[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b03407c2 by security tracker role at 2025-04-09T08:12:02+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,61 @@
+CVE-2025-3442 (This vulnerability exists in TP-Link TapoH200 V1  IoT Smart Hub due to ...)
+	TODO: check
+CVE-2025-3100 (The WP Project Manager \u2013 Task, team, and project management plugi ...)
+	TODO: check
+CVE-2025-32464 (HAProxy 2.2 through 3.1.6, in certain uncommon configurations, has a s ...)
+	TODO: check
+CVE-2025-32461 (wikiplugin_includetpl in lib/wiki-plugins/wikiplugin_includetpl.php in ...)
+	TODO: check
+CVE-2025-30294 (ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected  ...)
+	TODO: check
+CVE-2025-30293 (ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected  ...)
+	TODO: check
+CVE-2025-30292 (ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected  ...)
+	TODO: check
+CVE-2025-30290 (ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected  ...)
+	TODO: check
+CVE-2025-30289 (ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected  ...)
+	TODO: check
+CVE-2025-30288 (ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected  ...)
+	TODO: check
+CVE-2025-30287 (ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected  ...)
+	TODO: check
+CVE-2025-30284 (ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected  ...)
+	TODO: check
+CVE-2025-30282 (ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected  ...)
+	TODO: check
+CVE-2025-30281 (ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected  ...)
+	TODO: check
+CVE-2025-29988 (Dell Client Platform BIOS contains a Stack-based Buffer Overflow Vulne ...)
+	TODO: check
+CVE-2025-27192 (Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4. ...)
+	TODO: check
+CVE-2025-27191 (Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4. ...)
+	TODO: check
+CVE-2025-27190 (Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4. ...)
+	TODO: check
+CVE-2025-27189 (Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4. ...)
+	TODO: check
+CVE-2025-27188 (Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4. ...)
+	TODO: check
+CVE-2025-25013 (Improper restriction of environment variables in Elastic Defend can le ...)
+	TODO: check
+CVE-2025-24447 (ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected  ...)
+	TODO: check
+CVE-2025-24446 (ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected  ...)
+	TODO: check
+CVE-2025-20952 (Improper access control in Mdecservice prior to SMR Apr-2025 Release 1 ...)
+	TODO: check
+CVE-2024-8243 (The WordPress/Plugin Upgrade Time Out Plugin WordPress plugin through  ...)
+	TODO: check
+CVE-2024-6860 (The WP MultiTasking  WordPress plugin through 0.1.12 does not have CSR ...)
+	TODO: check
+CVE-2024-6857 (The WP MultiTasking  WordPress plugin through 0.1.12 does not have CSR ...)
+	TODO: check
+CVE-2024-55354 (Lucee before 5.4.7.3 LTS and 6 before 6.1.1.118, when an attacker can  ...)
+	TODO: check
+CVE-2024-12556 (Prototype Pollution in Kibana can lead to code injection via unrestric ...)
+	TODO: check
 CVE-2025-3437 (The Motors \u2013 Car Dealership & Classified Listings Plugin plugin f ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-3436 (The coreActivity: Activity Logging for WordPress plugin for WordPress  ...)
@@ -480,7 +538,7 @@ CVE-2024-26013 (A improper restriction of communication channel to intended endp
 	NOT-FOR-US: Fortinet
 CVE-2023-37930 (Multiple issues including the use of uninitialized ressources [CWE-908 ...)
 	NOT-FOR-US: Fortinet
-CVE-2025-32460 [Heap-buffer-overflow in ImportViewPixelArea()]
+CVE-2025-32460 (GraphicsMagick before 8e56520 has a heap-based buffer over-read in Rea ...)
 	- graphicsmagick 1.4+really1.3.45+hg17696-1
 	NOTE: https://foss.heptapod.net/graphicsmagick/graphicsmagick/-/commit/8e56520435df50f618a03f2721a39a70a515f1cb
 CVE-2025-31672
@@ -1164,7 +1222,7 @@ CVE-2024-57868 (Web::API 2.8 and earlier for Perl uses the rand() function as th
 	NOTE: https://lists.security.metacpan.org/cve-announce/msg/28503730/
 CVE-2025-30473 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	NOT-FOR-US: Apache Airflow SQL provider
-CVE-2025-3416 [RUSTSEC-2025-0022]
+CVE-2025-3416 (A flaw was found in OpenSSL's handling of the properties argument in c ...)
 	- rust-openssl 0.10.72-1 (bug #1102137)
 	NOTE: https://rustsec.org/advisories/RUSTSEC-2025-0022.html
 	NOTE: https://github.com/sfackler/rust-openssl/pull/2390
@@ -1967,7 +2025,7 @@ CVE-2025-31115 (XZ Utils provide a general-purpose data-compression library plus
 	NOTE: https://www.openwall.com/lists/oss-security/2025/04/03/1
 	NOTE: https://tukaani.org/xz/threaded-decoder-early-free.html
 	NOTE: https://github.com/tukaani-project/xz/security/advisories/GHSA-6cc8-p5mm-29w2
-CVE-2025-22871
+CVE-2025-22871 (The net/http package improperly accepts a bare LF as a line terminator ...)
 	- golang-1.23 1.23.8-1
 	- golang-1.24 1.24.2-1
 	- golang-1.19 <removed>



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b03407c231d27ac60afed1871cdb129412091b62

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b03407c231d27ac60afed1871cdb129412091b62
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250409/ea66425f/attachment-0001.htm>