[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Feb 21 20:12:07 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4d25fb38 by security tracker role at 2025-02-21T20:12:01+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,108 @@
-CVE-2025-26794
+CVE-2025-26014 (A Remote Code Execution (RCE) vulnerability in Loggrove v.1.0 allows a ...)
+ TODO: check
+CVE-2025-26013 (An issue in Loggrove v.1.0 allows a remote attacker to obtain sensitiv ...)
+ TODO: check
+CVE-2025-25878 (A vulnerability was found in ITSourcecode Simple ChatBox up to 1.0. Th ...)
+ TODO: check
+CVE-2025-25877 (A vulnerability was found in ITSourcecode Simple ChatBox up to 1.0. Th ...)
+ TODO: check
+CVE-2025-25876 (A vulnerability was found in ITSourcecode Simple ChatBox up to 1.0. Th ...)
+ TODO: check
+CVE-2025-25875 (A vulnerability was found in ITSourcecode Simple ChatBox up to 1.0. Th ...)
+ TODO: check
+CVE-2025-25772 (A Cross-Site Request Forgery (CSRF) in the component /back/UserControl ...)
+ TODO: check
+CVE-2025-25770 (Wangmarket v4.10 to v5.0 was discovered to contain a Cross-Site Reques ...)
+ TODO: check
+CVE-2025-25769 (Wangmarket v4.10 to v5.0 was discovered to contain a Cross-Site Reques ...)
+ TODO: check
+CVE-2025-25768 (MRCMS v3.1.2 was discovered to contain a server-side template injectio ...)
+ TODO: check
+CVE-2025-25767 (A vertical privilege escalation vulnerability in the component /contro ...)
+ TODO: check
+CVE-2025-25766 (An arbitrary file upload vulnerability in the component /file/savefile ...)
+ TODO: check
+CVE-2025-25765 (MRCMS v3.1.2 was discovered to contain an arbitrary file write vulnera ...)
+ TODO: check
+CVE-2025-25605 (Totolink X5000R V9.1.0u.6369_B20230113 is vulnerable to command inject ...)
+ TODO: check
+CVE-2025-25604 (Totolink X5000R V9.1.0u.6369_B20230113 is vulnerable to command inject ...)
+ TODO: check
+CVE-2025-25510 (Tenda AC8 V16.03.34.06 is vulnerable to Buffer Overflow in the get_par ...)
+ TODO: check
+CVE-2025-25507 (There is a RCE vulnerability in Tenda AC6 15.03.05.16_multi. In the fo ...)
+ TODO: check
+CVE-2025-25505 (Tenda AC6 15.03.05.16_multi is vulnerable to Buffer Overflow in the su ...)
+ TODO: check
+CVE-2025-1548 (A vulnerability was found in iteachyou Dreamer CMS 4.1.3. It has been ...)
+ TODO: check
+CVE-2025-1546 (A vulnerability has been found in BDCOM Behavior Management and Auditi ...)
+ TODO: check
+CVE-2025-1544 (A vulnerability, which was classified as critical, was found in dingfa ...)
+ TODO: check
+CVE-2025-1543 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2025-1539 (A vulnerability, which was classified as critical, has been found in D ...)
+ TODO: check
+CVE-2025-1538 (A vulnerability classified as critical was found in D-Link DAP-1320 1. ...)
+ TODO: check
+CVE-2025-1537 (A vulnerability was found in Harpia DiagSystem 12. It has been rated a ...)
+ TODO: check
+CVE-2025-1536 (A vulnerability was found in Raisecom Multi-Service Intelligent Gatewa ...)
+ TODO: check
+CVE-2025-1535 (A vulnerability was found in Baiyi Cloud Asset Management System 8.142 ...)
+ TODO: check
+CVE-2025-1489 (The WP-Appbox plugin for WordPress is vulnerable to Stored Cross-Site ...)
+ TODO: check
+CVE-2025-1471 (In Eclipse OMR versions 0.2.0 to 0.4.0, some of the z/OS atoe print fu ...)
+ TODO: check
+CVE-2025-1470 (In Eclipse OMR, from the initial contribution to version 0.4.0, some O ...)
+ TODO: check
+CVE-2025-1410 (The Events Calendar Made Simple \u2013 Pie Calendar plugin for WordPre ...)
+ TODO: check
+CVE-2025-1403 (Qiskit SDK 0.45.0 through 1.2.4 could allow a remote attacker to cause ...)
+ TODO: check
+CVE-2025-1402 (The Event Tickets and Registration plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2025-0838 (There exists a heap buffer overflow vulnerable in Abseil-cpp. The size ...)
+ TODO: check
+CVE-2025-0728 (In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before ...)
+ TODO: check
+CVE-2025-0727 (In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before ...)
+ TODO: check
+CVE-2025-0726 (In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before ...)
+ TODO: check
+CVE-2024-9150 (Report generation functionality in Wyn Enterprise allows for code incl ...)
+ TODO: check
+CVE-2024-57176 (An issue in the shiroFilter function of White-Jotter project v0.2.2 al ...)
+ TODO: check
+CVE-2024-55159 (GFast between v2 to v3.2 was discovered to contain a SQL injection vul ...)
+ TODO: check
+CVE-2024-55156 (An XML External Entity (XXE) vulnerability in the deserializeArgs() me ...)
+ TODO: check
+CVE-2024-45673 (IBM Security Verify Bridge Directory Sync 1.0.1 through 1.0.12, IBM Se ...)
+ TODO: check
+CVE-2024-13900 (The Head, Footer and Post Injections plugin for WordPress is vulnerabl ...)
+ TODO: check
+CVE-2024-13846 (The Indeed Ultimate Learning Pro plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2024-13713 (The WPExperts Square For GiveWP plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2024-13648 (The Maps for WP plugin for WordPress is vulnerable to Stored Cross-Sit ...)
+ TODO: check
+CVE-2024-13461 (The Autoship Cloud for WooCommerce Subscription Products plugin for Wo ...)
+ TODO: check
+CVE-2024-13455 (The igumbi Online Booking plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2024-13353 (The Responsive Addons for Elementor \u2013 Free Elementor Addons Plugi ...)
+ TODO: check
+CVE-2024-12452 (The Ziggeo plugin for WordPress is vulnerable to Stored Cross-Site Scr ...)
+ TODO: check
+CVE-2024-12276 (The Ultimate Member \u2013 User Profile, Registration, Login, Member D ...)
+ TODO: check
+CVE-2024-10222 (The SVG Support plugin for WordPress is vulnerable to Stored Cross-Sit ...)
+ TODO: check
+CVE-2025-26794 (Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are ...)
- exim4 4.98-4 (unimportant)
[bookworm] - exim4 <not-affected> (Vulnerable code not present)
[bullseye] - exim4 <not-affected> (Vulnerable code not present)
@@ -1745,7 +1849,7 @@ CVE-2024-11345 (A heap-based memory vulnerability has been identified in the Pos
CVE-2024-11344 (A type confusion vulnerability has been identified in the Postscript i ...)
NOT-FOR-US: Lexmark
CVE-2025-1094 (Improper neutralization of quoting syntax in PostgreSQL libpq function ...)
- {DLA-4052-1}
+ {DLA-4052-2 DLA-4052-1}
- postgresql-17 17.3-1
- postgresql-15 <removed>
[bookworm] - postgresql-15 <no-dsa> (Minor issue)
@@ -3754,7 +3858,7 @@ CVE-2024-12243 (A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 d
NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1553
NOTE: Fixed by: https://gitlab.com/gnutls/gnutls/-/commit/4760bc63531e3f5039e70ede91a20e1194410892 (3.8.9)
CVE-2024-12133 (A flaw in libtasn1 causes inefficient handling of specific certificate ...)
- {DSA-5863-1}
+ {DSA-5863-1 DLA-4061-1}
- libtasn1-6 4.20.0-1 (bug #1095406)
NOTE: https://www.openwall.com/lists/oss-security/2025/02/06/6
NOTE: https://gitlab.com/gnutls/libtasn1/-/issues/52
@@ -81085,6 +81189,7 @@ CVE-2024-34078 (html-sanitizer is an allowlist-based HTML cleaner. If using `kee
NOTE: https://github.com/matthiask/html-sanitizer/security/advisories/GHSA-wvhx-q427-fgh3
NOTE: https://github.com/matthiask/html-sanitizer/commit/48db42fc5143d0140c32d929c46b802f96913550 (2.4.2)
CVE-2024-34069 (Werkzeug is a comprehensive WSGI web application library. The debugger ...)
+ {DLA-4062-1}
- python-werkzeug 3.0.3-1 (bug #1070711)
[bookworm] - python-werkzeug 2.2.2-3+deb12u1
[buster] - python-werkzeug <postponed> (Minor issue)
@@ -364428,8 +364533,8 @@ CVE-2020-19250
RESERVED
CVE-2020-19249
RESERVED
-CVE-2020-19248
- RESERVED
+CVE-2020-19248 (SQL Injection vulnerability in PbootCMS 1.4.1 in parsing if statements ...)
+ TODO: check
CVE-2020-19247
RESERVED
CVE-2020-19246
@@ -399106,8 +399211,8 @@ CVE-2020-6160
RESERVED
CVE-2020-6159 (URLs using \u201cjavascript:\u201d have the protocol removed when past ...)
NOT-FOR-US: Opera
-CVE-2020-6158
- RESERVED
+CVE-2020-6158 (Opera Mini for Android before version 52.2 is vulnerable to an address ...)
+ TODO: check
CVE-2020-6157 (Opera Touch for iOS before version 2.4.5 is vulnerable to an address b ...)
NOT-FOR-US: Opera Touch for iOS
CVE-2020-6156 (A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the s ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4d25fb38b1e07d28be0aaa13431c84996fa79e0b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4d25fb38b1e07d28be0aaa13431c84996fa79e0b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250221/d956c45b/attachment.htm>
More information about the debian-security-tracker-commits
mailing list