Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f9d8a2fe by security tracker role at 2025-01-09T08:12:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,157 @@
+CVE-2025-22449 (Mattermost versions 9.11.x <= 9.11.5 fail to enforce invite
permission ...)
+ TODO: check
+CVE-2025-22445 (Mattermost versions 10.x <= 10.2 fail to accurately reflect
missing se ...)
+ TODO: check
+CVE-2025-22145 (Carbon is an international PHP extension for DateTime.
Application pas ...)
+ TODO: check
+CVE-2025-20033 (Mattermost versions 10.2.0, 9.11.x <= 9.11.5, 10.0.x <=
10.0.3, 10.1.x ...)
+ TODO: check
+CVE-2025-0344 (A vulnerability has been found in leiyuxi cy-fast 1.0 and
classified a ...)
+ TODO: check
+CVE-2025-0342 (A vulnerability, which was classified as problematic, was found
in Cam ...)
+ TODO: check
+CVE-2025-0341 (A vulnerability, which was classified as critical, has been
found in C ...)
+ TODO: check
+CVE-2025-0340 (A vulnerability classified as critical was found in
code-projects Cine ...)
+ TODO: check
+CVE-2025-0339 (A vulnerability classified as problematic has been found in
code-proje ...)
+ TODO: check
+CVE-2025-0336 (A vulnerability was found in Codezips Project Management System
1.0. I ...)
+ TODO: check
+CVE-2025-0335 (A vulnerability was found in code-projects Online Bike Rental
System 1 ...)
+ TODO: check
+CVE-2025-0334 (A vulnerability has been found in leiyuxi cy-fast 1.0 and
classified a ...)
+ TODO: check
+CVE-2025-0333 (A vulnerability, which was classified as critical, was found in
leiyux ...)
+ TODO: check
+CVE-2025-0331 (A vulnerability, which was classified as critical, has been
found in Y ...)
+ TODO: check
+CVE-2025-0328 (A vulnerability, which was classified as critical, has been
found in K ...)
+ TODO: check
+CVE-2025-0306 (A vulnerability was found in Ruby. The Ruby interpreter is
vulnerable ...)
+ TODO: check
+CVE-2025-0283 (A stack-based buffer overflow in Ivanti Connect Secure before
version ...)
+ TODO: check
+CVE-2025-0282 (A stack-based buffer overflow in Ivanti Connect Secure before
version ...)
+ TODO: check
+CVE-2024-6324 (An issue was discovered in GitLab CE/EE affecting all versions
startin ...)
+ TODO: check
+CVE-2024-5610
+ REJECTED
+CVE-2024-54010 (A vulnerability in the firewall component of HPE Aruba
Networking CX 1 ...)
+ TODO: check
+CVE-2024-53995 (SickChill is an automatic video library manager for TV shows.
A user-c ...)
+ TODO: check
+CVE-2024-53706 (A vulnerability in the Gen7 SonicOS Cloud platform NSv, allows
a remot ...)
+ TODO: check
+CVE-2024-53705 (A Server-Side Request Forgery vulnerability in the SonicOS SSH
managem ...)
+ TODO: check
+CVE-2024-53704 (An Improper Authentication vulnerability in the SSLVPN
authentication ...)
+ TODO: check
+CVE-2024-52869 (Certain Teradata account-handling code through 2024-11-04,
used with S ...)
+ TODO: check
+CVE-2024-43663 (There are many buffer overflow vulnerabilities present in
several CGI ...)
+ TODO: check
+CVE-2024-43662 (The <redacted>.exe or <redacted>.exe CGI binary can be used to
upload ...)
+ TODO: check
+CVE-2024-43661 (The <redacted>.so library, which is used by <redacted>, is
vulnerable ...)
+ TODO: check
+CVE-2024-43660 (The CGI script <redacted>.sh can be used to download any file
on the f ...)
+ TODO: check
+CVE-2024-43659 (After gaining access to the firmware of a charging station, a
file at ...)
+ TODO: check
+CVE-2024-43658 (Patch traversal, External Control of File Name or Path
vulnerability i ...)
+ TODO: check
+CVE-2024-43657 (Improper Neutralization of Special Elements used in a Command
('Comman ...)
+ TODO: check
+CVE-2024-43656 (Improper Neutralization of Special Elements used in a Command
('Comman ...)
+ TODO: check
+CVE-2024-43655 (Improper Neutralization of Special Elements used in a Command
('Comman ...)
+ TODO: check
+CVE-2024-43654 (Improper Neutralization of Special Elements used in a Command
('Comman ...)
+ TODO: check
+CVE-2024-43653 (Improper Neutralization of Special Elements used in a Command
('Comman ...)
+ TODO: check
+CVE-2024-43652 (Improper Neutralization of Special Elements used in a Command
('Comman ...)
+ TODO: check
+CVE-2024-43651 (Improper Neutralization of Special Elements used in a Command
('Comman ...)
+ TODO: check
+CVE-2024-43650 (Improper Neutralization of Special Elements used in a Command
('Comman ...)
+ TODO: check
+CVE-2024-43649 (Authenticated command injection in the filename of a
<redacted>.exe re ...)
+ TODO: check
+CVE-2024-43648 (Command injection in the <redacted> parameter of a
<redacted>.exe requ ...)
+ TODO: check
+CVE-2024-40765 (An Integer-based buffer overflow vulnerability in the SonicOS
via IPSe ...)
+ TODO: check
+CVE-2024-40762 (Use of Cryptographically Weak Pseudo-Random Number Generator
(PRNG) in ...)
+ TODO: check
+CVE-2024-13213 (A vulnerability classified as problematic was found in SingMR
HouseRen ...)
+ TODO: check
+CVE-2024-13212 (A vulnerability classified as critical has been found in
SingMR HouseR ...)
+ TODO: check
+CVE-2024-13211 (A vulnerability was found in SingMR HouseRent 1.0. It has been
rated a ...)
+ TODO: check
+CVE-2024-13210 (A vulnerability was found in donglight
bookstore\u7535\u5546\u4e66\u57 ...)
+ TODO: check
+CVE-2024-13209 (A vulnerability was found in Redaxo CMS 5.18.1. It has been
classified ...)
+ TODO: check
+CVE-2024-13206 (A vulnerability classified as critical has been found in REVE
Antiviru ...)
+ TODO: check
+CVE-2024-13205 (A vulnerability was found in kurniaramadhan E-Commerce-PHP
1.0. It has ...)
+ TODO: check
+CVE-2024-13204 (A vulnerability was found in kurniaramadhan E-Commerce-PHP
1.0. It has ...)
+ TODO: check
+CVE-2024-13203 (A vulnerability was found in kurniaramadhan E-Commerce-PHP
1.0. It has ...)
+ TODO: check
+CVE-2024-13202 (A vulnerability was found in wander-chu SpringBoot-Blog 1.0
and classi ...)
+ TODO: check
+CVE-2024-13201 (A vulnerability has been found in wander-chu SpringBoot-Blog
1.0 and c ...)
+ TODO: check
+CVE-2024-13200 (A vulnerability, which was classified as critical, was found
in wander ...)
+ TODO: check
+CVE-2024-13199 (A vulnerability classified as problematic was found in langhsu
Mblog B ...)
+ TODO: check
+CVE-2024-13198 (A vulnerability classified as problematic has been found in
langhsu Mb ...)
+ TODO: check
+CVE-2024-13197 (A vulnerability was found in donglight
bookstore\u7535\u5546\u4e66\u57 ...)
+ TODO: check
+CVE-2024-13196 (A vulnerability was found in donglight
bookstore\u7535\u5546\u4e66\u57 ...)
+ TODO: check
+CVE-2024-13195 (A vulnerability was found in donglight
bookstore\u7535\u5546\u4e66\u57 ...)
+ TODO: check
+CVE-2024-13194 (A vulnerability was found in Sucms 1.0 and classified as
critical. Aff ...)
+ TODO: check
+CVE-2024-13193 (A vulnerability has been found in SEMCMS up to 4.8 and
classified as c ...)
+ TODO: check
+CVE-2024-13192 (A vulnerability, which was classified as problematic, was
found in Zer ...)
+ TODO: check
+CVE-2024-13191 (A vulnerability, which was classified as critical, has been
found in Z ...)
+ TODO: check
+CVE-2024-13190 (A vulnerability classified as critical was found in ZeroWdd
myblog 1.0 ...)
+ TODO: check
+CVE-2024-13041 (An issue was discovered in GitLab CE/EE affecting all versions
startin ...)
+ TODO: check
+CVE-2024-12806 (A post-authentication absolute path traversal vulnerability in
SonicOS ...)
+ TODO: check
+CVE-2024-12805 (A post-authentication format string vulnerability in SonicOS
managemen ...)
+ TODO: check
+CVE-2024-12803 (A post-authentication stack-based buffer overflow
vulnerability in Son ...)
+ TODO: check
+CVE-2024-12736 (The BU Section Editing WordPress plugin through 0.9.9 does not
sanitis ...)
+ TODO: check
+CVE-2024-12731 (The Aklamator INfeed WordPress plugin through 2.0.0 does not
sanitise ...)
+ TODO: check
+CVE-2024-12717 (The Aklamator INfeed WordPress plugin through 2.0.0 does not
sanitise ...)
+ TODO: check
+CVE-2024-12715 (The Asgard Security Scanner WordPress plugin through 0.7 does
not sani ...)
+ TODO: check
+CVE-2024-12714 (The Backlink Monitoring Manager WordPress plugin through 0.1.3
does no ...)
+ TODO: check
+CVE-2024-12431 (An issue was discovered in GitLab CE/EE affecting all versions
startin ...)
+ TODO: check
+CVE-2024-10815 (The PostLists WordPress plugin through 2.0.2 does not escape
the $_SER ...)
+ TODO: check
CVE-2025-22143 (WeGIA is a web manager for charitable institutions. A
Reflected Cross- ...)
NOT-FOR-US: WeGIA
CVE-2025-22141 (WeGIA is a web manager for charitable institutions. A SQL
Injection vu ...)
@@ -2008,12 +2162,12 @@ CVE-2022-49035 (In the Linux kernel, the following
vulnerability has been resolv
NOTE:
https://git.kernel.org/linus/93f65ce036863893c164ca410938e0968964b26c (6.1-rc2)
CVE-2024-8447 (A security issue was discovered in the LRA Coordinator
component of Na ...)
NOT-FOR-US: Narayana
-CVE-2024-56827
+CVE-2024-56827 (A flaw was found in the OpenJPEG project. A heap buffer
overflow condi ...)
- openjpeg2 <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2335174
NOTE: https://github.com/uclouvain/openjpeg/issues/1564
NOTE:
https://github.com/uclouvain/openjpeg/commit/e492644fbded4c820ca55b5e50e598d346e850e8
(v2.5.3)
-CVE-2024-56826
+CVE-2024-56826 (A flaw was found in the OpenJPEG project. A heap buffer
overflow condi ...)
- openjpeg2 <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2335172
NOTE: https://github.com/uclouvain/openjpeg/issues/1563
@@ -48432,7 +48586,7 @@ CVE-2024-28747 (An unauthenticated remote attacker can
use the hard-coded creden
NOT-FOR-US: ifm electronic GmbH
CVE-2024-22062 (There is a permissions and access control vulnerability in
ZXCLOUD IRA ...)
NOT-FOR-US: ZTE
-CVE-2024-37372
+CVE-2024-37372 (The Permission Model assumes that any path starting with two
backslash ...)
- nodejs <not-affected> (Only affect Node.js on Windows)
NOTE:
https://nodejs.org/en/blog/vulnerability/july-2024-security-releases#permission-model-improperly-processes-unc-paths-cve-2024-37372---low
CVE-2024-22018 (A vulnerability has been identified in Node.js, affecting
users of the ...)
@@ -75539,7 +75693,7 @@ CVE-2024-XXXX [gix-transport indirect code execution
via malicious username]
NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0335.html
CVE-2024-36138 (Bypass incomplete fix of CVE-2024-27980, that arises from
improper han ...)
- nodejs <not-affected> (Only affects Windows)
-CVE-2024-27980
+CVE-2024-27980 (Due to the improper handling of batch files in
child_process.spawn / c ...)
- nodejs <not-affected> (Only affects Windows)
CVE-2024-3847 (Insufficient policy enforcement in WebUI in Google Chrome prior
to 124 ...)
{DSA-5668-1}
@@ -123395,7 +123549,7 @@ CVE-2023-40317
- moodle <removed>
CVE-2023-40316
- moodle <removed>
-CVE-2023-38037 [Active Support Possibly Discloses Locally Encrypted Files]
+CVE-2023-38037 (ActiveSupport::EncryptedFile writes contents that will be
encrypted to ...)
- rails <unfixed> (bug #1051057)
[bookworm] - rails <no-dsa> (Minor issue)
[bullseye] - rails <no-dsa> (Minor issue)
@@ -143327,8 +143481,8 @@ CVE-2023-1909 (A vulnerability, which was classified
as critical, was found in P
NOT-FOR-US: PHPGurukul BP Monitoring Management System
CVE-2023-1908 (A vulnerability was found in SourceCodester Simple Mobile
Comparison W ...)
NOT-FOR-US: SourceCodester Simple Mobile Comparison Website
-CVE-2023-1907
- RESERVED
+CVE-2023-1907 (A vulnerability was found in pgadmin. Users logging into
pgAdmin runni ...)
+ TODO: check
CVE-2023-1906 (A heap-based buffer overflow issue was discovered in
ImageMagick's Imp ...)
{DSA-5628-1}
- imagemagick 8:6.9.12.98+dfsg1-2 (bug #1034373)
@@ -147232,8 +147386,7 @@ CVE-2023-28364 (An Open Redirect vulnerability exists
prior to version 1.52.117,
- brave-browser <itp> (bug #864795)
CVE-2023-28363
RESERVED
-CVE-2023-28362 [Possible XSS via User Supplied Values to redirect_to]
- RESERVED
+CVE-2023-28362 (The redirect_to method in Rails allows provided values to
contain char ...)
- rails <unfixed> (bug #1051058)
[bookworm] - rails <no-dsa> (Minor issue)
[bullseye] - rails <no-dsa> (Minor issue)
@@ -148174,8 +148327,7 @@ CVE-2023-28122 (A local privilege escalation (LPE)
vulnerability in UI Desktop f
NOT-FOR-US: UI Desktop for Windows
CVE-2023-28121 (An issue in WooCommerce Payments plugin for WordPress
(versions 5.6.1 ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-28120
- RESERVED
+CVE-2023-28120 (There is a vulnerability in ActiveSupport if the new
bytesplice method ...)
{DSA-5389-1}
- rails 2:6.1.7.3+dfsg-1 (bug #1033262)
NOTE:
https://github.com/rails/rails/commit/3cf23c3f891e2e81c977ea4ab83b62bc2a444b70
(v6.1.7.3)
@@ -150034,8 +150186,7 @@ CVE-2020-36664 (A vulnerability has been found in
Artes\xe3os SEOTools up to 0.1
NOT-FOR-US: artesaos SEOTools
CVE-2020-36663 (A vulnerability, which was classified as problematic, was
found in Art ...)
NOT-FOR-US: artesaos SEOTools
-CVE-2023-27539
- RESERVED
+CVE-2023-27539 (There is a denial of service vulnerability in the header
parsing compo ...)
{DSA-5530-1 DLA-3392-1}
- ruby-rack 2.2.6.4-1 (bug #1033264)
NOTE:
https://github.com/rack/rack/commit/231ef369ad0b542575fb36c74fcfcfabcf6c530c
(v3.0.6.1)
@@ -150085,8 +150236,7 @@ CVE-2023-27533 (A vulnerability in input validation
exists in curl <8.0 during c
NOTE: Fixed by:
https://github.com/curl/curl/commit/538b1e79a6e7b0bb829ab4cecc828d32105d0684
(curl-8_0_0)
CVE-2023-27532 (Vulnerability in Veeam Backup & Replication component allows
encrypted ...)
NOT-FOR-US: Veeam
-CVE-2023-27531
- RESERVED
+CVE-2023-27531 (There is a deserialization of untrusted data vulnerability in
the Kred ...)
NOT-FOR-US: Kredis JSON ruby gem
NOTE:
https://discuss.rubyonrails.org/t/cve-2023-27531-possible-deserialization-of-untrusted-data-vulnerability-in-kredis-json/82467
CVE-2023-27530 (A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3,
<v2.1.4.3 and ...)
@@ -160679,8 +160829,7 @@ CVE-2023-23914 (A cleartext transmission of sensitive
information vulnerability
NOTE: https://curl.se/docs/CVE-2023-23914.html
NOTE: Introduced by:
https://github.com/curl/curl/commit/7385610d0c74c6a254fea5e4cd6e1d559d848c8c
(curl-7_74_0)
NOTE: https://github.com/curl/curl/pull/10138
-CVE-2023-23913
- RESERVED
+CVE-2023-23913 (There is a potential DOM based cross-site scripting issue in
rails-ujs ...)
{DSA-5389-1}
- rails 2:6.1.7.3+dfsg-1 (bug #1033263)
NOTE:
https://github.com/rails/rails/commit/5037a13614d71727af8a175063bcf6ba1a74bdbd
(v6.1.7.3)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f9d8a2fe1d63f66482c46da387f03cf70461c5bf
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f9d8a2fe1d63f66482c46da387f03cf70461c5bf
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
