[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Mar 5 20:12:28 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
426cc2d8 by security tracker role at 2025-03-05T20:12:22+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,127 @@
+CVE-2025-2003 (Incorrect authorization in PAM vaults in Devolutions Server 2024.3.12  ...)
+	TODO: check
+CVE-2025-27517 (Volt is an elegantly crafted functional API for Livewire. Malicious, u ...)
+	TODO: check
+CVE-2025-27515 (Laravel is a web application framework. When using wildcard validation ...)
+	TODO: check
+CVE-2025-27513 (OpenTelemetry dotnet is a dotnet telemetry framework. A vulnerability  ...)
+	TODO: check
+CVE-2025-27497 (OpenDJ is an LDAPv3 compliant directory service. OpenDJ prior to 4.9.3 ...)
+	TODO: check
+CVE-2025-27412 (REDAXO is a PHP-based CMS. In Redaxo from 5.0.0 through 5.18.2, the re ...)
+	TODO: check
+CVE-2025-27411 (REDAXO is a PHP-based CMS. In Redaxo before 5.18.3, the mediapool/medi ...)
+	TODO: check
+CVE-2025-25015 (Prototype pollution in Kibana leads to arbitrary code execution via a  ...)
+	TODO: check
+CVE-2025-24521 (External XML entity injection allows arbitrary download of files. The  ...)
+	TODO: check
+CVE-2025-24494 (Path traversal may allow remote code execution using privileged accoun ...)
+	TODO: check
+CVE-2025-23416 (Path traversal may lead to arbitrary file deletion. The score without  ...)
+	TODO: check
+CVE-2025-22493 (Secure flag not set and SameSIte was set to Lax in the Foreseer Report ...)
+	TODO: check
+CVE-2025-22212 (A SQL injection vulnerability in the ConvertForms component versions 1 ...)
+	TODO: check
+CVE-2025-21095 (Path traversal may lead to arbitrary file download. The score without  ...)
+	TODO: check
+CVE-2025-20208 (A vulnerability in the web-based management interface of Cisco TelePre ...)
+	TODO: check
+CVE-2025-20206 (A vulnerability in the interprocess communication (IPC) channel of Cis ...)
+	TODO: check
+CVE-2025-1714 (Lack of Rate Limiting in Sign-up workflow in Perforce Gliffy prior to  ...)
+	TODO: check
+CVE-2025-1702 (The Ultimate Member \u2013 User Profile, Registration, Login, Member D ...)
+	TODO: check
+CVE-2025-1515 (The WP Real Estate Manager plugin for WordPress is vulnerable to Authe ...)
+	TODO: check
+CVE-2025-1463 (The Spreadsheet Integration plugin for WordPress is vulnerable to Cros ...)
+	TODO: check
+CVE-2025-1435 (The bbPress plugin for WordPress is vulnerable to Cross-Site Request F ...)
+	TODO: check
+CVE-2025-1393 (An unauthenticated remote attacker can use hard-coded credentials to g ...)
+	TODO: check
+CVE-2025-1008 (The Recently Purchased Products For Woo plugin for WordPress is vulner ...)
+	TODO: check
+CVE-2025-0990 (The I Am Gloria plugin for WordPress is vulnerable to Cross-Site Reque ...)
+	TODO: check
+CVE-2025-0956 (The WooCommerce Recover Abandoned Cart plugin for WordPress is vulnera ...)
+	TODO: check
+CVE-2025-0954 (The WP Online Contract plugin for WordPress is vulnerable to unauthori ...)
+	TODO: check
+CVE-2024-8682 (The JNews - WordPress Newspaper Magazine Blog AMP Theme theme for Word ...)
+	TODO: check
+CVE-2024-5667 (Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scr ...)
+	TODO: check
+CVE-2024-53458 (Sysax Multi Server 6.99 is vulnerable to a denial of service (DoS) con ...)
+	TODO: check
+CVE-2024-51144 (Cross Site Request Forgery (CSRF) vulnerability exists in the 'pvmsg.p ...)
+	TODO: check
+CVE-2024-48246 (Vehicle Management System 1.0 contains a Stored Cross-Site Scripting ( ...)
+	TODO: check
+CVE-2024-31525 (Peppermint Ticket Management 0.4.6 is vulnerable to Incorrect Access C ...)
+	TODO: check
+CVE-2024-13866 (The Simple Notification plugin for WordPress is vulnerable to Stored C ...)
+	TODO: check
+CVE-2024-13839 (The Staff Directory Plugin: Company Directory plugin for WordPress is  ...)
+	TODO: check
+CVE-2024-13827 (The Razorpay Subscription Button Elementor Plugin plugin for WordPress ...)
+	TODO: check
+CVE-2024-13815 (The The Listingo theme for WordPress is vulnerable to arbitrary shortc ...)
+	TODO: check
+CVE-2024-13811 (The Lafka - Multi Store Burger - Pizza & Food Delivery WooCommerce The ...)
+	TODO: check
+CVE-2024-13810 (The Zass - WooCommerce Theme for Handmade Artists and Artisans theme f ...)
+	TODO: check
+CVE-2024-13809 (The Hero Slider - WordPress Slider Plugin plugin for WordPress is vuln ...)
+	TODO: check
+CVE-2024-13787 (The VEDA - MultiPurpose WordPress Theme theme for WordPress is vulnera ...)
+	TODO: check
+CVE-2024-13780 (The Hero Mega Menu - Responsive WordPress Menu Plugin plugin for WordP ...)
+	TODO: check
+CVE-2024-13779 (The Hero Mega Menu - Responsive WordPress Menu Plugin plugin for WordP ...)
+	TODO: check
+CVE-2024-13778 (The Hero Mega Menu - Responsive WordPress Menu Plugin plugin for WordP ...)
+	TODO: check
+CVE-2024-13777 (The ZoomSounds - WordPress Wave Audio Player with Playlist plugin for  ...)
+	TODO: check
+CVE-2024-13757 (The Master Slider \u2013 Responsive Touch Slider plugin for WordPress  ...)
+	TODO: check
+CVE-2024-13747 (The WooMail - WooCommerce Email Customizer plugin for WordPress is vul ...)
+	TODO: check
+CVE-2024-13471 (The DesignThemes Core Features plugin for WordPress is vulnerable to u ...)
+	TODO: check
+CVE-2024-13423 (The Sparkling theme for WordPress is vulnerable to unauthorized plugin ...)
+	TODO: check
+CVE-2024-13350 (The SearchIQ \u2013 The Search Solution plugin for WordPress is vulner ...)
+	TODO: check
+CVE-2024-13232 (The WordPress Awesome Import & Export Plugin - Import & Export WordPre ...)
+	TODO: check
+CVE-2024-13147 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2024-12815 (The Point Maker plugin for WordPress is vulnerable to Stored Cross-Sit ...)
+	TODO: check
+CVE-2024-12799 (Insufficiently Protected Credentials vulnerability in OpenText Identit ...)
+	TODO: check
+CVE-2024-12650 (An attacker with low privileges can manipulate the requested memory si ...)
+	TODO: check
+CVE-2024-12281 (The Homey theme for WordPress is vulnerable to privilege escalation in ...)
+	TODO: check
+CVE-2024-12097 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2024-11951 (The Homey Login Register plugin for WordPress is vulnerable to privile ...)
+	TODO: check
+CVE-2024-11731 (The Master Slider \u2013 Responsive Touch Slider plugin for WordPress  ...)
+	TODO: check
+CVE-2024-11216 (Authorization Bypass Through User-Controlled Key, Exposure of Private  ...)
+	TODO: check
+CVE-2024-11153 (The Content Control \u2013 The Ultimate Content Restriction Plugin! Re ...)
+	TODO: check
+CVE-2024-11035 (Carbon Black Cloud Windows Sensor, prior to 4.0.3, may be susceptible  ...)
+	TODO: check
+CVE-2023-38693 (Lucee Server (or simply Lucee) is a dynamic, Java based, tag and scrip ...)
+	TODO: check
 CVE-2025-27685 (Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 1.0 ...)
 	NOT-FOR-US: Vasion Print (formerly PrinterLogic)
 CVE-2025-27684 (Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 1.0 ...)
@@ -292,21 +416,25 @@ CVE-2025-1943 (Memory safety bugs present in Firefox 135 and Thunderbird 135. So
 	- firefox 136.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-14/#CVE-2025-1943
 CVE-2025-1938 (Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ES ...)
+	{DSA-5874-1}
 	- firefox 136.0-1
 	- firefox-esr 128.8.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-14/#CVE-2025-1938
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-16/#CVE-2025-1938
 CVE-2025-1937 (Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ES ...)
+	{DSA-5874-1}
 	- firefox 136.0-1
 	- firefox-esr 128.8.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-14/#CVE-2025-1937
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-16/#CVE-2025-1937
 CVE-2025-1936 (jar: URLs retrieve local file content packaged in a ZIP archive. The n ...)
+	{DSA-5874-1}
 	- firefox 136.0-1
 	- firefox-esr 128.8.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-14/#CVE-2025-1936
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-16/#CVE-2025-1936
 CVE-2025-1935 (A web page could trick a user into setting that site as the default ha ...)
+	{DSA-5874-1}
 	- firefox 136.0-1
 	- firefox-esr 128.8.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-14/#CVE-2025-1935
@@ -318,6 +446,7 @@ CVE-2025-1941 (Under certain circumstances, a user opt-in setting that Focus sho
 	- firefox <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-14/#CVE-2025-1941
 CVE-2025-1934 (It was possible to interrupt the processing of a RegExp bailout and ru ...)
+	{DSA-5874-1}
 	- firefox 136.0-1
 	- firefox-esr 128.8.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-14/#CVE-2025-1934
@@ -326,16 +455,19 @@ CVE-2025-1940 (A select option could partially obscure the confirmation prompt s
 	- firefox <not-affected> (Only affects Firefox on Android)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-14/#CVE-2025-1940
 CVE-2025-1933 (On 64-bit CPUs, when the JIT compiles WASM i32 return values they can  ...)
+	{DSA-5874-1}
 	- firefox 136.0-1
 	- firefox-esr 128.8.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-14/#CVE-2025-1933
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-16/#CVE-2025-1933
 CVE-2025-1932 (An inconsistent comparator in xslt/txNodeSorter could have resulted in ...)
+	{DSA-5874-1}
 	- firefox 136.0-1
 	- firefox-esr 128.8.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-14/#CVE-2025-1932
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-16/#CVE-2025-1932
 CVE-2025-1931 (It was possible to cause a use-after-free in the content process side  ...)
+	{DSA-5874-1}
 	- firefox 136.0-1
 	- firefox-esr 128.8.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-14/#CVE-2025-1931
@@ -20741,6 +20873,7 @@ CVE-2024-43764 (In onPrimaryClipChanged of ClipboardListener.java, there is a po
 CVE-2024-43762 (In multiple locations, there is a possible way to avoid unbinding of a ...)
 	NOT-FOR-US: Android
 CVE-2024-43097 (In resizeToAtLeast of SkRegion.cpp, there is a possible out of bounds  ...)
+	{DSA-5874-1}
 	- firefox-esr 128.8.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-16/#CVE-2024-43097
 CVE-2024-43077 (In DevmemValidateFlags of devicemem_server.c , there is a possible out ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/426cc2d888225323018fc8a7c7bdaddba8149c18

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/426cc2d888225323018fc8a7c7bdaddba8149c18
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250305/a16214d9/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list