[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Thu, 06 Feb 2025 00:12:12 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
38e8db19 by security tracker role at 2025-02-06T08:11:56+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,113 @@
+CVE-2025-24845 (Improper neutralization of argument delimiters in a command 
('Argument ...)
+       TODO: check
+CVE-2025-24483 (NULL pointer dereference vulnerability exists in Defense 
Platform Home ...)
+       TODO: check
+CVE-2025-23236 (Buffer overflow vulnerability exists in Defense Platform Home 
Edition  ...)
+       TODO: check
+CVE-2025-22894 (Unprotected Windows messaging channel ('Shatter') issue exists 
in Defe ...)
+       TODO: check
+CVE-2025-22890 (Execution with unnecessary privileges issue exists in Defense 
Platform ...)
+       TODO: check
+CVE-2025-20094 (Unprotected Windows messaging channel ('Shatter') issue exists 
in Defe ...)
+       TODO: check
+CVE-2025-1066 (OpenPLC_V3 contains an arbitrary file upload vulnerability, 
which coul ...)
+       TODO: check
+CVE-2025-0799 (IBM App Connect enterprise12.0.1.0 through 12.0.12.10 
and13.0.1.0 thro ...)
+       TODO: check
+CVE-2025-0522 (The LikeBot  WordPress plugin through 0.85 does not have CSRF 
check in ...)
+       TODO: check
+CVE-2024-57699 (A security issue was found in Netplex Json-smart 2.5.0 through 
2.5.1.  ...)
+       TODO: check
+CVE-2024-57598 (A floating point exception (divide-by-zero) vulnerability was 
discover ...)
+       TODO: check
+CVE-2024-57520 (Insecure Permissions vulnerability in asterisk v22 allows a 
remote att ...)
+       TODO: check
+CVE-2024-57086 (A prototype pollution in the function fieldsToJson of 
node-opcua-alarm ...)
+       TODO: check
+CVE-2024-57085 (A prototype pollution in the function deepMerge of 
@stryker-mutator/ut ...)
+       TODO: check
+CVE-2024-57084 (A prototype pollution in the function lib.parse of 
dot-properties v1.0 ...)
+       TODO: check
+CVE-2024-57082 (A prototype pollution in the lib.createUploader function of 
@rpldy/upl ...)
+       TODO: check
+CVE-2024-57081 (A prototype pollution in the lib.fromQuery function of 
underscore-cont ...)
+       TODO: check
+CVE-2024-57080 (A prototype pollution in the lib.install function of vxe-table 
v4.8.10 ...)
+       TODO: check
+CVE-2024-57079 (A prototype pollution in the lib.deepMerge function of 
@zag-js/core v0 ...)
+       TODO: check
+CVE-2024-57078 (A prototype pollution in the lib.merge function of cli-util 
v1.1.27 al ...)
+       TODO: check
+CVE-2024-57077 (The latest version of utils-extend (1.0.8) is vulnerable to 
Prototype  ...)
+       TODO: check
+CVE-2024-57076 (A prototype pollution in the lib.post function of ajax-request 
v1.2.3  ...)
+       TODO: check
+CVE-2024-57075 (A prototype pollution in the lib.Logger function of 
eazy-logger v4.0.1 ...)
+       TODO: check
+CVE-2024-57074 (A prototype pollution in the lib.merge function of xe-utils 
v3.5.31 al ...)
+       TODO: check
+CVE-2024-57072 (A prototype pollution in the lib.requireFromString function of 
module- ...)
+       TODO: check
+CVE-2024-57071 (A prototype pollution in the lib.combine function of 
php-parser v3.2.1 ...)
+       TODO: check
+CVE-2024-57069 (A prototype pollution in the lib function of expand-object 
v0.4.2 allo ...)
+       TODO: check
+CVE-2024-57068 (A prototype pollution in the lib.mutateMergeDeep function of 
@tanstack ...)
+       TODO: check
+CVE-2024-57067 (A prototype pollution in the lib.parse function of dot-qs 
v0.2.0 allow ...)
+       TODO: check
+CVE-2024-57066 (A prototype pollution in the lib.deep function of 
@ndhoule/defaults v2 ...)
+       TODO: check
+CVE-2024-57065 (A prototype pollution in the lib.createPath function of utile 
v0.3.0 a ...)
+       TODO: check
+CVE-2024-57064 (A prototype pollution in the lib.setValue function of 
@syncfusion/ej2- ...)
+       TODO: check
+CVE-2024-57063 (A prototype pollution in the lib function of 
php-date-formatter v1.3.6 ...)
+       TODO: check
+CVE-2024-56473 (IBM Aspera Shares1.9.0 through 1.10.0 PL6  could allow an 
attacker to  ...)
+       TODO: check
+CVE-2024-56472 (IBM Aspera Shares1.9.0 through 1.10.0 PL6  is vulnerable to 
stored cro ...)
+       TODO: check
+CVE-2024-56471 (IBM Aspera Shares1.9.0 through 1.10.0 PL6  is vulnerable to 
server-sid ...)
+       TODO: check
+CVE-2024-56470 (IBM Aspera Shares1.9.0 through 1.10.0 PL6  is vulnerable to 
server-sid ...)
+       TODO: check
+CVE-2024-54853 (A Stored Cross-Site Scripting (XSS) vulnerability was 
identified affec ...)
+       TODO: check
+CVE-2024-51547 (Use of Hard-coded Credentials vulnerability in ABB 
ASPECT-Enterprise,  ...)
+       TODO: check
+CVE-2024-51450 (IBM Security Verify Directory 10.0.0 through 10.0.3 could 
allow a remo ...)
+       TODO: check
+CVE-2024-49814 (IBM Security Verify Access Appliance 10.0.0 through 10.0.3 
could allow ...)
+       TODO: check
+CVE-2024-49800 (IBM ApplinX 11.1 stores sensitive information in cleartext in 
memory t ...)
+       TODO: check
+CVE-2024-49798 (IBM ApplinX 11.1 could allow a remote attacker to obtain 
sensitive inf ...)
+       TODO: check
+CVE-2024-49797 (IBM ApplinX 11.1 could allow a remote attacker to obtain 
sensitive inf ...)
+       TODO: check
+CVE-2024-49796 (IBM ApplinX 11.1 could allow a remote attacker to hijack the 
clicking  ...)
+       TODO: check
+CVE-2024-49795 (IBM ApplinX 11.1 is vulnerable to cross-site request forgery 
which cou ...)
+       TODO: check
+CVE-2024-49794 (IBM ApplinX 11.1 is vulnerable to cross-site request forgery 
which cou ...)
+       TODO: check
+CVE-2024-49793 (IBM ApplinX 11.1 is vulnerable to cross-site scripting. This 
vulnerabi ...)
+       TODO: check
+CVE-2024-49792 (IBM ApplinX 11.1 is vulnerable to cross-site scripting. This 
vulnerabi ...)
+       TODO: check
+CVE-2024-49791 (IBM ApplinX 11.1 is vulnerable to cross-site scripting. This 
vulnerabi ...)
+       TODO: check
+CVE-2024-48394 (A Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been 
identif ...)
+       TODO: check
+CVE-2024-38318 (IBM Aspera Shares1.9.0 through 1.10.0 PL6 is vulnerable to 
HTML inject ...)
+       TODO: check
+CVE-2024-38317 (IBM Aspera Shares1.9.0 through 1.10.0 PL6  is vulnerable to 
cross-site ...)
+       TODO: check
+CVE-2024-38316 (IBM Aspera Shares1.9.0 through 1.10.0 PL6 does not properly 
rate limit ...)
+       TODO: check
+CVE-2024-13487 (The The CURCY \u2013 Multi Currency for WooCommerce \u2013 The 
best fr ...)
+       TODO: check
 CVE-2025-24805 (Mobile Security Framework (MobSF) is an automated, all-in-one 
mobile a ...)
        TODO: check
 CVE-2025-24804 (Mobile Security Framework (MobSF) is an automated, all-in-one 
mobile a ...)
@@ -406,12 +516,15 @@ CVE-2025-1009 (An attacker could have caused a 
use-after-free via crafted XSLT d
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-09/#CVE-2025-1009
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-10/#CVE-2025-1009
 CVE-2025-0451 (Inappropriate implementation in Extensions API in Google Chrome 
prior  ...)
+       {DSA-5859-1}
        - chromium <unfixed>
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2025-0445 (Use after free in V8 in Google Chrome prior to 133.0.6943.53 
allowed a ...)
+       {DSA-5859-1}
        - chromium <unfixed>
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2025-0444 (Use after free in Skia in Google Chrome prior to 133.0.6943.53 
allowed ...)
+       {DSA-5859-1}
        - chromium <unfixed>
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2025-24982 (Cross-site request forgery vulnerability exists in Activity 
Log Winter ...)
@@ -18491,6 +18604,7 @@ CVE-2024-53707 (Cross-Site Request Forgery (CSRF) 
vulnerability in Ahmet \u0130m
 CVE-2024-53617 (A Cross Site Scripting vulnerability in LibrePhotos before 
commit 3223 ...)
        NOT-FOR-US: LibrePhotos
 CVE-2024-53566 (An issue in the action_listcategories() function of Sangoma 
Asterisk v ...)
+       {DLA-4042-1}
        - asterisk 1:22.1.1~dfsg+~cs6.14.60671435-1
        NOTE: https://gist.github.com/hyp164D1/e7c0f44ffb38c00320aa1a6d98bee616
        NOTE: 
https://github.com/asterisk/asterisk/security/advisories/GHSA-33x6-fj46-6rfh
@@ -324241,8 +324355,8 @@ CVE-2020-36086
        RESERVED
 CVE-2020-36085
        RESERVED
-CVE-2020-36084
-       RESERVED
+CVE-2020-36084 (SQL Injection vulnerability in SourceCodester Responsive 
E-Learning Sy ...)
+       TODO: check
 CVE-2020-36083
        RESERVED
 CVE-2020-36082 (File Upload vulnerability in bloofoxCMS version 0.5.2.1, 
allows remote ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38e8db195c48779030af942952fdc0e414b59491

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38e8db195c48779030af942952fdc0e414b59491
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to