[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Feb 18 20:12:20 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5e2d6a5a by security tracker role at 2025-02-18T20:12:14+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,117 @@
+CVE-2025-27016 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-27013 (Missing Authorization vulnerability in EPC MediCenter - Health Medical ...)
+ TODO: check
+CVE-2025-26623 (Exiv2 is a C++ library and a command-line utility to read, write, dele ...)
+ TODO: check
+CVE-2025-26620 (Duende.AccessTokenManagement is a set of .NET libraries that manage OA ...)
+ TODO: check
+CVE-2025-26604 (Discord-Bot-Framework-Kernel is a Discord bot framework built with int ...)
+ TODO: check
+CVE-2025-26603 (Vim is a greatly improved version of the good old UNIX editor Vi. Vim ...)
+ TODO: check
+CVE-2025-26058 (Webkul QloApps v1.6.1 exposes authentication tokens in URLs during red ...)
+ TODO: check
+CVE-2025-25305 (Home Assistant Core is an open source home automation that puts local ...)
+ TODO: check
+CVE-2025-25300 (smartbanner.js is a customizable smart app banner for iOS and Android. ...)
+ TODO: check
+CVE-2025-25284 (The ZOO-Project is an open source processing platform, released under ...)
+ TODO: check
+CVE-2025-24895 (CIE.AspNetCore.Authentication is an AspNetCore Remote Authenticator fo ...)
+ TODO: check
+CVE-2025-24894 (SPID.AspNetCore.Authentication is an AspNetCore Remote Authenticator f ...)
+ TODO: check
+CVE-2025-22663 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2025-22657 (Missing Authorization vulnerability in Vito Peleg Atarim allows Exploi ...)
+ TODO: check
+CVE-2025-22656 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-22654 (Unrestricted Upload of File with Dangerous Type vulnerability in kodes ...)
+ TODO: check
+CVE-2025-22650 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22645 (Improper Restriction of Excessive Authentication Attempts vulnerabilit ...)
+ TODO: check
+CVE-2025-22639 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-22207 (Improperly built order clauses lead to a SQL injection vulnerability i ...)
+ TODO: check
+CVE-2025-21608 (Meshtastic is an open source mesh networking solution. In affected fir ...)
+ TODO: check
+CVE-2025-1414 (Memory safety bugs present in Firefox 135. Some of these bugs showed e ...)
+ TODO: check
+CVE-2025-1269 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in H ...)
+ TODO: check
+CVE-2025-1035 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2025-1023 (A vulnerability exists in ChurchCRM5.13.0 and priorthat allows an atta ...)
+ TODO: check
+CVE-2025-0981 (A vulnerability exists in ChurchCRM5.13.0 and prior that allows an att ...)
+ TODO: check
+CVE-2025-0817 (The FormCraft plugin for WordPress is vulnerable to Stored Cross-Site ...)
+ TODO: check
+CVE-2025-0521 (The Post SMTP plugin for WordPress is vulnerable to Stored Cross-Site ...)
+ TODO: check
+CVE-2024-57056 (Incorrect cookie session handling in WombatDialer before 25.02 results ...)
+ TODO: check
+CVE-2024-57055 (Server-Side Access Control Bypass vulnerability in WombatDialer before ...)
+ TODO: check
+CVE-2024-57050 (A vulnerability in the TP-Link WR840N v6 router with firmware version ...)
+ TODO: check
+CVE-2024-57049 (A vulnerability in the TP-Link Archer c20 router with firmware version ...)
+ TODO: check
+CVE-2024-57046 (A vulnerability in the Netgear DGN2200 router with firmware version v1 ...)
+ TODO: check
+CVE-2024-57045 (A vulnerability in the D-Link DIR-859 router with firmware version A3 ...)
+ TODO: check
+CVE-2024-56883 (Sage DPW before 2024_12_001 is vulnerable to Incorrect Access Control. ...)
+ TODO: check
+CVE-2024-56882 (Sage DPW before 2024_12_000 is vulnerable to Cross Site Scripting (XSS ...)
+ TODO: check
+CVE-2024-56000 (Incorrect Privilege Assignment vulnerability in NotFound K Elements al ...)
+ TODO: check
+CVE-2024-55460 (A time-based SQL injection vulnerability in the login page of BoardRoo ...)
+ TODO: check
+CVE-2024-51505 (An issue was discovered in Atos Eviden IDRA before 2.7.1. A highly tru ...)
+ TODO: check
+CVE-2024-50609 (An issue was discovered in Fluent Bit 3.1.9. When the OpenTelemetry in ...)
+ TODO: check
+CVE-2024-50608 (An issue was discovered in Fluent Bit 3.1.9. When the Prometheus Remot ...)
+ TODO: check
+CVE-2024-4028 (A vulnerability was found in Keycloak. This issue may allow a privileg ...)
+ TODO: check
+CVE-2024-49589 (Foundry Artifacts was found to be vulnerable to a Denial Of Service at ...)
+ TODO: check
+CVE-2024-39328 (Insecure Permissions in Atos Eviden IDRA and IDCA before 2.7.0. A high ...)
+ TODO: check
+CVE-2024-39327 (Incorrect Access Control vulnerability in Atos Eviden IDRA before 2.6. ...)
+ TODO: check
+CVE-2024-13797 (The PressMart - Modern Elementor WooCommerce WordPress Theme theme for ...)
+ TODO: check
+CVE-2024-13783 (The FormCraft plugin for WordPress is vulnerable to unauthorized acces ...)
+ TODO: check
+CVE-2024-13718 (The Flexible Wishlist for WooCommerce \u2013 Ecommerce Wishlist & Save ...)
+ TODO: check
+CVE-2024-13691 (The Uncode theme for WordPress is vulnerable to arbitrary file read du ...)
+ TODO: check
+CVE-2024-13689 (The Uncode Core plugin for WordPress is vulnerable to arbitrary shortc ...)
+ TODO: check
+CVE-2024-13681 (The Uncode theme for WordPress is vulnerable to arbitrary file read du ...)
+ TODO: check
+CVE-2024-13667 (The Uncode theme for WordPress is vulnerable to Stored Cross-Site Scri ...)
+ TODO: check
+CVE-2024-13636 (The Brooklyn theme for WordPress is vulnerable to PHP Object Injection ...)
+ TODO: check
+CVE-2024-13395 (The Threepress plugin for WordPress is vulnerable to Stored Cross-Site ...)
+ TODO: check
+CVE-2024-13369 (The Tour Master - Tour Booking, Travel, Hotel plugin for WordPress is ...)
+ TODO: check
+CVE-2024-13316 (The Scratch & Win \u2013 Giveaways and Contests. Boost subscribers, tr ...)
+ TODO: check
+CVE-2024-12860 (The CarSpot \u2013 Dealership Wordpress Classified Theme theme for Wor ...)
+ TODO: check
CVE-2025-1125 [fs/hfs: Interger overflow may lead to heap based out-of-bounds write]
- grub2 <unfixed>
NOTE: https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
@@ -38,11 +152,11 @@ CVE-2025-0624 [net: Out-of-bounds write in grub_net_search_config_file()]
- grub2 <unfixed>
NOTE: https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
-CVE-2025-0622 [command/gpg: Use-after-free due to hooks not being removed on module unload]
+CVE-2025-0622 (A flaw was found in command/gpg. In some scenarios, hooks created by l ...)
- grub2 <unfixed>
NOTE: https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
-CVE-2024-45783 [fs/hfs+: refcount can be decremented twice]
+CVE-2024-45783 (A flaw was found in grub2. When failing to mount an HFS+ grub, the hfs ...)
- grub2 <unfixed>
NOTE: https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
@@ -50,7 +164,7 @@ CVE-2024-45782 [fs/hfs: strcpy() using the volume name (fs/hfs.c:382)]
- grub2 <unfixed>
NOTE: https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
-CVE-2024-45781 [fs/ufs: OOB write in the heap]
+CVE-2024-45781 (A flaw was found in grub2. When reading a symbolic link's name from a ...)
- grub2 <unfixed>
NOTE: https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
@@ -70,15 +184,15 @@ CVE-2024-45777 [grub-core/gettext: Integer overflow leads to Heap OOB Write]
- grub2 <unfixed>
NOTE: https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
-CVE-2024-45776 [grub-core/gettext: Integer overflow leads to Heap OOB Write and Read]
+CVE-2024-45776 (When reading the language .mo file in grub_mofile_open(), grub2 fails ...)
- grub2 <unfixed>
NOTE: https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
-CVE-2024-45775 [commands/extcmd: Missing check for failed allocation]
+CVE-2024-45775 (A flaw was found in grub2 where the grub_extcmd_dispatcher() function ...)
- grub2 <unfixed>
NOTE: https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
-CVE-2024-45774 [reader/jpeg: Heap OOB Write during JPEG parsing]
+CVE-2024-45774 (A flaw was found in grub2. A specially crafted JPEG file can cause the ...)
- grub2 <unfixed>
NOTE: https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
@@ -94,10 +208,10 @@ CVE-2024-56171 [Use-after-free in xmlSchemaIDCFillNodeTables]
- libxml2 <unfixed>
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/828
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/2
-CVE-2025-21703 [netem: Update sch->q.qlen before qdisc_tree_reduce_backlog()]
+CVE-2025-21703 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.12.15-1
NOTE: https://git.kernel.org/linus/638ba5089324796c2ee49af10427459c2de35f71 (6.14-rc2)
-CVE-2025-21702 [pfifo_tail_enqueue: Drop new packet when sch->limit == 0]
+CVE-2025-21702 (In the Linux kernel, the following vulnerability has been resolved: p ...)
- linux 6.12.15-1
NOTE: https://git.kernel.org/linus/647cef20e649c576dff271e018d5d15d998b629d (6.14-rc2)
CVE-2025-26842 [znuny: Information disclosure of S/MIME encrypted emails]
@@ -128,7 +242,8 @@ CVE-2025-26466 [Denial of Service: asymmetric resource consumption of memory and
NOTE: https://www.qualys.com/2025/02/18/openssh-mitm-dos.txt
NOTE: Introduced with: https://github.com/openssh/openssh-portable/commit/dce6d80d2ed3cad2c516082682d5f6ca877ef714 (V_9_5_P1)
NOTE: Fixed by: https://github.com/openssh/openssh-portable/commit/6ce00f0c2ecbb9f75023dbe627ee6460bcec78c2 (V_9_9_P1)
-CVE-2025-26465 [MitM]
+CVE-2025-26465 (A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option ...)
+ {DSA-5868-1 DLA-4057-1}
- openssh 1:9.9p2-1
NOTE: https://www.openssh.com/releasenotes.html#9.9p2
NOTE: https://www.qualys.com/2025/02/18/openssh-mitm-dos.txt
@@ -2927,7 +3042,7 @@ CVE-2024-35106 (NEXTU FLETA AX1500 WIFI6 v1.0.3 was discovered to contain a buff
CVE-2024-10383 (An issue has been discovered in the gitlab-web-ide-vscode-fork compone ...)
NOT-FOR-US: gitlab-web-ide-vscode-fork
CVE-2025-24032 (PAM-PKCS#11 is a Linux-PAM login module that allows a X.509 certificat ...)
- {DSA-5864-1}
+ {DSA-5864-1 DLA-4058-1}
- pam-pkcs11 0.6.13-1
NOTE: https://github.com/OpenSC/pam_pkcs11/commit/b665b287ff955bbbd9539252ff9f9e2754c3fb48 (pam_pkcs11-0.6.13)
NOTE: https://github.com/OpenSC/pam_pkcs11/commit/d9530167966a77115db6e885d459382a2e52ee9e (pam_pkcs11-0.6.13)
@@ -202374,8 +202489,8 @@ CVE-2022-41547 (Mobile Security Framework (MobSF) v0.9.2 and below was discovere
NOT-FOR-US: Mobile Security Framework
CVE-2022-41546
RESERVED
-CVE-2022-41545
- RESERVED
+CVE-2022-41545 (The administrative web interface of a Netgear C7800 Router running fir ...)
+ TODO: check
CVE-2022-41544 (GetSimple CMS v3.3.16 was discovered to contain a remote code executio ...)
NOT-FOR-US: GetSimple CMS
CVE-2022-41543
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5e2d6a5ae0093ca13257591664d30e0740179eb1
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5e2d6a5ae0093ca13257591664d30e0740179eb1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250218/74f32282/attachment.htm>
More information about the debian-security-tracker-commits
mailing list