Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a3ffdb1f by security tracker role at 2025-01-17T20:11:56+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,95 @@
+CVE-2025-21399 (Microsoft Edge (Chromium-based) Update Elevation of Privilege
Vulnerab ...)
+ TODO: check
+CVE-2025-21185 (Microsoft Edge (Chromium-based) Elevation of Privilege
Vulnerability)
+ TODO: check
+CVE-2025-0537 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2025-0536 (A vulnerability classified as critical was found in 1000
Projects Atte ...)
+ TODO: check
+CVE-2025-0535 (A vulnerability classified as critical has been found in
Codezips Gym ...)
+ TODO: check
+CVE-2025-0534 (A vulnerability was found in 1000 Projects Campaign Management
System ...)
+ TODO: check
+CVE-2025-0533 (A vulnerability was found in 1000 Projects Campaign Management
System ...)
+ TODO: check
+CVE-2025-0532 (A vulnerability was found in Codezips Gym Management System
1.0. It ha ...)
+ TODO: check
+CVE-2025-0531 (A vulnerability was found in code-projects Chat System 1.0 and
classif ...)
+ TODO: check
+CVE-2025-0530 (A vulnerability has been found in code-projects Job Recruitment
1.0 an ...)
+ TODO: check
+CVE-2025-0529 (A vulnerability, which was classified as critical, was found in
code-p ...)
+ TODO: check
+CVE-2025-0528 (A vulnerability, which was classified as critical, has been
found in T ...)
+ TODO: check
+CVE-2025-0527 (A vulnerability classified as critical was found in
code-projects Admi ...)
+ TODO: check
+CVE-2025-0430 (Belledonne Communications Linphone-Desktop is vulnerable to a
NULL D ...)
+ TODO: check
+CVE-2024-57372 (Cross Site Scripting vulnerability in InformationPush master
version a ...)
+ TODO: check
+CVE-2024-57370 (Cross Site Scripting vulnerability in sunnygkp10 Online Exam
System ma ...)
+ TODO: check
+CVE-2024-57369 (Clickjacking vulnerability in typecho v1.2.1.)
+ TODO: check
+CVE-2024-57034 (WeGIA < 3.2.0 is vulnerable to SQL Injection in
query_geracao_auto.php ...)
+ TODO: check
+CVE-2024-57032 (WeGIA < 3.2.0 is vulnerable to Incorrect Access Control in
controle/co ...)
+ TODO: check
+CVE-2024-57031 (WeGIA < 3.2.0 is vulnerable to SQL Injection in
/funcionario/remunerac ...)
+ TODO: check
+CVE-2024-57030 (Wegia < 3.2.0 is vulnerable to Cross Site Scripting (XSS) in
/geral/do ...)
+ TODO: check
+CVE-2024-54681 (Multiple bash files were present in the application's private
director ...)
+ TODO: check
+CVE-2024-53683 (A valid set of credentials in a .js file and a static token
for commu ...)
+ TODO: check
+CVE-2024-52870 (Teradata Vantage Editor 1.0.1 is mostly intended for SQL
database acce ...)
+ TODO: check
+CVE-2024-50967 (The /rest/rights/ REST API endpoint in Becon DATAGerry through
2.2.0 c ...)
+ TODO: check
+CVE-2024-45832 (Hard-coded credentials were included as part of the
application binary ...)
+ TODO: check
+CVE-2024-26157 (All versions of ETIC Telecom Remote Access Server (RAS) prior
to 4.5.0 ...)
+ TODO: check
+CVE-2024-26156 (All versions of ETIC Telecom Remote Access Server (RAS) prior
to 4.5.0 ...)
+ TODO: check
+CVE-2024-26155 (All versions of ETIC Telecom Remote Access Server (RAS) prior
to 4.5.0 ...)
+ TODO: check
+CVE-2024-26154 (All versions of ETIC Telecom Remote Access Server (RAS) prior
to 4.5.0 ...)
+ TODO: check
+CVE-2024-26153 (All versions of ETIC Telecom Remote Access Server (RAS) prior
to 4.9.1 ...)
+ TODO: check
+CVE-2024-13503 (Buffer Copy without Checking Size of Input ('Classic Buffer
Overflow') ...)
+ TODO: check
+CVE-2024-13502 (Improper Neutralization of Special Elements used in an OS
Command ('OS ...)
+ TODO: check
+CVE-2024-13378 (The Gravity Forms plugin for WordPress is vulnerable to Stored
Cross-S ...)
+ TODO: check
+CVE-2024-13377 (The Gravity Forms plugin for WordPress is vulnerable to Stored
Cross-S ...)
+ TODO: check
+CVE-2024-13026 (A vulnerability exists in Algo Edge up to 2.1.1 - a previously
used (l ...)
+ TODO: check
+CVE-2024-12757 (Nedap Librix Ecoreader is missing authentication for
critical functi ...)
+ TODO: check
+CVE-2024-12703 (CWE-502: Deserialization of untrusted data vulnerability
exists that c ...)
+ TODO: check
+CVE-2024-12476 (CWE-611: Improper Restriction of XML External Entity Reference
vulnera ...)
+ TODO: check
+CVE-2024-12399 (CWE-924: Improper Enforcement of Message Integrity During
Transmission ...)
+ TODO: check
+CVE-2024-12370 (The WP Hotel Booking plugin for WordPress is vulnerable to
unauthorize ...)
+ TODO: check
+CVE-2024-12142 (CWE-200: Exposure of Sensitive Information to an Unauthorized
Actor vu ...)
+ TODO: check
+CVE-2024-11425 (CWE-131: Incorrect Calculation of Buffer Size vulnerability
exists tha ...)
+ TODO: check
+CVE-2024-11139 (CWE-119: Improper Restriction of Operations within the Bounds
of a Mem ...)
+ TODO: check
+CVE-2024-10498 (CWE-119: Improper Restriction of Operations within the Bounds
of a Mem ...)
+ TODO: check
+CVE-2024-10497 (CWE-639: Authorization Bypass Through User-Controlled Key
vulnerabilit ...)
+ TODO: check
CVE-2024-7596 [networkmanager: UDP encapsulation protocol excessive trust]
NOT-FOR-US: IP tunnel protocol issue
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2317264
@@ -3838,7 +3930,8 @@ CVE-2025-22132 (WeGIA is a web manager for charitable
institutions. A Cross-Site
NOT-FOR-US: WeGIA
CVE-2025-21603 (Cross-site scripting vulnerability exists in MZK-DP300N
firmware versi ...)
NOT-FOR-US: MZK-DP300N firmware
-CVE-2024-9673 (The Piotnet Addons For Elementor plugin for WordPress is
vulnerable to ...)
+CVE-2024-9673
+ REJECTED
NOT-FOR-US: WordPress plugin
CVE-2024-8002 (A vulnerability has been found in VIWIS LMS 9.11 and classified
as pro ...)
NOT-FOR-US: VIWIS LMS
@@ -4581,7 +4674,8 @@ CVE-2024-12557 (The Transporters.io plugin for WordPress
is vulnerable to Cross-
NOT-FOR-US: WordPress plugin
CVE-2024-12541 (The Chative Live chat and Chatbot plugin for WordPress is
vulnerable t ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-12540 (The LDD Directory Lite plugin for WordPress is vulnerable to
Reflected ...)
+CVE-2024-12540
+ REJECTED
NOT-FOR-US: WordPress plugin
CVE-2024-12538 (The Duplicate Post, Page and Any Custom Post plugin for
WordPress is v ...)
NOT-FOR-US: WordPress plugin
@@ -4655,7 +4749,8 @@ CVE-2024-12252 (The SEO LAT Auto Post plugin for
WordPress is vulnerable to file
NOT-FOR-US: WordPress plugin
CVE-2024-12214 (The WooCommerce HSS Extension for Streaming Video plugin for
WordPress ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-12208 (The Backup and Restore WordPress \u2013 Backup Plugin plugin
for WordP ...)
+CVE-2024-12208
+ REJECTED
NOT-FOR-US: WordPress plugin
CVE-2024-12207 (The Toggles Shortcode and Widget plugin for WordPress is
vulnerable to ...)
NOT-FOR-US: WordPress plugin
@@ -4677,7 +4772,8 @@ CVE-2024-12140 (The Elementor Addons AI Addons \u2013 70
Widgets, Premium Templa
NOT-FOR-US: WordPress plugin
CVE-2024-12126 (The SEO Keywords plugin for WordPress is vulnerable to
Reflected Cross ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-12124 (The Role Includer plugin for WordPress is vulnerable to
Reflected Cros ...)
+CVE-2024-12124
+ REJECTED
NOT-FOR-US: WordPress plugin
CVE-2024-12098 (The ARS Affiliate Page Plugin plugin for WordPress is
vulnerable to Re ...)
NOT-FOR-US: WordPress plugin
@@ -4687,7 +4783,8 @@ CVE-2024-12073 (The Meteor Slides plugin for WordPress is
vulnerable to Stored C
NOT-FOR-US: WordPress plugin
CVE-2024-12049 (The Woo Ukrposhta plugin for WordPress is vulnerable to
Reflected Cros ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-12022 (The WP Menu Image plugin for WordPress is vulnerable to
unauthorized m ...)
+CVE-2024-12022
+ REJECTED
NOT-FOR-US: WordPress plugin
CVE-2024-11934 (The Formaloo Form Maker & Customer Analytics for WordPress &
WooCommer ...)
NOT-FOR-US: WordPress plugin
@@ -8265,7 +8362,7 @@ CVE-2024-56349 (In JetBrains TeamCity before 2024.12
improper access control all
CVE-2024-56348 (In JetBrains TeamCity before 2024.12 improper access control
allowed v ...)
NOT-FOR-US: JetBrains TeamCity
CVE-2024-56337 (Time-of-check Time-of-use (TOCTOU) Race Condition
vulnerability in Apa ...)
- {DLA-4017-1}
+ {DSA-5845-1 DLA-4017-1}
- tomcat10 10.1.34-1
- tomcat9 9.0.70-2
NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server
stack, using that as the fixed version
@@ -8896,6 +8993,7 @@ CVE-2024-55513 (A vulnerability was found in Raisecom
MSG1200, MSG2100E, MSG2200
CVE-2024-55496 (A vulnerability has been found in the 1000projects Bookstore
Managemen ...)
NOT-FOR-US: 1000projects Bookstore Management System PHP MySQL Project
CVE-2024-54677 (Uncontrolled Resource Consumption vulnerability in the
examples web ap ...)
+ {DSA-5845-1}
- tomcat10 10.1.34-1
- tomcat9 9.0.70-2
[bullseye] - tomcat9 <ignored> (Minor issue)
@@ -8927,7 +9025,7 @@ CVE-2024-52542 (Dell AppSync, version 4.6.0.x, contain a
Symbolic Link (Symlink)
CVE-2024-51479 (Next.js is a React framework for building full-stack web
applications. ...)
NOT-FOR-US: Next.js
CVE-2024-50379 (Time-of-check Time-of-use (TOCTOU) Race Condition
vulnerability during ...)
- {DLA-4017-1}
+ {DSA-5845-1 DLA-4017-1}
- tomcat10 10.1.34-1
- tomcat9 9.0.70-2
NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server
stack, using that as the fixed version
@@ -17518,7 +17616,7 @@ CVE-2024-52317 (Incorrect object re-cycling and re-use
vulnerability in Apache T
NOTE:
https://github.com/apache/tomcat/commit/146f94f87ea398fb592c7a20a5ccbef95e9dd72b
(10.1.31)
NOTE:
https://github.com/apache/tomcat/commit/47307ee27abcdea2ee40e33897aca760083de46a
(9.0.96)
CVE-2024-52316 (Unchecked Error Condition vulnerability in Apache Tomcat. If
Tomcat is ...)
- {DLA-4017-1}
+ {DSA-5845-1 DLA-4017-1}
- tomcat10 10.1.31-1
- tomcat9 9.0.70-2
NOTE: https://lists.apache.org/thread/lopzlqh91jj9n334g02om08sbysdb928
@@ -52764,7 +52862,7 @@ CVE-2024-35234 (Discourse is an open-source discussion
platform. Prior to versio
CVE-2024-35227 (Discourse is an open-source discussion platform. Prior to
version 3.2. ...)
NOT-FOR-US: Discourse
CVE-2024-38286 (Allocation of Resources Without Limits or Throttling
vulnerability in ...)
- {DLA-4017-1}
+ {DSA-5845-1 DLA-4017-1}
- tomcat10 10.1.25-1
- tomcat9 9.0.70-2
NOTE: https://lists.apache.org/thread/wms60cvbsz3fpbz9psxtfx8r41jl6d4s
@@ -52772,6 +52870,7 @@ CVE-2024-38286 (Allocation of Resources Without Limits
or Throttling vulnerabili
NOTE:
https://github.com/apache/tomcat/commit/76c5cce6f0bcef14b0c21c38910371ca7d322d13
(9.0.90)
NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server
stack, using that as the fixed version
CVE-2024-34750 (Improper Handling of Exceptional Conditions, Uncontrolled
Resource Con ...)
+ {DSA-5845-1}
- tomcat10 10.1.25-1
- tomcat9 9.0.70-2
[bullseye] - tomcat9 <postponed> (Minor issue, fixed along in next DSA)
@@ -95561,7 +95660,7 @@ CVE-2024-23126 (A maliciously crafted CATPART file in
CC5Dll.dll when parsed thr
NOT-FOR-US: Autodesk
CVE-2024-23125 (A maliciously crafted SLDPRT file when parsed ODXSW_DLL.dll
through Au ...)
NOT-FOR-US: Autodesk
-CVE-2024-23124 (A maliciously crafted STP file in ASMIMPORT228A.dll when
parsed throug ...)
+CVE-2024-23124 (A maliciously crafted STP file when parsed in
ASMIMPORT228A.dll throug ...)
NOT-FOR-US: Autodesk
CVE-2024-23123 (A maliciously crafted CATPART file, when parsed in CC5Dll.dll
and ASMB ...)
NOT-FOR-US: Autodesk
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a3ffdb1f360f2e9a7b068d0834dc7be16d9ffe90
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a3ffdb1f360f2e9a7b068d0834dc7be16d9ffe90
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
