[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun Mar 16 08:11:57 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d210c0f3 by security tracker role at 2025-03-16T08:11:50+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,75 @@
+CVE-2025-30077 (Open Networking Foundation SD-RAN ONOS onos-lib-go 0.10.28 allows an i ...)
+	TODO: check
+CVE-2025-30076 (Koha before 24.11.02 allows admins to execute arbitrary commands via s ...)
+	TODO: check
+CVE-2025-30074 (Alludo Parallels Desktop before 19.4.2 and 20.x before 20.2.2 for macO ...)
+	TODO: check
+CVE-2025-2335 (A vulnerability classified as problematic was found in Drivin Solu\xe7 ...)
+	TODO: check
+CVE-2025-2334 (A vulnerability classified as problematic has been found in 274056675  ...)
+	TODO: check
+CVE-2025-27281 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2025-26978 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2025-26976 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2025-26972 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-26969 (Missing Authorization vulnerability in Aldo Latino PrivateContent. Thi ...)
+	TODO: check
+CVE-2025-26961 (Missing Authorization vulnerability in NotFound Fresh Framework allows ...)
+	TODO: check
+CVE-2025-26940 (Path Traversal vulnerability in NotFound Pie Register Premium. This is ...)
+	TODO: check
+CVE-2025-26924 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
+	TODO: check
+CVE-2025-26921 (Deserialization of Untrusted Data vulnerability in magepeopleteam Book ...)
+	TODO: check
+CVE-2025-26899 (Cross-Site Request Forgery (CSRF) vulnerability in Recapture Cart Reco ...)
+	TODO: check
+CVE-2025-26895 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-26886 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2025-26875 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2025-26556 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-26555 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-26554 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-26553 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-26548 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-24856 (An issue was discovered in the oidc (aka OpenID Connect Authentication ...)
+	TODO: check
+CVE-2025-23744 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-1624 (The GDPR Cookie Compliance  WordPress plugin before 4.15.9 does not sa ...)
+	TODO: check
+CVE-2025-1623 (The GDPR Cookie Compliance  WordPress plugin before 4.15.9 does not sa ...)
+	TODO: check
+CVE-2025-1622 (The GDPR Cookie Compliance  WordPress plugin before 4.15.7 does not sa ...)
+	TODO: check
+CVE-2025-1621 (The GDPR Cookie Compliance  WordPress plugin before 4.15.7 does not sa ...)
+	TODO: check
+CVE-2025-1620 (The GDPR Cookie Compliance  WordPress plugin before 4.15.7 does not sa ...)
+	TODO: check
+CVE-2025-1619 (The GDPR Cookie Compliance  WordPress plugin before 4.15.7 does not sa ...)
+	TODO: check
+CVE-2025-0524
+	REJECTED
+CVE-2024-58103 (Square Wire before 5.2.0 does not enforce a recursion limit on nested  ...)
+	TODO: check
+CVE-2024-13602 (The Poll Maker  WordPress plugin before 5.5.4 does not sanitise and es ...)
+	TODO: check
+CVE-2024-13126 (The Download Manager WordPress plugin before 3.3.07 doesn't prevent di ...)
+	TODO: check
+CVE-2022-49737 (In X.Org X server 20.11 through 21.1.16, when a client application use ...)
+	TODO: check
 CVE-2025-2333
 	REJECTED
 CVE-2025-2323 (A vulnerability was found in 274056675 springboot-openai-chatgpt e84f6 ...)
@@ -12,7 +84,7 @@ CVE-2025-25225 (A privilege escalation vulnerability in the Hikashop component v
 	NOT-FOR-US: Joomla
 CVE-2025-1530 (The Tripetto plugin for WordPress is vulnerable to Cross-Site Request  ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2025-30066 (tj-actions changed-files through 45.0.7 allows remote attackers to dis ...)
+CVE-2025-30066 (tj-actions changed-files before 46 allows remote attackers to discover ...)
 	NOT-FOR-US: tj-actions changed-files
 CVE-2025-2325 (The WP Test Email plugin for WordPress is vulnerable to Stored Cross-S ...)
 	NOT-FOR-US: WordPress plugin



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d210c0f3645a8735df2e417a16643652857e9f56

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d210c0f3645a8735df2e417a16643652857e9f56
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250316/e82dae9e/attachment.htm>

More information about the debian-security-tracker-commits mailing list