Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ec6a5506 by security tracker role at 2025-01-10T08:11:47+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,85 @@
+CVE-2025-21385 (A Server-Side Request Forgery (SSRF) vulnerability in
Microsoft Purvie ...)
+ TODO: check
+CVE-2025-21380 (Improper access control in Azure SaaS Resources allows an
authorized a ...)
+ TODO: check
+CVE-2025-0311 (The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable
to Store ...)
+ TODO: check
+CVE-2024-56377 (A stored cross-site scripting (XSS) vulnerability in survey
titles of ...)
+ TODO: check
+CVE-2024-56376 (A stored cross-site scripting (XSS) vulnerability in the
built-in mess ...)
+ TODO: check
+CVE-2024-55226 (Vaultwarden v1.32.5 was discovered to contain an authenticated
reflect ...)
+ TODO: check
+CVE-2024-55225 (An issue in the component src/api/identity.rs of Vaultwarden
prior to ...)
+ TODO: check
+CVE-2024-55224 (An HTML injection vulnerability in Vaultwarden prior to
v1.32.5 allows ...)
+ TODO: check
+CVE-2024-51229 (Cross Site Scripting vulnerability in LinZhaoguan pb-cms v.2.0
allows ...)
+ TODO: check
+CVE-2024-48806 (Buffer Overflow vulnerability in Neat Board NFC
v.1.20240620.0015 allo ...)
+ TODO: check
+CVE-2024-46464 (In PRIMX ZED Enterprise up to 2024.3, technical files stored
in local ...)
+ TODO: check
+CVE-2024-42898 (A cross-site scripting (XSS) vulnerability in Nagios XI
2024R1.1.4 all ...)
+ TODO: check
+CVE-2024-13312 (Missing Authorization vulnerability in Drupal Open Social
allows Force ...)
+ TODO: check
+CVE-2024-13311 (Vulnerability in Drupal Allow All File Extensions for file
fields.This ...)
+ TODO: check
+CVE-2024-13310 (Vulnerability in Drupal Git Utilities for Drupal.This issue
affects Gi ...)
+ TODO: check
+CVE-2024-13309 (Improper Authentication vulnerability in Drupal Login Disable
allows E ...)
+ TODO: check
+CVE-2024-13308 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-13305 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-13304 (Cross-Site Request Forgery (CSRF) vulnerability in Drupal
Minify JS al ...)
+ TODO: check
+CVE-2024-13303 (Missing Authorization vulnerability in Drupal Download All
Files allow ...)
+ TODO: check
+CVE-2024-13302 (Incorrect Authorization vulnerability in Drupal Pages
Restriction Acce ...)
+ TODO: check
+CVE-2024-13301 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-13300 (Vulnerability in Drupal Print Anything.This issue affects
Print Anythi ...)
+ TODO: check
+CVE-2024-13299 (Vulnerability in Drupal Megamenu Framework.This issue affects
Megamenu ...)
+ TODO: check
+CVE-2024-13298 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-13297 (Deserialization of Untrusted Data vulnerability in Drupal
Eloqua allow ...)
+ TODO: check
+CVE-2024-13296 (Deserialization of Untrusted Data vulnerability in Drupal
Mailjet allo ...)
+ TODO: check
+CVE-2024-13295 (Deserialization of Untrusted Data vulnerability in Drupal Node
export ...)
+ TODO: check
+CVE-2024-13294 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-13293 (Cross-Site Request Forgery (CSRF) vulnerability in Drupal POST
File al ...)
+ TODO: check
+CVE-2024-13292 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-13291 (Incorrect Authorization vulnerability in Drupal Basic HTTP
Authenticat ...)
+ TODO: check
+CVE-2024-13290 (Incorrect Authorization vulnerability in Drupal OhDear
Integration all ...)
+ TODO: check
+CVE-2024-13289 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-13288 (Deserialization of Untrusted Data vulnerability in Drupal
Monster Menu ...)
+ TODO: check
+CVE-2024-13287 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-13286 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-13285 (Vulnerability in Drupal wkhtmltopdf.This issue affects
wkhtmltopdf: *. ...)
+ TODO: check
+CVE-2024-13183 (The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable
to Store ...)
+ TODO: check
+CVE-2024-12606 (The AI Scribe \u2013 SEO AI Writer, Content Generator,
Humanizer, Blog ...)
+ TODO: check
+CVE-2024-12473 (The AI Scribe \u2013 SEO AI Writer, Content Generator,
Humanizer, Blog ...)
+ TODO: check
CVE-2025-22827 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin
CVE-2025-22826 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
@@ -1303,7 +1385,7 @@ CVE-2024-8855 (The WordPress Auction Plugin WordPress
plugin through 3.7 does no
NOT-FOR-US: WordPress plugin
CVE-2024-7696 (Seth Fogie, member of AXIS Camera Station Pro Bug Bounty
Program, has ...)
NOT-FOR-US: AXIS Camera Station server
-CVE-2024-55553 (In FRRouting (FRR) before 10.3, it is possible for an attacker
to trig ...)
+CVE-2024-55553 (In FRRouting (FRR) before 10.3 from 6.0 onward, all routes are
re-vali ...)
- frr 10.2.1-1
NOTE: Fixed by:
https://github.com/FRRouting/frr/commit/b0800bfdf04b4fcf48504737ebfe4ba7f05268d3
(master)
NOTE: Fixed by:
https://github.com/FRRouting/frr/commit/410eb0da69214a06350315575ddb332e363b66c6
(frr-10.2.1)
@@ -9835,7 +9917,8 @@ CVE-2024-53125 (In the Linux kernel, the following
vulnerability has been resolv
NOTE:
https://git.kernel.org/linus/e9bd9c498cb0f5843996dbe5cbce7a1836a83c70 (6.12-rc4)
CVE-2024-9404 (Moxa\u2019s IP Cameras are affected by a medium-severity
vulnerability ...)
NOT-FOR-US: Moxa
-CVE-2024-54664 (An issue was discovered in Veritas NetBackup before 10.5. This
only ap ...)
+CVE-2024-54664
+ REJECTED
NOT-FOR-US: Veritas
CVE-2024-54661 (readline.sh in socat before1.8.0.2 relies on the
/tmp/$USER/stderr2 fi ...)
- socat 1.8.0.2-1 (unimportant)
@@ -147735,8 +147818,8 @@ CVE-2023-28356 (A vulnerability has been identified
where a maliciously crafted
NOT-FOR-US: Rocket.Chat
CVE-2023-28355
RESERVED
-CVE-2023-28354
- RESERVED
+CVE-2023-28354 (An issue was discovered in Opsview Monitor Agent 6.8. An
unauthenticat ...)
+ TODO: check
CVE-2023-28353 (An issue was discovered in Faronics Insight 10.0.19045 on
Windows. An ...)
NOT-FOR-US: Faronics Insight
CVE-2023-28352 (An issue was discovered in Faronics Insight 10.0.19045 on
Windows. By ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ec6a5506d63000a29ec50716f29a82686d623fa0
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ec6a5506d63000a29ec50716f29a82686d623fa0
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
