[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Jan 24 20:13:41 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5147f2c1 by security tracker role at 2025-01-24T20:12:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,367 @@
+CVE-2025-24756 (Cross-Site Request Forgery (CSRF) vulnerability in mgplugin Roi Calcul ...)
+ TODO: check
+CVE-2025-24755 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-24753 (Missing Authorization vulnerability in Kadence WP Gutenberg Blocks by ...)
+ TODO: check
+CVE-2025-24751 (Missing Authorization vulnerability in GoDaddy CoBlocks allows Exploit ...)
+ TODO: check
+CVE-2025-24750 (Missing Authorization vulnerability in ExactMetrics ExactMetrics allow ...)
+ TODO: check
+CVE-2025-24746 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-24739 (Cross-Site Request Forgery (CSRF) vulnerability in FluentSMTP & WPMana ...)
+ TODO: check
+CVE-2025-24738 (Cross-Site Request Forgery (CSRF) vulnerability in NowButtons.com Call ...)
+ TODO: check
+CVE-2025-24736 (Missing Authorization vulnerability in Metaphor Creations Post Duplica ...)
+ TODO: check
+CVE-2025-24733 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-24732 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-24731 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-24730 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-24729 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-24728 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-24727 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-24726 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-24725 (Missing Authorization vulnerability in ThimPress Thim Elementor Kit al ...)
+ TODO: check
+CVE-2025-24724 (Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Side Me ...)
+ TODO: check
+CVE-2025-24723 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-24722 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-24721 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-24720 (Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Sticky ...)
+ TODO: check
+CVE-2025-24719 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-24717 (Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Modal W ...)
+ TODO: check
+CVE-2025-24716 (Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Herd Ef ...)
+ TODO: check
+CVE-2025-24715 (Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Counter ...)
+ TODO: check
+CVE-2025-24714 (Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Bubble ...)
+ TODO: check
+CVE-2025-24713 (Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Button ...)
+ TODO: check
+CVE-2025-24712 (Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme Radius ...)
+ TODO: check
+CVE-2025-24711 (Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Popup B ...)
+ TODO: check
+CVE-2025-24709 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-24706 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-24705 (Missing Authorization vulnerability in Arshid WooCommerce Quick View a ...)
+ TODO: check
+CVE-2025-24704 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-24703 (Server-Side Request Forgery (SSRF) vulnerability in DLX Plugins Commen ...)
+ TODO: check
+CVE-2025-24702 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-24701 (Server-Side Request Forgery (SSRF) vulnerability in Kiboko Labs Chaine ...)
+ TODO: check
+CVE-2025-24698 (Cross-Site Request Forgery (CSRF) vulnerability in G5Theme Essential R ...)
+ TODO: check
+CVE-2025-24696 (Cross-Site Request Forgery (CSRF) vulnerability in WP Attire Attire Bl ...)
+ TODO: check
+CVE-2025-24695 (Server-Side Request Forgery (SSRF) vulnerability in HasThemes Extensio ...)
+ TODO: check
+CVE-2025-24693 (Missing Authorization vulnerability in Yehi Advanced Notifications all ...)
+ TODO: check
+CVE-2025-24691 (Missing Authorization vulnerability in Gagan Sandhu , Enej Bajgoric , ...)
+ TODO: check
+CVE-2025-24687 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-24683 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-24682 (Missing Authorization vulnerability in mikemmx Super Block Slider allo ...)
+ TODO: check
+CVE-2025-24681 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-24679 (Missing Authorization vulnerability in webraketen Internal Links Manag ...)
+ TODO: check
+CVE-2025-24678 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...)
+ TODO: check
+CVE-2025-24675 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-24674 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-24673 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...)
+ TODO: check
+CVE-2025-24672 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-24669 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-24668 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-24666 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-24663 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-24659 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-24658 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-24657 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-24652 (Missing Authorization vulnerability in Revmakx WP Duplicate \u2013 Wor ...)
+ TODO: check
+CVE-2025-24650 (Unrestricted Upload of File with Dangerous Type vulnerability in Theme ...)
+ TODO: check
+CVE-2025-24649 (Missing Authorization vulnerability in wpase.com Admin and Site Enhanc ...)
+ TODO: check
+CVE-2025-24647 (Cross-Site Request Forgery (CSRF) vulnerability in datafeedr.com WooCo ...)
+ TODO: check
+CVE-2025-24644 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-24638 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-24636 (Cross-Site Request Forgery (CSRF) vulnerability in Laymance Technologi ...)
+ TODO: check
+CVE-2025-24634 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-24633 (Missing Authorization vulnerability in silverplugins217 Build Private ...)
+ TODO: check
+CVE-2025-24627 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-24625 (Missing Authorization vulnerability in Marco Almeida | Webdados Taxono ...)
+ TODO: check
+CVE-2025-24623 (Cross-Site Request Forgery (CSRF) vulnerability in Really Simple Secur ...)
+ TODO: check
+CVE-2025-24622 (Cross-Site Request Forgery (CSRF) vulnerability in PickPlugins Job Boa ...)
+ TODO: check
+CVE-2025-24618 (Missing Authorization vulnerability in ElementInvader ElementInvader A ...)
+ TODO: check
+CVE-2025-24613 (Missing Authorization vulnerability in Foliovision FV Thoughtful Comme ...)
+ TODO: check
+CVE-2025-24611 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2025-24610 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-24604 (Missing Authorization vulnerability in Vikas Ratudi VForm allows Explo ...)
+ TODO: check
+CVE-2025-24596 (Missing Authorization vulnerability in WC Product Table WooCommerce Pr ...)
+ TODO: check
+CVE-2025-24595 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-24594 (Missing Authorization vulnerability in Speedcomp Linet ERP-Woocommerce ...)
+ TODO: check
+CVE-2025-24591 (Missing Authorization vulnerability in NinjaTeam GDPR CCPA Compliance ...)
+ TODO: check
+CVE-2025-24589 (Missing Authorization vulnerability in JS Morisset JSM Show Post Metad ...)
+ TODO: check
+CVE-2025-24588 (Missing Authorization vulnerability in Patreon Patreon WordPress allow ...)
+ TODO: check
+CVE-2025-24587 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-24585 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-24582 (Insertion of Sensitive Information Into Sent Data vulnerability in Cod ...)
+ TODO: check
+CVE-2025-24580 (Missing Authorization vulnerability in Code for Recovery 12 Step Meeti ...)
+ TODO: check
+CVE-2025-24579 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-24578 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-24575 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-24573 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-24572 (Cross-Site Request Forgery (CSRF) vulnerability in Epsiloncool WP Fast ...)
+ TODO: check
+CVE-2025-24571 (Missing Authorization vulnerability in Epsiloncool WP Fast Total Searc ...)
+ TODO: check
+CVE-2025-24570 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-24568 (Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force St ...)
+ TODO: check
+CVE-2025-24562 (Cross-Site Request Forgery (CSRF) vulnerability in Optimal Access Inc. ...)
+ TODO: check
+CVE-2025-24561 (Cross-Site Request Forgery (CSRF) vulnerability in ReviewsTap ReviewsT ...)
+ TODO: check
+CVE-2025-24555 (Cross-Site Request Forgery (CSRF) vulnerability in SubscriptionDNA.com ...)
+ TODO: check
+CVE-2025-24552 (Generation of Error Message Containing Sensitive Information vulnerabi ...)
+ TODO: check
+CVE-2025-24547 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-24546 (Cross-Site Request Forgery (CSRF) vulnerability in RSTheme Ultimate Co ...)
+ TODO: check
+CVE-2025-24543 (Cross-Site Request Forgery (CSRF) vulnerability in RSTheme Ultimate Co ...)
+ TODO: check
+CVE-2025-24542 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-24363 (The HL7 FHIR IG publisher is a tool to take a set of inputs and create ...)
+ TODO: check
+CVE-2025-24362 (In some circumstances, debug artifacts uploaded by the CodeQL Action a ...)
+ TODO: check
+CVE-2025-24359 (ASTEVAL is an evaluator of Python expressions and statements. Prior to ...)
+ TODO: check
+CVE-2025-24355 (Updatecli is a tool used to apply file update strategies. Prior to ver ...)
+ TODO: check
+CVE-2025-24025 (Coolify is an open-source and self-hostable tool for managing servers, ...)
+ TODO: check
+CVE-2025-23991 (Missing Authorization vulnerability in theDotstore Product Size Charts ...)
+ TODO: check
+CVE-2025-23889 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-23888 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-23885 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-23839 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-23838 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-23837 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-23737 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-23734 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-23711 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-23622 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-23621 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-23522 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-23427 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-23422 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2025-23222 (An issue was discovered in Deepin dde-api-proxy through 1.0.19 in whic ...)
+ TODO: check
+CVE-2025-22714 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22612 (Coolify is an open-source and self-hostable tool for managing servers, ...)
+ TODO: check
+CVE-2025-22611 (Coolify is an open-source and self-hostable tool for managing servers, ...)
+ TODO: check
+CVE-2025-22610 (Coolify is an open-source and self-hostable tool for managing servers, ...)
+ TODO: check
+CVE-2025-22609 (Coolify is an open-source and self-hostable tool for managing servers, ...)
+ TODO: check
+CVE-2025-22608 (Coolify is an open-source and self-hostable tool for managing servers, ...)
+ TODO: check
+CVE-2025-22607 (Coolify is an open-source and self-hostable tool for managing servers, ...)
+ TODO: check
+CVE-2025-22606 (Coolify is an open-source and self-hostable tool for managing servers, ...)
+ TODO: check
+CVE-2025-22605 (Coolify is an open-source and self-hostable tool for managing servers, ...)
+ TODO: check
+CVE-2025-0708 (A vulnerability was found in fumiao opencms 2.2. It has been declared ...)
+ TODO: check
+CVE-2025-0707 (A vulnerability was found in Rise Group Rise Mode Temp CPU 2.1. It has ...)
+ TODO: check
+CVE-2025-0706 (A vulnerability was found in JoeyBling bootplus up to 247d5f6c209be1a5 ...)
+ TODO: check
+CVE-2025-0705 (A vulnerability has been found in JoeyBling bootplus up to 247d5f6c209 ...)
+ TODO: check
+CVE-2025-0704 (A vulnerability, which was classified as problematic, was found in Joe ...)
+ TODO: check
+CVE-2025-0703 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2025-0702 (A vulnerability classified as critical was found in JoeyBling bootplus ...)
+ TODO: check
+CVE-2025-0701 (A vulnerability classified as critical has been found in JoeyBling boo ...)
+ TODO: check
+CVE-2025-0700 (A vulnerability was found in JoeyBling bootplus up to 247d5f6c209be1a5 ...)
+ TODO: check
+CVE-2025-0699 (A vulnerability was found in JoeyBling bootplus up to 247d5f6c209be1a5 ...)
+ TODO: check
+CVE-2025-0698 (A vulnerability was found in JoeyBling bootplus up to 247d5f6c209be1a5 ...)
+ TODO: check
+CVE-2025-0697 (A vulnerability, which was classified as problematic, was found in Tel ...)
+ TODO: check
+CVE-2024-9499 (DLL hijacking vulnerabilities, caused by an uncontrolled search path i ...)
+ TODO: check
+CVE-2024-9498 (DLL hijacking vulnerabilities, caused by an uncontrolled search path i ...)
+ TODO: check
+CVE-2024-9497 (DLL hijacking vulnerabilities, caused by an uncontrolled search path i ...)
+ TODO: check
+CVE-2024-9496 (DLL hijacking vulnerabilities, caused by an uncontrolled search path i ...)
+ TODO: check
+CVE-2024-9495 (DLL hijacking vulnerabilities, caused by an uncontrolled search path i ...)
+ TODO: check
+CVE-2024-9494 (DLL hijacking vulnerabilities, caused by an uncontrolled search path i ...)
+ TODO: check
+CVE-2024-9493 (DLL hijacking vulnerabilities, caused by an uncontrolled search path i ...)
+ TODO: check
+CVE-2024-9492 (DLL hijacking vulnerabilities, caused by an uncontrolled search path i ...)
+ TODO: check
+CVE-2024-9491 (DLL hijacking vulnerabilities, caused by an uncontrolled search path i ...)
+ TODO: check
+CVE-2024-9490 (DLL hijacking vulnerabilities, caused by an uncontrolled search path i ...)
+ TODO: check
+CVE-2024-57277 (InnoShop V.0.3.8 and below is vulnerable to Cross Site Scripting (XSS) ...)
+ TODO: check
+CVE-2024-57184 (An issue was discovered in GPAC v0.8.0, as demonstrated by MP4Box. It ...)
+ TODO: check
+CVE-2024-57095 (SQL injection vulnerability in Go-CMS v.1.1.10 allows a remote attacke ...)
+ TODO: check
+CVE-2024-57041 (A persistent cross-site scripting (XSS) vulnerability in NodeBB v3.11. ...)
+ TODO: check
+CVE-2024-56404 (In One Identity Identity Manager 9.x before 9.3, an insecure direct ob ...)
+ TODO: check
+CVE-2024-52807 (The HL7 FHIR IG publisher is a tool to take a set of inputs and create ...)
+ TODO: check
+CVE-2024-45077 (IBM Maximo Asset Management 7.6.1.3 MXAPIASSET API is vulnerable to un ...)
+ TODO: check
+CVE-2024-41757 (IBM Concert Software 1.0.0 and 1.0.1 could allow a remote attacker to ...)
+ TODO: check
+CVE-2024-41739 (IBM Cognos Dashboards 4.0.7 and 5.0.0 on Cloud Pak for Data could allo ...)
+ TODO: check
+CVE-2024-40706 (IBM InfoSphere Information Server 11.7 could allow a remote user to ob ...)
+ TODO: check
+CVE-2024-40693 (IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious fi ...)
+ TODO: check
+CVE-2024-35122 (IBM i 7.2, 7.3, 7.4, and 7.5 is vulnerable to a file level local denia ...)
+ TODO: check
+CVE-2024-25034 (IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious fi ...)
+ TODO: check
+CVE-2024-13698 (The Jobify - Job Board WordPress Theme for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2024-13594 (The Simple Downloads List plugin for WordPress is vulnerable to SQL In ...)
+ TODO: check
+CVE-2024-13583 (The Simple Gallery with Filter plugin for WordPress is vulnerable to S ...)
+ TODO: check
+CVE-2024-13572 (The Precious Metals Charts and Widgets for WordPress plugin for WordPr ...)
+ TODO: check
+CVE-2024-13545 (The Bootstrap Ultimate theme for WordPress is vulnerable to Local File ...)
+ TODO: check
+CVE-2024-13542 (The WP Google Street View (with 360\xb0 virtual tour) & Google maps + ...)
+ TODO: check
+CVE-2024-13409 (The Post Grid, Slider & Carousel Ultimate \u2013 with Shortcode, Guten ...)
+ TODO: check
+CVE-2024-13408 (The Post Grid, Slider & Carousel Ultimate \u2013 with Shortcode, Guten ...)
+ TODO: check
+CVE-2024-13354 (The Responsive Addons for Elementor \u2013 Free Elementor Addons Plugi ...)
+ TODO: check
+CVE-2024-13335 (The Spexo Addons for Elementor \u2013 Free Elementor Addons, Widgets a ...)
+ TODO: check
+CVE-2024-12494 (The BMLT Meeting Map plugin for WordPress is vulnerable to Stored Cros ...)
+ TODO: check
+CVE-2024-11913 (The Activity Plus Reloaded for BuddyPress plugin for WordPress is vuln ...)
+ TODO: check
+CVE-2024-10324 (The RomethemeKit For Elementor plugin for WordPress is vulnerable to S ...)
+ TODO: check
CVE-2025-0577
- glibc <not-affected> (Doesn't affect any released version of glibc)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2338871
@@ -3613,7 +3977,7 @@ CVE-2024-53563 (A stored cross-site scripting (XSS) vulnerability in Arcadyan Me
CVE-2024-53561 (A remote code execution (RCE) vulnerability in Arcadyan Meteor 2 CPE F ...)
NOT-FOR-US: Arcadyan Meteor
CVE-2024-53263 (Git LFS is a Git extension for versioning large files. When Git LFS re ...)
- {DLA-4028-1}
+ {DSA-5849-1 DLA-4028-1}
- git-lfs 3.5.0-2 (bug #1093048)
NOTE: https://github.com/git-lfs/git-lfs/security/advisories/GHSA-q6r2-x2cc-vrp7
NOTE: Fixed by: https://github.com/git-lfs/git-lfs/commit/0345b6f816e611d050c0df67b61f0022916a1c90 (v3.6.1)
@@ -176614,8 +176978,8 @@ CVE-2022-47091 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Ov
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2343
NOTE: https://github.com/gpac/gpac/commit/65d089bcb5dad6fda668ee61e38a8394ed8bdf1f (v2.2.0)
-CVE-2022-47090
- RESERVED
+CVE-2022-47090 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b contains a buffer overflow in gf ...)
+ TODO: check
CVE-2022-47089 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow ...)
[experimental] - gpac 2.2.1+dfsg1-1
- gpac 2.2.1+dfsg1-2 (bug #1033116)
@@ -418126,8 +418490,7 @@ CVE-2019-15691 (TigerVNC version prior to 1.10.1 is vulnerable to stack use-afte
NOTE: https://www.openwall.com/lists/oss-security/2019/12/20/2
NOTE: https://github.com/TigerVNC/tigervnc/commit/d61a767d6842b530ffb532ddd5a3d233119aad40 (master)
NOTE: https://github.com/TigerVNC/tigervnc/commit/042de4642293df9b72a08189c249e2da79cbca91 (v1.10.1)
-CVE-2019-15690
- RESERVED
+CVE-2019-15690 (LibVNCServer 0.9.12 release and earlier contains heap buffer overflow ...)
{DLA-2146-1}
- libvncserver 0.9.12+dfsg-9 (bug #954163)
[buster] - libvncserver 0.9.11+dfsg-1.3+deb10u3
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5147f2c1888af426b8a5dfaf3c4c661745763946
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5147f2c1888af426b8a5dfaf3c4c661745763946
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250124/670e2611/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list