Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4ccd8b08 by security tracker role at 2025-02-06T20:12:36+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,113 @@
+CVE-2025-24981 (MDC is a tool to take regular Markdown and write documents
interacting ...)
+ TODO: check
+CVE-2025-24787 (WhoDB is an open source database management tool. In affected
versions ...)
+ TODO: check
+CVE-2025-24786 (WhoDB is an open source database management tool. While the
applicatio ...)
+ TODO: check
+CVE-2025-23217 (mitmproxy is a interactive TLS-capable intercepting HTTP proxy
for pen ...)
+ TODO: check
+CVE-2025-22992 (A SQL Injection vulnerability exists in the /feed/insert.json
endpoint ...)
+ TODO: check
+CVE-2025-22936 (An issue in Smartcom Bulgaria AD Smartcom Ralink CPE/WiFi
router SAM-4 ...)
+ TODO: check
+CVE-2025-22867 (On Darwin, building a Go module which contains CGO can trigger
arbitra ...)
+ TODO: check
+CVE-2025-22866 (Due to the usage of a variable time instruction in the
assembly implem ...)
+ TODO: check
+CVE-2025-1078 (A vulnerability has been found in AppHouseKitchen AlDente
Charge Limit ...)
+ TODO: check
+CVE-2025-1076 (A Stored Cross-Site Scripting (Stored XSS) vulnerability has
been foun ...)
+ TODO: check
+CVE-2025-1074 (A vulnerability, which was classified as problematic, was found
in Web ...)
+ TODO: check
+CVE-2025-0994 (Trimble Cityworks versions prior to 15.8.9 and Cityworks with
office c ...)
+ TODO: check
+CVE-2025-0982 (Sandbox escape in the JavaScript Task feature of Google Cloud
Applicat ...)
+ TODO: check
+CVE-2025-0859 (The Post and Page Builder by BoldGrid \u2013 Visual Drag and
Drop Edit ...)
+ TODO: check
+CVE-2024-57962 (Vulnerability of incomplete verification information in the
VPN servic ...)
+ TODO: check
+CVE-2024-57961 (Out-of-bounds write vulnerability in the emcom module Impact:
Successf ...)
+ TODO: check
+CVE-2024-57960 (Input verification vulnerability in the
ExternalStorageProvider module ...)
+ TODO: check
+CVE-2024-57959 (Use-After-Free (UAF) vulnerability in the display module
Impact: Succe ...)
+ TODO: check
+CVE-2024-57958 (Out-of-bounds array read vulnerability in the FFRT module
Impact: Succ ...)
+ TODO: check
+CVE-2024-57957 (Vulnerability of improper log information control in the UI
framework ...)
+ TODO: check
+CVE-2024-57956 (Out-of-bounds read vulnerability in the interpreter string
module Impa ...)
+ TODO: check
+CVE-2024-57955 (Arbitrary write vulnerability in the Gallery module Impact:
Successfu ...)
+ TODO: check
+CVE-2024-57954 (Permission verification vulnerability in the media library
module Impa ...)
+ TODO: check
+CVE-2024-57673 (An issue in floodlight v1.2 allows a local attacker to cause a
denial ...)
+ TODO: check
+CVE-2024-57672 (An issue in floodlight v1.2 allows a local attacker to cause a
denial ...)
+ TODO: check
+CVE-2024-57668 (In Code-projects Shopping Portal v1.0, the insert-product.php
page has ...)
+ TODO: check
+CVE-2024-57610 (A rate limiting issue in Sylius v2.0.2 allows a remote
attacker to per ...)
+ TODO: check
+CVE-2024-57599 (Cross Site Scripting vulnerability in DouPHP v.1.8 Release
20231203 al ...)
+ TODO: check
+CVE-2024-57523 (Cross Site Request Forgery (CSRF) in Users.php in
SourceCodester Packe ...)
+ TODO: check
+CVE-2024-57430 (An SQL injection vulnerability in the pjActionGetUser function
of PHPJ ...)
+ TODO: check
+CVE-2024-57429 (A cross-site request forgery (CSRF) vulnerability in the
pjActionUpdat ...)
+ TODO: check
+CVE-2024-57428 (A stored cross-site scripting (XSS) vulnerability in
PHPJabbers Cinema ...)
+ TODO: check
+CVE-2024-57427 (PHPJabbers Cinema Booking System v2.0 is vulnerable to
reflected cross ...)
+ TODO: check
+CVE-2024-57426 (NetMod VPN Client 5.3.1 is vulnerable to DLL injection,
allowing an at ...)
+ TODO: check
+CVE-2024-52892 (IBM Jazz for Service Management 1.1.3 through 1.1.3.23 is
vulnerable t ...)
+ TODO: check
+CVE-2024-47258 (2N Access Commander version 2.1 and prior is vulnerable in
default set ...)
+ TODO: check
+CVE-2024-47256 (Successful exploitation of this vulnerability could allow an
attacker ...)
+ TODO: check
+CVE-2024-45626 (Apache James server JMAP HTML to text plain implementation in
versions ...)
+ TODO: check
+CVE-2024-43811
+ REJECTED
+CVE-2024-43779 (An information disclosure vulnerability exists in the Vault
API functi ...)
+ TODO: check
+CVE-2024-39272 (A cross-site scripting (xss) vulnerability exists in the
dataset uploa ...)
+ TODO: check
+CVE-2024-39033 (In Newgensoft OmniDocs 11.0_SP1_03_006, Insecure Direct Object
Referen ...)
+ TODO: check
+CVE-2024-37358 (Similarly to CVE-2024-34055, Apache James is vulnerable to
denial of s ...)
+ TODO: check
+CVE-2024-36558 (Forever KidsWatch Call Me KW-50
R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.1 ...)
+ TODO: check
+CVE-2024-36557 (The device ID is based on IMEI in Forever KidsWatch Call Me
KW50 R36_Y ...)
+ TODO: check
+CVE-2024-36556 (Forever KidsWatch Call Me KW50
R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.19 ...)
+ TODO: check
+CVE-2024-36555 (Built-in SMS-configuration command in Forever KidsWatch Call
Me KW50 R ...)
+ TODO: check
+CVE-2024-36554 (Forever KidsWatch Call Me KW-50
R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.1 ...)
+ TODO: check
+CVE-2024-36553 (Forever KidsWatch Call Me KW-50
R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.1 ...)
+ TODO: check
+CVE-2024-24911 (In rare scenarios, the cpca process on the Security Management
Server ...)
+ TODO: check
+CVE-2024-13614 (Kaspersky has fixed a security issue in Kaspersky Anti-Virus
SDK for W ...)
+ TODO: check
+CVE-2024-13417 (Specifically crafted payloads sent to the RFID reader could
cause DoS ...)
+ TODO: check
+CVE-2024-13416 (Using API in the 2N OS device, authorized user can enable
logging, whi ...)
+ TODO: check
+CVE-2024-12602 (Identity verification vulnerability in the ParamWatcher module
Impact: ...)
+ TODO: check
+CVE-2023-5878 (Honeywell OneWireless Wireless Device Manager (WDM)for the
following ...)
+ TODO: check
CVE-2025-24845 (Improper neutralization of argument delimiters in a command
('Argument ...)
NOT-FOR-US: Defense Platform Home Edition
CVE-2025-24483 (NULL pointer dereference vulnerability exists in Defense
Platform Home ...)
@@ -699,7 +809,7 @@ CVE-2025-25066 (nDPI through 4.12 has a potential
stack-based buffer overflow in
NOTE: Fixed by:
https://github.com/ntop/nDPI/commit/678697b5eb6c3caa5dd5f8cccfe9eed8d13b94bb
CVE-2025-25065 (SSRF vulnerability in the RSS feed parser in Zimbra
Collaboration 9.0. ...)
NOT-FOR-US: Zimbra
-CVE-2025-25064 (SQL injection vulnerability in the ZimbraSyncService SOAP
endpoint in ...)
+CVE-2025-25064 (SQL injection vulnerability in the ZimbraSync Service SOAP
endpoint in ...)
NOT-FOR-US: Zimbra
CVE-2025-25063 (An XSS issue was discovered in Backdrop CMS 1.28.x before
1.28.5 and 1 ...)
- backdrop <itp> (bug #914257)
@@ -2178,7 +2288,7 @@ CVE-2024-57547 (Insecure Permissions vulnerability in
CMSimple v.5.16 allows a r
NOT-FOR-US: CMSimple
CVE-2024-57546 (An issue in CMSimple v.5.16 allows a remote attacker to obtain
sensiti ...)
NOT-FOR-US: CMSimple
-CVE-2024-57373 (Cross Site Request Forgery vulnerability in LifestyleStore
v.1.0 allow ...)
+CVE-2024-57373 (Cross Site Request Forgery (CSRF) vulnerability in
LifestyleStore v1.0 ...)
NOT-FOR-US: LifestyleStore
CVE-2024-57052 (An issue in youdiancms v.9.5.20 and before allows a remote
attacker to ...)
NOT-FOR-US: youdiancms
@@ -200589,8 +200699,8 @@ CVE-2022-40918 (Buffer overflow in firmware lewei_cam
binary version 2.0.10 in F
NOT-FOR-US: firmware lewei_cam binary
CVE-2022-40917
RESERVED
-CVE-2022-40916
- RESERVED
+CVE-2022-40916 (Tiny File Manager v2.4.7 and below is vulnerable to session
fixation.)
+ TODO: check
CVE-2022-40915
RESERVED
CVE-2022-40914
@@ -201702,8 +201812,8 @@ CVE-2022-40492
RESERVED
CVE-2022-40491
RESERVED
-CVE-2022-40490
- RESERVED
+CVE-2022-40490 (Tiny File Manager v2.4.7 and below was discovered to contain a
Cross S ...)
+ TODO: check
CVE-2022-40489 (ThinkCMF version 6.0.7 is affected by a Cross Site Request
Forgery (CS ...)
NOT-FOR-US: ThinkCMF
CVE-2022-40488 (ProcessWire v3.0.200 was discovered to contain a Cross-Site
Request Fo ...)
@@ -225597,8 +225707,7 @@ CVE-2022-31766 (A vulnerability has been identified
in RUGGEDCOM RM1224 LTE(4G)
NOT-FOR-US: Siemens
CVE-2022-31765 (Affected devices do not properly authorize the change password
functio ...)
NOT-FOR-US: Siemens
-CVE-2022-31764
- RESERVED
+CVE-2022-31764 (The Lite UI of Apache ShardingSphere ElasticJob-UI allows an
attacker ...)
NOT-FOR-US: Apache ShardingSphere ElasticJob-UI
CVE-2022-1925 (DOS / potential heap overwrite in mkv demuxing using
HEADERSTRIP decom ...)
{DSA-5204-1 DLA-3069-1}
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4ccd8b0824d1b17fd952b20e66993c1bbb8c1534
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4ccd8b0824d1b17fd952b20e66993c1bbb8c1534
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
