[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Jan 30 20:12:52 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
65dbe436 by security tracker role at 2025-01-30T20:12:46+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,217 @@
+CVE-2025-24883 (go-ethereum (geth) is a golang execution layer implementation of the E ...)
+ TODO: check
+CVE-2025-24802 (Plonky2 is a SNARK implementation based on techniques from PLONK and F ...)
+ TODO: check
+CVE-2025-24784 (kubewarden-controller is a Kubernetes controller that allows you to dy ...)
+ TODO: check
+CVE-2025-24507 (This vulnerability allows appliance compromise at boot time.)
+ TODO: check
+CVE-2025-24506 (A specific authentication strategy allows to learn ids of PAM users as ...)
+ TODO: check
+CVE-2025-24505 (This vulnerability allows a high-privileged authenticated PAM user to ...)
+ TODO: check
+CVE-2025-24504 (An improper input validation the CSRF filter results in unsanitized us ...)
+ TODO: check
+CVE-2025-24503 (A malicious actor can fix the session of a PAM user by tricking the us ...)
+ TODO: check
+CVE-2025-24502 (An improper session validation allows an unauthenticated attacker to c ...)
+ TODO: check
+CVE-2025-24501 (An improper input validation allows an unauthenticated attacker to alt ...)
+ TODO: check
+CVE-2025-24500 (The vulnerability allows an unauthenticated attacker to access informa ...)
+ TODO: check
+CVE-2025-24376 (kubewarden-controller is a Kubernetes controller that allows you to dy ...)
+ TODO: check
+CVE-2025-24099 (The issue was addressed with improved checks. This issue is fixed in m ...)
+ TODO: check
+CVE-2025-23367 (A flaw was found in the Wildfly Server Role Based Access Control (RBAC ...)
+ TODO: check
+CVE-2025-23216 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...)
+ TODO: check
+CVE-2025-23007 (A vulnerability in the NetExtender Windows client log export function ...)
+ TODO: check
+CVE-2025-22222 (VMware Aria Operations contains an information disclosure vulnerabilit ...)
+ TODO: check
+CVE-2025-22221 (VMware Aria Operation for Logs contains a stored cross-site scripting ...)
+ TODO: check
+CVE-2025-22220 (VMware Aria Operations for Logs contains a privilege escalationvulnera ...)
+ TODO: check
+CVE-2025-22219 (VMware Aria Operations for Logs contains a stored cross-site scripting ...)
+ TODO: check
+CVE-2025-22218 (VMware Aria Operations for Logs contains an information disclosure vul ...)
+ TODO: check
+CVE-2025-21107 (Dell NetWorker, version(s) prior to 19.11.0.3, all versions of 19.10 & ...)
+ TODO: check
+CVE-2025-0874 (A vulnerability, which was classified as critical, has been found in c ...)
+ TODO: check
+CVE-2025-0873 (A vulnerability classified as critical was found in itsourcecode Tailo ...)
+ TODO: check
+CVE-2025-0872 (A vulnerability classified as critical has been found in itsourcecode ...)
+ TODO: check
+CVE-2025-0871 (A vulnerability classified as problematic has been found in Maybecms 1 ...)
+ TODO: check
+CVE-2025-0870 (A vulnerability was found in Axiomatic Bento4 up to 1.6.0-641. It has ...)
+ TODO: check
+CVE-2025-0869 (A vulnerability was found in Cianet ONU GW24AC up to 20250127. It has ...)
+ TODO: check
+CVE-2025-0861 (The VR-Frases (collect & share quotes) plugin for WordPress is vulnera ...)
+ TODO: check
+CVE-2025-0860 (The VR-Frases (collect & share quotes) plugin for WordPress is vulnera ...)
+ TODO: check
+CVE-2025-0834 (Privilege escalation vulnerability has been found in Wondershare Dr.Fo ...)
+ TODO: check
+CVE-2025-0747 (A Stored Cross-Site Scripting vulnerability has been found in EmbedAI. ...)
+ TODO: check
+CVE-2025-0746 (A Reflected Cross-Site Scripting vulnerability has been found in Embed ...)
+ TODO: check
+CVE-2025-0745 (An Improper Access Control vulnerability has been found in EmbedAI 2.1 ...)
+ TODO: check
+CVE-2025-0744 (an Improper Access Control vulnerability has been found in EmbedAI 2.1 ...)
+ TODO: check
+CVE-2025-0743 (An Improper Access Control vulnerability has been found in EmbedAI 2.1 ...)
+ TODO: check
+CVE-2025-0742 (An Improper Access Control vulnerability has been found in EmbedAI 2.1 ...)
+ TODO: check
+CVE-2025-0741 (An Improper Access Control vulnerability has been found in EmbedAI 2 ...)
+ TODO: check
+CVE-2025-0740 (An Improper Access Control vulnerability has been found in EmbedAI 2 ...)
+ TODO: check
+CVE-2025-0739 (An Improper Access Control vulnerability has been found in EmbedAI 2.1 ...)
+ TODO: check
+CVE-2025-0683 (In its default configuration, the affected product transmits plain-tex ...)
+ TODO: check
+CVE-2025-0681 (The Cloud MQTT service of the affected products supports wildcard topi ...)
+ TODO: check
+CVE-2025-0680 (Affected products contain a vulnerability in the device cloud rpc comm ...)
+ TODO: check
+CVE-2025-0626 (The affected product sends out remote access requests to a hard-coded ...)
+ TODO: check
+CVE-2025-0498 (A data exposure vulnerability exists in all versions prior to V15.00.0 ...)
+ TODO: check
+CVE-2025-0497 (A data exposure vulnerability exists in all versions prior to V15.00.0 ...)
+ TODO: check
+CVE-2025-0477 (An encryption vulnerability exists in all versions prior to V15.00.001 ...)
+ TODO: check
+CVE-2025-0367 (In versions 3.1.0 and lower of the Splunk Supporting Add-on for Active ...)
+ TODO: check
+CVE-2025-0147 (Type confusion in the Zoom Workplace App for Linux before 6.2.10 may a ...)
+ TODO: check
+CVE-2025-0146 (Symlink following in the installer for Zoom Workplace App for macOS be ...)
+ TODO: check
+CVE-2025-0145 (Untrusted search path in the installer for some Zoom Workplace Apps fo ...)
+ TODO: check
+CVE-2025-0144 (Out-of-bounds write in some Zoom Workplace Apps may allow an authorize ...)
+ TODO: check
+CVE-2025-0143 (Out-of-bounds write in the Zoom Workplace App for Linux before version ...)
+ TODO: check
+CVE-2025-0142 (Cleartext storage of sensitive information in the Zoom Jenkins Marketp ...)
+ TODO: check
+CVE-2024-8494 (The Elementor Website Builder Pro plugin for WordPress is vulnerable t ...)
+ TODO: check
+CVE-2024-55417 (DevDojo Voyager through version 1.8.0 is vulnerable to bypassing the f ...)
+ TODO: check
+CVE-2024-55416 (DevDojo Voyager through version 1.8.0 is vulnerable to reflected XSS v ...)
+ TODO: check
+CVE-2024-55415 (DevDojo Voyager through 1.8.0 is vulnerable to path traversal at the / ...)
+ TODO: check
+CVE-2024-53615 (A command injection vulnerability in the video thumbnail rendering com ...)
+ TODO: check
+CVE-2024-44142 (The issue was addressed with improved bounds checks. This issue is fix ...)
+ TODO: check
+CVE-2024-2658 (A misconfiguration in lmadmin.exe of FlexNet Publisher versions prior ...)
+ TODO: check
+CVE-2024-13758 (The CP Contact Form with PayPal plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2024-13742 (The iControlWP \u2013 Multiple WordPress Site Manager plugin for WordP ...)
+ TODO: check
+CVE-2024-13732 (The Responsive Blocks \u2013 WordPress Gutenberg Blocks plugin for Wor ...)
+ TODO: check
+CVE-2024-13720 (The WP Image Uploader plugin for WordPress is vulnerable to arbitrary ...)
+ TODO: check
+CVE-2024-13715 (The zStore Manager Basic plugin for WordPress is vulnerable to unautho ...)
+ TODO: check
+CVE-2024-13707 (The WP Image Uploader plugin for WordPress is vulnerable to Cross-Site ...)
+ TODO: check
+CVE-2024-13706 (The WP Image Uploader plugin for WordPress is vulnerable to Reflected ...)
+ TODO: check
+CVE-2024-13705 (The StageShow plugin for WordPress is vulnerable to Reflected Cross-Si ...)
+ TODO: check
+CVE-2024-13700 (The Embed Swagger UI plugin for WordPress is vulnerable to Stored Cros ...)
+ TODO: check
+CVE-2024-13694 (The WooCommerce Wishlist (High customization, fast setup,Free Elemento ...)
+ TODO: check
+CVE-2024-13671 (The Music Sheet Viewer plugin for WordPress is vulnerable to Arbitrary ...)
+ TODO: check
+CVE-2024-13670 (The Music Sheet Viewer plugin for WordPress is vulnerable to Stored Cr ...)
+ TODO: check
+CVE-2024-13664 (The WP Post List Table plugin for WordPress is vulnerable to Stored Cr ...)
+ TODO: check
+CVE-2024-13661 (The Table Editor plugin for WordPress is vulnerable to Stored Cross-Si ...)
+ TODO: check
+CVE-2024-13652 (The ECPay Ecommerce for WooCommerce plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2024-13646 (The Single-user-chat plugin for WordPress is vulnerable to unauthorize ...)
+ TODO: check
+CVE-2024-13596 (The WordPress Survey & Poll \u2013 Quiz, Survey and Poll Plugin for Wo ...)
+ TODO: check
+CVE-2024-13549 (The All Bootstrap Blocks plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2024-13512 (The Wonder FontAwesome plugin for WordPress is vulnerable to Cross-Sit ...)
+ TODO: check
+CVE-2024-13466 (The Automatically Hierarchic Categories in Menu plugin for WordPress i ...)
+ TODO: check
+CVE-2024-13460 (The WE \u2013 Testimonial Slider plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2024-13453 (The The Contact Form & SMTP Plugin for WordPress by PirateForms plugin ...)
+ TODO: check
+CVE-2024-13400 (The Kona Gallery Block plugin for WordPress is vulnerable to Stored Cr ...)
+ TODO: check
+CVE-2024-13380 (The Alex Reservations: Smart Restaurant Booking plugin for WordPress i ...)
+ TODO: check
+CVE-2024-13349 (The Stockdio Historical Chart plugin for WordPress is vulnerable to St ...)
+ TODO: check
+CVE-2024-12861 (The W2S \u2013 Migrate WooCommerce to Shopify plugin for WordPress is ...)
+ TODO: check
+CVE-2024-12822 (The Media Manager for UserPro plugin for WordPress is vulnerable to un ...)
+ TODO: check
+CVE-2024-12821 (The Media Manager for UserPro plugin for WordPress is vulnerable to un ...)
+ TODO: check
+CVE-2024-12524 (The Clinked Client Portal plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2024-12451 (The HTML5 chat plugin for WordPress is vulnerable to Stored Cross-Site ...)
+ TODO: check
+CVE-2024-12444 (The WP Dispensary plugin for WordPress is vulnerable to Stored Cross-S ...)
+ TODO: check
+CVE-2024-12409 (The Simple:Press Forum plugin for WordPress is vulnerable to Reflected ...)
+ TODO: check
+CVE-2024-12320 (The Team Rosters plugin for WordPress is vulnerable to Reflected Cross ...)
+ TODO: check
+CVE-2024-12299 (The System Dashboard plugin for WordPress is vulnerable to Reflected C ...)
+ TODO: check
+CVE-2024-12269 (The Safe Ai Malware Protection for WP plugin for WordPress is vulnerab ...)
+ TODO: check
+CVE-2024-12248 (The affected product is vulnerable to an out-of-bounds write, which co ...)
+ TODO: check
+CVE-2024-12177 (The Ai Image Alt Text Generator for WP plugin for WordPress is vulnera ...)
+ TODO: check
+CVE-2024-12129 (The Royal Core plugin for WordPress is vulnerable to unauthorized modi ...)
+ TODO: check
+CVE-2024-12102 (The Typer Core plugin for WordPress is vulnerable to Information Expos ...)
+ TODO: check
+CVE-2024-11600 (The Borderless \u2013 Widgets, Elements, Templates and Toolkit for Ele ...)
+ TODO: check
+CVE-2024-11583 (The Borderless \u2013 Widgets, Elements, Templates and Toolkit for Ele ...)
+ TODO: check
+CVE-2024-10847 (The Storely theme for WordPress is vulnerable to Stored Cross-Site Scr ...)
+ TODO: check
+CVE-2024-10604 (Vulnerabilities in the algorithms used by Fuchsia to populate network ...)
+ TODO: check
+CVE-2024-10603 (Weaknesses in the generation of TCP/UDP source ports and some other he ...)
+ TODO: check
+CVE-2024-10591 (The MWB HubSpot for WooCommerce \u2013 CRM, Abandoned Cart, Email Mark ...)
+ TODO: check
+CVE-2024-10026 (A weak hashing algorithm and small sizes of seeds/secrets in Google's ...)
+ TODO: check
CVE-2025-24884 (kube-audit-rest is a simple logger of mutation/creation requests to th ...)
NOT-FOR-US: kube-audit-rest
CVE-2025-24795 (The Snowflake Connector for Python provides an interface for developin ...)
@@ -5409,7 +5623,7 @@ CVE-2024-12086 (A flaw was found in rsync. It could allow a server to enumerate
NOTE: Fixed by: https://git.samba.org/?p=rsync.git;a=commit;h=c35e28331f10ba6eba370611abd78bde32d54da7 (v3.4.0)
NOTE: Fixed by: https://git.samba.org/?p=rsync.git;a=commit;h=9f86ddc9652247233f32b241a79d5aa4fb9d4afa (v3.4.0)
NOTE: Fix introduces regression: https://github.com/RsyncProject/rsync/issues/715 (#1093160)
-CVE-2024-12085 (A flaw was found in the rsync daemon which could be triggered when rsy ...)
+CVE-2024-12085 (A flaw was found in rsync which could be triggered when rsync compares ...)
{DSA-5843-1 DLA-4015-1}
- rsync 3.3.0+ds1-3
NOTE: https://www.openwall.com/lists/oss-security/2025/01/14/3
@@ -5719,7 +5933,8 @@ CVE-2024-51491 (notion-go is a collection of libraries for supporting sign and v
NOTE: https://github.com/notaryproject/notation-go/security/advisories/GHSA-qjh3-4j3h-vmwp
NOTE: Introduced by: https://github.com/notaryproject/notation-go/commit/84c2ec076201697ad05e5315444812f824dad56b (v1.3.0-rc.1)
NOTE: Fixed by: https://github.com/notaryproject/notation-go/commit/3c3302258ad510fbca2f8a73731569d91f07d196 (v1.3.0-rc.2)
-CVE-2024-13348 (The Smart Agenda \u2013 Prise de rendez-vous en ligne plugin for WordP ...)
+CVE-2024-13348
+ REJECTED
NOT-FOR-US: WordPress plugin
CVE-2024-13324
REJECTED
@@ -7920,6 +8135,7 @@ CVE-2024-53932 (The com.remi.colorphone.callscreen.calltheme.callerscreen (aka C
CVE-2024-53931 (The com.glitter.caller.screen (aka iCaller, Caller Theme & Dialer) app ...)
NOT-FOR-US: com.glitter.caller.screen (aka iCaller, Caller Theme & Dialer) application
CVE-2024-51741 (Redis is an open source, in-memory database that persists on disk. An ...)
+ {DSA-5856-1}
- redis 5:7.0.15-3 (bug #1092370)
[bullseye] - redis <not-affected> (Vulnerable code introduced in 7.0)
- redict 7.3.2+ds-1 (bug #1092372)
@@ -7939,7 +8155,7 @@ CVE-2024-48455 (An issue in Netis Wifi6 Router NX10 2.0.1.3643 and 2.0.1.3582 an
CVE-2024-47398 (in OpenHarmony v4.1.2 and prior versions allow a local attacker cause ...)
NOT-FOR-US: OpenHarmony
CVE-2024-46981 (Redis is an open source, in-memory database that persists on disk. An ...)
- {DLA-4025-1}
+ {DSA-5856-1 DLA-4025-1}
- redis 5:7.0.15-3 (bug #1092370)
- redict 7.3.2+ds-1 (bug #1092372)
- valkey 8.0.2+dfsg1-1 (bug #1092371)
@@ -151780,8 +151996,8 @@ CVE-2023-29082
RESERVED
CVE-2023-29081 (A vulnerability has been reported in Suite Setups built with versions ...)
NOT-FOR-US: InstallShield
-CVE-2023-29080
- RESERVED
+CVE-2023-29080 (Potential privilege escalation vulnerability in Revenera InstallShield ...)
+ TODO: check
CVE-2023-29079
REJECTED
CVE-2023-29078
@@ -190431,8 +190647,8 @@ CVE-2022-43918
RESERVED
CVE-2022-43917 (IBM WebSphere Application Server 8.5 and 9.0 traditional container use ...)
NOT-FOR-US: IBM
-CVE-2022-43916
- RESERVED
+CVE-2022-43916 (IBM App Connect Enterprise Certified Container 7.1, 7.2, 8.0, 8.1, 8.2 ...)
+ TODO: check
CVE-2022-43915 (IBM App Connect Enterprise Certified Container 5.0, 7.1, 7.2, 8.0, 8.1 ...)
NOT-FOR-US: IBM
CVE-2022-43914 (IBM TRIRIGA Application Platform 4.0 is vulnerable to cross-site scrip ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/65dbe436127607650100434b7cea98d56e343b79
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/65dbe436127607650100434b7cea98d56e343b79
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250130/2266e450/attachment.htm>
More information about the debian-security-tracker-commits
mailing list