[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Mon, 17 Feb 2025 12:12:14 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
7bacd96d by security tracker role at 2025-02-17T20:11:58+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,39 @@
+CVE-2025-26778 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-26775 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-26773 (Missing Authorization vulnerability in Adnan Analytify allows 
Exploiti ...)
+       TODO: check
+CVE-2025-26772 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-26771 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-26770 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-26769 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-26758 (Exposure of Sensitive System Information to an Unauthorized 
Control Sp ...)
+       TODO: check
+CVE-2025-26754 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-23845 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-23840 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-21103 (Dell NetWorker Management Console, version(s) 19.11 through 
19.11.0.3  ...)
+       TODO: check
+CVE-2025-1392 (A vulnerability has been found in D-Link DIR-816 1.01TO and 
classified ...)
+       TODO: check
+CVE-2025-1391 (A flaw was found in the Keycloak organization feature, which 
allows th ...)
+       TODO: check
+CVE-2025-0714 (The vulnerability existed in the password storage of Mobateks 
MobaXter ...)
+       TODO: check
+CVE-2025-0001 (Abacus ERP is versions older than 2024.210.16036, 
2023.205.15833, 2022 ...)
+       TODO: check
+CVE-2024-13879 (The Stream plugin for WordPress is vulnerable to Server-Side 
Request F ...)
+       TODO: check
+CVE-2024-13837
+       REJECTED
 CVE-2025-26779 (Improper Limitation of a Pathname to a Restricted Directory 
('Path Tra ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-26768 (Cross-Site Request Forgery (CSRF) vulnerability in what3words 
what3wor ...)
@@ -2671,6 +2707,7 @@ CVE-2024-13492 (The Guten Free Options WordPress plugin 
through 0.9.5 does not s
 CVE-2024-13352 (The Legull WordPress plugin through 1.2.2 does not sanitise 
and escape ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-12243 (A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 
data pr ...)
+       {DSA-5867-1}
        [experimental] - gnutls28 3.8.9-1
        - gnutls28 3.8.9-2
        NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-02-07
@@ -5130,6 +5167,7 @@ CVE-2024-45340 (Credentials provided via the new GOAUTH 
feature were not being p
        NOTE: Fixed by: 
https://github.com/golang/go/commit/8336dfde7096ff75c1ff256cb3079863cefac33a 
(go1.24rc2)
        NOTE: Introduced after: 
https://github.com/golang/go/commit/8194d735cff90871b1ea5c92e83ddd50abdd4185 
(go1.24rc1)
 CVE-2024-45339 (When logs are written to a widely-writable directory (the 
default), an ...)
+       {DLA-4056-1}
        - golang-glog 1.2.4-1 (bug #1094733)
        NOTE: Fixed by: 
https://github.com/golang/glog/commit/a0e3c40a0ed0cecc58c84e7684d9ce55a54044ee 
(v1.2.4)
        NOTE: Complete fix: https://github.com/golang/glog/pull/74
@@ -6740,7 +6778,7 @@ CVE-2024-52948 [CSRF on 2FA registration]
        NOTE: 
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/dfe9ddc40de982a33fbff42a143ccd1b786de775
        NOTE: Backports for 2.20 (in v2.20.2): 
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/merge_requests/638
        NOTE: Backports for 2.16 (in v2.16.4): 
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/merge_requests/644
-CVE-2025-0509 (A security issue was found in Sparkle before version 2.64. An 
attacker ...)
+CVE-2025-0509 (A security issue was found in Sparkle before version 2.6.4. An 
attacke ...)
        - openjdk-8 <not-affected> (Specific to MacOS packaging of Oracle Java)
 CVE-2025-23237 (Improper neutralization of special elements used in an OS 
command ('OS ...)
        NOT-FOR-US: UD-LT2 firmware
@@ -305222,7 +305260,7 @@ CVE-2021-30371
 CVE-2021-30370
        RESERVED
 CVE-2021-30369
-       RESERVED
+       REJECTED
 CVE-2021-30368
        RESERVED
 CVE-2021-30367



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7bacd96dd103e3fba94a442b20f50b7a8702603e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7bacd96dd103e3fba94a442b20f50b7a8702603e
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to