[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Jan 31 08:12:34 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4fbf57db by security tracker role at 2025-01-31T08:12:28+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,151 @@
+CVE-2025-24886 (pwn.college is an education platform to learn about, and practice, cor ...)
+ TODO: check
+CVE-2025-24885 (pwn.college is an education platform to learn about, and practice, cor ...)
+ TODO: check
+CVE-2025-24336 (SXF Common Library handles input data improperly. If a product using t ...)
+ TODO: check
+CVE-2025-22216 (A UAA configured with multiple identity zones, does not properly valid ...)
+ TODO: check
+CVE-2025-0882 (A vulnerability was found in code-projects Chat System up to 1.0. It h ...)
+ TODO: check
+CVE-2025-0881 (A vulnerability was found in Codezips Gym Management System 1.0. It ha ...)
+ TODO: check
+CVE-2025-0880 (A vulnerability was found in Codezips Gym Management System 1.0 and cl ...)
+ TODO: check
+CVE-2025-0809 (The Link Fixer plugin for WordPress is vulnerable to Stored Cross-Site ...)
+ TODO: check
+CVE-2025-0574 (Sante PACS Server URL path Memory Corruption Denial-of-Service Vulnera ...)
+ TODO: check
+CVE-2025-0573 (Sante PACS Server DCM File Parsing Directory Traversal Arbitrary File ...)
+ TODO: check
+CVE-2025-0572 (Sante PACS Server Web Portal DCM File Parsing Directory Traversal Arbi ...)
+ TODO: check
+CVE-2025-0571 (Sante PACS Server Web Portal DCM File Parsing Memory Corruption Denial ...)
+ TODO: check
+CVE-2025-0570 (Sante PACS Server Web Portal DCM File Parsing Memory Corruption Denial ...)
+ TODO: check
+CVE-2025-0569 (Sante PACS Server DCM File Parsing Memory Corruption Denial-of-Service ...)
+ TODO: check
+CVE-2025-0568 (Sante PACS Server DCM File Parsing Memory Corruption Denial-of-Service ...)
+ TODO: check
+CVE-2025-0507 (The Ticketmeo \u2013 Sell Tickets \u2013 Event Ticketing plugin for Wo ...)
+ TODO: check
+CVE-2025-0493 (The MultiVendorX \u2013 The Ultimate WooCommerce Multivendor Marketpla ...)
+ TODO: check
+CVE-2025-0470 (The Forminator Forms \u2013 Contact Form, Payment Form & Custom Form B ...)
+ TODO: check
+CVE-2024-53007 (Bentley Systems ProjectWise Integration Server before 10.00.03.288 all ...)
+ TODO: check
+CVE-2024-52875 (An issue was discovered in GFI Kerio Control 9.2.5 through 9.4.5. The ...)
+ TODO: check
+CVE-2024-47900 (Software installed and run as a non-privileged user may conduct improp ...)
+ TODO: check
+CVE-2024-47899 (Software installed and run as a non-privileged user may conduct improp ...)
+ TODO: check
+CVE-2024-47898 (Software installed and run as a non-privileged user may conduct improp ...)
+ TODO: check
+CVE-2024-47891 (Software installed and run as a non-privileged user may conduct improp ...)
+ TODO: check
+CVE-2024-46974 (Software installed and run as a non-privileged user may conduct improp ...)
+ TODO: check
+CVE-2024-24731 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ TODO: check
+CVE-2024-23973 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ TODO: check
+CVE-2024-23971 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ TODO: check
+CVE-2024-23970 (This vulnerability allows network-adjacent attackers to compromise tra ...)
+ TODO: check
+CVE-2024-23969 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ TODO: check
+CVE-2024-23968 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ TODO: check
+CVE-2024-23963 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ TODO: check
+CVE-2024-23962 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ TODO: check
+CVE-2024-23937 (This vulnerability allows network-adjacent attackers to disclose sensi ...)
+ TODO: check
+CVE-2024-23930 (This vulnerability allows network-adjacent attackers to create a denia ...)
+ TODO: check
+CVE-2024-23929 (This vulnerability allows network-adjacent attackers to create arbitra ...)
+ TODO: check
+CVE-2024-23928 (This vulnerability allows network-adjacent attackers to compromise the ...)
+ TODO: check
+CVE-2024-23921 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ TODO: check
+CVE-2024-23920 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ TODO: check
+CVE-2024-1211 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ TODO: check
+CVE-2024-13817
+ REJECTED
+CVE-2024-13767 (The Live2DWebCanvas plugin for WordPress is vulnerable to arbitrary fi ...)
+ TODO: check
+CVE-2024-13717 (The Contact Form and Calls To Action by vcita plugin for WordPress is ...)
+ TODO: check
+CVE-2024-13623 (The Order Export for WooCommerce plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2024-13530 (The Custom Login Page Styler \u2013 Limit Login Attempts \u2013 Restri ...)
+ TODO: check
+CVE-2024-13504 (The Shared Files \u2013 Frontend File Upload Form & Secure File Sharin ...)
+ TODO: check
+CVE-2024-13463 (The SeatReg plugin for WordPress is vulnerable to Stored Cross-Site Sc ...)
+ TODO: check
+CVE-2024-13424 (The Ni Sales Commission For WooCommerce plugin for WordPress is vulner ...)
+ TODO: check
+CVE-2024-13415 (The Food Menu \u2013 Restaurant Menu & Online Ordering for WooCommerce ...)
+ TODO: check
+CVE-2024-13399 (The Gosign \u2013 Posts Slider Block plugin for WordPress is vulnerabl ...)
+ TODO: check
+CVE-2024-13397 (The WPRadio \u2013 WordPress Radio Streaming Plugin plugin for WordPre ...)
+ TODO: check
+CVE-2024-13396 (The Frictionless plugin for WordPress is vulnerable to Stored Cross-Si ...)
+ TODO: check
+CVE-2024-13226 (The A5 Custom Login Page WordPress plugin through 2.8.1 does not sanit ...)
+ TODO: check
+CVE-2024-13225 (The ECT Home Page Products WordPress plugin through 1.9 does not sanit ...)
+ TODO: check
+CVE-2024-13224 (The SlideDeck 1 Lite Content Slider WordPress plugin through 1.4.8 doe ...)
+ TODO: check
+CVE-2024-13223 (The Tabulate WordPress plugin through 2.10.3 does not sanitise and esc ...)
+ TODO: check
+CVE-2024-13222 (The User Messages WordPress plugin through 1.2.4 does not sanitise and ...)
+ TODO: check
+CVE-2024-13221 (The Fantastic ElasticSearch WordPress plugin through 4.1.0 does not sa ...)
+ TODO: check
+CVE-2024-13220 (The WordPress Google Map Professional (Map In Your Language) WordPress ...)
+ TODO: check
+CVE-2024-13219 (The Privacy Policy Genius WordPress plugin through 2.0.4 does not sani ...)
+ TODO: check
+CVE-2024-13218 (The Fast Tube WordPress plugin through 2.3.1 does not sanitise and esc ...)
+ TODO: check
+CVE-2024-13216 (The HT Event \u2013 WordPress Event Manager Plugin for Elementor plugi ...)
+ TODO: check
+CVE-2024-13112 (The WP MediaTagger WordPress plugin through 4.1.1 does not sanitise an ...)
+ TODO: check
+CVE-2024-13101 (The WP MediaTagger WordPress plugin through 4.1.1 does not validate an ...)
+ TODO: check
+CVE-2024-13100 (The OPSI Israel Domestic Shipments WordPress plugin through 2.6.3 does ...)
+ TODO: check
+CVE-2024-12872 (The Zalomen\xed WordPress plugin through 1.5 does not sanitise and esc ...)
+ TODO: check
+CVE-2024-12772 (The Ninja Tables WordPress plugin before 5.0.17 does not sanitize and ...)
+ TODO: check
+CVE-2024-12275 (The Canvasflow for WordPress plugin through 1.5.5 does not sanitise an ...)
+ TODO: check
+CVE-2024-11886 (The Contact Form and Calls To Action by vcita plugin for WordPress is ...)
+ TODO: check
+CVE-2024-11611 (AutomationDirect C-More EA9 EAP9 File Parsing Memory Corruption Remote ...)
+ TODO: check
+CVE-2024-11610 (AutomationDirect C-More EA9 EAP9 File Parsing Memory Corruption Remote ...)
+ TODO: check
+CVE-2024-11609 (AutomationDirect C-More EA9 EAP9 File Parsing Stack-based Buffer Overf ...)
+ TODO: check
+CVE-2024-10867 (The Borderless \u2013 Widgets, Elements, Templates and Toolkit for Ele ...)
+ TODO: check
+CVE-2023-6195 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ TODO: check
CVE-2025-24883 (go-ethereum (geth) is a golang execution layer implementation of the E ...)
- golang-github-go-ethereum <itp> (bug #890541)
CVE-2025-24802 (Plonky2 is a SNARK implementation based on techniques from PLONK and F ...)
@@ -172280,8 +172428,8 @@ CVE-2023-0094 (The UpQode Google Maps WordPress plugin through 1.0.5 does not va
NOT-FOR-US: WordPress plugin
CVE-2023-0093 (Okta Advanced Server Access Client versions 1.13.1 through 1.65.0 are ...)
NOT-FOR-US: Okta Advanced Server Access Client
-CVE-2023-0092
- RESERVED
+CVE-2023-0092 (An authenticated user who has read access to the juju controller model ...)
+ TODO: check
CVE-2023-0090 (The webservices in Proofpoint Enterprise Protection (PPS/POD) contain ...)
NOT-FOR-US: Proofpoint
CVE-2023-0089 (The webutils in Proofpoint Enterprise Protection (PPS/POD) contain a v ...)
@@ -226835,8 +226983,7 @@ CVE-2022-29888 (A leftover debug code vulnerability exists in the httpd port 444
NOT-FOR-US: InHand Networks InRouter302
CVE-2022-25932 (The firmware of InHand Networks InRouter302 V3.5.45 introduces fixes f ...)
NOT-FOR-US: InHand Networks InRouter302
-CVE-2022-1736
- RESERVED
+CVE-2022-1736 (Ubuntu's configuration of gnome-control-center allowed Remote Desktop ...)
- gnome-remote-desktop 42.1.1-2 (unimportant)
NOTE: https://bugs.launchpad.net/ubuntu/+source/gnome-remote-desktop/+bug/1973028/comments/3
NOTE: The CVE is assigned based on the Ubuntu policy strongly discouraging open ports by
@@ -233574,8 +233721,8 @@ CVE-2022-28655 (is_closing_session() allows users to create arbitrary tcp dbus c
NOT-FOR-US: Apport
CVE-2022-28654 (is_closing_session() allows users to fill up apport.log)
NOT-FOR-US: Apport
-CVE-2022-28653
- RESERVED
+CVE-2022-28653 (Users can consume unlimited disk space in /var/crash)
+ TODO: check
CVE-2022-28652 (~/.config/apport/settings parsing is vulnerable to "billion laughs" at ...)
NOT-FOR-US: Apport
CVE-2022-1235 (Weak secrethash can be brute-forced in GitHub repository livehelpercha ...)
@@ -377149,8 +377296,8 @@ CVE-2020-11938 (In JetBrains TeamCity 2018.2 through 2019.2.1, a project adminis
NOT-FOR-US: JetBrains TeamCity
CVE-2020-11937 (In whoopsie, parse_report() from whoopsie.c allows a local attacker to ...)
NOT-FOR-US: Whoopsie
-CVE-2020-11936
- RESERVED
+CVE-2020-11936 (gdbus setgid privilege escalation)
+ TODO: check
CVE-2020-11935 (It was discovered that aufs improperly managed inode reference counts ...)
- aufs <unfixed> (bug #964748)
[buster] - aufs <no-dsa> (Minor issue; CONFIG_IMA not enabled in kernel; can be fixed via point release)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4fbf57dbab8efb8edbb496f09ecf51b1a2156029
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4fbf57dbab8efb8edbb496f09ecf51b1a2156029
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250131/d7a56f92/attachment.htm>
More information about the debian-security-tracker-commits
mailing list