[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Feb 6 08:12:02 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
38e8db19 by security tracker role at 2025-02-06T08:11:56+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,113 @@
+CVE-2025-24845 (Improper neutralization of argument delimiters in a command ('Argument ...)
+	TODO: check
+CVE-2025-24483 (NULL pointer dereference vulnerability exists in Defense Platform Home ...)
+	TODO: check
+CVE-2025-23236 (Buffer overflow vulnerability exists in Defense Platform Home Edition  ...)
+	TODO: check
+CVE-2025-22894 (Unprotected Windows messaging channel ('Shatter') issue exists in Defe ...)
+	TODO: check
+CVE-2025-22890 (Execution with unnecessary privileges issue exists in Defense Platform ...)
+	TODO: check
+CVE-2025-20094 (Unprotected Windows messaging channel ('Shatter') issue exists in Defe ...)
+	TODO: check
+CVE-2025-1066 (OpenPLC_V3 contains an arbitrary file upload vulnerability, which coul ...)
+	TODO: check
+CVE-2025-0799 (IBM App Connect enterprise12.0.1.0 through 12.0.12.10 and13.0.1.0 thro ...)
+	TODO: check
+CVE-2025-0522 (The LikeBot  WordPress plugin through 0.85 does not have CSRF check in ...)
+	TODO: check
+CVE-2024-57699 (A security issue was found in Netplex Json-smart 2.5.0 through 2.5.1.  ...)
+	TODO: check
+CVE-2024-57598 (A floating point exception (divide-by-zero) vulnerability was discover ...)
+	TODO: check
+CVE-2024-57520 (Insecure Permissions vulnerability in asterisk v22 allows a remote att ...)
+	TODO: check
+CVE-2024-57086 (A prototype pollution in the function fieldsToJson of node-opcua-alarm ...)
+	TODO: check
+CVE-2024-57085 (A prototype pollution in the function deepMerge of @stryker-mutator/ut ...)
+	TODO: check
+CVE-2024-57084 (A prototype pollution in the function lib.parse of dot-properties v1.0 ...)
+	TODO: check
+CVE-2024-57082 (A prototype pollution in the lib.createUploader function of @rpldy/upl ...)
+	TODO: check
+CVE-2024-57081 (A prototype pollution in the lib.fromQuery function of underscore-cont ...)
+	TODO: check
+CVE-2024-57080 (A prototype pollution in the lib.install function of vxe-table v4.8.10 ...)
+	TODO: check
+CVE-2024-57079 (A prototype pollution in the lib.deepMerge function of @zag-js/core v0 ...)
+	TODO: check
+CVE-2024-57078 (A prototype pollution in the lib.merge function of cli-util v1.1.27 al ...)
+	TODO: check
+CVE-2024-57077 (The latest version of utils-extend (1.0.8) is vulnerable to Prototype  ...)
+	TODO: check
+CVE-2024-57076 (A prototype pollution in the lib.post function of ajax-request v1.2.3  ...)
+	TODO: check
+CVE-2024-57075 (A prototype pollution in the lib.Logger function of eazy-logger v4.0.1 ...)
+	TODO: check
+CVE-2024-57074 (A prototype pollution in the lib.merge function of xe-utils v3.5.31 al ...)
+	TODO: check
+CVE-2024-57072 (A prototype pollution in the lib.requireFromString function of module- ...)
+	TODO: check
+CVE-2024-57071 (A prototype pollution in the lib.combine function of php-parser v3.2.1 ...)
+	TODO: check
+CVE-2024-57069 (A prototype pollution in the lib function of expand-object v0.4.2 allo ...)
+	TODO: check
+CVE-2024-57068 (A prototype pollution in the lib.mutateMergeDeep function of @tanstack ...)
+	TODO: check
+CVE-2024-57067 (A prototype pollution in the lib.parse function of dot-qs v0.2.0 allow ...)
+	TODO: check
+CVE-2024-57066 (A prototype pollution in the lib.deep function of @ndhoule/defaults v2 ...)
+	TODO: check
+CVE-2024-57065 (A prototype pollution in the lib.createPath function of utile v0.3.0 a ...)
+	TODO: check
+CVE-2024-57064 (A prototype pollution in the lib.setValue function of @syncfusion/ej2- ...)
+	TODO: check
+CVE-2024-57063 (A prototype pollution in the lib function of php-date-formatter v1.3.6 ...)
+	TODO: check
+CVE-2024-56473 (IBM Aspera Shares1.9.0 through 1.10.0 PL6  could allow an attacker to  ...)
+	TODO: check
+CVE-2024-56472 (IBM Aspera Shares1.9.0 through 1.10.0 PL6  is vulnerable to stored cro ...)
+	TODO: check
+CVE-2024-56471 (IBM Aspera Shares1.9.0 through 1.10.0 PL6  is vulnerable to server-sid ...)
+	TODO: check
+CVE-2024-56470 (IBM Aspera Shares1.9.0 through 1.10.0 PL6  is vulnerable to server-sid ...)
+	TODO: check
+CVE-2024-54853 (A Stored Cross-Site Scripting (XSS) vulnerability was identified affec ...)
+	TODO: check
+CVE-2024-51547 (Use of Hard-coded Credentials vulnerability in ABB ASPECT-Enterprise,  ...)
+	TODO: check
+CVE-2024-51450 (IBM Security Verify Directory 10.0.0 through 10.0.3 could allow a remo ...)
+	TODO: check
+CVE-2024-49814 (IBM Security Verify Access Appliance 10.0.0 through 10.0.3 could allow ...)
+	TODO: check
+CVE-2024-49800 (IBM ApplinX 11.1 stores sensitive information in cleartext in memory t ...)
+	TODO: check
+CVE-2024-49798 (IBM ApplinX 11.1 could allow a remote attacker to obtain sensitive inf ...)
+	TODO: check
+CVE-2024-49797 (IBM ApplinX 11.1 could allow a remote attacker to obtain sensitive inf ...)
+	TODO: check
+CVE-2024-49796 (IBM ApplinX 11.1 could allow a remote attacker to hijack the clicking  ...)
+	TODO: check
+CVE-2024-49795 (IBM ApplinX 11.1 is vulnerable to cross-site request forgery which cou ...)
+	TODO: check
+CVE-2024-49794 (IBM ApplinX 11.1 is vulnerable to cross-site request forgery which cou ...)
+	TODO: check
+CVE-2024-49793 (IBM ApplinX 11.1 is vulnerable to cross-site scripting. This vulnerabi ...)
+	TODO: check
+CVE-2024-49792 (IBM ApplinX 11.1 is vulnerable to cross-site scripting. This vulnerabi ...)
+	TODO: check
+CVE-2024-49791 (IBM ApplinX 11.1 is vulnerable to cross-site scripting. This vulnerabi ...)
+	TODO: check
+CVE-2024-48394 (A Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identif ...)
+	TODO: check
+CVE-2024-38318 (IBM Aspera Shares1.9.0 through 1.10.0 PL6 is vulnerable to HTML inject ...)
+	TODO: check
+CVE-2024-38317 (IBM Aspera Shares1.9.0 through 1.10.0 PL6  is vulnerable to cross-site ...)
+	TODO: check
+CVE-2024-38316 (IBM Aspera Shares1.9.0 through 1.10.0 PL6 does not properly rate limit ...)
+	TODO: check
+CVE-2024-13487 (The The CURCY \u2013 Multi Currency for WooCommerce \u2013 The best fr ...)
+	TODO: check
 CVE-2025-24805 (Mobile Security Framework (MobSF) is an automated, all-in-one mobile a ...)
 	TODO: check
 CVE-2025-24804 (Mobile Security Framework (MobSF) is an automated, all-in-one mobile a ...)
@@ -406,12 +516,15 @@ CVE-2025-1009 (An attacker could have caused a use-after-free via crafted XSLT d
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-09/#CVE-2025-1009
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-10/#CVE-2025-1009
 CVE-2025-0451 (Inappropriate implementation in Extensions API in Google Chrome prior  ...)
+	{DSA-5859-1}
 	- chromium <unfixed>
 	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2025-0445 (Use after free in V8 in Google Chrome prior to 133.0.6943.53 allowed a ...)
+	{DSA-5859-1}
 	- chromium <unfixed>
 	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2025-0444 (Use after free in Skia in Google Chrome prior to 133.0.6943.53 allowed ...)
+	{DSA-5859-1}
 	- chromium <unfixed>
 	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2025-24982 (Cross-site request forgery vulnerability exists in Activity Log Winter ...)
@@ -18491,6 +18604,7 @@ CVE-2024-53707 (Cross-Site Request Forgery (CSRF) vulnerability in Ahmet \u0130m
 CVE-2024-53617 (A Cross Site Scripting vulnerability in LibrePhotos before commit 3223 ...)
 	NOT-FOR-US: LibrePhotos
 CVE-2024-53566 (An issue in the action_listcategories() function of Sangoma Asterisk v ...)
+	{DLA-4042-1}
 	- asterisk 1:22.1.1~dfsg+~cs6.14.60671435-1
 	NOTE: https://gist.github.com/hyp164D1/e7c0f44ffb38c00320aa1a6d98bee616
 	NOTE: https://github.com/asterisk/asterisk/security/advisories/GHSA-33x6-fj46-6rfh
@@ -324241,8 +324355,8 @@ CVE-2020-36086
 	RESERVED
 CVE-2020-36085
 	RESERVED
-CVE-2020-36084
-	RESERVED
+CVE-2020-36084 (SQL Injection vulnerability in SourceCodester Responsive E-Learning Sy ...)
+	TODO: check
 CVE-2020-36083
 	RESERVED
 CVE-2020-36082 (File Upload vulnerability in bloofoxCMS version 0.5.2.1, allows remote ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38e8db195c48779030af942952fdc0e414b59491

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38e8db195c48779030af942952fdc0e414b59491
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250206/bf73839d/attachment.htm>

More information about the debian-security-tracker-commits mailing list