[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jan 28 08:12:14 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a2827420 by security tracker role at 2025-01-28T08:12:02+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,259 @@
+CVE-2025-24810 (Cross-site scripting vulnerability exists in Simple Image Sizes 3.2.3 ...)
+ TODO: check
+CVE-2025-24369 (Anubis is a tool that allows administrators to protect bots against AI ...)
+ TODO: check
+CVE-2025-24177 (A null pointer dereference was addressed with improved input validatio ...)
+ TODO: check
+CVE-2025-24176 (A permissions issue was addressed with improved validation. This issue ...)
+ TODO: check
+CVE-2025-24174 (The issue was addressed with improved checks. This issue is fixed in m ...)
+ TODO: check
+CVE-2025-24169 (A logging issue was addressed with improved data redaction. This issue ...)
+ TODO: check
+CVE-2025-24166 (This issue was addressed through improved state management. This issue ...)
+ TODO: check
+CVE-2025-24163 (The issue was addressed with improved checks. This issue is fixed in i ...)
+ TODO: check
+CVE-2025-24162 (This issue was addressed through improved state management. This issue ...)
+ TODO: check
+CVE-2025-24161 (The issue was addressed with improved checks. This issue is fixed in i ...)
+ TODO: check
+CVE-2025-24160 (The issue was addressed with improved checks. This issue is fixed in i ...)
+ TODO: check
+CVE-2025-24159 (A validation issue was addressed with improved logic. This issue is fi ...)
+ TODO: check
+CVE-2025-24158 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2025-24156 (An integer overflow was addressed through improved input validation. T ...)
+ TODO: check
+CVE-2025-24154 (An out-of-bounds write was addressed with improved input validation. T ...)
+ TODO: check
+CVE-2025-24153 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ TODO: check
+CVE-2025-24152 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2025-24151 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2025-24150 (A privacy issue was addressed with improved handling of files. This is ...)
+ TODO: check
+CVE-2025-24149 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ TODO: check
+CVE-2025-24146 (This issue was addressed with improved redaction of sensitive informat ...)
+ TODO: check
+CVE-2025-24145 (A privacy issue was addressed with improved private data redaction for ...)
+ TODO: check
+CVE-2025-24143 (The issue was addressed with improved access restrictions to the file ...)
+ TODO: check
+CVE-2025-24141 (An authentication issue was addressed with improved state management. ...)
+ TODO: check
+CVE-2025-24140 (This issue was addressed through improved state management. This issue ...)
+ TODO: check
+CVE-2025-24139 (The issue was addressed with improved checks. This issue is fixed in m ...)
+ TODO: check
+CVE-2025-24138 (This issue was addressed through improved state management. This issue ...)
+ TODO: check
+CVE-2025-24137 (A type confusion issue was addressed with improved checks. This issue ...)
+ TODO: check
+CVE-2025-24136 (This issue was addressed with improved validation of symlinks. This is ...)
+ TODO: check
+CVE-2025-24135 (This issue was addressed with improved message validation. This issue ...)
+ TODO: check
+CVE-2025-24134 (An information disclosure issue was addressed with improved privacy co ...)
+ TODO: check
+CVE-2025-24131 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2025-24130 (The issue was addressed with improved checks. This issue is fixed in m ...)
+ TODO: check
+CVE-2025-24129 (A type confusion issue was addressed with improved checks. This issue ...)
+ TODO: check
+CVE-2025-24128 (The issue was addressed by adding additional logic. This issue is fixe ...)
+ TODO: check
+CVE-2025-24127 (The issue was addressed with improved checks. This issue is fixed in i ...)
+ TODO: check
+CVE-2025-24126 (An input validation issue was addressed. This issue is fixed in vision ...)
+ TODO: check
+CVE-2025-24124 (The issue was addressed with improved checks. This issue is fixed in i ...)
+ TODO: check
+CVE-2025-24123 (The issue was addressed with improved checks. This issue is fixed in i ...)
+ TODO: check
+CVE-2025-24122 (A downgrade issue affecting Intel-based Mac computers was addressed wi ...)
+ TODO: check
+CVE-2025-24121 (A logic issue was addressed with improved checks. This issue is fixed ...)
+ TODO: check
+CVE-2025-24120 (This issue was addressed by improved management of object lifetimes. T ...)
+ TODO: check
+CVE-2025-24118 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2025-24117 (This issue was addressed with improved redaction of sensitive informat ...)
+ TODO: check
+CVE-2025-24116 (An access issue was addressed with additional sandbox restrictions. Th ...)
+ TODO: check
+CVE-2025-24115 (A path handling issue was addressed with improved validation. This iss ...)
+ TODO: check
+CVE-2025-24114 (A permissions issue was addressed with additional restrictions. This i ...)
+ TODO: check
+CVE-2025-24113 (The issue was addressed with improved UI. This issue is fixed in macOS ...)
+ TODO: check
+CVE-2025-24112 (The issue was addressed with improved checks. This issue is fixed in m ...)
+ TODO: check
+CVE-2025-24109 (A downgrade issue was addressed with additional code-signing restricti ...)
+ TODO: check
+CVE-2025-24108 (An access issue was addressed with additional sandbox restrictions. Th ...)
+ TODO: check
+CVE-2025-24107 (A permissions issue was addressed with additional restrictions. This i ...)
+ TODO: check
+CVE-2025-24106 (The issue was addressed with improved checks. This issue is fixed in m ...)
+ TODO: check
+CVE-2025-24104 (This issue was addressed with improved handling of symlinks. This issu ...)
+ TODO: check
+CVE-2025-24103 (This issue was addressed with improved validation of symlinks. This is ...)
+ TODO: check
+CVE-2025-24102 (The issue was addressed with improved checks. This issue is fixed in i ...)
+ TODO: check
+CVE-2025-24101 (This issue was addressed with improved redaction of sensitive informat ...)
+ TODO: check
+CVE-2025-24100 (A logic issue was addressed with improved restrictions. This issue is ...)
+ TODO: check
+CVE-2025-24096 (This issue was addressed through improved state management. This issue ...)
+ TODO: check
+CVE-2025-24094 (A race condition was addressed with additional validation. This issue ...)
+ TODO: check
+CVE-2025-24093 (A permissions issue was addressed with additional restrictions. This i ...)
+ TODO: check
+CVE-2025-24092 (This issue was addressed with improved data protection. This issue is ...)
+ TODO: check
+CVE-2025-24087 (The issue was addressed with additional permissions checks. This issue ...)
+ TODO: check
+CVE-2025-24086 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2025-24085 (A use after free issue was addressed with improved memory management. ...)
+ TODO: check
+CVE-2025-22865 (Using ParsePKCS1PrivateKey to parse a RSA key that is missing the CRT ...)
+ TODO: check
+CVE-2025-0753 (A vulnerability classified as critical was found in Axiomatic Bento4 u ...)
+ TODO: check
+CVE-2025-0321 (The ElementsKit Pro plugin for WordPress is vulnerable to DOM-Based St ...)
+ TODO: check
+CVE-2024-57549 (CMSimple 5.16 allows the user to read cms source code through manipula ...)
+ TODO: check
+CVE-2024-57548 (CMSimple 5.16 allows the user to edit log.php file via print page.)
+ TODO: check
+CVE-2024-57547 (Insecure Permissions vulnerability in CMSimple v.5.16 allows a remote ...)
+ TODO: check
+CVE-2024-57546 (An issue in CMSimple v.5.16 allows a remote attacker to obtain sensiti ...)
+ TODO: check
+CVE-2024-57373 (Cross Site Request Forgery vulnerability in LifestyleStore v.1.0 allow ...)
+ TODO: check
+CVE-2024-57052 (An issue in youdiancms v.9.5.20 and before allows a remote attacker to ...)
+ TODO: check
+CVE-2024-56316 (In AXESS ACS (Auto Configuration Server) through 5.2.0, unsanitized us ...)
+ TODO: check
+CVE-2024-56178 (An issue was discovered in Couchbase Server 7.6.x through 7.6.3. A use ...)
+ TODO: check
+CVE-2024-54728 (Incorrect access control in BYD QIN PLUS DM-i Dilink OS 3.0_13.1.7.220 ...)
+ TODO: check
+CVE-2024-54557 (A logic issue was addressed with improved restrictions. This issue is ...)
+ TODO: check
+CVE-2024-54550 (This issue was addressed with improved redaction of sensitive informat ...)
+ TODO: check
+CVE-2024-54549 (This issue was addressed with improved redaction of sensitive informat ...)
+ TODO: check
+CVE-2024-54547 (The issue was addressed with improved checks. This issue is fixed in m ...)
+ TODO: check
+CVE-2024-54543 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2024-54542 (An authentication issue was addressed with improved state management. ...)
+ TODO: check
+CVE-2024-54541 (This issue was addressed through improved state management. This issue ...)
+ TODO: check
+CVE-2024-54539 (This issue was addressed through improved state management. This issue ...)
+ TODO: check
+CVE-2024-54537 (This issue was addressed with additional entitlement checks. This issu ...)
+ TODO: check
+CVE-2024-54536 (The issue was addressed with improved validation of environment variab ...)
+ TODO: check
+CVE-2024-54530 (The issue was addressed with improved checks. This issue is fixed in m ...)
+ TODO: check
+CVE-2024-54523 (The issue was addressed with improved bounds checks. This issue is fix ...)
+ TODO: check
+CVE-2024-54522 (The issue was addressed with improved bounds checks. This issue is fix ...)
+ TODO: check
+CVE-2024-54520 (A path handling issue was addressed with improved validation. This iss ...)
+ TODO: check
+CVE-2024-54519 (The issue was resolved by sanitizing logging. This issue is fixed in m ...)
+ TODO: check
+CVE-2024-54518 (The issue was addressed with improved bounds checks. This issue is fix ...)
+ TODO: check
+CVE-2024-54517 (The issue was addressed with improved bounds checks. This issue is fix ...)
+ TODO: check
+CVE-2024-54516 (A permissions issue was addressed with additional restrictions. This i ...)
+ TODO: check
+CVE-2024-54512 (The issue was addressed by removing the relevant flags. This issue is ...)
+ TODO: check
+CVE-2024-54509 (An out-of-bounds write issue was addressed with improved input validat ...)
+ TODO: check
+CVE-2024-54507 (A type confusion issue was addressed with improved memory handling. Th ...)
+ TODO: check
+CVE-2024-54499 (A use-after-free issue was addressed with improved memory management. ...)
+ TODO: check
+CVE-2024-54497 (The issue was addressed with improved checks. This issue is fixed in i ...)
+ TODO: check
+CVE-2024-54488 (A logic issue was addressed with improved file handling. This issue is ...)
+ TODO: check
+CVE-2024-54478 (An out-of-bounds access issue was addressed with improved bounds check ...)
+ TODO: check
+CVE-2024-54475 (A privacy issue was addressed with improved private data redaction for ...)
+ TODO: check
+CVE-2024-54468 (The issue was addressed with improved checks. This issue is fixed in m ...)
+ TODO: check
+CVE-2024-53881 (NVIDIA vGPU software contains a vulnerability in the host driver, wher ...)
+ TODO: check
+CVE-2024-48662 (Cross Site Scripting vulnerability in AdGuard Application v.7.18.1 (47 ...)
+ TODO: check
+CVE-2024-45340 (Credentials provided via the new GOAUTH feature were not being properl ...)
+ TODO: check
+CVE-2024-45339 (When logs are written to a widely-writable directory (the default), an ...)
+ TODO: check
+CVE-2024-44172 (A privacy issue was addressed with improved private data redaction for ...)
+ TODO: check
+CVE-2024-37526 (IBM Watson Query on Cloud Pak for Data (IBM Data Virtualization1.8, 2. ...)
+ TODO: check
+CVE-2024-28786 (IBM QRadar SIEM 7.5 transmits sensitive or security-critical data in c ...)
+ TODO: check
+CVE-2024-27263 (IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 throug ...)
+ TODO: check
+CVE-2024-22315 (IBM Fusion and IBM Fusion HCI 2.3.0 through 2.8.2 is vulnerable to ins ...)
+ TODO: check
+CVE-2024-13521 (The MailUp Auto Subscription plugin for WordPress is vulnerable to Cro ...)
+ TODO: check
+CVE-2024-13509 (The WS Form LITE \u2013 Drag & Drop Contact Form Builder for WordPress ...)
+ TODO: check
+CVE-2024-13448 (The ThemeREX Addons plugin for WordPress is vulnerable to arbitrary fi ...)
+ TODO: check
+CVE-2024-12807 (The Social Share Buttons for WordPress plugin through 2.7 does not san ...)
+ TODO: check
+CVE-2024-12723 (The Infility Global WordPress plugin through 2.9.8 does not sanitise a ...)
+ TODO: check
+CVE-2024-12649 (Buffer overflow in XPS data font processing of Small Office Multifunct ...)
+ TODO: check
+CVE-2024-12648 (Buffer overflow in TIFF data EXIF tag processing of Small Office Multi ...)
+ TODO: check
+CVE-2024-12647 (Buffer overflow in CPCA font download processing of Small Office Multi ...)
+ TODO: check
+CVE-2024-11135 (The Eventer plugin for WordPress is vulnerable to SQL Injection via th ...)
+ TODO: check
+CVE-2024-0146 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
+ TODO: check
+CVE-2024-0140 (NVIDIA RAPIDS contains a vulnerability in cuDF and cuML, where a user ...)
+ TODO: check
+CVE-2024-0137 (NVIDIA Container Toolkit contains an improper isolation vulnerability ...)
+ TODO: check
+CVE-2024-0136 (NVIDIA Container Toolkit contains an improper isolation vulnerability ...)
+ TODO: check
+CVE-2024-0135 (NVIDIA Container Toolkit contains an improper isolation vulnerability ...)
+ TODO: check
+CVE-2023-50316 (IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 throug ...)
+ TODO: check
CVE-2025-0754
- envoyproxy <itp> (bug #987544)
CVE-2025-0752
@@ -911,7 +1167,7 @@ CVE-2023-46401 (KWHotel 0.47 is vulnerable to CSV Formula Injection in the invoi
NOT-FOR-US: KWHotel
CVE-2023-46400 (KWHotel 0.47 is vulnerable to CSV Formula Injection in the add guest f ...)
NOT-FOR-US: KWHotel
-CVE-2024-0149
+CVE-2024-0149 (NVIDIA GPU Display Driver for Linux contains a vulnerability which cou ...)
- nvidia-graphics-drivers <unfixed> (bug #1093908)
[bookworm] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
[bullseye] - nvidia-graphics-drivers <ignored> (Non-free not supported)
@@ -949,12 +1205,12 @@ CVE-2024-0131
- nvidia-open-gpu-kernel-modules <unfixed> (bug #1093916)
[bookworm] - nvidia-open-gpu-kernel-modules <no-dsa> (Non-free not supported)
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5614
-CVE-2024-53869
+CVE-2024-53869 (NVIDIA Unified Memory driver for Linux contains a vulnerability where ...)
- nvidia-graphics-drivers <unfixed> (bug #1093908)
[bookworm] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
[bullseye] - nvidia-graphics-drivers <ignored> (Non-free not supported)
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5614
-CVE-2024-0147
+CVE-2024-0147 (NVIDIA GPU display driver for Windows and Linux contains a vulnerabili ...)
- nvidia-graphics-drivers <unfixed> (bug #1093908)
[bookworm] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
[bullseye] - nvidia-graphics-drivers <ignored> (Non-free not supported)
@@ -973,7 +1229,7 @@ CVE-2024-0147
- nvidia-open-gpu-kernel-modules <unfixed> (bug #1093916)
[bookworm] - nvidia-open-gpu-kernel-modules <no-dsa> (Non-free not supported)
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5614
-CVE-2024-0150
+CVE-2024-0150 (NVIDIA GPU display driver for Windows and Linux contains a vulnerabili ...)
- nvidia-graphics-drivers <unfixed> (bug #1093908)
[bookworm] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
[bullseye] - nvidia-graphics-drivers <ignored> (Non-free not supported)
@@ -1898,7 +2154,7 @@ CVE-2025-0411 (7-Zip Mark-of-the-Web Bypass Vulnerability. This vulnerability al
CVE-2025-23085 [GOAWAY HTTP/2 frames cause memory leak outside heap]
- nodejs 20.18.2+dfsg-1 (bug #1094134)
NOTE: https://nodejs.org/en/blog/vulnerability/january-2025-security-releases#goaway-http2-frames-cause-memory-leak-outside-heap-cve-2025-23085---medium
-CVE-2025-23084 [Path traversal by drive name in Windows environment]
+CVE-2025-23084 (A vulnerability has been identified in Node.js, specifically affecting ...)
- nodejs <not-affected> (Only affect Node.js on Windows)
NOTE: https://nodejs.org/en/blog/vulnerability/january-2025-security-releases#path-traversal-by-drive-name-in-windows-environment-cve-2025-23084---medium
CVE-2025-23083 (With the aid of the diagnostics_channel utility, an event can be hooke ...)
@@ -2064,7 +2320,7 @@ CVE-2024-51888 (Incorrect Privilege Assignment vulnerability in NotFound Homey L
NOT-FOR-US: WordPress plugin
CVE-2024-51818 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-51417 (An issue in System.Linq.Dynamic.Core Latest version v.1.4.6 allows rem ...)
+CVE-2024-51417 (An issue in System.Linq.Dynamic.Core before 1.6.0 allows remote access ...)
NOT-FOR-US: System.Linq.Dynamic.Core
CVE-2024-49700 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin
@@ -3085,7 +3341,7 @@ CVE-2024-11146 (TrueFiling is a collaborative, web-based electronic filing syste
NOT-FOR-US: TrueFiling
CVE-2024-10799 (The Eventer plugin for WordPress is vulnerable to Directory Traversal ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-45341
+CVE-2024-45341 (A certificate with a URI which has a IPv6 address with a zone ID may i ...)
- golang-1.23 1.23.5-1
- golang-1.22 1.22.11-1
- golang-1.19 <removed>
@@ -3097,7 +3353,7 @@ CVE-2024-45341
NOTE: Fixed by: https://github.com/golang/go/commit/fdb8413fe588ec6dc31f1deaf43eb7202a76bb79 (go1.23.5)
NOTE: Fixed by: https://github.com/golang/go/commit/19d21034157ba69d0f54318a9867d9b08730efcb (go1.22.11)
NOTE: Certificates containing URIs are not permitted in the web PKI, so this only affects users of private PKIs which make use of URIs
-CVE-2024-45336
+CVE-2024-45336 (The HTTP client drops sensitive headers after following a cross-domain ...)
- golang-1.23 1.23.5-1
- golang-1.22 1.22.11-1
- golang-1.19 <removed>
@@ -57442,7 +57698,7 @@ CVE-2024-37007 (A maliciously crafted X_B and X_T file, when parsed in pskernel.
NOT-FOR-US: Autodesk
CVE-2024-37006 (A maliciously crafted CATPRODUCT file, when parsed in CC5Dll.dll throu ...)
NOT-FOR-US: Autodesk
-CVE-2024-37005 (A maliciously crafted X_B and X_T file, when parsed in pskernel.DLL th ...)
+CVE-2024-37005 (A maliciously crafted X_B file, when parsed in pskernel.DLL through Au ...)
NOT-FOR-US: Autodesk
CVE-2024-37004 (A maliciously crafted SLDPRT file, when parsed in ASMKERN229A.dll thro ...)
NOT-FOR-US: Autodesk
@@ -57450,7 +57706,7 @@ CVE-2024-37003 (A maliciously crafted DWG and SLDPRT file, when parsed in opennu
NOT-FOR-US: Autodesk
CVE-2024-37002 (A maliciously crafted MODEL file, when parsed in ASMkern229A.dllthroug ...)
NOT-FOR-US: Autodesk
-CVE-2024-37001 ([A maliciously crafted 3DM file, when parsed in opennurbs.dll through ...)
+CVE-2024-37001 (A maliciously crafted 3DM file, when parsed in opennurbs.dll through A ...)
NOT-FOR-US: Autodesk
CVE-2024-37000 (A maliciously crafted X_B file, when parsed in pskernel.DLL through Au ...)
NOT-FOR-US: Autodesk
@@ -195844,8 +196100,8 @@ CVE-2022-3367
RESERVED
CVE-2022-3366 (The PublishPress Capabilities WordPress plugin before 2.5.2, PublishPr ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-3365
- RESERVED
+CVE-2022-3365 (Due to reliance on a trivial substitution cipher, sent in cleartext, a ...)
+ TODO: check
CVE-2022-3364 (Allocation of Resources Without Limits or Throttling in GitHub reposit ...)
- rdiffweb <itp> (bug #969974)
CVE-2022-3363 (Business Logic Errors in GitHub repository ikus060/rdiffweb prior to 2 ...)
@@ -223404,8 +223660,8 @@ CVE-2020-36524 (A vulnerability was found in Refined Toolkit. It has been rated
NOT-FOR-US: Atlassian
CVE-2020-36523 (A vulnerability was found in PlantUML 6.43. It has been declared as pr ...)
NOT-FOR-US: Atlassian PlantUML plugin
-CVE-2022-31749
- RESERVED
+CVE-2022-31749 (An argument injection vulnerability in the diagnose and import pac com ...)
+ TODO: check
CVE-2022-31748 (Mozilla developers Gabriele Svelto, Timothy Nikkel, Randell Jesup, Jon ...)
- firefox 101.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31748
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a282742066ed93681c14246e71926a4a62612f5d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a282742066ed93681c14246e71926a4a62612f5d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250128/e16db9d9/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list