[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Fri, 24 Jan 2025 12:13:55 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
5147f2c1 by security tracker role at 2025-01-24T20:12:16+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,367 @@
+CVE-2025-24756 (Cross-Site Request Forgery (CSRF) vulnerability in mgplugin 
Roi Calcul ...)
+       TODO: check
+CVE-2025-24755 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-24753 (Missing Authorization vulnerability in Kadence WP Gutenberg 
Blocks by  ...)
+       TODO: check
+CVE-2025-24751 (Missing Authorization vulnerability in GoDaddy CoBlocks allows 
Exploit ...)
+       TODO: check
+CVE-2025-24750 (Missing Authorization vulnerability in ExactMetrics 
ExactMetrics allow ...)
+       TODO: check
+CVE-2025-24746 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-24739 (Cross-Site Request Forgery (CSRF) vulnerability in FluentSMTP 
& WPMana ...)
+       TODO: check
+CVE-2025-24738 (Cross-Site Request Forgery (CSRF) vulnerability in 
NowButtons.com Call ...)
+       TODO: check
+CVE-2025-24736 (Missing Authorization vulnerability in Metaphor Creations Post 
Duplica ...)
+       TODO: check
+CVE-2025-24733 (Improper Control of Filename for Include/Require Statement in 
PHP Prog ...)
+       TODO: check
+CVE-2025-24732 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-24731 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-24730 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-24729 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-24728 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+       TODO: check
+CVE-2025-24727 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-24726 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-24725 (Missing Authorization vulnerability in ThimPress Thim 
Elementor Kit al ...)
+       TODO: check
+CVE-2025-24724 (Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company 
Side Me ...)
+       TODO: check
+CVE-2025-24723 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-24722 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-24721 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-24720 (Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company 
Sticky  ...)
+       TODO: check
+CVE-2025-24719 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-24717 (Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company 
Modal W ...)
+       TODO: check
+CVE-2025-24716 (Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company 
Herd Ef ...)
+       TODO: check
+CVE-2025-24715 (Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company 
Counter ...)
+       TODO: check
+CVE-2025-24714 (Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company 
Bubble  ...)
+       TODO: check
+CVE-2025-24713 (Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company 
Button  ...)
+       TODO: check
+CVE-2025-24712 (Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme 
Radius  ...)
+       TODO: check
+CVE-2025-24711 (Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company 
Popup B ...)
+       TODO: check
+CVE-2025-24709 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-24706 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-24705 (Missing Authorization vulnerability in Arshid WooCommerce 
Quick View a ...)
+       TODO: check
+CVE-2025-24704 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-24703 (Server-Side Request Forgery (SSRF) vulnerability in DLX 
Plugins Commen ...)
+       TODO: check
+CVE-2025-24702 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-24701 (Server-Side Request Forgery (SSRF) vulnerability in Kiboko 
Labs Chaine ...)
+       TODO: check
+CVE-2025-24698 (Cross-Site Request Forgery (CSRF) vulnerability in G5Theme 
Essential R ...)
+       TODO: check
+CVE-2025-24696 (Cross-Site Request Forgery (CSRF) vulnerability in WP Attire 
Attire Bl ...)
+       TODO: check
+CVE-2025-24695 (Server-Side Request Forgery (SSRF) vulnerability in HasThemes 
Extensio ...)
+       TODO: check
+CVE-2025-24693 (Missing Authorization vulnerability in Yehi Advanced 
Notifications all ...)
+       TODO: check
+CVE-2025-24691 (Missing Authorization vulnerability in Gagan Sandhu , Enej 
Bajgoric ,  ...)
+       TODO: check
+CVE-2025-24687 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-24683 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+       TODO: check
+CVE-2025-24682 (Missing Authorization vulnerability in mikemmx Super Block 
Slider allo ...)
+       TODO: check
+CVE-2025-24681 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-24679 (Missing Authorization vulnerability in webraketen Internal 
Links Manag ...)
+       TODO: check
+CVE-2025-24678 (Improper Neutralization of Script-Related HTML Tags in a Web 
Page (Bas ...)
+       TODO: check
+CVE-2025-24675 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-24674 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-24673 (Improper Neutralization of Script-Related HTML Tags in a Web 
Page (Bas ...)
+       TODO: check
+CVE-2025-24672 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+       TODO: check
+CVE-2025-24669 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+       TODO: check
+CVE-2025-24668 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-24666 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-24663 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+       TODO: check
+CVE-2025-24659 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+       TODO: check
+CVE-2025-24658 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-24657 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-24652 (Missing Authorization vulnerability in Revmakx WP Duplicate 
\u2013 Wor ...)
+       TODO: check
+CVE-2025-24650 (Unrestricted Upload of File with Dangerous Type vulnerability 
in Theme ...)
+       TODO: check
+CVE-2025-24649 (Missing Authorization vulnerability in wpase.com Admin and 
Site Enhanc ...)
+       TODO: check
+CVE-2025-24647 (Cross-Site Request Forgery (CSRF) vulnerability in 
datafeedr.com WooCo ...)
+       TODO: check
+CVE-2025-24644 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-24638 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-24636 (Cross-Site Request Forgery (CSRF) vulnerability in Laymance 
Technologi ...)
+       TODO: check
+CVE-2025-24634 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-24633 (Missing Authorization vulnerability in silverplugins217 Build 
Private  ...)
+       TODO: check
+CVE-2025-24627 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-24625 (Missing Authorization vulnerability in Marco Almeida | 
Webdados Taxono ...)
+       TODO: check
+CVE-2025-24623 (Cross-Site Request Forgery (CSRF) vulnerability in Really 
Simple Secur ...)
+       TODO: check
+CVE-2025-24622 (Cross-Site Request Forgery (CSRF) vulnerability in PickPlugins 
Job Boa ...)
+       TODO: check
+CVE-2025-24618 (Missing Authorization vulnerability in ElementInvader 
ElementInvader A ...)
+       TODO: check
+CVE-2025-24613 (Missing Authorization vulnerability in Foliovision FV 
Thoughtful Comme ...)
+       TODO: check
+CVE-2025-24611 (Improper Limitation of a Pathname to a Restricted Directory 
('Path Tra ...)
+       TODO: check
+CVE-2025-24610 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-24604 (Missing Authorization vulnerability in Vikas Ratudi VForm 
allows Explo ...)
+       TODO: check
+CVE-2025-24596 (Missing Authorization vulnerability in WC Product Table 
WooCommerce Pr ...)
+       TODO: check
+CVE-2025-24595 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-24594 (Missing Authorization vulnerability in Speedcomp Linet 
ERP-Woocommerce ...)
+       TODO: check
+CVE-2025-24591 (Missing Authorization vulnerability in NinjaTeam GDPR CCPA 
Compliance  ...)
+       TODO: check
+CVE-2025-24589 (Missing Authorization vulnerability in JS Morisset JSM Show 
Post Metad ...)
+       TODO: check
+CVE-2025-24588 (Missing Authorization vulnerability in Patreon Patreon 
WordPress allow ...)
+       TODO: check
+CVE-2025-24587 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+       TODO: check
+CVE-2025-24585 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-24582 (Insertion of Sensitive Information Into Sent Data 
vulnerability in Cod ...)
+       TODO: check
+CVE-2025-24580 (Missing Authorization vulnerability in Code for Recovery 12 
Step Meeti ...)
+       TODO: check
+CVE-2025-24579 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-24578 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-24575 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-24573 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-24572 (Cross-Site Request Forgery (CSRF) vulnerability in Epsiloncool 
WP Fast ...)
+       TODO: check
+CVE-2025-24571 (Missing Authorization vulnerability in Epsiloncool WP Fast 
Total Searc ...)
+       TODO: check
+CVE-2025-24570 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-24568 (Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm 
Force St ...)
+       TODO: check
+CVE-2025-24562 (Cross-Site Request Forgery (CSRF) vulnerability in Optimal 
Access Inc. ...)
+       TODO: check
+CVE-2025-24561 (Cross-Site Request Forgery (CSRF) vulnerability in ReviewsTap 
ReviewsT ...)
+       TODO: check
+CVE-2025-24555 (Cross-Site Request Forgery (CSRF) vulnerability in 
SubscriptionDNA.com ...)
+       TODO: check
+CVE-2025-24552 (Generation of Error Message Containing Sensitive Information 
vulnerabi ...)
+       TODO: check
+CVE-2025-24547 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-24546 (Cross-Site Request Forgery (CSRF) vulnerability in RSTheme 
Ultimate Co ...)
+       TODO: check
+CVE-2025-24543 (Cross-Site Request Forgery (CSRF) vulnerability in RSTheme 
Ultimate Co ...)
+       TODO: check
+CVE-2025-24542 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-24363 (The HL7 FHIR IG publisher is a tool to take a set of inputs 
and create ...)
+       TODO: check
+CVE-2025-24362 (In some circumstances, debug artifacts uploaded by the CodeQL 
Action a ...)
+       TODO: check
+CVE-2025-24359 (ASTEVAL is an evaluator of Python expressions and statements. 
Prior to ...)
+       TODO: check
+CVE-2025-24355 (Updatecli is a tool used to apply file update strategies. 
Prior to ver ...)
+       TODO: check
+CVE-2025-24025 (Coolify is an open-source and self-hostable tool for managing 
servers, ...)
+       TODO: check
+CVE-2025-23991 (Missing Authorization vulnerability in theDotstore Product 
Size Charts ...)
+       TODO: check
+CVE-2025-23889 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-23888 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-23885 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-23839 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-23838 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-23837 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-23737 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-23734 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-23711 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-23622 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-23621 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-23522 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-23427 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-23422 (Improper Limitation of a Pathname to a Restricted Directory 
('Path Tra ...)
+       TODO: check
+CVE-2025-23222 (An issue was discovered in Deepin dde-api-proxy through 1.0.19 
in whic ...)
+       TODO: check
+CVE-2025-22714 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-22612 (Coolify is an open-source and self-hostable tool for managing 
servers, ...)
+       TODO: check
+CVE-2025-22611 (Coolify is an open-source and self-hostable tool for managing 
servers, ...)
+       TODO: check
+CVE-2025-22610 (Coolify is an open-source and self-hostable tool for managing 
servers, ...)
+       TODO: check
+CVE-2025-22609 (Coolify is an open-source and self-hostable tool for managing 
servers, ...)
+       TODO: check
+CVE-2025-22608 (Coolify is an open-source and self-hostable tool for managing 
servers, ...)
+       TODO: check
+CVE-2025-22607 (Coolify is an open-source and self-hostable tool for managing 
servers, ...)
+       TODO: check
+CVE-2025-22606 (Coolify is an open-source and self-hostable tool for managing 
servers, ...)
+       TODO: check
+CVE-2025-22605 (Coolify is an open-source and self-hostable tool for managing 
servers, ...)
+       TODO: check
+CVE-2025-0708 (A vulnerability was found in fumiao opencms 2.2. It has been 
declared  ...)
+       TODO: check
+CVE-2025-0707 (A vulnerability was found in Rise Group Rise Mode Temp CPU 2.1. 
It has ...)
+       TODO: check
+CVE-2025-0706 (A vulnerability was found in JoeyBling bootplus up to 
247d5f6c209be1a5 ...)
+       TODO: check
+CVE-2025-0705 (A vulnerability has been found in JoeyBling bootplus up to 
247d5f6c209 ...)
+       TODO: check
+CVE-2025-0704 (A vulnerability, which was classified as problematic, was found 
in Joe ...)
+       TODO: check
+CVE-2025-0703 (A vulnerability, which was classified as problematic, has been 
found i ...)
+       TODO: check
+CVE-2025-0702 (A vulnerability classified as critical was found in JoeyBling 
bootplus ...)
+       TODO: check
+CVE-2025-0701 (A vulnerability classified as critical has been found in 
JoeyBling boo ...)
+       TODO: check
+CVE-2025-0700 (A vulnerability was found in JoeyBling bootplus up to 
247d5f6c209be1a5 ...)
+       TODO: check
+CVE-2025-0699 (A vulnerability was found in JoeyBling bootplus up to 
247d5f6c209be1a5 ...)
+       TODO: check
+CVE-2025-0698 (A vulnerability was found in JoeyBling bootplus up to 
247d5f6c209be1a5 ...)
+       TODO: check
+CVE-2025-0697 (A vulnerability, which was classified as problematic, was found 
in Tel ...)
+       TODO: check
+CVE-2024-9499 (DLL hijacking vulnerabilities, caused by an uncontrolled search 
path i ...)
+       TODO: check
+CVE-2024-9498 (DLL hijacking vulnerabilities, caused by an uncontrolled search 
path i ...)
+       TODO: check
+CVE-2024-9497 (DLL hijacking vulnerabilities, caused by an uncontrolled search 
path i ...)
+       TODO: check
+CVE-2024-9496 (DLL hijacking vulnerabilities, caused by an uncontrolled search 
path i ...)
+       TODO: check
+CVE-2024-9495 (DLL hijacking vulnerabilities, caused by an uncontrolled search 
path i ...)
+       TODO: check
+CVE-2024-9494 (DLL hijacking vulnerabilities, caused by an uncontrolled search 
path i ...)
+       TODO: check
+CVE-2024-9493 (DLL hijacking vulnerabilities, caused by an uncontrolled search 
path i ...)
+       TODO: check
+CVE-2024-9492 (DLL hijacking vulnerabilities, caused by an uncontrolled search 
path i ...)
+       TODO: check
+CVE-2024-9491 (DLL hijacking vulnerabilities, caused by an uncontrolled search 
path i ...)
+       TODO: check
+CVE-2024-9490 (DLL hijacking vulnerabilities, caused by an uncontrolled search 
path i ...)
+       TODO: check
+CVE-2024-57277 (InnoShop V.0.3.8 and below is vulnerable to Cross Site 
Scripting (XSS) ...)
+       TODO: check
+CVE-2024-57184 (An issue was discovered in GPAC v0.8.0, as demonstrated by 
MP4Box. It  ...)
+       TODO: check
+CVE-2024-57095 (SQL injection vulnerability in Go-CMS v.1.1.10 allows a remote 
attacke ...)
+       TODO: check
+CVE-2024-57041 (A persistent cross-site scripting (XSS) vulnerability in 
NodeBB v3.11. ...)
+       TODO: check
+CVE-2024-56404 (In One Identity Identity Manager 9.x before 9.3, an insecure 
direct ob ...)
+       TODO: check
+CVE-2024-52807 (The HL7 FHIR IG publisher is a tool to take a set of inputs 
and create ...)
+       TODO: check
+CVE-2024-45077 (IBM Maximo Asset Management 7.6.1.3 MXAPIASSET API is 
vulnerable to un ...)
+       TODO: check
+CVE-2024-41757 (IBM Concert Software 1.0.0 and 1.0.1 could allow a remote 
attacker to  ...)
+       TODO: check
+CVE-2024-41739 (IBM Cognos Dashboards 4.0.7 and 5.0.0 on Cloud Pak for Data 
could allo ...)
+       TODO: check
+CVE-2024-40706 (IBM InfoSphere Information Server 11.7 could allow a remote 
user to ob ...)
+       TODO: check
+CVE-2024-40693 (IBM Planning Analytics 2.0 and 2.1 could be vulnerable to 
malicious fi ...)
+       TODO: check
+CVE-2024-35122 (IBM i 7.2, 7.3, 7.4, and 7.5 is vulnerable to a file level 
local denia ...)
+       TODO: check
+CVE-2024-25034 (IBM Planning Analytics 2.0 and 2.1 could be vulnerable to 
malicious fi ...)
+       TODO: check
+CVE-2024-13698 (The Jobify - Job Board WordPress Theme for WordPress is 
vulnerable to  ...)
+       TODO: check
+CVE-2024-13594 (The Simple Downloads List plugin for WordPress is vulnerable 
to SQL In ...)
+       TODO: check
+CVE-2024-13583 (The Simple Gallery with Filter plugin for WordPress is 
vulnerable to S ...)
+       TODO: check
+CVE-2024-13572 (The Precious Metals Charts and Widgets for WordPress plugin 
for WordPr ...)
+       TODO: check
+CVE-2024-13545 (The Bootstrap Ultimate theme for WordPress is vulnerable to 
Local File ...)
+       TODO: check
+CVE-2024-13542 (The WP Google Street View (with 360\xb0 virtual tour) & Google 
maps +  ...)
+       TODO: check
+CVE-2024-13409 (The Post Grid, Slider & Carousel Ultimate \u2013 with 
Shortcode, Guten ...)
+       TODO: check
+CVE-2024-13408 (The Post Grid, Slider & Carousel Ultimate \u2013 with 
Shortcode, Guten ...)
+       TODO: check
+CVE-2024-13354 (The Responsive Addons for Elementor \u2013 Free Elementor 
Addons Plugi ...)
+       TODO: check
+CVE-2024-13335 (The Spexo Addons for Elementor \u2013 Free Elementor Addons, 
Widgets a ...)
+       TODO: check
+CVE-2024-12494 (The BMLT Meeting Map plugin for WordPress is vulnerable to 
Stored Cros ...)
+       TODO: check
+CVE-2024-11913 (The Activity Plus Reloaded for BuddyPress plugin for WordPress 
is vuln ...)
+       TODO: check
+CVE-2024-10324 (The RomethemeKit For Elementor plugin for WordPress is 
vulnerable to S ...)
+       TODO: check
 CVE-2025-0577
        - glibc <not-affected> (Doesn't affect any released version of glibc)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2338871
@@ -3613,7 +3977,7 @@ CVE-2024-53563 (A stored cross-site scripting (XSS) 
vulnerability in Arcadyan Me
 CVE-2024-53561 (A remote code execution (RCE) vulnerability in Arcadyan Meteor 
2 CPE F ...)
        NOT-FOR-US: Arcadyan Meteor
 CVE-2024-53263 (Git LFS is a Git extension for versioning large files. When 
Git LFS re ...)
-       {DLA-4028-1}
+       {DSA-5849-1 DLA-4028-1}
        - git-lfs 3.5.0-2 (bug #1093048)
        NOTE: 
https://github.com/git-lfs/git-lfs/security/advisories/GHSA-q6r2-x2cc-vrp7
        NOTE: Fixed by: 
https://github.com/git-lfs/git-lfs/commit/0345b6f816e611d050c0df67b61f0022916a1c90
 (v3.6.1)
@@ -176614,8 +176978,8 @@ CVE-2022-47091 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b 
is vulnerable to Buffer Ov
        [buster] - gpac <end-of-life> (EOL in buster LTS)
        NOTE: https://github.com/gpac/gpac/issues/2343
        NOTE: 
https://github.com/gpac/gpac/commit/65d089bcb5dad6fda668ee61e38a8394ed8bdf1f 
(v2.2.0)
-CVE-2022-47090
-       RESERVED
+CVE-2022-47090 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b contains a buffer 
overflow in gf ...)
+       TODO: check
 CVE-2022-47089 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer 
Overflow ...)
        [experimental] - gpac 2.2.1+dfsg1-1
        - gpac 2.2.1+dfsg1-2 (bug #1033116)
@@ -418126,8 +418490,7 @@ CVE-2019-15691 (TigerVNC version prior to 1.10.1 is 
vulnerable to stack use-afte
        NOTE: https://www.openwall.com/lists/oss-security/2019/12/20/2
        NOTE: 
https://github.com/TigerVNC/tigervnc/commit/d61a767d6842b530ffb532ddd5a3d233119aad40
 (master)
        NOTE: 
https://github.com/TigerVNC/tigervnc/commit/042de4642293df9b72a08189c249e2da79cbca91
 (v1.10.1)
-CVE-2019-15690
-       RESERVED
+CVE-2019-15690 (LibVNCServer 0.9.12 release and earlier contains heap buffer 
overflow  ...)
        {DLA-2146-1}
        - libvncserver 0.9.12+dfsg-9 (bug #954163)
        [buster] - libvncserver 0.9.11+dfsg-1.3+deb10u3



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5147f2c1888af426b8a5dfaf3c4c661745763946

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5147f2c1888af426b8a5dfaf3c4c661745763946
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to