[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Mar 6 08:12:07 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ecb9b66e by security tracker role at 2025-03-06T08:12:00+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,87 @@
+CVE-2025-27625 (In Jenkins 2.499 and earlier, LTS 2.492.1 and earlier, redirects start ...)
+	TODO: check
+CVE-2025-27624 (A cross-site request forgery (CSRF) vulnerability in Jenkins 2.499 and ...)
+	TODO: check
+CVE-2025-27623 (Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact enc ...)
+	TODO: check
+CVE-2025-27622 (Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact enc ...)
+	TODO: check
+CVE-2025-27516 (Jinja is an extensible templating engine. Prior to 3.1.6, an oversight ...)
+	TODO: check
+CVE-2025-27508 (Emissary is a P2P based data-driven workflow engine. The ChecksumCalcu ...)
+	TODO: check
+CVE-2025-25634 (A vulnerability has been found in Tenda AC15 15.03.05.19 in the functi ...)
+	TODO: check
+CVE-2025-25632 (Tenda AC15 v15.03.05.19 is vulnerable to Command Injection via the han ...)
+	TODO: check
+CVE-2025-25362 (A Server-Side Template Injection (SSTI) vulnerability in Spacy-LLM v0. ...)
+	TODO: check
+CVE-2025-24864 (Incorrect access permission of a specific folder issue exists in Remot ...)
+	TODO: check
+CVE-2025-22623 (Ad Inserter - Ad Manager and AdSense Ads 2.8.0 was found to be vulnera ...)
+	TODO: check
+CVE-2025-22447 (Incorrect access permission of a specific service issue exists in Remo ...)
+	TODO: check
+CVE-2025-20933 (Out-of-bounds read in parsing bmp image in Samsung Notes prior to vers ...)
+	TODO: check
+CVE-2025-20932 (Out-of-bounds read in parsing rle of bmp image in Samsung Notes prior  ...)
+	TODO: check
+CVE-2025-20931 (Out-of-bounds write in parsing bmp image in Samsung Notes prior to ver ...)
+	TODO: check
+CVE-2025-20930 (Out-of-bounds read in parsing jpeg image in Samsung Notes prior to ver ...)
+	TODO: check
+CVE-2025-20929 (Out-of-bounds write in parsing jpeg image in Samsung Notes prior to ve ...)
+	TODO: check
+CVE-2025-20928 (Out-of-bounds read in parsing wbmp image in Samsung Notes prior to vae ...)
+	TODO: check
+CVE-2025-20927 (Out-of-bounds read in parsing image data in Samsung Notes prior to vae ...)
+	TODO: check
+CVE-2025-20926 (Improper export of Android application components in My Files prior to ...)
+	TODO: check
+CVE-2025-20925 (Out-of-bounds read in applying binary of text data in Samsung Notes pr ...)
+	TODO: check
+CVE-2025-20924 (Improper access control in Samsung Notes prior to version 4.4.26.71 al ...)
+	TODO: check
+CVE-2025-20923 (Improper access control in Galaxy Wearable prior to version 2.2.61.241 ...)
+	TODO: check
+CVE-2025-20922 (Out-of-bounds read in appending text paragraph in Samsung Notes prior  ...)
+	TODO: check
+CVE-2025-20921 (Out-of-bounds read in applying binary of text content in Samsung Notes ...)
+	TODO: check
+CVE-2025-20920 (Out-of-bounds read in action link data in Samsung Notes prior to versi ...)
+	TODO: check
+CVE-2025-20919 (Out-of-bounds read in applying binary of video content in Samsung Note ...)
+	TODO: check
+CVE-2025-20918 (Out-of-bounds read in applying extra data of base content in Samsung N ...)
+	TODO: check
+CVE-2025-20917 (Out-of-bounds read in applying binary of pdf content in Samsung Notes  ...)
+	TODO: check
+CVE-2025-20916 (Out-of-bounds read in reading string of SPen in Samsung Notes prior to ...)
+	TODO: check
+CVE-2025-20915 (Out-of-bounds read in applying binary of voice content in Samsung Note ...)
+	TODO: check
+CVE-2025-20914 (Out-of-bounds read in applying binary of hand writing content in Samsu ...)
+	TODO: check
+CVE-2025-20913 (Out-of-bounds read in applying binary of drawing content in Samsung No ...)
+	TODO: check
+CVE-2025-20912 (Incorrect default permission in DiagMonAgent prior to SMR Mar-2025 Rel ...)
+	TODO: check
+CVE-2025-20911 (Improper access control in sem_wifi service prior to SMR Mar-2025 Rele ...)
+	TODO: check
+CVE-2025-20910 (Incorrect default permission in Galaxy Watch Gallery prior to SMR Mar- ...)
+	TODO: check
+CVE-2025-20909 (Use of implicit intent for sensitive communication in Settings prior t ...)
+	TODO: check
+CVE-2025-20908 (Use of insufficiently random values in Auracast prior to SMR Mar-2025  ...)
+	TODO: check
+CVE-2025-20903 (Improper access control in SecSettingsIntelligence prior to SMR Mar-20 ...)
+	TODO: check
+CVE-2025-1979 (Versions of the package ray before 2.43.0 are vulnerable to Insertion  ...)
+	TODO: check
+CVE-2024-57174 (A misconfiguration in Alphion ASEE-1443 Firmware v0.4.H.00.02.15 defin ...)
+	TODO: check
+CVE-2024-13868 (The URL Shortener | Conversion Tracking  | AB Testing  | WooCommerce W ...)
+	TODO: check
 CVE-2025-2003 (Incorrect authorization in PAM vaults in Devolutions Server 2024.3.12  ...)
 	NOT-FOR-US: Devolutions
 CVE-2025-27517 (Volt is an elegantly crafted functional API for Livewire. Malicious, u ...)
@@ -286769,7 +286853,7 @@ CVE-2021-40575 (The binary MP4Box in Gpac 1.0.1 has a null pointer dereference v
 	[stretch] - gpac <end-of-life> (No longer supported in LTS)
 	NOTE: https://github.com/gpac/gpac/issues/1905
 	NOTE: https://github.com/gpac/gpac/commit/5f2c2a16d30229b6241f02fa28e3d6b810d64858 (v2.0.0)
-CVE-2021-40574 (The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the ...)
+CVE-2021-40574 (The binary MP4Box in Gpac from 0.9.0-preview to 1.0.1 has a double-fre ...)
 	{DSA-5411-1}
 	- gpac 2.0.0+dfsg1-2
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
@@ -359030,7 +359114,7 @@ CVE-2020-24831
 	RESERVED
 CVE-2020-24830
 	RESERVED
-CVE-2020-24829 (An issue was discovered in GPAC v0.8.0, as demonstrated by MP4Box. It  ...)
+CVE-2020-24829 (An issue was discovered in GPAC from v0.5.2 to v0.8.0, as demonstrated ...)
 	- gpac 1.0.1+dfsg1-2
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	[stretch] - gpac <end-of-life> (No longer supported in LTS)
@@ -408523,7 +408607,7 @@ CVE-2019-20210 (The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and E
 	NOT-FOR-US: themes for WordPress
 CVE-2019-20209 (The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBoo ...)
 	NOT-FOR-US: themes for WordPress
-CVE-2019-20208 (dimC_Read in isomedia/box_code_3gpp.c in GPAC 0.8.0 has a stack-based  ...)
+CVE-2019-20208 (dimC_Read in isomedia/box_code_3gpp.c in GPAC from 0.5.2 to 0.8.0 has  ...)
 	{DLA-2072-1}
 	- gpac 1.0.1+dfsg1-2 (bug #972053)
 	[buster] - gpac <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ecb9b66ee95bd9dbe62bf3e1e7dc29604e918418

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ecb9b66ee95bd9dbe62bf3e1e7dc29604e918418
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250306/ac9757d8/attachment.htm>

More information about the debian-security-tracker-commits mailing list