[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Feb 26 20:30:10 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d92cb2fb by security tracker role at 2025-02-26T20:12:32+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,87 @@
+CVE-2025-26925 (Cross-Site Request Forgery (CSRF) vulnerability in Required Admin Menu ...)
+	TODO: check
+CVE-2025-26698 (Incorrect resource transfer between spheres issue exists in RevoWorks  ...)
+	TODO: check
+CVE-2025-25827 (A Server-Side Request Forgery (SSRF) in the component sort.php of Emlo ...)
+	TODO: check
+CVE-2025-25825 (A cross-site scripting (XSS) vulnerability in Emlog Pro v2.5.4 allows  ...)
+	TODO: check
+CVE-2025-25823 (A cross-site scripting (XSS) vulnerability in Emlog Pro v2.5.4 allows  ...)
+	TODO: check
+CVE-2025-25818 (A cross-site scripting (XSS) vulnerability in Emlog Pro v2.5.4 allows  ...)
+	TODO: check
+CVE-2025-25813 (SeaCMS v13.3 was discovered to contain a remote code execution (RCE) v ...)
+	TODO: check
+CVE-2025-25802 (SeaCMS v13.3 was discovered to contain a remote code execution (RCE) v ...)
+	TODO: check
+CVE-2025-25800 (SeaCMS 13.3 was discovered to contain an arbitrary file read vulnerabi ...)
+	TODO: check
+CVE-2025-25799 (SeaCMS 13.3 was discovered to contain an arbitrary file read vulnerabi ...)
+	TODO: check
+CVE-2025-25797 (SeaCMS v13.3 was discovered to contain a remote code execution (RCE) v ...)
+	TODO: check
+CVE-2025-25796 (SeaCMS v13.3 was discovered to contain a remote code execution (RCE) v ...)
+	TODO: check
+CVE-2025-25794 (SeaCMS v13.3 was discovered to contain a remote code execution (RCE) v ...)
+	TODO: check
+CVE-2025-25793 (SeaCMS v13.3 was discovered to contain a remote code execution (RCE) v ...)
+	TODO: check
+CVE-2025-25792 (SeaCMS v13.3 was discovered to contain a remote code execution (RCE) v ...)
+	TODO: check
+CVE-2025-25791 (An arbitrary file upload vulnerability in the plugin installation feat ...)
+	TODO: check
+CVE-2025-25790 (An arbitrary file upload vulnerability in the component \controller\Lo ...)
+	TODO: check
+CVE-2025-25789 (FoxCMS v1.2.5 was discovered to contain a remote code execution (RCE)  ...)
+	TODO: check
+CVE-2025-25785 (JizhiCMS v2.5.4 was discovered to contain a Server-Side Request Forger ...)
+	TODO: check
+CVE-2025-25784 (An arbitrary file upload vulnerability in the component \c\TemplateCon ...)
+	TODO: check
+CVE-2025-25783 (An arbitrary file upload vulnerability in the component admin\plugin.p ...)
+	TODO: check
+CVE-2025-25462 (A SQL Injection vulnerability was found in /admin/add-propertytype.php ...)
+	TODO: check
+CVE-2025-20161 (A vulnerability in the software upgrade process of Cisco Nexus 3000 Se ...)
+	TODO: check
+CVE-2025-20119 (A vulnerability in the system file permission handling of Cisco APIC c ...)
+	TODO: check
+CVE-2025-20118 (A vulnerability in the implementation of the internal system processes ...)
+	TODO: check
+CVE-2025-20117 (A vulnerability in the CLI of Cisco APIC could allow an authenticated, ...)
+	TODO: check
+CVE-2025-20116 (A vulnerability in the web UI of Cisco APIC could allow an authenticat ...)
+	TODO: check
+CVE-2025-20111 (A vulnerability in the health monitoring diagnostics of Cisco Nexus 30 ...)
+	TODO: check
+CVE-2025-1726 (There is a SQL injection issuein Esri ArcGIS Monitor versions 2023.0 t ...)
+	TODO: check
+CVE-2025-1716 (picklescan before 0.0.21 does not treat 'pip' as an unsafe global. An  ...)
+	TODO: check
+CVE-2025-1517 (The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data T ...)
+	TODO: check
+CVE-2025-1249 (Missing Authorization vulnerability in Pixelite Events Manager allows  ...)
+	TODO: check
+CVE-2025-0941 (MET ONE 3400+ instruments running software v1.0.41 can, under rare con ...)
+	TODO: check
+CVE-2025-0731 (An unauthenticated remote attacker can upload a .aspx file instead of  ...)
+	TODO: check
+CVE-2025-0719 (IBM Cloud Pak for Data 4.0.0 through 4.8.5 and 5.0.0 is vulnerable to  ...)
+	TODO: check
+CVE-2024-6810 (The Quiz Organizer plugin for WordPress is vulnerable to Stored Cross- ...)
+	TODO: check
+CVE-2024-53427 (jq v1.7.1 contains a stack-buffer-overflow in the decNumberCopy functi ...)
+	TODO: check
+CVE-2024-52925 (In OPSWAT MetaDefender Kiosk before 4.7.0, arbitrary code execution ca ...)
+	TODO: check
+CVE-2024-47053 (This advisory addresses an authorization vulnerability in Mautic's HTT ...)
+	TODO: check
+CVE-2024-47051 (This advisory addresses two critical security vulnerabilities present  ...)
+	TODO: check
+CVE-2024-46226 (A stored cross site scripting (XSS) vulnerability in HelpDeskZ < v2.0. ...)
+	TODO: check
+CVE-2024-13560 (The Subscriptions & Memberships for PayPal plugin for WordPress is vul ...)
+	TODO: check
 CVE-2024-8186
 	- gitlab <unfixed>
 CVE-2025-0555
@@ -6,7 +90,7 @@ CVE-2024-10925
 	- gitlab <not-affected> (Specific to EE)
 CVE-2025-0475
 	- gitlab <unfixed>
-CVE-2022-49732 [sock: redo the psock vs ULP protection check]
+CVE-2022-49732 (In the Linux kernel, the following vulnerability has been resolved:  s ...)
 	- linux 5.18.14-1
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/e34a07c0ae3906f97eb18df50902e2a01c1015b6 (5.19-rc4)
@@ -151,7 +235,7 @@ CVE-2025-25208
 	NOT-FOR-US: RedHat RHCL
 CVE-2025-25207
 	NOT-FOR-US: RedHat RHCL
-CVE-2025-1634
+CVE-2025-1634 (A flaw was found in the quarkus-resteasy extension, which causes memor ...)
 	NOT-FOR-US: Quarkus
 CVE-2025-0514 (Improper Input Validation vulnerability in The Document Foundation Lib ...)
 	- libreoffice <not-affected> (Only affects Libreoffice on Windows)
@@ -251401,8 +251485,8 @@ CVE-2022-25775 (Prior to the patched version, logged in users of Mautic are vuln
 	NOT-FOR-US: Mautic
 CVE-2022-25774 (Prior to the patched version, logged in users of Mautic are vulnerable ...)
 	NOT-FOR-US: Mautic
-CVE-2022-25773
-	RESERVED
+CVE-2022-25773 (This advisory addresses a file placement vulnerability that could allo ...)
+	TODO: check
 CVE-2022-25772 (A cross-site scripting (XSS) vulnerability in the web tracking compone ...)
 	NOT-FOR-US: Mautic
 CVE-2022-25771



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d92cb2fbd753bd740849b58cb93af0dc05d1eec6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d92cb2fbd753bd740849b58cb93af0dc05d1eec6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250226/8e6acfc2/attachment.htm>

More information about the debian-security-tracker-commits mailing list