[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Jan 15 08:12:44 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ee7881f4 by security tracker role at 2025-01-15T08:12:38+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,91 @@
+CVE-2025-23061 (Mongoose before 8.9.5 can improperly use a nested $where filter with a ...)
+	TODO: check
+CVE-2025-23013 (In Yubico pam-u2f before 1.3.1, local privilege escalation can sometim ...)
+	TODO: check
+CVE-2025-22997 (A stored cross-site scripting (XSS) vulnerability in the prf_table_con ...)
+	TODO: check
+CVE-2025-22996 (A stored cross-site scripting (XSS) vulnerability in the spf_table_con ...)
+	TODO: check
+CVE-2025-22394 (Dell Display Manager, versions prior to 2.3.2.18, contain a Time-of-ch ...)
+	TODO: check
+CVE-2025-21101 (Dell Display Manager, versions prior to 2.3.2.20, contain a race condi ...)
+	TODO: check
+CVE-2025-0356 (NEC Corporation Aterm WX1500HP Ver.1.4.2 and earlier and WX3600HP Ver. ...)
+	TODO: check
+CVE-2025-0355 (Missing Authentication for Critical Function vulnerability in NEC Corp ...)
+	TODO: check
+CVE-2025-0354 (Cross-site scripting vulnerability in NEC Corporation Aterm WG2600HS V ...)
+	TODO: check
+CVE-2025-0343 (Swift ASN.1 can be caused to crash when parsing certain BER/DER constr ...)
+	TODO: check
+CVE-2024-7322 (A ZigBee coordinator, router, or end device may change their node ID w ...)
+	TODO: check
+CVE-2024-57767 (MSFM before v2025.01.01 was discovered to contain a Server-Side Reques ...)
+	TODO: check
+CVE-2024-57766 (MSFM before 2025.01.01 was discovered to contain a fastjson deserializ ...)
+	TODO: check
+CVE-2024-57765 (MSFM before 2025.01.01 was discovered to contain a SQL injection vulne ...)
+	TODO: check
+CVE-2024-57764 (MSFM before 2025.01.01 was discovered to contain a fastjson deserializ ...)
+	TODO: check
+CVE-2024-57763 (MSFM before 2025.01.01 was discovered to contain a fastjson deserializ ...)
+	TODO: check
+CVE-2024-57762 (MSFM before v2025.01.01 was discovered to contain a deserialization vu ...)
+	TODO: check
+CVE-2024-57761 (An arbitrary file upload vulnerability in the parserXML() method of Je ...)
+	TODO: check
+CVE-2024-57760 (JeeWMS before v2025.01.01 was discovered to contain a SQL injection vu ...)
+	TODO: check
+CVE-2024-57757 (JeeWMS before v2025.01.01 was discovered to contain a permission bypas ...)
+	TODO: check
+CVE-2024-57483 (Tenda i24 V2.0.0.5 is vulnerable to Buffer Overflow in the addWifiMacF ...)
+	TODO: check
+CVE-2024-57482 (H3C N12 V100R005 contains a buffer overflow vulnerability due to the l ...)
+	TODO: check
+CVE-2024-57480 (H3C N12 V100R005 contains a buffer overflow vulnerability due to the l ...)
+	TODO: check
+CVE-2024-57479 (H3C N12 V100R005 contains a buffer overflow vulnerability due to the l ...)
+	TODO: check
+CVE-2024-57473 (H3C N12 V100R005 contains a buffer overflow vulnerability due to the l ...)
+	TODO: check
+CVE-2024-57471 (H3C N12 V100R005 contains a buffer overflow vulnerability due to the l ...)
+	TODO: check
+CVE-2024-55577 (Stack-based buffer overflow vulnerability exists in Linux Ratfor 1.06  ...)
+	TODO: check
+CVE-2024-54730 (Flatnotes <v5.3.1 is vulnerable to denial of service through the uploa ...)
+	TODO: check
+CVE-2024-54142 (Discourse AI is a Discourse plugin which provides a number of AI featu ...)
+	TODO: check
+CVE-2024-53277 (Silverstripe Framework is a PHP framework which powers the Silverstrip ...)
+	TODO: check
+CVE-2024-50861 (The ip_mod_dns_key_form.cgi request in GestioIP v3.5.7 is vulnerable t ...)
+	TODO: check
+CVE-2024-50859 (The ip_import_acl_csv request in GestioIP v3.5.7 is vulnerable to Refl ...)
+	TODO: check
+CVE-2024-50858 (Multiple endpoints in GestioIP v3.5.7 are vulnerable to Cross-Site Req ...)
+	TODO: check
+CVE-2024-50857 (The ip_do_job request in GestioIP v3.5.7 is vulnerable to Cross-Site S ...)
+	TODO: check
+CVE-2024-4227 (In Genivia gSOAP with a specific configuration an unauthenticated remo ...)
+	TODO: check
+CVE-2024-48760 (An issue in GestioIP v3.5.7 allows a remote attacker to execute arbitr ...)
+	TODO: check
+CVE-2024-47605 (silverstripe-asset-admin is a silverstripe assets gallery for asset ma ...)
+	TODO: check
+CVE-2024-45102 (A privilege escalation vulnerability was discovered that could allow a ...)
+	TODO: check
+CVE-2024-42911 (ECOVACS Robotics Deebot T20 OMNI and T20e OMNI before 1.24.0 was disco ...)
+	TODO: check
+CVE-2024-13394 (The ViewMedica 9 plugin for WordPress is vulnerable to Stored Cross-Si ...)
+	TODO: check
+CVE-2024-13334 (The Car Demon plugin for WordPress is vulnerable to Reflected Cross-Si ...)
+	TODO: check
+CVE-2024-11870 (The Event Registration Calendar By vcita plugin for WordPress is vulne ...)
+	TODO: check
+CVE-2024-10254 (A potential buffer overflow vulnerability was reported in PC Manager,  ...)
+	TODO: check
+CVE-2024-10253 (A potential TOCTOU vulnerability was reported in PC Manager, Lenovo Br ...)
+	TODO: check
 CVE-2025-0448
 	- chromium 132.0.6834.83-1
 	[bullseye] - chromium <end-of-life> (see #1061268)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee7881f4373f39fcba1dfa2ba5bcd36b3cd69cf0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee7881f4373f39fcba1dfa2ba5bcd36b3cd69cf0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250115/0a2fcd71/attachment.htm>

More information about the debian-security-tracker-commits mailing list