[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Thu, 16 Jan 2025 00:12:14 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
bfa0f853 by security tracker role at 2025-01-16T08:11:52+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,85 @@
+CVE-2025-22976 (SQL Injection vulnerability in dingfanzuCMS v.1.0 allows a 
local attac ...)
+       TODO: check
+CVE-2025-22964 (SQL Injection vulnerability in DDSN Net Pty Ltd (DDSN 
Interactive) DDS ...)
+       TODO: check
+CVE-2025-22916 (RE11S v1.11 was discovered to contain a stack overflow via the 
pppUser ...)
+       TODO: check
+CVE-2025-22913 (RE11S v1.11 was discovered to contain a stack overflow via the 
rootAPm ...)
+       TODO: check
+CVE-2025-22912 (RE11S v1.11 was discovered to contain a command injection 
vulnerabilit ...)
+       TODO: check
+CVE-2025-22907 (RE11S v1.11 was discovered to contain a stack overflow via the 
selSSID ...)
+       TODO: check
+CVE-2025-22906 (RE11S v1.11 was discovered to contain a command injection 
vulnerabilit ...)
+       TODO: check
+CVE-2025-22905 (RE11S v1.11 was discovered to contain a command injection 
vulnerabilit ...)
+       TODO: check
+CVE-2025-22904 (RE11S v1.11 was discovered to contain a stack overflow via the 
pptpUse ...)
+       TODO: check
+CVE-2025-0492 (A vulnerability has been found in D-Link DIR-823X 240126/240802 
and cl ...)
+       TODO: check
+CVE-2025-0491 (A vulnerability, which was classified as critical, was found in 
Fanli2 ...)
+       TODO: check
+CVE-2025-0490 (A vulnerability, which was classified as critical, has been 
found in F ...)
+       TODO: check
+CVE-2025-0489 (A vulnerability classified as critical was found in Fanli2012 
native-p ...)
+       TODO: check
+CVE-2025-0488 (A vulnerability classified as critical has been found in 
Fanli2012 nat ...)
+       TODO: check
+CVE-2025-0487 (A vulnerability was found in Fanli2012 native-php-cms 1.0. It 
has been ...)
+       TODO: check
+CVE-2025-0486 (A vulnerability was found in Fanli2012 native-php-cms 1.0. It 
has been ...)
+       TODO: check
+CVE-2025-0476 (Mattermost Mobile Apps versions <=2.22.0 fail to properly 
handle speci ...)
+       TODO: check
+CVE-2025-0457 (The airPASS from NetVision Information has an OS Command 
Injection vul ...)
+       TODO: check
+CVE-2025-0456 (The airPASS from NetVision Information has a Missing 
Authentication vu ...)
+       TODO: check
+CVE-2025-0455 (The airPASS from NetVision Information has a SQL Injection 
vulnerabili ...)
+       TODO: check
+CVE-2025-0215 (The UpdraftPlus: WP Backup & Migration Plugin plugin for 
WordPress is  ...)
+       TODO: check
+CVE-2025-0170 (The DWT - Directory & Listing WordPress Theme is vulnerable to 
Reflect ...)
+       TODO: check
+CVE-2024-57728 (SimpleHelp remote support software v5.5.7 and before allows 
admin user ...)
+       TODO: check
+CVE-2024-57727 (SimpleHelp remote support software v5.5.7 and before is 
vulnerable to  ...)
+       TODO: check
+CVE-2024-57726 (SimpleHelp remote support software v5.5.7 and before has a 
vulnerabili ...)
+       TODO: check
+CVE-2024-55503 (An issue in termius before v.9.9.0 allows a local attacker to 
execute  ...)
+       TODO: check
+CVE-2024-53407 (In Phiewer 4.1.0, a dylib injection leads to Command Execution 
which a ...)
+       TODO: check
+CVE-2024-48126 (HI-SCAN 6040i Hitrax HX-03-19-I was discovered to contain 
hardcoded cr ...)
+       TODO: check
+CVE-2024-48125 (An issue in the AsDB service of HI-SCAN 6040i Hitrax 
HX-03-19-I allows ...)
+       TODO: check
+CVE-2024-48123 (An issue in the USB Autorun function of HI-SCAN 6040i Hitrax 
HX-03-19- ...)
+       TODO: check
+CVE-2024-48122 (Insecure default configurations in HI-SCAN 6040i Hitrax 
HX-03-19-I all ...)
+       TODO: check
+CVE-2024-48121 (The HI-SCAN 6040i Hitrax HX-03-19-I was discovered to transmit 
user cr ...)
+       TODO: check
+CVE-2024-41454 (An arbitrary file upload vulnerability in the UI login page 
logo uploa ...)
+       TODO: check
+CVE-2024-41453 (A cross-site scripting (XSS) vulnerability in Process Maker 
pm4core-do ...)
+       TODO: check
+CVE-2024-39967 (Insecure permissions in Aginode GigaSwitch v5 allows attackers 
to acce ...)
+       TODO: check
+CVE-2024-36751 (An issue in parse-uri v1.0.9 allows attackers to cause a 
Regular expre ...)
+       TODO: check
+CVE-2024-12226 (In affected versions of the Octopus Kubernetes worker or 
agent, sensit ...)
+       TODO: check
+CVE-2024-11452 (The Chamber Dashboard Business Directory plugin for WordPress 
is vulne ...)
+       TODO: check
+CVE-2024-10970 (The The Motors \u2013 Car Dealer, Classifieds & Listing plugin 
for Wor ...)
+       TODO: check
+CVE-2024-10789 (The WP User Profile Avatar plugin for WordPress is vulnerable 
to Cross ...)
+       TODO: check
+CVE-2024-10401
+       REJECTED
 CVE-2025-23040 (GitHub Desktop is an open-source Electron-based GitHub app 
designed fo ...)
        TODO: check
 CVE-2025-22968 (An issue in D-Link DWR-M972V 1.05SSG allows a remote attacker 
to execu ...)
@@ -17476,7 +17558,7 @@ CVE-2024-5919 (A blind XML External Entities (XXE) 
injection vulnerability in th
        NOT-FOR-US: Palo Alto Networks PAN-OS
 CVE-2024-5918 (An improper certificate validation vulnerability in Palo Alto 
Networks ...)
        NOT-FOR-US: Palo Alto Networks PAN-OS
-CVE-2024-5917 (A server-side request forgery in PAN-OS software enables an 
unauthenti ...)
+CVE-2024-5917 (A server-side request forgery in PAN-OS software enables an 
authentica ...)
        NOT-FOR-US: Palo Alto Networks PAN-OS
 CVE-2024-5125 (parisneo/lollms-webui version 9.6 is vulnerable to Cross-Site 
Scriptin ...)
        NOT-FOR-US: parisneo/lollms-webui
@@ -258847,7 +258929,7 @@ CVE-2022-21385 (A flaw in net_rds_alloc_sgs() in 
Oracle Linux kernels allows unp
        - linux 4.19.37-1
        NOTE: 
https://git.kernel.org/linus/ea010070d0a7497253d5a6f919f6dd107450b31a (4.20)
 CVE-2022-21384
-       RESERVED
+       REJECTED
 CVE-2022-21383 (Vulnerability in the Oracle Enterprise Session Border 
Controller produ ...)
        NOT-FOR-US: Oracle
 CVE-2022-21382 (Vulnerability in the Oracle Enterprise Session Border 
Controller produ ...)
@@ -282341,9 +282423,9 @@ CVE-2021-35687 (Vulnerability in the Oracle Financial 
Services Analytical Applic
 CVE-2021-35686 (Vulnerability in the Oracle Financial Services Analytical 
Applications ...)
        NOT-FOR-US: Oracle
 CVE-2021-35685
-       RESERVED
+       REJECTED
 CVE-2021-35684
-       RESERVED
+       REJECTED
 CVE-2021-35683 (Vulnerability in the Oracle Essbase Administration Services 
product of ...)
        NOT-FOR-US: Oracle
 CVE-2021-35682



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bfa0f8530b02e1d210bccf0e762302ba8613aaf4

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bfa0f8530b02e1d210bccf0e762302ba8613aaf4
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to