[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Jan 8 08:12:06 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
330a8e36 by security tracker role at 2025-01-08T08:11:58+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,125 @@
+CVE-2025-22215 (VMware Aria Automation contains a server-side request forgery (SSRF) v ...)
+	TODO: check
+CVE-2025-22133 (WeGIA is a web manager for charitable institutions. Prior to 3.2.8, a  ...)
+	TODO: check
+CVE-2025-22132 (WeGIA is a web manager for charitable institutions. A Cross-Site Scrip ...)
+	TODO: check
+CVE-2025-21603 (Cross-site scripting vulnerability exists in MZK-DP300N firmware versi ...)
+	TODO: check
+CVE-2024-9673 (The Piotnet Addons For Elementor plugin for WordPress is vulnerable to ...)
+	TODO: check
+CVE-2024-8002 (A vulnerability has been found in VIWIS LMS 9.11 and classified as pro ...)
+	TODO: check
+CVE-2024-56456 (Vulnerability of input parameters not being verified during glTF model ...)
+	TODO: check
+CVE-2024-56455 (Vulnerability of input parameters not being verified during glTF model ...)
+	TODO: check
+CVE-2024-56454 (Vulnerability of input parameters not being verified during glTF model ...)
+	TODO: check
+CVE-2024-56453 (Vulnerability of input parameters not being verified during glTF model ...)
+	TODO: check
+CVE-2024-56452 (Vulnerability of input parameters not being verified during glTF model ...)
+	TODO: check
+CVE-2024-56451 (Integer overflow vulnerability during glTF model loading in the 3D eng ...)
+	TODO: check
+CVE-2024-56450 (Buffer overflow vulnerability in the component driver module Impact: S ...)
+	TODO: check
+CVE-2024-56449 (Privilege escalation vulnerability in the Account module Impact: Succe ...)
+	TODO: check
+CVE-2024-56448 (Vulnerability of improper access control in the home screen widget mod ...)
+	TODO: check
+CVE-2024-56447 (Vulnerability of improper permission control in the window management  ...)
+	TODO: check
+CVE-2024-56446 (Vulnerability of variables not being initialized in the notification m ...)
+	TODO: check
+CVE-2024-56445 (Instruction authentication bypass vulnerability in the Findnetwork mod ...)
+	TODO: check
+CVE-2024-56444 (Cross-process screen stack vulnerability in the UIExtension module Imp ...)
+	TODO: check
+CVE-2024-56443 (Cross-process screen stack vulnerability in the UIExtension module Imp ...)
+	TODO: check
+CVE-2024-56442 (Vulnerability of native APIs not being implemented in the NFC service  ...)
+	TODO: check
+CVE-2024-56441 (Race condition vulnerability in the Bastet module Impact: Successful e ...)
+	TODO: check
+CVE-2024-56440 (Permission control vulnerability in the Connectivity module Impact: Su ...)
+	TODO: check
+CVE-2024-56439 (Access control vulnerability in the identity authentication module Imp ...)
+	TODO: check
+CVE-2024-56438 (Vulnerability of improper memory address protection in the HUKS module ...)
+	TODO: check
+CVE-2024-56437 (Vulnerability of input parameters not being verified in the widget fra ...)
+	TODO: check
+CVE-2024-56436 (Cross-process screen stack vulnerability in the UIExtension module Imp ...)
+	TODO: check
+CVE-2024-56435 (Cross-process screen stack vulnerability in the UIExtension module Imp ...)
+	TODO: check
+CVE-2024-56434 (UAF vulnerability in the device node access module Impact: Successful  ...)
+	TODO: check
+CVE-2024-55356
+	REJECTED
+CVE-2024-55355
+	REJECTED
+CVE-2024-54731 (cpdf through 2.8 allows stack consumption via a crafted PDF document.)
+	TODO: check
+CVE-2024-54121 (Startup control vulnerability in the ability module Impact: Successful ...)
+	TODO: check
+CVE-2024-54120 (Race condition vulnerability in the distributed notification module Im ...)
+	TODO: check
+CVE-2024-50603 (An issue was discovered in Aviatrix Controller before 7.1.4191 and 7.2 ...)
+	TODO: check
+CVE-2024-47934 (Improper Input Validation vulnerability in Management Program in TXOne ...)
+	TODO: check
+CVE-2024-47239 (Dell PowerScale OneFS versions 8.2.2.x through 9.9.0.0 contain an unco ...)
+	TODO: check
+CVE-2024-40679 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 ...)
+	TODO: check
+CVE-2024-13173 (The health module has insufficient restrictions on loading URLs, which ...)
+	TODO: check
+CVE-2024-12852 (The Happy Addons for Elementor plugin for WordPress is vulnerable to S ...)
+	TODO: check
+CVE-2024-12851 (The Element Pack Elementor Addons (Header Footer, Template Library, Dy ...)
+	TODO: check
+CVE-2024-12713 (The SureForms \u2013 Drag and Drop Form Builder for WordPress plugin f ...)
+	TODO: check
+CVE-2024-12585 (The Property Hive WordPress plugin before 2.1.1 does not sanitise and  ...)
+	TODO: check
+CVE-2024-12584 (The 140+ Widgets | Xpro Addons For Elementor \u2013 FREE plugin for Wo ...)
+	TODO: check
+CVE-2024-12521 (The Slotti Ajanvaraus plugin for WordPress is vulnerable to Stored Cro ...)
+	TODO: check
+CVE-2024-12205 (The Themesflat Addons For Elementor plugin for WordPress is vulnerable ...)
+	TODO: check
+CVE-2024-12112 (The Easy Form Builder \u2013 WordPress plugin form builder: contact fo ...)
+	TODO: check
+CVE-2024-12045 (The Essential Blocks \u2013 Page Builder Gutenberg Blocks, Patterns &  ...)
+	TODO: check
+CVE-2024-12030 (The MDTF \u2013 Meta Data and Taxonomies Filter plugin for WordPress i ...)
+	TODO: check
+CVE-2024-11916 (The The Ultimate WordPress Toolkit \u2013 WP Extended plugin for WordP ...)
+	TODO: check
+CVE-2024-11816 (The Ultimate WordPress Toolkit \u2013 WP Extended plugin for WordPress ...)
+	TODO: check
+CVE-2024-11635 (The WordPress File Upload plugin for WordPress is vulnerable to Remote ...)
+	TODO: check
+CVE-2024-11613 (The WordPress File Upload plugin for WordPress is vulnerable to Remote ...)
+	TODO: check
+CVE-2024-11271 (The WordPress Webinar Plugin \u2013 WebinarPress plugin for WordPress  ...)
+	TODO: check
+CVE-2024-11270 (The WordPress Webinar Plugin \u2013 WebinarPress plugin for WordPress  ...)
+	TODO: check
+CVE-2024-10585 (The InfiniteWP Client plugin for WordPress is vulnerable to Path Trave ...)
+	TODO: check
+CVE-2024-10541
+	REJECTED
+CVE-2024-10151 (The Auto iFrame WordPress plugin before 2.0 does not validate and esca ...)
+	TODO: check
+CVE-2023-52955 (Vulnerability of improper authentication in the ANS system service mod ...)
+	TODO: check
+CVE-2023-52954 (Vulnerability of improper permission control in the Gallery module Imp ...)
+	TODO: check
+CVE-2023-52953 (Path traversal vulnerability in the Medialibrary module Impact: Succes ...)
+	TODO: check
 CVE-2025-0291
 	- chromium <unfixed>
 	[bullseye] - chromium <end-of-life> (see #1061268)
@@ -46682,7 +46804,7 @@ CVE-2024-39535 (An Improper Check for Unusual or Exceptional Conditions vulnerab
 	NOT-FOR-US: Juniper
 CVE-2024-39533 (An Unimplemented or Unsupported Feature in the UI vulnerability in Jun ...)
 	NOT-FOR-US: Juniper
-CVE-2024-39532 (AnInsertion of Sensitive Information into Log File vulnerability in Ju ...)
+CVE-2024-39532 (An Insertion of Sensitive Information into Log File vulnerability in J ...)
 	NOT-FOR-US: Juniper
 CVE-2024-39531 (An Improper Handling of Values vulnerability in the Packet Forwarding  ...)
 	NOT-FOR-US: Juniper
@@ -500666,8 +500788,7 @@ CVE-2018-4303 (An input validation issue was addressed with improved input valid
 	NOT-FOR-US: Apple
 CVE-2018-4302 (A null pointer dereference was addressed with improved validation. Thi ...)
 	NOT-FOR-US: Apple
-CVE-2018-4301
-	RESERVED
+CVE-2018-4301 (This issue is fixed in SCSSU-201801. A potential stack based buffer ov ...)
 	NOT-FOR-US: Apple
 CVE-2018-4300 (The session cookie generated by the CUPS web interface was easy to gue ...)
 	{DLA-1936-1}
@@ -537912,7 +538033,7 @@ CVE-2017-9118 (PHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl vi
 	NOTE: Check for Jessie again as soon as more information are available.
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74604
 	NOTE: Not treated as a security issue by upstream
-CVE-2017-9117 (In LibTIFF 4.0.7, the program processes BMP images without verifying t ...)
+CVE-2017-9117 (In LibTIFF 4.0.6 and possibly other versions, the program processes BM ...)
 	- tiff <unfixed> (unimportant)
 	- tiff3 <not-affected> (Does not ship libtiff-tools)
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2690



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/330a8e36bd4ec27cca8ef93dd906dce9d4064846

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/330a8e36bd4ec27cca8ef93dd906dce9d4064846
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250108/e81ebc02/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list