[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Mon, 13 Jan 2025 12:12:56 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
9ae6ca8f by security tracker role at 2025-01-13T20:12:40+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,103 @@
+CVE-2025-23027 (next-forge is a Next.js project boilerplate for modern web 
application ...)
+       TODO: check
+CVE-2025-23026 (jte (Java Template Engine) is a secure and lightweight 
template engine ...)
+       TODO: check
+CVE-2025-22963 (Teedy through 1.11 allows CSRF for account takeover via POST 
/api/user ...)
+       TODO: check
+CVE-2025-22828 (CloudStack users can add and read comments (annotations) on 
resources  ...)
+       TODO: check
+CVE-2025-22800 (Missing Authorization vulnerability in Post SMTP Post SMTP 
allows Expl ...)
+       TODO: check
+CVE-2025-22777 (Deserialization of Untrusted Data vulnerability in GiveWP 
GiveWP allow ...)
+       TODO: check
+CVE-2025-22588 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-22586 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-22583 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-22576 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-22570 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-22569 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-22568 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-22567 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-22514 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-22506 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-22499 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-22498 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-22344 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-22337 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-22314 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-22144 (NamelessMC is a free, easy to use & powerful website software 
for Mine ...)
+       TODO: check
+CVE-2025-22142 (NamelessMC is a free, easy to use & powerful website software 
for Mine ...)
+       TODO: check
+CVE-2024-6352 (A malformed packet can cause a buffer overflow in the APS layer 
of the ...)
+       TODO: check
+CVE-2024-5743 (An attacker could exploit the 'Use of Password Hash With 
Insufficient  ...)
+       TODO: check
+CVE-2024-57488 (Code-Projects Online Car Rental System 1.0 is vulnerable to 
Cross Site ...)
+       TODO: check
+CVE-2024-57487 (In Code-Projects Online Car Rental System 1.0, the file upload 
feature ...)
+       TODO: check
+CVE-2024-56301 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-56065 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-54999 (MonicaHQ v4.1.2 was discovered to contain a Client-Side 
Injection vuln ...)
+       TODO: check
+CVE-2024-52938 (Kernel software installed and running inside a Guest VM may 
post impro ...)
+       TODO: check
+CVE-2024-52937 (Kernel software installed and running inside a Guest VM may 
exploit me ...)
+       TODO: check
+CVE-2024-52936 (Kernel software installed and running inside a Guest VM may 
post impro ...)
+       TODO: check
+CVE-2024-52935 (Kernel software installed and running inside a Guest VM may 
exploit me ...)
+       TODO: check
+CVE-2024-52333 (An improper array index validation vulnerability exists in the 
determi ...)
+       TODO: check
+CVE-2024-51728
+       REJECTED
+CVE-2024-48883 (An issue was discovered in Samsung Mobile Processor, Wearable 
Processo ...)
+       TODO: check
+CVE-2024-47897 (Software installed and run as a non-privileged user may 
conduct improp ...)
+       TODO: check
+CVE-2024-47895 (Kernel software installed and running inside a Guest VM may 
post impro ...)
+       TODO: check
+CVE-2024-47894 (Kernel software installed and running inside a Guest VM may 
post impro ...)
+       TODO: check
+CVE-2024-47796 (An improper array index validation vulnerability exists in the 
nowindo ...)
+       TODO: check
+CVE-2024-46921 (An issue was discovered in Samsung Mobile Processor and Modem 
Exynos 9 ...)
+       TODO: check
+CVE-2024-46920 (An issue was discovered in Samsung Mobile Processor Exynos 
9820, 9825, ...)
+       TODO: check
+CVE-2024-46919 (An issue was discovered in Samsung Mobile Processor Exynos 
9820, 9825, ...)
+       TODO: check
+CVE-2024-46481 (The login page of Venki Supravizio BPM up to 18.1.1 is 
vulnerable to o ...)
+       TODO: check
+CVE-2024-46480 (An NTLM hash leak in Venki Supravizio BPM up to 18.0.1 allows 
authenti ...)
+       TODO: check
+CVE-2024-46479 (Venki Supravizio BPM through 18.0.1 was discovered to contain 
an arbit ...)
+       TODO: check
+CVE-2024-46310 (Incorrect Access Control in Cfx.re FXServer v9601 and earlier 
allows u ...)
+       TODO: check
+CVE-2024-44771 (BigId PrivacyPortal v179 is vulnerable to Cross Site Scripting 
(XSS) v ...)
+       TODO: check
+CVE-2024-12211 (Pega Platform versions 8.1 to Infinity 24.2.0 are affected by 
an Store ...)
+       TODO: check
 CVE-2025-0412 (Luxion KeyShot Viewer KSP File Parsing Memory Corruption Remote 
Code E ...)
        NOT-FOR-US: Luxion KeyShot Viewer
 CVE-2025-0410 (A vulnerability classified as critical was found in liujianview 
gymxmj ...)
@@ -46660,7 +46760,7 @@ CVE-2024-33181 (Tenda AC18 V15.03.3.10_EN was 
discovered to contain a stack-base
        NOT-FOR-US: Tenda
 CVE-2024-33180 (Tenda AC18 V15.03.3.10_EN was discovered to contain a 
stack-based buff ...)
        NOT-FOR-US: Tenda
-CVE-2024-32861 (Under certain circumstances the Software House C\u25cfCURE 
9000 Site S ...)
+CVE-2024-32861 (Under certain circumstances the impacted Software House 
C\u2022CURE 90 ...)
        NOT-FOR-US: Johnson Controls
 CVE-2024-2691 (The WP Event Manager \u2013 Events Calendar, Registrations, 
Sell Ticke ...)
        NOT-FOR-US: WordPress plugin



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9ae6ca8ff696f45134634f4d167d10b979f31cb4

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9ae6ca8ff696f45134634f4d167d10b979f31cb4
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to