Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
884a9d76 by security tracker role at 2025-02-19T20:12:02+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,105 @@
+CVE-2025-27089 (Directus is a real-time API and App dashboard for managing SQL
databas ...)
+ TODO: check
+CVE-2025-24965 (crun is an open source OCI Container Runtime fully written in
C. In af ...)
+ TODO: check
+CVE-2025-24806 (Authelia is an open-source authentication and authorization
server pro ...)
+ TODO: check
+CVE-2025-20211 (A vulnerability in the web-based management interface of Cisco
BroadWo ...)
+ TODO: check
+CVE-2025-20158 (A vulnerability in the debug shell of Cisco Video Phone 8875
and Cisco ...)
+ TODO: check
+CVE-2025-20153 (A vulnerability in the email filtering mechanism of Cisco
Secure Email ...)
+ TODO: check
+CVE-2025-1465 (A vulnerability, which was classified as problematic, was found
in lmx ...)
+ TODO: check
+CVE-2025-1464 (A vulnerability, which was classified as critical, has been
found in B ...)
+ TODO: check
+CVE-2025-1426 (Heap buffer overflow in GPU in Google Chrome on Android prior
to 133.0 ...)
+ TODO: check
+CVE-2025-1135 (A vulnerability exists in ChurchCRM5.13.0. and prior that
allows an at ...)
+ TODO: check
+CVE-2025-1134 (A vulnerability exists in ChurchCRM5.13.0 and prior that allows
an att ...)
+ TODO: check
+CVE-2025-1133 (A vulnerability exists in ChurchCRM 5.13.0 and priorthat allows
an att ...)
+ TODO: check
+CVE-2025-1132 (A time-based blind SQL Injectionvulnerability exists in the
ChurchCRM ...)
+ TODO: check
+CVE-2025-1075 (Insertion of Sensitive Information into Log File in Checkmk
GmbH's Che ...)
+ TODO: check
+CVE-2025-1024 (A vulnerability exists in ChurchCRM 5.13.0that allows an
attacker to e ...)
+ TODO: check
+CVE-2025-1007 (In OpenVSX version v0.9.0 to v0.20.0, the
/user/namespace/{namespace} ...)
+ TODO: check
+CVE-2025-1006 (Use after free in Network in Google Chrome prior to
133.0.6943.126 all ...)
+ TODO: check
+CVE-2025-0999 (Heap buffer overflow in V8 in Google Chrome prior to
133.0.6943.126 al ...)
+ TODO: check
+CVE-2025-0968 (The ElementsKit Elementor addons plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2025-0916 (The YaySMTP and Email Logs: Amazon SES, SendGrid, Outlook,
Mailgun, Br ...)
+ TODO: check
+CVE-2025-0893 (Symantec Diagnostic Tool (SymDiag), prior to 3.0.79, may be
susceptibl ...)
+ TODO: check
+CVE-2024-53974 (Adobe Experience Manager versions 6.5.21 and earlier are
affected by a ...)
+ TODO: check
+CVE-2024-52902 (IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM
Controller 11. ...)
+ TODO: check
+CVE-2024-52541 (Dell Client Platform BIOS contains a Weak Authentication
vulnerability ...)
+ TODO: check
+CVE-2024-45084 (IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM
Controller 11. ...)
+ TODO: check
+CVE-2024-45081 (IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM
Controller 11. ...)
+ TODO: check
+CVE-2024-28780 (IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM
Controller 11. ...)
+ TODO: check
+CVE-2024-28777 (IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM
Controller 11. ...)
+ TODO: check
+CVE-2024-28776 (IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM
Controller 11. ...)
+ TODO: check
+CVE-2024-13534 (The Small Package Quotes \u2013 Worldwide Express Edition
plugin for W ...)
+ TODO: check
+CVE-2024-13533 (The Small Package Quotes \u2013 USPS Edition plugin for
WordPress is v ...)
+ TODO: check
+CVE-2024-13491 (The Small Package Quotes \u2013 For Customers of FedEx plugin
for Word ...)
+ TODO: check
+CVE-2024-13489 (The LTL Freight Quotes \u2013 Old Dominion Edition plugin for
WordPres ...)
+ TODO: check
+CVE-2024-13485 (The LTL Freight Quotes \u2013 ABF Freight Edition plugin for
WordPress ...)
+ TODO: check
+CVE-2024-13483 (The LTL Freight Quotes \u2013 SAIA Edition plugin for
WordPress is vul ...)
+ TODO: check
+CVE-2024-13481 (The LTL Freight Quotes \u2013 R+L Carriers Edition plugin for
WordPres ...)
+ TODO: check
+CVE-2024-13479 (The LTL Freight Quotes \u2013 SEFL Edition plugin for
WordPress is vul ...)
+ TODO: check
+CVE-2024-13478 (The LTL Freight Quotes \u2013 TForce Edition plugin for
WordPress is v ...)
+ TODO: check
+CVE-2024-13364 (The Raptive Ads plugin for WordPress is vulnerable to
unauthorized acc ...)
+ TODO: check
+CVE-2024-13363 (The Raptive Ads plugin for WordPress is vulnerable to
Reflected Cross- ...)
+ TODO: check
+CVE-2024-13339 (The DeBounce Email Validator plugin for WordPress is
vulnerable to Cro ...)
+ TODO: check
+CVE-2024-13336 (The Disable Auto Updates plugin for WordPress is vulnerable to
Cross-S ...)
+ TODO: check
+CVE-2024-13231 (The WordPress Portfolio Builder \u2013 Portfolio Gallery
plugin for Wo ...)
+ TODO: check
+CVE-2023-51299 (PHPJabbers Hotel Booking System v4.0 is vulnerable to HTML
Injection i ...)
+ TODO: check
+CVE-2023-51298 (PHPJabbers Event Booking Calendar v4.0 is vulnerable to CSV
Injection ...)
+ TODO: check
+CVE-2023-51297 (A lack of rate limiting in the 'Email Settings' feature of
PHPJabbers ...)
+ TODO: check
+CVE-2023-51296 (PHPJabbers Event Booking Calendar v4.0 is vulnerable to
Cross-Site Scr ...)
+ TODO: check
+CVE-2023-51293 (A lack of rate limiting in the 'Forgot Password', 'Email
Settings' fea ...)
+ TODO: check
+CVE-2023-47160 (IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM
Controller 11. ...)
+ TODO: check
+CVE-2023-46272 (Buffer Overflow vulnerability in Extreme Networks IQ Engine
before 10. ...)
+ TODO: check
+CVE-2023-46271 (Extreme Networks IQ Engine before 10.6r1a, and through 10.6r4
before 1 ...)
+ TODO: check
CVE-2025-26624 (Rufus is a utility that helps format and create bootable USB
flash dri ...)
NOT-FOR-US: Rufus
CVE-2025-26617 (WeGIA is an open source Web Manager for Institutions with a
focus on P ...)
@@ -232,7 +334,7 @@ CVE-2024-56883 (Sage DPW before 2024_12_001 is vulnerable
to Incorrect Access Co
NOT-FOR-US: Sage
CVE-2024-56882 (Sage DPW before 2024_12_000 is vulnerable to Cross Site
Scripting (XSS ...)
NOT-FOR-US: Sage
-CVE-2024-56000 (Incorrect Privilege Assignment vulnerability in NotFound K
Elements al ...)
+CVE-2024-56000 (Incorrect Privilege Assignment vulnerability in SeventhQueen K
Element ...)
NOT-FOR-US: WordPress plugin
CVE-2024-55460 (A time-based SQL injection vulnerability in the login page of
BoardRoo ...)
NOT-FOR-US: BoardRoom Limited Dividend Distribution Tax Election System
@@ -278,7 +380,7 @@ CVE-2025-1125 [fs/hfs: Interger overflow may lead to heap
based out-of-bounds wr
- grub2 <unfixed> (bug #1098319)
NOTE:
https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
-CVE-2025-1118 [commands/dump: The dump command is not in lockdown when secure
boot is enabled]
+CVE-2025-1118 (A flaw was found in grub2. Grub's dump command is not blocked
when gru ...)
- grub2 <unfixed> (bug #1098319)
NOTE:
https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
@@ -306,11 +408,11 @@ CVE-2025-0678 [squash4: Integer overflow may lead to heap
based out-of-bounds wr
- grub2 <unfixed> (bug #1098319)
NOTE:
https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
-CVE-2025-0677 [UFS: Integer overflow may lead to heap based out-of-bounds
write when handling symlinks]
+CVE-2025-0677 (A flaw was found in grub2. When performing a symlink lookup,
the grub' ...)
- grub2 <unfixed> (bug #1098319)
NOTE:
https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
-CVE-2025-0624 [net: Out-of-bounds write in grub_net_search_config_file()]
+CVE-2025-0624 (A flaw was found in grub2. During the network boot process,
when tryin ...)
- grub2 <unfixed> (bug #1098319)
NOTE:
https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
@@ -342,7 +444,7 @@ CVE-2024-45778 [fs/bfs: Integer overflow in the BFS parser]
- grub2 <unfixed> (bug #1098319)
NOTE:
https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
-CVE-2024-45777 [grub-core/gettext: Integer overflow leads to Heap OOB Write]
+CVE-2024-45777 (A flaw was found in grub2. The calculation of the translation
buffer w ...)
- grub2 <unfixed> (bug #1098319)
NOTE:
https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
@@ -605,7 +707,7 @@ CVE-2025-1392 (A vulnerability has been found in D-Link
DIR-816 1.01TO and class
NOT-FOR-US: D-Link
CVE-2025-1391 (A flaw was found in the Keycloak organization feature, which
allows th ...)
- keycloak <itp> (bug #1088287)
-CVE-2025-0714 (The vulnerability existed in the password storage of Mobateks
MobaXter ...)
+CVE-2025-0714 (The vulnerability exists in the password storage of Mobateks
MobaXterm ...)
NOT-FOR-US: Mobateks MobaXterm
CVE-2025-0001 (Abacus ERP is versions older than 2024.210.16036,
2023.205.15833, 2022 ...)
NOT-FOR-US: Abacus ERP
@@ -1668,7 +1770,7 @@ CVE-2025-25184 (Rack provides an interface for developing
web applications in Ru
NOTE:
https://github.com/rack/rack/commit/074ae244430cda05c27ca91cda699709cfb3ad8e
CVE-2025-25182 (Stroom is a data processing, storage and analysis platform. A
vulnerab ...)
NOT-FOR-US: Stroom
-CVE-2025-1244 (A flaw was found in the Emacs text editor. Improper handling of
custom ...)
+CVE-2025-1244 (A command injection flaw was found in the text editor Emacs. It
could ...)
- emacs <unfixed> (bug #1098255)
NOTE: https://debbugs.gnu.org/66390
NOTE: Fixed by:
https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=820f0793f0b46448928905552726c1f1b999062f
@@ -184903,7 +185005,7 @@ CVE-2022-46299 (Insufficient control flow management
for some Intel Unison softw
CVE-2022-46298 (Incomplete cleanup for some Intel Unison software may allow a
privileg ...)
NOT-FOR-US: Intel
CVE-2022-46283
- RESERVED
+ REJECTED
CVE-2022-46282 (Use after free vulnerability in CX-Drive V3.00 and earlier
allows a lo ...)
NOT-FOR-US: CX-Drive
CVE-2022-45469 (Improper input validation for some Intel Unison software may
allow an ...)
@@ -333062,8 +333164,8 @@ CVE-2021-20066 (JSDom improperly allows the loading
of local resources, which al
NOTE: https://github.com/jsdom/jsdom/issues/3124
CVE-2020-35547 (A library index page in NuPoint Messenger in Mitel MiCollab
before 9.2 ...)
NOT-FOR-US: Mitel
-CVE-2020-35546
- RESERVED
+CVE-2020-35546 (Lexmark MX6500 LW75.JD.P296 and previous devices have
Incorrect Access ...)
+ TODO: check
CVE-2020-35545 (Time-based SQL injection exists in Spotweb 1.4.9 via the query
string.)
- spotweb <removed> (bug #977719)
[buster] - spotweb <no-dsa> (Minor issue)
@@ -371222,7 +371324,7 @@ CVE-2020-15947 (A SQL injection vulnerability in the
qm_adm/qm_export_stats_run.
NOT-FOR-US: Loway QueueMetrics
CVE-2020-15946
RESERVED
-CVE-2020-15945 (Lua through 5.4.0 has a segmentation fault in changedline in
ldebug.c ...)
+CVE-2020-15945 (Lua 5.4.0 (fixed in 5.4.1) has a segmentation fault in
changedline in ...)
- lua5.4 5.4.1-1
- lua5.3 <not-affected> (Specific to 5.4)
- lua5.2 <not-affected> (Specific to 5.4)
@@ -378158,8 +378260,8 @@ CVE-2020-13483 (The Web Application Firewall in
Bitrix24 through 20.0.0 allows X
NOT-FOR-US: Bitrix24
CVE-2020-13482 (EM-HTTP-Request 1.1.5 uses the library eventmachine in an
insecure way ...)
NOT-FOR-US: EM-HTTP-Request
-CVE-2020-13481
- RESERVED
+CVE-2020-13481 (Certain Lexmark products through 2020-05-25 allow XSS which
allows an ...)
+ TODO: check
CVE-2020-13480 (Verint Workforce Optimization (WFO) 15.2 allows HTML injection
via the ...)
NOT-FOR-US: Verint Workforce Optimization (WFO)
CVE-2020-13479
@@ -388537,8 +388639,8 @@ CVE-2020-10097 (An issue was discovered in Zammad 3.0
through 3.2. It may respon
- zammad <itp> (bug #841355)
CVE-2020-10096 (An issue was discovered in Zammad 3.0 through 3.2. It does not
prevent ...)
- zammad <itp> (bug #841355)
-CVE-2020-10095
- RESERVED
+CVE-2020-10095 (Various Lexmark devices have CSRF that allows an attacker to
modify th ...)
+ TODO: check
CVE-2020-10094 (A cross-site scripting (XSS) vulnerability in Lexmark CS31x
before LW7 ...)
NOT-FOR-US: Lexmark
CVE-2020-10093 (A cross-site scripting (XSS) vulnerability in Lexmark Pro910
series in ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/884a9d76acc3ccd05f6699dcf12c2dd529862413
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/884a9d76acc3ccd05f6699dcf12c2dd529862413
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
