[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Jan 9 20:12:10 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
111339b5 by security tracker role at 2025-01-09T20:12:03+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,305 @@
+CVE-2025-22827 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22826 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22824 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22823 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22822 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22821 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22820 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22819 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22818 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22817 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22815 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22814 (Cross-Site Request Forgery (CSRF) vulnerability in Dylan James Zephyr ...)
+ TODO: check
+CVE-2025-22813 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22812 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22811 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22810 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22809 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22808 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22807 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22806 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22805 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22804 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22803 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22802 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22801 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22595 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22594 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22561 (Missing Authorization vulnerability in Jason Funk Title Experiments Fr ...)
+ TODO: check
+CVE-2025-22542 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-22540 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-22539 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22537 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-22535 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-22527 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-22521 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22510 (Deserialization of Untrusted Data vulnerability in Konrad Karpieszuk W ...)
+ TODO: check
+CVE-2025-22508 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-22505 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-22504 (Unrestricted Upload of File with Dangerous Type vulnerability in jumpd ...)
+ TODO: check
+CVE-2025-22361 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22345 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22331 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22330 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22313 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22307 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22295 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22151 (Strawberry GraphQL is a library for creating GraphQL APIs. Starting in ...)
+ TODO: check
+CVE-2025-22149 (JWK Set (JSON Web Key Set) is a JWK and JWK Set Go implementation. Pri ...)
+ TODO: check
+CVE-2025-21628 (Chatwoot is a customer engagement suite. Prior to 3.16.0, conversation ...)
+ TODO: check
+CVE-2025-21602 (An Improper Handling of Exceptional Conditions vulnerability in the ro ...)
+ TODO: check
+CVE-2025-21600 (An Out-of-Bounds Read vulnerability in the routing protocol daemon (r ...)
+ TODO: check
+CVE-2025-21599 (AMissing Release of Memory after Effective Lifetime vulnerability in t ...)
+ TODO: check
+CVE-2025-21598 (AnOut-of-bounds Read vulnerability in Juniper Networks Junos OS and Ju ...)
+ TODO: check
+CVE-2025-21596 (An Improper Handling of Exceptional Conditions vulnerability in the co ...)
+ TODO: check
+CVE-2025-21593 (An Improper Control of a Resource Through its Lifetime vulnerability i ...)
+ TODO: check
+CVE-2025-21592 (An Exposure of Sensitive Information to an Unauthorized Actorvulnerabi ...)
+ TODO: check
+CVE-2025-0349 (A vulnerability classified as critical has been found in Tenda AC6 15. ...)
+ TODO: check
+CVE-2025-0348 (A vulnerability was found in CampCodes DepEd Equipment Inventory Syste ...)
+ TODO: check
+CVE-2025-0347 (A vulnerability was found in code-projects Admission Management System ...)
+ TODO: check
+CVE-2025-0346 (A vulnerability was found in code-projects Content Management System 1 ...)
+ TODO: check
+CVE-2025-0345 (A vulnerability was found in leiyuxi cy-fast 1.0 and classified as cri ...)
+ TODO: check
+CVE-2024-6155 (The Greenshift \u2013 animation and page builder blocks plugin for Wor ...)
+ TODO: check
+CVE-2024-5769 (The MIMO Woocommerce Order Tracking plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2024-56114 (Canlineapp Online 1.1 is vulnerable to Broken Access Control and allow ...)
+ TODO: check
+CVE-2024-56113 (Smart Toilet Lab - Motius 1.3.11 is running with debug mode turned on ...)
+ TODO: check
+CVE-2024-55494 (A cross-site scripting (XSS) vulnerability in Opencode Mobile Collect ...)
+ TODO: check
+CVE-2024-54887 (TP-Link TL-WR940N V3 and V4 with firmware 3.16.9 and earlier contain a ...)
+ TODO: check
+CVE-2024-54762 (Ruoyi v.4.7.9 and before contains an authenticated SQL injection vulne ...)
+ TODO: check
+CVE-2024-54761 (BigAnt Office Messenger 5.6.06 is vulnerable to SQL Injection via the ...)
+ TODO: check
+CVE-2024-54724 (PHPYun before 7.0.2 is vulnerable to code execution through backdoor-r ...)
+ TODO: check
+CVE-2024-46505 (Infoblox BloxOne v2.4 was discovered to contain a business logic flaw ...)
+ TODO: check
+CVE-2024-43176 (IBM OpenPages 9.0 could allow an authenticated user to obtain sensitiv ...)
+ TODO: check
+CVE-2024-13284 (Cross-Site Request Forgery (CSRF) vulnerability in Drupal Gutenberg al ...)
+ TODO: check
+CVE-2024-13283 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-13282 (Incorrect Authorization vulnerability in Drupal Block permissions allo ...)
+ TODO: check
+CVE-2024-13281 (Incorrect Authorization vulnerability in Drupal Monster Menus allows F ...)
+ TODO: check
+CVE-2024-13280 (Insufficient Session Expiration vulnerability in Drupal Persistent Log ...)
+ TODO: check
+CVE-2024-13279 (Session Fixation vulnerability in Drupal Two-factor Authentication (TF ...)
+ TODO: check
+CVE-2024-13278 (Incorrect Authorization vulnerability in Drupal Diff allows Functional ...)
+ TODO: check
+CVE-2024-13277 (Incorrect Authorization vulnerability in Drupal Smart IP Ban allows Fo ...)
+ TODO: check
+CVE-2024-13276 (Insertion of Sensitive Information Into Sent Data vulnerability in Dru ...)
+ TODO: check
+CVE-2024-13275 (Access of Resource Using Incompatible Type ('Type Confusion') vulnerab ...)
+ TODO: check
+CVE-2024-13274 (Improper Control of Interaction Frequency vulnerability in Drupal Open ...)
+ TODO: check
+CVE-2024-13273 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-13272 (Insufficient Granularity of Access Control vulnerability in Drupal Par ...)
+ TODO: check
+CVE-2024-13271 (Incorrect Authorization vulnerability in Drupal Content Entity Clone a ...)
+ TODO: check
+CVE-2024-13270 (Incorrect Authorization vulnerability in Drupal Freelinking allows For ...)
+ TODO: check
+CVE-2024-13269 (Insertion of Sensitive Information Into Sent Data vulnerability in Dru ...)
+ TODO: check
+CVE-2024-13268 (Improper Neutralization of Directives in Statically Saved Code ('Stati ...)
+ TODO: check
+CVE-2024-13267 (Improper Neutralization of Directives in Statically Saved Code ('Stati ...)
+ TODO: check
+CVE-2024-13266 (Incorrect Authorization vulnerability in Drupal Responsive and off-can ...)
+ TODO: check
+CVE-2024-13265 (Improper Neutralization of Directives in Statically Saved Code ('Stati ...)
+ TODO: check
+CVE-2024-13264 (Improper Neutralization of Directives in Statically Saved Code ('Stati ...)
+ TODO: check
+CVE-2024-13263 (Improper Neutralization of Directives in Statically Saved Code ('Stati ...)
+ TODO: check
+CVE-2024-13262 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-13261 (Cross-Site Request Forgery (CSRF) vulnerability in Drupal Acquia DAM a ...)
+ TODO: check
+CVE-2024-13260 (Cross-Site Request Forgery (CSRF) vulnerability in Drupal Migrate queu ...)
+ TODO: check
+CVE-2024-13259 (Insertion of Sensitive Information Into Sent Data vulnerability in Dru ...)
+ TODO: check
+CVE-2024-13258 (Incorrect Authorization vulnerability in Drupal Drupal REST & JSON API ...)
+ TODO: check
+CVE-2024-13257 (Incorrect Authorization vulnerability in Drupal Commerce View Receipt ...)
+ TODO: check
+CVE-2024-13256 (Insufficient Granularity of Access Control vulnerability in Drupal Ema ...)
+ TODO: check
+CVE-2024-13255 (Exposure of Sensitive Information Through Data Queries vulnerability i ...)
+ TODO: check
+CVE-2024-13254 (Insertion of Sensitive Information Into Sent Data vulnerability in Dru ...)
+ TODO: check
+CVE-2024-13253 (Incorrect Authorization vulnerability in Drupal Advanced PWA inc Push ...)
+ TODO: check
+CVE-2024-13252 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-13251 (Incorrect Privilege Assignment vulnerability in Drupal Registration ro ...)
+ TODO: check
+CVE-2024-13250 (Cross-Site Request Forgery (CSRF) vulnerability in Drupal Drupal Symfo ...)
+ TODO: check
+CVE-2024-13249 (Improper Ownership Management vulnerability in Drupal Node Access Rebu ...)
+ TODO: check
+CVE-2024-13248 (Incorrect Privilege Assignment vulnerability in Drupal Private content ...)
+ TODO: check
+CVE-2024-13247 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-13246 (Improper Ownership Management vulnerability in Drupal Node Access Rebu ...)
+ TODO: check
+CVE-2024-13245 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-13244 (Cross-Site Request Forgery (CSRF) vulnerability in Drupal Migrate Tool ...)
+ TODO: check
+CVE-2024-13243 (Missing Authorization vulnerability in Drupal Entity Delete Log allows ...)
+ TODO: check
+CVE-2024-13242 (Exposed Dangerous Method or Function vulnerability in Drupal Swift Mai ...)
+ TODO: check
+CVE-2024-13241 (Improper Authorization vulnerability in Drupal Open Social allows Coll ...)
+ TODO: check
+CVE-2024-13240 (Improper Access Control vulnerability in Drupal Open Social allows Col ...)
+ TODO: check
+CVE-2024-13239 (Weak Authentication vulnerability in Drupal Two-factor Authentication ...)
+ TODO: check
+CVE-2024-13238 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-13237 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-13153 (The Unlimited Elements For Elementor plugin for WordPress is vulnerabl ...)
+ TODO: check
+CVE-2024-12848 (The SKT Page Builder plugin for WordPress is vulnerable to arbitrary f ...)
+ TODO: check
+CVE-2024-12819 (The Searchie plugin for WordPress is vulnerable to Stored Cross-Site S ...)
+ TODO: check
+CVE-2024-12802 (SSL-VPN MFA Bypass in SonicWALL SSL-VPN can arise in specific cases du ...)
+ TODO: check
+CVE-2024-12621 (The Yumpu E-Paper publishing plugin for WordPress is vulnerable to Sto ...)
+ TODO: check
+CVE-2024-12618 (The Newsletter2Go plugin for WordPress is vulnerable to unauthorized m ...)
+ TODO: check
+CVE-2024-12616 (The Bitly's WordPress Plugin plugin for WordPress is vulnerable t ...)
+ TODO: check
+CVE-2024-12605 (The AI Scribe \u2013 SEO AI Writer, Content Generator, Humanizer, Blog ...)
+ TODO: check
+CVE-2024-12542 (The linkID plugin for WordPress is vulnerable to unauthorized access o ...)
+ TODO: check
+CVE-2024-12515 (The Muslim Prayer Time-Salah/Iqamah plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2024-12514 (The 3DVieweronline plugin for WordPress is vulnerable to Stored Cross- ...)
+ TODO: check
+CVE-2024-12496 (The Linear plugin for WordPress is vulnerable to Stored Cross-Site Scr ...)
+ TODO: check
+CVE-2024-12493 (The Files Download Delay plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2024-12491 (The SimplyRETS Real Estate IDX plugin for WordPress is vulnerable to S ...)
+ TODO: check
+CVE-2024-12394 (The Action Network plugin for WordPress is vulnerable to Cross-Site Re ...)
+ TODO: check
+CVE-2024-12330 (The WP Database Backup \u2013 Unlimited Database & Files Backup by Bac ...)
+ TODO: check
+CVE-2024-12285 (The SEMA API plugin for WordPress is vulnerable to Reflected Cross-Sit ...)
+ TODO: check
+CVE-2024-12249 (The GS Insever Portfolio plugin for WordPress is vulnerable to unautho ...)
+ TODO: check
+CVE-2024-12222 (The Deliver via Shipos for WooCommerce plugin for WordPress is vulnera ...)
+ TODO: check
+CVE-2024-12218 (The Woocommerce check pincode/zipcode for shipping plugin for WordPres ...)
+ TODO: check
+CVE-2024-12206 (The WordPress Header Builder Plugin \u2013 Pearl plugin for WordPress ...)
+ TODO: check
+CVE-2024-12122 (The ResAds plugin for WordPress is vulnerable to Reflected Cross-Site ...)
+ TODO: check
+CVE-2024-12067 (The WP Travel \u2013 Ultimate Travel Booking System, Tour Management E ...)
+ TODO: check
+CVE-2024-11929 (The Responsive FlipBook Plugin Wordpress plugin for WordPress is vulne ...)
+ TODO: check
+CVE-2024-11907 (The Skyword API Plugin plugin for WordPress is vulnerable to Stored Cr ...)
+ TODO: check
+CVE-2024-11815 (The P\xf3sturinn\'s Shipping with WooCommerce plugin for WordPres ...)
+ TODO: check
+CVE-2024-11686 (The WhatsApp \U0001f680 click to chat plugin for WordPress is vulnerab ...)
+ TODO: check
+CVE-2024-11642 (The Post Grid Master \u2013 Custom Post Types, Taxonomies & Ajax Filte ...)
+ TODO: check
+CVE-2024-11328 (The CLUEVO LMS, E-Learning Platform plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2024-10215 (The WPBookit plugin for WordPress is vulnerable to Arbitrary User Pass ...)
+ TODO: check
+CVE-2024-10106 (A buffer overflow vulnerability in the packet handoff plugin allows an ...)
+ TODO: check
CVE-2025-22449 (Mattermost versions 9.11.x <= 9.11.5 fail to enforce invite permission ...)
- mattermost-server <itp> (bug #823556)
CVE-2025-22445 (Mattermost versions 10.x <= 10.2 fail to accurately reflect missing se ...)
@@ -454,6 +756,7 @@ CVE-2023-52954 (Vulnerability of improper permission control in the Gallery modu
CVE-2023-52953 (Path traversal vulnerability in the Medialibrary module Impact: Succes ...)
NOT-FOR-US: Huawei
CVE-2025-0291 (Type Confusion in V8 in Google Chrome prior to 131.0.6778.264 allowed ...)
+ {DSA-5840-1}
- chromium 131.0.6778.264-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-22621 (In versions 1.0.67 and lower of the Splunk App for SOAR, the Splunk do ...)
@@ -6826,7 +7129,7 @@ CVE-2024-54513 (A permissions issue was addressed with additional restrictions.
CVE-2024-54510 (A race condition was addressed with improved locking. This issue is fi ...)
NOT-FOR-US: Apple
CVE-2024-54508 (The issue was addressed with improved memory handling. This issue is f ...)
- {DSA-5835-1}
+ {DSA-5835-1 DLA-4009-1}
- webkit2gtk 2.46.5-1
- wpewebkit 2.46.5-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
@@ -6835,7 +7138,7 @@ CVE-2024-54508 (The issue was addressed with improved memory handling. This issu
CVE-2024-54506 (An out-of-bounds access issue was addressed with improved bounds check ...)
NOT-FOR-US: Apple
CVE-2024-54505 (A type confusion issue was addressed with improved memory handling. Th ...)
- {DSA-5835-1}
+ {DSA-5835-1 DLA-4009-1}
- webkit2gtk 2.46.5-1
- wpewebkit 2.46.5-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
@@ -6846,7 +7149,7 @@ CVE-2024-54504 (A privacy issue was addressed with improved private data redacti
CVE-2024-54503 (An inconsistent user interface issue was addressed with improved state ...)
NOT-FOR-US: Apple
CVE-2024-54502 (The issue was addressed with improved checks. This issue is fixed in w ...)
- {DSA-5835-1}
+ {DSA-5835-1 DLA-4009-1}
- webkit2gtk 2.46.5-1
- wpewebkit 2.46.5-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
@@ -6879,7 +7182,7 @@ CVE-2024-54485 (The issue was addressed by adding additional logic. This issue i
CVE-2024-54484 (The issue was resolved by sanitizing logging. This issue is fixed in m ...)
NOT-FOR-US: Apple
CVE-2024-54479 (The issue was addressed with improved checks. This issue is fixed in i ...)
- {DSA-5835-1}
+ {DSA-5835-1 DLA-4009-1}
- webkit2gtk 2.46.5-1
- wpewebkit 2.46.5-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
@@ -12331,7 +12634,7 @@ CVE-2024-8525 (An unrestricted upload of file with dangerous type in Automated L
NOT-FOR-US: Automated Logic WebCTRL
CVE-2024-7130 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
NOT-FOR-US: Kion Computer KION Exchange Programs Software
-CVE-2024-7026 (SQL Injection: Hibernate vulnerability in Teknogis Informatics Closed ...)
+CVE-2024-7026 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: Teknogis Informatics Closed Circuit Vehicle Tracking Software
CVE-2024-7016 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
NOT-FOR-US: Smarttek Informatics Smart Doctor
@@ -79959,7 +80262,7 @@ CVE-2023-44039 (In VeridiumID before 3.5.0, the WebAuthn API allows an internal
NOT-FOR-US: VeridiumID
CVE-2023-44038 (In VeridiumID before 3.5.0, the identity provider page allows an unaut ...)
NOT-FOR-US: VeridiumID
-CVE-2023-38729 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server)10.5, ...)
+CVE-2023-38729 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5 ...)
NOT-FOR-US: IBM
CVE-2023-35812 (An issue was discovered in the Amazon Linux packages of OpenSSH 7.4 fo ...)
NOT-FOR-US: Incomplate OpenSSH backport in Amazon Linux
@@ -160525,12 +160828,12 @@ CVE-2023-24021 (Incorrect handling of '\0' bytes in file uploads in ModSecurity
[bullseye] - modsecurity-apache 2.9.3-3+deb11u2
NOTE: https://github.com/SpiderLabs/ModSecurity/pull/2857
NOTE: https://github.com/SpiderLabs/ModSecurity/commit/4324f0ac59f8225aa44bc5034df60dbeccd1d334 (v2.9.7)
-CVE-2023-24012
- RESERVED
-CVE-2023-24011
- RESERVED
-CVE-2023-24010
- RESERVED
+CVE-2023-24012 (An attacker can arbitrarily craft malicious DDS Participants (or ROS 2 ...)
+ TODO: check
+CVE-2023-24011 (An attacker can arbitrarily craft malicious DDS Participants (or ROS 2 ...)
+ TODO: check
+CVE-2023-24010 (An attacker can arbitrarily craft malicious DDS Participants (or ROS 2 ...)
+ TODO: check
CVE-2023-24009 (Auth. (subscriber+) Reflected Cross-site Scripting (XSS) vulnerability ...)
NOT-FOR-US: WordPress theme
CVE-2023-24008 (Cross-Site Request Forgery (CSRF) vulnerability in yonifre Maspik \u20 ...)
@@ -246528,8 +246831,8 @@ CVE-2022-22493 (IBM WebSphere Automation for Cloud Pak for Watson AIOps 1.4.2 is
NOT-FOR-US: IBM
CVE-2022-22492
RESERVED
-CVE-2022-22491
- RESERVED
+CVE-2022-22491 (IBM App Connect Enterprise Certified Container7.1, 7.2, 8.0, 8.1, 8.2, ...)
+ TODO: check
CVE-2022-22490 (IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow ...)
NOT-FOR-US: IBM
CVE-2022-22489 (IBM MQ 8.0, (9.0, 9.1, 9.2 LTS), and (9.1 and 9.2 CD) are vulnerable t ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/111339b53abee2f2cea71e2a9a083074bbdd4183
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/111339b53abee2f2cea71e2a9a083074bbdd4183
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250109/713b20d3/attachment.htm>
More information about the debian-security-tracker-commits
mailing list