[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Mar 11 08:12:17 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2b11c945 by security tracker role at 2025-03-11T08:12:10+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,142 @@
-CVE-2025-1828
+CVE-2025-2190 (The mobile application (com.transsnet.store) has a man-in-the-middle a ...)
+ TODO: check
+CVE-2025-2177 (A vulnerability classified as critical was found in libzvbi up to 0.2. ...)
+ TODO: check
+CVE-2025-2176 (A vulnerability classified as critical has been found in libzvbi up to ...)
+ TODO: check
+CVE-2025-2175 (A vulnerability was found in libzvbi up to 0.2.43. It has been rated a ...)
+ TODO: check
+CVE-2025-2174 (A vulnerability was found in libzvbi up to 0.2.43. It has been declare ...)
+ TODO: check
+CVE-2025-2173 (A vulnerability was found in libzvbi up to 0.2.43. It has been classif ...)
+ TODO: check
+CVE-2025-2169 (The The WPCS \u2013 WordPress Currency Switcher Professional plugin fo ...)
+ TODO: check
+CVE-2025-2137 (Out of bounds read in V8 in Google Chrome prior to 134.0.6998.88 allow ...)
+ TODO: check
+CVE-2025-2136 (Use after free in Inspector in Google Chrome prior to 134.0.6998.88 al ...)
+ TODO: check
+CVE-2025-2135 (Type Confusion in V8 in Google Chrome prior to 134.0.6998.88 allowed a ...)
+ TODO: check
+CVE-2025-27926 (In Nintex Automation 5.6 and 5.7 before 5.8, the K2 SmartForms Designe ...)
+ TODO: check
+CVE-2025-27925 (Nintex Automation 5.6 and 5.7 before 5.8 has insecure deserialization ...)
+ TODO: check
+CVE-2025-27924 (Nintex Automation 5.6 and 5.7 before 5.8 has a stored XSS issue associ ...)
+ TODO: check
+CVE-2025-27912 (An issue was discovered in Datalust Seq before 2024.3.13545. Missing C ...)
+ TODO: check
+CVE-2025-27911 (An issue was discovered in Datalust Seq before 2024.3.13545. Expansion ...)
+ TODO: check
+CVE-2025-27910 (tianti v2.3 was discovered to contain a Cross-Site Request Forgery (CS ...)
+ TODO: check
+CVE-2025-27610 (Rack provides an interface for developing web applications in Ruby. Pr ...)
+ TODO: check
+CVE-2025-27436 (The Manage Bank Statements in SAP S/4HANA does not perform required ac ...)
+ TODO: check
+CVE-2025-27434 (Due to insufficient input validation, SAP Commerce (Swagger UI) allows ...)
+ TODO: check
+CVE-2025-27433 (The Manage Bank Statements in SAP S/4HANA allows authenticated attacke ...)
+ TODO: check
+CVE-2025-27432 (The eDocument Cockpit (Inbound NF-e) in SAP Electronic Invoicing for B ...)
+ TODO: check
+CVE-2025-27431 (User management functionality in SAP NetWeaver Application Server Java ...)
+ TODO: check
+CVE-2025-27430 (Under certain conditions, an SSRF vulnerability in SAP CRM and SAP S/4 ...)
+ TODO: check
+CVE-2025-26707 (Improper Privilege Management vulnerability in ZTE GoldenDB allows Pri ...)
+ TODO: check
+CVE-2025-26706 (Improper Privilege Management vulnerability in ZTE GoldenDB allows Pri ...)
+ TODO: check
+CVE-2025-26705 (Improper Privilege Management vulnerability in ZTE GoldenDB allows Pri ...)
+ TODO: check
+CVE-2025-26704 (Improper Privilege Management vulnerability in ZTE GoldenDB allows Pri ...)
+ TODO: check
+CVE-2025-26703 (Improper Privilege Management vulnerability in ZTE GoldenDB allows Pri ...)
+ TODO: check
+CVE-2025-26702 (Improper Input Validation vulnerability in ZTE GoldenDB allows Input D ...)
+ TODO: check
+CVE-2025-26661 (Due to missing authorization check, SAP NetWeaver (ABAP Class Builder) ...)
+ TODO: check
+CVE-2025-26660 (SAP Fiori applications using the posting library fail to properly conf ...)
+ TODO: check
+CVE-2025-26659 (SAP NetWeaver Application Server ABAP does not sufficiently encode use ...)
+ TODO: check
+CVE-2025-26658 (The Service Layer in SAP Business One, allows attackers to potentially ...)
+ TODO: check
+CVE-2025-26656 (OData Service in Manage Purchasing Info Records does not perform neces ...)
+ TODO: check
+CVE-2025-26655 (SAP Just In Time(JIT) does not perform necessary authorization checks ...)
+ TODO: check
+CVE-2025-25908 (A stored cross-site scripting (XSS) vulnerability in tianti v2.3 allow ...)
+ TODO: check
+CVE-2025-25907 (tianti v2.3 was discovered to contain a Cross-Site Request Forgery (CS ...)
+ TODO: check
+CVE-2025-25245 (SAP BusinessObjects Business Intelligence Platform (Web Intelligence) ...)
+ TODO: check
+CVE-2025-25244 (SAP Business Warehouse (Process Chains) allows an attacker to manipula ...)
+ TODO: check
+CVE-2025-25242 (SAP NetWeaver Application Server ABAP allows malicious scripts to be e ...)
+ TODO: check
+CVE-2025-23194 (SAP NetWeaver Enterprise Portal OBN does not perform proper authentica ...)
+ TODO: check
+CVE-2025-23188 (An authenticated user with low privileges can exploit a missing author ...)
+ TODO: check
+CVE-2025-23185 (Due to improper error handling in SAP Business Objects Business Intell ...)
+ TODO: check
+CVE-2025-1920 (Type Confusion in V8 in Google Chrome prior to 134.0.6998.88 allowed a ...)
+ TODO: check
+CVE-2025-1661 (The HUSKY \u2013 Products Filter Professional for WooCommerce plugin f ...)
+ TODO: check
+CVE-2025-1434 (The Spreadsheet view is vulnerable to a XSS attack, where a remote una ...)
+ TODO: check
+CVE-2025-0660 (Concrete CMS versions 9.0.0 through 9.3.9 are affected by a stored XSS ...)
+ TODO: check
+CVE-2025-0629 (The Coronavirus (COVID-19) Notice Message WordPress plugin through 1.1 ...)
+ TODO: check
+CVE-2025-0071 (SAP Web Dispatcher and Internet Communication Manager allow an attacke ...)
+ TODO: check
+CVE-2025-0062 (SAP BusinessObjects Business Intelligence Platform allows an attacker ...)
+ TODO: check
+CVE-2024-58102 (An issue was discovered in Datalust Seq before 2024.3.13545. An insecu ...)
+ TODO: check
+CVE-2024-56192 (In wl_notify_gscan_event of wl_cfgscan.c, there is a possible out of b ...)
+ TODO: check
+CVE-2024-56191 (In dhd_process_full_gscan_result of dhd_pno.c, there is a possible EoP ...)
+ TODO: check
+CVE-2024-49823 (IBM Common Cryptographic Architecture 7.0.0 through 7.5.51 could allow ...)
+ TODO: check
+CVE-2024-41760 (IBM Common Cryptographic Architecture 7.0.0 through 7.5.51 could all ...)
+ TODO: check
+CVE-2024-22340 (IBM Common Cryptographic Architecture 7.0.0 through 7.5.51 could a ...)
+ TODO: check
+CVE-2024-13864 (The Countdown Timer WordPress plugin through 1.0 does not sanitise and ...)
+ TODO: check
+CVE-2024-13862 (The S3Bubble Media Streaming (AWS|Elementor|YouTube|Vimeo Functionalit ...)
+ TODO: check
+CVE-2024-13853 (The SEO Tools WordPress plugin through 4.0.7 does not sanitise and esc ...)
+ TODO: check
+CVE-2024-13836 (The WP Login Control WordPress plugin through 2.0.0 does not sanitise ...)
+ TODO: check
+CVE-2024-13615 (The Social Share Buttons, Social Sharing Icons, Click to Tweet \u2014 ...)
+ TODO: check
+CVE-2024-13580 (The XV Random Quotes WordPress plugin through 1.40 does not have CSRF ...)
+ TODO: check
+CVE-2024-13574 (The XV Random Quotes WordPress plugin through 1.40 does not sanitise a ...)
+ TODO: check
+CVE-2024-13436 (The Appsero Helper plugin for WordPress is vulnerable to Cross-Site Re ...)
+ TODO: check
+CVE-2024-13413 (The ProductDyno plugin for WordPress is vulnerable to Reflected Cross- ...)
+ TODO: check
+CVE-2024-13228 (The Qubely \u2013 Advanced Gutenberg Blocks plugin for WordPress is vu ...)
+ TODO: check
+CVE-2024-12010 (A post-authentication command injection vulnerability in the \u201dzyU ...)
+ TODO: check
+CVE-2024-12009 (A post-authentication command injection vulnerability in the "ZyEE" fu ...)
+ TODO: check
+CVE-2024-11253 (A post-authentication command injection vulnerability in the "DNSServe ...)
+ TODO: check
+CVE-2025-1828 (Crypt::Random Perl package 1.05 through 1.55 may use rand() function, ...)
NOT-FOR-US: Crypt-Random Perl module
NOTE: https://github.com/perl-Crypt-OpenPGP/Crypt-Random/pull/1
NOTE: Fixed by: https://github.com/perl-Crypt-OpenPGP/Crypt-Random/commit/1f8b29e9e89d8d083fd025152e76ec918136cc05 (1.55)
@@ -1489,6 +1627,7 @@ CVE-2025-1930 (On Windows, a compromised content process could use bad StreamDat
CVE-2025-27521 (Vulnerability of improper access permission in the process management ...)
NOT-FOR-US: Huawei
CVE-2025-27221 (In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.jo ...)
+ {DLA-4082-1}
- ruby3.3 <unfixed>
- ruby3.1 <unfixed>
- ruby2.7 <removed>
@@ -1498,6 +1637,7 @@ CVE-2025-27221 (In the URI gem before 1.0.3 for Ruby, the URI handling methods (
NOTE: https://github.com/ruby/uri/pull/154
NOTE: https://github.com/rubysec/ruby-advisory-db/blob/master/gems/uri/CVE-2025-27221.yml
CVE-2025-27220 (In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of S ...)
+ {DLA-4082-1}
- ruby3.3 <unfixed>
- ruby3.1 <unfixed>
- ruby2.7 <removed>
@@ -1505,6 +1645,7 @@ CVE-2025-27220 (In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denia
NOTE: https://github.com/ruby/cgi/commit/cd1eb08076c8b8e310d4d553d427763f2577a1b6 (v0.4.2)
NOTE: https://github.com/ruby/cgi/pull/52
CVE-2025-27219 (In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in ...)
+ {DLA-4082-1}
- ruby3.3 <unfixed>
- ruby3.1 <unfixed>
- ruby2.7 <removed>
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b11c945cc6f2d5e3fafbe31219539277775b2f0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b11c945cc6f2d5e3fafbe31219539277775b2f0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250311/8f7125dc/attachment.htm>
More information about the debian-security-tracker-commits
mailing list