Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6a9550cf by Moritz Mühlenhoff at 2025-02-02T15:05:34+01:00
track open5gs ITP
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -894,7 +894,7 @@ CVE-2025-0785 (A vulnerability was found in ESAFENET CDG V5
and classified as pr
CVE-2024-7695 (Multiple switches are affected by an out-of-bounds write
vulnerability ...)
NOT-FOR-US: Moxa
CVE-2024-57519 (An issue in Open5GS v.2.7.2 allows a remote attacker to cause
a denial ...)
- NOT-FOR-US: Open5GS
+ - open5gs <itp> (bug #1094791)
CVE-2024-57514 (The TP-Link Archer A20 v3 router is vulnerable to Cross-site
Scripting ...)
NOT-FOR-US: TP-Link
CVE-2024-57376 (Buffer Overflow vulnerability in D-Link DSR-150, DSR-150N,
DSR-250, DS ...)
@@ -2742,15 +2742,15 @@ CVE-2024-42013 (In GRAU DATA Blocky before 3.1,
Blocky-Gui has a Client-Side Enf
CVE-2024-42012 (GRAU DATA Blocky before 3.1 stores passwords encrypted rather
than has ...)
NOT-FOR-US: GRAU
CVE-2024-34235 (Open5GS MME versions <= 2.6.4 contains an assertion that can
be remote ...)
- NOT-FOR-US: Open5GS
+ - open5gs <itp> (bug #1094791)
CVE-2024-31903 (IBM Sterling B2B Integrator Standard Edition6.0.0.0 through
6.1.2.5 an ...)
NOT-FOR-US: IBM
CVE-2024-24432 (A reachable assertion in the ogs_kdf_hash_mme function of
Open5GS <= 2 ...)
- NOT-FOR-US: Open5GS
+ - open5gs <itp> (bug #1094791)
CVE-2024-24430 (A reachable assertion in the mme_ue_find_by_imsi function of
Open5GS < ...)
- NOT-FOR-US: Open5GS
+ - open5gs <itp> (bug #1094791)
CVE-2024-24429 (A reachable assertion in the nas_eps_send_emm_to_esm function
of Open5 ...)
- NOT-FOR-US: Open5GS
+ - open5gs <itp> (bug #1094791)
CVE-2024-13499 (The The GamiPress \u2013 Gamification plugin to reward points,
achieve ...)
NOT-FOR-US: WordPress plugin
CVE-2024-13496 (The GamiPress \u2013 Gamification plugin to reward points,
achievement ...)
@@ -2766,49 +2766,49 @@ CVE-2024-10929 (In certain circumstances, an issue in
Arm Cortex-A72 (revisions
CVE-2023-37777 (A SQL injection vulnerability exists in Synnefo Internet
Management So ...)
NOT-FOR-US: Synnefo
CVE-2023-37023 (Open5GS MME versions <= 2.6.4 contain a reachable assertion in
the `Up ...)
- NOT-FOR-US: Open5GS
+ - open5gs <itp> (bug #1094791)
CVE-2023-37022 (Open5GS MME versions <= 2.6.4 contain a reachable assertion in
the `UE ...)
- NOT-FOR-US: Open5GS
+ - open5gs <itp> (bug #1094791)
CVE-2023-37021 (Open5GS MME version <= 2.6.4 contains an assertion that can be
remotel ...)
- NOT-FOR-US: Open5GS
+ - open5gs <itp> (bug #1094791)
CVE-2023-37020 (Open5GS MME versions <= 2.6.4 contain an assertion that can be
remotel ...)
- NOT-FOR-US: Open5GS
+ - open5gs <itp> (bug #1094791)
CVE-2023-37019 (Open5GS MME versions <= 2.6.4 contains an assertion that can
be remote ...)
- NOT-FOR-US: Open5GS
+ - open5gs <itp> (bug #1094791)
CVE-2023-37018 (Open5GS MME versions <= 2.6.4 contains an assertion that can
be remote ...)
- NOT-FOR-US: Open5GS
+ - open5gs <itp> (bug #1094791)
CVE-2023-37017 (Open5GS MME versions <= 2.6.4 contain an assertion that can be
remotel ...)
- NOT-FOR-US: Open5GS
+ - open5gs <itp> (bug #1094791)
CVE-2023-37016 (Open5GS MME versions <= 2.6.4 contain an assertion that can be
remotel ...)
- NOT-FOR-US: Open5GS
+ - open5gs <itp> (bug #1094791)
CVE-2023-37015 (Open5GS MME versions <= 2.6.4 contains an assertion that can
be remote ...)
- NOT-FOR-US: Open5GS
+ - open5gs <itp> (bug #1094791)
CVE-2023-37014 (Open5GS MME versions <= 2.6.4 contains an assertion that can
be remote ...)
- NOT-FOR-US: Open5GS
+ - open5gs <itp> (bug #1094791)
CVE-2023-37013 (Open5GS MME versions <= 2.6.4 contains an assertion that can
be remote ...)
- NOT-FOR-US: Open5GS
+ - open5gs <itp> (bug #1094791)
CVE-2023-37012 (Open5GS MME versions <= 2.6.4 contain an assertion that can be
remotel ...)
- NOT-FOR-US: Open5GS
+ - open5gs <itp> (bug #1094791)
CVE-2023-37011 (Open5GS MME versions <= 2.6.4 contain an assertion that can be
remotel ...)
- NOT-FOR-US: Open5GS
+ - open5gs <itp> (bug #1094791)
CVE-2023-37010 (Open5GS MME versions <= 2.6.4 contain an assertion that can be
remotel ...)
- NOT-FOR-US: Open5GS
+ - open5gs <itp> (bug #1094791)
CVE-2023-37009 (Open5GS MME versions <= 2.6.4 contain an assertion that can be
remotel ...)
- NOT-FOR-US: Open5GS
+ - open5gs <itp> (bug #1094791)
CVE-2023-37008 (Open5GS MME versions <= 2.6.4 contain a buffer overflow in the
ASN.1 d ...)
- NOT-FOR-US: Open5GS
+ - open5gs <itp> (bug #1094791)
CVE-2023-37007 (Open5GS MME versions <= 2.6.4 contain an assertion that can be
remotel ...)
- NOT-FOR-US: Open5GS
+ - open5gs <itp> (bug #1094791)
CVE-2023-37006 (Open5GS MME versions <= 2.6.4 contain an assertion that can be
remotel ...)
- NOT-FOR-US: Open5GS
+ - open5gs <itp> (bug #1094791)
CVE-2023-37005 (Open5GS MME versions <= 2.6.4 contain an assertion that can be
remotel ...)
- NOT-FOR-US: Open5GS
+ - open5gs <itp> (bug #1094791)
CVE-2023-37004 (Open5GS MME versions <= 2.6.4 contain an assertion that can be
remotel ...)
- NOT-FOR-US: Open5GS
+ - open5gs <itp> (bug #1094791)
CVE-2023-37003 (Open5GS MME versions <= 2.6.4 contain an assertion that can be
remotel ...)
- NOT-FOR-US: Open5GS
+ - open5gs <itp> (bug #1094791)
CVE-2023-37002 (Open5GS MME versions <= 2.6.4 contain an assertion that can be
remotel ...)
- NOT-FOR-US: Open5GS
+ - open5gs <itp> (bug #1094791)
CVE-2023-36998 (The NextEPC MME <= 1.0.1 (fixed in commit
a8492c9c5bc0a66c6999cb5a2635 ...)
NOT-FOR-US: NextEPC MME
CVE-2024-52948 [CSRF on 2FA registration]
@@ -3096,9 +3096,9 @@ CVE-2024-24443 (An uninitialized pointer dereference in
the ngap_handle_pdu_sess
CVE-2024-24442 (A NULL pointer dereference in the ngap_app::handle_receive
routine of ...)
NOT-FOR-US: OpenAirInterface
CVE-2024-24428 (A reachable assertion in the oai_nas_5gmm_decode function of
Open5GS < ...)
- NOT-FOR-US: Open5GS
+ - open5gs <itp> (bug #1094791)
CVE-2024-24427 (A reachable assertion in the amf_ue_set_suci function of
Open5GS <= 2. ...)
- NOT-FOR-US: Open5GS
+ - open5gs <itp> (bug #1094791)
CVE-2024-24424 (A reachable assertion in the decode_access_point_name_ie
function of M ...)
NOT-FOR-US: Magma
CVE-2024-24423 (The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit
08472ba98b83 ...)
@@ -22213,7 +22213,7 @@ CVE-2024-24447 (A buffer overflow in the
ngap_amf_handle_pdu_session_resource_se
CVE-2024-24446 (An uninitialized pointer dereference in OpenAirInterface CN5G
AMF up t ...)
NOT-FOR-US: OpenAirInterface CN5G AMF
CVE-2024-24431 (A reachable assertion in the ogs_nas_emm_decode function of
Open5GS v2 ...)
- NOT-FOR-US: Open5GS
+ - open5gs <itp> (bug #1094791)
CVE-2024-24426 (Reachable assertions in the NGAP_FIND_PROTOCOLIE_BY_ID
function of Ope ...)
NOT-FOR-US: OpenAirInterface Magma
CVE-2024-24425 (Magma v1.8.0 and OAI EPC Federation v1.20 were discovered to
contain a ...)
@@ -23097,7 +23097,7 @@ CVE-2024-8874 (The AJAX Login and Registration modal
popup + inline form plugin
CVE-2024-52268 (Cross-site scripting vulnerability exists in VK All in One
Expansion U ...)
NOT-FOR-US: VK All in One Expansion Unit
CVE-2024-51179 (An issue in Open 5GS v.2.7.1 allows a remote attacker to cause
a denia ...)
- NOT-FOR-US: Open5GS
+ - open5gs <itp> (bug #1094791)
CVE-2024-51094 (An issue in Snipe-IT v.7.0.13 build 15514 allows a
low-privileged atta ...)
- snipe-it <itp> (bug #1005172)
CVE-2024-51093 (Stored Cross-Site Scripting (XSS) vulnerability in Snipe-IT -
v7.0.13 ...)
@@ -53337,9 +53337,9 @@ CVE-2024-40392 (SourceCodester Pharmacy/Medical Store
Point of Sale System Using
CVE-2024-40322 (An issue was discovered in JFinalCMS v.5.0.0. There is a SQL
injection ...)
NOT-FOR-US: JFinalCMS
CVE-2024-40130 (open5gs v2.6.4 is vulnerable to Buffer Overflow. via
/lib/core/abts.c.)
- NOT-FOR-US: Open5GS
+ - open5gs <itp> (bug #1094791)
CVE-2024-40129 (Open5GS v2.6.4 is vulnerable to Buffer Overflow. via
/lib/pfcp/context ...)
- NOT-FOR-US: Open5GS
+ - open5gs <itp> (bug #1094791)
CVE-2024-3779 (Denial of service vulnerability present shortly after product
installa ...)
NOT-FOR-US: ESET
CVE-2024-3587 (The Premium Portfolio Features for Phlox theme plugin for
WordPress is ...)
@@ -75281,7 +75281,7 @@ CVE-2024-33574 (Missing Authorization vulnerability in
appsbd Vitepos.This issue
CVE-2024-33573 (Missing Authorization vulnerability in EPROLO EPROLO
Dropshipping.This ...)
NOT-FOR-US: WordPress plugin
CVE-2024-33382 (An issue in Open5GS v.2.7.0 allows an attacker to cause a
denial of se ...)
- NOT-FOR-US: Open5GS
+ - open5gs <itp> (bug #1094791)
CVE-2024-32980 (Spin is the developer tool for building and running serverless
applica ...)
NOT-FOR-US: Spin
CVE-2024-32886 (Vitess is a database clustering system for horizontal scaling
of MySQL ...)
@@ -76229,9 +76229,9 @@ CVE-2024-34483 (OFPGroupDescStats in parser.py in
Faucet SDN Ryu 4.34 allows att
CVE-2024-34478 (btcd before 0.24.0 does not correctly implement the consensus
rules ou ...)
NOT-FOR-US: btcd
CVE-2024-34476 (Open5GS before 2.7.1 is vulnerable to a reachable assertion
that can c ...)
- NOT-FOR-US: Open5GS
+ - open5gs <itp> (bug #1094791)
CVE-2024-34475 (Open5GS before 2.7.1 is vulnerable to a reachable assertion
that can c ...)
- NOT-FOR-US: Open5GS
+ - open5gs <itp> (bug #1094791)
CVE-2024-34473 (An issue was discovered in appmgr in O-RAN Near-RT RIC
I-Release. An a ...)
NOT-FOR-US: O-RAN Near-RT
CVE-2024-34469 (Rukovoditel before 3.5.3 allows XSS via user_photo to
index.php?module ...)
@@ -110251,9 +110251,9 @@ CVE-2023-50342 (HCL DRYiCE MyXalytics is impacted by
an Insecure Direct Object R
CVE-2023-50341 (HCL DRYiCE MyXalytics is impacted by Improper Access Control
(Obsolete ...)
NOT-FOR-US: HCL
CVE-2023-50020 (An issue was discovered in open5gs v2.6.6. SIGPIPE can be used
to cras ...)
- NOT-FOR-US: Open5GS
+ - open5gs <itp> (bug #1094791)
CVE-2023-50019 (An issue was discovered in open5gs v2.6.6. InitialUEMessage,
Registrat ...)
- NOT-FOR-US: Open5GS
+ - open5gs <itp> (bug #1094791)
CVE-2023-4164 (There is a possible informationdisclosure due to a missing
permission ...)
NOT-FOR-US: Google Pixel Watch
CVE-2023-49558 (An issue in YASM 1.3.0.86.g9def allows a remote attacker to
cause a de ...)
@@ -126478,13 +126478,13 @@ CVE-2023-4929 (All firmware versions of the NPort
5000 Series are affected by an
CVE-2023-4886 (A sensitive information exposure vulnerability was found in
foreman. C ...)
- foreman <itp> (bug #663101)
CVE-2023-4885 (Man in the Middle vulnerability, which could allow an attacker
to inte ...)
- NOT-FOR-US: Open5GS
+ - open5gs <itp> (bug #1094791)
CVE-2023-4884 (An attacker could send an HTTP request to an Open5GS endpoint
and retr ...)
- NOT-FOR-US: Open5GS
+ - open5gs <itp> (bug #1094791)
CVE-2023-4883 (Invalid pointer release vulnerability. Exploitation of this
vulnerabil ...)
- NOT-FOR-US: Open5GS
+ - open5gs <itp> (bug #1094791)
CVE-2023-4882 (DOS vulnerability that could allow an attacker to register a
new VNF ( ...)
- NOT-FOR-US: Open5GS
+ - open5gs <itp> (bug #1094791)
CVE-2023-4817 (This vulnerability allows an authenticated attacker to upload
maliciou ...)
NOT-FOR-US: ICP DAS
CVE-2023-4732 (A flaw was found in pfn_swap_entry_to_page in memory management
subsys ...)
@@ -168721,7 +168721,7 @@ CVE-2023-23848 (Missing permission checks in Synopsys
Jenkins Coverity Plugin 3.
CVE-2023-23847 (A cross-site request forgery (CSRF) vulnerability in Synopsys
Jenkins ...)
NOT-FOR-US: Jenkins plugin
CVE-2023-23846 (Due to insufficient length validation in the Open5GS GTP
library versi ...)
- NOT-FOR-US: Open5GS
+ - open5gs <itp> (bug #1094791)
CVE-2023-23845 (The SolarWinds Platform was susceptible to the Incorrect
Comparison Vu ...)
NOT-FOR-US: SolarWinds
CVE-2023-23844 (The SolarWinds Platform was susceptible to the Incorrect
Comparison Vu ...)
@@ -193152,11 +193152,11 @@ CVE-2022-43225
CVE-2022-43224
RESERVED
CVE-2022-43223 (open5gs v2.4.11 was discovered to contain a memory leak in the
compone ...)
- NOT-FOR-US: Open5GS
+ - open5gs <itp> (bug #1094791)
CVE-2022-43222 (open5gs v2.4.11 was discovered to contain a memory leak in the
compone ...)
- NOT-FOR-US: Open5GS
+ - open5gs <itp> (bug #1094791)
CVE-2022-43221 (open5gs v2.4.11 was discovered to contain a memory leak in the
compone ...)
- NOT-FOR-US: Open5GS
+ - open5gs <itp> (bug #1094791)
CVE-2022-43220
RESERVED
CVE-2022-43219
@@ -197564,7 +197564,7 @@ CVE-2022-38787 (Improper input validation in firmware
for some Intel(R) FPGA pro
CVE-2022-38786 (Improper access control in some Intel Battery Life Diagnostic
Tool sof ...)
NOT-FOR-US: Intel
CVE-2022-3354 (A vulnerability has been found in Open5GS up to 2.4.10 and
classified ...)
- NOT-FOR-US: Open5GS
+ - open5gs <itp> (bug #1094791)
CVE-2022-3353 (A vulnerability exists in the IEC 61850 communication stack
that affec ...)
NOT-FOR-US: Hitachi
CVE-2022-3352 (Use After Free in GitHub repository vim/vim prior to 9.0.0614.)
@@ -198465,7 +198465,7 @@ CVE-2022-41344
CVE-2022-40984 (Stack-based buffer overflow in WTViewerE series WTViewerE
761941 from ...)
NOT-FOR-US: WTViewerE
CVE-2022-3299 (A vulnerability was found in Open5GS up to 2.4.10. It has been
declare ...)
- NOT-FOR-US: Open5GS
+ - open5gs <itp> (bug #1094791)
CVE-2022-3298 (Allocation of Resources Without Limits or Throttling in GitHub
reposit ...)
- rdiffweb <itp> (bug #969974)
CVE-2022-41343 (registerFont in FontMetrics.php in Dompdf before 2.0.1 allows
remote f ...)
@@ -199641,7 +199641,7 @@ CVE-2022-40892
CVE-2022-40891
RESERVED
CVE-2022-40890 (A vulnerability in /src/amf/amf-context.c in Open5GS 2.4.10
and earlie ...)
- NOT-FOR-US: Open5GS
+ - open5gs <itp> (bug #1094791)
CVE-2022-40889 (Phpok 6.1 has a deserialization vulnerability via
framework/phpok_call ...)
NOT-FOR-US: Phpok
CVE-2022-40888
@@ -256780,7 +256780,7 @@ CVE-2021-45463 (load_cache in GEGL before 0.4.34
allows shell expansion when a p
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/gegl/-/commit/bfce470f0f2f37968862129d5038b35429f2909b
(GEGL_0_4_34)
NOTE: Followup:
https://gitlab.gnome.org/GNOME/gegl/-/commit/2172cf7e8d7e8891ae2053d6eef213d5bef939cb
(GEGL_0_4_34)
CVE-2021-45462 (In Open5GS 2.4.0, a crafted packet from UE can crash
SGW-U/UPF.)
- NOT-FOR-US: Open5GS
+ - open5gs <itp> (bug #1094791)
CVE-2021-4158 (A NULL pointer dereference issue was found in the ACPI code of
QEMU. A ...)
- qemu 1:6.2+dfsg-2
[bullseye] - qemu <not-affected> (Vulnerable code introduced later)
@@ -261958,9 +261958,9 @@ CVE-2021-44111 (A Directory Traversal vulnerability
exists in S-Cart 6.7 via dow
CVE-2021-44110
RESERVED
CVE-2021-44109 (A buffer overflow in lib/sbi/message.c in Open5GS 2.3.6 and
earlier al ...)
- NOT-FOR-US: Open5GS
+ - open5gs <itp> (bug #1094791)
CVE-2021-44108 (A null pointer dereference in src/amf/namf-handler.c in
Open5GS 2.3.6 ...)
- NOT-FOR-US: Open5GS
+ - open5gs <itp> (bug #1094791)
CVE-2021-44107
RESERVED
CVE-2021-44106
@@ -262014,7 +262014,7 @@ CVE-2021-44083
CVE-2021-44082 (textpattern 4.8.7 is vulnerable to Cross Site Scripting (XSS)
via /tex ...)
- textpattern <removed>
CVE-2021-44081 (A buffer overflow vulnerability exists in the AMF of open5gs
2.1.4. Wh ...)
- NOT-FOR-US: Open5GS
+ - open5gs <itp> (bug #1094791)
CVE-2021-44080 (A Command Injection vulnerability in httpd web server
(setup.cgi) in S ...)
NOT-FOR-US: SerComm h500s
CVE-2021-4001 (A race condition was found in the Linux kernel's ebpf verifier
between ...)
@@ -271751,7 +271751,7 @@ CVE-2021-41796
CVE-2021-41795 (The Safari app extension bundled with 1Password for Mac 7.7.0
through ...)
NOT-FOR-US: 1Password
CVE-2021-41794 (ogs_fqdn_parse in Open5GS 1.0.0 through 2.3.3 inappropriately
trusts a ...)
- NOT-FOR-US: Open5GS
+ - open5gs <itp> (bug #1094791)
CVE-2021-41793
RESERVED
CVE-2021-41792 (An issue was discovered in Hyland
org.alfresco:alfresco-content-servic ...)
@@ -307035,7 +307035,7 @@ CVE-2021-28124 (A man-in-the-middle vulnerability in
Cohesity DataPlatform suppo
CVE-2021-28123 (Undocumented Default Cryptographic Key Vulnerability in
Cohesity DataP ...)
NOT-FOR-US: Cohesity DataPlatform
CVE-2021-28122 (A request-validation issue was discovered in Open5GS 2.1.3
through 2.2 ...)
- NOT-FOR-US: Open5GS
+ - open5gs <itp> (bug #1094791)
CVE-2021-28121 (Virtual Robots.txt before 1.10 does not block HTML tags in the
robots. ...)
NOT-FOR-US: Virtual Robots.txt
CVE-2021-28120
@@ -312874,7 +312874,7 @@ CVE-2021-25865
CVE-2021-25864 (node-red-contrib-huemagic 3.0.0 is affected by
hue/assets/..%2F Direct ...)
NOT-FOR-US: node-red-contrib-huemagic
CVE-2021-25863 (Open5GS 2.1.3 listens on 0.0.0.0:3000 and has a default
password of 14 ...)
- NOT-FOR-US: Open5GS
+ - open5gs <itp> (bug #1094791)
CVE-2021-25862
RESERVED
CVE-2021-25861
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6a9550cf21a4ba39182ea2ab71ee889a78c1e7bf
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6a9550cf21a4ba39182ea2ab71ee889a78c1e7bf
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
