[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Jan 27 20:12:57 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
60ba7164 by security tracker role at 2025-01-27T20:12:50+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,227 @@
+CVE-2025-24783 (** UNSUPPORTED WHEN ASSIGNED ** Incorrect Usage of Seeds in Pseudo-Ran ...)
+ TODO: check
+CVE-2025-24782 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-24754 (Missing Authorization vulnerability in Houzez.co Houzez. This issue af ...)
+ TODO: check
+CVE-2025-24747 (Missing Authorization vulnerability in Houzez.co Houzez. This issue af ...)
+ TODO: check
+CVE-2025-24744 (Missing Authorization vulnerability in NotFound Bridge Core. This issu ...)
+ TODO: check
+CVE-2025-24743 (Missing Authorization vulnerability in Rometheme RomethemeKit For Elem ...)
+ TODO: check
+CVE-2025-24742 (Cross-Site Request Forgery (CSRF) vulnerability in WP Go Maps (formerl ...)
+ TODO: check
+CVE-2025-24741 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in K ...)
+ TODO: check
+CVE-2025-24740 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in T ...)
+ TODO: check
+CVE-2025-24734 (Missing Authorization vulnerability in CodeSolz Better Find and Replac ...)
+ TODO: check
+CVE-2025-24708 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-24689 (Insertion of Sensitive Information into Externally-Accessible File or ...)
+ TODO: check
+CVE-2025-24685 (Path Traversal vulnerability in MORKVA Morkva UA Shipping allows PHP L ...)
+ TODO: check
+CVE-2025-24680 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...)
+ TODO: check
+CVE-2025-24671 (Deserialization of Untrusted Data vulnerability in Pdfcrowd Save as PD ...)
+ TODO: check
+CVE-2025-24667 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-24665 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-24664 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-24662 (Missing Authorization vulnerability in NotFound LearnDash LMS allows E ...)
+ TODO: check
+CVE-2025-24653 (Missing Authorization vulnerability in NotFound Admin and Site Enhance ...)
+ TODO: check
+CVE-2025-24628 (Authentication Bypass by Spoofing vulnerability in BestWebSoft Google ...)
+ TODO: check
+CVE-2025-24626 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-24612 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-24606 (Missing Authorization vulnerability in Sprout Invoices Client Invoicin ...)
+ TODO: check
+CVE-2025-24603 (Missing Authorization vulnerability in UkrSolution Print Barcode Label ...)
+ TODO: check
+CVE-2025-24601 (Deserialization of Untrusted Data vulnerability in ThimPress FundPress ...)
+ TODO: check
+CVE-2025-24600 (Missing Authorization vulnerability in David F. Carr RSVPMarker . This ...)
+ TODO: check
+CVE-2025-24593 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-24590 (Missing Authorization vulnerability in Haptiq picu \u2013 Online Photo ...)
+ TODO: check
+CVE-2025-24584 (Missing Authorization vulnerability in BdThemes Ultimate Store Kit Ele ...)
+ TODO: check
+CVE-2025-24540 (Cross-Site Request Forgery (CSRF) vulnerability in SeedProd Coming Soo ...)
+ TODO: check
+CVE-2025-24538 (Cross-Site Request Forgery (CSRF) vulnerability in slaFFik BuddyPress ...)
+ TODO: check
+CVE-2025-24537 (Cross-Site Request Forgery (CSRF) vulnerability in The Events Calendar ...)
+ TODO: check
+CVE-2025-24533 (Cross-Site Request Forgery (CSRF) vulnerability in MetaSlider Responsi ...)
+ TODO: check
+CVE-2025-24368 (Cacti is an open source performance and fault management framework. So ...)
+ TODO: check
+CVE-2025-24367 (Cacti is an open source performance and fault management framework. An ...)
+ TODO: check
+CVE-2025-24365 (vaultwarden is an unofficial Bitwarden compatible server written in Ru ...)
+ TODO: check
+CVE-2025-24364 (vaultwarden is an unofficial Bitwarden compatible server written in Ru ...)
+ TODO: check
+CVE-2025-24357 (vLLM is a library for LLM inference and serving. vllm/model_executor/w ...)
+ TODO: check
+CVE-2025-24354 (imgproxy is server for resizing, processing, and converting images. Im ...)
+ TODO: check
+CVE-2025-23982 (Missing Authorization vulnerability in Marian Kanev Cab fare calculato ...)
+ TODO: check
+CVE-2025-23849 (Missing Authorization vulnerability in Benjamin Piwowarski PAPERCITE a ...)
+ TODO: check
+CVE-2025-23792 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-23756 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-23754 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-23752 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-23669 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-23656 (Missing Authorization vulnerability in Saul Morales Pacheco Donate vis ...)
+ TODO: check
+CVE-2025-23574 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-23531 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-23529 (Missing Authorization vulnerability in Blokhaus Minterpress allows Acc ...)
+ TODO: check
+CVE-2025-23457 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-23197 (matrix-hookshot is a Matrix bot for connecting to external services li ...)
+ TODO: check
+CVE-2025-22604 (Cacti is an open source performance and fault management framework. Du ...)
+ TODO: check
+CVE-2025-22513 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-0751 (A vulnerability classified as critical has been found in Axiomatic Ben ...)
+ TODO: check
+CVE-2025-0734 (A vulnerability has been found in y_project RuoYi up to 4.8.0 and clas ...)
+ TODO: check
+CVE-2025-0733 (A vulnerability, which was classified as problematic, was found in Pos ...)
+ TODO: check
+CVE-2025-0732 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2025-0730 (A vulnerability classified as problematic has been found in TP-Link TL ...)
+ TODO: check
+CVE-2025-0729 (A vulnerability was found in TP-Link TL-SG108E 1.0.0 Build 20201208 Re ...)
+ TODO: check
+CVE-2025-0696 (A NULL Pointer Dereferencevulnerability in Cesanta Frozen versions les ...)
+ TODO: check
+CVE-2025-0695 (An Allocation of Resources Without Limits orThrottling vulnerability i ...)
+ TODO: check
+CVE-2024-57595 (DLINK DIR-825 REVB 2.03 devices have an OS command injection vulnerabi ...)
+ TODO: check
+CVE-2024-57590 (TRENDnet TEW-632BRP v1.010B31 devices have an OS command injection vul ...)
+ TODO: check
+CVE-2024-57276 (In Electronic Arts Dragon Age Origins 1.05, the DAUpdaterSVC service c ...)
+ TODO: check
+CVE-2024-57272 (SecuSTATION Camera V2.5.5.3116-S50-SMA-B20160811A and lower is vulnera ...)
+ TODO: check
+CVE-2024-56972 (An issue in Midea Group Co., Ltd Midea Home iOS 9.3.12 allows attacker ...)
+ TODO: check
+CVE-2024-56971 (An issue in Zhiyuan Yuedu (Guangzhou) Literature Information Technolog ...)
+ TODO: check
+CVE-2024-56969 (An issue in Pixocial Technology (Singapore) Pte. Ltd BeautyPlus iOS 7. ...)
+ TODO: check
+CVE-2024-56968 (An issue in Shenzhen Intellirocks Tech Co. Ltd Govee Home iOS 6.5.01 a ...)
+ TODO: check
+CVE-2024-56967 (An issue in Cloud Whale Interactive Technology LLC. PolyBuzz iOS 2.0.2 ...)
+ TODO: check
+CVE-2024-56966 (An issue in Shanghai Xuan Ting Entertainment Information & Technology ...)
+ TODO: check
+CVE-2024-56965 (An issue in Shanghai Shizhi Information Technology Co., Ltd Shihuo iOS ...)
+ TODO: check
+CVE-2024-56964 (An issue in Che Hao Duo Used Automobile Agency (Beijing) Co., Ltd Guaz ...)
+ TODO: check
+CVE-2024-56963 (An issue in Beijing Sogou Technology Development Co., Ltd Sogou Input ...)
+ TODO: check
+CVE-2024-56962 (An issue in Tencent Technology (Shanghai) Co., Ltd WeSing iOS v9.3.39 ...)
+ TODO: check
+CVE-2024-56960 (An issue in Tianjin Xiaowu Information technology Co., Ltd BeiKe Holdi ...)
+ TODO: check
+CVE-2024-56959 (An issue in Mashang Consumer Finance Co., Ltd Anyihua iOS 3.6.2 allows ...)
+ TODO: check
+CVE-2024-56957 (An issue in Kingsoft Office Software Corporation Limited WPS Office iO ...)
+ TODO: check
+CVE-2024-56955 (An issue in Tencent Technology (Shenzhen) Company Limited QQMail iOS 6 ...)
+ TODO: check
+CVE-2024-56954 (An issue in Beijing Baidu Netcom Science & Technology Co Ltd Haokan Vi ...)
+ TODO: check
+CVE-2024-56953 (An issue in Baidu (China) Co Ltd Baidu Input Method (iOS version) v12. ...)
+ TODO: check
+CVE-2024-56952 (An issue in Beijing Baidu Netcom Science & Technology Co Ltd Baidu Lit ...)
+ TODO: check
+CVE-2024-56951 (An issue in Hangzhou Bobo Technology Co Ltd UU Game Booster iOS 10.6.1 ...)
+ TODO: check
+CVE-2024-56950 (An issue in KuGou Technology Co., Ltd KuGou Concept iOS 4.0.61 allows ...)
+ TODO: check
+CVE-2024-56949 (An issue in Guangzhou Polar Future Culture Technology Co., Ltd Univers ...)
+ TODO: check
+CVE-2024-56948 (An issue in KuGou Technology CO. LTD KuGou Music iOS v20.0.0 allows at ...)
+ TODO: check
+CVE-2024-56947 (An issue in Xiamen Meitu Technology Co., Ltd. BeautyCam iOS v12.3.60 a ...)
+ TODO: check
+CVE-2024-55931 (Xerox Workplace Suite stores tokens in session storage, which may expo ...)
+ TODO: check
+CVE-2024-55228 (A cross-site scripting (XSS) vulnerability in the Product module of Do ...)
+ TODO: check
+CVE-2024-55227 (A cross-site scripting (XSS) vulnerability in the Events/Agenda module ...)
+ TODO: check
+CVE-2024-54146 (Cacti is an open source performance and fault management framework. Ca ...)
+ TODO: check
+CVE-2024-54145 (Cacti is an open source performance and fault management framework. Ca ...)
+ TODO: check
+CVE-2024-48841 (Network access can be used to execute arbitrary code with elevated pri ...)
+ TODO: check
+CVE-2024-48420 (Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 is vulnerable to ...)
+ TODO: check
+CVE-2024-48419 (Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 suffers from Com ...)
+ TODO: check
+CVE-2024-48418 (In Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06, the request ...)
+ TODO: check
+CVE-2024-48417 (Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 is vulnerable to ...)
+ TODO: check
+CVE-2024-48416 (Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 is vulnerable to ...)
+ TODO: check
+CVE-2024-45598 (Cacti is an open source performance and fault management framework. Pr ...)
+ TODO: check
+CVE-2024-38325 (IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd C ...)
+ TODO: check
+CVE-2024-38320 (IBM Storage Protect for Virtual Environments: Data Protection for VMwa ...)
+ TODO: check
+CVE-2024-37527 (IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to cross-site scri ...)
+ TODO: check
+CVE-2024-27256 (IBM MQ Container 3.0.0, 3.0.1, 3.1.0 through 3.1.3 CD, 2.0.0 LTS throu ...)
+ TODO: check
+CVE-2024-26317 (In illumos illumos-gate 2024-02-15, an error occurs in the elliptic cu ...)
+ TODO: check
+CVE-2024-22316 (IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through ...)
+ TODO: check
+CVE-2024-12740 (Vision related software from NI used a third-party library for image p ...)
+ TODO: check
+CVE-2024-12345 (A vulnerability classified as problematic was found in INW Krbyyyzo 25 ...)
+ TODO: check
+CVE-2024-11348 (Eura7 CMSmanager in version 4.6 and belowis vulnerable to Reflected XS ...)
+ TODO: check
+CVE-2023-52292 (IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through ...)
+ TODO: check
+CVE-2023-47159 (IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through ...)
+ TODO: check
CVE-2025-24390 (A vulnerability in OTRS Application Server and reverse proxy settings ...)
NOT-FOR-US: OTRS
NOTE: Could possibly affect Znuny, we'll let their security team figure it out
@@ -75,7 +299,7 @@ CVE-2023-38009 (IBM Cognos Mobile Client 1.1 iOS may be vulnerable to informatio
NOT-FOR-US: IBM
CVE-2017-20196 (A vulnerability was found in Itechscripts School Management Software 2 ...)
NOT-FOR-US: Itechscripts School Management Software
-CVE-2025-24356
+CVE-2025-24356 (fastd is a VPN daemon which tunnels IP packets and Ethernet frames ove ...)
- fastd 23-1
[bookworm] - fastd <no-dsa> (Minor issue)
NOTE: https://github.com/neocturne/fastd/security/advisories/GHSA-pggg-vpfv-4rcv
@@ -88,7 +312,7 @@ CVE-2025-24356
NOTE: Fixed by: https://github.com/neocturne/fastd/commit/3940150e801d0c91460491bec32cbcc5bbc89d5f (v23)
CVE-2025-24858 (Develocity (formerly Gradle Enterprise) before 2024.3.1 allows an atta ...)
NOT-FOR-US: Develocity (formerly Gradle Enterprise)
-CVE-2025-24814
+CVE-2025-24814 (Core creation allows users to replace "trusted" configset files with a ...)
- lucene-solr 3.6.2+dfsg-23
NOTE: https://solr.apache.org/security.html#cve-2025-24814-apache-solr-core-creation-with-trusted-configset-can-use-arbitrary-untrusted-files
NOTE: https://www.openwall.com/lists/oss-security/2025/01/26/1
@@ -824,17 +1048,17 @@ CVE-2025-0619 (Unsafe password recovery from configuration in M-Files Server bef
NOT-FOR-US: M-Files
CVE-2024-55971 (SQL Injection vulnerability in the default configuration of the Logiti ...)
NOT-FOR-US: Logitime WebClock application
-CVE-2024-55930 (Weak default folder permissions)
+CVE-2024-55930 (Xerox Workplace Suite has weak default folder permissions that allow u ...)
NOT-FOR-US: Xerox
-CVE-2024-55929 (Mail spoofing)
+CVE-2024-55929 (A mail spoofing vulnerability in Xerox Workplace Suite allows attacker ...)
NOT-FOR-US: Xerox
-CVE-2024-55928 (Clear text secrets returned & Remote system secrets in clear text)
+CVE-2024-55928 (Xerox Workplace Suite exposes sensitive secrets in clear text, both lo ...)
NOT-FOR-US: Xerox
-CVE-2024-55927 (Flawed token generation implementation & Hard-coded key implementation)
+CVE-2024-55927 (A vulnerability in Xerox Workplace Suite arises from flawed token gene ...)
NOT-FOR-US: Xerox
-CVE-2024-55926 (Arbitrary file upload, deletion and read through header manipulation)
+CVE-2024-55926 (A vulnerability found in Xerox Workplace Suite allows arbitrary file r ...)
NOT-FOR-US: Xerox
-CVE-2024-55925 (API Security bypass through header manipulation)
+CVE-2024-55925 (In Xerox Workplace Suite, an API restricted to specific hosts can be b ...)
NOT-FOR-US: Xerox
CVE-2024-52331 (ECOVACS robot lawnmowers and vacuums use a deterministic symmetric key ...)
NOT-FOR-US: ECOVACS robot lawnmowers and vacuums
@@ -1987,7 +2211,7 @@ CVE-2024-57930 (In the Linux kernel, the following vulnerability has been resolv
[bookworm] - linux 6.1.124-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/afc6717628f959941d7b33728570568b4af1c4b8 (6.13-rc6)
-CVE-2022-4975
+CVE-2022-4975 (A flaw was found in the Red Hat Advanced Cluster Security (RHACS) port ...)
NOT-FOR-US: Red Hat Advanced Cluster Security
CVE-2025-24014 (Vim is an open source, command line text editor. A segmentation fault ...)
- vim <unfixed> (unimportant)
@@ -8243,11 +8467,13 @@ CVE-2022-49035 (In the Linux kernel, the following vulnerability has been resolv
CVE-2024-8447 (A security issue was discovered in the LRA Coordinator component of Na ...)
NOT-FOR-US: Narayana
CVE-2024-56827 (A flaw was found in the OpenJPEG project. A heap buffer overflow condi ...)
+ {DSA-5851-1}
- openjpeg2 <unfixed> (bug #1092676)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2335174
NOTE: https://github.com/uclouvain/openjpeg/issues/1564
NOTE: https://github.com/uclouvain/openjpeg/commit/e492644fbded4c820ca55b5e50e598d346e850e8 (v2.5.3)
CVE-2024-56826 (A flaw was found in the OpenJPEG project. A heap buffer overflow condi ...)
+ {DSA-5851-1}
- openjpeg2 <unfixed> (bug #1092675)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2335172
NOTE: https://github.com/uclouvain/openjpeg/issues/1563
@@ -21798,7 +22024,7 @@ CVE-2024-52297 (Tolgee is an open-source localization platform. Tolgee 3.81.1 in
NOT-FOR-US: Tolgee
CVE-2024-52296 (libosdp is an implementation of IEC 60839-11-5 OSDP (Open Supervised D ...)
NOT-FOR-US: libosdp
-CVE-2024-52012
+CVE-2024-52012 (Relative Path Traversal vulnerability in Apache Solr. Solr instances ...)
- lucene-solr <not-affected> (Issue only affects Apache Solr running on Windows)
NOTE: https://solr.apache.org/security.html#cve-2024-52012-apache-solr-configset-upload-on-windows-allows-arbitrary-path-write-access
NOTE: https://www.openwall.com/lists/oss-security/2025/01/26/2
@@ -55016,6 +55242,7 @@ CVE-2023-39328 (A vulnerability was found in OpenJPEG similar to CVE-2019-6988.
NOTE: https://github.com/uclouvain/openjpeg/issues/1471
NOTE: https://github.com/uclouvain/openjpeg/pull/1470
CVE-2023-39327 (A flaw was found in OpenJPEG. Maliciously constructed pictures can cau ...)
+ {DSA-5851-1}
- openjpeg2 <unfixed> (bug #1081908)
[bullseye] - openjpeg2 <no-dsa> (Minor issue)
NOTE: https://github.com/uclouvain/openjpeg/issues/1472
@@ -98150,7 +98377,7 @@ CVE-2024-23128 (A maliciously crafted MODEL file, when parsed in libodxdll.dll a
NOT-FOR-US: Autodesk
CVE-2024-23127 (A maliciously crafted MODEL, SLDPRT, or SLDASM file, when parsed in OD ...)
NOT-FOR-US: Autodesk
-CVE-2024-23126 (A maliciously crafted CATPART file in CC5Dll.dll when parsed through A ...)
+CVE-2024-23126 (A maliciously crafted CATPART file when parsed CC5Dll.dll through Auto ...)
NOT-FOR-US: Autodesk
CVE-2024-23125 (A maliciously crafted SLDPRT file when parsed ODXSW_DLL.dll through Au ...)
NOT-FOR-US: Autodesk
@@ -290249,6 +290476,7 @@ CVE-2021-3577 (An unauthenticated remote code execution vulnerability was report
CVE-2021-3576 (Execution with Unnecessary Privileges vulnerability in Bitdefender End ...)
NOT-FOR-US: Bitdefender
CVE-2021-3575 (A heap-based buffer overflow was found in openjpeg in color.c:379:42 i ...)
+ {DSA-5851-1}
- openjpeg2 <unfixed> (bug #989775)
[bullseye] - openjpeg2 <no-dsa> (Minor issue)
[buster] - openjpeg2 <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60ba71648bed3658957410afa1e28c09ccd687c9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60ba71648bed3658957410afa1e28c09ccd687c9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250127/947f3a3a/attachment.htm>
More information about the debian-security-tracker-commits
mailing list