[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Feb 13 20:12:44 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c1e3e93d by security tracker role at 2025-02-13T20:12:37+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,121 @@
-CVE-2025-1094 [Harden PQescapeString and allied functions against invalidly-encoded input strings]
+CVE-2025-26582 (Cross-Site Request Forgery (CSRF) vulnerability in Blackbam TinyMCE Ad ...)
+ TODO: check
+CVE-2025-26580 (Cross-Site Request Forgery (CSRF) vulnerability in CompleteWebResource ...)
+ TODO: check
+CVE-2025-26578 (Cross-Site Request Forgery (CSRF) vulnerability in mathieuhays Simple ...)
+ TODO: check
+CVE-2025-26577 (Cross-Site Request Forgery (CSRF) vulnerability in daxiawp DX-auto-pub ...)
+ TODO: check
+CVE-2025-26574 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-26572 (Cross-Site Request Forgery (CSRF) vulnerability in jesseheap WP PHPLis ...)
+ TODO: check
+CVE-2025-26571 (Cross-Site Request Forgery (CSRF) vulnerability in wibiya Wibiya Toolb ...)
+ TODO: check
+CVE-2025-26570 (Cross-Site Request Forgery (CSRF) vulnerability in uamv Glance That al ...)
+ TODO: check
+CVE-2025-26569 (Cross-Site Request Forgery (CSRF) vulnerability in callmeforsox Post T ...)
+ TODO: check
+CVE-2025-26568 (Cross-Site Request Forgery (CSRF) vulnerability in jensmueller Easy Am ...)
+ TODO: check
+CVE-2025-26567 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-26562 (Cross-Site Request Forgery (CSRF) vulnerability in Shambhu Patnaik RSS ...)
+ TODO: check
+CVE-2025-26561 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-26558 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-26552 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-26551 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-26550 (Cross-Site Request Forgery (CSRF) vulnerability in Kunal Shivale Globa ...)
+ TODO: check
+CVE-2025-26549 (Cross-Site Request Forgery (CSRF) vulnerability in pa1 WP Html Page Si ...)
+ TODO: check
+CVE-2025-26547 (Cross-Site Request Forgery (CSRF) vulnerability in nagarjunsonti My Lo ...)
+ TODO: check
+CVE-2025-26545 (Cross-Site Request Forgery (CSRF) vulnerability in shisuh Related Post ...)
+ TODO: check
+CVE-2025-26543 (Cross-Site Request Forgery (CSRF) vulnerability in Pukhraj Suthar Simp ...)
+ TODO: check
+CVE-2025-26539 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-26538 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-26511 (Systems running the Instaclustr fork of Stratio's Cassandra-Lucene-In ...)
+ TODO: check
+CVE-2025-25901 (A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V ...)
+ TODO: check
+CVE-2025-25900 (A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V ...)
+ TODO: check
+CVE-2025-25899 (A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V ...)
+ TODO: check
+CVE-2025-25898 (A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V ...)
+ TODO: check
+CVE-2025-25897 (A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V ...)
+ TODO: check
+CVE-2025-25389 (A SQL Injection vulnerability was found in /admin/forgot-password.php ...)
+ TODO: check
+CVE-2025-25388 (A SQL Injection vulnerability was found in /admin/edit-propertytype.ph ...)
+ TODO: check
+CVE-2025-25387 (A SQL Injection vulnerability was found in /admin/manage-propertytype. ...)
+ TODO: check
+CVE-2025-25357 (A SQL Injection vulnerability was found in /admin/contactus.php in PHP ...)
+ TODO: check
+CVE-2025-25356 (A SQL Injection vulnerability was found in /admin/bwdates-reports-deta ...)
+ TODO: check
+CVE-2025-25355 (A SQL Injection vulnerability was found in /admin/bwdates-reports-deta ...)
+ TODO: check
+CVE-2025-25354 (A SQL Injection was found in /admin/admin-profile.php in PHPGurukul La ...)
+ TODO: check
+CVE-2025-25352 (A SQL Injection vulnerability was found in /admin/aboutus.php in PHPGu ...)
+ TODO: check
+CVE-2025-25287 (Lakeus is a simple skin made for MediaWiki. Starting in version 1.8.0 ...)
+ TODO: check
+CVE-2025-24904 (libsignal-service-rs is a Rust version of the libsignal-service-java l ...)
+ TODO: check
+CVE-2025-24903 (libsignal-service-rs is a Rust version of the libsignal-service-java l ...)
+ TODO: check
+CVE-2025-24889 (The SecureDrop Client is a desktop application for journalists to comm ...)
+ TODO: check
+CVE-2025-24888 (The SecureDrop Client is a desktop application for journalists to comm ...)
+ TODO: check
+CVE-2025-22480 (Dell SupportAssist OS Recovery versions prior to 5.5.13.1 contain a sy ...)
+ TODO: check
+CVE-2025-1271 (Reflected Cross-Site Scripting (XSS) in Anapi Group's h6web. This secu ...)
+ TODO: check
+CVE-2025-1270 (Insecure direct object reference (IDOR) vulnerability in Anapi Group's ...)
+ TODO: check
+CVE-2025-1127 (The vulnerability can be leveraged by an attacker to execute arbitrary ...)
+ TODO: check
+CVE-2025-0426 (A security issue was discovered in Kubernetes where a large number of ...)
+ TODO: check
+CVE-2024-13867 (The Listivo - Classified Ads WordPress Theme theme for WordPress is vu ...)
+ TODO: check
+CVE-2024-13639 (The Read More & Accordion plugin for WordPress is vulnerable to unauth ...)
+ TODO: check
+CVE-2024-13606 (The JS Help Desk \u2013 The Ultimate Help Desk & Support Plugin plugin ...)
+ TODO: check
+CVE-2024-13182 (The WP Directorybox Manager plugin for WordPress is vulnerable to Auth ...)
+ TODO: check
+CVE-2024-12013 (A CWE-1392 \u201cUse of Default Credentials\u201d was discovered affec ...)
+ TODO: check
+CVE-2024-12012 (A CWE-598 \u201cUse of GET Request Method with Sensitive Query Strings ...)
+ TODO: check
+CVE-2024-12011 (A CWE-126 \u201cBuffer Over-read\u201d was discovered affecting the 13 ...)
+ TODO: check
+CVE-2024-11347 (Integer Overflow or Wraparound vulnerability in Lexmark International ...)
+ TODO: check
+CVE-2024-11346 (: Access of Resource Using Incompatible Type ('Type Confusion') vulner ...)
+ TODO: check
+CVE-2024-11345 (A heap-based memory vulnerability has been identified in the Postscrip ...)
+ TODO: check
+CVE-2024-11344 (A type confusion vulnerability has been identified in the Postscript i ...)
+ TODO: check
+CVE-2025-1094 (Improper neutralization of quoting syntax in PostgreSQL libpq function ...)
+ {DLA-4052-1}
- postgresql-17 17.3-1
- postgresql-15 <removed>
[bookworm] - postgresql-15 <no-dsa> (Minor issue)
@@ -11,13 +128,13 @@ CVE-2025-1094 [Harden PQescapeString and allied functions against invalidly-enco
NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=dd3c1eb38e9add293f8be59b6aec7574e8584bdb (REL_17_3)
NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=05abb0f8303a78921f7113bee1d72586142df99e (REL_17_3)
NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=85c1fcc6563843d7ee7ae6f81f29ef813e77a4b6 (REL_17_3)
-CVE-2025-21701 [net: avoid race between device unregistration and ethnl ops]
+CVE-2025-21701 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.12.13-1
NOTE: https://git.kernel.org/linus/12e070eb6964b341b41677fd260af5a305316a1f (6.14-rc1)
-CVE-2025-21700 [net: sched: Disallow replacing of child qdisc from one parent to another]
+CVE-2025-21700 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.12.13-1
NOTE: https://git.kernel.org/linus/bc50835e83f60f56e9bec2b392fb5544f250fb6f (6.14-rc1)
-CVE-2024-3303
+CVE-2024-3303 (An issue was discovered in GitLab EE affecting all versions starting f ...)
- gitlab <not-affected> (Specific to EE)
CVE-2025-0998
- chromium 133.0.6943.98-1
@@ -251,7 +368,7 @@ CVE-2023-31276 (Heap-based buffer overflow in BMC Firmware for the Intel(R) Serv
NOT-FOR-US: Intel
CVE-2023-29164 (Improper access control in BMC Firmware for the Intel(R) Server Board ...)
NOT-FOR-US: Intel
-CVE-2025-1247
+CVE-2025-1247 (A flaw was found in Quarkus REST that allows request parameters to lea ...)
NOT-FOR-US: Quarkus
CVE-2025-26378 (A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q- ...)
NOT-FOR-US: Q-Free MaxTime
@@ -9857,7 +9974,7 @@ CVE-2024-46921 (An issue was discovered in Samsung Mobile Processor and Modem Ex
NOT-FOR-US: Samsung
CVE-2024-46920 (An issue was discovered in Samsung Mobile Processor Exynos 9820, 9825, ...)
NOT-FOR-US: Samsung
-CVE-2024-46910
+CVE-2024-46910 (An authenticated user can perform XSS and potentially impersonate anot ...)
NOT-FOR-US: Apache Atlas
CVE-2024-46919 (An issue was discovered in Samsung Mobile Processor Exynos 9820, 9825, ...)
NOT-FOR-US: Samsung
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c1e3e93d9d4aa648803a7ea8c6054beae943f956
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c1e3e93d9d4aa648803a7ea8c6054beae943f956
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250213/fcb67e92/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list