[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jan 7 20:12:16 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
005f3b93 by security tracker role at 2025-01-07T20:12:10+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,48 +1,492 @@
-CVE-2025-0247
+CVE-2025-22621 (In versions 1.0.67 and lower of the Splunk App for SOAR, the Splunk do ...)
+ TODO: check
+CVE-2025-22593 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22592 (Missing Authorization vulnerability in Lenderd 1003 Mortgage Applicati ...)
+ TODO: check
+CVE-2025-22591 (Missing Authorization vulnerability in Lenderd 1003 Mortgage Applicati ...)
+ TODO: check
+CVE-2025-22590 (Cross-Site Request Forgery (CSRF) vulnerability in mmrs151 Prayer Time ...)
+ TODO: check
+CVE-2025-22589 (Cross-Site Request Forgery (CSRF) vulnerability in bozdoz Quote Tweet ...)
+ TODO: check
+CVE-2025-22585 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22584 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22582 (Cross-Site Request Forgery (CSRF) vulnerability in Scott Nell\xe9 Upti ...)
+ TODO: check
+CVE-2025-22581 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22580 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22579 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22578 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22577 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22574 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22573 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22572 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22571 (Cross-Site Request Forgery (CSRF) vulnerability in Instabot Instabot a ...)
+ TODO: check
+CVE-2025-22563 (Cross-Site Request Forgery (CSRF) vulnerability in Faaiq Pretty Url al ...)
+ TODO: check
+CVE-2025-22562 (Cross-Site Request Forgery (CSRF) vulnerability in Jason Funk Title Ex ...)
+ TODO: check
+CVE-2025-22560 (Missing Authorization vulnerability in Saoshyant.1994 Saoshyant Page B ...)
+ TODO: check
+CVE-2025-22559 (Cross-Site Request Forgery (CSRF) vulnerability in Mario Mansour and G ...)
+ TODO: check
+CVE-2025-22558 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22557 (Cross-Site Request Forgery (CSRF) vulnerability in WPMagic News Publis ...)
+ TODO: check
+CVE-2025-22556 (Cross-Site Request Forgery (CSRF) vulnerability in Greg Whitehead Nors ...)
+ TODO: check
+CVE-2025-22555 (Cross-Site Request Forgery (CSRF) vulnerability in Noel Jarencio. Smoo ...)
+ TODO: check
+CVE-2025-22554 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22552 (Cross-Site Request Forgery (CSRF) vulnerability in Jason Keeley, Bryan ...)
+ TODO: check
+CVE-2025-22551 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22550 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22549 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22548 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22547 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22546 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22545 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22544 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22543 (Missing Authorization vulnerability in Beautiful Templates ST Gallery ...)
+ TODO: check
+CVE-2025-22541 (Missing Authorization vulnerability in Etruel Developments LLC WP Dele ...)
+ TODO: check
+CVE-2025-22538 (Cross-Site Request Forgery (CSRF) vulnerability in Ofek Nakar Virtual ...)
+ TODO: check
+CVE-2025-22536 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-22534 (Missing Authorization vulnerability in Ella van Durpe Slides & Present ...)
+ TODO: check
+CVE-2025-22533 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-22532 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22531 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22530 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22529 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22528 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22525 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22524 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22522 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22520 (Cross-Site Request Forgery (CSRF) vulnerability in Tock Tock Widget al ...)
+ TODO: check
+CVE-2025-22519 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-22518 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22517 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22516 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22515 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22512 (Missing Authorization vulnerability in Sprout Apps Help Scout allows E ...)
+ TODO: check
+CVE-2025-22511 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22507 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-22503 (Cross-Site Request Forgery (CSRF) vulnerability in Digital Zoom Studio ...)
+ TODO: check
+CVE-2025-22502 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-22500 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22365 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22364 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-22363 (Missing Authorization vulnerability in ORION Allada T-shirt Designer f ...)
+ TODO: check
+CVE-2025-22362 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22359 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22358 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22357 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22355 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22354 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22353 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22352 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-22351 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-22350 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-22349 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-22348 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-22347 (Cross-Site Request Forgery (CSRF) vulnerability in BannerSky.com BSK F ...)
+ TODO: check
+CVE-2025-22343 (Cross-Site Request Forgery (CSRF) vulnerability in Dennis Koot wpSOL a ...)
+ TODO: check
+CVE-2025-22342 (Cross-Site Request Forgery (CSRF) vulnerability in Jens T\xf6rnell WP ...)
+ TODO: check
+CVE-2025-22339 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22338 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22336 (Cross-Site Request Forgery (CSRF) vulnerability in WordPress \u667a\u5 ...)
+ TODO: check
+CVE-2025-22335 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22334 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22333 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22328 (Cross-Site Request Forgery (CSRF) vulnerability in Elevio Elevio allow ...)
+ TODO: check
+CVE-2025-22327 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22326 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22325 (Cross-Site Request Forgery (CSRF) vulnerability in Nik Chankov Autocom ...)
+ TODO: check
+CVE-2025-22324 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22323 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22321 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22320 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22319 (Missing Authorization vulnerability in DearHive Social Media Share But ...)
+ TODO: check
+CVE-2025-22316 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22315 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22312 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22310 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22309 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22308 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22306 (Insertion of Sensitive Information into Externally-Accessible File or ...)
+ TODO: check
+CVE-2025-22305 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-22304 (Missing Authorization vulnerability in osamaesh WP Visitor Statistics ...)
+ TODO: check
+CVE-2025-22303 (Insertion of Sensitive Information Into Sent Data vulnerability in bra ...)
+ TODO: check
+CVE-2025-22302 (Missing Authorization vulnerability in WP Wand WP Wand allows Exploiti ...)
+ TODO: check
+CVE-2025-22301 (Cross-Site Request Forgery (CSRF) vulnerability in Stormhill Media MyB ...)
+ TODO: check
+CVE-2025-22300 (Cross-Site Request Forgery (CSRF) vulnerability in PixelYourSite Pixel ...)
+ TODO: check
+CVE-2025-22299 (Missing Authorization vulnerability in spacecodes AI for SEO allows Ex ...)
+ TODO: check
+CVE-2025-22298 (Missing Authorization vulnerability in Hive Support Hive Support \u201 ...)
+ TODO: check
+CVE-2025-22297 (Cross-Site Request Forgery (CSRF) vulnerability in AIpost AI WP Writer ...)
+ TODO: check
+CVE-2025-22296 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22294 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22293 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22261 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-21624 (ClipBucket V5 provides open source video hosting with PHP. Prior to 5. ...)
+ TODO: check
+CVE-2025-21623 (ClipBucket V5 provides open source video hosting with PHP. Prior to 5. ...)
+ TODO: check
+CVE-2025-21622 (ClipBucket V5 provides open source video hosting with PHP. During the ...)
+ TODO: check
+CVE-2025-0301 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2025-0300 (A vulnerability classified as critical was found in code-projects Onli ...)
+ TODO: check
+CVE-2025-0299 (A vulnerability classified as critical has been found in code-projects ...)
+ TODO: check
+CVE-2025-0298 (A vulnerability was found in code-projects Online Book Shop 1.0. It ha ...)
+ TODO: check
+CVE-2025-0297 (A vulnerability was found in code-projects Online Book Shop 1.0. It ha ...)
+ TODO: check
+CVE-2025-0296 (A vulnerability was found in code-projects Online Book Shop 1.0. It ha ...)
+ TODO: check
+CVE-2025-0295 (A vulnerability was found in code-projects Online Book Shop 1.0 and cl ...)
+ TODO: check
+CVE-2025-0294 (A vulnerability has been found in SourceCodester Home Clean Services M ...)
+ TODO: check
+CVE-2025-0218 (When batch jobs are executed by pgAgent, a script is created in a temp ...)
+ TODO: check
+CVE-2024-8361 (In SiWx91x devices, the SHA2/224 algorithm returns a hash of 256 bits ...)
+ TODO: check
+CVE-2024-56300 (Insertion of Sensitive Information Into Sent Data vulnerability in WPS ...)
+ TODO: check
+CVE-2024-56299 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-56298 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-56297 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-56296 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-56294 (Missing Authorization vulnerability in POSIMYTH Nexter Blocks allows E ...)
+ TODO: check
+CVE-2024-56293 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-56292 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-56291 (Deserialization of Untrusted Data vulnerability in plainware.com Plain ...)
+ TODO: check
+CVE-2024-56290 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-56289 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-56288 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-56287 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-56286 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2024-56285 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-56284 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-56283 (Deserialization of Untrusted Data vulnerability in plainware.com Locat ...)
+ TODO: check
+CVE-2024-56282 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2024-56281 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2024-56280 (Incorrect Privilege Assignment vulnerability in Amento Tech Pvt ltd WP ...)
+ TODO: check
+CVE-2024-56279 (Server-Side Request Forgery (SSRF) vulnerability in Tips and Tricks HQ ...)
+ TODO: check
+CVE-2024-56278 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
+ TODO: check
+CVE-2024-56276 (Missing Authorization vulnerability in WPForms Contact Form by WPForms ...)
+ TODO: check
+CVE-2024-56275 (Server-Side Request Forgery (SSRF) vulnerability in Envato Envato Elem ...)
+ TODO: check
+CVE-2024-56274 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-56273 (Missing Authorization vulnerability in WPvivid Backup & Migration WPvi ...)
+ TODO: check
+CVE-2024-56272 (Missing Authorization vulnerability in ThemeSupport Hide Category by U ...)
+ TODO: check
+CVE-2024-56271 (Missing Authorization vulnerability in SecureSubmit WP SecureSubmit al ...)
+ TODO: check
+CVE-2024-56270 (Missing Authorization vulnerability in SecureSubmit WP SecureSubmit.Th ...)
+ TODO: check
+CVE-2024-56056 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-55556 (A vulnerability in Crater Invoice allows an unauthenticated attacker w ...)
+ TODO: check
+CVE-2024-55555 (Invoice Ninja before 5.10.43 allows remote code execution from a pre-a ...)
+ TODO: check
+CVE-2024-55414 (A vulnerability exits in driver SmSerl64.sys in Motorola SM56 Modem WD ...)
+ TODO: check
+CVE-2024-55413 (A vulnerability exits in driver snxppamd.sys in SUNIX Parallel Driver ...)
+ TODO: check
+CVE-2024-55412 (A vulnerability exits in driver snxpsamd.sys in SUNIX Serial Driver x6 ...)
+ TODO: check
+CVE-2024-55411 (An issue in the snxpcamd.sys component of SUNIX Multi I/O Card v10.1.0 ...)
+ TODO: check
+CVE-2024-55410 (An issue in the 690b33e1-0462-4e84-9bea-c7552b45432a.sys component of ...)
+ TODO: check
+CVE-2024-55218 (IceWarp Server 10.2.1 is vulnerable to Cross Site Scripting (XSS) via ...)
+ TODO: check
+CVE-2024-55008 (JATOS 3.9.4 contains a denial-of-service (DoS) vulnerability in the au ...)
+ TODO: check
+CVE-2024-54819 (I, Librarian before and including 5.11.1 is vulnerable to Server-Side ...)
+ TODO: check
+CVE-2024-54007 (Multiple command injection vulnerabilities exist in the web interface ...)
+ TODO: check
+CVE-2024-54006 (Multiple command injection vulnerabilities exist in the web interface ...)
+ TODO: check
+CVE-2024-53800 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2024-53522 (Bangkok Medical Software HOSxP XE v4.64.11.3 was discovered to contain ...)
+ TODO: check
+CVE-2024-53345 (An authenticated arbitrary file upload vulnerability in Car Rental Man ...)
+ TODO: check
+CVE-2024-52893 (IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could al ...)
+ TODO: check
+CVE-2024-52891 (IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could a ...)
+ TODO: check
+CVE-2024-52813 (matrix-rust-sdk is an implementation of a Matrix client-server library ...)
+ TODO: check
+CVE-2024-52367 (IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could dis ...)
+ TODO: check
+CVE-2024-52366 (IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3could allo ...)
+ TODO: check
+CVE-2024-51715 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-51700 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-51651 (Missing Authorization vulnerability in CubeWP CubeWP Forms \u2013 All- ...)
+ TODO: check
+CVE-2024-50660 (File Upload Bypass was found in AdPortal 3.0.39 allows a remote attack ...)
+ TODO: check
+CVE-2024-50659 (Cross Site Scripting vulnerability iPublish Media Solutions AdPortal 3 ...)
+ TODO: check
+CVE-2024-50658 (Server-Side Template Injection (SSTI) was found in AdPortal 3.0.39 all ...)
+ TODO: check
+CVE-2024-49649 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2024-49644 (Incorrect Privilege Assignment vulnerability in AllAccessible Team Acc ...)
+ TODO: check
+CVE-2024-49633 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-49294 (Cross-Site Request Forgery (CSRF) vulnerability in MagePeople Team Bus ...)
+ TODO: check
+CVE-2024-49249 (Path Traversal vulnerability in SMSA Express SMSA Shipping allows Path ...)
+ TODO: check
+CVE-2024-49222 (Deserialization of Untrusted Data vulnerability in Amento Tech Pvt ltd ...)
+ TODO: check
+CVE-2024-48245 (Vehicle Management System 1.0 is vulnerable to SQL Injection. A guest ...)
+ TODO: check
+CVE-2024-46603 (An XML External Entity (XXE) vulnerability in Elspec Engineering G5 Di ...)
+ TODO: check
+CVE-2024-46602 (An issue was discovered in Elspec G5 digital fault recorder version 1. ...)
+ TODO: check
+CVE-2024-46601 (Elspec Engineering G5 Digital Fault Recorder Firmware v1.2.1.12 was di ...)
+ TODO: check
+CVE-2024-46242 (An issue in the validate_email function in CTFd/utils/validators/__ini ...)
+ TODO: check
+CVE-2024-45640 (IBM Security ReaQta 3.12 returns sensitive information in an HTTP resp ...)
+ TODO: check
+CVE-2024-45100 (IBM Security ReaQta 3.12could allow a privileged user to cause a denia ...)
+ TODO: check
+CVE-2024-44450 (Multiple functions are vulnerable to Authorization Bypass in AIMS eCre ...)
+ TODO: check
+CVE-2024-43243 (Unrestricted Upload of File with Dangerous Type vulnerability in Theme ...)
+ TODO: check
+CVE-2024-40749 (Improper Access Controls allows access to protected views.)
+ TODO: check
+CVE-2024-40748 (Lack of output escaping in the id attribute of menu lists.)
+ TODO: check
+CVE-2024-40747 (Various module chromes didn't properly process inputs, leading to XSS ...)
+ TODO: check
+CVE-2024-40702 (IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 ...)
+ TODO: check
+CVE-2024-40427 (Stack Buffer Overflow in PX4-Autopilot v1.14.3, which allows attackers ...)
+ TODO: check
+CVE-2024-35532 (An XML External Entity (XXE) injection vulnerability in Intersec Geosa ...)
+ TODO: check
+CVE-2024-28778 (IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 ...)
+ TODO: check
+CVE-2024-25037 (IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 ...)
+ TODO: check
+CVE-2024-12738 (The User Profile Builder \u2013 Beautiful User Registration Forms, Use ...)
+ TODO: check
+CVE-2024-12719 (The WordPress File Upload plugin for WordPress is vulnerable to unauth ...)
+ TODO: check
+CVE-2024-12711 (The RSVP and Event Management plugin for WordPress is vulnerable to un ...)
+ TODO: check
+CVE-2024-12699 (The Service Box plugin for WordPress is vulnerable to Stored Cross-Sit ...)
+ TODO: check
+CVE-2024-12532 (The BWD Elementor Addons plugin for WordPress is vulnerable to Sensiti ...)
+ TODO: check
+CVE-2024-12430 (An attacker who successfully exploited these vulnerabilities could cau ...)
+ TODO: check
+CVE-2024-12429 (An attacker who successfully exploited these vulnerabilities could gra ...)
+ TODO: check
+CVE-2024-12426 (Exposure of Environmental Variables and arbitrary INI file values to a ...)
+ TODO: check
+CVE-2024-12425 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2024-12316 (The Jupiter X Core plugin for WordPress is vulnerable to unauthorized ...)
+ TODO: check
+CVE-2024-12152 (The MIPL WC Multisite Sync plugin for WordPress is vulnerable to Direc ...)
+ TODO: check
+CVE-2024-12131 (The WP Job Portal \u2013 A Complete Recruitment System for Company or ...)
+ TODO: check
+CVE-2024-12033 (The Jupiter X Core plugin for WordPress is vulnerable to unauthorized ...)
+ TODO: check
+CVE-2024-11826 (The Quill Forms | The Best Typeform Alternative | Create Conversationa ...)
+ TODO: check
+CVE-2024-11681 (A malicious or compromised MacPorts mirror can execute arbitrary comma ...)
+ TODO: check
+CVE-2025-0247 (Memory safety bugs present in Firefox 133 and Thunderbird 133. Some of ...)
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-01/#CVE-2025-0247
-CVE-2025-0243
+CVE-2025-0243 (Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ES ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-01/#CVE-2025-0243
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/#CVE-2025-0243
-CVE-2025-0242
+CVE-2025-0242 (Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ES ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-01/#CVE-2025-0242
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/#CVE-2025-0242
-CVE-2025-0241
+CVE-2025-0241 (When segmenting specially crafted text, segmentation would corrupt mem ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-01/#CVE-2025-0241
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/#CVE-2025-0241
-CVE-2025-0240
+CVE-2025-0240 (Parsing a JavaScript module as JSON could, under some circumstances, c ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-01/#CVE-2025-0240
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/#CVE-2025-0240
-CVE-2025-0239
+CVE-2025-0239 (When using Alt-Svc, ALPN did not properly validate certificates when t ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-01/#CVE-2025-0239
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/#CVE-2025-0239
-CVE-2025-0238
+CVE-2025-0238 (Assuming a controlled failed memory allocation, an attacker could have ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-01/#CVE-2025-0238
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/#CVE-2025-0238
-CVE-2025-0237
+CVE-2025-0237 (The WebChannel API, which is used to transport various information acr ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-01/#CVE-2025-0237
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/#CVE-2025-0237
-CVE-2025-0246
+CVE-2025-0246 (When using an invalid protocol scheme, an attacker could spoof the add ...)
- firefox <not-affected> (Only affects Firefox on Android)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-01/#CVE-2025-0246
-CVE-2025-0245
+CVE-2025-0245 (Under certain circumstances, a user opt-in setting that Focus should r ...)
- firefox <not-affected> (Only affects Firefox on Android)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-01/#CVE-2025-0245
-CVE-2025-0244
+CVE-2025-0244 (When redirecting to an invalid protocol scheme, an attacker could spoo ...)
- firefox <not-affected> (Only affects Firefox on Android)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-01/#CVE-2025-0244
CVE-2025-22395 (Dell Update Package Framework, versions prior to 22.01.02, contain(s) ...)
@@ -4057,7 +4501,7 @@ CVE-2024-12782 (A vulnerability has been found in Fujifilm Apeos C3070, Apeos C5
NOT-FOR-US: Apeos
CVE-2024-12626 (The AutomatorWP \u2013 Automator plugin for no-code automations, webho ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-12569 (Disclosure of sensitive information in HikVision camera driver's log f ...)
+CVE-2024-12569 (Disclosure of sensitive information in a Milestone XProtect Device Pac ...)
NOT-FOR-US: HikVision camera driver
CVE-2024-12331 (The File Manager Pro \u2013 Filester plugin for WordPress is vulnerabl ...)
NOT-FOR-US: WordPress plugin
@@ -39160,7 +39604,7 @@ CVE-2024-6136 (The wp-cart-for-digital-products WordPress plugin before 8.5.6 do
NOT-FOR-US: WordPress plugin
CVE-2024-6133 (The wp-cart-for-digital-products WordPress plugin before 8.5.6 does no ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-5445 (Ecosystem Agent version 4 < 4.5.1.2597 and Ecosystem Agent version 5 < ...)
+CVE-2024-5445 (Ecosystem Agent version 4 < 4.1.5.2597 and Ecosystem Agent version 5 < ...)
NOT-FOR-US: Ecosystem Agent
CVE-2024-4360 (The Element Pack Elementor Addons (Header Footer, Template Library, Dy ...)
NOT-FOR-US: WordPress plugin
@@ -176192,10 +176636,10 @@ CVE-2022-45188 (Netatalk through 3.1.13 has an afp_getappl heap-based buffer ove
NOTE: https://github.com/Netatalk/netatalk/commit/952b510d38914ed215858883f395da33d8b7e396 (netatalk-3-1-15)
CVE-2022-45187
RESERVED
-CVE-2022-45186
- RESERVED
-CVE-2022-45185
- RESERVED
+CVE-2022-45186 (An issue was discovered in SuiteCRM 7.12.7. Authenticated users can re ...)
+ TODO: check
+CVE-2022-45185 (An issue was discovered in SuiteCRM 7.12.7. Authenticated users can us ...)
+ TODO: check
CVE-2022-45184 (The Web Server in Ironman Software PowerShell Universal v3.x and v2.x ...)
NOT-FOR-US: Ironman Software PowerShell Universal
CVE-2022-45183 (Escalation of privileges in the Web Server in Ironman Software PowerSh ...)
@@ -189067,10 +189511,10 @@ CVE-2022-41575 (A credential-exposure vulnerability in the support-bundle mechan
NOT-FOR-US: Gradle Enterprise
CVE-2022-41574 (An access-control vulnerability in Gradle Enterprise 2022.4 through 20 ...)
NOT-FOR-US: Gradle Enterprise
-CVE-2022-41573
- RESERVED
-CVE-2022-41572
- RESERVED
+CVE-2022-41573 (An issue was discovered in Ovidentia 8.3. The file upload feature does ...)
+ TODO: check
+CVE-2022-41572 (An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Privile ...)
+ TODO: check
CVE-2022-41571 (An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Local f ...)
NOT-FOR-US: EyesOfNetwork (EON)
CVE-2022-41570 (An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Unauthe ...)
@@ -245860,8 +246304,8 @@ CVE-2022-22365 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, with th
NOT-FOR-US: IBM
CVE-2022-22364 (IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to exte ...)
NOT-FOR-US: IBM
-CVE-2022-22363
- RESERVED
+CVE-2022-22363 (IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 ...)
+ TODO: check
CVE-2022-22362
RESERVED
CVE-2022-22361 (IBM Business Automation Workflow traditional 21.0.1 through 21.0.3, 20 ...)
@@ -318562,8 +319006,8 @@ CVE-2021-20457
RESERVED
CVE-2021-20456
RESERVED
-CVE-2021-20455
- RESERVED
+CVE-2021-20455 (IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 ...)
+ TODO: check
CVE-2021-20454 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...)
NOT-FOR-US: IBM
CVE-2021-20453 (IBM WebSphere Application Server 8.0, 8.5, and 9.0 is vulnerable to a ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/005f3b9364cc307080e45080c4e76190e8becb9c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/005f3b9364cc307080e45080c4e76190e8becb9c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250107/e020d7ba/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list