[Git][security-tracker-team/security-tracker][master] Add new apache2 issues

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
08815930 by Salvatore Bonaccorso at 2025-07-10T23:41:57+02:00
Add new apache2 issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -71,7 +71,8 @@ CVE-2025-53371 (DiscordNotifications is an extension for MediaWiki that sends no
 CVE-2025-53364 (Parse Server is an open source backend that can be deployed to any inf ...)
 	NOT-FOR-US: Parse Server
 CVE-2025-53020 (Late Release of Memory after Effective Lifetime vulnerability in Apach ...)
-	TODO: check
+	- apache2 <unfixed>
+	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2025-53020
 CVE-2025-52837 (Trend Micro Password Manager (Consumer) version 5.8.0.1327 and below i ...)
 	NOT-FOR-US: Trend Micro
 CVE-2025-52521 (Trend Micro Security 17.8 (Consumer) is vulnerable to a link following ...)
@@ -87,9 +88,11 @@ CVE-2025-52434 (Concurrent Execution using Shared Resource with Improper Synchro
 CVE-2025-4972 (An issue has been discovered in GitLab EE affecting all versions from  ...)
 	TODO: check
 CVE-2025-49812 (In some mod_ssl configurations on Apache HTTP Server versions through  ...)
-	TODO: check
+	- apache2 <unfixed>
+	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2025-49812
 CVE-2025-49630 (In certain proxy configurations, a denial of service attack againstApa ...)
-	TODO: check
+	- apache2 <unfixed>
+	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2025-49630
 CVE-2025-49464 (Classic buffer overflow in certain Zoom Clients for Windows may allow  ...)
 	NOT-FOR-US: Zoom
 CVE-2025-49463 (Insufficient control flow management in certain Zoom Clients for iOS b ...)
@@ -143,17 +146,23 @@ CVE-2025-28243 (An issue in Alteryx Server v.2023.1.1.460 allows HTML injection
 CVE-2025-27889 (Wing FTP Server before 7.4.4 does not properly validate and sanitize t ...)
 	TODO: check
 CVE-2025-23048 (In some mod_ssl configurations on Apache HTTP Server 2.4.35 through to ...)
-	TODO: check
+	- apache2 <unfixed>
+	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2025-23048
 CVE-2024-7650 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
 	NOT-FOR-US: OpenText
 CVE-2024-47252 (Insufficient escaping of user-supplied data in mod_ssl in Apache HTTP  ...)
-	TODO: check
+	- apache2 <unfixed>
+	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-47252
 CVE-2024-43394 (Server-Side Request Forgery (SSRF)in Apache HTTP Server on Windows all ...)
-	TODO: check
+	- apache2 <not-affected> (Windows specific)
+	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-43394
 CVE-2024-43204 (SSRF in Apache HTTP Server with mod_proxy loaded allows an attacker to ...)
-	TODO: check
+	- apache2 <unfixed>
+	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-43204
 CVE-2024-42516 (HTTP response splitting in the core of Apache HTTP Server allows an at ...)
-	TODO: check
+	- apache2 <unfixed>
+	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-42516
+	NOTE: CVE exists, because original patch for CVE-2023-38709 did not address the issue.
 CVE-2024-39752 (IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 could be vulnerable t ...)
 	NOT-FOR-US: IBM
 CVE-2024-38327 (IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 is vulnerable to info ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0881593097839d7fa01827462ed9c7965c72b98c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0881593097839d7fa01827462ed9c7965c72b98c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250710/5e41b3aa/attachment.htm>