[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jan 30 08:12:01 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
038295e3 by security tracker role at 2025-01-30T08:11:55+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,83 @@
+CVE-2025-24884 (kube-audit-rest is a simple logger of mutation/creation requests to th ...)
+	TODO: check
+CVE-2025-24795 (The Snowflake Connector for Python provides an interface for developin ...)
+	TODO: check
+CVE-2025-24794 (The Snowflake Connector for Python provides an interface for developin ...)
+	TODO: check
+CVE-2025-24793 (The Snowflake Connector for Python provides an interface for developin ...)
+	TODO: check
+CVE-2025-24788 (snowflake-connector-net is the Snowflake Connector for .NET. Snowflake ...)
+	TODO: check
+CVE-2025-23374 (Dell Networking Switches running Enterprise SONiC OS, version(s) prior ...)
+	TODO: check
+CVE-2025-21415 (Authentication bypass by spoofing in Azure AI Face Service allows an a ...)
+	TODO: check
+CVE-2025-21396 (Missing authorization in Microsoft Account allows an unauthorized atta ...)
+	TODO: check
+CVE-2025-0851 (A path traversal issue in ZipUtils.unzip and TarUtils.untar in Deep Ja ...)
+	TODO: check
+CVE-2025-0849 (A vulnerability classified as critical has been found in CampCodes Sch ...)
+	TODO: check
+CVE-2025-0848 (A vulnerability was found in Tenda A18 up to 15.13.07.09. It has been  ...)
+	TODO: check
+CVE-2025-0847 (A vulnerability was found in 1000 Projects Employee Task Management Sy ...)
+	TODO: check
+CVE-2025-0846 (A vulnerability was found in 1000 Projects Employee Task Management Sy ...)
+	TODO: check
+CVE-2025-0844 (A vulnerability was found in needyamin Library Card System 1.0. It has ...)
+	TODO: check
+CVE-2025-0843 (A vulnerability was found in needyamin Library Card System 1.0. It has ...)
+	TODO: check
+CVE-2025-0842 (A vulnerability was found in needyamin Library Card System 1.0 and cla ...)
+	TODO: check
+CVE-2025-0841 (A vulnerability has been found in Aridius XYZ up to 20240927 on OpenCa ...)
+	TODO: check
+CVE-2025-0662 (In some cases, the ktrace facility will log the contents of kernel str ...)
+	TODO: check
+CVE-2025-0374 (When etcupdate encounters conflicts while merging files, it saves a ve ...)
+	TODO: check
+CVE-2025-0373 (On 64-bit systems, the implementation of VOP_VPTOFH() in the cd9660, t ...)
+	TODO: check
+CVE-2024-57665 (JFinalCMS 1.0 is vulnerable to SQL Injection in rc/main/java/com/cms/e ...)
+	TODO: check
+CVE-2024-57513 (A floating-point exception (FPE) vulnerability exists in the AP4_TfraA ...)
+	TODO: check
+CVE-2024-57510 (Buffer Overflow vulnerability in Bento4 mp42avc v.3bdc891602d19789b8e8 ...)
+	TODO: check
+CVE-2024-57509 (Buffer Overflow vulnerability in Bento4 mp42avc v.3bdc891602d19789b8e8 ...)
+	TODO: check
+CVE-2024-57395 (Password Vulnerability in Safety production process management system  ...)
+	TODO: check
+CVE-2024-54852 (When LDAP connection is activated in Teedy versions between 1.9 to 1.1 ...)
+	TODO: check
+CVE-2024-54851 (Teedy <= 1.12 is vulnerable to Cross Site Request Forgery (CSRF), due  ...)
+	TODO: check
+CVE-2024-51182 (HTML Injection vulnerability in Celk Sistemas Celk Saude v.3.1.252.1 a ...)
+	TODO: check
+CVE-2024-48761 (The specific component in Celk Saude 3.1.252.1 that processes user inp ...)
+	TODO: check
+CVE-2024-23733 (The /WmAdmin/,/invoke/vm.server/login login page in the Integration Se ...)
+	TODO: check
+CVE-2024-13642 (The Stratum \u2013 Elementor Widgets plugin for WordPress is vulnerabl ...)
+	TODO: check
+CVE-2024-13470 (The Ninja Forms \u2013 The Contact Form Builder That Grows With You pl ...)
+	TODO: check
+CVE-2024-13457 (The Event Tickets and Registration plugin for WordPress is vulnerable  ...)
+	TODO: check
+CVE-2024-12921 (The EthereumICO plugin for WordPress is vulnerable to Stored Cross-Sit ...)
+	TODO: check
+CVE-2024-12709 (The Bulk Me Now! WordPress plugin through 2.0 does not have CSRF check ...)
+	TODO: check
+CVE-2024-12708 (The Bulk Me Now! WordPress plugin through 2.0 does not validate and es ...)
+	TODO: check
+CVE-2024-12638 (The Bulk Me Now! WordPress plugin through 2.0 does not sanitise and es ...)
+	TODO: check
+CVE-2024-12400 (The tourmaster WordPress plugin before 5.3.5 does not escape generated ...)
+	TODO: check
+CVE-2024-12163 (The goodlayers-core WordPress plugin before 2.1.3 allows users with a  ...)
+	TODO: check
+CVE-2024-10309 (The Tracking Code Manager WordPress plugin before 2.4.0 does not sanit ...)
+	TODO: check
 CVE-2025-24528 [Prevent overflow when calculating ulog block size]
 	- krb5 <unfixed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2342796
@@ -67,10 +147,12 @@ CVE-2023-37398 (IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that use
 	NOT-FOR-US: IBM
 CVE-2023-35907 (IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users sho ...)
 	NOT-FOR-US: IBM
-CVE-2024-12705 [DNS-over-HTTPS implementation suffers from multiple issues under heavy query load]
+CVE-2024-12705 (Clients using DNS-over-HTTPS (DoH) can exhaust a DNS resolver's CPU an ...)
+	{DSA-5854-1}
 	- bind9 <unfixed>
 	NOTE: https://kb.isc.org/docs/cve-2024-12705
-CVE-2024-11187 [Many records in the additional section cause CPU exhaustion]
+CVE-2024-11187 (It is possible to construct a zone such that some queries to it will g ...)
+	{DSA-5854-1}
 	- bind9 <unfixed>
 	NOTE: https://kb.isc.org/docs/cve-2024-11187
 CVE-2025-24826 (Local privilege escalation due to insecure folder permissions. The fol ...)
@@ -144,6 +226,7 @@ CVE-2023-35017 (IBM Security Verify Governance 10.0.2 Identity Manager can trans
 CVE-2023-33838 (IBM Security Verify Governance 10.0.2 Identity Manager   uses a one-wa ...)
 	NOT-FOR-US: IBM
 CVE-2025-0762 (Use after free in DevTools in Google Chrome prior to 132.0.6834.159 al ...)
+	{DSA-5855-1}
 	- chromium 132.0.6834.159-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2025-24800 (Hyperbridge is a hyper-scalable coprocessor for verifiable, cross-chai ...)
@@ -913,7 +996,7 @@ CVE-2025-24361 (Nuxt is an open-source web development framework for Vue.js. Sou
 	NOT-FOR-US: Nuxt
 CVE-2025-24360 (Nuxt is an open-source web development framework for Vue.js. Starting  ...)
 	NOT-FOR-US: Nuxt
-CVE-2025-21262 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
+CVE-2025-21262 (User Interface (UI) Misrepresentation of Critical Information in Micro ...)
 	NOT-FOR-US: Microsoft
 CVE-2025-0710 (A vulnerability classified as problematic has been found in CampCodes  ...)
 	NOT-FOR-US: CampCodes School Management Software
@@ -4376,6 +4459,7 @@ CVE-2024-10775 (The Piotnet Addons For Elementor plugin for WordPress is vulnera
 CVE-2025-23061 (Mongoose before 8.9.5 can improperly use a nested $where filter with a ...)
 	NOT-FOR-US: Mongoose
 CVE-2025-23013 (In Yubico pam-u2f before 1.3.1, local privilege escalation can sometim ...)
+	{DSA-5853-1}
 	- pam-u2f 1.3.1-1
 	NOTE: Fixed by: https://github.com/Yubico/pam-u2f/commit/a96ef17f74b8e4ed80a97322120af1a228a1ffb7 (pam_u2f-1.3.1)
 	NOTE: Fixed by: https://github.com/Yubico/pam-u2f/commit/08199144d870a63275a4601dbc6751ac68d48301 (pam_u2f-1.3.1)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/038295e378b79a20fa24435ca28d066267f6df98

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/038295e378b79a20fa24435ca28d066267f6df98
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250130/e2dabe98/attachment.htm>

More information about the debian-security-tracker-commits mailing list