[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Jan 17 20:12:02 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a3ffdb1f by security tracker role at 2025-01-17T20:11:56+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,95 @@
+CVE-2025-21399 (Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerab ...)
+ TODO: check
+CVE-2025-21185 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2025-0537 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2025-0536 (A vulnerability classified as critical was found in 1000 Projects Atte ...)
+ TODO: check
+CVE-2025-0535 (A vulnerability classified as critical has been found in Codezips Gym ...)
+ TODO: check
+CVE-2025-0534 (A vulnerability was found in 1000 Projects Campaign Management System ...)
+ TODO: check
+CVE-2025-0533 (A vulnerability was found in 1000 Projects Campaign Management System ...)
+ TODO: check
+CVE-2025-0532 (A vulnerability was found in Codezips Gym Management System 1.0. It ha ...)
+ TODO: check
+CVE-2025-0531 (A vulnerability was found in code-projects Chat System 1.0 and classif ...)
+ TODO: check
+CVE-2025-0530 (A vulnerability has been found in code-projects Job Recruitment 1.0 an ...)
+ TODO: check
+CVE-2025-0529 (A vulnerability, which was classified as critical, was found in code-p ...)
+ TODO: check
+CVE-2025-0528 (A vulnerability, which was classified as critical, has been found in T ...)
+ TODO: check
+CVE-2025-0527 (A vulnerability classified as critical was found in code-projects Admi ...)
+ TODO: check
+CVE-2025-0430 (Belledonne Communications Linphone-Desktop is vulnerable to a NULL D ...)
+ TODO: check
+CVE-2024-57372 (Cross Site Scripting vulnerability in InformationPush master version a ...)
+ TODO: check
+CVE-2024-57370 (Cross Site Scripting vulnerability in sunnygkp10 Online Exam System ma ...)
+ TODO: check
+CVE-2024-57369 (Clickjacking vulnerability in typecho v1.2.1.)
+ TODO: check
+CVE-2024-57034 (WeGIA < 3.2.0 is vulnerable to SQL Injection in query_geracao_auto.php ...)
+ TODO: check
+CVE-2024-57032 (WeGIA < 3.2.0 is vulnerable to Incorrect Access Control in controle/co ...)
+ TODO: check
+CVE-2024-57031 (WeGIA < 3.2.0 is vulnerable to SQL Injection in /funcionario/remunerac ...)
+ TODO: check
+CVE-2024-57030 (Wegia < 3.2.0 is vulnerable to Cross Site Scripting (XSS) in /geral/do ...)
+ TODO: check
+CVE-2024-54681 (Multiple bash files were present in the application's private director ...)
+ TODO: check
+CVE-2024-53683 (A valid set of credentials in a .js file and a static token for commu ...)
+ TODO: check
+CVE-2024-52870 (Teradata Vantage Editor 1.0.1 is mostly intended for SQL database acce ...)
+ TODO: check
+CVE-2024-50967 (The /rest/rights/ REST API endpoint in Becon DATAGerry through 2.2.0 c ...)
+ TODO: check
+CVE-2024-45832 (Hard-coded credentials were included as part of the application binary ...)
+ TODO: check
+CVE-2024-26157 (All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0 ...)
+ TODO: check
+CVE-2024-26156 (All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0 ...)
+ TODO: check
+CVE-2024-26155 (All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0 ...)
+ TODO: check
+CVE-2024-26154 (All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0 ...)
+ TODO: check
+CVE-2024-26153 (All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.9.1 ...)
+ TODO: check
+CVE-2024-13503 (Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') ...)
+ TODO: check
+CVE-2024-13502 (Improper Neutralization of Special Elements used in an OS Command ('OS ...)
+ TODO: check
+CVE-2024-13378 (The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-S ...)
+ TODO: check
+CVE-2024-13377 (The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-S ...)
+ TODO: check
+CVE-2024-13026 (A vulnerability exists in Algo Edge up to 2.1.1 - a previously used (l ...)
+ TODO: check
+CVE-2024-12757 (Nedap Librix Ecoreader is missing authentication for critical functi ...)
+ TODO: check
+CVE-2024-12703 (CWE-502: Deserialization of untrusted data vulnerability exists that c ...)
+ TODO: check
+CVE-2024-12476 (CWE-611: Improper Restriction of XML External Entity Reference vulnera ...)
+ TODO: check
+CVE-2024-12399 (CWE-924: Improper Enforcement of Message Integrity During Transmission ...)
+ TODO: check
+CVE-2024-12370 (The WP Hotel Booking plugin for WordPress is vulnerable to unauthorize ...)
+ TODO: check
+CVE-2024-12142 (CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vu ...)
+ TODO: check
+CVE-2024-11425 (CWE-131: Incorrect Calculation of Buffer Size vulnerability exists tha ...)
+ TODO: check
+CVE-2024-11139 (CWE-119: Improper Restriction of Operations within the Bounds of a Mem ...)
+ TODO: check
+CVE-2024-10498 (CWE-119: Improper Restriction of Operations within the Bounds of a Mem ...)
+ TODO: check
+CVE-2024-10497 (CWE-639: Authorization Bypass Through User-Controlled Key vulnerabilit ...)
+ TODO: check
CVE-2024-7596 [networkmanager: UDP encapsulation protocol excessive trust]
NOT-FOR-US: IP tunnel protocol issue
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2317264
@@ -3838,7 +3930,8 @@ CVE-2025-22132 (WeGIA is a web manager for charitable institutions. A Cross-Site
NOT-FOR-US: WeGIA
CVE-2025-21603 (Cross-site scripting vulnerability exists in MZK-DP300N firmware versi ...)
NOT-FOR-US: MZK-DP300N firmware
-CVE-2024-9673 (The Piotnet Addons For Elementor plugin for WordPress is vulnerable to ...)
+CVE-2024-9673
+ REJECTED
NOT-FOR-US: WordPress plugin
CVE-2024-8002 (A vulnerability has been found in VIWIS LMS 9.11 and classified as pro ...)
NOT-FOR-US: VIWIS LMS
@@ -4581,7 +4674,8 @@ CVE-2024-12557 (The Transporters.io plugin for WordPress is vulnerable to Cross-
NOT-FOR-US: WordPress plugin
CVE-2024-12541 (The Chative Live chat and Chatbot plugin for WordPress is vulnerable t ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-12540 (The LDD Directory Lite plugin for WordPress is vulnerable to Reflected ...)
+CVE-2024-12540
+ REJECTED
NOT-FOR-US: WordPress plugin
CVE-2024-12538 (The Duplicate Post, Page and Any Custom Post plugin for WordPress is v ...)
NOT-FOR-US: WordPress plugin
@@ -4655,7 +4749,8 @@ CVE-2024-12252 (The SEO LAT Auto Post plugin for WordPress is vulnerable to file
NOT-FOR-US: WordPress plugin
CVE-2024-12214 (The WooCommerce HSS Extension for Streaming Video plugin for WordPress ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-12208 (The Backup and Restore WordPress \u2013 Backup Plugin plugin for WordP ...)
+CVE-2024-12208
+ REJECTED
NOT-FOR-US: WordPress plugin
CVE-2024-12207 (The Toggles Shortcode and Widget plugin for WordPress is vulnerable to ...)
NOT-FOR-US: WordPress plugin
@@ -4677,7 +4772,8 @@ CVE-2024-12140 (The Elementor Addons AI Addons \u2013 70 Widgets, Premium Templa
NOT-FOR-US: WordPress plugin
CVE-2024-12126 (The SEO Keywords plugin for WordPress is vulnerable to Reflected Cross ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-12124 (The Role Includer plugin for WordPress is vulnerable to Reflected Cros ...)
+CVE-2024-12124
+ REJECTED
NOT-FOR-US: WordPress plugin
CVE-2024-12098 (The ARS Affiliate Page Plugin plugin for WordPress is vulnerable to Re ...)
NOT-FOR-US: WordPress plugin
@@ -4687,7 +4783,8 @@ CVE-2024-12073 (The Meteor Slides plugin for WordPress is vulnerable to Stored C
NOT-FOR-US: WordPress plugin
CVE-2024-12049 (The Woo Ukrposhta plugin for WordPress is vulnerable to Reflected Cros ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-12022 (The WP Menu Image plugin for WordPress is vulnerable to unauthorized m ...)
+CVE-2024-12022
+ REJECTED
NOT-FOR-US: WordPress plugin
CVE-2024-11934 (The Formaloo Form Maker & Customer Analytics for WordPress & WooCommer ...)
NOT-FOR-US: WordPress plugin
@@ -8265,7 +8362,7 @@ CVE-2024-56349 (In JetBrains TeamCity before 2024.12 improper access control all
CVE-2024-56348 (In JetBrains TeamCity before 2024.12 improper access control allowed v ...)
NOT-FOR-US: JetBrains TeamCity
CVE-2024-56337 (Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apa ...)
- {DLA-4017-1}
+ {DSA-5845-1 DLA-4017-1}
- tomcat10 10.1.34-1
- tomcat9 9.0.70-2
NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server stack, using that as the fixed version
@@ -8896,6 +8993,7 @@ CVE-2024-55513 (A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200
CVE-2024-55496 (A vulnerability has been found in the 1000projects Bookstore Managemen ...)
NOT-FOR-US: 1000projects Bookstore Management System PHP MySQL Project
CVE-2024-54677 (Uncontrolled Resource Consumption vulnerability in the examples web ap ...)
+ {DSA-5845-1}
- tomcat10 10.1.34-1
- tomcat9 9.0.70-2
[bullseye] - tomcat9 <ignored> (Minor issue)
@@ -8927,7 +9025,7 @@ CVE-2024-52542 (Dell AppSync, version 4.6.0.x, contain a Symbolic Link (Symlink)
CVE-2024-51479 (Next.js is a React framework for building full-stack web applications. ...)
NOT-FOR-US: Next.js
CVE-2024-50379 (Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during ...)
- {DLA-4017-1}
+ {DSA-5845-1 DLA-4017-1}
- tomcat10 10.1.34-1
- tomcat9 9.0.70-2
NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server stack, using that as the fixed version
@@ -17518,7 +17616,7 @@ CVE-2024-52317 (Incorrect object re-cycling and re-use vulnerability in Apache T
NOTE: https://github.com/apache/tomcat/commit/146f94f87ea398fb592c7a20a5ccbef95e9dd72b (10.1.31)
NOTE: https://github.com/apache/tomcat/commit/47307ee27abcdea2ee40e33897aca760083de46a (9.0.96)
CVE-2024-52316 (Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is ...)
- {DLA-4017-1}
+ {DSA-5845-1 DLA-4017-1}
- tomcat10 10.1.31-1
- tomcat9 9.0.70-2
NOTE: https://lists.apache.org/thread/lopzlqh91jj9n334g02om08sbysdb928
@@ -52764,7 +52862,7 @@ CVE-2024-35234 (Discourse is an open-source discussion platform. Prior to versio
CVE-2024-35227 (Discourse is an open-source discussion platform. Prior to version 3.2. ...)
NOT-FOR-US: Discourse
CVE-2024-38286 (Allocation of Resources Without Limits or Throttling vulnerability in ...)
- {DLA-4017-1}
+ {DSA-5845-1 DLA-4017-1}
- tomcat10 10.1.25-1
- tomcat9 9.0.70-2
NOTE: https://lists.apache.org/thread/wms60cvbsz3fpbz9psxtfx8r41jl6d4s
@@ -52772,6 +52870,7 @@ CVE-2024-38286 (Allocation of Resources Without Limits or Throttling vulnerabili
NOTE: https://github.com/apache/tomcat/commit/76c5cce6f0bcef14b0c21c38910371ca7d322d13 (9.0.90)
NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server stack, using that as the fixed version
CVE-2024-34750 (Improper Handling of Exceptional Conditions, Uncontrolled Resource Con ...)
+ {DSA-5845-1}
- tomcat10 10.1.25-1
- tomcat9 9.0.70-2
[bullseye] - tomcat9 <postponed> (Minor issue, fixed along in next DSA)
@@ -95561,7 +95660,7 @@ CVE-2024-23126 (A maliciously crafted CATPART file in CC5Dll.dll when parsed thr
NOT-FOR-US: Autodesk
CVE-2024-23125 (A maliciously crafted SLDPRT file when parsed ODXSW_DLL.dll through Au ...)
NOT-FOR-US: Autodesk
-CVE-2024-23124 (A maliciously crafted STP file in ASMIMPORT228A.dll when parsed throug ...)
+CVE-2024-23124 (A maliciously crafted STP file when parsed in ASMIMPORT228A.dll throug ...)
NOT-FOR-US: Autodesk
CVE-2024-23123 (A maliciously crafted CATPART file, when parsed in CC5Dll.dll and ASMB ...)
NOT-FOR-US: Autodesk
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a3ffdb1f360f2e9a7b068d0834dc7be16d9ffe90
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a3ffdb1f360f2e9a7b068d0834dc7be16d9ffe90
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250117/2946199c/attachment.htm>
More information about the debian-security-tracker-commits
mailing list