[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c60ba445 by security tracker role at 2025-03-07T20:12:00+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,35 +1,157 @@
-CVE-2025-21843 [drm/panthor: avoid garbage value in panthor_ioctl_dev_query()]
+CVE-2025-2090 (A vulnerability was found in PHPGurukul Pre-School Enrollment System 1 ...)
+	TODO: check
+CVE-2025-2089 (A vulnerability has been found in StarSea99 starsea-mall 1.0/2.X and c ...)
+	TODO: check
+CVE-2025-2088 (A vulnerability, which was classified as critical, was found in PHPGur ...)
+	TODO: check
+CVE-2025-2087 (A vulnerability, which was classified as problematic, has been found i ...)
+	TODO: check
+CVE-2025-2086 (A vulnerability classified as problematic was found in StarSea99 stars ...)
+	TODO: check
+CVE-2025-2085 (A vulnerability classified as problematic has been found in StarSea99  ...)
+	TODO: check
+CVE-2025-2084 (A vulnerability was found in PHPGurukul Human Metapneumovirus Testing  ...)
+	TODO: check
+CVE-2025-2024 (Trimble SketchUp SKP File Parsing Uninitialized Variable Remote Code E ...)
+	TODO: check
+CVE-2025-27607 (Python JSON Logger is a JSON Formatter for Python Logging. Between 30  ...)
+	TODO: check
+CVE-2025-27604 (XWiki Confluence Migrator Pro helps admins to import confluence packag ...)
+	TODO: check
+CVE-2025-27603 (XWiki Confluence Migrator Pro helps admins to import confluence packag ...)
+	TODO: check
+CVE-2025-27597 (Vue I18n is the internationalization plugin for Vue.js. @intlify/messa ...)
+	TODO: check
+CVE-2025-27519 (Cognita is a RAG (Retrieval Augmented Generation) Framework for buildi ...)
+	TODO: check
+CVE-2025-27518 (Cognita is a RAG (Retrieval Augmented Generation) Framework for buildi ...)
+	TODO: check
+CVE-2025-27152 (axios is a promise based HTTP client for the browser and node.js. The  ...)
+	TODO: check
+CVE-2025-26643 (No cwe for this issue in Microsoft Edge (Chromium-based) allows an una ...)
+	TODO: check
+CVE-2025-26331 (Dell ThinOS 2411 and prior, contains an Improper Neutralization of Spe ...)
+	TODO: check
+CVE-2025-25617 (Incorrect Access Control in Unifiedtransform 2.X leads to Privilege Es ...)
+	TODO: check
+CVE-2025-1887 (SMB forced authentication vulnerability in versions prior to 2025.35.0 ...)
+	TODO: check
+CVE-2025-1886 (Pass-Back vulnerability in versions prior to 2025.35.000 of Sage 200 S ...)
+	TODO: check
+CVE-2025-1768 (The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to b ...)
+	TODO: check
+CVE-2025-1315 (The InWave Jobs plugin for WordPress is vulnerable to privilege escala ...)
+	TODO: check
+CVE-2025-0959 (The Eventer - WordPress Event & Booking Manager Plugin plugin for Word ...)
+	TODO: check
+CVE-2025-0162 (IBM Aspera Shares 1.9.9 through 1.10.0 PL7 is vulnerable to an XML ext ...)
+	TODO: check
+CVE-2024-9658 (The School Management System for Wordpress plugin for WordPress is vul ...)
+	TODO: check
+CVE-2024-9458 (The Reservit Hotel WordPress plugin before 3.0 does not sanitise and e ...)
+	TODO: check
+CVE-2024-53700 (A command injection vulnerability has been reported to affect QHora. I ...)
+	TODO: check
+CVE-2024-53699 (An out-of-bounds write vulnerability has been reported to affect sever ...)
+	TODO: check
+CVE-2024-53698 (A double free vulnerability has been reported to affect several QNAP o ...)
+	TODO: check
+CVE-2024-53697 (An out-of-bounds write vulnerability has been reported to affect sever ...)
+	TODO: check
+CVE-2024-53696 (A server-side request forgery (SSRF) vulnerability has been reported t ...)
+	TODO: check
+CVE-2024-53695 (A buffer overflow vulnerability has been reported to affect HBS 3 Hybr ...)
+	TODO: check
+CVE-2024-53694 (A time-of-check time-of-use (TOCTOU) race condition vulnerability has  ...)
+	TODO: check
+CVE-2024-53693 (An improper neutralization of CRLF sequences ('CRLF Injection') vulner ...)
+	TODO: check
+CVE-2024-53692 (A command injection vulnerability has been reported to affect several  ...)
+	TODO: check
+CVE-2024-50405 (An improper neutralization of CRLF sequences ('CRLF Injection') vulner ...)
+	TODO: check
+CVE-2024-50394 (An improper certificate validation vulnerability has been reported to  ...)
+	TODO: check
+CVE-2024-50390 (A command injection vulnerability has been reported to affect QHora. I ...)
+	TODO: check
+CVE-2024-48864 (A files or directories accessible to external parties vulnerability ha ...)
+	TODO: check
+CVE-2024-38638 (An out-of-bounds write vulnerability has been reported to affect sever ...)
+	TODO: check
+CVE-2024-13904 (The Platform.ly for WooCommerce plugin for WordPress is vulnerable to  ...)
+	TODO: check
+CVE-2024-13857 (The WPGet API \u2013 Connect to any external REST API plugin for WordP ...)
+	TODO: check
+CVE-2024-13805 (The Advanced File Manager \u2014 Ultimate WordPress File Manager and D ...)
+	TODO: check
+CVE-2024-13781 (The Hero Maps Premium plugin for WordPress is vulnerable to SQL Inject ...)
+	TODO: check
+CVE-2024-13668 (The WordPress Activity O Meter WordPress plugin through 1.0 does not s ...)
+	TODO: check
+CVE-2024-13635 (The VK Blocks plugin for WordPress is vulnerable to Sensitive Informat ...)
+	TODO: check
+CVE-2024-13552 (The SupportCandy \u2013 Helpdesk & Customer Support Ticket System plug ...)
+	TODO: check
+CVE-2024-13431 (The Appointment Booking Calendar \u2014 Simply Schedule Appointments B ...)
+	TODO: check
+CVE-2024-13086 (An exposure of sensitive information vulnerability has been reported t ...)
+	TODO: check
+CVE-2024-12975 (A buffer overread can occur in the CPC application when operating in f ...)
+	TODO: check
+CVE-2024-12876 (The Golo - City Travel Guide WordPress Theme theme for WordPress is vu ...)
+	TODO: check
+CVE-2024-12634 (The Related Posts, Inline Related Posts, Contextual Related Posts, Rel ...)
+	TODO: check
+CVE-2024-12611 (The School Management System for Wordpress plugin for WordPress is vul ...)
+	TODO: check
+CVE-2024-12610 (The School Management System for Wordpress plugin for WordPress is vul ...)
+	TODO: check
+CVE-2024-12609 (The School Management System for Wordpress plugin for WordPress is vul ...)
+	TODO: check
+CVE-2024-12607 (The School Management System for Wordpress plugin for WordPress is vul ...)
+	TODO: check
+CVE-2024-12036 (The CS Framework plugin for WordPress is vulnerable to Arbitrary File  ...)
+	TODO: check
+CVE-2024-12035 (The CS Framework plugin for WordPress is vulnerable to arbitrary file  ...)
+	TODO: check
+CVE-2024-10804 (The Ultimate Video Player WordPress & WooCommerce Plugin plugin for Wo ...)
+	TODO: check
+CVE-2023-43052 (IBM Control Center 6.2.1 through 6.3.1 is vulnerable to an external se ...)
+	TODO: check
+CVE-2023-35894 (IBM Control Center 6.2.1 through 6.3.1 is vulnerable to HTTP header in ...)
+	TODO: check
+CVE-2025-21843 (In the Linux kernel, the following vulnerability has been resolved:  d ...)
 	- linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/3b32b7f638fe61e9d29290960172f4e360e38233 (6.14-rc3)
-CVE-2025-21842 [amdkfd: properly free gang_ctx_bo when failed to init user queue]
+CVE-2025-21842 (In the Linux kernel, the following vulnerability has been resolved:  a ...)
 	- linux 6.12.16-1
 	[bookworm] - linux <not-affected> (Vulnerable code not present)
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/a33f7f9660705fb2ecf3467b2c48965564f392ce (6.14-rc3)
-CVE-2025-21841 [cpufreq/amd-pstate: Fix cpufreq_policy ref counting]
+CVE-2025-21841 (In the Linux kernel, the following vulnerability has been resolved:  c ...)
 	- linux 6.12.16-1
 	[bookworm] - linux <not-affected> (Vulnerable code not present)
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/3ace20038e19f23fe73259513f1f08d4bf1a3c83 (6.14-rc2)
-CVE-2025-21840 [thermal/netlink: Prevent userspace segmentation fault by adjusting UAPI header]
+CVE-2025-21840 (In the Linux kernel, the following vulnerability has been resolved:  t ...)
 	- linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/c195b9c6ab9c383d7aa3f4a65879b3ca90cb378b (6.14-rc3)
-CVE-2025-21839 [KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop]
+CVE-2025-21839 (In the Linux kernel, the following vulnerability has been resolved:  K ...)
 	- linux 6.12.16-1
 	NOTE: https://git.kernel.org/linus/c2fee09fc167c74a64adb08656cb993ea475197e (6.14-rc3)
-CVE-2025-21838 [usb: gadget: core: flush gadget workqueue after device removal]
+CVE-2025-21838 (In the Linux kernel, the following vulnerability has been resolved:  u ...)
 	- linux 6.12.16-1
 	NOTE: https://git.kernel.org/linus/399a45e5237ca14037120b1b895bd38a3b4492ea (6.14-rc3)
-CVE-2025-21837 [io_uring/uring_cmd: unconditionally copy SQEs at prep time]
+CVE-2025-21837 (In the Linux kernel, the following vulnerability has been resolved:  i ...)
 	- linux <unfixed>
 	[bookworm] - linux <not-affected> (Vulnerable code not present)
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/d6211ebbdaa541af197b50b8dd8f22642ce0b87f (6.14-rc3)
-CVE-2025-21836 [io_uring/kbuf: reallocate buf lists on upgrade]
+CVE-2025-21836 (In the Linux kernel, the following vulnerability has been resolved:  i ...)
 	- linux 6.12.16-1
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/8802766324e1f5d414a81ac43365c20142e85603 (6.14-rc3)
-CVE-2025-21835 [usb: gadget: f_midi: fix MIDI Streaming descriptor lengths]
+CVE-2025-21835 (In the Linux kernel, the following vulnerability has been resolved:  u ...)
 	- linux 6.12.16-1
 	[bookworm] - linux 6.1.129-1
 	NOTE: https://git.kernel.org/linus/da1668997052ed1cb00322e1f3b63702615c9429 (6.14-rc3)
@@ -91,7 +213,7 @@ CVE-2025-27816 (A vulnerability was discovered in the Arctera InfoScale 7.0 thro
 CVE-2025-27796 (WPG in GraphicsMagick before 1.3.46 mishandles palette buffer allocati ...)
 	- graphicsmagick <unfixed>
 	NOTE: https://foss.heptapod.net/graphicsmagick/graphicsmagick/-/commit/883ebf8cae6dfa5873d975fe3476b1a188ef3f9f
-CVE-2025-27795 (JXL in GraphicsMagick before 1.3.46 lacks image dimension resource lim ...)
+CVE-2025-27795 (ReadJXLImage in JXL in GraphicsMagick before 1.3.46 lacks image dimens ...)
 	- graphicsmagick <unfixed>
 	NOTE: https://foss.heptapod.net/graphicsmagick/graphicsmagick/-/commit/9bbae7314e3c3b19b830591010ed90bb136b9c42
 CVE-2025-27598 (ImageSharp is a 2D graphics API. An Out-of-bounds Write vulnerability  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c60ba445f240e3e87870771bb3849038a3a017de

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c60ba445f240e3e87870771bb3849038a3a017de
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250307/131b05ab/attachment.htm>