[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Feb 6 20:12:42 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4ccd8b08 by security tracker role at 2025-02-06T20:12:36+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,113 @@
+CVE-2025-24981 (MDC is a tool to take regular Markdown and write documents interacting ...)
+	TODO: check
+CVE-2025-24787 (WhoDB is an open source database management tool. In affected versions ...)
+	TODO: check
+CVE-2025-24786 (WhoDB is an open source database management tool. While the applicatio ...)
+	TODO: check
+CVE-2025-23217 (mitmproxy is a interactive TLS-capable intercepting HTTP proxy for pen ...)
+	TODO: check
+CVE-2025-22992 (A SQL Injection vulnerability exists in the /feed/insert.json endpoint ...)
+	TODO: check
+CVE-2025-22936 (An issue in Smartcom Bulgaria AD Smartcom Ralink CPE/WiFi router SAM-4 ...)
+	TODO: check
+CVE-2025-22867 (On Darwin, building a Go module which contains CGO can trigger arbitra ...)
+	TODO: check
+CVE-2025-22866 (Due to the usage of a variable time instruction in the assembly implem ...)
+	TODO: check
+CVE-2025-1078 (A vulnerability has been found in AppHouseKitchen AlDente Charge Limit ...)
+	TODO: check
+CVE-2025-1076 (A Stored Cross-Site Scripting (Stored XSS) vulnerability has been foun ...)
+	TODO: check
+CVE-2025-1074 (A vulnerability, which was classified as problematic, was found in Web ...)
+	TODO: check
+CVE-2025-0994 (Trimble Cityworks versions prior to 15.8.9 and Cityworks with office c ...)
+	TODO: check
+CVE-2025-0982 (Sandbox escape in the JavaScript Task feature of Google Cloud Applicat ...)
+	TODO: check
+CVE-2025-0859 (The Post and Page Builder by BoldGrid \u2013 Visual Drag and Drop Edit ...)
+	TODO: check
+CVE-2024-57962 (Vulnerability of incomplete verification information in the VPN servic ...)
+	TODO: check
+CVE-2024-57961 (Out-of-bounds write vulnerability in the emcom module Impact: Successf ...)
+	TODO: check
+CVE-2024-57960 (Input verification vulnerability in the ExternalStorageProvider module ...)
+	TODO: check
+CVE-2024-57959 (Use-After-Free (UAF) vulnerability in the display module Impact: Succe ...)
+	TODO: check
+CVE-2024-57958 (Out-of-bounds array read vulnerability in the FFRT module Impact: Succ ...)
+	TODO: check
+CVE-2024-57957 (Vulnerability of improper log information control in the UI framework  ...)
+	TODO: check
+CVE-2024-57956 (Out-of-bounds read vulnerability in the interpreter string module Impa ...)
+	TODO: check
+CVE-2024-57955 (Arbitrary write vulnerability in the Gallery module  Impact: Successfu ...)
+	TODO: check
+CVE-2024-57954 (Permission verification vulnerability in the media library module Impa ...)
+	TODO: check
+CVE-2024-57673 (An issue in floodlight v1.2 allows a local attacker to cause a denial  ...)
+	TODO: check
+CVE-2024-57672 (An issue in floodlight v1.2 allows a local attacker to cause a denial  ...)
+	TODO: check
+CVE-2024-57668 (In Code-projects Shopping Portal v1.0, the insert-product.php page has ...)
+	TODO: check
+CVE-2024-57610 (A rate limiting issue in Sylius v2.0.2 allows a remote attacker to per ...)
+	TODO: check
+CVE-2024-57599 (Cross Site Scripting vulnerability in DouPHP v.1.8 Release 20231203 al ...)
+	TODO: check
+CVE-2024-57523 (Cross Site Request Forgery (CSRF) in Users.php in SourceCodester Packe ...)
+	TODO: check
+CVE-2024-57430 (An SQL injection vulnerability in the pjActionGetUser function of PHPJ ...)
+	TODO: check
+CVE-2024-57429 (A cross-site request forgery (CSRF) vulnerability in the pjActionUpdat ...)
+	TODO: check
+CVE-2024-57428 (A stored cross-site scripting (XSS) vulnerability in PHPJabbers Cinema ...)
+	TODO: check
+CVE-2024-57427 (PHPJabbers Cinema Booking System v2.0 is vulnerable to reflected cross ...)
+	TODO: check
+CVE-2024-57426 (NetMod VPN Client 5.3.1 is vulnerable to DLL injection, allowing an at ...)
+	TODO: check
+CVE-2024-52892 (IBM Jazz for Service Management 1.1.3 through 1.1.3.23 is vulnerable t ...)
+	TODO: check
+CVE-2024-47258 (2N Access Commander version 2.1 and prior is vulnerable in default set ...)
+	TODO: check
+CVE-2024-47256 (Successful exploitation of this vulnerability could allow an attacker  ...)
+	TODO: check
+CVE-2024-45626 (Apache James server JMAP HTML to text plain implementation in versions ...)
+	TODO: check
+CVE-2024-43811
+	REJECTED
+CVE-2024-43779 (An information disclosure vulnerability exists in the Vault API functi ...)
+	TODO: check
+CVE-2024-39272 (A cross-site scripting (xss) vulnerability exists in the dataset uploa ...)
+	TODO: check
+CVE-2024-39033 (In Newgensoft OmniDocs 11.0_SP1_03_006, Insecure Direct Object Referen ...)
+	TODO: check
+CVE-2024-37358 (Similarly to CVE-2024-34055, Apache James is vulnerable to denial of s ...)
+	TODO: check
+CVE-2024-36558 (Forever KidsWatch Call Me KW-50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.1 ...)
+	TODO: check
+CVE-2024-36557 (The device ID is based on IMEI in Forever KidsWatch Call Me KW50 R36_Y ...)
+	TODO: check
+CVE-2024-36556 (Forever KidsWatch Call Me KW50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.19 ...)
+	TODO: check
+CVE-2024-36555 (Built-in SMS-configuration command in Forever KidsWatch Call Me KW50 R ...)
+	TODO: check
+CVE-2024-36554 (Forever KidsWatch Call Me KW-50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.1 ...)
+	TODO: check
+CVE-2024-36553 (Forever KidsWatch Call Me KW-50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.1 ...)
+	TODO: check
+CVE-2024-24911 (In rare scenarios, the cpca process on the Security Management Server  ...)
+	TODO: check
+CVE-2024-13614 (Kaspersky has fixed a security issue in Kaspersky Anti-Virus SDK for W ...)
+	TODO: check
+CVE-2024-13417 (Specifically crafted payloads sent to the RFID reader could cause DoS  ...)
+	TODO: check
+CVE-2024-13416 (Using API in the 2N OS device, authorized user can enable logging, whi ...)
+	TODO: check
+CVE-2024-12602 (Identity verification vulnerability in the ParamWatcher module Impact: ...)
+	TODO: check
+CVE-2023-5878 (Honeywell OneWireless   Wireless Device Manager (WDM)for the following ...)
+	TODO: check
 CVE-2025-24845 (Improper neutralization of argument delimiters in a command ('Argument ...)
 	NOT-FOR-US: Defense Platform Home Edition
 CVE-2025-24483 (NULL pointer dereference vulnerability exists in Defense Platform Home ...)
@@ -699,7 +809,7 @@ CVE-2025-25066 (nDPI through 4.12 has a potential stack-based buffer overflow in
 	NOTE: Fixed by: https://github.com/ntop/nDPI/commit/678697b5eb6c3caa5dd5f8cccfe9eed8d13b94bb
 CVE-2025-25065 (SSRF vulnerability in the RSS feed parser in Zimbra Collaboration 9.0. ...)
 	NOT-FOR-US: Zimbra
-CVE-2025-25064 (SQL injection vulnerability in the ZimbraSyncService SOAP endpoint in  ...)
+CVE-2025-25064 (SQL injection vulnerability in the ZimbraSync Service SOAP endpoint in ...)
 	NOT-FOR-US: Zimbra
 CVE-2025-25063 (An XSS issue was discovered in Backdrop CMS 1.28.x before 1.28.5 and 1 ...)
 	- backdrop <itp> (bug #914257)
@@ -2178,7 +2288,7 @@ CVE-2024-57547 (Insecure Permissions vulnerability in CMSimple v.5.16 allows a r
 	NOT-FOR-US: CMSimple
 CVE-2024-57546 (An issue in CMSimple v.5.16 allows a remote attacker to obtain sensiti ...)
 	NOT-FOR-US: CMSimple
-CVE-2024-57373 (Cross Site Request Forgery vulnerability in LifestyleStore v.1.0 allow ...)
+CVE-2024-57373 (Cross Site Request Forgery (CSRF) vulnerability in LifestyleStore v1.0 ...)
 	NOT-FOR-US: LifestyleStore
 CVE-2024-57052 (An issue in youdiancms v.9.5.20 and before allows a remote attacker to ...)
 	NOT-FOR-US: youdiancms
@@ -200589,8 +200699,8 @@ CVE-2022-40918 (Buffer overflow in firmware lewei_cam binary version 2.0.10 in F
 	NOT-FOR-US: firmware lewei_cam binary
 CVE-2022-40917
 	RESERVED
-CVE-2022-40916
-	RESERVED
+CVE-2022-40916 (Tiny File Manager v2.4.7 and below is vulnerable to session fixation.)
+	TODO: check
 CVE-2022-40915
 	RESERVED
 CVE-2022-40914
@@ -201702,8 +201812,8 @@ CVE-2022-40492
 	RESERVED
 CVE-2022-40491
 	RESERVED
-CVE-2022-40490
-	RESERVED
+CVE-2022-40490 (Tiny File Manager v2.4.7 and below was discovered to contain a Cross S ...)
+	TODO: check
 CVE-2022-40489 (ThinkCMF version 6.0.7 is affected by a Cross Site Request Forgery (CS ...)
 	NOT-FOR-US: ThinkCMF
 CVE-2022-40488 (ProcessWire v3.0.200 was discovered to contain a Cross-Site Request Fo ...)
@@ -225597,8 +225707,7 @@ CVE-2022-31766 (A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G)
 	NOT-FOR-US: Siemens
 CVE-2022-31765 (Affected devices do not properly authorize the change password functio ...)
 	NOT-FOR-US: Siemens
-CVE-2022-31764
-	RESERVED
+CVE-2022-31764 (The Lite UI of Apache ShardingSphere ElasticJob-UI allows an attacker  ...)
 	NOT-FOR-US: Apache ShardingSphere ElasticJob-UI
 CVE-2022-1925 (DOS / potential heap overwrite in mkv demuxing using HEADERSTRIP decom ...)
 	{DSA-5204-1 DLA-3069-1}



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4ccd8b0824d1b17fd952b20e66993c1bbb8c1534

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4ccd8b0824d1b17fd952b20e66993c1bbb8c1534
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250206/aa20ea7c/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list