[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Jan 29 20:12:41 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
62e6b872 by security tracker role at 2025-01-29T20:12:32+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,59 @@
+CVE-2025-24882 (regclient is a Docker and OCI Registry Client in Go. A malicious regis ...)
+	TODO: check
+CVE-2025-24792 (Snowflake PHP PDO Driver is a driver that uses the PHP Data Objects (P ...)
+	TODO: check
+CVE-2025-24791 (snowflake-connector-nodejs is a NodeJS driver for Snowflake. Snowflake ...)
+	TODO: check
+CVE-2025-24790 (Snowflake JDBC provides a JDBC type 4 driver that supports core functi ...)
+	TODO: check
+CVE-2025-24789 (Snowflake JDBC provides a JDBC type 4 driver that supports core functi ...)
+	TODO: check
+CVE-2025-24527 (An issue was discovered in Akamai Enterprise Application Access (EAA)  ...)
+	TODO: check
+CVE-2025-24374 (Twig is a template language for PHP. When using the ?? operator, outpu ...)
+	TODO: check
+CVE-2025-20061 (mySCADA myPRO does not properly neutralize POST requests sent to a spe ...)
+	TODO: check
+CVE-2025-20014 (mySCADA myPRO does not properly neutralize POST requests sent to a spe ...)
+	TODO: check
+CVE-2025-0840 (A vulnerability, which was classified as problematic, was found in GNU ...)
+	TODO: check
+CVE-2025-0617 (An attacker with access to an HX 10.0.0  and previous versions, may se ...)
+	TODO: check
+CVE-2025-0353 (The Divi Torque Lite \u2013 Best Divi Addon, Extensions, Modules & Soc ...)
+	TODO: check
+CVE-2024-57965 (In axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not use a U ...)
+	TODO: check
+CVE-2024-57439 (An issue in the reset password interface of ruoyi v4.8.0 allows attack ...)
+	TODO: check
+CVE-2024-57438 (Insecure permissions in RuoYi v4.8.0 allows authenticated attackers to ...)
+	TODO: check
+CVE-2024-57437 (RuoYi v4.8.0 was discovered to contain a SQL injection vulnerability v ...)
+	TODO: check
+CVE-2024-57436 (RuoYi v4.8.0 was discovered to allow unauthorized attackers to view th ...)
+	TODO: check
+CVE-2024-54462 (The file names constructed within image_picker are missing sanitizatio ...)
+	TODO: check
+CVE-2024-54461 (The file names constructed within file_selector are missing sanitizati ...)
+	TODO: check
+CVE-2024-48852 (Insertion of Sensitive Information into Log File vulnerability observe ...)
+	TODO: check
+CVE-2024-48849 (Missing Origin Validation in WebSockets vulnerability inFLXEON. Sessio ...)
+	TODO: check
+CVE-2024-41140 (Zohocorp ManageEngine Applications Manager versions174000 and prior ar ...)
+	TODO: check
+CVE-2024-13561 (The Target Video Easy Publish plugin for WordPress is vulnerable to St ...)
+	TODO: check
+CVE-2024-10001 (A Code Injection vulnerability was identified in GitHub Enterprise Ser ...)
+	TODO: check
+CVE-2023-37413 (IBM Aspera Faspex 5.0.0 through 5.0.10 could disclose sensitive userna ...)
+	TODO: check
+CVE-2023-37412 (IBM Aspera Faspex 5.0.0 through 5.0.10 could allow a privileged user t ...)
+	TODO: check
+CVE-2023-37398 (IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users sho ...)
+	TODO: check
+CVE-2023-35907 (IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users sho ...)
+	TODO: check
 CVE-2024-12705 [DNS-over-HTTPS implementation suffers from multiple issues under heavy query load]
 	- bind9 <unfixed>
 	NOTE: https://kb.isc.org/docs/cve-2024-12705
@@ -74,7 +130,7 @@ CVE-2023-35017 (IBM Security Verify Governance 10.0.2 Identity Manager can trans
 	NOT-FOR-US: IBM
 CVE-2023-33838 (IBM Security Verify Governance 10.0.2 Identity Manager   uses a one-wa ...)
 	NOT-FOR-US: IBM
-CVE-2025-0762
+CVE-2025-0762 (Use after free in DevTools in Google Chrome prior to 132.0.6834.159 al ...)
 	- chromium <unfixed>
 	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2025-24800 (Hyperbridge is a hyper-scalable coprocessor for verifiable, cross-chai ...)
@@ -732,6 +788,7 @@ CVE-2024-12280 (The WP Customer Area WordPress plugin through 8.2.4 does not hav
 CVE-2023-46187 (IBM InfoSphere Master Data Management 11.6, 12.0, and 14.0 is vulnerab ...)
 	NOT-FOR-US: IBM
 CVE-2025-0781 (An attacker can bypass the sandboxing of Nasal scripts and arbitrarily ...)
+	{DLA-4035-1 DLA-4034-1}
 	- flightgear 1:2020.3.19+dfsg-1
 	[bookworm] - flightgear <no-dsa> (Minor issue)
 	- simgear 1:2020.3.19+dfsg-1
@@ -4055,9 +4112,9 @@ CVE-2025-20036 (Mattermost Mobile Apps versions <=2.22.0 fail to properly valida
 	NOT-FOR-US: Mattermost Mobile Apps
 CVE-2025-0502 (Transmission of Private Resources into a New Sphere ('Resource Leak')  ...)
 	NOT-FOR-US: CrafterCMS
-CVE-2025-0501 (An issue in the native clients for Amazon WorkSpaces Clients when runn ...)
+CVE-2025-0501 (An issue in the native clients for Amazon WorkSpaces (when running PCo ...)
 	NOT-FOR-US: Amazon
-CVE-2025-0500 (An issue in the native clients for Amazon WorkSpaces, Amazon AppStream ...)
+CVE-2025-0500 (An issue in the native clients for Amazon WorkSpaces (when running Ama ...)
 	NOT-FOR-US: Amazon
 CVE-2025-0485 (A vulnerability was found in Fanli2012 native-php-cms 1.0. It has been ...)
 	NOT-FOR-US: Fanli2012 native-php-cms
@@ -12315,7 +12372,7 @@ CVE-2024-55085 (GetSimple CMS CE 3.3.19 suffers from arbitrary code execution in
 	NOT-FOR-US: GetSimple CMS CE
 CVE-2024-54125 (Improper authorization in handler for custom URL scheme issue in "Shon ...)
 	NOT-FOR-US: Shonen Jump+
-CVE-2024-52949 (iptraf-ng 1.2.1 has a stack-based buffer overflow.)
+CVE-2024-52949 (iptraf-ng 1.2.1 has a stack-based buffer overflow. In src/ifaces.c, th ...)
 	- iptraf-ng <unfixed> (unimportant; bug #1090381)
 	NOTE: https://github.com/iptraf-ng/iptraf-ng/commit/2b623e991115358a57275af8a53feb5ae707b3ae (v1.2.2)
 	NOTE: Negligible security impact
@@ -261405,8 +261462,8 @@ CVE-2021-44020 (An unnecessary privilege vulnerability in Trend Micro Worry-Free
 	NOT-FOR-US: Trend Micro
 CVE-2021-44019 (An unnecessary privilege vulnerability in Trend Micro Worry-Free Busin ...)
 	NOT-FOR-US: Trend Micro
-CVE-2021-3978
-	RESERVED
+CVE-2021-3978 (When copying files with rsync, octorpki uses the "-a" flag 0, which fo ...)
+	TODO: check
 CVE-2021-3977 (invoiceninja is vulnerable to Improper Neutralization of Input During  ...)
 	NOT-FOR-US: invoiceninja
 CVE-2021-44018 (A vulnerability has been identified in JT2Go (All versions < V13.2.0.7 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/62e6b872e11317b4fac9c1d50551e99b22d5bdaf

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/62e6b872e11317b4fac9c1d50551e99b22d5bdaf
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250129/02ed3c90/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list