Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1539a9d1 by security tracker role at 2025-01-24T08:12:27+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,49 @@
+CVE-2025-23012 (Fedora Repository 3.8.x includes a service account
(fedoraIntCallUser) ...)
+ TODO: check
+CVE-2025-23011 (Fedora Repository 3.8.1 allows path traversal when extracting
uploaded ...)
+ TODO: check
+CVE-2025-0693 (Variable response times in the AWS Sign-in IAM user login flow
allowed ...)
+ TODO: check
+CVE-2024-57556 (Cross Site Scripting vulnerability in nbubna store v.2.14.2
and before ...)
+ TODO: check
+CVE-2024-57386 (Cross Site Scripting vulnerability in Wallos v.2.41.0 allows a
remote ...)
+ TODO: check
+CVE-2024-57329 (HortusFox v3.9 contains a stored XSS vulnerability in the "Add
Plant" ...)
+ TODO: check
+CVE-2024-57328 (A SQL Injection vulnerability exists in the login form of
Online Food ...)
+ TODO: check
+CVE-2024-57326 (A Reflected Cross-Site Scripting (XSS) vulnerability exists in
the sea ...)
+ TODO: check
+CVE-2024-55573 (An issue was discovered in Centreon centreon-web 24.10.x
before 24.10. ...)
+ TODO: check
+CVE-2024-55195 (An allocation-size-too-big bug in the component /imagebuf.cpp
of OpenI ...)
+ TODO: check
+CVE-2024-55194 (OpenImageIO v3.1.0.0dev was discovered to contain a heap
overflow via ...)
+ TODO: check
+CVE-2024-55193 (OpenImageIO v3.1.0.0dev was discovered to contain a
segmentation viola ...)
+ TODO: check
+CVE-2024-55192 (OpenImageIO v3.1.0.0dev was discovered to contain a heap
overflow via ...)
+ TODO: check
+CVE-2024-53923 (An issue was discovered in Centreon Web 24.10.x before
24.10.3, 24.04. ...)
+ TODO: check
+CVE-2024-53588 (A DLL hijacking vulnerability in iTop VPN v16.0 allows
attackers to ex ...)
+ TODO: check
+CVE-2024-53379 (Heap buffer overflow in the server site handshake
implementation in Re ...)
+ TODO: check
+CVE-2024-50665 (gpac 2.4 contains a SEGV at src/isomedia/drm_sample.c:1562:96
in isom_ ...)
+ TODO: check
+CVE-2024-50664 (gpac 2.4 contains a heap-buffer-overflow at
isomedia/sample_descs.c:17 ...)
+ TODO: check
+CVE-2024-13683 (The Automate Hub Free by Sperse.IO plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2024-13680 (The Form Builder CP plugin for WordPress is vulnerable to SQL
Injectio ...)
+ TODO: check
+CVE-2024-13659 (The Listamester plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
+ TODO: check
+CVE-2023-46401 (KWHotel 0.47 is vulnerable to CSV Formula Injection in the
invoice add ...)
+ TODO: check
+CVE-2023-46400 (KWHotel 0.47 is vulnerable to CSV Formula Injection in the add
guest f ...)
+ TODO: check
CVE-2024-0149
- nvidia-graphics-drivers <unfixed> (bug #1093908)
[bookworm] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
@@ -215,9 +261,9 @@ CVE-2025-0650 (A flaw was found in the Open Virtual Network
(OVN). Specially cra
- ovn <unfixed> (bug #1093884)
NOTE: https://www.openwall.com/lists/oss-security/2025/01/22/5
NOTE:
https://github.com/ovn-org/ovn/commit/249c52ad011cacb4c182dc64e88977ac7c61f668
(v24.09.2)
-CVE-2024-11931
+CVE-2024-11931 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- gitlab <unfixed>
-CVE-2025-0314
+CVE-2025-0314 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- gitlab <unfixed>
CVE-2024-53299 (The request handling in the core in Apache Wicket 7.0.0 on any
platfor ...)
NOT-FOR-US: Apache Wicket
@@ -2470,7 +2516,7 @@ CVE-2018-25108 (An unauthenticated remote attacker can
cause a DoS in the contro
NOT-FOR-US: WAGO
CVE-2025-22976 (SQL Injection vulnerability in dingfanzuCMS v.1.0 allows a
local attac ...)
NOT-FOR-US: dingfanzuCMS
-CVE-2025-22964 (SQL Injection vulnerability in DDSN Net Pty Ltd (DDSN
Interactive) DDS ...)
+CVE-2025-22964 (DDSN Interactive cm3 Acora CMS version 10.1.1 has an
unauthenticated t ...)
NOT-FOR-US: Acora CMS
CVE-2025-22916 (RE11S v1.11 was discovered to contain a stack overflow via the
pppUser ...)
NOT-FOR-US: RE11S
@@ -265810,8 +265856,8 @@ CVE-2021-42720 (Adobe Bridge version 11.1.1 (and
earlier) is affected by an out-
NOT-FOR-US: Adobe
CVE-2021-42719 (Adobe Bridge version 11.1.1 (and earlier) is affected by an
out-of-bou ...)
NOT-FOR-US: Adobe
-CVE-2021-42718
- RESERVED
+CVE-2021-42718 (Information Disclosure in API in Replicated Replicated Classic
version ...)
+ TODO: check
CVE-2021-3894
REJECTED
CVE-2021-42717 (ModSecurity 3.x through 3.0.5 mishandles excessively nested
JSON objec ...)
@@ -297673,7 +297719,7 @@ CVE-2021-30747
CVE-2021-30746 (An out-of-bounds read was addressed with improved input
validation. Th ...)
NOT-FOR-US: Apple
CVE-2021-30745
- RESERVED
+ REJECTED
CVE-2021-30744 (Description: A cross-origin issue with iframe elements was
addressed w ...)
{DSA-4945-1}
- webkit2gtk 2.32.3-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1539a9d189c00e99fcb22c70b496d9cf87b463d1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1539a9d189c00e99fcb22c70b496d9cf87b463d1
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
