[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
efbb7c41 by security tracker role at 2025-03-10T20:12:11+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,127 @@
+CVE-2025-2153 (A vulnerability, which was classified as critical, was found in HDF5 1 ...)
+	TODO: check
+CVE-2025-2152 (A vulnerability, which was classified as critical, has been found in O ...)
+	TODO: check
+CVE-2025-2151 (A vulnerability classified as critical was found in Open Asset Import  ...)
+	TODO: check
+CVE-2025-2149 (A vulnerability was found in PyTorch 2.6.0+cu124. It has been rated as ...)
+	TODO: check
+CVE-2025-2148 (A vulnerability was found in PyTorch 2.6.0+cu124. It has been declared ...)
+	TODO: check
+CVE-2025-2147 (A vulnerability was found in Beijing Zhide Intelligent Internet Techno ...)
+	TODO: check
+CVE-2025-27913 (Passbolt API before 5, if the server is misconfigured (with an incorre ...)
+	TODO: check
+CVE-2025-27616 (Vela is a Pipeline Automation (CI/CD) framework built on Linux contain ...)
+	TODO: check
+CVE-2025-27615 (umatiGateway is software for connecting OPC Unified Architecture serve ...)
+	TODO: check
+CVE-2025-27257 (Insufficient Verification of Data Authenticity vulnerability in GE Ver ...)
+	TODO: check
+CVE-2025-27256 (Missing Authentication for Critical Function vulnerability in GE Verno ...)
+	TODO: check
+CVE-2025-27255 (Use of Hard-coded Credentials vulnerability in GE Vernova EnerVista UR ...)
+	TODO: check
+CVE-2025-27254 (Improper Authentication vulnerability in GE Vernova EnerVista UR Setup ...)
+	TODO: check
+CVE-2025-27253 (An improper input validation in GE Vernova UR IED family devices from  ...)
+	TODO: check
+CVE-2025-27136 (LocalS3 is an Amazon S3 mock service for testing and local development ...)
+	TODO: check
+CVE-2025-26936 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
+	TODO: check
+CVE-2025-26933 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+	TODO: check
+CVE-2025-26916 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+	TODO: check
+CVE-2025-26910 (Cross-Site Request Forgery (CSRF) vulnerability in Iqonic Design WPBoo ...)
+	TODO: check
+CVE-2025-26696 (Certain crafted MIME email messages that claimed to contain an encrypt ...)
+	TODO: check
+CVE-2025-26695 (When requesting an OpenPGP key from a WKD server, an incorrect padding ...)
+	TODO: check
+CVE-2025-25977 (An issue in canvg v.4.0.2 allows an attacker to execute arbitrary code ...)
+	TODO: check
+CVE-2025-25940 (VisiCut 2.1 allows code execution via Insecure XML Deserialization in  ...)
+	TODO: check
+CVE-2025-25620 (Unifiedtransform 2.0 is vulnerable to Cross Site Scripting (XSS) in th ...)
+	TODO: check
+CVE-2025-25616 (Unifiedtransform 2.0 is vulnerable to Incorrect Access Control, which  ...)
+	TODO: check
+CVE-2025-25615 (Unifiedtransform 2.0 is vulnerable to Incorrect Access Control which a ...)
+	TODO: check
+CVE-2025-25614 (Incorrect Access Control in Unifiedtransform 2.0 leads to Privilege Es ...)
+	TODO: check
+CVE-2025-25382 (An issue in the Property Tax Payment Portal in Information Kerala Miss ...)
+	TODO: check
+CVE-2025-25306 (Misskey is an open source, federated social media platform. The patch  ...)
+	TODO: check
+CVE-2025-24813 (Path Equivalence: 'file.Name' (Internal Dot) leading toRemote Code Exe ...)
+	TODO: check
+CVE-2025-24387 (A vulnerability in OTRS Application Server allows session hijacking du ...)
+	TODO: check
+CVE-2025-22603 (AutoGPT is a platform that allows users to create, deploy, and manage  ...)
+	TODO: check
+CVE-2025-1945 (picklescan before 0.0.23 fails to detect malicious pickle files inside ...)
+	TODO: check
+CVE-2025-1944 (picklescan before 0.0.23 is vulnerable to a ZIP archive manipulation a ...)
+	TODO: check
+CVE-2025-1497 (A vulnerability, that could result in Remote Code Execution (RCE), has ...)
+	TODO: check
+CVE-2025-1296 (Nomad Community and Nomad Enterprise (\u201cNomad\u201d) are vulnerabl ...)
+	TODO: check
+CVE-2024-57492 (An issue in redoxOS relibc before commit 98aa4ea5 allows a local attac ...)
+	TODO: check
+CVE-2024-56188 (there is a possible way to crash the modem due to a missing null check ...)
+	TODO: check
+CVE-2024-56187 (In ppcfw_deny_sec_dram_access of ppcfw.c, there is a possible arbitrar ...)
+	TODO: check
+CVE-2024-56186 (In closeChannel of secureelementimpl.cpp, there is a possible out of b ...)
+	TODO: check
+CVE-2024-56185 (In ProtocolUnsolOnSSAdapter::GetServiceClass() of protocolcalladapter. ...)
+	TODO: check
+CVE-2024-56184 (In static long dev_send of tipc_dev_ql, there is a possible out of bou ...)
+	TODO: check
+CVE-2024-55199 (A Stored Cross Site Scripting (XSS) vulnerability in Celk Sistemas Cel ...)
+	TODO: check
+CVE-2024-54560 (A logic issue was addressed with improved checks. This issue is fixed  ...)
+	TODO: check
+CVE-2024-54558 (A clickjacking issue was addressed with improved out-of-process view h ...)
+	TODO: check
+CVE-2024-54546 (The issue was addressed with improved memory handling. This issue is f ...)
+	TODO: check
+CVE-2024-54473 (This issue was addressed with improved redaction of sensitive informat ...)
+	TODO: check
+CVE-2024-54469 (The issue was addressed with improved checks. This issue is fixed in m ...)
+	TODO: check
+CVE-2024-54467 (A cookie management issue was addressed with improved state management ...)
+	TODO: check
+CVE-2024-54463 (This issue was addressed with improved entitlements. This issue is fix ...)
+	TODO: check
+CVE-2024-53307 (A reflected cross-site scripting (XSS) vulnerability in the /mw/ endpo ...)
+	TODO: check
+CVE-2024-52905 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.6 a ...)
+	TODO: check
+CVE-2024-52812 (LF Edge eKuiper is an internet-of-things data analytics and stream pro ...)
+	TODO: check
+CVE-2024-47109 (IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through  ...)
+	TODO: check
+CVE-2024-44227 (The issue was addressed with improved memory handling. This issue is f ...)
+	TODO: check
+CVE-2024-44192 (The issue was addressed with improved checks. This issue is fixed in w ...)
+	TODO: check
+CVE-2024-44179 (This issue was addressed by restricting options offered on a locked de ...)
+	TODO: check
+CVE-2024-13919 (The Laravel framework versions between 11.9.0 and 11.35.1 are suscepti ...)
+	TODO: check
+CVE-2024-13918 (The Laravel framework versions between 11.9.0 and 11.35.1 are suscepti ...)
+	TODO: check
+CVE-2024-12604 (Cleartext Storage of Sensitive Information in an Environment Variable, ...)
+	TODO: check
+CVE-2022-48610 (This issue was addressed through improved state management. This issue ...)
+	TODO: check
+CVE-2022-43454 (A double free issue was addressed with improved memory management. Thi ...)
+	TODO: check
 CVE-2025-2150 (The C&Cm at il from HGiga has a Stored Cross-Site Scripting (XSS) vulnera ...)
 	NOT-FOR-US: HGiga
 CVE-2025-2133 (A vulnerability classified as problematic was found in ftcms 2.1. Affe ...)
@@ -333,7 +457,7 @@ CVE-2025-21835 (In the Linux kernel, the following vulnerability has been resolv
 	- linux 6.12.16-1
 	[bookworm] - linux 6.1.129-1
 	NOTE: https://git.kernel.org/linus/da1668997052ed1cb00322e1f3b63702615c9429 (6.14-rc3)
-CVE-2025-26865
+CVE-2025-26865 (Improper Neutralization of Special Elements Used in a Template Engine  ...)
 	NOT-FOR-US: Apache OFBiz
 CVE-2025-XXXX [RUSTSEC-2025-0009]
 	- rust-ring <unfixed>
@@ -1261,7 +1385,7 @@ CVE-2025-1943 (Memory safety bugs present in Firefox 135 and Thunderbird 135. So
 	- firefox 136.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-14/#CVE-2025-1943
 CVE-2025-1938 (Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ES ...)
-	{DSA-5876-1 DSA-5874-1 DLA-4078-1}
+	{DSA-5876-1 DSA-5874-1 DLA-4081-1 DLA-4078-1}
 	- firefox 136.0-1
 	- firefox-esr 128.8.0esr-1
 	- thunderbird 1:128.8.0esr-1
@@ -1269,7 +1393,7 @@ CVE-2025-1938 (Memory safety bugs present in Firefox 135, Thunderbird 135, Firef
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-16/#CVE-2025-1938
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-18/#CVE-2025-1938
 CVE-2025-1937 (Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ES ...)
-	{DSA-5876-1 DSA-5874-1 DLA-4078-1}
+	{DSA-5876-1 DSA-5874-1 DLA-4081-1 DLA-4078-1}
 	- firefox 136.0-1
 	- firefox-esr 128.8.0esr-1
 	- thunderbird 1:128.8.0esr-1
@@ -1277,7 +1401,7 @@ CVE-2025-1937 (Memory safety bugs present in Firefox 135, Thunderbird 135, Firef
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-16/#CVE-2025-1937
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-18/#CVE-2025-1937
 CVE-2025-1936 (jar: URLs retrieve local file content packaged in a ZIP archive. The n ...)
-	{DSA-5876-1 DSA-5874-1 DLA-4078-1}
+	{DSA-5876-1 DSA-5874-1 DLA-4081-1 DLA-4078-1}
 	- firefox 136.0-1
 	- firefox-esr 128.8.0esr-1
 	- thunderbird 1:128.8.0esr-1
@@ -1285,7 +1409,7 @@ CVE-2025-1936 (jar: URLs retrieve local file content packaged in a ZIP archive.
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-16/#CVE-2025-1936
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-18/#CVE-2025-1936
 CVE-2025-1935 (A web page could trick a user into setting that site as the default ha ...)
-	{DSA-5876-1 DSA-5874-1 DLA-4078-1}
+	{DSA-5876-1 DSA-5874-1 DLA-4081-1 DLA-4078-1}
 	- firefox 136.0-1
 	- firefox-esr 128.8.0esr-1
 	- thunderbird 1:128.8.0esr-1
@@ -1299,7 +1423,7 @@ CVE-2025-1941 (Under certain circumstances, a user opt-in setting that Focus sho
 	- firefox <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-14/#CVE-2025-1941
 CVE-2025-1934 (It was possible to interrupt the processing of a RegExp bailout and ru ...)
-	{DSA-5876-1 DSA-5874-1 DLA-4078-1}
+	{DSA-5876-1 DSA-5874-1 DLA-4081-1 DLA-4078-1}
 	- firefox 136.0-1
 	- firefox-esr 128.8.0esr-1
 	- thunderbird 1:128.8.0esr-1
@@ -1310,7 +1434,7 @@ CVE-2025-1940 (A select option could partially obscure the confirmation prompt s
 	- firefox <not-affected> (Only affects Firefox on Android)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-14/#CVE-2025-1940
 CVE-2025-1933 (On 64-bit CPUs, when the JIT compiles WASM i32 return values they can  ...)
-	{DSA-5876-1 DSA-5874-1 DLA-4078-1}
+	{DSA-5876-1 DSA-5874-1 DLA-4081-1 DLA-4078-1}
 	- firefox 136.0-1
 	- firefox-esr 128.8.0esr-1
 	- thunderbird 1:128.8.0esr-1
@@ -1318,7 +1442,7 @@ CVE-2025-1933 (On 64-bit CPUs, when the JIT compiles WASM i32 return values they
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-16/#CVE-2025-1933
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-18/#CVE-2025-1932
 CVE-2025-1932 (An inconsistent comparator in xslt/txNodeSorter could have resulted in ...)
-	{DSA-5876-1 DSA-5874-1 DLA-4078-1}
+	{DSA-5876-1 DSA-5874-1 DLA-4081-1 DLA-4078-1}
 	- firefox 136.0-1
 	- firefox-esr 128.8.0esr-1
 	- thunderbird 1:128.8.0esr-1
@@ -1326,7 +1450,7 @@ CVE-2025-1932 (An inconsistent comparator in xslt/txNodeSorter could have result
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-16/#CVE-2025-1932
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-18/#CVE-2025-1932
 CVE-2025-1931 (It was possible to cause a use-after-free in the content process side  ...)
-	{DSA-5876-1 DSA-5874-1 DLA-4078-1}
+	{DSA-5876-1 DSA-5874-1 DLA-4081-1 DLA-4078-1}
 	- firefox 136.0-1
 	- firefox-esr 128.8.0esr-1
 	- thunderbird 1:128.8.0esr-1
@@ -21863,7 +21987,7 @@ CVE-2024-43764 (In onPrimaryClipChanged of ClipboardListener.java, there is a po
 CVE-2024-43762 (In multiple locations, there is a possible way to avoid unbinding of a ...)
 	NOT-FOR-US: Android
 CVE-2024-43097 (In resizeToAtLeast of SkRegion.cpp, there is a possible out of bounds  ...)
-	{DSA-5876-1 DSA-5874-1 DLA-4078-1}
+	{DSA-5876-1 DSA-5874-1 DLA-4081-1 DLA-4078-1}
 	- firefox-esr 128.8.0esr-1
 	- thunderbird 1:128.8.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-16/#CVE-2024-43097



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/efbb7c410eb3ac94b4bbd63f48b84ab7693a785a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/efbb7c410eb3ac94b4bbd63f48b84ab7693a785a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250310/35087406/attachment-0001.htm>