Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3066d011 by security tracker role at 2025-04-05T20:12:02+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,13 +1,21 @@
-CVE-2024-56370
+CVE-2025-3299 (A vulnerability was found in PHPGurukul Men Salon Management
System 1. ...)
+ TODO: check
+CVE-2025-3298 (A vulnerability has been found in SourceCodester Online Eyewear
Shop 1 ...)
+ TODO: check
+CVE-2025-3297 (A vulnerability, which was classified as problematic, was found
in Sou ...)
+ TODO: check
+CVE-2025-30401 (A spoofing issue in WhatsApp for Windows prior to version
2.2450.6 dis ...)
+ TODO: check
+CVE-2024-56370 (Net::Xero 0.044 and earlier for Perl uses the rand() function
as the d ...)
NOT-FOR-US: Net::Xero Perl module
-CVE-2024-52322
+CVE-2024-52322 (WebService::Xero 0.11 and earlier for Perl uses the rand()
function as ...)
NOT-FOR-US: WebService::Xero Perl module
-CVE-2024-57835
+CVE-2024-57835 (Amon2::Auth::Site::LINE uses the String::Random moduleto
generate nonc ...)
NOT-FOR-US: Amon2::Auth::Site::LINE Perl module
-CVE-2024-58036
+CVE-2024-58036 (Net::Dropbox::API 1.9 and earlier for Perl uses the rand()
function as ...)
- libnet-dropbox-api-perl <unfixed> (bug #1102147)
NOTE: https://lists.security.metacpan.org/cve-announce/msg/28504518/
-CVE-2024-57868
+CVE-2024-57868 (Web::API 2.8 and earlier for Perl uses the rand() function as
the defa ...)
- libweb-api-perl <unfixed> (bug #1102148)
NOTE: https://lists.security.metacpan.org/cve-announce/msg/28503730/
CVE-2025-30473
@@ -805,6 +813,7 @@ CVE-2024-22611 (OpenEMR 7.0.2 is vulnerable to SQL
Injection via \openemr\librar
CVE-2023-47639 (API Platform Core is a system to create hypermedia-driven REST
and Gra ...)
NOT-FOR-US: API Platform Core
CVE-2025-31115 (XZ Utils provide a general-purpose data-compression library
plus comma ...)
+ {DSA-5895-1}
- xz-utils 5.8.1-1
[bullseye] - xz-utils <not-affected> (Vulnerable code introduced later)
NOTE: https://www.openwall.com/lists/oss-security/2025/04/03/1
@@ -10036,6 +10045,7 @@ CVE-2024-36347 [AMD CPU Microcode Signature
Verification Vulnerability]
NOTE: Kernel stop-gap mitigation:
https://www.openwall.com/lists/oss-security/2025/03/06/3
NOTE:
https://git.kernel.org/linus/bb2281fb05e50108ce95c43ab7e701ee564565c8
CVE-2024-56202 (Expected Behavior Violation vulnerability in Apache Traffic
Server. T ...)
+ {DSA-5896-1}
- trafficserver <unfixed> (bug #1099691)
NOTE: https://www.openwall.com/lists/oss-security/2025/03/05/1
NOTE:
https://github.com/apache/trafficserver/commit/1cca4a29520f9258be6c3fad5092939dbe9d3562
(9.2.9-rc0)
@@ -10043,10 +10053,12 @@ CVE-2024-56196 (Improper Access Control vulnerability
in Apache Traffic Server.
- trafficserver <not-affected> (Vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2025/03/05/1
CVE-2024-56195 (Improper Access Control vulnerability in Apache Traffic
Server. This ...)
+ {DSA-5896-1}
- trafficserver <unfixed> (bug #1099691)
NOTE: https://www.openwall.com/lists/oss-security/2025/03/05/1
NOTE:
https://github.com/apache/trafficserver/commit/483f84ea4ae2511834abd90014770b27a5082a4c
(9.2.9-rc0)
CVE-2024-38311 (Improper Input Validation vulnerability in Apache Traffic
Server. Thi ...)
+ {DSA-5896-1}
- trafficserver <unfixed> (bug #1099691)
NOTE: https://www.openwall.com/lists/oss-security/2025/03/05/1
NOTE:
https://github.com/apache/trafficserver/commit/a16c4b6bb0b126047c68dafbdf6311ac1586fc0b
(9.2.9-rc0)
@@ -16685,6 +16697,7 @@ CVE-2025-1403 (Qiskit SDK 0.45.0 through 1.2.4 could
allow a remote attacker to
CVE-2025-1402 (The Event Tickets and Registration plugin for WordPress is
vulnerable ...)
NOT-FOR-US: WordPress plugin
CVE-2025-0838 (There exists a heap buffer overflow vulnerable in Abseil-cpp.
The size ...)
+ {DLA-4116-1}
- abseil 20240722.0-3 (bug #1098903)
[bookworm] - abseil <no-dsa> (Minor issue)
NOTE:
https://github.com/abseil/abseil-cpp/commit/5a0e2cb5e3958dd90bb8569a2766622cb74d90c1
(20250127.rc1)
@@ -45085,7 +45098,7 @@ CVE-2024-11193 (An information disclosure vulnerability
exists in Yugabyte Anywh
CVE-2024-10146 (The Simple File List WordPress plugin before 6.1.13 does not
sanitise ...)
NOT-FOR-US: WordPress plugin
CVE-2024-50306 (Unchecked return value can allow Apache Traffic Server to
retain privi ...)
- {DLA-4055-1}
+ {DSA-5896-1 DLA-4055-1}
- trafficserver <unfixed> (bug #1087531)
NOTE: https://www.openwall.com/lists/oss-security/2024/11/13/1
NOTE: https://github.com/apache/trafficserver/pull/11855
@@ -45095,12 +45108,13 @@ CVE-2024-50306 (Unchecked return value can allow
Apache Traffic Server to retain
NOTE: Followup:
https://github.com/apache/trafficserver/commit/a0d49ddb44ea5e295c85d7d88a13e4978d6bc84b
(9.2.7-rc0)
NOTE: Followup:
https://github.com/apache/trafficserver/commit/d4dda9b5583d19e2eee268fec59aa487d61fc079
(master)
CVE-2024-38479 (Improper Input Validation vulnerability in Apache Traffic
Server. Thi ...)
- {DLA-4055-1}
+ {DSA-5896-1 DLA-4055-1}
- trafficserver <unfixed> (bug #1087531)
NOTE: https://www.openwall.com/lists/oss-security/2024/11/13/1
NOTE: https://github.com/apache/trafficserver/pull/11856
NOTE:
https://github.com/apache/trafficserver/commit/b8861231702ac5df7d5de401e82440c1cf20b633
(9.2.6-rc0)
CVE-2024-50305 (Valid Host header field can cause Apache Traffic Server to
crash on so ...)
+ {DSA-5896-1}
- trafficserver <unfixed> (bug #1087531)
NOTE: https://www.openwall.com/lists/oss-security/2024/11/13/1
NOTE: https://github.com/apache/trafficserver/issues/8461
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3066d0115a51b1a5d485480b68370dbe5d647e60
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3066d0115a51b1a5d485480b68370dbe5d647e60
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
