Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e05938b8 by security tracker role at 2025-01-22T08:11:56+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,353 @@
+CVE-2025-23237 (Improper neutralization of special elements used in an OS
command ('OS ...)
+ TODO: check
+CVE-2025-23090 (With the aid of the diagnostics_channel utility, an event can
be hooke ...)
+ TODO: check
+CVE-2025-23089 (This CVE has been issued to inform users that they are using
End-of-Li ...)
+ TODO: check
+CVE-2025-23088 (This CVE has been issued to inform users that they are using
End-of-Li ...)
+ TODO: check
+CVE-2025-23087 (This CVE has been issued to inform users that they are using
End-of-Li ...)
+ TODO: check
+CVE-2025-22450 (Inclusion of undocumented features issue exists in UD-LT2
firmware Ver ...)
+ TODO: check
+CVE-2025-21571 (Vulnerability in the Oracle VM VirtualBox product of Oracle
Virtualiza ...)
+ TODO: check
+CVE-2025-21570 (Vulnerability in the Oracle Life Sciences Argus Safety product
of Orac ...)
+ TODO: check
+CVE-2025-21569 (Vulnerability in the Oracle Hyperion Data Relationship
Management prod ...)
+ TODO: check
+CVE-2025-21568 (Vulnerability in the Oracle Hyperion Data Relationship
Management prod ...)
+ TODO: check
+CVE-2025-21567 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ TODO: check
+CVE-2025-21566 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ TODO: check
+CVE-2025-21565 (Vulnerability in the Oracle Agile PLM Framework product of
Oracle Supp ...)
+ TODO: check
+CVE-2025-21564 (Vulnerability in the Oracle Agile PLM Framework product of
Oracle Supp ...)
+ TODO: check
+CVE-2025-21563 (Vulnerability in the PeopleSoft Enterprise CC Common
Application Objec ...)
+ TODO: check
+CVE-2025-21562 (Vulnerability in the PeopleSoft Enterprise CC Common
Application Objec ...)
+ TODO: check
+CVE-2025-21561 (Vulnerability in the PeopleSoft Enterprise SCM Purchasing
product of O ...)
+ TODO: check
+CVE-2025-21560 (Vulnerability in the Oracle Agile PLM Framework product of
Oracle Supp ...)
+ TODO: check
+CVE-2025-21559 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ TODO: check
+CVE-2025-21558 (Vulnerability in the Primavera P6 Enterprise Project Portfolio
Managem ...)
+ TODO: check
+CVE-2025-21557 (Vulnerability in Oracle Application Express (component:
General). Sup ...)
+ TODO: check
+CVE-2025-21556 (Vulnerability in the Oracle Agile PLM Framework product of
Oracle Supp ...)
+ TODO: check
+CVE-2025-21555 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ TODO: check
+CVE-2025-21554 (Vulnerability in the Oracle Communications Order and Service
Managemen ...)
+ TODO: check
+CVE-2025-21553 (Vulnerability in the Java VM component of Oracle Database
Server. Sup ...)
+ TODO: check
+CVE-2025-21552 (Vulnerability in the JD Edwards EnterpriseOne Orchestrator
product of ...)
+ TODO: check
+CVE-2025-21551 (Vulnerability in the Oracle Solaris product of Oracle Systems
(compone ...)
+ TODO: check
+CVE-2025-21550 (Vulnerability in the Oracle Financial Services Behavior
Detection Plat ...)
+ TODO: check
+CVE-2025-21549 (Vulnerability in the Oracle WebLogic Server product of Oracle
Fusion M ...)
+ TODO: check
+CVE-2025-21548 (Vulnerability in the MySQL Connectors product of Oracle MySQL
(compone ...)
+ TODO: check
+CVE-2025-21547 (Vulnerability in the Oracle Hospitality OPERA 5 product of
Oracle Hosp ...)
+ TODO: check
+CVE-2025-21546 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ TODO: check
+CVE-2025-21545 (Vulnerability in the PeopleSoft Enterprise PeopleTools product
of Orac ...)
+ TODO: check
+CVE-2025-21544 (Vulnerability in the Oracle Communications Order and Service
Managemen ...)
+ TODO: check
+CVE-2025-21543 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ TODO: check
+CVE-2025-21542 (Vulnerability in the Oracle Communications Order and Service
Managemen ...)
+ TODO: check
+CVE-2025-21541 (Vulnerability in the Oracle Workflow product of Oracle
E-Business Suit ...)
+ TODO: check
+CVE-2025-21540 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ TODO: check
+CVE-2025-21539 (Vulnerability in the PeopleSoft Enterprise FIN eSettlements
product of ...)
+ TODO: check
+CVE-2025-21538 (Vulnerability in the JD Edwards EnterpriseOne Tools product of
Oracle ...)
+ TODO: check
+CVE-2025-21537 (Vulnerability in the PeopleSoft Enterprise FIN Cash Management
product ...)
+ TODO: check
+CVE-2025-21536 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ TODO: check
+CVE-2025-21535 (Vulnerability in the Oracle WebLogic Server product of Oracle
Fusion M ...)
+ TODO: check
+CVE-2025-21534 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ TODO: check
+CVE-2025-21533 (Vulnerability in the Oracle VM VirtualBox product of Oracle
Virtualiza ...)
+ TODO: check
+CVE-2025-21532 (Vulnerability in the Oracle Analytics Desktop product of
Oracle Analyt ...)
+ TODO: check
+CVE-2025-21531 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ TODO: check
+CVE-2025-21530 (Vulnerability in the PeopleSoft Enterprise PeopleTools product
of Orac ...)
+ TODO: check
+CVE-2025-21529 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ TODO: check
+CVE-2025-21528 (Vulnerability in the Primavera P6 Enterprise Project Portfolio
Managem ...)
+ TODO: check
+CVE-2025-21527 (Vulnerability in the JD Edwards EnterpriseOne Tools product of
Oracle ...)
+ TODO: check
+CVE-2025-21526 (Vulnerability in the Primavera P6 Enterprise Project Portfolio
Managem ...)
+ TODO: check
+CVE-2025-21525 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ TODO: check
+CVE-2025-21524 (Vulnerability in the JD Edwards EnterpriseOne Tools product of
Oracle ...)
+ TODO: check
+CVE-2025-21523 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ TODO: check
+CVE-2025-21522 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ TODO: check
+CVE-2025-21521 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ TODO: check
+CVE-2025-21520 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ TODO: check
+CVE-2025-21519 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ TODO: check
+CVE-2025-21518 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ TODO: check
+CVE-2025-21517 (Vulnerability in the JD Edwards EnterpriseOne Tools product of
Oracle ...)
+ TODO: check
+CVE-2025-21516 (Vulnerability in the Oracle Customer Care product of Oracle
E-Business ...)
+ TODO: check
+CVE-2025-21515 (Vulnerability in the JD Edwards EnterpriseOne Tools product of
Oracle ...)
+ TODO: check
+CVE-2025-21514 (Vulnerability in the JD Edwards EnterpriseOne Tools product of
Oracle ...)
+ TODO: check
+CVE-2025-21513 (Vulnerability in the JD Edwards EnterpriseOne Tools product of
Oracle ...)
+ TODO: check
+CVE-2025-21512 (Vulnerability in the JD Edwards EnterpriseOne Tools product of
Oracle ...)
+ TODO: check
+CVE-2025-21511 (Vulnerability in the JD Edwards EnterpriseOne Tools product of
Oracle ...)
+ TODO: check
+CVE-2025-21510 (Vulnerability in the JD Edwards EnterpriseOne Tools product of
Oracle ...)
+ TODO: check
+CVE-2025-21509 (Vulnerability in the JD Edwards EnterpriseOne Tools product of
Oracle ...)
+ TODO: check
+CVE-2025-21508 (Vulnerability in the JD Edwards EnterpriseOne Tools product of
Oracle ...)
+ TODO: check
+CVE-2025-21507 (Vulnerability in the JD Edwards EnterpriseOne Tools product of
Oracle ...)
+ TODO: check
+CVE-2025-21506 (Vulnerability in the Oracle Project Foundation product of
Oracle E-Bus ...)
+ TODO: check
+CVE-2025-21505 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ TODO: check
+CVE-2025-21504 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ TODO: check
+CVE-2025-21503 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ TODO: check
+CVE-2025-21502 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK,
Oracle Gr ...)
+ TODO: check
+CVE-2025-21501 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ TODO: check
+CVE-2025-21500 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ TODO: check
+CVE-2025-21499 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ TODO: check
+CVE-2025-21498 (Vulnerability in the Oracle HTTP Server product of Oracle
Fusion Middl ...)
+ TODO: check
+CVE-2025-21497 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ TODO: check
+CVE-2025-21495 (Vulnerability in the MySQL Enterprise Firewall product of
Oracle MySQL ...)
+ TODO: check
+CVE-2025-21494 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ TODO: check
+CVE-2025-21493 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ TODO: check
+CVE-2025-21492 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ TODO: check
+CVE-2025-21491 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ TODO: check
+CVE-2025-21490 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
+ TODO: check
+CVE-2025-21489 (Vulnerability in the Oracle Advanced Outbound Telephony
product of Ora ...)
+ TODO: check
+CVE-2025-20617 (Improper neutralization of special elements used in an OS
command ('OS ...)
+ TODO: check
+CVE-2025-0625 (A vulnerability, which was classified as problematic, was found
in Cam ...)
+ TODO: check
+CVE-2025-0429 (The "AI Power: Complete AI Pack" plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2025-0428 (The "AI Power: Complete AI Pack" plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2024-57545 (Linksys E8450 v1.2.00.360516 was discovered to contain a
buffer overfl ...)
+ TODO: check
+CVE-2024-57544 (Linksys E8450 v1.2.00.360516 was discovered to contain a
buffer overfl ...)
+ TODO: check
+CVE-2024-57543 (Linksys E8450 v1.2.00.360516 was discovered to contain a
buffer overfl ...)
+ TODO: check
+CVE-2024-57542 (Linksys E8450 v1.2.00.360516 was discovered to contain a
command injec ...)
+ TODO: check
+CVE-2024-57541 (Linksys E8450 v1.2.00.360516 was discovered to contain a
buffer overfl ...)
+ TODO: check
+CVE-2024-57540 (Linksys E8450 v1.2.00.360516 was discovered to contain a
buffer overfl ...)
+ TODO: check
+CVE-2024-57539 (Linksys E8450 v1.2.00.360516 was discovered to contain a
command injec ...)
+ TODO: check
+CVE-2024-57538 (Linksys E8450 v1.2.00.360516 was discovered to contain a
buffer overfl ...)
+ TODO: check
+CVE-2024-57537 (Linksys E8450 v1.2.00.360516 was discovered to contain a
buffer overfl ...)
+ TODO: check
+CVE-2024-57536 (Linksys E8450 v1.2.00.360516 was discovered to contain a
command injec ...)
+ TODO: check
+CVE-2024-57360 (https://www.gnu.org/software/binutils/ nm >=2.43 is affected
by: Incor ...)
+ TODO: check
+CVE-2024-55959 (Northern.tech Mender Client 4.x before 4.0.5 has Insecure
Permissions.)
+ TODO: check
+CVE-2024-55958 (Northern.tech CFEngine Enterprise Mission Portal 3.24.0,
3.21.5, and b ...)
+ TODO: check
+CVE-2024-49749 (In DGifSlurp of dgif_lib.c, there is a possible out of bounds
write du ...)
+ TODO: check
+CVE-2024-49748 (In gatts_process_primary_service_req of gatt_sr.cc, there is a
possibl ...)
+ TODO: check
+CVE-2024-49747 (In gatts_process_read_by_type_req of gatt_sr.cc, there is a
possible o ...)
+ TODO: check
+CVE-2024-49745 (In growData of Parcel.cpp, there is a possible out of bounds
write due ...)
+ TODO: check
+CVE-2024-49744 (In checkKeyIntentParceledCorrectly of
AccountManagerService.java, the ...)
+ TODO: check
+CVE-2024-49742 (In onCreate of NotificationAccessConfirmationActivity.java ,
there is ...)
+ TODO: check
+CVE-2024-49738 (In writeInplace of Parcel.cpp, there is a possible out of
bounds write ...)
+ TODO: check
+CVE-2024-49737 (In applyTaskFragmentOperation of
WindowOrganizerController.java, there ...)
+ TODO: check
+CVE-2024-49736 (In onClick of MainClear.java, there is a possible way to
trigger facto ...)
+ TODO: check
+CVE-2024-49735 (In multiple locations, there is a possible failure to persist
permissi ...)
+ TODO: check
+CVE-2024-49734 (In multiple functions of ConnectivityService.java, there is a
possible ...)
+ TODO: check
+CVE-2024-49733 (In reload of ServiceListing.java , there is a possible way to
allow a ...)
+ TODO: check
+CVE-2024-49732 (In multiple functions of CompanionDeviceManagerService.java,
there is ...)
+ TODO: check
+CVE-2024-49724 (In multiple functions of AccountManagerService.java, there is
a possib ...)
+ TODO: check
+CVE-2024-48392 (OrangeScrum v2.0.11 is vulnerable to Cross Site Scripting
(XSS). An at ...)
+ TODO: check
+CVE-2024-43771 (In gatts_process_read_req of gatt_sr.cc, there is a possible
out of bo ...)
+ TODO: check
+CVE-2024-43770 (In gatts_process_find_info of gatt_sr.cc, there is a possible
out of b ...)
+ TODO: check
+CVE-2024-43765 (In multiple locations, there is a possible way to obtain
access to a f ...)
+ TODO: check
+CVE-2024-43763 (In build_read_multi_rsp of gatt_sr.cc, there is a possible
denial of s ...)
+ TODO: check
+CVE-2024-43096 (In build_read_multi_rsp of gatt_sr.cc, there is a possible out
of boun ...)
+ TODO: check
+CVE-2024-43095 (In multiple locations, there is a possible way to obtain any
system pe ...)
+ TODO: check
+CVE-2024-34730 (In multiple locations, there is a possible bypass of user
consent to e ...)
+ TODO: check
+CVE-2024-24451 (A stack overflow in the sctp_server::sctp_receiver_thread
component of ...)
+ TODO: check
+CVE-2024-24445 (OpenAirInterface CN5G AMF (oai-cn5g-amf) <= 2.0.0 contains a
null dere ...)
+ TODO: check
+CVE-2024-24444 (Improper file descriptor handling for closed connections in
OpenAirInt ...)
+ TODO: check
+CVE-2024-24443 (An uninitialized pointer dereference in the
ngap_handle_pdu_session_re ...)
+ TODO: check
+CVE-2024-24442 (A NULL pointer dereference in the ngap_app::handle_receive
routine of ...)
+ TODO: check
+CVE-2024-24428 (A reachable assertion in the oai_nas_5gmm_decode function of
Open5GS < ...)
+ TODO: check
+CVE-2024-24427 (A reachable assertion in the amf_ue_set_suci function of
Open5GS <= 2. ...)
+ TODO: check
+CVE-2024-24424 (A reachable assertion in the decode_access_point_name_ie
function of M ...)
+ TODO: check
+CVE-2024-24423 (The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit
08472ba98b83 ...)
+ TODO: check
+CVE-2024-24422 (The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit
08472ba98b83 ...)
+ TODO: check
+CVE-2024-24421 (A type confusion in the nas_message_decode function of Magma
<= 1.8.0 ...)
+ TODO: check
+CVE-2024-24420 (A reachable assertion in the decode_linked_ti_ie function of
Magma <= ...)
+ TODO: check
+CVE-2024-24419 (The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit
08472ba98b83 ...)
+ TODO: check
+CVE-2024-24418 (The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit
08472ba98b83 ...)
+ TODO: check
+CVE-2024-24417 (The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit
08472ba98b83 ...)
+ TODO: check
+CVE-2024-24416 (The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit
08472ba98b83 ...)
+ TODO: check
+CVE-2024-21245 (Vulnerability in the JD Edwards EnterpriseOne Tools product of
Oracle ...)
+ TODO: check
+CVE-2024-13590 (The Ketchup Shortcodes plugin for WordPress is vulnerable to
Stored Cr ...)
+ TODO: check
+CVE-2024-13584 (The Picture Gallery \u2013 Frontend Image Uploads, AJAX Photo
List plu ...)
+ TODO: check
+CVE-2024-13426 (The WP-Polls plugin for WordPress is vulnerable to SQL
Injection via C ...)
+ TODO: check
+CVE-2024-13406 (The XML for Google Merchant Center plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2024-13361 (The AI Power: Complete AI Pack plugin for WordPress is
vulnerable to u ...)
+ TODO: check
+CVE-2024-13360 (The AI Power: Complete AI Pack plugin for WordPress is
vulnerable to S ...)
+ TODO: check
+CVE-2024-13319 (The Themify Builder plugin for WordPress is vulnerable to
Reflected Cr ...)
+ TODO: check
+CVE-2024-13091 (The WPBot Pro Wordpress Chatbot plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2024-12879 (The WPBot Pro Wordpress Chatbot plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2024-12857 (The AdForest theme for WordPress is vulnerable to
authentication bypas ...)
+ TODO: check
+CVE-2024-12117 (The Stackable \u2013 Page Builder Gutenberg Blocks plugin for
WordPres ...)
+ TODO: check
+CVE-2024-11218 (A vulnerability was found in `podman build` and `buildah.`
This issue ...)
+ TODO: check
+CVE-2023-50733 (A Server-Side Request Forgery (SSRF) vulnerability has been
identified ...)
+ TODO: check
+CVE-2023-40132 (In setActualDefaultRingtoneUri of RingtoneManager.java, there
is a pos ...)
+ TODO: check
+CVE-2023-40108 (In multiple locations, there is a possible way to access media
content ...)
+ TODO: check
+CVE-2023-37039 (A Null pointer dereference vulnerability in the Mobile
Management Enti ...)
+ TODO: check
+CVE-2023-37038 (A Null pointer dereference vulnerability in the Mobile
Management Enti ...)
+ TODO: check
+CVE-2023-37037 (A Null pointer dereference vulnerability in the Mobile
Management Enti ...)
+ TODO: check
+CVE-2023-37036 (A Null pointer dereference vulnerability in the Mobile
Management Enti ...)
+ TODO: check
+CVE-2023-37035 (A Null pointer dereference vulnerability in the Mobile
Management Enti ...)
+ TODO: check
+CVE-2023-37034 (A Null pointer dereference vulnerability in the Mobile
Management Enti ...)
+ TODO: check
+CVE-2023-37033 (A Null pointer dereference vulnerability in the Mobile
Management Enti ...)
+ TODO: check
+CVE-2023-37032 (A Stack-based buffer overflow in the Mobile Management Entity
(MME) of ...)
+ TODO: check
+CVE-2023-37031 (A Null pointer dereference vulnerability in the Mobile
Management Enti ...)
+ TODO: check
+CVE-2023-37030 (A Null pointer dereference vulnerability in the Mobile
Management Enti ...)
+ TODO: check
+CVE-2023-37029 (Magma versions <= 1.8.0 (fixed in v1.9 commit
08472ba98b8321f802e95f56 ...)
+ TODO: check
+CVE-2023-37028 (A Null pointer dereference vulnerability in the Mobile
Management Enti ...)
+ TODO: check
+CVE-2023-37027 (Null pointer dereference vulnerability in the Mobile
Management Entity ...)
+ TODO: check
+CVE-2023-37026 (A Null pointer dereference vulnerability in the Mobile
Management Enti ...)
+ TODO: check
+CVE-2023-37025 (A Null pointer dereference vulnerability in the Mobile
Management Enti ...)
+ TODO: check
+CVE-2023-37024 (A reachable assertion in the Mobile Management Entity (MME) of
Magma v ...)
+ TODO: check
CVE-2025-0411 [7-Zip Mark-of-the-Web Bypass Vulnerability]
- 7zip 24.09+dfsg-1
- p7zip 16.02+transitional.1 (unimportant)
@@ -18,14 +368,14 @@ CVE-2025-23085 [GOAWAY HTTP/2 frames cause memory leak
outside heap]
CVE-2025-23084 [Path traversal by drive name in Windows environment]
- nodejs <not-affected> (Only affect Node.js on Windows)
NOTE:
https://nodejs.org/en/blog/vulnerability/january-2025-security-releases#path-traversal-by-drive-name-in-windows-environment-cve-2025-23084---medium
-CVE-2025-23083 [Worker permission bypass via InternalWorker leak in
diagnostics]
+CVE-2025-23083 (With the aid of the diagnostics_channel utility, an event can
be hooke ...)
- nodejs <unfixed>
NOTE:
https://nodejs.org/en/blog/vulnerability/january-2025-security-releases#worker-permission-bypass-via-internalworker-leak-in-diagnostics-cve-2025-23083---high
-CVE-2025-23195
+CVE-2025-23195 (An XML External Entity (XXE) vulnerability exists in the
Ambari/Oozie ...)
NOT-FOR-US: Apache Ambari
-CVE-2025-23196
+CVE-2025-23196 (A code injection vulnerability exists in the Ambari Alert
Definition ...)
NOT-FOR-US: Apache Ambari
-CVE-2024-51941
+CVE-2024-51941 (A remote code injection vulnerability exists in the Ambari
Metrics and ...)
NOT-FOR-US: Apache Ambari
CVE-2025-24461 (In JetBrains TeamCity before 2024.12.1 decryption of
connection secret ...)
NOT-FOR-US: JetBrains TeamCity
@@ -229,9 +579,9 @@ CVE-2024-10936 (The String locator plugin for WordPress is
vulnerable to PHP Obj
NOT-FOR-US: WordPress plugin
CVE-2023-45908 (Homarr before v0.14.0 was discovered to contain a stored
cross-site sc ...)
NOT-FOR-US: Homarr
-CVE-2024-45479
+CVE-2024-45479 (SSRF vulnerability in Edit Service Page of Apache Ranger UI in
Apache ...)
NOT-FOR-US: Apache Ranger
-CVE-2024-45478
+CVE-2024-45478 (Stored XSS vulnerability in Edit Service Page of Apache Ranger
UI in A ...)
NOT-FOR-US: Apache Ranger
CVE-2025-21664 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 6.12.10-1
@@ -23342,7 +23692,7 @@ CVE-2024-20106 (In m4u, there is a possible out of
bounds write due to a missing
NOT-FOR-US: MediaTek
CVE-2024-20104 (In da, there is a possible out of bounds write due to a
missing bounds ...)
NOT-FOR-US: MediaTek
-CVE-2024-10761 (A vulnerability was found in Umbraco CMS 12.3.6. It has been
classifie ...)
+CVE-2024-10761 (A vulnerability was found in Umbraco CMS up to
10.7.7/12.3.6/13.5.2/14 ...)
NOT-FOR-US: Umbraco CMS
CVE-2024-10760 (A vulnerability was found in code-projects University Event
Management ...)
NOT-FOR-US: code-projects University Event Management System
@@ -155921,10 +156271,10 @@ CVE-2023-27114 (radare2 v5.8.3 was discovered to
contain a segmentation fault vi
- radare2 5.9.0+dfsg-1 (bug #1032667)
NOTE: https://github.com/radareorg/radare2/issues/21363
NOTE:
https://github.com/radareorg/radare2/commit/a15067a8eaa836bcc24b0882712c14d1baa66509
-CVE-2023-27113
- RESERVED
-CVE-2023-27112
- RESERVED
+CVE-2023-27113 (pearProjectApi v2.8.10 was discovered to contain a SQL
injection vulne ...)
+ TODO: check
+CVE-2023-27112 (pearProjectApi v2.8.10 was discovered to contain a SQL
injection vulne ...)
+ TODO: check
CVE-2023-27111
RESERVED
CVE-2023-27110
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e05938b8f5d0dce1688ab2bd34362417762fb20e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e05938b8f5d0dce1688ab2bd34362417762fb20e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
