[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Jan 11 08:12:03 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f17bfe2b by security tracker role at 2025-01-11T08:11:57+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,211 @@
+CVE-2025-23113 (An issue was discovered in REDCap 14.9.6. It has an action=myprojects& ...)
+ TODO: check
+CVE-2025-23112 (An issue was discovered in REDCap 14.9.6. A stored cross-site scriptin ...)
+ TODO: check
+CVE-2025-23111 (An issue was discovered in REDCap 14.9.6. It allows HTML Injection via ...)
+ TODO: check
+CVE-2025-23110 (An issue was discovered in REDCap 14.9.6. A Reflected cross-site scrip ...)
+ TODO: check
+CVE-2025-23109 (Long hostnames in URLs could be leveraged to obscure the actual host o ...)
+ TODO: check
+CVE-2025-23108 (Opening Javascript links in a new tab via long-press in the Firefox iO ...)
+ TODO: check
+CVE-2025-23079 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2025-23078 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2025-23022 (FreeType 2.8.1 has a signed integer overflow in cf2_doFlex in cff/cf2i ...)
+ TODO: check
+CVE-2025-23016 (FastCGI fcgi2 (aka fcgi) 2.x through 2.4.4 has an integer overflow (an ...)
+ TODO: check
+CVE-2025-22949 (Tenda ac9 v1.0 firmware v15.03.05.19 is vulnerable to command injectio ...)
+ TODO: check
+CVE-2025-22946 (Tenda ac9 v1.0 firmware v15.03.05.19 contains a stack overflow vulnera ...)
+ TODO: check
+CVE-2025-22600 (WeGIA is a web manager for charitable institutions. A Reflected Cross- ...)
+ TODO: check
+CVE-2025-22599 (WeGIA is a web manager for charitable institutions. A Reflected Cross- ...)
+ TODO: check
+CVE-2025-22598 (WeGIA is a web manager for charitable institutions. A Stored Cross-Sit ...)
+ TODO: check
+CVE-2025-22597 (WeGIA is a web manager for charitable institutions. A Stored Cross-Sit ...)
+ TODO: check
+CVE-2025-22596 (WeGIA is a web manager for charitable institutions. A Reflected Cross- ...)
+ TODO: check
+CVE-2025-22152 (Atheos is a self-hosted browser-based cloud IDE. Prior to v600, the $p ...)
+ TODO: check
+CVE-2025-0390 (A vulnerability classified as critical was found in Guangzhou Huayi In ...)
+ TODO: check
+CVE-2025-0107 (An OS command injection vulnerability in Palo Alto Networks Expedition ...)
+ TODO: check
+CVE-2025-0106 (A wildcard expansion vulnerability in Palo Alto Networks Expedition al ...)
+ TODO: check
+CVE-2025-0105 (An arbitrary file deletion vulnerability in Palo Alto Networks Expedit ...)
+ TODO: check
+CVE-2025-0104 (A reflected cross-site scripting (XSS) vulnerability in Palo Alto Netw ...)
+ TODO: check
+CVE-2025-0103 (An SQL injection vulnerability in Palo Alto Networks Expedition enable ...)
+ TODO: check
+CVE-2024-9188 (Specially constructed queries cause cross platform scripting leaking a ...)
+ TODO: check
+CVE-2024-9134 (Multiple SQL Injection vulnerabilities exist in the reporting applicat ...)
+ TODO: check
+CVE-2024-9133 (A user with administrator privileges is able to retrieve authenticatio ...)
+ TODO: check
+CVE-2024-9132 (The administrator is able to configure an insecure captive portal scri ...)
+ TODO: check
+CVE-2024-9131 (A user with administrator privileges can perform command injection)
+ TODO: check
+CVE-2024-7142 (On Arista CloudVision Appliance (CVA) affected releases running on app ...)
+ TODO: check
+CVE-2024-7095 (On affected platforms running Arista EOS with SNMP configured, if \u20 ...)
+ TODO: check
+CVE-2024-6880 (During MegaBIP installation process, a user is encouraged to change a ...)
+ TODO: check
+CVE-2024-6662 (Websites managed by MegaBIP in versions below 5.15 are vulnerable to C ...)
+ TODO: check
+CVE-2024-6437 (On affected platforms running Arista EOS with one of the following fea ...)
+ TODO: check
+CVE-2024-5872 (On affected platforms running Arista EOS, a specially crafted packet w ...)
+ TODO: check
+CVE-2024-57823 (In Raptor RDF Syntax Library through 2.0.16, there is an integer under ...)
+ TODO: check
+CVE-2024-57822 (In Raptor RDF Syntax Library through 2.0.16, there is a heap-based buf ...)
+ TODO: check
+CVE-2024-57687 (An OS Command Injection vulnerability was found in /landrecordsys/admi ...)
+ TODO: check
+CVE-2024-57686 (A Cross Site Scripting (XSS) vulnerability was found in /landrecordsys ...)
+ TODO: check
+CVE-2024-57228 (Linksys E7350 1.1.00.032 was discovered to contain a command injection ...)
+ TODO: check
+CVE-2024-57227 (Linksys E7350 1.1.00.032 was discovered to contain a command injection ...)
+ TODO: check
+CVE-2024-57226 (Linksys E7350 1.1.00.032 was discovered to contain a command injection ...)
+ TODO: check
+CVE-2024-57225 (Linksys E7350 1.1.00.032 was discovered to contain a command injection ...)
+ TODO: check
+CVE-2024-57224 (Linksys E7350 1.1.00.032 was discovered to contain a command injection ...)
+ TODO: check
+CVE-2024-57223 (Linksys E7350 1.1.00.032 was discovered to contain a command injection ...)
+ TODO: check
+CVE-2024-57222 (Linksys E7350 1.1.00.032 was discovered to contain a command injection ...)
+ TODO: check
+CVE-2024-57214 (TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a comm ...)
+ TODO: check
+CVE-2024-57213 (TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a comm ...)
+ TODO: check
+CVE-2024-57212 (TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a comm ...)
+ TODO: check
+CVE-2024-57211 (TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a comm ...)
+ TODO: check
+CVE-2024-56511 (DataEase is an open source data visualization analysis tool. Prior to ...)
+ TODO: check
+CVE-2024-54998 (MonicaHQ v4.1.2 was discovered to contain an authenticated Client-Side ...)
+ TODO: check
+CVE-2024-54997 (MonicaHQ v4.1.1 was discovered to contain an authenticated Client-Side ...)
+ TODO: check
+CVE-2024-54996 (MonicaHQ v4.1.2 was discovered to contain multiple authenticated Clien ...)
+ TODO: check
+CVE-2024-54994 (MonicaHQ v4.1.2 was discovered to contain multiple Client-Side Injecti ...)
+ TODO: check
+CVE-2024-54910 (Hasleo Backup Suite Free v4.9.4 and before is vulnerable to Insecure P ...)
+ TODO: check
+CVE-2024-54849 (An issue in CP Plus CP-VNR-3104 B3223P22C02424 allows attackers to obt ...)
+ TODO: check
+CVE-2024-54848 (Improper handling and storage of certificates in CP Plus CP-VNR-3104 B ...)
+ TODO: check
+CVE-2024-54847 (An issue in CP Plus CP-VNR-3104 B3223P22C02424 allows attackers to acc ...)
+ TODO: check
+CVE-2024-54846 (An issue in CP Plus CP-VNR-3104 B3223P22C02424 allows attackers to obt ...)
+ TODO: check
+CVE-2024-54687 (Vtiger CRM v.6.1 and before is vulnerable to Cross Site Scripting (XSS ...)
+ TODO: check
+CVE-2024-50807 (Trippo Responsive Filemanager 9.14.0 is vulnerable to Cross Site Scrip ...)
+ TODO: check
+CVE-2024-47520 (A user with advanced report application access rights can perform acti ...)
+ TODO: check
+CVE-2024-47519 (Backup uploads to ETM subject to man-in-the-middle interception)
+ TODO: check
+CVE-2024-47518 (Specially constructed queries targeting ETM could discover active remo ...)
+ TODO: check
+CVE-2024-47517 (Expired and unusable administrator authentication tokens can be reveal ...)
+ TODO: check
+CVE-2024-46210 (An arbitrary file upload vulnerability in the MediaPool module of Reda ...)
+ TODO: check
+CVE-2024-42175 (HCL MyXalytics is affected by a weak input validation vulnerability. ...)
+ TODO: check
+CVE-2024-42174 (HCL MyXalytics is affected by username enumeration vulnerability. Thi ...)
+ TODO: check
+CVE-2024-42173 (HCL MyXalytics is affected by an improper password policy implementati ...)
+ TODO: check
+CVE-2024-42172 (HCL MyXalytics is affected by broken authentication. It allows attack ...)
+ TODO: check
+CVE-2024-42171 (HCL MyXalytics is affected by a session fixation vulnerability. Cyber ...)
+ TODO: check
+CVE-2024-42170 (HCL MyXalytics is affected by a session fixation vulnerability. Cyber ...)
+ TODO: check
+CVE-2024-42169 (HCL MyXalytics is affected by insecure direct object references. It o ...)
+ TODO: check
+CVE-2024-42168 (HCL MyXalytics is affected by out-of-band resource load (HTTP) vulnera ...)
+ TODO: check
+CVE-2024-41787 (IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 cou ...)
+ TODO: check
+CVE-2024-33299 (Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remo ...)
+ TODO: check
+CVE-2024-33298 (Microweber Cross Site Scripting vulnerability in Microweber v.2.0.9 al ...)
+ TODO: check
+CVE-2024-33297 (Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remo ...)
+ TODO: check
+CVE-2024-29971 (Scontain SCONE 5.8.0 has an interface vulnerability that leads to stat ...)
+ TODO: check
+CVE-2024-29970 (Fortanix Enclave OS 3.36.1941-EM has an interface vulnerability that l ...)
+ TODO: check
+CVE-2024-25371 (Gramine before a390e33e16ed374a40de2344562a937f289be2e1 suffers from a ...)
+ TODO: check
+CVE-2024-13318 (The Essential WP Real Estate plugin for WordPress is vulnerable to una ...)
+ TODO: check
+CVE-2024-12877 (The GiveWP \u2013 Donation Plugin and Fundraising Platform plugin for ...)
+ TODO: check
+CVE-2024-12847 (NETGEAR DGN1000 before 1.1.00.48 is vulnerable to an authentication by ...)
+ TODO: check
+CVE-2024-12627 (The Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up ...)
+ TODO: check
+CVE-2024-12587 (The Contact Form Master WordPress plugin through 1.0.7 does not sanit ...)
+ TODO: check
+CVE-2024-12527 (The Perfect Portal Widgets plugin for WordPress is vulnerable to Store ...)
+ TODO: check
+CVE-2024-12520 (The Dominion \u2013 Domain Checker for WPBakery plugin for WordPress i ...)
+ TODO: check
+CVE-2024-12519 (The TCBD Auto Refresher plugin for WordPress is vulnerable to Stored C ...)
+ TODO: check
+CVE-2024-12505 (The Trackserver plugin for WordPress is vulnerable to Stored Cross-Sit ...)
+ TODO: check
+CVE-2024-12472 (The Post Duplicator plugin for WordPress is vulnerable to Information ...)
+ TODO: check
+CVE-2024-12412 (The Rental and Booking Manager for Bike, Car, Dress, Resort with WooCo ...)
+ TODO: check
+CVE-2024-12407 (The Push Notification for Post and BuddyPress plugin for WordPress is ...)
+ TODO: check
+CVE-2024-12404 (The CF Internal Link Shortcode plugin for WordPress is vulnerable to S ...)
+ TODO: check
+CVE-2024-12304 (The Gutenberg Blocks with AI by Kadence WP \u2013 Page Builder Feature ...)
+ TODO: check
+CVE-2024-12204 (The Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up ...)
+ TODO: check
+CVE-2024-12116 (The Unlimited Theme Addon For Elementor and WooCommerce plugin for Wor ...)
+ TODO: check
+CVE-2024-11915 (The RRAddons for Elementor plugin for WordPress is vulnerable to Infor ...)
+ TODO: check
+CVE-2024-11892 (The Accordion Slider Lite plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2024-11874 (The Grid Accordion Lite plugin for WordPress is vulnerable to Stored C ...)
+ TODO: check
+CVE-2024-11758 (The WP SPID Italia plugin for WordPress is vulnerable to Stored Cross- ...)
+ TODO: check
+CVE-2024-11386 (The GatorMail SmartForms plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2024-11327 (The ClickWhale \u2013 Link Manager, Link Shortener and Click Tracker f ...)
+ TODO: check
CVE-2025-21385 (A Server-Side Request Forgery (SSRF) vulnerability in Microsoft Purvie ...)
NOT-FOR-US: Microsoft
CVE-2025-21380 (Improper access control in Azure SaaS Resources allows an authorized a ...)
@@ -1297,7 +1505,7 @@ CVE-2025-0247 (Memory safety bugs present in Firefox 133 and Thunderbird 133. So
- firefox 134.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-01/#CVE-2025-0247
CVE-2025-0243 (Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ES ...)
- {DSA-5839-1}
+ {DSA-5841-1 DSA-5839-1}
- firefox 134.0-1
- firefox-esr 128.6.0esr-1
- thunderbird 1:128.6.0esr-1
@@ -1305,7 +1513,7 @@ CVE-2025-0243 (Memory safety bugs present in Firefox 133, Thunderbird 133, Firef
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/#CVE-2025-0243
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-05/#CVE-2025-0243
CVE-2025-0242 (Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ES ...)
- {DSA-5839-1}
+ {DSA-5841-1 DSA-5839-1}
- firefox 134.0-1
- firefox-esr 128.6.0esr-1
- thunderbird 1:128.6.0esr-1
@@ -1313,7 +1521,7 @@ CVE-2025-0242 (Memory safety bugs present in Firefox 133, Thunderbird 133, Firef
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/#CVE-2025-0242
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-05/#CVE-2025-0242
CVE-2025-0241 (When segmenting specially crafted text, segmentation would corrupt mem ...)
- {DSA-5839-1}
+ {DSA-5841-1 DSA-5839-1}
- firefox 134.0-1
- firefox-esr 128.6.0esr-1
- thunderbird 1:128.6.0esr-1
@@ -1321,7 +1529,7 @@ CVE-2025-0241 (When segmenting specially crafted text, segmentation would corrup
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/#CVE-2025-0241
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-05/#CVE-2025-0241
CVE-2025-0240 (Parsing a JavaScript module as JSON could, under some circumstances, c ...)
- {DSA-5839-1}
+ {DSA-5841-1 DSA-5839-1}
- firefox 134.0-1
- firefox-esr 128.6.0esr-1
- thunderbird 1:128.6.0esr-1
@@ -1329,7 +1537,7 @@ CVE-2025-0240 (Parsing a JavaScript module as JSON could, under some circumstanc
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/#CVE-2025-0240
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-05/#CVE-2025-0240
CVE-2025-0239 (When using Alt-Svc, ALPN did not properly validate certificates when t ...)
- {DSA-5839-1}
+ {DSA-5841-1 DSA-5839-1}
- firefox 134.0-1
- firefox-esr 128.6.0esr-1
- thunderbird 1:128.6.0esr-1
@@ -1337,7 +1545,7 @@ CVE-2025-0239 (When using Alt-Svc, ALPN did not properly validate certificates w
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/#CVE-2025-0239
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-05/#CVE-2025-0239
CVE-2025-0238 (Assuming a controlled failed memory allocation, an attacker could have ...)
- {DSA-5839-1}
+ {DSA-5841-1 DSA-5839-1}
- firefox 134.0-1
- firefox-esr 128.6.0esr-1
- thunderbird 1:128.6.0esr-1
@@ -1345,7 +1553,7 @@ CVE-2025-0238 (Assuming a controlled failed memory allocation, an attacker could
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/#CVE-2025-0238
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-05/#CVE-2025-0238
CVE-2025-0237 (The WebChannel API, which is used to transport various information acr ...)
- {DSA-5839-1}
+ {DSA-5841-1 DSA-5839-1}
- firefox 134.0-1
- firefox-esr 128.6.0esr-1
- thunderbird 1:128.6.0esr-1
@@ -4990,9 +5198,9 @@ CVE-2024-56313 (A stored cross-site scripting (XSS) vulnerability in the Calenda
NOT-FOR-US: REDCap
CVE-2024-56312 (A stored cross-site scripting (XSS) vulnerability in the Project Dashb ...)
NOT-FOR-US: REDCap
-CVE-2024-56311 (REDCap through 15.0.0 has a security flaw in the Notes section of cale ...)
+CVE-2024-56311 (REDCap through 14.9.6 has a security flaw in the Notes section of cale ...)
NOT-FOR-US: REDCap
-CVE-2024-56310 (REDCap through 15.0.0 has a security flaw in the Project Dashboards na ...)
+CVE-2024-56310 (REDCap through 14.9.6 has a security flaw in the Project Dashboards na ...)
NOT-FOR-US: REDCap
CVE-2024-54082 (home 5G HR02 and Wi-Fi STATION SH-54C contain an OS command injection ...)
NOT-FOR-US: Sharp
@@ -5312,9 +5520,9 @@ CVE-2024-54150 (cjwt is a C JSON Web Token (JWT) Implementation. Algorithm confu
NOT-FOR-US: cjwt
CVE-2024-53991 (Discourse is an open source platform for community discussion. This vu ...)
NOT-FOR-US: Discourse
-CVE-2024-52897 (IBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTSweb console could allow a ...)
+CVE-2024-52897 (IBM MQ 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could ...)
NOT-FOR-US: IBM
-CVE-2024-52896 (IBM MQ Appliance 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console coul ...)
+CVE-2024-52896 (IBM MQ 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could ...)
NOT-FOR-US: IBM
CVE-2024-52794 (Discourse is an open source platform for community discussion. Users c ...)
NOT-FOR-US: Discourse
@@ -16137,6 +16345,7 @@ CVE-2024-50557 (A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G)
CVE-2024-50386 (Account users in Apache CloudStack by default are allowed to register ...)
NOT-FOR-US: Apache CloudStack
CVE-2024-50336 (matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for Jav ...)
+ {DSA-5841-1}
- node-matrix-js-sdk <removed>
- thunderbird 1:128.5.2esr-1
[bullseye] - thunderbird <postponed> (Minor issue; can be fixed in next update)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f17bfe2b7a8e4256ad035c9a0fde400915540b87
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f17bfe2b7a8e4256ad035c9a0fde400915540b87
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250111/8e3b5c17/attachment.htm>
More information about the debian-security-tracker-commits
mailing list