[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Jan 13 20:12:46 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9ae6ca8f by security tracker role at 2025-01-13T20:12:40+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,103 @@
+CVE-2025-23027 (next-forge is a Next.js project boilerplate for modern web application ...)
+	TODO: check
+CVE-2025-23026 (jte (Java Template Engine) is a secure and lightweight template engine ...)
+	TODO: check
+CVE-2025-22963 (Teedy through 1.11 allows CSRF for account takeover via POST /api/user ...)
+	TODO: check
+CVE-2025-22828 (CloudStack users can add and read comments (annotations) on resources  ...)
+	TODO: check
+CVE-2025-22800 (Missing Authorization vulnerability in Post SMTP Post SMTP allows Expl ...)
+	TODO: check
+CVE-2025-22777 (Deserialization of Untrusted Data vulnerability in GiveWP GiveWP allow ...)
+	TODO: check
+CVE-2025-22588 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-22586 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-22583 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-22576 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-22570 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-22569 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-22568 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-22567 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-22514 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-22506 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-22499 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-22498 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-22344 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-22337 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-22314 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-22144 (NamelessMC is a free, easy to use & powerful website software for Mine ...)
+	TODO: check
+CVE-2025-22142 (NamelessMC is a free, easy to use & powerful website software for Mine ...)
+	TODO: check
+CVE-2024-6352 (A malformed packet can cause a buffer overflow in the APS layer of the ...)
+	TODO: check
+CVE-2024-5743 (An attacker could exploit the 'Use of Password Hash With Insufficient  ...)
+	TODO: check
+CVE-2024-57488 (Code-Projects Online Car Rental System 1.0 is vulnerable to Cross Site ...)
+	TODO: check
+CVE-2024-57487 (In Code-Projects Online Car Rental System 1.0, the file upload feature ...)
+	TODO: check
+CVE-2024-56301 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2024-56065 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2024-54999 (MonicaHQ v4.1.2 was discovered to contain a Client-Side Injection vuln ...)
+	TODO: check
+CVE-2024-52938 (Kernel software installed and running inside a Guest VM may post impro ...)
+	TODO: check
+CVE-2024-52937 (Kernel software installed and running inside a Guest VM may exploit me ...)
+	TODO: check
+CVE-2024-52936 (Kernel software installed and running inside a Guest VM may post impro ...)
+	TODO: check
+CVE-2024-52935 (Kernel software installed and running inside a Guest VM may exploit me ...)
+	TODO: check
+CVE-2024-52333 (An improper array index validation vulnerability exists in the determi ...)
+	TODO: check
+CVE-2024-51728
+	REJECTED
+CVE-2024-48883 (An issue was discovered in Samsung Mobile Processor, Wearable Processo ...)
+	TODO: check
+CVE-2024-47897 (Software installed and run as a non-privileged user may conduct improp ...)
+	TODO: check
+CVE-2024-47895 (Kernel software installed and running inside a Guest VM may post impro ...)
+	TODO: check
+CVE-2024-47894 (Kernel software installed and running inside a Guest VM may post impro ...)
+	TODO: check
+CVE-2024-47796 (An improper array index validation vulnerability exists in the nowindo ...)
+	TODO: check
+CVE-2024-46921 (An issue was discovered in Samsung Mobile Processor and Modem Exynos 9 ...)
+	TODO: check
+CVE-2024-46920 (An issue was discovered in Samsung Mobile Processor Exynos 9820, 9825, ...)
+	TODO: check
+CVE-2024-46919 (An issue was discovered in Samsung Mobile Processor Exynos 9820, 9825, ...)
+	TODO: check
+CVE-2024-46481 (The login page of Venki Supravizio BPM up to 18.1.1 is vulnerable to o ...)
+	TODO: check
+CVE-2024-46480 (An NTLM hash leak in Venki Supravizio BPM up to 18.0.1 allows authenti ...)
+	TODO: check
+CVE-2024-46479 (Venki Supravizio BPM through 18.0.1 was discovered to contain an arbit ...)
+	TODO: check
+CVE-2024-46310 (Incorrect Access Control in Cfx.re FXServer v9601 and earlier allows u ...)
+	TODO: check
+CVE-2024-44771 (BigId PrivacyPortal v179 is vulnerable to Cross Site Scripting (XSS) v ...)
+	TODO: check
+CVE-2024-12211 (Pega Platform versions 8.1 to Infinity 24.2.0 are affected by an Store ...)
+	TODO: check
 CVE-2025-0412 (Luxion KeyShot Viewer KSP File Parsing Memory Corruption Remote Code E ...)
 	NOT-FOR-US: Luxion KeyShot Viewer
 CVE-2025-0410 (A vulnerability classified as critical was found in liujianview gymxmj ...)
@@ -46660,7 +46760,7 @@ CVE-2024-33181 (Tenda AC18 V15.03.3.10_EN was discovered to contain a stack-base
 	NOT-FOR-US: Tenda
 CVE-2024-33180 (Tenda AC18 V15.03.3.10_EN was discovered to contain a stack-based buff ...)
 	NOT-FOR-US: Tenda
-CVE-2024-32861 (Under certain circumstances the Software House C\u25cfCURE 9000 Site S ...)
+CVE-2024-32861 (Under certain circumstances the impacted Software House C\u2022CURE 90 ...)
 	NOT-FOR-US: Johnson Controls
 CVE-2024-2691 (The WP Event Manager \u2013 Events Calendar, Registrations, Sell Ticke ...)
 	NOT-FOR-US: WordPress plugin



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9ae6ca8ff696f45134634f4d167d10b979f31cb4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9ae6ca8ff696f45134634f4d167d10b979f31cb4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250113/3060aeaf/attachment.htm>

More information about the debian-security-tracker-commits mailing list