[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Feb 22 20:12:06 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6ba03970 by security tracker role at 2025-02-22T20:11:58+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,50 @@
-CVE-2025-21704 [usb: cdc-acm: Check control transfer buffer size before access]
+CVE-2025-27012 (Cross-Site Request Forgery (CSRF) vulnerability in a1post A1POST.BG Sh ...)
+	TODO: check
+CVE-2025-26973 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-26776 (Unrestricted Upload of File with Dangerous Type vulnerability in NotFo ...)
+	TODO: check
+CVE-2025-26774 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-26764 (Missing Authorization vulnerability in enituretechnology Distance Base ...)
+	TODO: check
+CVE-2025-26763 (Deserialization of Untrusted Data vulnerability in MetaSlider Responsi ...)
+	TODO: check
+CVE-2025-26760 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+	TODO: check
+CVE-2025-26757 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+	TODO: check
+CVE-2025-26756 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-26750 (Missing Authorization vulnerability in appsbd Vitepos allows Exploitin ...)
+	TODO: check
+CVE-2025-1557 (A vulnerability, which was classified as problematic, was found in OFC ...)
+	TODO: check
+CVE-2025-1556 (A vulnerability, which was classified as problematic, has been found i ...)
+	TODO: check
+CVE-2025-1553 (A vulnerability was found in pankajindevops scale up to 3633544a00245d ...)
+	TODO: check
+CVE-2025-1361 (The IP2Location Country Blocker plugin for WordPress is vulnerable to  ...)
+	TODO: check
+CVE-2025-0957 (The SMTP for Amazon SES \u2013 YaySMTP plugin for WordPress is vulnera ...)
+	TODO: check
+CVE-2025-0953 (The SMTP for Sendinblue \u2013 YaySMTP plugin for WordPress is vulnera ...)
+	TODO: check
+CVE-2025-0918 (The SMTP for SendGrid \u2013 YaySMTP plugin for WordPress is vulnerabl ...)
+	TODO: check
+CVE-2024-52939 (Kernel software installed and running inside a Guest VM may post impro ...)
+	TODO: check
+CVE-2024-47896 (Kernel software installed and running inside a Guest VM may exploit me ...)
+	TODO: check
+CVE-2024-46975 (Kernel software installed and running inside a Guest VM may exploit me ...)
+	TODO: check
+CVE-2024-13869 (The Migration, Backup, Staging \u2013 WPvivid Backup & Migration plugi ...)
+	TODO: check
+CVE-2024-13564 (The Rife Elementor Extensions & Templates plugin for WordPress is vuln ...)
+	TODO: check
+CVE-2024-12577 (Kernel software installed and running inside a Guest VM may exploit me ...)
+	TODO: check
+CVE-2025-21704 (In the Linux kernel, the following vulnerability has been resolved:  u ...)
 	- linux 6.12.16-1
 	NOTE: https://git.kernel.org/linus/e563b01208f4d1f609bcab13333b6c0e24ce6a01 (6.14-rc3)
 CVE-2025-27109 (solid-js is a declarative, efficient, and flexible JavaScript library  ...)
@@ -958,18 +1004,21 @@ CVE-2024-45774 (A flaw was found in grub2. A specially crafted JPEG file can cau
 	NOTE: https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
 	NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
 CVE-2025-27113 (libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer der ...)
+	{DLA-4064-1}
 	- libxml2 <unfixed> (bug #1098322)
 	NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/861
 	NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/2
 	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/6c716d491dd2e67f08066f4dc0619efeb49e43e6
 	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/503f788e84f1c1f1d769c2c7258d77faee94b5a3 (v2.12.10)
 CVE-2025-24928 (libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buff ...)
+	{DLA-4064-1}
 	- libxml2 <unfixed> (bug #1098321)
 	NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/847
 	NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/2
 	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/8c8753ad5280ee13aee5eec9b0f6eee2ed920f57
 	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/858ca26c0689161a6b903a6682cc8a1cc10a0ea8 (v2.12.10)
 CVE-2024-56171 (libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free i ...)
+	{DLA-4064-1}
 	- libxml2 <unfixed> (bug #1098320)
 	NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/828
 	NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/2
@@ -6780,6 +6829,7 @@ CVE-2024-10628 (The Quiz Maker Business, Developer, and Agency plugins for WordP
 CVE-2024-10574 (The Quiz Maker Business, Developer, and Agency plugins for WordPress i ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-49043 (xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-af ...)
+	{DLA-4064-1}
 	[experimental] - libxml2 2.12.3+dfsg-0exp1
 	- libxml2 <unfixed> (bug #1094238)
 	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/5a19e21605398cef6a8b1452477a8705cb41562b (v2.11.0)
@@ -109024,6 +109074,7 @@ CVE-2021-46903 (An issue was discovered in LTOS-Web-Interface in Meinberg LANTIM
 CVE-2021-46902 (An issue was discovered in LTOS-Web-Interface in Meinberg LANTIME-Firm ...)
 	NOT-FOR-US: Meinberg
 CVE-2024-25062 (An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.1 ...)
+	{DLA-4064-1}
 	[experimental] - libxml2 2.12.5+dfsg-0exp1
 	- libxml2 <unfixed> (bug #1063234)
 	[bookworm] - libxml2 <no-dsa> (Minor issue)
@@ -131180,6 +131231,7 @@ CVE-2023-40631 (In Dialer, there is a possible missing permission check. This co
 CVE-2023-5182 (Sensitive data could be exposed in logs of subiquity version 23.09.1 a ...)
 	NOT-FOR-US: Subiquity
 CVE-2023-45322 (libxml2 through 2.11.5 has a use-after-free that can only occur after  ...)
+	{DLA-4064-1}
 	[experimental] - libxml2 2.12.3+dfsg-0exp1
 	- libxml2 <unfixed> (bug #1053629)
 	[bookworm] - libxml2 <no-dsa> (Minor issue)
@@ -137110,6 +137162,7 @@ CVE-2023-39616 (AOMedia v3.0.0 to v3.5.0 was discovered to contain an invalid re
 	NOTE: For Debian this was initially fixed in Debian unstable with 3.7.0~rc3-1 but reverted with the
 	NOTE: 3.7.0~really3.6.1-1 upload re-introducing the issue.
 CVE-2023-39615 (Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds rea ...)
+	{DLA-4064-1}
 	[experimental] - libxml2 2.12.3+dfsg-0exp1
 	- libxml2 <unfixed> (bug #1051230)
 	[bookworm] - libxml2 <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ba039701e3f81d434ea39ceedfb88c24533a1b8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ba039701e3f81d434ea39ceedfb88c24533a1b8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250222/23556286/attachment.htm>

More information about the debian-security-tracker-commits mailing list