[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Apr 11 21:12:10 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c4a755e5 by security tracker role at 2025-04-11T20:12:03+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,221 @@
+CVE-2025-3439 (The Everest Forms \u2013 Contact Form, Quiz, Survey, Newsletter & Paym ...)
+ TODO: check
+CVE-2025-3434 (The SMTP for Amazon SES \u2013 YaySMTP plugin for WordPress is vulnera ...)
+ TODO: check
+CVE-2025-3422 (The The Everest Forms \u2013 Contact Form, Quiz, Survey, Newsletter & ...)
+ TODO: check
+CVE-2025-3421 (The Everest Forms \u2013 Contact Form, Quiz, Survey, Newsletter & Paym ...)
+ TODO: check
+CVE-2025-32681 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-32672 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-32671 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2025-32663 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-32656 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-32654 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-32650 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-32633 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2025-32632 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-32631 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2025-32629 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2025-32627 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-32618 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-32614 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-32607 (Deserialization of Untrusted Data vulnerability in magepeopleteam WpBo ...)
+ TODO: check
+CVE-2025-32603 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-32601 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-32600 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-32599 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-32598 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-32589 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-32587 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2025-32586 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-32585 (Path Traversal vulnerability in Trusty Plugins Shop Products Filter al ...)
+ TODO: check
+CVE-2025-32579 (Unrestricted Upload of File with Dangerous Type vulnerability in SoftC ...)
+ TODO: check
+CVE-2025-32577 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-32569 (Deserialization of Untrusted Data vulnerability in RealMag777 TableOn ...)
+ TODO: check
+CVE-2025-32568 (Deserialization of Untrusted Data vulnerability in empik EmpikPlace fo ...)
+ TODO: check
+CVE-2025-32567 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-32565 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-32558 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-32553 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-32551 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-32542 (Missing Authorization vulnerability in EazyPlugins Eazy Plugin Manager ...)
+ TODO: check
+CVE-2025-32541 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-32539 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-32538 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-32537 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-32536 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-32534 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-32525 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-32524 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-32523 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-32519 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-32517 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-32509 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2025-32491 (Incorrect Privilege Assignment vulnerability in Rankology Rankology SE ...)
+ TODO: check
+CVE-2025-32427 (Formie is a Craft CMS plugin for creating forms. Prior to 2.1.44, when ...)
+ TODO: check
+CVE-2025-32426 (Formie is a Craft CMS plugin for creating forms. Prior to version 2.1. ...)
+ TODO: check
+CVE-2025-32367 (The Oz Forensics face recognition application before 4.0.8 late 2023 a ...)
+ TODO: check
+CVE-2025-32144 (Deserialization of Untrusted Data vulnerability in PickPlugins Job Boa ...)
+ TODO: check
+CVE-2025-32143 (Deserialization of Untrusted Data vulnerability in PickPlugins Accordi ...)
+ TODO: check
+CVE-2025-32107 (OS command injection vulnerability exists in Deco BE65 Pro firmware ve ...)
+ TODO: check
+CVE-2025-32080 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+ TODO: check
+CVE-2025-32079 (Improper Input Validation vulnerability in The Wikimedia Foundation Me ...)
+ TODO: check
+CVE-2025-32078 (Improper Encoding or Escaping of Output vulnerability in The Wikimedia ...)
+ TODO: check
+CVE-2025-32077 (Improper Input Validation vulnerability in The Wikimedia Foundation Me ...)
+ TODO: check
+CVE-2025-32076 (Improper Input Validation vulnerability in The Wikimedia Foundation Me ...)
+ TODO: check
+CVE-2025-32075 (Improper Input Validation vulnerability in The Wikimedia Foundation Me ...)
+ TODO: check
+CVE-2025-32074 (Improper Encoding or Escaping of Output vulnerability in The Wikimedia ...)
+ TODO: check
+CVE-2025-32073 (Improper Input Validation vulnerability in The Wikimedia Foundation Me ...)
+ TODO: check
+CVE-2025-32072 (Improper Encoding or Escaping of Output vulnerability in The Wikimedia ...)
+ TODO: check
+CVE-2025-32071 (Improper Input Validation vulnerability in The Wikimedia Foundation Me ...)
+ TODO: check
+CVE-2025-32070 (Improper Input Validation vulnerability in The Wikimedia Foundation Me ...)
+ TODO: check
+CVE-2025-32069 (Improper Input Validation vulnerability in The Wikimedia Foundation Me ...)
+ TODO: check
+CVE-2025-32068 (Incorrect Authorization vulnerability in The Wikimedia Foundation Medi ...)
+ TODO: check
+CVE-2025-32067 (Improper Input Validation vulnerability in The Wikimedia Foundation Me ...)
+ TODO: check
+CVE-2025-31935 (Subnet Solutions PowerSYSTEM Center is affected by a mishandling of ...)
+ TODO: check
+CVE-2025-31932 (Deserialization of untrusted data issue exists in BizRobo! all version ...)
+ TODO: check
+CVE-2025-31599 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-31565 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-31379 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-31378 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-31362 (Use of hard-coded cryptographic key issue exists in BizRobo! all versi ...)
+ TODO: check
+CVE-2025-31354 (Subnet Solutions PowerSYSTEM Center's SMTPS notification service can b ...)
+ TODO: check
+CVE-2025-31041 (Missing Authorization vulnerability in NotFound AnyTrack Affiliate Lin ...)
+ TODO: check
+CVE-2025-31040 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-31028 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-31021 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-31015 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-31014 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-2575 (The Z Companion plugin for WordPress is vulnerable to Stored Cross-Sit ...)
+ TODO: check
+CVE-2025-2541 (The WP Project Manager plugin for WordPress is vulnerable to Stored Cr ...)
+ TODO: check
+CVE-2025-2128 (The Cost Calculator Builder plugin for WordPress is vulnerable to time ...)
+ TODO: check
+CVE-2025-23391 (A Incorrect Privilege Assignment vulnerability in SUSE rancher allows ...)
+ TODO: check
+CVE-2025-23389 (A Improper Access Control vulnerability in SUSE rancher allows a local ...)
+ TODO: check
+CVE-2025-23388 (A Stack-based Buffer Overflow vulnerability in SUSE rancher allows for ...)
+ TODO: check
+CVE-2025-23387 (A Exposure of Sensitive Information to an Unauthorized Actor vulnerabi ...)
+ TODO: check
+CVE-2025-0123 (A vulnerability in the Palo Alto Networks PAN-OS\xae software enables ...)
+ TODO: check
+CVE-2025-0119 (A command injection vulnerabilityin the Palo Alto Networks Cortex XDR\ ...)
+ TODO: check
+CVE-2024-52282 (A Exposure of Sensitive Information to an Unauthorized Actor vulnerabi ...)
+ TODO: check
+CVE-2024-52280 (A Exposure of Sensitive Information to an Unauthorized Actor vulnerabi ...)
+ TODO: check
+CVE-2024-13861 (A code injection vulnerability in the Debian package component of Taeg ...)
+ TODO: check
+CVE-2024-11679 (An input validation weakness was reported in the TpmSetup module for s ...)
+ TODO: check
+CVE-2023-42983 (Processing a file may lead to a denial-of-service or potentially discl ...)
+ TODO: check
+CVE-2023-42982 (Processing a file may lead to a denial-of-service or potentially discl ...)
+ TODO: check
+CVE-2023-42981 (Processing a file may lead to a denial-of-service or potentially discl ...)
+ TODO: check
+CVE-2023-42977 (A path handling issue was addressed with improved validation. This iss ...)
+ TODO: check
+CVE-2023-42973 (Private Browsing tabs may be accessed without authentication. This iss ...)
+ TODO: check
+CVE-2023-42970 (A use-after-free issue was addressed with improved memory management. ...)
+ TODO: check
+CVE-2023-42969 (An app may be able to break out of its sandbox. This issue is fixed in ...)
+ TODO: check
+CVE-2023-42961 (A path handling issue was addressed with improved validation. This iss ...)
+ TODO: check
+CVE-2023-42875 (Processing web content may lead to arbitrary code execution. This issu ...)
+ TODO: check
+CVE-2023-41076 (An app may be able to elevate privileges. This issue is fixed in macOS ...)
+ TODO: check
+CVE-2023-38614 (A permissions issue was addressed with additional restrictions. This i ...)
+ TODO: check
CVE-2025-3512 (There is a Heap-based Buffer Overflow vulnerability in QTextMarkdownIm ...)
TODO: check
CVE-2025-32816 (CodeLit CourseLit before 0.57.5 allows Parameter Tampering via a payme ...)
@@ -146703,7 +146921,7 @@ CVE-2023-41255 (The vulnerability allows an unprivileged user with access to the
NOT-FOR-US: Bosch
CVE-2023-41254 (A privacy issue was addressed with improved private data redaction for ...)
NOT-FOR-US: Apple
-CVE-2023-41077 (The issue was addressed with improved checks. This issue is fixed in m ...)
+CVE-2023-41077 (An app may be able to access protected user data. This issue is fixed ...)
NOT-FOR-US: Apple
CVE-2023-41072 (A privacy issue was addressed with improved private data redaction for ...)
NOT-FOR-US: Apple
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c4a755e553f028e7de0d88104e5bc6be282d2530
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c4a755e553f028e7de0d88104e5bc6be282d2530
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250411/a5e012be/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list