[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
847444af by security tracker role at 2025-03-04T20:12:41+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,59 +1,151 @@
-CVE-2025-1943
+CVE-2025-27507 (The open-source identity infrastructure software Zitadel allows admini ...)
+	TODO: check
+CVE-2025-27426 (Malicious websites utilizing a server-side redirect to an internal err ...)
+	TODO: check
+CVE-2025-27425 (Scanning certain QR codes that included text with a website URL could  ...)
+	TODO: check
+CVE-2025-27424 (Websites redirecting to a non-HTTP scheme URL could allow a website ad ...)
+	TODO: check
+CVE-2025-27402 (Tuleap is an Open Source Suite to improve management of software devel ...)
+	TODO: check
+CVE-2025-27401 (Tuleap is an Open Source Suite to improve management of software devel ...)
+	TODO: check
+CVE-2025-27156 (Tuleap is an Open Source Suite to improve management of software devel ...)
+	TODO: check
+CVE-2025-27155 (Pinecone is an experimental overlay routing protocol suite which is th ...)
+	TODO: check
+CVE-2025-27150 (Tuleap is an Open Source Suite to improve management of software devel ...)
+	TODO: check
+CVE-2025-27111 (Rack is a modular Ruby web server interface. The Rack::Sendfile middle ...)
+	TODO: check
+CVE-2025-26849 (There is a Hard-coded Cryptographic Key in Docusnap 13.0.1440.24261, a ...)
+	TODO: check
+CVE-2025-26320 (t0mer BroadlinkManager v5.9.1 was discovered to contain an OS command  ...)
+	TODO: check
+CVE-2025-26202 (Cross-Site Scripting (XSS) vulnerability exists in the WPA/WAPI Passph ...)
+	TODO: check
+CVE-2025-26182 (An issue in xxyopen novel plus v.4.4.0 and before allows a remote atta ...)
+	TODO: check
+CVE-2025-26091 (A Cross Site Scripting (XSS) vulnerability exists in TeamPasswordManag ...)
+	TODO: check
+CVE-2025-23368 (A flaw was found in Wildfly Elytron integration. The component does no ...)
+	TODO: check
+CVE-2025-22226 (VMware ESXi, Workstation, and Fusion containan information disclosure  ...)
+	TODO: check
+CVE-2025-22225 (VMware ESXi contains an arbitrary writevulnerability.A malicious actor ...)
+	TODO: check
+CVE-2025-22224 (VMware ESXi, and Workstationcontain a TOCTOU (Time-of-Check Time-of-Us ...)
+	TODO: check
+CVE-2025-1969 (Improper request input validation in Temporary Elevated Access Managem ...)
+	TODO: check
+CVE-2025-1953 (A vulnerability has been found in vLLM AIBrix 0.2.0 and classified as  ...)
+	TODO: check
+CVE-2025-1952 (A vulnerability, which was classified as critical, was found in PHPGur ...)
+	TODO: check
+CVE-2025-1949 (A vulnerability, which was classified as problematic, has been found i ...)
+	TODO: check
+CVE-2025-1947 (A vulnerability classified as critical has been found in hzmanyun Educ ...)
+	TODO: check
+CVE-2025-1946 (A vulnerability was found in hzmanyun Education and Training System 2. ...)
+	TODO: check
+CVE-2025-1925 (A vulnerability classified as problematic was found in Open5GS up to 2 ...)
+	TODO: check
+CVE-2025-1425 (A Sudo privilege misconfiguration vulnerability in PocketBook InkPad C ...)
+	TODO: check
+CVE-2025-1424 (A privilege escalation vulnerability in PocketBook InkPad Color 3 allo ...)
+	TODO: check
+CVE-2025-1260 (On affected platforms running Arista EOS with OpenConfig configured, a ...)
+	TODO: check
+CVE-2025-1259 (On affected platforms running Arista EOS with OpenConfig configured, a ...)
+	TODO: check
+CVE-2025-1080 (LibreOffice supports Office URI Schemes to enable browser integration  ...)
+	TODO: check
+CVE-2025-0958 (The Ultimate WordPress Auction Plugin plugin for WordPress is vulnerab ...)
+	TODO: check
+CVE-2025-0512 (The Structured Content (JSON-LD) #wpsc plugin for WordPress is vulnera ...)
+	TODO: check
+CVE-2025-0433 (The Master Addons \u2013 Elementor Addons with White Label, Free Widge ...)
+	TODO: check
+CVE-2025-0370 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for WordPre ...)
+	TODO: check
+CVE-2024-9618 (The Master Addons \u2013 Elementor Addons with White Label, Free Widge ...)
+	TODO: check
+CVE-2024-9149 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2024-50707 (Unauthenticated remote code execution vulnerability in Uniguest Triple ...)
+	TODO: check
+CVE-2024-50706 (Unauthenticated SQL injection vulnerability in Uniguest Tripleplay bef ...)
+	TODO: check
+CVE-2024-50705 (Unauthenticated reflected cross-site scripting (XSS) vulnerability in  ...)
+	TODO: check
+CVE-2024-50704 (Unauthenticated remote code execution vulnerability in Uniguest Triple ...)
+	TODO: check
+CVE-2024-41147 (An out-of-bounds write vulnerability exists in the ma_dr_flac__decode_ ...)
+	TODO: check
+CVE-2024-13724 (The Wallet System for WooCommerce \u2013 Wallet, Wallet Cashback, Refu ...)
+	TODO: check
+CVE-2024-13682 (The Wallet System for WooCommerce \u2013 Wallet, Wallet Cashback, Refu ...)
+	TODO: check
+CVE-2024-11957 (Improper verification of the digital signature in ksojscore.dll in Kin ...)
+	TODO: check
+CVE-2024-10930 (An Uncontrolled Search Path Element vulnerability exists which could a ...)
+	TODO: check
+CVE-2025-1943 (Memory safety bugs present in Firefox 135 and Thunderbird 135. Some of ...)
 	- firefox <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-14/#CVE-2025-1943
-CVE-2025-1938
+CVE-2025-1938 (Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ES ...)
 	- firefox <unfixed>
 	- firefox-esr <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-14/#CVE-2025-1938
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-16/#CVE-2025-1938
-CVE-2025-1937
+CVE-2025-1937 (Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ES ...)
 	- firefox <unfixed>
 	- firefox-esr <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-14/#CVE-2025-1937
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-16/#CVE-2025-1937
-CVE-2025-1936
+CVE-2025-1936 (jar: URLs retrieve local file content packaged in a ZIP archive. The n ...)
 	- firefox <unfixed>
 	- firefox-esr <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-14/#CVE-2025-1936
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-16/#CVE-2025-1936
-CVE-2025-1935
+CVE-2025-1935 (A web page could trick a user into setting that site as the default ha ...)
 	- firefox <unfixed>
 	- firefox-esr <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-14/#CVE-2025-1935
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-16/#CVE-2025-1935
-CVE-2025-1942
+CVE-2025-1942 (When String.toUpperCase() caused a string to get longer it was possibl ...)
 	- firefox <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-14/#CVE-2025-1942
-CVE-2025-1941
+CVE-2025-1941 (Under certain circumstances, a user opt-in setting that Focus should r ...)
 	- firefox <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-14/#CVE-2025-1941
-CVE-2025-1934
+CVE-2025-1934 (It was possible to interrupt the processing of a RegExp bailout and ru ...)
 	- firefox <unfixed>
 	- firefox-esr <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-14/#CVE-2025-1934
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-16/#CVE-2025-1934
-CVE-2025-1940
+CVE-2025-1940 (A select option could partially obscure the confirmation prompt shown  ...)
 	- firefox <not-affected> (Only affects Firefox on Android)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-14/#CVE-2025-1940
-CVE-2025-1933
+CVE-2025-1933 (On 64-bit CPUs, when the JIT compiles WASM i32 return values they can  ...)
 	- firefox <unfixed>
 	- firefox-esr <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-14/#CVE-2025-1933
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-16/#CVE-2025-1933
-CVE-2025-1932
+CVE-2025-1932 (An inconsistent comparator in xslt/txNodeSorter could have resulted in ...)
 	- firefox <unfixed>
 	- firefox-esr <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-14/#CVE-2025-1932
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-16/#CVE-2025-1932
-CVE-2025-1931
+CVE-2025-1931 (It was possible to cause a use-after-free in the content process side  ...)
 	- firefox <unfixed>
 	- firefox-esr <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-14/#CVE-2025-1931
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-16/#CVE-2025-1931
-CVE-2025-1939
+CVE-2025-1939 (Android apps can load web pages using the Custom Tabs feature. This fe ...)
 	- firefox <not-affected> (Android-specific)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-14/#CVE-2025-1939
-CVE-2025-1930
+CVE-2025-1930 (On Windows, a compromised content process could use bad StreamData sen ...)
 	- firefox <not-affected> (Windows-specific)
 	- firefox-esr <not-affected> (Windows-specific)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-14/#CVE-2025-1930
@@ -413632,8 +413724,8 @@ CVE-2020-3123 (A vulnerability in the Data-Loss-Prevention (DLP) module in Clam
 	[stretch] - clamav 0.102.2+dfsg-0~deb9u1
 	[jessie] - clamav <not-affected> (Vulnerable code introduced in 0.102.x)
 	NOTE: https://blog.clamav.net/2020/02/clamav-01022-security-patch-released.html
-CVE-2020-3122
-	RESERVED
+CVE-2020-3122 (A vulnerability in the web-based management interface of Cisco AsyncOS ...)
+	TODO: check
 CVE-2020-3121 (A vulnerability in the web-based management interface of Cisco Small B ...)
 	NOT-FOR-US: Cisco
 CVE-2020-3120 (A vulnerability in the Cisco Discovery Protocol implementation for Cis ...)
@@ -440125,7 +440217,7 @@ CVE-2019-13455 (In Xymon through 4.3.28, a stack-based buffer overflow vulnerabi
 	[buster] - xymon 4.3.28-5+deb10u1
 	[stretch] - xymon 4.3.28-2+deb9u1
 	NOTE: https://lists.xymon.com/archive/2019-July/046570.html
-CVE-2019-13454 (ImageMagick 7.0.8-54 Q16 allows Division by Zero in RemoveDuplicateLay ...)
+CVE-2019-13454 (ImageMagick 7.0.1-0 to 7.0.8-54 Q16 allows Division by Zero in RemoveD ...)
 	{DSA-4712-1 DLA-2333-1}
 	- imagemagick 8:6.9.11.24+dfsg-1 (low; bug #931740)
 	[jessie] - imagemagick <ignored> (low impact issue)
@@ -473642,8 +473734,8 @@ CVE-2019-1817 (A vulnerability in the web proxy functionality of Cisco AsyncOS S
 	NOT-FOR-US: Cisco
 CVE-2019-1816 (A vulnerability in the log subscription subsystem of the Cisco Web Sec ...)
 	NOT-FOR-US: Cisco
-CVE-2019-1815
-	RESERVED
+CVE-2019-1815 (A security vulnerability was discovered in the local status page funct ...)
+	TODO: check
 CVE-2019-1814 (A vulnerability in the interactions between the DHCP and TFTP features ...)
 	NOT-FOR-US: Cisco
 CVE-2019-1813 (A vulnerability in the Image Signature Verification feature of Cisco N ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/847444af3f9e0ea927f5cca010dd3a7a0e417a58

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/847444af3f9e0ea927f5cca010dd3a7a0e417a58
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250304/9a9c544c/attachment.htm>