[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jan 8 20:15:39 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9cabda19 by security tracker role at 2025-01-08T20:12:27+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,77 +1,169 @@
-CVE-2024-56787 [soc: imx8m: Probe the SoC driver as platform driver]
+CVE-2025-22143 (WeGIA is a web manager for charitable institutions. A Reflected Cross- ...)
+ TODO: check
+CVE-2025-22141 (WeGIA is a web manager for charitable institutions. A SQL Injection vu ...)
+ TODO: check
+CVE-2025-22140 (WeGIA is a web manager for charitable institutions. A SQL Injection vu ...)
+ TODO: check
+CVE-2025-22139 (WeGIA is a web manager for charitable institutions. A Reflected Cross- ...)
+ TODO: check
+CVE-2025-22137 (Pingvin Share is a self-hosted file sharing platform and an alternativ ...)
+ TODO: check
+CVE-2025-22136 (Tabby (formerly Terminus) is a highly configurable terminal emulator. ...)
+ TODO: check
+CVE-2025-22130 (Soft Serve is a self-hostable Git server for the command line. Prior t ...)
+ TODO: check
+CVE-2025-21111 (Dell VxRail, versions 8.0.000 through 8.0.311, contain(s) a Plaintext ...)
+ TODO: check
+CVE-2025-21102 (Dell VxRail, versions 7.0.000 through 7.0.532, contain(s) a Plaintext ...)
+ TODO: check
+CVE-2025-20168 (A vulnerability in the web-based management interface of Cisco Common ...)
+ TODO: check
+CVE-2025-20167 (A vulnerability in the web-based management interface of Cisco Common ...)
+ TODO: check
+CVE-2025-20166 (A vulnerability in the web-based management interface of Cisco Common ...)
+ TODO: check
+CVE-2025-20126 (A vulnerability in certification validation routines of Cisco Thousand ...)
+ TODO: check
+CVE-2025-20123 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2025-0194 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
+ TODO: check
+CVE-2024-9939 (The WordPress File Upload plugin for WordPress is vulnerable to Path T ...)
+ TODO: check
+CVE-2024-6350 (A malformed 802.15.4 packet causes a buffer overflow to occur leading ...)
+ TODO: check
+CVE-2024-55656 (RedisBloom adds a set of probabilistic data structures to Redis. There ...)
+ TODO: check
+CVE-2024-55517 (An issue was discovered in the Interllect Core Search in Polaris FT In ...)
+ TODO: check
+CVE-2024-55459 (An issue in keras 3.7.0 allows attackers to write arbitrary files to t ...)
+ TODO: check
+CVE-2024-54818 (SourceCodester Computer Laboratory Management System 1.0 is vulnerable ...)
+ TODO: check
+CVE-2024-53526 (composio >=0.5.40 is vulnerable to Command Execution in composio_opena ...)
+ TODO: check
+CVE-2024-51737 (RediSearch is a Redis module that provides querying, secondary indexin ...)
+ TODO: check
+CVE-2024-51480 (RedisTimeSeries is a time-series database (TSDB) module for Redis, by ...)
+ TODO: check
+CVE-2024-51442 (Command Injection in Minidlna version v1.3.3 and before allows an atta ...)
+ TODO: check
+CVE-2024-45345
+ REJECTED
+CVE-2024-45344
+ REJECTED
+CVE-2024-45343
+ REJECTED
+CVE-2024-45342
+ REJECTED
+CVE-2024-45033 (Insufficient Session Expiration vulnerability in Apache Airflow Fab Pr ...)
+ TODO: check
+CVE-2024-13189 (A vulnerability classified as critical has been found in ZeroWdd myblo ...)
+ TODO: check
+CVE-2024-13188 (A vulnerability was found in MicroWorld eScan Antivirus 7.0.32 on Linu ...)
+ TODO: check
+CVE-2024-13187 (A vulnerability was found in Kingsoft WPS Office 6.14.0 on macOS. It h ...)
+ TODO: check
+CVE-2024-13186 (The MinigameCenter module has insufficient restrictions on loading UR ...)
+ TODO: check
+CVE-2024-13185 (The MinigameCenter module has insufficient restrictions on loading UR ...)
+ TODO: check
+CVE-2024-12855 (The AdForest theme for WordPress is vulnerable to unauthorized modific ...)
+ TODO: check
+CVE-2024-12854 (The Garden Gnome Package plugin for WordPress is vulnerable to arbitra ...)
+ TODO: check
+CVE-2024-12853 (The Modula Image Gallery plugin for WordPress is vulnerable to arbitra ...)
+ TODO: check
+CVE-2024-12712 (The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2024-12337 (The Shipping via Planzer for WooCommerce plugin for WordPress is vulne ...)
+ TODO: check
+CVE-2024-12328 (The MAS Elementor plugin for WordPress is vulnerable to Stored Cross-S ...)
+ TODO: check
+CVE-2024-11939 (The Cost Calculator Builder PRO plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2024-11830 (The PDF Flipbook, 3D Flipbook\u2014DearFlip plugin for WordPress is vu ...)
+ TODO: check
+CVE-2024-11423 (The Ultimate Gift Cards for WooCommerce \u2013 Create WooCommerce Gift ...)
+ TODO: check
+CVE-2024-11350 (The AdForest theme for WordPress is vulnerable to privilege escalation ...)
+ TODO: check
+CVE-2023-35685 (In DevmemIntMapPages of devicemem_server.c, there is a possible physic ...)
+ TODO: check
+CVE-2024-56787 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.12.5-1
[bookworm] - linux 6.1.123-1
NOTE: https://git.kernel.org/linus/9cc832d37799dbea950c4c8a34721b02b8b5a8ff (6.13-rc1)
-CVE-2024-56786 [bpf: put bpf_link's program when link is safe to be deallocated]
+CVE-2024-56786 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.12.5-1
NOTE: https://git.kernel.org/linus/f44ec8733a8469143fde1984b5e6931b2e2f6f3f (6.13-rc1)
-CVE-2024-56785 [MIPS: Loongson64: DTS: Really fix PCIe port nodes for ls7a]
+CVE-2024-56785 (In the Linux kernel, the following vulnerability has been resolved: M ...)
- linux 6.12.5-1
[bookworm] - linux 6.1.123-1
NOTE: https://git.kernel.org/linus/4fbd66d8254cedfd1218393f39d83b6c07a01917 (6.13-rc1)
-CVE-2024-56784 [drm/amd/display: Adding array index check to prevent memory corruption]
+CVE-2024-56784 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.12.5-1
NOTE: https://git.kernel.org/linus/2c437d9a0b496168e1a1defd17b531f0a526dbe9 (6.13-rc1)
-CVE-2024-56783 [netfilter: nft_socket: remove WARN_ON_ONCE on maximum cgroup level]
+CVE-2024-56783 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.12.5-1
[bookworm] - linux 6.1.123-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/b7529880cb961d515642ce63f9d7570869bbbdc3 (6.13-rc2)
-CVE-2024-56782 [ACPI: x86: Add adev NULL check to acpi_quirk_skip_serdev_enumeration()]
+CVE-2024-56782 (In the Linux kernel, the following vulnerability has been resolved: A ...)
- linux 6.12.5-1
NOTE: https://git.kernel.org/linus/4a49194f587a62d972b602e3e1a2c3cfe6567966 (6.13-rc1)
-CVE-2024-56781 [powerpc/prom_init: Fixup missing powermac #size-cells]
+CVE-2024-56781 (In the Linux kernel, the following vulnerability has been resolved: p ...)
- linux 6.12.5-1
[bookworm] - linux 6.1.123-1
NOTE: https://git.kernel.org/linus/cf89c9434af122f28a3552e6f9cc5158c33ce50a (6.13-rc1)
-CVE-2024-56780 [quota: flush quota_release_work upon quota writeback]
+CVE-2024-56780 (In the Linux kernel, the following vulnerability has been resolved: q ...)
- linux 6.12.5-1
[bookworm] - linux 6.1.123-1
NOTE: https://git.kernel.org/linus/ac6f420291b3fee1113f21d612fa88b628afab5b (6.13-rc2)
-CVE-2024-56779 [nfsd: fix nfs4_openowner leak when concurrent nfsd4_open occur]
+CVE-2024-56779 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.12.5-1
[bookworm] - linux 6.1.123-1
NOTE: https://git.kernel.org/linus/98100e88dd8865999dc6379a3356cd799795fe7b (6.13-rc1)
-CVE-2024-56778 [drm/sti: avoid potential dereference of error pointers in sti_hqvdp_atomic_check]
+CVE-2024-56778 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.12.5-1
[bookworm] - linux 6.1.123-1
NOTE: https://git.kernel.org/linus/c1ab40a1fdfee732c7e6ff2fb8253760293e47e8 (6.13-rc1)
-CVE-2024-56777 [drm/sti: avoid potential dereference of error pointers in sti_gdp_atomic_check]
+CVE-2024-56777 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.12.5-1
[bookworm] - linux 6.1.123-1
NOTE: https://git.kernel.org/linus/e965e771b069421c233d674c3c8cd8c7f7245f42 (6.13-rc1)
-CVE-2024-56776 [drm/sti: avoid potential dereference of error pointers]
+CVE-2024-56776 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.12.5-1
[bookworm] - linux 6.1.123-1
NOTE: https://git.kernel.org/linus/831214f77037de02afc287eae93ce97f218d8c04 (6.13-rc1)
-CVE-2024-56775 [drm/amd/display: Fix handling of plane refcount]
+CVE-2024-56775 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.12.5-1
NOTE: https://git.kernel.org/linus/27227a234c1487cb7a684615f0749c455218833a (6.13-rc1)
-CVE-2024-56774 [btrfs: add a sanity check for btrfs root in btrfs_search_slot()]
+CVE-2024-56774 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.12.5-1
[bookworm] - linux 6.1.123-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/3ed51857a50f530ac7a1482e069dfbd1298558d4 (6.13-rc2)
-CVE-2024-56773 [kunit: Fix potential null dereference in kunit_device_driver_test()]
+CVE-2024-56773 (In the Linux kernel, the following vulnerability has been resolved: k ...)
- linux 6.12.5-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/435c20eed572a95709b1536ff78832836b2f91b1 (6.13-rc1)
-CVE-2024-56772 [kunit: string-stream: Fix a UAF bug in kunit_init_suite()]
+CVE-2024-56772 (In the Linux kernel, the following vulnerability has been resolved: k ...)
- linux 6.12.5-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/39e21403c978862846fa68b7f6d06f9cca235194 (6.13-rc1)
-CVE-2024-56771 [mtd: spinand: winbond: Fix 512GW, 01GW, 01JW and 02JW ECC information]
+CVE-2024-56771 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.12.5-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/fee9b240916df82a8b07aef0fdfe96785417a164 (6.13-rc1)
-CVE-2024-56770 [net/sched: netem: account for backlog updates from child qdisc]
+CVE-2024-56770 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.12.6-1
[bookworm] - linux 6.1.123-1
NOTE: https://git.kernel.org/linus/f8d4bc455047cf3903cd6f85f49978987dbb3027 (6.13-rc3)
-CVE-2024-54676
+CVE-2024-54676 (Vendor: The Apache Software Foundation Versions Affected: Apache Open ...)
NOT-FOR-US: Apache OpenMeetings
CVE-2025-22215 (VMware Aria Automation contains a server-side request forgery (SSRF) v ...)
NOT-FOR-US: VMware
@@ -195,7 +287,7 @@ CVE-2023-52954 (Vulnerability of improper permission control in the Gallery modu
NOT-FOR-US: Huawei
CVE-2023-52953 (Path traversal vulnerability in the Medialibrary module Impact: Succes ...)
NOT-FOR-US: Huawei
-CVE-2025-0291
+CVE-2025-0291 (Type Confusion in V8 in Google Chrome prior to 131.0.6778.264 allowed ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-22621 (In versions 1.0.67 and lower of the Splunk App for SOAR, the Splunk do ...)
@@ -648,36 +740,43 @@ CVE-2025-0247 (Memory safety bugs present in Firefox 133 and Thunderbird 133. So
- firefox 134.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-01/#CVE-2025-0247
CVE-2025-0243 (Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ES ...)
+ {DSA-5839-1}
- firefox 134.0-1
- firefox-esr 128.6.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-01/#CVE-2025-0243
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/#CVE-2025-0243
CVE-2025-0242 (Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ES ...)
+ {DSA-5839-1}
- firefox 134.0-1
- firefox-esr 128.6.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-01/#CVE-2025-0242
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/#CVE-2025-0242
CVE-2025-0241 (When segmenting specially crafted text, segmentation would corrupt mem ...)
+ {DSA-5839-1}
- firefox 134.0-1
- firefox-esr 128.6.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-01/#CVE-2025-0241
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/#CVE-2025-0241
CVE-2025-0240 (Parsing a JavaScript module as JSON could, under some circumstances, c ...)
+ {DSA-5839-1}
- firefox 134.0-1
- firefox-esr 128.6.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-01/#CVE-2025-0240
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/#CVE-2025-0240
CVE-2025-0239 (When using Alt-Svc, ALPN did not properly validate certificates when t ...)
+ {DSA-5839-1}
- firefox 134.0-1
- firefox-esr 128.6.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-01/#CVE-2025-0239
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/#CVE-2025-0239
CVE-2025-0238 (Assuming a controlled failed memory allocation, an attacker could have ...)
+ {DSA-5839-1}
- firefox 134.0-1
- firefox-esr 128.6.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-01/#CVE-2025-0238
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/#CVE-2025-0238
CVE-2025-0237 (The WebChannel API, which is used to transport various information acr ...)
+ {DSA-5839-1}
- firefox 134.0-1
- firefox-esr 128.6.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-01/#CVE-2025-0237
@@ -4261,7 +4360,7 @@ CVE-2024-56326 (Jinja is an extensible templating engine. Prior to 3.1.5, An ove
- jinja2 <unfixed> (bug #1091331)
NOTE: https://github.com/pallets/jinja/security/advisories/GHSA-q2x7-8rv6-6q7h
NOTE: Fixed by: https://github.com/pallets/jinja/commit/48b0687e05a5466a91cd5812d604fa37ad0943b4 (3.1.5)
-CVE-2024-56201 (Jinja is an extensible templating engine. Prior to 3.1.5, a bug in the ...)
+CVE-2024-56201 (Jinja is an extensible templating engine. In versions on the 3.x branc ...)
- jinja2 <unfixed> (bug #1091329)
NOTE: https://github.com/pallets/jinja/security/advisories/GHSA-gmj6-6f8f-6699
NOTE: https://github.com/pallets/jinja/issues/1792
@@ -9680,7 +9779,7 @@ CVE-2024-53566 (An issue in the action_listcategories() function of Sangoma Aste
- asterisk <unfixed>
NOTE: https://gist.github.com/hyp164D1/e7c0f44ffb38c00320aa1a6d98bee616
NOTE: Wasn't reported upstream, but they confirmed it and an advisory will be published
-CVE-2024-53564 (A serious vulnerability was discovered in FreePBX 17.0.19.17. FreePBX ...)
+CVE-2024-53564 (A vulnerability was discovered in FreePBX 17.0.19.17. It does not veri ...)
NOT-FOR-US: FreePBX
CVE-2024-53484 (Ever Traduora 0.20.0 and below is vulnerable to Privilege Escalation d ...)
NOT-FOR-US: Ever Traduora
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9cabda19fb1a59fa767540e2a357ae3957850622
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9cabda19fb1a59fa767540e2a357ae3957850622
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250108/121584c6/attachment.htm>
More information about the debian-security-tracker-commits
mailing list