[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Jan 23 20:12:38 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
36f3470f by security tracker role at 2025-01-23T20:12:31+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,8 +1,140 @@
-CVE-2024-57947 [netfilter: nf_set_pipapo: fix initial map fill]
+CVE-2025-24353 (Directus is a real-time API and App dashboard for managing SQL databas ...)
+ TODO: check
+CVE-2025-24034 (Himmelblau is an interoperability suite for Microsoft Azure Entra ID a ...)
+ TODO: check
+CVE-2025-24033 (@fastify/multipart is a Fastify plugin for parsing the multipart conte ...)
+ TODO: check
+CVE-2025-23960 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-23894 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-23836 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-23835 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-23834 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-23733 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-23730 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-23729 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-23727 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-23725 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-23724 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-23723 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-23722 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-23636 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-23634 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-23629 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-23628 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-23626 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-23624 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-23545 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-23544 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-23541 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-23540 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-23227 (IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7. ...)
+ TODO: check
+CVE-2025-23006 (Pre-authentication deserialization of untrusted data vulnerability has ...)
+ TODO: check
+CVE-2025-22768 (Cross-Site Request Forgery (CSRF) vulnerability in Qwerty23 Rocket Med ...)
+ TODO: check
+CVE-2025-22264 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22153 (RestrictedPython is a tool that helps to define a subset of the Python ...)
+ TODO: check
+CVE-2025-0648 (Unexpected server crash in database driver in M-Files Server before 25 ...)
+ TODO: check
+CVE-2025-0637 (It has been found that the Beta10 software does not provide for proper ...)
+ TODO: check
+CVE-2025-0635 (Denial of service condition in M-Files Server in versions before 25. ...)
+ TODO: check
+CVE-2025-0619 (Unsafe password recovery from configuration in M-Files Server before 2 ...)
+ TODO: check
+CVE-2024-55971 (SQL Injection vulnerability in the default configuration of the Logiti ...)
+ TODO: check
+CVE-2024-55930 (Weak default folder permissions)
+ TODO: check
+CVE-2024-55929 (Mail spoofing)
+ TODO: check
+CVE-2024-55928 (Clear text secrets returned & Remote system secrets in clear text)
+ TODO: check
+CVE-2024-55927 (Flawed token generation implementation & Hard-coded key implementation)
+ TODO: check
+CVE-2024-55926 (Arbitrary file upload, deletion and read through header manipulation)
+ TODO: check
+CVE-2024-55925 (API Security bypass through header manipulation)
+ TODO: check
+CVE-2024-52331 (ECOVACS robot lawnmowers and vacuums use a deterministic symmetric key ...)
+ TODO: check
+CVE-2024-52330 (ECOVACS lawnmowers and vacuums do not properly validate TLS certificat ...)
+ TODO: check
+CVE-2024-52329 (ECOVACS HOME mobile app plugins for specific robots do not properly va ...)
+ TODO: check
+CVE-2024-52328 (ECOVACS robot lawnmowers and vacuums insecurely store audio files used ...)
+ TODO: check
+CVE-2024-52327 (The cloud service used by ECOVACS robot lawnmowers and vacuums allows ...)
+ TODO: check
+CVE-2024-52325 (ECOVACS robot lawnmowers and vacuums are vulnerable to command injecti ...)
+ TODO: check
+CVE-2024-45672 (IBM Security Verify Bridge 1.0.0 through 1.0.15 could allow a local pr ...)
+ TODO: check
+CVE-2024-43708 (An allocation of resources without limits or throttling in Kibana can ...)
+ TODO: check
+CVE-2024-13593 (The BMLT Meeting Map plugin for WordPress is vulnerable to Local File ...)
+ TODO: check
+CVE-2024-13511 (The Variation Swatches for WooCommerce plugin, in all versions startin ...)
+ TODO: check
+CVE-2024-13422 (The SEO Blogger to WordPress Migration using 301 Redirection plugin fo ...)
+ TODO: check
+CVE-2024-13389 (The Cliptakes plugin for WordPress is vulnerable to Stored Cross-Site ...)
+ TODO: check
+CVE-2024-13340 (The MDTF \u2013 Meta Data and Taxonomies Filter plugin for WordPress i ...)
+ TODO: check
+CVE-2024-13236 (The Tainacan plugin for WordPress is vulnerable to SQL Injection via t ...)
+ TODO: check
+CVE-2024-13234 (The Product Table by WBW plugin for WordPress is vulnerable to SQL Inj ...)
+ TODO: check
+CVE-2024-12957 (A file handling command vulnerability in certain versions of Armoury C ...)
+ TODO: check
+CVE-2024-12504 (The Broadcast Live Video \u2013 Live Streaming : HTML5, WebRTC, HLS, R ...)
+ TODO: check
+CVE-2024-12118 (The The Events Calendar plugin for WordPress is vulnerable to Stored C ...)
+ TODO: check
+CVE-2024-12079 (ECOVACS robot lawnmowers store the anti-theft PIN in cleartext on the ...)
+ TODO: check
+CVE-2024-12078 (ECOVACS robot lawn mowers and vacuums use a shared, static secret key ...)
+ TODO: check
+CVE-2024-12043 (The Prime Slider \u2013 Addons For Elementor (Revolution of a slider, ...)
+ TODO: check
+CVE-2024-11147 (ECOVACS robot lawnmowers and vacuums use a deterministic root password ...)
+ TODO: check
+CVE-2024-10846 (The compose-go library component in versions v2.10-v2.4.0 allows an au ...)
+ TODO: check
+CVE-2024-10539 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-57947 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.10.3-1
[bookworm] - linux 6.1.106-1
NOTE: https://git.kernel.org/linus/791a615b7ad2258c560f91852be54b0480837c93 (6.11-rc1)
-CVE-2025-0650
+CVE-2025-0650 (A flaw was found in the Open Virtual Network (OVN). Specially crafted ...)
- ovn <unfixed> (bug #1093884)
NOTE: https://www.openwall.com/lists/oss-security/2025/01/22/5
NOTE: https://github.com/ovn-org/ovn/commit/249c52ad011cacb4c182dc64e88977ac7c61f668 (v24.09.2)
@@ -10,7 +142,7 @@ CVE-2024-11931
- gitlab <unfixed>
CVE-2025-0314
- gitlab <unfixed>
-CVE-2024-53299
+CVE-2024-53299 (The request handling in the core in Apache Wicket 7.0.0 on any platfor ...)
NOT-FOR-US: Apache Wicket
CVE-2025-24530 (An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnera ...)
- phpmyadmin 4:5.2.2-really5.2.2+20250121+dfsg-1
@@ -282,9 +414,11 @@ CVE-2025-0651 (Improper Privilege Management vulnerability in Cloudflare WARP on
CVE-2025-0638 (The initial code parsing the manifest did not check the content of the ...)
- routinator <itp> (bug #929024)
CVE-2025-0612 (Out of bounds memory access in V8 in Google Chrome prior to 132.0.6834 ...)
+ {DSA-5848-1}
- chromium 132.0.6834.110-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-0611 (Object corruption in V8 in Google Chrome prior to 132.0.6834.110 allow ...)
+ {DSA-5848-1}
- chromium 132.0.6834.110-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-0604 (A flaw was found in Keycloak. When an Active Directory user resets the ...)
@@ -3282,6 +3416,7 @@ CVE-2024-56841 (A vulnerability has been identified in Mendix LDAP (All versions
CVE-2024-56497 (An improper neutralization of special elements used in an os command ( ...)
NOT-FOR-US: FortiGuard
CVE-2024-56374 (An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, ...)
+ {DLA-4030-1}
- python-django 3:4.2.18-1 (bug #1093049)
NOTE: https://www.djangoproject.com/weblog/2025/jan/14/security-releases/
NOTE: Fixed by: https://github.com/django/django/commit/ad866a1ca3e7d60da888d25d27e46a8adb2ed36e (4.2.18)
@@ -6131,6 +6266,7 @@ CVE-2024-8855 (The WordPress Auction Plugin WordPress plugin through 3.7 does no
CVE-2024-7696 (Seth Fogie, member of AXIS Camera Station Pro Bug Bounty Program, has ...)
NOT-FOR-US: AXIS Camera Station server
CVE-2024-55553 (In FRRouting (FRR) before 10.3 from 6.0 onward, all routes are re-vali ...)
+ {DLA-4029-1}
- frr 10.2.1-1
NOTE: Fixed by: https://github.com/FRRouting/frr/commit/b0800bfdf04b4fcf48504737ebfe4ba7f05268d3 (master)
NOTE: Fixed by: https://github.com/FRRouting/frr/commit/410eb0da69214a06350315575ddb332e363b66c6 (frr-10.2.1)
@@ -103374,6 +103510,7 @@ CVE-2023-38625 (A post-authenticated server-side request forgery (SSRF) vulnerab
CVE-2023-38624 (A post-authenticated server-side request forgery (SSRF) vulnerability ...)
NOT-FOR-US: Trend Micro
CVE-2023-36177 (An issue was discovered in badaix Snapcast version 0.27.0, allows remo ...)
+ {DSA-5847-1}
- snapcast 0.30.0-1
NOTE: Introduced with: https://github.com/badaix/snapcast/commit/b26d8929505a30bb6177bd1b905f13eace1530dc (v0.16.0)
NOTE: Fixed by: https://github.com/badaix/snapcast/commit/9e6009cad0ef6e2e88f64a1b2504eb4749af287f (v0.30.0)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/36f3470f9113505573d6e1b5de8d207225373c4e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/36f3470f9113505573d6e1b5de8d207225373c4e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250123/8e43794e/attachment.htm>
More information about the debian-security-tracker-commits
mailing list