Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
038295e3 by security tracker role at 2025-01-30T08:11:55+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,83 @@
+CVE-2025-24884 (kube-audit-rest is a simple logger of mutation/creation
requests to th ...)
+ TODO: check
+CVE-2025-24795 (The Snowflake Connector for Python provides an interface for
developin ...)
+ TODO: check
+CVE-2025-24794 (The Snowflake Connector for Python provides an interface for
developin ...)
+ TODO: check
+CVE-2025-24793 (The Snowflake Connector for Python provides an interface for
developin ...)
+ TODO: check
+CVE-2025-24788 (snowflake-connector-net is the Snowflake Connector for .NET.
Snowflake ...)
+ TODO: check
+CVE-2025-23374 (Dell Networking Switches running Enterprise SONiC OS,
version(s) prior ...)
+ TODO: check
+CVE-2025-21415 (Authentication bypass by spoofing in Azure AI Face Service
allows an a ...)
+ TODO: check
+CVE-2025-21396 (Missing authorization in Microsoft Account allows an
unauthorized atta ...)
+ TODO: check
+CVE-2025-0851 (A path traversal issue in ZipUtils.unzip and TarUtils.untar in
Deep Ja ...)
+ TODO: check
+CVE-2025-0849 (A vulnerability classified as critical has been found in
CampCodes Sch ...)
+ TODO: check
+CVE-2025-0848 (A vulnerability was found in Tenda A18 up to 15.13.07.09. It
has been ...)
+ TODO: check
+CVE-2025-0847 (A vulnerability was found in 1000 Projects Employee Task
Management Sy ...)
+ TODO: check
+CVE-2025-0846 (A vulnerability was found in 1000 Projects Employee Task
Management Sy ...)
+ TODO: check
+CVE-2025-0844 (A vulnerability was found in needyamin Library Card System 1.0.
It has ...)
+ TODO: check
+CVE-2025-0843 (A vulnerability was found in needyamin Library Card System 1.0.
It has ...)
+ TODO: check
+CVE-2025-0842 (A vulnerability was found in needyamin Library Card System 1.0
and cla ...)
+ TODO: check
+CVE-2025-0841 (A vulnerability has been found in Aridius XYZ up to 20240927 on
OpenCa ...)
+ TODO: check
+CVE-2025-0662 (In some cases, the ktrace facility will log the contents of
kernel str ...)
+ TODO: check
+CVE-2025-0374 (When etcupdate encounters conflicts while merging files, it
saves a ve ...)
+ TODO: check
+CVE-2025-0373 (On 64-bit systems, the implementation of VOP_VPTOFH() in the
cd9660, t ...)
+ TODO: check
+CVE-2024-57665 (JFinalCMS 1.0 is vulnerable to SQL Injection in
rc/main/java/com/cms/e ...)
+ TODO: check
+CVE-2024-57513 (A floating-point exception (FPE) vulnerability exists in the
AP4_TfraA ...)
+ TODO: check
+CVE-2024-57510 (Buffer Overflow vulnerability in Bento4 mp42avc
v.3bdc891602d19789b8e8 ...)
+ TODO: check
+CVE-2024-57509 (Buffer Overflow vulnerability in Bento4 mp42avc
v.3bdc891602d19789b8e8 ...)
+ TODO: check
+CVE-2024-57395 (Password Vulnerability in Safety production process management
system ...)
+ TODO: check
+CVE-2024-54852 (When LDAP connection is activated in Teedy versions between
1.9 to 1.1 ...)
+ TODO: check
+CVE-2024-54851 (Teedy <= 1.12 is vulnerable to Cross Site Request Forgery
(CSRF), due ...)
+ TODO: check
+CVE-2024-51182 (HTML Injection vulnerability in Celk Sistemas Celk Saude
v.3.1.252.1 a ...)
+ TODO: check
+CVE-2024-48761 (The specific component in Celk Saude 3.1.252.1 that processes
user inp ...)
+ TODO: check
+CVE-2024-23733 (The /WmAdmin/,/invoke/vm.server/login login page in the
Integration Se ...)
+ TODO: check
+CVE-2024-13642 (The Stratum \u2013 Elementor Widgets plugin for WordPress is
vulnerabl ...)
+ TODO: check
+CVE-2024-13470 (The Ninja Forms \u2013 The Contact Form Builder That Grows
With You pl ...)
+ TODO: check
+CVE-2024-13457 (The Event Tickets and Registration plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2024-12921 (The EthereumICO plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
+ TODO: check
+CVE-2024-12709 (The Bulk Me Now! WordPress plugin through 2.0 does not have
CSRF check ...)
+ TODO: check
+CVE-2024-12708 (The Bulk Me Now! WordPress plugin through 2.0 does not
validate and es ...)
+ TODO: check
+CVE-2024-12638 (The Bulk Me Now! WordPress plugin through 2.0 does not
sanitise and es ...)
+ TODO: check
+CVE-2024-12400 (The tourmaster WordPress plugin before 5.3.5 does not escape
generated ...)
+ TODO: check
+CVE-2024-12163 (The goodlayers-core WordPress plugin before 2.1.3 allows users
with a ...)
+ TODO: check
+CVE-2024-10309 (The Tracking Code Manager WordPress plugin before 2.4.0 does
not sanit ...)
+ TODO: check
CVE-2025-24528 [Prevent overflow when calculating ulog block size]
- krb5 <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2342796
@@ -67,10 +147,12 @@ CVE-2023-37398 (IBM Aspera Faspex 5.0.0 through 5.0.10
does not require that use
NOT-FOR-US: IBM
CVE-2023-35907 (IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that
users sho ...)
NOT-FOR-US: IBM
-CVE-2024-12705 [DNS-over-HTTPS implementation suffers from multiple issues
under heavy query load]
+CVE-2024-12705 (Clients using DNS-over-HTTPS (DoH) can exhaust a DNS
resolver's CPU an ...)
+ {DSA-5854-1}
- bind9 <unfixed>
NOTE: https://kb.isc.org/docs/cve-2024-12705
-CVE-2024-11187 [Many records in the additional section cause CPU exhaustion]
+CVE-2024-11187 (It is possible to construct a zone such that some queries to
it will g ...)
+ {DSA-5854-1}
- bind9 <unfixed>
NOTE: https://kb.isc.org/docs/cve-2024-11187
CVE-2025-24826 (Local privilege escalation due to insecure folder permissions.
The fol ...)
@@ -144,6 +226,7 @@ CVE-2023-35017 (IBM Security Verify Governance 10.0.2
Identity Manager can trans
CVE-2023-33838 (IBM Security Verify Governance 10.0.2 Identity Manager uses
a one-wa ...)
NOT-FOR-US: IBM
CVE-2025-0762 (Use after free in DevTools in Google Chrome prior to
132.0.6834.159 al ...)
+ {DSA-5855-1}
- chromium 132.0.6834.159-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-24800 (Hyperbridge is a hyper-scalable coprocessor for verifiable,
cross-chai ...)
@@ -913,7 +996,7 @@ CVE-2025-24361 (Nuxt is an open-source web development
framework for Vue.js. Sou
NOT-FOR-US: Nuxt
CVE-2025-24360 (Nuxt is an open-source web development framework for Vue.js.
Starting ...)
NOT-FOR-US: Nuxt
-CVE-2025-21262 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
+CVE-2025-21262 (User Interface (UI) Misrepresentation of Critical Information
in Micro ...)
NOT-FOR-US: Microsoft
CVE-2025-0710 (A vulnerability classified as problematic has been found in
CampCodes ...)
NOT-FOR-US: CampCodes School Management Software
@@ -4376,6 +4459,7 @@ CVE-2024-10775 (The Piotnet Addons For Elementor plugin
for WordPress is vulnera
CVE-2025-23061 (Mongoose before 8.9.5 can improperly use a nested $where
filter with a ...)
NOT-FOR-US: Mongoose
CVE-2025-23013 (In Yubico pam-u2f before 1.3.1, local privilege escalation can
sometim ...)
+ {DSA-5853-1}
- pam-u2f 1.3.1-1
NOTE: Fixed by:
https://github.com/Yubico/pam-u2f/commit/a96ef17f74b8e4ed80a97322120af1a228a1ffb7
(pam_u2f-1.3.1)
NOTE: Fixed by:
https://github.com/Yubico/pam-u2f/commit/08199144d870a63275a4601dbc6751ac68d48301
(pam_u2f-1.3.1)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/038295e378b79a20fa24435ca28d066267f6df98
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/038295e378b79a20fa24435ca28d066267f6df98
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
