Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
111339b5 by security tracker role at 2025-01-09T20:12:03+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,305 @@
+CVE-2025-22827 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22826 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22824 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22823 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22822 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22821 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22820 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22819 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22818 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22817 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22815 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22814 (Cross-Site Request Forgery (CSRF) vulnerability in Dylan James
Zephyr ...)
+ TODO: check
+CVE-2025-22813 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22812 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22811 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22810 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22809 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22808 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22807 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22806 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22805 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22804 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22803 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22802 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22801 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22595 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22594 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22561 (Missing Authorization vulnerability in Jason Funk Title
Experiments Fr ...)
+ TODO: check
+CVE-2025-22542 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-22540 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-22539 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22537 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-22535 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-22527 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-22521 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22510 (Deserialization of Untrusted Data vulnerability in Konrad
Karpieszuk W ...)
+ TODO: check
+CVE-2025-22508 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-22505 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-22504 (Unrestricted Upload of File with Dangerous Type vulnerability
in jumpd ...)
+ TODO: check
+CVE-2025-22361 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22345 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22331 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22330 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22313 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22307 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22295 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22151 (Strawberry GraphQL is a library for creating GraphQL APIs.
Starting in ...)
+ TODO: check
+CVE-2025-22149 (JWK Set (JSON Web Key Set) is a JWK and JWK Set Go
implementation. Pri ...)
+ TODO: check
+CVE-2025-21628 (Chatwoot is a customer engagement suite. Prior to 3.16.0,
conversation ...)
+ TODO: check
+CVE-2025-21602 (An Improper Handling of Exceptional Conditions vulnerability
in the ro ...)
+ TODO: check
+CVE-2025-21600 (An Out-of-Bounds Read vulnerability in the routing protocol
daemon (r ...)
+ TODO: check
+CVE-2025-21599 (AMissing Release of Memory after Effective Lifetime
vulnerability in t ...)
+ TODO: check
+CVE-2025-21598 (AnOut-of-bounds Read vulnerability in Juniper Networks Junos
OS and Ju ...)
+ TODO: check
+CVE-2025-21596 (An Improper Handling of Exceptional Conditions vulnerability
in the co ...)
+ TODO: check
+CVE-2025-21593 (An Improper Control of a Resource Through its Lifetime
vulnerability i ...)
+ TODO: check
+CVE-2025-21592 (An Exposure of Sensitive Information to an Unauthorized
Actorvulnerabi ...)
+ TODO: check
+CVE-2025-0349 (A vulnerability classified as critical has been found in Tenda
AC6 15. ...)
+ TODO: check
+CVE-2025-0348 (A vulnerability was found in CampCodes DepEd Equipment
Inventory Syste ...)
+ TODO: check
+CVE-2025-0347 (A vulnerability was found in code-projects Admission Management
System ...)
+ TODO: check
+CVE-2025-0346 (A vulnerability was found in code-projects Content Management
System 1 ...)
+ TODO: check
+CVE-2025-0345 (A vulnerability was found in leiyuxi cy-fast 1.0 and classified
as cri ...)
+ TODO: check
+CVE-2024-6155 (The Greenshift \u2013 animation and page builder blocks plugin
for Wor ...)
+ TODO: check
+CVE-2024-5769 (The MIMO Woocommerce Order Tracking plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2024-56114 (Canlineapp Online 1.1 is vulnerable to Broken Access Control
and allow ...)
+ TODO: check
+CVE-2024-56113 (Smart Toilet Lab - Motius 1.3.11 is running with debug mode
turned on ...)
+ TODO: check
+CVE-2024-55494 (A cross-site scripting (XSS) vulnerability in Opencode Mobile
Collect ...)
+ TODO: check
+CVE-2024-54887 (TP-Link TL-WR940N V3 and V4 with firmware 3.16.9 and earlier
contain a ...)
+ TODO: check
+CVE-2024-54762 (Ruoyi v.4.7.9 and before contains an authenticated SQL
injection vulne ...)
+ TODO: check
+CVE-2024-54761 (BigAnt Office Messenger 5.6.06 is vulnerable to SQL Injection
via the ...)
+ TODO: check
+CVE-2024-54724 (PHPYun before 7.0.2 is vulnerable to code execution through
backdoor-r ...)
+ TODO: check
+CVE-2024-46505 (Infoblox BloxOne v2.4 was discovered to contain a business
logic flaw ...)
+ TODO: check
+CVE-2024-43176 (IBM OpenPages 9.0 could allow an authenticated user to obtain
sensitiv ...)
+ TODO: check
+CVE-2024-13284 (Cross-Site Request Forgery (CSRF) vulnerability in Drupal
Gutenberg al ...)
+ TODO: check
+CVE-2024-13283 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-13282 (Incorrect Authorization vulnerability in Drupal Block
permissions allo ...)
+ TODO: check
+CVE-2024-13281 (Incorrect Authorization vulnerability in Drupal Monster Menus
allows F ...)
+ TODO: check
+CVE-2024-13280 (Insufficient Session Expiration vulnerability in Drupal
Persistent Log ...)
+ TODO: check
+CVE-2024-13279 (Session Fixation vulnerability in Drupal Two-factor
Authentication (TF ...)
+ TODO: check
+CVE-2024-13278 (Incorrect Authorization vulnerability in Drupal Diff allows
Functional ...)
+ TODO: check
+CVE-2024-13277 (Incorrect Authorization vulnerability in Drupal Smart IP Ban
allows Fo ...)
+ TODO: check
+CVE-2024-13276 (Insertion of Sensitive Information Into Sent Data
vulnerability in Dru ...)
+ TODO: check
+CVE-2024-13275 (Access of Resource Using Incompatible Type ('Type Confusion')
vulnerab ...)
+ TODO: check
+CVE-2024-13274 (Improper Control of Interaction Frequency vulnerability in
Drupal Open ...)
+ TODO: check
+CVE-2024-13273 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-13272 (Insufficient Granularity of Access Control vulnerability in
Drupal Par ...)
+ TODO: check
+CVE-2024-13271 (Incorrect Authorization vulnerability in Drupal Content Entity
Clone a ...)
+ TODO: check
+CVE-2024-13270 (Incorrect Authorization vulnerability in Drupal Freelinking
allows For ...)
+ TODO: check
+CVE-2024-13269 (Insertion of Sensitive Information Into Sent Data
vulnerability in Dru ...)
+ TODO: check
+CVE-2024-13268 (Improper Neutralization of Directives in Statically Saved Code
('Stati ...)
+ TODO: check
+CVE-2024-13267 (Improper Neutralization of Directives in Statically Saved Code
('Stati ...)
+ TODO: check
+CVE-2024-13266 (Incorrect Authorization vulnerability in Drupal Responsive and
off-can ...)
+ TODO: check
+CVE-2024-13265 (Improper Neutralization of Directives in Statically Saved Code
('Stati ...)
+ TODO: check
+CVE-2024-13264 (Improper Neutralization of Directives in Statically Saved Code
('Stati ...)
+ TODO: check
+CVE-2024-13263 (Improper Neutralization of Directives in Statically Saved Code
('Stati ...)
+ TODO: check
+CVE-2024-13262 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-13261 (Cross-Site Request Forgery (CSRF) vulnerability in Drupal
Acquia DAM a ...)
+ TODO: check
+CVE-2024-13260 (Cross-Site Request Forgery (CSRF) vulnerability in Drupal
Migrate queu ...)
+ TODO: check
+CVE-2024-13259 (Insertion of Sensitive Information Into Sent Data
vulnerability in Dru ...)
+ TODO: check
+CVE-2024-13258 (Incorrect Authorization vulnerability in Drupal Drupal REST &
JSON API ...)
+ TODO: check
+CVE-2024-13257 (Incorrect Authorization vulnerability in Drupal Commerce View
Receipt ...)
+ TODO: check
+CVE-2024-13256 (Insufficient Granularity of Access Control vulnerability in
Drupal Ema ...)
+ TODO: check
+CVE-2024-13255 (Exposure of Sensitive Information Through Data Queries
vulnerability i ...)
+ TODO: check
+CVE-2024-13254 (Insertion of Sensitive Information Into Sent Data
vulnerability in Dru ...)
+ TODO: check
+CVE-2024-13253 (Incorrect Authorization vulnerability in Drupal Advanced PWA
inc Push ...)
+ TODO: check
+CVE-2024-13252 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-13251 (Incorrect Privilege Assignment vulnerability in Drupal
Registration ro ...)
+ TODO: check
+CVE-2024-13250 (Cross-Site Request Forgery (CSRF) vulnerability in Drupal
Drupal Symfo ...)
+ TODO: check
+CVE-2024-13249 (Improper Ownership Management vulnerability in Drupal Node
Access Rebu ...)
+ TODO: check
+CVE-2024-13248 (Incorrect Privilege Assignment vulnerability in Drupal Private
content ...)
+ TODO: check
+CVE-2024-13247 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-13246 (Improper Ownership Management vulnerability in Drupal Node
Access Rebu ...)
+ TODO: check
+CVE-2024-13245 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-13244 (Cross-Site Request Forgery (CSRF) vulnerability in Drupal
Migrate Tool ...)
+ TODO: check
+CVE-2024-13243 (Missing Authorization vulnerability in Drupal Entity Delete
Log allows ...)
+ TODO: check
+CVE-2024-13242 (Exposed Dangerous Method or Function vulnerability in Drupal
Swift Mai ...)
+ TODO: check
+CVE-2024-13241 (Improper Authorization vulnerability in Drupal Open Social
allows Coll ...)
+ TODO: check
+CVE-2024-13240 (Improper Access Control vulnerability in Drupal Open Social
allows Col ...)
+ TODO: check
+CVE-2024-13239 (Weak Authentication vulnerability in Drupal Two-factor
Authentication ...)
+ TODO: check
+CVE-2024-13238 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-13237 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-13153 (The Unlimited Elements For Elementor plugin for WordPress is
vulnerabl ...)
+ TODO: check
+CVE-2024-12848 (The SKT Page Builder plugin for WordPress is vulnerable to
arbitrary f ...)
+ TODO: check
+CVE-2024-12819 (The Searchie plugin for WordPress is vulnerable to Stored
Cross-Site S ...)
+ TODO: check
+CVE-2024-12802 (SSL-VPN MFA Bypass in SonicWALL SSL-VPN can arise in specific
cases du ...)
+ TODO: check
+CVE-2024-12621 (The Yumpu E-Paper publishing plugin for WordPress is
vulnerable to Sto ...)
+ TODO: check
+CVE-2024-12618 (The Newsletter2Go plugin for WordPress is vulnerable to
unauthorized m ...)
+ TODO: check
+CVE-2024-12616 (The Bitly's WordPress Plugin plugin for WordPress is
vulnerable t ...)
+ TODO: check
+CVE-2024-12605 (The AI Scribe \u2013 SEO AI Writer, Content Generator,
Humanizer, Blog ...)
+ TODO: check
+CVE-2024-12542 (The linkID plugin for WordPress is vulnerable to unauthorized
access o ...)
+ TODO: check
+CVE-2024-12515 (The Muslim Prayer Time-Salah/Iqamah plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2024-12514 (The 3DVieweronline plugin for WordPress is vulnerable to
Stored Cross- ...)
+ TODO: check
+CVE-2024-12496 (The Linear plugin for WordPress is vulnerable to Stored
Cross-Site Scr ...)
+ TODO: check
+CVE-2024-12493 (The Files Download Delay plugin for WordPress is vulnerable to
Stored ...)
+ TODO: check
+CVE-2024-12491 (The SimplyRETS Real Estate IDX plugin for WordPress is
vulnerable to S ...)
+ TODO: check
+CVE-2024-12394 (The Action Network plugin for WordPress is vulnerable to
Cross-Site Re ...)
+ TODO: check
+CVE-2024-12330 (The WP Database Backup \u2013 Unlimited Database & Files
Backup by Bac ...)
+ TODO: check
+CVE-2024-12285 (The SEMA API plugin for WordPress is vulnerable to Reflected
Cross-Sit ...)
+ TODO: check
+CVE-2024-12249 (The GS Insever Portfolio plugin for WordPress is vulnerable to
unautho ...)
+ TODO: check
+CVE-2024-12222 (The Deliver via Shipos for WooCommerce plugin for WordPress is
vulnera ...)
+ TODO: check
+CVE-2024-12218 (The Woocommerce check pincode/zipcode for shipping plugin for
WordPres ...)
+ TODO: check
+CVE-2024-12206 (The WordPress Header Builder Plugin \u2013 Pearl plugin for
WordPress ...)
+ TODO: check
+CVE-2024-12122 (The ResAds plugin for WordPress is vulnerable to Reflected
Cross-Site ...)
+ TODO: check
+CVE-2024-12067 (The WP Travel \u2013 Ultimate Travel Booking System, Tour
Management E ...)
+ TODO: check
+CVE-2024-11929 (The Responsive FlipBook Plugin Wordpress plugin for WordPress
is vulne ...)
+ TODO: check
+CVE-2024-11907 (The Skyword API Plugin plugin for WordPress is vulnerable to
Stored Cr ...)
+ TODO: check
+CVE-2024-11815 (The P\xf3sturinn\'s Shipping with WooCommerce plugin for
WordPres ...)
+ TODO: check
+CVE-2024-11686 (The WhatsApp \U0001f680 click to chat plugin for WordPress is
vulnerab ...)
+ TODO: check
+CVE-2024-11642 (The Post Grid Master \u2013 Custom Post Types, Taxonomies &
Ajax Filte ...)
+ TODO: check
+CVE-2024-11328 (The CLUEVO LMS, E-Learning Platform plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2024-10215 (The WPBookit plugin for WordPress is vulnerable to Arbitrary
User Pass ...)
+ TODO: check
+CVE-2024-10106 (A buffer overflow vulnerability in the packet handoff plugin
allows an ...)
+ TODO: check
CVE-2025-22449 (Mattermost versions 9.11.x <= 9.11.5 fail to enforce invite
permission ...)
- mattermost-server <itp> (bug #823556)
CVE-2025-22445 (Mattermost versions 10.x <= 10.2 fail to accurately reflect
missing se ...)
@@ -454,6 +756,7 @@ CVE-2023-52954 (Vulnerability of improper permission
control in the Gallery modu
CVE-2023-52953 (Path traversal vulnerability in the Medialibrary module
Impact: Succes ...)
NOT-FOR-US: Huawei
CVE-2025-0291 (Type Confusion in V8 in Google Chrome prior to 131.0.6778.264
allowed ...)
+ {DSA-5840-1}
- chromium 131.0.6778.264-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-22621 (In versions 1.0.67 and lower of the Splunk App for SOAR, the
Splunk do ...)
@@ -6826,7 +7129,7 @@ CVE-2024-54513 (A permissions issue was addressed with
additional restrictions.
CVE-2024-54510 (A race condition was addressed with improved locking. This
issue is fi ...)
NOT-FOR-US: Apple
CVE-2024-54508 (The issue was addressed with improved memory handling. This
issue is f ...)
- {DSA-5835-1}
+ {DSA-5835-1 DLA-4009-1}
- webkit2gtk 2.46.5-1
- wpewebkit 2.46.5-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
@@ -6835,7 +7138,7 @@ CVE-2024-54508 (The issue was addressed with improved
memory handling. This issu
CVE-2024-54506 (An out-of-bounds access issue was addressed with improved
bounds check ...)
NOT-FOR-US: Apple
CVE-2024-54505 (A type confusion issue was addressed with improved memory
handling. Th ...)
- {DSA-5835-1}
+ {DSA-5835-1 DLA-4009-1}
- webkit2gtk 2.46.5-1
- wpewebkit 2.46.5-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
@@ -6846,7 +7149,7 @@ CVE-2024-54504 (A privacy issue was addressed with
improved private data redacti
CVE-2024-54503 (An inconsistent user interface issue was addressed with
improved state ...)
NOT-FOR-US: Apple
CVE-2024-54502 (The issue was addressed with improved checks. This issue is
fixed in w ...)
- {DSA-5835-1}
+ {DSA-5835-1 DLA-4009-1}
- webkit2gtk 2.46.5-1
- wpewebkit 2.46.5-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
@@ -6879,7 +7182,7 @@ CVE-2024-54485 (The issue was addressed by adding
additional logic. This issue i
CVE-2024-54484 (The issue was resolved by sanitizing logging. This issue is
fixed in m ...)
NOT-FOR-US: Apple
CVE-2024-54479 (The issue was addressed with improved checks. This issue is
fixed in i ...)
- {DSA-5835-1}
+ {DSA-5835-1 DLA-4009-1}
- webkit2gtk 2.46.5-1
- wpewebkit 2.46.5-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
@@ -12331,7 +12634,7 @@ CVE-2024-8525 (An unrestricted upload of file with
dangerous type in Automated L
NOT-FOR-US: Automated Logic WebCTRL
CVE-2024-7130 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
NOT-FOR-US: Kion Computer KION Exchange Programs Software
-CVE-2024-7026 (SQL Injection: Hibernate vulnerability in Teknogis Informatics
Closed ...)
+CVE-2024-7026 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: Teknogis Informatics Closed Circuit Vehicle Tracking
Software
CVE-2024-7016 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
NOT-FOR-US: Smarttek Informatics Smart Doctor
@@ -79959,7 +80262,7 @@ CVE-2023-44039 (In VeridiumID before 3.5.0, the
WebAuthn API allows an internal
NOT-FOR-US: VeridiumID
CVE-2023-44038 (In VeridiumID before 3.5.0, the identity provider page allows
an unaut ...)
NOT-FOR-US: VeridiumID
-CVE-2023-38729 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect
Server)10.5, ...)
+CVE-2023-38729 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect
Server) 10.5 ...)
NOT-FOR-US: IBM
CVE-2023-35812 (An issue was discovered in the Amazon Linux packages of
OpenSSH 7.4 fo ...)
NOT-FOR-US: Incomplate OpenSSH backport in Amazon Linux
@@ -160525,12 +160828,12 @@ CVE-2023-24021 (Incorrect handling of '\0' bytes in
file uploads in ModSecurity
[bullseye] - modsecurity-apache 2.9.3-3+deb11u2
NOTE: https://github.com/SpiderLabs/ModSecurity/pull/2857
NOTE:
https://github.com/SpiderLabs/ModSecurity/commit/4324f0ac59f8225aa44bc5034df60dbeccd1d334
(v2.9.7)
-CVE-2023-24012
- RESERVED
-CVE-2023-24011
- RESERVED
-CVE-2023-24010
- RESERVED
+CVE-2023-24012 (An attacker can arbitrarily craft malicious DDS Participants
(or ROS 2 ...)
+ TODO: check
+CVE-2023-24011 (An attacker can arbitrarily craft malicious DDS Participants
(or ROS 2 ...)
+ TODO: check
+CVE-2023-24010 (An attacker can arbitrarily craft malicious DDS Participants
(or ROS 2 ...)
+ TODO: check
CVE-2023-24009 (Auth. (subscriber+) Reflected Cross-site Scripting (XSS)
vulnerability ...)
NOT-FOR-US: WordPress theme
CVE-2023-24008 (Cross-Site Request Forgery (CSRF) vulnerability in yonifre
Maspik \u20 ...)
@@ -246528,8 +246831,8 @@ CVE-2022-22493 (IBM WebSphere Automation for Cloud
Pak for Watson AIOps 1.4.2 is
NOT-FOR-US: IBM
CVE-2022-22492
RESERVED
-CVE-2022-22491
- RESERVED
+CVE-2022-22491 (IBM App Connect Enterprise Certified Container7.1, 7.2, 8.0,
8.1, 8.2, ...)
+ TODO: check
CVE-2022-22490 (IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2
could allow ...)
NOT-FOR-US: IBM
CVE-2022-22489 (IBM MQ 8.0, (9.0, 9.1, 9.2 LTS), and (9.1 and 9.2 CD) are
vulnerable t ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/111339b53abee2f2cea71e2a9a083074bbdd4183
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/111339b53abee2f2cea71e2a9a083074bbdd4183
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
