[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Wed, 29 Jan 2025 12:20:46 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
62e6b872 by security tracker role at 2025-01-29T20:12:32+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,59 @@
+CVE-2025-24882 (regclient is a Docker and OCI Registry Client in Go. A 
malicious regis ...)
+       TODO: check
+CVE-2025-24792 (Snowflake PHP PDO Driver is a driver that uses the PHP Data 
Objects (P ...)
+       TODO: check
+CVE-2025-24791 (snowflake-connector-nodejs is a NodeJS driver for Snowflake. 
Snowflake ...)
+       TODO: check
+CVE-2025-24790 (Snowflake JDBC provides a JDBC type 4 driver that supports 
core functi ...)
+       TODO: check
+CVE-2025-24789 (Snowflake JDBC provides a JDBC type 4 driver that supports 
core functi ...)
+       TODO: check
+CVE-2025-24527 (An issue was discovered in Akamai Enterprise Application 
Access (EAA)  ...)
+       TODO: check
+CVE-2025-24374 (Twig is a template language for PHP. When using the ?? 
operator, outpu ...)
+       TODO: check
+CVE-2025-20061 (mySCADA myPRO does not properly neutralize POST requests sent 
to a spe ...)
+       TODO: check
+CVE-2025-20014 (mySCADA myPRO does not properly neutralize POST requests sent 
to a spe ...)
+       TODO: check
+CVE-2025-0840 (A vulnerability, which was classified as problematic, was found 
in GNU ...)
+       TODO: check
+CVE-2025-0617 (An attacker with access to an HX 10.0.0  and previous versions, 
may se ...)
+       TODO: check
+CVE-2025-0353 (The Divi Torque Lite \u2013 Best Divi Addon, Extensions, 
Modules & Soc ...)
+       TODO: check
+CVE-2024-57965 (In axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not 
use a U ...)
+       TODO: check
+CVE-2024-57439 (An issue in the reset password interface of ruoyi v4.8.0 
allows attack ...)
+       TODO: check
+CVE-2024-57438 (Insecure permissions in RuoYi v4.8.0 allows authenticated 
attackers to ...)
+       TODO: check
+CVE-2024-57437 (RuoYi v4.8.0 was discovered to contain a SQL injection 
vulnerability v ...)
+       TODO: check
+CVE-2024-57436 (RuoYi v4.8.0 was discovered to allow unauthorized attackers to 
view th ...)
+       TODO: check
+CVE-2024-54462 (The file names constructed within image_picker are missing 
sanitizatio ...)
+       TODO: check
+CVE-2024-54461 (The file names constructed within file_selector are missing 
sanitizati ...)
+       TODO: check
+CVE-2024-48852 (Insertion of Sensitive Information into Log File vulnerability 
observe ...)
+       TODO: check
+CVE-2024-48849 (Missing Origin Validation in WebSockets vulnerability 
inFLXEON. Sessio ...)
+       TODO: check
+CVE-2024-41140 (Zohocorp ManageEngine Applications Manager versions174000 and 
prior ar ...)
+       TODO: check
+CVE-2024-13561 (The Target Video Easy Publish plugin for WordPress is 
vulnerable to St ...)
+       TODO: check
+CVE-2024-10001 (A Code Injection vulnerability was identified in GitHub 
Enterprise Ser ...)
+       TODO: check
+CVE-2023-37413 (IBM Aspera Faspex 5.0.0 through 5.0.10 could disclose 
sensitive userna ...)
+       TODO: check
+CVE-2023-37412 (IBM Aspera Faspex 5.0.0 through 5.0.10 could allow a 
privileged user t ...)
+       TODO: check
+CVE-2023-37398 (IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that 
users sho ...)
+       TODO: check
+CVE-2023-35907 (IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that 
users sho ...)
+       TODO: check
 CVE-2024-12705 [DNS-over-HTTPS implementation suffers from multiple issues 
under heavy query load]
        - bind9 <unfixed>
        NOTE: https://kb.isc.org/docs/cve-2024-12705
@@ -74,7 +130,7 @@ CVE-2023-35017 (IBM Security Verify Governance 10.0.2 
Identity Manager can trans
        NOT-FOR-US: IBM
 CVE-2023-33838 (IBM Security Verify Governance 10.0.2 Identity Manager   uses 
a one-wa ...)
        NOT-FOR-US: IBM
-CVE-2025-0762
+CVE-2025-0762 (Use after free in DevTools in Google Chrome prior to 
132.0.6834.159 al ...)
        - chromium <unfixed>
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2025-24800 (Hyperbridge is a hyper-scalable coprocessor for verifiable, 
cross-chai ...)
@@ -732,6 +788,7 @@ CVE-2024-12280 (The WP Customer Area WordPress plugin 
through 8.2.4 does not hav
 CVE-2023-46187 (IBM InfoSphere Master Data Management 11.6, 12.0, and 14.0 is 
vulnerab ...)
        NOT-FOR-US: IBM
 CVE-2025-0781 (An attacker can bypass the sandboxing of Nasal scripts and 
arbitrarily ...)
+       {DLA-4035-1 DLA-4034-1}
        - flightgear 1:2020.3.19+dfsg-1
        [bookworm] - flightgear <no-dsa> (Minor issue)
        - simgear 1:2020.3.19+dfsg-1
@@ -4055,9 +4112,9 @@ CVE-2025-20036 (Mattermost Mobile Apps versions <=2.22.0 
fail to properly valida
        NOT-FOR-US: Mattermost Mobile Apps
 CVE-2025-0502 (Transmission of Private Resources into a New Sphere ('Resource 
Leak')  ...)
        NOT-FOR-US: CrafterCMS
-CVE-2025-0501 (An issue in the native clients for Amazon WorkSpaces Clients 
when runn ...)
+CVE-2025-0501 (An issue in the native clients for Amazon WorkSpaces (when 
running PCo ...)
        NOT-FOR-US: Amazon
-CVE-2025-0500 (An issue in the native clients for Amazon WorkSpaces, Amazon 
AppStream ...)
+CVE-2025-0500 (An issue in the native clients for Amazon WorkSpaces (when 
running Ama ...)
        NOT-FOR-US: Amazon
 CVE-2025-0485 (A vulnerability was found in Fanli2012 native-php-cms 1.0. It 
has been ...)
        NOT-FOR-US: Fanli2012 native-php-cms
@@ -12315,7 +12372,7 @@ CVE-2024-55085 (GetSimple CMS CE 3.3.19 suffers from 
arbitrary code execution in
        NOT-FOR-US: GetSimple CMS CE
 CVE-2024-54125 (Improper authorization in handler for custom URL scheme issue 
in "Shon ...)
        NOT-FOR-US: Shonen Jump+
-CVE-2024-52949 (iptraf-ng 1.2.1 has a stack-based buffer overflow.)
+CVE-2024-52949 (iptraf-ng 1.2.1 has a stack-based buffer overflow. In 
src/ifaces.c, th ...)
        - iptraf-ng <unfixed> (unimportant; bug #1090381)
        NOTE: 
https://github.com/iptraf-ng/iptraf-ng/commit/2b623e991115358a57275af8a53feb5ae707b3ae
 (v1.2.2)
        NOTE: Negligible security impact
@@ -261405,8 +261462,8 @@ CVE-2021-44020 (An unnecessary privilege 
vulnerability in Trend Micro Worry-Free
        NOT-FOR-US: Trend Micro
 CVE-2021-44019 (An unnecessary privilege vulnerability in Trend Micro 
Worry-Free Busin ...)
        NOT-FOR-US: Trend Micro
-CVE-2021-3978
-       RESERVED
+CVE-2021-3978 (When copying files with rsync, octorpki uses the "-a" flag 0, 
which fo ...)
+       TODO: check
 CVE-2021-3977 (invoiceninja is vulnerable to Improper Neutralization of Input 
During  ...)
        NOT-FOR-US: invoiceninja
 CVE-2021-44018 (A vulnerability has been identified in JT2Go (All versions < 
V13.2.0.7 ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/62e6b872e11317b4fac9c1d50551e99b22d5bdaf

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/62e6b872e11317b4fac9c1d50551e99b22d5bdaf
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to