[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Jan 9 08:12:28 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f9d8a2fe by security tracker role at 2025-01-09T08:12:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,157 @@
+CVE-2025-22449 (Mattermost versions 9.11.x <= 9.11.5 fail to enforce invite permission ...)
+ TODO: check
+CVE-2025-22445 (Mattermost versions 10.x <= 10.2 fail to accurately reflect missing se ...)
+ TODO: check
+CVE-2025-22145 (Carbon is an international PHP extension for DateTime. Application pas ...)
+ TODO: check
+CVE-2025-20033 (Mattermost versions 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x ...)
+ TODO: check
+CVE-2025-0344 (A vulnerability has been found in leiyuxi cy-fast 1.0 and classified a ...)
+ TODO: check
+CVE-2025-0342 (A vulnerability, which was classified as problematic, was found in Cam ...)
+ TODO: check
+CVE-2025-0341 (A vulnerability, which was classified as critical, has been found in C ...)
+ TODO: check
+CVE-2025-0340 (A vulnerability classified as critical was found in code-projects Cine ...)
+ TODO: check
+CVE-2025-0339 (A vulnerability classified as problematic has been found in code-proje ...)
+ TODO: check
+CVE-2025-0336 (A vulnerability was found in Codezips Project Management System 1.0. I ...)
+ TODO: check
+CVE-2025-0335 (A vulnerability was found in code-projects Online Bike Rental System 1 ...)
+ TODO: check
+CVE-2025-0334 (A vulnerability has been found in leiyuxi cy-fast 1.0 and classified a ...)
+ TODO: check
+CVE-2025-0333 (A vulnerability, which was classified as critical, was found in leiyux ...)
+ TODO: check
+CVE-2025-0331 (A vulnerability, which was classified as critical, has been found in Y ...)
+ TODO: check
+CVE-2025-0328 (A vulnerability, which was classified as critical, has been found in K ...)
+ TODO: check
+CVE-2025-0306 (A vulnerability was found in Ruby. The Ruby interpreter is vulnerable ...)
+ TODO: check
+CVE-2025-0283 (A stack-based buffer overflow in Ivanti Connect Secure before version ...)
+ TODO: check
+CVE-2025-0282 (A stack-based buffer overflow in Ivanti Connect Secure before version ...)
+ TODO: check
+CVE-2024-6324 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
+ TODO: check
+CVE-2024-5610
+ REJECTED
+CVE-2024-54010 (A vulnerability in the firewall component of HPE Aruba Networking CX 1 ...)
+ TODO: check
+CVE-2024-53995 (SickChill is an automatic video library manager for TV shows. A user-c ...)
+ TODO: check
+CVE-2024-53706 (A vulnerability in the Gen7 SonicOS Cloud platform NSv, allows a remot ...)
+ TODO: check
+CVE-2024-53705 (A Server-Side Request Forgery vulnerability in the SonicOS SSH managem ...)
+ TODO: check
+CVE-2024-53704 (An Improper Authentication vulnerability in the SSLVPN authentication ...)
+ TODO: check
+CVE-2024-52869 (Certain Teradata account-handling code through 2024-11-04, used with S ...)
+ TODO: check
+CVE-2024-43663 (There are many buffer overflow vulnerabilities present in several CGI ...)
+ TODO: check
+CVE-2024-43662 (The <redacted>.exe or <redacted>.exe CGI binary can be used to upload ...)
+ TODO: check
+CVE-2024-43661 (The <redacted>.so library, which is used by <redacted>, is vulnerable ...)
+ TODO: check
+CVE-2024-43660 (The CGI script <redacted>.sh can be used to download any file on the f ...)
+ TODO: check
+CVE-2024-43659 (After gaining access to the firmware of a charging station, a file at ...)
+ TODO: check
+CVE-2024-43658 (Patch traversal, External Control of File Name or Path vulnerability i ...)
+ TODO: check
+CVE-2024-43657 (Improper Neutralization of Special Elements used in a Command ('Comman ...)
+ TODO: check
+CVE-2024-43656 (Improper Neutralization of Special Elements used in a Command ('Comman ...)
+ TODO: check
+CVE-2024-43655 (Improper Neutralization of Special Elements used in a Command ('Comman ...)
+ TODO: check
+CVE-2024-43654 (Improper Neutralization of Special Elements used in a Command ('Comman ...)
+ TODO: check
+CVE-2024-43653 (Improper Neutralization of Special Elements used in a Command ('Comman ...)
+ TODO: check
+CVE-2024-43652 (Improper Neutralization of Special Elements used in a Command ('Comman ...)
+ TODO: check
+CVE-2024-43651 (Improper Neutralization of Special Elements used in a Command ('Comman ...)
+ TODO: check
+CVE-2024-43650 (Improper Neutralization of Special Elements used in a Command ('Comman ...)
+ TODO: check
+CVE-2024-43649 (Authenticated command injection in the filename of a <redacted>.exe re ...)
+ TODO: check
+CVE-2024-43648 (Command injection in the <redacted> parameter of a <redacted>.exe requ ...)
+ TODO: check
+CVE-2024-40765 (An Integer-based buffer overflow vulnerability in the SonicOS via IPSe ...)
+ TODO: check
+CVE-2024-40762 (Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in ...)
+ TODO: check
+CVE-2024-13213 (A vulnerability classified as problematic was found in SingMR HouseRen ...)
+ TODO: check
+CVE-2024-13212 (A vulnerability classified as critical has been found in SingMR HouseR ...)
+ TODO: check
+CVE-2024-13211 (A vulnerability was found in SingMR HouseRent 1.0. It has been rated a ...)
+ TODO: check
+CVE-2024-13210 (A vulnerability was found in donglight bookstore\u7535\u5546\u4e66\u57 ...)
+ TODO: check
+CVE-2024-13209 (A vulnerability was found in Redaxo CMS 5.18.1. It has been classified ...)
+ TODO: check
+CVE-2024-13206 (A vulnerability classified as critical has been found in REVE Antiviru ...)
+ TODO: check
+CVE-2024-13205 (A vulnerability was found in kurniaramadhan E-Commerce-PHP 1.0. It has ...)
+ TODO: check
+CVE-2024-13204 (A vulnerability was found in kurniaramadhan E-Commerce-PHP 1.0. It has ...)
+ TODO: check
+CVE-2024-13203 (A vulnerability was found in kurniaramadhan E-Commerce-PHP 1.0. It has ...)
+ TODO: check
+CVE-2024-13202 (A vulnerability was found in wander-chu SpringBoot-Blog 1.0 and classi ...)
+ TODO: check
+CVE-2024-13201 (A vulnerability has been found in wander-chu SpringBoot-Blog 1.0 and c ...)
+ TODO: check
+CVE-2024-13200 (A vulnerability, which was classified as critical, was found in wander ...)
+ TODO: check
+CVE-2024-13199 (A vulnerability classified as problematic was found in langhsu Mblog B ...)
+ TODO: check
+CVE-2024-13198 (A vulnerability classified as problematic has been found in langhsu Mb ...)
+ TODO: check
+CVE-2024-13197 (A vulnerability was found in donglight bookstore\u7535\u5546\u4e66\u57 ...)
+ TODO: check
+CVE-2024-13196 (A vulnerability was found in donglight bookstore\u7535\u5546\u4e66\u57 ...)
+ TODO: check
+CVE-2024-13195 (A vulnerability was found in donglight bookstore\u7535\u5546\u4e66\u57 ...)
+ TODO: check
+CVE-2024-13194 (A vulnerability was found in Sucms 1.0 and classified as critical. Aff ...)
+ TODO: check
+CVE-2024-13193 (A vulnerability has been found in SEMCMS up to 4.8 and classified as c ...)
+ TODO: check
+CVE-2024-13192 (A vulnerability, which was classified as problematic, was found in Zer ...)
+ TODO: check
+CVE-2024-13191 (A vulnerability, which was classified as critical, has been found in Z ...)
+ TODO: check
+CVE-2024-13190 (A vulnerability classified as critical was found in ZeroWdd myblog 1.0 ...)
+ TODO: check
+CVE-2024-13041 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
+ TODO: check
+CVE-2024-12806 (A post-authentication absolute path traversal vulnerability in SonicOS ...)
+ TODO: check
+CVE-2024-12805 (A post-authentication format string vulnerability in SonicOS managemen ...)
+ TODO: check
+CVE-2024-12803 (A post-authentication stack-based buffer overflow vulnerability in Son ...)
+ TODO: check
+CVE-2024-12736 (The BU Section Editing WordPress plugin through 0.9.9 does not sanitis ...)
+ TODO: check
+CVE-2024-12731 (The Aklamator INfeed WordPress plugin through 2.0.0 does not sanitise ...)
+ TODO: check
+CVE-2024-12717 (The Aklamator INfeed WordPress plugin through 2.0.0 does not sanitise ...)
+ TODO: check
+CVE-2024-12715 (The Asgard Security Scanner WordPress plugin through 0.7 does not sani ...)
+ TODO: check
+CVE-2024-12714 (The Backlink Monitoring Manager WordPress plugin through 0.1.3 does no ...)
+ TODO: check
+CVE-2024-12431 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
+ TODO: check
+CVE-2024-10815 (The PostLists WordPress plugin through 2.0.2 does not escape the $_SER ...)
+ TODO: check
CVE-2025-22143 (WeGIA is a web manager for charitable institutions. A Reflected Cross- ...)
NOT-FOR-US: WeGIA
CVE-2025-22141 (WeGIA is a web manager for charitable institutions. A SQL Injection vu ...)
@@ -2008,12 +2162,12 @@ CVE-2022-49035 (In the Linux kernel, the following vulnerability has been resolv
NOTE: https://git.kernel.org/linus/93f65ce036863893c164ca410938e0968964b26c (6.1-rc2)
CVE-2024-8447 (A security issue was discovered in the LRA Coordinator component of Na ...)
NOT-FOR-US: Narayana
-CVE-2024-56827
+CVE-2024-56827 (A flaw was found in the OpenJPEG project. A heap buffer overflow condi ...)
- openjpeg2 <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2335174
NOTE: https://github.com/uclouvain/openjpeg/issues/1564
NOTE: https://github.com/uclouvain/openjpeg/commit/e492644fbded4c820ca55b5e50e598d346e850e8 (v2.5.3)
-CVE-2024-56826
+CVE-2024-56826 (A flaw was found in the OpenJPEG project. A heap buffer overflow condi ...)
- openjpeg2 <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2335172
NOTE: https://github.com/uclouvain/openjpeg/issues/1563
@@ -48432,7 +48586,7 @@ CVE-2024-28747 (An unauthenticated remote attacker can use the hard-coded creden
NOT-FOR-US: ifm electronic GmbH
CVE-2024-22062 (There is a permissions and access control vulnerability in ZXCLOUD IRA ...)
NOT-FOR-US: ZTE
-CVE-2024-37372
+CVE-2024-37372 (The Permission Model assumes that any path starting with two backslash ...)
- nodejs <not-affected> (Only affect Node.js on Windows)
NOTE: https://nodejs.org/en/blog/vulnerability/july-2024-security-releases#permission-model-improperly-processes-unc-paths-cve-2024-37372---low
CVE-2024-22018 (A vulnerability has been identified in Node.js, affecting users of the ...)
@@ -75539,7 +75693,7 @@ CVE-2024-XXXX [gix-transport indirect code execution via malicious username]
NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0335.html
CVE-2024-36138 (Bypass incomplete fix of CVE-2024-27980, that arises from improper han ...)
- nodejs <not-affected> (Only affects Windows)
-CVE-2024-27980
+CVE-2024-27980 (Due to the improper handling of batch files in child_process.spawn / c ...)
- nodejs <not-affected> (Only affects Windows)
CVE-2024-3847 (Insufficient policy enforcement in WebUI in Google Chrome prior to 124 ...)
{DSA-5668-1}
@@ -123395,7 +123549,7 @@ CVE-2023-40317
- moodle <removed>
CVE-2023-40316
- moodle <removed>
-CVE-2023-38037 [Active Support Possibly Discloses Locally Encrypted Files]
+CVE-2023-38037 (ActiveSupport::EncryptedFile writes contents that will be encrypted to ...)
- rails <unfixed> (bug #1051057)
[bookworm] - rails <no-dsa> (Minor issue)
[bullseye] - rails <no-dsa> (Minor issue)
@@ -143327,8 +143481,8 @@ CVE-2023-1909 (A vulnerability, which was classified as critical, was found in P
NOT-FOR-US: PHPGurukul BP Monitoring Management System
CVE-2023-1908 (A vulnerability was found in SourceCodester Simple Mobile Comparison W ...)
NOT-FOR-US: SourceCodester Simple Mobile Comparison Website
-CVE-2023-1907
- RESERVED
+CVE-2023-1907 (A vulnerability was found in pgadmin. Users logging into pgAdmin runni ...)
+ TODO: check
CVE-2023-1906 (A heap-based buffer overflow issue was discovered in ImageMagick's Imp ...)
{DSA-5628-1}
- imagemagick 8:6.9.12.98+dfsg1-2 (bug #1034373)
@@ -147232,8 +147386,7 @@ CVE-2023-28364 (An Open Redirect vulnerability exists prior to version 1.52.117,
- brave-browser <itp> (bug #864795)
CVE-2023-28363
RESERVED
-CVE-2023-28362 [Possible XSS via User Supplied Values to redirect_to]
- RESERVED
+CVE-2023-28362 (The redirect_to method in Rails allows provided values to contain char ...)
- rails <unfixed> (bug #1051058)
[bookworm] - rails <no-dsa> (Minor issue)
[bullseye] - rails <no-dsa> (Minor issue)
@@ -148174,8 +148327,7 @@ CVE-2023-28122 (A local privilege escalation (LPE) vulnerability in UI Desktop f
NOT-FOR-US: UI Desktop for Windows
CVE-2023-28121 (An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-28120
- RESERVED
+CVE-2023-28120 (There is a vulnerability in ActiveSupport if the new bytesplice method ...)
{DSA-5389-1}
- rails 2:6.1.7.3+dfsg-1 (bug #1033262)
NOTE: https://github.com/rails/rails/commit/3cf23c3f891e2e81c977ea4ab83b62bc2a444b70 (v6.1.7.3)
@@ -150034,8 +150186,7 @@ CVE-2020-36664 (A vulnerability has been found in Artes\xe3os SEOTools up to 0.1
NOT-FOR-US: artesaos SEOTools
CVE-2020-36663 (A vulnerability, which was classified as problematic, was found in Art ...)
NOT-FOR-US: artesaos SEOTools
-CVE-2023-27539
- RESERVED
+CVE-2023-27539 (There is a denial of service vulnerability in the header parsing compo ...)
{DSA-5530-1 DLA-3392-1}
- ruby-rack 2.2.6.4-1 (bug #1033264)
NOTE: https://github.com/rack/rack/commit/231ef369ad0b542575fb36c74fcfcfabcf6c530c (v3.0.6.1)
@@ -150085,8 +150236,7 @@ CVE-2023-27533 (A vulnerability in input validation exists in curl <8.0 during c
NOTE: Fixed by: https://github.com/curl/curl/commit/538b1e79a6e7b0bb829ab4cecc828d32105d0684 (curl-8_0_0)
CVE-2023-27532 (Vulnerability in Veeam Backup & Replication component allows encrypted ...)
NOT-FOR-US: Veeam
-CVE-2023-27531
- RESERVED
+CVE-2023-27531 (There is a deserialization of untrusted data vulnerability in the Kred ...)
NOT-FOR-US: Kredis JSON ruby gem
NOTE: https://discuss.rubyonrails.org/t/cve-2023-27531-possible-deserialization-of-untrusted-data-vulnerability-in-kredis-json/82467
CVE-2023-27530 (A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and ...)
@@ -160679,8 +160829,7 @@ CVE-2023-23914 (A cleartext transmission of sensitive information vulnerability
NOTE: https://curl.se/docs/CVE-2023-23914.html
NOTE: Introduced by: https://github.com/curl/curl/commit/7385610d0c74c6a254fea5e4cd6e1d559d848c8c (curl-7_74_0)
NOTE: https://github.com/curl/curl/pull/10138
-CVE-2023-23913
- RESERVED
+CVE-2023-23913 (There is a potential DOM based cross-site scripting issue in rails-ujs ...)
{DSA-5389-1}
- rails 2:6.1.7.3+dfsg-1 (bug #1033263)
NOTE: https://github.com/rails/rails/commit/5037a13614d71727af8a175063bcf6ba1a74bdbd (v6.1.7.3)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f9d8a2fe1d63f66482c46da387f03cf70461c5bf
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f9d8a2fe1d63f66482c46da387f03cf70461c5bf
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250109/f5d885d2/attachment.htm>
More information about the debian-security-tracker-commits
mailing list