[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Mar 25 20:13:38 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
db2af2f2 by security tracker role at 2025-03-25T20:12:34+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,89 @@
+CVE-2025-30567 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2025-30216 (CryptoLib provides a software-only solution using the CCSDS Space Data ...)
+ TODO: check
+CVE-2025-30214 (Frappe is a full-stack web application framework. Prior to versions 14 ...)
+ TODO: check
+CVE-2025-30213 (Frappe is a full-stack web application framework. Prior to versions 14 ...)
+ TODO: check
+CVE-2025-30212 (Frappe is a full-stack web application framework. An SQL Injection vul ...)
+ TODO: check
+CVE-2025-30118 (An issue was discovered on the Audi Universal Traffic Recorder 2.88. I ...)
+ TODO: check
+CVE-2025-30091 (In Tiny MoxieManager PHP before 4.0.0, remote code execution can occur ...)
+ TODO: check
+CVE-2025-2757 (A vulnerability classified as critical was found in Open Asset Import ...)
+ TODO: check
+CVE-2025-2756 (A vulnerability classified as critical has been found in Open Asset Im ...)
+ TODO: check
+CVE-2025-2755 (A vulnerability was found in Open Asset Import Library Assimp 5.4.3. I ...)
+ TODO: check
+CVE-2025-2754 (A vulnerability was found in Open Asset Import Library Assimp 5.4.3. I ...)
+ TODO: check
+CVE-2025-2753 (A vulnerability was found in Open Asset Import Library Assimp 5.4.3. I ...)
+ TODO: check
+CVE-2025-2635 (The Digital License Manager plugin for WordPress is vulnerable to Refl ...)
+ TODO: check
+CVE-2025-2559 (A flaw was found in Keycloak. When the configuration uses JWT tokens f ...)
+ TODO: check
+CVE-2025-2542 (The Your Simple SVG Support plugin for WordPress is vulnerable to Stor ...)
+ TODO: check
+CVE-2025-2532 (Luxion KeyShot USDC File Parsing Use-After-Free Remote Code Execution ...)
+ TODO: check
+CVE-2025-2531 (Luxion KeyShot DAE File Parsing Heap-based Buffer Overflow Remote Code ...)
+ TODO: check
+CVE-2025-2530 (Luxion KeyShot DAE File Parsing Access of Uninitialized Pointer Remote ...)
+ TODO: check
+CVE-2025-2510 (The Frndzk Expandable Bottom Bar plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2025-2319 (The EZ SQL Reports Shortcode Widget and DB Backup plugin for WordPress ...)
+ TODO: check
+CVE-2025-2109 (The WP Compress \u2013 Instant Performance & Speed Optimization plugin ...)
+ TODO: check
+CVE-2025-29932 (In JetBrains GoLand before 2025.1 an XXE during debugging was possible)
+ TODO: check
+CVE-2025-29635 (A command injection vulnerability in D-Link DIR-823X 240126 and 240802 ...)
+ TODO: check
+CVE-2025-28904 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-27633 (The TRMTracker web application is vulnerable to reflected Cross-site s ...)
+ TODO: check
+CVE-2025-27632 (A Host Header Injection vulnerability in TRMTracker application may al ...)
+ TODO: check
+CVE-2025-27631 (The TRMTracker web application is vulnerable to LDAP injection attack ...)
+ TODO: check
+CVE-2025-27147 (The GLPI Inventory Plugin handles various types of tasks for GLPI agen ...)
+ TODO: check
+CVE-2025-26742 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22230 (VMware Tools for Windows contains an authentication bypass vulnerabili ...)
+ TODO: check
+CVE-2025-1445 (A vulnerability exists in RTU IEC 61850 client and server functionalit ...)
+ TODO: check
+CVE-2024-58105 (A vulnerability in the Trend Micro Apex One Security Agent Plug-in Us ...)
+ TODO: check
+CVE-2024-58104 (A vulnerability in the Trend Micro Apex One Security Agent Plug-in Us ...)
+ TODO: check
+CVE-2024-55604 (Appsmith is a platform to build admin panels, internal tools, and dash ...)
+ TODO: check
+CVE-2024-48818 (An issue in IIT Bombay, Mumbai, India Bodhitree of cs101 version allow ...)
+ TODO: check
+CVE-2024-42533 (SQL injection vulnerability in the authentication module in Convivance ...)
+ TODO: check
+CVE-2024-31896 (IBM SPSS Statistics26.0, 27.0.1, 28.0.1, and 29.0.2 uses weaker than e ...)
+ TODO: check
+CVE-2024-13731 (The Alert Box Block \u2013 Display notice/alerts in the front end. plu ...)
+ TODO: check
+CVE-2024-13710 (The Estatebud \u2013 Properties & Listings plugin for WordPress is vul ...)
+ TODO: check
+CVE-2024-13690 (The WP Church Donation plugin for WordPress is vulnerable to Stored Cr ...)
+ TODO: check
+CVE-2024-12169 (A vulnerability exists in RTU500 IEC 60870-5-104 controlled station fu ...)
+ TODO: check
+CVE-2024-11499 (A vulnerability exists in RTU500 IEC 60870-4-104 controlled station fu ...)
+ TODO: check
+CVE-2024-10037 (A vulnerability exists in the RTU500 web server component that can cau ...)
+ TODO: check
CVE-2025-2752 (A vulnerability was found in Open Asset Import Library Assimp 5.4.3 an ...)
- assimp <unfixed>
[bookworm] - assimp <no-dsa> (Minor issue)
@@ -200,9 +286,9 @@ CVE-2025-24514 (A security issue was discovered in ingress-nginx https://github
NOT-FOR-US: Kubernetes ingress-nginx
CVE-2025-24513 (A security issue was discovered in ingress-nginx https://github.com/k ...)
NOT-FOR-US: Kubernetes ingress-nginx
-CVE-2024-53679
+CVE-2024-53679 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: Apache VCL
-CVE-2024-53678
+CVE-2024-53678 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: Apache VCL
CVE-2025-30623 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
@@ -788,7 +874,7 @@ CVE-2025-2581 (A vulnerability has been found in xmedcon 0.25.0 and classified a
NOTE: https://sourceforge.net/p/xmedcon/code/ci/e7a88836fc2277f8ab777f3ef24f917d08415559/
CVE-2025-2574 (Out-of-bounds array write in Xpdf 4.05 and earlier, due to incorrect i ...)
- xpdf <not-affected> (Debian uses poppler)
-CVE-2025-2538 (A specific type of ArcGIS Enterprise deployment is vulnerable to a Pas ...)
+CVE-2025-2538 (Some deployments of Esri ArcGIS Enterprise are vulnerable to an improp ...)
NOT-FOR-US: ArcGIS Enterprise
CVE-2025-2198
REJECTED
@@ -1730,7 +1816,7 @@ CVE-2024-7631 (A flaw was found in the OpenShift Console, an endpoint for plugin
NOT-FOR-US: OpenShift
CVE-2024-57061 (An issue in Termius Version 9.9.0 through v.9.16.0 allows a physically ...)
NOT-FOR-US: Termius
-CVE-2024-55551 (An issue was discovered in Exasol jdbc driver 24.2.0. Attackers can in ...)
+CVE-2024-55551 (An issue was discovered in Exasol JDBC driver before 24.2.1 (2024-12-1 ...)
NOT-FOR-US: Exasol JDBC driver
CVE-2024-53970 (Adobe Experience Manager versions 6.5.21 and earlier are affected by a ...)
NOT-FOR-US: Adobe
@@ -2337,7 +2423,7 @@ CVE-2025-1724 (Zohocorp's ManageEngine Analytics Plus and Zoho Analytics on-prem
NOT-FOR-US: Zoho
CVE-2023-52315
REJECTED
-CVE-2025-2312 [cifs-utils: cifs.upcall makes an upcall to the wrong namespace in containerized environments]
+CVE-2025-2312 (A flaw was found in cifs-utils. When trying to obtain Kerberos credent ...)
- cifs-utils 2:7.2-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2352604
NOTE: Depends on change on kernel: https://git.kernel.org/linus/db363b0a1d9e6b9dc556296f1b1007aeb496a8cf (6.13-rc1)
@@ -3828,7 +3914,7 @@ CVE-2025-27911 (An issue was discovered in Datalust Seq before 2024.3.13545. Exp
CVE-2025-27910 (tianti v2.3 was discovered to contain a Cross-Site Request Forgery (CS ...)
NOT-FOR-US: tianti
CVE-2025-27610 (Rack provides an interface for developing web applications in Ruby. Pr ...)
- {DLA-4090-1}
+ {DSA-5886-1 DLA-4090-1}
- ruby-rack 3.1.12-1 (bug #1100444)
NOTE: https://github.com/rack/rack/security/advisories/GHSA-7wqh-767x-r66v
NOTE: Fixed by: https://github.com/rack/rack/commit/50caab74fa01ee8f5dbdee7bb2782126d20c6583 (main)
@@ -5292,7 +5378,7 @@ CVE-2025-27155 (Pinecone is an experimental overlay routing protocol suite which
CVE-2025-27150 (Tuleap is an Open Source Suite to improve management of software devel ...)
NOT-FOR-US: Tuleap
CVE-2025-27111 (Rack is a modular Ruby web server interface. The Rack::Sendfile middle ...)
- {DLA-4090-1}
+ {DSA-5886-1 DLA-4090-1}
- ruby-rack 3.1.12-1 (bug #1099546)
NOTE: https://github.com/rack/rack/security/advisories/GHSA-8cgq-6mh2-7j6v
NOTE: Fixed by: https://github.com/rack/rack/commit/b13bc6bfc7506aca3478dc5ac1c2ec6fc53f82a3 (v2.2.12)
@@ -13603,7 +13689,7 @@ CVE-2025-25199 (go-crypto-winnative Go crypto backend for Windows using Cryptogr
CVE-2025-25198 (mailcow: dockerized is an open source groupware/email suite based on d ...)
NOT-FOR-US: mailcow
CVE-2025-25184 (Rack provides an interface for developing web applications in Ruby. Pr ...)
- {DLA-4090-1}
+ {DSA-5886-1 DLA-4090-1}
- ruby-rack 3.1.12-1 (bug #1098257)
NOTE: https://github.com/rack/rack/security/advisories/GHSA-7g2v-jj9q-g3rg
NOTE: https://github.com/rack/rack/commit/074ae244430cda05c27ca91cda699709cfb3ad8e (main)
@@ -15538,6 +15624,7 @@ CVE-2025-24319 (When BIG-IP Next Central Manager is running, undisclosed request
CVE-2025-24312 (When BIG-IP AFM is provisioned with IPS module enabled and protocol in ...)
NOT-FOR-US: F5
CVE-2025-23419 (When multiple server blocks are configured to share the same IP addres ...)
+ {DLA-4091-1}
- nginx 1.26.3-2 (bug #1095403)
[bookworm] - nginx 1.22.1-9+deb12u1
NOTE: https://www.openwall.com/lists/oss-security/2025/02/05/8
@@ -63776,6 +63863,7 @@ CVE-2023-35123 (Uncaught exception in OpenBMC Firmware for some Intel(R) Server
CVE-2023-34424 (Improper input validation in firmware for some Intel(R) CSME may allow ...)
NOT-FOR-US: Intel
CVE-2024-7347 (NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_ ...)
+ {DLA-4091-1}
- nginx 1.26.0-2 (bug #1078971)
[bookworm] - nginx <no-dsa> (Minor issue)
NOTE: https://github.com/nginx/nginx/commit/88955b1044ef38315b77ad1a509d63631a790a0f (release-1.27.1)
@@ -243290,8 +243378,8 @@ CVE-2022-31240
RESERVED
CVE-2022-1805 (When connecting to Amazon Workspaces, the SHA256 presented by AWS conn ...)
NOT-FOR-US: Tera2
-CVE-2022-1804
- RESERVED
+CVE-2022-1804 (accountsservice no longer drops permissions when writting .pam_environ ...)
+ TODO: check
CVE-2022-1803 (Improper Restriction of Rendered UI Layers or Frames in GitHub reposit ...)
NOT-FOR-US: Trudesk
CVE-2022-1802 (If an attacker was able to corrupt the methods of an Array object in J ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/db2af2f2f9b6c3e161de9db103e8feb74b4de737
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/db2af2f2f9b6c3e161de9db103e8feb74b4de737
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250325/a5273e67/attachment.htm>
More information about the debian-security-tracker-commits
mailing list