[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Feb 28 20:12:55 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6dbf692d by security tracker role at 2025-02-28T20:12:48+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,119 @@
+CVE-2025-27408 (Manifest offers users a one-file micro back end. Prior to version 4.9. ...)
+ TODO: check
+CVE-2025-27400 (Magento Long Term Support (LTS) is an unofficial, community-driven pro ...)
+ TODO: check
+CVE-2025-26326 (A vulnerability in the remote connection complements of the NVDA (Nonv ...)
+ TODO: check
+CVE-2025-26263 (GeoVision ASManager Windows desktop application with the version 6.1.2 ...)
+ TODO: check
+CVE-2025-26047 (Loggrove v1.0 is vulnerable to SQL Injection in the read.py file.)
+ TODO: check
+CVE-2025-25916 (wuzhicms v4.1.0 has a Cross Site Scripting (XSS) vulnerability in del ...)
+ TODO: check
+CVE-2025-25635 (TOTOlink A3002R V1.1.1-B20200824.0128 contains a buffer overflow vulne ...)
+ TODO: check
+CVE-2025-25610 (TOTOlink A3002R V1.1.1-B20200824.0128 contains a buffer overflow vulne ...)
+ TODO: check
+CVE-2025-25609 (TOTOlink A3002R V1.1.1-B20200824.0128 contains a buffer overflow vulne ...)
+ TODO: check
+CVE-2025-25461 (A Stored Cross-Site Scripting (XSS) vulnerability exists in SeedDMS 6. ...)
+ TODO: check
+CVE-2025-25431 (Trendnet TEW-929DRU 1.0.0.10 contains a Stored Cross-site Scripting (X ...)
+ TODO: check
+CVE-2025-25430 (Trendnet TEW-929DRU 1.0.0.10 contains a Stored Cross-site Scripting (X ...)
+ TODO: check
+CVE-2025-25429 (Trendnet TEW-929DRU 1.0.0.10 contains a Stored Cross-site Scripting (X ...)
+ TODO: check
+CVE-2025-25428 (TRENDnet TEW-929DRU 1.0.0.10 was discovered to contain a hardcoded pas ...)
+ TODO: check
+CVE-2025-24849 (Lack of encryption in transit for cloud infrastructure facilitating po ...)
+ TODO: check
+CVE-2025-24843 (Insecure file retrieval process that facilitates potential for file ma ...)
+ TODO: check
+CVE-2025-24318 (Cookie policy is observable via built-in browser tools. In the presenc ...)
+ TODO: check
+CVE-2025-24316 (The Dario Health Internet-based server infrastructure is vulnerable du ...)
+ TODO: check
+CVE-2025-23405 (Unauthenticated log effects metrics gathering incident response effort ...)
+ TODO: check
+CVE-2025-22492 (The connection string visible to users with access to FRSCore database ...)
+ TODO: check
+CVE-2025-22491 (The user input was not sanitized on Reporting Hierarchy Management pag ...)
+ TODO: check
+CVE-2025-22274 (It is possible to inject HTML code into the page content using the "co ...)
+ TODO: check
+CVE-2025-22273 (Application does not limit the number or frequency of user interaction ...)
+ TODO: check
+CVE-2025-22272 (In the "/EPMUI/ModalDlgHandler.ashx?value=showReadonlyDlg" endpoint, i ...)
+ TODO: check
+CVE-2025-22271 (The application or its infrastructure allows for IP address spoofing b ...)
+ TODO: check
+CVE-2025-22270 (An attacker with access to the Administration panel, specifically the ...)
+ TODO: check
+CVE-2025-20060 (An attacker could expose cross-user personal identifiable information ...)
+ TODO: check
+CVE-2025-20049 (The Dario Health portal service application is vulnerable to XSS, whic ...)
+ TODO: check
+CVE-2025-1795 (During an address list folding when a separating comma ends up on a fo ...)
+ TODO: check
+CVE-2025-1776 (Cross-Site Scripting (XSS) vulnerability in Soteshop, versions prior t ...)
+ TODO: check
+CVE-2025-1749 (HTML injection vulnerabilities in OpenCart versions prior to 4.1.0. Th ...)
+ TODO: check
+CVE-2025-1748 (HTML injection vulnerabilities in OpenCart versions prior to 4.1.0. Th ...)
+ TODO: check
+CVE-2025-1747 (HTML injection vulnerabilities in OpenCart versions prior to 4.1.0. Th ...)
+ TODO: check
+CVE-2025-1746 (Cross-Site Scripting vulnerability in OpenCart versions prior to 4.1.0 ...)
+ TODO: check
+CVE-2025-1662 (The URL Media Uploader plugin for WordPress is vulnerable to Server-Si ...)
+ TODO: check
+CVE-2025-1570 (The Directorist: AI-Powered Business Directory Plugin with Classified ...)
+ TODO: check
+CVE-2025-1560 (The WOW Entrance Effects (WEE!) plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2025-1413 (DaVinci Resolve on MacOS was found to be installed with incorrect file ...)
+ TODO: check
+CVE-2025-1319 (The Site Mailer \u2013 SMTP Replacement, Email API Deliverability & Em ...)
+ TODO: check
+CVE-2025-1300 (CodeChecker is an analyzer tooling, defect database and viewer extensi ...)
+ TODO: check
+CVE-2025-0985 (IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD stores potentially sensi ...)
+ TODO: check
+CVE-2025-0769 (PixelYourSite - Your smart PIXEL (TAG) and API Manager 10.1.1.1 was fo ...)
+ TODO: check
+CVE-2025-0160 (IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5 ...)
+ TODO: check
+CVE-2025-0159 (IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5 ...)
+ TODO: check
+CVE-2024-9195 (The WHMPress - WHMCS Client Area plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2024-9193 (The WHMpress - WHMCS WordPress Integration Plugin plugin for WordPress ...)
+ TODO: check
+CVE-2024-9019 (The SecuPress Free \u2014 WordPress Security plugin for WordPress is v ...)
+ TODO: check
+CVE-2024-8425 (The WooCommerce Ultimate Gift Card plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2024-8420 (The DHVC Form plugin for WordPress is vulnerable to privilege escalati ...)
+ TODO: check
+CVE-2024-54175 (IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow a local user ...)
+ TODO: check
+CVE-2024-44754 (Cryptographic key extraction from internal flash in Minut M2 with firm ...)
+ TODO: check
+CVE-2024-13851 (The Modal Portfolio plugin for WordPress is vulnerable to Stored Cross ...)
+ TODO: check
+CVE-2024-13832 (The Ultra Addons Lite for Elementor plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2024-13831 (The Tabs for WooCommerce plugin for WordPress is vulnerable to PHP Obj ...)
+ TODO: check
+CVE-2024-13716 (The Forex Calculators plugin for WordPress is vulnerable to unauthoriz ...)
+ TODO: check
+CVE-2024-13638 (The Order Attachments for WooCommerce plugin for WordPress is vulnerab ...)
+ TODO: check
+CVE-2024-13469 (The Pricing Table by PickPlugins plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2024-10860 (The NextMove Lite \u2013 Thank You Page for WooCommerce plugin for Wor ...)
+ TODO: check
CVE-2025-27531
NOT-FOR-US: Apache InLong
CVE-2025-26325 (ShopXO 6.4.0 is vulnerable to File Upload in ThemeDataService.php.)
@@ -4120,6 +4236,7 @@ CVE-2024-11955 (A vulnerability was found in GLPI up to 10.0.17. It has been dec
- glpi <removed>
NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-g5fm-jq4j-c2c7
CVE-2025-26601 (A use-after-free flaw was found in X.Org and Xwayland. When changing a ...)
+ {DSA-5872-1}
- xorg-server 2:21.1.16-1 (bug #1098906)
- xwayland 2:24.1.6-1 (bug #1098907)
[bookworm] - xwayland <ignored> (Minor issue; Xwayland shouldn't be running as root)
@@ -4129,12 +4246,14 @@ CVE-2025-26601 (A use-after-free flaw was found in X.Org and Xwayland. When chan
NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/8cbc90c8817306af75a60f494ec9dbb1061e50db
NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/c285798984c6bb99e454a33772cde23d394d3dcd
CVE-2025-26600 (A use-after-free flaw was found in X.Org and Xwayland. When a device i ...)
+ {DSA-5872-1}
- xorg-server 2:21.1.16-1 (bug #1098906)
- xwayland 2:24.1.6-1 (bug #1098907)
[bookworm] - xwayland <ignored> (Minor issue; Xwayland shouldn't be running as root)
NOTE: https://lists.x.org/archives/xorg-announce/2025-February/003584.html
NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/6e0f332ba4c8b8c9a9945dc9d7989bfe06f80e14
CVE-2025-26599 (An access to an uninitialized pointer flaw was found in X.Org and Xway ...)
+ {DSA-5872-1}
- xorg-server 2:21.1.16-1 (bug #1098906)
- xwayland 2:24.1.6-1 (bug #1098907)
[bookworm] - xwayland <ignored> (Minor issue; Xwayland shouldn't be running as root)
@@ -4142,30 +4261,35 @@ CVE-2025-26599 (An access to an uninitialized pointer flaw was found in X.Org an
NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/c1ff84bef2569b4ba4be59323cf575d1798ba9be
NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/b07192a8bedb90b039dc0f70ae69daf047ff9598
CVE-2025-26598 (An out-of-bounds write flaw was found in X.Org and Xwayland. The funct ...)
+ {DSA-5872-1}
- xorg-server 2:21.1.16-1 (bug #1098906)
- xwayland 2:24.1.6-1 (bug #1098907)
[bookworm] - xwayland <ignored> (Minor issue; Xwayland shouldn't be running as root)
NOTE: https://lists.x.org/archives/xorg-announce/2025-February/003584.html
NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/bba9df1a9d57234c76c0b93f88dacb143d01bca2
CVE-2025-26597 (A buffer overflow flaw was found in X.Org and Xwayland. If XkbChangeTy ...)
+ {DSA-5872-1}
- xorg-server 2:21.1.16-1 (bug #1098906)
- xwayland 2:24.1.6-1 (bug #1098907)
[bookworm] - xwayland <ignored> (Minor issue; Xwayland shouldn't be running as root)
NOTE: https://lists.x.org/archives/xorg-announce/2025-February/003584.html
NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/0e4ed94952b255c04fe910f6a1d9c852878dcd64
CVE-2025-26596 (A heap overflow flaw was found in X.Org and Xwayland. The computation ...)
+ {DSA-5872-1}
- xorg-server 2:21.1.16-1 (bug #1098906)
- xwayland 2:24.1.6-1 (bug #1098907)
[bookworm] - xwayland <ignored> (Minor issue; Xwayland shouldn't be running as root)
NOTE: https://lists.x.org/archives/xorg-announce/2025-February/003584.html
NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/80d69f01423fc065c950e1ff4e8ddf9f675df773
CVE-2025-26595 (A buffer overflow flaw was found in X.Org and Xwayland. The code in Xk ...)
+ {DSA-5872-1}
- xorg-server 2:21.1.16-1 (bug #1098906)
- xwayland 2:24.1.6-1 (bug #1098907)
[bookworm] - xwayland <ignored> (Minor issue; Xwayland shouldn't be running as root)
NOTE: https://lists.x.org/archives/xorg-announce/2025-February/003584.html
NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/11fcda8753e994e15eb915d28cf487660ec8e722
CVE-2025-26594 (A use-after-free flaw was found in X.Org and Xwayland. The root cursor ...)
+ {DSA-5872-1}
- xorg-server 2:21.1.16-1 (bug #1098906)
- xwayland 2:24.1.6-1 (bug #1098907)
[bookworm] - xwayland <ignored> (Minor issue; Xwayland shouldn't be running as root)
@@ -27921,13 +28045,13 @@ CVE-2024-36618 (FFmpeg n6.1.1 has a vulnerability in the AVI demuxer of the liba
[bookworm] - ffmpeg <postponed> (Pick up when fixed in 5.1.x)
NOTE: https://github.com/ffmpeg/ffmpeg/commit/7a089ed8e049e3bfcb22de1250b86f2106060857 (n7.0)
CVE-2024-36617 (FFmpeg n6.1.1 has an integer overflow vulnerability in the FFmpeg CAF ...)
- {DSA-5712-1}
+ {DSA-5721-1 DSA-5712-1}
- ffmpeg 7:7.0.1-3
NOTE: https://github.com/ffmpeg/ffmpeg/commit/d973fcbcc2f944752ff10e6a76b0b2d9329937a7 (n7.0)
NOTE: https://github.com/ffmpeg/ffmpeg/commit/f0e780370cc1c437d64f10d326b1d656ef490b5f (n5.1.5)
NOTE: https://github.com/FFmpeg/FFmpeg/commit/9557810a81624f222d603e0fdf3778054f8d8cc4 (n4.3.7)
CVE-2024-36616 (An integer overflow in the component /libavformat/westwood_vqa.c of FF ...)
- {DSA-5712-1}
+ {DSA-5721-1 DSA-5712-1}
- ffmpeg 7:7.0.1-3
NOTE: https://github.com/ffmpeg/ffmpeg/commit/86f73277bf014e2ce36dd2594f1e0fb8b3bd6661 (n7.0)
NOTE: https://github.com/ffmpeg/ffmpeg/commit/a8beef67993aa267de87599007143d9f0ba67c23 (n5.1.5)
@@ -47432,7 +47556,7 @@ CVE-2024-45348 (Xiaomi Router AX9000 has a post-authorization command injection
NOT-FOR-US: Xiaomi Router AX9000
CVE-2024-44540 (Ubiquiti AirMax firmware version firmware version 8 allows attackers w ...)
NOT-FOR-US: Ubiquiti AirMax firmware
-CVE-2024-43201 (The Planet Fitness Workouts iOS and Android mobile apps prior to versi ...)
+CVE-2024-43201 (The Planet Fitness Workouts iOS and Android mobile apps fail to proper ...)
NOT-FOR-US: Planet Fitness Workouts iOS and Android mobile apps
CVE-2024-41228 (A symlink following vulnerability in the pouch cp function of AliyunCo ...)
NOT-FOR-US: AliyunContainerService
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6dbf692db68fd721e41776e93d59e8b73a866ca7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6dbf692db68fd721e41776e93d59e8b73a866ca7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250228/adde0a9a/attachment.htm>
More information about the debian-security-tracker-commits
mailing list