[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Feb 7 08:12:26 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6932968e by security tracker role at 2025-02-07T08:12:21+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,77 @@
+CVE-2025-23094 (The Platform component of Mitel OpenScape 4000 and OpenScape 4000 Mana ...)
+	TODO: check
+CVE-2025-23093 (The Platform component of Mitel OpenScape 4000 and OpenScape 4000 Mana ...)
+	TODO: check
+CVE-2025-22880 (Delta Electronics CNCSoft-G2 lacks proper validation of the length of  ...)
+	TODO: check
+CVE-2025-22402 (Dell Update Manager Plugin, version(s) 1.5.0 through 1.6.0, contain(s) ...)
+	TODO: check
+CVE-2025-21408 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability)
+	TODO: check
+CVE-2025-21404 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
+	TODO: check
+CVE-2025-21342 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability)
+	TODO: check
+CVE-2025-21283 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability)
+	TODO: check
+CVE-2025-21279 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability)
+	TODO: check
+CVE-2025-21267 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
+	TODO: check
+CVE-2025-21253 (Microsoft Edge for IOS and Android Spoofing Vulnerability)
+	TODO: check
+CVE-2025-21177 (Server-Side Request Forgery (SSRF) in Microsoft Dynamics 365 Sales all ...)
+	TODO: check
+CVE-2025-1086 (A vulnerability has been found in Safetytest Cloud-Master Server up to ...)
+	TODO: check
+CVE-2025-1085 (A vulnerability, which was classified as problematic, was found in Ani ...)
+	TODO: check
+CVE-2025-1084 (A vulnerability, which was classified as problematic, has been found i ...)
+	TODO: check
+CVE-2025-1083 (A vulnerability classified as problematic was found in Mindskip xzs-my ...)
+	TODO: check
+CVE-2025-1082 (A vulnerability classified as problematic has been found in Mindskip x ...)
+	TODO: check
+CVE-2025-1081 (A vulnerability was found in Bharti Airtel Xstream Fiber up to 2025012 ...)
+	TODO: check
+CVE-2025-1072 (A Denial of Service (DoS) issue has been discovered in GitLab CE/EE af ...)
+	TODO: check
+CVE-2025-1061 (The Nextend Social Login Pro plugin for WordPress is vulnerable to aut ...)
+	TODO: check
+CVE-2025-1004 (Certain HP LaserJet Pro printers may potentially experience a denial o ...)
+	TODO: check
+CVE-2025-0675 (Multiple Elber products suffer from an unauthenticated device configur ...)
+	TODO: check
+CVE-2025-0674 (Multiple Elber products are affected by an authentication bypass  vuln ...)
+	TODO: check
+CVE-2025-0158 (IBM EntireX 11.1 could allow a local user to cause a denial of service ...)
+	TODO: check
+CVE-2024-57609 (An issue in Kanaries Inc Pygwalker before v.0.4.9.9 allows a remote at ...)
+	TODO: check
+CVE-2024-57392 (Buffer Overflow vulnerability in Proftpd commit 4017eff8 allows a remo ...)
+	TODO: check
+CVE-2024-56889 (Incorrect access control in the endpoint /admin/m_delete.php of CodeAs ...)
+	TODO: check
+CVE-2024-56467 (IBM EntireX 11.1 could allow a local user to obtain sensitive informat ...)
+	TODO: check
+CVE-2024-55241 (An issue in deep-diver LLM-As-Chatbot before commit 99c2c03 allows a r ...)
+	TODO: check
+CVE-2024-54909 (A vulnerability has been identified in GoldPanKit eva-server v4.1.0. I ...)
+	TODO: check
+CVE-2024-54171 (IBM EntireX 11.1 is vulnerable to an XML external entity injection (XX ...)
+	TODO: check
+CVE-2024-53586 (An issue in the relPath parameter of WebFileSys version 2.31.0 allows  ...)
+	TODO: check
+CVE-2024-48589 (Cross Site Scripting vulnerability in Gilnei Moraes phpABook v.0.9 all ...)
+	TODO: check
+CVE-2024-25883 (The mstatus register in RSD commit 3d13a updates incorrectly, leading  ...)
+	TODO: check
+CVE-2024-13841 (The Builder Shortcode Extras \u2013 WordPress Shortcodes Collection to ...)
+	TODO: check
+CVE-2024-13492 (The Guten Free Options WordPress plugin through 0.9.5 does not sanitis ...)
+	TODO: check
+CVE-2024-13352 (The Legull WordPress plugin through 1.2.2 does not sanitise and escape ...)
+	TODO: check
 CVE-2024-12133
 	- libtasn1-6 <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2025/02/06/6
@@ -4333,7 +4407,7 @@ CVE-2025-0411 (7-Zip Mark-of-the-Web Bypass Vulnerability. This vulnerability al
 	- p7zip <not-affected> (Affects only 7-Zip on Windows handling Mark of the Web (MoTW) metadata)
 	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-25-045/
 	NOTE: https://www.openwall.com/lists/oss-security/2025/01/24/6
-CVE-2025-23085 [GOAWAY HTTP/2 frames cause memory leak outside heap]
+CVE-2025-23085 (A memory leak could occur when a remote peer abruptly closes the socke ...)
 	- nodejs 20.18.2+dfsg-1 (bug #1094134)
 	NOTE: https://nodejs.org/en/blog/vulnerability/january-2025-security-releases#goaway-http2-frames-cause-memory-leak-outside-heap-cve-2025-23085---medium
 CVE-2025-23084 (A vulnerability has been identified in Node.js, specifically affecting ...)
@@ -18299,7 +18373,7 @@ CVE-2024-53125 (In the Linux kernel, the following vulnerability has been resolv
 	- linux 6.11.6-1
 	[bookworm] - linux 6.1.123-1
 	NOTE: https://git.kernel.org/linus/e9bd9c498cb0f5843996dbe5cbce7a1836a83c70 (6.12-rc4)
-CVE-2024-9404 (Moxa\u2019s IP Cameras are affected by a medium-severity vulnerability ...)
+CVE-2024-9404 (This vulnerability could lead to denial-of-service or service crashes. ...)
 	NOT-FOR-US: Moxa
 CVE-2024-54664
 	REJECTED
@@ -53386,7 +53460,7 @@ CVE-2024-35656 (Improper Neutralization of Input During Web Page Generation (XSS
 	NOT-FOR-US: WordPress plugin
 CVE-2024-34457 (On versions before 2.1.4, after a regular user successfully logs in, t ...)
 	NOT-FOR-US: Apache StreamPark
-CVE-2024-34329 (Insecure permissions in Entrust Datacard XPS Card Printer Driver 8.4 a ...)
+CVE-2024-34329 (Insecure permissions in Entrust Datacard XPS Card Printer Driver 8.5 a ...)
 	NOT-FOR-US: Entrust Datacard XPS Card Printer Driver
 CVE-2024-33933 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
 	NOT-FOR-US: WordPress plugin
@@ -324478,8 +324552,8 @@ CVE-2020-36087
 	RESERVED
 CVE-2020-36086
 	RESERVED
-CVE-2020-36085
-	RESERVED
+CVE-2020-36085 (Stored Cross Site Scripting(XSS) vulnerability in Egavilan Media Resum ...)
+	TODO: check
 CVE-2020-36084 (SQL Injection vulnerability in SourceCodester Responsive E-Learning Sy ...)
 	NOT-FOR-US: SourceCodester Responsive E-Learning System
 CVE-2020-36083



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6932968ee47fd7423c87f68726dc3a52506c9089

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6932968ee47fd7423c87f68726dc3a52506c9089
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250207/70ebc809/attachment.htm>

More information about the debian-security-tracker-commits mailing list