[Git][security-tracker-team/security-tracker][master] automatic update

Thu Apr 10 09:12:11 BST 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b7648af6 by security tracker role at 2025-04-10T08:12:03+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,67 @@
+CVE-2025-3489 (A vulnerability was found in Nababur Simple-User-Management-System 1.0 ...)
+	TODO: check
+CVE-2025-3417 (The Embedder plugin for WordPress is vulnerable to unauthorized modifi ...)
+	TODO: check
+CVE-2025-3102 (The SureTriggers: All-in-One Automation Platform plugin for WordPress  ...)
+	TODO: check
+CVE-2025-3023
+	REJECTED
+CVE-2025-32728 (In sshd in OpenSSH before 10.0, the DisableForwarding directive does n ...)
+	TODO: check
+CVE-2025-32387 (Helm is a package manager for Charts for Kubernetes. A JSON Schema fil ...)
+	TODO: check
+CVE-2025-32386 (Helm is a tool for managing Charts. A chart archive file can be crafte ...)
+	TODO: check
+CVE-2025-30660 (An Improper Check for Unusual or Exceptional Conditions vulnerability  ...)
+	TODO: check
+CVE-2025-30659 (An Improper Handling of Length Parameter Inconsistency vulnerability i ...)
+	TODO: check
+CVE-2025-30658 (A Missing Release of Memory after Effective Lifetime vulnerability in  ...)
+	TODO: check
+CVE-2025-30657 (An Improper Encoding or Escaping of Output vulnerability in the Sampli ...)
+	TODO: check
+CVE-2025-2873
+	REJECTED
+CVE-2025-2845
+	REJECTED
+CVE-2025-2809 (The azurecurve Shortcodes in Comments plugin for WordPress is vulnerab ...)
+	TODO: check
+CVE-2025-2805 (The ORDER POST plugin for WordPress is vulnerable to arbitrary shortco ...)
+	TODO: check
+CVE-2025-2719 (The Swatchly \u2013 WooCommerce Variation Swatches for Products (produ ...)
+	TODO: check
+CVE-2025-29989 (Dell Client Platform BIOS contains a Security Version Number Mutable t ...)
+	TODO: check
+CVE-2025-29018 (A Stored Cross-Site Scripting (XSS) vulnerability exists in the name p ...)
+	TODO: check
+CVE-2025-27690 (Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.0, contains a u ...)
+	TODO: check
+CVE-2025-26480 (Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.0.0, contains an  ...)
+	TODO: check
+CVE-2025-26479 (Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.0, contains an  ...)
+	TODO: check
+CVE-2025-26330 (Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.1, contains an  ...)
+	TODO: check
+CVE-2025-24375 (Charmed MySQL K8s operator is a Charmed Operator for running MySQL on  ...)
+	TODO: check
+CVE-2025-23378 (Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.0, contains an  ...)
+	TODO: check
+CVE-2025-22471 (Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.1, contains an  ...)
+	TODO: check
+CVE-2025-0539 (In affected Microsoft Windows versions of Octopus Deploy, the server c ...)
+	TODO: check
+CVE-2024-58136 (Yii 2 before 2.0.52 mishandles the attaching of behavior that is defin ...)
+	TODO: check
+CVE-2024-38865 (Improper neutralization of livestatus command delimiters in a specific ...)
+	TODO: check
+CVE-2024-13909 (The Accredible Certificates & Open Badges plugin for WordPress is vuln ...)
+	TODO: check
+CVE-2024-13896 (The WP-GeSHi-Highlight \u2014 rock-solid syntax highlighting for 259 l ...)
+	TODO: check
+CVE-2024-13874 (The Feedify  WordPress plugin before 2.4.6 does not sanitise and escap ...)
+	TODO: check
+CVE-2024-10894 (The Payment Forms for Paystack plugin for WordPress is vulnerable to S ...)
+	TODO: check
 CVE-2025-2761 [GIMP FLI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability]
 	- gimp 3.0.0-1
 	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-25-204/
@@ -76762,13 +76826,16 @@ CVE-2024-0857 (Improper Neutralization of Special Elements used in an SQL Comman
 	NOT-FOR-US: Universal Software Inc. FlexWater Corporate Water Management
 CVE-2023-50304 (IBM Engineering Requirements Management DOORS Web Access 9.7.2.8 is vu ...)
 	NOT-FOR-US: IBM
-CVE-2023-40704 (Philips Vue PACS uses default credentials for potentially critical fun ...)
+CVE-2023-40704 (The product does not require unique and complex passwords to be create ...)
 	NOT-FOR-US: Philips Vue PACS
-CVE-2023-40539 (Philips Vue PACS does not require that users have strong passwords, wh ...)
+CVE-2023-40539
+	REJECTED
 	NOT-FOR-US: Philips Vue PACS
-CVE-2023-40223 (Philips Vue PACS does not properly assign, modify, track, or check act ...)
+CVE-2023-40223
+	REJECTED
 	NOT-FOR-US: Philips Vue PACS
-CVE-2023-40159 (A validated user not explicitly authorized to have access to certain s ...)
+CVE-2023-40159
+	REJECTED
 	NOT-FOR-US: Philips Vue PACS
 CVE-2024-6705 (The RegLevel plugin for WordPress is vulnerable to Stored Cross-Site S ...)
 	NOT-FOR-US: WordPress plugin



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7648af6c26f35247f0bf9b3303cbec696068a3c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7648af6c26f35247f0bf9b3303cbec696068a3c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250410/46c4fd16/attachment.htm>
