[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ded10985 by security tracker role at 2025-02-14T20:12:10+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,214 @@
-CVE-2025-26791 [conditional and config dependent mXSS-style bypass]
+CVE-2025-26524 (This vulnerability exists in RupeeWeb trading platform due to missing  ...)
+	TODO: check
+CVE-2025-26523 (This vulnerability exists in RupeeWeb trading platform due to insuffic ...)
+	TODO: check
+CVE-2025-26522 (This vulnerability exists in RupeeWeb trading platform due to improper ...)
+	TODO: check
+CVE-2025-26508 (Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Manag ...)
+	TODO: check
+CVE-2025-26507 (Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Manag ...)
+	TODO: check
+CVE-2025-26506 (Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Manag ...)
+	TODO: check
+CVE-2025-26158 (A Stored Cross-Site Scripting (XSS) vulnerability was discovered in th ...)
+	TODO: check
+CVE-2025-26157 (A SQL Injection vulnerability was found in /bpms/index.php in Source C ...)
+	TODO: check
+CVE-2025-26156 (A SQL Injection vulnerability was found in /shopping/track-orders.php  ...)
+	TODO: check
+CVE-2025-25997 (Directory Traversal vulnerability in FeMiner wms v.1.0 allows a remote ...)
+	TODO: check
+CVE-2025-25994 (SQL Injection vulnerability in FeMiner wms wms 1.0 allows a remote att ...)
+	TODO: check
+CVE-2025-25993 (SQL Injection vulnerability in FeMiner wms wms 1.0 allows a remote att ...)
+	TODO: check
+CVE-2025-25992 (SQL Injection vulnerability in FeMiner wms 1.0 allows a remote attacke ...)
+	TODO: check
+CVE-2025-25991 (SQL Injection vulnerability in hooskcms v.1.7.1 allows a remote attack ...)
+	TODO: check
+CVE-2025-25990 (Cross Site Scripting vulnerability in hooskcms v.1.7.1 allows a remote ...)
+	TODO: check
+CVE-2025-25988 (Cross Site Scripting vulnerability in hooskcms v.1.8 allows a remote a ...)
+	TODO: check
+CVE-2025-25745 (D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based bu ...)
+	TODO: check
+CVE-2025-25740 (D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based bu ...)
+	TODO: check
+CVE-2025-25304 (Vega is a visualization grammar, a declarative format for creating, sa ...)
+	TODO: check
+CVE-2025-25297 (Label Studio is an open source data labeling tool. Prior to version 1. ...)
+	TODO: check
+CVE-2025-25296 (Label Studio is an open source data labeling tool. Prior to version 1. ...)
+	TODO: check
+CVE-2025-25295 (Label Studio is an open source data labeling tool. A path traversal vu ...)
+	TODO: check
+CVE-2025-25290 (@octokit/request sends parameterized requests to GitHub\u2019s APIs wi ...)
+	TODO: check
+CVE-2025-25289 (@octokit/request-error is an error class for Octokit request errors. S ...)
+	TODO: check
+CVE-2025-25288 (@octokit/plugin-paginate-rest is the Octokit plugin to paginate REST A ...)
+	TODO: check
+CVE-2025-25285 (@octokit/endpoint turns REST API endpoints into generic request option ...)
+	TODO: check
+CVE-2025-25206 (eLabFTW is an open source electronic lab notebook for research labs. P ...)
+	TODO: check
+CVE-2025-25204 (`gh` is GitHub\u2019s official command line tool. Starting in version  ...)
+	TODO: check
+CVE-2025-24700 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-24699 (Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company WP Code ...)
+	TODO: check
+CVE-2025-24692 (Missing Authorization vulnerability in Michael Revellin-Clerc Bulk Men ...)
+	TODO: check
+CVE-2025-24688 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-24641 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-24617 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-24616 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-24615 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-24614 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-24607 (Missing Authorization vulnerability in Northern Beaches Websites IdeaP ...)
+	TODO: check
+CVE-2025-24592 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-24567 (Insertion of Sensitive Information Into Sent Data vulnerability in bra ...)
+	TODO: check
+CVE-2025-24566 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-24565 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-24564 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-24558 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-24554 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-23905 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-23857 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-23853 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-23851 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-23790 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-23789 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-23788 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-23787 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-23786 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-23771 (Missing Authorization vulnerability in Murali Push Notification for Po ...)
+	TODO: check
+CVE-2025-23766 (Missing Authorization vulnerability in ashamil OPSI Israel Domestic Sh ...)
+	TODO: check
+CVE-2025-23751 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-23750 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-23748 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-23742 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-23658 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-23657 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-23655 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-23653 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-23652 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-23651 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-23650 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-23648 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-23647 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-23646 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-23598 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-23571 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-23568 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-23534 (Missing Authorization vulnerability in Mark Winiarski WPLingo allows E ...)
+	TODO: check
+CVE-2025-23525 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-23523 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-23492 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-23474 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-23431 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-23428 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-22705 (Cross-Site Request Forgery (CSRF) vulnerability in godthor Disqus Popu ...)
+	TODO: check
+CVE-2025-22702 (Missing Authorization vulnerability in EPC Photography. This issue aff ...)
+	TODO: check
+CVE-2025-22698 (Missing Authorization vulnerability in Ability, Inc Accessibility Suit ...)
+	TODO: check
+CVE-2025-1239 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2025-1071 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2025-0867 (The standard user uses the run as function to start the MEAC applicati ...)
+	TODO: check
+CVE-2025-0821 (Bit Assist plugin for WordPress is vulnerable to time-based SQL Inject ...)
+	TODO: check
+CVE-2025-0503 (Mattermost versions 9.11.x <= 9.11.6 fail to filter out DMs from the d ...)
+	TODO: check
+CVE-2025-0178 (Improper Input Validation vulnerability in WatchGuard Fireware OS allo ...)
+	TODO: check
+CVE-2024-8893 (Use of Hard-coded Credentials vulnerability in GoodWe Technologies Co. ...)
+	TODO: check
+CVE-2024-57790 (IXON B.V. IXrouter IX2400 (Industrial Edge Gateway) v3.0 was discovere ...)
+	TODO: check
+CVE-2024-57778 (An issue in Orbe ONetView Roeador Onet-1200 Orbe 1680210096 allows a r ...)
+	TODO: check
+CVE-2024-57725 (An issue in the Arcadyan Livebox Fibra PRV3399B_B_LT allows a remote o ...)
+	TODO: check
+CVE-2024-56973 (Insecure Permissions vulnerability in Alvaria, Inc Unified IP Unified  ...)
+	TODO: check
+CVE-2024-56477 (IBM Power Hardware Management Console V10.3.1050.0 could allow an auth ...)
+	TODO: check
+CVE-2024-56463 (IBM QRadar SIEM 7.5 is vulnerable to cross-site scripting. This vulner ...)
+	TODO: check
+CVE-2024-56180 (CWE-502 Deserialization of Untrusted Data at the eventmesh-meta-raftpl ...)
+	TODO: check
+CVE-2024-52895 (IBM i 7.4 and 7.5 is vulnerable to a database access denial of service ...)
+	TODO: check
+CVE-2024-52577 (In Apache Ignite versions from 2.6.0 and before 2.17.0, configured Cla ...)
+	TODO: check
+CVE-2024-52500 (Missing Authorization vulnerability in monetagwp Monetag Official Plug ...)
+	TODO: check
+CVE-2024-3220 (There is a defect in the CPython standard library module \u201cmimetyp ...)
+	TODO: check
+CVE-2024-13791 (Bit Assist plugin for WordPress is vulnerable to Path Traversal in all ...)
+	TODO: check
+CVE-2024-13735 (The HurryTimer \u2013 An Scarcity and Urgency Countdown Timer for Word ...)
+	TODO: check
+CVE-2024-13152 (Authorization Bypass Through User-Controlled SQL Primary Key vulnerabi ...)
+	TODO: check
+CVE-2024-12651 (Exposed Dangerous Method or Function vulnerability in PTT Inc. HGS Mob ...)
+	TODO: check
+CVE-2025-26791 (DOMPurify before 3.2.4 has an incorrect template literal regular expre ...)
 	- node-dompurify <unfixed>
 	[bookworm] - node-dompurify <no-dsa> (Minor issue)
 	NOTE: Fixed by: https://github.com/cure53/DOMPurify/commit/d18ffcb554e0001748865da03ac75dd7829f0f02 (3.2.4)
@@ -872,7 +1082,8 @@ CVE-2024-57777 (Directory Traversal vulnerability in Ianproxy v.0.1 and before a
 	NOT-FOR-US: ffay/lanproxy
 CVE-2024-57241 (Dedecms 5.71sp1 and earlier is vulnerable to URL redirect. In the web  ...)
 	NOT-FOR-US: Dedecms
-CVE-2024-57000 (An issue in Anyscale Inc Ray between v.2.9.3 and v.2.40.0 allows a rem ...)
+CVE-2024-57000
+	REJECTED
 	NOT-FOR-US: Anyscale Inc Ray
 CVE-2024-55212 (DNNGo xBlog v6.5.0 was discovered to contain a SQL injection vulnerabi ...)
 	NOT-FOR-US: DNNGo xBlog
@@ -974,9 +1185,11 @@ CVE-2025-26493 (In JetBrains TeamCity before 2024.12.2 several DOM-based XSS wer
 	NOT-FOR-US: JetBrains TeamCity
 CVE-2025-26492 (In JetBrains TeamCity before 2024.12.2 improper Kubernetes connection  ...)
 	NOT-FOR-US: JetBrains TeamCity
-CVE-2025-26491 (A vulnerability has been identified in Opcenter Intelligence (All vers ...)
+CVE-2025-26491
+	REJECTED
 	NOT-FOR-US: Opcenter Intelligence
-CVE-2025-26490 (A vulnerability has been identified in Opcenter Intelligence (All vers ...)
+CVE-2025-26490
+	REJECTED
 	NOT-FOR-US: Opcenter Intelligence
 CVE-2025-26411 (An authenticated attacker is able to use the Plugin Manager of the web ...)
 	NOT-FOR-US: Wattsense Bridge devices
@@ -1799,7 +2012,7 @@ CVE-2025-1147 (A vulnerability has been found in GNU Binutils 2.43 and classifie
 	- binutils <unfixed> (unimportant)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=32556
 	NOTE: binutils not covered by security support
-CVE-2025-1099 (The TP-Link Tapo C500 V1 and V2 are a pan-and-tilt outdoor Wi-Fi secur ...)
+CVE-2025-1099 (This vulnerability exists in Tapo C500 Wi-Fi camera due to hard-coded  ...)
 	NOT-FOR-US: TP-Link
 CVE-2024-8685 (Path-Traversal vulnerability in Revolution Pi version 2022-07-28-revpi ...)
 	NOT-FOR-US: Revolution Pi



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ded1098592c44729852d3ca3bbae0a3801c01313

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ded1098592c44729852d3ca3bbae0a3801c01313
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250214/bb623582/attachment.htm>