Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f39e7198 by security tracker role at 2025-01-22T20:11:59+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,301 @@
+CVE-2025-24403 (A missing permission check in Jenkins Azure Service Fabric
Plugin 1.6 ...)
+ TODO: check
+CVE-2025-24402 (A cross-site request forgery (CSRF) vulnerability in Jenkins
Azure Ser ...)
+ TODO: check
+CVE-2025-24401 (Jenkins Folder-based Authorization Strategy Plugin
217.vd5b_18537403e ...)
+ TODO: check
+CVE-2025-24400 (Jenkins Eiffel Broadcaster Plugin 2.8.0 through 2.10.2 (both
inclusive ...)
+ TODO: check
+CVE-2025-24399 (Jenkins OpenId Connect Authentication Plugin
4.452.v2849b_d3945fa_ and ...)
+ TODO: check
+CVE-2025-24398 (Jenkins Bitbucket Server Integration Plugin 2.1.0 through
4.1.3 (both ...)
+ TODO: check
+CVE-2025-24397 (An incorrect permission check in Jenkins GitLab Plugin 1.9.6
and earli ...)
+ TODO: check
+CVE-2025-24027 (ps_contactinfo, a PrestaShop module for displaying store
contact infor ...)
+ TODO: check
+CVE-2025-23992 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23966 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23959 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23953 (Unrestricted Upload of File with Dangerous Type vulnerability
in Innov ...)
+ TODO: check
+CVE-2025-23949 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-23948 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-23944 (Deserialization of Untrusted Data vulnerability in WOOEXIM.COM
WOOEXIM ...)
+ TODO: check
+CVE-2025-23942 (Unrestricted Upload of File with Dangerous Type vulnerability
in NgocC ...)
+ TODO: check
+CVE-2025-23938 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-23932 (Deserialization of Untrusted Data vulnerability in NotFound
Quick Coun ...)
+ TODO: check
+CVE-2025-23931 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-23921 (Unrestricted Upload of File with Dangerous Type vulnerability
in NotFo ...)
+ TODO: check
+CVE-2025-23918 (Unrestricted Upload of File with Dangerous Type vulnerability
in NotFo ...)
+ TODO: check
+CVE-2025-23914 (Deserialization of Untrusted Data vulnerability in NotFound
Muzaara Go ...)
+ TODO: check
+CVE-2025-23910 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-23882 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23874 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23867 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23866 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23846 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23812 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23811 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23809 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23806 (Cross-Site Request Forgery (CSRF) vulnerability in ThemeFarmer
Ultimat ...)
+ TODO: check
+CVE-2025-23803 (Cross-Site Request Forgery (CSRF) vulnerability in PQINA
Snippy allows ...)
+ TODO: check
+CVE-2025-23798 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23784 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-23781 (Insertion of Sensitive Information Into Sent Data
vulnerability in Not ...)
+ TODO: check
+CVE-2025-23774 (Insertion of Sensitive Information Into Sent Data
vulnerability in Not ...)
+ TODO: check
+CVE-2025-23770 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23769 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23768 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23758 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23746 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23732 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23709 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23706 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23701 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23700 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23697 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23696 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23695 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23686 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23684 (Missing Authorization vulnerability in Eugen Bobrowski Debug
Tool allo ...)
+ TODO: check
+CVE-2025-23683 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23682 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23681 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23679 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23678 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23676 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23674 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23672 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23643 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23631 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23630 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23625 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23611 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23610 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23609 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23607 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23606 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23605 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23604 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23603 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23602 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23601 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23597 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23592 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23589 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23583 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23578 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23562 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2025-23548 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23535 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23512 (Missing Authorization vulnerability in Team118GROUP Team
118GROUP Agen ...)
+ TODO: check
+CVE-2025-23509 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23507 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23506 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23503 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23500 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23498 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23495 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23486 (Missing Authorization vulnerability in NotFound Database Sync
allows E ...)
+ TODO: check
+CVE-2025-23475 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23462 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23449 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23047 (Cilium is a networking, observability, and security solution
with an e ...)
+ TODO: check
+CVE-2025-23028 (Cilium is a networking, observability, and security solution
with an e ...)
+ TODO: check
+CVE-2025-22980 (A SQL Injection vulnerability exists in Senayan Library
Management Sys ...)
+ TODO: check
+CVE-2025-22772 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-20165 (A vulnerability in the SIP processing subsystem of Cisco
BroadWorks co ...)
+ TODO: check
+CVE-2025-20156 (A vulnerability in the REST API of Cisco Meeting Management
could allo ...)
+ TODO: check
+CVE-2025-20128 (A vulnerability in the Object Linking and Embedding 2 (OLE2)
decryptio ...)
+ TODO: check
+CVE-2025-0651 (Improper Privilege Management vulnerability in Cloudflare WARP
on Wind ...)
+ TODO: check
+CVE-2025-0638 (The initial code parsing the manifest did not check the content
of the ...)
+ TODO: check
+CVE-2025-0612 (Out of bounds memory access in V8 in Google Chrome prior to
132.0.6834 ...)
+ TODO: check
+CVE-2025-0611 (Object corruption in V8 in Google Chrome prior to
132.0.6834.110 allow ...)
+ TODO: check
+CVE-2025-0604 (A flaw was found in Keycloak. When an Active Directory user
resets the ...)
+ TODO: check
+CVE-2025-0395 (When the assert() function in the GNU C Library versions 2.13
to 2.40 ...)
+ TODO: check
+CVE-2024-9310 (By utilizing software-defined radios and a custom low-latency
processi ...)
+ TODO: check
+CVE-2024-56914 (D-Link DSL-3782 v1.01 is vulnerable to Buffer Overflow in
/New_GUI/Par ...)
+ TODO: check
+CVE-2024-55957 (In Thermo Fisher Scientific Xcalibur before 4.7 SP1 and Thermo
Foundat ...)
+ TODO: check
+CVE-2024-55488 (A stored cross-site scripting (XSS) vulnerability in Umbraco
CMS v14.3 ...)
+ TODO: check
+CVE-2024-51457 (IBM Robotic Process Automation for Cloud Pak 21.0.0 through
21.0.7.19 ...)
+ TODO: check
+CVE-2024-42013 (In GRAU DATA Blocky before 3.1, Blocky-Gui has a Client-Side
Enforceme ...)
+ TODO: check
+CVE-2024-42012 (GRAU DATA Blocky before 3.1 stores passwords encrypted rather
than has ...)
+ TODO: check
+CVE-2024-34235 (Open5GS MME versions <= 2.6.4 contains an assertion that can
be remote ...)
+ TODO: check
+CVE-2024-31903 (IBM Sterling B2B Integrator Standard Edition6.0.0.0 through
6.1.2.5 an ...)
+ TODO: check
+CVE-2024-24432 (A reachable assertion in the ogs_kdf_hash_mme function of
Open5GS <= 2 ...)
+ TODO: check
+CVE-2024-24430 (A reachable assertion in the mme_ue_find_by_imsi function of
Open5GS < ...)
+ TODO: check
+CVE-2024-24429 (A reachable assertion in the nas_eps_send_emm_to_esm function
of Open5 ...)
+ TODO: check
+CVE-2024-13499 (The The GamiPress \u2013 Gamification plugin to reward points,
achieve ...)
+ TODO: check
+CVE-2024-13496 (The GamiPress \u2013 Gamification plugin to reward points,
achievement ...)
+ TODO: check
+CVE-2024-13495 (The The GamiPress \u2013 Gamification plugin to reward points,
achieve ...)
+ TODO: check
+CVE-2024-13447 (The WP Hotel Booking plugin for WordPress is vulnerable to
unauthorize ...)
+ TODO: check
+CVE-2024-11166 (For TCAS II systems using transponders compliant with MOPS
earlier tha ...)
+ TODO: check
+CVE-2024-10929 (In certain circumstances, an issue in Arm Cortex-A72
(revisions before ...)
+ TODO: check
+CVE-2023-37777 (Synnefo Internet Management Software 2023 was discovered to
contain a ...)
+ TODO: check
+CVE-2023-37023 (Open5GS MME versions <= 2.6.4 contain a reachable assertion in
the `Up ...)
+ TODO: check
+CVE-2023-37022 (Open5GS MME versions <= 2.6.4 contain a reachable assertion in
the `UE ...)
+ TODO: check
+CVE-2023-37021 (Open5GS MME version <= 2.6.4 contains an assertion that can be
remotel ...)
+ TODO: check
+CVE-2023-37020 (Open5GS MME versions <= 2.6.4 contain an assertion that can be
remotel ...)
+ TODO: check
+CVE-2023-37019 (Open5GS MME versions <= 2.6.4 contains an assertion that can
be remote ...)
+ TODO: check
+CVE-2023-37018 (Open5GS MME versions <= 2.6.4 contains an assertion that can
be remote ...)
+ TODO: check
+CVE-2023-37017 (Open5GS MME versions <= 2.6.4 contain an assertion that can be
remotel ...)
+ TODO: check
+CVE-2023-37016 (Open5GS MME versions <= 2.6.4 contain an assertion that can be
remotel ...)
+ TODO: check
+CVE-2023-37015 (Open5GS MME versions <= 2.6.4 contains an assertion that can
be remote ...)
+ TODO: check
+CVE-2023-37014 (Open5GS MME versions <= 2.6.4 contains an assertion that can
be remote ...)
+ TODO: check
+CVE-2023-37013 (Open5GS MME versions <= 2.6.4 contains an assertion that can
be remote ...)
+ TODO: check
+CVE-2023-37012 (Open5GS MME versions <= 2.6.4 contain an assertion that can be
remotel ...)
+ TODO: check
+CVE-2023-37011 (Open5GS MME versions <= 2.6.4 contain an assertion that can be
remotel ...)
+ TODO: check
+CVE-2023-37010 (Open5GS MME versions <= 2.6.4 contain an assertion that can be
remotel ...)
+ TODO: check
+CVE-2023-37009 (Open5GS MME versions <= 2.6.4 contain an assertion that can be
remotel ...)
+ TODO: check
+CVE-2023-37008 (Open5GS MME versions <= 2.6.4 contain a buffer overflow in the
ASN.1 d ...)
+ TODO: check
+CVE-2023-37007 (Open5GS MME versions <= 2.6.4 contain an assertion that can be
remotel ...)
+ TODO: check
+CVE-2023-37006 (Open5GS MME versions <= 2.6.4 contain an assertion that can be
remotel ...)
+ TODO: check
+CVE-2023-37005 (Open5GS MME versions <= 2.6.4 contain an assertion that can be
remotel ...)
+ TODO: check
+CVE-2023-37004 (Open5GS MME versions <= 2.6.4 contain an assertion that can be
remotel ...)
+ TODO: check
+CVE-2023-37003 (Open5GS MME versions <= 2.6.4 contain an assertion that can be
remotel ...)
+ TODO: check
+CVE-2023-37002 (Open5GS MME versions <= 2.6.4 contain an assertion that can be
remotel ...)
+ TODO: check
+CVE-2023-36998 (The NextEPC MME <= 1.0.1 (fixed in commit
a8492c9c5bc0a66c6999cb5a2635 ...)
+ TODO: check
CVE-2024-52948 [CSRF on 2FA registration]
- lemonldap-ng 2.20.2+ds-1
[bookworm] - lemonldap-ng <no-dsa> (Will be fixed via point update)
@@ -2936,6 +3234,7 @@ CVE-2024-53563 (A stored cross-site scripting (XSS)
vulnerability in Arcadyan Me
CVE-2024-53561 (A remote code execution (RCE) vulnerability in Arcadyan Meteor
2 CPE F ...)
NOT-FOR-US: Arcadyan Meteor
CVE-2024-53263 (Git LFS is a Git extension for versioning large files. When
Git LFS re ...)
+ {DLA-4028-1}
- git-lfs 3.5.0-2 (bug #1093048)
NOTE:
https://github.com/git-lfs/git-lfs/security/advisories/GHSA-q6r2-x2cc-vrp7
NOTE: Fixed by:
https://github.com/git-lfs/git-lfs/commit/0345b6f816e611d050c0df67b61f0022916a1c90
(v3.6.1)
@@ -247566,8 +247865,8 @@ CVE-2022-23441 (A use of hard-coded cryptographic key
vulnerability [CWE-321] in
NOT-FOR-US: Fortinet
CVE-2022-23440 (A use of hard-coded cryptographic key vulnerability [CWE-321]
in the r ...)
NOT-FOR-US: Fortinet
-CVE-2022-23439
- RESERVED
+CVE-2022-23439 (A externally controlled reference to a resource in another
sphere in F ...)
+ TODO: check
CVE-2022-23438 (An improper neutralization of input during web page generation
('Cross ...)
NOT-FOR-US: Fortinet
CVE-2022-23437 (There's a vulnerability within the Apache Xerces Java
(XercesJ) XML pa ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f39e719861c2d6d500dc607b7040533df15ad0a1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f39e719861c2d6d500dc607b7040533df15ad0a1
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
