[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Feb 11 20:12:56 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1244c73a by security tracker role at 2025-02-11T20:12:50+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,412 @@
-CVE-2024-12797 [RFC7250 handshakes with unauthenticated servers don't abort as expected]
+CVE-2025-26495 (Cleartext Storage of Sensitive Information vulnerability in Salesforce ...)
+ TODO: check
+CVE-2025-26494 (Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau ...)
+ TODO: check
+CVE-2025-26493 (In JetBrains TeamCity before 2024.12.2 several DOM-based XSS were poss ...)
+ TODO: check
+CVE-2025-26492 (In JetBrains TeamCity before 2024.12.2 improper Kubernetes connection ...)
+ TODO: check
+CVE-2025-26491 (A vulnerability has been identified in Opcenter Intelligence (All vers ...)
+ TODO: check
+CVE-2025-26490 (A vulnerability has been identified in Opcenter Intelligence (All vers ...)
+ TODO: check
+CVE-2025-26411 (An authenticated attacker is able to use the Plugin Manager of the web ...)
+ TODO: check
+CVE-2025-26410 (The firmware of all Wattsense Bridge devices contain the same hard-cod ...)
+ TODO: check
+CVE-2025-26409 (A serial interface can be accessed with physical access to the PCB of ...)
+ TODO: check
+CVE-2025-26408 (The JTAG interface of Wattsense Bridge devices can be accessed with ph ...)
+ TODO: check
+CVE-2025-25530 (Buffer overflow vulnerability in Digital China DCBI-Netlog-LAB Gateway ...)
+ TODO: check
+CVE-2025-25529 (Buffer overflow vulnerability in Digital China DCBC Gateway 200-2.1.1 ...)
+ TODO: check
+CVE-2025-25528 (Multiple buffer overflow vulnerabilities in Wavlink WL-WN575A3 RPT75A3 ...)
+ TODO: check
+CVE-2025-25527 (Buffer overflow vulnerability in Ruijie RG-NBR2600S Gateway 10.3(4b12) ...)
+ TODO: check
+CVE-2025-25526 (Buffer overflow vulnerability in Mercury MIPC552W Camera v1.0 due to t ...)
+ TODO: check
+CVE-2025-25525 (Buffer overflow vulnerability in H3C FA3010L access points SWFA1B0V100 ...)
+ TODO: check
+CVE-2025-25524 (Buffer overflow vulnerability in TOTOLink X6000R routers V9.4.0cu.652_ ...)
+ TODO: check
+CVE-2025-25523 (Buffer overflow vulnerability in Trendnet TEG-40128 Web Smart Switch v ...)
+ TODO: check
+CVE-2025-25522 (Buffer overflow vulnerability in Linksys WAP610N v1.0.05.002 due to th ...)
+ TODO: check
+CVE-2025-25202 (Ash Authentication is an authentication framework for Elixir applicati ...)
+ TODO: check
+CVE-2025-24976 (Distribution is a toolkit to pack, ship, store, and deliver container ...)
+ TODO: check
+CVE-2025-24973 (Concorde, formerly know as Nexkey, is a fork of the federated microblo ...)
+ TODO: check
+CVE-2025-24956 (A vulnerability has been identified in OpenV2G (All versions < V0.9.6) ...)
+ TODO: check
+CVE-2025-24900 (Concorde, formerly know as Nexkey, is a fork of the federated microblo ...)
+ TODO: check
+CVE-2025-24897 (Misskey is an open source, federated social media platform. Starting i ...)
+ TODO: check
+CVE-2025-24896 (Misskey is an open source, federated social media platform. Starting i ...)
+ TODO: check
+CVE-2025-24812 (A vulnerability has been identified in SIMATIC S7-1200 CPU 1211C AC/DC ...)
+ TODO: check
+CVE-2025-24811 (A vulnerability has been identified in SIMATIC S7-1200 CPU 1211C AC/DC ...)
+ TODO: check
+CVE-2025-24807 (eprosima Fast DDS is a C++ implementation of the DDS (Data Distributio ...)
+ TODO: check
+CVE-2025-24532 (A vulnerability has been identified in SCALANCE WAB762-1 (6GK5762-1AJ0 ...)
+ TODO: check
+CVE-2025-24499 (A vulnerability has been identified in SCALANCE WAB762-1 (6GK5762-1AJ0 ...)
+ TODO: check
+CVE-2025-24472 (AnAuthentication Bypass Using an Alternate Path or Channel vulnerabili ...)
+ TODO: check
+CVE-2025-24470 (AnImproper Resolution of Path Equivalence vulnerability [CWE-41] in Fo ...)
+ TODO: check
+CVE-2025-24438 (Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2. ...)
+ TODO: check
+CVE-2025-24437 (Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2. ...)
+ TODO: check
+CVE-2025-24436 (Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2. ...)
+ TODO: check
+CVE-2025-24435 (Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2. ...)
+ TODO: check
+CVE-2025-24434 (Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2. ...)
+ TODO: check
+CVE-2025-24432 (Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2. ...)
+ TODO: check
+CVE-2025-24430 (Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2. ...)
+ TODO: check
+CVE-2025-24429 (Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2. ...)
+ TODO: check
+CVE-2025-24428 (Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2. ...)
+ TODO: check
+CVE-2025-24427 (Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2. ...)
+ TODO: check
+CVE-2025-24426 (Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2. ...)
+ TODO: check
+CVE-2025-24425 (Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2. ...)
+ TODO: check
+CVE-2025-24424 (Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2. ...)
+ TODO: check
+CVE-2025-24423 (Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2. ...)
+ TODO: check
+CVE-2025-24422 (Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2. ...)
+ TODO: check
+CVE-2025-24421 (Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2. ...)
+ TODO: check
+CVE-2025-24420 (Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2. ...)
+ TODO: check
+CVE-2025-24419 (Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2. ...)
+ TODO: check
+CVE-2025-24418 (Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2. ...)
+ TODO: check
+CVE-2025-24417 (Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2. ...)
+ TODO: check
+CVE-2025-24416 (Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2. ...)
+ TODO: check
+CVE-2025-24415 (Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2. ...)
+ TODO: check
+CVE-2025-24414 (Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2. ...)
+ TODO: check
+CVE-2025-24413 (Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2. ...)
+ TODO: check
+CVE-2025-24412 (Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2. ...)
+ TODO: check
+CVE-2025-24411 (Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2. ...)
+ TODO: check
+CVE-2025-24410 (Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2. ...)
+ TODO: check
+CVE-2025-24409 (Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2. ...)
+ TODO: check
+CVE-2025-24408 (Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2. ...)
+ TODO: check
+CVE-2025-24407 (Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2. ...)
+ TODO: check
+CVE-2025-24406 (Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2. ...)
+ TODO: check
+CVE-2025-24042 (Visual Studio Code JS Debug Extension Elevation of Privilege Vulnerabi ...)
+ TODO: check
+CVE-2025-24039 (Visual Studio Code Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2025-24036 (Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2025-23403 (A vulnerability has been identified in SIMATIC IPC DiagBase (All versi ...)
+ TODO: check
+CVE-2025-23363 (A vulnerability has been identified in Teamcenter (All versions < V14. ...)
+ TODO: check
+CVE-2025-22467 (A stack-based buffer overflow in Ivanti Connect Secure before version ...)
+ TODO: check
+CVE-2025-22399 (Dell UCC Edge, version 2.3.0, contains a Blind SSRF on Add Customer SF ...)
+ TODO: check
+CVE-2025-21420 (Windows Disk Cleanup Tool Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2025-21419 (Windows Setup Files Cleanup Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2025-21418 (Windows Ancillary Function Driver for WinSock Elevation of Privilege V ...)
+ TODO: check
+CVE-2025-21414 (Windows Core Messaging Elevation of Privileges Vulnerability)
+ TODO: check
+CVE-2025-21410 (Windows Routing and Remote Access Service (RRAS) Remote Code Execution ...)
+ TODO: check
+CVE-2025-21407 (Windows Telephony Service Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2025-21406 (Windows Telephony Service Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2025-21400 (Microsoft SharePoint Server Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2025-21397 (Microsoft Office Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2025-21394 (Microsoft Excel Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2025-21392 (Microsoft Office Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2025-21391 (Windows Storage Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2025-21390 (Microsoft Excel Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2025-21387 (Microsoft Excel Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2025-21386 (Microsoft Excel Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2025-21383 (Microsoft Excel Information Disclosure Vulnerability)
+ TODO: check
+CVE-2025-21381 (Microsoft Excel Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2025-21379 (DHCP Client Service Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2025-21377 (NTLM Hash Disclosure Spoofing Vulnerability)
+ TODO: check
+CVE-2025-21376 (Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execu ...)
+ TODO: check
+CVE-2025-21375 (Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulne ...)
+ TODO: check
+CVE-2025-21373 (Windows Installer Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2025-21371 (Windows Telephony Service Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2025-21369 (Microsoft Digest Authentication Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2025-21368 (Microsoft Digest Authentication Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2025-21367 (Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2025-21359 (Windows Kernel Security Feature Bypass Vulnerability)
+ TODO: check
+CVE-2025-21358 (Windows Core Messaging Elevation of Privileges Vulnerability)
+ TODO: check
+CVE-2025-21352 (Internet Connection Sharing (ICS) Denial of Service Vulnerability)
+ TODO: check
+CVE-2025-21351 (Windows Active Directory Domain Services API Denial of Service Vulnera ...)
+ TODO: check
+CVE-2025-21350 (Windows Kerberos Denial of Service Vulnerability)
+ TODO: check
+CVE-2025-21349 (Windows Remote Desktop Configuration Service Tampering Vulnerability)
+ TODO: check
+CVE-2025-21347 (Windows Deployment Services Denial of Service Vulnerability)
+ TODO: check
+CVE-2025-21337 (Windows NTFS Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2025-21322 (Microsoft PC Manager Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2025-21259 (Microsoft Outlook Spoofing Vulnerability)
+ TODO: check
+CVE-2025-21254 (Internet Connection Sharing (ICS) Denial of Service Vulnerability)
+ TODO: check
+CVE-2025-21216 (Internet Connection Sharing (ICS) Denial of Service Vulnerability)
+ TODO: check
+CVE-2025-21212 (Internet Connection Sharing (ICS) Denial of Service Vulnerability)
+ TODO: check
+CVE-2025-21208 (Windows Routing and Remote Access Service (RRAS) Remote Code Execution ...)
+ TODO: check
+CVE-2025-21206 (Visual Studio Installer Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2025-21201 (Windows Telephony Server Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2025-21200 (Windows Telephony Service Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2025-21198 (Microsoft High Performance Compute (HPC) Pack Remote Code Execution Vu ...)
+ TODO: check
+CVE-2025-21194 (Microsoft Surface Security Feature Bypass Vulnerability)
+ TODO: check
+CVE-2025-21190 (Windows Telephony Service Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2025-21188 (Azure Network Watcher VM Extension Elevation of Privilege Vulnerabilit ...)
+ TODO: check
+CVE-2025-21184 (Windows Core Messaging Elevation of Privileges Vulnerability)
+ TODO: check
+CVE-2025-21183 (Windows Resilient File System (ReFS) Deduplication Service Elevation o ...)
+ TODO: check
+CVE-2025-21182 (Windows Resilient File System (ReFS) Deduplication Service Elevation o ...)
+ TODO: check
+CVE-2025-21181 (Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability)
+ TODO: check
+CVE-2025-21179 (DHCP Client Service Denial of Service Vulnerability)
+ TODO: check
+CVE-2025-21163 (Illustrator versions 29.1, 28.7.3 and earlier are affected by a Stack- ...)
+ TODO: check
+CVE-2025-21162 (Photoshop Elements versions 2025.0 and earlier are affected by a Creat ...)
+ TODO: check
+CVE-2025-21161 (Substance3D - Designer versions 14.0.2 and earlier are affected by an ...)
+ TODO: check
+CVE-2025-21160 (Illustrator versions 29.1, 28.7.3 and earlier are affected by an Integ ...)
+ TODO: check
+CVE-2025-21159 (Illustrator versions 29.1, 28.7.3 and earlier are affected by a Use Af ...)
+ TODO: check
+CVE-2025-21158 (InDesign Desktop versions ID20.0, ID19.5.1 and earlier are affected by ...)
+ TODO: check
+CVE-2025-21157 (InDesign Desktop versions ID20.0, ID19.5.1 and earlier are affected by ...)
+ TODO: check
+CVE-2025-21156 (InCopy versions 20.0, 19.5.1 and earlier are affected by an Integer Un ...)
+ TODO: check
+CVE-2025-21155 (Substance3D - Stager versions 3.1.0 and earlier are affected by a NULL ...)
+ TODO: check
+CVE-2025-21126 (InDesign Desktop versions ID20.0, ID19.5.1 and earlier are affected by ...)
+ TODO: check
+CVE-2025-21125 (InDesign Desktop versions ID20.0, ID19.5.1 and earlier are affected by ...)
+ TODO: check
+CVE-2025-21124 (InDesign Desktop versions ID20.0, ID19.5.1 and earlier are affected by ...)
+ TODO: check
+CVE-2025-21123 (InDesign Desktop versions ID20.0, ID19.5.1 and earlier are affected by ...)
+ TODO: check
+CVE-2025-21121 (InDesign Desktop versions ID20.0, ID19.5.1 and earlier are affected by ...)
+ TODO: check
+CVE-2025-1231 (Improper password reset in PAM Module in Devolutions Server 2024.3.10. ...)
+ TODO: check
+CVE-2025-1182 (A vulnerability, which was classified as critical, was found in GNU Bi ...)
+ TODO: check
+CVE-2025-1126 (A Reliance on Untrusted Inputs in a Security Decision vulnerability ha ...)
+ TODO: check
+CVE-2025-1052 (Mintty Sixel Image Parsing Heap-based Buffer Overflow Remote Code Exec ...)
+ TODO: check
+CVE-2025-1044 (Logsign Unified SecOps Platform Authentication Bypass Vulnerability. T ...)
+ TODO: check
+CVE-2025-0911 (PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Dis ...)
+ TODO: check
+CVE-2025-0910 (PDF-XChange Editor U3D File Parsing Out-Of-Bounds Write Remote Code Ex ...)
+ TODO: check
+CVE-2025-0909 (PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Dis ...)
+ TODO: check
+CVE-2025-0908 (PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Dis ...)
+ TODO: check
+CVE-2025-0907 (PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Dis ...)
+ TODO: check
+CVE-2025-0906 (PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Dis ...)
+ TODO: check
+CVE-2025-0905 (PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Dis ...)
+ TODO: check
+CVE-2025-0904 (PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Dis ...)
+ TODO: check
+CVE-2025-0903 (PDF-XChange Editor RTF File Parsing Heap-based Buffer Overflow Remote ...)
+ TODO: check
+CVE-2025-0902 (PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Dis ...)
+ TODO: check
+CVE-2025-0901 (PDF-XChange Editor Doc Object Out-Of-Bounds Read Remote Code Execution ...)
+ TODO: check
+CVE-2025-0899 (PDF-XChange Editor AcroForm Use-After-Free Remote Code Execution Vulne ...)
+ TODO: check
+CVE-2025-0862 (The SuperSaaS \u2013 online appointment scheduling plugin for WordPres ...)
+ TODO: check
+CVE-2025-0589 (In affected versions of Octopus Deploy where customers are using Activ ...)
+ TODO: check
+CVE-2025-0588 (In affected versions of Octopus Server it was possible for a user with ...)
+ TODO: check
+CVE-2025-0526 (In affected versions of Octopus Deploy it was possible to upload files ...)
+ TODO: check
+CVE-2025-0525 (In affected versions of Octopus Server the preview import feature coul ...)
+ TODO: check
+CVE-2025-0513 (In affected versions of Octopus Server error messages were handled uns ...)
+ TODO: check
+CVE-2024-54090 (A vulnerability has been identified in APOGEE PXC Series (BACnet) (All ...)
+ TODO: check
+CVE-2024-54089 (A vulnerability has been identified in APOGEE PXC Series (BACnet) (All ...)
+ TODO: check
+CVE-2024-54015 (A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All v ...)
+ TODO: check
+CVE-2024-53977 (A vulnerability has been identified in ModelSim (All versions < V2025. ...)
+ TODO: check
+CVE-2024-53651 (A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All v ...)
+ TODO: check
+CVE-2024-53648 (A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All v ...)
+ TODO: check
+CVE-2024-52968 (An improper authentication in Fortinet FortiClientMac 7.0.11 through 7 ...)
+ TODO: check
+CVE-2024-52966 (An exposure of sensitive information to an unauthorized actor in Forti ...)
+ TODO: check
+CVE-2024-50569 (A improper neutralization of special elements used in an os command (' ...)
+ TODO: check
+CVE-2024-50567 (An improper neutralization of special elements used in an os command ( ...)
+ TODO: check
+CVE-2024-47908 (OS command injection in the admin web console of Ivanti CSA before ver ...)
+ TODO: check
+CVE-2024-45386 (A vulnerability has been identified in SIMATIC PCS neo V4.0 (All versi ...)
+ TODO: check
+CVE-2024-40591 (An incorrect privilege assignment vulnerability [CWE-266] in Fortinet ...)
+ TODO: check
+CVE-2024-40586 (AnImproper Access Control vulnerability [CWE-284] in FortiClient Windo ...)
+ TODO: check
+CVE-2024-40584 (An improper neutralization of special elements used in an OS command ( ...)
+ TODO: check
+CVE-2024-36508 (An improper limitation of a pathname to a restricted directory ('Path ...)
+ TODO: check
+CVE-2024-35279 (A stack-based buffer overflow [CWE-121] vulnerability in Fortinet Fort ...)
+ TODO: check
+CVE-2024-33659 (AMI APTIOV contains a vulnerability in BIOS where an attacker may caus ...)
+ TODO: check
+CVE-2024-33504 (A use of hard-coded cryptographic key to encrypt sensitive data vulner ...)
+ TODO: check
+CVE-2024-27781 (An improper neutralization of input during web page generation ('cross ...)
+ TODO: check
+CVE-2024-27780 (MultipleImproper Neutralization of Input During Web Page Generation (' ...)
+ TODO: check
+CVE-2024-23814 (A vulnerability has been identified in SCALANCE WAB762-1 (6GK5762-1AJ0 ...)
+ TODO: check
+CVE-2024-21966 (A DLL hijacking vulnerability in the AMD Ryzen\u2122 Master Utility c ...)
+ TODO: check
+CVE-2024-13843 (Cleartext storage of information in Ivanti Connect Secure before versi ...)
+ TODO: check
+CVE-2024-13842 (A hardcoded key in Ivanti Connect Secure before version 22.7R2.3 and I ...)
+ TODO: check
+CVE-2024-13830 (Reflected XSS in Ivanti Connect Secure before version 22.7R2.6 and Iva ...)
+ TODO: check
+CVE-2024-13813 (Insufficient permissions in Ivanti Secure Access Client before version ...)
+ TODO: check
+CVE-2024-13506 (The GeoDirectory \u2013 WP Business Directory Plugin and Classified Li ...)
+ TODO: check
+CVE-2024-12833 (Paessler PRTG Network Monitor SNMP Cross-Site Scripting Authentication ...)
+ TODO: check
+CVE-2024-12756 (An HTML Injection vulnerability in Avaya Spaces may have allowed discl ...)
+ TODO: check
+CVE-2024-12755 (A Cross-Site Scripting (XSS) vulnerability in Avaya Spaces may have al ...)
+ TODO: check
+CVE-2024-12551 (Tungsten Automation Power PDF JP2 File Parsing Out-Of-Bounds Read Remo ...)
+ TODO: check
+CVE-2024-12550 (Tungsten Automation Power PDF JP2 File Parsing Out-Of-Bounds Read Info ...)
+ TODO: check
+CVE-2024-12549 (Tungsten Automation Power PDF JP2 File Parsing Out-Of-Bounds Read Remo ...)
+ TODO: check
+CVE-2024-12548 (Tungsten Automation Power PDF JP2 File Parsing Use-After-Free Informat ...)
+ TODO: check
+CVE-2024-12547 (Tungsten Automation Power PDF JPF File Parsing Out-Of-Bounds Write Rem ...)
+ TODO: check
+CVE-2024-12366 (PandasAI uses an interactive prompt function that is vulnerable to pro ...)
+ TODO: check
+CVE-2024-12058 (External control of a file name in Ivanti Connect Secure before versio ...)
+ TODO: check
+CVE-2024-11771 (Path traversal in Ivanti CSA before version 5.0.5 allows a remote unau ...)
+ TODO: check
+CVE-2024-10644 (Code injection in Ivanti Connect Secure before version 22.7R2.4 and Iv ...)
+ TODO: check
+CVE-2023-40721 (A use of externally-controlled format string vulnerability [CWE-134] i ...)
+ TODO: check
+CVE-2023-37482 (The login functionality of the web server in affected devices does not ...)
+ TODO: check
+CVE-2023-31361 (A DLL hijacking vulnerability in AMD Integrated Management Technology ...)
+ TODO: check
+CVE-2023-31360 (Incorrect default permissions in the AMD Integrated Management Technol ...)
+ TODO: check
+CVE-2024-12797 (Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authent ...)
- openssl <unfixed> (bug #1095765)
[bookworm] - openssl <not-affected> (Vulnerable code not present)
[bullseye] - openssl <not-affected> (Vulnerable code not present)
@@ -2868,7 +3276,7 @@ CVE-2024-12705 (Clients using DNS-over-HTTPS (DoH) can exhaust a DNS resolver's
[bullseye] - bind9 <not-affected> (Vulnerable code introduced later: DNS-over-HTTP first implemented in 9.17.10)
NOTE: https://kb.isc.org/docs/cve-2024-12705
CVE-2024-11187 (It is possible to construct a zone such that some queries to it will g ...)
- {DSA-5854-1}
+ {DSA-5854-1 DLA-4050-1}
- bind9 1:9.20.5-1 (bug #1094735)
NOTE: https://kb.isc.org/docs/cve-2024-11187
CVE-2025-24826 (Local privilege escalation due to insecure folder permissions. The fol ...)
@@ -217225,8 +217633,8 @@ CVE-2022-35204 (Vitejs Vite before v2.9.13 was discovered to allow attackers to
NOT-FOR-US: Vitejs Vite
CVE-2022-35203 (An access control issue in TrendNet TV-IP572PI v1.0 allows unauthentic ...)
NOT-FOR-US: TrendNet TV-IP572PI
-CVE-2022-35202
- RESERVED
+CVE-2022-35202 (A security issue in Sitevision version 10.3.1 and older allows a remot ...)
+ TODO: check
CVE-2022-35201 (Tenda-AC18 V15.03.05.05 was discovered to contain a remote command exe ...)
NOT-FOR-US: Tenda
CVE-2022-35200
@@ -226717,7 +227125,7 @@ CVE-2022-31768 (IBM InfoSphere Information Server 11.7 is vulnerable to SQL inje
NOT-FOR-US: IBM
CVE-2022-31767 (IBM CICS TX Standard and Advanced 11.1 could allow a remote attacker t ...)
NOT-FOR-US: IBM
-CVE-2022-31766 (A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (Al ...)
+CVE-2022-31766 (A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6G ...)
NOT-FOR-US: Siemens
CVE-2022-31765 (Affected devices do not properly authorize the change password functio ...)
NOT-FOR-US: Siemens
@@ -424714,8 +425122,8 @@ CVE-2019-15004 (The Customer Context Filter in Atlassian Jira Service Desk Serve
NOT-FOR-US: Atlassian
CVE-2019-15003 (The Customer Context Filter in Atlassian Jira Service Desk Server and ...)
NOT-FOR-US: Atlassian
-CVE-2019-15002
- RESERVED
+CVE-2019-15002 (An exploitable CSRF vulnerability exists in Atlassian Jira, from versi ...)
+ TODO: check
CVE-2019-15001 (The Jira Importers Plugin in Atlassian Jira Server and Data Cente from ...)
NOT-FOR-US: Atlassian
CVE-2019-15000 (The commit diff rest endpoint in Bitbucket Server and Data Center befo ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1244c73a6f9de234d01cca34af96dfee23047eb0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1244c73a6f9de234d01cca34af96dfee23047eb0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250211/329ca843/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list