[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Apr 5 09:12:49 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f9381baa by security tracker role at 2025-04-05T08:12:40+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,33 @@
+CVE-2025-3296 (A vulnerability, which was classified as critical, has been found in S ...)
+	TODO: check
+CVE-2025-3268 (A vulnerability has been found in qinguoyi TinyWebServer up to 1.0 and ...)
+	TODO: check
+CVE-2025-32352 (A type confusion vulnerability in lib/NSSAuthenticator.php in ZendTo b ...)
+	TODO: check
+CVE-2025-2941 (The Drag and Drop Multiple File Upload for WooCommerce plugin for Word ...)
+	TODO: check
+CVE-2025-2933 (The Email Notifications for Updates plugin for WordPress is vulnerable ...)
+	TODO: check
+CVE-2025-2889 (The Link Library plugin for WordPress is vulnerable to Stored Cross-Si ...)
+	TODO: check
+CVE-2025-2789 (The MultiVendorX \u2013 Empower Your WooCommerce Store with a Dynamic  ...)
+	TODO: check
+CVE-2025-2544 (The AI Content Pipelines plugin for WordPress is vulnerable to Stored  ...)
+	TODO: check
+CVE-2025-1500 (IBM Maximo Application Suite 9.0 could allow an authenticated user to  ...)
+	TODO: check
+CVE-2025-1233 (The Lafka Plugin for WordPress is vulnerable to unauthorized access du ...)
+	TODO: check
+CVE-2025-0839 (The ZoomSounds plugin for WordPress is vulnerable to Stored Cross-Site ...)
+	TODO: check
+CVE-2025-0810 (The Read More & Accordion plugin for WordPress is vulnerable to Cross- ...)
+	TODO: check
+CVE-2024-13776 (The ZoomSounds - WordPress Wave Audio Player with Playlist plugin for  ...)
+	TODO: check
+CVE-2024-13604 (The KB Support \u2013 Customer Support Ticket & Helpdesk Plugin, Knowl ...)
+	TODO: check
+CVE-2021-47667 (An OS command injection vulnerability in lib/NSSDropoff.php in ZendTo  ...)
+	TODO: check
 CVE-2025-3267 (A vulnerability, which was classified as critical, was found in qinguo ...)
 	NOT-FOR-US: qinguoyi TinyWebServer
 CVE-2025-3266 (A vulnerability, which was classified as critical, has been found in q ...)
@@ -7961,6 +7991,7 @@ CVE-2025-2106 (The ArielBrailovsky-ViralAd plugin for WordPress is vulnerable to
 CVE-2025-2104 (The Page Builder: Pagelayer \u2013 Drag and Drop website builder plugi ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-25293 (ruby-saml provides security assertion markup language (SAML) single si ...)
+	{DLA-4115-1}
 	- ruby-saml <unfixed> (bug #1100441)
 	NOTE: https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-92rq-c8cf-prrq
 	NOTE: Vulnerability might be the result of an incomplete fix for a zipbomb attack.
@@ -7971,11 +8002,13 @@ CVE-2025-25293 (ruby-saml provides security assertion markup language (SAML) sin
 	NOTE: https://github.com/SAML-Toolkits/ruby-saml/commit/c21d6935b43a032701d99e398cbfc551e80bfb72 (v1.13.0)
 	NOTE: https://github.com/SAML-Toolkits/ruby-saml/commit/acac9e9cc0b9a507882c614f25d41f8b47be349a (v1.18.0)
 CVE-2025-25292 (ruby-saml provides security assertion markup language (SAML) single si ...)
+	{DLA-4115-1}
 	- ruby-saml <unfixed> (bug #1100441)
 	NOTE: https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-754f-8gm6-c4r2
 	NOTE: https://github.com/SAML-Toolkits/ruby-saml/commit/e9c1cdbd0f9afa467b585de279db0cbd0fb8ae97 (v1.18.0)
 	NOTE: https://github.com/SAML-Toolkits/ruby-saml/commit/e76c5b36bac40aedbf1ba7ffaaf495be63328cd9 (v1.12.4)
 CVE-2025-25291 (ruby-saml provides security assertion markup language (SAML) single si ...)
+	{DLA-4115-1}
 	- ruby-saml <unfixed> (bug #1100441)
 	NOTE: https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-4vc4-m8qh-g8jm
 	NOTE: https://github.com/SAML-Toolkits/ruby-saml/commit/e9c1cdbd0f9afa467b585de279db0cbd0fb8ae97 (v1.18.0)
@@ -9117,7 +9150,7 @@ CVE-2025-25382 (An issue in the Property Tax Payment Portal in Information Keral
 CVE-2025-25306 (Misskey is an open source, federated social media platform. The patch  ...)
 	NOT-FOR-US: Misskey
 CVE-2025-24813 (Path Equivalence: 'file.Name' (Internal Dot) leading toRemote Code Exe ...)
-	{DLA-4108-1}
+	{DSA-5893-1 DLA-4108-1}
 	- tomcat10 10.1.35-1
 	- tomcat9 9.0.70-2
 	NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server stack, using that as the fixed version
@@ -55352,7 +55385,7 @@ CVE-2024-9936 (When manipulating the selection node cache, an attacker may have
 	- firefox 131.0.3-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-53/#CVE-2024-9936
 CVE-2024-9823 (There exists a security vulnerability in Jetty's DosFilter which can b ...)
-	{DLA-4106-1}
+	{DSA-5894-1 DLA-4106-1}
 	- jetty9 9.4.54-1
 	- jetty <removed>
 	NOTE: https://github.com/jetty/jetty.project/security/advisories/GHSA-7hcf-ppf8-5w5h
@@ -55365,7 +55398,7 @@ CVE-2024-9137 (The affected product lacks an authentication check when sending c
 CVE-2024-8602 (When the XML is read from the codes in the PDF and parsed using a Docu ...)
 	NOT-FOR-US: DocumentBuilder
 CVE-2024-8184 (There exists a security vulnerability in Jetty's ThreadLimitHandler.ge ...)
-	{DLA-4106-1}
+	{DSA-5894-1 DLA-4106-1}
 	- jetty9 9.4.56-1
 	- jetty <removed>
 	NOTE: https://github.com/jetty/jetty.project/security/advisories/GHSA-g8m5-722r-8whq
@@ -55381,7 +55414,7 @@ CVE-2024-6763 (Eclipse Jetty is a lightweight, highly scalable, Java-based web s
 	NOTE: https://github.com/jetty/jetty.project/pull/12012
 	NOTE: https://github.com/jetty/jetty.project/pull/12012#issuecomment-2416450253 (and following)
 CVE-2024-6762 (Jetty PushSessionCacheFilter can be exploited by unauthenticated users ...)
-	{DLA-4106-1}
+	{DSA-5894-1 DLA-4106-1}
 	- jetty9 9.4.54-1 (bug #1085697)
 	- jetty <removed>
 	NOTE: https://github.com/jetty/jetty.project/security/advisories/GHSA-r7m4-f9h5-gr79
@@ -139688,7 +139721,7 @@ CVE-2023-6274 (A vulnerability was found in Byzoro Smart S80 up to 20231108. It
 CVE-2023-6251 (Cross-site Request Forgery (CSRF) in Checkmk < 2.2.0p15, < 2.1.0p37, < ...)
 	- check-mk <removed>
 CVE-2023-49298 (OpenZFS through 2.1.13 and 2.2.x through 2.2.1, in certain scenarios i ...)
-	{DLA-3766-1}
+	{DLA-4114-1 DLA-3766-1}
 	- zfs-linux 2.1.14-1 (bug #1056752)
 	[bookworm] - zfs-linux 2.1.11-1+deb12u1
 	NOTE: https://github.com/openzfs/zfs/issues/15526
@@ -331517,7 +331550,7 @@ CVE-2021-27207
 CVE-2021-27206
 	RESERVED
 CVE-2013-20001 (An issue was discovered in OpenZFS through 2.0.3. When an NFS share is ...)
-	{DLA-3766-1}
+	{DLA-4114-1 DLA-3766-1}
 	[experimental] - zfs-linux 2.2.0-1~exp1
 	- zfs-linux 2.2.2-1 (bug #1059322)
 	[bookworm] - zfs-linux 2.1.11-1+deb12u1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f9381baaf40cbd258ecaa5668761a281d4fa4169

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f9381baaf40cbd258ecaa5668761a281d4fa4169
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250405/d5718914/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list