Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c63226d5 by security tracker role at 2025-02-20T20:12:33+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,171 @@
+CVE-2025-27096 (WeGIA is a Web Manager for Institutions with a focus on
Portuguese lan ...)
+ TODO: check
+CVE-2025-27091 (OpenH264 is a free license codec library which supports H.264
encoding ...)
+ TODO: check
+CVE-2025-26618 (Erlang is a programming language and runtime system for
building massi ...)
+ TODO: check
+CVE-2025-26311 (Multiple memory leaks have been identified in the clip actions
parsing ...)
+ TODO: check
+CVE-2025-26310 (Multiple memory leaks have been identified in the ABC file
parsing fun ...)
+ TODO: check
+CVE-2025-26309 (A memory leak has been identified in the
parseSWF_DEFINESCENEANDFRAMED ...)
+ TODO: check
+CVE-2025-26308 (A memory leak has been identified in the parseSWF_FILTERLIST
function ...)
+ TODO: check
+CVE-2025-26307 (A memory leak has been identified in the
parseSWF_IMPORTASSETS2 functi ...)
+ TODO: check
+CVE-2025-26306 (A memory leak has been identified in the readSizedString
function in u ...)
+ TODO: check
+CVE-2025-26305 (A memory leak has been identified in the parseSWF_SOUNDINFO
function i ...)
+ TODO: check
+CVE-2025-26304 (A memory leak has been identified in the parseSWF_EXPORTASSETS
functio ...)
+ TODO: check
+CVE-2025-25973 (A stored Cross Site Scripting vulnerability in the "related
recommenda ...)
+ TODO: check
+CVE-2025-25968 (DDSN Interactive cm3 Acora CMS version 10.1.1 contains an
improper acc ...)
+ TODO: check
+CVE-2025-25299 (CKEditor 5 is a modern JavaScript rich-text editor with an MVC
archite ...)
+ TODO: check
+CVE-2025-24893 (XWiki Platform is a generic wiki platform offering runtime
services fo ...)
+ TODO: check
+CVE-2025-21106 (Dell Recover Point for Virtual Machines 6.0.X contains a Weak
file sys ...)
+ TODO: check
+CVE-2025-21105 (Dell RecoverPoint for Virtual Machines 6.0.X contains a
command execut ...)
+ TODO: check
+CVE-2025-20059 (Relative Path Traversal vulnerability in Ping Identity PingAM
Java Pol ...)
+ TODO: check
+CVE-2025-1483 (The LTL Freight Quotes \u2013 GlobalTranz Edition plugin for
WordPress ...)
+ TODO: check
+CVE-2025-1328 (The Typed JS: A typewriter style animation plugin for WordPress
is vul ...)
+ TODO: check
+CVE-2025-1265 (An OS command injection vulnerability exists in Vinci Protocol
Analyze ...)
+ TODO: check
+CVE-2025-1258
+ REJECTED
+CVE-2025-1064 (The Login/Signup Popup ( Inline Form + Woocommerce ) plugin for
WordPr ...)
+ TODO: check
+CVE-2025-1043 (The Embed Any Document \u2013 Embed PDF, Word, PowerPoint and
Excel Fi ...)
+ TODO: check
+CVE-2025-1039 (The Lenix Elementor Leads addon plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2025-0897 (The Modal Window \u2013 create popup modal window plugin for
WordPress ...)
+ TODO: check
+CVE-2025-0868 (A vulnerability, that could result in Remote Code Execution
(RCE), has ...)
+ TODO: check
+CVE-2025-0866 (The Legoeso PDF Manager plugin for WordPress is vulnerable to
time-bas ...)
+ TODO: check
+CVE-2025-0352 (Rapid Response Monitoring My Security Account App utilizes an
API that ...)
+ TODO: check
+CVE-2025-0161 (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.0.9
and 11. ...)
+ TODO: check
+CVE-2024-7141 (Versions of Gliffy Online prior to versions 4.14.0-7 contains a
Cross ...)
+ TODO: check
+CVE-2024-6432 (The Content Blocks (Custom Post Widget) plugin for WordPress is
vulner ...)
+ TODO: check
+CVE-2024-57716 (An issue in trenoncourt AutoQueryable v.1.7.0 allows a remote
attacker ...)
+ TODO: check
+CVE-2024-57401 (SQL Injection vulnerability in Uniclare Student portal v.2 and
before ...)
+ TODO: check
+CVE-2024-55457 (MasterSAM Star Gate 11 is vulnerable to directory traversal
via /adama ...)
+ TODO: check
+CVE-2024-54961 (Nagios XI 2024R1.2.2 has an Information Disclosure
vulnerability, whic ...)
+ TODO: check
+CVE-2024-54960 (A SQL Injection vulnerability in Nagios XI 2024R1.2.2 allows a
remote ...)
+ TODO: check
+CVE-2024-54959 (Nagios XI 2024R1.2.2 is vulnerable to a Cross-Site Request
Forgery (CS ...)
+ TODO: check
+CVE-2024-54958 (Nagios XI 2024R1.2.2 is susceptible to a stored Cross-Site
Scripting ( ...)
+ TODO: check
+CVE-2024-49781 (IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is
vulnerable to a ...)
+ TODO: check
+CVE-2024-49779 (IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could
allow a re ...)
+ TODO: check
+CVE-2024-49344 (IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages with
Watson As ...)
+ TODO: check
+CVE-2024-49337 (IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is
vulnerabl ...)
+ TODO: check
+CVE-2024-46933 (An issue was discovered in Atos Eviden BullSequana XH2140 BMC
before C ...)
+ TODO: check
+CVE-2024-13888 (The WPMobile.App plugin for WordPress is vulnerable to Open
Redirect i ...)
+ TODO: check
+CVE-2024-13855 (The Prime Addons for Elementor plugin for WordPress is
vulnerable to I ...)
+ TODO: check
+CVE-2024-13849 (The Cookie Notice Bar plugin for WordPress is vulnerable to
Stored Cro ...)
+ TODO: check
+CVE-2024-13802 (The Bandsintown Events plugin for WordPress is vulnerable to
Stored Cr ...)
+ TODO: check
+CVE-2024-13792 (The WooCommerce Food - Restaurant Menu & Food ordering plugin
for Word ...)
+ TODO: check
+CVE-2024-13789 (The ravpage plugin for WordPress is vulnerable to PHP Object
Injection ...)
+ TODO: check
+CVE-2024-13753 (The Ultimate Classified Listings plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2024-13748 (The Ultimate Classified Listings plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2024-13520 (The Gift Cards (Gift Vouchers and Packages) (WooCommerce
Supported) pl ...)
+ TODO: check
+CVE-2024-13476 (The LTL Freight Quotes \u2013 GlobalTranz Edition plugin for
WordPress ...)
+ TODO: check
+CVE-2023-51339 (A lack of rate limiting in the 'Forgot Password' feature of
PHPJabbers ...)
+ TODO: check
+CVE-2023-51338 (PHPJabbers Meeting Room Booking System v1.0 is vulnerable to
Multiple ...)
+ TODO: check
+CVE-2023-51337 (PHPJabbers Event Ticketing System v1.0 is vulnerable to
Reflected Cros ...)
+ TODO: check
+CVE-2023-51336 (PHPJabbers Meeting Room Booking System v1.0 is vulnerable to
CSV Injec ...)
+ TODO: check
+CVE-2023-51335 (PHPJabbers Cinema Booking System v1.0 is vulnerable to
Multiple Stored ...)
+ TODO: check
+CVE-2023-51334 (A lack of rate limiting in the 'Forgot Password' feature of
PHPJabbers ...)
+ TODO: check
+CVE-2023-51333 (PHPJabbers Cinema Booking System v1.0 is vulnerable to CSV
Injection v ...)
+ TODO: check
+CVE-2023-51332 (A lack of rate limiting in the 'Forgot Password' feature of
PHPJabbers ...)
+ TODO: check
+CVE-2023-51331 (PHPJabbers Cleaning Business Software v1.0 is vulnerable to
CSV Inject ...)
+ TODO: check
+CVE-2023-51330 (PHPJabbers Cinema Booking System v1.0 is vulnerable to
Reflected Cross ...)
+ TODO: check
+CVE-2023-51327 (A lack of rate limiting in the 'Forgot Password' feature of
PHPJabbers ...)
+ TODO: check
+CVE-2023-51326 (A lack of rate limiting in the 'Forgot Password' feature of
PHPJabbers ...)
+ TODO: check
+CVE-2023-51325 (PHPJabbers Shared Asset Booking System v1.0 is vulnerable to
Multiple ...)
+ TODO: check
+CVE-2023-51324 (PHPJabbers Shared Asset Booking System v1.0 is vulnerable to
CSV Injec ...)
+ TODO: check
+CVE-2023-51323 (A lack of rate limiting in the 'Forgot Password' feature of
PHPJabbers ...)
+ TODO: check
+CVE-2023-51321 (A lack of rate limiting in the 'Forgot Password' feature of
PHPJabbers ...)
+ TODO: check
+CVE-2023-51320 (PHPJabbers Night Club Booking Software v1.0 is vulnerable to
CSV Injec ...)
+ TODO: check
+CVE-2023-51319 (PHPJabbers Bus Reservation System v1.1 is vulnerable to CSV
Injection ...)
+ TODO: check
+CVE-2023-51318 (PHPJabbers Bus Reservation System v1.1 is vulnerable to
Multiple Store ...)
+ TODO: check
+CVE-2023-51317 (PHPJabbers Restaurant Booking System v3.0 is vulnerable to
Multiple HT ...)
+ TODO: check
+CVE-2023-51316 (A lack of rate limiting in the 'Forgot Password' feature of
PHPJabbers ...)
+ TODO: check
+CVE-2023-51315 (PHPJabbers Restaurant Booking System v3.0 is vulnerable to
Multiple St ...)
+ TODO: check
+CVE-2023-51314 (A lack of rate limiting in the 'Forgot Password', 'Email
Settings' fea ...)
+ TODO: check
+CVE-2023-51313 (PHPJabbers Restaurant Booking System v3.0 is vulnerable to CSV
Injecti ...)
+ TODO: check
+CVE-2023-51312 (PHPJabbers Restaurant Booking System v3.0 is vulnerable to
Reflected C ...)
+ TODO: check
+CVE-2023-51311 (PHPJabbers Car Park Booking System v3.0 is vulnerable to CSV
Injection ...)
+ TODO: check
+CVE-2023-51310 (A lack of rate limiting in the 'Forgot Password', 'Email
Settings' fea ...)
+ TODO: check
+CVE-2023-51309 (A lack of rate limiting in the 'Email Settings' feature of
PHPJabbers ...)
+ TODO: check
+CVE-2023-51308 (PHPJabbers Car Park Booking System v3.0 is vulnerable to
Multiple HTML ...)
+ TODO: check
+CVE-2023-51306 (PHPJabbers Event Ticketing System v1.0 is vulnerable to
Multiple Store ...)
+ TODO: check
CVE-2025-27218 (Sitecore Experience Manager (XM) and Experience Platform (XP)
10.4 bef ...)
NOT-FOR-US: Sitecore
CVE-2025-27092 (GHOSTS is an open source user simulation framework for cyber
experimen ...)
@@ -52,7 +220,7 @@ CVE-2024-5705 (The product performs an authorization check
when an actor attempt
NOT-FOR-US: Hitachi
CVE-2024-49782 (IBM OpenPages with Watson 8.3 and 9.0 could allow a remote
attacker ...)
NOT-FOR-US: IBM
-CVE-2024-49780 (IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could
allow a rem ...)
+CVE-2024-49780 (IBM OpenPages with Watson 8.3 and 9.0IBM OpenPages could allow
a remot ...)
NOT-FOR-US: IBM
CVE-2024-49355 (IBM OpenPages with Watson 8.3 and 9.0may write improperly
neutralized ...)
NOT-FOR-US: IBM
@@ -19021,6 +19189,7 @@ CVE-2024-55918 (An issue was discovered in the
Graphics::ColorNames package befo
CVE-2024-21544 (Versions of the package spatie/browsershot before 5.0.1 are
vulnerable ...)
NOT-FOR-US: spatie/browsershot
CVE-2024-21543 (Versions of the package djoser before 2.3.0 are vulnerable to
Authenti ...)
+ {DLA-4060-1}
- djoser 2.3.1-1 (bug #1089915)
[bookworm] - djoser <no-dsa> (Minor issue; can be fixed via point
release)
NOTE: https://github.com/sunscrapers/djoser/issues/795
@@ -32226,6 +32395,7 @@ CVE-2024-46531 (phpgurukul Vehicle Record Management
System v1.0 was discovered
CVE-2024-42041 (The com.videodownload.browser.videodownloader (aka
AppTool-Browser-Vid ...)
NOT-FOR-US: com.videodownload.browser.videodownloader (aka
AppTool-Browser-Video All Video Downloader) application
CVE-2024-3935 (In Eclipse Mosquito, versions from 2.0.0 through 2.0.18, if a
Mosquitt ...)
+ {DLA-4059-1}
- mosquitto 2.0.20-1
NOTE:
https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/197
NOTE: https://mosquitto.org/blog/2024/10/version-2-0-19-released/
@@ -32267,6 +32437,7 @@ CVE-2024-23309 (The LevelOne WBR-6012 router with
firmware R0.40e6 has an authen
CVE-2024-10546 (A vulnerability classified as critical was found in
open-scratch Teach ...)
NOT-FOR-US: open-scratch Teaching
CVE-2024-10525 (In Eclipse Mosquitto, from version 1.3.2 through 2.0.18, if a
maliciou ...)
+ {DLA-4059-1}
- mosquitto 2.0.20-1
NOTE:
https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/190
NOTE: https://mosquitto.org/blog/2024/10/version-2-0-19-released/
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c63226d55d65941a097e94a01bcff671aa888fae
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c63226d55d65941a097e94a01bcff671aa888fae
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
