[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Feb 5 08:12:13 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7b7e33cc by security tracker role at 2025-02-05T08:12:07+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,83 +1,259 @@
-CVE-2024-27137
+CVE-2025-25246 (NETGEAR XR1000 before 1.0.0.74, XR1000v2 before 1.1.0.22, and XR500 be ...)
+ TODO: check
+CVE-2025-25039 (A vulnerability in the web-based management interface of HPE Aruba Net ...)
+ TODO: check
+CVE-2025-24971 (DumpDrop is a stupid simple file upload application that provides an i ...)
+ TODO: check
+CVE-2025-24968 (reNgine is an automated reconnaissance framework for web applications. ...)
+ TODO: check
+CVE-2025-24967 (reNgine is an automated reconnaissance framework for web applications. ...)
+ TODO: check
+CVE-2025-24966 (reNgine is an automated reconnaissance framework for web applications. ...)
+ TODO: check
+CVE-2025-24964 (Vitest is a testing framework powered by Vite. Affected versions are s ...)
+ TODO: check
+CVE-2025-24963 (Vitest is a testing framework powered by Vite. The `__screenshot-error ...)
+ TODO: check
+CVE-2025-24860 (Incorrect Authorization vulnerability in Apache Cassandra allowing use ...)
+ TODO: check
+CVE-2025-24677 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
+ TODO: check
+CVE-2025-24648 (Incorrect Privilege Assignment vulnerability in wpase.com Admin and Si ...)
+ TODO: check
+CVE-2025-24602 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-24599 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-24598 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-24373 (woocommerce-pdf-invoices-packing-slips is an extension which allows us ...)
+ TODO: check
+CVE-2025-23645 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-23114 (A vulnerability in Veeam Updater component allows Man-in-the-Middle at ...)
+ TODO: check
+CVE-2025-23060 (A vulnerability in HPE Aruba Networking ClearPass Policy Manager may, ...)
+ TODO: check
+CVE-2025-23059 (A vulnerability in the web-based management interface of HPE Aruba Net ...)
+ TODO: check
+CVE-2025-23058 (A vulnerability in the ClearPass Policy Manager web-based management i ...)
+ TODO: check
+CVE-2025-23023 (Discourse is an open source platform for community discussion. In affe ...)
+ TODO: check
+CVE-2025-23015 (Privilege Defined With Unsafe Actions vulnerability in Apache Cassandr ...)
+ TODO: check
+CVE-2025-22794 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22730 (Missing Authorization vulnerability in Ksher Ksher allows Exploiting I ...)
+ TODO: check
+CVE-2025-22700 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-22699 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-22697 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22696 (Missing Authorization vulnerability in EmbedPress Document Block \u201 ...)
+ TODO: check
+CVE-2025-22675 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22674 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22664 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22662 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22653 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22643 (Missing Authorization vulnerability in FameThemes OnePress allows Expl ...)
+ TODO: check
+CVE-2025-22642 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22641 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22602 (Discourse is an open source platform for community discussion. In affe ...)
+ TODO: check
+CVE-2025-22601 (Discourse is an open source platform for community discussion. In affe ...)
+ TODO: check
+CVE-2025-22206 (A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4 ...)
+ TODO: check
+CVE-2025-1028 (The Contact Manager plugin for WordPress is vulnerable to arbitrary fi ...)
+ TODO: check
+CVE-2025-1026 (Versions of the package spatie/browsershot before 5.0.5 are vulnerable ...)
+ TODO: check
+CVE-2025-1025 (Versions of the package cockpit-hq/cockpit before 2.4.1 are vulnerable ...)
+ TODO: check
+CVE-2025-1022 (Versions of the package spatie/browsershot before 5.0.5 are vulnerable ...)
+ TODO: check
+CVE-2025-0960 (AutomationDirect C-more EA9 HMI contains a function with bounds checks ...)
+ TODO: check
+CVE-2025-0890 (**UNSUPPORTED WHEN ASSIGNED** Insecure default credentials for the Tel ...)
+ TODO: check
+CVE-2025-0825 (cpp-httplib version v0.17.3 through v0.18.3 fails to filter CRLF chara ...)
+ TODO: check
+CVE-2025-0630 (Multiple Western Telematic (WTI) products contain a web interface that ...)
+ TODO: check
+CVE-2025-0413 (Parallels Desktop Technical Data Reporter Link Following Local Privile ...)
+ TODO: check
+CVE-2025-0364 (BigAntSoft BigAnt Server, up to and including version 5.6.06, is vulne ...)
+ TODO: check
+CVE-2024-9644 (The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to an ...)
+ TODO: check
+CVE-2024-9643 (The Four-FaithF3x36 router using firmware v2.0.0 is vulnerable to auth ...)
+ TODO: check
+CVE-2024-8125 (Improper Validation of Specified Type of Input vulnerability in OpenTe ...)
+ TODO: check
+CVE-2024-56328 (Discourse is an open source platform for community discussion. An atta ...)
+ TODO: check
+CVE-2024-56197 (Discourse is an open source platform for community discussion. PM titl ...)
+ TODO: check
+CVE-2024-55948 (Discourse is an open source platform for community discussion. In affe ...)
+ TODO: check
+CVE-2024-53994 (Discourse is an open source platform for community discussion. In affe ...)
+ TODO: check
+CVE-2024-53966 (Adobe Experience Manager versions 6.5.21 and earlier are affected by a ...)
+ TODO: check
+CVE-2024-53965 (Adobe Experience Manager versions 6.5.21 and earlier are affected by a ...)
+ TODO: check
+CVE-2024-53964 (Adobe Experience Manager versions 6.5.21 and earlier are affected by a ...)
+ TODO: check
+CVE-2024-53963 (Adobe Experience Manager versions 6.5.21 and earlier are affected by a ...)
+ TODO: check
+CVE-2024-53962 (Adobe Experience Manager versions 6.5.21 and earlier are affected by a ...)
+ TODO: check
+CVE-2024-53851 (Discourse is an open source platform for community discussion. In affe ...)
+ TODO: check
+CVE-2024-53266 (Discourse is an open source platform for community discussion. In affe ...)
+ TODO: check
+CVE-2024-48445 (An issue in compop.ca ONLINE MALL v.3.5.3 allows a remote attacker to ...)
+ TODO: check
+CVE-2024-48019 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2024-45659 (IBM Security Verify Access Appliance and Container 10.0.0 through 10.0 ...)
+ TODO: check
+CVE-2024-45658 (IBM Security Verify Access Appliance and Container 10.0.0 through 10.0 ...)
+ TODO: check
+CVE-2024-45657 (IBM Security Verify Access Appliance and Container 10.0.0 through 10.0 ...)
+ TODO: check
+CVE-2024-43187 (IBM Security Verify Access Appliance and Container 10.0.0 through 10.0 ...)
+ TODO: check
+CVE-2024-40891 (**UNSUPPORTED WHEN ASSIGNED** A post-authentication command injection ...)
+ TODO: check
+CVE-2024-40890 (**UNSUPPORTED WHEN ASSIGNED** A post-authentication command injection ...)
+ TODO: check
+CVE-2024-40700 (IBM Security Verify Access Appliance and Container 10.0.0 through 10.0 ...)
+ TODO: check
+CVE-2024-35138 (IBM Security Verify Access Appliance and Container 10.0.0 through 10.0 ...)
+ TODO: check
+CVE-2024-23690 (The end-of-life Netgear FVS336Gv2 and FVS336Gv3 are affected by a comm ...)
+ TODO: check
+CVE-2024-13829 (The WordPress form builder plugin for contact forms, surveys and quizz ...)
+ TODO: check
+CVE-2024-13733 (The SKT Blocks \u2013 Gutenberg based Page Builder plugin for WordPres ...)
+ TODO: check
+CVE-2024-13723 (The "NagVis" component within Checkmk is vulnerable to remote code exe ...)
+ TODO: check
+CVE-2024-13722 (The "NagVis" component within Checkmk is vulnerable to reflected cross ...)
+ TODO: check
+CVE-2024-13699 (The Qi Addons For Elementor plugin for WordPress is vulnerable to Stor ...)
+ TODO: check
+CVE-2024-13529 (The SocialV - Social Network and Community BuddyPress Theme theme for ...)
+ TODO: check
+CVE-2024-13510 (The ShopSite plugin for WordPress is vulnerable to Cross-Site Request ...)
+ TODO: check
+CVE-2024-13403 (The WPForms \u2013 Easy Form Builder for WordPress \u2013 Contact Form ...)
+ TODO: check
+CVE-2024-13356 (The DSGVO All in one for WP plugin for WordPress is vulnerable to Cros ...)
+ TODO: check
+CVE-2024-11623 (Authentik project is vulnerable to Stored XSS attacks throughuploading ...)
+ TODO: check
+CVE-2024-11468 (Omnissa Horizon Client for macOS contains a Local privilege escalation ...)
+ TODO: check
+CVE-2024-11467 (Omnissa Horizon Client for macOS contains a Local privilege escalation ...)
+ TODO: check
+CVE-2023-40222 (In Ashlar-Vellum Cobalt versions prior to v12 SP2 Build (1204.200), th ...)
+ TODO: check
+CVE-2023-39943 (In Ashlar-Vellum Cobalt versions prior to v12 SP2 Build (1204.200), th ...)
+ TODO: check
+CVE-2024-27137 (In Apache Cassandra it is possible for a local attacker without access ...)
- cassandra <itp> (bug #585905)
-CVE-2025-0510
+CVE-2025-0510 (Thunderbird displayed an incorrect sender address if the From field of ...)
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-10/#CVE-2025-0510
-CVE-2025-1020
+CVE-2025-1020 (Memory safety bugs present in Firefox 134 and Thunderbird 134. Some of ...)
- firefox 135.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-07/#CVE-2025-1020
-CVE-2025-1017
+CVE-2025-1017 (Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ES ...)
- firefox 135.0-1
- firefox-esr 128.7.0esr-1
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-07/#CVE-2025-1017
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-09/#CVE-2025-1017
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-10/#CVE-2025-1017
-CVE-2025-1016
+CVE-2025-1016 (Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ES ...)
- firefox 135.0-1
- firefox-esr 128.7.0esr-1
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-07/#CVE-2025-1016
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-09/#CVE-2025-1016
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-10/#CVE-2025-1016
-CVE-2025-1015
+CVE-2025-1015 (The Thunderbird Address Book URI fields contained unsanitized links. T ...)
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-10/#CVE-2025-1015
-CVE-2025-1014
+CVE-2025-1014 (Certificate length was not properly checked when added to a certificat ...)
- firefox 135.0-1
- firefox-esr 128.7.0esr-1
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-07/#CVE-2025-1014
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-09/#CVE-2025-1014
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-10/#CVE-2025-1014
-CVE-2025-1013
+CVE-2025-1013 (A race condition could have led to private browsing tabs being opened ...)
- firefox 135.0-1
- firefox-esr 128.7.0esr-1
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-07/#CVE-2025-1013
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-09/#CVE-2025-1013
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-10/#CVE-2025-1013
-CVE-2025-1019
+CVE-2025-1019 (The z-order of the browser windows could be manipulated to hide the fu ...)
- firefox 135.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-07/#CVE-2025-1019
-CVE-2025-1012
+CVE-2025-1012 (A race during concurrent delazification could have led to a use-after- ...)
- firefox 135.0-1
- firefox-esr 128.7.0esr-1
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-07/#CVE-2025-1012
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-09/#CVE-2025-1012
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-10/#CVE-2025-1012
-CVE-2025-1011
+CVE-2025-1011 (A bug in WebAssembly code generation could have lead to a crash. It ma ...)
- firefox 135.0-1
- firefox-esr 128.7.0esr-1
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-07/#CVE-2025-1011
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-09/#CVE-2025-1011
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-10/#CVE-2025-1011
-CVE-2025-1018
+CVE-2025-1018 (The fullscreen notification is prematurely hidden when fullscreen is r ...)
- firefox 135.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-07/#CVE-2025-1018
-CVE-2025-1010
+CVE-2025-1010 (An attacker could have caused a use-after-free via the Custom Highligh ...)
- firefox 135.0-1
- firefox-esr 128.7.0esr-1
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-07/#CVE-2025-1010
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-09/#CVE-2025-1010
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-10/#CVE-2025-1010
-CVE-2025-1009
+CVE-2025-1009 (An attacker could have caused a use-after-free via crafted XSLT data, ...)
- firefox 135.0-1
- firefox-esr 128.7.0esr-1
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-07/#CVE-2025-1009
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-09/#CVE-2025-1009
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-10/#CVE-2025-1009
-CVE-2025-0451
+CVE-2025-0451 (Inappropriate implementation in Extensions API in Google Chrome prior ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-0445
+CVE-2025-0445 (Use after free in V8 in Google Chrome prior to 133.0.6943.53 allowed a ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-0444
+CVE-2025-0444 (Use after free in Skia in Google Chrome prior to 133.0.6943.53 allowed ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-24982 (Cross-site request forgery vulnerability exists in Activity Log Winter ...)
@@ -3390,15 +3566,15 @@ CVE-2024-52948 [CSRF on 2FA registration]
NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/dfe9ddc40de982a33fbff42a143ccd1b786de775
NOTE: Backports for 2.20 (in v2.20.2): https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/merge_requests/638
NOTE: Backports for 2.16 (in v2.16.4): https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/merge_requests/644
-CVE-2025-0509
+CVE-2025-0509 (A security issue was found in Sparkle before version 2.64. An attacker ...)
- openjdk-8 <not-affected> (Specific to MacOS packaging of Oracle Java)
CVE-2025-23237 (Improper neutralization of special elements used in an OS command ('OS ...)
NOT-FOR-US: UD-LT2 firmware
CVE-2025-23090 (With the aid of the diagnostics_channel utility, an event can be hooke ...)
TODO: check, seems to be duplicate of CVE-2025-23083, verify it with CNA
-CVE-2025-23089 (This CVE has been issued to inform users that they are using End-of-Li ...)
+CVE-2025-23089 (NOTE: use of the CVE List to report that a product is unsupported, wit ...)
NOT-FOR-US: EOL notification for nodejs 21
-CVE-2025-23088 (This CVE has been issued to inform users that they are using End-of-Li ...)
+CVE-2025-23088 (NOTE: use of the CVE List to report that a product is unsupported, wit ...)
NOT-FOR-US: EOL notification for nodejs 19
CVE-2025-23087 (This CVE has been issued to inform users that they are using End-of-Li ...)
NOT-FOR-US: EOL notification for nodejs 17
@@ -9081,7 +9257,7 @@ CVE-2025-0241 (When segmenting specially crafted text, segmentation would corrup
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-01/#CVE-2025-0241
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/#CVE-2025-0241
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-05/#CVE-2025-0241
-CVE-2025-0240 (Parsing a JavaScript module as JSON could under some circumstances cau ...)
+CVE-2025-0240 (Parsing a JavaScript module as JSON could, under some circumstances, c ...)
{DSA-5841-1 DSA-5839-1 DLA-4012-1 DLA-4011-1}
- firefox 134.0-1
- firefox-esr 128.6.0esr-1
@@ -524046,9 +524222,9 @@ CVE-2017-16570 (KeystoneJS before 4.0.0-beta.7 allows application-wide CSRF bypa
NOT-FOR-US: KeystoneJS
CVE-2017-16569 (An Open URL Redirect issue exists in Zurmo 3.2.1.57987acc3018 via an h ...)
NOT-FOR-US: Zurmo
-CVE-2017-16568 (Cross-site scripting (XSS) vulnerability in Logitech Media Server 7.9. ...)
+CVE-2017-16568 (Persistent Cross-Site Scripting (XSS) vulnerability in Logitech Media ...)
NOT-FOR-US: Logitech Media Server
-CVE-2017-16567 (Cross-site scripting (XSS) vulnerability in Logitech Media Server 7.9. ...)
+CVE-2017-16567 (Persistent Cross-Site Scripting (XSS) vulnerability in Logitech Media ...)
NOT-FOR-US: Logitech Media Server
CVE-2017-16566 (On Jooan IP Camera A5 2.3.36 devices, an insecure FTP server does not ...)
NOT-FOR-US: Jooan IP Camera A5 2.3.36 devices
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b7e33ccb7833442d2afc63d47a638f24b2e6675
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b7e33ccb7833442d2afc63d47a638f24b2e6675
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250205/c4f56f03/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list