[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jan 22 08:12:21 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e05938b8 by security tracker role at 2025-01-22T08:11:56+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,353 @@
+CVE-2025-23237 (Improper neutralization of special elements used in an OS command ('OS ...)
+ TODO: check
+CVE-2025-23090 (With the aid of the diagnostics_channel utility, an event can be hooke ...)
+ TODO: check
+CVE-2025-23089 (This CVE has been issued to inform users that they are using End-of-Li ...)
+ TODO: check
+CVE-2025-23088 (This CVE has been issued to inform users that they are using End-of-Li ...)
+ TODO: check
+CVE-2025-23087 (This CVE has been issued to inform users that they are using End-of-Li ...)
+ TODO: check
+CVE-2025-22450 (Inclusion of undocumented features issue exists in UD-LT2 firmware Ver ...)
+ TODO: check
+CVE-2025-21571 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ TODO: check
+CVE-2025-21570 (Vulnerability in the Oracle Life Sciences Argus Safety product of Orac ...)
+ TODO: check
+CVE-2025-21569 (Vulnerability in the Oracle Hyperion Data Relationship Management prod ...)
+ TODO: check
+CVE-2025-21568 (Vulnerability in the Oracle Hyperion Data Relationship Management prod ...)
+ TODO: check
+CVE-2025-21567 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2025-21566 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2025-21565 (Vulnerability in the Oracle Agile PLM Framework product of Oracle Supp ...)
+ TODO: check
+CVE-2025-21564 (Vulnerability in the Oracle Agile PLM Framework product of Oracle Supp ...)
+ TODO: check
+CVE-2025-21563 (Vulnerability in the PeopleSoft Enterprise CC Common Application Objec ...)
+ TODO: check
+CVE-2025-21562 (Vulnerability in the PeopleSoft Enterprise CC Common Application Objec ...)
+ TODO: check
+CVE-2025-21561 (Vulnerability in the PeopleSoft Enterprise SCM Purchasing product of O ...)
+ TODO: check
+CVE-2025-21560 (Vulnerability in the Oracle Agile PLM Framework product of Oracle Supp ...)
+ TODO: check
+CVE-2025-21559 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2025-21558 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...)
+ TODO: check
+CVE-2025-21557 (Vulnerability in Oracle Application Express (component: General). Sup ...)
+ TODO: check
+CVE-2025-21556 (Vulnerability in the Oracle Agile PLM Framework product of Oracle Supp ...)
+ TODO: check
+CVE-2025-21555 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2025-21554 (Vulnerability in the Oracle Communications Order and Service Managemen ...)
+ TODO: check
+CVE-2025-21553 (Vulnerability in the Java VM component of Oracle Database Server. Sup ...)
+ TODO: check
+CVE-2025-21552 (Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of ...)
+ TODO: check
+CVE-2025-21551 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
+ TODO: check
+CVE-2025-21550 (Vulnerability in the Oracle Financial Services Behavior Detection Plat ...)
+ TODO: check
+CVE-2025-21549 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ TODO: check
+CVE-2025-21548 (Vulnerability in the MySQL Connectors product of Oracle MySQL (compone ...)
+ TODO: check
+CVE-2025-21547 (Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hosp ...)
+ TODO: check
+CVE-2025-21546 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2025-21545 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+ TODO: check
+CVE-2025-21544 (Vulnerability in the Oracle Communications Order and Service Managemen ...)
+ TODO: check
+CVE-2025-21543 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2025-21542 (Vulnerability in the Oracle Communications Order and Service Managemen ...)
+ TODO: check
+CVE-2025-21541 (Vulnerability in the Oracle Workflow product of Oracle E-Business Suit ...)
+ TODO: check
+CVE-2025-21540 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2025-21539 (Vulnerability in the PeopleSoft Enterprise FIN eSettlements product of ...)
+ TODO: check
+CVE-2025-21538 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle ...)
+ TODO: check
+CVE-2025-21537 (Vulnerability in the PeopleSoft Enterprise FIN Cash Management product ...)
+ TODO: check
+CVE-2025-21536 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2025-21535 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ TODO: check
+CVE-2025-21534 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2025-21533 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ TODO: check
+CVE-2025-21532 (Vulnerability in the Oracle Analytics Desktop product of Oracle Analyt ...)
+ TODO: check
+CVE-2025-21531 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2025-21530 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+ TODO: check
+CVE-2025-21529 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2025-21528 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...)
+ TODO: check
+CVE-2025-21527 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle ...)
+ TODO: check
+CVE-2025-21526 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...)
+ TODO: check
+CVE-2025-21525 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2025-21524 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle ...)
+ TODO: check
+CVE-2025-21523 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2025-21522 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2025-21521 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2025-21520 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2025-21519 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2025-21518 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2025-21517 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle ...)
+ TODO: check
+CVE-2025-21516 (Vulnerability in the Oracle Customer Care product of Oracle E-Business ...)
+ TODO: check
+CVE-2025-21515 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle ...)
+ TODO: check
+CVE-2025-21514 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle ...)
+ TODO: check
+CVE-2025-21513 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle ...)
+ TODO: check
+CVE-2025-21512 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle ...)
+ TODO: check
+CVE-2025-21511 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle ...)
+ TODO: check
+CVE-2025-21510 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle ...)
+ TODO: check
+CVE-2025-21509 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle ...)
+ TODO: check
+CVE-2025-21508 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle ...)
+ TODO: check
+CVE-2025-21507 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle ...)
+ TODO: check
+CVE-2025-21506 (Vulnerability in the Oracle Project Foundation product of Oracle E-Bus ...)
+ TODO: check
+CVE-2025-21505 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2025-21504 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2025-21503 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2025-21502 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
+ TODO: check
+CVE-2025-21501 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2025-21500 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2025-21499 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2025-21498 (Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middl ...)
+ TODO: check
+CVE-2025-21497 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2025-21495 (Vulnerability in the MySQL Enterprise Firewall product of Oracle MySQL ...)
+ TODO: check
+CVE-2025-21494 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2025-21493 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2025-21492 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2025-21491 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2025-21490 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2025-21489 (Vulnerability in the Oracle Advanced Outbound Telephony product of Ora ...)
+ TODO: check
+CVE-2025-20617 (Improper neutralization of special elements used in an OS command ('OS ...)
+ TODO: check
+CVE-2025-0625 (A vulnerability, which was classified as problematic, was found in Cam ...)
+ TODO: check
+CVE-2025-0429 (The "AI Power: Complete AI Pack" plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2025-0428 (The "AI Power: Complete AI Pack" plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2024-57545 (Linksys E8450 v1.2.00.360516 was discovered to contain a buffer overfl ...)
+ TODO: check
+CVE-2024-57544 (Linksys E8450 v1.2.00.360516 was discovered to contain a buffer overfl ...)
+ TODO: check
+CVE-2024-57543 (Linksys E8450 v1.2.00.360516 was discovered to contain a buffer overfl ...)
+ TODO: check
+CVE-2024-57542 (Linksys E8450 v1.2.00.360516 was discovered to contain a command injec ...)
+ TODO: check
+CVE-2024-57541 (Linksys E8450 v1.2.00.360516 was discovered to contain a buffer overfl ...)
+ TODO: check
+CVE-2024-57540 (Linksys E8450 v1.2.00.360516 was discovered to contain a buffer overfl ...)
+ TODO: check
+CVE-2024-57539 (Linksys E8450 v1.2.00.360516 was discovered to contain a command injec ...)
+ TODO: check
+CVE-2024-57538 (Linksys E8450 v1.2.00.360516 was discovered to contain a buffer overfl ...)
+ TODO: check
+CVE-2024-57537 (Linksys E8450 v1.2.00.360516 was discovered to contain a buffer overfl ...)
+ TODO: check
+CVE-2024-57536 (Linksys E8450 v1.2.00.360516 was discovered to contain a command injec ...)
+ TODO: check
+CVE-2024-57360 (https://www.gnu.org/software/binutils/ nm >=2.43 is affected by: Incor ...)
+ TODO: check
+CVE-2024-55959 (Northern.tech Mender Client 4.x before 4.0.5 has Insecure Permissions.)
+ TODO: check
+CVE-2024-55958 (Northern.tech CFEngine Enterprise Mission Portal 3.24.0, 3.21.5, and b ...)
+ TODO: check
+CVE-2024-49749 (In DGifSlurp of dgif_lib.c, there is a possible out of bounds write du ...)
+ TODO: check
+CVE-2024-49748 (In gatts_process_primary_service_req of gatt_sr.cc, there is a possibl ...)
+ TODO: check
+CVE-2024-49747 (In gatts_process_read_by_type_req of gatt_sr.cc, there is a possible o ...)
+ TODO: check
+CVE-2024-49745 (In growData of Parcel.cpp, there is a possible out of bounds write due ...)
+ TODO: check
+CVE-2024-49744 (In checkKeyIntentParceledCorrectly of AccountManagerService.java, the ...)
+ TODO: check
+CVE-2024-49742 (In onCreate of NotificationAccessConfirmationActivity.java , there is ...)
+ TODO: check
+CVE-2024-49738 (In writeInplace of Parcel.cpp, there is a possible out of bounds write ...)
+ TODO: check
+CVE-2024-49737 (In applyTaskFragmentOperation of WindowOrganizerController.java, there ...)
+ TODO: check
+CVE-2024-49736 (In onClick of MainClear.java, there is a possible way to trigger facto ...)
+ TODO: check
+CVE-2024-49735 (In multiple locations, there is a possible failure to persist permissi ...)
+ TODO: check
+CVE-2024-49734 (In multiple functions of ConnectivityService.java, there is a possible ...)
+ TODO: check
+CVE-2024-49733 (In reload of ServiceListing.java , there is a possible way to allow a ...)
+ TODO: check
+CVE-2024-49732 (In multiple functions of CompanionDeviceManagerService.java, there is ...)
+ TODO: check
+CVE-2024-49724 (In multiple functions of AccountManagerService.java, there is a possib ...)
+ TODO: check
+CVE-2024-48392 (OrangeScrum v2.0.11 is vulnerable to Cross Site Scripting (XSS). An at ...)
+ TODO: check
+CVE-2024-43771 (In gatts_process_read_req of gatt_sr.cc, there is a possible out of bo ...)
+ TODO: check
+CVE-2024-43770 (In gatts_process_find_info of gatt_sr.cc, there is a possible out of b ...)
+ TODO: check
+CVE-2024-43765 (In multiple locations, there is a possible way to obtain access to a f ...)
+ TODO: check
+CVE-2024-43763 (In build_read_multi_rsp of gatt_sr.cc, there is a possible denial of s ...)
+ TODO: check
+CVE-2024-43096 (In build_read_multi_rsp of gatt_sr.cc, there is a possible out of boun ...)
+ TODO: check
+CVE-2024-43095 (In multiple locations, there is a possible way to obtain any system pe ...)
+ TODO: check
+CVE-2024-34730 (In multiple locations, there is a possible bypass of user consent to e ...)
+ TODO: check
+CVE-2024-24451 (A stack overflow in the sctp_server::sctp_receiver_thread component of ...)
+ TODO: check
+CVE-2024-24445 (OpenAirInterface CN5G AMF (oai-cn5g-amf) <= 2.0.0 contains a null dere ...)
+ TODO: check
+CVE-2024-24444 (Improper file descriptor handling for closed connections in OpenAirInt ...)
+ TODO: check
+CVE-2024-24443 (An uninitialized pointer dereference in the ngap_handle_pdu_session_re ...)
+ TODO: check
+CVE-2024-24442 (A NULL pointer dereference in the ngap_app::handle_receive routine of ...)
+ TODO: check
+CVE-2024-24428 (A reachable assertion in the oai_nas_5gmm_decode function of Open5GS < ...)
+ TODO: check
+CVE-2024-24427 (A reachable assertion in the amf_ue_set_suci function of Open5GS <= 2. ...)
+ TODO: check
+CVE-2024-24424 (A reachable assertion in the decode_access_point_name_ie function of M ...)
+ TODO: check
+CVE-2024-24423 (The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b83 ...)
+ TODO: check
+CVE-2024-24422 (The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b83 ...)
+ TODO: check
+CVE-2024-24421 (A type confusion in the nas_message_decode function of Magma <= 1.8.0 ...)
+ TODO: check
+CVE-2024-24420 (A reachable assertion in the decode_linked_ti_ie function of Magma <= ...)
+ TODO: check
+CVE-2024-24419 (The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b83 ...)
+ TODO: check
+CVE-2024-24418 (The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b83 ...)
+ TODO: check
+CVE-2024-24417 (The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b83 ...)
+ TODO: check
+CVE-2024-24416 (The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b83 ...)
+ TODO: check
+CVE-2024-21245 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle ...)
+ TODO: check
+CVE-2024-13590 (The Ketchup Shortcodes plugin for WordPress is vulnerable to Stored Cr ...)
+ TODO: check
+CVE-2024-13584 (The Picture Gallery \u2013 Frontend Image Uploads, AJAX Photo List plu ...)
+ TODO: check
+CVE-2024-13426 (The WP-Polls plugin for WordPress is vulnerable to SQL Injection via C ...)
+ TODO: check
+CVE-2024-13406 (The XML for Google Merchant Center plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2024-13361 (The AI Power: Complete AI Pack plugin for WordPress is vulnerable to u ...)
+ TODO: check
+CVE-2024-13360 (The AI Power: Complete AI Pack plugin for WordPress is vulnerable to S ...)
+ TODO: check
+CVE-2024-13319 (The Themify Builder plugin for WordPress is vulnerable to Reflected Cr ...)
+ TODO: check
+CVE-2024-13091 (The WPBot Pro Wordpress Chatbot plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2024-12879 (The WPBot Pro Wordpress Chatbot plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2024-12857 (The AdForest theme for WordPress is vulnerable to authentication bypas ...)
+ TODO: check
+CVE-2024-12117 (The Stackable \u2013 Page Builder Gutenberg Blocks plugin for WordPres ...)
+ TODO: check
+CVE-2024-11218 (A vulnerability was found in `podman build` and `buildah.` This issue ...)
+ TODO: check
+CVE-2023-50733 (A Server-Side Request Forgery (SSRF) vulnerability has been identified ...)
+ TODO: check
+CVE-2023-40132 (In setActualDefaultRingtoneUri of RingtoneManager.java, there is a pos ...)
+ TODO: check
+CVE-2023-40108 (In multiple locations, there is a possible way to access media content ...)
+ TODO: check
+CVE-2023-37039 (A Null pointer dereference vulnerability in the Mobile Management Enti ...)
+ TODO: check
+CVE-2023-37038 (A Null pointer dereference vulnerability in the Mobile Management Enti ...)
+ TODO: check
+CVE-2023-37037 (A Null pointer dereference vulnerability in the Mobile Management Enti ...)
+ TODO: check
+CVE-2023-37036 (A Null pointer dereference vulnerability in the Mobile Management Enti ...)
+ TODO: check
+CVE-2023-37035 (A Null pointer dereference vulnerability in the Mobile Management Enti ...)
+ TODO: check
+CVE-2023-37034 (A Null pointer dereference vulnerability in the Mobile Management Enti ...)
+ TODO: check
+CVE-2023-37033 (A Null pointer dereference vulnerability in the Mobile Management Enti ...)
+ TODO: check
+CVE-2023-37032 (A Stack-based buffer overflow in the Mobile Management Entity (MME) of ...)
+ TODO: check
+CVE-2023-37031 (A Null pointer dereference vulnerability in the Mobile Management Enti ...)
+ TODO: check
+CVE-2023-37030 (A Null pointer dereference vulnerability in the Mobile Management Enti ...)
+ TODO: check
+CVE-2023-37029 (Magma versions <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f56 ...)
+ TODO: check
+CVE-2023-37028 (A Null pointer dereference vulnerability in the Mobile Management Enti ...)
+ TODO: check
+CVE-2023-37027 (Null pointer dereference vulnerability in the Mobile Management Entity ...)
+ TODO: check
+CVE-2023-37026 (A Null pointer dereference vulnerability in the Mobile Management Enti ...)
+ TODO: check
+CVE-2023-37025 (A Null pointer dereference vulnerability in the Mobile Management Enti ...)
+ TODO: check
+CVE-2023-37024 (A reachable assertion in the Mobile Management Entity (MME) of Magma v ...)
+ TODO: check
CVE-2025-0411 [7-Zip Mark-of-the-Web Bypass Vulnerability]
- 7zip 24.09+dfsg-1
- p7zip 16.02+transitional.1 (unimportant)
@@ -18,14 +368,14 @@ CVE-2025-23085 [GOAWAY HTTP/2 frames cause memory leak outside heap]
CVE-2025-23084 [Path traversal by drive name in Windows environment]
- nodejs <not-affected> (Only affect Node.js on Windows)
NOTE: https://nodejs.org/en/blog/vulnerability/january-2025-security-releases#path-traversal-by-drive-name-in-windows-environment-cve-2025-23084---medium
-CVE-2025-23083 [Worker permission bypass via InternalWorker leak in diagnostics]
+CVE-2025-23083 (With the aid of the diagnostics_channel utility, an event can be hooke ...)
- nodejs <unfixed>
NOTE: https://nodejs.org/en/blog/vulnerability/january-2025-security-releases#worker-permission-bypass-via-internalworker-leak-in-diagnostics-cve-2025-23083---high
-CVE-2025-23195
+CVE-2025-23195 (An XML External Entity (XXE) vulnerability exists in the Ambari/Oozie ...)
NOT-FOR-US: Apache Ambari
-CVE-2025-23196
+CVE-2025-23196 (A code injection vulnerability exists in the Ambari Alert Definition ...)
NOT-FOR-US: Apache Ambari
-CVE-2024-51941
+CVE-2024-51941 (A remote code injection vulnerability exists in the Ambari Metrics and ...)
NOT-FOR-US: Apache Ambari
CVE-2025-24461 (In JetBrains TeamCity before 2024.12.1 decryption of connection secret ...)
NOT-FOR-US: JetBrains TeamCity
@@ -229,9 +579,9 @@ CVE-2024-10936 (The String locator plugin for WordPress is vulnerable to PHP Obj
NOT-FOR-US: WordPress plugin
CVE-2023-45908 (Homarr before v0.14.0 was discovered to contain a stored cross-site sc ...)
NOT-FOR-US: Homarr
-CVE-2024-45479
+CVE-2024-45479 (SSRF vulnerability in Edit Service Page of Apache Ranger UI in Apache ...)
NOT-FOR-US: Apache Ranger
-CVE-2024-45478
+CVE-2024-45478 (Stored XSS vulnerability in Edit Service Page of Apache Ranger UI in A ...)
NOT-FOR-US: Apache Ranger
CVE-2025-21664 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.12.10-1
@@ -23342,7 +23692,7 @@ CVE-2024-20106 (In m4u, there is a possible out of bounds write due to a missing
NOT-FOR-US: MediaTek
CVE-2024-20104 (In da, there is a possible out of bounds write due to a missing bounds ...)
NOT-FOR-US: MediaTek
-CVE-2024-10761 (A vulnerability was found in Umbraco CMS 12.3.6. It has been classifie ...)
+CVE-2024-10761 (A vulnerability was found in Umbraco CMS up to 10.7.7/12.3.6/13.5.2/14 ...)
NOT-FOR-US: Umbraco CMS
CVE-2024-10760 (A vulnerability was found in code-projects University Event Management ...)
NOT-FOR-US: code-projects University Event Management System
@@ -155921,10 +156271,10 @@ CVE-2023-27114 (radare2 v5.8.3 was discovered to contain a segmentation fault vi
- radare2 5.9.0+dfsg-1 (bug #1032667)
NOTE: https://github.com/radareorg/radare2/issues/21363
NOTE: https://github.com/radareorg/radare2/commit/a15067a8eaa836bcc24b0882712c14d1baa66509
-CVE-2023-27113
- RESERVED
-CVE-2023-27112
- RESERVED
+CVE-2023-27113 (pearProjectApi v2.8.10 was discovered to contain a SQL injection vulne ...)
+ TODO: check
+CVE-2023-27112 (pearProjectApi v2.8.10 was discovered to contain a SQL injection vulne ...)
+ TODO: check
CVE-2023-27111
RESERVED
CVE-2023-27110
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e05938b8f5d0dce1688ab2bd34362417762fb20e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e05938b8f5d0dce1688ab2bd34362417762fb20e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250122/5d94876a/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list