[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Mar 1 08:12:01 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5f0d944e by security tracker role at 2025-03-01T08:11:55+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,79 @@
+CVE-2025-27554 (ToDesktop before 2024-10-03, as used by Cursor before 2024-10-03 and o ...)
+ TODO: check
+CVE-2025-27416 (Scratch-Coding-Hut.github.io is the website for Coding Hut. The websit ...)
+ TODO: check
+CVE-2025-27414 (MinIO is a high performance object storage. Starting in RELEASE.2024-0 ...)
+ TODO: check
+CVE-2025-27413 (PwnDoc is a penetration test reporting application. Prior to version 1 ...)
+ TODO: check
+CVE-2025-27410 (PwnDoc is a penetration test reporting application. Prior to version 1 ...)
+ TODO: check
+CVE-2025-25723 (Buffer Overflow vulnerability in GPAC version 2.5 allows a local attac ...)
+ TODO: check
+CVE-2025-25478 (The account file upload functionality in Syspass 3.2.x fails to proper ...)
+ TODO: check
+CVE-2025-25476 (A stored cross-site scripting (XSS) vulnerability in SysPass 3.2.x all ...)
+ TODO: check
+CVE-2025-25379 (Cross Site Request Forgery vulnerability in 07FLYCMS v.1.3.9 allows a ...)
+ TODO: check
+CVE-2025-23119 (An Improper Neutralization of Escape Sequences vulnerability could all ...)
+ TODO: check
+CVE-2025-23118 (An Improper Certificate Validation vulnerability could allow an authen ...)
+ TODO: check
+CVE-2025-23117 (An Insufficient Firmware Update Validation vulnerability could allow a ...)
+ TODO: check
+CVE-2025-23116 (An Authentication Bypass vulnerability on UniFi Protect Application wi ...)
+ TODO: check
+CVE-2025-23115 (A Use After Free vulnerability on UniFi Protect Cameras could allow a ...)
+ TODO: check
+CVE-2025-1803
+ REJECTED
+CVE-2025-1780 (The BuddyPress WooCommerce My Account Integration. Create WooCommerce ...)
+ TODO: check
+CVE-2025-1730 (The Simple Download Counter plugin for WordPress is vulnerable to Arbi ...)
+ TODO: check
+CVE-2025-1671 (The Academist Membership plugin for WordPress is vulnerable to Privile ...)
+ TODO: check
+CVE-2025-1638 (The Alloggio Membership plugin for WordPress is vulnerable to Authenti ...)
+ TODO: check
+CVE-2025-1564 (The SetSail Membership plugin for WordPress is vulnerable to in all v ...)
+ TODO: check
+CVE-2025-1502 (The IP2Location Redirection plugin for WordPress is vulnerable to unau ...)
+ TODO: check
+CVE-2025-1459 (The Page Builder by SiteOrigin plugin for WordPress is vulnerable to S ...)
+ TODO: check
+CVE-2025-0820 (The Clicface Trombi plugin for WordPress is vulnerable to Stored Cross ...)
+ TODO: check
+CVE-2024-9217 (The Currency Switcher for WooCommerce plugin for WordPress is vulnerab ...)
+ TODO: check
+CVE-2024-9212 (The SKU Generator for WooCommerce plugin for WordPress is vulnerable t ...)
+ TODO: check
+CVE-2024-1509 (Brocade ASCG before 3.2.0 Web Interface is not enforcing HSTS, as de ...)
+ TODO: check
+CVE-2024-13911 (The Database Backup and check Tables Automated With Scheduler 2024 plu ...)
+ TODO: check
+CVE-2024-13901 (The Counter Box: Add Engaging Countdowns, Timers & Counters to Your Wo ...)
+ TODO: check
+CVE-2024-13806 (The The Authors List plugin for WordPress is vulnerable to arbitrary s ...)
+ TODO: check
+CVE-2024-13750 (The Multilevel Referral Affiliate Plugin for WooCommerce plugin for Wo ...)
+ TODO: check
+CVE-2024-13746 (The Booking Calendar and Notification plugin for WordPress is vulnerab ...)
+ TODO: check
+CVE-2024-13568 (The Fluent Support \u2013 Helpdesk & Customer Support Ticket System pl ...)
+ TODO: check
+CVE-2024-13559 (The TemplatesNext ToolKit plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2024-13518 (The Simple:Press Forum plugin for WordPress is vulnerable to Cross-Sit ...)
+ TODO: check
+CVE-2024-13373 (The Exertio Framework plugin for WordPress is vulnerable to privilege ...)
+ TODO: check
+CVE-2024-13358 (The BuddyPress WooCommerce My Account Integration. Create WooCommerce ...)
+ TODO: check
+CVE-2024-12824 (The Nokri \u2013 Job Board WordPress Theme theme for WordPress is vuln ...)
+ TODO: check
+CVE-2024-12544 (The SurveyJS: Drag & Drop WordPress Form Builder to create, style and ...)
+ TODO: check
CVE-2025-27408 (Manifest offers users a one-file micro back end. Prior to version 4.9. ...)
NOT-FOR-US: Manifest
CVE-2025-27400 (Magento Long Term Support (LTS) is an unofficial, community-driven pro ...)
@@ -4247,7 +4323,7 @@ CVE-2024-11955 (A vulnerability was found in GLPI up to 10.0.17. It has been dec
- glpi <removed>
NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-g5fm-jq4j-c2c7
CVE-2025-26601 (A use-after-free flaw was found in X.Org and Xwayland. When changing a ...)
- {DSA-5872-1}
+ {DSA-5872-1 DLA-4072-1}
- xorg-server 2:21.1.16-1 (bug #1098906)
- xwayland 2:24.1.6-1 (bug #1098907)
[bookworm] - xwayland <ignored> (Minor issue; Xwayland shouldn't be running as root)
@@ -4257,14 +4333,14 @@ CVE-2025-26601 (A use-after-free flaw was found in X.Org and Xwayland. When chan
NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/8cbc90c8817306af75a60f494ec9dbb1061e50db
NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/c285798984c6bb99e454a33772cde23d394d3dcd
CVE-2025-26600 (A use-after-free flaw was found in X.Org and Xwayland. When a device i ...)
- {DSA-5872-1}
+ {DSA-5872-1 DLA-4072-1}
- xorg-server 2:21.1.16-1 (bug #1098906)
- xwayland 2:24.1.6-1 (bug #1098907)
[bookworm] - xwayland <ignored> (Minor issue; Xwayland shouldn't be running as root)
NOTE: https://lists.x.org/archives/xorg-announce/2025-February/003584.html
NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/6e0f332ba4c8b8c9a9945dc9d7989bfe06f80e14
CVE-2025-26599 (An access to an uninitialized pointer flaw was found in X.Org and Xway ...)
- {DSA-5872-1}
+ {DSA-5872-1 DLA-4072-1}
- xorg-server 2:21.1.16-1 (bug #1098906)
- xwayland 2:24.1.6-1 (bug #1098907)
[bookworm] - xwayland <ignored> (Minor issue; Xwayland shouldn't be running as root)
@@ -4272,35 +4348,35 @@ CVE-2025-26599 (An access to an uninitialized pointer flaw was found in X.Org an
NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/c1ff84bef2569b4ba4be59323cf575d1798ba9be
NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/b07192a8bedb90b039dc0f70ae69daf047ff9598
CVE-2025-26598 (An out-of-bounds write flaw was found in X.Org and Xwayland. The funct ...)
- {DSA-5872-1}
+ {DSA-5872-1 DLA-4072-1}
- xorg-server 2:21.1.16-1 (bug #1098906)
- xwayland 2:24.1.6-1 (bug #1098907)
[bookworm] - xwayland <ignored> (Minor issue; Xwayland shouldn't be running as root)
NOTE: https://lists.x.org/archives/xorg-announce/2025-February/003584.html
NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/bba9df1a9d57234c76c0b93f88dacb143d01bca2
CVE-2025-26597 (A buffer overflow flaw was found in X.Org and Xwayland. If XkbChangeTy ...)
- {DSA-5872-1}
+ {DSA-5872-1 DLA-4072-1}
- xorg-server 2:21.1.16-1 (bug #1098906)
- xwayland 2:24.1.6-1 (bug #1098907)
[bookworm] - xwayland <ignored> (Minor issue; Xwayland shouldn't be running as root)
NOTE: https://lists.x.org/archives/xorg-announce/2025-February/003584.html
NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/0e4ed94952b255c04fe910f6a1d9c852878dcd64
CVE-2025-26596 (A heap overflow flaw was found in X.Org and Xwayland. The computation ...)
- {DSA-5872-1}
+ {DSA-5872-1 DLA-4072-1}
- xorg-server 2:21.1.16-1 (bug #1098906)
- xwayland 2:24.1.6-1 (bug #1098907)
[bookworm] - xwayland <ignored> (Minor issue; Xwayland shouldn't be running as root)
NOTE: https://lists.x.org/archives/xorg-announce/2025-February/003584.html
NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/80d69f01423fc065c950e1ff4e8ddf9f675df773
CVE-2025-26595 (A buffer overflow flaw was found in X.Org and Xwayland. The code in Xk ...)
- {DSA-5872-1}
+ {DSA-5872-1 DLA-4072-1}
- xorg-server 2:21.1.16-1 (bug #1098906)
- xwayland 2:24.1.6-1 (bug #1098907)
[bookworm] - xwayland <ignored> (Minor issue; Xwayland shouldn't be running as root)
NOTE: https://lists.x.org/archives/xorg-announce/2025-February/003584.html
NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/11fcda8753e994e15eb915d28cf487660ec8e722
CVE-2025-26594 (A use-after-free flaw was found in X.Org and Xwayland. The root cursor ...)
- {DSA-5872-1}
+ {DSA-5872-1 DLA-4072-1}
- xorg-server 2:21.1.16-1 (bug #1098906)
- xwayland 2:24.1.6-1 (bug #1098907)
[bookworm] - xwayland <ignored> (Minor issue; Xwayland shouldn't be running as root)
@@ -5378,6 +5454,7 @@ CVE-2025-25054 (Movable Type contains a reflected cross-site scripting vulnerabi
CVE-2025-24841 (Movable Type contains a stored cross-site scripting vulnerability in t ...)
- movabletype-opensource <removed>
CVE-2025-22921 (FFmpeg git-master,N-113007-g8d24a28d06 was discovered to contain a seg ...)
+ {DLA-4073-1}
- ffmpeg <unfixed>
[bookworm] - ffmpeg <postponed> (Minor issue, wait until it's fixed in the 5.1 branch)
NOTE: https://trac.ffmpeg.org/ticket/11393
@@ -5388,6 +5465,7 @@ CVE-2025-22920 (A heap buffer overflow vulnerability in FFmpeg before commit 4bf
NOTE: Introduced with: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/545de54e3e0ce5ad1285aa5e111e6657ad803f79
NOTE: Fixed by: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/4bf784c0e5615c3f934e677d5de093a8be7da7ae
CVE-2025-22919 (A reachable assertion in FFmpeg git-master commit N-113007-g8d24a28d06 ...)
+ {DLA-4073-1}
- ffmpeg <unfixed>
[bookworm] - ffmpeg <postponed> (Minor issue, wait until it's fixed in the 5.1 branch)
NOTE: https://trac.ffmpeg.org/ticket/11385
@@ -5727,7 +5805,7 @@ CVE-2025-26844 [znuny: HTTP Cookie not set correctly]
- znuny 6.5.13-1
[bookworm] - znuny <no-dsa> (Non-free not supported)
NOTE: https://www.znuny.org/en/advisories/zsa-2025-05
-CVE-2025-26466 [Denial of Service: asymmetric resource consumption of memory and CPU]
+CVE-2025-26466 (A flaw was found in the OpenSSH package. For each ping packet the SSH ...)
- openssh 1:9.9p2-1
[bookworm] - openssh <not-affected> (Vulnerable code introduced later)
[bullseye] - openssh <not-affected> (Vulnerable code introduced later)
@@ -12710,11 +12788,14 @@ CVE-2025-23237 (Improper neutralization of special elements used in an OS comman
NOT-FOR-US: UD-LT2 firmware
CVE-2025-23090 (With the aid of the diagnostics_channel utility, an event can be hooke ...)
TODO: check, seems to be duplicate of CVE-2025-23083, verify it with CNA
-CVE-2025-23089 (NOTE: use of the CVE List to report that a product is unsupported, wit ...)
+CVE-2025-23089
+ REJECTED
NOT-FOR-US: EOL notification for nodejs 21
-CVE-2025-23088 (NOTE: use of the CVE List to report that a product is unsupported, wit ...)
+CVE-2025-23088
+ REJECTED
NOT-FOR-US: EOL notification for nodejs 19
-CVE-2025-23087 (This CVE has been issued to inform users that they are using End-of-Li ...)
+CVE-2025-23087
+ REJECTED
NOT-FOR-US: EOL notification for nodejs 17
CVE-2025-22450 (Inclusion of undocumented features issue exists in UD-LT2 firmware Ver ...)
NOT-FOR-US: UD-LT2 firmware
@@ -14524,6 +14605,7 @@ CVE-2025-20621 (Mattermost versions 10.2.x <= 10.2.0, 9.11.x <= 9.11.5, 10.0.x <
CVE-2025-20072 (Mattermost Mobile versions <= 2.22.0 fail to properly validate the sty ...)
NOT-FOR-US: Mattermost Mobile
CVE-2025-0518 (Unchecked Return Value, Out-of-bounds Read vulnerability in FFmpeg all ...)
+ {DLA-4073-1}
- ffmpeg <unfixed>
[bookworm] - ffmpeg <postponed> (Minor issue, wait until it's fixed in the 5.1 branch)
NOTE: Fixed by: https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a
@@ -28365,7 +28447,7 @@ CVE-2024-11738 (A flaw was found in Rustls 0.23.13 and related APIs. This vulner
- rust-rustls <not-affected> (Vulnerable code introduced later)
NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0399.html
NOTE: https://github.com/rustls/rustls/issues/2227
-CVE-2024-53920 (In elisp-mode.el in GNU Emacs through 30.0.92, a user who chooses to i ...)
+CVE-2024-53920 (In elisp-mode.el in GNU Emacs before 30.1, a user who chooses to invok ...)
{DSA-5871-1 DLA-4069-1}
- emacs 1:30.1+1-1 (bug #1088690)
NOTE: https://eshelyaron.com/posts/2024-11-27-emacs-aritrary-code-execution-and-how-to-avoid-it.html
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5f0d944ed6345d0b64890206651ff6cbabdfc096
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5f0d944ed6345d0b64890206651ff6cbabdfc096
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250301/d2309450/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list