[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Fri, 21 Feb 2025 12:12:21 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
4d25fb38 by security tracker role at 2025-02-21T20:12:01+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,108 @@
-CVE-2025-26794
+CVE-2025-26014 (A Remote Code Execution (RCE) vulnerability in Loggrove v.1.0 
allows a ...)
+       TODO: check
+CVE-2025-26013 (An issue in Loggrove v.1.0 allows a remote attacker to obtain 
sensitiv ...)
+       TODO: check
+CVE-2025-25878 (A vulnerability was found in ITSourcecode Simple ChatBox up to 
1.0. Th ...)
+       TODO: check
+CVE-2025-25877 (A vulnerability was found in ITSourcecode Simple ChatBox up to 
1.0. Th ...)
+       TODO: check
+CVE-2025-25876 (A vulnerability was found in ITSourcecode Simple ChatBox up to 
1.0. Th ...)
+       TODO: check
+CVE-2025-25875 (A vulnerability was found in ITSourcecode Simple ChatBox up to 
1.0. Th ...)
+       TODO: check
+CVE-2025-25772 (A Cross-Site Request Forgery (CSRF) in the component 
/back/UserControl ...)
+       TODO: check
+CVE-2025-25770 (Wangmarket v4.10 to v5.0 was discovered to contain a 
Cross-Site Reques ...)
+       TODO: check
+CVE-2025-25769 (Wangmarket v4.10 to v5.0 was discovered to contain a 
Cross-Site Reques ...)
+       TODO: check
+CVE-2025-25768 (MRCMS v3.1.2 was discovered to contain a server-side template 
injectio ...)
+       TODO: check
+CVE-2025-25767 (A vertical privilege escalation vulnerability in the component 
/contro ...)
+       TODO: check
+CVE-2025-25766 (An arbitrary file upload vulnerability in the component 
/file/savefile ...)
+       TODO: check
+CVE-2025-25765 (MRCMS v3.1.2 was discovered to contain an arbitrary file write 
vulnera ...)
+       TODO: check
+CVE-2025-25605 (Totolink X5000R V9.1.0u.6369_B20230113 is vulnerable to 
command inject ...)
+       TODO: check
+CVE-2025-25604 (Totolink X5000R V9.1.0u.6369_B20230113 is vulnerable to 
command inject ...)
+       TODO: check
+CVE-2025-25510 (Tenda AC8 V16.03.34.06 is vulnerable to Buffer Overflow in the 
get_par ...)
+       TODO: check
+CVE-2025-25507 (There is a RCE vulnerability in Tenda AC6 15.03.05.16_multi. 
In the fo ...)
+       TODO: check
+CVE-2025-25505 (Tenda AC6 15.03.05.16_multi is vulnerable to Buffer Overflow 
in the su ...)
+       TODO: check
+CVE-2025-1548 (A vulnerability was found in iteachyou Dreamer CMS 4.1.3. It 
has been  ...)
+       TODO: check
+CVE-2025-1546 (A vulnerability has been found in BDCOM Behavior Management and 
Auditi ...)
+       TODO: check
+CVE-2025-1544 (A vulnerability, which was classified as critical, was found in 
dingfa ...)
+       TODO: check
+CVE-2025-1543 (A vulnerability, which was classified as problematic, has been 
found i ...)
+       TODO: check
+CVE-2025-1539 (A vulnerability, which was classified as critical, has been 
found in D ...)
+       TODO: check
+CVE-2025-1538 (A vulnerability classified as critical was found in D-Link 
DAP-1320 1. ...)
+       TODO: check
+CVE-2025-1537 (A vulnerability was found in Harpia DiagSystem 12. It has been 
rated a ...)
+       TODO: check
+CVE-2025-1536 (A vulnerability was found in Raisecom Multi-Service Intelligent 
Gatewa ...)
+       TODO: check
+CVE-2025-1535 (A vulnerability was found in Baiyi Cloud Asset Management 
System 8.142 ...)
+       TODO: check
+CVE-2025-1489 (The WP-Appbox plugin for WordPress is vulnerable to Stored 
Cross-Site  ...)
+       TODO: check
+CVE-2025-1471 (In Eclipse OMR versions 0.2.0 to 0.4.0, some of the z/OS atoe 
print fu ...)
+       TODO: check
+CVE-2025-1470 (In Eclipse OMR, from the initial contribution to version 0.4.0, 
some O ...)
+       TODO: check
+CVE-2025-1410 (The Events Calendar Made Simple \u2013 Pie Calendar plugin for 
WordPre ...)
+       TODO: check
+CVE-2025-1403 (Qiskit SDK 0.45.0 through 1.2.4 could allow a remote attacker 
to cause ...)
+       TODO: check
+CVE-2025-1402 (The Event Tickets and Registration plugin for WordPress is 
vulnerable  ...)
+       TODO: check
+CVE-2025-0838 (There exists a heap buffer overflow vulnerable in Abseil-cpp. 
The size ...)
+       TODO: check
+CVE-2025-0728 (In NetX HTTP server functionality of Eclipse ThreadX NetX Duo 
before   ...)
+       TODO: check
+CVE-2025-0727 (In NetX HTTP server functionality of Eclipse ThreadX NetX Duo 
before   ...)
+       TODO: check
+CVE-2025-0726 (In NetX HTTP server functionality of Eclipse ThreadX NetX Duo 
before   ...)
+       TODO: check
+CVE-2024-9150 (Report generation functionality in Wyn Enterprise allows for 
code incl ...)
+       TODO: check
+CVE-2024-57176 (An issue in the shiroFilter function of White-Jotter project 
v0.2.2 al ...)
+       TODO: check
+CVE-2024-55159 (GFast between v2 to v3.2 was discovered to contain a SQL 
injection vul ...)
+       TODO: check
+CVE-2024-55156 (An XML External Entity (XXE) vulnerability in the 
deserializeArgs() me ...)
+       TODO: check
+CVE-2024-45673 (IBM Security Verify Bridge Directory Sync 1.0.1 through 
1.0.12, IBM Se ...)
+       TODO: check
+CVE-2024-13900 (The Head, Footer and Post Injections plugin for WordPress is 
vulnerabl ...)
+       TODO: check
+CVE-2024-13846 (The Indeed Ultimate Learning Pro plugin for WordPress is 
vulnerable to ...)
+       TODO: check
+CVE-2024-13713 (The WPExperts Square For GiveWP plugin for WordPress is 
vulnerable to  ...)
+       TODO: check
+CVE-2024-13648 (The Maps for WP plugin for WordPress is vulnerable to Stored 
Cross-Sit ...)
+       TODO: check
+CVE-2024-13461 (The Autoship Cloud for WooCommerce Subscription Products 
plugin for Wo ...)
+       TODO: check
+CVE-2024-13455 (The igumbi Online Booking plugin for WordPress is vulnerable 
to Stored ...)
+       TODO: check
+CVE-2024-13353 (The Responsive Addons for Elementor \u2013 Free Elementor 
Addons Plugi ...)
+       TODO: check
+CVE-2024-12452 (The Ziggeo plugin for WordPress is vulnerable to Stored 
Cross-Site Scr ...)
+       TODO: check
+CVE-2024-12276 (The Ultimate Member \u2013 User Profile, Registration, Login, 
Member D ...)
+       TODO: check
+CVE-2024-10222 (The SVG Support plugin for WordPress is vulnerable to Stored 
Cross-Sit ...)
+       TODO: check
+CVE-2025-26794 (Exim 4.98 before 4.98.1, when SQLite hints and ETRN 
serialization are  ...)
        - exim4 4.98-4 (unimportant)
        [bookworm] - exim4 <not-affected> (Vulnerable code not present)
        [bullseye] - exim4 <not-affected> (Vulnerable code not present)
@@ -1745,7 +1849,7 @@ CVE-2024-11345 (A heap-based memory vulnerability has 
been identified in the Pos
 CVE-2024-11344 (A type confusion vulnerability has been identified in the 
Postscript i ...)
        NOT-FOR-US: Lexmark
 CVE-2025-1094 (Improper neutralization of quoting syntax in PostgreSQL libpq 
function ...)
-       {DLA-4052-1}
+       {DLA-4052-2 DLA-4052-1}
        - postgresql-17 17.3-1
        - postgresql-15 <removed>
        [bookworm] - postgresql-15 <no-dsa> (Minor issue)
@@ -3754,7 +3858,7 @@ CVE-2024-12243 (A flaw was found in GnuTLS, which relies 
on libtasn1 for ASN.1 d
        NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1553
        NOTE: Fixed by: 
https://gitlab.com/gnutls/gnutls/-/commit/4760bc63531e3f5039e70ede91a20e1194410892
 (3.8.9)
 CVE-2024-12133 (A flaw in libtasn1 causes inefficient handling of specific 
certificate ...)
-       {DSA-5863-1}
+       {DSA-5863-1 DLA-4061-1}
        - libtasn1-6 4.20.0-1 (bug #1095406)
        NOTE: https://www.openwall.com/lists/oss-security/2025/02/06/6
        NOTE: https://gitlab.com/gnutls/libtasn1/-/issues/52
@@ -81085,6 +81189,7 @@ CVE-2024-34078 (html-sanitizer is an allowlist-based 
HTML cleaner. If using `kee
        NOTE: 
https://github.com/matthiask/html-sanitizer/security/advisories/GHSA-wvhx-q427-fgh3
        NOTE: 
https://github.com/matthiask/html-sanitizer/commit/48db42fc5143d0140c32d929c46b802f96913550
 (2.4.2)
 CVE-2024-34069 (Werkzeug is a comprehensive WSGI web application library. The 
debugger ...)
+       {DLA-4062-1}
        - python-werkzeug 3.0.3-1 (bug #1070711)
        [bookworm] - python-werkzeug 2.2.2-3+deb12u1
        [buster] - python-werkzeug <postponed> (Minor issue)
@@ -364428,8 +364533,8 @@ CVE-2020-19250
        RESERVED
 CVE-2020-19249
        RESERVED
-CVE-2020-19248
-       RESERVED
+CVE-2020-19248 (SQL Injection vulnerability in PbootCMS 1.4.1 in parsing if 
statements ...)
+       TODO: check
 CVE-2020-19247
        RESERVED
 CVE-2020-19246
@@ -399106,8 +399211,8 @@ CVE-2020-6160
        RESERVED
 CVE-2020-6159 (URLs using \u201cjavascript:\u201d have the protocol removed 
when past ...)
        NOT-FOR-US: Opera
-CVE-2020-6158
-       RESERVED
+CVE-2020-6158 (Opera Mini for Android before version 52.2 is vulnerable to an 
address ...)
+       TODO: check
 CVE-2020-6157 (Opera Touch for iOS before version 2.4.5 is vulnerable to an 
address b ...)
        NOT-FOR-US: Opera Touch for iOS
 CVE-2020-6156 (A heap overflow vulnerability exists in Pixar OpenUSD 20.05 
when the s ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4d25fb38b1e07d28be0aaa13431c84996fa79e0b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4d25fb38b1e07d28be0aaa13431c84996fa79e0b
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to