Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
60ba7164 by security tracker role at 2025-01-27T20:12:50+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,227 @@
+CVE-2025-24783 (** UNSUPPORTED WHEN ASSIGNED ** Incorrect Usage of Seeds in
Pseudo-Ran ...)
+ TODO: check
+CVE-2025-24782 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-24754 (Missing Authorization vulnerability in Houzez.co Houzez. This
issue af ...)
+ TODO: check
+CVE-2025-24747 (Missing Authorization vulnerability in Houzez.co Houzez. This
issue af ...)
+ TODO: check
+CVE-2025-24744 (Missing Authorization vulnerability in NotFound Bridge Core.
This issu ...)
+ TODO: check
+CVE-2025-24743 (Missing Authorization vulnerability in Rometheme RomethemeKit
For Elem ...)
+ TODO: check
+CVE-2025-24742 (Cross-Site Request Forgery (CSRF) vulnerability in WP Go Maps
(formerl ...)
+ TODO: check
+CVE-2025-24741 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in K ...)
+ TODO: check
+CVE-2025-24740 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in T ...)
+ TODO: check
+CVE-2025-24734 (Missing Authorization vulnerability in CodeSolz Better Find
and Replac ...)
+ TODO: check
+CVE-2025-24708 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-24689 (Insertion of Sensitive Information into Externally-Accessible
File or ...)
+ TODO: check
+CVE-2025-24685 (Path Traversal vulnerability in MORKVA Morkva UA Shipping
allows PHP L ...)
+ TODO: check
+CVE-2025-24680 (Improper Neutralization of Script-Related HTML Tags in a Web
Page (Bas ...)
+ TODO: check
+CVE-2025-24671 (Deserialization of Untrusted Data vulnerability in Pdfcrowd
Save as PD ...)
+ TODO: check
+CVE-2025-24667 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-24665 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-24664 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-24662 (Missing Authorization vulnerability in NotFound LearnDash LMS
allows E ...)
+ TODO: check
+CVE-2025-24653 (Missing Authorization vulnerability in NotFound Admin and Site
Enhance ...)
+ TODO: check
+CVE-2025-24628 (Authentication Bypass by Spoofing vulnerability in BestWebSoft
Google ...)
+ TODO: check
+CVE-2025-24626 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-24612 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-24606 (Missing Authorization vulnerability in Sprout Invoices Client
Invoicin ...)
+ TODO: check
+CVE-2025-24603 (Missing Authorization vulnerability in UkrSolution Print
Barcode Label ...)
+ TODO: check
+CVE-2025-24601 (Deserialization of Untrusted Data vulnerability in ThimPress
FundPress ...)
+ TODO: check
+CVE-2025-24600 (Missing Authorization vulnerability in David F. Carr
RSVPMarker . This ...)
+ TODO: check
+CVE-2025-24593 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-24590 (Missing Authorization vulnerability in Haptiq picu \u2013
Online Photo ...)
+ TODO: check
+CVE-2025-24584 (Missing Authorization vulnerability in BdThemes Ultimate Store
Kit Ele ...)
+ TODO: check
+CVE-2025-24540 (Cross-Site Request Forgery (CSRF) vulnerability in SeedProd
Coming Soo ...)
+ TODO: check
+CVE-2025-24538 (Cross-Site Request Forgery (CSRF) vulnerability in slaFFik
BuddyPress ...)
+ TODO: check
+CVE-2025-24537 (Cross-Site Request Forgery (CSRF) vulnerability in The Events
Calendar ...)
+ TODO: check
+CVE-2025-24533 (Cross-Site Request Forgery (CSRF) vulnerability in MetaSlider
Responsi ...)
+ TODO: check
+CVE-2025-24368 (Cacti is an open source performance and fault management
framework. So ...)
+ TODO: check
+CVE-2025-24367 (Cacti is an open source performance and fault management
framework. An ...)
+ TODO: check
+CVE-2025-24365 (vaultwarden is an unofficial Bitwarden compatible server
written in Ru ...)
+ TODO: check
+CVE-2025-24364 (vaultwarden is an unofficial Bitwarden compatible server
written in Ru ...)
+ TODO: check
+CVE-2025-24357 (vLLM is a library for LLM inference and serving.
vllm/model_executor/w ...)
+ TODO: check
+CVE-2025-24354 (imgproxy is server for resizing, processing, and converting
images. Im ...)
+ TODO: check
+CVE-2025-23982 (Missing Authorization vulnerability in Marian Kanev Cab fare
calculato ...)
+ TODO: check
+CVE-2025-23849 (Missing Authorization vulnerability in Benjamin Piwowarski
PAPERCITE a ...)
+ TODO: check
+CVE-2025-23792 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23756 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23754 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23752 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23669 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23656 (Missing Authorization vulnerability in Saul Morales Pacheco
Donate vis ...)
+ TODO: check
+CVE-2025-23574 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23531 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23529 (Missing Authorization vulnerability in Blokhaus Minterpress
allows Acc ...)
+ TODO: check
+CVE-2025-23457 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23197 (matrix-hookshot is a Matrix bot for connecting to external
services li ...)
+ TODO: check
+CVE-2025-22604 (Cacti is an open source performance and fault management
framework. Du ...)
+ TODO: check
+CVE-2025-22513 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-0751 (A vulnerability classified as critical has been found in
Axiomatic Ben ...)
+ TODO: check
+CVE-2025-0734 (A vulnerability has been found in y_project RuoYi up to 4.8.0
and clas ...)
+ TODO: check
+CVE-2025-0733 (A vulnerability, which was classified as problematic, was found
in Pos ...)
+ TODO: check
+CVE-2025-0732 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2025-0730 (A vulnerability classified as problematic has been found in
TP-Link TL ...)
+ TODO: check
+CVE-2025-0729 (A vulnerability was found in TP-Link TL-SG108E 1.0.0 Build
20201208 Re ...)
+ TODO: check
+CVE-2025-0696 (A NULL Pointer Dereferencevulnerability in Cesanta Frozen
versions les ...)
+ TODO: check
+CVE-2025-0695 (An Allocation of Resources Without Limits orThrottling
vulnerability i ...)
+ TODO: check
+CVE-2024-57595 (DLINK DIR-825 REVB 2.03 devices have an OS command injection
vulnerabi ...)
+ TODO: check
+CVE-2024-57590 (TRENDnet TEW-632BRP v1.010B31 devices have an OS command
injection vul ...)
+ TODO: check
+CVE-2024-57276 (In Electronic Arts Dragon Age Origins 1.05, the DAUpdaterSVC
service c ...)
+ TODO: check
+CVE-2024-57272 (SecuSTATION Camera V2.5.5.3116-S50-SMA-B20160811A and lower is
vulnera ...)
+ TODO: check
+CVE-2024-56972 (An issue in Midea Group Co., Ltd Midea Home iOS 9.3.12 allows
attacker ...)
+ TODO: check
+CVE-2024-56971 (An issue in Zhiyuan Yuedu (Guangzhou) Literature Information
Technolog ...)
+ TODO: check
+CVE-2024-56969 (An issue in Pixocial Technology (Singapore) Pte. Ltd
BeautyPlus iOS 7. ...)
+ TODO: check
+CVE-2024-56968 (An issue in Shenzhen Intellirocks Tech Co. Ltd Govee Home iOS
6.5.01 a ...)
+ TODO: check
+CVE-2024-56967 (An issue in Cloud Whale Interactive Technology LLC. PolyBuzz
iOS 2.0.2 ...)
+ TODO: check
+CVE-2024-56966 (An issue in Shanghai Xuan Ting Entertainment Information &
Technology ...)
+ TODO: check
+CVE-2024-56965 (An issue in Shanghai Shizhi Information Technology Co., Ltd
Shihuo iOS ...)
+ TODO: check
+CVE-2024-56964 (An issue in Che Hao Duo Used Automobile Agency (Beijing) Co.,
Ltd Guaz ...)
+ TODO: check
+CVE-2024-56963 (An issue in Beijing Sogou Technology Development Co., Ltd
Sogou Input ...)
+ TODO: check
+CVE-2024-56962 (An issue in Tencent Technology (Shanghai) Co., Ltd WeSing iOS
v9.3.39 ...)
+ TODO: check
+CVE-2024-56960 (An issue in Tianjin Xiaowu Information technology Co., Ltd
BeiKe Holdi ...)
+ TODO: check
+CVE-2024-56959 (An issue in Mashang Consumer Finance Co., Ltd Anyihua iOS
3.6.2 allows ...)
+ TODO: check
+CVE-2024-56957 (An issue in Kingsoft Office Software Corporation Limited WPS
Office iO ...)
+ TODO: check
+CVE-2024-56955 (An issue in Tencent Technology (Shenzhen) Company Limited
QQMail iOS 6 ...)
+ TODO: check
+CVE-2024-56954 (An issue in Beijing Baidu Netcom Science & Technology Co Ltd
Haokan Vi ...)
+ TODO: check
+CVE-2024-56953 (An issue in Baidu (China) Co Ltd Baidu Input Method (iOS
version) v12. ...)
+ TODO: check
+CVE-2024-56952 (An issue in Beijing Baidu Netcom Science & Technology Co Ltd
Baidu Lit ...)
+ TODO: check
+CVE-2024-56951 (An issue in Hangzhou Bobo Technology Co Ltd UU Game Booster
iOS 10.6.1 ...)
+ TODO: check
+CVE-2024-56950 (An issue in KuGou Technology Co., Ltd KuGou Concept iOS 4.0.61
allows ...)
+ TODO: check
+CVE-2024-56949 (An issue in Guangzhou Polar Future Culture Technology Co., Ltd
Univers ...)
+ TODO: check
+CVE-2024-56948 (An issue in KuGou Technology CO. LTD KuGou Music iOS v20.0.0
allows at ...)
+ TODO: check
+CVE-2024-56947 (An issue in Xiamen Meitu Technology Co., Ltd. BeautyCam iOS
v12.3.60 a ...)
+ TODO: check
+CVE-2024-55931 (Xerox Workplace Suite stores tokens in session storage, which
may expo ...)
+ TODO: check
+CVE-2024-55228 (A cross-site scripting (XSS) vulnerability in the Product
module of Do ...)
+ TODO: check
+CVE-2024-55227 (A cross-site scripting (XSS) vulnerability in the
Events/Agenda module ...)
+ TODO: check
+CVE-2024-54146 (Cacti is an open source performance and fault management
framework. Ca ...)
+ TODO: check
+CVE-2024-54145 (Cacti is an open source performance and fault management
framework. Ca ...)
+ TODO: check
+CVE-2024-48841 (Network access can be used to execute arbitrary code with
elevated pri ...)
+ TODO: check
+CVE-2024-48420 (Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 is
vulnerable to ...)
+ TODO: check
+CVE-2024-48419 (Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 suffers
from Com ...)
+ TODO: check
+CVE-2024-48418 (In Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06, the
request ...)
+ TODO: check
+CVE-2024-48417 (Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 is
vulnerable to ...)
+ TODO: check
+CVE-2024-48416 (Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 is
vulnerable to ...)
+ TODO: check
+CVE-2024-45598 (Cacti is an open source performance and fault management
framework. Pr ...)
+ TODO: check
+CVE-2024-38325 (IBM Storage Defender 2.0.0 through 2.0.7 on-prem
defender-sensor-cmd C ...)
+ TODO: check
+CVE-2024-38320 (IBM Storage Protect for Virtual Environments: Data Protection
for VMwa ...)
+ TODO: check
+CVE-2024-37527 (IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to
cross-site scri ...)
+ TODO: check
+CVE-2024-27256 (IBM MQ Container 3.0.0, 3.0.1, 3.1.0 through 3.1.3 CD, 2.0.0
LTS throu ...)
+ TODO: check
+CVE-2024-26317 (In illumos illumos-gate 2024-02-15, an error occurs in the
elliptic cu ...)
+ TODO: check
+CVE-2024-22316 (IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0
through ...)
+ TODO: check
+CVE-2024-12740 (Vision related software from NI used a third-party library for
image p ...)
+ TODO: check
+CVE-2024-12345 (A vulnerability classified as problematic was found in INW
Krbyyyzo 25 ...)
+ TODO: check
+CVE-2024-11348 (Eura7 CMSmanager in version 4.6 and belowis vulnerable to
Reflected XS ...)
+ TODO: check
+CVE-2023-52292 (IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0
through ...)
+ TODO: check
+CVE-2023-47159 (IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0
through ...)
+ TODO: check
CVE-2025-24390 (A vulnerability in OTRS Application Server and reverse proxy
settings ...)
NOT-FOR-US: OTRS
NOTE: Could possibly affect Znuny, we'll let their security team figure
it out
@@ -75,7 +299,7 @@ CVE-2023-38009 (IBM Cognos Mobile Client 1.1 iOS may be
vulnerable to informatio
NOT-FOR-US: IBM
CVE-2017-20196 (A vulnerability was found in Itechscripts School Management
Software 2 ...)
NOT-FOR-US: Itechscripts School Management Software
-CVE-2025-24356
+CVE-2025-24356 (fastd is a VPN daemon which tunnels IP packets and Ethernet
frames ove ...)
- fastd 23-1
[bookworm] - fastd <no-dsa> (Minor issue)
NOTE:
https://github.com/neocturne/fastd/security/advisories/GHSA-pggg-vpfv-4rcv
@@ -88,7 +312,7 @@ CVE-2025-24356
NOTE: Fixed by:
https://github.com/neocturne/fastd/commit/3940150e801d0c91460491bec32cbcc5bbc89d5f
(v23)
CVE-2025-24858 (Develocity (formerly Gradle Enterprise) before 2024.3.1 allows
an atta ...)
NOT-FOR-US: Develocity (formerly Gradle Enterprise)
-CVE-2025-24814
+CVE-2025-24814 (Core creation allows users to replace "trusted" configset
files with a ...)
- lucene-solr 3.6.2+dfsg-23
NOTE:
https://solr.apache.org/security.html#cve-2025-24814-apache-solr-core-creation-with-trusted-configset-can-use-arbitrary-untrusted-files
NOTE: https://www.openwall.com/lists/oss-security/2025/01/26/1
@@ -824,17 +1048,17 @@ CVE-2025-0619 (Unsafe password recovery from
configuration in M-Files Server bef
NOT-FOR-US: M-Files
CVE-2024-55971 (SQL Injection vulnerability in the default configuration of
the Logiti ...)
NOT-FOR-US: Logitime WebClock application
-CVE-2024-55930 (Weak default folder permissions)
+CVE-2024-55930 (Xerox Workplace Suite has weak default folder permissions that
allow u ...)
NOT-FOR-US: Xerox
-CVE-2024-55929 (Mail spoofing)
+CVE-2024-55929 (A mail spoofing vulnerability in Xerox Workplace Suite allows
attacker ...)
NOT-FOR-US: Xerox
-CVE-2024-55928 (Clear text secrets returned & Remote system secrets in clear
text)
+CVE-2024-55928 (Xerox Workplace Suite exposes sensitive secrets in clear text,
both lo ...)
NOT-FOR-US: Xerox
-CVE-2024-55927 (Flawed token generation implementation & Hard-coded key
implementation)
+CVE-2024-55927 (A vulnerability in Xerox Workplace Suite arises from flawed
token gene ...)
NOT-FOR-US: Xerox
-CVE-2024-55926 (Arbitrary file upload, deletion and read through header
manipulation)
+CVE-2024-55926 (A vulnerability found in Xerox Workplace Suite allows
arbitrary file r ...)
NOT-FOR-US: Xerox
-CVE-2024-55925 (API Security bypass through header manipulation)
+CVE-2024-55925 (In Xerox Workplace Suite, an API restricted to specific hosts
can be b ...)
NOT-FOR-US: Xerox
CVE-2024-52331 (ECOVACS robot lawnmowers and vacuums use a deterministic
symmetric key ...)
NOT-FOR-US: ECOVACS robot lawnmowers and vacuums
@@ -1987,7 +2211,7 @@ CVE-2024-57930 (In the Linux kernel, the following
vulnerability has been resolv
[bookworm] - linux 6.1.124-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/afc6717628f959941d7b33728570568b4af1c4b8 (6.13-rc6)
-CVE-2022-4975
+CVE-2022-4975 (A flaw was found in the Red Hat Advanced Cluster Security
(RHACS) port ...)
NOT-FOR-US: Red Hat Advanced Cluster Security
CVE-2025-24014 (Vim is an open source, command line text editor. A
segmentation fault ...)
- vim <unfixed> (unimportant)
@@ -8243,11 +8467,13 @@ CVE-2022-49035 (In the Linux kernel, the following
vulnerability has been resolv
CVE-2024-8447 (A security issue was discovered in the LRA Coordinator
component of Na ...)
NOT-FOR-US: Narayana
CVE-2024-56827 (A flaw was found in the OpenJPEG project. A heap buffer
overflow condi ...)
+ {DSA-5851-1}
- openjpeg2 <unfixed> (bug #1092676)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2335174
NOTE: https://github.com/uclouvain/openjpeg/issues/1564
NOTE:
https://github.com/uclouvain/openjpeg/commit/e492644fbded4c820ca55b5e50e598d346e850e8
(v2.5.3)
CVE-2024-56826 (A flaw was found in the OpenJPEG project. A heap buffer
overflow condi ...)
+ {DSA-5851-1}
- openjpeg2 <unfixed> (bug #1092675)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2335172
NOTE: https://github.com/uclouvain/openjpeg/issues/1563
@@ -21798,7 +22024,7 @@ CVE-2024-52297 (Tolgee is an open-source localization
platform. Tolgee 3.81.1 in
NOT-FOR-US: Tolgee
CVE-2024-52296 (libosdp is an implementation of IEC 60839-11-5 OSDP (Open
Supervised D ...)
NOT-FOR-US: libosdp
-CVE-2024-52012
+CVE-2024-52012 (Relative Path Traversal vulnerability in Apache Solr. Solr
instances ...)
- lucene-solr <not-affected> (Issue only affects Apache Solr running on
Windows)
NOTE:
https://solr.apache.org/security.html#cve-2024-52012-apache-solr-configset-upload-on-windows-allows-arbitrary-path-write-access
NOTE: https://www.openwall.com/lists/oss-security/2025/01/26/2
@@ -55016,6 +55242,7 @@ CVE-2023-39328 (A vulnerability was found in OpenJPEG
similar to CVE-2019-6988.
NOTE: https://github.com/uclouvain/openjpeg/issues/1471
NOTE: https://github.com/uclouvain/openjpeg/pull/1470
CVE-2023-39327 (A flaw was found in OpenJPEG. Maliciously constructed pictures
can cau ...)
+ {DSA-5851-1}
- openjpeg2 <unfixed> (bug #1081908)
[bullseye] - openjpeg2 <no-dsa> (Minor issue)
NOTE: https://github.com/uclouvain/openjpeg/issues/1472
@@ -98150,7 +98377,7 @@ CVE-2024-23128 (A maliciously crafted MODEL file, when
parsed in libodxdll.dll a
NOT-FOR-US: Autodesk
CVE-2024-23127 (A maliciously crafted MODEL, SLDPRT, or SLDASM file, when
parsed in OD ...)
NOT-FOR-US: Autodesk
-CVE-2024-23126 (A maliciously crafted CATPART file in CC5Dll.dll when parsed
through A ...)
+CVE-2024-23126 (A maliciously crafted CATPART file when parsed CC5Dll.dll
through Auto ...)
NOT-FOR-US: Autodesk
CVE-2024-23125 (A maliciously crafted SLDPRT file when parsed ODXSW_DLL.dll
through Au ...)
NOT-FOR-US: Autodesk
@@ -290249,6 +290476,7 @@ CVE-2021-3577 (An unauthenticated remote code
execution vulnerability was report
CVE-2021-3576 (Execution with Unnecessary Privileges vulnerability in
Bitdefender End ...)
NOT-FOR-US: Bitdefender
CVE-2021-3575 (A heap-based buffer overflow was found in openjpeg in
color.c:379:42 i ...)
+ {DSA-5851-1}
- openjpeg2 <unfixed> (bug #989775)
[bullseye] - openjpeg2 <no-dsa> (Minor issue)
[buster] - openjpeg2 <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60ba71648bed3658957410afa1e28c09ccd687c9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60ba71648bed3658957410afa1e28c09ccd687c9
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
