[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
36f3470f by security tracker role at 2025-01-23T20:12:31+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,8 +1,140 @@
-CVE-2024-57947 [netfilter: nf_set_pipapo: fix initial map fill]
+CVE-2025-24353 (Directus is a real-time API and App dashboard for managing SQL 
databas ...)
+       TODO: check
+CVE-2025-24034 (Himmelblau is an interoperability suite for Microsoft Azure 
Entra ID a ...)
+       TODO: check
+CVE-2025-24033 (@fastify/multipart is a Fastify plugin for parsing the 
multipart conte ...)
+       TODO: check
+CVE-2025-23960 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-23894 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-23836 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-23835 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-23834 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-23733 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-23730 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-23729 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-23727 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-23725 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-23724 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-23723 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-23722 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-23636 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-23634 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-23629 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-23628 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-23626 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-23624 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-23545 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-23544 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-23541 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-23540 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-23227 (IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 
through 7. ...)
+       TODO: check
+CVE-2025-23006 (Pre-authentication deserialization of untrusted data 
vulnerability has ...)
+       TODO: check
+CVE-2025-22768 (Cross-Site Request Forgery (CSRF) vulnerability in Qwerty23 
Rocket Med ...)
+       TODO: check
+CVE-2025-22264 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-22153 (RestrictedPython is a tool that helps to define a subset of 
the Python ...)
+       TODO: check
+CVE-2025-0648 (Unexpected server crash in database driver in M-Files Server 
before 25 ...)
+       TODO: check
+CVE-2025-0637 (It has been found that the Beta10 software does not provide for 
proper ...)
+       TODO: check
+CVE-2025-0635 (Denial of service condition in M-Files Server in versions 
before   25. ...)
+       TODO: check
+CVE-2025-0619 (Unsafe password recovery from configuration in M-Files Server 
before 2 ...)
+       TODO: check
+CVE-2024-55971 (SQL Injection vulnerability in the default configuration of 
the Logiti ...)
+       TODO: check
+CVE-2024-55930 (Weak default folder permissions)
+       TODO: check
+CVE-2024-55929 (Mail spoofing)
+       TODO: check
+CVE-2024-55928 (Clear text secrets returned & Remote system secrets in clear 
text)
+       TODO: check
+CVE-2024-55927 (Flawed token generation implementation & Hard-coded key 
implementation)
+       TODO: check
+CVE-2024-55926 (Arbitrary file upload, deletion and read through header 
manipulation)
+       TODO: check
+CVE-2024-55925 (API Security bypass through header manipulation)
+       TODO: check
+CVE-2024-52331 (ECOVACS robot lawnmowers and vacuums use a deterministic 
symmetric key ...)
+       TODO: check
+CVE-2024-52330 (ECOVACS lawnmowers and vacuums do not properly validate TLS 
certificat ...)
+       TODO: check
+CVE-2024-52329 (ECOVACS HOME mobile app plugins for specific robots do not 
properly va ...)
+       TODO: check
+CVE-2024-52328 (ECOVACS robot lawnmowers and vacuums insecurely store audio 
files used ...)
+       TODO: check
+CVE-2024-52327 (The cloud service used by ECOVACS robot lawnmowers and vacuums 
allows  ...)
+       TODO: check
+CVE-2024-52325 (ECOVACS robot lawnmowers and vacuums are vulnerable to command 
injecti ...)
+       TODO: check
+CVE-2024-45672 (IBM Security Verify Bridge 1.0.0 through 1.0.15 could allow a 
local pr ...)
+       TODO: check
+CVE-2024-43708 (An allocation of resources without limits or throttling in 
Kibana can  ...)
+       TODO: check
+CVE-2024-13593 (The BMLT Meeting Map plugin for WordPress is vulnerable to 
Local File  ...)
+       TODO: check
+CVE-2024-13511 (The Variation Swatches for WooCommerce plugin, in all versions 
startin ...)
+       TODO: check
+CVE-2024-13422 (The SEO Blogger to WordPress Migration using 301 Redirection 
plugin fo ...)
+       TODO: check
+CVE-2024-13389 (The Cliptakes plugin for WordPress is vulnerable to Stored 
Cross-Site  ...)
+       TODO: check
+CVE-2024-13340 (The MDTF \u2013 Meta Data and Taxonomies Filter plugin for 
WordPress i ...)
+       TODO: check
+CVE-2024-13236 (The Tainacan plugin for WordPress is vulnerable to SQL 
Injection via t ...)
+       TODO: check
+CVE-2024-13234 (The Product Table by WBW plugin for WordPress is vulnerable to 
SQL Inj ...)
+       TODO: check
+CVE-2024-12957 (A file handling command vulnerability in certain versions of 
Armoury C ...)
+       TODO: check
+CVE-2024-12504 (The Broadcast Live Video \u2013 Live Streaming : HTML5, 
WebRTC, HLS, R ...)
+       TODO: check
+CVE-2024-12118 (The The Events Calendar plugin for WordPress is vulnerable to 
Stored C ...)
+       TODO: check
+CVE-2024-12079 (ECOVACS robot lawnmowers store the anti-theft PIN in cleartext 
on the  ...)
+       TODO: check
+CVE-2024-12078 (ECOVACS robot lawn mowers and vacuums use a shared, static 
secret key  ...)
+       TODO: check
+CVE-2024-12043 (The Prime Slider \u2013 Addons For Elementor (Revolution of a 
slider,  ...)
+       TODO: check
+CVE-2024-11147 (ECOVACS robot lawnmowers and vacuums use a deterministic root 
password ...)
+       TODO: check
+CVE-2024-10846 (The compose-go library component in versions v2.10-v2.4.0 
allows an au ...)
+       TODO: check
+CVE-2024-10539 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
+       TODO: check
+CVE-2024-57947 (In the Linux kernel, the following vulnerability has been 
resolved:  n ...)
        - linux 6.10.3-1
        [bookworm] - linux 6.1.106-1
        NOTE: 
https://git.kernel.org/linus/791a615b7ad2258c560f91852be54b0480837c93 (6.11-rc1)
-CVE-2025-0650
+CVE-2025-0650 (A flaw was found in the Open Virtual Network (OVN). Specially 
crafted  ...)
        - ovn <unfixed> (bug #1093884)
        NOTE: https://www.openwall.com/lists/oss-security/2025/01/22/5
        NOTE: 
https://github.com/ovn-org/ovn/commit/249c52ad011cacb4c182dc64e88977ac7c61f668 
(v24.09.2)
@@ -10,7 +142,7 @@ CVE-2024-11931
        - gitlab <unfixed>
 CVE-2025-0314
        - gitlab <unfixed>
-CVE-2024-53299
+CVE-2024-53299 (The request handling in the core in Apache Wicket 7.0.0 on any 
platfor ...)
        NOT-FOR-US: Apache Wicket
 CVE-2025-24530 (An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS 
vulnera ...)
        - phpmyadmin 4:5.2.2-really5.2.2+20250121+dfsg-1
@@ -282,9 +414,11 @@ CVE-2025-0651 (Improper Privilege Management vulnerability 
in Cloudflare WARP on
 CVE-2025-0638 (The initial code parsing the manifest did not check the content 
of the ...)
        - routinator <itp> (bug #929024)
 CVE-2025-0612 (Out of bounds memory access in V8 in Google Chrome prior to 
132.0.6834 ...)
+       {DSA-5848-1}
        - chromium 132.0.6834.110-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2025-0611 (Object corruption in V8 in Google Chrome prior to 
132.0.6834.110 allow ...)
+       {DSA-5848-1}
        - chromium 132.0.6834.110-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2025-0604 (A flaw was found in Keycloak. When an Active Directory user 
resets the ...)
@@ -3282,6 +3416,7 @@ CVE-2024-56841 (A vulnerability has been identified in 
Mendix LDAP (All versions
 CVE-2024-56497 (An improper neutralization of special elements used in an os 
command ( ...)
        NOT-FOR-US: FortiGuard
 CVE-2024-56374 (An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 
5.0.11, ...)
+       {DLA-4030-1}
        - python-django 3:4.2.18-1 (bug #1093049)
        NOTE: 
https://www.djangoproject.com/weblog/2025/jan/14/security-releases/
        NOTE: Fixed by: 
https://github.com/django/django/commit/ad866a1ca3e7d60da888d25d27e46a8adb2ed36e
 (4.2.18)
@@ -6131,6 +6266,7 @@ CVE-2024-8855 (The WordPress Auction Plugin WordPress 
plugin through 3.7 does no
 CVE-2024-7696 (Seth Fogie, member of AXIS Camera Station Pro Bug Bounty 
Program, has  ...)
        NOT-FOR-US: AXIS Camera Station server
 CVE-2024-55553 (In FRRouting (FRR) before 10.3 from 6.0 onward, all routes are 
re-vali ...)
+       {DLA-4029-1}
        - frr 10.2.1-1
        NOTE: Fixed by: 
https://github.com/FRRouting/frr/commit/b0800bfdf04b4fcf48504737ebfe4ba7f05268d3
 (master)
        NOTE: Fixed by: 
https://github.com/FRRouting/frr/commit/410eb0da69214a06350315575ddb332e363b66c6
 (frr-10.2.1)
@@ -103374,6 +103510,7 @@ CVE-2023-38625 (A post-authenticated server-side 
request forgery (SSRF) vulnerab
 CVE-2023-38624 (A post-authenticated server-side request forgery (SSRF) 
vulnerability  ...)
        NOT-FOR-US: Trend Micro
 CVE-2023-36177 (An issue was discovered in badaix Snapcast version 0.27.0, 
allows remo ...)
+       {DSA-5847-1}
        - snapcast 0.30.0-1
        NOTE: Introduced with: 
https://github.com/badaix/snapcast/commit/b26d8929505a30bb6177bd1b905f13eace1530dc
 (v0.16.0)
        NOTE: Fixed by: 
https://github.com/badaix/snapcast/commit/9e6009cad0ef6e2e88f64a1b2504eb4749af287f
 (v0.30.0)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/36f3470f9113505573d6e1b5de8d207225373c4e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/36f3470f9113505573d6e1b5de8d207225373c4e
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits