-2017-13317 (In HeifDecoderImpl::getScanline of HeifDecoderImpl.cpp, there is a pos ...)
NOT-FOR-US: Android Media Framework
CVE-2017-13316 (In checkPermissions of RecognitionService.java, there is a possibleper ...)
NOT-FOR-US: Android
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2791702057e117d33edd9b4be520dbd0e5aafa4a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2791702057e117d33edd9b4be520dbd0e5aafa4a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250128/220e3172/attachment.htm>
More information about the debian-security-tracker-commits
mailing list