[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Feb 12 08:12:39 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7d8d9cb1 by security tracker role at 2025-02-12T08:12:30+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,121 @@
+CVE-2025-25203 (CtrlPanel is open-source billing software for hosting providers. Prior ...)
+ TODO: check
+CVE-2025-23359 (NVIDIA Container Toolkit for Linux contains a Time-of-Check Time-of-Us ...)
+ TODO: check
+CVE-2025-1243 (The Temporal api-go library prior to version 1.44.1 did not send `upda ...)
+ TODO: check
+CVE-2025-1240 (WinZip 7Z File Parsing Out-Of-Bounds Write Remote Code Execution Vulne ...)
+ TODO: check
+CVE-2025-1186 (A vulnerability was found in dayrui XunRuiCMS up to 4.6.4. It has been ...)
+ TODO: check
+CVE-2025-1185 (A vulnerability was found in pihome-shc PiHome 2.0. It has been classi ...)
+ TODO: check
+CVE-2025-1184 (A vulnerability was found in pihome-shc PiHome 1.77 and classified as ...)
+ TODO: check
+CVE-2025-1183 (A vulnerability has been found in CodeZips Gym Management System 1.0 a ...)
+ TODO: check
+CVE-2025-0989
+ REJECTED
+CVE-2025-0808 (The Houzez Property Feed plugin for WordPress is vulnerable to Cross-S ...)
+ TODO: check
+CVE-2024-57777 (Directory Traversal vulnerability in Ianproxy v.0.1 and before allows ...)
+ TODO: check
+CVE-2024-57241 (Dedecms 5.71sp1 and earlier is vulnerable to URL redirect. In the web ...)
+ TODO: check
+CVE-2024-57000 (An issue in Anyscale Inc Ray between v.2.9.3 and v.2.40.0 allows a rem ...)
+ TODO: check
+CVE-2024-55212 (DNNGo xBlog v6.5.0 was discovered to contain a SQL injection vulnerabi ...)
+ TODO: check
+CVE-2024-54916 (An issue in the SharedConfig class of Telegram Android APK v.11.7.0 al ...)
+ TODO: check
+CVE-2024-54772 (An issue was discovered in the Winbox service of MikroTik RouterOS v6. ...)
+ TODO: check
+CVE-2024-53880 (NVIDIA Triton Inference Server contains a vulnerability in the model l ...)
+ TODO: check
+CVE-2024-51324 (An issue in the BdApiUtil driver of Baidu Antivirus v5.2.3.116083 allo ...)
+ TODO: check
+CVE-2024-44336 (An issue in AnkiDroid Android Application v2.17.6 allows attackers to ...)
+ TODO: check
+CVE-2024-33469 (An issue in Team Amaze Amaze File Manager v.3.8.5 and fixed in v.3.10 ...)
+ TODO: check
+CVE-2024-32037 (GeoNetwork is a catalog application to manage spatially referenced res ...)
+ TODO: check
+CVE-2024-29172 (Dell BSAFE SSL-J contains a deadlock vulnerability. A remote attacker ...)
+ TODO: check
+CVE-2024-29171 (Dell BSAFE SSL-J contains an Improper certificate verification vulnera ...)
+ TODO: check
+CVE-2024-21971 (Improper input validation in AMD Crash Defender could allow an attacke ...)
+ TODO: check
+CVE-2024-21925 (Improper input validation within the AmdPspP2CmboxV2 driver may allow ...)
+ TODO: check
+CVE-2024-21924 (SMM callout vulnerability within the AmdPlatformRasSspSmm driver could ...)
+ TODO: check
+CVE-2024-13821 (The WP Booking Calendar plugin for WordPress is vulnerable to Unauthen ...)
+ TODO: check
+CVE-2024-13800 (The ConvertPlus plugin for WordPress is vulnerable to unauthorized mod ...)
+ TODO: check
+CVE-2024-13794 (The WP Ghost (Hide My WP Ghost) \u2013 Security & Firewall plugin for ...)
+ TODO: check
+CVE-2024-13769 (The Puzzles | WP Magazine / Review with Store WordPress Theme + RTL th ...)
+ TODO: check
+CVE-2024-13749 (The StaffList plugin for WordPress is vulnerable to Cross-Site Request ...)
+ TODO: check
+CVE-2024-13714 (The All-Images.ai \u2013 IA Image Bank and Custom Image creation plugi ...)
+ TODO: check
+CVE-2024-13701 (The Liveticker (by stklcode) plugin for WordPress is vulnerable to Sto ...)
+ TODO: check
+CVE-2024-13665 (The Admire Extra plugin for WordPress is vulnerable to Stored Cross-Si ...)
+ TODO: check
+CVE-2024-13658 (The NGG Smart Image Search plugin for WordPress is vulnerable to Store ...)
+ TODO: check
+CVE-2024-13656 (The Click Mag - Viral WordPress News Magazine/Blog Theme theme for Wor ...)
+ TODO: check
+CVE-2024-13654 (The ZoxPress - The All-In-One WordPress News Theme theme for WordPress ...)
+ TODO: check
+CVE-2024-13653 (The ZoxPress - The All-In-One WordPress News Theme theme for WordPress ...)
+ TODO: check
+CVE-2024-13601 (The Majestic Support \u2013 The Leading-Edge Help Desk & Customer Supp ...)
+ TODO: check
+CVE-2024-13600 (The Majestic Support \u2013 The Leading-Edge Help Desk & Customer Supp ...)
+ TODO: check
+CVE-2024-13554 (The The Ultimate WordPress Toolkit \u2013 WP Extended plugin for WordP ...)
+ TODO: check
+CVE-2024-13541 (The aDirectory \u2013 WordPress Directory Listing Plugin plugin for Wo ...)
+ TODO: check
+CVE-2024-13539 (The AForms Eats plugin for WordPress is vulnerable to Full Path Disclo ...)
+ TODO: check
+CVE-2024-13421 (The Real Estate 7 WordPress theme for WordPress is vulnerable to Privi ...)
+ TODO: check
+CVE-2024-13374 (The WP Table Manager plugin for WordPress is vulnerable to unauthorize ...)
+ TODO: check
+CVE-2024-12164 (The WPSyncSheets Lite For WPForms \u2013 WPForms Google Spreadsheet Ad ...)
+ TODO: check
+CVE-2024-11746 (The Discover the Best Woocommerce Product Brands Plugin for WordPress ...)
+ TODO: check
+CVE-2024-0179 (SMM Callout vulnerability within the AmdCpmDisplayFeatureSMM driver co ...)
+ TODO: check
+CVE-2024-0145 (NVIDIA nvJPEG2000 library contains a vulnerability where an attacker c ...)
+ TODO: check
+CVE-2024-0144 (NVIDIA nvJPEG2000 library contains a vulnerability where an attacker c ...)
+ TODO: check
+CVE-2024-0143 (NVIDIA nvJPEG2000 library contains a vulnerability where an attacker c ...)
+ TODO: check
+CVE-2024-0142 (NVIDIA nvJPEG2000 library contains a vulnerability where an attacker c ...)
+ TODO: check
+CVE-2024-0112 (NVIDIA Jetson AGX Orin\u2122 and NVIDIA IGX Orin software contain a vu ...)
+ TODO: check
+CVE-2023-49780 (Cross-site scripting vulnerability exists in acmailer CGI ver.4.0.5 an ...)
+ TODO: check
+CVE-2023-31352 (A bug in the SEV firmware may allow an attacker with privileges to rea ...)
+ TODO: check
+CVE-2023-31345 (Improper input validation in the SMM handler may allow a privileged at ...)
+ TODO: check
+CVE-2023-31343 (Improper input validation in the SMM handler may allow a privileged at ...)
+ TODO: check
+CVE-2023-31342 (Improper input validation in the SMM handler may allow a privileged at ...)
+ TODO: check
+CVE-2023-31331 (Improper access control in the DRTM firmware could allow a privileged ...)
+ TODO: check
CVE-2025-26495 (Cleartext Storage of Sensitive Information vulnerability in Salesforce ...)
NOT-FOR-US: Salesforce Tableau Server
CVE-2025-26494 (Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau ...)
@@ -2448,7 +2566,7 @@ CVE-2024-57434 (macrozheng mall-tiny 1.0.1 is vulnerable to Incorrect Access Con
NOT-FOR-US: macrozheng mall-tiny
CVE-2024-57433 (macrozheng mall-tiny 1.0.1 is vulnerable to Incorrect Access Control v ...)
NOT-FOR-US: macrozheng mall-tiny
-CVE-2024-55062 (EasyVirt DCScope 8.6.0 and earlier and co2Scope 1.3.0 and earlier are ...)
+CVE-2024-55062 (Code Injection vulnerability in EasyVirt DCScope <= 8.6.0 and CO2Scope ...)
NOT-FOR-US: EasyVirt DCScope
CVE-2024-53357 (Multiple SQL injection vulnerabilities in EasyVirt DCScope <= 8.6.0 an ...)
NOT-FOR-US: EasyVirt DCScope
@@ -3938,7 +4056,7 @@ CVE-2024-55228 (A cross-site scripting (XSS) vulnerability in the Product module
- dolibarr <removed>
CVE-2024-55227 (A cross-site scripting (XSS) vulnerability in the Events/Agenda module ...)
- dolibarr <removed>
-CVE-2025-26520 [Incomplete fix for CVE-2024-54146]
+CVE-2025-26520 (Cacti through 1.2.29 allows SQL injection in the template function in ...)
- cacti <unfixed> (bug #1095721)
[bookworm] - cacti <not-affected> (Vulnerable code introduced later)
[bullseye] - cacti <not-affected> (Vulnerable code introduced later)
@@ -192308,10 +192426,10 @@ CVE-2023-20584 (IOMMU improperly handles certain special address ranges with inv
NOTE: https://lore.kernel.org/all/20240820182655.42311-1-john.allen@amd.com/
CVE-2023-20583 (A potential power side-channel vulnerability in AMD processors may all ...)
NOT-FOR-US: AMD
-CVE-2023-20582
- RESERVED
-CVE-2023-20581
- RESERVED
+CVE-2023-20582 (Improper handling of invalid nested page table entries in the IOMMU ma ...)
+ TODO: check
+CVE-2023-20581 (Improper access control in the IOMMU may allow a privileged attacker t ...)
+ TODO: check
CVE-2023-20580
RESERVED
CVE-2023-20579 (Improper Access Control in the AMD SPI protection feature may allow a ...)
@@ -192463,8 +192581,8 @@ CVE-2023-20517
RESERVED
CVE-2023-20516
RESERVED
-CVE-2023-20515
- RESERVED
+CVE-2023-20515 (Improper access control in the fTPM driver in the trusted OS could all ...)
+ TODO: check
CVE-2023-20514
RESERVED
CVE-2023-20513 (An insufficient bounds check in PMFW (Power Management Firmware) may a ...)
@@ -192477,10 +192595,10 @@ CVE-2023-20510 (An insufficient DRAM address validation in PMFW may allow a priv
NOT-FOR-US: AMD
CVE-2023-20509 (An insufficient DRAM address validation in PMFW may allow a privileged ...)
NOT-FOR-US: AMD
-CVE-2023-20508
- RESERVED
-CVE-2023-20507
- RESERVED
+CVE-2023-20508 (Improper access control in the ASP could allow a privileged attacker t ...)
+ TODO: check
+CVE-2023-20507 (An integer overflow in the ASP could allow a privileged attacker to pe ...)
+ TODO: check
CVE-2023-20506
RESERVED
CVE-2023-20505
@@ -203193,8 +203311,8 @@ CVE-2022-40502 (Transient DOS due to improper input validation in WLAN Host.)
NOT-FOR-US: Snapdragon
CVE-2022-3181 (An Improper Input Validation vulnerability exists in Trihedral VTScada ...)
NOT-FOR-US: Trihedral VTScada
-CVE-2022-3180
- RESERVED
+CVE-2022-3180 (The WPGateway Plugin for WordPress is vulnerable to privilege escalati ...)
+ TODO: check
CVE-2022-3179 (Weak Password Requirements in GitHub repository ikus060/rdiffweb prior ...)
- rdiffweb <itp> (bug #969974)
CVE-2022-3178 (Buffer Over-read in GitHub repository gpac/gpac prior to 2.1.0-DEV.)
@@ -210976,8 +211094,8 @@ CVE-2022-37662
RESERVED
CVE-2022-37661 (SmartRG SR506n 2.5.15 and SR510n 2.6.13 routers are vulnerable to Remo ...)
NOT-FOR-US: SmartRG
-CVE-2022-37660
- RESERVED
+CVE-2022-37660 (In hostapd 2.10 and earlier, the PKEX code remains active even after a ...)
+ TODO: check
CVE-2022-37659
RESERVED
CVE-2022-37658
@@ -404169,8 +404287,8 @@ CVE-2020-3434 (A vulnerability in the interprocess communication (IPC) channel o
NOT-FOR-US: Cisco
CVE-2020-3433 (A vulnerability in the interprocess communication (IPC) channel of Cis ...)
NOT-FOR-US: Cisco
-CVE-2020-3432
- RESERVED
+CVE-2020-3432 (A vulnerability in the uninstaller component of Cisco AnyConnect Secur ...)
+ TODO: check
CVE-2020-3431 (A vulnerability in the web-based management interface of Cisco Sm ...)
NOT-FOR-US: Cisco
CVE-2020-3430 (A vulnerability in the application protocol handling features of Cisco ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d8d9cb1cdd778bbfd2d62f6a11548a0a1ebb4a0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d8d9cb1cdd778bbfd2d62f6a11548a0a1ebb4a0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250212/0ace11ad/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list