[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jan 29 08:11:56 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e3dbaba1 by security tracker role at 2025-01-29T08:11:50+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,73 @@
+CVE-2025-24826 (Local privilege escalation due to insecure folder permissions. The fol ...)
+ TODO: check
+CVE-2025-24482 (A Local Code Injection Vulnerability exists in the product and version ...)
+ TODO: check
+CVE-2025-24481 (An Incorrect Permission Assignment Vulnerability exists in the product ...)
+ TODO: check
+CVE-2025-23362 (The old versions of EXIF Viewer Classic contain a cross-site scripting ...)
+ TODO: check
+CVE-2025-22917 (A reflected cross-site scripting (XSS) vulnerability in Audemium ERP < ...)
+ TODO: check
+CVE-2025-0806 (A vulnerability was found in code-projects Job Recruitment 1.0. It has ...)
+ TODO: check
+CVE-2025-0804 (The ClickWhale \u2013 Link Manager, Link Shortener and Click Tracker f ...)
+ TODO: check
+CVE-2025-0803 (A vulnerability, which was classified as critical, has been found in C ...)
+ TODO: check
+CVE-2025-0802 (A vulnerability classified as critical was found in SourceCodester Bes ...)
+ TODO: check
+CVE-2025-0800 (A vulnerability classified as problematic has been found in SourceCode ...)
+ TODO: check
+CVE-2025-0798 (A vulnerability was found in MicroWorld eScan Antivirus 7.0.32 on Linu ...)
+ TODO: check
+CVE-2025-0797 (A vulnerability was found in MicroWorld eScan Antivirus 7.0.32 on Linu ...)
+ TODO: check
+CVE-2025-0795 (A vulnerability was found in ESAFENET CDG V5. It has been classified a ...)
+ TODO: check
+CVE-2025-0794 (A vulnerability was found in ESAFENET CDG V5 and classified as problem ...)
+ TODO: check
+CVE-2025-0793 (A vulnerability has been found in ESAFENET CDG V5 and classified as cr ...)
+ TODO: check
+CVE-2025-0792 (A vulnerability, which was classified as critical, was found in ESAFEN ...)
+ TODO: check
+CVE-2025-0791 (A vulnerability, which was classified as critical, has been found in E ...)
+ TODO: check
+CVE-2025-0790 (A vulnerability classified as problematic was found in ESAFENET CDG V5 ...)
+ TODO: check
+CVE-2025-0789 (A vulnerability classified as critical has been found in ESAFENET CDG ...)
+ TODO: check
+CVE-2025-0788 (A vulnerability was found in ESAFENET CDG V5. It has been rated as cri ...)
+ TODO: check
+CVE-2025-0787 (A vulnerability was found in ESAFENET CDG V5. It has been declared as ...)
+ TODO: check
+CVE-2025-0786 (A vulnerability was found in ESAFENET CDG V5. It has been classified a ...)
+ TODO: check
+CVE-2025-0785 (A vulnerability was found in ESAFENET CDG V5 and classified as problem ...)
+ TODO: check
+CVE-2024-7695 (Multiple switches are affected by an out-of-bounds write vulnerability ...)
+ TODO: check
+CVE-2024-57519 (An issue in Open5GS v.2.7.2 allows a remote attacker to cause a denial ...)
+ TODO: check
+CVE-2024-57514 (The TP-Link Archer A20 v3 router is vulnerable to Cross-site Scripting ...)
+ TODO: check
+CVE-2024-57376 (Buffer Overflow vulnerability in D-Link DSR-150, DSR-150N, DSR-250, DS ...)
+ TODO: check
+CVE-2024-56529 (Mailcow through 2024-11b has a session fixation vulnerability in the w ...)
+ TODO: check
+CVE-2024-55968 (An issue was discovered in DTEX DEC-M (DTEX Forwarder) 6.1.1. The com. ...)
+ TODO: check
+CVE-2024-48310 (AutoLib Software Systems OPAC v20.10 was discovered to have multiple A ...)
+ TODO: check
+CVE-2024-29869 (Hive creates a credentials file to a temporary directory in the file s ...)
+ TODO: check
+CVE-2024-13696 (The Flexible Wishlist for WooCommerce \u2013 Ecommerce Wishlist & Save ...)
+ TODO: check
+CVE-2024-12749 (The Competition Form WordPress plugin through 2.0 does not sanitise an ...)
+ TODO: check
+CVE-2023-35017 (IBM Security Verify Governance 10.0.2 Identity Manager can transmit us ...)
+ TODO: check
+CVE-2023-33838 (IBM Security Verify Governance 10.0.2 Identity Manager uses a one-wa ...)
+ TODO: check
CVE-2025-0762
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
@@ -99,7 +169,8 @@ CVE-2025-24174 (The issue was addressed with improved checks. This issue is fixe
NOT-FOR-US: Apple
CVE-2025-24169 (A logging issue was addressed with improved data redaction. This issue ...)
NOT-FOR-US: Apple
-CVE-2025-24166 (This issue was addressed through improved state management. This issue ...)
+CVE-2025-24166
+ REJECTED
NOT-FOR-US: Apple
CVE-2025-24163 (The issue was addressed with improved checks. This issue is fixed in i ...)
NOT-FOR-US: Apple
@@ -1527,7 +1598,7 @@ CVE-2024-57719 (lunasvg v3.0.0 was discovered to contain a segmentation violatio
NOT-FOR-US: lunasvg
CVE-2024-56924 (A Cross Site Request Forgery (CSRF) vulnerability in Code Astro Intern ...)
NOT-FOR-US: Code Astro Internet banking system
-CVE-2024-56923 (Stored Cross-Site Scripting (XSS) in the Categorization Option of My S ...)
+CVE-2024-56923 (Stored Cross-Site Scripting (XSS) Vulnerability in the Categorization ...)
NOT-FOR-US: Silverpeas
CVE-2024-52975 (An issue was identified in Fleet Server where Fleet policies that coul ...)
NOT-FOR-US: Elastic Fleet
@@ -14779,7 +14850,7 @@ CVE-2024-46442 (An issue in the BYD Dilink Headunit System v3.0 to v4.0 allows a
NOT-FOR-US: BYD Dilink Headunit System
CVE-2024-46341 (TP-Link TL-WR845N(UN)_V4_190219 was discovered to transmit credentials ...)
NOT-FOR-US: TP-Link
-CVE-2024-46340 (TP-Link TL-WR845N(UN)_V4_200909 and TL-WR845N(UN)_V4_190219 was discov ...)
+CVE-2024-46340 (TL-WR845N(UN)_V4_201214, TP-Link TL-WR845N(UN)_V4_200909, and TL-WR845 ...)
NOT-FOR-US: TP-Link
CVE-2024-45709 (SolarWinds Web Help Desk was susceptible to a local file read vulnerab ...)
NOT-FOR-US: SolarWinds
@@ -291300,21 +291371,25 @@ CVE-2021-33648 (When performing the inference shape operation of Affine, Concat,
CVE-2021-33647 (When performing the inference shape operation of the Tile operator, if ...)
NOT-FOR-US: Mindspore deep learning
CVE-2021-33646 (The th_read() function doesn\u2019t free a variable t->th_buf.gnu_long ...)
+ {DLA-4033-1}
- libtar <removed>
[bookworm] - libtar <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2121295
NOTE: (not-upstream) patch from OpenEuler: https://gitee.com/src-openeuler/libtar/blob/master/openEuler-CVE-2021-33645-CVE-2021-33646.patch
CVE-2021-33645 (The th_read() function doesn\u2019t free a variable t->th_buf.gnu_long ...)
+ {DLA-4033-1}
- libtar <removed>
[bookworm] - libtar <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2121295
NOTE: (not-upstream) patch from OpenEuler: https://gitee.com/src-openeuler/libtar/blob/master/openEuler-CVE-2021-33645-CVE-2021-33646.patch
CVE-2021-33644 (An attacker who submits a crafted tar file with size in header struct ...)
+ {DLA-4033-1}
- libtar <removed>
[bookworm] - libtar <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2121292
NOTE: (not-upstream) patch from OpenEuler: https://gitee.com/src-openeuler/libtar/blob/master/openEuler-CVE-2021-33643-CVE-2021-33644.patch
CVE-2021-33643 (An attacker who submits a crafted tar file with size in header struct ...)
+ {DLA-4033-1}
- libtar <removed>
[bookworm] - libtar <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2121289
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e3dbaba160b1faadf04c0d950f8ea7ea1bde71a0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e3dbaba160b1faadf04c0d950f8ea7ea1bde71a0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250129/93ae9c66/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list