Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e3dbaba1 by security tracker role at 2025-01-29T08:11:50+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,73 @@
+CVE-2025-24826 (Local privilege escalation due to insecure folder permissions.
The fol ...)
+ TODO: check
+CVE-2025-24482 (A Local Code Injection Vulnerability exists in the product and
version ...)
+ TODO: check
+CVE-2025-24481 (An Incorrect Permission Assignment Vulnerability exists in the
product ...)
+ TODO: check
+CVE-2025-23362 (The old versions of EXIF Viewer Classic contain a cross-site
scripting ...)
+ TODO: check
+CVE-2025-22917 (A reflected cross-site scripting (XSS) vulnerability in
Audemium ERP < ...)
+ TODO: check
+CVE-2025-0806 (A vulnerability was found in code-projects Job Recruitment 1.0.
It has ...)
+ TODO: check
+CVE-2025-0804 (The ClickWhale \u2013 Link Manager, Link Shortener and Click
Tracker f ...)
+ TODO: check
+CVE-2025-0803 (A vulnerability, which was classified as critical, has been
found in C ...)
+ TODO: check
+CVE-2025-0802 (A vulnerability classified as critical was found in
SourceCodester Bes ...)
+ TODO: check
+CVE-2025-0800 (A vulnerability classified as problematic has been found in
SourceCode ...)
+ TODO: check
+CVE-2025-0798 (A vulnerability was found in MicroWorld eScan Antivirus 7.0.32
on Linu ...)
+ TODO: check
+CVE-2025-0797 (A vulnerability was found in MicroWorld eScan Antivirus 7.0.32
on Linu ...)
+ TODO: check
+CVE-2025-0795 (A vulnerability was found in ESAFENET CDG V5. It has been
classified a ...)
+ TODO: check
+CVE-2025-0794 (A vulnerability was found in ESAFENET CDG V5 and classified as
problem ...)
+ TODO: check
+CVE-2025-0793 (A vulnerability has been found in ESAFENET CDG V5 and
classified as cr ...)
+ TODO: check
+CVE-2025-0792 (A vulnerability, which was classified as critical, was found in
ESAFEN ...)
+ TODO: check
+CVE-2025-0791 (A vulnerability, which was classified as critical, has been
found in E ...)
+ TODO: check
+CVE-2025-0790 (A vulnerability classified as problematic was found in ESAFENET
CDG V5 ...)
+ TODO: check
+CVE-2025-0789 (A vulnerability classified as critical has been found in
ESAFENET CDG ...)
+ TODO: check
+CVE-2025-0788 (A vulnerability was found in ESAFENET CDG V5. It has been rated
as cri ...)
+ TODO: check
+CVE-2025-0787 (A vulnerability was found in ESAFENET CDG V5. It has been
declared as ...)
+ TODO: check
+CVE-2025-0786 (A vulnerability was found in ESAFENET CDG V5. It has been
classified a ...)
+ TODO: check
+CVE-2025-0785 (A vulnerability was found in ESAFENET CDG V5 and classified as
problem ...)
+ TODO: check
+CVE-2024-7695 (Multiple switches are affected by an out-of-bounds write
vulnerability ...)
+ TODO: check
+CVE-2024-57519 (An issue in Open5GS v.2.7.2 allows a remote attacker to cause
a denial ...)
+ TODO: check
+CVE-2024-57514 (The TP-Link Archer A20 v3 router is vulnerable to Cross-site
Scripting ...)
+ TODO: check
+CVE-2024-57376 (Buffer Overflow vulnerability in D-Link DSR-150, DSR-150N,
DSR-250, DS ...)
+ TODO: check
+CVE-2024-56529 (Mailcow through 2024-11b has a session fixation vulnerability
in the w ...)
+ TODO: check
+CVE-2024-55968 (An issue was discovered in DTEX DEC-M (DTEX Forwarder) 6.1.1.
The com. ...)
+ TODO: check
+CVE-2024-48310 (AutoLib Software Systems OPAC v20.10 was discovered to have
multiple A ...)
+ TODO: check
+CVE-2024-29869 (Hive creates a credentials file to a temporary directory in
the file s ...)
+ TODO: check
+CVE-2024-13696 (The Flexible Wishlist for WooCommerce \u2013 Ecommerce
Wishlist & Save ...)
+ TODO: check
+CVE-2024-12749 (The Competition Form WordPress plugin through 2.0 does not
sanitise an ...)
+ TODO: check
+CVE-2023-35017 (IBM Security Verify Governance 10.0.2 Identity Manager can
transmit us ...)
+ TODO: check
+CVE-2023-33838 (IBM Security Verify Governance 10.0.2 Identity Manager uses
a one-wa ...)
+ TODO: check
CVE-2025-0762
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
@@ -99,7 +169,8 @@ CVE-2025-24174 (The issue was addressed with improved
checks. This issue is fixe
NOT-FOR-US: Apple
CVE-2025-24169 (A logging issue was addressed with improved data redaction.
This issue ...)
NOT-FOR-US: Apple
-CVE-2025-24166 (This issue was addressed through improved state management.
This issue ...)
+CVE-2025-24166
+ REJECTED
NOT-FOR-US: Apple
CVE-2025-24163 (The issue was addressed with improved checks. This issue is
fixed in i ...)
NOT-FOR-US: Apple
@@ -1527,7 +1598,7 @@ CVE-2024-57719 (lunasvg v3.0.0 was discovered to contain
a segmentation violatio
NOT-FOR-US: lunasvg
CVE-2024-56924 (A Cross Site Request Forgery (CSRF) vulnerability in Code
Astro Intern ...)
NOT-FOR-US: Code Astro Internet banking system
-CVE-2024-56923 (Stored Cross-Site Scripting (XSS) in the Categorization Option
of My S ...)
+CVE-2024-56923 (Stored Cross-Site Scripting (XSS) Vulnerability in the
Categorization ...)
NOT-FOR-US: Silverpeas
CVE-2024-52975 (An issue was identified in Fleet Server where Fleet policies
that coul ...)
NOT-FOR-US: Elastic Fleet
@@ -14779,7 +14850,7 @@ CVE-2024-46442 (An issue in the BYD Dilink Headunit
System v3.0 to v4.0 allows a
NOT-FOR-US: BYD Dilink Headunit System
CVE-2024-46341 (TP-Link TL-WR845N(UN)_V4_190219 was discovered to transmit
credentials ...)
NOT-FOR-US: TP-Link
-CVE-2024-46340 (TP-Link TL-WR845N(UN)_V4_200909 and TL-WR845N(UN)_V4_190219
was discov ...)
+CVE-2024-46340 (TL-WR845N(UN)_V4_201214, TP-Link TL-WR845N(UN)_V4_200909, and
TL-WR845 ...)
NOT-FOR-US: TP-Link
CVE-2024-45709 (SolarWinds Web Help Desk was susceptible to a local file read
vulnerab ...)
NOT-FOR-US: SolarWinds
@@ -291300,21 +291371,25 @@ CVE-2021-33648 (When performing the inference shape
operation of Affine, Concat,
CVE-2021-33647 (When performing the inference shape operation of the Tile
operator, if ...)
NOT-FOR-US: Mindspore deep learning
CVE-2021-33646 (The th_read() function doesn\u2019t free a variable
t->th_buf.gnu_long ...)
+ {DLA-4033-1}
- libtar <removed>
[bookworm] - libtar <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2121295
NOTE: (not-upstream) patch from OpenEuler:
https://gitee.com/src-openeuler/libtar/blob/master/openEuler-CVE-2021-33645-CVE-2021-33646.patch
CVE-2021-33645 (The th_read() function doesn\u2019t free a variable
t->th_buf.gnu_long ...)
+ {DLA-4033-1}
- libtar <removed>
[bookworm] - libtar <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2121295
NOTE: (not-upstream) patch from OpenEuler:
https://gitee.com/src-openeuler/libtar/blob/master/openEuler-CVE-2021-33645-CVE-2021-33646.patch
CVE-2021-33644 (An attacker who submits a crafted tar file with size in header
struct ...)
+ {DLA-4033-1}
- libtar <removed>
[bookworm] - libtar <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2121292
NOTE: (not-upstream) patch from OpenEuler:
https://gitee.com/src-openeuler/libtar/blob/master/openEuler-CVE-2021-33643-CVE-2021-33644.patch
CVE-2021-33643 (An attacker who submits a crafted tar file with size in header
struct ...)
+ {DLA-4033-1}
- libtar <removed>
[bookworm] - libtar <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2121289
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e3dbaba160b1faadf04c0d950f8ea7ea1bde71a0
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e3dbaba160b1faadf04c0d950f8ea7ea1bde71a0
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
