[Git][security-tracker-team/security-tracker][master] automatic update

Tue Feb 25 08:12:29 GMT 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e7b28577 by security tracker role at 2025-02-25T08:12:23+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,65 @@
+CVE-2025-27145 (copyparty, a portable file server, has a DOM-based cross-site scriptin ...)
+	TODO: check
+CVE-2025-27144 (Go JOSE provides an implementation of the Javascript Object Signing an ...)
+	TODO: check
+CVE-2025-27143 (Better Auth is an authentication and authorization library for TypeScr ...)
+	TODO: check
+CVE-2025-27141 (Metabase Enterprise Edition is the enterprise version of Metabase busi ...)
+	TODO: check
+CVE-2025-27140 (WeGIA is a Web manager for charitable institutions. An OS Command Inje ...)
+	TODO: check
+CVE-2025-27137 (Dependency-Track is a component analysis platform that allows organiza ...)
+	TODO: check
+CVE-2025-26533 (An SQL injection risk was identified in the module list filter within  ...)
+	TODO: check
+CVE-2025-25513 (Seacms <=13.3 is vulnerable to SQL Injection in admin_members.php.)
+	TODO: check
+CVE-2025-22974 (SQL Injection vulnerability in SeaCMS v.13.2 and before allows a remot ...)
+	TODO: check
+CVE-2025-22210 (A SQL injection vulnerability in the Hikashop component versions 3.3.0 ...)
+	TODO: check
+CVE-2025-1675 (The function dns_copy_qname in dns_pack.c performs performs a memcpy o ...)
+	TODO: check
+CVE-2025-1674 (A lack of input validation allows for out of bounds reads caused by ma ...)
+	TODO: check
+CVE-2025-1673 (A malicious or malformed DNS packet without a payload can cause an out ...)
+	TODO: check
+CVE-2025-1648 (The Yawave plugin for WordPress is vulnerable to SQL Injection via the ...)
+	TODO: check
+CVE-2025-1646 (A vulnerability, which was classified as critical, has been found in L ...)
+	TODO: check
+CVE-2025-1645 (A vulnerability classified as critical was found in Benner Connecta 1. ...)
+	TODO: check
+CVE-2025-1644 (A vulnerability classified as problematic has been found in Benner Mod ...)
+	TODO: check
+CVE-2025-1643 (A vulnerability was found in Benner ModernaNet up to 1.1.0. It has bee ...)
+	TODO: check
+CVE-2025-1642 (A vulnerability was found in Benner ModernaNet up to 1.1.0. It has bee ...)
+	TODO: check
+CVE-2025-1641 (A vulnerability was found in Benner ModernaNet up to 1.1.0. It has bee ...)
+	TODO: check
+CVE-2025-1640 (A vulnerability was found in Benner ModernaNet up to 1.1.0 and classif ...)
+	TODO: check
+CVE-2025-1128 (The Everest Forms \u2013 Contact Forms, Quiz, Survey, Newsletter & Pay ...)
+	TODO: check
+CVE-2025-1063 (The Classified Listing \u2013 Classified ads & Business Directory Plug ...)
+	TODO: check
+CVE-2024-57685 (An issue in sparkshop v.1.1.7 and before allows a remote attacker to e ...)
+	TODO: check
+CVE-2024-57608 (An issue in Via Browser 6.1.0 allows a a remote attacker to execute ar ...)
+	TODO: check
+CVE-2024-56525 (In Public Knowledge Project (PKP) OJS, OMP, and OPS before 3.3.0.21 an ...)
+	TODO: check
+CVE-2024-53544 (NovaCHRON Zeitsysteme GmbH & Co. KG Smart Time Plus v8.x to v8.6 was d ...)
+	TODO: check
+CVE-2024-53543 (NovaCHRON Zeitsysteme GmbH & Co. KG Smart Time Plus v8.x to v8.6 was d ...)
+	TODO: check
+CVE-2024-53542 (Incorrect access control in the component /iclock/Settings?restartNCS= ...)
+	TODO: check
+CVE-2024-13494 (The WordPress File Upload plugin for WordPress is vulnerable to Cross- ...)
+	TODO: check
+CVE-2024-10545 (The Photo Gallery, Sliders, Proofing and   WordPress plugin before 3.5 ...)
+	TODO: check
 CVE-2025-27364 (In MITRE Caldera through 4.2.0 and 5.0.0 before 35bc06e, a Remote Code ...)
 	NOT-FOR-US: MITRE Caldera
 CVE-2025-27357 (Cross-Site Request Forgery (CSRF) vulnerability in Musa AVCI \xd6nceki ...)
@@ -1195,7 +1257,8 @@ CVE-2024-13681 (The Uncode theme for WordPress is vulnerable to arbitrary file r
 	NOT-FOR-US: WordPress plugin
 CVE-2024-13667 (The Uncode theme for WordPress is vulnerable to Stored Cross-Site Scri ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2024-13636 (The Brooklyn theme for WordPress is vulnerable to PHP Object Injection ...)
+CVE-2024-13636
+	REJECTED
 	NOT-FOR-US: WordPress plugin
 CVE-2024-13395 (The Threepress plugin for WordPress is vulnerable to Stored Cross-Site ...)
 	NOT-FOR-US: WordPress plugin



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e7b28577d92ca9f195cddfd50aebce87ebfda8fb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e7b28577d92ca9f195cddfd50aebce87ebfda8fb
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250225/e6c8151f/attachment.htm>
