[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Jan 14 08:12:03 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a0b53c28 by security tracker role at 2025-01-14T08:11:57+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,255 @@
+CVE-2025-23082 (Veeam Backup for Microsoft Azure is vulnerable to Server-Side Request  ...)
+	TODO: check
+CVE-2025-23038 (WeGIA is an open source web manager with a focus on the Portuguese lan ...)
+	TODO: check
+CVE-2025-23037 (WeGIA is an open source web manager with a focus on the Portuguese lan ...)
+	TODO: check
+CVE-2025-23036 (WeGIA is an open source web manager with a focus on the Portuguese lan ...)
+	TODO: check
+CVE-2025-23035 (WeGIA is an open source web manager with a focus on the Portuguese lan ...)
+	TODO: check
+CVE-2025-23034 (WeGIA is an open source web manager with a focus on the Portuguese lan ...)
+	TODO: check
+CVE-2025-23033 (WeGIA is an open source web manager with a focus on the Portuguese lan ...)
+	TODO: check
+CVE-2025-23032 (WeGIA is an open source web manager with a focus on the Portuguese lan ...)
+	TODO: check
+CVE-2025-23031 (WeGIA is an open source web manager with a focus on the Portuguese lan ...)
+	TODO: check
+CVE-2025-23030 (WeGIA is an open source web manager with a focus on the Portuguese lan ...)
+	TODO: check
+CVE-2025-22619 (WeGIA is an open source web manager with a focus on the Portuguese lan ...)
+	TODO: check
+CVE-2025-22618 (WeGIA is an open source web manager with a focus on the Portuguese lan ...)
+	TODO: check
+CVE-2025-22617 (WeGIA is an open source web manager with a focus on the Portuguese lan ...)
+	TODO: check
+CVE-2025-22616 (WeGIA is an open source web manager with a focus on the Portuguese lan ...)
+	TODO: check
+CVE-2025-22615 (WeGIA is an open source web manager with a focus on the Portuguese lan ...)
+	TODO: check
+CVE-2025-22614 (WeGIA is an open source web manager with a focus on the Portuguese lan ...)
+	TODO: check
+CVE-2025-22613 (WeGIA is an open source web manager with a focus on the Portuguese lan ...)
+	TODO: check
+CVE-2025-22138 (@codidact/qpixel is a Q&A-based community knowledge-sharing software.  ...)
+	TODO: check
+CVE-2025-22134 (When switching to other buffers using the :all command and visual mode ...)
+	TODO: check
+CVE-2025-0070 (SAP NetWeaver Application Server for ABAP and ABAP Platform allows an  ...)
+	TODO: check
+CVE-2025-0069 (Due to DLL injection vulnerability in SAPSetup, an attacker with eithe ...)
+	TODO: check
+CVE-2025-0068 (An obsolete functionality in SAP NetWeaver Application Server ABAP did ...)
+	TODO: check
+CVE-2025-0067 (Due to a missing authorization check on service endpoints in the SAP N ...)
+	TODO: check
+CVE-2025-0066 (Under certain conditions SAP NetWeaver AS for ABAP and ABAP Platform ( ...)
+	TODO: check
+CVE-2025-0063 (SAP NetWeaver AS ABAP and ABAP Platform does not check for authorizati ...)
+	TODO: check
+CVE-2025-0061 (SAP BusinessObjects Business Intelligence Platform allows an unauthent ...)
+	TODO: check
+CVE-2025-0060 (SAP BusinessObjects Business Intelligence Platform allows an authentic ...)
+	TODO: check
+CVE-2025-0059 (Applications based on SAP GUI for HTML in SAP NetWeaver Application Se ...)
+	TODO: check
+CVE-2025-0058 (In SAP Business Workflow and SAP Flexible Workflow, an authenticated a ...)
+	TODO: check
+CVE-2025-0057 (SAP NetWeaver AS JAVA (User Admin Application) is vulnerable to stored ...)
+	TODO: check
+CVE-2025-0056 (SAP GUI for Java saves user input on the client PC to improve usabilit ...)
+	TODO: check
+CVE-2025-0055 (SAP GUI for Windows stores user input on the client PC to improve usab ...)
+	TODO: check
+CVE-2025-0053 (SAP NetWeaver Application Server for ABAP and ABAP Platform allows an  ...)
+	TODO: check
+CVE-2024-57811 (In Eaton X303 3.5.16 - X303 3.5.17 Build 712, an attacker with network ...)
+	TODO: check
+CVE-2024-57664 (An issue in the sqlg_group_node component of openlink virtuoso-opensou ...)
+	TODO: check
+CVE-2024-57663 (An issue in the sqlg_place_dpipes component of openlink virtuoso-opens ...)
+	TODO: check
+CVE-2024-57662 (An issue in the sqlg_hash_source component of openlink virtuoso-openso ...)
+	TODO: check
+CVE-2024-57661 (An issue in the sqlo_df component of openlink virtuoso-opensource v7.2 ...)
+	TODO: check
+CVE-2024-57660 (An issue in the sqlo_expand_jts component of openlink virtuoso-opensou ...)
+	TODO: check
+CVE-2024-57659 (An issue in the sqlg_parallel_ts_seq component of openlink virtuoso-op ...)
+	TODO: check
+CVE-2024-57658 (An issue in the sql_tree_hash_1 component of openlink virtuoso-opensou ...)
+	TODO: check
+CVE-2024-57657 (An issue in the sqlg_vec_upd component of openlink virtuoso-opensource ...)
+	TODO: check
+CVE-2024-57656 (An issue in the sqlc_add_distinct_node component of openlink virtuoso- ...)
+	TODO: check
+CVE-2024-57655 (An issue in the dfe_n_in_order component of openlink virtuoso-opensour ...)
+	TODO: check
+CVE-2024-57654 (An issue in the qst_vec_get_int64 component of openlink virtuoso-opens ...)
+	TODO: check
+CVE-2024-57653 (An issue in the qst_vec_set_copy component of openlink virtuoso-openso ...)
+	TODO: check
+CVE-2024-57652 (An issue in the numeric_to_dv component of openlink virtuoso-opensourc ...)
+	TODO: check
+CVE-2024-57651 (An issue in the jp_add component of openlink virtuoso-opensource v7.2. ...)
+	TODO: check
+CVE-2024-57650 (An issue in the qi_inst_state_free component of openlink virtuoso-open ...)
+	TODO: check
+CVE-2024-57649 (An issue in the qst_vec_set component of openlink virtuoso-opensource  ...)
+	TODO: check
+CVE-2024-57648 (An issue in the itc_set_param_row component of openlink virtuoso-opens ...)
+	TODO: check
+CVE-2024-57647 (An issue in the row_insert_cast component of openlink virtuoso-opensou ...)
+	TODO: check
+CVE-2024-57646 (An issue in the psiginfo component of openlink virtuoso-opensource v7. ...)
+	TODO: check
+CVE-2024-57645 (An issue in the qi_inst_state_free component of openlink virtuoso-open ...)
+	TODO: check
+CVE-2024-57644 (An issue in the itc_hash_compare component of openlink virtuoso-openso ...)
+	TODO: check
+CVE-2024-57643 (An issue in the box_deserialize_string component of openlink virtuoso- ...)
+	TODO: check
+CVE-2024-57642 (An issue in the dfe_inx_op_col_def_table component of openlink virtuos ...)
+	TODO: check
+CVE-2024-57641 (An issue in the sqlexp component of openlink virtuoso-opensource v7.2. ...)
+	TODO: check
+CVE-2024-57640 (An issue in the dc_add_int component of openlink virtuoso-opensource v ...)
+	TODO: check
+CVE-2024-57639 (An issue in the dc_elt_size component of openlink virtuoso-opensource  ...)
+	TODO: check
+CVE-2024-57638 (An issue in the dfe_body_copy component of openlink virtuoso-opensourc ...)
+	TODO: check
+CVE-2024-57637 (An issue in the dfe_unit_gb_dependant component of openlink virtuoso-o ...)
+	TODO: check
+CVE-2024-57636 (An issue in the itc_sample_row_check component of openlink virtuoso-op ...)
+	TODO: check
+CVE-2024-57635 (An issue in the chash_array component of openlink virtuoso-opensource  ...)
+	TODO: check
+CVE-2024-57634 (An issue in the exp_copy component of MonetDB Server v11.49.1 allows a ...)
+	TODO: check
+CVE-2024-57633 (An issue in the exps_bind_column component of MonetDB Server v11.49.1  ...)
+	TODO: check
+CVE-2024-57632 (An issue in the is_column_unique component of MonetDB Server v11.49.1  ...)
+	TODO: check
+CVE-2024-57631 (An issue in the exp_ref component of MonetDB Server v11.49.1 allows at ...)
+	TODO: check
+CVE-2024-57630 (An issue in the exps_card component of MonetDB Server v11.49.1 allows  ...)
+	TODO: check
+CVE-2024-57629 (An issue in the tail_type component of MonetDB Server v11.49.1 allows  ...)
+	TODO: check
+CVE-2024-57628 (An issue in the exp_values_set_supertype component of MonetDB Server v ...)
+	TODO: check
+CVE-2024-57627 (An issue in the gc_col component of MonetDB Server v11.49.1 allows att ...)
+	TODO: check
+CVE-2024-57626 (An issue in the mat_join2 component of MonetDB Server v11.49.1 allows  ...)
+	TODO: check
+CVE-2024-57625 (An issue in the merge_table_prune_and_unionize component of MonetDB Se ...)
+	TODO: check
+CVE-2024-57624 (An issue in the exp_atom component of MonetDB Server v11.49.1 allows a ...)
+	TODO: check
+CVE-2024-57623 (An issue in the HEAP_malloc component of MonetDB Server v11.49.1 allow ...)
+	TODO: check
+CVE-2024-57622 (An issue in the exp_bin component of MonetDB Server v11.49.1 allows at ...)
+	TODO: check
+CVE-2024-57621 (An issue in the GDKanalytical_correlation component of MonetDB Server  ...)
+	TODO: check
+CVE-2024-57620 (An issue in the trimchars component of MonetDB Server v11.47.11 allows ...)
+	TODO: check
+CVE-2024-57619 (An issue in the atom_get_int component of MonetDB Server v11.47.11 all ...)
+	TODO: check
+CVE-2024-57618 (An issue in the bind_col_exp component of MonetDB Server v11.47.11 all ...)
+	TODO: check
+CVE-2024-57617 (An issue in the dameraulevenshtein component of MonetDB Server v11.49. ...)
+	TODO: check
+CVE-2024-57616 (An issue in the vscanf component of MonetDB Server v11.47.11 allows at ...)
+	TODO: check
+CVE-2024-57615 (An issue in the BATcalcbetween_intern component of MonetDB Server v11. ...)
+	TODO: check
+CVE-2024-56323 (OpenFGA is an authorization/permission engine. IN OpenFGA v1.3.8 to v1 ...)
+	TODO: check
+CVE-2024-56138 (notion-go is a collection of libraries for supporting sign and verify  ...)
+	TODO: check
+CVE-2024-51491 (notion-go is a collection of libraries for supporting sign and verify  ...)
+	TODO: check
+CVE-2024-13348 (The Smart Agenda \u2013 Prise de rendez-vous en ligne plugin for WordP ...)
+	TODO: check
+CVE-2024-13324
+	REJECTED
+CVE-2024-13323 (The WP Booking Calendar plugin for WordPress is vulnerable to Stored C ...)
+	TODO: check
+CVE-2024-13154
+	REJECTED
+CVE-2024-12398 (An improper privilege management vulnerability in the web management i ...)
+	TODO: check
+CVE-2024-12365 (The W3 Total Cache plugin for WordPress is vulnerable to unauthorized  ...)
+	TODO: check
+CVE-2024-12298 (We found a vulnerability Improper Restriction of XML External Entity R ...)
+	TODO: check
+CVE-2024-12083 (Path Traversal Vulnerabilities (CWE-22) exist in NJ/NX-series Machine  ...)
+	TODO: check
+CVE-2024-12008 (The W3 Total Cache plugin for WordPress is vulnerable to Information E ...)
+	TODO: check
+CVE-2024-12006 (The W3 Total Cache plugin for WordPress is vulnerable to unauthorized  ...)
+	TODO: check
+CVE-2024-11637
+	REJECTED
+CVE-2024-11396 (The Event Monster \u2013 Event Management, Tickets Booking, Upcoming E ...)
+	TODO: check
+CVE-2024-11128 (A vulnerability in the BitdefenderVirusScanner binary as used inBitdef ...)
+	TODO: check
+CVE-2023-42250 (Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scr ...)
+	TODO: check
+CVE-2023-42249 (Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scr ...)
+	TODO: check
+CVE-2023-42248 (An issue was discovered in Selesta Visual Access Manager (VAM) prior t ...)
+	TODO: check
+CVE-2023-42247 (Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scr ...)
+	TODO: check
+CVE-2023-42246 (Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scr ...)
+	TODO: check
+CVE-2023-42245 (Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scr ...)
+	TODO: check
+CVE-2023-42244 (An issue was discovered in Selesta Visual Access Manager (VAM) prior t ...)
+	TODO: check
+CVE-2023-42243 (In Selesta Visual Access Manager < 4.42.2, an authenticated user can a ...)
+	TODO: check
+CVE-2023-42242 (An issue was discovered in Selesta Visual Access Manager (VAM) prior t ...)
+	TODO: check
+CVE-2023-42241 (An issue was discovered in Selesta Visual Access Manager (VAM) prior t ...)
+	TODO: check
+CVE-2023-42240 (An issue was discovered in Selesta Visual Access Manager (VAM) prior t ...)
+	TODO: check
+CVE-2023-42239 (An issue was discovered in Selesta Visual Access Manager (VAM) prior t ...)
+	TODO: check
+CVE-2023-42238 (An issue was discovered in Selesta Visual Access Manager (VAM) prior t ...)
+	TODO: check
+CVE-2023-42237 (An issue was discovered in Selesta Visual Access Manager (VAM) prior t ...)
+	TODO: check
+CVE-2023-42236 (An issue was discovered in Selesta Visual Access Manager (VAM) prior t ...)
+	TODO: check
+CVE-2023-42235 (An issue was discovered in Selesta Visual Access Manager (VAM) prior t ...)
+	TODO: check
+CVE-2023-42234 (Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Cr ...)
+	TODO: check
+CVE-2023-42233 (Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Cr ...)
+	TODO: check
+CVE-2023-42232 (Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Di ...)
+	TODO: check
+CVE-2023-42231 (Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to In ...)
+	TODO: check
+CVE-2023-42230 (Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Cr ...)
+	TODO: check
+CVE-2023-42229 (Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Di ...)
+	TODO: check
+CVE-2023-42228 (Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to In ...)
+	TODO: check
+CVE-2023-42227 (Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Di ...)
+	TODO: check
+CVE-2023-42226 (Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Di ...)
+	TODO: check
+CVE-2023-42225 (Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Di ...)
+	TODO: check
 CVE-2025-23027 (next-forge is a Next.js project boilerplate for modern web application ...)
 	NOT-FOR-US: next-forge Next.js project
 CVE-2025-23026 (jte (Java Template Engine) is a secure and lightweight template engine ...)
@@ -891,7 +1143,7 @@ CVE-2024-56114 (Canlineapp Online 1.1 is vulnerable to Broken Access Control and
 	NOT-FOR-US: Canlineapp Online
 CVE-2024-56113 (Smart Toilet Lab - Motius 1.3.11 is running with debug mode turned on  ...)
 	NOT-FOR-US: Smart Toilet Lab - Motius
-CVE-2024-55494 (A cross-site scripting (XSS) vulnerability in Opencode Mobile Collect  ...)
+CVE-2024-55494 (A PHP Code Injection vulnerability that can lead to Remote Code Execut ...)
 	NOT-FOR-US: Opencode Mobile Collect Call
 CVE-2024-54887 (TP-Link TL-WR940N V3 and V4 with firmware 3.16.9 and earlier contain a ...)
 	NOT-FOR-US: TP-Link
@@ -2013,7 +2265,7 @@ CVE-2025-0241 (When segmenting specially crafted text, segmentation would corrup
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-01/#CVE-2025-0241
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/#CVE-2025-0241
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-05/#CVE-2025-0241
-CVE-2025-0240 (Parsing a JavaScript module as JSON could, under some circumstances, c ...)
+CVE-2025-0240 (Parsing a JavaScript module as JSON could under some circumstances cau ...)
 	{DSA-5841-1 DSA-5839-1 DLA-4012-1 DLA-4011-1}
 	- firefox 134.0-1
 	- firefox-esr 128.6.0esr-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a0b53c28bcd93da88eb1a4b2a4dd73a7f42436a9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a0b53c28bcd93da88eb1a4b2a4dd73a7f42436a9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250114/4da209ca/attachment.htm>

More information about the debian-security-tracker-commits mailing list