[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Mar 8 20:12:04 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e3043565 by security tracker role at 2025-03-08T20:11:57+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,39 @@
+CVE-2025-27840 (Espressif ESP32 chips allow 29 hidden HCI commands, such as 0xFC02 (Wr ...)
+ TODO: check
+CVE-2025-1783 (The Gallery Styles plugin for WordPress is vulnerable to Stored Cross- ...)
+ TODO: check
+CVE-2025-1664 (The Essential Blocks \u2013 Page Builder Gutenberg Blocks, Patterns & ...)
+ TODO: check
+CVE-2025-1325 (The WP-Recall \u2013 Registration, Profile, Commerce & More plugin for ...)
+ TODO: check
+CVE-2025-1324 (The WP-Recall \u2013 Registration, Profile, Commerce & More plugin for ...)
+ TODO: check
+CVE-2025-1323 (The WP-Recall \u2013 Registration, Profile, Commerce & More plugin for ...)
+ TODO: check
+CVE-2025-1322 (The WP-Recall \u2013 Registration, Profile, Commerce & More plugin for ...)
+ TODO: check
+CVE-2025-1287 (The The Plus Addons for Elementor \u2013 Elementor Addons, Page Templa ...)
+ TODO: check
+CVE-2025-0177 (The Javo Core plugin for WordPress is vulnerable to privilege escalati ...)
+ TODO: check
+CVE-2024-13924 (The Starter Templates by FancyWP plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2024-13882 (The Aiomatic - Automatic AI Content Writer & Editor, GPT-3 & GPT-4, Ch ...)
+ TODO: check
+CVE-2024-13816 (The Aiomatic - Automatic AI Content Writer & Editor, GPT-3 & GPT-4, Ch ...)
+ TODO: check
+CVE-2024-13675 (The SlingBlocks \u2013 Gutenberg Blocks by FunnelKit (Formerly WooFunn ...)
+ TODO: check
+CVE-2024-13649 (The 140+ Widgets | Xpro Addons For Elementor \u2013 FREE plugin for Wo ...)
+ TODO: check
+CVE-2024-13359 (The Product Input Fields for WooCommerce plugin for WordPress is vulne ...)
+ TODO: check
+CVE-2024-11640 (The VikRentCar Car Rental Management System plugin for WordPress is vu ...)
+ TODO: check
+CVE-2024-10326 (The RomethemeKit For Elementor plugin for WordPress is vulnerable to u ...)
+ TODO: check
+CVE-2024-10321 (The All-in-One Addons for Elementor \u2013 WidgetKit plugin for WordPr ...)
+ TODO: check
CVE-2025-2097 (A vulnerability, which was classified as critical, has been found in T ...)
NOT-FOR-US: TOTOLINK
CVE-2025-2096 (A vulnerability classified as critical was found in TOTOLINK EX1800T 9 ...)
@@ -1140,7 +1176,7 @@ CVE-2025-1943 (Memory safety bugs present in Firefox 135 and Thunderbird 135. So
- firefox 136.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-14/#CVE-2025-1943
CVE-2025-1938 (Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ES ...)
- {DSA-5874-1 DLA-4078-1}
+ {DSA-5876-1 DSA-5874-1 DLA-4078-1}
- firefox 136.0-1
- firefox-esr 128.8.0esr-1
- thunderbird 1:128.8.0esr-1
@@ -1148,7 +1184,7 @@ CVE-2025-1938 (Memory safety bugs present in Firefox 135, Thunderbird 135, Firef
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-16/#CVE-2025-1938
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-18/#CVE-2025-1938
CVE-2025-1937 (Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ES ...)
- {DSA-5874-1 DLA-4078-1}
+ {DSA-5876-1 DSA-5874-1 DLA-4078-1}
- firefox 136.0-1
- firefox-esr 128.8.0esr-1
- thunderbird 1:128.8.0esr-1
@@ -1156,7 +1192,7 @@ CVE-2025-1937 (Memory safety bugs present in Firefox 135, Thunderbird 135, Firef
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-16/#CVE-2025-1937
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-18/#CVE-2025-1937
CVE-2025-1936 (jar: URLs retrieve local file content packaged in a ZIP archive. The n ...)
- {DSA-5874-1 DLA-4078-1}
+ {DSA-5876-1 DSA-5874-1 DLA-4078-1}
- firefox 136.0-1
- firefox-esr 128.8.0esr-1
- thunderbird 1:128.8.0esr-1
@@ -1164,7 +1200,7 @@ CVE-2025-1936 (jar: URLs retrieve local file content packaged in a ZIP archive.
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-16/#CVE-2025-1936
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-18/#CVE-2025-1936
CVE-2025-1935 (A web page could trick a user into setting that site as the default ha ...)
- {DSA-5874-1 DLA-4078-1}
+ {DSA-5876-1 DSA-5874-1 DLA-4078-1}
- firefox 136.0-1
- firefox-esr 128.8.0esr-1
- thunderbird 1:128.8.0esr-1
@@ -1178,7 +1214,7 @@ CVE-2025-1941 (Under certain circumstances, a user opt-in setting that Focus sho
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-14/#CVE-2025-1941
CVE-2025-1934 (It was possible to interrupt the processing of a RegExp bailout and ru ...)
- {DSA-5874-1 DLA-4078-1}
+ {DSA-5876-1 DSA-5874-1 DLA-4078-1}
- firefox 136.0-1
- firefox-esr 128.8.0esr-1
- thunderbird 1:128.8.0esr-1
@@ -1189,7 +1225,7 @@ CVE-2025-1940 (A select option could partially obscure the confirmation prompt s
- firefox <not-affected> (Only affects Firefox on Android)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-14/#CVE-2025-1940
CVE-2025-1933 (On 64-bit CPUs, when the JIT compiles WASM i32 return values they can ...)
- {DSA-5874-1 DLA-4078-1}
+ {DSA-5876-1 DSA-5874-1 DLA-4078-1}
- firefox 136.0-1
- firefox-esr 128.8.0esr-1
- thunderbird 1:128.8.0esr-1
@@ -1197,7 +1233,7 @@ CVE-2025-1933 (On 64-bit CPUs, when the JIT compiles WASM i32 return values they
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-16/#CVE-2025-1933
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-18/#CVE-2025-1932
CVE-2025-1932 (An inconsistent comparator in xslt/txNodeSorter could have resulted in ...)
- {DSA-5874-1 DLA-4078-1}
+ {DSA-5876-1 DSA-5874-1 DLA-4078-1}
- firefox 136.0-1
- firefox-esr 128.8.0esr-1
- thunderbird 1:128.8.0esr-1
@@ -1205,7 +1241,7 @@ CVE-2025-1932 (An inconsistent comparator in xslt/txNodeSorter could have result
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-16/#CVE-2025-1932
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-18/#CVE-2025-1932
CVE-2025-1931 (It was possible to cause a use-after-free in the content process side ...)
- {DSA-5874-1 DLA-4078-1}
+ {DSA-5876-1 DSA-5874-1 DLA-4078-1}
- firefox 136.0-1
- firefox-esr 128.8.0esr-1
- thunderbird 1:128.8.0esr-1
@@ -21728,7 +21764,7 @@ CVE-2024-43764 (In onPrimaryClipChanged of ClipboardListener.java, there is a po
CVE-2024-43762 (In multiple locations, there is a possible way to avoid unbinding of a ...)
NOT-FOR-US: Android
CVE-2024-43097 (In resizeToAtLeast of SkRegion.cpp, there is a possible out of bounds ...)
- {DSA-5874-1 DLA-4078-1}
+ {DSA-5876-1 DSA-5874-1 DLA-4078-1}
- firefox-esr 128.8.0esr-1
- thunderbird 1:128.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-16/#CVE-2024-43097
@@ -71753,6 +71789,7 @@ CVE-2024-28882 (OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multi
NOTE: Introduced by: https://github.com/OpenVPN/openvpn/commit/d468dff7bdfd79059818c190ddf41b125bb658de (v2.6_beta1)
NOTE: Fixed by: https://github.com/OpenVPN/openvpn/commit/65fb67cd6c320a426567b2922c4282fb8738ba3f (v2.6.11)
CVE-2024-5594 (OpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly wh ...)
+ {DLA-4079-1}
- openvpn 2.6.11-1 (bug #1074488)
[bookworm] - openvpn <no-dsa> (Minor issue)
NOTE: https://github.com/OpenVPN/openvpn/commit/90e7a858e5594d9a019ad2b4ac6154124986291a (v2.6.11)
@@ -258672,7 +258709,7 @@ CVE-2022-24670 (An attacker can use the unrestricted LDAP queries to determine c
CVE-2022-24669 (It may be possible to gain some details of the deployment through a we ...)
NOT-FOR-US: forgerock
CVE-2022-0547 (OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass ...)
- {DLA-2992-1}
+ {DLA-4079-1 DLA-2992-1}
- openvpn 2.5.6-1 (bug #1008015)
[buster] - openvpn <no-dsa> (Minor issue)
NOTE: https://community.openvpn.net/openvpn/wiki/CVE-2022-0547
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e3043565a591003d12e8358e77c0aa3d3f71c994
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e3043565a591003d12e8358e77c0aa3d3f71c994
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250308/4fb6d805/attachment.htm>
More information about the debian-security-tracker-commits
mailing list