[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9213539d by security tracker role at 2025-03-14T20:12:09+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,11 +1,123 @@
-CVE-2023-52927 [netfilter: allow exp not to be removed in nf_ct_find_expectation]
+CVE-2025-2304 (A Privilege Escalation through a Mass Assignment exists in Camaleon CM ...)
+	TODO: check
+CVE-2025-2268 (The HP LaserJet MFP M232-M237 Printer Series may be vulnerable to a de ...)
+	TODO: check
+CVE-2025-2232 (The Realteo - Real Estate Plugin by Purethemes plugin for WordPress, u ...)
+	TODO: check
+CVE-2025-2000 (A maliciously crafted QPY file can potential execute arbitrary-code em ...)
+	TODO: check
+CVE-2025-29782 (WeGIA is Web manager for charitable institutions A Stored Cross-Site S ...)
+	TODO: check
+CVE-2025-29780 (Post-Quantum Secure Feldman's Verifiable Secret Sharing provides a Pyt ...)
+	TODO: check
+CVE-2025-29779 (Post-Quantum Secure Feldman's Verifiable Secret Sharing provides a Pyt ...)
+	TODO: check
+CVE-2025-29776 (Azle is a WebAssembly runtime for TypeScript and JavaScript on ICP. Ca ...)
+	TODO: check
+CVE-2025-29775 (xml-crypto is an XML digital signature and encryption library for Node ...)
+	TODO: check
+CVE-2025-29774 (xml-crypto is an XML digital signature and encryption library for Node ...)
+	TODO: check
+CVE-2025-29771 (HtmlSanitizer is a client-side HTML Sanitizer. Versions prior to 2.0.3 ...)
+	TODO: check
+CVE-2025-29387 (In Tenda AC9 v1.0 V15.03.05.14_multi, the wanSpeed parameter of /gofor ...)
+	TODO: check
+CVE-2025-29386 (In Tenda AC9 v1.0 V15.03.05.14_multi, the mac parameter of /goform/Adv ...)
+	TODO: check
+CVE-2025-29385 (In Tenda AC9 v1.0 V15.03.05.14_multi, the cloneType parameter of /gofo ...)
+	TODO: check
+CVE-2025-29384 (In Tenda AC9 v1.0 V15.03.05.14_multi, the wanMTU parameter of /goform/ ...)
+	TODO: check
+CVE-2025-29032 (Tenda AC9 v15.03.05.19(6318) was discovered to contain a buffer overfl ...)
+	TODO: check
+CVE-2025-29031 (Tenda AC6 v15.03.05.16 was discovered to contain a buffer overflow via ...)
+	TODO: check
+CVE-2025-29030 (Tenda AC6 v15.03.05.16 was discovered to contain a buffer overflow via ...)
+	TODO: check
+CVE-2025-29029 (Tenda AC6 v15.03.05.16 was discovered to contain a buffer overflow via ...)
+	TODO: check
+CVE-2025-27606 (Element Android is an Android Matrix Client provided by Element. Eleme ...)
+	TODO: check
+CVE-2025-27595 (The device uses a weak hashing alghorithm to create the password hash. ...)
+	TODO: check
+CVE-2025-27594 (The device uses an unencrypted, proprietary protocol for communication ...)
+	TODO: check
+CVE-2025-27593 (The product can be used to distribute malicious code using SDD Device  ...)
+	TODO: check
+CVE-2025-26626 (The GLPI Inventory Plugin handles various types of tasks for GLPI agen ...)
+	TODO: check
+CVE-2025-26312 (SendQuick Entera devices before 11HF5 are vulnerable to CAPTCHA bypass ...)
+	TODO: check
+CVE-2025-26216
+	REJECTED
+CVE-2025-26215
+	REJECTED
+CVE-2025-25873 (Cross Site Request Forgery vulnerability in Open Panel OpenAdmin v.0.3 ...)
+	TODO: check
+CVE-2025-25872 (An issue in Open Panel v.0.3.4 allows a remote attacker to escalate pr ...)
+	TODO: check
+CVE-2025-25871 (An issue in Open Panel v.0.3.4 allows a remote attacker to escalate pr ...)
+	TODO: check
+CVE-2025-1888 (The Leica Web Viewer within the Aperio Eslide Manager Application is v ...)
+	TODO: check
+CVE-2025-1507 (The ShareThis Dashboard for Google Analytics plugin for WordPress is v ...)
+	TODO: check
+CVE-2024-55594 (An improper handling of syntactically invalid structure in Fortinet Fo ...)
+	TODO: check
+CVE-2024-54449 (The API used to interact with documents in the application contains tw ...)
+	TODO: check
+CVE-2024-54448 (The Automation Scripting functionality can be exploited by attackers t ...)
+	TODO: check
+CVE-2024-54447 (Saved search functionality contains a blind SQL injection that can be  ...)
+	TODO: check
+CVE-2024-54446 (Document history functionality contains a blind SQL injection that can ...)
+	TODO: check
+CVE-2024-54445 (Login functionality contains a blind SQL injection that can be exploit ...)
+	TODO: check
+CVE-2024-47573 (An improper validation of integrity check value vulnerability [CWE-354 ...)
+	TODO: check
+CVE-2024-46662 (A improper neutralization of special elements used in a command ('comm ...)
+	TODO: check
+CVE-2024-45643 (IBM Security QRadar 3.12 EDR uses weaker than expected cryptographic a ...)
+	TODO: check
+CVE-2024-45638 (IBM Security QRadar 3.12 EDR stores user credentials in plain text whi ...)
+	TODO: check
+CVE-2024-40590 (Animproper certificate validation vulnerability [CWE-295] in FortiPort ...)
+	TODO: check
+CVE-2024-40585 (An insertion of sensitive information into log file vulnerabilities [C ...)
+	TODO: check
+CVE-2024-29409 (File Upload vulnerability in nestjs nest v.10.3.2 allows a remote atta ...)
+	TODO: check
+CVE-2024-26006 (An improper neutralization of input during web page Generation vulnera ...)
+	TODO: check
+CVE-2024-13773 (The Civi - Job Board & Freelance Marketplace WordPress Theme plugin fo ...)
+	TODO: check
+CVE-2024-13772 (The Civi - Job Board & Freelance Marketplace WordPress Theme plugin fo ...)
+	TODO: check
+CVE-2024-13771 (The Civi - Job Board & Freelance Marketplace WordPress Theme plugin fo ...)
+	TODO: check
+CVE-2024-12810 (The JobCareer | Job Board Responsive WordPress Theme theme for WordPre ...)
+	TODO: check
+CVE-2024-12245 (Logout functionality contains a blind SQL injection that can be exploi ...)
+	TODO: check
+CVE-2024-12020 (There is a reflected cross-site scripting (XSS) within JSP files used  ...)
+	TODO: check
+CVE-2024-12019 (The API used to interact with documents in the application contains a  ...)
+	TODO: check
+CVE-2023-48785 (An improper certificate validation vulnerability [CWE-295] in FortiNAC ...)
+	TODO: check
+CVE-2023-45588 (An external control of file name or path vulnerability [CWE-73] in  Fo ...)
+	TODO: check
+CVE-2023-33300 (A improper neutralization of special elements used in a command ('comm ...)
+	TODO: check
+CVE-2023-52927 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
 	- linux 6.6.8-1
 	NOTE: https://git.kernel.org/linus/4914109a8e1e494c6aa9852f9e84ec77a5fc643f (6.6-rc1)
 CVE-2025-XXXX [Parameter manipulation allows the forging of signed SAML messages]
 	- opensaml <unfixed> (bug #1100464)
 	NOTE: https://shibboleth.net/community/advisories/secadv_20250313.txt
 	NOTE: https://git.shibboleth.net/view/?p=cpp-opensaml.git;a=commit;h=22a610b322e2178abd03e97cdbc8fb50b45efaee (3.3.1)
-CVE-2024-8176
+CVE-2024-8176 (A stack overflow vulnerability exists in the libexpat library due to t ...)
 	- expat 2.7.0-1
 	NOTE: https://blog.hartwork.org/posts/expat-2-7-0-released/
 	NOTE: https://github.com/libexpat/libexpat/issues/893
@@ -70,26 +182,31 @@ CVE-2024-11235
 	- php8.4 8.4.5-1
 	NOTE: https://github.com/php/php-src/security/advisories/GHSA-rwp7-7vc6-8477
 CVE-2025-1861
+	{DSA-5878-1}
 	- php8.4 8.4.5-1
 	- php8.2 <unfixed>
 	- php7.4 <removed>
 	NOTE: https://github.com/php/php-src/security/advisories/GHSA-52jp-hrpf-2jff
 CVE-2025-1736
+	{DSA-5878-1}
 	- php8.4 8.4.5-1
 	- php8.2 <unfixed>
 	- php7.4 <removed>
 	NOTE: https://github.com/php/php-src/security/advisories/GHSA-hgf5-96fm-v528
 CVE-2025-1734
+	{DSA-5878-1}
 	- php8.4 8.4.5-1
 	- php8.2 <unfixed>
 	- php7.4 <removed>
 	NOTE: https://github.com/php/php-src/security/advisories/GHSA-pcmh-g36c-qc44
 CVE-2025-1219
+	{DSA-5878-1}
 	- php8.4 8.4.5-1
 	- php8.2 <unfixed>
 	- php7.4 <removed>
 	NOTE: https://github.com/php/php-src/security/advisories/GHSA-p3x9-6h7p-cgfc
 CVE-2025-1217
+	{DSA-5878-1}
 	- php8.4 8.4.5-1
 	- php8.2 <unfixed>
 	- php7.4 <removed>
@@ -82387,8 +82504,8 @@ CVE-2024-2119 (The LuckyWP Table of Contents plugin for WordPress is vulnerable
 	NOT-FOR-US: WordPress plugin
 CVE-2024-2088 (The NextScripts: Social Networks Auto-Poster plugin for WordPress is v ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2024-21683
-	REJECTED
+CVE-2024-21683 (This High severity RCE (Remote Code Execution) vulnerability was intro ...)
+	TODO: check
 CVE-2024-1762 (The NextScripts: Social Networks Auto-Poster plugin for WordPress is v ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-1446 (The NextScripts: Social Networks Auto-Poster plugin for WordPress is v ...)
@@ -247161,8 +247278,8 @@ CVE-2022-29061 (An improper neutralization of special elements used in an OS com
 	NOT-FOR-US: FortiGuard
 CVE-2022-29060 (A use of hard-coded cryptographic key vulnerability [CWE-321] in Forti ...)
 	NOT-FOR-US: Fortinet
-CVE-2022-29059
-	RESERVED
+CVE-2022-29059 (An improper neutralization of special elements used in an SQL command( ...)
+	TODO: check
 CVE-2022-29058 (An improper neutralization of special elements [CWE-89] used in an OS  ...)
 	NOT-FOR-US: FortiGuard
 CVE-2022-29057 (A improper neutralization of input during web page generation ('cross- ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9213539d0352a5054b26725e9972044565bd151a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9213539d0352a5054b26725e9972044565bd151a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250314/0c4ab49f/attachment-0001.htm>