Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
005f3b93 by security tracker role at 2025-01-07T20:12:10+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,48 +1,492 @@
-CVE-2025-0247
+CVE-2025-22621 (In versions 1.0.67 and lower of the Splunk App for SOAR, the
Splunk do ...)
+ TODO: check
+CVE-2025-22593 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22592 (Missing Authorization vulnerability in Lenderd 1003 Mortgage
Applicati ...)
+ TODO: check
+CVE-2025-22591 (Missing Authorization vulnerability in Lenderd 1003 Mortgage
Applicati ...)
+ TODO: check
+CVE-2025-22590 (Cross-Site Request Forgery (CSRF) vulnerability in mmrs151
Prayer Time ...)
+ TODO: check
+CVE-2025-22589 (Cross-Site Request Forgery (CSRF) vulnerability in bozdoz
Quote Tweet ...)
+ TODO: check
+CVE-2025-22585 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22584 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22582 (Cross-Site Request Forgery (CSRF) vulnerability in Scott
Nell\xe9 Upti ...)
+ TODO: check
+CVE-2025-22581 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22580 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22579 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22578 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22577 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22574 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22573 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22572 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22571 (Cross-Site Request Forgery (CSRF) vulnerability in Instabot
Instabot a ...)
+ TODO: check
+CVE-2025-22563 (Cross-Site Request Forgery (CSRF) vulnerability in Faaiq
Pretty Url al ...)
+ TODO: check
+CVE-2025-22562 (Cross-Site Request Forgery (CSRF) vulnerability in Jason Funk
Title Ex ...)
+ TODO: check
+CVE-2025-22560 (Missing Authorization vulnerability in Saoshyant.1994
Saoshyant Page B ...)
+ TODO: check
+CVE-2025-22559 (Cross-Site Request Forgery (CSRF) vulnerability in Mario
Mansour and G ...)
+ TODO: check
+CVE-2025-22558 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22557 (Cross-Site Request Forgery (CSRF) vulnerability in WPMagic
News Publis ...)
+ TODO: check
+CVE-2025-22556 (Cross-Site Request Forgery (CSRF) vulnerability in Greg
Whitehead Nors ...)
+ TODO: check
+CVE-2025-22555 (Cross-Site Request Forgery (CSRF) vulnerability in Noel
Jarencio. Smoo ...)
+ TODO: check
+CVE-2025-22554 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22552 (Cross-Site Request Forgery (CSRF) vulnerability in Jason
Keeley, Bryan ...)
+ TODO: check
+CVE-2025-22551 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22550 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22549 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22548 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22547 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22546 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22545 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22544 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22543 (Missing Authorization vulnerability in Beautiful Templates ST
Gallery ...)
+ TODO: check
+CVE-2025-22541 (Missing Authorization vulnerability in Etruel Developments LLC
WP Dele ...)
+ TODO: check
+CVE-2025-22538 (Cross-Site Request Forgery (CSRF) vulnerability in Ofek Nakar
Virtual ...)
+ TODO: check
+CVE-2025-22536 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-22534 (Missing Authorization vulnerability in Ella van Durpe Slides &
Present ...)
+ TODO: check
+CVE-2025-22533 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-22532 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22531 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22530 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22529 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22528 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22525 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22524 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22522 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22520 (Cross-Site Request Forgery (CSRF) vulnerability in Tock Tock
Widget al ...)
+ TODO: check
+CVE-2025-22519 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-22518 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22517 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22516 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22515 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22512 (Missing Authorization vulnerability in Sprout Apps Help Scout
allows E ...)
+ TODO: check
+CVE-2025-22511 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22507 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-22503 (Cross-Site Request Forgery (CSRF) vulnerability in Digital
Zoom Studio ...)
+ TODO: check
+CVE-2025-22502 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-22500 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22365 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22364 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-22363 (Missing Authorization vulnerability in ORION Allada T-shirt
Designer f ...)
+ TODO: check
+CVE-2025-22362 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22359 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22358 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22357 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22355 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22354 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22353 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22352 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-22351 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-22350 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-22349 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-22348 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-22347 (Cross-Site Request Forgery (CSRF) vulnerability in
BannerSky.com BSK F ...)
+ TODO: check
+CVE-2025-22343 (Cross-Site Request Forgery (CSRF) vulnerability in Dennis Koot
wpSOL a ...)
+ TODO: check
+CVE-2025-22342 (Cross-Site Request Forgery (CSRF) vulnerability in Jens
T\xf6rnell WP ...)
+ TODO: check
+CVE-2025-22339 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22338 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22336 (Cross-Site Request Forgery (CSRF) vulnerability in WordPress
\u667a\u5 ...)
+ TODO: check
+CVE-2025-22335 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22334 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22333 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22328 (Cross-Site Request Forgery (CSRF) vulnerability in Elevio
Elevio allow ...)
+ TODO: check
+CVE-2025-22327 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22326 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22325 (Cross-Site Request Forgery (CSRF) vulnerability in Nik Chankov
Autocom ...)
+ TODO: check
+CVE-2025-22324 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22323 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22321 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22320 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22319 (Missing Authorization vulnerability in DearHive Social Media
Share But ...)
+ TODO: check
+CVE-2025-22316 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22315 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22312 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22310 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22309 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22308 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22306 (Insertion of Sensitive Information into Externally-Accessible
File or ...)
+ TODO: check
+CVE-2025-22305 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-22304 (Missing Authorization vulnerability in osamaesh WP Visitor
Statistics ...)
+ TODO: check
+CVE-2025-22303 (Insertion of Sensitive Information Into Sent Data
vulnerability in bra ...)
+ TODO: check
+CVE-2025-22302 (Missing Authorization vulnerability in WP Wand WP Wand allows
Exploiti ...)
+ TODO: check
+CVE-2025-22301 (Cross-Site Request Forgery (CSRF) vulnerability in Stormhill
Media MyB ...)
+ TODO: check
+CVE-2025-22300 (Cross-Site Request Forgery (CSRF) vulnerability in
PixelYourSite Pixel ...)
+ TODO: check
+CVE-2025-22299 (Missing Authorization vulnerability in spacecodes AI for SEO
allows Ex ...)
+ TODO: check
+CVE-2025-22298 (Missing Authorization vulnerability in Hive Support Hive
Support \u201 ...)
+ TODO: check
+CVE-2025-22297 (Cross-Site Request Forgery (CSRF) vulnerability in AIpost AI
WP Writer ...)
+ TODO: check
+CVE-2025-22296 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22294 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22293 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22261 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-21624 (ClipBucket V5 provides open source video hosting with PHP.
Prior to 5. ...)
+ TODO: check
+CVE-2025-21623 (ClipBucket V5 provides open source video hosting with PHP.
Prior to 5. ...)
+ TODO: check
+CVE-2025-21622 (ClipBucket V5 provides open source video hosting with PHP.
During the ...)
+ TODO: check
+CVE-2025-0301 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2025-0300 (A vulnerability classified as critical was found in
code-projects Onli ...)
+ TODO: check
+CVE-2025-0299 (A vulnerability classified as critical has been found in
code-projects ...)
+ TODO: check
+CVE-2025-0298 (A vulnerability was found in code-projects Online Book Shop
1.0. It ha ...)
+ TODO: check
+CVE-2025-0297 (A vulnerability was found in code-projects Online Book Shop
1.0. It ha ...)
+ TODO: check
+CVE-2025-0296 (A vulnerability was found in code-projects Online Book Shop
1.0. It ha ...)
+ TODO: check
+CVE-2025-0295 (A vulnerability was found in code-projects Online Book Shop 1.0
and cl ...)
+ TODO: check
+CVE-2025-0294 (A vulnerability has been found in SourceCodester Home Clean
Services M ...)
+ TODO: check
+CVE-2025-0218 (When batch jobs are executed by pgAgent, a script is created in
a temp ...)
+ TODO: check
+CVE-2024-8361 (In SiWx91x devices, the SHA2/224 algorithm returns a hash of
256 bits ...)
+ TODO: check
+CVE-2024-56300 (Insertion of Sensitive Information Into Sent Data
vulnerability in WPS ...)
+ TODO: check
+CVE-2024-56299 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-56298 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-56297 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-56296 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-56294 (Missing Authorization vulnerability in POSIMYTH Nexter Blocks
allows E ...)
+ TODO: check
+CVE-2024-56293 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-56292 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-56291 (Deserialization of Untrusted Data vulnerability in
plainware.com Plain ...)
+ TODO: check
+CVE-2024-56290 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2024-56289 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-56288 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-56287 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-56286 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2024-56285 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-56284 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2024-56283 (Deserialization of Untrusted Data vulnerability in
plainware.com Locat ...)
+ TODO: check
+CVE-2024-56282 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2024-56281 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2024-56280 (Incorrect Privilege Assignment vulnerability in Amento Tech
Pvt ltd WP ...)
+ TODO: check
+CVE-2024-56279 (Server-Side Request Forgery (SSRF) vulnerability in Tips and
Tricks HQ ...)
+ TODO: check
+CVE-2024-56278 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
+ TODO: check
+CVE-2024-56276 (Missing Authorization vulnerability in WPForms Contact Form by
WPForms ...)
+ TODO: check
+CVE-2024-56275 (Server-Side Request Forgery (SSRF) vulnerability in Envato
Envato Elem ...)
+ TODO: check
+CVE-2024-56274 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-56273 (Missing Authorization vulnerability in WPvivid Backup &
Migration WPvi ...)
+ TODO: check
+CVE-2024-56272 (Missing Authorization vulnerability in ThemeSupport Hide
Category by U ...)
+ TODO: check
+CVE-2024-56271 (Missing Authorization vulnerability in SecureSubmit WP
SecureSubmit al ...)
+ TODO: check
+CVE-2024-56270 (Missing Authorization vulnerability in SecureSubmit WP
SecureSubmit.Th ...)
+ TODO: check
+CVE-2024-56056 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-55556 (A vulnerability in Crater Invoice allows an unauthenticated
attacker w ...)
+ TODO: check
+CVE-2024-55555 (Invoice Ninja before 5.10.43 allows remote code execution from
a pre-a ...)
+ TODO: check
+CVE-2024-55414 (A vulnerability exits in driver SmSerl64.sys in Motorola SM56
Modem WD ...)
+ TODO: check
+CVE-2024-55413 (A vulnerability exits in driver snxppamd.sys in SUNIX Parallel
Driver ...)
+ TODO: check
+CVE-2024-55412 (A vulnerability exits in driver snxpsamd.sys in SUNIX Serial
Driver x6 ...)
+ TODO: check
+CVE-2024-55411 (An issue in the snxpcamd.sys component of SUNIX Multi I/O Card
v10.1.0 ...)
+ TODO: check
+CVE-2024-55410 (An issue in the 690b33e1-0462-4e84-9bea-c7552b45432a.sys
component of ...)
+ TODO: check
+CVE-2024-55218 (IceWarp Server 10.2.1 is vulnerable to Cross Site Scripting
(XSS) via ...)
+ TODO: check
+CVE-2024-55008 (JATOS 3.9.4 contains a denial-of-service (DoS) vulnerability
in the au ...)
+ TODO: check
+CVE-2024-54819 (I, Librarian before and including 5.11.1 is vulnerable to
Server-Side ...)
+ TODO: check
+CVE-2024-54007 (Multiple command injection vulnerabilities exist in the web
interface ...)
+ TODO: check
+CVE-2024-54006 (Multiple command injection vulnerabilities exist in the web
interface ...)
+ TODO: check
+CVE-2024-53800 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2024-53522 (Bangkok Medical Software HOSxP XE v4.64.11.3 was discovered to
contain ...)
+ TODO: check
+CVE-2024-53345 (An authenticated arbitrary file upload vulnerability in Car
Rental Man ...)
+ TODO: check
+CVE-2024-52893 (IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3
could al ...)
+ TODO: check
+CVE-2024-52891 (IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3
could a ...)
+ TODO: check
+CVE-2024-52813 (matrix-rust-sdk is an implementation of a Matrix client-server
library ...)
+ TODO: check
+CVE-2024-52367 (IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3
could dis ...)
+ TODO: check
+CVE-2024-52366 (IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and
1.0.3could allo ...)
+ TODO: check
+CVE-2024-51715 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2024-51700 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-51651 (Missing Authorization vulnerability in CubeWP CubeWP Forms
\u2013 All- ...)
+ TODO: check
+CVE-2024-50660 (File Upload Bypass was found in AdPortal 3.0.39 allows a
remote attack ...)
+ TODO: check
+CVE-2024-50659 (Cross Site Scripting vulnerability iPublish Media Solutions
AdPortal 3 ...)
+ TODO: check
+CVE-2024-50658 (Server-Side Template Injection (SSTI) was found in AdPortal
3.0.39 all ...)
+ TODO: check
+CVE-2024-49649 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2024-49644 (Incorrect Privilege Assignment vulnerability in AllAccessible
Team Acc ...)
+ TODO: check
+CVE-2024-49633 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-49294 (Cross-Site Request Forgery (CSRF) vulnerability in MagePeople
Team Bus ...)
+ TODO: check
+CVE-2024-49249 (Path Traversal vulnerability in SMSA Express SMSA Shipping
allows Path ...)
+ TODO: check
+CVE-2024-49222 (Deserialization of Untrusted Data vulnerability in Amento Tech
Pvt ltd ...)
+ TODO: check
+CVE-2024-48245 (Vehicle Management System 1.0 is vulnerable to SQL Injection.
A guest ...)
+ TODO: check
+CVE-2024-46603 (An XML External Entity (XXE) vulnerability in Elspec
Engineering G5 Di ...)
+ TODO: check
+CVE-2024-46602 (An issue was discovered in Elspec G5 digital fault recorder
version 1. ...)
+ TODO: check
+CVE-2024-46601 (Elspec Engineering G5 Digital Fault Recorder Firmware
v1.2.1.12 was di ...)
+ TODO: check
+CVE-2024-46242 (An issue in the validate_email function in
CTFd/utils/validators/__ini ...)
+ TODO: check
+CVE-2024-45640 (IBM Security ReaQta 3.12 returns sensitive information in an
HTTP resp ...)
+ TODO: check
+CVE-2024-45100 (IBM Security ReaQta 3.12could allow a privileged user to cause
a denia ...)
+ TODO: check
+CVE-2024-44450 (Multiple functions are vulnerable to Authorization Bypass in
AIMS eCre ...)
+ TODO: check
+CVE-2024-43243 (Unrestricted Upload of File with Dangerous Type vulnerability
in Theme ...)
+ TODO: check
+CVE-2024-40749 (Improper Access Controls allows access to protected views.)
+ TODO: check
+CVE-2024-40748 (Lack of output escaping in the id attribute of menu lists.)
+ TODO: check
+CVE-2024-40747 (Various module chromes didn't properly process inputs, leading
to XSS ...)
+ TODO: check
+CVE-2024-40702 (IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller
11.1.0 ...)
+ TODO: check
+CVE-2024-40427 (Stack Buffer Overflow in PX4-Autopilot v1.14.3, which allows
attackers ...)
+ TODO: check
+CVE-2024-35532 (An XML External Entity (XXE) injection vulnerability in
Intersec Geosa ...)
+ TODO: check
+CVE-2024-28778 (IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller
11.1.0 ...)
+ TODO: check
+CVE-2024-25037 (IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller
11.1.0 ...)
+ TODO: check
+CVE-2024-12738 (The User Profile Builder \u2013 Beautiful User Registration
Forms, Use ...)
+ TODO: check
+CVE-2024-12719 (The WordPress File Upload plugin for WordPress is vulnerable
to unauth ...)
+ TODO: check
+CVE-2024-12711 (The RSVP and Event Management plugin for WordPress is
vulnerable to un ...)
+ TODO: check
+CVE-2024-12699 (The Service Box plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
+ TODO: check
+CVE-2024-12532 (The BWD Elementor Addons plugin for WordPress is vulnerable to
Sensiti ...)
+ TODO: check
+CVE-2024-12430 (An attacker who successfully exploited these vulnerabilities
could cau ...)
+ TODO: check
+CVE-2024-12429 (An attacker who successfully exploited these vulnerabilities
could gra ...)
+ TODO: check
+CVE-2024-12426 (Exposure of Environmental Variables and arbitrary INI file
values to a ...)
+ TODO: check
+CVE-2024-12425 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2024-12316 (The Jupiter X Core plugin for WordPress is vulnerable to
unauthorized ...)
+ TODO: check
+CVE-2024-12152 (The MIPL WC Multisite Sync plugin for WordPress is vulnerable
to Direc ...)
+ TODO: check
+CVE-2024-12131 (The WP Job Portal \u2013 A Complete Recruitment System for
Company or ...)
+ TODO: check
+CVE-2024-12033 (The Jupiter X Core plugin for WordPress is vulnerable to
unauthorized ...)
+ TODO: check
+CVE-2024-11826 (The Quill Forms | The Best Typeform Alternative | Create
Conversationa ...)
+ TODO: check
+CVE-2024-11681 (A malicious or compromised MacPorts mirror can execute
arbitrary comma ...)
+ TODO: check
+CVE-2025-0247 (Memory safety bugs present in Firefox 133 and Thunderbird 133.
Some of ...)
- firefox <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-01/#CVE-2025-0247
-CVE-2025-0243
+CVE-2025-0243 (Memory safety bugs present in Firefox 133, Thunderbird 133,
Firefox ES ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-01/#CVE-2025-0243
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/#CVE-2025-0243
-CVE-2025-0242
+CVE-2025-0242 (Memory safety bugs present in Firefox 133, Thunderbird 133,
Firefox ES ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-01/#CVE-2025-0242
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/#CVE-2025-0242
-CVE-2025-0241
+CVE-2025-0241 (When segmenting specially crafted text, segmentation would
corrupt mem ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-01/#CVE-2025-0241
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/#CVE-2025-0241
-CVE-2025-0240
+CVE-2025-0240 (Parsing a JavaScript module as JSON could, under some
circumstances, c ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-01/#CVE-2025-0240
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/#CVE-2025-0240
-CVE-2025-0239
+CVE-2025-0239 (When using Alt-Svc, ALPN did not properly validate certificates
when t ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-01/#CVE-2025-0239
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/#CVE-2025-0239
-CVE-2025-0238
+CVE-2025-0238 (Assuming a controlled failed memory allocation, an attacker
could have ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-01/#CVE-2025-0238
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/#CVE-2025-0238
-CVE-2025-0237
+CVE-2025-0237 (The WebChannel API, which is used to transport various
information acr ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-01/#CVE-2025-0237
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/#CVE-2025-0237
-CVE-2025-0246
+CVE-2025-0246 (When using an invalid protocol scheme, an attacker could spoof
the add ...)
- firefox <not-affected> (Only affects Firefox on Android)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-01/#CVE-2025-0246
-CVE-2025-0245
+CVE-2025-0245 (Under certain circumstances, a user opt-in setting that Focus
should r ...)
- firefox <not-affected> (Only affects Firefox on Android)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-01/#CVE-2025-0245
-CVE-2025-0244
+CVE-2025-0244 (When redirecting to an invalid protocol scheme, an attacker
could spoo ...)
- firefox <not-affected> (Only affects Firefox on Android)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-01/#CVE-2025-0244
CVE-2025-22395 (Dell Update Package Framework, versions prior to 22.01.02,
contain(s) ...)
@@ -4057,7 +4501,7 @@ CVE-2024-12782 (A vulnerability has been found in
Fujifilm Apeos C3070, Apeos C5
NOT-FOR-US: Apeos
CVE-2024-12626 (The AutomatorWP \u2013 Automator plugin for no-code
automations, webho ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-12569 (Disclosure of sensitive information in HikVision camera
driver's log f ...)
+CVE-2024-12569 (Disclosure of sensitive information in a Milestone XProtect
Device Pac ...)
NOT-FOR-US: HikVision camera driver
CVE-2024-12331 (The File Manager Pro \u2013 Filester plugin for WordPress is
vulnerabl ...)
NOT-FOR-US: WordPress plugin
@@ -39160,7 +39604,7 @@ CVE-2024-6136 (The wp-cart-for-digital-products
WordPress plugin before 8.5.6 do
NOT-FOR-US: WordPress plugin
CVE-2024-6133 (The wp-cart-for-digital-products WordPress plugin before 8.5.6
does no ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-5445 (Ecosystem Agent version 4 < 4.5.1.2597 and Ecosystem Agent
version 5 < ...)
+CVE-2024-5445 (Ecosystem Agent version 4 < 4.1.5.2597 and Ecosystem Agent
version 5 < ...)
NOT-FOR-US: Ecosystem Agent
CVE-2024-4360 (The Element Pack Elementor Addons (Header Footer, Template
Library, Dy ...)
NOT-FOR-US: WordPress plugin
@@ -176192,10 +176636,10 @@ CVE-2022-45188 (Netatalk through 3.1.13 has an
afp_getappl heap-based buffer ove
NOTE:
https://github.com/Netatalk/netatalk/commit/952b510d38914ed215858883f395da33d8b7e396
(netatalk-3-1-15)
CVE-2022-45187
RESERVED
-CVE-2022-45186
- RESERVED
-CVE-2022-45185
- RESERVED
+CVE-2022-45186 (An issue was discovered in SuiteCRM 7.12.7. Authenticated
users can re ...)
+ TODO: check
+CVE-2022-45185 (An issue was discovered in SuiteCRM 7.12.7. Authenticated
users can us ...)
+ TODO: check
CVE-2022-45184 (The Web Server in Ironman Software PowerShell Universal v3.x
and v2.x ...)
NOT-FOR-US: Ironman Software PowerShell Universal
CVE-2022-45183 (Escalation of privileges in the Web Server in Ironman Software
PowerSh ...)
@@ -189067,10 +189511,10 @@ CVE-2022-41575 (A credential-exposure vulnerability
in the support-bundle mechan
NOT-FOR-US: Gradle Enterprise
CVE-2022-41574 (An access-control vulnerability in Gradle Enterprise 2022.4
through 20 ...)
NOT-FOR-US: Gradle Enterprise
-CVE-2022-41573
- RESERVED
-CVE-2022-41572
- RESERVED
+CVE-2022-41573 (An issue was discovered in Ovidentia 8.3. The file upload
feature does ...)
+ TODO: check
+CVE-2022-41572 (An issue was discovered in EyesOfNetwork (EON) through 5.3.11.
Privile ...)
+ TODO: check
CVE-2022-41571 (An issue was discovered in EyesOfNetwork (EON) through 5.3.11.
Local f ...)
NOT-FOR-US: EyesOfNetwork (EON)
CVE-2022-41570 (An issue was discovered in EyesOfNetwork (EON) through 5.3.11.
Unauthe ...)
@@ -245860,8 +246304,8 @@ CVE-2022-22365 (IBM WebSphere Application Server 7.0,
8.0, 8.5, and 9.0, with th
NOT-FOR-US: IBM
CVE-2022-22364 (IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable
to exte ...)
NOT-FOR-US: IBM
-CVE-2022-22363
- RESERVED
+CVE-2022-22363 (IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller
11.1.0 ...)
+ TODO: check
CVE-2022-22362
RESERVED
CVE-2022-22361 (IBM Business Automation Workflow traditional 21.0.1 through
21.0.3, 20 ...)
@@ -318562,8 +319006,8 @@ CVE-2021-20457
RESERVED
CVE-2021-20456
RESERVED
-CVE-2021-20455
- RESERVED
+CVE-2021-20455 (IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller
11.1.0 ...)
+ TODO: check
CVE-2021-20454 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is
vulnerable ...)
NOT-FOR-US: IBM
CVE-2021-20453 (IBM WebSphere Application Server 8.0, 8.5, and 9.0 is
vulnerable to a ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/005f3b9364cc307080e45080c4e76190e8becb9c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/005f3b9364cc307080e45080c4e76190e8becb9c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
