[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Mar 20 08:12:40 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b3fdb1da by security tracker role at 2025-03-20T08:12:33+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,69 @@
+CVE-2025-30259 (The WhatsApp cloud service before late 2024 did not block certain craf ...)
+	TODO: check
+CVE-2025-30092 (Intrexx Portal Server 12.x <= 12.0.2 and 11.x <= 11.9.2 allows XSS in  ...)
+	TODO: check
+CVE-2025-2505 (The Age Gate plugin for WordPress is vulnerable to Local PHP File Incl ...)
+	TODO: check
+CVE-2025-2108 (The 140+ Widgets | Xpro Addons For Elementor \u2013 FREE plugin for Wo ...)
+	TODO: check
+CVE-2025-27787 (Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are ...)
+	TODO: check
+CVE-2025-27786 (Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are ...)
+	TODO: check
+CVE-2025-27785 (Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are ...)
+	TODO: check
+CVE-2025-27784 (Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are ...)
+	TODO: check
+CVE-2025-27783 (Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are ...)
+	TODO: check
+CVE-2025-27782 (Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are ...)
+	TODO: check
+CVE-2025-27781 (Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are ...)
+	TODO: check
+CVE-2025-27780 (Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are ...)
+	TODO: check
+CVE-2025-27779 (Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are ...)
+	TODO: check
+CVE-2025-27778 (Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are ...)
+	TODO: check
+CVE-2025-27777 (Applio is a voice conversion tool. Versions 3.2.7 and prior are vulner ...)
+	TODO: check
+CVE-2025-27776 (Applio is a voice conversion tool. Versions 3.2.7 and prior are vulner ...)
+	TODO: check
+CVE-2025-27775 (Applio is a voice conversion tool. Versions 3.2.7 and prior are vulner ...)
+	TODO: check
+CVE-2025-27774 (Applio is a voice conversion tool. Versions 3.2.7 and prior are vulner ...)
+	TODO: check
+CVE-2025-26816 (A vulnerability in Intrexx Portal Server 12.0.2 and earlier which was  ...)
+	TODO: check
+CVE-2025-22228 (BCryptPasswordEncoder.matches(CharSequence,String)will incorrectly ret ...)
+	TODO: check
+CVE-2025-1770 (The Event Manager, Events Calendar, Tickets, Registrations \u2013 Even ...)
+	TODO: check
+CVE-2025-1766 (The Event Manager, Events Calendar, Tickets, Registrations \u2013 Even ...)
+	TODO: check
+CVE-2025-1628
+	REJECTED
+CVE-2025-1385 (When the library bridge feature is enabled, the clickhouse-library-bri ...)
+	TODO: check
+CVE-2025-1314 (The Custom Twitter Feeds \u2013 A Tweets Widget or X Feed Widget plugi ...)
+	TODO: check
+CVE-2024-55009 (A reflected cross-site scripting (XSS) vulnerability in AutoBib - Bibl ...)
+	TODO: check
+CVE-2024-13881 (The Link My Posts WordPress plugin through 1.0 does not sanitise and e ...)
+	TODO: check
+CVE-2024-13880 (The My Quota WordPress plugin through 1.0.8 does not sanitise and esca ...)
+	TODO: check
+CVE-2024-13878 (The SpotBot WordPress plugin through 0.1.8 does not sanitise and escap ...)
+	TODO: check
+CVE-2024-13877 (The Passbeemedia Web Push Notification WordPress plugin through 1.0.0  ...)
+	TODO: check
+CVE-2024-13876 (The mEintopf WordPress plugin through 0.2.1 does not sanitise and esca ...)
+	TODO: check
+CVE-2024-13875 (The WP-PManager WordPress plugin through 1.2 does not sanitise and esc ...)
+	TODO: check
+CVE-2024-12016 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
 CVE-2025-30258 (In GnuPG before 2.5.5, if a user chooses to import a certificate with  ...)
 	TODO: check
 CVE-2025-30197 (Jenkins Zoho QEngine Plugin 1.0.29.vfa_cc23396502 and earlier does not ...)
@@ -4837,6 +4903,7 @@ CVE-2025-20060 (An attacker could expose cross-user personal identifiable inform
 CVE-2025-20049 (The Dario Health portal service application is vulnerable to XSS, whic ...)
 	NOT-FOR-US: Dario Health
 CVE-2025-1795 (During an address list folding when a separating comma ends up on a fo ...)
+	{DLA-4087-1}
 	- python3.13 3.13.0~b1-1
 	- python3.12 3.12.9-1
 	- python3.11 <removed>
@@ -14924,6 +14991,7 @@ CVE-2025-22332 (Improper Neutralization of Input During Web Page Generation ('Cr
 CVE-2025-22265 (Missing Authorization vulnerability in mgplugin EMI Calculator allows  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-0938 (The Python standard library functions `urllib.parse.urlsplit` and `url ...)
+	{DLA-4087-1}
 	- python3.13 3.13.2-1
 	- python3.12 3.12.9-1
 	- python3.11 <removed>
@@ -111322,7 +111390,7 @@ CVE-2024-27622 (A remote code execution vulnerability has been identified in the
 	NOT-FOR-US: CMS Made Simple
 CVE-2024-27565 (A Server-Side Request Forgery (SSRF) in weixin.php of ChatGPT-wechat-p ...)
 	NOT-FOR-US: ChatGPT-wechat-personal
-CVE-2024-27564 (A Server-Side Request Forgery (SSRF) in pictureproxy.php of ChatGPT co ...)
+CVE-2024-27564 (pictureproxy.php in the dirk1983 mm1.ltd source code f9f4bbc allows SS ...)
 	NOT-FOR-US: ChatGPT
 CVE-2024-27563 (A Server-Side Request Forgery (SSRF) in the getFileFromRepo function o ...)
 	NOT-FOR-US: WonderCMS
@@ -263430,7 +263498,7 @@ CVE-2022-0392 (Heap-based Buffer Overflow in GitHub repository vim prior to 8.2.
 	NOTE: https://huntr.dev/bounties/d00a2acd-1935-4195-9d5b-4115ef6b3126
 	NOTE: https://github.com/vim/vim/commit/806d037671e133bd28a7864248763f643967973a (v8.2.4218)
 CVE-2022-0391 (A flaw was found in Python, specifically within the urllib.parse modul ...)
-	{DLA-3966-1 DLA-3575-1}
+	{DLA-4087-1 DLA-3966-1 DLA-3575-1}
 	- python3.9 3.9.7-1
 	- python3.7 <removed>
 	[buster] - python3.7 <ignored> (Minor issue, different approach to sanitization; regressions reports)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b3fdb1da640e0b9b86b2e0ada1f8cc80c077fc74

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b3fdb1da640e0b9b86b2e0ada1f8cc80c077fc74
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250320/6bbd302b/attachment.htm>

More information about the debian-security-tracker-commits mailing list