[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Jan 10 08:11:53 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ec6a5506 by security tracker role at 2025-01-10T08:11:47+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,85 @@
+CVE-2025-21385 (A Server-Side Request Forgery (SSRF) vulnerability in Microsoft Purvie ...)
+	TODO: check
+CVE-2025-21380 (Improper access control in Azure SaaS Resources allows an authorized a ...)
+	TODO: check
+CVE-2025-0311 (The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Store ...)
+	TODO: check
+CVE-2024-56377 (A stored cross-site scripting (XSS) vulnerability in survey titles of  ...)
+	TODO: check
+CVE-2024-56376 (A stored cross-site scripting (XSS) vulnerability in the built-in mess ...)
+	TODO: check
+CVE-2024-55226 (Vaultwarden v1.32.5 was discovered to contain an authenticated reflect ...)
+	TODO: check
+CVE-2024-55225 (An issue in the component src/api/identity.rs of Vaultwarden prior to  ...)
+	TODO: check
+CVE-2024-55224 (An HTML injection vulnerability in Vaultwarden prior to v1.32.5 allows ...)
+	TODO: check
+CVE-2024-51229 (Cross Site Scripting vulnerability in LinZhaoguan pb-cms v.2.0 allows  ...)
+	TODO: check
+CVE-2024-48806 (Buffer Overflow vulnerability in Neat Board NFC v.1.20240620.0015 allo ...)
+	TODO: check
+CVE-2024-46464 (In PRIMX ZED Enterprise up to 2024.3, technical files stored in local  ...)
+	TODO: check
+CVE-2024-42898 (A cross-site scripting (XSS) vulnerability in Nagios XI 2024R1.1.4 all ...)
+	TODO: check
+CVE-2024-13312 (Missing Authorization vulnerability in Drupal Open Social allows Force ...)
+	TODO: check
+CVE-2024-13311 (Vulnerability in Drupal Allow All File Extensions for file fields.This ...)
+	TODO: check
+CVE-2024-13310 (Vulnerability in Drupal Git Utilities for Drupal.This issue affects Gi ...)
+	TODO: check
+CVE-2024-13309 (Improper Authentication vulnerability in Drupal Login Disable allows E ...)
+	TODO: check
+CVE-2024-13308 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2024-13305 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2024-13304 (Cross-Site Request Forgery (CSRF) vulnerability in Drupal Minify JS al ...)
+	TODO: check
+CVE-2024-13303 (Missing Authorization vulnerability in Drupal Download All Files allow ...)
+	TODO: check
+CVE-2024-13302 (Incorrect Authorization vulnerability in Drupal Pages Restriction Acce ...)
+	TODO: check
+CVE-2024-13301 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2024-13300 (Vulnerability in Drupal Print Anything.This issue affects Print Anythi ...)
+	TODO: check
+CVE-2024-13299 (Vulnerability in Drupal Megamenu Framework.This issue affects Megamenu ...)
+	TODO: check
+CVE-2024-13298 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2024-13297 (Deserialization of Untrusted Data vulnerability in Drupal Eloqua allow ...)
+	TODO: check
+CVE-2024-13296 (Deserialization of Untrusted Data vulnerability in Drupal Mailjet allo ...)
+	TODO: check
+CVE-2024-13295 (Deserialization of Untrusted Data vulnerability in Drupal Node export  ...)
+	TODO: check
+CVE-2024-13294 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2024-13293 (Cross-Site Request Forgery (CSRF) vulnerability in Drupal POST File al ...)
+	TODO: check
+CVE-2024-13292 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2024-13291 (Incorrect Authorization vulnerability in Drupal Basic HTTP Authenticat ...)
+	TODO: check
+CVE-2024-13290 (Incorrect Authorization vulnerability in Drupal OhDear Integration all ...)
+	TODO: check
+CVE-2024-13289 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2024-13288 (Deserialization of Untrusted Data vulnerability in Drupal Monster Menu ...)
+	TODO: check
+CVE-2024-13287 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2024-13286 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2024-13285 (Vulnerability in Drupal wkhtmltopdf.This issue affects wkhtmltopdf: *. ...)
+	TODO: check
+CVE-2024-13183 (The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Store ...)
+	TODO: check
+CVE-2024-12606 (The AI Scribe \u2013 SEO AI Writer, Content Generator, Humanizer, Blog ...)
+	TODO: check
+CVE-2024-12473 (The AI Scribe \u2013 SEO AI Writer, Content Generator, Humanizer, Blog ...)
+	TODO: check
 CVE-2025-22827 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-22826 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -1303,7 +1385,7 @@ CVE-2024-8855 (The WordPress Auction Plugin WordPress plugin through 3.7 does no
 	NOT-FOR-US: WordPress plugin
 CVE-2024-7696 (Seth Fogie, member of AXIS Camera Station Pro Bug Bounty Program, has  ...)
 	NOT-FOR-US: AXIS Camera Station server
-CVE-2024-55553 (In FRRouting (FRR) before 10.3, it is possible for an attacker to trig ...)
+CVE-2024-55553 (In FRRouting (FRR) before 10.3 from 6.0 onward, all routes are re-vali ...)
 	- frr 10.2.1-1
 	NOTE: Fixed by: https://github.com/FRRouting/frr/commit/b0800bfdf04b4fcf48504737ebfe4ba7f05268d3 (master)
 	NOTE: Fixed by: https://github.com/FRRouting/frr/commit/410eb0da69214a06350315575ddb332e363b66c6 (frr-10.2.1)
@@ -9835,7 +9917,8 @@ CVE-2024-53125 (In the Linux kernel, the following vulnerability has been resolv
 	NOTE: https://git.kernel.org/linus/e9bd9c498cb0f5843996dbe5cbce7a1836a83c70 (6.12-rc4)
 CVE-2024-9404 (Moxa\u2019s IP Cameras are affected by a medium-severity vulnerability ...)
 	NOT-FOR-US: Moxa
-CVE-2024-54664 (An issue was discovered in Veritas NetBackup before 10.5. This only ap ...)
+CVE-2024-54664
+	REJECTED
 	NOT-FOR-US: Veritas
 CVE-2024-54661 (readline.sh in socat before1.8.0.2 relies on the /tmp/$USER/stderr2 fi ...)
 	- socat 1.8.0.2-1 (unimportant)
@@ -147735,8 +147818,8 @@ CVE-2023-28356 (A vulnerability has been identified where a maliciously crafted
 	NOT-FOR-US: Rocket.Chat
 CVE-2023-28355
 	RESERVED
-CVE-2023-28354
-	RESERVED
+CVE-2023-28354 (An issue was discovered in Opsview Monitor Agent 6.8. An unauthenticat ...)
+	TODO: check
 CVE-2023-28353 (An issue was discovered in Faronics Insight 10.0.19045 on Windows. An  ...)
 	NOT-FOR-US: Faronics Insight
 CVE-2023-28352 (An issue was discovered in Faronics Insight 10.0.19045 on Windows. By  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ec6a5506d63000a29ec50716f29a82686d623fa0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ec6a5506d63000a29ec50716f29a82686d623fa0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250110/183f583e/attachment.htm>

More information about the debian-security-tracker-commits mailing list