[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Sun, 20 Apr 2025 01:12:06 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
109e3ef1 by security tracker role at 2025-04-20T08:11:48+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,55 @@
+CVE-2025-43929 (open_actions.py in kitty before 0.41.0 does not ask for user 
confirmat ...)
+       TODO: check
+CVE-2025-43928 (In Infodraw Media Relay Service (MRS) 7.1.0.0, the MRS web 
server (on  ...)
+       TODO: check
+CVE-2025-43921 (GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows 
unauthentic ...)
+       TODO: check
+CVE-2025-43920 (GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows 
unauthentic ...)
+       TODO: check
+CVE-2025-43919 (GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows 
unauthentic ...)
+       TODO: check
+CVE-2025-43918 (SSL.com before 2025-04-19, when domain validation method 
3.2.2.4.14 is ...)
+       TODO: check
+CVE-2025-43917 (In Pritunl Client before 1.3.4220.57, an administrator with 
access to  ...)
+       TODO: check
+CVE-2025-3822 (A vulnerability was found in SourceCodester Web-based Pharmacy 
Product ...)
+       TODO: check
+CVE-2025-3821 (A vulnerability was found in SourceCodester Web-based Pharmacy 
Product ...)
+       TODO: check
+CVE-2025-3820 (A vulnerability was found in Tenda W12 and i24 
3.0.0.4(2887)/3.0.0.5(3 ...)
+       TODO: check
+CVE-2025-3819 (A vulnerability has been found in PHPGurukul Men Salon 
Management Syst ...)
+       TODO: check
+CVE-2025-3818 (A vulnerability, which was classified as critical, was found in 
webpy  ...)
+       TODO: check
+CVE-2025-3817 (A vulnerability, which was classified as critical, has been 
found in S ...)
+       TODO: check
+CVE-2025-3816 (A vulnerability classified as critical was found in westboy 
CicadasCMS ...)
+       TODO: check
+CVE-2025-3808 (A vulnerability has been found in zhenfeng13 My-BBS 1.0 and 
classified ...)
+       TODO: check
+CVE-2025-3807 (A vulnerability, which was classified as critical, was found in 
zhenfe ...)
+       TODO: check
+CVE-2025-3806 (A vulnerability, which was classified as problematic, has been 
found i ...)
+       TODO: check
+CVE-2025-3805 (A vulnerability classified as critical was found in 
sarrionandia tourn ...)
+       TODO: check
+CVE-2025-3804 (A vulnerability classified as critical has been found in 
thautwarm vsc ...)
+       TODO: check
+CVE-2025-3803 (A vulnerability was found in Tenda W12 and i24 
3.0.0.4(2887)/3.0.0.5(3 ...)
+       TODO: check
+CVE-2025-3802 (A vulnerability was found in Tenda W12 and i24 
3.0.0.4(2887)/3.0.0.5(3 ...)
+       TODO: check
+CVE-2025-3801 (A vulnerability was found in songquanpeng one-api up to 0.6.10. 
It has ...)
+       TODO: check
+CVE-2025-3800 (A vulnerability has been found in WCMS 11 and classified as 
critical.  ...)
+       TODO: check
+CVE-2025-3799 (A vulnerability, which was classified as critical, was found in 
WCMS 1 ...)
+       TODO: check
+CVE-2025-3798 (A vulnerability, which was classified as critical, has been 
found in W ...)
+       TODO: check
+CVE-2025-3661 (The SB Chart block plugin for WordPress is vulnerable to Stored 
Cross- ...)
+       TODO: check
 CVE-2025-43901
        REJECTED
 CVE-2025-43900
@@ -6305,16 +6357,19 @@ CVE-2025-0676 (This vulnerability involves command 
injection in tcpdump within M
 CVE-2025-0415 (A remote attacker with web administrator privileges can exploit 
the de ...)
        NOT-FOR-US: Moxa
 CVE-2024-45700 (Zabbix server is vulnerable to a DoS vulnerability due to 
uncontrolled ...)
+       {DLA-4131-1}
        - zabbix 1:7.0.10+dfsg-1
        NOTE: https://support.zabbix.com/browse/ZBX-26253
        NOTE: Fixed by (merge commit): 
https://github.com/zabbix/zabbix/commit/c0757920b12922eaafca2abe7318446b5c5fefaa
 (7.0.10rc1)
        NOTE: Fixed by (merge commit): 
https://github.com/zabbix/zabbix/commit/f3d13f079d9e8764b407876f50fde2f06088ea0d
 (6.0.39rc1)
 CVE-2024-45699 (The endpoint /zabbix.php?action=export.valuemaps suffers from 
a Cross- ...)
+       {DLA-4131-1}
        - zabbix 1:7.0.9+dfsg-1
        NOTE: https://support.zabbix.com/browse/ZBX-26254
        NOTE: Fixed by: 
https://github.com/zabbix/zabbix/commit/4c2cf43fade6ea6239f9cba32527a547461bdec9
 (7.0.7rc1)
        NOTE: Fixed by (merge commit): 
https://github.com/zabbix/zabbix/commit/6b98ae293a088183b1c1ba0428664d76f98ef36c
 (6.0.37rc1)
 CVE-2024-42325 (Zabbix API user.get returns all users that share common group 
with the ...)
+       {DLA-4131-1}
        - zabbix 1:7.0.9+dfsg-1
        NOTE: https://support.zabbix.com/browse/ZBX-26258
        NOTE: Fixed by (merge commit) 
https://github.com/zabbix/zabbix/commit/652fd57e8d93b2890f7484771d4fdf290a459b11
 (7.0.9rc1)
@@ -6327,6 +6382,7 @@ CVE-2024-39780 (A YAML deserialization vulnerability was 
found in the Robot Oper
        NOTE: https://github.com/ros/dynamic_reconfigure/pull/202
        NOTE: Fixed by: 
https://github.com/ros/dynamic_reconfigure/commit/9975cc8b55b3039115da6662cc7279cc65303844
 CVE-2024-36469 (Execution time for an unsuccessful login differs when using a 
non-exis ...)
+       {DLA-4131-1}
        - zabbix 1:7.0.9+dfsg-1
        NOTE: https://support.zabbix.com/browse/ZBX-26255
        NOTE: Fixed by (merge commit): 
https://github.com/zabbix/zabbix/commit/5193aba71cd6db8f0d7e53f88eb6e6e5b7c88102
 (7.0.9rc1)
@@ -176415,8 +176471,8 @@ CVE-2023-30423
        RESERVED
 CVE-2023-30422
        RESERVED
-CVE-2023-30421
-       RESERVED
+CVE-2023-30421 (mystrtod in mjson 1.2.7 requires more than a billion 
iterations during ...)
+       TODO: check
 CVE-2023-30420
        RESERVED
 CVE-2023-30419
@@ -187401,8 +187457,8 @@ CVE-2023-26821
        RESERVED
 CVE-2023-26820 (siteproxy v1.0 was discovered to contain a path traversal 
vulnerabilit ...)
        NOT-FOR-US: siteproxy
-CVE-2023-26819
-       RESERVED
+CVE-2023-26819 (cJSON 1.7.15 might allow a denial of service via a crafted 
JSON docume ...)
+       TODO: check
 CVE-2023-26818 (Telegram 9.3.1 and 9.4.0 allows attackers to access restricted 
files,  ...)
        NOT-FOR-US: Telegram on MacOS
 CVE-2023-26817 (codefever before 2023.2.7-commit-b1c2e7f was discovered to 
contain a r ...)
@@ -206324,10 +206380,10 @@ CVE-2022-47114
        RESERVED
 CVE-2022-47113
        RESERVED
-CVE-2022-47112
-       RESERVED
-CVE-2022-47111
-       RESERVED
+CVE-2022-47112 (7-Zip 22.01 does not report an error for certain invalid xz 
files, inv ...)
+       TODO: check
+CVE-2022-47111 (7-Zip 22.01 does not report an error for certain invalid xz 
files, inv ...)
+       TODO: check
 CVE-2022-47110
        RESERVED
 CVE-2022-47109



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/109e3ef142d21709e4045d19bfce13eef8736a79

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/109e3ef142d21709e4045d19bfce13eef8736a79
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to