[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Feb 17 20:12:04 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7bacd96d by security tracker role at 2025-02-17T20:11:58+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,39 @@
+CVE-2025-26778 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-26775 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-26773 (Missing Authorization vulnerability in Adnan Analytify allows Exploiti ...)
+	TODO: check
+CVE-2025-26772 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-26771 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-26770 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-26769 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-26758 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
+	TODO: check
+CVE-2025-26754 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-23845 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-23840 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-21103 (Dell NetWorker Management Console, version(s) 19.11 through 19.11.0.3  ...)
+	TODO: check
+CVE-2025-1392 (A vulnerability has been found in D-Link DIR-816 1.01TO and classified ...)
+	TODO: check
+CVE-2025-1391 (A flaw was found in the Keycloak organization feature, which allows th ...)
+	TODO: check
+CVE-2025-0714 (The vulnerability existed in the password storage of Mobateks MobaXter ...)
+	TODO: check
+CVE-2025-0001 (Abacus ERP is versions older than 2024.210.16036, 2023.205.15833, 2022 ...)
+	TODO: check
+CVE-2024-13879 (The Stream plugin for WordPress is vulnerable to Server-Side Request F ...)
+	TODO: check
+CVE-2024-13837
+	REJECTED
 CVE-2025-26779 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-26768 (Cross-Site Request Forgery (CSRF) vulnerability in what3words what3wor ...)
@@ -2671,6 +2707,7 @@ CVE-2024-13492 (The Guten Free Options WordPress plugin through 0.9.5 does not s
 CVE-2024-13352 (The Legull WordPress plugin through 1.2.2 does not sanitise and escape ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-12243 (A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data pr ...)
+	{DSA-5867-1}
 	[experimental] - gnutls28 3.8.9-1
 	- gnutls28 3.8.9-2
 	NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-02-07
@@ -5130,6 +5167,7 @@ CVE-2024-45340 (Credentials provided via the new GOAUTH feature were not being p
 	NOTE: Fixed by: https://github.com/golang/go/commit/8336dfde7096ff75c1ff256cb3079863cefac33a (go1.24rc2)
 	NOTE: Introduced after: https://github.com/golang/go/commit/8194d735cff90871b1ea5c92e83ddd50abdd4185 (go1.24rc1)
 CVE-2024-45339 (When logs are written to a widely-writable directory (the default), an ...)
+	{DLA-4056-1}
 	- golang-glog 1.2.4-1 (bug #1094733)
 	NOTE: Fixed by: https://github.com/golang/glog/commit/a0e3c40a0ed0cecc58c84e7684d9ce55a54044ee (v1.2.4)
 	NOTE: Complete fix: https://github.com/golang/glog/pull/74
@@ -6740,7 +6778,7 @@ CVE-2024-52948 [CSRF on 2FA registration]
 	NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/dfe9ddc40de982a33fbff42a143ccd1b786de775
 	NOTE: Backports for 2.20 (in v2.20.2): https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/merge_requests/638
 	NOTE: Backports for 2.16 (in v2.16.4): https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/merge_requests/644
-CVE-2025-0509 (A security issue was found in Sparkle before version 2.64. An attacker ...)
+CVE-2025-0509 (A security issue was found in Sparkle before version 2.6.4. An attacke ...)
 	- openjdk-8 <not-affected> (Specific to MacOS packaging of Oracle Java)
 CVE-2025-23237 (Improper neutralization of special elements used in an OS command ('OS ...)
 	NOT-FOR-US: UD-LT2 firmware
@@ -305222,7 +305260,7 @@ CVE-2021-30371
 CVE-2021-30370
 	RESERVED
 CVE-2021-30369
-	RESERVED
+	REJECTED
 CVE-2021-30368
 	RESERVED
 CVE-2021-30367



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7bacd96dd103e3fba94a442b20f50b7a8702603e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7bacd96dd103e3fba94a442b20f50b7a8702603e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250217/6ec40270/attachment.htm>

More information about the debian-security-tracker-commits mailing list