[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jan 16 08:11:59 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bfa0f853 by security tracker role at 2025-01-16T08:11:52+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,85 @@
+CVE-2025-22976 (SQL Injection vulnerability in dingfanzuCMS v.1.0 allows a local attac ...)
+	TODO: check
+CVE-2025-22964 (SQL Injection vulnerability in DDSN Net Pty Ltd (DDSN Interactive) DDS ...)
+	TODO: check
+CVE-2025-22916 (RE11S v1.11 was discovered to contain a stack overflow via the pppUser ...)
+	TODO: check
+CVE-2025-22913 (RE11S v1.11 was discovered to contain a stack overflow via the rootAPm ...)
+	TODO: check
+CVE-2025-22912 (RE11S v1.11 was discovered to contain a command injection vulnerabilit ...)
+	TODO: check
+CVE-2025-22907 (RE11S v1.11 was discovered to contain a stack overflow via the selSSID ...)
+	TODO: check
+CVE-2025-22906 (RE11S v1.11 was discovered to contain a command injection vulnerabilit ...)
+	TODO: check
+CVE-2025-22905 (RE11S v1.11 was discovered to contain a command injection vulnerabilit ...)
+	TODO: check
+CVE-2025-22904 (RE11S v1.11 was discovered to contain a stack overflow via the pptpUse ...)
+	TODO: check
+CVE-2025-0492 (A vulnerability has been found in D-Link DIR-823X 240126/240802 and cl ...)
+	TODO: check
+CVE-2025-0491 (A vulnerability, which was classified as critical, was found in Fanli2 ...)
+	TODO: check
+CVE-2025-0490 (A vulnerability, which was classified as critical, has been found in F ...)
+	TODO: check
+CVE-2025-0489 (A vulnerability classified as critical was found in Fanli2012 native-p ...)
+	TODO: check
+CVE-2025-0488 (A vulnerability classified as critical has been found in Fanli2012 nat ...)
+	TODO: check
+CVE-2025-0487 (A vulnerability was found in Fanli2012 native-php-cms 1.0. It has been ...)
+	TODO: check
+CVE-2025-0486 (A vulnerability was found in Fanli2012 native-php-cms 1.0. It has been ...)
+	TODO: check
+CVE-2025-0476 (Mattermost Mobile Apps versions <=2.22.0 fail to properly handle speci ...)
+	TODO: check
+CVE-2025-0457 (The airPASS from NetVision Information has an OS Command Injection vul ...)
+	TODO: check
+CVE-2025-0456 (The airPASS from NetVision Information has a Missing Authentication vu ...)
+	TODO: check
+CVE-2025-0455 (The airPASS from NetVision Information has a SQL Injection vulnerabili ...)
+	TODO: check
+CVE-2025-0215 (The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is  ...)
+	TODO: check
+CVE-2025-0170 (The DWT - Directory & Listing WordPress Theme is vulnerable to Reflect ...)
+	TODO: check
+CVE-2024-57728 (SimpleHelp remote support software v5.5.7 and before allows admin user ...)
+	TODO: check
+CVE-2024-57727 (SimpleHelp remote support software v5.5.7 and before is vulnerable to  ...)
+	TODO: check
+CVE-2024-57726 (SimpleHelp remote support software v5.5.7 and before has a vulnerabili ...)
+	TODO: check
+CVE-2024-55503 (An issue in termius before v.9.9.0 allows a local attacker to execute  ...)
+	TODO: check
+CVE-2024-53407 (In Phiewer 4.1.0, a dylib injection leads to Command Execution which a ...)
+	TODO: check
+CVE-2024-48126 (HI-SCAN 6040i Hitrax HX-03-19-I was discovered to contain hardcoded cr ...)
+	TODO: check
+CVE-2024-48125 (An issue in the AsDB service of HI-SCAN 6040i Hitrax HX-03-19-I allows ...)
+	TODO: check
+CVE-2024-48123 (An issue in the USB Autorun function of HI-SCAN 6040i Hitrax HX-03-19- ...)
+	TODO: check
+CVE-2024-48122 (Insecure default configurations in HI-SCAN 6040i Hitrax HX-03-19-I all ...)
+	TODO: check
+CVE-2024-48121 (The HI-SCAN 6040i Hitrax HX-03-19-I was discovered to transmit user cr ...)
+	TODO: check
+CVE-2024-41454 (An arbitrary file upload vulnerability in the UI login page logo uploa ...)
+	TODO: check
+CVE-2024-41453 (A cross-site scripting (XSS) vulnerability in Process Maker pm4core-do ...)
+	TODO: check
+CVE-2024-39967 (Insecure permissions in Aginode GigaSwitch v5 allows attackers to acce ...)
+	TODO: check
+CVE-2024-36751 (An issue in parse-uri v1.0.9 allows attackers to cause a Regular expre ...)
+	TODO: check
+CVE-2024-12226 (In affected versions of the Octopus Kubernetes worker or agent, sensit ...)
+	TODO: check
+CVE-2024-11452 (The Chamber Dashboard Business Directory plugin for WordPress is vulne ...)
+	TODO: check
+CVE-2024-10970 (The The Motors \u2013 Car Dealer, Classifieds & Listing plugin for Wor ...)
+	TODO: check
+CVE-2024-10789 (The WP User Profile Avatar plugin for WordPress is vulnerable to Cross ...)
+	TODO: check
+CVE-2024-10401
+	REJECTED
 CVE-2025-23040 (GitHub Desktop is an open-source Electron-based GitHub app designed fo ...)
 	TODO: check
 CVE-2025-22968 (An issue in D-Link DWR-M972V 1.05SSG allows a remote attacker to execu ...)
@@ -17476,7 +17558,7 @@ CVE-2024-5919 (A blind XML External Entities (XXE) injection vulnerability in th
 	NOT-FOR-US: Palo Alto Networks PAN-OS
 CVE-2024-5918 (An improper certificate validation vulnerability in Palo Alto Networks ...)
 	NOT-FOR-US: Palo Alto Networks PAN-OS
-CVE-2024-5917 (A server-side request forgery in PAN-OS software enables an unauthenti ...)
+CVE-2024-5917 (A server-side request forgery in PAN-OS software enables an authentica ...)
 	NOT-FOR-US: Palo Alto Networks PAN-OS
 CVE-2024-5125 (parisneo/lollms-webui version 9.6 is vulnerable to Cross-Site Scriptin ...)
 	NOT-FOR-US: parisneo/lollms-webui
@@ -258847,7 +258929,7 @@ CVE-2022-21385 (A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unp
 	- linux 4.19.37-1
 	NOTE: https://git.kernel.org/linus/ea010070d0a7497253d5a6f919f6dd107450b31a (4.20)
 CVE-2022-21384
-	RESERVED
+	REJECTED
 CVE-2022-21383 (Vulnerability in the Oracle Enterprise Session Border Controller produ ...)
 	NOT-FOR-US: Oracle
 CVE-2022-21382 (Vulnerability in the Oracle Enterprise Session Border Controller produ ...)
@@ -282341,9 +282423,9 @@ CVE-2021-35687 (Vulnerability in the Oracle Financial Services Analytical Applic
 CVE-2021-35686 (Vulnerability in the Oracle Financial Services Analytical Applications ...)
 	NOT-FOR-US: Oracle
 CVE-2021-35685
-	RESERVED
+	REJECTED
 CVE-2021-35684
-	RESERVED
+	REJECTED
 CVE-2021-35683 (Vulnerability in the Oracle Essbase Administration Services product of ...)
 	NOT-FOR-US: Oracle
 CVE-2021-35682



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bfa0f8530b02e1d210bccf0e762302ba8613aaf4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bfa0f8530b02e1d210bccf0e762302ba8613aaf4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250116/8bac9576/attachment.htm>

More information about the debian-security-tracker-commits mailing list