[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Fri, 21 Feb 2025 00:12:23 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
3449aca3 by security tracker role at 2025-02-21T08:12:04+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,73 @@
+CVE-2025-27100 (lakeFS is an open-source tool that transforms your object 
storage into ...)
+       TODO: check
+CVE-2025-27098 (GraphQL Mesh is a GraphQL Federation framework and gateway for 
both Gr ...)
+       TODO: check
+CVE-2025-27097 (GraphQL Mesh is a GraphQL Federation framework and gateway for 
both Gr ...)
+       TODO: check
+CVE-2025-27088 (oxyno-zeta/s3-proxy is an aws s3 proxy written in go. In 
affected vers ...)
+       TODO: check
+CVE-2025-25960 (Cross Site Scripting vulnerability in phpcmsv9 v.9.6.3 allows 
a remote ...)
+       TODO: check
+CVE-2025-25958 (Cross Site Scripting vulnerabilities in phpcmsv9 v.9.6.3 
allows a remo ...)
+       TODO: check
+CVE-2025-25957 (Cross Site Scripting vulnerabilities in Xunruicms v.4.6.3 and 
before a ...)
+       TODO: check
+CVE-2025-25679 (Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer 
overflow  ...)
+       TODO: check
+CVE-2025-25678 (Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer 
overflow  ...)
+       TODO: check
+CVE-2025-25676 (Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer 
overflow  ...)
+       TODO: check
+CVE-2025-25675 (Tenda AC10 V1.0 V15.03.06.23 has a command injection 
vulnerablility lo ...)
+       TODO: check
+CVE-2025-25674 (Tenda AC10 V1.0 V15.03.06.23 is vulnerable to Buffer Overflow 
in form_ ...)
+       TODO: check
+CVE-2025-25668 (Tenda AC8V4 V16.03.34.06 was discovered to contain a stack 
overflow vi ...)
+       TODO: check
+CVE-2025-25667 (Tenda AC8V4 V16.03.34.06 was discovered to contain a stack 
overflow vi ...)
+       TODO: check
+CVE-2025-25664 (Tenda AC8V4 V16.03.34.06 was discovered to contain a stack 
overflow vi ...)
+       TODO: check
+CVE-2025-25663 (A vulnerability was found in Tenda AC8V4 V16.03.34.06. 
Affected is the ...)
+       TODO: check
+CVE-2025-25662 (Tenda O4 V3.0 V1.0.0.10(2936) is vulnerable to Buffer Overflow 
in the  ...)
+       TODO: check
+CVE-2025-22973 (An issue in QiboSoft QiboCMS X1.0 allows a remote attacker to 
obtain s ...)
+       TODO: check
+CVE-2025-1407 (The AMO Team Showcase plugin for WordPress is vulnerable to 
Stored Cro ...)
+       TODO: check
+CVE-2025-1406 (The Newpost Catch plugin for WordPress is vulnerable to Stored 
Cross-S ...)
+       TODO: check
+CVE-2025-1001 (Medixant RadiAnt DICOM Viewer is vulnerable due to failure of 
the upda ...)
+       TODO: check
+CVE-2024-7131
+       REJECTED
+CVE-2024-54756 (A remote code execution (RCE) vulnerability in the ZScript 
function of ...)
+       TODO: check
+CVE-2024-38657 (External control of a file name in Ivanti Connect Secure 
before versio ...)
+       TODO: check
+CVE-2024-13883 (The WPUpper Share Buttons plugin for WordPress is vulnerable 
to Cross- ...)
+       TODO: check
+CVE-2024-13818 (The Registration Forms \u2013 User Registration Forms, 
Invitation-Base ...)
+       TODO: check
+CVE-2024-13751 (The 3D Photo Gallery plugin for WordPress is vulnerable to 
Stored Cros ...)
+       TODO: check
+CVE-2024-13672 (The Mini Course Generator | Embed mini-courses and interactive 
content ...)
+       TODO: check
+CVE-2024-13585 (The Ajax Search Lite  WordPress plugin before 4.12.5 does not 
sanitise ...)
+       TODO: check
+CVE-2024-13537 (The C9 Blocks plugin for WordPress is vulnerable to Full Path 
Disclosu ...)
+       TODO: check
+CVE-2024-13388 (The TCBD Tooltip plugin for WordPress is vulnerable to Stored 
Cross-Si ...)
+       TODO: check
+CVE-2024-13379 (The C9 Admin Dashboard plugin for WordPress is vulnerable to 
Stored Cr ...)
+       TODO: check
+CVE-2024-13314 (The Carousel, Slider, Gallery by WP Carousel  WordPress plugin 
before  ...)
+       TODO: check
+CVE-2024-13235 (The Pinpoint Booking System \u2013 #1 WordPress Booking Plugin 
plugin  ...)
+       TODO: check
+CVE-2024-11260 (The Events Manager \u2013 Calendar, Bookings, Tickets, and 
more! plugi ...)
+       TODO: check
 CVE-2025-27096 (WeGIA is a Web Manager for Institutions with a focus on 
Portuguese lan ...)
        NOT-FOR-US: WeGIA
 CVE-2025-27091 (OpenH264 is a free license codec library which supports H.264 
encoding ...)
@@ -274,6 +344,7 @@ CVE-2025-1465 (A vulnerability, which was classified as 
problematic, was found i
 CVE-2025-1464 (A vulnerability, which was classified as critical, has been 
found in B ...)
        NOT-FOR-US: Baiyi Cloud Asset Management System
 CVE-2025-1426 (Heap buffer overflow in GPU in Google Chrome on Android prior 
to 133.0 ...)
+       {DSA-5869-1}
        - chromium 133.0.6943.126-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2025-1135 (A vulnerability exists in ChurchCRM5.13.0. and prior that 
allows an at ...)
@@ -291,9 +362,11 @@ CVE-2025-1024 (A vulnerability exists in ChurchCRM 
5.13.0that allows an attacker
 CVE-2025-1007 (In OpenVSX version v0.9.0 to v0.20.0, the  
/user/namespace/{namespace} ...)
        NOT-FOR-US: OpenVSX
 CVE-2025-1006 (Use after free in Network in Google Chrome prior to 
133.0.6943.126 all ...)
+       {DSA-5869-1}
        - chromium 133.0.6943.126-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2025-0999 (Heap buffer overflow in V8 in Google Chrome prior to 
133.0.6943.126 al ...)
+       {DSA-5869-1}
        - chromium 133.0.6943.126-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2025-0968 (The ElementsKit Elementor addons plugin for WordPress is 
vulnerable to ...)
@@ -5004,7 +5077,7 @@ CVE-2025-23596 (Improper Neutralization of Input During 
Web Page Generation ('Cr
        NOT-FOR-US: WordPress plugin
 CVE-2025-23215 (PMD is an extensible multilanguage static code analyzer. The 
passphras ...)
        NOT-FOR-US: PMD
-CVE-2025-23001 (A Host Header Injection vulnerability exists in CTFd 3.7.5, 
due to the ...)
+CVE-2025-23001 (A Host header injection vulnerability exists in CTFd 3.7.5, 
due to the ...)
        NOT-FOR-US: CTFd
 CVE-2025-22994 (O2OA 9.1.3 is vulnerable to Cross Site Scripting (XSS) in 
Meetings - S ...)
        NOT-FOR-US: O2OA



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3449aca309a9544743724a9a338b60027af6cb7e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3449aca309a9544743724a9a338b60027af6cb7e
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to