Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
bb8407d6 by Salvatore Bonaccorso at 2025-03-17T07:32:50+01:00
Re-associate some older CVEs with koha itp'ed bug
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -21,7 +21,7 @@ CVE-2025-2337 (A vulnerability, which was classified as
critical, has been found
CVE-2025-30077 (Open Networking Foundation SD-RAN ONOS onos-lib-go 0.10.28
allows an i ...)
NOT-FOR-US: onos-lib-go
CVE-2025-30076 (Koha before 24.11.02 allows admins to execute arbitrary
commands via s ...)
- NOT-FOR-US: Koha
+ - koha <itp> (bug #702134)
CVE-2025-30074 (Alludo Parallels Desktop before 19.4.2 and 20.x before 20.2.2
for macO ...)
NOT-FOR-US: Alludo Parallels Desktop
CVE-2025-2335 (A vulnerability classified as problematic was found in Drivin
Solu\xe7 ...)
@@ -620,7 +620,7 @@ CVE-2025-25566 (Memory Leak vulnerability in SoftEtherVPN
5.02.5187 allows an at
CVE-2025-25565 (SoftEther VPN 5.02.5187 is vulnerable to Buffer Overflow in
the Comman ...)
NOT-FOR-US: SoftEtherVPN
CVE-2025-22954 (GetLateOrMissingIssues in C4/Serials.pm in Koha before
24.11.02 allows ...)
- NOT-FOR-US: Koha Library Management System
+ - koha <itp> (bug #702134)
CVE-2025-21590 (An Improper Isolation or Compartmentalization vulnerability in
the ker ...)
NOT-FOR-US: Juniper
CVE-2025-20209 (A vulnerability in the Internet Key Exchange version 2 (IKEv2)
functio ...)
@@ -63039,9 +63039,9 @@ CVE-2024-33897 (A compromised HMS Networks Cosy+ device
could be used to request
CVE-2024-30170 (PrivX before 34.0 allows data exfiltration and denial of
service via t ...)
NOT-FOR-US: PrivX
CVE-2024-28740 (Cross Site Scripting vulnerability in Koha ILS 23.05 and
before allows ...)
- NOT-FOR-US: Koha ILS
+ - koha <itp> (bug #702134)
CVE-2024-28739 (An issue in Koha ILS 23.05 and before allows a remote attacker
to exec ...)
- NOT-FOR-US: Koha ILS
+ - koha <itp> (bug #702134)
CVE-2024-23483 (An Improper Input Validation vulnerability in Zscaler Client
Connector ...)
NOT-FOR-US: Zscaler Client Connector on MacOS
CVE-2024-23464 (In certain cases, Zscaler Internet Access (ZIA) can be
disabled by Pow ...)
@@ -95921,7 +95921,7 @@ CVE-2024-28722 (Cross Site Scripting vulnerability in
Innovaphone myPBX v.14r1,
CVE-2023-7252 (The Tickera WordPress plugin before 3.5.2.5 does not prevent
users fr ...)
NOT-FOR-US: WordPress plugin
CVE-2018-25101 (A vulnerability, which was classified as problematic, has been
found i ...)
- NOT-FOR-US: Koha Library Management System
+ - koha <itp> (bug #702134)
CVE-2015-10132 (A vulnerability classified as problematic was found in Thimo
Grauerhol ...)
NOT-FOR-US: WordPress plugin
CVE-2024-32041 (FreeRDP is a free implementation of the Remote Desktop
Protocol. FreeR ...)
@@ -106851,7 +106851,7 @@ CVE-2024-28283 (There is stack-based buffer overflow
vulnerability in pc_change_
CVE-2024-28092 (UBEE DDW365 XCNDDW365 8.14.3105 software on hardware 3.13.1
allows a r ...)
NOT-FOR-US: UBEE DDW365 XCNDDW365
CVE-2024-24336 (A multiple Cross-site scripting (XSS) vulnerability in the
'/members/m ...)
- NOT-FOR-US: Koha Library Management System
+ - koha <itp> (bug #702134)
CVE-2024-22258 (Spring Authorization Server versions 1.0.0 - 1.0.5, 1.1.0 -
1.1.5, 1.2 ...)
NOT-FOR-US: Spring Authorization Server
CVE-2024-22085 (An issue was discovered in Elspec G5 digital fault recorder
versions 1 ...)
@@ -116659,7 +116659,7 @@ CVE-2024-24740 (SAP NetWeaver Application Server
(ABAP) - versions KERNEL 7.53,
CVE-2024-24739 (SAP Bank Account Management (BAM) allows an authenticated user
with re ...)
NOT-FOR-US: SAP
CVE-2024-24337 (CSV Injection vulnerability in '/members/moremember.pl' and
'/admin/aq ...)
- NOT-FOR-US: Koha Library Management System
+ - koha <itp> (bug #702134)
CVE-2024-23833 (OpenRefine is a free, open source power tool for working with
messy da ...)
- openrefine 3.7.8-1 (bug #1064192)
[bookworm] - openrefine <no-dsa> (Minor issue)
@@ -139395,9 +139395,9 @@ CVE-2023-4936 (It is possible to sideload a
compromised DLL during the installat
CVE-2023-45396 (An Insecure Direct Object Reference (IDOR) vulnerability leads
to even ...)
NOT-FOR-US: Insecure Direct Object Reference
CVE-2023-44962 (File Upload vulnerability in Koha Library Software 23.05.04
and before ...)
- NOT-FOR-US: Koha
+ - koha <itp> (bug #702134)
CVE-2023-44961 (SQL Injection vulnerability in Koha Library Software 23.0.5.04
and bef ...)
- NOT-FOR-US: Koha
+ - koha <itp> (bug #702134)
CVE-2023-44186 (An Improper Handling of Exceptional Conditions vulnerability
in AS PAT ...)
NOT-FOR-US: Juniper
CVE-2023-44119 (Vulnerability of mutual exclusion management in the kernel
module.Succ ...)
@@ -629373,7 +629373,7 @@ CVE-2015-4644 (The php_pgsql_meta_data function in
pgsql.c in the PostgreSQL (ak
NOTE:
https://git.php.net/?p=php-src.git;a=commitdiff;h=2cc4e69cc6d8dbc4b3568ad3dd583324a7c11d64
NOTE: https://www.openwall.com/lists/oss-security/2015/06/18/3
CVE-2015-4639 (Cross-site scripting (XSS) vulnerability in
opac-addbybiblionumber.pl ...)
- NOT-FOR-US: Koha
+ - koha <itp> (bug #702134)
CVE-2015-4638 (The FastL4 virtual server in F5 BIG-IP LTM, AAM, AFM,
Analytics, APM, ...)
NOT-FOR-US: FastL4
CVE-2015-4637 (The REST API in F5 BIG-IQ Cloud, Device, and Security 4.4.0 and
4.5.0 ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb8407d6a2c4cfa45961716d480ebb4fd5aa972c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb8407d6a2c4cfa45961716d480ebb4fd5aa972c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
