[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Mar 12 20:12:50 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
98a54ee9 by security tracker role at 2025-03-12T20:12:44+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,97 +1,207 @@
-CVE-2025-27867
+CVE-2025-2240 (A flaw was found in Smallrye, where smallrye-fault-tolerance is vulner ...)
+	TODO: check
+CVE-2025-2239 (Generation of Error Message Containing Sensitive Information vulnerabi ...)
+	TODO: check
+CVE-2025-2002 (CWE-532: Insertion of Sensitive Information into Log Files vulnerabili ...)
+	TODO: check
+CVE-2025-29904 (In JetBrains Ktor before 3.1.1 an HTTP Request Smuggling was possible)
+	TODO: check
+CVE-2025-29903 (In JetBrains Runtime before 21.0.6b872.80 arbitrary dynamic library ex ...)
+	TODO: check
+CVE-2025-27915 (An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0 and ...)
+	TODO: check
+CVE-2025-27914 (An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0 and ...)
+	TODO: check
+CVE-2025-27794 (Flarum is open-source forum software. A session hijacking vulnerabilit ...)
+	TODO: check
+CVE-2025-27788 (JSON is a JSON implementation for Ruby. Starting in version 2.10.0 and ...)
+	TODO: check
+CVE-2025-27407 (graphql-ruby is a Ruby implementation of GraphQL. Starting in version  ...)
+	TODO: check
+CVE-2025-27017 (Apache NiFi 1.13.0 through 2.2.0 includes the username and password us ...)
+	TODO: check
+CVE-2025-26260 (Plenti <= 0.7.16 is vulnerable to code execution. Users uploading '.sv ...)
+	TODO: check
+CVE-2025-25975 (An issue in parse-git-config v.3.0.0 allows an attacker to obtain sens ...)
+	TODO: check
+CVE-2025-25774 (An issue was discovered in Open5GS v2.7.2. When a UE switches between  ...)
+	TODO: check
+CVE-2025-25711 (An issue in dtp.ae tNexus Airport View v.2.8 allows a remote attacker  ...)
+	TODO: check
+CVE-2025-25709 (An issue in dtp.ae tNexus Airport View v.2.8 allows a remote attacker  ...)
+	TODO: check
+CVE-2025-25683 (AlekSIS-Core is vulnerable to Incorrect Access Control. Unauthenticate ...)
+	TODO: check
+CVE-2025-25568 (SoftEtherVPN 5.02.5187 is vulnerable to Use after Free in the Command. ...)
+	TODO: check
+CVE-2025-25567 (SoftEther VPN 5.02.5187 is vulnerable to Buffer Overflow in Internat.c ...)
+	TODO: check
+CVE-2025-25566 (Memory Leak vulnerability in SoftEtherVPN 5.02.5187 allows an attacker ...)
+	TODO: check
+CVE-2025-25565 (SoftEther VPN 5.02.5187 is vulnerable to Buffer Overflow in the Comman ...)
+	TODO: check
+CVE-2025-22954 (Koha <= 21.11 is contains a SQL Injection vulnerability in /serials/la ...)
+	TODO: check
+CVE-2025-21590 (An Improper Isolation or Compartmentalization vulnerability in the ker ...)
+	TODO: check
+CVE-2025-20209 (A vulnerability in the Internet Key Exchange version 2 (IKEv2) functio ...)
+	TODO: check
+CVE-2025-20177 (A vulnerability in the boot process of Cisco IOS XR Software could all ...)
+	TODO: check
+CVE-2025-20146 (A vulnerability in the Layer 3 multicast feature of Cisco IOS XR Softw ...)
+	TODO: check
+CVE-2025-20145 (A vulnerability in the access control list (ACL) processing in the egr ...)
+	TODO: check
+CVE-2025-20144 (A vulnerability in the hybrid access control list (ACL) processing of  ...)
+	TODO: check
+CVE-2025-20143 (A vulnerability in the boot process of Cisco IOS XR Software could all ...)
+	TODO: check
+CVE-2025-20142 (A vulnerability in the IPv4 access control list (ACL) feature and qual ...)
+	TODO: check
+CVE-2025-20141 (A vulnerability in the handling of specific packets that are punted fr ...)
+	TODO: check
+CVE-2025-20138 (A vulnerability in the CLI of Cisco IOS XR Software could allow an aut ...)
+	TODO: check
+CVE-2025-20115 (A vulnerability in confederation implementation for the Border Gateway ...)
+	TODO: check
+CVE-2025-1984 (Xerox Desktop Print Experience application contains a Local Privilege  ...)
+	TODO: check
+CVE-2025-1960 (CWE-1188: Initialization of a Resource with an Insecure Default vulner ...)
+	TODO: check
+CVE-2025-1683 (Improper link resolution before file access in the Nomad module of the ...)
+	TODO: check
+CVE-2025-1527 (The ShopLentor \u2013 WooCommerce Builder for Elementor & Gutenberg +2 ...)
+	TODO: check
+CVE-2025-0884 (Unquoted Search Path or Element vulnerability in OpenText\u2122 Servic ...)
+	TODO: check
+CVE-2025-0883 (Improper Neutralization of Script in an Error Message Web Page vulnera ...)
+	TODO: check
+CVE-2025-0813 (CWE-287: Improper Authentication vulnerability exists that could cause ...)
+	TODO: check
+CVE-2025-0118 (A vulnerability in the Palo Alto Networks GlobalProtect app on Windows ...)
+	TODO: check
+CVE-2025-0117 (A reliance on untrusted input for a security decision in the GlobalPro ...)
+	TODO: check
+CVE-2025-0116 (A Denial of Service (DoS) vulnerability in Palo Alto Networks PAN-OS s ...)
+	TODO: check
+CVE-2025-0115 (A vulnerability in the Palo Alto Networks PAN-OS software enables an a ...)
+	TODO: check
+CVE-2025-0114 (A Denial of Service (DoS) vulnerability in the GlobalProtect feature o ...)
+	TODO: check
+CVE-2024-52362 (IBM App Connect Enterprise Certified Container 7.2, 8.0, 8.1, 8.2, 9.0 ...)
+	TODO: check
+CVE-2024-34398 (An issue was discovered in BMC Remedy Mid Tier 7.6.04. The web applica ...)
+	TODO: check
+CVE-2024-27763 (XPixelGroup BasicSR through 1.4.2 might locally allow code execution i ...)
+	TODO: check
+CVE-2024-26290 (Improper Input Validation vulnerability in Avid Avid NEXIS E-series on ...)
+	TODO: check
+CVE-2024-13872 (Bitdefender Box, versions 1.3.11.490 through 1.3.11.505, uses the inse ...)
+	TODO: check
+CVE-2024-13871 (A command injection vulnerability exists in the /check_image_and_trigg ...)
+	TODO: check
+CVE-2024-13870 (An improper access control vulnerability exists in Bitdefender Box 1 ( ...)
+	TODO: check
+CVE-2024-13446 (The Workreap plugin for WordPress is vulnerable to privilege escalatio ...)
+	TODO: check
+CVE-2024-13430 (The Page Builder: Pagelayer \u2013 Drag and Drop website builder plugi ...)
+	TODO: check
+CVE-2024-10838 (An integer underflow during deserialization may allow any unauthentica ...)
+	TODO: check
+CVE-2025-27867 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: Apache Felix Webconsole
-CVE-2025-29891
+CVE-2025-29891 (Bypass/Injection vulnerability in Apache Camel.  This issue affects Ap ...)
 	NOT-FOR-US: Apache Camel
-CVE-2025-21866 [powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC]
+CVE-2025-21866 (In the Linux kernel, the following vulnerability has been resolved:  p ...)
 	- linux 6.12.17-1
 	NOTE: https://git.kernel.org/linus/d262a192d38e527faa5984629aabda2e0d1c4f54 (6.14-rc4)
-CVE-2025-21865 [gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl().]
+CVE-2025-21865 (In the Linux kernel, the following vulnerability has been resolved:  g ...)
 	- linux 6.12.17-1
 	NOTE: https://git.kernel.org/linus/4ccacf86491d33d2486b62d4d44864d7101b299d (6.14-rc4)
-CVE-2025-21864 [tcp: drop secpath at the same time as we currently drop dst]
+CVE-2025-21864 (In the Linux kernel, the following vulnerability has been resolved:  t ...)
 	- linux 6.12.17-1
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/9b6412e6979f6f9e0632075f8f008937b5cd4efd (6.14-rc4)
-CVE-2025-21863 [io_uring: prevent opcode speculation]
+CVE-2025-21863 (In the Linux kernel, the following vulnerability has been resolved:  i ...)
 	- linux 6.12.17-1
 	NOTE: https://git.kernel.org/linus/1e988c3fe1264708f4f92109203ac5b1d65de50b (6.14-rc4)
-CVE-2025-21862 [drop_monitor: fix incorrect initialization order]
+CVE-2025-21862 (In the Linux kernel, the following vulnerability has been resolved:  d ...)
 	- linux 6.12.17-1
 	NOTE: https://git.kernel.org/linus/07b598c0e6f06a0f254c88dafb4ad50f8a8c6eea (6.14-rc4)
-CVE-2025-21861 [mm/migrate_device: don't add folio to be freed to LRU in migrate_device_finalize()]
+CVE-2025-21861 (In the Linux kernel, the following vulnerability has been resolved:  m ...)
 	- linux 6.12.17-1
 	NOTE: https://git.kernel.org/linus/41cddf83d8b00f29fd105e7a0777366edc69a5cf (6.14-rc4)
-CVE-2025-21860 [mm/zswap: fix inconsistency when zswap_store_page() fails]
+CVE-2025-21860 (In the Linux kernel, the following vulnerability has been resolved:  m ...)
 	- linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/63895d20d63b446f5049a963983489319c2ea3e2 (6.14-rc4)
-CVE-2025-21859 [USB: gadget: f_midi: f_midi_complete to call queue_work]
+CVE-2025-21859 (In the Linux kernel, the following vulnerability has been resolved:  U ...)
 	- linux 6.12.17-1
 	NOTE: https://git.kernel.org/linus/4ab37fcb42832cdd3e9d5e50653285ca84d6686f (6.14-rc3)
-CVE-2025-21858 [geneve: Fix use-after-free in geneve_find_dev().]
+CVE-2025-21858 (In the Linux kernel, the following vulnerability has been resolved:  g ...)
 	- linux 6.12.17-1
 	NOTE: https://git.kernel.org/linus/9593172d93b9f91c362baec4643003dc29802929 (6.14-rc4)
-CVE-2025-21857 [net/sched: cls_api: fix error handling causing NULL dereference]
+CVE-2025-21857 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
 	- linux 6.12.17-1
 	[bookworm] - linux <not-affected> (Vulnerable code not present)
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/071ed42cff4fcdd89025d966d48eabef59913bf2 (6.14-rc4)
-CVE-2025-21856 [s390/ism: add release function for struct device]
+CVE-2025-21856 (In the Linux kernel, the following vulnerability has been resolved:  s ...)
 	- linux 6.12.17-1
 	[bookworm] - linux <not-affected> (Vulnerable code not present)
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/915e34d5ad35a6a9e56113f852ade4a730fb88f0 (6.14-rc4)
-CVE-2025-21855 [ibmvnic: Don't reference skb after sending to VIOS]
+CVE-2025-21855 (In the Linux kernel, the following vulnerability has been resolved:  i ...)
 	- linux 6.12.17-1
 	NOTE: https://git.kernel.org/linus/bdf5d13aa05ec314d4385b31ac974d6c7e0997c9 (6.14-rc4)
-CVE-2025-21854 [sockmap, vsock: For connectible sockets allow only connected]
+CVE-2025-21854 (In the Linux kernel, the following vulnerability has been resolved:  s ...)
 	- linux 6.12.17-1
 	[bookworm] - linux <not-affected> (Vulnerable code not present)
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/8fb5bb169d17cdd12c2dcc2e96830ed487d77a0f (6.14-rc4)
-CVE-2025-21853 [bpf: avoid holding freeze_mutex during mmap operation]
+CVE-2025-21853 (In the Linux kernel, the following vulnerability has been resolved:  b ...)
 	- linux 6.12.17-1
 	NOTE: https://git.kernel.org/linus/bc27c52eea189e8f7492d40739b7746d67b65beb (6.14-rc4)
-CVE-2025-21852 [net: Add rx_skb of kfree_skb to raw_tp_null_args[].]
+CVE-2025-21852 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
 	- linux 6.12.17-1
 	[bookworm] - linux <not-affected> (Vulnerable code not present)
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/5da7e15fb5a12e78de974d8908f348e279922ce9 (6.14-rc4)
-CVE-2025-21851 [bpf: Fix softlockup in arena_map_free on 64k page kernel]
+CVE-2025-21851 (In the Linux kernel, the following vulnerability has been resolved:  b ...)
 	- linux 6.12.17-1
 	[bookworm] - linux <not-affected> (Vulnerable code not present)
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/517e8a7835e8cfb398a0aeb0133de50e31cae32b (6.14-rc4)
-CVE-2025-21850 [nvmet: Fix crash when a namespace is disabled]
+CVE-2025-21850 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
 	- linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/4082326807072b71496501b6a0c55ffe8d5092a5 (6.14-rc4)
-CVE-2025-21849 [drm/i915/gt: Use spin_lock_irqsave() in interruptible context]
+CVE-2025-21849 (In the Linux kernel, the following vulnerability has been resolved:  d ...)
 	- linux 6.12.17-1
 	[bookworm] - linux <not-affected> (Vulnerable code not present)
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/e49477f7f78598295551d486ecc7f020d796432e (6.14-rc4)
-CVE-2025-21848 [nfp: bpf: Add check for nfp_app_ctrl_msg_alloc()]
+CVE-2025-21848 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
 	- linux 6.12.17-1
 	NOTE: https://git.kernel.org/linus/878e7b11736e062514e58f3b445ff343e6705537 (6.14-rc4)
-CVE-2025-21847 [ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data()]
+CVE-2025-21847 (In the Linux kernel, the following vulnerability has been resolved:  A ...)
 	- linux 6.12.17-1
 	[bookworm] - linux <not-affected> (Vulnerable code not present)
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/d8d99c3b5c485f339864aeaa29f76269cc0ea975 (6.14-rc4)
-CVE-2025-21846 [acct: perform last write from workqueue]
+CVE-2025-21846 (In the Linux kernel, the following vulnerability has been resolved:  a ...)
 	- linux 6.12.17-1
 	NOTE: https://git.kernel.org/linus/56d5f3eba3f5de0efdd556de4ef381e109b973a9 (6.14-rc4)
-CVE-2025-21845 [mtd: spi-nor: sst: Fix SST write failure]
+CVE-2025-21845 (In the Linux kernel, the following vulnerability has been resolved:  m ...)
 	- linux 6.12.17-1
 	[bookworm] - linux <not-affected> (Vulnerable code not present)
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/539bd20352832b9244238a055eb169ccf1c41ff6 (6.14-rc4)
-CVE-2025-21844 [smb: client: Add check for next_buffer in receive_encrypted_standard()]
+CVE-2025-21844 (In the Linux kernel, the following vulnerability has been resolved:  s ...)
 	- linux 6.12.17-1
 	NOTE: https://git.kernel.org/linus/860ca5e50f73c2a1cef7eefc9d39d04e275417f7 (6.14-rc4)
-CVE-2024-58089 [btrfs: fix double accounting race when btrfs_run_delalloc_range() failed]
+CVE-2024-58089 (In the Linux kernel, the following vulnerability has been resolved:  b ...)
 	- linux 6.12.17-1
 	NOTE: https://git.kernel.org/linus/72dad8e377afa50435940adfb697e070d3556670 (6.14-rc1)
-CVE-2024-58088 [bpf: Fix deadlock when freeing cgroup storage]
+CVE-2024-58088 (In the Linux kernel, the following vulnerability has been resolved:  b ...)
 	- linux 6.12.17-1
 	[bookworm] - linux <not-affected> (Vulnerable code not present)
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -517,6 +627,7 @@ CVE-2025-24439 (Substance3D - Sampler versions 4.5.2 and earlier are affected by
 CVE-2025-24431 (Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and e ...)
 	NOT-FOR-US: Adobe
 CVE-2025-24201 (An out-of-bounds write issue was addressed with improved checks to pre ...)
+	{DSA-5877-1}
 	NOT-FOR-US: Apple
 CVE-2025-24084 (Untrusted pointer dereference in Windows Subsystem for Linux allows an ...)
 	NOT-FOR-US: Microsoft
@@ -729,12 +840,15 @@ CVE-2025-2173 (A vulnerability was found in libzvbi up to 0.2.43. It has been cl
 CVE-2025-2169 (The The WPCS \u2013 WordPress Currency Switcher Professional plugin fo ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-2137 (Out of bounds read in V8 in Google Chrome prior to 134.0.6998.88 allow ...)
+	{DSA-5877-1}
 	- chromium 134.0.6998.88-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2025-2136 (Use after free in Inspector in Google Chrome prior to 134.0.6998.88 al ...)
+	{DSA-5877-1}
 	- chromium 134.0.6998.88-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2025-2135 (Type Confusion in V8 in Google Chrome prior to 134.0.6998.88 allowed a ...)
+	{DSA-5877-1}
 	- chromium 134.0.6998.88-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2025-27926 (In Nintex Automation 5.6 and 5.7 before 5.8, the K2 SmartForms Designe ...)
@@ -809,6 +923,7 @@ CVE-2025-23188 (An authenticated user with low privileges can exploit a missing
 CVE-2025-23185 (Due to improper error handling in SAP Business Objects Business Intell ...)
 	NOT-FOR-US: SAP
 CVE-2025-1920 (Type Confusion in V8 in Google Chrome prior to 134.0.6998.88 allowed a ...)
+	{DSA-5877-1}
 	- chromium 134.0.6998.88-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2025-1661 (The HUSKY \u2013 Products Filter Professional for WooCommerce plugin f ...)
@@ -1056,7 +1171,7 @@ CVE-2025-2119 (A vulnerability was found in Thinkware Car Dashcam F800 Pro up to
 	NOT-FOR-US: Thinkware Car Dashcam F800 Pro
 CVE-2025-2118 (A vulnerability was found in Quantico Tecnologia PRMV 6.48. It has bee ...)
 	NOT-FOR-US: Quantico Tecnologia PRMV
-CVE-2025-27636 (Bypass/Injection vulnerability in Apache Camel-Bean component under pa ...)
+CVE-2025-27636 (Bypass/Injection vulnerability in Apache Camel components under partic ...)
 	NOT-FOR-US: Apache Camel
 CVE-2025-2117 (A vulnerability was found in Beijing Founder Electronics Founder Enjoy ...)
 	NOT-FOR-US: Beijing Founder Electronics Founder Enjoys All-Media Acquisition and Editing System
@@ -2121,7 +2236,7 @@ CVE-2024-0141 (NVIDIA Hopper HGX for 8-GPU contains a vulnerability in the GPU v
 	NOT-FOR-US: NVIDIA
 CVE-2024-0114 (NVIDIA Hopper HGX for 8-GPU contains a vulnerability in the HGX Manage ...)
 	NOT-FOR-US: NVIDIA
-CVE-2025-22870 [Matching of hosts against proxy patterns could improperly treat an IPv6 zone ID as a hostname component]
+CVE-2025-22870 (Matching of hosts against proxy patterns can improperly treat an IPv6  ...)
 	- golang-1.24 1.24.1-1
 	- golang-1.23 1.23.7-1
 	- golang-1.19 <removed>
@@ -85631,7 +85746,8 @@ CVE-2024-35190 (Asterisk is an open source private branch exchange and telephony
 	NOTE: https://github.com/asterisk/asterisk/commit/85241bd22936cc15760fd1f65d16c98be7aeaf6d
 CVE-2024-35174 (Missing Authorization vulnerability in Flothemes Flo Forms.This issue  ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2024-35173 (Missing Authorization vulnerability in PluginEver Serial Numbers for W ...)
+CVE-2024-35173
+	REJECTED
 	NOT-FOR-US: WordPress plugin
 CVE-2024-34997 (joblib v1.4.2 was discovered to contain a deserialization vulnerabilit ...)
 	- joblib <unfixed> (unimportant)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/98a54ee906c490691d90be53c54af7c41084ce76

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/98a54ee906c490691d90be53c54af7c41084ce76
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250312/213237b0/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list