Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
802e5a38 by security tracker role at 2025-01-21T20:12:46+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,122 +1,320 @@
+CVE-2025-24461 (In JetBrains TeamCity before 2024.12.1 decryption of
connection secret ...)
+ TODO: check
+CVE-2025-24460 (In JetBrains TeamCity before 2024.12.1 improper access control
allowed ...)
+ TODO: check
+CVE-2025-24459 (In JetBrains TeamCity before 2024.12.1 reflected XSS was
possible on t ...)
+ TODO: check
+CVE-2025-24458 (In JetBrains YouTrack before 2024.3.55417 account takeover was
possibl ...)
+ TODO: check
+CVE-2025-24457 (In JetBrains YouTrack before 2024.3.55417 permanent tokens
could be ex ...)
+ TODO: check
+CVE-2025-24456 (In JetBrains Hub before 2024.3.55417 privilege escalation was
possible ...)
+ TODO: check
+CVE-2025-24024 (Mjolnir is a moderation tool for Matrix. Mjolnir v1.9.0
responds to ma ...)
+ TODO: check
+CVE-2025-24020 (WeGIA is a Web manager for charitable institutions. An Open
Redirect v ...)
+ TODO: check
+CVE-2025-24019 (YesWiki is a wiki system written in PHP. In versions up to and
includi ...)
+ TODO: check
+CVE-2025-24018 (YesWiki is a wiki system written in PHP. In versions up to and
includi ...)
+ TODO: check
+CVE-2025-24017 (YesWiki is a wiki system written in PHP. Versions up to and
including ...)
+ TODO: check
+CVE-2025-24012 (Umbraco is a free and open source .NET content management
system. Star ...)
+ TODO: check
+CVE-2025-24011 (Umbraco is a free and open source .NET content management
system. Star ...)
+ TODO: check
+CVE-2025-24001 (Cross-Site Request Forgery (CSRF) vulnerability in PPO
Vi\u1ec7t Nam ( ...)
+ TODO: check
+CVE-2025-23998 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23997 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23996 (Cross-Site Request Forgery (CSRF) vulnerability in anyroad.com
AnyRoad ...)
+ TODO: check
+CVE-2025-23994 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23580 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23551 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23489 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23477 (Missing Authorization vulnerability in Realty Workstation
Realty Works ...)
+ TODO: check
+CVE-2025-23461 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23454 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23369 (An improper verification of cryptographic signature
vulnerability was ...)
+ TODO: check
+CVE-2025-23184 (A potential denial of service vulnerability is present in
versions of ...)
+ TODO: check
+CVE-2025-23086 (On most desktop platforms, Brave Browser versions
1.70.x-1.73.x includ ...)
+ TODO: check
+CVE-2025-22825 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22763 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22735 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22733 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22732 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22727 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22723 (Unrestricted Upload of File with Dangerous Type vulnerability
in UkrSo ...)
+ TODO: check
+CVE-2025-22722 (Missing Authorization vulnerability in Widget Options Team
Widget Opti ...)
+ TODO: check
+CVE-2025-22721 (Missing Authorization vulnerability in Farhan Noor ApplyOnline
\u2013 ...)
+ TODO: check
+CVE-2025-22719 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22718 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22717 (Missing Authorization vulnerability in Joe Dolson My Tickets
allows Ac ...)
+ TODO: check
+CVE-2025-22716 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-22711 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22710 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-22709 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22706 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22661 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22553 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-22322 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22318 (Missing Authorization vulnerability in Eniture Technology
Standard Box ...)
+ TODO: check
+CVE-2025-22311 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-22276 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22267 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22262 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22150 (Undici is an HTTP/1.1 client. Starting in version 4.5.0 and
prior to v ...)
+ TODO: check
+CVE-2025-0623
+ REJECTED
+CVE-2025-0615 (Input validation vulnerability in Qualifio's Wheel of Fortune.
This vu ...)
+ TODO: check
+CVE-2025-0614 (Input validation vulnerability in Qualifio's Wheel of Fortune.
This vu ...)
+ TODO: check
+CVE-2025-0450 (The Betheme plugin for WordPress is vulnerable to Stored
Cross-Site Sc ...)
+ TODO: check
+CVE-2025-0377 (HashiCorp\u2019s go-slug library is vulnerable to a zip-slip
style att ...)
+ TODO: check
+CVE-2025-0371 (The JetElements plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
+ TODO: check
+CVE-2024-6466 (NEC Corporation's WebSAM DeploymentManager v6.0 to v6.80 allows
an att ...)
+ TODO: check
+CVE-2024-57036 (TOTOLINK A810R V4.1.2cu.5032_B20200407 was found to contain a
command ...)
+ TODO: check
+CVE-2024-56998 (PHPGurukul Hospital Management System 4.0 is vulnerable to
Cross Site ...)
+ TODO: check
+CVE-2024-56997 (PHPGurukul Hospital Management System 4.0 is vulnerable to
Cross Site ...)
+ TODO: check
+CVE-2024-56990 (PHPGurukul Hospital Management System 4.0 is vulnerable to
Cross Site ...)
+ TODO: check
+CVE-2024-56277 (Improper Encoding or Escaping of Output vulnerability in Poll
Maker Te ...)
+ TODO: check
+CVE-2024-55504 (An issue in RAR Extractor - Unarchiver Free and Pro v.6.4.0
allows loc ...)
+ TODO: check
+CVE-2024-54795 (SpagoBI v3.5.1 contains multiple Stored Cross-Site Scripting
(XSS) vul ...)
+ TODO: check
+CVE-2024-54794 (The script input feature of SpagoBI 3.5.1 allows arbitrary
code execut ...)
+ TODO: check
+CVE-2024-54792 (A Cross-Site Request Forgery (CSRF) vulnerability has been
found in Sp ...)
+ TODO: check
+CVE-2024-53829 (CodeChecker is an analyzer tooling, defect database and viewer
extensi ...)
+ TODO: check
+CVE-2024-52973 (An allocation of resources without limits or throttling in
Kibana can ...)
+ TODO: check
+CVE-2024-51919 (Unrestricted Upload of File with Dangerous Type vulnerability
in NotFo ...)
+ TODO: check
+CVE-2024-51888 (Incorrect Privilege Assignment vulnerability in NotFound Homey
Login R ...)
+ TODO: check
+CVE-2024-51818 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2024-51417 (An issue in System.Linq.Dynamic.Core Latest version v.1.4.6
allows rem ...)
+ TODO: check
+CVE-2024-49700 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-49699 (Deserialization of Untrusted Data vulnerability in NotFound
ARPrice al ...)
+ TODO: check
+CVE-2024-49688 (Deserialization of Untrusted Data vulnerability in NotFound
ARPrice al ...)
+ TODO: check
+CVE-2024-49666 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2024-49655 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2024-49333 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2024-49303 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2024-49300 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-45687 (Improper Neutralization of CRLF Sequences in HTTP Headers
('HTTP Reque ...)
+ TODO: check
+CVE-2024-45091 (IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.24, 7.1 through
7.1.2.10, ...)
+ TODO: check
+CVE-2024-43709 (An allocation of resources without limits or throttling in
Elasticsear ...)
+ TODO: check
+CVE-2024-42936 (The mqlink.elf is service component in Ruijie RG-EW300N with
firmware ...)
+ TODO: check
+CVE-2024-37284 (Improper handling of alternate encoding occurs when Elastic
Defend on ...)
+ TODO: check
+CVE-2024-32555 (Incorrect Privilege Assignment vulnerability in NotFound Easy
Real Est ...)
+ TODO: check
+CVE-2024-13536 (The 1003 Mortgage Application plugin for WordPress is
vulnerable to Fu ...)
+ TODO: check
+CVE-2024-13454 (Weak encryption algorithm in Easy-RSA version 3.0.5 through
3.1.7 allo ...)
+ TODO: check
+CVE-2024-13444 (The wp-greet plugin for WordPress is vulnerable to Cross-Site
Request ...)
+ TODO: check
+CVE-2024-13404 (The Link Library plugin for WordPress is vulnerable to
Reflected Cross ...)
+ TODO: check
+CVE-2024-13230 (The Social Share, Social Login and Social Comments Plugin
\u2013 Super ...)
+ TODO: check
+CVE-2024-12104 (The Visual Website Collaboration, Feedback & Project
Management \u2013 ...)
+ TODO: check
+CVE-2024-12005 (The WP-BibTeX plugin for WordPress is vulnerable to Cross-Site
Request ...)
+ TODO: check
+CVE-2024-11226 (The FireCask Like & Share Button plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2024-10936 (The String locator plugin for WordPress is vulnerable to PHP
Object In ...)
+ TODO: check
+CVE-2023-45908 (Homarr before v0.14.0 was discovered to contain a stored
cross-site sc ...)
+ TODO: check
CVE-2024-45479
NOT-FOR-US: Apache Ranger
CVE-2024-45478
NOT-FOR-US: Apache Ranger
-CVE-2025-21664 [dm thin: make get_first_thin use rcu-safe list first function]
+CVE-2025-21664 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 6.12.10-1
NOTE:
https://git.kernel.org/linus/80f130bfad1dab93b95683fc39b87235682b8f72 (6.13-rc7)
-CVE-2025-21663 [net: stmmac: dwmac-tegra: Read iommu stream id from device
tree]
+CVE-2025-21663 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.12.10-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/426046e2d62dd19533808661e912b8e8a9eaec16 (6.13-rc7)
-CVE-2025-21662 [net/mlx5: Fix variable not being completed when function
returns]
+CVE-2025-21662 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.12.10-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/0e2909c6bec9048f49d0c8e16887c63b50b14647 (6.13-rc7)
-CVE-2025-21661 [gpio: virtuser: fix missing lookup table cleanups]
+CVE-2025-21661 (In the Linux kernel, the following vulnerability has been
resolved: g ...)
- linux 6.12.10-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/a619cba8c69c434258ff4101d463322cd63e1bdc (6.13-rc7)
-CVE-2025-21660 [ksmbd: fix unexpectedly changed path in
ksmbd_vfs_kern_path_locked]
+CVE-2025-21660 (In the Linux kernel, the following vulnerability has been
resolved: k ...)
- linux 6.12.10-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/2ac538e40278a2c0c051cca81bcaafc547d61372 (6.13-rc7)
-CVE-2025-21659 [netdev: prevent accessing NAPI instances from another
namespace]
+CVE-2025-21659 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.12.10-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/d1cacd74776895f6435941f86a1130e58f6dd226 (6.13-rc7)
-CVE-2025-21658 [btrfs: avoid NULL pointer dereference if no valid extent tree]
+CVE-2025-21658 (In the Linux kernel, the following vulnerability has been
resolved: b ...)
- linux 6.12.10-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/6aecd91a5c5b68939cf4169e32bc49f3cd2dd329 (6.13-rc7)
-CVE-2025-21657 [sched_ext: Replace rq_lock() to raw_spin_rq_lock() in
scx_ops_bypass()]
+CVE-2025-21657 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
- linux 6.12.10-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/6268d5bc10354fc2ab8d44a0cd3b042d49a0417e (6.13-rc7)
-CVE-2025-21656 [hwmon: (drivetemp) Fix driver producing garbage data when SCSI
errors occur]
+CVE-2025-21656 (In the Linux kernel, the following vulnerability has been
resolved: h ...)
- linux 6.12.10-1
NOTE:
https://git.kernel.org/linus/82163d63ae7a4c36142cd252388737205bb7e4b9 (6.13-rc7)
-CVE-2024-57946 [virtio-blk: don't keep queue frozen during system suspend]
+CVE-2024-57946 (In the Linux kernel, the following vulnerability has been
resolved: v ...)
- linux 6.12.8-1
[bookworm] - linux 6.1.123-1
NOTE:
https://git.kernel.org/linus/7678abee0867e6b7fb89aa40f6e9f575f755fb37 (6.13-rc2)
-CVE-2024-57945 [riscv: mm: Fix the out of bound issue of vmemmap address]
+CVE-2024-57945 (In the Linux kernel, the following vulnerability has been
resolved: r ...)
- linux 6.12.10-1
NOTE:
https://git.kernel.org/linus/f754f27e98f88428aaf6be6e00f5cbce97f62d4b (6.13-rc7)
-CVE-2024-57944 [iio: adc: ti-ads1298: Add NULL check in ads1298_init]
+CVE-2024-57944 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
- linux 6.12.10-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/bcb394bb28e55312cace75362b8e489eb0e02a30 (6.13-rc7)
-CVE-2024-57943 [exfat: fix the new buffer was not zeroed before writing]
+CVE-2024-57943 (In the Linux kernel, the following vulnerability has been
resolved: e ...)
- linux 6.12.10-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/98e2fb26d1a9eafe79f46d15d54e68e014d81d8c (6.13-rc7)
-CVE-2024-57942 [netfs: Fix ceph copy to cache on write-begin]
+CVE-2024-57942 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.12.10-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/38cf8e945721ffe708fa675507465da7f4f2a9f7 (6.13-rc7)
-CVE-2024-57941 [netfs: Fix the (non-)cancellation of copy when cache is
temporarily disabled]
+CVE-2024-57941 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.12.10-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/d0327c824338cdccad058723a31d038ecd553409 (6.13-rc7)
-CVE-2024-57940 [exfat: fix the infinite loop in exfat_readdir()]
+CVE-2024-57940 (In the Linux kernel, the following vulnerability has been
resolved: e ...)
- linux 6.12.10-1
NOTE:
https://git.kernel.org/linus/fee873761bd978d077d8c55334b4966ac4cb7b59 (6.13-rc7)
-CVE-2024-57939 [riscv: Fix sleeping in invalid context in die()]
+CVE-2024-57939 (In the Linux kernel, the following vulnerability has been
resolved: r ...)
- linux 6.12.10-1
NOTE:
https://git.kernel.org/linus/6a97f4118ac07cfdc316433f385dbdc12af5025e (6.13-rc7)
-CVE-2024-57938 [net/sctp: Prevent autoclose integer overflow in
sctp_association_init()]
+CVE-2024-57938 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.12.9-1
[bookworm] - linux 6.1.124-1
NOTE:
https://git.kernel.org/linus/4e86729d1ff329815a6e8a920cb554a1d4cb5b8d (6.13-rc6)
-CVE-2024-57937 [mm: reinstate ability to map write-sealed memfd mappings
read-only]
+CVE-2024-57937 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
- linux 6.12.9-1
NOTE:
https://git.kernel.org/linus/8ec396d05d1b737c87311fb7311f753b02c2a6b1 (6.13-rc6)
-CVE-2024-57936 [RDMA/bnxt_re: Fix max SGEs for the Work Request]
+CVE-2024-57936 (In the Linux kernel, the following vulnerability has been
resolved: R ...)
- linux 6.12.9-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/79d330fbdffd8cee06d8bdf38d82cb62d8363a27 (6.13-rc6)
-CVE-2024-57935 [RDMA/hns: Fix accessing invalid dip_ctx during destroying QP]
+CVE-2024-57935 (In the Linux kernel, the following vulnerability has been
resolved: R ...)
- linux 6.12.9-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/0572eccf239ce4bd89bd531767ec5ab20e249290 (6.13-rc6)
-CVE-2024-57934 [fgraph: Add READ_ONCE() when accessing fgraph_array[]]
+CVE-2024-57934 (In the Linux kernel, the following vulnerability has been
resolved: f ...)
- linux 6.12.9-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/d65474033740ded0a4fe9a097fce72328655b41d (6.13-rc6)
-CVE-2024-57933 [gve: guard XSK operations on the existence of queues]
+CVE-2024-57933 (In the Linux kernel, the following vulnerability has been
resolved: g ...)
- linux 6.12.9-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/40338d7987d810fcaa95c500b1068a52b08eec9b (6.13-rc6)
-CVE-2024-57932 [gve: guard XDP xmit NDO on existence of xdp queues]
+CVE-2024-57932 (In the Linux kernel, the following vulnerability has been
resolved: g ...)
- linux 6.12.9-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/ff7c2dea9dd1a436fc79d6273adffdcc4a7ffea3 (6.13-rc6)
-CVE-2024-57931 [selinux: ignore unknown extended permissions]
+CVE-2024-57931 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
- linux 6.12.9-1
[bookworm] - linux 6.1.124-1
NOTE:
https://git.kernel.org/linus/900f83cf376bdaf798b6f5dcb2eae0c822e908b6 (6.13-rc4)
-CVE-2024-57930 [tracing: Have process_string() also allow arrays]
+CVE-2024-57930 (In the Linux kernel, the following vulnerability has been
resolved: t ...)
- linux 6.12.9-1
[bookworm] - linux 6.1.124-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/afc6717628f959941d7b33728570568b4af1c4b8 (6.13-rc6)
CVE-2022-4975
NOT-FOR-US: Red Hat Advanced Cluster Security
-CVE-2025-24014 [segmentation fault in win_line()]
+CVE-2025-24014 (Vim is an open source, command line text editor. A
segmentation fault ...)
- vim <unfixed> (unimportant)
NOTE: Crash in CLI tool, no security impact
NOTE: https://github.com/vim/vim/security/advisories/GHSA-j3g9-wg22-v955
@@ -1241,7 +1439,7 @@ CVE-2024-52602 (Matrix Media Repo (MMR) is a highly
configurable multi-homeserve
NOT-FOR-US: Matrix Media Repo (MMR)
CVE-2024-52594 (Gomatrixserverlib is a Go library for matrix federation.
Gomatrixserve ...)
NOT-FOR-US: Gomatrixserverlib
-CVE-2024-50633 (A Broken Object Level Authorization (BOLA) vulnerability in
Indico v3. ...)
+CVE-2024-50633 (A Broken Object Level Authorization (BOLA) vulnerability in
Indico thr ...)
NOT-FOR-US: Indico
CVE-2024-50563 (A weak authentication in Fortinet FortiManager Cloud,
FortiAnalyzer ve ...)
NOT-FOR-US: FortiGuard
@@ -10088,6 +10286,7 @@ CVE-2024-10972 (Velocidex WinPmem versions 4.1 and
below suffer from an Improper
CVE-2024-10095 (In Progress Telerik UI for WPF versions prior to 2024 Q4
(2024.4.1213) ...)
NOT-FOR-US: Telerik
CVE-2024-55919 [Improper input validation on generic SSO login]
+ {DLA-4027-1}
- sympa 6.2.74~dfsg-1 (bug #1090188)
NOTE: https://www.sympa.community/security/2024-001.html
NOTE: Patch:
https://github.com/sympa-community/sympa/releases/download/6.2.74/sympa-6.2.72-sa-2024-001-r1.patch
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/802e5a3821a5a46219b59ac329ff4031ebb52178
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/802e5a3821a5a46219b59ac329ff4031ebb52178
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
