[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Feb 19 08:12:51 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1bb47f6c by security tracker role at 2025-02-19T08:12:41+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,145 @@
+CVE-2025-26624 (Rufus is a utility that helps format and create bootable USB flash dri ...)
+ TODO: check
+CVE-2025-26617 (WeGIA is an open source Web Manager for Institutions with a focus on P ...)
+ TODO: check
+CVE-2025-26616 (WeGIA is an open source Web Manager for Institutions with a focus on P ...)
+ TODO: check
+CVE-2025-26615 (WeGIA is an open source Web Manager for Institutions with a focus on P ...)
+ TODO: check
+CVE-2025-26614 (WeGIA is an open source Web Manager for Institutions with a focus on P ...)
+ TODO: check
+CVE-2025-26613 (WeGIA is an open source Web Manager for Institutions with a focus on P ...)
+ TODO: check
+CVE-2025-26612 (WeGIA is an open source Web Manager for Institutions with a focus on P ...)
+ TODO: check
+CVE-2025-26611 (WeGIA is an open source Web Manager for Institutions with a focus on P ...)
+ TODO: check
+CVE-2025-26610 (WeGIA is an open source Web Manager for Institutions with a focus on P ...)
+ TODO: check
+CVE-2025-26609 (WeGIA is an open source Web Manager for Institutions with a focus on P ...)
+ TODO: check
+CVE-2025-26608 (WeGIA is an open source Web Manager for Institutions with a focus on P ...)
+ TODO: check
+CVE-2025-26607 (WeGIA is an open source Web Manager for Institutions with a focus on P ...)
+ TODO: check
+CVE-2025-26606 (WeGIA is an open source Web Manager for Institutions with a focus on P ...)
+ TODO: check
+CVE-2025-26605 (WeGIA is an open source Web Manager for Institutions with a focus on P ...)
+ TODO: check
+CVE-2025-25896 (A buffer overflow vulnerability was discovered in D-Link DSL-3782 v1.0 ...)
+ TODO: check
+CVE-2025-25895 (An OS command injection vulnerability was discovered in D-Link DSL-378 ...)
+ TODO: check
+CVE-2025-25894 (An OS command injection vulnerability was discovered in D-Link DSL-378 ...)
+ TODO: check
+CVE-2025-25893 (An OS command injection vulnerability was discovered in D-Link DSL-378 ...)
+ TODO: check
+CVE-2025-25892 (A buffer overflow vulnerability was discovered in D-Link DSL-3782 v1.0 ...)
+ TODO: check
+CVE-2025-25891 (A buffer overflow vulnerability was discovered in D-Link DSL-3782 v1.0 ...)
+ TODO: check
+CVE-2025-25475 (A NULL pointer dereference in the component /libsrc/dcrleccd.cc of DCM ...)
+ TODO: check
+CVE-2025-25474 (DCMTK v3.6.9+ DEV was discovered to contain a buffer overflow via the ...)
+ TODO: check
+CVE-2025-25473 (FFmpeg git master before commit c08d30 was discovered to contain a NUL ...)
+ TODO: check
+CVE-2025-25472 (A buffer overflow in DCMTK git master v3.6.9+ DEV allows attackers to ...)
+ TODO: check
+CVE-2025-25471 (FFmpeg git master before commit fd1772 was discovered to contain a NUL ...)
+ TODO: check
+CVE-2025-25469 (FFmpeg git-master before commit d5873b was discovered to contain a mem ...)
+ TODO: check
+CVE-2025-25468 (FFmpeg git-master before commit d5873b was discovered to contain a mem ...)
+ TODO: check
+CVE-2025-25467 (Insufficient tracking and releasing of allocated used memory in libx26 ...)
+ TODO: check
+CVE-2025-25054 (Movable Type contains a reflected cross-site scripting vulnerability i ...)
+ TODO: check
+CVE-2025-24841 (Movable Type contains a stored cross-site scripting vulnerability in t ...)
+ TODO: check
+CVE-2025-22921 (FFmpeg git-master,N-113007-g8d24a28d06 was discovered to contain a seg ...)
+ TODO: check
+CVE-2025-22920 (A heap buffer overflow vulnerability in FFmpeg before commit 4bf784c a ...)
+ TODO: check
+CVE-2025-22919 (A reachable assertion in FFmpeg git-master commit N-113007-g8d24a28d06 ...)
+ TODO: check
+CVE-2025-22888 (Movable Type contains a stored cross-site scripting vulnerability in t ...)
+ TODO: check
+CVE-2025-22622 (Age Verification for your checkout page. Verify your customer's identi ...)
+ TODO: check
+CVE-2025-1448 (A vulnerability was found in Synway SMG Gateway Management Software up ...)
+ TODO: check
+CVE-2025-1447 (A vulnerability was found in kasuganosoras Pigeon 1.0.177. It has been ...)
+ TODO: check
+CVE-2025-1441 (The Royal Elementor Addons and Templates plugin for WordPress is vulne ...)
+ TODO: check
+CVE-2025-1065 (The Visualizer: Tables and Charts Manager for WordPress plugin for Wor ...)
+ TODO: check
+CVE-2025-0865 (The WP Media Category Management plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2025-0633 (Heap-based Buffer Overflow vulnerability ininiparser_dumpsection_ini() ...)
+ TODO: check
+CVE-2024-13854 (The Education Addon for Elementor plugin for WordPress is vulnerable t ...)
+ TODO: check
+CVE-2024-13799 (The User Private Files \u2013 File Upload & Download Manager with Secu ...)
+ TODO: check
+CVE-2024-13743 (The Wonder Video Embed plugin for WordPress is vulnerable to Stored Cr ...)
+ TODO: check
+CVE-2024-13736 (The Pure Chat \u2013 Live Chat & More! plugin for WordPress is vulnera ...)
+ TODO: check
+CVE-2024-13719 (The PeproDev Ultimate Invoice plugin for WordPress is vulnerable to In ...)
+ TODO: check
+CVE-2024-13712 (The Pollin plugin for WordPress is vulnerable to SQL Injection via the ...)
+ TODO: check
+CVE-2024-13711 (The Pollin plugin for WordPress is vulnerable to Reflected Cross-Site ...)
+ TODO: check
+CVE-2024-13679 (The Widget BUY.BOX plugin for WordPress is vulnerable to Stored Cross- ...)
+ TODO: check
+CVE-2024-13676 (The Categorized Gallery Plugin plugin for WordPress is vulnerable to S ...)
+ TODO: check
+CVE-2024-13674 (The Cosmic Blocks (40+) Content Editor Blocks Collection plugin for Wo ...)
+ TODO: check
+CVE-2024-13663 (The Coaching Staffs plugin for WordPress is vulnerable to Stored Cross ...)
+ TODO: check
+CVE-2024-13660 (The Responsive Flickr Slideshow plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2024-13657 (The Store Locator Widget plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2024-13592 (The Team Builder For WPBakery Page Builder(Formerly Visual Composer) p ...)
+ TODO: check
+CVE-2024-13591 (The Team Builder For WPBakery Page Builder(Formerly Visual Composer) p ...)
+ TODO: check
+CVE-2024-13589 (The YouTube Playlists with Schema plugin for WordPress is vulnerable t ...)
+ TODO: check
+CVE-2024-13508 (The Booking Package plugin for WordPress is vulnerable to Reflected Cr ...)
+ TODO: check
+CVE-2024-13468 (The Trash Duplicate and 301 Redirect plugin for WordPress is vulnerabl ...)
+ TODO: check
+CVE-2024-13462 (The WP Wiki Tooltip plugin for WordPress is vulnerable to Stored Cross ...)
+ TODO: check
+CVE-2024-13443 (The Easypromos Plugin plugin for WordPress is vulnerable to Stored Cro ...)
+ TODO: check
+CVE-2024-13405 (The Apptivo Business Site CRM plugin for WordPress is vulnerable to Cr ...)
+ TODO: check
+CVE-2024-13390 (The ADFO \u2013 Custom data in admin dashboard plugin for WordPress is ...)
+ TODO: check
+CVE-2024-12522 (The Yay! Forms | Embed Custom Forms, Surveys, and Quizzes Easily plugi ...)
+ TODO: check
+CVE-2024-12339 (The Digihood HTML Sitemap plugin for WordPress is vulnerable to Reflec ...)
+ TODO: check
+CVE-2024-12173 (The Master Slider WordPress plugin before 3.10.5 does not sanitise an ...)
+ TODO: check
+CVE-2024-12069 (The Lexicata plugin for WordPress is vulnerable to Reflected Cross-Sit ...)
+ TODO: check
+CVE-2024-11778 (The CanadaHelps Embedded Donation Form plugin for WordPress is vulnera ...)
+ TODO: check
+CVE-2024-11753 (The UMich OIDC Login plugin for WordPress is vulnerable to Stored Cros ...)
+ TODO: check
+CVE-2024-11582 (The Subscribe2 \u2013 Form, Email Subscribers & Newsletters plugin for ...)
+ TODO: check
+CVE-2024-11335 (The UltraEmbed \u2013 Advanced Iframe Plugin For WordPress with Gutenb ...)
+ TODO: check
CVE-2025-27016 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin
CVE-2025-27013 (Missing Authorization vulnerability in EPC MediCenter - Health Medical ...)
@@ -204,19 +346,19 @@ CVE-2024-45774 (A flaw was found in grub2. A specially crafted JPEG file can cau
- grub2 <unfixed> (bug #1098319)
NOTE: https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
-CVE-2025-27113 [Null-deref in xmlPatMatch]
+CVE-2025-27113 (libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer der ...)
- libxml2 <unfixed> (bug #1098322)
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/861
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/2
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/6c716d491dd2e67f08066f4dc0619efeb49e43e6
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/503f788e84f1c1f1d769c2c7258d77faee94b5a3 (v2.12.10)
-CVE-2025-24928 [Stack-buffer-overflow in xmlSnprintfElements]
+CVE-2025-24928 (libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buff ...)
- libxml2 <unfixed> (bug #1098321)
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/847
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/2
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/8c8753ad5280ee13aee5eec9b0f6eee2ed920f57
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/858ca26c0689161a6b903a6682cc8a1cc10a0ea8 (v2.12.10)
-CVE-2024-56171 [Use-after-free in xmlSchemaIDCFillNodeTables]
+CVE-2024-56171 (libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free i ...)
- libxml2 <unfixed> (bug #1098320)
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/828
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/2
@@ -385,41 +527,41 @@ CVE-2024-11376 (The s2Member \u2013 Excellent for All Kinds of Memberships, Cont
NOT-FOR-US: WordPress plugin
CVE-2021-46686 (Improper neutralization of special elements used in an OS command ('OS ...)
NOT-FOR-US: acmailer CGI
-CVE-2024-57259 [Heap corruption in U-Boot's SquashFS directory listing function]
+CVE-2024-57259 (sqfs_search_dir in Das U-Boot before 2025.01-rc1 exhibits an off-by-on ...)
- u-boot <unfixed> (bug #1098254)
[bookworm] - u-boot <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2025/02/17/2
NOTE: Fixed by: https://source.denx.de/u-boot/u-boot/-/commit/048d795bb5b3d9c5701b4855f5e74bcf6849bf5e (v2025.01-rc1)
-CVE-2024-57258 [Multiple integer overflows in U-Boot's memory allocator]
+CVE-2024-57258 (Integer overflows in memory allocation in Das U-Boot before 2025.01-rc ...)
- u-boot <unfixed> (bug #1098254)
[bookworm] - u-boot <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2025/02/17/2
NOTE: Fixed by: https://source.denx.de/u-boot/u-boot/-/commit/0a10b49206a29b4aa2f80233a3e53ca0466bb0b3 (v2025.01-rc1)
NOTE: Fixed by: https://source.denx.de/u-boot/u-boot/-/commit/8642b2178d2c4002c99a0b69a845a48f2ae2706f (v2025.01-rc1)
NOTE: Fixed by: https://source.denx.de/u-boot/u-boot/-/commit/c17b2a05dd50a3ba437e6373093a0d6a359cdee0 (v2025.01-rc1)
-CVE-2024-57257 [Stack overflow in U-Boot's SquashFS symlink resolution function]
+CVE-2024-57257 (A stack consumption issue in sqfs_size in Das U-Boot before 2025.01-rc ...)
- u-boot <unfixed> (bug #1098254)
[bookworm] - u-boot <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2025/02/17/2
NOTE: Fixed by: https://source.denx.de/u-boot/u-boot/-/commit/4f5cc096bfd0a591f8a11e86999e3d90a9484c34 (v2025.01-rc1)
-CVE-2024-57256 [Integer overflow in U-Boot's ext4 symlink resolution function]
+CVE-2024-57256 (An integer overflow in ext4fs_read_symlink in Das U-Boot before 2025.0 ...)
- u-boot <unfixed> (bug #1098254)
[bookworm] - u-boot <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2025/02/17/2
NOTE: Fixed by: https://source.denx.de/u-boot/u-boot/-/commit/35f75d2a46e5859138c83a75cd2f4141c5479ab9 (v2025.01-rc1)
-CVE-2024-57255 [Integer overflow in U-Boot's SquashFS symlink resolution function]
+CVE-2024-57255 (An integer overflow in sqfs_resolve_symlink in Das U-Boot before 2025. ...)
- u-boot <unfixed> (bug #1098254)
[bookworm] - u-boot <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2025/02/17/2
NOTE: Fixed by: https://source.denx.de/u-boot/u-boot/-/commit/233945eba63e24061dffeeaeb7cd6fe985278356 (v2025.01-rc1)
-CVE-2024-57254 [Integer overflow in U-Boot's SquashFS symlink size calculation function]
+CVE-2024-57254 (An integer overflow in sqfs_inode_size in Das U-Boot before 2025.01-rc ...)
- u-boot <unfixed> (bug #1098254)
[bookworm] - u-boot <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2025/02/17/2
NOTE: Fixed by: https://source.denx.de/u-boot/u-boot/-/commit/c8e929e5758999933f9e905049ef2bf3fe6b140d (v2025.01-rc1)
-CVE-2024-57262
+CVE-2024-57262 (In barebox before 2025.01.0, ext4fs_read_symlink has an integer overfl ...)
- barebox <itp> (bug #900958)
-CVE-2024-57261
+CVE-2024-57261 (In barebox before 2025.01.0, request2size in common/dlmalloc.c has an ...)
- barebox <itp> (bug #900958)
CVE-2024-57260
- barebox <itp> (bug #900958)
@@ -19487,7 +19629,7 @@ CVE-2024-47537 (GStreamer is a library for constructing graphs of media-handling
NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3839
NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059
NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8060 (1.24.10)
-CVE-2024-45337 (Applications and libraries which misuse the ServerConfig.PublicKeyCall ...)
+CVE-2024-45337 (Applications and libraries which misuse connection.serverAuthenticate ...)
[experimental] - golang-go.crypto 1:0.33.0-1~exp1
- golang-go.crypto <unfixed> (bug #1089754)
[bullseye] - golang-go.crypto <postponed> (Limited support, minor issue, follow bookworm DSAs/point-releases)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1bb47f6c315470ca067c8a3a26b72528f2983cc4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1bb47f6c315470ca067c8a3a26b72528f2983cc4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250219/67e6aa02/attachment.htm>
More information about the debian-security-tracker-commits
mailing list