[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
dbc56c62 by security tracker role at 2025-02-01T20:13:07+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,99 @@
+CVE-2025-24891 (Dumb Drop is a file upload application. Users with permission to uploa ...)
+	TODO: check
+CVE-2025-23091 (An Improper Certificate Validation on UniFi OS devices, with Identity  ...)
+	TODO: check
+CVE-2025-0950 (A vulnerability was found in itsourcecode Tailoring Management System  ...)
+	TODO: check
+CVE-2025-0949 (A vulnerability has been found in itsourcecode Tailoring Management Sy ...)
+	TODO: check
+CVE-2025-0948 (A vulnerability, which was classified as critical, was found in itsour ...)
+	TODO: check
+CVE-2025-0947 (A vulnerability, which was classified as critical, has been found in i ...)
+	TODO: check
+CVE-2025-0946 (A vulnerability classified as critical was found in itsourcecode Tailo ...)
+	TODO: check
+CVE-2025-0945 (A vulnerability classified as critical has been found in itsourcecode  ...)
+	TODO: check
+CVE-2025-0944 (A vulnerability was found in itsourcecode Tailoring Management System  ...)
+	TODO: check
+CVE-2025-0943 (A vulnerability was found in itsourcecode Tailoring Management System  ...)
+	TODO: check
+CVE-2025-0939 (The MagicForm plugin for WordPress is vulnerable to access and modific ...)
+	TODO: check
+CVE-2025-0366 (The Jupiter X Core plugin for WordPress is vulnerable to Local File In ...)
+	TODO: check
+CVE-2025-0365 (The Jupiter X Core plugin for WordPress is vulnerable to Directory Tra ...)
+	TODO: check
+CVE-2024-57587 (EasyVirt DCScope 8.6.0 and earlier and co2Scope 1.3.0 and earlier are  ...)
+	TODO: check
+CVE-2024-57435 (In macrozheng mall-tiny 1.0.1, an attacker can send null data through  ...)
+	TODO: check
+CVE-2024-57434 (macrozheng mall-tiny 1.0.1 is vulnerable to Incorrect Access Control.  ...)
+	TODO: check
+CVE-2024-57433 (macrozheng mall-tiny 1.0.1 is vulnerable to Incorrect Access Control v ...)
+	TODO: check
+CVE-2024-55062 (EasyVirt DCScope 8.6.0 and earlier and co2Scope 1.3.0 and earlier are  ...)
+	TODO: check
+CVE-2024-53357 (In EasyVirt DCScope <=8.6.0 and CO2Scope <=1.3.0, the AES encryption k ...)
+	TODO: check
+CVE-2024-53356 (EasyVirt DCScope <=8.6.0 and CO2Scope <=1.3.0 are vulnerable to privil ...)
+	TODO: check
+CVE-2024-53355 (EasyVirt DCScope <=8.6.0 and CO2Scope <=1.3.0 are vulnerable to Incorr ...)
+	TODO: check
+CVE-2024-53354 (EasyVirt DCScope <=8.6.0 and CO2Scope <=1.3.0 are vulnerable to SQL In ...)
+	TODO: check
+CVE-2024-53296 (Dell PowerProtect DD versions prior to 7.10.1.50 and 7.13.1.20 contain ...)
+	TODO: check
+CVE-2024-53295 (Dell PowerProtect DD versions prior to 8.3.0.0, 7.10.1.50, and 7.13.1. ...)
+	TODO: check
+CVE-2024-51534 (Dell PowerProtect DD versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7. ...)
+	TODO: check
+CVE-2024-13775 (The WooCommerce Support Ticket System plugin for WordPress is vulnerab ...)
+	TODO: check
+CVE-2024-13651 (The RapidLoad \u2013 Optimize Web Vitals Automatically plugin for Word ...)
+	TODO: check
+CVE-2024-13612 (The Better Messages \u2013 Live Chat for WordPress, BuddyPress, PeepSo ...)
+	TODO: check
+CVE-2024-13547 (The aThemes Addons for Elementor plugin for WordPress is vulnerable to ...)
+	TODO: check
+CVE-2024-13429 (The WP Job Portal \u2013 A Complete Recruitment System for Company or  ...)
+	TODO: check
+CVE-2024-13428 (The WP Job Portal \u2013 A Complete Recruitment System for Company or  ...)
+	TODO: check
+CVE-2024-13425 (The WP Job Portal \u2013 A Complete Recruitment System for Company or  ...)
+	TODO: check
+CVE-2024-13372 (The WP Job Portal \u2013 A Complete Recruitment System for Company or  ...)
+	TODO: check
+CVE-2024-13371 (The WP Job Portal \u2013 A Complete Recruitment System for Company or  ...)
+	TODO: check
+CVE-2024-13343 (The WooCommerce Customers Manager plugin for WordPress is vulnerable t ...)
+	TODO: check
+CVE-2024-13341 (The MultiLoca - WooCommerce Multi Locations Inventory Management plugi ...)
+	TODO: check
+CVE-2024-13099 (The Widget4Call WordPress plugin through 1.0.7 does not sanitise and e ...)
+	TODO: check
+CVE-2024-13098 (The WordPress Email Newsletter WordPress plugin through 1.1 does not s ...)
+	TODO: check
+CVE-2024-13097 (The WP Finance WordPress plugin through 1.3.6 does not sanitise and es ...)
+	TODO: check
+CVE-2024-13096 (The WP Finance WordPress plugin through 1.3.6 does not have CSRF check ...)
+	TODO: check
+CVE-2024-12825 (The Custom Related Posts plugin for WordPress is vulnerable to unautho ...)
+	TODO: check
+CVE-2024-12768 (The Responsive iframe WordPress plugin through 1.2.0 does not validate ...)
+	TODO: check
+CVE-2024-12620 (The AnimateGL Animations for WordPress \u2013 Elementor & Gutenberg Bl ...)
+	TODO: check
+CVE-2024-12184 (The WordPress Contact Forms by Cimatti plugin for WordPress is vulnera ...)
+	TODO: check
+CVE-2024-12171 (The ELEX WordPress HelpDesk & Customer Ticketing System plugin for Wor ...)
+	TODO: check
+CVE-2024-12041 (The Directorist: AI-Powered WordPress Business Directory Plugin with C ...)
+	TODO: check
+CVE-2024-11829 (The The Plus Addons for Elementor \u2013 Elementor Addons, Page Templa ...)
+	TODO: check
+CVE-2024-11780 (The Site Search 360 plugin for WordPress is vulnerable to Stored Cross ...)
+	TODO: check
 CVE-2025-24831 (Local privilege escalation due to unquoted search path vulnerability.  ...)
 	NOT-FOR-US: Acronis
 CVE-2025-24830 (Local privilege escalation due to DLL hijacking vulnerability. The fol ...)
@@ -6447,6 +6543,7 @@ CVE-2024-52936 (Kernel software installed and running inside a Guest VM may post
 CVE-2024-52935 (Kernel software installed and running inside a Guest VM may exploit me ...)
 	NOT-FOR-US: Imagination GPU Driver
 CVE-2024-52333 (An improper array index validation vulnerability exists in the determi ...)
+	{DLA-4038-1}
 	- dcmtk 3.6.8-7 (bug #1093047)
 	[bookworm] - dcmtk <no-dsa> (Minor issue; can be fixed via point release)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2024-2121
@@ -6462,6 +6559,7 @@ CVE-2024-47895 (Kernel software installed and running inside a Guest VM may post
 CVE-2024-47894 (Kernel software installed and running inside a Guest VM may post impro ...)
 	NOT-FOR-US: Imagination GPU Driver
 CVE-2024-47796 (An improper array index validation vulnerability exists in the nowindo ...)
+	{DLA-4038-1}
 	- dcmtk 3.6.8-7 (bug #1093043)
 	[bookworm] - dcmtk <no-dsa> (Minor issue; can be fixed via point release)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2024-2122
@@ -17967,6 +18065,7 @@ CVE-2024-36619 (FFmpeg n6.1.1 has a vulnerability in the WAVARC decoder of the l
 	[bullseye] - ffmpeg <not-affected> (Vulnerable decoder added in 6.0)
 	NOTE: https://github.com/ffmpeg/ffmpeg/commit/28c7094b25b689185155a6833caf2747b94774a4 (n7.1)
 CVE-2024-36618 (FFmpeg n6.1.1 has a vulnerability in the AVI demuxer of the libavforma ...)
+	{DLA-4039-1}
 	- ffmpeg 7:7.0.1-3
 	[bookworm] - ffmpeg <postponed> (Pick up when fixed in 5.1.x)
 	NOTE: https://github.com/ffmpeg/ffmpeg/commit/7a089ed8e049e3bfcb22de1250b86f2106060857 (n7.0)
@@ -18001,10 +18100,12 @@ CVE-2024-35369 (In FFmpeg version n6.1.1, specifically within the avcodec/speexd
 	[bullseye] - ffmpeg <not-affected> (native speex decode introduced in v5.0)
 	NOTE: https://github.com/ffmpeg/ffmpeg/commit/0895ef0d6d6406ee6cd158fc4d47d80f201b8e9c (n7.0)
 CVE-2024-35368 (FFmpeg n7.0 is affected by a Double Free via the rkmpp_retrieve_frame  ...)
+	{DLA-4039-1}
 	- ffmpeg 7:7.1-3
 	[bookworm] - ffmpeg <postponed> (Pick up when fixed in 5.1.x)
 	NOTE: https://github.com/ffmpeg/ffmpeg/commit/4513300989502090c4fd6560544dce399a8cd53c (n7.1)
 CVE-2024-35367 (FFmpeg n6.1.1 has an Out-of-bounds Read via libavcodec/ppc/vp8dsp_alti ...)
+	{DLA-4039-1}
 	- ffmpeg 7:7.0.1-3
 	[bookworm] - ffmpeg <postponed> (Pick up when fixed in 5.1.x)
 	NOTE: https://github.com/ffmpeg/ffmpeg/commit/09e6840cf7a3ee07a73c3ae88a020bf27ca1a667 (n7.0)
@@ -76050,13 +76151,13 @@ CVE-2024-34511
 CVE-2024-34510 (Gradio before 4.20 allows credential leakage on Windows.)
 	NOT-FOR-US: Gradio
 CVE-2024-34509 (dcmdata in DCMTK before 3.6.9 has a segmentation fault via an invalid  ...)
-	{DLA-3847-1}
+	{DLA-4038-1 DLA-3847-1}
 	- dcmtk 3.6.7-14
 	[bookworm] - dcmtk <no-dsa> (Minor issue)
 	NOTE: https://support.dcmtk.org/redmine/issues/1114
 	NOTE: https://github.com/DCMTK/dcmtk/commit/c78e434c0c5f9d932874f0b17a8b4ce305ca01f5
 CVE-2024-34508 (dcmnet in DCMTK before 3.6.9 has a segmentation fault via an invalid D ...)
-	{DLA-3847-1}
+	{DLA-4038-1 DLA-3847-1}
 	- dcmtk 3.6.7-14
 	[bookworm] - dcmtk <no-dsa> (Minor issue)
 	NOTE: https://support.dcmtk.org/redmine/issues/1114
@@ -81054,7 +81155,7 @@ CVE-2024-2477 (The wpDiscuz plugin for WordPress is vulnerable to Stored Cross-S
 CVE-2024-28627 (An issue in Flipsnack v.18/03/2024 allows a local attacker to obtain s ...)
 	NOT-FOR-US: Flipsnack
 CVE-2024-28130 (An incorrect type conversion vulnerability exists in the DVPSSoftcopyV ...)
-	{DLA-3847-1}
+	{DLA-4038-1 DLA-3847-1}
 	- dcmtk 3.6.7-14 (bug #1070207)
 	[bookworm] - dcmtk <no-dsa> (Minor issue)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2024-1957
@@ -192895,7 +192996,7 @@ CVE-2022-43274
 CVE-2022-43273
 	RESERVED
 CVE-2022-43272 (DCMTK v3.6.7 was discovered to contain a memory leak via the T_ASC_Ass ...)
-	{DLA-3847-1}
+	{DLA-4038-1 DLA-3847-1}
 	[experimental] - dcmtk 3.6.8~git20221013.51be018-1
 	- dcmtk 3.6.7-8 (bug #1027165)
 	NOTE: https://github.com/songxpu/bug_report/tree/master/DCMTK/memory_leak_in_3.6.7
@@ -218803,7 +218904,7 @@ CVE-2022-2122 (DOS / potential heap overwrite in qtdemux using zlib decompressio
 	NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/14d306da6da51a762c4dc701d161bb52ab66d774
 	NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/92b5eb1da30fda054daf2f3d30bb4b806910b234 (1.20.3)
 CVE-2022-2121 (OFFIS DCMTK's (All versions prior to 3.6.7) has a NULL pointer derefer ...)
-	{DLA-3847-1}
+	{DLA-4038-1 DLA-3847-1}
 	- dcmtk 3.6.7-1 (bug #1014044)
 	NOTE: https://support.dcmtk.org/redmine/issues/1021
 	NOTE: Fixed by: https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=3e996a2749a9355c9b680fa464ecfd9ab9ff567f (DCMTK-3.6.7)
@@ -271930,19 +272031,19 @@ CVE-2021-41692
 CVE-2021-41691
 	RESERVED
 CVE-2021-41690 (DCMTK through 3.6.6 does not handle memory free properly. The malloced ...)
-	{DLA-3847-1}
+	{DLA-4038-1 DLA-3847-1}
 	- dcmtk 3.6.7-1
 	NOTE: https://github.com/DCMTK/dcmtk/commit/a9697dfeb672b0b9412c00c7d36d801e27ec85cb (DCMTK-3.6.7)
 CVE-2021-41689 (DCMTK through 3.6.6 does not handle string copy properly. Sending spec ...)
-	{DLA-3847-1}
+	{DLA-4038-1 DLA-3847-1}
 	- dcmtk 3.6.7-1
 	NOTE: https://github.com/DCMTK/dcmtk/commit/5c14bf53fb42ceca12bbcc0016e8704b1580920d (DCMTK-3.6.7)
 CVE-2021-41688 (DCMTK through 3.6.6 does not handle memory free properly. The object i ...)
-	{DLA-3847-1}
+	{DLA-4038-1 DLA-3847-1}
 	- dcmtk 3.6.7-1
 	NOTE: https://github.com/DCMTK/dcmtk/commit/a9697dfeb672b0b9412c00c7d36d801e27ec85cb (DCMTK-3.6.7)
 CVE-2021-41687 (DCMTK through 3.6.6 does not handle memory free properly. The program  ...)
-	{DLA-3847-1}
+	{DLA-4038-1 DLA-3847-1}
 	- dcmtk 3.6.7-1
 	NOTE: https://github.com/DCMTK/dcmtk/commit/a9697dfeb672b0b9412c00c7d36d801e27ec85cb (DCMTK-3.6.7)
 CVE-2021-41686



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dbc56c6277e691658aec417e2b9c0258623e522b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dbc56c6277e691658aec417e2b9c0258623e522b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250201/256533fd/attachment.htm>