[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Jan 24 08:12:34 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1539a9d1 by security tracker role at 2025-01-24T08:12:27+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,49 @@
+CVE-2025-23012 (Fedora Repository 3.8.x includes a service account (fedoraIntCallUser) ...)
+ TODO: check
+CVE-2025-23011 (Fedora Repository 3.8.1 allows path traversal when extracting uploaded ...)
+ TODO: check
+CVE-2025-0693 (Variable response times in the AWS Sign-in IAM user login flow allowed ...)
+ TODO: check
+CVE-2024-57556 (Cross Site Scripting vulnerability in nbubna store v.2.14.2 and before ...)
+ TODO: check
+CVE-2024-57386 (Cross Site Scripting vulnerability in Wallos v.2.41.0 allows a remote ...)
+ TODO: check
+CVE-2024-57329 (HortusFox v3.9 contains a stored XSS vulnerability in the "Add Plant" ...)
+ TODO: check
+CVE-2024-57328 (A SQL Injection vulnerability exists in the login form of Online Food ...)
+ TODO: check
+CVE-2024-57326 (A Reflected Cross-Site Scripting (XSS) vulnerability exists in the sea ...)
+ TODO: check
+CVE-2024-55573 (An issue was discovered in Centreon centreon-web 24.10.x before 24.10. ...)
+ TODO: check
+CVE-2024-55195 (An allocation-size-too-big bug in the component /imagebuf.cpp of OpenI ...)
+ TODO: check
+CVE-2024-55194 (OpenImageIO v3.1.0.0dev was discovered to contain a heap overflow via ...)
+ TODO: check
+CVE-2024-55193 (OpenImageIO v3.1.0.0dev was discovered to contain a segmentation viola ...)
+ TODO: check
+CVE-2024-55192 (OpenImageIO v3.1.0.0dev was discovered to contain a heap overflow via ...)
+ TODO: check
+CVE-2024-53923 (An issue was discovered in Centreon Web 24.10.x before 24.10.3, 24.04. ...)
+ TODO: check
+CVE-2024-53588 (A DLL hijacking vulnerability in iTop VPN v16.0 allows attackers to ex ...)
+ TODO: check
+CVE-2024-53379 (Heap buffer overflow in the server site handshake implementation in Re ...)
+ TODO: check
+CVE-2024-50665 (gpac 2.4 contains a SEGV at src/isomedia/drm_sample.c:1562:96 in isom_ ...)
+ TODO: check
+CVE-2024-50664 (gpac 2.4 contains a heap-buffer-overflow at isomedia/sample_descs.c:17 ...)
+ TODO: check
+CVE-2024-13683 (The Automate Hub Free by Sperse.IO plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2024-13680 (The Form Builder CP plugin for WordPress is vulnerable to SQL Injectio ...)
+ TODO: check
+CVE-2024-13659 (The Listamester plugin for WordPress is vulnerable to Stored Cross-Sit ...)
+ TODO: check
+CVE-2023-46401 (KWHotel 0.47 is vulnerable to CSV Formula Injection in the invoice add ...)
+ TODO: check
+CVE-2023-46400 (KWHotel 0.47 is vulnerable to CSV Formula Injection in the add guest f ...)
+ TODO: check
CVE-2024-0149
- nvidia-graphics-drivers <unfixed> (bug #1093908)
[bookworm] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
@@ -215,9 +261,9 @@ CVE-2025-0650 (A flaw was found in the Open Virtual Network (OVN). Specially cra
- ovn <unfixed> (bug #1093884)
NOTE: https://www.openwall.com/lists/oss-security/2025/01/22/5
NOTE: https://github.com/ovn-org/ovn/commit/249c52ad011cacb4c182dc64e88977ac7c61f668 (v24.09.2)
-CVE-2024-11931
+CVE-2024-11931 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- gitlab <unfixed>
-CVE-2025-0314
+CVE-2025-0314 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
- gitlab <unfixed>
CVE-2024-53299 (The request handling in the core in Apache Wicket 7.0.0 on any platfor ...)
NOT-FOR-US: Apache Wicket
@@ -2470,7 +2516,7 @@ CVE-2018-25108 (An unauthenticated remote attacker can cause a DoS in the contro
NOT-FOR-US: WAGO
CVE-2025-22976 (SQL Injection vulnerability in dingfanzuCMS v.1.0 allows a local attac ...)
NOT-FOR-US: dingfanzuCMS
-CVE-2025-22964 (SQL Injection vulnerability in DDSN Net Pty Ltd (DDSN Interactive) DDS ...)
+CVE-2025-22964 (DDSN Interactive cm3 Acora CMS version 10.1.1 has an unauthenticated t ...)
NOT-FOR-US: Acora CMS
CVE-2025-22916 (RE11S v1.11 was discovered to contain a stack overflow via the pppUser ...)
NOT-FOR-US: RE11S
@@ -265810,8 +265856,8 @@ CVE-2021-42720 (Adobe Bridge version 11.1.1 (and earlier) is affected by an out-
NOT-FOR-US: Adobe
CVE-2021-42719 (Adobe Bridge version 11.1.1 (and earlier) is affected by an out-of-bou ...)
NOT-FOR-US: Adobe
-CVE-2021-42718
- RESERVED
+CVE-2021-42718 (Information Disclosure in API in Replicated Replicated Classic version ...)
+ TODO: check
CVE-2021-3894
REJECTED
CVE-2021-42717 (ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objec ...)
@@ -297673,7 +297719,7 @@ CVE-2021-30747
CVE-2021-30746 (An out-of-bounds read was addressed with improved input validation. Th ...)
NOT-FOR-US: Apple
CVE-2021-30745
- RESERVED
+ REJECTED
CVE-2021-30744 (Description: A cross-origin issue with iframe elements was addressed w ...)
{DSA-4945-1}
- webkit2gtk 2.32.3-1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1539a9d189c00e99fcb22c70b496d9cf87b463d1
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1539a9d189c00e99fcb22c70b496d9cf87b463d1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250124/98bd6027/attachment.htm>
More information about the debian-security-tracker-commits
mailing list