[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Jan 31 20:12:42 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
305a1ce3 by security tracker role at 2025-01-31T20:12:36+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,77 +1,219 @@
-CVE-2025-21683 [bpf: Fix bpf_sk_select_reuseport() memory leak]
+CVE-2025-24831 (Local privilege escalation due to unquoted search path vulnerability. ...)
+ TODO: check
+CVE-2025-24830 (Local privilege escalation due to DLL hijacking vulnerability. The fol ...)
+ TODO: check
+CVE-2025-24829 (Local privilege escalation due to DLL hijacking vulnerability. The fol ...)
+ TODO: check
+CVE-2025-24828 (Local privilege escalation due to DLL hijacking vulnerability. The fol ...)
+ TODO: check
+CVE-2025-24827 (Local privilege escalation due to DLL hijacking vulnerability. The fol ...)
+ TODO: check
+CVE-2025-24749 (Cross-Site Request Forgery (CSRF) vulnerability in Overt Software Solu ...)
+ TODO: check
+CVE-2025-24718 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-24710 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-24686 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-24635 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-24632 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-24609 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-24608 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-24597 (Insertion of Sensitive Information Into Sent Data vulnerability in Ukr ...)
+ TODO: check
+CVE-2025-24563 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-24560 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-24551 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-24549 (Cross-Site Request Forgery (CSRF) vulnerability in Mahbubur Rahman Pos ...)
+ TODO: check
+CVE-2025-24535 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-24534 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-23990 (Cross-Site Request Forgery (CSRF) vulnerability in jablonczay Scroll S ...)
+ TODO: check
+CVE-2025-23989 (Cross-Site Request Forgery (CSRF) vulnerability in Alessandro Piconi - ...)
+ TODO: check
+CVE-2025-23987 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-23985 (Cross-Site Request Forgery (CSRF) vulnerability in Brainvireinfo Dynam ...)
+ TODO: check
+CVE-2025-23980 (Cross-Site Request Forgery (CSRF) vulnerability in James Andrews Full ...)
+ TODO: check
+CVE-2025-23978 (Cross-Site Request Forgery (CSRF) vulnerability in Ninos Ego FlashCoun ...)
+ TODO: check
+CVE-2025-23977 (Cross-Site Request Forgery (CSRF) vulnerability in Bhaskar Dhote Post ...)
+ TODO: check
+CVE-2025-23976 (Cross-Site Request Forgery (CSRF) vulnerability in Pedro Marcelo Issuu ...)
+ TODO: check
+CVE-2025-23759 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-23671 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-23596 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-23215 (PMD is an extensible multilanguage static code analyzer. The passphras ...)
+ TODO: check
+CVE-2025-23001 (A Host Header Injection vulnerability exists in CTFd 3.7.5, due to the ...)
+ TODO: check
+CVE-2025-22994 (O2OA 9.1.3 is vulnerable to Cross Site Scripting (XSS) in Meetings - S ...)
+ TODO: check
+CVE-2025-22957 (A SQL injection vulnerability exists in the front-end of the website i ...)
+ TODO: check
+CVE-2025-22757 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22720 (Missing Authorization vulnerability in MagePeople Team Booking and Ren ...)
+ TODO: check
+CVE-2025-22564 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22341 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22332 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22265 (Missing Authorization vulnerability in mgplugin EMI Calculator allows ...)
+ TODO: check
+CVE-2025-0938 (The Python standard library functions `urllib.parse.urlsplit` and `url ...)
+ TODO: check
+CVE-2025-0934 (A vulnerability was found in code-projects Job Recruitment 1.0. It has ...)
+ TODO: check
+CVE-2025-0930 (Reflected Cross-Site Scripting (XSS) in TeamCal Neo, version 3.8.2. Th ...)
+ TODO: check
+CVE-2025-0929 (SQL injection vulnerability in TeamCal Neo, version 3.8.2. This could ...)
+ TODO: check
+CVE-2024-57432 (macrozheng mall-tiny 1.0.1 suffers from Insecure Permissions. The appl ...)
+ TODO: check
+CVE-2024-53584 (OpenPanel v0.3.4 was discovered to contain an OS command injection vul ...)
+ TODO: check
+CVE-2024-53582 (An issue found in the Copy and View functions in the File Manager comp ...)
+ TODO: check
+CVE-2024-53537 (An issue in OpenPanel v0.3.4 to v0.2.1 allows attackers to execute a d ...)
+ TODO: check
+CVE-2024-53320 (Qualisys C++ SDK commit a32a21a was discovered to contain multiple sta ...)
+ TODO: check
+CVE-2024-53319 (A heap buffer overflow in the XML Text Escaping component of Qualisys ...)
+ TODO: check
+CVE-2024-49807 (IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 throug ...)
+ TODO: check
+CVE-2024-49349 (IBM Financial Transaction Manager for SWIFT Services for Multiplatform ...)
+ TODO: check
+CVE-2024-49339 (IBM Financial Transaction Manager for SWIFT Services for Multiplatform ...)
+ TODO: check
+CVE-2024-47857 (SSH Communication Security PrivX versions between 18.0-36.0 implement ...)
+ TODO: check
+CVE-2024-47116 (IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 throug ...)
+ TODO: check
+CVE-2024-47103 (IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 throug ...)
+ TODO: check
+CVE-2024-45650 (IBM Security Verify Directory 10.0 through 10.0.3 is vulnerable to a d ...)
+ TODO: check
+CVE-2024-45089 (IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 throug ...)
+ TODO: check
+CVE-2024-44055 (Server-Side Request Forgery (SSRF) vulnerability in NotFound Oshine Mo ...)
+ TODO: check
+CVE-2024-42671 (A Host Header Poisoning Open Redirect issue in slabiak Appointment Sch ...)
+ TODO: check
+CVE-2024-40696 (IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 throug ...)
+ TODO: check
+CVE-2024-13662 (The eHive Objects Image Grid plugin for WordPress is vulnerable to Sto ...)
+ TODO: check
+CVE-2024-13566 (The WP DataTable plugin for WordPress is vulnerable to Stored Cross-Si ...)
+ TODO: check
+CVE-2024-13472 (The The WooCommerce Product Table Lite plugin for WordPress is vulnera ...)
+ TODO: check
+CVE-2024-13157 (The MP3 Audio Player \u2013 Music Player, Podcast Player & Radio by So ...)
+ TODO: check
+CVE-2024-12415 (The The AI Infographic Maker plugin for WordPress is vulnerable to arb ...)
+ TODO: check
+CVE-2024-12267 (The Drag and Drop Multiple File Upload \u2013 Contact Form 7 plugin fo ...)
+ TODO: check
+CVE-2024-12037 (The Post Form \u2013 Registration Form \u2013 Profile Form for User Pr ...)
+ TODO: check
+CVE-2024-11741 (Grafana is an open-source platform for monitoring and observability. ...)
+ TODO: check
+CVE-2023-38739 (IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 throug ...)
+ TODO: check
+CVE-2025-21683 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.12.11-1
NOTE: https://git.kernel.org/linus/b3af60928ab9129befa65e6df0310d27300942bf (6.13)
-CVE-2025-21682 [eth: bnxt: always recalculate features after XDP clearing, fix null-deref]
+CVE-2025-21682 (In the Linux kernel, the following vulnerability has been resolved: e ...)
- linux 6.12.11-1
NOTE: https://git.kernel.org/linus/f0aa6a37a3dbb40b272df5fc6db93c114688adcd (6.13)
-CVE-2025-21681 [openvswitch: fix lockup on tx to unregistering netdev with carrier]
+CVE-2025-21681 (In the Linux kernel, the following vulnerability has been resolved: o ...)
- linux 6.12.11-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/47e55e4b410f7d552e43011baa5be1aab4093990 (6.13)
-CVE-2025-21680 [pktgen: Avoid out-of-bounds access in get_imix_entries]
+CVE-2025-21680 (In the Linux kernel, the following vulnerability has been resolved: p ...)
- linux 6.12.11-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/76201b5979768500bca362871db66d77cb4c225e (6.13)
-CVE-2025-21679 [btrfs: add the missing error handling inside get_canonical_dev_path]
+CVE-2025-21679 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.12.11-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/fe4de594f7a2e9bc49407de60fbd20809fad4192 (6.13)
-CVE-2025-21678 [gtp: Destroy device along with udp socket's netns dismantle.]
+CVE-2025-21678 (In the Linux kernel, the following vulnerability has been resolved: g ...)
- linux 6.12.11-1
NOTE: https://git.kernel.org/linus/eb28fd76c0a08a47b470677c6cef9dd1c60e92d1 (6.13)
-CVE-2025-21677 [pfcp: Destroy device along with udp socket's netns dismantle.]
+CVE-2025-21677 (In the Linux kernel, the following vulnerability has been resolved: p ...)
- linux 6.12.11-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/ffc90e9ca61b0f619326a1417ff32efd6cc71ed2 (6.13)
-CVE-2025-21676 [net: fec: handle page_pool_dev_alloc_pages error]
+CVE-2025-21676 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.12.11-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/001ba0902046cb6c352494df610718c0763e77a5 (6.13)
-CVE-2025-21675 [net/mlx5: Clear port select structure when fail to create]
+CVE-2025-21675 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.12.11-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/5641e82cb55b4ecbc6366a499300917d2f3e6790 (6.13)
-CVE-2025-21674 [net/mlx5e: Fix inversion dependency warning while enabling IPsec tunnel]
+CVE-2025-21674 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.12.11-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/2c3688090f8a1f085230aa839cc63e4a7b977df0 (6.13)
-CVE-2025-21673 [smb: client: fix double free of TCP_Server_Info::hostname]
+CVE-2025-21673 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.12.11-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/fa2f9906a7b333ba757a7dbae0713d8a5396186e (6.13)
-CVE-2025-21672 [afs: Fix merge preference rule failure condition]
+CVE-2025-21672 (In the Linux kernel, the following vulnerability has been resolved: a ...)
- linux 6.12.11-1
NOTE: https://git.kernel.org/linus/17a4fde81d3a7478d97d15304a6d61094a10c2e3 (6.13-rc7)
-CVE-2025-21671 [zram: fix potential UAF of zram table]
+CVE-2025-21671 (In the Linux kernel, the following vulnerability has been resolved: z ...)
- linux 6.12.11-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/212fe1c0df4a150fb6298db2cfff267ceaba5402 (6.13)
-CVE-2025-21670 [vsock/bpf: return early if transport is not assigned]
+CVE-2025-21670 (In the Linux kernel, the following vulnerability has been resolved: v ...)
- linux 6.12.11-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/f6abafcd32f9cfc4b1a2f820ecea70773e26d423 (6.13)
-CVE-2025-21669 [vsock/virtio: discard packets if the transport changes]
+CVE-2025-21669 (In the Linux kernel, the following vulnerability has been resolved: v ...)
- linux 6.12.11-1
NOTE: https://git.kernel.org/linus/2cb7c756f605ec02ffe562fb26828e4bcc5fdfc1 (6.13)
-CVE-2025-21668 [pmdomain: imx8mp-blk-ctrl: add missing loop break condition]
+CVE-2025-21668 (In the Linux kernel, the following vulnerability has been resolved: p ...)
- linux 6.12.11-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/726efa92e02b460811e8bc6990dd742f03b645ea (6.13)
-CVE-2025-21667 [iomap: avoid avoid truncating 64-bit offset to 32 bits]
+CVE-2025-21667 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.12.11-1
NOTE: https://git.kernel.org/linus/c13094b894de289514d84b8db56d1f2931a0bade (6.13-rc7)
-CVE-2025-21666 [vsock: prevent null-ptr-deref in vsock_*[has_data|has_space]]
+CVE-2025-21666 (In the Linux kernel, the following vulnerability has been resolved: v ...)
- linux 6.12.11-1
NOTE: https://git.kernel.org/linus/91751e248256efc111e52e15115840c35d85abaf (6.13)
-CVE-2025-21665 [filemap: avoid truncating 64-bit offset to 32 bits]
+CVE-2025-21665 (In the Linux kernel, the following vulnerability has been resolved: f ...)
- linux 6.12.11-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/f505e6c91e7a22d10316665a86d79f84d9f0ba76 (6.13)
-CVE-2024-57948 [mac802154: check local interfaces before deleting sdata list]
+CVE-2024-57948 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.12.11-1
NOTE: https://git.kernel.org/linus/eb09fbeb48709fe66c0d708aed81e910a577a30a (6.13-rc7)
CVE-2025-24886 (pwn.college is an education platform to learn about, and practice, cor ...)
@@ -302,13 +444,13 @@ CVE-2025-0740 (An Improper Access Control vulnerability has been found in EmbedA
NOT-FOR-US: EmbedAI
CVE-2025-0739 (An Improper Access Control vulnerability has been found in EmbedAI 2.1 ...)
NOT-FOR-US: EmbedAI
-CVE-2025-0683 (In its default configuration, the affected product transmits plain-tex ...)
+CVE-2025-0683 (In its default configuration, Contec Health CMS8000 Patient Monitor tr ...)
NOT-FOR-US: Contec Health
CVE-2025-0681 (The Cloud MQTT service of the affected products supports wildcard topi ...)
NOT-FOR-US: New Rock Technologies
CVE-2025-0680 (Affected products contain a vulnerability in the device cloud rpc comm ...)
NOT-FOR-US: New Rock Technologies
-CVE-2025-0626 (The affected product sends out remote access requests to a hard-coded ...)
+CVE-2025-0626 (Contec Health CMS8000 Patient Monitor sends out remote access requests ...)
NOT-FOR-US: Hitachi Energy
CVE-2025-0498 (A data exposure vulnerability exists in all versions prior to V15.00.0 ...)
NOT-FOR-US: Rockwell Automation
@@ -414,7 +556,7 @@ CVE-2024-12299 (The System Dashboard plugin for WordPress is vulnerable to Refle
NOT-FOR-US: WordPress plugin
CVE-2024-12269 (The Safe Ai Malware Protection for WP plugin for WordPress is vulnerab ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-12248 (The affected product is vulnerable to an out-of-bounds write, which co ...)
+CVE-2024-12248 (Contec Health CMS8000 Patient Monitor is vulnerable to an out-of-bound ...)
NOT-FOR-US: Hitachi Energy
CVE-2024-12177 (The Ai Image Alt Text Generator for WP plugin for WordPress is vulnera ...)
NOT-FOR-US: WordPress plugin
@@ -2512,7 +2654,7 @@ CVE-2024-11166 (For TCAS II systems using transponders compliant with MOPS earli
NOT-FOR-US: Traffic Alert and Collision Avoidance System (TCAS) II
CVE-2024-10929 (In certain circumstances, an issue in Arm Cortex-A72 (revisions before ...)
NOT-FOR-US: Arm
-CVE-2023-37777 (Synnefo Internet Management Software 2023 was discovered to contain a ...)
+CVE-2023-37777 (A SQL injection vulnerability exists in Synnefo Internet Management So ...)
NOT-FOR-US: Synnefo
CVE-2023-37023 (Open5GS MME versions <= 2.6.4 contain a reachable assertion in the `Up ...)
NOT-FOR-US: Open5GS
@@ -2724,6 +2866,7 @@ CVE-2025-21504 (Vulnerability in the MySQL Server product of Oracle MySQL (compo
CVE-2025-21503 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 8.0.41-1 (bug #1093877)
CVE-2025-21502 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
+ {DLA-4037-1}
- openjdk-8 <unfixed> (bug #1093878)
- openjdk-11 11.0.26+4-1
- openjdk-17 17.0.14+7-1
@@ -262005,6 +262148,7 @@ CVE-2021-44020 (An unnecessary privilege vulnerability in Trend Micro Worry-Free
CVE-2021-44019 (An unnecessary privilege vulnerability in Trend Micro Worry-Free Busin ...)
NOT-FOR-US: Trend Micro
CVE-2021-3978 (When copying files with rsync, octorpki uses the "-a" flag 0, which fo ...)
+ {DSA-5041-1}
- cfrpki 1.4.2-1
NOTE: https://github.com/cloudflare/cfrpki/security/advisories/GHSA-3pqh-p72c-fj85
CVE-2021-3977 (invoiceninja is vulnerable to Improper Neutralization of Input During ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/305a1ce3c0990383877f8e8b6543f829dd42bf42
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/305a1ce3c0990383877f8e8b6543f829dd42bf42
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250131/50c8135d/attachment.htm>
More information about the debian-security-tracker-commits
mailing list