[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Feb 11 08:12:03 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
09e34235 by security tracker role at 2025-02-11T08:11:57+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,333 @@
+CVE-2025-25243 (SAP Supplier Relationship Management (Master Data Management Catalog) ...)
+ TODO: check
+CVE-2025-25241 (Due to a missing authorization check, an attacker who is logged in to ...)
+ TODO: check
+CVE-2025-25194 (Lemmy, a link aggregator and forum for the fediverse, is vulnerable to ...)
+ TODO: check
+CVE-2025-25193 (Netty, an asynchronous, event-driven network application framework, ha ...)
+ TODO: check
+CVE-2025-25190 (The ZOO-Project is an open source processing platform. The ZOO-Project ...)
+ TODO: check
+CVE-2025-25189 (The ZOO-Project is an open source processing platform. A reflected Cro ...)
+ TODO: check
+CVE-2025-24970 (Netty, an asynchronous, event-driven network application framework, ha ...)
+ TODO: check
+CVE-2025-24876 (The SAP Approuter Node.js package version v16.7.1 and before is vulner ...)
+ TODO: check
+CVE-2025-24875 (SAP Commerce, by default, sets certain cookies with the SameSite attri ...)
+ TODO: check
+CVE-2025-24874 (SAP Commerce (Backoffice) uses the deprecated X-FRAME-OPTIONS header t ...)
+ TODO: check
+CVE-2025-24872 (The ABAP Build Framework in SAP ABAP Platform allows an authenticated ...)
+ TODO: check
+CVE-2025-24870 (SAP GUI for Windows & RFC service credentials are incorrectly stored i ...)
+ TODO: check
+CVE-2025-24869 (SAP NetWeaver Application Server Java allows an attacker to access an ...)
+ TODO: check
+CVE-2025-24868 (The User Account and Authentication service (UAA) for SAP HANA extende ...)
+ TODO: check
+CVE-2025-24867 (SAP BusinessObjects Platform (BI Launchpad) does not sufficiently hand ...)
+ TODO: check
+CVE-2025-23193 (SAP NetWeaver Server ABAP allows an unauthenticated attacker to exploi ...)
+ TODO: check
+CVE-2025-23191 (Cached values belonging to the SAP OData endpoint in SAP Fiori for SAP ...)
+ TODO: check
+CVE-2025-23190 (Due to missing authorization check, an authenticated attacker could ca ...)
+ TODO: check
+CVE-2025-23189 (Due to missing authorization check in an RFC enabled function module i ...)
+ TODO: check
+CVE-2025-23187 (Due to missing authorization check in an RFC enabled function module i ...)
+ TODO: check
+CVE-2025-1211 (Versions of the package hackney from 0.0.0 are vulnerable to Server-si ...)
+ TODO: check
+CVE-2025-1181 (A vulnerability classified as critical was found in GNU Binutils 2.43. ...)
+ TODO: check
+CVE-2025-1180 (A vulnerability classified as problematic has been found in GNU Binuti ...)
+ TODO: check
+CVE-2025-1179 (A vulnerability was found in GNU Binutils 2.43. It has been rated as c ...)
+ TODO: check
+CVE-2025-1178 (A vulnerability was found in GNU Binutils 2.43. It has been declared a ...)
+ TODO: check
+CVE-2025-1177 (A vulnerability was found in dayrui XunRuiCMS 4.6.3. It has been class ...)
+ TODO: check
+CVE-2025-1176 (A vulnerability was found in GNU Binutils 2.43 and classified as criti ...)
+ TODO: check
+CVE-2025-1174 (A vulnerability has been found in 1000 Projects Bookstore Management S ...)
+ TODO: check
+CVE-2025-1173 (A vulnerability, which was classified as critical, was found in 1000 P ...)
+ TODO: check
+CVE-2025-1172 (A vulnerability, which was classified as critical, has been found in 1 ...)
+ TODO: check
+CVE-2025-1171 (A vulnerability classified as problematic was found in code-projects R ...)
+ TODO: check
+CVE-2025-1170 (A vulnerability classified as problematic has been found in code-proje ...)
+ TODO: check
+CVE-2025-1169 (A vulnerability was found in SourceCodester Image Compressor Tool 1.0. ...)
+ TODO: check
+CVE-2025-1168 (A vulnerability was found in SourceCodester Contact Manager with Expor ...)
+ TODO: check
+CVE-2025-1167 (A vulnerability was found in Mayuri K Employee Management System up to ...)
+ TODO: check
+CVE-2025-1166 (A vulnerability has been found in SourceCodester Food Menu Manager 1.0 ...)
+ TODO: check
+CVE-2025-1165 (A vulnerability, which was classified as critical, was found in Lumsof ...)
+ TODO: check
+CVE-2025-1164 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2025-1163 (A vulnerability classified as critical was found in code-projects Vehi ...)
+ TODO: check
+CVE-2025-1162 (A vulnerability classified as critical has been found in code-projects ...)
+ TODO: check
+CVE-2025-1160 (A vulnerability was found in SourceCodester Employee Management System ...)
+ TODO: check
+CVE-2025-1159 (A vulnerability was found in CampCodes School Management Software 1.0. ...)
+ TODO: check
+CVE-2025-1158 (A vulnerability was found in ESAFENET CDG 5.6.3.154.205_20250114. It h ...)
+ TODO: check
+CVE-2025-1157 (A vulnerability was found in Allims lab.online up to 20250201 and clas ...)
+ TODO: check
+CVE-2025-1156 (A vulnerability has been found in Pix Software Vivaz 6.0.10 and classi ...)
+ TODO: check
+CVE-2025-1145 (NetVision Information ISOinsight has a Reflected Cross-site Scripting ...)
+ TODO: check
+CVE-2025-1144 (School Affairs System from Quanxun has an Exposure of Sensitive Inform ...)
+ TODO: check
+CVE-2025-1143 (Certain models of routers from Billion Electric has hard-coded embedde ...)
+ TODO: check
+CVE-2025-1002 (MicroDicom DICOM Viewerversion 2024.03 fails to adequately verify the ...)
+ TODO: check
+CVE-2025-0499
+ REJECTED
+CVE-2025-0181 (The WP Foodbakery plugin for WordPress is vulnerable to privilege esca ...)
+ TODO: check
+CVE-2025-0180 (The WP Foodbakery plugin for WordPress is vulnerable to privilege esca ...)
+ TODO: check
+CVE-2025-0064 (Under specific conditions, the Central Management Console of the SAP B ...)
+ TODO: check
+CVE-2025-0054 (SAP NetWeaver Application Server Java does not sufficiently handle use ...)
+ TODO: check
+CVE-2024-9688
+ REJECTED
+CVE-2024-9625
+ REJECTED
+CVE-2024-9580
+ REJECTED
+CVE-2024-9196
+ REJECTED
+CVE-2024-9185
+ REJECTED
+CVE-2024-9181
+ REJECTED
+CVE-2024-9015
+ REJECTED
+CVE-2024-9010
+ REJECTED
+CVE-2024-8753
+ REJECTED
+CVE-2024-8677
+ REJECTED
+CVE-2024-8674
+ REJECTED
+CVE-2024-8545
+ REJECTED
+CVE-2024-8351
+ REJECTED
+CVE-2024-8240
+ REJECTED
+CVE-2024-7880
+ REJECTED
+CVE-2024-7566
+ REJECTED
+CVE-2024-7393
+ REJECTED
+CVE-2024-7298
+ REJECTED
+CVE-2024-6304
+ REJECTED
+CVE-2024-6140
+ REJECTED
+CVE-2024-6106
+ REJECTED
+CVE-2024-6105
+ REJECTED
+CVE-2024-6093
+ REJECTED
+CVE-2024-6081
+ REJECTED
+CVE-2024-5850
+ REJECTED
+CVE-2024-5747
+ REJECTED
+CVE-2024-5738
+ REJECTED
+CVE-2024-5308
+ REJECTED
+CVE-2024-5164
+ REJECTED
+CVE-2024-5146
+ REJECTED
+CVE-2024-52612 (SolarWinds Platform is vulnerable to a reflected cross-site scripting ...)
+ TODO: check
+CVE-2024-52611 (The SolarWinds Platform is vulnerable to an information disclosure vul ...)
+ TODO: check
+CVE-2024-52606 (SolarWinds Platform is affected by server-side request forgery vulnera ...)
+ TODO: check
+CVE-2024-4952
+ REJECTED
+CVE-2024-4951
+ REJECTED
+CVE-2024-4880
+ REJECTED
+CVE-2024-4625
+ REJECTED
+CVE-2024-4285
+ REJECTED
+CVE-2024-4276
+ REJECTED
+CVE-2024-4108
+ REJECTED
+CVE-2024-4101
+ REJECTED
+CVE-2024-4012
+ REJECTED
+CVE-2024-45718 (Sensitive data could be exposed to non- privileged users in a configur ...)
+ TODO: check
+CVE-2024-3975
+ REJECTED
+CVE-2024-3702
+ REJECTED
+CVE-2024-3449
+ REJECTED
+CVE-2024-3260
+ REJECTED
+CVE-2024-3103
+ REJECTED
+CVE-2024-3069
+ REJECTED
+CVE-2024-2652
+ REJECTED
+CVE-2024-2396
+ REJECTED
+CVE-2024-2388
+ REJECTED
+CVE-2024-2114
+ REJECTED
+CVE-2024-2037
+ REJECTED
+CVE-2024-28989 (SolarWinds Web Help Desk was found to have a hardcoded cryptographic k ...)
+ TODO: check
+CVE-2024-1964
+ REJECTED
+CVE-2024-1944
+ REJECTED
+CVE-2024-1734
+ REJECTED
+CVE-2024-1457
+ REJECTED
+CVE-2024-13643 (The Zox News - Professional WordPress News & Magazine Theme plugin for ...)
+ TODO: check
+CVE-2024-13570 (The Stray Random Quotes WordPress plugin through 1.9.9 does not saniti ...)
+ TODO: check
+CVE-2024-13544 (The Zarinpal Paid Download WordPress plugin through 2.3 does not prope ...)
+ TODO: check
+CVE-2024-13543 (The Zarinpal Paid Download WordPress plugin through 2.3 does not sanit ...)
+ TODO: check
+CVE-2024-12904
+ REJECTED
+CVE-2024-12765
+ REJECTED
+CVE-2024-12764
+ REJECTED
+CVE-2024-12763
+ REJECTED
+CVE-2024-12599 (The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress ...)
+ TODO: check
+CVE-2024-12246
+ REJECTED
+CVE-2024-12242
+ REJECTED
+CVE-2024-12161
+ REJECTED
+CVE-2024-12095
+ REJECTED
+CVE-2024-11890
+ REJECTED
+CVE-2024-11397
+ REJECTED
+CVE-2024-11288
+ REJECTED
+CVE-2024-11264
+ REJECTED
+CVE-2024-11191
+ REJECTED
+CVE-2024-10347
+ REJECTED
+CVE-2024-10305
+ REJECTED
+CVE-2024-10249
+ REJECTED
+CVE-2024-10042
+ REJECTED
+CVE-2024-0644
+ REJECTED
+CVE-2024-0339
+ REJECTED
+CVE-2024-0198
+ REJECTED
+CVE-2023-7182
+ REJECTED
+CVE-2023-6819
+ REJECTED
+CVE-2023-6167
+ REJECTED
+CVE-2023-6060
+ REJECTED
+CVE-2023-5513
+ REJECTED
+CVE-2023-5510
+ REJECTED
+CVE-2023-5508
+ REJECTED
+CVE-2023-4784
+ REJECTED
+CVE-2023-4765
+ REJECTED
+CVE-2023-4656
+ REJECTED
+CVE-2023-4210
+ REJECTED
+CVE-2023-4014
+ REJECTED
+CVE-2023-3963
+ REJECTED
+CVE-2023-3930
+ REJECTED
+CVE-2023-3929
+ REJECTED
+CVE-2023-3928
+ REJECTED
+CVE-2023-3919
+ REJECTED
+CVE-2023-3913
+ REJECTED
+CVE-2023-3911
+ REJECTED
+CVE-2023-3908
+ REJECTED
+CVE-2023-3549
+ REJECTED
+CVE-2023-3483
+ REJECTED
+CVE-2023-3448
+ REJECTED
+CVE-2023-3437
+ REJECTED
+CVE-2023-3402
+ REJECTED
+CVE-2023-3185
+ REJECTED
+CVE-2023-2965
+ REJECTED
CVE-2025-25247 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: Apache Felix Webconsole
CVE-2025-25188 (Hickory DNS is a Rust based DNS client, server, and resolver. A vulner ...)
@@ -483,6 +813,7 @@ CVE-2024-12243 (A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 d
NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1553
NOTE: Fixed by: https://gitlab.com/gnutls/gnutls/-/commit/4760bc63531e3f5039e70ede91a20e1194410892 (3.8.9)
CVE-2024-12133 (A flaw in libtasn1 causes inefficient handling of specific certificate ...)
+ {DSA-5863-1}
- libtasn1-6 4.20.0-1 (bug #1095406)
NOTE: https://www.openwall.com/lists/oss-security/2025/02/06/6
NOTE: https://gitlab.com/gnutls/libtasn1/-/issues/52
@@ -1330,6 +1661,7 @@ CVE-2025-25063 (An XSS issue was discovered in Backdrop CMS 1.28.x before 1.28.5
CVE-2025-25062 (An XSS issue was discovered in Backdrop CMS 1.28.x before 1.28.5 and 1 ...)
- backdrop <itp> (bug #914257)
CVE-2025-24898 (rust-openssl is a set of OpenSSL bindings for the Rust programming lan ...)
+ {DLA-4049-1}
- rust-openssl 0.10.70-1
NOTE: https://github.com/sfackler/rust-openssl/security/advisories/GHSA-rpmj-rpgj-qmpm
NOTE: https://github.com/sfackler/rust-openssl/pull/2360
@@ -1681,7 +2013,7 @@ CVE-2024-57433 (macrozheng mall-tiny 1.0.1 is vulnerable to Incorrect Access Con
NOT-FOR-US: macrozheng mall-tiny
CVE-2024-55062 (EasyVirt DCScope 8.6.0 and earlier and co2Scope 1.3.0 and earlier are ...)
NOT-FOR-US: EasyVirt DCScope
-CVE-2024-53357 (In EasyVirt DCScope <=8.6.0 and CO2Scope <=1.3.0, the AES encryption k ...)
+CVE-2024-53357 (Multiple SQL injection vulnerabilities in EasyVirt DCScope <= 8.6.0 an ...)
NOT-FOR-US: EasyVirt DCScope
CVE-2024-53356 (Weak JWT Secret vulnerabilitiy in EasyVirt DCScope <= 8.6.0 and CO2Sco ...)
NOT-FOR-US: EasyVirt DCScope
@@ -3040,7 +3372,7 @@ CVE-2025-24537 (Cross-Site Request Forgery (CSRF) vulnerability in The Events Ca
CVE-2025-24533 (Cross-Site Request Forgery (CSRF) vulnerability in MetaSlider Responsi ...)
NOT-FOR-US: WordPress plugin
CVE-2025-24368 (Cacti is an open source performance and fault management framework. So ...)
- {DSA-5862-1}
+ {DSA-5862-1 DLA-4048-1}
- cacti 1.2.28+ds1-4 (bug #1094574)
NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-f9c7-7rc3-574c
NOTE: Backend fixed by: https://github.com/Cacti/cacti/commit/8b516cb9a73322ad532231e74000c2ee097b495e (release/1.2.27)
@@ -3049,7 +3381,7 @@ CVE-2025-24368 (Cacti is an open source performance and fault management framewo
NOTE: Frontend regression: https://github.com/Cacti/cacti/issues/6090
NOTE: Frontend fix optional: https://github.com/Cacti/cacti/pull/6094#issuecomment-2643321503
CVE-2025-24367 (Cacti is an open source performance and fault management framework. An ...)
- {DSA-5862-1}
+ {DSA-5862-1 DLA-4048-1}
- cacti 1.2.28+ds1-4 (bug #1094574; unimportant)
NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-fxrq-fr7h-9rqq
NOTE: Fixed by: https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0
@@ -3089,7 +3421,7 @@ CVE-2025-23457 (Improper Neutralization of Input During Web Page Generation ('Cr
CVE-2025-23197 (matrix-hookshot is a Matrix bot for connecting to external services li ...)
NOT-FOR-US: matrix-hookshot
CVE-2025-22604 (Cacti is an open source performance and fault management framework. Du ...)
- {DSA-5862-1}
+ {DSA-5862-1 DLA-4048-1}
- cacti 1.2.28+ds1-4 (bug #1094574)
NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-c5j8-jxj3-hh36
NOTE: Fixed by: https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0
@@ -3184,7 +3516,7 @@ CVE-2024-54146 (Cacti is an open source performance and fault management framewo
NOTE: Fixed by: https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0
NOTE: Fix is incomplete. Cf. https://github.com/Cacti/cacti/pull/6096
CVE-2024-54145 (Cacti is an open source performance and fault management framework. Ca ...)
- {DSA-5862-1}
+ {DSA-5862-1 DLA-4048-1}
- cacti 1.2.28+ds1-4 (bug #1094574)
NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-fh3x-69rr-qqpp
NOTE: Fixed by: https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0
@@ -3201,7 +3533,7 @@ CVE-2024-48417 (Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 is vulnera
CVE-2024-48416 (Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 is vulnerable to ...)
NOT-FOR-US: Edimax
CVE-2024-45598 (Cacti is an open source performance and fault management framework. Pr ...)
- {DSA-5862-1}
+ {DSA-5862-1 DLA-4048-1}
- cacti 1.2.28+ds1-4 (bug #1094574)
NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-pv2c-97pp-vxwg
NOTE: Fixed by: https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0
@@ -10658,7 +10990,7 @@ CVE-2024-55605 (Suricata is a network Intrusion Detection System, Intrusion Prev
NOTE: Fixed by: https://github.com/OISF/suricata/commit/c3a6abf60134c2993ee3802ee52206e9fdbf55ba (suricata-7.0.8)
CVE-2024-55529 (Z-BlogPHP 1.7.3 is vulnerable to arbitrary code execution via \zb_user ...)
NOT-FOR-US: Z-BlogPHP
-CVE-2024-55408 (An issue in the AsusSAIO.sys component of ASUS System Analysis IO v1.0 ...)
+CVE-2024-55408 (An improper access control vulnerability in the AsusSAIO.sys driver ma ...)
NOT-FOR-US: ASUS
CVE-2024-55407 (An issue in the DeviceloControl function of ITE Tech. Inc ITE IO Acces ...)
NOT-FOR-US: ITE
@@ -29008,6 +29340,7 @@ CVE-2024-49685 (Cross-Site Request Forgery (CSRF) vulnerability in Smash Balloon
CVE-2024-49674 (Cross-Site Request Forgery (CSRF) vulnerability in Lukas Huser EKC Tou ...)
NOT-FOR-US: WordPress plugin
CVE-2024-48910 (DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for H ...)
+ {DLA-4048-1}
- cacti 1.2.26+ds1-1
[bookworm] - cacti 1.2.24+ds1-1+deb12u2
- node-dompurify 3.0.9+dfsg+~3.0.5-1
@@ -29237,7 +29570,7 @@ CVE-2024-10573 (An out-of-bounds write flaw was found in mpg123 when handling cr
NOTE: https://sourceforge.net/p/mpg123/bugs/322/
CVE-2024-9997 (A maliciously crafted DWG file when parsed in acdb25.dll through Autod ...)
NOT-FOR-US: Autodesk
-CVE-2024-9996 (A maliciously crafted DWG file when parsed in acdb25.dll through Autod ...)
+CVE-2024-9996 (A maliciously crafted DWG file, when parsed in acdb25.dll through Auto ...)
NOT-FOR-US: Autodesk
CVE-2024-9886 (The WP Baidu Map plugin for WordPress is vulnerable to Stored Cross-Si ...)
NOT-FOR-US: WordPress plugin
@@ -29269,13 +29602,13 @@ CVE-2024-8598 (A maliciously crafted STP file when parsed in ACTranslators.exe t
NOT-FOR-US: Autodesk
CVE-2024-8597 (A maliciously crafted STP file when parsed in ASMDATAX230A.dll through ...)
NOT-FOR-US: Autodesk
-CVE-2024-8596 (A maliciously crafted MODEL file when parsed in libodxdll.dll through ...)
+CVE-2024-8596 (A maliciously crafted MODEL file, when parsed in libodxdll.dll through ...)
NOT-FOR-US: Autodesk
CVE-2024-8595 (A maliciously crafted MODEL file when parsed in libodxdll.dll through ...)
NOT-FOR-US: Autodesk
CVE-2024-8594 (A maliciously crafted MODEL file when parsed in libodxdll.dll through ...)
NOT-FOR-US: Autodesk
-CVE-2024-8593 (A maliciously crafted CATPART file when parsed in ASMKERN230A.dll thro ...)
+CVE-2024-8593 (A maliciously crafted CATPART file, when parsed in ASMKERN230A.dll thr ...)
NOT-FOR-US: Autodesk
CVE-2024-8592 (A maliciously crafted CATPART file when parsed in AcTranslators.exe th ...)
NOT-FOR-US: Autodesk
@@ -34009,7 +34342,7 @@ CVE-2024-8719 (The Flexmls\xae IDX Plugin plugin for WordPress is vulnerable to
NOT-FOR-US: WordPress plugin
CVE-2024-7994 (A maliciously crafted RFA file, when parsed through Autodesk Revit, ca ...)
NOT-FOR-US: Autodesk
-CVE-2024-7993 (A maliciously crafted PDF file, when parsed through Autodesk Revit, ca ...)
+CVE-2024-7993 (A maliciously crafted PDF file, when parsed through Autodesk Revit, ma ...)
NOT-FOR-US: Autodesk
CVE-2024-7417 (The Royal Elementor Addons and Templates plugin for WordPress is vulne ...)
NOT-FOR-US: WordPress plugin
@@ -35287,7 +35620,7 @@ CVE-2024-47884 (foxmarks is a CLI read-only interface for Firefox's bookmarks an
CVE-2024-47877 (Extract is aA Go library to extract archives in zip, tar.gz or tar.bz2 ...)
NOT-FOR-US: codeclysm/extract Go library
CVE-2024-47875 (DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for H ...)
- {DSA-5790-1}
+ {DSA-5790-1 DLA-4048-1}
- cacti 1.2.26+ds1-1
[bookworm] - cacti 1.2.24+ds1-1+deb12u2
- node-dompurify 3.1.6+dfsg+~3.0.5-1 (bug #1084983)
@@ -36526,25 +36859,25 @@ CVE-2024-43697 (in OpenHarmony v4.1.0 and prior versions allow a local attacker
CVE-2024-43696 (in OpenHarmony v4.1.0 and prior versions allow a local attacker cause ...)
NOT-FOR-US: OpenHarmony
CVE-2024-43365 (Cacti is an open source performance and fault management framework. Th ...)
- {DSA-5862-1}
+ {DSA-5862-1 DLA-4048-1}
- cacti 1.2.28+ds1-1
NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-49f2-hwx9-qffr
NOTE: Fixed by: https://github.com/Cacti/cacti/commit/e03f605dca8da56ecc7d321103a5842cd32007b0 (release/1.2.28)
NOTE: Fixed by: https://github.com/Cacti/cacti/commit/059d107fade96cde3743f1e2d444ce52beb92321 (release/1.2.28)
CVE-2024-43364 (Cacti is an open source performance and fault management framework. Th ...)
- {DSA-5862-1}
+ {DSA-5862-1 DLA-4048-1}
- cacti 1.2.28+ds1-1
NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-fgc6-g8gc-wcg5
NOTE: Fixed by: https://github.com/Cacti/cacti/commit/e03f605dca8da56ecc7d321103a5842cd32007b0 (release/1.2.28)
NOTE: Fixed by: https://github.com/Cacti/cacti/commit/059d107fade96cde3743f1e2d444ce52beb92321 (release/1.2.28)
CVE-2024-43363 (Cacti is an open source performance and fault management framework. An ...)
- {DSA-5862-1}
+ {DSA-5862-1 DLA-4048-1}
- cacti 1.2.28+ds1-1 (unimportant)
NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-gxq4-mv8h-6qj4
NOTE: Fixed by: https://github.com/Cacti/cacti/commit/3adc71a2b97506bf26c21935e1e6f30d58fe88e3 (release/1.2.28)
NOTE: Negligible security impact as exploitability depends on writable web root for cacti
CVE-2024-43362 (Cacti is an open source performance and fault management framework. Th ...)
- {DSA-5862-1}
+ {DSA-5862-1 DLA-4048-1}
- cacti 1.2.28+ds1-1
NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-wh9c-v56x-v77c
NOTE: Fixed by: https://github.com/Cacti/cacti/commit/3f64e7c1a63e36d0e826c34f05ad20b6683b27ff (release/1.2.28)
@@ -94936,7 +95269,7 @@ CVE-2024-24230 (Komm.One CMS 10.4.2.14 has a Server-Side Template Injection (SST
NOT-FOR-US: Komm.One CMS
CVE-2024-23604 (Cross-site scripting vulnerability exists in FitNesse all releases, wh ...)
NOT-FOR-US: FitNesse
-CVE-2024-23139 (An Out-Of-Bounds Write Vulnerability in Autodesk FBX Review version 1. ...)
+CVE-2024-23139 (A maliciously crafted ABC file, when parsed through Autodesk FBX, may ...)
NOT-FOR-US: Autodesk
CVE-2024-23138 (A maliciously crafted DWG file when parsed through Autodesk DWG TrueVi ...)
NOT-FOR-US: Autodesk
@@ -101498,21 +101831,21 @@ CVE-2024-23126 (A maliciously crafted CATPART file when parsed CC5Dll.dll throug
NOT-FOR-US: Autodesk
CVE-2024-23125 (A maliciously crafted SLDPRT file when parsed ODXSW_DLL.dll through Au ...)
NOT-FOR-US: Autodesk
-CVE-2024-23124 (A maliciously crafted STP file when parsed in ASMIMPORT228A.dll throug ...)
+CVE-2024-23124 (A maliciously crafted STP file, when parsed in ASMIMPORT228A.dll throu ...)
NOT-FOR-US: Autodesk
CVE-2024-23123 (A maliciously crafted CATPART file, when parsed in CC5Dll.dll and ASMB ...)
NOT-FOR-US: Autodesk
CVE-2024-23122 (A maliciously crafted 3DM file, when parsed in opennurbs.dll through A ...)
NOT-FOR-US: Autodesk
-CVE-2024-23121 (A maliciously crafted MODEL file when parsed in libodxdll.dll through ...)
+CVE-2024-23121 (A maliciously crafted MODEL file, when parsed in libodxdll.dll through ...)
NOT-FOR-US: Autodesk
-CVE-2024-23120 (A maliciously crafted STP and STEP file when parsed in ASMIMPORT228A.d ...)
+CVE-2024-23120 (A maliciously crafted STP and STEP file, when parsed in ASMIMPORT228A. ...)
NOT-FOR-US: Autodesk
CVE-2024-1053 (The Event Tickets and Registration plugin for WordPress is vulnerable ...)
NOT-FOR-US: WordPress plugin
CVE-2024-0903 (The User Feedback \u2013 Create Interactive Feedback Form, User Survey ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-0446 (A maliciously crafted STP, CATPART or MODEL file when parsed in ASMKER ...)
+CVE-2024-0446 (A maliciously crafted STP, CATPART or MODEL file, when parsed in ASMKE ...)
NOT-FOR-US: Autodesk
CVE-2023-52155 (A SQL Injection vulnerability in /admin/sauvegarde/run.php in PMB 7.4. ...)
NOT-FOR-US: PMB
@@ -130614,6 +130947,7 @@ CVE-2023-2567 (A SQL Injection vulnerability has been found in Nozomi Networks G
CVE-2023-29245 (A SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due ...)
NOT-FOR-US: Nozomi Networks Guardian and CMC
CVE-2023-4998
+ REJECTED
- gitlab 16.4.4+ds2-2
CVE-2023-5060 (Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenm ...)
NOT-FOR-US: LibreNMS
@@ -148675,7 +149009,7 @@ CVE-2023-2240 (Improper Privilege Management in GitHub repository microweber/mic
CVE-2023-2239 (Exposure of Private Personal Information to an Unauthorized Actor in G ...)
NOT-FOR-US: microweber
CVE-2023-2238
- RESERVED
+ REJECTED
CVE-2023-2237 (The WP Replicate Post plugin for WordPress is vulnerable to SQL Inject ...)
NOT-FOR-US: WordPress plugin
CVE-2023-2236 (A use-after-free vulnerability in the Linux Kernel io_uring subsystem ...)
@@ -158530,7 +158864,7 @@ CVE-2023-24587 (Insufficient control flow management in firmware for some Intel(
CVE-2023-22434
RESERVED
CVE-2023-1266
- RESERVED
+ REJECTED
CVE-2023-1265 (An issue has been discovered in GitLab affecting all versions starting ...)
- gitlab 15.10.8+ds1-2
CVE-2023-1264 (NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.139 ...)
@@ -159605,7 +159939,7 @@ CVE-2023-1173
CVE-2023-1172 (The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scr ...)
NOT-FOR-US: Bookly plugin for WordPress
CVE-2023-1171
- RESERVED
+ REJECTED
CVE-2023-1170 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1 ...)
- vim 2:9.0.1378-1 (unimportant)
NOTE: https://huntr.dev/bounties/286e0090-e654-46d2-ac60-29f81799d0a4
@@ -217807,7 +218141,7 @@ CVE-2022-2284 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to
NOTE: https://github.com/vim/vim/commit/3d51ce18ab1be4f9f6061568a4e7fabf00b21794 (v9.0.0017)
NOTE: Crash in CLI tool, no security impact
CVE-2022-2283
- RESERVED
+ REJECTED
CVE-2022-2282
REJECTED
CVE-2022-2281 (An information disclosure vulnerability in GitLab EE affecting all ver ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/09e34235eee78d423d99904f1be002d3889b4618
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/09e34235eee78d423d99904f1be002d3889b4618
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250211/2d7844a9/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list