Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1ff7210e by security tracker role at 2025-03-11T20:11:58+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,375 @@
+CVE-2025-2207 (A vulnerability classified as problematic was found in
aitangbao sprin ...)
+ TODO: check
+CVE-2025-2206 (A vulnerability classified as problematic has been found in
aitangbao ...)
+ TODO: check
+CVE-2025-2196 (A vulnerability was found in MRCMS 3.1.2. It has been declared
as prob ...)
+ TODO: check
+CVE-2025-2195 (A vulnerability was found in MRCMS 3.1.2. It has been
classified as pr ...)
+ TODO: check
+CVE-2025-2194 (A vulnerability was found in MRCMS 3.1.2 and classified as
problematic ...)
+ TODO: check
+CVE-2025-2193 (A vulnerability has been found in MRCMS 3.1.2 and classified as
critic ...)
+ TODO: check
+CVE-2025-2192 (A vulnerability, which was classified as problematic, was found
in Sto ...)
+ TODO: check
+CVE-2025-2191 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2025-2189 (This vulnerability exists in the Tinxy smart devices due to
storage of ...)
+ TODO: check
+CVE-2025-27893 (In Archer Platform 6 through 6.14.00202.10024, an
authenticated user w ...)
+ TODO: check
+CVE-2025-27789 (Babel is a compiler for writing next generation JavaScript.
When using ...)
+ TODO: check
+CVE-2025-27773 (The SimpleSAMLphp SAML2 library is a PHP library for SAML2
related fun ...)
+ TODO: check
+CVE-2025-27617 (Pimcore is an open source data and experience management
platform. Pri ...)
+ TODO: check
+CVE-2025-27602 (Umbraco is a free and open source .NET content management
system. In v ...)
+ TODO: check
+CVE-2025-27601 (Umbraco is a free and open source .NET content management
system. An i ...)
+ TODO: check
+CVE-2025-27591 (A privilege escalation vulnerability existed in the Below
service prio ...)
+ TODO: check
+CVE-2025-27494 (A vulnerability has been identified in SiPass integrated
AC5102 (ACC-G ...)
+ TODO: check
+CVE-2025-27493 (A vulnerability has been identified in SiPass integrated
AC5102 (ACC-G ...)
+ TODO: check
+CVE-2025-27440 (Heap overflow in some Zoom Workplace Apps may allow an
authenticated u ...)
+ TODO: check
+CVE-2025-27439 (Buffer underflow in some Zoom Workplace Apps may allow an
authenticate ...)
+ TODO: check
+CVE-2025-27438 (A vulnerability has been identified in Teamcenter
Visualization V14.3 ...)
+ TODO: check
+CVE-2025-27403 (Ratify is a verification engine as a binary executable and on
Kubernet ...)
+ TODO: check
+CVE-2025-27398 (A vulnerability has been identified in SCALANCE LPE9403
(6GK5998-3GS00 ...)
+ TODO: check
+CVE-2025-27397 (A vulnerability has been identified in SCALANCE LPE9403
(6GK5998-3GS00 ...)
+ TODO: check
+CVE-2025-27396 (A vulnerability has been identified in SCALANCE LPE9403
(6GK5998-3GS00 ...)
+ TODO: check
+CVE-2025-27395 (A vulnerability has been identified in SCALANCE LPE9403
(6GK5998-3GS00 ...)
+ TODO: check
+CVE-2025-27394 (A vulnerability has been identified in SCALANCE LPE9403
(6GK5998-3GS00 ...)
+ TODO: check
+CVE-2025-27393 (A vulnerability has been identified in SCALANCE LPE9403
(6GK5998-3GS00 ...)
+ TODO: check
+CVE-2025-27392 (A vulnerability has been identified in SCALANCE LPE9403
(6GK5998-3GS00 ...)
+ TODO: check
+CVE-2025-27363 (An out of bounds write exists in FreeType versions 2.13.0 and
below wh ...)
+ TODO: check
+CVE-2025-27179 (InDesign Desktop versions ID20.1, ID19.5.2 and earlier are
affected by ...)
+ TODO: check
+CVE-2025-27178 (InDesign Desktop versions ID20.1, ID19.5.2 and earlier are
affected by ...)
+ TODO: check
+CVE-2025-27177 (InDesign Desktop versions ID20.1, ID19.5.2 and earlier are
affected by ...)
+ TODO: check
+CVE-2025-27176 (InDesign Desktop versions ID20.1, ID19.5.2 and earlier are
affected by ...)
+ TODO: check
+CVE-2025-27175 (InDesign Desktop versions ID20.1, ID19.5.2 and earlier are
affected by ...)
+ TODO: check
+CVE-2025-27174 (Acrobat Reader versions 24.001.30225, 20.005.30748,
25.001.20428 and e ...)
+ TODO: check
+CVE-2025-27172 (Substance3D - Designer versions 14.1 and earlier are affected
by an ou ...)
+ TODO: check
+CVE-2025-27171 (InDesign Desktop versions ID20.1, ID19.5.2 and earlier are
affected by ...)
+ TODO: check
+CVE-2025-27170 (Illustrator versions 29.2.1, 28.7.4 and earlier are affected
by a NULL ...)
+ TODO: check
+CVE-2025-27169 (Illustrator versions 29.2.1, 28.7.4 and earlier are affected
by an out ...)
+ TODO: check
+CVE-2025-27168 (Illustrator versions 29.2.1, 28.7.4 and earlier are affected
by a Stac ...)
+ TODO: check
+CVE-2025-27167 (Illustrator versions 29.2.1, 28.7.4 and earlier are affected
by an Unt ...)
+ TODO: check
+CVE-2025-27166 (InDesign Desktop versions ID20.1, ID19.5.2 and earlier are
affected by ...)
+ TODO: check
+CVE-2025-27164 (Acrobat Reader versions 24.001.30225, 20.005.30748,
25.001.20428 and e ...)
+ TODO: check
+CVE-2025-27163 (Acrobat Reader versions 24.001.30225, 20.005.30748,
25.001.20428 and e ...)
+ TODO: check
+CVE-2025-27162 (Acrobat Reader versions 24.001.30225, 20.005.30748,
25.001.20428 and e ...)
+ TODO: check
+CVE-2025-27161 (Acrobat Reader versions 24.001.30225, 20.005.30748,
25.001.20428 and e ...)
+ TODO: check
+CVE-2025-27160 (Acrobat Reader versions 24.001.30225, 20.005.30748,
25.001.20428 and e ...)
+ TODO: check
+CVE-2025-27159 (Acrobat Reader versions 24.001.30225, 20.005.30748,
25.001.20428 and e ...)
+ TODO: check
+CVE-2025-27158 (Acrobat Reader versions 24.001.30225, 20.005.30748,
25.001.20428 and e ...)
+ TODO: check
+CVE-2025-26701 (An issue was discovered in Percona PMM Server (OVA) before
3.0.0-1.ova ...)
+ TODO: check
+CVE-2025-26645 (Relative path traversal in Remote Desktop Client allows an
unauthorize ...)
+ TODO: check
+CVE-2025-26634 (Heap-based buffer overflow in Windows Core Messaging allows an
authori ...)
+ TODO: check
+CVE-2025-26633 (Improper neutralization in Microsoft Management Console allows
an unau ...)
+ TODO: check
+CVE-2025-26631 (Uncontrolled search path element in Visual Studio Code allows
an autho ...)
+ TODO: check
+CVE-2025-26630 (Use after free in Microsoft Office Access allows an
unauthorized attac ...)
+ TODO: check
+CVE-2025-26629 (Use after free in Microsoft Office allows an unauthorized
attacker to ...)
+ TODO: check
+CVE-2025-26627 (Improper neutralization of special elements used in a command
('comman ...)
+ TODO: check
+CVE-2025-25929 (A reflected cross-site scripting (XSS) vulnerability in the
component ...)
+ TODO: check
+CVE-2025-25928 (A Cross-Site Request Forgery (CSRF) in the component
/admin/users/user ...)
+ TODO: check
+CVE-2025-25927 (A Cross-Site Request Forgery (CSRF) in Openmrs 2.4.3 Build
0ff0ed allo ...)
+ TODO: check
+CVE-2025-25925 (A stored cross-scripting (XSS) vulnerability in Openmrs v2.4.3
Build 0 ...)
+ TODO: check
+CVE-2025-25749 (An issue in HotelDruid version 3.0.7 and earlier allows users
to set w ...)
+ TODO: check
+CVE-2025-25748 (A CSRF vulnerability in the gestione_utenti.php endpoint of
HotelDruid ...)
+ TODO: check
+CVE-2025-25747 (Cross Site Scripting vulnerability in DigitalDruid HotelDruid
v.3.0.7 ...)
+ TODO: check
+CVE-2025-25680 (LSC Smart Connect LSC Indoor PTZ Camera 7.6.32 is contains a
RCE vulne ...)
+ TODO: check
+CVE-2025-25267 (A vulnerability has been identified in Tecnomatix Plant
Simulation V23 ...)
+ TODO: check
+CVE-2025-25266 (A vulnerability has been identified in Tecnomatix Plant
Simulation V23 ...)
+ TODO: check
+CVE-2025-25008 (Improper link resolution before file access ('link following')
in Micr ...)
+ TODO: check
+CVE-2025-25003 (Uncontrolled search path element in Visual Studio allows an
authorized ...)
+ TODO: check
+CVE-2025-24998 (Uncontrolled search path element in Visual Studio allows an
authorized ...)
+ TODO: check
+CVE-2025-24997 (Null pointer dereference in Windows Kernel Memory allows an
authorized ...)
+ TODO: check
+CVE-2025-24996 (External control of file name or path in Windows NTLM allows
an unauth ...)
+ TODO: check
+CVE-2025-24995 (Heap-based buffer overflow in Kernel Streaming WOW Thunk
Service Drive ...)
+ TODO: check
+CVE-2025-24994 (Improper access control in Windows Cross Device Service allows
an auth ...)
+ TODO: check
+CVE-2025-24993 (Heap-based buffer overflow in Windows NTFS allows an
unauthorized atta ...)
+ TODO: check
+CVE-2025-24992 (Buffer over-read in Windows NTFS allows an unauthorized
attacker to di ...)
+ TODO: check
+CVE-2025-24991 (Out-of-bounds read in Windows NTFS allows an authorized
attacker to di ...)
+ TODO: check
+CVE-2025-24988 (Out-of-bounds read in Windows USB Video Driver allows an
authorized at ...)
+ TODO: check
+CVE-2025-24987 (Out-of-bounds read in Windows USB Video Driver allows an
authorized at ...)
+ TODO: check
+CVE-2025-24986 (Improper isolation or compartmentalization in Azure PromptFlow
allows ...)
+ TODO: check
+CVE-2025-24985 (Integer overflow or wraparound in Windows Fast FAT Driver
allows an un ...)
+ TODO: check
+CVE-2025-24984 (Insertion of sensitive information into log file in Windows
NTFS allow ...)
+ TODO: check
+CVE-2025-24983 (Use after free in Windows Win32 Kernel Subsystem allows an
authorized ...)
+ TODO: check
+CVE-2025-24453 (InDesign Desktop versions ID20.1, ID19.5.2 and earlier are
affected by ...)
+ TODO: check
+CVE-2025-24452 (InDesign Desktop versions ID20.1, ID19.5.2 and earlier are
affected by ...)
+ TODO: check
+CVE-2025-24451 (Substance3D - Painter versions 10.1.2 and earlier are affected
by an o ...)
+ TODO: check
+CVE-2025-24450 (Substance3D - Painter versions 10.1.2 and earlier are affected
by an o ...)
+ TODO: check
+CVE-2025-24449 (Illustrator versions 29.2.1, 28.7.4 and earlier are affected
by an out ...)
+ TODO: check
+CVE-2025-24448 (Illustrator versions 29.2.1, 28.7.4 and earlier are affected
by an out ...)
+ TODO: check
+CVE-2025-24445 (Substance3D - Sampler versions 4.5.2 and earlier are affected
by an ou ...)
+ TODO: check
+CVE-2025-24444 (Substance3D - Sampler versions 4.5.2 and earlier are affected
by an ou ...)
+ TODO: check
+CVE-2025-24443 (Substance3D - Sampler versions 4.5.2 and earlier are affected
by a Hea ...)
+ TODO: check
+CVE-2025-24442 (Substance3D - Sampler versions 4.5.2 and earlier are affected
by an ou ...)
+ TODO: check
+CVE-2025-24441 (Substance3D - Sampler versions 4.5.2 and earlier are affected
by an ou ...)
+ TODO: check
+CVE-2025-24440 (Substance3D - Sampler versions 4.5.2 and earlier are affected
by an ou ...)
+ TODO: check
+CVE-2025-24439 (Substance3D - Sampler versions 4.5.2 and earlier are affected
by a Hea ...)
+ TODO: check
+CVE-2025-24431 (Acrobat Reader versions 24.001.30225, 20.005.30748,
25.001.20428 and e ...)
+ TODO: check
+CVE-2025-24201 (An out-of-bounds write issue was addressed with improved
checks to pre ...)
+ TODO: check
+CVE-2025-24084 (Untrusted pointer dereference in Windows Subsystem for Linux
allows an ...)
+ TODO: check
+CVE-2025-24083 (Untrusted pointer dereference in Microsoft Office allows an
unauthoriz ...)
+ TODO: check
+CVE-2025-24082 (Use after free in Microsoft Office Excel allows an
unauthorized attack ...)
+ TODO: check
+CVE-2025-24081 (Use after free in Microsoft Office Excel allows an
unauthorized attack ...)
+ TODO: check
+CVE-2025-24080 (Use after free in Microsoft Office allows an unauthorized
attacker to ...)
+ TODO: check
+CVE-2025-24079 (Use after free in Microsoft Office Word allows an unauthorized
attacke ...)
+ TODO: check
+CVE-2025-24078 (Use after free in Microsoft Office Word allows an unauthorized
attacke ...)
+ TODO: check
+CVE-2025-24077 (Use after free in Microsoft Office Word allows an unauthorized
attacke ...)
+ TODO: check
+CVE-2025-24076 (Improper access control in Windows Cross Device Service allows
an auth ...)
+ TODO: check
+CVE-2025-24075 (Stack-based buffer overflow in Microsoft Office Excel allows
an unauth ...)
+ TODO: check
+CVE-2025-24072 (Use after free in Microsoft Local Security Authority Server
(lsasrv) a ...)
+ TODO: check
+CVE-2025-24071 (Exposure of sensitive information to an unauthorized actor in
Windows ...)
+ TODO: check
+CVE-2025-24070 (Weak authentication in ASP.NET Core & Visual Studio allows
an unau ...)
+ TODO: check
+CVE-2025-24067 (Heap-based buffer overflow in Microsoft Streaming Service
allows an au ...)
+ TODO: check
+CVE-2025-24066 (Heap-based buffer overflow in Windows Kernel-Mode Drivers
allows an au ...)
+ TODO: check
+CVE-2025-24064 (Use after free in DNS Server allows an unauthorized attacker
to execut ...)
+ TODO: check
+CVE-2025-24061 (Protection mechanism failure in Windows Mark of the Web (MOTW)
allows ...)
+ TODO: check
+CVE-2025-24059 (Incorrect conversion between numeric types in Windows Common
Log File ...)
+ TODO: check
+CVE-2025-24057 (Heap-based buffer overflow in Microsoft Office allows an
unauthorized ...)
+ TODO: check
+CVE-2025-24056 (Heap-based buffer overflow in Windows Telephony Server allows
an unaut ...)
+ TODO: check
+CVE-2025-24055 (Out-of-bounds read in Windows USB Video Driver allows an
authorized at ...)
+ TODO: check
+CVE-2025-24054 (External control of file name or path in Windows NTLM allows
an unauth ...)
+ TODO: check
+CVE-2025-24051 (Heap-based buffer overflow in Windows Routing and Remote
Access Servic ...)
+ TODO: check
+CVE-2025-24050 (Heap-based buffer overflow in Role: Windows Hyper-V allows an
authoriz ...)
+ TODO: check
+CVE-2025-24049 (Improper neutralization of special elements used in a command
('comman ...)
+ TODO: check
+CVE-2025-24048 (Heap-based buffer overflow in Role: Windows Hyper-V allows an
authoriz ...)
+ TODO: check
+CVE-2025-24046 (Use after free in Microsoft Streaming Service allows an
authorized att ...)
+ TODO: check
+CVE-2025-24045 (Sensitive data storage in improperly locked memory in Windows
Remote D ...)
+ TODO: check
+CVE-2025-24044 (Use after free in Windows Win32 Kernel Subsystem allows an
authorized ...)
+ TODO: check
+CVE-2025-24043 (Improper verification of cryptographic signature in .NET
allows an aut ...)
+ TODO: check
+CVE-2025-24035 (Sensitive data storage in improperly locked memory in Windows
Remote D ...)
+ TODO: check
+CVE-2025-23402 (A vulnerability has been identified in Teamcenter
Visualization V14.3 ...)
+ TODO: check
+CVE-2025-23401 (A vulnerability has been identified in Teamcenter
Visualization V14.3 ...)
+ TODO: check
+CVE-2025-23400 (A vulnerability has been identified in Teamcenter
Visualization V14.3 ...)
+ TODO: check
+CVE-2025-23399 (A vulnerability has been identified in Teamcenter
Visualization V14.3 ...)
+ TODO: check
+CVE-2025-23398 (A vulnerability has been identified in Teamcenter
Visualization V14.3 ...)
+ TODO: check
+CVE-2025-23397 (A vulnerability has been identified in Teamcenter
Visualization V14.3 ...)
+ TODO: check
+CVE-2025-23396 (A vulnerability has been identified in Teamcenter
Visualization V14.3 ...)
+ TODO: check
+CVE-2025-23384 (A vulnerability has been identified in RUGGEDCOM RM1224
LTE(4G) EU (6G ...)
+ TODO: check
+CVE-2025-23360 (NVIDIA Nemo Framework contains a vulnerability where a user
could caus ...)
+ TODO: check
+CVE-2025-23243 (NVIDIA Riva contains a vulnerability where a user could cause
an impro ...)
+ TODO: check
+CVE-2025-23242 (NVIDIA Riva contains a vulnerability where a user could cause
an impro ...)
+ TODO: check
+CVE-2025-22454 (Insufficiently restrictive permissions in Ivanti Secure Access
Client ...)
+ TODO: check
+CVE-2025-22370 (Many fields for the web configuration interface of the
firmware for Me ...)
+ TODO: check
+CVE-2025-22369 (The ReadFile endpoint of the firmware for Mennekes Smart /
Premium Cha ...)
+ TODO: check
+CVE-2025-22368 (The authenticated SCU firmware command of the firmware for
Mennekes Sm ...)
+ TODO: check
+CVE-2025-22367 (The authenticated time setting capability of the firmware for
Mennekes ...)
+ TODO: check
+CVE-2025-22366 (The authenticated firmware update capability of the firmware
for Menne ...)
+ TODO: check
+CVE-2025-22213 (Inadequate checks in the Media Manager allowed users with
"edit" privi ...)
+ TODO: check
+CVE-2025-21247 (Improper resolution of path equivalence in Windows
MapUrlToZone allows ...)
+ TODO: check
+CVE-2025-21199 (Improper privilege management in Azure Agent Installer allows
an autho ...)
+ TODO: check
+CVE-2025-21180 (Heap-based buffer overflow in Windows exFAT File System allows
an unau ...)
+ TODO: check
+CVE-2025-21169 (Substance3D - Designer versions 14.1 and earlier are affected
by a Hea ...)
+ TODO: check
+CVE-2025-1550 (The Keras Model.load_model function permits arbitrary code
execution, ...)
+ TODO: check
+CVE-2025-0151 (Use after free in some Zoom Workplace Apps may allow an
authenticated ...)
+ TODO: check
+CVE-2025-0150 (Incorrect behavior order in some Zoom Workplace Apps for iOS
before ve ...)
+ TODO: check
+CVE-2025-0149 (Insufficient verification of data authenticity in some Zoom
Workplace ...)
+ TODO: check
+CVE-2024-9157 (** UNSUPPORTED WHEN ASSIGNED ** A privilege escalation
vulnerability ...)
+ TODO: check
+CVE-2024-56338 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through
6.1.2.6 a ...)
+ TODO: check
+CVE-2024-56336 (A vulnerability has been identified in SINAMICS S200 (All
versions wit ...)
+ TODO: check
+CVE-2024-56182 (A vulnerability has been identified in SIMATIC Field PG M5
(All versio ...)
+ TODO: check
+CVE-2024-56181 (A vulnerability has been identified in SIMATIC Field PG M5
(All versio ...)
+ TODO: check
+CVE-2024-55597 (A improper limitation of a pathname to a restricted directory
('path t ...)
+ TODO: check
+CVE-2024-55592 (An incorrect authorization vulnerability [CWE-863] in
FortiSIEM 7.2 al ...)
+ TODO: check
+CVE-2024-55590 (Multiple improper neutralization of special elements used in
an OS com ...)
+ TODO: check
+CVE-2024-54085 (AMI\u2019s SPx contains a vulnerability in the BMC where an
Attacker m ...)
+ TODO: check
+CVE-2024-54084 (APTIOV contains a vulnerability in BIOS where an attacker may
cause a ...)
+ TODO: check
+CVE-2024-54026 (An improper neutralization of special elements used in an sql
command ...)
+ TODO: check
+CVE-2024-54018 (Multipleimproper neutralization of special elements used in an
OS Comm ...)
+ TODO: check
+CVE-2024-52961 (An improper neutralization of special elements used in an OS
Command v ...)
+ TODO: check
+CVE-2024-52960 (A client-side enforcement of server-side security
vulnerability [CWE-6 ...)
+ TODO: check
+CVE-2024-52285 (A vulnerability has been identified in SiPass integrated
AC5102 (ACC-G ...)
+ TODO: check
+CVE-2024-51322 (Cross Site Scripting vulnerability in Zucchetti Ad Hoc
Infinity 2.4 al ...)
+ TODO: check
+CVE-2024-51321 (In Zucchetti Ad Hoc Infinity 2.4, an improper check on the
m_cURL para ...)
+ TODO: check
+CVE-2024-51320 (Cross Site Scripting vulnerability in Zucchetti Ad Hoc
Infinity 2.4 al ...)
+ TODO: check
+CVE-2024-51319 (A local file include vulnerability in the /servlet/Report of
Zucchetti ...)
+ TODO: check
+CVE-2024-46663 (A stack-buffer overflow vulnerability [CWE-121] in Fortinet
FortiMail ...)
+ TODO: check
+CVE-2024-45328 (An incorrect authorization vulnerability [CWE-863] in
FortiSandbox 4.4 ...)
+ TODO: check
+CVE-2024-45324 (A use of externally-controlled format string vulnerability
[CWE-134] i ...)
+ TODO: check
+CVE-2024-33501 (Two improper neutralization of special elements used in an SQL
Command ...)
+ TODO: check
+CVE-2024-32123 (Multiple improper neutralization of special elements used in
an os com ...)
+ TODO: check
+CVE-2024-28607 (The ip-utils package through 2.4.0 for Node.js might allow
SSRF becaus ...)
+ TODO: check
+CVE-2024-12546 (EDK2 contains a vulnerability in BIOS where a user may cause
an Intege ...)
+ TODO: check
+CVE-2023-48790 (A cross site request forgery vulnerability [CWE-352] in
Fortinet Forti ...)
+ TODO: check
+CVE-2023-42784 (An improper handling of syntactically invalid structure in
Fortinet Fo ...)
+ TODO: check
+CVE-2023-40723 (An exposure of sensitive information to an unauthorized actor
in Forti ...)
+ TODO: check
+CVE-2023-37933 (An improper neutralization of input during web page generation
('Cross ...)
+ TODO: check
CVE-2025-2190 (The mobile application (com.transsnet.store) has a
man-in-the-middle a ...)
NOT-FOR-US: com.transsnet.store
CVE-2025-2177 (A vulnerability classified as critical was found in libzvbi up
to 0.2. ...)
@@ -522,7 +894,7 @@ CVE-2025-27152 (axios is a promise based HTTP client for
the browser and node.js
[bookworm] - node-axios <no-dsa> (Minor issue)
NOTE:
https://github.com/axios/axios/security/advisories/GHSA-jr5f-v2jv-69x6
NOTE: Similar to: https://github.com/axios/axios/issues/6463
(CVE-2024-39338)
-CVE-2025-26643 (No cwe for this issue in Microsoft Edge (Chromium-based)
allows an una ...)
+CVE-2025-26643 (The UI performs the wrong action in Microsoft Edge
(Chromium-based) al ...)
NOT-FOR-US: Microsoft
CVE-2025-26331 (Dell ThinOS 2411 and prior, contains an Improper
Neutralization of Spe ...)
NOT-FOR-US: Dell
@@ -3145,6 +3517,7 @@ CVE-2024-13217 (The Jeg Elementor Kit plugin for
WordPress is vulnerable to Sens
CVE-2024-13148 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: Yukseloglu Filter B2B Login Platform
CVE-2024-10918 (Stack-based Buffer Overflow vulnerability in libmodbus v3.1.10
allows ...)
+ {DLA-4084-1}
- libmodbus 3.1.11-1
NOTE:
https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-10918
NOTE:
https://github.com/stephane/libmodbus/commit/df79a02feb253c0a9a009bcdbb21e47581315111
(v3.1.11)
@@ -41572,6 +41945,7 @@ CVE-2024-10446 (A vulnerability classified as critical
has been found in Project
CVE-2024-10214 (Mattermost versions 9.11.X <= 9.11.1, 9.5.x <= 9.5.9
icorrectly issues ...)
- mattermost-server <itp> (bug #823556)
CVE-2024-45802 (Squid is an open source caching proxy for the Web supporting
HTTP, HTT ...)
+ {DLA-4083-1}
- squid 6.12-1
[bookworm] - squid <no-dsa> (Minor issue)
NOTE:
https://github.com/squid-cache/squid/security/advisories/GHSA-f975-v7qw-q7hj
@@ -71676,7 +72050,7 @@ CVE-2024-38952 (PX4-Autopilot v1.14.3 was discovered to
contain a buffer overflo
CVE-2024-38951 (A buffer overflow in PX4-Autopilot v1.12.3 allows attackers to
cause a ...)
NOT-FOR-US: PX4-Autopilot
CVE-2024-37894 (Squid is a caching proxy for the Web supporting HTTP, HTTPS,
FTP, and ...)
- {DSA-5751-1}
+ {DSA-5751-1 DLA-4083-1}
- squid 6.10-1 (bug #1074284)
NOTE:
https://github.com/squid-cache/squid/commit/920563e7a080155fae3ced73d6198781e8b0ff04
(master)
NOTE:
https://github.com/squid-cache/squid/commit/67f5496f7b72e698ad0f5aa3512c83089424f27f
(v6)
@@ -78606,18 +78980,21 @@ CVE-2024-5041 (The Happy Addons for Elementor plugin
for WordPress is vulnerable
CVE-2024-4160 (The Download Manager plugin for WordPress is vulnerable to
Stored Cros ...)
NOT-FOR-US: WordPress plugin
CVE-2024-36845 (An invalid pointer in the modbus_receive() function of
libmodbus v3.1. ...)
+ {DLA-4084-1}
- libmodbus 3.1.6-2.1 (bug #1074422)
[buster] - libmodbus <postponed> (Minor issue)
NOTE: https://github.com/stephane/libmodbus/issues/750
NOTE:
https://github.com/stephane/libmodbus/commit/b4ef4c17d618eba0adccc4c7d9e9a1ef809fc9b6
(v3.1.7)
NOTE: Same fix as CVE-2022-0367 (and potentially a duplicate)
CVE-2024-36844 (libmodbus v3.1.6 was discovered to contain a use-after-free
via the ct ...)
+ {DLA-4084-1}
- libmodbus 3.1.6-2.1 (bug #1074422)
[buster] - libmodbus <postponed> (Minor issue)
NOTE: https://github.com/stephane/libmodbus/issues/749
NOTE:
https://github.com/stephane/libmodbus/commit/b4ef4c17d618eba0adccc4c7d9e9a1ef809fc9b6
(v3.1.7)
NOTE: Same fix as CVE-2022-0367 (and potentially a duplicate)
CVE-2024-36843 (libmodbus v3.1.6 was discovered to contain a heap overflow via
the mod ...)
+ {DLA-4084-1}
- libmodbus 3.1.6-2.1 (bug #1074422)
[buster] - libmodbus <postponed> (Minor issue)
NOTE: https://github.com/stephane/libmodbus/issues/748
@@ -109224,6 +109601,7 @@ CVE-2024-XXXX [RUSTSEC-2024-0020]
- rust-whoami <not-affected> (Specific to Solaris)
NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0020.html
CVE-2024-25111 (Squid is a web proxy cache. Starting in version 3.5.27 and
prior to ve ...)
+ {DLA-4083-1}
- squid 6.8-1
[bookworm] - squid 5.7-2+deb12u1
- squid3 <removed>
@@ -261753,7 +262131,7 @@ CVE-2022-0368 (Out-of-bounds Read in GitHub
repository vim/vim prior to 8.2.)
NOTE:
https://github.com/vim/vim/commit/8d02ce1ed75d008c34a5c9aaa51b67cbb9d33baa
(v8.2.4217)
NOTE: Crash in CLI tool, no security impact
CVE-2022-0367 (A heap-based buffer overflow flaw was found in libmodbus in
function m ...)
- {DLA-3098-1}
+ {DLA-4084-1 DLA-3098-1}
- libmodbus 3.1.6-2.1 (bug #1021270)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2045571
NOTE: https://github.com/stephane/libmodbus/issues/614
@@ -295290,8 +295668,8 @@ CVE-2021-37789 (stb_image.h 2.27 has a heap-based
buffer over in stbi__jpeg_load
NOTE:
https://github.com/nothings/stb/commit/5ba0baaa269b3fd681828e0e3b3ac0f1472eaf40
CVE-2021-37788 (A vulnerability in the web UI of Gurock TestRail v5.3.0.3603
could all ...)
NOT-FOR-US: Gurock TestRail
-CVE-2021-37787
- RESERVED
+CVE-2021-37787 (The unprivileged administrative interface in ABO.CMS version
5.8 throu ...)
+ TODO: check
CVE-2021-37786 (Certain Federal Office of Information Technology Systems and
Telecommu ...)
NOT-FOR-US: Covid certificate app in Switzerland.
CVE-2021-37785
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1ff7210efbc23d1081adf595d7bd2730763b8727
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1ff7210efbc23d1081adf595d7bd2730763b8727
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
