Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
96acb235 by security tracker role at 2025-02-04T08:12:40+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,163 @@
+CVE-2025-24982 (Cross-site request forgery vulnerability exists in Activity
Log Winter ...)
+ TODO: check
+CVE-2025-24962 (reNgine is an automated reconnaissance framework for web
applications. ...)
+ TODO: check
+CVE-2025-24961 (org.gaul S3Proxy implements the S3 API and proxies requests.
Users of ...)
+ TODO: check
+CVE-2025-24960 (Jellystat is a free and open source Statistics App for
Jellyfin. In af ...)
+ TODO: check
+CVE-2025-24959 (zx is a tool for writing better scripts. An attacker with
control over ...)
+ TODO: check
+CVE-2025-24958 (WeGIA is a Web Manager for Charitable Institutions. A SQL
Injection vu ...)
+ TODO: check
+CVE-2025-24957 (WeGIA is a Web Manager for Charitable Institutions. A SQL
Injection vu ...)
+ TODO: check
+CVE-2025-24906 (WeGIA is a Web Manager for Charitable Institutions. A SQL
Injection vu ...)
+ TODO: check
+CVE-2025-24905 (WeGIA is a Web Manager for Charitable Institutions. A SQL
Injection vu ...)
+ TODO: check
+CVE-2025-24902 (WeGIA is a Web Manager for Charitable Institutions. A SQL
Injection vu ...)
+ TODO: check
+CVE-2025-24901 (WeGIA is a Web Manager for Charitable Institutions. A SQL
Injection vu ...)
+ TODO: check
+CVE-2025-24899 (reNgine is an automated reconnaissance framework for web
applications. ...)
+ TODO: check
+CVE-2025-24371 (CometBFT is a distributed, Byzantine fault-tolerant,
deterministic sta ...)
+ TODO: check
+CVE-2025-24370 (Django-Unicorn adds modern reactive component functionality to
Django ...)
+ TODO: check
+CVE-2025-24029 (Tuleap is an Open Source Suite to improve management of
software devel ...)
+ TODO: check
+CVE-2025-23210 (phpoffice/phpspreadsheet is a pure PHP library for reading and
writing ...)
+ TODO: check
+CVE-2025-22918 (Polycom RealPresence Group 500 <=20 has Insecure Permissions
due to au ...)
+ TODO: check
+CVE-2025-22475 (Dell PowerProtect DD, versions prior to DDOS 8.3.0.0,
7.10.1.50, and 7 ...)
+ TODO: check
+CVE-2025-22205 (Improper handling of input variables lead to multiple path
traversal v ...)
+ TODO: check
+CVE-2025-22204 (Improper control of generation of code in the sourcerer
extension for ...)
+ TODO: check
+CVE-2025-22129 (Tuleap is an Open Source Suite to improve management of
software devel ...)
+ TODO: check
+CVE-2025-20907 (Improper privilege management in Samsung Find prior to SMR
Feb-2025 Re ...)
+ TODO: check
+CVE-2025-20906 (Improper Export of Android Application Components in Settings
prior to ...)
+ TODO: check
+CVE-2025-20905 (Out-of-bounds read and write in mPOS TUI trustlet prior to SMR
Feb-202 ...)
+ TODO: check
+CVE-2025-20904 (Out-of-bounds write in mPOS TUI trustlet prior to SMR Feb-2025
Release ...)
+ TODO: check
+CVE-2025-20902 (Improper access control in Media Controller prior to version
1.0.24.52 ...)
+ TODO: check
+CVE-2025-20901 (Out-of-bounds read in Blockchain Keystore prior to version
1.3.16.5 al ...)
+ TODO: check
+CVE-2025-20900 (Out-of-bounds write in Blockchain Keystore prior to version
1.3.16.5 a ...)
+ TODO: check
+CVE-2025-20899 (Improper access control in PushNotification prior to version
13.0.00.1 ...)
+ TODO: check
+CVE-2025-20898 (Improper input validation in Samsung Members prior to version
5.2.00.1 ...)
+ TODO: check
+CVE-2025-20897 (Improper access control in Secure Folder prior to version
1.9.20.50 in ...)
+ TODO: check
+CVE-2025-20896 (Use of implicit intent for sensitive communication in
EasySetup prior ...)
+ TODO: check
+CVE-2025-20895 (Authentication Bypass Using an Alternate Path in Galaxy Store
prior to ...)
+ TODO: check
+CVE-2025-20894 (Improper access control in Samsung Email prior to version
6.1.97.1 all ...)
+ TODO: check
+CVE-2025-20893 (Improper access control in NotificationManager prior to SMR
Jan-2025 R ...)
+ TODO: check
+CVE-2025-20892 (Protection Mechanism Failure in bootloader prior to SMR
Jan-2025 Relea ...)
+ TODO: check
+CVE-2025-20891 (Out-of-bounds read in decoding malformed bitstream of video
thumbnails ...)
+ TODO: check
+CVE-2025-20890 (Out-of-bounds write in decoding frame buffer in libsthmbc.so
prior to ...)
+ TODO: check
+CVE-2025-20889 (Out-of-bounds read in decoding malformed bitstream for smp4vtd
in libs ...)
+ TODO: check
+CVE-2025-20888 (Out-of-bounds write in handling the block size for smp4vtd in
libsthmb ...)
+ TODO: check
+CVE-2025-20887 (Out-of-bounds read in accessing table used for svp8t in
libsthmbc.so p ...)
+ TODO: check
+CVE-2025-20886 (Inclusion of sensitive information in test code in softsim TA
prior to ...)
+ TODO: check
+CVE-2025-20885 (Out-of-bounds write in softsim TA prior to SMR Jan-2025
Release 1 allo ...)
+ TODO: check
+CVE-2025-20884 (Improper access control in Samsung Message prior to SMR
Jan-2025 Relea ...)
+ TODO: check
+CVE-2025-20883 (Improper access control in SoundPicker prior to SMR Jan-2025
Release 1 ...)
+ TODO: check
+CVE-2025-20882 (Out-of-bounds write in accessing uninitialized memory for
svc1td in li ...)
+ TODO: check
+CVE-2025-20881 (Out-of-bounds write in accessing buffer storing the decoded
video fram ...)
+ TODO: check
+CVE-2025-1003 (A potential vulnerability has been identified in HP Anyware
Agent for ...)
+ TODO: check
+CVE-2025-0466 (The Sensei LMS WordPress plugin before 4.24.4 does not
properly prote ...)
+ TODO: check
+CVE-2025-0368 (The Banner Garden Plugin for WordPress plugin through 0.1.3
does not s ...)
+ TODO: check
+CVE-2025-0148 (Missing password field masking in the Zoom Jenkins Marketplace
plugin ...)
+ TODO: check
+CVE-2024-57451 (ChestnutCMS <=1.5.0 has a directory traversal vulnerability in
content ...)
+ TODO: check
+CVE-2024-56903 (A Cross-Site Request Forgery (CSRF) in Geovision GV-ASWeb with
the ver ...)
+ TODO: check
+CVE-2024-56902 (An issue in Geovision GV-ASWeb with version 6.1.0.0 or less
allows una ...)
+ TODO: check
+CVE-2024-56901 (A Cross-Site Request Forgery (CSRF) in the Account Management
componen ...)
+ TODO: check
+CVE-2024-56898 (Incorrect access control in Geovision GV-ASWeb version 6.1.0.0
or less ...)
+ TODO: check
+CVE-2024-47770 (Wazuh is a free and open source platform used for threat
prevention, d ...)
+ TODO: check
+CVE-2024-44449 (Cross Site Scripting vulnerability in Quorum onQ OS
v.6.0.0.5.2064 all ...)
+ TODO: check
+CVE-2024-35177 (Wazuh is a free and open source platform used for threat
prevention, d ...)
+ TODO: check
+CVE-2024-34897 (Nedis SmartLife android app v1.4.0 was discovered to contain
an API ke ...)
+ TODO: check
+CVE-2024-34896 (An issue in Nedis SmartLife Video Doorbell (WIFICDP10GY),
Nedis SmartL ...)
+ TODO: check
+CVE-2024-13607 (The JS Help Desk \u2013 The Ultimate Help Desk & Support
Plugin plugin ...)
+ TODO: check
+CVE-2024-13514 (The B Slider- Gutenberg Slider Block for WP plugin for
WordPress is vu ...)
+ TODO: check
+CVE-2024-13332 (The TransFinanz WordPress plugin through 1.0.0 does not
sanitise and e ...)
+ TODO: check
+CVE-2024-13331 (The WP Dream Carousel WordPress plugin through 1.0.1b does not
sanitis ...)
+ TODO: check
+CVE-2024-13330 (The JustRows free WordPress plugin through 0.2 does not
sanitise and e ...)
+ TODO: check
+CVE-2024-13329 (The Solidres WordPress plugin through 0.9.4 does not sanitise
and esc ...)
+ TODO: check
+CVE-2024-13328 (The Giga Messenger WordPress plugin through 2.3.1 does not
sanitise a ...)
+ TODO: check
+CVE-2024-13327 (The Musicbox WordPress plugin through 2.0.3 does not sanitise
and esca ...)
+ TODO: check
+CVE-2024-13326 (The iBuildApp WordPress plugin through 0.2.0 does not sanitise
and esc ...)
+ TODO: check
+CVE-2024-13325 (The Glossy WordPress plugin through 2.3.5 does not sanitise
and escape ...)
+ TODO: check
+CVE-2024-13115 (The WP Projects Portfolio with Client Testimonials WordPress
plugin th ...)
+ TODO: check
+CVE-2024-13114 (The WP Projects Portfolio with Client Testimonials WordPress
plugin th ...)
+ TODO: check
+CVE-2024-12597 (The HT Mega \u2013 Absolute Addons For Elementor plugin for
WordPress ...)
+ TODO: check
+CVE-2024-12046 (The Medical Addon for Elementor plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2024-10239 (A security issue in the firmware image verification
implementation at ...)
+ TODO: check
+CVE-2024-10238 (A security issue in the firmware image verification
implementation ...)
+ TODO: check
+CVE-2024-10237 (There is a vulnerability in the BMC firmware image
authentication desi ...)
+ TODO: check
+CVE-2023-52164 (access_device.cgi on Digiever DS-2105 Pro 3.1.0.71-11 devices
allows a ...)
+ TODO: check
+CVE-2023-52163 (Digiever DS-2105 Pro 3.1.0.71-11 devices allow
time_tzsetup.cgi Comman ...)
+ TODO: check
CVE-2025-25181 (A SQL injection vulnerability in timeoutWarning.asp in
Advantive VeraC ...)
NOT-FOR-US: Advantive VeraCore
CVE-2025-25066 (nDPI through 4.12 has a potential stack-based buffer overflow
in ndpi_ ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/96acb235c2a4cea7560000a19caff4a05a16cab6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/96acb235c2a4cea7560000a19caff4a05a16cab6
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
