Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7d8d9cb1 by security tracker role at 2025-02-12T08:12:30+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,121 @@
+CVE-2025-25203 (CtrlPanel is open-source billing software for hosting
providers. Prior ...)
+ TODO: check
+CVE-2025-23359 (NVIDIA Container Toolkit for Linux contains a Time-of-Check
Time-of-Us ...)
+ TODO: check
+CVE-2025-1243 (The Temporal api-go library prior to version 1.44.1 did not
send `upda ...)
+ TODO: check
+CVE-2025-1240 (WinZip 7Z File Parsing Out-Of-Bounds Write Remote Code
Execution Vulne ...)
+ TODO: check
+CVE-2025-1186 (A vulnerability was found in dayrui XunRuiCMS up to 4.6.4. It
has been ...)
+ TODO: check
+CVE-2025-1185 (A vulnerability was found in pihome-shc PiHome 2.0. It has been
classi ...)
+ TODO: check
+CVE-2025-1184 (A vulnerability was found in pihome-shc PiHome 1.77 and
classified as ...)
+ TODO: check
+CVE-2025-1183 (A vulnerability has been found in CodeZips Gym Management
System 1.0 a ...)
+ TODO: check
+CVE-2025-0989
+ REJECTED
+CVE-2025-0808 (The Houzez Property Feed plugin for WordPress is vulnerable to
Cross-S ...)
+ TODO: check
+CVE-2024-57777 (Directory Traversal vulnerability in Ianproxy v.0.1 and before
allows ...)
+ TODO: check
+CVE-2024-57241 (Dedecms 5.71sp1 and earlier is vulnerable to URL redirect. In
the web ...)
+ TODO: check
+CVE-2024-57000 (An issue in Anyscale Inc Ray between v.2.9.3 and v.2.40.0
allows a rem ...)
+ TODO: check
+CVE-2024-55212 (DNNGo xBlog v6.5.0 was discovered to contain a SQL injection
vulnerabi ...)
+ TODO: check
+CVE-2024-54916 (An issue in the SharedConfig class of Telegram Android APK
v.11.7.0 al ...)
+ TODO: check
+CVE-2024-54772 (An issue was discovered in the Winbox service of MikroTik
RouterOS v6. ...)
+ TODO: check
+CVE-2024-53880 (NVIDIA Triton Inference Server contains a vulnerability in the
model l ...)
+ TODO: check
+CVE-2024-51324 (An issue in the BdApiUtil driver of Baidu Antivirus
v5.2.3.116083 allo ...)
+ TODO: check
+CVE-2024-44336 (An issue in AnkiDroid Android Application v2.17.6 allows
attackers to ...)
+ TODO: check
+CVE-2024-33469 (An issue in Team Amaze Amaze File Manager v.3.8.5 and fixed in
v.3.10 ...)
+ TODO: check
+CVE-2024-32037 (GeoNetwork is a catalog application to manage spatially
referenced res ...)
+ TODO: check
+CVE-2024-29172 (Dell BSAFE SSL-J contains a deadlock vulnerability. A remote
attacker ...)
+ TODO: check
+CVE-2024-29171 (Dell BSAFE SSL-J contains an Improper certificate verification
vulnera ...)
+ TODO: check
+CVE-2024-21971 (Improper input validation in AMD Crash Defender could allow an
attacke ...)
+ TODO: check
+CVE-2024-21925 (Improper input validation within the AmdPspP2CmboxV2 driver
may allow ...)
+ TODO: check
+CVE-2024-21924 (SMM callout vulnerability within the AmdPlatformRasSspSmm
driver could ...)
+ TODO: check
+CVE-2024-13821 (The WP Booking Calendar plugin for WordPress is vulnerable to
Unauthen ...)
+ TODO: check
+CVE-2024-13800 (The ConvertPlus plugin for WordPress is vulnerable to
unauthorized mod ...)
+ TODO: check
+CVE-2024-13794 (The WP Ghost (Hide My WP Ghost) \u2013 Security & Firewall
plugin for ...)
+ TODO: check
+CVE-2024-13769 (The Puzzles | WP Magazine / Review with Store WordPress Theme
+ RTL th ...)
+ TODO: check
+CVE-2024-13749 (The StaffList plugin for WordPress is vulnerable to Cross-Site
Request ...)
+ TODO: check
+CVE-2024-13714 (The All-Images.ai \u2013 IA Image Bank and Custom Image
creation plugi ...)
+ TODO: check
+CVE-2024-13701 (The Liveticker (by stklcode) plugin for WordPress is
vulnerable to Sto ...)
+ TODO: check
+CVE-2024-13665 (The Admire Extra plugin for WordPress is vulnerable to Stored
Cross-Si ...)
+ TODO: check
+CVE-2024-13658 (The NGG Smart Image Search plugin for WordPress is vulnerable
to Store ...)
+ TODO: check
+CVE-2024-13656 (The Click Mag - Viral WordPress News Magazine/Blog Theme theme
for Wor ...)
+ TODO: check
+CVE-2024-13654 (The ZoxPress - The All-In-One WordPress News Theme theme for
WordPress ...)
+ TODO: check
+CVE-2024-13653 (The ZoxPress - The All-In-One WordPress News Theme theme for
WordPress ...)
+ TODO: check
+CVE-2024-13601 (The Majestic Support \u2013 The Leading-Edge Help Desk &
Customer Supp ...)
+ TODO: check
+CVE-2024-13600 (The Majestic Support \u2013 The Leading-Edge Help Desk &
Customer Supp ...)
+ TODO: check
+CVE-2024-13554 (The The Ultimate WordPress Toolkit \u2013 WP Extended plugin
for WordP ...)
+ TODO: check
+CVE-2024-13541 (The aDirectory \u2013 WordPress Directory Listing Plugin
plugin for Wo ...)
+ TODO: check
+CVE-2024-13539 (The AForms Eats plugin for WordPress is vulnerable to Full
Path Disclo ...)
+ TODO: check
+CVE-2024-13421 (The Real Estate 7 WordPress theme for WordPress is vulnerable
to Privi ...)
+ TODO: check
+CVE-2024-13374 (The WP Table Manager plugin for WordPress is vulnerable to
unauthorize ...)
+ TODO: check
+CVE-2024-12164 (The WPSyncSheets Lite For WPForms \u2013 WPForms Google
Spreadsheet Ad ...)
+ TODO: check
+CVE-2024-11746 (The Discover the Best Woocommerce Product Brands Plugin for
WordPress ...)
+ TODO: check
+CVE-2024-0179 (SMM Callout vulnerability within the AmdCpmDisplayFeatureSMM
driver co ...)
+ TODO: check
+CVE-2024-0145 (NVIDIA nvJPEG2000 library contains a vulnerability where an
attacker c ...)
+ TODO: check
+CVE-2024-0144 (NVIDIA nvJPEG2000 library contains a vulnerability where an
attacker c ...)
+ TODO: check
+CVE-2024-0143 (NVIDIA nvJPEG2000 library contains a vulnerability where an
attacker c ...)
+ TODO: check
+CVE-2024-0142 (NVIDIA nvJPEG2000 library contains a vulnerability where an
attacker c ...)
+ TODO: check
+CVE-2024-0112 (NVIDIA Jetson AGX Orin\u2122 and NVIDIA IGX Orin software
contain a vu ...)
+ TODO: check
+CVE-2023-49780 (Cross-site scripting vulnerability exists in acmailer CGI
ver.4.0.5 an ...)
+ TODO: check
+CVE-2023-31352 (A bug in the SEV firmware may allow an attacker with
privileges to rea ...)
+ TODO: check
+CVE-2023-31345 (Improper input validation in the SMM handler may allow a
privileged at ...)
+ TODO: check
+CVE-2023-31343 (Improper input validation in the SMM handler may allow a
privileged at ...)
+ TODO: check
+CVE-2023-31342 (Improper input validation in the SMM handler may allow a
privileged at ...)
+ TODO: check
+CVE-2023-31331 (Improper access control in the DRTM firmware could allow a
privileged ...)
+ TODO: check
CVE-2025-26495 (Cleartext Storage of Sensitive Information vulnerability in
Salesforce ...)
NOT-FOR-US: Salesforce Tableau Server
CVE-2025-26494 (Server-Side Request Forgery (SSRF) vulnerability in Salesforce
Tableau ...)
@@ -2448,7 +2566,7 @@ CVE-2024-57434 (macrozheng mall-tiny 1.0.1 is vulnerable
to Incorrect Access Con
NOT-FOR-US: macrozheng mall-tiny
CVE-2024-57433 (macrozheng mall-tiny 1.0.1 is vulnerable to Incorrect Access
Control v ...)
NOT-FOR-US: macrozheng mall-tiny
-CVE-2024-55062 (EasyVirt DCScope 8.6.0 and earlier and co2Scope 1.3.0 and
earlier are ...)
+CVE-2024-55062 (Code Injection vulnerability in EasyVirt DCScope <= 8.6.0 and
CO2Scope ...)
NOT-FOR-US: EasyVirt DCScope
CVE-2024-53357 (Multiple SQL injection vulnerabilities in EasyVirt DCScope <=
8.6.0 an ...)
NOT-FOR-US: EasyVirt DCScope
@@ -3938,7 +4056,7 @@ CVE-2024-55228 (A cross-site scripting (XSS)
vulnerability in the Product module
- dolibarr <removed>
CVE-2024-55227 (A cross-site scripting (XSS) vulnerability in the
Events/Agenda module ...)
- dolibarr <removed>
-CVE-2025-26520 [Incomplete fix for CVE-2024-54146]
+CVE-2025-26520 (Cacti through 1.2.29 allows SQL injection in the template
function in ...)
- cacti <unfixed> (bug #1095721)
[bookworm] - cacti <not-affected> (Vulnerable code introduced later)
[bullseye] - cacti <not-affected> (Vulnerable code introduced later)
@@ -192308,10 +192426,10 @@ CVE-2023-20584 (IOMMU improperly handles certain
special address ranges with inv
NOTE:
https://lore.kernel.org/all/20240820182655.42311-1-john.al...@amd.com/
CVE-2023-20583 (A potential power side-channel vulnerability in AMD processors
may all ...)
NOT-FOR-US: AMD
-CVE-2023-20582
- RESERVED
-CVE-2023-20581
- RESERVED
+CVE-2023-20582 (Improper handling of invalid nested page table entries in the
IOMMU ma ...)
+ TODO: check
+CVE-2023-20581 (Improper access control in the IOMMU may allow a privileged
attacker t ...)
+ TODO: check
CVE-2023-20580
RESERVED
CVE-2023-20579 (Improper Access Control in the AMD SPI protection feature may
allow a ...)
@@ -192463,8 +192581,8 @@ CVE-2023-20517
RESERVED
CVE-2023-20516
RESERVED
-CVE-2023-20515
- RESERVED
+CVE-2023-20515 (Improper access control in the fTPM driver in the trusted OS
could all ...)
+ TODO: check
CVE-2023-20514
RESERVED
CVE-2023-20513 (An insufficient bounds check in PMFW (Power Management
Firmware) may a ...)
@@ -192477,10 +192595,10 @@ CVE-2023-20510 (An insufficient DRAM address
validation in PMFW may allow a priv
NOT-FOR-US: AMD
CVE-2023-20509 (An insufficient DRAM address validation in PMFW may allow a
privileged ...)
NOT-FOR-US: AMD
-CVE-2023-20508
- RESERVED
-CVE-2023-20507
- RESERVED
+CVE-2023-20508 (Improper access control in the ASP could allow a privileged
attacker t ...)
+ TODO: check
+CVE-2023-20507 (An integer overflow in the ASP could allow a privileged
attacker to pe ...)
+ TODO: check
CVE-2023-20506
RESERVED
CVE-2023-20505
@@ -203193,8 +203311,8 @@ CVE-2022-40502 (Transient DOS due to improper input
validation in WLAN Host.)
NOT-FOR-US: Snapdragon
CVE-2022-3181 (An Improper Input Validation vulnerability exists in Trihedral
VTScada ...)
NOT-FOR-US: Trihedral VTScada
-CVE-2022-3180
- RESERVED
+CVE-2022-3180 (The WPGateway Plugin for WordPress is vulnerable to privilege
escalati ...)
+ TODO: check
CVE-2022-3179 (Weak Password Requirements in GitHub repository
ikus060/rdiffweb prior ...)
- rdiffweb <itp> (bug #969974)
CVE-2022-3178 (Buffer Over-read in GitHub repository gpac/gpac prior to
2.1.0-DEV.)
@@ -210976,8 +211094,8 @@ CVE-2022-37662
RESERVED
CVE-2022-37661 (SmartRG SR506n 2.5.15 and SR510n 2.6.13 routers are vulnerable
to Remo ...)
NOT-FOR-US: SmartRG
-CVE-2022-37660
- RESERVED
+CVE-2022-37660 (In hostapd 2.10 and earlier, the PKEX code remains active even
after a ...)
+ TODO: check
CVE-2022-37659
RESERVED
CVE-2022-37658
@@ -404169,8 +404287,8 @@ CVE-2020-3434 (A vulnerability in the interprocess
communication (IPC) channel o
NOT-FOR-US: Cisco
CVE-2020-3433 (A vulnerability in the interprocess communication (IPC) channel
of Cis ...)
NOT-FOR-US: Cisco
-CVE-2020-3432
- RESERVED
+CVE-2020-3432 (A vulnerability in the uninstaller component of Cisco
AnyConnect Secur ...)
+ TODO: check
CVE-2020-3431 (A vulnerability in the web-based management interface of
Cisco Sm ...)
NOT-FOR-US: Cisco
CVE-2020-3430 (A vulnerability in the application protocol handling features
of Cisco ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d8d9cb1cdd778bbfd2d62f6a11548a0a1ebb4a0
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d8d9cb1cdd778bbfd2d62f6a11548a0a1ebb4a0
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
