Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a2827420 by security tracker role at 2025-01-28T08:12:02+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,259 @@
+CVE-2025-24810 (Cross-site scripting vulnerability exists in Simple Image
Sizes 3.2.3 ...)
+ TODO: check
+CVE-2025-24369 (Anubis is a tool that allows administrators to protect bots
against AI ...)
+ TODO: check
+CVE-2025-24177 (A null pointer dereference was addressed with improved input
validatio ...)
+ TODO: check
+CVE-2025-24176 (A permissions issue was addressed with improved validation.
This issue ...)
+ TODO: check
+CVE-2025-24174 (The issue was addressed with improved checks. This issue is
fixed in m ...)
+ TODO: check
+CVE-2025-24169 (A logging issue was addressed with improved data redaction.
This issue ...)
+ TODO: check
+CVE-2025-24166 (This issue was addressed through improved state management.
This issue ...)
+ TODO: check
+CVE-2025-24163 (The issue was addressed with improved checks. This issue is
fixed in i ...)
+ TODO: check
+CVE-2025-24162 (This issue was addressed through improved state management.
This issue ...)
+ TODO: check
+CVE-2025-24161 (The issue was addressed with improved checks. This issue is
fixed in i ...)
+ TODO: check
+CVE-2025-24160 (The issue was addressed with improved checks. This issue is
fixed in i ...)
+ TODO: check
+CVE-2025-24159 (A validation issue was addressed with improved logic. This
issue is fi ...)
+ TODO: check
+CVE-2025-24158 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2025-24156 (An integer overflow was addressed through improved input
validation. T ...)
+ TODO: check
+CVE-2025-24154 (An out-of-bounds write was addressed with improved input
validation. T ...)
+ TODO: check
+CVE-2025-24153 (A buffer overflow issue was addressed with improved memory
handling. T ...)
+ TODO: check
+CVE-2025-24152 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2025-24151 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2025-24150 (A privacy issue was addressed with improved handling of files.
This is ...)
+ TODO: check
+CVE-2025-24149 (An out-of-bounds read was addressed with improved bounds
checking. Thi ...)
+ TODO: check
+CVE-2025-24146 (This issue was addressed with improved redaction of sensitive
informat ...)
+ TODO: check
+CVE-2025-24145 (A privacy issue was addressed with improved private data
redaction for ...)
+ TODO: check
+CVE-2025-24143 (The issue was addressed with improved access restrictions to
the file ...)
+ TODO: check
+CVE-2025-24141 (An authentication issue was addressed with improved state
management. ...)
+ TODO: check
+CVE-2025-24140 (This issue was addressed through improved state management.
This issue ...)
+ TODO: check
+CVE-2025-24139 (The issue was addressed with improved checks. This issue is
fixed in m ...)
+ TODO: check
+CVE-2025-24138 (This issue was addressed through improved state management.
This issue ...)
+ TODO: check
+CVE-2025-24137 (A type confusion issue was addressed with improved checks.
This issue ...)
+ TODO: check
+CVE-2025-24136 (This issue was addressed with improved validation of symlinks.
This is ...)
+ TODO: check
+CVE-2025-24135 (This issue was addressed with improved message validation.
This issue ...)
+ TODO: check
+CVE-2025-24134 (An information disclosure issue was addressed with improved
privacy co ...)
+ TODO: check
+CVE-2025-24131 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2025-24130 (The issue was addressed with improved checks. This issue is
fixed in m ...)
+ TODO: check
+CVE-2025-24129 (A type confusion issue was addressed with improved checks.
This issue ...)
+ TODO: check
+CVE-2025-24128 (The issue was addressed by adding additional logic. This issue
is fixe ...)
+ TODO: check
+CVE-2025-24127 (The issue was addressed with improved checks. This issue is
fixed in i ...)
+ TODO: check
+CVE-2025-24126 (An input validation issue was addressed. This issue is fixed
in vision ...)
+ TODO: check
+CVE-2025-24124 (The issue was addressed with improved checks. This issue is
fixed in i ...)
+ TODO: check
+CVE-2025-24123 (The issue was addressed with improved checks. This issue is
fixed in i ...)
+ TODO: check
+CVE-2025-24122 (A downgrade issue affecting Intel-based Mac computers was
addressed wi ...)
+ TODO: check
+CVE-2025-24121 (A logic issue was addressed with improved checks. This issue
is fixed ...)
+ TODO: check
+CVE-2025-24120 (This issue was addressed by improved management of object
lifetimes. T ...)
+ TODO: check
+CVE-2025-24118 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2025-24117 (This issue was addressed with improved redaction of sensitive
informat ...)
+ TODO: check
+CVE-2025-24116 (An access issue was addressed with additional sandbox
restrictions. Th ...)
+ TODO: check
+CVE-2025-24115 (A path handling issue was addressed with improved validation.
This iss ...)
+ TODO: check
+CVE-2025-24114 (A permissions issue was addressed with additional
restrictions. This i ...)
+ TODO: check
+CVE-2025-24113 (The issue was addressed with improved UI. This issue is fixed
in macOS ...)
+ TODO: check
+CVE-2025-24112 (The issue was addressed with improved checks. This issue is
fixed in m ...)
+ TODO: check
+CVE-2025-24109 (A downgrade issue was addressed with additional code-signing
restricti ...)
+ TODO: check
+CVE-2025-24108 (An access issue was addressed with additional sandbox
restrictions. Th ...)
+ TODO: check
+CVE-2025-24107 (A permissions issue was addressed with additional
restrictions. This i ...)
+ TODO: check
+CVE-2025-24106 (The issue was addressed with improved checks. This issue is
fixed in m ...)
+ TODO: check
+CVE-2025-24104 (This issue was addressed with improved handling of symlinks.
This issu ...)
+ TODO: check
+CVE-2025-24103 (This issue was addressed with improved validation of symlinks.
This is ...)
+ TODO: check
+CVE-2025-24102 (The issue was addressed with improved checks. This issue is
fixed in i ...)
+ TODO: check
+CVE-2025-24101 (This issue was addressed with improved redaction of sensitive
informat ...)
+ TODO: check
+CVE-2025-24100 (A logic issue was addressed with improved restrictions. This
issue is ...)
+ TODO: check
+CVE-2025-24096 (This issue was addressed through improved state management.
This issue ...)
+ TODO: check
+CVE-2025-24094 (A race condition was addressed with additional validation.
This issue ...)
+ TODO: check
+CVE-2025-24093 (A permissions issue was addressed with additional
restrictions. This i ...)
+ TODO: check
+CVE-2025-24092 (This issue was addressed with improved data protection. This
issue is ...)
+ TODO: check
+CVE-2025-24087 (The issue was addressed with additional permissions checks.
This issue ...)
+ TODO: check
+CVE-2025-24086 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2025-24085 (A use after free issue was addressed with improved memory
management. ...)
+ TODO: check
+CVE-2025-22865 (Using ParsePKCS1PrivateKey to parse a RSA key that is missing
the CRT ...)
+ TODO: check
+CVE-2025-0753 (A vulnerability classified as critical was found in Axiomatic
Bento4 u ...)
+ TODO: check
+CVE-2025-0321 (The ElementsKit Pro plugin for WordPress is vulnerable to
DOM-Based St ...)
+ TODO: check
+CVE-2024-57549 (CMSimple 5.16 allows the user to read cms source code through
manipula ...)
+ TODO: check
+CVE-2024-57548 (CMSimple 5.16 allows the user to edit log.php file via print
page.)
+ TODO: check
+CVE-2024-57547 (Insecure Permissions vulnerability in CMSimple v.5.16 allows a
remote ...)
+ TODO: check
+CVE-2024-57546 (An issue in CMSimple v.5.16 allows a remote attacker to obtain
sensiti ...)
+ TODO: check
+CVE-2024-57373 (Cross Site Request Forgery vulnerability in LifestyleStore
v.1.0 allow ...)
+ TODO: check
+CVE-2024-57052 (An issue in youdiancms v.9.5.20 and before allows a remote
attacker to ...)
+ TODO: check
+CVE-2024-56316 (In AXESS ACS (Auto Configuration Server) through 5.2.0,
unsanitized us ...)
+ TODO: check
+CVE-2024-56178 (An issue was discovered in Couchbase Server 7.6.x through
7.6.3. A use ...)
+ TODO: check
+CVE-2024-54728 (Incorrect access control in BYD QIN PLUS DM-i Dilink OS
3.0_13.1.7.220 ...)
+ TODO: check
+CVE-2024-54557 (A logic issue was addressed with improved restrictions. This
issue is ...)
+ TODO: check
+CVE-2024-54550 (This issue was addressed with improved redaction of sensitive
informat ...)
+ TODO: check
+CVE-2024-54549 (This issue was addressed with improved redaction of sensitive
informat ...)
+ TODO: check
+CVE-2024-54547 (The issue was addressed with improved checks. This issue is
fixed in m ...)
+ TODO: check
+CVE-2024-54543 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2024-54542 (An authentication issue was addressed with improved state
management. ...)
+ TODO: check
+CVE-2024-54541 (This issue was addressed through improved state management.
This issue ...)
+ TODO: check
+CVE-2024-54539 (This issue was addressed through improved state management.
This issue ...)
+ TODO: check
+CVE-2024-54537 (This issue was addressed with additional entitlement checks.
This issu ...)
+ TODO: check
+CVE-2024-54536 (The issue was addressed with improved validation of
environment variab ...)
+ TODO: check
+CVE-2024-54530 (The issue was addressed with improved checks. This issue is
fixed in m ...)
+ TODO: check
+CVE-2024-54523 (The issue was addressed with improved bounds checks. This
issue is fix ...)
+ TODO: check
+CVE-2024-54522 (The issue was addressed with improved bounds checks. This
issue is fix ...)
+ TODO: check
+CVE-2024-54520 (A path handling issue was addressed with improved validation.
This iss ...)
+ TODO: check
+CVE-2024-54519 (The issue was resolved by sanitizing logging. This issue is
fixed in m ...)
+ TODO: check
+CVE-2024-54518 (The issue was addressed with improved bounds checks. This
issue is fix ...)
+ TODO: check
+CVE-2024-54517 (The issue was addressed with improved bounds checks. This
issue is fix ...)
+ TODO: check
+CVE-2024-54516 (A permissions issue was addressed with additional
restrictions. This i ...)
+ TODO: check
+CVE-2024-54512 (The issue was addressed by removing the relevant flags. This
issue is ...)
+ TODO: check
+CVE-2024-54509 (An out-of-bounds write issue was addressed with improved input
validat ...)
+ TODO: check
+CVE-2024-54507 (A type confusion issue was addressed with improved memory
handling. Th ...)
+ TODO: check
+CVE-2024-54499 (A use-after-free issue was addressed with improved memory
management. ...)
+ TODO: check
+CVE-2024-54497 (The issue was addressed with improved checks. This issue is
fixed in i ...)
+ TODO: check
+CVE-2024-54488 (A logic issue was addressed with improved file handling. This
issue is ...)
+ TODO: check
+CVE-2024-54478 (An out-of-bounds access issue was addressed with improved
bounds check ...)
+ TODO: check
+CVE-2024-54475 (A privacy issue was addressed with improved private data
redaction for ...)
+ TODO: check
+CVE-2024-54468 (The issue was addressed with improved checks. This issue is
fixed in m ...)
+ TODO: check
+CVE-2024-53881 (NVIDIA vGPU software contains a vulnerability in the host
driver, wher ...)
+ TODO: check
+CVE-2024-48662 (Cross Site Scripting vulnerability in AdGuard Application
v.7.18.1 (47 ...)
+ TODO: check
+CVE-2024-45340 (Credentials provided via the new GOAUTH feature were not being
properl ...)
+ TODO: check
+CVE-2024-45339 (When logs are written to a widely-writable directory (the
default), an ...)
+ TODO: check
+CVE-2024-44172 (A privacy issue was addressed with improved private data
redaction for ...)
+ TODO: check
+CVE-2024-37526 (IBM Watson Query on Cloud Pak for Data (IBM Data
Virtualization1.8, 2. ...)
+ TODO: check
+CVE-2024-28786 (IBM QRadar SIEM 7.5 transmits sensitive or security-critical
data in c ...)
+ TODO: check
+CVE-2024-27263 (IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and
6.2.0.0 throug ...)
+ TODO: check
+CVE-2024-22315 (IBM Fusion and IBM Fusion HCI 2.3.0 through 2.8.2 is
vulnerable to ins ...)
+ TODO: check
+CVE-2024-13521 (The MailUp Auto Subscription plugin for WordPress is
vulnerable to Cro ...)
+ TODO: check
+CVE-2024-13509 (The WS Form LITE \u2013 Drag & Drop Contact Form Builder for
WordPress ...)
+ TODO: check
+CVE-2024-13448 (The ThemeREX Addons plugin for WordPress is vulnerable to
arbitrary fi ...)
+ TODO: check
+CVE-2024-12807 (The Social Share Buttons for WordPress plugin through 2.7 does
not san ...)
+ TODO: check
+CVE-2024-12723 (The Infility Global WordPress plugin through 2.9.8 does not
sanitise a ...)
+ TODO: check
+CVE-2024-12649 (Buffer overflow in XPS data font processing of Small Office
Multifunct ...)
+ TODO: check
+CVE-2024-12648 (Buffer overflow in TIFF data EXIF tag processing of Small
Office Multi ...)
+ TODO: check
+CVE-2024-12647 (Buffer overflow in CPCA font download processing of Small
Office Multi ...)
+ TODO: check
+CVE-2024-11135 (The Eventer plugin for WordPress is vulnerable to SQL
Injection via th ...)
+ TODO: check
+CVE-2024-0146 (NVIDIA vGPU software contains a vulnerability in the Virtual
GPU Manag ...)
+ TODO: check
+CVE-2024-0140 (NVIDIA RAPIDS contains a vulnerability in cuDF and cuML, where
a user ...)
+ TODO: check
+CVE-2024-0137 (NVIDIA Container Toolkit contains an improper isolation
vulnerability ...)
+ TODO: check
+CVE-2024-0136 (NVIDIA Container Toolkit contains an improper isolation
vulnerability ...)
+ TODO: check
+CVE-2024-0135 (NVIDIA Container Toolkit contains an improper isolation
vulnerability ...)
+ TODO: check
+CVE-2023-50316 (IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and
6.2.0.0 throug ...)
+ TODO: check
CVE-2025-0754
- envoyproxy <itp> (bug #987544)
CVE-2025-0752
@@ -911,7 +1167,7 @@ CVE-2023-46401 (KWHotel 0.47 is vulnerable to CSV Formula
Injection in the invoi
NOT-FOR-US: KWHotel
CVE-2023-46400 (KWHotel 0.47 is vulnerable to CSV Formula Injection in the add
guest f ...)
NOT-FOR-US: KWHotel
-CVE-2024-0149
+CVE-2024-0149 (NVIDIA GPU Display Driver for Linux contains a vulnerability
which cou ...)
- nvidia-graphics-drivers <unfixed> (bug #1093908)
[bookworm] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
[bullseye] - nvidia-graphics-drivers <ignored> (Non-free not supported)
@@ -949,12 +1205,12 @@ CVE-2024-0131
- nvidia-open-gpu-kernel-modules <unfixed> (bug #1093916)
[bookworm] - nvidia-open-gpu-kernel-modules <no-dsa> (Non-free not
supported)
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5614
-CVE-2024-53869
+CVE-2024-53869 (NVIDIA Unified Memory driver for Linux contains a
vulnerability where ...)
- nvidia-graphics-drivers <unfixed> (bug #1093908)
[bookworm] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
[bullseye] - nvidia-graphics-drivers <ignored> (Non-free not supported)
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5614
-CVE-2024-0147
+CVE-2024-0147 (NVIDIA GPU display driver for Windows and Linux contains a
vulnerabili ...)
- nvidia-graphics-drivers <unfixed> (bug #1093908)
[bookworm] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
[bullseye] - nvidia-graphics-drivers <ignored> (Non-free not supported)
@@ -973,7 +1229,7 @@ CVE-2024-0147
- nvidia-open-gpu-kernel-modules <unfixed> (bug #1093916)
[bookworm] - nvidia-open-gpu-kernel-modules <no-dsa> (Non-free not
supported)
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5614
-CVE-2024-0150
+CVE-2024-0150 (NVIDIA GPU display driver for Windows and Linux contains a
vulnerabili ...)
- nvidia-graphics-drivers <unfixed> (bug #1093908)
[bookworm] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
[bullseye] - nvidia-graphics-drivers <ignored> (Non-free not supported)
@@ -1898,7 +2154,7 @@ CVE-2025-0411 (7-Zip Mark-of-the-Web Bypass
Vulnerability. This vulnerability al
CVE-2025-23085 [GOAWAY HTTP/2 frames cause memory leak outside heap]
- nodejs 20.18.2+dfsg-1 (bug #1094134)
NOTE:
https://nodejs.org/en/blog/vulnerability/january-2025-security-releases#goaway-http2-frames-cause-memory-leak-outside-heap-cve-2025-23085---medium
-CVE-2025-23084 [Path traversal by drive name in Windows environment]
+CVE-2025-23084 (A vulnerability has been identified in Node.js, specifically
affecting ...)
- nodejs <not-affected> (Only affect Node.js on Windows)
NOTE:
https://nodejs.org/en/blog/vulnerability/january-2025-security-releases#path-traversal-by-drive-name-in-windows-environment-cve-2025-23084---medium
CVE-2025-23083 (With the aid of the diagnostics_channel utility, an event can
be hooke ...)
@@ -2064,7 +2320,7 @@ CVE-2024-51888 (Incorrect Privilege Assignment
vulnerability in NotFound Homey L
NOT-FOR-US: WordPress plugin
CVE-2024-51818 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-51417 (An issue in System.Linq.Dynamic.Core Latest version v.1.4.6
allows rem ...)
+CVE-2024-51417 (An issue in System.Linq.Dynamic.Core before 1.6.0 allows
remote access ...)
NOT-FOR-US: System.Linq.Dynamic.Core
CVE-2024-49700 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin
@@ -3085,7 +3341,7 @@ CVE-2024-11146 (TrueFiling is a collaborative, web-based
electronic filing syste
NOT-FOR-US: TrueFiling
CVE-2024-10799 (The Eventer plugin for WordPress is vulnerable to Directory
Traversal ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-45341
+CVE-2024-45341 (A certificate with a URI which has a IPv6 address with a zone
ID may i ...)
- golang-1.23 1.23.5-1
- golang-1.22 1.22.11-1
- golang-1.19 <removed>
@@ -3097,7 +3353,7 @@ CVE-2024-45341
NOTE: Fixed by:
https://github.com/golang/go/commit/fdb8413fe588ec6dc31f1deaf43eb7202a76bb79
(go1.23.5)
NOTE: Fixed by:
https://github.com/golang/go/commit/19d21034157ba69d0f54318a9867d9b08730efcb
(go1.22.11)
NOTE: Certificates containing URIs are not permitted in the web PKI, so
this only affects users of private PKIs which make use of URIs
-CVE-2024-45336
+CVE-2024-45336 (The HTTP client drops sensitive headers after following a
cross-domain ...)
- golang-1.23 1.23.5-1
- golang-1.22 1.22.11-1
- golang-1.19 <removed>
@@ -57442,7 +57698,7 @@ CVE-2024-37007 (A maliciously crafted X_B and X_T file,
when parsed in pskernel.
NOT-FOR-US: Autodesk
CVE-2024-37006 (A maliciously crafted CATPRODUCT file, when parsed in
CC5Dll.dll throu ...)
NOT-FOR-US: Autodesk
-CVE-2024-37005 (A maliciously crafted X_B and X_T file, when parsed in
pskernel.DLL th ...)
+CVE-2024-37005 (A maliciously crafted X_B file, when parsed in pskernel.DLL
through Au ...)
NOT-FOR-US: Autodesk
CVE-2024-37004 (A maliciously crafted SLDPRT file, when parsed in
ASMKERN229A.dll thro ...)
NOT-FOR-US: Autodesk
@@ -57450,7 +57706,7 @@ CVE-2024-37003 (A maliciously crafted DWG and SLDPRT
file, when parsed in opennu
NOT-FOR-US: Autodesk
CVE-2024-37002 (A maliciously crafted MODEL file, when parsed in
ASMkern229A.dllthroug ...)
NOT-FOR-US: Autodesk
-CVE-2024-37001 ([A maliciously crafted 3DM file, when parsed in opennurbs.dll
through ...)
+CVE-2024-37001 (A maliciously crafted 3DM file, when parsed in opennurbs.dll
through A ...)
NOT-FOR-US: Autodesk
CVE-2024-37000 (A maliciously crafted X_B file, when parsed in pskernel.DLL
through Au ...)
NOT-FOR-US: Autodesk
@@ -195844,8 +196100,8 @@ CVE-2022-3367
RESERVED
CVE-2022-3366 (The PublishPress Capabilities WordPress plugin before 2.5.2,
PublishPr ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-3365
- RESERVED
+CVE-2022-3365 (Due to reliance on a trivial substitution cipher, sent in
cleartext, a ...)
+ TODO: check
CVE-2022-3364 (Allocation of Resources Without Limits or Throttling in GitHub
reposit ...)
- rdiffweb <itp> (bug #969974)
CVE-2022-3363 (Business Logic Errors in GitHub repository ikus060/rdiffweb
prior to 2 ...)
@@ -223404,8 +223660,8 @@ CVE-2020-36524 (A vulnerability was found in Refined
Toolkit. It has been rated
NOT-FOR-US: Atlassian
CVE-2020-36523 (A vulnerability was found in PlantUML 6.43. It has been
declared as pr ...)
NOT-FOR-US: Atlassian PlantUML plugin
-CVE-2022-31749
- RESERVED
+CVE-2022-31749 (An argument injection vulnerability in the diagnose and import
pac com ...)
+ TODO: check
CVE-2022-31748 (Mozilla developers Gabriele Svelto, Timothy Nikkel, Randell
Jesup, Jon ...)
- firefox 101.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31748
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a282742066ed93681c14246e71926a4a62612f5d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a282742066ed93681c14246e71926a4a62612f5d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
