Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9213539d by security tracker role at 2025-03-14T20:12:09+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,11 +1,123 @@
-CVE-2023-52927 [netfilter: allow exp not to be removed in
nf_ct_find_expectation]
+CVE-2025-2304 (A Privilege Escalation through a Mass Assignment exists in
Camaleon CM ...)
+ TODO: check
+CVE-2025-2268 (The HP LaserJet MFP M232-M237 Printer Series may be vulnerable
to a de ...)
+ TODO: check
+CVE-2025-2232 (The Realteo - Real Estate Plugin by Purethemes plugin for
WordPress, u ...)
+ TODO: check
+CVE-2025-2000 (A maliciously crafted QPY file can potential execute
arbitrary-code em ...)
+ TODO: check
+CVE-2025-29782 (WeGIA is Web manager for charitable institutions A Stored
Cross-Site S ...)
+ TODO: check
+CVE-2025-29780 (Post-Quantum Secure Feldman's Verifiable Secret Sharing
provides a Pyt ...)
+ TODO: check
+CVE-2025-29779 (Post-Quantum Secure Feldman's Verifiable Secret Sharing
provides a Pyt ...)
+ TODO: check
+CVE-2025-29776 (Azle is a WebAssembly runtime for TypeScript and JavaScript on
ICP. Ca ...)
+ TODO: check
+CVE-2025-29775 (xml-crypto is an XML digital signature and encryption library
for Node ...)
+ TODO: check
+CVE-2025-29774 (xml-crypto is an XML digital signature and encryption library
for Node ...)
+ TODO: check
+CVE-2025-29771 (HtmlSanitizer is a client-side HTML Sanitizer. Versions prior
to 2.0.3 ...)
+ TODO: check
+CVE-2025-29387 (In Tenda AC9 v1.0 V15.03.05.14_multi, the wanSpeed parameter
of /gofor ...)
+ TODO: check
+CVE-2025-29386 (In Tenda AC9 v1.0 V15.03.05.14_multi, the mac parameter of
/goform/Adv ...)
+ TODO: check
+CVE-2025-29385 (In Tenda AC9 v1.0 V15.03.05.14_multi, the cloneType parameter
of /gofo ...)
+ TODO: check
+CVE-2025-29384 (In Tenda AC9 v1.0 V15.03.05.14_multi, the wanMTU parameter of
/goform/ ...)
+ TODO: check
+CVE-2025-29032 (Tenda AC9 v15.03.05.19(6318) was discovered to contain a
buffer overfl ...)
+ TODO: check
+CVE-2025-29031 (Tenda AC6 v15.03.05.16 was discovered to contain a buffer
overflow via ...)
+ TODO: check
+CVE-2025-29030 (Tenda AC6 v15.03.05.16 was discovered to contain a buffer
overflow via ...)
+ TODO: check
+CVE-2025-29029 (Tenda AC6 v15.03.05.16 was discovered to contain a buffer
overflow via ...)
+ TODO: check
+CVE-2025-27606 (Element Android is an Android Matrix Client provided by
Element. Eleme ...)
+ TODO: check
+CVE-2025-27595 (The device uses a weak hashing alghorithm to create the
password hash. ...)
+ TODO: check
+CVE-2025-27594 (The device uses an unencrypted, proprietary protocol for
communication ...)
+ TODO: check
+CVE-2025-27593 (The product can be used to distribute malicious code using SDD
Device ...)
+ TODO: check
+CVE-2025-26626 (The GLPI Inventory Plugin handles various types of tasks for
GLPI agen ...)
+ TODO: check
+CVE-2025-26312 (SendQuick Entera devices before 11HF5 are vulnerable to
CAPTCHA bypass ...)
+ TODO: check
+CVE-2025-26216
+ REJECTED
+CVE-2025-26215
+ REJECTED
+CVE-2025-25873 (Cross Site Request Forgery vulnerability in Open Panel
OpenAdmin v.0.3 ...)
+ TODO: check
+CVE-2025-25872 (An issue in Open Panel v.0.3.4 allows a remote attacker to
escalate pr ...)
+ TODO: check
+CVE-2025-25871 (An issue in Open Panel v.0.3.4 allows a remote attacker to
escalate pr ...)
+ TODO: check
+CVE-2025-1888 (The Leica Web Viewer within the Aperio Eslide Manager
Application is v ...)
+ TODO: check
+CVE-2025-1507 (The ShareThis Dashboard for Google Analytics plugin for
WordPress is v ...)
+ TODO: check
+CVE-2024-55594 (An improper handling of syntactically invalid structure in
Fortinet Fo ...)
+ TODO: check
+CVE-2024-54449 (The API used to interact with documents in the application
contains tw ...)
+ TODO: check
+CVE-2024-54448 (The Automation Scripting functionality can be exploited by
attackers t ...)
+ TODO: check
+CVE-2024-54447 (Saved search functionality contains a blind SQL injection that
can be ...)
+ TODO: check
+CVE-2024-54446 (Document history functionality contains a blind SQL injection
that can ...)
+ TODO: check
+CVE-2024-54445 (Login functionality contains a blind SQL injection that can be
exploit ...)
+ TODO: check
+CVE-2024-47573 (An improper validation of integrity check value vulnerability
[CWE-354 ...)
+ TODO: check
+CVE-2024-46662 (A improper neutralization of special elements used in a
command ('comm ...)
+ TODO: check
+CVE-2024-45643 (IBM Security QRadar 3.12 EDR uses weaker than expected
cryptographic a ...)
+ TODO: check
+CVE-2024-45638 (IBM Security QRadar 3.12 EDR stores user credentials in plain
text whi ...)
+ TODO: check
+CVE-2024-40590 (Animproper certificate validation vulnerability [CWE-295] in
FortiPort ...)
+ TODO: check
+CVE-2024-40585 (An insertion of sensitive information into log file
vulnerabilities [C ...)
+ TODO: check
+CVE-2024-29409 (File Upload vulnerability in nestjs nest v.10.3.2 allows a
remote atta ...)
+ TODO: check
+CVE-2024-26006 (An improper neutralization of input during web page Generation
vulnera ...)
+ TODO: check
+CVE-2024-13773 (The Civi - Job Board & Freelance Marketplace WordPress Theme
plugin fo ...)
+ TODO: check
+CVE-2024-13772 (The Civi - Job Board & Freelance Marketplace WordPress Theme
plugin fo ...)
+ TODO: check
+CVE-2024-13771 (The Civi - Job Board & Freelance Marketplace WordPress Theme
plugin fo ...)
+ TODO: check
+CVE-2024-12810 (The JobCareer | Job Board Responsive WordPress Theme theme for
WordPre ...)
+ TODO: check
+CVE-2024-12245 (Logout functionality contains a blind SQL injection that can
be exploi ...)
+ TODO: check
+CVE-2024-12020 (There is a reflected cross-site scripting (XSS) within JSP
files used ...)
+ TODO: check
+CVE-2024-12019 (The API used to interact with documents in the application
contains a ...)
+ TODO: check
+CVE-2023-48785 (An improper certificate validation vulnerability [CWE-295] in
FortiNAC ...)
+ TODO: check
+CVE-2023-45588 (An external control of file name or path vulnerability
[CWE-73] in Fo ...)
+ TODO: check
+CVE-2023-33300 (A improper neutralization of special elements used in a
command ('comm ...)
+ TODO: check
+CVE-2023-52927 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.6.8-1
NOTE:
https://git.kernel.org/linus/4914109a8e1e494c6aa9852f9e84ec77a5fc643f (6.6-rc1)
CVE-2025-XXXX [Parameter manipulation allows the forging of signed SAML
messages]
- opensaml <unfixed> (bug #1100464)
NOTE: https://shibboleth.net/community/advisories/secadv_20250313.txt
NOTE:
https://git.shibboleth.net/view/?p=cpp-opensaml.git;a=commit;h=22a610b322e2178abd03e97cdbc8fb50b45efaee
(3.3.1)
-CVE-2024-8176
+CVE-2024-8176 (A stack overflow vulnerability exists in the libexpat library
due to t ...)
- expat 2.7.0-1
NOTE: https://blog.hartwork.org/posts/expat-2-7-0-released/
NOTE: https://github.com/libexpat/libexpat/issues/893
@@ -70,26 +182,31 @@ CVE-2024-11235
- php8.4 8.4.5-1
NOTE:
https://github.com/php/php-src/security/advisories/GHSA-rwp7-7vc6-8477
CVE-2025-1861
+ {DSA-5878-1}
- php8.4 8.4.5-1
- php8.2 <unfixed>
- php7.4 <removed>
NOTE:
https://github.com/php/php-src/security/advisories/GHSA-52jp-hrpf-2jff
CVE-2025-1736
+ {DSA-5878-1}
- php8.4 8.4.5-1
- php8.2 <unfixed>
- php7.4 <removed>
NOTE:
https://github.com/php/php-src/security/advisories/GHSA-hgf5-96fm-v528
CVE-2025-1734
+ {DSA-5878-1}
- php8.4 8.4.5-1
- php8.2 <unfixed>
- php7.4 <removed>
NOTE:
https://github.com/php/php-src/security/advisories/GHSA-pcmh-g36c-qc44
CVE-2025-1219
+ {DSA-5878-1}
- php8.4 8.4.5-1
- php8.2 <unfixed>
- php7.4 <removed>
NOTE:
https://github.com/php/php-src/security/advisories/GHSA-p3x9-6h7p-cgfc
CVE-2025-1217
+ {DSA-5878-1}
- php8.4 8.4.5-1
- php8.2 <unfixed>
- php7.4 <removed>
@@ -82387,8 +82504,8 @@ CVE-2024-2119 (The LuckyWP Table of Contents plugin for
WordPress is vulnerable
NOT-FOR-US: WordPress plugin
CVE-2024-2088 (The NextScripts: Social Networks Auto-Poster plugin for
WordPress is v ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-21683
- REJECTED
+CVE-2024-21683 (This High severity RCE (Remote Code Execution) vulnerability
was intro ...)
+ TODO: check
CVE-2024-1762 (The NextScripts: Social Networks Auto-Poster plugin for
WordPress is v ...)
NOT-FOR-US: WordPress plugin
CVE-2024-1446 (The NextScripts: Social Networks Auto-Poster plugin for
WordPress is v ...)
@@ -247161,8 +247278,8 @@ CVE-2022-29061 (An improper neutralization of special
elements used in an OS com
NOT-FOR-US: FortiGuard
CVE-2022-29060 (A use of hard-coded cryptographic key vulnerability [CWE-321]
in Forti ...)
NOT-FOR-US: Fortinet
-CVE-2022-29059
- RESERVED
+CVE-2022-29059 (An improper neutralization of special elements used in an SQL
command( ...)
+ TODO: check
CVE-2022-29058 (An improper neutralization of special elements [CWE-89] used
in an OS ...)
NOT-FOR-US: FortiGuard
CVE-2022-29057 (A improper neutralization of input during web page generation
('cross- ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9213539d0352a5054b26725e9972044565bd151a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9213539d0352a5054b26725e9972044565bd151a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
