[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Mar 13 08:12:15 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4af30de3 by security tracker role at 2025-03-13T08:12:08+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,61 @@
+CVE-2025-2271 (A vulnerability exists in Issuetrak v17.2.2 and prior that allows a lo ...)
+	TODO: check
+CVE-2025-2250 (The WordPress Report Brute Force Attacks and Login Protection ReportAt ...)
+	TODO: check
+CVE-2025-2107 (The ArielBrailovsky-ViralAd plugin for WordPress is vulnerable to SQL  ...)
+	TODO: check
+CVE-2025-2106 (The ArielBrailovsky-ViralAd plugin for WordPress is vulnerable to SQL  ...)
+	TODO: check
+CVE-2025-2104 (The Page Builder: Pagelayer \u2013 Drag and Drop website builder plugi ...)
+	TODO: check
+CVE-2025-25293 (ruby-saml provides security assertion markup language (SAML) single si ...)
+	TODO: check
+CVE-2025-25292 (ruby-saml provides security assertion markup language (SAML) single si ...)
+	TODO: check
+CVE-2025-25291 (ruby-saml provides security assertion markup language (SAML) single si ...)
+	TODO: check
+CVE-2025-1785 (The Download Manager plugin for WordPress is vulnerable to Directory T ...)
+	TODO: check
+CVE-2025-1561 (The AppPresser \u2013 Mobile App Framework plugin for WordPress is vul ...)
+	TODO: check
+CVE-2025-1559 (The CC-IMG-Shortcode plugin for WordPress is vulnerable to Stored Cros ...)
+	TODO: check
+CVE-2025-1503 (The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross ...)
+	TODO: check
+CVE-2025-1487 (The WoWPth WordPress plugin through 2.0 does not sanitise and escape a ...)
+	TODO: check
+CVE-2025-1486 (The WoWPth WordPress plugin through 2.0 does not sanitise and escape a ...)
+	TODO: check
+CVE-2025-1436 (The Limit Bio WordPress plugin through 1.0 does not have CSRF check wh ...)
+	TODO: check
+CVE-2025-1401 (The WP Click Info WordPress plugin through 2.7.4 does not sanitise and ...)
+	TODO: check
+CVE-2025-1257 (An issue was discovered in GitLab EE affecting all versions starting w ...)
+	TODO: check
+CVE-2025-1119 (The Appointment Booking Calendar \u2014 Simply Schedule Appointments B ...)
+	TODO: check
+CVE-2025-0652 (An issue has been discovered in GitLab EE/CE affecting all versions st ...)
+	TODO: check
+CVE-2024-8402 (An issue was discovered in GitLab EE affecting all versions starting f ...)
+	TODO: check
+CVE-2024-7296 (An issue was discovered in GitLab EE affecting all versions from 16.5  ...)
+	TODO: check
+CVE-2024-13891 (The Schedule WordPress plugin through 1.0.0 does not sanitise and esca ...)
+	TODO: check
+CVE-2024-13887 (The Business Directory Plugin \u2013 Easy Listing Directories for Word ...)
+	TODO: check
+CVE-2024-13885 (The WP e-Customers Beta WordPress plugin through 0.0.1 does not saniti ...)
+	TODO: check
+CVE-2024-13884 (The Limit Bio WordPress plugin through 1.0 does not sanitise and escap ...)
+	TODO: check
+CVE-2024-13703 (The CRM and Lead Management by vcita plugin for WordPress is vulnerabl ...)
+	TODO: check
+CVE-2024-13054 (An issue was discovered in GitLab CE/EE affecting all versions before  ...)
+	TODO: check
+CVE-2024-12380 (An issue was discovered in GitLab EE/CE affecting all versions startin ...)
+	TODO: check
+CVE-2020-36843 (The implementation of EdDSA in EdDSA-Java (aka ed25519-java) through 0 ...)
+	TODO: check
 CVE-2025-2240 (A flaw was found in Smallrye, where smallrye-fault-tolerance is vulner ...)
 	NOT-FOR-US: Smallrye
 CVE-2025-2239 (Generation of Error Message Containing Sensitive Information vulnerabi ...)
@@ -43,7 +101,7 @@ CVE-2025-25566 (Memory Leak vulnerability in SoftEtherVPN 5.02.5187 allows an at
 	NOT-FOR-US: SoftEtherVPN
 CVE-2025-25565 (SoftEther VPN 5.02.5187 is vulnerable to Buffer Overflow in the Comman ...)
 	NOT-FOR-US: SoftEtherVPN
-CVE-2025-22954 (Koha <= 21.11 is contains a SQL Injection vulnerability in /serials/la ...)
+CVE-2025-22954 (GetLateOrMissingIssues in C4/Serials.pm in Koha before 24.11.02 allows ...)
 	NOT-FOR-US: Koha Library Management System
 CVE-2025-21590 (An Improper Isolation or Compartmentalization vulnerability in the ker ...)
 	NOT-FOR-US: Juniper
@@ -801,7 +859,8 @@ CVE-2024-32123 (Multiple improper neutralization of special elements used in an
 	NOT-FOR-US: Fortinet
 CVE-2024-28607 (The ip-utils package through 2.4.0 for Node.js might allow SSRF becaus ...)
 	NOT-FOR-US: Node ip-utils
-CVE-2024-12546 (EDK2 contains a vulnerability in BIOS where a user may cause an Intege ...)
+CVE-2024-12546
+	REJECTED
 	TODO: check
 CVE-2023-48790 (A cross site request forgery vulnerability [CWE-352] in Fortinet Forti ...)
 	NOT-FOR-US: Fortinet
@@ -9679,7 +9738,7 @@ CVE-2025-1356 (A vulnerability was found in needyamin Library Card System 1.0. I
 	NOT-FOR-US: Needyamin Library Card System
 CVE-2025-1355 (A vulnerability was found in needyamin Library Card System 1.0. It has ...)
 	NOT-FOR-US: Needyamin Library Card System
-CVE-2025-1354 (A vulnerability was found in Asus RT-N12E 2.0.0.19. It has been classi ...)
+CVE-2025-1354 (A cross-site scripting (XSS)  vulnerability in the RT-N10E/ RT-N12E 2. ...)
 	NOT-FOR-US: Asus
 CVE-2025-1353 (A vulnerability was found in Kong Insomnia up to 10.3.0 and classified ...)
 	NOT-FOR-US: Kong Insomnia
@@ -89533,7 +89592,7 @@ CVE-2024-4345 (The Startklar Elementor Addons plugin for WordPress is vulnerable
 	NOT-FOR-US: WordPress plugin
 CVE-2024-34523 (AChecker 1.5 allows remote attackers to read the contents of arbitrary ...)
 	NOT-FOR-US: AChecker
-CVE-2024-34517 (The Cypher component in Neo4j between v.5.0.0 and v.5.19.0 mishandles  ...)
+CVE-2024-34517 (The Cypher component in Neo4j 5.0.0 through 5.18 mishandles IMMUTABLE  ...)
 	NOT-FOR-US: Neo4j Cypher
 CVE-2024-34342 (react-pdf displays PDFs in React apps. If PDF.js is used to load a mal ...)
 	NOT-FOR-US: react-pdf



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4af30de3b7566354dfd04e7f548870db50131382

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4af30de3b7566354dfd04e7f548870db50131382
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250313/0402f75a/attachment.htm>

More information about the debian-security-tracker-commits mailing list