[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Feb 21 08:12:11 GMT 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3449aca3 by security tracker role at 2025-02-21T08:12:04+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,73 @@
+CVE-2025-27100 (lakeFS is an open-source tool that transforms your object storage into ...)
+	TODO: check
+CVE-2025-27098 (GraphQL Mesh is a GraphQL Federation framework and gateway for both Gr ...)
+	TODO: check
+CVE-2025-27097 (GraphQL Mesh is a GraphQL Federation framework and gateway for both Gr ...)
+	TODO: check
+CVE-2025-27088 (oxyno-zeta/s3-proxy is an aws s3 proxy written in go. In affected vers ...)
+	TODO: check
+CVE-2025-25960 (Cross Site Scripting vulnerability in phpcmsv9 v.9.6.3 allows a remote ...)
+	TODO: check
+CVE-2025-25958 (Cross Site Scripting vulnerabilities in phpcmsv9 v.9.6.3 allows a remo ...)
+	TODO: check
+CVE-2025-25957 (Cross Site Scripting vulnerabilities in Xunruicms v.4.6.3 and before a ...)
+	TODO: check
+CVE-2025-25679 (Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer overflow  ...)
+	TODO: check
+CVE-2025-25678 (Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer overflow  ...)
+	TODO: check
+CVE-2025-25676 (Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer overflow  ...)
+	TODO: check
+CVE-2025-25675 (Tenda AC10 V1.0 V15.03.06.23 has a command injection vulnerablility lo ...)
+	TODO: check
+CVE-2025-25674 (Tenda AC10 V1.0 V15.03.06.23 is vulnerable to Buffer Overflow in form_ ...)
+	TODO: check
+CVE-2025-25668 (Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow vi ...)
+	TODO: check
+CVE-2025-25667 (Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow vi ...)
+	TODO: check
+CVE-2025-25664 (Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow vi ...)
+	TODO: check
+CVE-2025-25663 (A vulnerability was found in Tenda AC8V4 V16.03.34.06. Affected is the ...)
+	TODO: check
+CVE-2025-25662 (Tenda O4 V3.0 V1.0.0.10(2936) is vulnerable to Buffer Overflow in the  ...)
+	TODO: check
+CVE-2025-22973 (An issue in QiboSoft QiboCMS X1.0 allows a remote attacker to obtain s ...)
+	TODO: check
+CVE-2025-1407 (The AMO Team Showcase plugin for WordPress is vulnerable to Stored Cro ...)
+	TODO: check
+CVE-2025-1406 (The Newpost Catch plugin for WordPress is vulnerable to Stored Cross-S ...)
+	TODO: check
+CVE-2025-1001 (Medixant RadiAnt DICOM Viewer is vulnerable due to failure of the upda ...)
+	TODO: check
+CVE-2024-7131
+	REJECTED
+CVE-2024-54756 (A remote code execution (RCE) vulnerability in the ZScript function of ...)
+	TODO: check
+CVE-2024-38657 (External control of a file name in Ivanti Connect Secure before versio ...)
+	TODO: check
+CVE-2024-13883 (The WPUpper Share Buttons plugin for WordPress is vulnerable to Cross- ...)
+	TODO: check
+CVE-2024-13818 (The Registration Forms \u2013 User Registration Forms, Invitation-Base ...)
+	TODO: check
+CVE-2024-13751 (The 3D Photo Gallery plugin for WordPress is vulnerable to Stored Cros ...)
+	TODO: check
+CVE-2024-13672 (The Mini Course Generator | Embed mini-courses and interactive content ...)
+	TODO: check
+CVE-2024-13585 (The Ajax Search Lite  WordPress plugin before 4.12.5 does not sanitise ...)
+	TODO: check
+CVE-2024-13537 (The C9 Blocks plugin for WordPress is vulnerable to Full Path Disclosu ...)
+	TODO: check
+CVE-2024-13388 (The TCBD Tooltip plugin for WordPress is vulnerable to Stored Cross-Si ...)
+	TODO: check
+CVE-2024-13379 (The C9 Admin Dashboard plugin for WordPress is vulnerable to Stored Cr ...)
+	TODO: check
+CVE-2024-13314 (The Carousel, Slider, Gallery by WP Carousel  WordPress plugin before  ...)
+	TODO: check
+CVE-2024-13235 (The Pinpoint Booking System \u2013 #1 WordPress Booking Plugin plugin  ...)
+	TODO: check
+CVE-2024-11260 (The Events Manager \u2013 Calendar, Bookings, Tickets, and more! plugi ...)
+	TODO: check
 CVE-2025-27096 (WeGIA is a Web Manager for Institutions with a focus on Portuguese lan ...)
 	NOT-FOR-US: WeGIA
 CVE-2025-27091 (OpenH264 is a free license codec library which supports H.264 encoding ...)
@@ -274,6 +344,7 @@ CVE-2025-1465 (A vulnerability, which was classified as problematic, was found i
 CVE-2025-1464 (A vulnerability, which was classified as critical, has been found in B ...)
 	NOT-FOR-US: Baiyi Cloud Asset Management System
 CVE-2025-1426 (Heap buffer overflow in GPU in Google Chrome on Android prior to 133.0 ...)
+	{DSA-5869-1}
 	- chromium 133.0.6943.126-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2025-1135 (A vulnerability exists in ChurchCRM5.13.0. and prior that allows an at ...)
@@ -291,9 +362,11 @@ CVE-2025-1024 (A vulnerability exists in ChurchCRM 5.13.0that allows an attacker
 CVE-2025-1007 (In OpenVSX version v0.9.0 to v0.20.0, the  /user/namespace/{namespace} ...)
 	NOT-FOR-US: OpenVSX
 CVE-2025-1006 (Use after free in Network in Google Chrome prior to 133.0.6943.126 all ...)
+	{DSA-5869-1}
 	- chromium 133.0.6943.126-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2025-0999 (Heap buffer overflow in V8 in Google Chrome prior to 133.0.6943.126 al ...)
+	{DSA-5869-1}
 	- chromium 133.0.6943.126-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2025-0968 (The ElementsKit Elementor addons plugin for WordPress is vulnerable to ...)
@@ -5004,7 +5077,7 @@ CVE-2025-23596 (Improper Neutralization of Input During Web Page Generation ('Cr
 	NOT-FOR-US: WordPress plugin
 CVE-2025-23215 (PMD is an extensible multilanguage static code analyzer. The passphras ...)
 	NOT-FOR-US: PMD
-CVE-2025-23001 (A Host Header Injection vulnerability exists in CTFd 3.7.5, due to the ...)
+CVE-2025-23001 (A Host header injection vulnerability exists in CTFd 3.7.5, due to the ...)
 	NOT-FOR-US: CTFd
 CVE-2025-22994 (O2OA 9.1.3 is vulnerable to Cross Site Scripting (XSS) in Meetings - S ...)
 	NOT-FOR-US: O2OA



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3449aca309a9544743724a9a338b60027af6cb7e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3449aca309a9544743724a9a338b60027af6cb7e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250221/c6c321c6/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list