Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
65dbe436 by security tracker role at 2025-01-30T20:12:46+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,217 @@
+CVE-2025-24883 (go-ethereum (geth) is a golang execution layer implementation
of the E ...)
+ TODO: check
+CVE-2025-24802 (Plonky2 is a SNARK implementation based on techniques from
PLONK and F ...)
+ TODO: check
+CVE-2025-24784 (kubewarden-controller is a Kubernetes controller that allows
you to dy ...)
+ TODO: check
+CVE-2025-24507 (This vulnerability allows appliance compromise at boot time.)
+ TODO: check
+CVE-2025-24506 (A specific authentication strategy allows to learn ids of PAM
users as ...)
+ TODO: check
+CVE-2025-24505 (This vulnerability allows a high-privileged authenticated PAM
user to ...)
+ TODO: check
+CVE-2025-24504 (An improper input validation the CSRF filter results in
unsanitized us ...)
+ TODO: check
+CVE-2025-24503 (A malicious actor can fix the session of a PAM user by
tricking the us ...)
+ TODO: check
+CVE-2025-24502 (An improper session validation allows an unauthenticated
attacker to c ...)
+ TODO: check
+CVE-2025-24501 (An improper input validation allows an unauthenticated
attacker to alt ...)
+ TODO: check
+CVE-2025-24500 (The vulnerability allows an unauthenticated attacker to access
informa ...)
+ TODO: check
+CVE-2025-24376 (kubewarden-controller is a Kubernetes controller that allows
you to dy ...)
+ TODO: check
+CVE-2025-24099 (The issue was addressed with improved checks. This issue is
fixed in m ...)
+ TODO: check
+CVE-2025-23367 (A flaw was found in the Wildfly Server Role Based Access
Control (RBAC ...)
+ TODO: check
+CVE-2025-23216 (Argo CD is a declarative, GitOps continuous delivery tool for
Kubernet ...)
+ TODO: check
+CVE-2025-23007 (A vulnerability in the NetExtender Windows client log export
function ...)
+ TODO: check
+CVE-2025-22222 (VMware Aria Operations contains an information disclosure
vulnerabilit ...)
+ TODO: check
+CVE-2025-22221 (VMware Aria Operation for Logs contains a stored cross-site
scripting ...)
+ TODO: check
+CVE-2025-22220 (VMware Aria Operations for Logs contains a privilege
escalationvulnera ...)
+ TODO: check
+CVE-2025-22219 (VMware Aria Operations for Logs contains a stored cross-site
scripting ...)
+ TODO: check
+CVE-2025-22218 (VMware Aria Operations for Logs contains an information
disclosure vul ...)
+ TODO: check
+CVE-2025-21107 (Dell NetWorker, version(s) prior to 19.11.0.3, all versions of
19.10 & ...)
+ TODO: check
+CVE-2025-0874 (A vulnerability, which was classified as critical, has been
found in c ...)
+ TODO: check
+CVE-2025-0873 (A vulnerability classified as critical was found in
itsourcecode Tailo ...)
+ TODO: check
+CVE-2025-0872 (A vulnerability classified as critical has been found in
itsourcecode ...)
+ TODO: check
+CVE-2025-0871 (A vulnerability classified as problematic has been found in
Maybecms 1 ...)
+ TODO: check
+CVE-2025-0870 (A vulnerability was found in Axiomatic Bento4 up to 1.6.0-641.
It has ...)
+ TODO: check
+CVE-2025-0869 (A vulnerability was found in Cianet ONU GW24AC up to 20250127.
It has ...)
+ TODO: check
+CVE-2025-0861 (The VR-Frases (collect & share quotes) plugin for WordPress is
vulnera ...)
+ TODO: check
+CVE-2025-0860 (The VR-Frases (collect & share quotes) plugin for WordPress is
vulnera ...)
+ TODO: check
+CVE-2025-0834 (Privilege escalation vulnerability has been found in
Wondershare Dr.Fo ...)
+ TODO: check
+CVE-2025-0747 (A Stored Cross-Site Scripting vulnerability has been found in
EmbedAI. ...)
+ TODO: check
+CVE-2025-0746 (A Reflected Cross-Site Scripting vulnerability has been found
in Embed ...)
+ TODO: check
+CVE-2025-0745 (An Improper Access Control vulnerability has been found in
EmbedAI 2.1 ...)
+ TODO: check
+CVE-2025-0744 (an Improper Access Control vulnerability has been found in
EmbedAI 2.1 ...)
+ TODO: check
+CVE-2025-0743 (An Improper Access Control vulnerability has been found in
EmbedAI 2.1 ...)
+ TODO: check
+CVE-2025-0742 (An Improper Access Control vulnerability has been found in
EmbedAI 2.1 ...)
+ TODO: check
+CVE-2025-0741 (An Improper Access Control vulnerability has been found in
EmbedAI 2 ...)
+ TODO: check
+CVE-2025-0740 (An Improper Access Control vulnerability has been found in
EmbedAI 2 ...)
+ TODO: check
+CVE-2025-0739 (An Improper Access Control vulnerability has been found in
EmbedAI 2.1 ...)
+ TODO: check
+CVE-2025-0683 (In its default configuration, the affected product transmits
plain-tex ...)
+ TODO: check
+CVE-2025-0681 (The Cloud MQTT service of the affected products supports
wildcard topi ...)
+ TODO: check
+CVE-2025-0680 (Affected products contain a vulnerability in the device cloud
rpc comm ...)
+ TODO: check
+CVE-2025-0626 (The affected product sends out remote access requests to a
hard-coded ...)
+ TODO: check
+CVE-2025-0498 (A data exposure vulnerability exists in all versions prior to
V15.00.0 ...)
+ TODO: check
+CVE-2025-0497 (A data exposure vulnerability exists in all versions prior to
V15.00.0 ...)
+ TODO: check
+CVE-2025-0477 (An encryption vulnerability exists in all versions prior to
V15.00.001 ...)
+ TODO: check
+CVE-2025-0367 (In versions 3.1.0 and lower of the Splunk Supporting Add-on for
Active ...)
+ TODO: check
+CVE-2025-0147 (Type confusion in the Zoom Workplace App for Linux before
6.2.10 may a ...)
+ TODO: check
+CVE-2025-0146 (Symlink following in the installer for Zoom Workplace App for
macOS be ...)
+ TODO: check
+CVE-2025-0145 (Untrusted search path in the installer for some Zoom Workplace
Apps fo ...)
+ TODO: check
+CVE-2025-0144 (Out-of-bounds write in some Zoom Workplace Apps may allow an
authorize ...)
+ TODO: check
+CVE-2025-0143 (Out-of-bounds write in the Zoom Workplace App for Linux before
version ...)
+ TODO: check
+CVE-2025-0142 (Cleartext storage of sensitive information in the Zoom Jenkins
Marketp ...)
+ TODO: check
+CVE-2024-8494 (The Elementor Website Builder Pro plugin for WordPress is
vulnerable t ...)
+ TODO: check
+CVE-2024-55417 (DevDojo Voyager through version 1.8.0 is vulnerable to
bypassing the f ...)
+ TODO: check
+CVE-2024-55416 (DevDojo Voyager through version 1.8.0 is vulnerable to
reflected XSS v ...)
+ TODO: check
+CVE-2024-55415 (DevDojo Voyager through 1.8.0 is vulnerable to path traversal
at the / ...)
+ TODO: check
+CVE-2024-53615 (A command injection vulnerability in the video thumbnail
rendering com ...)
+ TODO: check
+CVE-2024-44142 (The issue was addressed with improved bounds checks. This
issue is fix ...)
+ TODO: check
+CVE-2024-2658 (A misconfiguration in lmadmin.exe of FlexNet Publisher versions
prior ...)
+ TODO: check
+CVE-2024-13758 (The CP Contact Form with PayPal plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2024-13742 (The iControlWP \u2013 Multiple WordPress Site Manager plugin
for WordP ...)
+ TODO: check
+CVE-2024-13732 (The Responsive Blocks \u2013 WordPress Gutenberg Blocks plugin
for Wor ...)
+ TODO: check
+CVE-2024-13720 (The WP Image Uploader plugin for WordPress is vulnerable to
arbitrary ...)
+ TODO: check
+CVE-2024-13715 (The zStore Manager Basic plugin for WordPress is vulnerable to
unautho ...)
+ TODO: check
+CVE-2024-13707 (The WP Image Uploader plugin for WordPress is vulnerable to
Cross-Site ...)
+ TODO: check
+CVE-2024-13706 (The WP Image Uploader plugin for WordPress is vulnerable to
Reflected ...)
+ TODO: check
+CVE-2024-13705 (The StageShow plugin for WordPress is vulnerable to Reflected
Cross-Si ...)
+ TODO: check
+CVE-2024-13700 (The Embed Swagger UI plugin for WordPress is vulnerable to
Stored Cros ...)
+ TODO: check
+CVE-2024-13694 (The WooCommerce Wishlist (High customization, fast setup,Free
Elemento ...)
+ TODO: check
+CVE-2024-13671 (The Music Sheet Viewer plugin for WordPress is vulnerable to
Arbitrary ...)
+ TODO: check
+CVE-2024-13670 (The Music Sheet Viewer plugin for WordPress is vulnerable to
Stored Cr ...)
+ TODO: check
+CVE-2024-13664 (The WP Post List Table plugin for WordPress is vulnerable to
Stored Cr ...)
+ TODO: check
+CVE-2024-13661 (The Table Editor plugin for WordPress is vulnerable to Stored
Cross-Si ...)
+ TODO: check
+CVE-2024-13652 (The ECPay Ecommerce for WooCommerce plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2024-13646 (The Single-user-chat plugin for WordPress is vulnerable to
unauthorize ...)
+ TODO: check
+CVE-2024-13596 (The WordPress Survey & Poll \u2013 Quiz, Survey and Poll
Plugin for Wo ...)
+ TODO: check
+CVE-2024-13549 (The All Bootstrap Blocks plugin for WordPress is vulnerable to
Stored ...)
+ TODO: check
+CVE-2024-13512 (The Wonder FontAwesome plugin for WordPress is vulnerable to
Cross-Sit ...)
+ TODO: check
+CVE-2024-13466 (The Automatically Hierarchic Categories in Menu plugin for
WordPress i ...)
+ TODO: check
+CVE-2024-13460 (The WE \u2013 Testimonial Slider plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2024-13453 (The The Contact Form & SMTP Plugin for WordPress by
PirateForms plugin ...)
+ TODO: check
+CVE-2024-13400 (The Kona Gallery Block plugin for WordPress is vulnerable to
Stored Cr ...)
+ TODO: check
+CVE-2024-13380 (The Alex Reservations: Smart Restaurant Booking plugin for
WordPress i ...)
+ TODO: check
+CVE-2024-13349 (The Stockdio Historical Chart plugin for WordPress is
vulnerable to St ...)
+ TODO: check
+CVE-2024-12861 (The W2S \u2013 Migrate WooCommerce to Shopify plugin for
WordPress is ...)
+ TODO: check
+CVE-2024-12822 (The Media Manager for UserPro plugin for WordPress is
vulnerable to un ...)
+ TODO: check
+CVE-2024-12821 (The Media Manager for UserPro plugin for WordPress is
vulnerable to un ...)
+ TODO: check
+CVE-2024-12524 (The Clinked Client Portal plugin for WordPress is vulnerable
to Stored ...)
+ TODO: check
+CVE-2024-12451 (The HTML5 chat plugin for WordPress is vulnerable to Stored
Cross-Site ...)
+ TODO: check
+CVE-2024-12444 (The WP Dispensary plugin for WordPress is vulnerable to Stored
Cross-S ...)
+ TODO: check
+CVE-2024-12409 (The Simple:Press Forum plugin for WordPress is vulnerable to
Reflected ...)
+ TODO: check
+CVE-2024-12320 (The Team Rosters plugin for WordPress is vulnerable to
Reflected Cross ...)
+ TODO: check
+CVE-2024-12299 (The System Dashboard plugin for WordPress is vulnerable to
Reflected C ...)
+ TODO: check
+CVE-2024-12269 (The Safe Ai Malware Protection for WP plugin for WordPress is
vulnerab ...)
+ TODO: check
+CVE-2024-12248 (The affected product is vulnerable to an out-of-bounds write,
which co ...)
+ TODO: check
+CVE-2024-12177 (The Ai Image Alt Text Generator for WP plugin for WordPress is
vulnera ...)
+ TODO: check
+CVE-2024-12129 (The Royal Core plugin for WordPress is vulnerable to
unauthorized modi ...)
+ TODO: check
+CVE-2024-12102 (The Typer Core plugin for WordPress is vulnerable to
Information Expos ...)
+ TODO: check
+CVE-2024-11600 (The Borderless \u2013 Widgets, Elements, Templates and Toolkit
for Ele ...)
+ TODO: check
+CVE-2024-11583 (The Borderless \u2013 Widgets, Elements, Templates and Toolkit
for Ele ...)
+ TODO: check
+CVE-2024-10847 (The Storely theme for WordPress is vulnerable to Stored
Cross-Site Scr ...)
+ TODO: check
+CVE-2024-10604 (Vulnerabilities in the algorithms used by Fuchsia to populate
network ...)
+ TODO: check
+CVE-2024-10603 (Weaknesses in the generation of TCP/UDP source ports and some
other he ...)
+ TODO: check
+CVE-2024-10591 (The MWB HubSpot for WooCommerce \u2013 CRM, Abandoned Cart,
Email Mark ...)
+ TODO: check
+CVE-2024-10026 (A weak hashing algorithm and small sizes of seeds/secrets in
Google's ...)
+ TODO: check
CVE-2025-24884 (kube-audit-rest is a simple logger of mutation/creation
requests to th ...)
NOT-FOR-US: kube-audit-rest
CVE-2025-24795 (The Snowflake Connector for Python provides an interface for
developin ...)
@@ -5409,7 +5623,7 @@ CVE-2024-12086 (A flaw was found in rsync. It could allow
a server to enumerate
NOTE: Fixed by:
https://git.samba.org/?p=rsync.git;a=commit;h=c35e28331f10ba6eba370611abd78bde32d54da7
(v3.4.0)
NOTE: Fixed by:
https://git.samba.org/?p=rsync.git;a=commit;h=9f86ddc9652247233f32b241a79d5aa4fb9d4afa
(v3.4.0)
NOTE: Fix introduces regression:
https://github.com/RsyncProject/rsync/issues/715 (#1093160)
-CVE-2024-12085 (A flaw was found in the rsync daemon which could be triggered
when rsy ...)
+CVE-2024-12085 (A flaw was found in rsync which could be triggered when rsync
compares ...)
{DSA-5843-1 DLA-4015-1}
- rsync 3.3.0+ds1-3
NOTE: https://www.openwall.com/lists/oss-security/2025/01/14/3
@@ -5719,7 +5933,8 @@ CVE-2024-51491 (notion-go is a collection of libraries
for supporting sign and v
NOTE:
https://github.com/notaryproject/notation-go/security/advisories/GHSA-qjh3-4j3h-vmwp
NOTE: Introduced by:
https://github.com/notaryproject/notation-go/commit/84c2ec076201697ad05e5315444812f824dad56b
(v1.3.0-rc.1)
NOTE: Fixed by:
https://github.com/notaryproject/notation-go/commit/3c3302258ad510fbca2f8a73731569d91f07d196
(v1.3.0-rc.2)
-CVE-2024-13348 (The Smart Agenda \u2013 Prise de rendez-vous en ligne plugin
for WordP ...)
+CVE-2024-13348
+ REJECTED
NOT-FOR-US: WordPress plugin
CVE-2024-13324
REJECTED
@@ -7920,6 +8135,7 @@ CVE-2024-53932 (The
com.remi.colorphone.callscreen.calltheme.callerscreen (aka C
CVE-2024-53931 (The com.glitter.caller.screen (aka iCaller, Caller Theme &
Dialer) app ...)
NOT-FOR-US: com.glitter.caller.screen (aka iCaller, Caller Theme &
Dialer) application
CVE-2024-51741 (Redis is an open source, in-memory database that persists on
disk. An ...)
+ {DSA-5856-1}
- redis 5:7.0.15-3 (bug #1092370)
[bullseye] - redis <not-affected> (Vulnerable code introduced in 7.0)
- redict 7.3.2+ds-1 (bug #1092372)
@@ -7939,7 +8155,7 @@ CVE-2024-48455 (An issue in Netis Wifi6 Router NX10
2.0.1.3643 and 2.0.1.3582 an
CVE-2024-47398 (in OpenHarmony v4.1.2 and prior versions allow a local
attacker cause ...)
NOT-FOR-US: OpenHarmony
CVE-2024-46981 (Redis is an open source, in-memory database that persists on
disk. An ...)
- {DLA-4025-1}
+ {DSA-5856-1 DLA-4025-1}
- redis 5:7.0.15-3 (bug #1092370)
- redict 7.3.2+ds-1 (bug #1092372)
- valkey 8.0.2+dfsg1-1 (bug #1092371)
@@ -151780,8 +151996,8 @@ CVE-2023-29082
RESERVED
CVE-2023-29081 (A vulnerability has been reported in Suite Setups built with
versions ...)
NOT-FOR-US: InstallShield
-CVE-2023-29080
- RESERVED
+CVE-2023-29080 (Potential privilege escalation vulnerability in Revenera
InstallShield ...)
+ TODO: check
CVE-2023-29079
REJECTED
CVE-2023-29078
@@ -190431,8 +190647,8 @@ CVE-2022-43918
RESERVED
CVE-2022-43917 (IBM WebSphere Application Server 8.5 and 9.0 traditional
container use ...)
NOT-FOR-US: IBM
-CVE-2022-43916
- RESERVED
+CVE-2022-43916 (IBM App Connect Enterprise Certified Container 7.1, 7.2, 8.0,
8.1, 8.2 ...)
+ TODO: check
CVE-2022-43915 (IBM App Connect Enterprise Certified Container 5.0, 7.1, 7.2,
8.0, 8.1 ...)
NOT-FOR-US: IBM
CVE-2022-43914 (IBM TRIRIGA Application Platform 4.0 is vulnerable to
cross-site scrip ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/65dbe436127607650100434b7cea98d56e343b79
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/65dbe436127607650100434b7cea98d56e343b79
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
