Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
db2af2f2 by security tracker role at 2025-03-25T20:12:34+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,89 @@
+CVE-2025-30567 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2025-30216 (CryptoLib provides a software-only solution using the CCSDS
Space Data ...)
+ TODO: check
+CVE-2025-30214 (Frappe is a full-stack web application framework. Prior to
versions 14 ...)
+ TODO: check
+CVE-2025-30213 (Frappe is a full-stack web application framework. Prior to
versions 14 ...)
+ TODO: check
+CVE-2025-30212 (Frappe is a full-stack web application framework. An SQL
Injection vul ...)
+ TODO: check
+CVE-2025-30118 (An issue was discovered on the Audi Universal Traffic Recorder
2.88. I ...)
+ TODO: check
+CVE-2025-30091 (In Tiny MoxieManager PHP before 4.0.0, remote code execution
can occur ...)
+ TODO: check
+CVE-2025-2757 (A vulnerability classified as critical was found in Open Asset
Import ...)
+ TODO: check
+CVE-2025-2756 (A vulnerability classified as critical has been found in Open
Asset Im ...)
+ TODO: check
+CVE-2025-2755 (A vulnerability was found in Open Asset Import Library Assimp
5.4.3. I ...)
+ TODO: check
+CVE-2025-2754 (A vulnerability was found in Open Asset Import Library Assimp
5.4.3. I ...)
+ TODO: check
+CVE-2025-2753 (A vulnerability was found in Open Asset Import Library Assimp
5.4.3. I ...)
+ TODO: check
+CVE-2025-2635 (The Digital License Manager plugin for WordPress is vulnerable
to Refl ...)
+ TODO: check
+CVE-2025-2559 (A flaw was found in Keycloak. When the configuration uses JWT
tokens f ...)
+ TODO: check
+CVE-2025-2542 (The Your Simple SVG Support plugin for WordPress is vulnerable
to Stor ...)
+ TODO: check
+CVE-2025-2532 (Luxion KeyShot USDC File Parsing Use-After-Free Remote Code
Execution ...)
+ TODO: check
+CVE-2025-2531 (Luxion KeyShot DAE File Parsing Heap-based Buffer Overflow
Remote Code ...)
+ TODO: check
+CVE-2025-2530 (Luxion KeyShot DAE File Parsing Access of Uninitialized Pointer
Remote ...)
+ TODO: check
+CVE-2025-2510 (The Frndzk Expandable Bottom Bar plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2025-2319 (The EZ SQL Reports Shortcode Widget and DB Backup plugin for
WordPress ...)
+ TODO: check
+CVE-2025-2109 (The WP Compress \u2013 Instant Performance & Speed Optimization
plugin ...)
+ TODO: check
+CVE-2025-29932 (In JetBrains GoLand before 2025.1 an XXE during debugging was
possible)
+ TODO: check
+CVE-2025-29635 (A command injection vulnerability in D-Link DIR-823X 240126
and 240802 ...)
+ TODO: check
+CVE-2025-28904 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-27633 (The TRMTracker web application is vulnerable to reflected
Cross-site s ...)
+ TODO: check
+CVE-2025-27632 (A Host Header Injection vulnerability in TRMTracker
application may al ...)
+ TODO: check
+CVE-2025-27631 (The TRMTracker web application is vulnerable to LDAP injection
attack ...)
+ TODO: check
+CVE-2025-27147 (The GLPI Inventory Plugin handles various types of tasks for
GLPI agen ...)
+ TODO: check
+CVE-2025-26742 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22230 (VMware Tools for Windows contains an authentication bypass
vulnerabili ...)
+ TODO: check
+CVE-2025-1445 (A vulnerability exists in RTU IEC 61850 client and server
functionalit ...)
+ TODO: check
+CVE-2024-58105 (A vulnerability in the Trend Micro Apex One Security Agent
Plug-in Us ...)
+ TODO: check
+CVE-2024-58104 (A vulnerability in the Trend Micro Apex One Security Agent
Plug-in Us ...)
+ TODO: check
+CVE-2024-55604 (Appsmith is a platform to build admin panels, internal tools,
and dash ...)
+ TODO: check
+CVE-2024-48818 (An issue in IIT Bombay, Mumbai, India Bodhitree of cs101
version allow ...)
+ TODO: check
+CVE-2024-42533 (SQL injection vulnerability in the authentication module in
Convivance ...)
+ TODO: check
+CVE-2024-31896 (IBM SPSS Statistics26.0, 27.0.1, 28.0.1, and 29.0.2 uses
weaker than e ...)
+ TODO: check
+CVE-2024-13731 (The Alert Box Block \u2013 Display notice/alerts in the front
end. plu ...)
+ TODO: check
+CVE-2024-13710 (The Estatebud \u2013 Properties & Listings plugin for
WordPress is vul ...)
+ TODO: check
+CVE-2024-13690 (The WP Church Donation plugin for WordPress is vulnerable to
Stored Cr ...)
+ TODO: check
+CVE-2024-12169 (A vulnerability exists in RTU500 IEC 60870-5-104 controlled
station fu ...)
+ TODO: check
+CVE-2024-11499 (A vulnerability exists in RTU500 IEC 60870-4-104 controlled
station fu ...)
+ TODO: check
+CVE-2024-10037 (A vulnerability exists in the RTU500 web server component that
can cau ...)
+ TODO: check
CVE-2025-2752 (A vulnerability was found in Open Asset Import Library Assimp
5.4.3 an ...)
- assimp <unfixed>
[bookworm] - assimp <no-dsa> (Minor issue)
@@ -200,9 +286,9 @@ CVE-2025-24514 (A security issue was discovered in
ingress-nginx https://github
NOT-FOR-US: Kubernetes ingress-nginx
CVE-2025-24513 (A security issue was discovered in ingress-nginx
https://github.com/k ...)
NOT-FOR-US: Kubernetes ingress-nginx
-CVE-2024-53679
+CVE-2024-53679 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: Apache VCL
-CVE-2024-53678
+CVE-2024-53678 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: Apache VCL
CVE-2025-30623 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
@@ -788,7 +874,7 @@ CVE-2025-2581 (A vulnerability has been found in xmedcon
0.25.0 and classified a
NOTE:
https://sourceforge.net/p/xmedcon/code/ci/e7a88836fc2277f8ab777f3ef24f917d08415559/
CVE-2025-2574 (Out-of-bounds array write in Xpdf 4.05 and earlier, due to
incorrect i ...)
- xpdf <not-affected> (Debian uses poppler)
-CVE-2025-2538 (A specific type of ArcGIS Enterprise deployment is vulnerable
to a Pas ...)
+CVE-2025-2538 (Some deployments of Esri ArcGIS Enterprise are vulnerable to an
improp ...)
NOT-FOR-US: ArcGIS Enterprise
CVE-2025-2198
REJECTED
@@ -1730,7 +1816,7 @@ CVE-2024-7631 (A flaw was found in the OpenShift Console,
an endpoint for plugin
NOT-FOR-US: OpenShift
CVE-2024-57061 (An issue in Termius Version 9.9.0 through v.9.16.0 allows a
physically ...)
NOT-FOR-US: Termius
-CVE-2024-55551 (An issue was discovered in Exasol jdbc driver 24.2.0.
Attackers can in ...)
+CVE-2024-55551 (An issue was discovered in Exasol JDBC driver before 24.2.1
(2024-12-1 ...)
NOT-FOR-US: Exasol JDBC driver
CVE-2024-53970 (Adobe Experience Manager versions 6.5.21 and earlier are
affected by a ...)
NOT-FOR-US: Adobe
@@ -2337,7 +2423,7 @@ CVE-2025-1724 (Zohocorp's ManageEngine Analytics Plus and
Zoho Analytics on-prem
NOT-FOR-US: Zoho
CVE-2023-52315
REJECTED
-CVE-2025-2312 [cifs-utils: cifs.upcall makes an upcall to the wrong namespace
in containerized environments]
+CVE-2025-2312 (A flaw was found in cifs-utils. When trying to obtain Kerberos
credent ...)
- cifs-utils 2:7.2-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2352604
NOTE: Depends on change on kernel:
https://git.kernel.org/linus/db363b0a1d9e6b9dc556296f1b1007aeb496a8cf (6.13-rc1)
@@ -3828,7 +3914,7 @@ CVE-2025-27911 (An issue was discovered in Datalust Seq
before 2024.3.13545. Exp
CVE-2025-27910 (tianti v2.3 was discovered to contain a Cross-Site Request
Forgery (CS ...)
NOT-FOR-US: tianti
CVE-2025-27610 (Rack provides an interface for developing web applications in
Ruby. Pr ...)
- {DLA-4090-1}
+ {DSA-5886-1 DLA-4090-1}
- ruby-rack 3.1.12-1 (bug #1100444)
NOTE:
https://github.com/rack/rack/security/advisories/GHSA-7wqh-767x-r66v
NOTE: Fixed by:
https://github.com/rack/rack/commit/50caab74fa01ee8f5dbdee7bb2782126d20c6583
(main)
@@ -5292,7 +5378,7 @@ CVE-2025-27155 (Pinecone is an experimental overlay
routing protocol suite which
CVE-2025-27150 (Tuleap is an Open Source Suite to improve management of
software devel ...)
NOT-FOR-US: Tuleap
CVE-2025-27111 (Rack is a modular Ruby web server interface. The
Rack::Sendfile middle ...)
- {DLA-4090-1}
+ {DSA-5886-1 DLA-4090-1}
- ruby-rack 3.1.12-1 (bug #1099546)
NOTE:
https://github.com/rack/rack/security/advisories/GHSA-8cgq-6mh2-7j6v
NOTE: Fixed by:
https://github.com/rack/rack/commit/b13bc6bfc7506aca3478dc5ac1c2ec6fc53f82a3
(v2.2.12)
@@ -13603,7 +13689,7 @@ CVE-2025-25199 (go-crypto-winnative Go crypto backend
for Windows using Cryptogr
CVE-2025-25198 (mailcow: dockerized is an open source groupware/email suite
based on d ...)
NOT-FOR-US: mailcow
CVE-2025-25184 (Rack provides an interface for developing web applications in
Ruby. Pr ...)
- {DLA-4090-1}
+ {DSA-5886-1 DLA-4090-1}
- ruby-rack 3.1.12-1 (bug #1098257)
NOTE:
https://github.com/rack/rack/security/advisories/GHSA-7g2v-jj9q-g3rg
NOTE:
https://github.com/rack/rack/commit/074ae244430cda05c27ca91cda699709cfb3ad8e
(main)
@@ -15538,6 +15624,7 @@ CVE-2025-24319 (When BIG-IP Next Central Manager is
running, undisclosed request
CVE-2025-24312 (When BIG-IP AFM is provisioned with IPS module enabled and
protocol in ...)
NOT-FOR-US: F5
CVE-2025-23419 (When multiple server blocks are configured to share the same
IP addres ...)
+ {DLA-4091-1}
- nginx 1.26.3-2 (bug #1095403)
[bookworm] - nginx 1.22.1-9+deb12u1
NOTE: https://www.openwall.com/lists/oss-security/2025/02/05/8
@@ -63776,6 +63863,7 @@ CVE-2023-35123 (Uncaught exception in OpenBMC Firmware
for some Intel(R) Server
CVE-2023-34424 (Improper input validation in firmware for some Intel(R) CSME
may allow ...)
NOT-FOR-US: Intel
CVE-2024-7347 (NGINX Open Source and NGINX Plus have a vulnerability in the
ngx_http_ ...)
+ {DLA-4091-1}
- nginx 1.26.0-2 (bug #1078971)
[bookworm] - nginx <no-dsa> (Minor issue)
NOTE:
https://github.com/nginx/nginx/commit/88955b1044ef38315b77ad1a509d63631a790a0f
(release-1.27.1)
@@ -243290,8 +243378,8 @@ CVE-2022-31240
RESERVED
CVE-2022-1805 (When connecting to Amazon Workspaces, the SHA256 presented by
AWS conn ...)
NOT-FOR-US: Tera2
-CVE-2022-1804
- RESERVED
+CVE-2022-1804 (accountsservice no longer drops permissions when writting
.pam_environ ...)
+ TODO: check
CVE-2022-1803 (Improper Restriction of Rendered UI Layers or Frames in GitHub
reposit ...)
NOT-FOR-US: Trudesk
CVE-2022-1802 (If an attacker was able to corrupt the methods of an Array
object in J ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/db2af2f2f9b6c3e161de9db103e8feb74b4de737
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/db2af2f2f9b6c3e161de9db103e8feb74b4de737
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
