[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6b59acad by security tracker role at 2025-02-24T20:12:50+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,160 @@
-CVE-2023-52926 [io_uring/rw: split io_read() into a helper]
+CVE-2025-27364 (In MITRE Caldera through 4.2.0 and 5.0.0 before 35bc06e, a Remote Code ...)
+	TODO: check
+CVE-2025-27357 (Cross-Site Request Forgery (CSRF) vulnerability in Musa AVCI \xd6nceki ...)
+	TODO: check
+CVE-2025-27356 (Missing Authorization vulnerability in Hardik Sticky Header On Scroll  ...)
+	TODO: check
+CVE-2025-27355 (Cross-Site Request Forgery (CSRF) vulnerability in Nicolas GRILLET Woo ...)
+	TODO: check
+CVE-2025-27353 (Cross-Site Request Forgery (CSRF) vulnerability in Bob Namaste! LMS al ...)
+	TODO: check
+CVE-2025-27352 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-27351 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-27349 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-27348 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-27347 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-27344 (Cross-Site Request Forgery (CSRF) vulnerability in filipstepanov Phee' ...)
+	TODO: check
+CVE-2025-27342 (Cross-Site Request Forgery (CSRF) vulnerability in josesan WooCommerce ...)
+	TODO: check
+CVE-2025-27341 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-27340 (Cross-Site Request Forgery (CSRF) vulnerability in Marc F12-Profiler a ...)
+	TODO: check
+CVE-2025-27339 (Cross-Site Request Forgery (CSRF) vulnerability in Will Anderson Minim ...)
+	TODO: check
+CVE-2025-27336 (Cross-Site Request Forgery (CSRF) vulnerability in Alex Prokopenko / J ...)
+	TODO: check
+CVE-2025-27335 (Cross-Site Request Forgery (CSRF) vulnerability in Free plug in by SEO ...)
+	TODO: check
+CVE-2025-27332 (Cross-Site Request Forgery (CSRF) vulnerability in gmnazmul Smart Main ...)
+	TODO: check
+CVE-2025-27331 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-27330 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-27329 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-27328 (Cross-Site Request Forgery (CSRF) vulnerability in queeez WP-PostRatin ...)
+	TODO: check
+CVE-2025-27327 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-27325 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-27323 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-27321 (Cross-Site Request Forgery (CSRF) vulnerability in Blighty Blightly Ex ...)
+	TODO: check
+CVE-2025-27320 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-27318 (Cross-Site Request Forgery (CSRF) vulnerability in ixiter Simple Googl ...)
+	TODO: check
+CVE-2025-27317 (Cross-Site Request Forgery (CSRF) vulnerability in IT-RAYS RAYS Grid a ...)
+	TODO: check
+CVE-2025-27316 (Cross-Site Request Forgery (CSRF) vulnerability in hosting.io JPG, PNG ...)
+	TODO: check
+CVE-2025-27315 (Cross-Site Request Forgery (CSRF) vulnerability in wptom All-In-One Cu ...)
+	TODO: check
+CVE-2025-27312 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2025-27311 (Cross-Site Request Forgery (CSRF) vulnerability in luk3thomas Bulk Con ...)
+	TODO: check
+CVE-2025-27307 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-27306 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-27305 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-27304 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-27303 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-27301 (Deserialization of Untrusted Data vulnerability in Nazmul Hasan Robin  ...)
+	TODO: check
+CVE-2025-27300 (Deserialization of Untrusted Data vulnerability in giuliopanda ADFO al ...)
+	TODO: check
+CVE-2025-27298 (Cross-Site Request Forgery (CSRF) vulnerability in cmstactics WP Video ...)
+	TODO: check
+CVE-2025-27297 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2025-27296 (Missing Authorization vulnerability in revenueflex Auto Ad Inserter \u ...)
+	TODO: check
+CVE-2025-27294 (Missing Authorization vulnerability in platcom WP-Asambleas allows Exp ...)
+	TODO: check
+CVE-2025-27290 (Cross-Site Request Forgery (CSRF) vulnerability in seyyed-amir Erima Z ...)
+	TODO: check
+CVE-2025-27280 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-27277 (Cross-Site Request Forgery (CSRF) vulnerability in tiefpunkt Add Linke ...)
+	TODO: check
+CVE-2025-27276 (Cross-Site Request Forgery (CSRF) vulnerability in lizeipe Photo Galle ...)
+	TODO: check
+CVE-2025-27272 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+	TODO: check
+CVE-2025-27266 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-27265 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-27133 (WeGIA is a Web manager for charitable institutions. A SQL Injection vu ...)
+	TODO: check
+CVE-2025-27112 (Navidrome is an open source web-based music collection server and stre ...)
+	TODO: check
+CVE-2025-26883 (Missing Authorization vulnerability in bPlugins Animated Text Block al ...)
+	TODO: check
+CVE-2025-26803 (The http parser in Phusion Passenger 6.0.21 through 6.0.25 before 6.0. ...)
+	TODO: check
+CVE-2025-26532 (Additional checks were required to ensure trusttext is applied (when e ...)
+	TODO: check
+CVE-2025-26531 (Insufficient capability checks made it possible to disable badges a us ...)
+	TODO: check
+CVE-2025-26530 (The question bank filter required additional sanitizing to prevent a r ...)
+	TODO: check
+CVE-2025-26529 (Description information displayed in the site administration live log  ...)
+	TODO: check
+CVE-2025-26528 (The drag-and-drop onto image (ddimageortext) question type required ad ...)
+	TODO: check
+CVE-2025-26527 (Tags not expected to be visible to a user could still be discovered by ...)
+	TODO: check
+CVE-2025-26526 (Separate Groups mode restrictions were not factored into permission  c ...)
+	TODO: check
+CVE-2025-26525 (Insufficient sanitizing in the TeX notation filter resulted in an  arb ...)
+	TODO: check
+CVE-2025-26201 (Credential disclosure vulnerability via the /staff route in GreaterWMS ...)
+	TODO: check
+CVE-2025-26200 (SQL injection in SLIMS v.9.6.1 allows a remote attacker to escalate pr ...)
+	TODO: check
+CVE-2025-25460 (A stored Cross-Site Scripting (XSS) vulnerability was identified in Fl ...)
+	TODO: check
+CVE-2025-23017 (WorkOS Hosted AuthKit before 2025-01-07 allows a password authenticati ...)
+	TODO: check
+CVE-2025-22495 (An improper input validation vulnerability was discovered in the NTP s ...)
+	TODO: check
+CVE-2025-1632 (A vulnerability was found in libarchive up to 3.7.7. It has been class ...)
+	TODO: check
+CVE-2025-1488 (The WPO365 | MICROSOFT 365 GRAPH MAILER plugin for WordPress is vulner ...)
+	TODO: check
+CVE-2025-0545 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-5174 (A flaw in Gliffy results in broken authentication through the reset fu ...)
+	TODO: check
+CVE-2024-57026 (TawkTo Widget Version <= 1.3.7 is vulnerable to Cross Site Scripting ( ...)
+	TODO: check
+CVE-2024-56897 (Improper access control in the HTTP server in YI Car Dashcam v3.88 all ...)
+	TODO: check
+CVE-2024-54820 (XOne Web Monitor v02.10.2024.530 framework 1.0.4.9 was discovered to c ...)
+	TODO: check
+CVE-2024-12918 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2024-12917 (Files or Directories Accessible to External Parties vulnerability in A ...)
+	TODO: check
+CVE-2024-12916 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2023-52926 (In the Linux kernel, the following vulnerability has been resolved:  I ...)
 	- linux 6.7.7-1
 	[bookworm] - linux 6.1.123-1
 	NOTE: https://git.kernel.org/linus/a08d195b586a217d76b42062f88f375a3eedda4d (6.7-rc1)
@@ -2709,7 +2865,7 @@ CVE-2024-55212 (DNNGo xBlog v6.5.0 was discovered to contain a SQL injection vul
 	NOT-FOR-US: DNNGo xBlog
 CVE-2024-54916 (An issue in the SharedConfig class of Telegram Android APK v.11.7.0 al ...)
 	NOT-FOR-US: Telegram Android APK
-CVE-2024-54772 (An issue was discovered in the Winbox service of MikroTik RouterOS v6. ...)
+CVE-2024-54772 (An issue was discovered in the Winbox service of MikroTik RouterOS lon ...)
 	NOT-FOR-US: MikroTik
 CVE-2024-53880 (NVIDIA Triton Inference Server contains a vulnerability in the model l ...)
 	NOT-FOR-US: NVIDIA Triton Inference Server



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b59acad68820c8a51a054047a316773cb2daa61

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b59acad68820c8a51a054047a316773cb2daa61
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250224/890884b3/attachment-0001.htm>