[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Mar 11 20:12:04 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1ff7210e by security tracker role at 2025-03-11T20:11:58+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,375 @@
+CVE-2025-2207 (A vulnerability classified as problematic was found in aitangbao sprin ...)
+ TODO: check
+CVE-2025-2206 (A vulnerability classified as problematic has been found in aitangbao ...)
+ TODO: check
+CVE-2025-2196 (A vulnerability was found in MRCMS 3.1.2. It has been declared as prob ...)
+ TODO: check
+CVE-2025-2195 (A vulnerability was found in MRCMS 3.1.2. It has been classified as pr ...)
+ TODO: check
+CVE-2025-2194 (A vulnerability was found in MRCMS 3.1.2 and classified as problematic ...)
+ TODO: check
+CVE-2025-2193 (A vulnerability has been found in MRCMS 3.1.2 and classified as critic ...)
+ TODO: check
+CVE-2025-2192 (A vulnerability, which was classified as problematic, was found in Sto ...)
+ TODO: check
+CVE-2025-2191 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2025-2189 (This vulnerability exists in the Tinxy smart devices due to storage of ...)
+ TODO: check
+CVE-2025-27893 (In Archer Platform 6 through 6.14.00202.10024, an authenticated user w ...)
+ TODO: check
+CVE-2025-27789 (Babel is a compiler for writing next generation JavaScript. When using ...)
+ TODO: check
+CVE-2025-27773 (The SimpleSAMLphp SAML2 library is a PHP library for SAML2 related fun ...)
+ TODO: check
+CVE-2025-27617 (Pimcore is an open source data and experience management platform. Pri ...)
+ TODO: check
+CVE-2025-27602 (Umbraco is a free and open source .NET content management system. In v ...)
+ TODO: check
+CVE-2025-27601 (Umbraco is a free and open source .NET content management system. An i ...)
+ TODO: check
+CVE-2025-27591 (A privilege escalation vulnerability existed in the Below service prio ...)
+ TODO: check
+CVE-2025-27494 (A vulnerability has been identified in SiPass integrated AC5102 (ACC-G ...)
+ TODO: check
+CVE-2025-27493 (A vulnerability has been identified in SiPass integrated AC5102 (ACC-G ...)
+ TODO: check
+CVE-2025-27440 (Heap overflow in some Zoom Workplace Apps may allow an authenticated u ...)
+ TODO: check
+CVE-2025-27439 (Buffer underflow in some Zoom Workplace Apps may allow an authenticate ...)
+ TODO: check
+CVE-2025-27438 (A vulnerability has been identified in Teamcenter Visualization V14.3 ...)
+ TODO: check
+CVE-2025-27403 (Ratify is a verification engine as a binary executable and on Kubernet ...)
+ TODO: check
+CVE-2025-27398 (A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00 ...)
+ TODO: check
+CVE-2025-27397 (A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00 ...)
+ TODO: check
+CVE-2025-27396 (A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00 ...)
+ TODO: check
+CVE-2025-27395 (A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00 ...)
+ TODO: check
+CVE-2025-27394 (A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00 ...)
+ TODO: check
+CVE-2025-27393 (A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00 ...)
+ TODO: check
+CVE-2025-27392 (A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00 ...)
+ TODO: check
+CVE-2025-27363 (An out of bounds write exists in FreeType versions 2.13.0 and below wh ...)
+ TODO: check
+CVE-2025-27179 (InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by ...)
+ TODO: check
+CVE-2025-27178 (InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by ...)
+ TODO: check
+CVE-2025-27177 (InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by ...)
+ TODO: check
+CVE-2025-27176 (InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by ...)
+ TODO: check
+CVE-2025-27175 (InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by ...)
+ TODO: check
+CVE-2025-27174 (Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and e ...)
+ TODO: check
+CVE-2025-27172 (Substance3D - Designer versions 14.1 and earlier are affected by an ou ...)
+ TODO: check
+CVE-2025-27171 (InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by ...)
+ TODO: check
+CVE-2025-27170 (Illustrator versions 29.2.1, 28.7.4 and earlier are affected by a NULL ...)
+ TODO: check
+CVE-2025-27169 (Illustrator versions 29.2.1, 28.7.4 and earlier are affected by an out ...)
+ TODO: check
+CVE-2025-27168 (Illustrator versions 29.2.1, 28.7.4 and earlier are affected by a Stac ...)
+ TODO: check
+CVE-2025-27167 (Illustrator versions 29.2.1, 28.7.4 and earlier are affected by an Unt ...)
+ TODO: check
+CVE-2025-27166 (InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by ...)
+ TODO: check
+CVE-2025-27164 (Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and e ...)
+ TODO: check
+CVE-2025-27163 (Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and e ...)
+ TODO: check
+CVE-2025-27162 (Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and e ...)
+ TODO: check
+CVE-2025-27161 (Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and e ...)
+ TODO: check
+CVE-2025-27160 (Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and e ...)
+ TODO: check
+CVE-2025-27159 (Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and e ...)
+ TODO: check
+CVE-2025-27158 (Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and e ...)
+ TODO: check
+CVE-2025-26701 (An issue was discovered in Percona PMM Server (OVA) before 3.0.0-1.ova ...)
+ TODO: check
+CVE-2025-26645 (Relative path traversal in Remote Desktop Client allows an unauthorize ...)
+ TODO: check
+CVE-2025-26634 (Heap-based buffer overflow in Windows Core Messaging allows an authori ...)
+ TODO: check
+CVE-2025-26633 (Improper neutralization in Microsoft Management Console allows an unau ...)
+ TODO: check
+CVE-2025-26631 (Uncontrolled search path element in Visual Studio Code allows an autho ...)
+ TODO: check
+CVE-2025-26630 (Use after free in Microsoft Office Access allows an unauthorized attac ...)
+ TODO: check
+CVE-2025-26629 (Use after free in Microsoft Office allows an unauthorized attacker to ...)
+ TODO: check
+CVE-2025-26627 (Improper neutralization of special elements used in a command ('comman ...)
+ TODO: check
+CVE-2025-25929 (A reflected cross-site scripting (XSS) vulnerability in the component ...)
+ TODO: check
+CVE-2025-25928 (A Cross-Site Request Forgery (CSRF) in the component /admin/users/user ...)
+ TODO: check
+CVE-2025-25927 (A Cross-Site Request Forgery (CSRF) in Openmrs 2.4.3 Build 0ff0ed allo ...)
+ TODO: check
+CVE-2025-25925 (A stored cross-scripting (XSS) vulnerability in Openmrs v2.4.3 Build 0 ...)
+ TODO: check
+CVE-2025-25749 (An issue in HotelDruid version 3.0.7 and earlier allows users to set w ...)
+ TODO: check
+CVE-2025-25748 (A CSRF vulnerability in the gestione_utenti.php endpoint of HotelDruid ...)
+ TODO: check
+CVE-2025-25747 (Cross Site Scripting vulnerability in DigitalDruid HotelDruid v.3.0.7 ...)
+ TODO: check
+CVE-2025-25680 (LSC Smart Connect LSC Indoor PTZ Camera 7.6.32 is contains a RCE vulne ...)
+ TODO: check
+CVE-2025-25267 (A vulnerability has been identified in Tecnomatix Plant Simulation V23 ...)
+ TODO: check
+CVE-2025-25266 (A vulnerability has been identified in Tecnomatix Plant Simulation V23 ...)
+ TODO: check
+CVE-2025-25008 (Improper link resolution before file access ('link following') in Micr ...)
+ TODO: check
+CVE-2025-25003 (Uncontrolled search path element in Visual Studio allows an authorized ...)
+ TODO: check
+CVE-2025-24998 (Uncontrolled search path element in Visual Studio allows an authorized ...)
+ TODO: check
+CVE-2025-24997 (Null pointer dereference in Windows Kernel Memory allows an authorized ...)
+ TODO: check
+CVE-2025-24996 (External control of file name or path in Windows NTLM allows an unauth ...)
+ TODO: check
+CVE-2025-24995 (Heap-based buffer overflow in Kernel Streaming WOW Thunk Service Drive ...)
+ TODO: check
+CVE-2025-24994 (Improper access control in Windows Cross Device Service allows an auth ...)
+ TODO: check
+CVE-2025-24993 (Heap-based buffer overflow in Windows NTFS allows an unauthorized atta ...)
+ TODO: check
+CVE-2025-24992 (Buffer over-read in Windows NTFS allows an unauthorized attacker to di ...)
+ TODO: check
+CVE-2025-24991 (Out-of-bounds read in Windows NTFS allows an authorized attacker to di ...)
+ TODO: check
+CVE-2025-24988 (Out-of-bounds read in Windows USB Video Driver allows an authorized at ...)
+ TODO: check
+CVE-2025-24987 (Out-of-bounds read in Windows USB Video Driver allows an authorized at ...)
+ TODO: check
+CVE-2025-24986 (Improper isolation or compartmentalization in Azure PromptFlow allows ...)
+ TODO: check
+CVE-2025-24985 (Integer overflow or wraparound in Windows Fast FAT Driver allows an un ...)
+ TODO: check
+CVE-2025-24984 (Insertion of sensitive information into log file in Windows NTFS allow ...)
+ TODO: check
+CVE-2025-24983 (Use after free in Windows Win32 Kernel Subsystem allows an authorized ...)
+ TODO: check
+CVE-2025-24453 (InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by ...)
+ TODO: check
+CVE-2025-24452 (InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by ...)
+ TODO: check
+CVE-2025-24451 (Substance3D - Painter versions 10.1.2 and earlier are affected by an o ...)
+ TODO: check
+CVE-2025-24450 (Substance3D - Painter versions 10.1.2 and earlier are affected by an o ...)
+ TODO: check
+CVE-2025-24449 (Illustrator versions 29.2.1, 28.7.4 and earlier are affected by an out ...)
+ TODO: check
+CVE-2025-24448 (Illustrator versions 29.2.1, 28.7.4 and earlier are affected by an out ...)
+ TODO: check
+CVE-2025-24445 (Substance3D - Sampler versions 4.5.2 and earlier are affected by an ou ...)
+ TODO: check
+CVE-2025-24444 (Substance3D - Sampler versions 4.5.2 and earlier are affected by an ou ...)
+ TODO: check
+CVE-2025-24443 (Substance3D - Sampler versions 4.5.2 and earlier are affected by a Hea ...)
+ TODO: check
+CVE-2025-24442 (Substance3D - Sampler versions 4.5.2 and earlier are affected by an ou ...)
+ TODO: check
+CVE-2025-24441 (Substance3D - Sampler versions 4.5.2 and earlier are affected by an ou ...)
+ TODO: check
+CVE-2025-24440 (Substance3D - Sampler versions 4.5.2 and earlier are affected by an ou ...)
+ TODO: check
+CVE-2025-24439 (Substance3D - Sampler versions 4.5.2 and earlier are affected by a Hea ...)
+ TODO: check
+CVE-2025-24431 (Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and e ...)
+ TODO: check
+CVE-2025-24201 (An out-of-bounds write issue was addressed with improved checks to pre ...)
+ TODO: check
+CVE-2025-24084 (Untrusted pointer dereference in Windows Subsystem for Linux allows an ...)
+ TODO: check
+CVE-2025-24083 (Untrusted pointer dereference in Microsoft Office allows an unauthoriz ...)
+ TODO: check
+CVE-2025-24082 (Use after free in Microsoft Office Excel allows an unauthorized attack ...)
+ TODO: check
+CVE-2025-24081 (Use after free in Microsoft Office Excel allows an unauthorized attack ...)
+ TODO: check
+CVE-2025-24080 (Use after free in Microsoft Office allows an unauthorized attacker to ...)
+ TODO: check
+CVE-2025-24079 (Use after free in Microsoft Office Word allows an unauthorized attacke ...)
+ TODO: check
+CVE-2025-24078 (Use after free in Microsoft Office Word allows an unauthorized attacke ...)
+ TODO: check
+CVE-2025-24077 (Use after free in Microsoft Office Word allows an unauthorized attacke ...)
+ TODO: check
+CVE-2025-24076 (Improper access control in Windows Cross Device Service allows an auth ...)
+ TODO: check
+CVE-2025-24075 (Stack-based buffer overflow in Microsoft Office Excel allows an unauth ...)
+ TODO: check
+CVE-2025-24072 (Use after free in Microsoft Local Security Authority Server (lsasrv) a ...)
+ TODO: check
+CVE-2025-24071 (Exposure of sensitive information to an unauthorized actor in Windows ...)
+ TODO: check
+CVE-2025-24070 (Weak authentication in ASP.NET Core & Visual Studio allows an unau ...)
+ TODO: check
+CVE-2025-24067 (Heap-based buffer overflow in Microsoft Streaming Service allows an au ...)
+ TODO: check
+CVE-2025-24066 (Heap-based buffer overflow in Windows Kernel-Mode Drivers allows an au ...)
+ TODO: check
+CVE-2025-24064 (Use after free in DNS Server allows an unauthorized attacker to execut ...)
+ TODO: check
+CVE-2025-24061 (Protection mechanism failure in Windows Mark of the Web (MOTW) allows ...)
+ TODO: check
+CVE-2025-24059 (Incorrect conversion between numeric types in Windows Common Log File ...)
+ TODO: check
+CVE-2025-24057 (Heap-based buffer overflow in Microsoft Office allows an unauthorized ...)
+ TODO: check
+CVE-2025-24056 (Heap-based buffer overflow in Windows Telephony Server allows an unaut ...)
+ TODO: check
+CVE-2025-24055 (Out-of-bounds read in Windows USB Video Driver allows an authorized at ...)
+ TODO: check
+CVE-2025-24054 (External control of file name or path in Windows NTLM allows an unauth ...)
+ TODO: check
+CVE-2025-24051 (Heap-based buffer overflow in Windows Routing and Remote Access Servic ...)
+ TODO: check
+CVE-2025-24050 (Heap-based buffer overflow in Role: Windows Hyper-V allows an authoriz ...)
+ TODO: check
+CVE-2025-24049 (Improper neutralization of special elements used in a command ('comman ...)
+ TODO: check
+CVE-2025-24048 (Heap-based buffer overflow in Role: Windows Hyper-V allows an authoriz ...)
+ TODO: check
+CVE-2025-24046 (Use after free in Microsoft Streaming Service allows an authorized att ...)
+ TODO: check
+CVE-2025-24045 (Sensitive data storage in improperly locked memory in Windows Remote D ...)
+ TODO: check
+CVE-2025-24044 (Use after free in Windows Win32 Kernel Subsystem allows an authorized ...)
+ TODO: check
+CVE-2025-24043 (Improper verification of cryptographic signature in .NET allows an aut ...)
+ TODO: check
+CVE-2025-24035 (Sensitive data storage in improperly locked memory in Windows Remote D ...)
+ TODO: check
+CVE-2025-23402 (A vulnerability has been identified in Teamcenter Visualization V14.3 ...)
+ TODO: check
+CVE-2025-23401 (A vulnerability has been identified in Teamcenter Visualization V14.3 ...)
+ TODO: check
+CVE-2025-23400 (A vulnerability has been identified in Teamcenter Visualization V14.3 ...)
+ TODO: check
+CVE-2025-23399 (A vulnerability has been identified in Teamcenter Visualization V14.3 ...)
+ TODO: check
+CVE-2025-23398 (A vulnerability has been identified in Teamcenter Visualization V14.3 ...)
+ TODO: check
+CVE-2025-23397 (A vulnerability has been identified in Teamcenter Visualization V14.3 ...)
+ TODO: check
+CVE-2025-23396 (A vulnerability has been identified in Teamcenter Visualization V14.3 ...)
+ TODO: check
+CVE-2025-23384 (A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6G ...)
+ TODO: check
+CVE-2025-23360 (NVIDIA Nemo Framework contains a vulnerability where a user could caus ...)
+ TODO: check
+CVE-2025-23243 (NVIDIA Riva contains a vulnerability where a user could cause an impro ...)
+ TODO: check
+CVE-2025-23242 (NVIDIA Riva contains a vulnerability where a user could cause an impro ...)
+ TODO: check
+CVE-2025-22454 (Insufficiently restrictive permissions in Ivanti Secure Access Client ...)
+ TODO: check
+CVE-2025-22370 (Many fields for the web configuration interface of the firmware for Me ...)
+ TODO: check
+CVE-2025-22369 (The ReadFile endpoint of the firmware for Mennekes Smart / Premium Cha ...)
+ TODO: check
+CVE-2025-22368 (The authenticated SCU firmware command of the firmware for Mennekes Sm ...)
+ TODO: check
+CVE-2025-22367 (The authenticated time setting capability of the firmware for Mennekes ...)
+ TODO: check
+CVE-2025-22366 (The authenticated firmware update capability of the firmware for Menne ...)
+ TODO: check
+CVE-2025-22213 (Inadequate checks in the Media Manager allowed users with "edit" privi ...)
+ TODO: check
+CVE-2025-21247 (Improper resolution of path equivalence in Windows MapUrlToZone allows ...)
+ TODO: check
+CVE-2025-21199 (Improper privilege management in Azure Agent Installer allows an autho ...)
+ TODO: check
+CVE-2025-21180 (Heap-based buffer overflow in Windows exFAT File System allows an unau ...)
+ TODO: check
+CVE-2025-21169 (Substance3D - Designer versions 14.1 and earlier are affected by a Hea ...)
+ TODO: check
+CVE-2025-1550 (The Keras Model.load_model function permits arbitrary code execution, ...)
+ TODO: check
+CVE-2025-0151 (Use after free in some Zoom Workplace Apps may allow an authenticated ...)
+ TODO: check
+CVE-2025-0150 (Incorrect behavior order in some Zoom Workplace Apps for iOS before ve ...)
+ TODO: check
+CVE-2025-0149 (Insufficient verification of data authenticity in some Zoom Workplace ...)
+ TODO: check
+CVE-2024-9157 (** UNSUPPORTED WHEN ASSIGNED ** A privilege escalation vulnerability ...)
+ TODO: check
+CVE-2024-56338 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.6 a ...)
+ TODO: check
+CVE-2024-56336 (A vulnerability has been identified in SINAMICS S200 (All versions wit ...)
+ TODO: check
+CVE-2024-56182 (A vulnerability has been identified in SIMATIC Field PG M5 (All versio ...)
+ TODO: check
+CVE-2024-56181 (A vulnerability has been identified in SIMATIC Field PG M5 (All versio ...)
+ TODO: check
+CVE-2024-55597 (A improper limitation of a pathname to a restricted directory ('path t ...)
+ TODO: check
+CVE-2024-55592 (An incorrect authorization vulnerability [CWE-863] in FortiSIEM 7.2 al ...)
+ TODO: check
+CVE-2024-55590 (Multiple improper neutralization of special elements used in an OS com ...)
+ TODO: check
+CVE-2024-54085 (AMI\u2019s SPx contains a vulnerability in the BMC where an Attacker m ...)
+ TODO: check
+CVE-2024-54084 (APTIOV contains a vulnerability in BIOS where an attacker may cause a ...)
+ TODO: check
+CVE-2024-54026 (An improper neutralization of special elements used in an sql command ...)
+ TODO: check
+CVE-2024-54018 (Multipleimproper neutralization of special elements used in an OS Comm ...)
+ TODO: check
+CVE-2024-52961 (An improper neutralization of special elements used in an OS Command v ...)
+ TODO: check
+CVE-2024-52960 (A client-side enforcement of server-side security vulnerability [CWE-6 ...)
+ TODO: check
+CVE-2024-52285 (A vulnerability has been identified in SiPass integrated AC5102 (ACC-G ...)
+ TODO: check
+CVE-2024-51322 (Cross Site Scripting vulnerability in Zucchetti Ad Hoc Infinity 2.4 al ...)
+ TODO: check
+CVE-2024-51321 (In Zucchetti Ad Hoc Infinity 2.4, an improper check on the m_cURL para ...)
+ TODO: check
+CVE-2024-51320 (Cross Site Scripting vulnerability in Zucchetti Ad Hoc Infinity 2.4 al ...)
+ TODO: check
+CVE-2024-51319 (A local file include vulnerability in the /servlet/Report of Zucchetti ...)
+ TODO: check
+CVE-2024-46663 (A stack-buffer overflow vulnerability [CWE-121] in Fortinet FortiMail ...)
+ TODO: check
+CVE-2024-45328 (An incorrect authorization vulnerability [CWE-863] in FortiSandbox 4.4 ...)
+ TODO: check
+CVE-2024-45324 (A use of externally-controlled format string vulnerability [CWE-134] i ...)
+ TODO: check
+CVE-2024-33501 (Two improper neutralization of special elements used in an SQL Command ...)
+ TODO: check
+CVE-2024-32123 (Multiple improper neutralization of special elements used in an os com ...)
+ TODO: check
+CVE-2024-28607 (The ip-utils package through 2.4.0 for Node.js might allow SSRF becaus ...)
+ TODO: check
+CVE-2024-12546 (EDK2 contains a vulnerability in BIOS where a user may cause an Intege ...)
+ TODO: check
+CVE-2023-48790 (A cross site request forgery vulnerability [CWE-352] in Fortinet Forti ...)
+ TODO: check
+CVE-2023-42784 (An improper handling of syntactically invalid structure in Fortinet Fo ...)
+ TODO: check
+CVE-2023-40723 (An exposure of sensitive information to an unauthorized actor in Forti ...)
+ TODO: check
+CVE-2023-37933 (An improper neutralization of input during web page generation ('Cross ...)
+ TODO: check
CVE-2025-2190 (The mobile application (com.transsnet.store) has a man-in-the-middle a ...)
NOT-FOR-US: com.transsnet.store
CVE-2025-2177 (A vulnerability classified as critical was found in libzvbi up to 0.2. ...)
@@ -522,7 +894,7 @@ CVE-2025-27152 (axios is a promise based HTTP client for the browser and node.js
[bookworm] - node-axios <no-dsa> (Minor issue)
NOTE: https://github.com/axios/axios/security/advisories/GHSA-jr5f-v2jv-69x6
NOTE: Similar to: https://github.com/axios/axios/issues/6463 (CVE-2024-39338)
-CVE-2025-26643 (No cwe for this issue in Microsoft Edge (Chromium-based) allows an una ...)
+CVE-2025-26643 (The UI performs the wrong action in Microsoft Edge (Chromium-based) al ...)
NOT-FOR-US: Microsoft
CVE-2025-26331 (Dell ThinOS 2411 and prior, contains an Improper Neutralization of Spe ...)
NOT-FOR-US: Dell
@@ -3145,6 +3517,7 @@ CVE-2024-13217 (The Jeg Elementor Kit plugin for WordPress is vulnerable to Sens
CVE-2024-13148 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: Yukseloglu Filter B2B Login Platform
CVE-2024-10918 (Stack-based Buffer Overflow vulnerability in libmodbus v3.1.10 allows ...)
+ {DLA-4084-1}
- libmodbus 3.1.11-1
NOTE: https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-10918
NOTE: https://github.com/stephane/libmodbus/commit/df79a02feb253c0a9a009bcdbb21e47581315111 (v3.1.11)
@@ -41572,6 +41945,7 @@ CVE-2024-10446 (A vulnerability classified as critical has been found in Project
CVE-2024-10214 (Mattermost versions 9.11.X <= 9.11.1, 9.5.x <= 9.5.9 icorrectly issues ...)
- mattermost-server <itp> (bug #823556)
CVE-2024-45802 (Squid is an open source caching proxy for the Web supporting HTTP, HTT ...)
+ {DLA-4083-1}
- squid 6.12-1
[bookworm] - squid <no-dsa> (Minor issue)
NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-f975-v7qw-q7hj
@@ -71676,7 +72050,7 @@ CVE-2024-38952 (PX4-Autopilot v1.14.3 was discovered to contain a buffer overflo
CVE-2024-38951 (A buffer overflow in PX4-Autopilot v1.12.3 allows attackers to cause a ...)
NOT-FOR-US: PX4-Autopilot
CVE-2024-37894 (Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and ...)
- {DSA-5751-1}
+ {DSA-5751-1 DLA-4083-1}
- squid 6.10-1 (bug #1074284)
NOTE: https://github.com/squid-cache/squid/commit/920563e7a080155fae3ced73d6198781e8b0ff04 (master)
NOTE: https://github.com/squid-cache/squid/commit/67f5496f7b72e698ad0f5aa3512c83089424f27f (v6)
@@ -78606,18 +78980,21 @@ CVE-2024-5041 (The Happy Addons for Elementor plugin for WordPress is vulnerable
CVE-2024-4160 (The Download Manager plugin for WordPress is vulnerable to Stored Cros ...)
NOT-FOR-US: WordPress plugin
CVE-2024-36845 (An invalid pointer in the modbus_receive() function of libmodbus v3.1. ...)
+ {DLA-4084-1}
- libmodbus 3.1.6-2.1 (bug #1074422)
[buster] - libmodbus <postponed> (Minor issue)
NOTE: https://github.com/stephane/libmodbus/issues/750
NOTE: https://github.com/stephane/libmodbus/commit/b4ef4c17d618eba0adccc4c7d9e9a1ef809fc9b6 (v3.1.7)
NOTE: Same fix as CVE-2022-0367 (and potentially a duplicate)
CVE-2024-36844 (libmodbus v3.1.6 was discovered to contain a use-after-free via the ct ...)
+ {DLA-4084-1}
- libmodbus 3.1.6-2.1 (bug #1074422)
[buster] - libmodbus <postponed> (Minor issue)
NOTE: https://github.com/stephane/libmodbus/issues/749
NOTE: https://github.com/stephane/libmodbus/commit/b4ef4c17d618eba0adccc4c7d9e9a1ef809fc9b6 (v3.1.7)
NOTE: Same fix as CVE-2022-0367 (and potentially a duplicate)
CVE-2024-36843 (libmodbus v3.1.6 was discovered to contain a heap overflow via the mod ...)
+ {DLA-4084-1}
- libmodbus 3.1.6-2.1 (bug #1074422)
[buster] - libmodbus <postponed> (Minor issue)
NOTE: https://github.com/stephane/libmodbus/issues/748
@@ -109224,6 +109601,7 @@ CVE-2024-XXXX [RUSTSEC-2024-0020]
- rust-whoami <not-affected> (Specific to Solaris)
NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0020.html
CVE-2024-25111 (Squid is a web proxy cache. Starting in version 3.5.27 and prior to ve ...)
+ {DLA-4083-1}
- squid 6.8-1
[bookworm] - squid 5.7-2+deb12u1
- squid3 <removed>
@@ -261753,7 +262131,7 @@ CVE-2022-0368 (Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.)
NOTE: https://github.com/vim/vim/commit/8d02ce1ed75d008c34a5c9aaa51b67cbb9d33baa (v8.2.4217)
NOTE: Crash in CLI tool, no security impact
CVE-2022-0367 (A heap-based buffer overflow flaw was found in libmodbus in function m ...)
- {DLA-3098-1}
+ {DLA-4084-1 DLA-3098-1}
- libmodbus 3.1.6-2.1 (bug #1021270)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2045571
NOTE: https://github.com/stephane/libmodbus/issues/614
@@ -295290,8 +295668,8 @@ CVE-2021-37789 (stb_image.h 2.27 has a heap-based buffer over in stbi__jpeg_load
NOTE: https://github.com/nothings/stb/commit/5ba0baaa269b3fd681828e0e3b3ac0f1472eaf40
CVE-2021-37788 (A vulnerability in the web UI of Gurock TestRail v5.3.0.3603 could all ...)
NOT-FOR-US: Gurock TestRail
-CVE-2021-37787
- RESERVED
+CVE-2021-37787 (The unprivileged administrative interface in ABO.CMS version 5.8 throu ...)
+ TODO: check
CVE-2021-37786 (Certain Federal Office of Information Technology Systems and Telecommu ...)
NOT-FOR-US: Covid certificate app in Switzerland.
CVE-2021-37785
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1ff7210efbc23d1081adf595d7bd2730763b8727
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1ff7210efbc23d1081adf595d7bd2730763b8727
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250311/cb764134/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list