[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Jan 24 08:12:34 GMT 2025



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1539a9d1 by security tracker role at 2025-01-24T08:12:27+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,49 @@
+CVE-2025-23012 (Fedora Repository 3.8.x includes a service account (fedoraIntCallUser) ...)
+	TODO: check
+CVE-2025-23011 (Fedora Repository 3.8.1 allows path traversal when extracting uploaded ...)
+	TODO: check
+CVE-2025-0693 (Variable response times in the AWS Sign-in IAM user login flow allowed ...)
+	TODO: check
+CVE-2024-57556 (Cross Site Scripting vulnerability in nbubna store v.2.14.2 and before ...)
+	TODO: check
+CVE-2024-57386 (Cross Site Scripting vulnerability in Wallos v.2.41.0 allows a remote  ...)
+	TODO: check
+CVE-2024-57329 (HortusFox v3.9 contains a stored XSS vulnerability in the "Add Plant"  ...)
+	TODO: check
+CVE-2024-57328 (A SQL Injection vulnerability exists in the login form of Online Food  ...)
+	TODO: check
+CVE-2024-57326 (A Reflected Cross-Site Scripting (XSS) vulnerability exists in the sea ...)
+	TODO: check
+CVE-2024-55573 (An issue was discovered in Centreon centreon-web 24.10.x before 24.10. ...)
+	TODO: check
+CVE-2024-55195 (An allocation-size-too-big bug in the component /imagebuf.cpp of OpenI ...)
+	TODO: check
+CVE-2024-55194 (OpenImageIO v3.1.0.0dev was discovered to contain a heap overflow via  ...)
+	TODO: check
+CVE-2024-55193 (OpenImageIO v3.1.0.0dev was discovered to contain a segmentation viola ...)
+	TODO: check
+CVE-2024-55192 (OpenImageIO v3.1.0.0dev was discovered to contain a heap overflow via  ...)
+	TODO: check
+CVE-2024-53923 (An issue was discovered in Centreon Web 24.10.x before 24.10.3, 24.04. ...)
+	TODO: check
+CVE-2024-53588 (A DLL hijacking vulnerability in iTop VPN v16.0 allows attackers to ex ...)
+	TODO: check
+CVE-2024-53379 (Heap buffer overflow in the server site handshake implementation in Re ...)
+	TODO: check
+CVE-2024-50665 (gpac 2.4 contains a SEGV at src/isomedia/drm_sample.c:1562:96 in isom_ ...)
+	TODO: check
+CVE-2024-50664 (gpac 2.4 contains a heap-buffer-overflow at isomedia/sample_descs.c:17 ...)
+	TODO: check
+CVE-2024-13683 (The Automate Hub Free by Sperse.IO plugin for WordPress is vulnerable  ...)
+	TODO: check
+CVE-2024-13680 (The Form Builder CP plugin for WordPress is vulnerable to SQL Injectio ...)
+	TODO: check
+CVE-2024-13659 (The Listamester plugin for WordPress is vulnerable to Stored Cross-Sit ...)
+	TODO: check
+CVE-2023-46401 (KWHotel 0.47 is vulnerable to CSV Formula Injection in the invoice add ...)
+	TODO: check
+CVE-2023-46400 (KWHotel 0.47 is vulnerable to CSV Formula Injection in the add guest f ...)
+	TODO: check
 CVE-2024-0149
 	- nvidia-graphics-drivers <unfixed> (bug #1093908)
 	[bookworm] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
@@ -215,9 +261,9 @@ CVE-2025-0650 (A flaw was found in the Open Virtual Network (OVN). Specially cra
 	- ovn <unfixed> (bug #1093884)
 	NOTE: https://www.openwall.com/lists/oss-security/2025/01/22/5
 	NOTE: https://github.com/ovn-org/ovn/commit/249c52ad011cacb4c182dc64e88977ac7c61f668 (v24.09.2)
-CVE-2024-11931
+CVE-2024-11931 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
 	- gitlab <unfixed>
-CVE-2025-0314
+CVE-2025-0314 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
 	- gitlab <unfixed>
 CVE-2024-53299 (The request handling in the core in Apache Wicket 7.0.0 on any platfor ...)
 	NOT-FOR-US: Apache Wicket
@@ -2470,7 +2516,7 @@ CVE-2018-25108 (An unauthenticated remote attacker can cause a DoS in the contro
 	NOT-FOR-US: WAGO
 CVE-2025-22976 (SQL Injection vulnerability in dingfanzuCMS v.1.0 allows a local attac ...)
 	NOT-FOR-US: dingfanzuCMS
-CVE-2025-22964 (SQL Injection vulnerability in DDSN Net Pty Ltd (DDSN Interactive) DDS ...)
+CVE-2025-22964 (DDSN Interactive cm3 Acora CMS version 10.1.1 has an unauthenticated t ...)
 	NOT-FOR-US: Acora CMS
 CVE-2025-22916 (RE11S v1.11 was discovered to contain a stack overflow via the pppUser ...)
 	NOT-FOR-US: RE11S
@@ -265810,8 +265856,8 @@ CVE-2021-42720 (Adobe Bridge version 11.1.1 (and earlier) is affected by an out-
 	NOT-FOR-US: Adobe
 CVE-2021-42719 (Adobe Bridge version 11.1.1 (and earlier) is affected by an out-of-bou ...)
 	NOT-FOR-US: Adobe
-CVE-2021-42718
-	RESERVED
+CVE-2021-42718 (Information Disclosure in API in Replicated Replicated Classic version ...)
+	TODO: check
 CVE-2021-3894
 	REJECTED
 CVE-2021-42717 (ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objec ...)
@@ -297673,7 +297719,7 @@ CVE-2021-30747
 CVE-2021-30746 (An out-of-bounds read was addressed with improved input validation. Th ...)
 	NOT-FOR-US: Apple
 CVE-2021-30745
-	RESERVED
+	REJECTED
 CVE-2021-30744 (Description: A cross-origin issue with iframe elements was addressed w ...)
 	{DSA-4945-1}
 	- webkit2gtk 2.32.3-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1539a9d189c00e99fcb22c70b496d9cf87b463d1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1539a9d189c00e99fcb22c70b496d9cf87b463d1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250124/98bd6027/attachment.htm>


More information about the debian-security-tracker-commits mailing list