Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9cabda19 by security tracker role at 2025-01-08T20:12:27+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,77 +1,169 @@
-CVE-2024-56787 [soc: imx8m: Probe the SoC driver as platform driver]
+CVE-2025-22143 (WeGIA is a web manager for charitable institutions. A
Reflected Cross- ...)
+ TODO: check
+CVE-2025-22141 (WeGIA is a web manager for charitable institutions. A SQL
Injection vu ...)
+ TODO: check
+CVE-2025-22140 (WeGIA is a web manager for charitable institutions. A SQL
Injection vu ...)
+ TODO: check
+CVE-2025-22139 (WeGIA is a web manager for charitable institutions. A
Reflected Cross- ...)
+ TODO: check
+CVE-2025-22137 (Pingvin Share is a self-hosted file sharing platform and an
alternativ ...)
+ TODO: check
+CVE-2025-22136 (Tabby (formerly Terminus) is a highly configurable terminal
emulator. ...)
+ TODO: check
+CVE-2025-22130 (Soft Serve is a self-hostable Git server for the command line.
Prior t ...)
+ TODO: check
+CVE-2025-21111 (Dell VxRail, versions 8.0.000 through 8.0.311, contain(s) a
Plaintext ...)
+ TODO: check
+CVE-2025-21102 (Dell VxRail, versions 7.0.000 through 7.0.532, contain(s) a
Plaintext ...)
+ TODO: check
+CVE-2025-20168 (A vulnerability in the web-based management interface of Cisco
Common ...)
+ TODO: check
+CVE-2025-20167 (A vulnerability in the web-based management interface of Cisco
Common ...)
+ TODO: check
+CVE-2025-20166 (A vulnerability in the web-based management interface of Cisco
Common ...)
+ TODO: check
+CVE-2025-20126 (A vulnerability in certification validation routines of Cisco
Thousand ...)
+ TODO: check
+CVE-2025-20123 (Multiple vulnerabilities in the web-based management interface
of Cisc ...)
+ TODO: check
+CVE-2025-0194 (An issue was discovered in GitLab CE/EE affecting all versions
startin ...)
+ TODO: check
+CVE-2024-9939 (The WordPress File Upload plugin for WordPress is vulnerable to
Path T ...)
+ TODO: check
+CVE-2024-6350 (A malformed 802.15.4 packet causes a buffer overflow to occur
leading ...)
+ TODO: check
+CVE-2024-55656 (RedisBloom adds a set of probabilistic data structures to
Redis. There ...)
+ TODO: check
+CVE-2024-55517 (An issue was discovered in the Interllect Core Search in
Polaris FT In ...)
+ TODO: check
+CVE-2024-55459 (An issue in keras 3.7.0 allows attackers to write arbitrary
files to t ...)
+ TODO: check
+CVE-2024-54818 (SourceCodester Computer Laboratory Management System 1.0 is
vulnerable ...)
+ TODO: check
+CVE-2024-53526 (composio >=0.5.40 is vulnerable to Command Execution in
composio_opena ...)
+ TODO: check
+CVE-2024-51737 (RediSearch is a Redis module that provides querying, secondary
indexin ...)
+ TODO: check
+CVE-2024-51480 (RedisTimeSeries is a time-series database (TSDB) module for
Redis, by ...)
+ TODO: check
+CVE-2024-51442 (Command Injection in Minidlna version v1.3.3 and before allows
an atta ...)
+ TODO: check
+CVE-2024-45345
+ REJECTED
+CVE-2024-45344
+ REJECTED
+CVE-2024-45343
+ REJECTED
+CVE-2024-45342
+ REJECTED
+CVE-2024-45033 (Insufficient Session Expiration vulnerability in Apache
Airflow Fab Pr ...)
+ TODO: check
+CVE-2024-13189 (A vulnerability classified as critical has been found in
ZeroWdd myblo ...)
+ TODO: check
+CVE-2024-13188 (A vulnerability was found in MicroWorld eScan Antivirus 7.0.32
on Linu ...)
+ TODO: check
+CVE-2024-13187 (A vulnerability was found in Kingsoft WPS Office 6.14.0 on
macOS. It h ...)
+ TODO: check
+CVE-2024-13186 (The MinigameCenter module has insufficient restrictions on
loading UR ...)
+ TODO: check
+CVE-2024-13185 (The MinigameCenter module has insufficient restrictions on
loading UR ...)
+ TODO: check
+CVE-2024-12855 (The AdForest theme for WordPress is vulnerable to unauthorized
modific ...)
+ TODO: check
+CVE-2024-12854 (The Garden Gnome Package plugin for WordPress is vulnerable to
arbitra ...)
+ TODO: check
+CVE-2024-12853 (The Modula Image Gallery plugin for WordPress is vulnerable to
arbitra ...)
+ TODO: check
+CVE-2024-12712 (The Shopping Cart & eCommerce Store plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2024-12337 (The Shipping via Planzer for WooCommerce plugin for WordPress
is vulne ...)
+ TODO: check
+CVE-2024-12328 (The MAS Elementor plugin for WordPress is vulnerable to Stored
Cross-S ...)
+ TODO: check
+CVE-2024-11939 (The Cost Calculator Builder PRO plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2024-11830 (The PDF Flipbook, 3D Flipbook\u2014DearFlip plugin for
WordPress is vu ...)
+ TODO: check
+CVE-2024-11423 (The Ultimate Gift Cards for WooCommerce \u2013 Create
WooCommerce Gift ...)
+ TODO: check
+CVE-2024-11350 (The AdForest theme for WordPress is vulnerable to privilege
escalation ...)
+ TODO: check
+CVE-2023-35685 (In DevmemIntMapPages of devicemem_server.c, there is a
possible physic ...)
+ TODO: check
+CVE-2024-56787 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
- linux 6.12.5-1
[bookworm] - linux 6.1.123-1
NOTE:
https://git.kernel.org/linus/9cc832d37799dbea950c4c8a34721b02b8b5a8ff (6.13-rc1)
-CVE-2024-56786 [bpf: put bpf_link's program when link is safe to be
deallocated]
+CVE-2024-56786 (In the Linux kernel, the following vulnerability has been
resolved: b ...)
- linux 6.12.5-1
NOTE:
https://git.kernel.org/linus/f44ec8733a8469143fde1984b5e6931b2e2f6f3f (6.13-rc1)
-CVE-2024-56785 [MIPS: Loongson64: DTS: Really fix PCIe port nodes for ls7a]
+CVE-2024-56785 (In the Linux kernel, the following vulnerability has been
resolved: M ...)
- linux 6.12.5-1
[bookworm] - linux 6.1.123-1
NOTE:
https://git.kernel.org/linus/4fbd66d8254cedfd1218393f39d83b6c07a01917 (6.13-rc1)
-CVE-2024-56784 [drm/amd/display: Adding array index check to prevent memory
corruption]
+CVE-2024-56784 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 6.12.5-1
NOTE:
https://git.kernel.org/linus/2c437d9a0b496168e1a1defd17b531f0a526dbe9 (6.13-rc1)
-CVE-2024-56783 [netfilter: nft_socket: remove WARN_ON_ONCE on maximum cgroup
level]
+CVE-2024-56783 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.12.5-1
[bookworm] - linux 6.1.123-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/b7529880cb961d515642ce63f9d7570869bbbdc3 (6.13-rc2)
-CVE-2024-56782 [ACPI: x86: Add adev NULL check to
acpi_quirk_skip_serdev_enumeration()]
+CVE-2024-56782 (In the Linux kernel, the following vulnerability has been
resolved: A ...)
- linux 6.12.5-1
NOTE:
https://git.kernel.org/linus/4a49194f587a62d972b602e3e1a2c3cfe6567966 (6.13-rc1)
-CVE-2024-56781 [powerpc/prom_init: Fixup missing powermac #size-cells]
+CVE-2024-56781 (In the Linux kernel, the following vulnerability has been
resolved: p ...)
- linux 6.12.5-1
[bookworm] - linux 6.1.123-1
NOTE:
https://git.kernel.org/linus/cf89c9434af122f28a3552e6f9cc5158c33ce50a (6.13-rc1)
-CVE-2024-56780 [quota: flush quota_release_work upon quota writeback]
+CVE-2024-56780 (In the Linux kernel, the following vulnerability has been
resolved: q ...)
- linux 6.12.5-1
[bookworm] - linux 6.1.123-1
NOTE:
https://git.kernel.org/linus/ac6f420291b3fee1113f21d612fa88b628afab5b (6.13-rc2)
-CVE-2024-56779 [nfsd: fix nfs4_openowner leak when concurrent nfsd4_open occur]
+CVE-2024-56779 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.12.5-1
[bookworm] - linux 6.1.123-1
NOTE:
https://git.kernel.org/linus/98100e88dd8865999dc6379a3356cd799795fe7b (6.13-rc1)
-CVE-2024-56778 [drm/sti: avoid potential dereference of error pointers in
sti_hqvdp_atomic_check]
+CVE-2024-56778 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 6.12.5-1
[bookworm] - linux 6.1.123-1
NOTE:
https://git.kernel.org/linus/c1ab40a1fdfee732c7e6ff2fb8253760293e47e8 (6.13-rc1)
-CVE-2024-56777 [drm/sti: avoid potential dereference of error pointers in
sti_gdp_atomic_check]
+CVE-2024-56777 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 6.12.5-1
[bookworm] - linux 6.1.123-1
NOTE:
https://git.kernel.org/linus/e965e771b069421c233d674c3c8cd8c7f7245f42 (6.13-rc1)
-CVE-2024-56776 [drm/sti: avoid potential dereference of error pointers]
+CVE-2024-56776 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 6.12.5-1
[bookworm] - linux 6.1.123-1
NOTE:
https://git.kernel.org/linus/831214f77037de02afc287eae93ce97f218d8c04 (6.13-rc1)
-CVE-2024-56775 [drm/amd/display: Fix handling of plane refcount]
+CVE-2024-56775 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 6.12.5-1
NOTE:
https://git.kernel.org/linus/27227a234c1487cb7a684615f0749c455218833a (6.13-rc1)
-CVE-2024-56774 [btrfs: add a sanity check for btrfs root in
btrfs_search_slot()]
+CVE-2024-56774 (In the Linux kernel, the following vulnerability has been
resolved: b ...)
- linux 6.12.5-1
[bookworm] - linux 6.1.123-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/3ed51857a50f530ac7a1482e069dfbd1298558d4 (6.13-rc2)
-CVE-2024-56773 [kunit: Fix potential null dereference in
kunit_device_driver_test()]
+CVE-2024-56773 (In the Linux kernel, the following vulnerability has been
resolved: k ...)
- linux 6.12.5-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/435c20eed572a95709b1536ff78832836b2f91b1 (6.13-rc1)
-CVE-2024-56772 [kunit: string-stream: Fix a UAF bug in kunit_init_suite()]
+CVE-2024-56772 (In the Linux kernel, the following vulnerability has been
resolved: k ...)
- linux 6.12.5-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/39e21403c978862846fa68b7f6d06f9cca235194 (6.13-rc1)
-CVE-2024-56771 [mtd: spinand: winbond: Fix 512GW, 01GW, 01JW and 02JW ECC
information]
+CVE-2024-56771 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
- linux 6.12.5-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/fee9b240916df82a8b07aef0fdfe96785417a164 (6.13-rc1)
-CVE-2024-56770 [net/sched: netem: account for backlog updates from child qdisc]
+CVE-2024-56770 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.12.6-1
[bookworm] - linux 6.1.123-1
NOTE:
https://git.kernel.org/linus/f8d4bc455047cf3903cd6f85f49978987dbb3027 (6.13-rc3)
-CVE-2024-54676
+CVE-2024-54676 (Vendor: The Apache Software Foundation Versions Affected:
Apache Open ...)
NOT-FOR-US: Apache OpenMeetings
CVE-2025-22215 (VMware Aria Automation contains a server-side request forgery
(SSRF) v ...)
NOT-FOR-US: VMware
@@ -195,7 +287,7 @@ CVE-2023-52954 (Vulnerability of improper permission
control in the Gallery modu
NOT-FOR-US: Huawei
CVE-2023-52953 (Path traversal vulnerability in the Medialibrary module
Impact: Succes ...)
NOT-FOR-US: Huawei
-CVE-2025-0291
+CVE-2025-0291 (Type Confusion in V8 in Google Chrome prior to 131.0.6778.264
allowed ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-22621 (In versions 1.0.67 and lower of the Splunk App for SOAR, the
Splunk do ...)
@@ -648,36 +740,43 @@ CVE-2025-0247 (Memory safety bugs present in Firefox 133
and Thunderbird 133. So
- firefox 134.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-01/#CVE-2025-0247
CVE-2025-0243 (Memory safety bugs present in Firefox 133, Thunderbird 133,
Firefox ES ...)
+ {DSA-5839-1}
- firefox 134.0-1
- firefox-esr 128.6.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-01/#CVE-2025-0243
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/#CVE-2025-0243
CVE-2025-0242 (Memory safety bugs present in Firefox 133, Thunderbird 133,
Firefox ES ...)
+ {DSA-5839-1}
- firefox 134.0-1
- firefox-esr 128.6.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-01/#CVE-2025-0242
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/#CVE-2025-0242
CVE-2025-0241 (When segmenting specially crafted text, segmentation would
corrupt mem ...)
+ {DSA-5839-1}
- firefox 134.0-1
- firefox-esr 128.6.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-01/#CVE-2025-0241
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/#CVE-2025-0241
CVE-2025-0240 (Parsing a JavaScript module as JSON could, under some
circumstances, c ...)
+ {DSA-5839-1}
- firefox 134.0-1
- firefox-esr 128.6.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-01/#CVE-2025-0240
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/#CVE-2025-0240
CVE-2025-0239 (When using Alt-Svc, ALPN did not properly validate certificates
when t ...)
+ {DSA-5839-1}
- firefox 134.0-1
- firefox-esr 128.6.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-01/#CVE-2025-0239
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/#CVE-2025-0239
CVE-2025-0238 (Assuming a controlled failed memory allocation, an attacker
could have ...)
+ {DSA-5839-1}
- firefox 134.0-1
- firefox-esr 128.6.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-01/#CVE-2025-0238
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/#CVE-2025-0238
CVE-2025-0237 (The WebChannel API, which is used to transport various
information acr ...)
+ {DSA-5839-1}
- firefox 134.0-1
- firefox-esr 128.6.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-01/#CVE-2025-0237
@@ -4261,7 +4360,7 @@ CVE-2024-56326 (Jinja is an extensible templating engine.
Prior to 3.1.5, An ove
- jinja2 <unfixed> (bug #1091331)
NOTE:
https://github.com/pallets/jinja/security/advisories/GHSA-q2x7-8rv6-6q7h
NOTE: Fixed by:
https://github.com/pallets/jinja/commit/48b0687e05a5466a91cd5812d604fa37ad0943b4
(3.1.5)
-CVE-2024-56201 (Jinja is an extensible templating engine. Prior to 3.1.5, a
bug in the ...)
+CVE-2024-56201 (Jinja is an extensible templating engine. In versions on the
3.x branc ...)
- jinja2 <unfixed> (bug #1091329)
NOTE:
https://github.com/pallets/jinja/security/advisories/GHSA-gmj6-6f8f-6699
NOTE: https://github.com/pallets/jinja/issues/1792
@@ -9680,7 +9779,7 @@ CVE-2024-53566 (An issue in the action_listcategories()
function of Sangoma Aste
- asterisk <unfixed>
NOTE: https://gist.github.com/hyp164D1/e7c0f44ffb38c00320aa1a6d98bee616
NOTE: Wasn't reported upstream, but they confirmed it and an advisory
will be published
-CVE-2024-53564 (A serious vulnerability was discovered in FreePBX 17.0.19.17.
FreePBX ...)
+CVE-2024-53564 (A vulnerability was discovered in FreePBX 17.0.19.17. It does
not veri ...)
NOT-FOR-US: FreePBX
CVE-2024-53484 (Ever Traduora 0.20.0 and below is vulnerable to Privilege
Escalation d ...)
NOT-FOR-US: Ever Traduora
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9cabda19fb1a59fa767540e2a357ae3957850622
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9cabda19fb1a59fa767540e2a357ae3957850622
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
