[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Fri, 07 Feb 2025 00:12:41 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
6932968e by security tracker role at 2025-02-07T08:12:21+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,77 @@
+CVE-2025-23094 (The Platform component of Mitel OpenScape 4000 and OpenScape 
4000 Mana ...)
+       TODO: check
+CVE-2025-23093 (The Platform component of Mitel OpenScape 4000 and OpenScape 
4000 Mana ...)
+       TODO: check
+CVE-2025-22880 (Delta Electronics CNCSoft-G2 lacks proper validation of the 
length of  ...)
+       TODO: check
+CVE-2025-22402 (Dell Update Manager Plugin, version(s) 1.5.0 through 1.6.0, 
contain(s) ...)
+       TODO: check
+CVE-2025-21408 (Microsoft Edge (Chromium-based) Remote Code Execution 
Vulnerability)
+       TODO: check
+CVE-2025-21404 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
+       TODO: check
+CVE-2025-21342 (Microsoft Edge (Chromium-based) Remote Code Execution 
Vulnerability)
+       TODO: check
+CVE-2025-21283 (Microsoft Edge (Chromium-based) Remote Code Execution 
Vulnerability)
+       TODO: check
+CVE-2025-21279 (Microsoft Edge (Chromium-based) Remote Code Execution 
Vulnerability)
+       TODO: check
+CVE-2025-21267 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
+       TODO: check
+CVE-2025-21253 (Microsoft Edge for IOS and Android Spoofing Vulnerability)
+       TODO: check
+CVE-2025-21177 (Server-Side Request Forgery (SSRF) in Microsoft Dynamics 365 
Sales all ...)
+       TODO: check
+CVE-2025-1086 (A vulnerability has been found in Safetytest Cloud-Master 
Server up to ...)
+       TODO: check
+CVE-2025-1085 (A vulnerability, which was classified as problematic, was found 
in Ani ...)
+       TODO: check
+CVE-2025-1084 (A vulnerability, which was classified as problematic, has been 
found i ...)
+       TODO: check
+CVE-2025-1083 (A vulnerability classified as problematic was found in Mindskip 
xzs-my ...)
+       TODO: check
+CVE-2025-1082 (A vulnerability classified as problematic has been found in 
Mindskip x ...)
+       TODO: check
+CVE-2025-1081 (A vulnerability was found in Bharti Airtel Xstream Fiber up to 
2025012 ...)
+       TODO: check
+CVE-2025-1072 (A Denial of Service (DoS) issue has been discovered in GitLab 
CE/EE af ...)
+       TODO: check
+CVE-2025-1061 (The Nextend Social Login Pro plugin for WordPress is vulnerable 
to aut ...)
+       TODO: check
+CVE-2025-1004 (Certain HP LaserJet Pro printers may potentially experience a 
denial o ...)
+       TODO: check
+CVE-2025-0675 (Multiple Elber products suffer from an unauthenticated device 
configur ...)
+       TODO: check
+CVE-2025-0674 (Multiple Elber products are affected by an authentication 
bypass  vuln ...)
+       TODO: check
+CVE-2025-0158 (IBM EntireX 11.1 could allow a local user to cause a denial of 
service ...)
+       TODO: check
+CVE-2024-57609 (An issue in Kanaries Inc Pygwalker before v.0.4.9.9 allows a 
remote at ...)
+       TODO: check
+CVE-2024-57392 (Buffer Overflow vulnerability in Proftpd commit 4017eff8 
allows a remo ...)
+       TODO: check
+CVE-2024-56889 (Incorrect access control in the endpoint /admin/m_delete.php 
of CodeAs ...)
+       TODO: check
+CVE-2024-56467 (IBM EntireX 11.1 could allow a local user to obtain sensitive 
informat ...)
+       TODO: check
+CVE-2024-55241 (An issue in deep-diver LLM-As-Chatbot before commit 99c2c03 
allows a r ...)
+       TODO: check
+CVE-2024-54909 (A vulnerability has been identified in GoldPanKit eva-server 
v4.1.0. I ...)
+       TODO: check
+CVE-2024-54171 (IBM EntireX 11.1 is vulnerable to an XML external entity 
injection (XX ...)
+       TODO: check
+CVE-2024-53586 (An issue in the relPath parameter of WebFileSys version 2.31.0 
allows  ...)
+       TODO: check
+CVE-2024-48589 (Cross Site Scripting vulnerability in Gilnei Moraes phpABook 
v.0.9 all ...)
+       TODO: check
+CVE-2024-25883 (The mstatus register in RSD commit 3d13a updates incorrectly, 
leading  ...)
+       TODO: check
+CVE-2024-13841 (The Builder Shortcode Extras \u2013 WordPress Shortcodes 
Collection to ...)
+       TODO: check
+CVE-2024-13492 (The Guten Free Options WordPress plugin through 0.9.5 does not 
sanitis ...)
+       TODO: check
+CVE-2024-13352 (The Legull WordPress plugin through 1.2.2 does not sanitise 
and escape ...)
+       TODO: check
 CVE-2024-12133
        - libtasn1-6 <unfixed>
        NOTE: https://www.openwall.com/lists/oss-security/2025/02/06/6
@@ -4333,7 +4407,7 @@ CVE-2025-0411 (7-Zip Mark-of-the-Web Bypass 
Vulnerability. This vulnerability al
        - p7zip <not-affected> (Affects only 7-Zip on Windows handling Mark of 
the Web (MoTW) metadata)
        NOTE: https://www.zerodayinitiative.com/advisories/ZDI-25-045/
        NOTE: https://www.openwall.com/lists/oss-security/2025/01/24/6
-CVE-2025-23085 [GOAWAY HTTP/2 frames cause memory leak outside heap]
+CVE-2025-23085 (A memory leak could occur when a remote peer abruptly closes 
the socke ...)
        - nodejs 20.18.2+dfsg-1 (bug #1094134)
        NOTE: 
https://nodejs.org/en/blog/vulnerability/january-2025-security-releases#goaway-http2-frames-cause-memory-leak-outside-heap-cve-2025-23085---medium
 CVE-2025-23084 (A vulnerability has been identified in Node.js, specifically 
affecting ...)
@@ -18299,7 +18373,7 @@ CVE-2024-53125 (In the Linux kernel, the following 
vulnerability has been resolv
        - linux 6.11.6-1
        [bookworm] - linux 6.1.123-1
        NOTE: 
https://git.kernel.org/linus/e9bd9c498cb0f5843996dbe5cbce7a1836a83c70 (6.12-rc4)
-CVE-2024-9404 (Moxa\u2019s IP Cameras are affected by a medium-severity 
vulnerability ...)
+CVE-2024-9404 (This vulnerability could lead to denial-of-service or service 
crashes. ...)
        NOT-FOR-US: Moxa
 CVE-2024-54664
        REJECTED
@@ -53386,7 +53460,7 @@ CVE-2024-35656 (Improper Neutralization of Input During 
Web Page Generation (XSS
        NOT-FOR-US: WordPress plugin
 CVE-2024-34457 (On versions before 2.1.4, after a regular user successfully 
logs in, t ...)
        NOT-FOR-US: Apache StreamPark
-CVE-2024-34329 (Insecure permissions in Entrust Datacard XPS Card Printer 
Driver 8.4 a ...)
+CVE-2024-34329 (Insecure permissions in Entrust Datacard XPS Card Printer 
Driver 8.5 a ...)
        NOT-FOR-US: Entrust Datacard XPS Card Printer Driver
 CVE-2024-33933 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
        NOT-FOR-US: WordPress plugin
@@ -324478,8 +324552,8 @@ CVE-2020-36087
        RESERVED
 CVE-2020-36086
        RESERVED
-CVE-2020-36085
-       RESERVED
+CVE-2020-36085 (Stored Cross Site Scripting(XSS) vulnerability in Egavilan 
Media Resum ...)
+       TODO: check
 CVE-2020-36084 (SQL Injection vulnerability in SourceCodester Responsive 
E-Learning Sy ...)
        NOT-FOR-US: SourceCodester Responsive E-Learning System
 CVE-2020-36083



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6932968ee47fd7423c87f68726dc3a52506c9089

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6932968ee47fd7423c87f68726dc3a52506c9089
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to