Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7b7e33cc by security tracker role at 2025-02-05T08:12:07+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,83 +1,259 @@
-CVE-2024-27137
+CVE-2025-25246 (NETGEAR XR1000 before 1.0.0.74, XR1000v2 before 1.1.0.22, and
XR500 be ...)
+ TODO: check
+CVE-2025-25039 (A vulnerability in the web-based management interface of HPE
Aruba Net ...)
+ TODO: check
+CVE-2025-24971 (DumpDrop is a stupid simple file upload application that
provides an i ...)
+ TODO: check
+CVE-2025-24968 (reNgine is an automated reconnaissance framework for web
applications. ...)
+ TODO: check
+CVE-2025-24967 (reNgine is an automated reconnaissance framework for web
applications. ...)
+ TODO: check
+CVE-2025-24966 (reNgine is an automated reconnaissance framework for web
applications. ...)
+ TODO: check
+CVE-2025-24964 (Vitest is a testing framework powered by Vite. Affected
versions are s ...)
+ TODO: check
+CVE-2025-24963 (Vitest is a testing framework powered by Vite. The
`__screenshot-error ...)
+ TODO: check
+CVE-2025-24860 (Incorrect Authorization vulnerability in Apache Cassandra
allowing use ...)
+ TODO: check
+CVE-2025-24677 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
+ TODO: check
+CVE-2025-24648 (Incorrect Privilege Assignment vulnerability in wpase.com
Admin and Si ...)
+ TODO: check
+CVE-2025-24602 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-24599 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-24598 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-24373 (woocommerce-pdf-invoices-packing-slips is an extension which
allows us ...)
+ TODO: check
+CVE-2025-23645 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23114 (A vulnerability in Veeam Updater component allows
Man-in-the-Middle at ...)
+ TODO: check
+CVE-2025-23060 (A vulnerability in HPE Aruba Networking ClearPass Policy
Manager may, ...)
+ TODO: check
+CVE-2025-23059 (A vulnerability in the web-based management interface of HPE
Aruba Net ...)
+ TODO: check
+CVE-2025-23058 (A vulnerability in the ClearPass Policy Manager web-based
management i ...)
+ TODO: check
+CVE-2025-23023 (Discourse is an open source platform for community discussion.
In affe ...)
+ TODO: check
+CVE-2025-23015 (Privilege Defined With Unsafe Actions vulnerability in Apache
Cassandr ...)
+ TODO: check
+CVE-2025-22794 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22730 (Missing Authorization vulnerability in Ksher Ksher allows
Exploiting I ...)
+ TODO: check
+CVE-2025-22700 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-22699 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-22697 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22696 (Missing Authorization vulnerability in EmbedPress Document
Block \u201 ...)
+ TODO: check
+CVE-2025-22675 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22674 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22664 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22662 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22653 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22643 (Missing Authorization vulnerability in FameThemes OnePress
allows Expl ...)
+ TODO: check
+CVE-2025-22642 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22641 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22602 (Discourse is an open source platform for community discussion.
In affe ...)
+ TODO: check
+CVE-2025-22601 (Discourse is an open source platform for community discussion.
In affe ...)
+ TODO: check
+CVE-2025-22206 (A SQL injection vulnerability in the JS Jobs plugin versions
1.1.5-1.4 ...)
+ TODO: check
+CVE-2025-1028 (The Contact Manager plugin for WordPress is vulnerable to
arbitrary fi ...)
+ TODO: check
+CVE-2025-1026 (Versions of the package spatie/browsershot before 5.0.5 are
vulnerable ...)
+ TODO: check
+CVE-2025-1025 (Versions of the package cockpit-hq/cockpit before 2.4.1 are
vulnerable ...)
+ TODO: check
+CVE-2025-1022 (Versions of the package spatie/browsershot before 5.0.5 are
vulnerable ...)
+ TODO: check
+CVE-2025-0960 (AutomationDirect C-more EA9 HMI contains a function with bounds
checks ...)
+ TODO: check
+CVE-2025-0890 (**UNSUPPORTED WHEN ASSIGNED** Insecure default credentials for
the Tel ...)
+ TODO: check
+CVE-2025-0825 (cpp-httplib version v0.17.3 through v0.18.3 fails to filter
CRLF chara ...)
+ TODO: check
+CVE-2025-0630 (Multiple Western Telematic (WTI) products contain a web
interface that ...)
+ TODO: check
+CVE-2025-0413 (Parallels Desktop Technical Data Reporter Link Following Local
Privile ...)
+ TODO: check
+CVE-2025-0364 (BigAntSoft BigAnt Server, up to and including version 5.6.06,
is vulne ...)
+ TODO: check
+CVE-2024-9644 (The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable
to an ...)
+ TODO: check
+CVE-2024-9643 (The Four-FaithF3x36 router using firmware v2.0.0 is vulnerable
to auth ...)
+ TODO: check
+CVE-2024-8125 (Improper Validation of Specified Type of Input vulnerability in
OpenTe ...)
+ TODO: check
+CVE-2024-56328 (Discourse is an open source platform for community discussion.
An atta ...)
+ TODO: check
+CVE-2024-56197 (Discourse is an open source platform for community discussion.
PM titl ...)
+ TODO: check
+CVE-2024-55948 (Discourse is an open source platform for community discussion.
In affe ...)
+ TODO: check
+CVE-2024-53994 (Discourse is an open source platform for community discussion.
In affe ...)
+ TODO: check
+CVE-2024-53966 (Adobe Experience Manager versions 6.5.21 and earlier are
affected by a ...)
+ TODO: check
+CVE-2024-53965 (Adobe Experience Manager versions 6.5.21 and earlier are
affected by a ...)
+ TODO: check
+CVE-2024-53964 (Adobe Experience Manager versions 6.5.21 and earlier are
affected by a ...)
+ TODO: check
+CVE-2024-53963 (Adobe Experience Manager versions 6.5.21 and earlier are
affected by a ...)
+ TODO: check
+CVE-2024-53962 (Adobe Experience Manager versions 6.5.21 and earlier are
affected by a ...)
+ TODO: check
+CVE-2024-53851 (Discourse is an open source platform for community discussion.
In affe ...)
+ TODO: check
+CVE-2024-53266 (Discourse is an open source platform for community discussion.
In affe ...)
+ TODO: check
+CVE-2024-48445 (An issue in compop.ca ONLINE MALL v.3.5.3 allows a remote
attacker to ...)
+ TODO: check
+CVE-2024-48019 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2024-45659 (IBM Security Verify Access Appliance and Container 10.0.0
through 10.0 ...)
+ TODO: check
+CVE-2024-45658 (IBM Security Verify Access Appliance and Container 10.0.0
through 10.0 ...)
+ TODO: check
+CVE-2024-45657 (IBM Security Verify Access Appliance and Container 10.0.0
through 10.0 ...)
+ TODO: check
+CVE-2024-43187 (IBM Security Verify Access Appliance and Container 10.0.0
through 10.0 ...)
+ TODO: check
+CVE-2024-40891 (**UNSUPPORTED WHEN ASSIGNED** A post-authentication command
injection ...)
+ TODO: check
+CVE-2024-40890 (**UNSUPPORTED WHEN ASSIGNED** A post-authentication command
injection ...)
+ TODO: check
+CVE-2024-40700 (IBM Security Verify Access Appliance and Container 10.0.0
through 10.0 ...)
+ TODO: check
+CVE-2024-35138 (IBM Security Verify Access Appliance and Container 10.0.0
through 10.0 ...)
+ TODO: check
+CVE-2024-23690 (The end-of-life Netgear FVS336Gv2 and FVS336Gv3 are affected
by a comm ...)
+ TODO: check
+CVE-2024-13829 (The WordPress form builder plugin for contact forms, surveys
and quizz ...)
+ TODO: check
+CVE-2024-13733 (The SKT Blocks \u2013 Gutenberg based Page Builder plugin for
WordPres ...)
+ TODO: check
+CVE-2024-13723 (The "NagVis" component within Checkmk is vulnerable to remote
code exe ...)
+ TODO: check
+CVE-2024-13722 (The "NagVis" component within Checkmk is vulnerable to
reflected cross ...)
+ TODO: check
+CVE-2024-13699 (The Qi Addons For Elementor plugin for WordPress is vulnerable
to Stor ...)
+ TODO: check
+CVE-2024-13529 (The SocialV - Social Network and Community BuddyPress Theme
theme for ...)
+ TODO: check
+CVE-2024-13510 (The ShopSite plugin for WordPress is vulnerable to Cross-Site
Request ...)
+ TODO: check
+CVE-2024-13403 (The WPForms \u2013 Easy Form Builder for WordPress \u2013
Contact Form ...)
+ TODO: check
+CVE-2024-13356 (The DSGVO All in one for WP plugin for WordPress is vulnerable
to Cros ...)
+ TODO: check
+CVE-2024-11623 (Authentik project is vulnerable to Stored XSS attacks
throughuploading ...)
+ TODO: check
+CVE-2024-11468 (Omnissa Horizon Client for macOS contains a Local privilege
escalation ...)
+ TODO: check
+CVE-2024-11467 (Omnissa Horizon Client for macOS contains a Local privilege
escalation ...)
+ TODO: check
+CVE-2023-40222 (In Ashlar-Vellum Cobalt versions prior to v12 SP2 Build
(1204.200), th ...)
+ TODO: check
+CVE-2023-39943 (In Ashlar-Vellum Cobalt versions prior to v12 SP2 Build
(1204.200), th ...)
+ TODO: check
+CVE-2024-27137 (In Apache Cassandra it is possible for a local attacker
without access ...)
- cassandra <itp> (bug #585905)
-CVE-2025-0510
+CVE-2025-0510 (Thunderbird displayed an incorrect sender address if the From
field of ...)
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-10/#CVE-2025-0510
-CVE-2025-1020
+CVE-2025-1020 (Memory safety bugs present in Firefox 134 and Thunderbird 134.
Some of ...)
- firefox 135.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-07/#CVE-2025-1020
-CVE-2025-1017
+CVE-2025-1017 (Memory safety bugs present in Firefox 134, Thunderbird 134,
Firefox ES ...)
- firefox 135.0-1
- firefox-esr 128.7.0esr-1
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-07/#CVE-2025-1017
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-09/#CVE-2025-1017
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-10/#CVE-2025-1017
-CVE-2025-1016
+CVE-2025-1016 (Memory safety bugs present in Firefox 134, Thunderbird 134,
Firefox ES ...)
- firefox 135.0-1
- firefox-esr 128.7.0esr-1
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-07/#CVE-2025-1016
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-09/#CVE-2025-1016
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-10/#CVE-2025-1016
-CVE-2025-1015
+CVE-2025-1015 (The Thunderbird Address Book URI fields contained unsanitized
links. T ...)
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-10/#CVE-2025-1015
-CVE-2025-1014
+CVE-2025-1014 (Certificate length was not properly checked when added to a
certificat ...)
- firefox 135.0-1
- firefox-esr 128.7.0esr-1
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-07/#CVE-2025-1014
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-09/#CVE-2025-1014
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-10/#CVE-2025-1014
-CVE-2025-1013
+CVE-2025-1013 (A race condition could have led to private browsing tabs being
opened ...)
- firefox 135.0-1
- firefox-esr 128.7.0esr-1
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-07/#CVE-2025-1013
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-09/#CVE-2025-1013
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-10/#CVE-2025-1013
-CVE-2025-1019
+CVE-2025-1019 (The z-order of the browser windows could be manipulated to hide
the fu ...)
- firefox 135.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-07/#CVE-2025-1019
-CVE-2025-1012
+CVE-2025-1012 (A race during concurrent delazification could have led to a
use-after- ...)
- firefox 135.0-1
- firefox-esr 128.7.0esr-1
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-07/#CVE-2025-1012
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-09/#CVE-2025-1012
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-10/#CVE-2025-1012
-CVE-2025-1011
+CVE-2025-1011 (A bug in WebAssembly code generation could have lead to a
crash. It ma ...)
- firefox 135.0-1
- firefox-esr 128.7.0esr-1
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-07/#CVE-2025-1011
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-09/#CVE-2025-1011
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-10/#CVE-2025-1011
-CVE-2025-1018
+CVE-2025-1018 (The fullscreen notification is prematurely hidden when
fullscreen is r ...)
- firefox 135.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-07/#CVE-2025-1018
-CVE-2025-1010
+CVE-2025-1010 (An attacker could have caused a use-after-free via the Custom
Highligh ...)
- firefox 135.0-1
- firefox-esr 128.7.0esr-1
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-07/#CVE-2025-1010
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-09/#CVE-2025-1010
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-10/#CVE-2025-1010
-CVE-2025-1009
+CVE-2025-1009 (An attacker could have caused a use-after-free via crafted XSLT
data, ...)
- firefox 135.0-1
- firefox-esr 128.7.0esr-1
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-07/#CVE-2025-1009
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-09/#CVE-2025-1009
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-10/#CVE-2025-1009
-CVE-2025-0451
+CVE-2025-0451 (Inappropriate implementation in Extensions API in Google Chrome
prior ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-0445
+CVE-2025-0445 (Use after free in V8 in Google Chrome prior to 133.0.6943.53
allowed a ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-0444
+CVE-2025-0444 (Use after free in Skia in Google Chrome prior to 133.0.6943.53
allowed ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-24982 (Cross-site request forgery vulnerability exists in Activity
Log Winter ...)
@@ -3390,15 +3566,15 @@ CVE-2024-52948 [CSRF on 2FA registration]
NOTE:
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/dfe9ddc40de982a33fbff42a143ccd1b786de775
NOTE: Backports for 2.20 (in v2.20.2):
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/merge_requests/638
NOTE: Backports for 2.16 (in v2.16.4):
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/merge_requests/644
-CVE-2025-0509
+CVE-2025-0509 (A security issue was found in Sparkle before version 2.64. An
attacker ...)
- openjdk-8 <not-affected> (Specific to MacOS packaging of Oracle Java)
CVE-2025-23237 (Improper neutralization of special elements used in an OS
command ('OS ...)
NOT-FOR-US: UD-LT2 firmware
CVE-2025-23090 (With the aid of the diagnostics_channel utility, an event can
be hooke ...)
TODO: check, seems to be duplicate of CVE-2025-23083, verify it with CNA
-CVE-2025-23089 (This CVE has been issued to inform users that they are using
End-of-Li ...)
+CVE-2025-23089 (NOTE: use of the CVE List to report that a product is
unsupported, wit ...)
NOT-FOR-US: EOL notification for nodejs 21
-CVE-2025-23088 (This CVE has been issued to inform users that they are using
End-of-Li ...)
+CVE-2025-23088 (NOTE: use of the CVE List to report that a product is
unsupported, wit ...)
NOT-FOR-US: EOL notification for nodejs 19
CVE-2025-23087 (This CVE has been issued to inform users that they are using
End-of-Li ...)
NOT-FOR-US: EOL notification for nodejs 17
@@ -9081,7 +9257,7 @@ CVE-2025-0241 (When segmenting specially crafted text,
segmentation would corrup
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-01/#CVE-2025-0241
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/#CVE-2025-0241
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-05/#CVE-2025-0241
-CVE-2025-0240 (Parsing a JavaScript module as JSON could under some
circumstances cau ...)
+CVE-2025-0240 (Parsing a JavaScript module as JSON could, under some
circumstances, c ...)
{DSA-5841-1 DSA-5839-1 DLA-4012-1 DLA-4011-1}
- firefox 134.0-1
- firefox-esr 128.6.0esr-1
@@ -524046,9 +524222,9 @@ CVE-2017-16570 (KeystoneJS before 4.0.0-beta.7 allows
application-wide CSRF bypa
NOT-FOR-US: KeystoneJS
CVE-2017-16569 (An Open URL Redirect issue exists in Zurmo 3.2.1.57987acc3018
via an h ...)
NOT-FOR-US: Zurmo
-CVE-2017-16568 (Cross-site scripting (XSS) vulnerability in Logitech Media
Server 7.9. ...)
+CVE-2017-16568 (Persistent Cross-Site Scripting (XSS) vulnerability in
Logitech Media ...)
NOT-FOR-US: Logitech Media Server
-CVE-2017-16567 (Cross-site scripting (XSS) vulnerability in Logitech Media
Server 7.9. ...)
+CVE-2017-16567 (Persistent Cross-Site Scripting (XSS) vulnerability in
Logitech Media ...)
NOT-FOR-US: Logitech Media Server
CVE-2017-16566 (On Jooan IP Camera A5 2.3.36 devices, an insecure FTP server
does not ...)
NOT-FOR-US: Jooan IP Camera A5 2.3.36 devices
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b7e33ccb7833442d2afc63d47a638f24b2e6675
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b7e33ccb7833442d2afc63d47a638f24b2e6675
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
