Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f14d6a80 by security tracker role at 2025-01-18T08:11:55+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,77 @@
+CVE-2025-23209 (Craft is a flexible, user-friendly CMS for creating custom
digital exp ...)
+ TODO: check
+CVE-2025-23208 (zot is a production-ready vendor-neutral OCI image registry.
The group ...)
+ TODO: check
+CVE-2025-23207 (KaTeX is a fast, easy-to-use JavaScript library for TeX math
rendering ...)
+ TODO: check
+CVE-2025-23206 (The AWS Cloud Development Kit (AWS CDK) is an open-source
software dev ...)
+ TODO: check
+CVE-2025-23205 (nbgrader is a system for assigning and grading notebooks.
Enabling fra ...)
+ TODO: check
+CVE-2025-23202 (Bible Module is a tool designed for ROBLOX developers to
integrate Bib ...)
+ TODO: check
+CVE-2025-23039 (Caido is a web security auditing toolkit. A Cross-Site
Scripting (XSS) ...)
+ TODO: check
+CVE-2025-21606 (stats is a macOS system monitor in for the menu bar. The Stats
applica ...)
+ TODO: check
+CVE-2025-0554 (The Podlove Podcast Publisher plugin for WordPress is
vulnerable to St ...)
+ TODO: check
+CVE-2025-0541 (A vulnerability was found in Codezips Gym Management System 1.0
and cl ...)
+ TODO: check
+CVE-2025-0540 (A vulnerability has been found in itsourcecode Tailoring
Management Sy ...)
+ TODO: check
+CVE-2025-0538 (A vulnerability, which was classified as problematic, was found
in cod ...)
+ TODO: check
+CVE-2025-0515 (The Buzz Club \u2013 Night Club, DJ and Music Festival Event
WordPress ...)
+ TODO: check
+CVE-2025-0369 (The JetEngine plugin for WordPress is vulnerable to Stored
Cross-Site ...)
+ TODO: check
+CVE-2025-0318 (The Ultimate Member \u2013 User Profile, Registration, Login,
Member D ...)
+ TODO: check
+CVE-2025-0308 (The Ultimate Member \u2013 User Profile, Registration, Login,
Member D ...)
+ TODO: check
+CVE-2024-9020 (The List category posts WordPress plugin before 0.90.3 does not
valida ...)
+ TODO: check
+CVE-2024-57252 (OtCMS <=V7.46 is vulnerable to Server-Side Request Forgery
(SSRF) in / ...)
+ TODO: check
+CVE-2024-57035 (WeGIA v3.2.0 is vulnerable to SQL Injection viathe nextPage
parameter ...)
+ TODO: check
+CVE-2024-57033 (WeGIA < 3.2.0 is vulnerable to Cross Site Scripting (XSS) via
the dado ...)
+ TODO: check
+CVE-2024-13519 (The MarketKing \u2014 Ultimate WooCommerce Multivendor
Marketplace Sol ...)
+ TODO: check
+CVE-2024-13517 (The Easy Digital Downloads \u2013 eCommerce Payments and
Subscriptions ...)
+ TODO: check
+CVE-2024-13516 (The Kubio AI Page Builder plugin for WordPress is vulnerable
to Reflec ...)
+ TODO: check
+CVE-2024-13515 (The Image Source Control Lite \u2013 Show Image Credits and
Captions p ...)
+ TODO: check
+CVE-2024-13433 (The Utilities for MTG plugin for WordPress is vulnerable to
Stored Cro ...)
+ TODO: check
+CVE-2024-13432 (The Webcamconsult plugin for WordPress is vulnerable to
Cross-Site Req ...)
+ TODO: check
+CVE-2024-13393 (The Video Share VOD \u2013 Turnkey Video Site Builder Script
plugin fo ...)
+ TODO: check
+CVE-2024-13392 (The Rate Star Review Vote \u2013 AJAX Reviews, Votes, Star
Ratings plu ...)
+ TODO: check
+CVE-2024-13391 (The MicroPayments \u2013 Fans Paysite: Paid Creator
Subscriptions, Dig ...)
+ TODO: check
+CVE-2024-13385 (The JSM Screenshot Machine Shortcode plugin for WordPress is
vulnerabl ...)
+ TODO: check
+CVE-2024-13317 (The ShipWorks Connector for Woocommerce plugin for WordPress
is vulner ...)
+ TODO: check
+CVE-2024-12696 (The Picture Gallery \u2013 Frontend Image Uploads, AJAX Photo
List plu ...)
+ TODO: check
+CVE-2024-12385 (The WP Abstracts plugin for WordPress is vulnerable to
Cross-Site Requ ...)
+ TODO: check
+CVE-2024-12071 (The Evergreen Content Poster \u2013 Auto Post and Schedule
Your Best C ...)
+ TODO: check
+CVE-2024-11923 (Under certain log settings the IAM or CORE service will log
credential ...)
+ TODO: check
+CVE-2023-50739 (Abuffer overflow vulnerability has been identified in the
Internet Pri ...)
+ TODO: check
+CVE-2023-50738 (Anew feature to prevent Firmware downgrades was recently added
to some ...)
+ TODO: check
CVE-2025-21399 (Microsoft Edge (Chromium-based) Update Elevation of Privilege
Vulnerab ...)
NOT-FOR-US: Microsoft
CVE-2025-21185 (Microsoft Edge (Chromium-based) Elevation of Privilege
Vulnerability)
@@ -24431,6 +24505,7 @@ CVE-2024-50408 (Deserialization of Untrusted Data
vulnerability in Kiboko Labs N
CVE-2024-49771 (MPXJ is an open source library to read and write project plans
from a ...)
NOT-FOR-US: Packwood MPXJ
CVE-2024-49761 (REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9
has a ReD ...)
+ {DLA-4018-1}
- ruby3.3 <unfixed>
- ruby3.2 <unfixed>
- ruby3.1 <unfixed>
@@ -35239,7 +35314,7 @@ CVE-2024-44094 (In ppmp_protect_mfcfw_buf of
code/drm_fw.c, there is a possible
NOT-FOR-US: Android
CVE-2024-44093 (In ppmp_unprotect_buf of drm/code/drm_fw.c, there is a
possible memory ...)
NOT-FOR-US: Android
-CVE-2024-44092 (In TBD of TBD, there is a possible LCS signing enforcement
missing du ...)
+CVE-2024-44092 (There is a possible LCS signing enforcement missing due to
test/debug ...)
NOT-FOR-US: Android
CVE-2024-29779 (there is a possible escalation of privilege due to an unusual
root cau ...)
NOT-FOR-US: Android
@@ -39894,6 +39969,7 @@ CVE-2024-43785 (gitoxide An idiomatic, lean, fast &
safe pure Rust implementatio
CVE-2024-43780 (Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.0,
9.8.x <= 9 ...)
- mattermost-server <itp> (bug #823556)
CVE-2024-43398 (REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6
has a DoS ...)
+ {DLA-4018-1}
- ruby3.3 3.3.5-1
- ruby3.2 <unfixed> (bug #1083191)
- ruby3.1 <unfixed> (bug #1083190)
@@ -45405,6 +45481,7 @@ CVE-2024-41962 (Bostr is an nostr relay aggregator
proxy that acts like a regula
CVE-2024-41961 (Elektra is an opinionated Openstack Dashboard for Operators
and Consum ...)
NOT-FOR-US: Elektra
CVE-2024-41946 (REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a
DoS vulner ...)
+ {DLA-4018-1}
- ruby3.3 3.3.5-1
- ruby3.2 <unfixed> (bug #1083191)
- ruby3.1 <unfixed> (bug #1083190)
@@ -45427,6 +45504,7 @@ CVE-2024-41162 (Mattermost versions 9.9.x <= 9.9.0,
9.5.x <= 9.5.6, 9.7.x <= 9.7
CVE-2024-41144 (Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <=
9.7.5, 9. ...)
- mattermost-server <itp> (bug #823556)
CVE-2024-41123 (REXML is an XML toolkit for Ruby. The REXML gem before 3.3.2
has some ...)
+ {DLA-4018-1}
- ruby3.3 3.3.5-1
- ruby3.2 <unfixed> (bug #1083191)
- ruby3.1 <unfixed> (bug #1083190)
@@ -49299,6 +49377,7 @@ CVE-2024-3587 (The Premium Portfolio Features for Phlox
theme plugin for WordPre
CVE-2024-3232 (A formula injection vulnerability exists in Tenable Identity
Exposure ...)
NOT-FOR-US: Tenable
CVE-2024-39908 (REXML is an XML toolkit for Ruby. The REXML gem before 3.3.1
has some ...)
+ {DLA-4018-1}
- ruby3.3 3.3.5-1 (bug #1076766)
- ruby3.2 <unfixed> (bug #1076767)
- ruby3.1 <unfixed> (bug #1076768)
@@ -68844,6 +68923,7 @@ CVE-2024-35184 (Paperless-ngx is a document management
system that transforms ph
CVE-2024-35183 (wolfictl is a command line tool for working with Wolfi. A git
authenti ...)
NOT-FOR-US: wolfictl
CVE-2024-35176 (REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6
has a den ...)
+ {DLA-4018-1}
- ruby3.2 <unfixed> (bug #1071627)
- ruby3.1 <unfixed> (bug #1071626)
[bookworm] - ruby3.1 <no-dsa> (Minor issue)
@@ -246444,7 +246524,7 @@ CVE-2022-0304 (Use after free in Bookmarks in Google
Chrome prior to 97.0.4692.9
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-0303
- RESERVED
+ REJECTED
{DSA-5054-1}
- chromium 97.0.4692.99-1
[buster] - chromium <end-of-life> (see DSA 5046)
@@ -265579,7 +265659,7 @@ CVE-2022-20130 (In transportDec_OutOfBandConfig of
tpdec_lib.cpp, there is a pos
CVE-2022-20129 (In registerPhoneAccount of PhoneAccountRegistrar.java, there
is a poss ...)
NOT-FOR-US: Android
CVE-2022-20128
- RESERVED
+ REJECTED
[experimental] - android-platform-tools 33.0.3-1~exp1
- android-platform-tools 29.0.6-23
- android-platform-system-core <removed>
@@ -321495,7 +321575,7 @@ CVE-2021-21159 (Heap buffer overflow in TabStrip in
Google Chrome prior to 89.0.
- chromium 89.0.4389.82-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21158
- RESERVED
+ REJECTED
- chromium <not-affected> (MacOS specific)
CVE-2021-21157 (Use after free in Web Sockets in Google Chrome on Linux prior
to 88.0. ...)
{DSA-4858-1}
@@ -333375,7 +333455,7 @@ CVE-2021-0449 (In the Titan M chip firmware, there is
a possible disclosure of s
CVE-2021-0448
RESERVED
CVE-2021-0447
- RESERVED
+ REJECTED
- linux 4.15.4-1
[stretch] - linux 4.9.228-1
CVE-2021-0446 (In ImportVCardActivity, there is a possible way to bypass user
consent ...)
@@ -333634,7 +333714,7 @@ CVE-2021-0325 (In ih264d_parse_pslice of
ih264d_parse_pslice.c, there is a possi
CVE-2021-0324 (Product: AndroidVersions: Android SoCAndroid ID: A-175402462)
NOT-FOR-US: UniSoc components for Android
CVE-2021-0323
- RESERVED
+ REJECTED
NOTE: Duplicate for CVE-2020-10767, clarification with Android security
team pending
CVE-2021-0322 (In onCreate of SlicePermissionActivity.java, there is a
possible misle ...)
NOT-FOR-US: Android
@@ -408444,7 +408524,7 @@ CVE-2020-0438 (In the AIBinder_Class constructor of
ibinder.cpp, there is a poss
CVE-2020-0437 (In CellBroadcastReceiver's intent handlers, there is a possible
denial ...)
NOT-FOR-US: Android
CVE-2020-0436
- RESERVED
+ REJECTED
CVE-2020-0435
REJECTED
CVE-2020-0434 (In Pixel's use of the Catpipe library, there is possible memory
corrup ...)
@@ -408538,7 +408618,7 @@ CVE-2020-0404 (In uvc_scan_chain_forward of
uvc_driver.c, there is a possible li
CVE-2020-0403 (In the FPC TrustZone fingerprint App, there is a possible
invalid comm ...)
NOT-FOR-US: FPC TrustZone fingerprint App
CVE-2020-0402
- RESERVED
+ REJECTED
NOTE: Duplicate assignment for CVE-2019-19769 (Android security
informed)
CVE-2020-0401 (In setInstallerPackageName of PackageManagerService.java, there
is a m ...)
NOT-FOR-US: Android
@@ -409304,7 +409384,7 @@ CVE-2020-0041 (In binder_transaction of binder.c,
there is a possible out of bou
[jessie] - linux <not-affected> (Vulnerability introduced later)
NOTE:
https://git.kernel.org/linus/16981742717b04644a41052570fb502682a315d2
CVE-2020-0040
- RESERVED
+ REJECTED
NOTE: Duplicate of CVE-2019-15239, will be rejected
CVE-2020-0039 (In rw_i93_sm_update_ndef of rw_i93.cc, there is a possible read
of uni ...)
NOT-FOR-US: Android
@@ -489965,14 +490045,14 @@ CVE-2018-9465 (In task_get_unused_fd_flags of
binder.c, there is a possible memo
[stretch] - linux 4.9.144-1
NOTE: Android drivers from staging not enabled in any released suite
NOTE:
https://git.kernel.org/linus/7f3dc0088b98533f17128058fac73cd8b2752ef1
-CVE-2018-9464
- RESERVED
+CVE-2018-9464 (In multiple locations, there is a possible way to read
protected files ...)
+ TODO: check
CVE-2018-9463 (In sw49408_irq_runtime_engine_debug of touch_sw49408.c, there
is a pos ...)
NOT-FOR-US: Android
CVE-2018-9462 (In store_cmd of ftm4_pdc.c, there is a possible out of bounds
write du ...)
NOT-FOR-US: Android
-CVE-2018-9461
- RESERVED
+CVE-2018-9461 (In onAttachFragment of ShareIntentActivity.java, there is a
possible w ...)
+ TODO: check
CVE-2018-9460
RESERVED
CVE-2018-9459 (In Attachment of Attachment.java and getFilePath of
EmlAttachmentProvi ...)
@@ -489999,8 +490079,8 @@ CVE-2018-9449 (In process_service_search_attr_rsp of
sdp_discovery.cc, there is
NOT-FOR-US: Android
CVE-2018-9448 (In avct_bcb_msg_ind of avct_bcb_act.cc, there is a possible out
of bou ...)
NOT-FOR-US: Android
-CVE-2018-9447
- RESERVED
+CVE-2018-9447 (In onCreate of EmergencyCallbackModeExitDialog.java, there is a
possib ...)
+ TODO: check
CVE-2018-9446 (In smp_br_state_machine_event of smp_br_main.cc, there is a
possible o ...)
NOT-FOR-US: Android
CVE-2018-9445 (In readMetadata of Utils.cpp, there is a possible path
traversal bug d ...)
@@ -490025,8 +490105,7 @@ CVE-2018-9436 (In bnep_data_ind of bnep_main.cc,
there is a possible out of boun
NOT-FOR-US: Android
CVE-2018-9435 (In gatt_process_error_rsp of gatt_cl.cc, there is a possible
out of bo ...)
NOT-FOR-US: Android
-CVE-2018-9434
- RESERVED
+CVE-2018-9434 (In multiple functions of Parcel.cpp, there is a possible way to
bypass ...)
NOT-FOR-US: Android
CVE-2018-9433 (In ArrayConcatVisitor of builtins-array.cc, there is a possible
type c ...)
NOT-FOR-US: Android
@@ -490088,18 +490167,18 @@ CVE-2018-9408 (In m3326_gps_write and
m3326_gps_read of gps.s, there is a possib
NOT-FOR-US: Android
CVE-2018-9407 (In emmc_rpmb_ioctl of emmc_rpmb.c, there is an Information
Disclosure ...)
NOT-FOR-US: Android
-CVE-2018-9406
- RESERVED
-CVE-2018-9405
- RESERVED
+CVE-2018-9406 (In NlpService, there is a possible way to obtain location
information ...)
+ TODO: check
+CVE-2018-9405 (In BnDmAgent::onTransact of dm_agent.cpp, there is a possible
out of b ...)
+ TODO: check
CVE-2018-9404 (In oemCallback of ril.cpp, there is a possible out of bounds
write due ...)
NOT-FOR-US: Android
CVE-2018-9403 (In the MTK_FLP_MSG_HAL_DIAG_REPORT_DATA_NTF handler of
flp2hal_- i ...)
NOT-FOR-US: Android
CVE-2018-9402 (In multiple functions of gl_proc.c, there is a buffer overwrite
due to ...)
NOT-FOR-US: Android
-CVE-2018-9401
- RESERVED
+CVE-2018-9401 (In many locations, there is a possible way to access kernel
memory in ...)
+ TODO: check
CVE-2018-9400 (In gt1x_debug_write_proc and gt1x_tool_write of
drivers/input/touc ...)
NOT-FOR-US: Android
CVE-2018-9399 (In /proc/driver/wmt_dbg driver, there are several possible out
of boun ...)
@@ -490122,12 +490201,12 @@ CVE-2018-9391 (In update_gps_sv and
output_vzw_debug of vendor/mediatek/prop
NOT-FOR-US: Android
CVE-2018-9390 (In procfile_write of gl_proc.c, there is a possible out of
bounds rea ...)
NOT-FOR-US: Android
-CVE-2018-9389
- RESERVED
+CVE-2018-9389 (In ip6_append_data of ip6_output.c, there is a possible way to
achieve ...)
+ TODO: check
CVE-2018-9388 (In store_upgrade and store_cmd of
drivers/input/touchscreen/stm/ftm4_p ...)
NOT-FOR-US: Android
-CVE-2018-9387
- RESERVED
+CVE-2018-9387 (In multiple functions of mnh-sm.c, there is a possible way to
trigger ...)
+ TODO: check
CVE-2018-9386 (In reboot_block_command of htc reboot_block driver, there is a
possibl ...)
NOT-FOR-US: Android
CVE-2018-9385 (In driver_override_store of bus.c, there is a possible out of
bounds w ...)
@@ -490136,26 +490215,26 @@ CVE-2018-9385 (In driver_override_store of bus.c,
there is a possible out of bou
[jessie] - linux <not-affected> (Vulnerable code not present)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1100491
NOTE: Related, but not the same as CVE-2018-9415
-CVE-2018-9384
- RESERVED
-CVE-2018-9383
- RESERVED
-CVE-2018-9382
- RESERVED
+CVE-2018-9384 (In multiple locations, there is a possible way to bypass KASLR
due to ...)
+ TODO: check
+CVE-2018-9383 (In asn1_ber_decoder of asn1_decoder.c, there is a possible out
of boun ...)
+ TODO: check
+CVE-2018-9382 (In multiple functions of WifiServiceImpl.java, there is a
possible way ...)
+ TODO: check
CVE-2018-9381 (In gatts_process_read_by_type_req of gatt_sr.c, there is a
possibleinf ...)
NOT-FOR-US: Android
CVE-2018-9380 (In l2c_lcc_proc_pdu of l2c_fcr.cc, there is a possible out of
bounds w ...)
NOT-FOR-US: Android
-CVE-2018-9379
- RESERVED
+CVE-2018-9379 (In multiple functions of MiniThumbFile.java, there is a
possible way t ...)
+ TODO: check
CVE-2018-9378
RESERVED
-CVE-2018-9377 (In BnAudioPolicyService::onTransact of IAudioPolicyService.cpp,
there ...)
+CVE-2018-9377 (In getIntentForIntentSender of ActivityManagerService.java,
there is a ...)
NOT-FOR-US: Android
CVE-2018-9376 (In rpc_msg_handler and related handlers
ofdrivers/misc/mediatek/eccci/ ...)
NOT-FOR-US: Android
-CVE-2018-9375
- RESERVED
+CVE-2018-9375 (In multiple functions of UserDictionaryProvider.java, there is
a possi ...)
+ TODO: check
CVE-2018-9374 (In installPackageLI of PackageManagerService.java, there is a
possible ...)
NOT-FOR-US: Android
CVE-2018-9373
@@ -529018,8 +529097,7 @@ CVE-2017-13324
RESERVED
CVE-2017-13323 (In String16 of String16.cpp, there is a possible out of bounds
write d ...)
NOT-FOR-US: Android
-CVE-2017-13322
- RESERVED
+CVE-2017-13322 (In endCallForSubscriber of PhoneInterfaceManager.java, there
is a poss ...)
NOT-FOR-US: Android
CVE-2017-13321 (In SensorService::isDataInjectionEnabled
offrameworks/native/services/ ...)
NOT-FOR-US: Android
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f14d6a80797afef6e57f2590627ae47e5bfa7277
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f14d6a80797afef6e57f2590627ae47e5bfa7277
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
