[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Feb 7 20:12:05 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
28c18f13 by security tracker role at 2025-02-07T20:11:59+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,185 @@
+CVE-2025-25183 (vLLM is a high-throughput and memory-efficient inference and serving e ...)
+ TODO: check
+CVE-2025-25168 (Cross-Site Request Forgery (CSRF) vulnerability in blackandwhitedigita ...)
+ TODO: check
+CVE-2025-25167 (Missing Authorization vulnerability in blackandwhitedigital BookPress ...)
+ TODO: check
+CVE-2025-25166 (Cross-Site Request Forgery (CSRF) vulnerability in gabrieldarezzo InLo ...)
+ TODO: check
+CVE-2025-25163 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2025-25160 (Cross-Site Request Forgery (CSRF) vulnerability in Mark Barnes Style T ...)
+ TODO: check
+CVE-2025-25159 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-25156 (Cross-Site Request Forgery (CSRF) vulnerability in Stanko Metodiev Quo ...)
+ TODO: check
+CVE-2025-25155 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2025-25154 (Cross-Site Request Forgery (CSRF) vulnerability in scweber Custom Comm ...)
+ TODO: check
+CVE-2025-25153 (Cross-Site Request Forgery (CSRF) vulnerability in djjmz Simple Auto T ...)
+ TODO: check
+CVE-2025-25152 (Cross-Site Request Forgery (CSRF) vulnerability in LukaszWiecek Smart ...)
+ TODO: check
+CVE-2025-25151 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-25149 (Cross-Site Request Forgery (CSRF) vulnerability in Danillo Nunes Login ...)
+ TODO: check
+CVE-2025-25148 (Cross-Site Request Forgery (CSRF) vulnerability in ElbowRobo Read More ...)
+ TODO: check
+CVE-2025-25147 (Cross-Site Request Forgery (CSRF) vulnerability in Phillip.Gooch Auto ...)
+ TODO: check
+CVE-2025-25146 (Cross-Site Request Forgery (CSRF) vulnerability in saleandro Songkick ...)
+ TODO: check
+CVE-2025-25145 (Cross-Site Request Forgery (CSRF) vulnerability in jordan.hatch Infusi ...)
+ TODO: check
+CVE-2025-25144 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-25143 (Cross-Site Request Forgery (CSRF) vulnerability in ibasit GlobalQuran ...)
+ TODO: check
+CVE-2025-25141 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-25140 (Cross-Site Request Forgery (CSRF) vulnerability in Scriptonite Simple ...)
+ TODO: check
+CVE-2025-25139 (Cross-Site Request Forgery (CSRF) vulnerability in Cynob IT Consultanc ...)
+ TODO: check
+CVE-2025-25138 (Cross-Site Request Forgery (CSRF) vulnerability in Rishi On Page SEO + ...)
+ TODO: check
+CVE-2025-25136 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-25135 (Cross-Site Request Forgery (CSRF) vulnerability in Victor Barkalov Cus ...)
+ TODO: check
+CVE-2025-25128 (Cross-Site Request Forgery (CSRF) vulnerability in orlandolac Facilita ...)
+ TODO: check
+CVE-2025-25126 (Cross-Site Request Forgery (CSRF) vulnerability in zmseo ZMSEO allows ...)
+ TODO: check
+CVE-2025-25125 (Cross-Site Request Forgery (CSRF) vulnerability in CyrilG Fyrebox Quiz ...)
+ TODO: check
+CVE-2025-25123 (Cross-Site Request Forgery (CSRF) vulnerability in xdark Easy Related ...)
+ TODO: check
+CVE-2025-25120 (Missing Authorization vulnerability in Melodic Media Slide Banners all ...)
+ TODO: check
+CVE-2025-25117 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-25116 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-25111 (Cross-Site Request Forgery (CSRF) vulnerability in WP Spell Check WP S ...)
+ TODO: check
+CVE-2025-25110 (Missing Authorization vulnerability in Metagauss Event Kikfyre allows ...)
+ TODO: check
+CVE-2025-25107 (Cross-Site Request Forgery (CSRF) vulnerability in sainwp OneStore Sit ...)
+ TODO: check
+CVE-2025-25106 (Cross-Site Request Forgery (CSRF) vulnerability in FancyWP Starter Tem ...)
+ TODO: check
+CVE-2025-25105 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-25104 (Cross-Site Request Forgery (CSRF) vulnerability in mraliende URL-Previ ...)
+ TODO: check
+CVE-2025-25103 (Cross-Site Request Forgery (CSRF) vulnerability in bnielsen Indeed API ...)
+ TODO: check
+CVE-2025-25101 (Cross-Site Request Forgery (CSRF) vulnerability in MetricThemes Munk S ...)
+ TODO: check
+CVE-2025-25098 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-25097 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-25096 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-25095 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-25094 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-25093 (Cross-Site Request Forgery (CSRF) vulnerability in paulswarthout Child ...)
+ TODO: check
+CVE-2025-25091 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-25088 (Cross-Site Request Forgery (CSRF) vulnerability in blackus3r WP Keywor ...)
+ TODO: check
+CVE-2025-25085 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-25082 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-25081 (Missing Authorization vulnerability in DeannaS Embed RSS allows Exploi ...)
+ TODO: check
+CVE-2025-25080 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-25079 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-25078 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-25077 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-25076 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-25075 (Cross-Site Request Forgery (CSRF) vulnerability in Venugopal Show noti ...)
+ TODO: check
+CVE-2025-25074 (Cross-Site Request Forgery (CSRF) vulnerability in Nirmal Kumar Ram WP ...)
+ TODO: check
+CVE-2025-25073 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-25072 (Cross-Site Request Forgery (CSRF) vulnerability in thunderbax WP Admin ...)
+ TODO: check
+CVE-2025-25071 (Cross-Site Request Forgery (CSRF) vulnerability in topplugins Vignette ...)
+ TODO: check
+CVE-2025-25069 (A Cross-Protocol Scripting vulnerability is found in Apache Kvrocks. ...)
+ TODO: check
+CVE-2025-24980 (pimcore/admin-ui-classic-bundle provides a Backend UI for Pimcore. In ...)
+ TODO: check
+CVE-2025-1108 (Insufficient data authenticity verification vulnerability in Janto, ve ...)
+ TODO: check
+CVE-2025-1107 (Unverified password change vulnerability in Janto, versions prior to r ...)
+ TODO: check
+CVE-2025-1106 (A vulnerability classified as critical has been found in CmsEasy 7.7.7 ...)
+ TODO: check
+CVE-2025-1105 (A vulnerability was found in SiberianCMS 4.20.6. It has been rated as ...)
+ TODO: check
+CVE-2025-1104 (A vulnerability has been found in D-Link DHP-W310AV 1.04 and classifie ...)
+ TODO: check
+CVE-2025-1103 (A vulnerability, which was classified as problematic, was found in D-L ...)
+ TODO: check
+CVE-2025-1077 (A security vulnerability has been identified in the IBL Software Engin ...)
+ TODO: check
+CVE-2025-0307
+ REJECTED
+CVE-2025-0304 (in OpenHarmony v4.1.2 and prior versions allow a local attacker cause ...)
+ TODO: check
+CVE-2025-0303 (in OpenHarmony v4.1.2 and prior versions allow a local attacker cause ...)
+ TODO: check
+CVE-2025-0302 (in OpenHarmony v4.1.2 and prior versions allow a local attacker cause ...)
+ TODO: check
+CVE-2024-9664 (The WP All Import Pro plugin for WordPress is vulnerable to PHP Object ...)
+ TODO: check
+CVE-2024-9661 (The WP All Import Pro plugin for WordPress is vulnerable to Cross-Site ...)
+ TODO: check
+CVE-2024-7425 (The WP ALL Export Pro plugin for WordPress is vulnerable to unauthoriz ...)
+ TODO: check
+CVE-2024-7419 (The WP ALL Export Pro plugin for WordPress is vulnerable to Remote Cod ...)
+ TODO: check
+CVE-2024-57707 (An issue in DataEase v1 allows an attacker to execute arbitrary code v ...)
+ TODO: check
+CVE-2024-57249 (Incorrect Access Control in the Preview Function of Gleamtech FileVist ...)
+ TODO: check
+CVE-2024-57248 (Directory Traversal in File Upload in Gleamtech FileVista 9.2.0.0 allo ...)
+ TODO: check
+CVE-2024-55214 (Local File Inclusion vulnerability in dhtmlxFileExplorer v.8.4.6 allow ...)
+ TODO: check
+CVE-2024-55213 (Directory Traversal vulnerability in dhtmlxFileExplorer v.8.4.6 allows ...)
+ TODO: check
+CVE-2024-52884 (An issue was discovered in AudioCodes Mediant Session Border Controlle ...)
+ TODO: check
+CVE-2024-52883 (An issue was discovered in AudioCodes One Voice Operations Center (OVO ...)
+ TODO: check
+CVE-2024-52882 (An issue was discovered in AudioCodes One Voice Operations Center (OVO ...)
+ TODO: check
+CVE-2024-52881 (An issue was discovered in AudioCodes One Voice Operations Center (OVO ...)
+ TODO: check
+CVE-2024-48091 (Tally Prime Edit Log v2.1 was discovered to contain a DLL hijacking vu ...)
+ TODO: check
+CVE-2024-35106 (NEXTU FLETA AX1500 WIFI6 v1.0.3 was discovered to contain a buffer ove ...)
+ TODO: check
+CVE-2024-10383 (An issue has been discovered in the gitlab-web-ide-vscode-fork compone ...)
+ TODO: check
CVE-2025-24032
- pam-pkcs11 <unfixed>
NOTE: https://github.com/OpenSC/pam_pkcs11/commit/b665b287ff955bbbd9539252ff9f9e2754c3fb48 (pam_pkcs11-0.6.13)
@@ -1258,7 +1440,7 @@ CVE-2025-0366 (The Jupiter X Core plugin for WordPress is vulnerable to Local Fi
NOT-FOR-US: WordPress plugin
CVE-2025-0365 (The Jupiter X Core plugin for WordPress is vulnerable to Directory Tra ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-57587 (EasyVirt DCScope 8.6.0 and earlier and co2Scope 1.3.0 and earlier are ...)
+CVE-2024-57587 (Multiple SQL injection vulnerabilities in EasyVirt DCScope <= 8.6.0 an ...)
NOT-FOR-US: EasyVirt DCScope
CVE-2024-57435 (In macrozheng mall-tiny 1.0.1, an attacker can send null data through ...)
NOT-FOR-US: macrozheng mall-tiny
@@ -1270,11 +1452,11 @@ CVE-2024-55062 (EasyVirt DCScope 8.6.0 and earlier and co2Scope 1.3.0 and earlie
NOT-FOR-US: EasyVirt DCScope
CVE-2024-53357 (In EasyVirt DCScope <=8.6.0 and CO2Scope <=1.3.0, the AES encryption k ...)
NOT-FOR-US: EasyVirt DCScope
-CVE-2024-53356 (EasyVirt DCScope <=8.6.0 and CO2Scope <=1.3.0 are vulnerable to privil ...)
+CVE-2024-53356 (Weak JWT Secret vulnerabilitiy in EasyVirt DCScope <= 8.6.0 and CO2Sco ...)
NOT-FOR-US: EasyVirt DCScope
-CVE-2024-53355 (EasyVirt DCScope <=8.6.0 and CO2Scope <=1.3.0 are vulnerable to Incorr ...)
+CVE-2024-53355 (Multiple incorrect access control issues in EasyVirt DCScope <= 8.6.0 ...)
NOT-FOR-US: EasyVirt DCScope
-CVE-2024-53354 (EasyVirt DCScope <=8.6.0 and CO2Scope <=1.3.0 are vulnerable to SQL In ...)
+CVE-2024-53354 (Multiple SQL injection vulnerabilities in EasyVirt DCScope <= 8.6.0 an ...)
NOT-FOR-US: EasyVirt DCScope
CVE-2024-53296 (Dell PowerProtect DD versions prior to 7.10.1.50 and 7.13.1.20 contain ...)
NOT-FOR-US: Dell
@@ -4219,7 +4401,7 @@ CVE-2025-21504 (Vulnerability in the MySQL Server product of Oracle MySQL (compo
CVE-2025-21503 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 8.0.41-1 (bug #1093877)
CVE-2025-21502 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
- {DSA-5857-1 DLA-4037-1}
+ {DSA-5857-1 DLA-4043-1 DLA-4037-1}
- openjdk-8 <unfixed> (bug #1093878)
- openjdk-11 11.0.26+4-1
- openjdk-17 17.0.14+7-1
@@ -241995,10 +242177,10 @@ CVE-2022-26391
RESERVED
CVE-2022-26390 (The Baxter Spectrum Wireless Battery Module (WBM) stores network crede ...)
NOT-FOR-US: Baxter Spectrum Wireless Battery Module (WBM)
-CVE-2022-26389
- RESERVED
-CVE-2022-26388
- RESERVED
+CVE-2022-26389 (An improper access control vulnerability may allow privilege escalatio ...)
+ TODO: check
+CVE-2022-26388 (A use of hard-coded password vulnerability may allow authentication ab ...)
+ TODO: check
CVE-2022-0847 (A flaw was found in the way the "flags" member of the new pipe buffer ...)
{DSA-5092-1}
- linux 5.16.11-1
@@ -273674,10 +273856,10 @@ CVE-2021-41530 (Forcepoint NGFW Engine versions 6.5.11 and earlier, 6.8.6 and ea
NOT-FOR-US: Forcepoint NGFW Engine
CVE-2021-41529
RESERVED
-CVE-2021-41528
- RESERVED
-CVE-2021-41527
- RESERVED
+CVE-2021-41528 (An error when handling authorization related to the import / export in ...)
+ TODO: check
+CVE-2021-41527 (An error related to the 2-factor authorization (2FA) on the RISC Platf ...)
+ TODO: check
CVE-2021-41526 (A vulnerability has been reported in the windows installer (MSI) built ...)
NOT-FOR-US: Flexera
CVE-2021-41525 (An issue related to modification of otherwise restricted files through ...)
@@ -310949,8 +311131,7 @@ CVE-2021-27019 (PuppetDB logging included potentially sensitive system informati
NOTE: https://puppet.com/security/cve/CVE-2021-27019/
CVE-2021-27018 (The mechanism which performs certificate validation was discovered to ...)
NOT-FOR-US: Puppet Remediate
-CVE-2021-27017
- RESERVED
+CVE-2021-27017 (Utilization of a module presented a security risk by allowing the dese ...)
- puppet <not-affected> (Specific to the Puppet 7.x stack)
NOTE: https://puppet.com/security/cve/CVE-2021-27017/
CVE-2021-27016
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/28c18f131e94920afc9353d6ebc311f5799077a4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/28c18f131e94920afc9353d6ebc311f5799077a4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250207/a53501ea/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list