[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Apr 18 09:12:43 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
75da6fbb by security tracker role at 2025-04-18T08:12:36+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,106 @@
-CVE-2024-42178
+CVE-2025-42599 (Active! mail 6 BuildInfo: 6.60.05008561 and earlier contains a stack-b ...)
+	TODO: check
+CVE-2025-40325 (In the Linux kernel, the following vulnerability has been resolved:  m ...)
+	TODO: check
+CVE-2025-40114 (In the Linux kernel, the following vulnerability has been resolved:  i ...)
+	TODO: check
+CVE-2025-40014 (In the Linux kernel, the following vulnerability has been resolved:  o ...)
+	TODO: check
+CVE-2025-3783 (A vulnerability classified as critical was found in SourceCodester Web ...)
+	TODO: check
+CVE-2025-3598 (The Coupon Affiliates \u2013 Affiliate Plugin for WooCommerce plugin f ...)
+	TODO: check
+CVE-2025-3520 (The Avatar plugin for WordPress is vulnerable to arbitrary file deleti ...)
+	TODO: check
+CVE-2025-3509 (A Remote Code Execution (RCE) vulnerability was identified in GitHub E ...)
+	TODO: check
+CVE-2025-3246 (An improper neutralization of input vulnerability was identified in Gi ...)
+	TODO: check
+CVE-2025-3124 (A missing authorization vulnerability was identified in GitHub Enterpr ...)
+	TODO: check
+CVE-2025-39989 (In the Linux kernel, the following vulnerability has been resolved:  x ...)
+	TODO: check
+CVE-2025-39930 (In the Linux kernel, the following vulnerability has been resolved:  A ...)
+	TODO: check
+CVE-2025-39778 (In the Linux kernel, the following vulnerability has been resolved:  o ...)
+	TODO: check
+CVE-2025-39755 (In the Linux kernel, the following vulnerability has been resolved:  s ...)
+	TODO: check
+CVE-2025-39735 (In the Linux kernel, the following vulnerability has been resolved:  j ...)
+	TODO: check
+CVE-2025-39728 (In the Linux kernel, the following vulnerability has been resolved:  c ...)
+	TODO: check
+CVE-2025-39688 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
+	TODO: check
+CVE-2025-39471 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2025-39470 (Path Traversal: '.../...//' vulnerability in ThimPress Ivy School allo ...)
+	TODO: check
+CVE-2025-39469 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-38637 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
+	TODO: check
+CVE-2025-38575 (In the Linux kernel, the following vulnerability has been resolved:  k ...)
+	TODO: check
+CVE-2025-38479 (In the Linux kernel, the following vulnerability has been resolved:  d ...)
+	TODO: check
+CVE-2025-38240 (In the Linux kernel, the following vulnerability has been resolved:  d ...)
+	TODO: check
+CVE-2025-38152 (In the Linux kernel, the following vulnerability has been resolved:  r ...)
+	TODO: check
+CVE-2025-38104 (In the Linux kernel, the following vulnerability has been resolved:  d ...)
+	TODO: check
+CVE-2025-38049 (In the Linux kernel, the following vulnerability has been resolved:  x ...)
+	TODO: check
+CVE-2025-37925 (In the Linux kernel, the following vulnerability has been resolved:  j ...)
+	TODO: check
+CVE-2025-37893 (In the Linux kernel, the following vulnerability has been resolved:  L ...)
+	TODO: check
+CVE-2025-37860 (In the Linux kernel, the following vulnerability has been resolved:  s ...)
+	TODO: check
+CVE-2025-37785 (In the Linux kernel, the following vulnerability has been resolved:  e ...)
+	TODO: check
+CVE-2025-2613 (The Login Manager \u2013 Design Login Page, View Login Activity, Limit ...)
+	TODO: check
+CVE-2025-2162 (The MapPress Maps for WordPress plugin before 2.94.10 does not sanitis ...)
+	TODO: check
+CVE-2025-29461 (An issue in a-blogcms 3.1.15 allows a remote attacker to obtain sensit ...)
+	TODO: check
+CVE-2025-29460 (An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive i ...)
+	TODO: check
+CVE-2025-29459 (An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive i ...)
+	TODO: check
+CVE-2025-29458 (An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive i ...)
+	TODO: check
+CVE-2025-29457 (An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive i ...)
+	TODO: check
+CVE-2025-29456 (An issue in personal-management-system Personal Management System 1.4. ...)
+	TODO: check
+CVE-2025-29455 (An issue in personal-management-system Personal Management System 1.4. ...)
+	TODO: check
+CVE-2025-29454 (An issue in personal-management-system Personal Management System 1.4. ...)
+	TODO: check
+CVE-2025-29453 (An issue in personal-management-system Personal Management System 1.4. ...)
+	TODO: check
+CVE-2025-29452 (An issue in Seo Panel 4.11.0 allows a remote attacker to obtain sensit ...)
+	TODO: check
+CVE-2025-29451 (An issue in Seo Panel 4.11.0 allows a remote attacker to obtain sensit ...)
+	TODO: check
+CVE-2025-29450 (An issue in twonav v.2.1.18-20241105 allows a remote attacker to obtai ...)
+	TODO: check
+CVE-2025-29449 (An issue in twonav v.2.1.18-20241105 allows a remote attacker to obtai ...)
+	TODO: check
+CVE-2025-25427 (A Stored cross-site scripting (XSS) vulnerability in upnp page of the  ...)
+	TODO: check
+CVE-2025-1863 (Insecure default settings have been found in recorder products provide ...)
+	TODO: check
+CVE-2025-0467 (Kernel software installed and running inside a Guest VM may exploit me ...)
+	TODO: check
+CVE-2024-26014
+	REJECTED
+CVE-2024-13650 (The Piotnet Addons For Elementor plugin for WordPress is vulnerable to ...)
+	TODO: check
+CVE-2024-42178 (HCL MyXalytics is affected by a failure to restrict URL access vulnera ...)
 	NOT-FOR-US: HCL MyXalytics
 CVE-2025-43015 (In JetBrains RubyMine before 2025.1 remote Interpreter overwrote ports ...)
 	NOT-FOR-US: JetBrains
@@ -3945,6 +4047,7 @@ CVE-2024-26013 (A improper restriction of communication channel to intended endp
 CVE-2023-37930 (Multiple issues including the use of uninitialized ressources [CWE-908 ...)
 	NOT-FOR-US: Fortinet
 CVE-2025-32460 (GraphicsMagick before 8e56520 has a heap-based buffer over-read in Rea ...)
+	{DSA-5905-1}
 	- graphicsmagick 1.4+really1.3.45+hg17696-1
 	[bullseye] - graphicsmagick <not-affected> (Vulnerable code only introduced in 1.3.38)
 	NOTE: https://foss.heptapod.net/graphicsmagick/graphicsmagick/-/commit/8e56520435df50f618a03f2721a39a70a515f1cb
@@ -14463,6 +14566,7 @@ CVE-2025-27796 (ReadWPGImage in WPG in GraphicsMagick before 1.3.46 mishandles p
 	NOTE: Fixed by: https://foss.heptapod.net/graphicsmagick/graphicsmagick/-/commit/883ebf8cae6dfa5873d975fe3476b1a188ef3f9f
 	NOTE: https://sourceforge.net/p/graphicsmagick/mailman/message/59169987/
 CVE-2025-27795 (ReadJXLImage in JXL in GraphicsMagick before 1.3.46 lacks image dimens ...)
+	{DSA-5905-1}
 	- graphicsmagick 1.4+really1.3.45+hg17689-1 (bug #1099955)
 	[bullseye] - graphicsmagick <not-affected> (Vulnerable code only introduced in 1.3.38)
 	NOTE: https://foss.heptapod.net/graphicsmagick/graphicsmagick/-/commit/9bbae7314e3c3b19b830591010ed90bb136b9c42



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/75da6fbb16657241e69b88384a1717ef83fdf95c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/75da6fbb16657241e69b88384a1717ef83fdf95c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250418/9ea8ec1a/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list