Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f17bfe2b by security tracker role at 2025-01-11T08:11:57+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,211 @@
+CVE-2025-23113 (An issue was discovered in REDCap 14.9.6. It has an
action=myprojects& ...)
+ TODO: check
+CVE-2025-23112 (An issue was discovered in REDCap 14.9.6. A stored cross-site
scriptin ...)
+ TODO: check
+CVE-2025-23111 (An issue was discovered in REDCap 14.9.6. It allows HTML
Injection via ...)
+ TODO: check
+CVE-2025-23110 (An issue was discovered in REDCap 14.9.6. A Reflected
cross-site scrip ...)
+ TODO: check
+CVE-2025-23109 (Long hostnames in URLs could be leveraged to obscure the
actual host o ...)
+ TODO: check
+CVE-2025-23108 (Opening Javascript links in a new tab via long-press in the
Firefox iO ...)
+ TODO: check
+CVE-2025-23079 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2025-23078 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2025-23022 (FreeType 2.8.1 has a signed integer overflow in cf2_doFlex in
cff/cf2i ...)
+ TODO: check
+CVE-2025-23016 (FastCGI fcgi2 (aka fcgi) 2.x through 2.4.4 has an integer
overflow (an ...)
+ TODO: check
+CVE-2025-22949 (Tenda ac9 v1.0 firmware v15.03.05.19 is vulnerable to command
injectio ...)
+ TODO: check
+CVE-2025-22946 (Tenda ac9 v1.0 firmware v15.03.05.19 contains a stack overflow
vulnera ...)
+ TODO: check
+CVE-2025-22600 (WeGIA is a web manager for charitable institutions. A
Reflected Cross- ...)
+ TODO: check
+CVE-2025-22599 (WeGIA is a web manager for charitable institutions. A
Reflected Cross- ...)
+ TODO: check
+CVE-2025-22598 (WeGIA is a web manager for charitable institutions. A Stored
Cross-Sit ...)
+ TODO: check
+CVE-2025-22597 (WeGIA is a web manager for charitable institutions. A Stored
Cross-Sit ...)
+ TODO: check
+CVE-2025-22596 (WeGIA is a web manager for charitable institutions. A
Reflected Cross- ...)
+ TODO: check
+CVE-2025-22152 (Atheos is a self-hosted browser-based cloud IDE. Prior to
v600, the $p ...)
+ TODO: check
+CVE-2025-0390 (A vulnerability classified as critical was found in Guangzhou
Huayi In ...)
+ TODO: check
+CVE-2025-0107 (An OS command injection vulnerability in Palo Alto Networks
Expedition ...)
+ TODO: check
+CVE-2025-0106 (A wildcard expansion vulnerability in Palo Alto Networks
Expedition al ...)
+ TODO: check
+CVE-2025-0105 (An arbitrary file deletion vulnerability in Palo Alto Networks
Expedit ...)
+ TODO: check
+CVE-2025-0104 (A reflected cross-site scripting (XSS) vulnerability in Palo
Alto Netw ...)
+ TODO: check
+CVE-2025-0103 (An SQL injection vulnerability in Palo Alto Networks Expedition
enable ...)
+ TODO: check
+CVE-2024-9188 (Specially constructed queries cause cross platform scripting
leaking a ...)
+ TODO: check
+CVE-2024-9134 (Multiple SQL Injection vulnerabilities exist in the reporting
applicat ...)
+ TODO: check
+CVE-2024-9133 (A user with administrator privileges is able to retrieve
authenticatio ...)
+ TODO: check
+CVE-2024-9132 (The administrator is able to configure an insecure captive
portal scri ...)
+ TODO: check
+CVE-2024-9131 (A user with administrator privileges can perform command
injection)
+ TODO: check
+CVE-2024-7142 (On Arista CloudVision Appliance (CVA) affected releases running
on app ...)
+ TODO: check
+CVE-2024-7095 (On affected platforms running Arista EOS with SNMP configured,
if \u20 ...)
+ TODO: check
+CVE-2024-6880 (During MegaBIP installation process, a user is encouraged to
change a ...)
+ TODO: check
+CVE-2024-6662 (Websites managed by MegaBIP in versions below 5.15 are
vulnerable to C ...)
+ TODO: check
+CVE-2024-6437 (On affected platforms running Arista EOS with one of the
following fea ...)
+ TODO: check
+CVE-2024-5872 (On affected platforms running Arista EOS, a specially crafted
packet w ...)
+ TODO: check
+CVE-2024-57823 (In Raptor RDF Syntax Library through 2.0.16, there is an
integer under ...)
+ TODO: check
+CVE-2024-57822 (In Raptor RDF Syntax Library through 2.0.16, there is a
heap-based buf ...)
+ TODO: check
+CVE-2024-57687 (An OS Command Injection vulnerability was found in
/landrecordsys/admi ...)
+ TODO: check
+CVE-2024-57686 (A Cross Site Scripting (XSS) vulnerability was found in
/landrecordsys ...)
+ TODO: check
+CVE-2024-57228 (Linksys E7350 1.1.00.032 was discovered to contain a command
injection ...)
+ TODO: check
+CVE-2024-57227 (Linksys E7350 1.1.00.032 was discovered to contain a command
injection ...)
+ TODO: check
+CVE-2024-57226 (Linksys E7350 1.1.00.032 was discovered to contain a command
injection ...)
+ TODO: check
+CVE-2024-57225 (Linksys E7350 1.1.00.032 was discovered to contain a command
injection ...)
+ TODO: check
+CVE-2024-57224 (Linksys E7350 1.1.00.032 was discovered to contain a command
injection ...)
+ TODO: check
+CVE-2024-57223 (Linksys E7350 1.1.00.032 was discovered to contain a command
injection ...)
+ TODO: check
+CVE-2024-57222 (Linksys E7350 1.1.00.032 was discovered to contain a command
injection ...)
+ TODO: check
+CVE-2024-57214 (TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to
contain a comm ...)
+ TODO: check
+CVE-2024-57213 (TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to
contain a comm ...)
+ TODO: check
+CVE-2024-57212 (TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to
contain a comm ...)
+ TODO: check
+CVE-2024-57211 (TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to
contain a comm ...)
+ TODO: check
+CVE-2024-56511 (DataEase is an open source data visualization analysis tool.
Prior to ...)
+ TODO: check
+CVE-2024-54998 (MonicaHQ v4.1.2 was discovered to contain an authenticated
Client-Side ...)
+ TODO: check
+CVE-2024-54997 (MonicaHQ v4.1.1 was discovered to contain an authenticated
Client-Side ...)
+ TODO: check
+CVE-2024-54996 (MonicaHQ v4.1.2 was discovered to contain multiple
authenticated Clien ...)
+ TODO: check
+CVE-2024-54994 (MonicaHQ v4.1.2 was discovered to contain multiple Client-Side
Injecti ...)
+ TODO: check
+CVE-2024-54910 (Hasleo Backup Suite Free v4.9.4 and before is vulnerable to
Insecure P ...)
+ TODO: check
+CVE-2024-54849 (An issue in CP Plus CP-VNR-3104 B3223P22C02424 allows
attackers to obt ...)
+ TODO: check
+CVE-2024-54848 (Improper handling and storage of certificates in CP Plus
CP-VNR-3104 B ...)
+ TODO: check
+CVE-2024-54847 (An issue in CP Plus CP-VNR-3104 B3223P22C02424 allows
attackers to acc ...)
+ TODO: check
+CVE-2024-54846 (An issue in CP Plus CP-VNR-3104 B3223P22C02424 allows
attackers to obt ...)
+ TODO: check
+CVE-2024-54687 (Vtiger CRM v.6.1 and before is vulnerable to Cross Site
Scripting (XSS ...)
+ TODO: check
+CVE-2024-50807 (Trippo Responsive Filemanager 9.14.0 is vulnerable to Cross
Site Scrip ...)
+ TODO: check
+CVE-2024-47520 (A user with advanced report application access rights can
perform acti ...)
+ TODO: check
+CVE-2024-47519 (Backup uploads to ETM subject to man-in-the-middle
interception)
+ TODO: check
+CVE-2024-47518 (Specially constructed queries targeting ETM could discover
active remo ...)
+ TODO: check
+CVE-2024-47517 (Expired and unusable administrator authentication tokens can
be reveal ...)
+ TODO: check
+CVE-2024-46210 (An arbitrary file upload vulnerability in the MediaPool module
of Reda ...)
+ TODO: check
+CVE-2024-42175 (HCL MyXalytics is affected by a weak input validation
vulnerability. ...)
+ TODO: check
+CVE-2024-42174 (HCL MyXalytics is affected by username enumeration
vulnerability. Thi ...)
+ TODO: check
+CVE-2024-42173 (HCL MyXalytics is affected by an improper password policy
implementati ...)
+ TODO: check
+CVE-2024-42172 (HCL MyXalytics is affected by broken authentication. It
allows attack ...)
+ TODO: check
+CVE-2024-42171 (HCL MyXalytics is affected by a session fixation
vulnerability. Cyber ...)
+ TODO: check
+CVE-2024-42170 (HCL MyXalytics is affected by a session fixation
vulnerability. Cyber ...)
+ TODO: check
+CVE-2024-42169 (HCL MyXalytics is affected by insecure direct object
references. It o ...)
+ TODO: check
+CVE-2024-42168 (HCL MyXalytics is affected by out-of-band resource load (HTTP)
vulnera ...)
+ TODO: check
+CVE-2024-41787 (IBM Engineering Requirements Management DOORS Next 7.0.2 and
7.0.3 cou ...)
+ TODO: check
+CVE-2024-33299 (Cross Site Scripting vulnerability in Microweber v.2.0.9
allows a remo ...)
+ TODO: check
+CVE-2024-33298 (Microweber Cross Site Scripting vulnerability in Microweber
v.2.0.9 al ...)
+ TODO: check
+CVE-2024-33297 (Cross Site Scripting vulnerability in Microweber v.2.0.9
allows a remo ...)
+ TODO: check
+CVE-2024-29971 (Scontain SCONE 5.8.0 has an interface vulnerability that leads
to stat ...)
+ TODO: check
+CVE-2024-29970 (Fortanix Enclave OS 3.36.1941-EM has an interface
vulnerability that l ...)
+ TODO: check
+CVE-2024-25371 (Gramine before a390e33e16ed374a40de2344562a937f289be2e1
suffers from a ...)
+ TODO: check
+CVE-2024-13318 (The Essential WP Real Estate plugin for WordPress is
vulnerable to una ...)
+ TODO: check
+CVE-2024-12877 (The GiveWP \u2013 Donation Plugin and Fundraising Platform
plugin for ...)
+ TODO: check
+CVE-2024-12847 (NETGEAR DGN1000 before 1.1.00.48 is vulnerable to an
authentication by ...)
+ TODO: check
+CVE-2024-12627 (The Coupon X: Discount Pop Up, Promo Code Pop Ups,
Announcement Pop Up ...)
+ TODO: check
+CVE-2024-12587 (The Contact Form Master WordPress plugin through 1.0.7 does
not sanit ...)
+ TODO: check
+CVE-2024-12527 (The Perfect Portal Widgets plugin for WordPress is vulnerable
to Store ...)
+ TODO: check
+CVE-2024-12520 (The Dominion \u2013 Domain Checker for WPBakery plugin for
WordPress i ...)
+ TODO: check
+CVE-2024-12519 (The TCBD Auto Refresher plugin for WordPress is vulnerable to
Stored C ...)
+ TODO: check
+CVE-2024-12505 (The Trackserver plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
+ TODO: check
+CVE-2024-12472 (The Post Duplicator plugin for WordPress is vulnerable to
Information ...)
+ TODO: check
+CVE-2024-12412 (The Rental and Booking Manager for Bike, Car, Dress, Resort
with WooCo ...)
+ TODO: check
+CVE-2024-12407 (The Push Notification for Post and BuddyPress plugin for
WordPress is ...)
+ TODO: check
+CVE-2024-12404 (The CF Internal Link Shortcode plugin for WordPress is
vulnerable to S ...)
+ TODO: check
+CVE-2024-12304 (The Gutenberg Blocks with AI by Kadence WP \u2013 Page Builder
Feature ...)
+ TODO: check
+CVE-2024-12204 (The Coupon X: Discount Pop Up, Promo Code Pop Ups,
Announcement Pop Up ...)
+ TODO: check
+CVE-2024-12116 (The Unlimited Theme Addon For Elementor and WooCommerce plugin
for Wor ...)
+ TODO: check
+CVE-2024-11915 (The RRAddons for Elementor plugin for WordPress is vulnerable
to Infor ...)
+ TODO: check
+CVE-2024-11892 (The Accordion Slider Lite plugin for WordPress is vulnerable
to Stored ...)
+ TODO: check
+CVE-2024-11874 (The Grid Accordion Lite plugin for WordPress is vulnerable to
Stored C ...)
+ TODO: check
+CVE-2024-11758 (The WP SPID Italia plugin for WordPress is vulnerable to
Stored Cross- ...)
+ TODO: check
+CVE-2024-11386 (The GatorMail SmartForms plugin for WordPress is vulnerable to
Stored ...)
+ TODO: check
+CVE-2024-11327 (The ClickWhale \u2013 Link Manager, Link Shortener and Click
Tracker f ...)
+ TODO: check
CVE-2025-21385 (A Server-Side Request Forgery (SSRF) vulnerability in
Microsoft Purvie ...)
NOT-FOR-US: Microsoft
CVE-2025-21380 (Improper access control in Azure SaaS Resources allows an
authorized a ...)
@@ -1297,7 +1505,7 @@ CVE-2025-0247 (Memory safety bugs present in Firefox 133
and Thunderbird 133. So
- firefox 134.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-01/#CVE-2025-0247
CVE-2025-0243 (Memory safety bugs present in Firefox 133, Thunderbird 133,
Firefox ES ...)
- {DSA-5839-1}
+ {DSA-5841-1 DSA-5839-1}
- firefox 134.0-1
- firefox-esr 128.6.0esr-1
- thunderbird 1:128.6.0esr-1
@@ -1305,7 +1513,7 @@ CVE-2025-0243 (Memory safety bugs present in Firefox 133,
Thunderbird 133, Firef
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/#CVE-2025-0243
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-05/#CVE-2025-0243
CVE-2025-0242 (Memory safety bugs present in Firefox 133, Thunderbird 133,
Firefox ES ...)
- {DSA-5839-1}
+ {DSA-5841-1 DSA-5839-1}
- firefox 134.0-1
- firefox-esr 128.6.0esr-1
- thunderbird 1:128.6.0esr-1
@@ -1313,7 +1521,7 @@ CVE-2025-0242 (Memory safety bugs present in Firefox 133,
Thunderbird 133, Firef
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/#CVE-2025-0242
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-05/#CVE-2025-0242
CVE-2025-0241 (When segmenting specially crafted text, segmentation would
corrupt mem ...)
- {DSA-5839-1}
+ {DSA-5841-1 DSA-5839-1}
- firefox 134.0-1
- firefox-esr 128.6.0esr-1
- thunderbird 1:128.6.0esr-1
@@ -1321,7 +1529,7 @@ CVE-2025-0241 (When segmenting specially crafted text,
segmentation would corrup
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/#CVE-2025-0241
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-05/#CVE-2025-0241
CVE-2025-0240 (Parsing a JavaScript module as JSON could, under some
circumstances, c ...)
- {DSA-5839-1}
+ {DSA-5841-1 DSA-5839-1}
- firefox 134.0-1
- firefox-esr 128.6.0esr-1
- thunderbird 1:128.6.0esr-1
@@ -1329,7 +1537,7 @@ CVE-2025-0240 (Parsing a JavaScript module as JSON could,
under some circumstanc
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/#CVE-2025-0240
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-05/#CVE-2025-0240
CVE-2025-0239 (When using Alt-Svc, ALPN did not properly validate certificates
when t ...)
- {DSA-5839-1}
+ {DSA-5841-1 DSA-5839-1}
- firefox 134.0-1
- firefox-esr 128.6.0esr-1
- thunderbird 1:128.6.0esr-1
@@ -1337,7 +1545,7 @@ CVE-2025-0239 (When using Alt-Svc, ALPN did not properly
validate certificates w
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/#CVE-2025-0239
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-05/#CVE-2025-0239
CVE-2025-0238 (Assuming a controlled failed memory allocation, an attacker
could have ...)
- {DSA-5839-1}
+ {DSA-5841-1 DSA-5839-1}
- firefox 134.0-1
- firefox-esr 128.6.0esr-1
- thunderbird 1:128.6.0esr-1
@@ -1345,7 +1553,7 @@ CVE-2025-0238 (Assuming a controlled failed memory
allocation, an attacker could
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/#CVE-2025-0238
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-05/#CVE-2025-0238
CVE-2025-0237 (The WebChannel API, which is used to transport various
information acr ...)
- {DSA-5839-1}
+ {DSA-5841-1 DSA-5839-1}
- firefox 134.0-1
- firefox-esr 128.6.0esr-1
- thunderbird 1:128.6.0esr-1
@@ -4990,9 +5198,9 @@ CVE-2024-56313 (A stored cross-site scripting (XSS)
vulnerability in the Calenda
NOT-FOR-US: REDCap
CVE-2024-56312 (A stored cross-site scripting (XSS) vulnerability in the
Project Dashb ...)
NOT-FOR-US: REDCap
-CVE-2024-56311 (REDCap through 15.0.0 has a security flaw in the Notes section
of cale ...)
+CVE-2024-56311 (REDCap through 14.9.6 has a security flaw in the Notes section
of cale ...)
NOT-FOR-US: REDCap
-CVE-2024-56310 (REDCap through 15.0.0 has a security flaw in the Project
Dashboards na ...)
+CVE-2024-56310 (REDCap through 14.9.6 has a security flaw in the Project
Dashboards na ...)
NOT-FOR-US: REDCap
CVE-2024-54082 (home 5G HR02 and Wi-Fi STATION SH-54C contain an OS command
injection ...)
NOT-FOR-US: Sharp
@@ -5312,9 +5520,9 @@ CVE-2024-54150 (cjwt is a C JSON Web Token (JWT)
Implementation. Algorithm confu
NOT-FOR-US: cjwt
CVE-2024-53991 (Discourse is an open source platform for community discussion.
This vu ...)
NOT-FOR-US: Discourse
-CVE-2024-52897 (IBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTSweb console could
allow a ...)
+CVE-2024-52897 (IBM MQ 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web
console could ...)
NOT-FOR-US: IBM
-CVE-2024-52896 (IBM MQ Appliance 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web
console coul ...)
+CVE-2024-52896 (IBM MQ 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web
console could ...)
NOT-FOR-US: IBM
CVE-2024-52794 (Discourse is an open source platform for community discussion.
Users c ...)
NOT-FOR-US: Discourse
@@ -16137,6 +16345,7 @@ CVE-2024-50557 (A vulnerability has been identified in
RUGGEDCOM RM1224 LTE(4G)
CVE-2024-50386 (Account users in Apache CloudStack by default are allowed to
register ...)
NOT-FOR-US: Apache CloudStack
CVE-2024-50336 (matrix-js-sdk is a Matrix messaging protocol Client-Server SDK
for Jav ...)
+ {DSA-5841-1}
- node-matrix-js-sdk <removed>
- thunderbird 1:128.5.2esr-1
[bullseye] - thunderbird <postponed> (Minor issue; can be fixed in next
update)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f17bfe2b7a8e4256ad035c9a0fde400915540b87
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f17bfe2b7a8e4256ad035c9a0fde400915540b87
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
