[Git][security-tracker-team/security-tracker][master] bugnums
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Mar 21 13:41:49 GMT 2025
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
29553caf by Moritz Muehlenhoff at 2025-03-21T14:34:48+01:00
bugnums
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -35,7 +35,7 @@ CVE-2025-2583 (A vulnerability was found in SimpleMachines SMF 2.1.4. It has bee
CVE-2025-2582 (A vulnerability was found in SimpleMachines SMF 2.1.4 and classified a ...)
NOT-FOR-US: SimpleMachines SMF
CVE-2025-2581 (A vulnerability has been found in xmedcon 0.25.0 and classified as pro ...)
- - xmedcon <unfixed>
+ - xmedcon <unfixed> (bug #1100986)
[bookworm] - xmedcon <no-dsa> (Minor issue)
NOTE: https://xmedcon.sourceforge.io/Main/New
NOTE: https://sourceforge.net/p/xmedcon/code/ci/e7a88836fc2277f8ab777f3ef24f917d08415559/
@@ -64,7 +64,7 @@ CVE-2024-44305 (This issue was addressed by removing the vulnerable code. This i
CVE-2024-44199 (An out-of-bounds read was addressed with improved input validation. Th ...)
NOT-FOR-US: Apple
CVE-2024-13903 (A vulnerability was found in quickjs-ng QuickJS up to 0.8.0. It has be ...)
- - quickjs <unfixed>
+ - quickjs <unfixed> (bug #1100987)
NOTE: https://github.com/quickjs-ng/quickjs/issues/775
NOTE: https://github.com/quickjs-ng/quickjs/commit/99c02eb45170775a9a679c32b45dd4000ea67aff
CVE-2025-30160 (Redlib is an alternative private front-end to Reddit. A vulnerability ...)
@@ -472,7 +472,7 @@ CVE-2024-6986 (A Cross-site Scripting (XSS) vulnerability exists in the Settings
CVE-2024-6982 (A remote code execution vulnerability exists in the Calculate function ...)
NOT-FOR-US: parisneo/lollms
CVE-2024-6866 (corydolphin/flask-cors version 4.01 contains a vulnerability where the ...)
- - python-flask-cors <unfixed>
+ - python-flask-cors <unfixed> (bug #1100988)
NOTE: https://huntr.com/bounties/808c11af-faee-43a8-824b-b5ab4f62b9e6
CVE-2024-6863 (In h2oai/h2o-3 version 3.46.0, an endpoint exposing a custom Encryptio ...)
NOT-FOR-US: h2oai/h2o-3
@@ -481,21 +481,21 @@ CVE-2024-6854 (In h2oai/h2o-3 version 3.46.0, the endpoint for exporting models
CVE-2024-6851 (In version 3.22.0 of aimhubio/aim, the LocalFileManager._cleanup funct ...)
NOT-FOR-US: aimhubio/aim
CVE-2024-6844 (A vulnerability in corydolphin/flask-cors version 4.0.1 allows for inc ...)
- - python-flask-cors <unfixed>
+ - python-flask-cors <unfixed> (bug #1100988)
NOTE: https://huntr.com/bounties/731a6cd4-d05f-4fe6-8f5b-fe088d7b34e0
CVE-2024-6842 (In version 1.5.5 of mintplex-labs/anything-llm, the `/setup-complete` ...)
NOT-FOR-US: mintplex-labs/anything-llm
CVE-2024-6841 (A Cross-Site Request Forgery (CSRF) vulnerability exists in the latest ...)
NOT-FOR-US: Vanna-ai
CVE-2024-6839 (corydolphin/flask-cors version 4.0.1 contains an improper regex path m ...)
- - python-flask-cors <unfixed>
+ - python-flask-cors <unfixed> (bug #1100988)
NOTE: https://huntr.com/bounties/403eb1fc-86f4-4820-8eba-0f3dfae9f2b4
CVE-2024-6838 (In mlflow/mlflow version v2.13.2, a vulnerability exists that allows t ...)
NOT-FOR-US: mlflow
CVE-2024-6829 (A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to e ...)
NOT-FOR-US: aimhubio/aim
CVE-2024-6827 (Gunicorn version 21.2.0 does not properly validate the value of the 'T ...)
- - gunicorn <unfixed>
+ - gunicorn <unfixed> (bug #1100989)
[bookworm] - gunicorn <no-dsa> (Minor issue)
NOTE: https://huntr.com/bounties/1b4f8f38-39da-44b6-9f98-f618639d0dd7
CVE-2024-6825 (BerriAI/litellm version 1.40.12 contains a vulnerability that allows r ...)
@@ -899,11 +899,10 @@ CVE-2024-13875 (The WP-PManager WordPress plugin through 1.2 does not sanitise a
CVE-2024-12016 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: CM Informatics CM News
CVE-2025-30258 (In GnuPG before 2.5.5, if a user chooses to import a certificate with ...)
- - gnupg2 <unfixed>
+ - gnupg2 <unfixed> (bug #1100990)
NOTE: https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html
NOTE: https://dev.gnupg.org/T7527
NOTE: https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158
- TODO: check details
CVE-2025-30197 (Jenkins Zoho QEngine Plugin 1.0.29.vfa_cc23396502 and earlier does not ...)
NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-30196 (Jenkins AnchorChain Plugin 1.0 does not limit URL schemes for links it ...)
@@ -1138,7 +1137,7 @@ CVE-2025-2490 (A vulnerability was found in Dromara ujcms 9.7.5. It has been rat
CVE-2025-2489 (Insecure information storage vulnerability in NTFS Tools version 3.5.1 ...)
NOT-FOR-US: NTFS Tools
CVE-2025-2487 (A flaw was found in the 389-ds-base LDAP Server. This issue occurs whe ...)
- - 389-ds-base <unfixed>
+ - 389-ds-base <unfixed> (bug #1100994)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2353071
CVE-2025-2450 (NI Vision Builder AI VBAI File Processing Missing Warning Remote Code ...)
NOT-FOR-US: NI
@@ -1463,7 +1462,7 @@ CVE-2025-0596 (A stored Cross-site Scripting (XSS) vulnerability affecting Bookm
CVE-2025-0595 (A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboar ...)
NOT-FOR-US: 3DS
CVE-2025-0495 (Buildx is a Docker CLI plugin that extends build capabilities using Bu ...)
- - docker-buildx <unfixed>
+ - docker-buildx <unfixed> (bug #1100991)
NOTE: https://github.com/docker/buildx/security/advisories/GHSA-m4gq-fm9h-8q75
CVE-2024-9055 (The DPA countermeasures on Silicon Labs' Series 2 devices are not rese ...)
NOT-FOR-US: Silicon Labs
@@ -1598,11 +1597,11 @@ CVE-2025-2340 (A vulnerability was found in otale Tale Blog 2.0.5. It has been d
CVE-2025-2339 (A vulnerability was found in otale Tale Blog 2.0.5. It has been classi ...)
NOT-FOR-US: Tale Blog
CVE-2025-2338 (A vulnerability, which was classified as critical, was found in tbeu m ...)
- - libmatio <unfixed>
+ - libmatio <unfixed> (bug #1100992)
[bookworm] - libmatio <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://github.com/tbeu/matio/issues/269
CVE-2025-2337 (A vulnerability, which was classified as critical, has been found in t ...)
- - libmatio <unfixed>
+ - libmatio <unfixed> (bug #1100992)
[bookworm] - libmatio <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://github.com/tbeu/matio/issues/267
CVE-2025-30077 (Open Networking Foundation SD-RAN ONOS onos-lib-go 0.10.28 allows an i ...)
@@ -2169,7 +2168,7 @@ CVE-2024-13054 (An issue was discovered in GitLab CE/EE affecting all versions b
CVE-2024-12380 (An issue was discovered in GitLab EE/CE affecting all versions startin ...)
- gitlab <unfixed>
CVE-2020-36843 (The implementation of EdDSA in EdDSA-Java (aka ed25519-java) through 0 ...)
- - libeddsa-java <unfixed>
+ - libeddsa-java <unfixed> (bug #1100993)
NOTE: https://github.com/str4d/ed25519-java/pull/82
CVE-2025-2240 (A flaw was found in Smallrye, where smallrye-fault-tolerance is vulner ...)
NOT-FOR-US: Smallrye
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/29553cafab3029dcb9a26ae16a6a9af4070f1369
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/29553cafab3029dcb9a26ae16a6a9af4070f1369
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250321/6cd966c7/attachment.htm>
More information about the debian-security-tracker-commits
mailing list