[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Mar 24 20:12:35 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2861351c by security tracker role at 2025-03-24T20:12:28+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,229 @@
+CVE-2025-30623 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-30621 (Cross-Site Request Forgery (CSRF) vulnerability in kornelly Translator ...)
+ TODO: check
+CVE-2025-30620 (Cross-Site Request Forgery (CSRF) vulnerability in coderscom WP Odoo F ...)
+ TODO: check
+CVE-2025-30619 (Cross-Site Request Forgery (CSRF) vulnerability in SpeakPipe SpeakPipe ...)
+ TODO: check
+CVE-2025-30617 (Cross-Site Request Forgery (CSRF) vulnerability in takien Rewrite allo ...)
+ TODO: check
+CVE-2025-30615 (Cross-Site Request Forgery (CSRF) vulnerability in Jacob Schwartz WP e ...)
+ TODO: check
+CVE-2025-30612 (Cross-Site Request Forgery (CSRF) vulnerability in mandegarweb Replace ...)
+ TODO: check
+CVE-2025-30610 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-30609 (Insertion of Sensitive Information Into Sent Data vulnerability in App ...)
+ TODO: check
+CVE-2025-30608 (Cross-Site Request Forgery (CSRF) vulnerability in Anthony WordPress S ...)
+ TODO: check
+CVE-2025-30606 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-30605 (Missing Authorization vulnerability in ldwin79 sourceplay-navermap all ...)
+ TODO: check
+CVE-2025-30604 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-30603 (Cross-Site Request Forgery (CSRF) vulnerability in DEJAN CopyLink allo ...)
+ TODO: check
+CVE-2025-30602 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-30601 (Cross-Site Request Forgery (CSRF) vulnerability in flipdish Flipdish O ...)
+ TODO: check
+CVE-2025-30600 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-30599 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-30598 (Cross-Site Request Forgery (CSRF) vulnerability in Link OSS Upload all ...)
+ TODO: check
+CVE-2025-30597 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-30595 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-30593 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-30592 (Missing Authorization vulnerability in westerndeal Advanced Dewplayer ...)
+ TODO: check
+CVE-2025-30591 (Missing Authorization vulnerability in tuyennv Music Press Pro allows ...)
+ TODO: check
+CVE-2025-30590 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-30588 (Cross-Site Request Forgery (CSRF) vulnerability in ryan_xantoo Map Con ...)
+ TODO: check
+CVE-2025-30587 (Cross-Site Request Forgery (CSRF) vulnerability in shawfactor LH OGP M ...)
+ TODO: check
+CVE-2025-30586 (Cross-Site Request Forgery (CSRF) vulnerability in bbodine1 cTabs allo ...)
+ TODO: check
+CVE-2025-30585 (Cross-Site Request Forgery (CSRF) vulnerability in marynixie Generate ...)
+ TODO: check
+CVE-2025-30584 (Cross-Site Request Forgery (CSRF) vulnerability in alphaomegaplugins A ...)
+ TODO: check
+CVE-2025-30583 (Cross-Site Request Forgery (CSRF) vulnerability in ProRankTracker Pro ...)
+ TODO: check
+CVE-2025-30581 (Missing Authorization vulnerability in PluginOps Top Bar allows Exploi ...)
+ TODO: check
+CVE-2025-30578 (Cross-Site Request Forgery (CSRF) vulnerability in hotvanrod AdSense P ...)
+ TODO: check
+CVE-2025-30577 (Cross-Site Request Forgery (CSRF) vulnerability in mendibass Browser A ...)
+ TODO: check
+CVE-2025-30576 (Cross-Site Request Forgery (CSRF) vulnerability in HuangYe WuDeng Hack ...)
+ TODO: check
+CVE-2025-30575 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-30574 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-30573 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-30572 (Cross-Site Request Forgery (CSRF) vulnerability in Igor Yavych Simple ...)
+ TODO: check
+CVE-2025-30571 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-30570 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-30569 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-30568 (Cross-Site Request Forgery (CSRF) vulnerability in hitoy Super Static ...)
+ TODO: check
+CVE-2025-30566 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-30565 (Cross-Site Request Forgery (CSRF) vulnerability in karrikas banner-man ...)
+ TODO: check
+CVE-2025-30564 (Cross-Site Request Forgery (CSRF) vulnerability in wpwox Custom Script ...)
+ TODO: check
+CVE-2025-30561 (Cross-Site Request Forgery (CSRF) vulnerability in Henrique Mouta CAS ...)
+ TODO: check
+CVE-2025-30560 (Cross-Site Request Forgery (CSRF) vulnerability in Sana Ullah jQuery D ...)
+ TODO: check
+CVE-2025-30558 (Cross-Site Request Forgery (CSRF) vulnerability in EnzoCostantini55 AN ...)
+ TODO: check
+CVE-2025-30557 (Cross-Site Request Forgery (CSRF) vulnerability in odihost Easy 301 Re ...)
+ TODO: check
+CVE-2025-30556 (Cross-Site Request Forgery (CSRF) vulnerability in flyaga Fix Rss Feed ...)
+ TODO: check
+CVE-2025-30555 (Cross-Site Request Forgery (CSRF) vulnerability in iiiryan WordPres \u ...)
+ TODO: check
+CVE-2025-30553 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-30552 (Cross-Site Request Forgery (CSRF) vulnerability in Donald Gilbert Word ...)
+ TODO: check
+CVE-2025-30551 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-30550 (Cross-Site Request Forgery (CSRF) vulnerability in WPShop.ru CallPhone ...)
+ TODO: check
+CVE-2025-30549 (Cross-Site Request Forgery (CSRF) vulnerability in Yummly Yummly Rich ...)
+ TODO: check
+CVE-2025-30546 (Cross-Site Request Forgery (CSRF) vulnerability in boroV Cackle allows ...)
+ TODO: check
+CVE-2025-30545 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-30543 (Missing Authorization vulnerability in swayam.tejwani Menu Duplicator ...)
+ TODO: check
+CVE-2025-30542 (Cross-Site Request Forgery (CSRF) vulnerability in wpsolutions SoundCl ...)
+ TODO: check
+CVE-2025-30541 (Cross-Site Request Forgery (CSRF) vulnerability in OTWthemes Info Boxe ...)
+ TODO: check
+CVE-2025-30540 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-30539 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-30538 (Cross-Site Request Forgery (CSRF) vulnerability in ChrisHurst Simple O ...)
+ TODO: check
+CVE-2025-30537 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-30536 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-30535 (Cross-Site Request Forgery (CSRF) vulnerability in muro External image ...)
+ TODO: check
+CVE-2025-30534 (Cross-Site Request Forgery (CSRF) vulnerability in captcha.soft Image ...)
+ TODO: check
+CVE-2025-30533 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-30532 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-30531 (Cross-Site Request Forgery (CSRF) vulnerability in GBS Developer WP Ri ...)
+ TODO: check
+CVE-2025-30530 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-30529 (Cross-Site Request Forgery (CSRF) vulnerability in S\xe9bastien Dumont ...)
+ TODO: check
+CVE-2025-30528 (Cross-Site Request Forgery (CSRF) vulnerability in wpshopee Awesome Lo ...)
+ TODO: check
+CVE-2025-30527 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-30526 (Cross-Site Request Forgery (CSRF) vulnerability in lucksy Typekit plug ...)
+ TODO: check
+CVE-2025-30525 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-30523 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-30522 (Cross-Site Request Forgery (CSRF) vulnerability in Damian Orzol Contac ...)
+ TODO: check
+CVE-2025-30521 (Cross-Site Request Forgery (CSRF) vulnerability in giangmd93 GP Back T ...)
+ TODO: check
+CVE-2025-30208 (Vite, a provider of frontend development tooling, has a vulnerability ...)
+ TODO: check
+CVE-2025-30205 (kanidim-provision is a helper utility that uses kanidm's API to provis ...)
+ TODO: check
+CVE-2025-30163 (Cilium is a networking, observability, and security solution with an e ...)
+ TODO: check
+CVE-2025-30162 (Cilium is a networking, observability, and security solution with an e ...)
+ TODO: check
+CVE-2025-30112 (On 70mai Dash Cam 1S devices, by connecting directly to the dashcam's ...)
+ TODO: check
+CVE-2025-2749 (An authenticated remote code execution in Kentico Xperience allows aut ...)
+ TODO: check
+CVE-2025-2748 (TheKentico Xperience application does not fully validate or filter fil ...)
+ TODO: check
+CVE-2025-2747 (An authentication bypass vulnerability in Kentico Xperience allows aut ...)
+ TODO: check
+CVE-2025-2746 (An authentication bypass vulnerability in Kentico Xperience allows aut ...)
+ TODO: check
+CVE-2025-2709 (A vulnerability has been found in Yonyou UFIDA ERP-NC 5.0 and classifi ...)
+ TODO: check
+CVE-2025-2708 (A vulnerability, which was classified as critical, was found in zhijia ...)
+ TODO: check
+CVE-2025-2707 (A vulnerability, which was classified as critical, has been found in z ...)
+ TODO: check
+CVE-2025-2706 (A vulnerability classified as critical was found in Digiwin ERP 5.0.1. ...)
+ TODO: check
+CVE-2025-2705 (A vulnerability classified as critical has been found in Digiwin ERP 5 ...)
+ TODO: check
+CVE-2025-2702 (A vulnerability, which was classified as critical, has been found in S ...)
+ TODO: check
+CVE-2025-2701 (A vulnerability classified as critical was found in AMTT Hotel Broadba ...)
+ TODO: check
+CVE-2025-2700 (A vulnerability classified as problematic has been found in michelson ...)
+ TODO: check
+CVE-2025-2326
+ REJECTED
+CVE-2025-2231 (PDF-XChange Editor RTF File Parsing Out-Of-Bounds Read Remote Code Exe ...)
+ TODO: check
+CVE-2025-29778 (Kyverno is a policy engine designed for cloud native platform engineer ...)
+ TODO: check
+CVE-2025-29294
+ REJECTED
+CVE-2025-23204 (API Platform Core is a system to create hypermedia-driven REST and Gra ...)
+ TODO: check
+CVE-2025-22223 (Spring Security 6.4.0 - 6.4.3 may not correctly locate method security ...)
+ TODO: check
+CVE-2025-1558 (Mattermost Mobile Apps versions <=2.25.0 fail to properly validate GIF ...)
+ TODO: check
+CVE-2025-0835 (Software installed and run as a non-privileged user may conduct improp ...)
+ TODO: check
+CVE-2025-0478 (Software installed and run as a non-privileged user may conduct improp ...)
+ TODO: check
+CVE-2025-0256 (HCL DevOps Deploy / HCL Launch could allow an authenticated user to ob ...)
+ TODO: check
+CVE-2025-0255 (HCL DevOps Deploy / HCL Launch could allow a remote privileged authent ...)
+ TODO: check
+CVE-2024-9103 (Improper Neutralization of Script in Attributes in a Web Page vulnerab ...)
+ TODO: check
+CVE-2024-8774 (The SIMPLE.ERP client stores superuser password in a recoverable forma ...)
+ TODO: check
+CVE-2024-8773 (SIMPLE.ERP client is vulnerable to MS SQL protocol downgrade request f ...)
+ TODO: check
+CVE-2024-55279 (Uguu through 1.8.9 allows Cross Site Scripting (XSS) via JavaScript in ...)
+ TODO: check
CVE-2025-2699 (A vulnerability was found in GetmeUK ContentTools up to 1.6.16. It has ...)
NOT-FOR-US: GetmeUK ContentTools
CVE-2025-2690 (A vulnerability, which was classified as critical, was found in yiisof ...)
@@ -2220,7 +2446,7 @@ CVE-2025-2056 (The WP Ghost (Hide My WP Ghost) \u2013 Security & Firewall plugin
CVE-2025-26163 (CM Soluces Informatica Ltda Auto Atendimento 1.x.x was discovered to c ...)
NOT-FOR-US: CM Soluces Informatica Ltda Auto Atendimento
CVE-2025-24855 (numbers.c in libxslt before 1.1.43 has a use-after-free because, in ne ...)
- {DSA-5884-1}
+ {DSA-5884-1 DLA-4089-1}
- libxslt 1.1.35-1.2 (bug #1100566)
NOTE: https://gitlab.gnome.org/GNOME/libxslt/-/issues/128
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxslt/-/commit/c7c7f1f78dd202a053996fcefe57eb994aec8ef2 (v1.1.43)
@@ -2239,7 +2465,7 @@ CVE-2025-0955 (The VidoRev Extensions plugin for WordPress is vulnerable to unau
CVE-2025-0952 (The Eco Nature - Environment & Ecology WordPress Theme theme for WordP ...)
NOT-FOR-US: WordPress plugin
CVE-2024-55549 (xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free i ...)
- {DSA-5884-1}
+ {DSA-5884-1 DLA-4089-1}
- libxslt 1.1.35-1.2 (bug #1100565)
NOTE: https://gitlab.gnome.org/GNOME/libxslt/-/issues/127
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxslt/-/commit/46041b65f2fbddf5c284ee1a1332fa2c515c0515 (v1.1.43)
@@ -52258,7 +52484,7 @@ CVE-2024-46977 (OpenC3 COSMOS provides the functionality needed to send commands
NOT-FOR-US: OpenC3 COSMOS
CVE-2024-46626 (OS4ED openSIS-Classic v9.1 was discovered to contain a SQL injection v ...)
NOT-FOR-US: OS4ED openSIS-Classic
-CVE-2024-45965 (Contao 5.4.1 allows an authenticated admin account to upload a SVG fil ...)
+CVE-2024-45965 (Contao before 5.5.6 allows XSS via an SVG document. This affects (in c ...)
NOT-FOR-US: Contao CMS
CVE-2024-45964 (Zenario 9.7.61188 is vulnerable to Cross Site Scripting (XSS) in the I ...)
NOT-FOR-US: Zenario
@@ -180188,8 +180414,8 @@ CVE-2015-10076 (A vulnerability was found in dimtion Shaarlier up to 1.2.2. It h
NOT-FOR-US: dimtion Shaarlier
CVE-2023-25611 (A improper neutralization of formula elements in a CSV file vulnerabil ...)
NOT-FOR-US: Fortinet
-CVE-2023-25610
- RESERVED
+CVE-2023-25610 (A buffer underwrite ('buffer underflow') vulnerability in the administ ...)
+ TODO: check
CVE-2023-25609 (A server-side request forgery (SSRF) vulnerability[CWE-918] inFortiMan ...)
NOT-FOR-US: Fortinet
CVE-2023-25608 (An incomplete filtering of one or more instances of special elements v ...)
@@ -328671,8 +328897,8 @@ CVE-2021-26107 (An improper access control vulnerability [CWE-284] in FortiManag
NOT-FOR-US: Fortiguard
CVE-2021-26106 (An improper neutralization of special elements used in an OS Command v ...)
NOT-FOR-US: Fortiguard
-CVE-2021-26105
- RESERVED
+CVE-2021-26105 (A stack-based buffer overflow vulnerability (CWE-121) in the profile p ...)
+ TODO: check
CVE-2021-26104 (Multiple OS command injection (CWE-78) vulnerabilities in the command ...)
NOT-FOR-US: Fortiguard
CVE-2021-26103 (An insufficient verification of data authenticity vulnerability (CWE-3 ...)
@@ -328699,8 +328925,8 @@ CVE-2021-26093 (An access of uninitialized pointer (CWE-824) vulnerabilityin For
NOT-FOR-US: FortiGuard
CVE-2021-26092 (Failure to sanitize input in the SSL VPN web portal of FortiOS 5.2.10 ...)
NOT-FOR-US: FortiGuard
-CVE-2021-26091
- RESERVED
+CVE-2021-26091 (A use of a cryptographically weak pseudo-random number generator vulne ...)
+ TODO: check
CVE-2021-26090 (A missing release of memory after its effective lifetime vulnerability ...)
NOT-FOR-US: FortiMail
CVE-2021-26089 (An improper symlink following in FortiClient for Mac 6.4.3 and below m ...)
@@ -511337,7 +511563,7 @@ CVE-2018-9195 (Use of a hardcoded cryptographic key in the FortiGuard services c
NOT-FOR-US: FortiGuard
CVE-2018-9194 (A plaintext recovery of encrypted messages or a Man-in-the-middle (MiT ...)
NOT-FOR-US: Fortinet FortiOS
-CVE-2018-9193 (A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 ...)
+CVE-2018-9193 (A researcher has disclosed several vulnerabilities against FortiClient ...)
NOT-FOR-US: Fortinet FortiClient
CVE-2018-9192 (A plaintext recovery of encrypted messages or a Man-in-the-middle (MiT ...)
NOT-FOR-US: Fortinet FortiOS
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2861351c610d645d863f77862b4aa9359deea4e7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2861351c610d645d863f77862b4aa9359deea4e7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250324/d8587d38/attachment.htm>
More information about the debian-security-tracker-commits
mailing list