[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Apr 24 09:12:11 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
80d9ac01 by security tracker role at 2025-04-24T08:12:03+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,65 @@
+CVE-2025-46419 (Westermo WeOS 5 through 5.23.0 allows a reboot via a malformed ESP pac ...)
+	TODO: check
+CVE-2025-46417 (The unsafe globals in Picklescan before 0.0.25 do not include ssl. Con ...)
+	TODO: check
+CVE-2025-46400 (Segmentation fault in fig2dev in version 3.2.9a allows an attacker to  ...)
+	TODO: check
+CVE-2025-46399 (Segmentation fault in fig2dev in version 3.2.9aallows an attacker to a ...)
+	TODO: check
+CVE-2025-46398 (Stack-overflowin fig2dev in version 3.2.9a allows an attacker possible ...)
+	TODO: check
+CVE-2025-46397 (Stack-overflowin fig2dev in version 3.2.9a allows an attacker possible ...)
+	TODO: check
+CVE-2025-46381
+	REJECTED
+CVE-2025-46380
+	REJECTED
+CVE-2025-46379
+	REJECTED
+CVE-2025-46378
+	REJECTED
+CVE-2025-46377
+	REJECTED
+CVE-2025-46376
+	REJECTED
+CVE-2025-46375
+	REJECTED
+CVE-2025-46374
+	REJECTED
+CVE-2025-41423 (Mattermost versions 10.4.x <= 10.4.2, 10.5.x <= 10.5.0, 9.11.x <= 9.11 ...)
+	TODO: check
+CVE-2025-41395 (Mattermost versions 10.4.x <= 10.4.2, 10.5.x <= 10.5.0, 9.11.x <= 9.11 ...)
+	TODO: check
+CVE-2025-3761 (The My Tickets \u2013 Accessible Event Ticketing plugin for WordPress  ...)
+	TODO: check
+CVE-2025-3435 (The Mang Board WP plugin for WordPress is vulnerable to Stored Cross-S ...)
+	TODO: check
+CVE-2025-35965 (Mattermost versions 10.4.x <= 10.4.2, 10.5.x <= 10.5.0, 9.11.x <= 9.11 ...)
+	TODO: check
+CVE-2025-32730 (Use of hard-coded cryptographic key vulnerability in i-PRO Configurati ...)
+	TODO: check
+CVE-2025-2558 (The-wound WordPress theme through 0.0.1 does not validate some paramet ...)
+	TODO: check
+CVE-2025-27581 (NIH BRICS (aka Biomedical Research Informatics Computing System) throu ...)
+	TODO: check
+CVE-2025-27580 (NIH BRICS (aka Biomedical Research Informatics Computing System) throu ...)
+	TODO: check
+CVE-2025-25046 (IBM InfoSphere Information Server 11.7DataStage Flow Designer  transmi ...)
+	TODO: check
+CVE-2025-25045 (IBM InfoSphere Information 11.7 Server authenticated user to obtain se ...)
+	TODO: check
+CVE-2025-1976 (Brocade Fabric OS versions starting with 9.1.0 have root access remove ...)
+	TODO: check
+CVE-2025-1908 (An issue has been discovered in GitLab EE/CE that could allow an attac ...)
+	TODO: check
+CVE-2025-1453 (The Category Posts Widget WordPress plugin before 4.9.20 does not sani ...)
+	TODO: check
+CVE-2025-0639 (An issue has been discovered affecting service availability via issue  ...)
+	TODO: check
+CVE-2024-22351 (IBM InfoSphere Information 11.7 Server does not invalidate session aft ...)
+	TODO: check
+CVE-2024-12244 (An issue has been discovered in access controls could allow users to v ...)
+	TODO: check
 CVE-2025-46394 (In tar in BusyBox through 1.37.0, a TAR archive can have filenames hid ...)
 	- busybox <unfixed> (bug #1104008)
 	NOTE: https://bugs.busybox.net/show_bug.cgi?id=16018
@@ -2965,6 +3027,7 @@ CVE-2025-32780 (BleachBit cleans files to free disk space and to maintain privac
 CVE-2025-32779 (E.D.D.I (Enhanced Dialog Driven Interface) is a middleware to connect  ...)
 	NOT-FOR-US: E.D.D.I (Enhanced Dialog Driven Interface) middleware
 CVE-2025-32776 (OpenRazer is an open source driver and user-space daemon to control Ra ...)
+	{DLA-4136-1}
 	- openrazer 3.10.2+dfsg-1
 	NOTE: https://github.com/openrazer/openrazer/security/advisories/GHSA-835j-6976-46jx
 	NOTE: https://github.com/openrazer/openrazer/issues/2433
@@ -4384,6 +4447,7 @@ CVE-2025-3442 (This vulnerability exists in TP-Link TapoH200 V1  IoT Smart Hub d
 CVE-2025-3100 (The WP Project Manager \u2013 Task, team, and project management plugi ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-32464 (HAProxy 2.2 through 3.1.6, in certain uncommon configurations, has a s ...)
+	{DLA-4135-1}
 	[experimental] - haproxy 3.1.7-1
 	- haproxy <unfixed> (bug #1102673)
 	NOTE: Introduced with: https://github.com/haproxy/haproxy/commit/07e1e3c93e74e44389545e457f0e1ff2e807cb9a (v2.2-dev3)
@@ -101902,7 +101966,7 @@ CVE-2024-30001 (Windows Mobile Broadband Driver Remote Code Execution Vulnerabil
 	NOT-FOR-US: Microsoft
 CVE-2024-30000 (Windows Mobile Broadband Driver Remote Code Execution Vulnerability)
 	NOT-FOR-US: Microsoft
-CVE-2024-2637 (An Uncontrolled Search Path Element vulnerability in B&R Industrial Au ...)
+CVE-2024-2637 (An Uncontrolled Search Path Element vulnerabilityin B&R Industrial Aut ...)
 	NOT-FOR-US: BR Automation
 CVE-2024-29999 (Windows Mobile Broadband Driver Remote Code Execution Vulnerability)
 	NOT-FOR-US: Microsoft
@@ -261420,16 +261484,19 @@ CVE-2022-29025
 CVE-2022-29024
 	RESERVED
 CVE-2022-29023 (A buffer overflow vulnerability exists in the razermouse driver of Ope ...)
+	{DLA-4136-1}
 	- openrazer 3.3.0+dfsg-1 (unimportant)
 	NOTE: https://github.com/openrazer/openrazer/pull/1790
 	NOTE: https://github.com/openrazer/openrazer/commit/7e8a04feb378a679f1bcdcae079a5100cc45663b (v3.3.0)
 	NOTE: Negligible security impact
 CVE-2022-29022 (A buffer overflow vulnerability exists in the razeraccessory driver of ...)
+	{DLA-4136-1}
 	- openrazer 3.3.0+dfsg-1 (unimportant)
 	NOTE: https://github.com/openrazer/openrazer/pull/1790
 	NOTE: https://github.com/openrazer/openrazer/commit/7e8a04feb378a679f1bcdcae079a5100cc45663b (v3.3.0)
 	NOTE: Negligible security impact
 CVE-2022-29021 (A buffer overflow vulnerability exists in the razerkbd driver of OpenR ...)
+	{DLA-4136-1}
 	- openrazer 3.3.0+dfsg-1 (unimportant)
 	NOTE: https://github.com/openrazer/openrazer/pull/1790
 	NOTE: https://github.com/openrazer/openrazer/commit/7e8a04feb378a679f1bcdcae079a5100cc45663b (v3.3.0)
@@ -278710,6 +278777,7 @@ CVE-2022-23468 (xrdp is an open source project which provides a graphical login
 	NOTE: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-8c2f-mw8m-qpx6
 	NOTE: https://github.com/neutrinolabs/xrdp/commit/43cf272b1138462c1bdfc48ef7e9142208194382
 CVE-2022-23467 (OpenRazer is an open source driver and user-space daemon to control Ra ...)
+	{DLA-4136-1}
 	- openrazer 3.5.1+dfsg-1
 	[buster] - openrazer <no-dsa> (Minor issue)
 	NOTE: https://github.com/openrazer/openrazer/security/advisories/GHSA-39hg-jvc9-fg7h



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/80d9ac019575bad8f8ddc011cae8521478770902

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/80d9ac019575bad8f8ddc011cae8521478770902
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250424/2c7c15bd/attachment.htm>

More information about the debian-security-tracker-commits mailing list