[Git][security-tracker-team/security-tracker][master] automatic update

Tue Mar 25 08:13:09 GMT 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
af55caad by security tracker role at 2025-03-25T08:13:01+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,12 +1,190 @@
-CVE-2025-1974
+CVE-2025-2752 (A vulnerability was found in Open Asset Import Library Assimp 5.4.3 an ...)
+	TODO: check
+CVE-2025-2751 (A vulnerability has been found in Open Asset Import Library Assimp 5.4 ...)
+	TODO: check
+CVE-2025-2750 (A vulnerability, which was classified as critical, was found in Open A ...)
+	TODO: check
+CVE-2025-2744 (A vulnerability, which was classified as critical, was found in zhijia ...)
+	TODO: check
+CVE-2025-2743 (A vulnerability, which was classified as problematic, has been found i ...)
+	TODO: check
+CVE-2025-2742 (A vulnerability classified as critical was found in zhijiantianya ruoy ...)
+	TODO: check
+CVE-2025-2740 (A vulnerability classified as critical has been found in PHPGurukul Ol ...)
+	TODO: check
+CVE-2025-2739 (A vulnerability was found in PHPGurukul Old Age Home Management System ...)
+	TODO: check
+CVE-2025-2738 (A vulnerability was found in PHPGurukul Old Age Home Management System ...)
+	TODO: check
+CVE-2025-2737 (A vulnerability was found in PHPGurukul Old Age Home Management System ...)
+	TODO: check
+CVE-2025-2736 (A vulnerability was found in PHPGurukul Old Age Home Management System ...)
+	TODO: check
+CVE-2025-2735 (A vulnerability has been found in PHPGurukul Old Age Home Management S ...)
+	TODO: check
+CVE-2025-2734 (A vulnerability, which was classified as critical, was found in PHPGur ...)
+	TODO: check
+CVE-2025-2733 (A vulnerability classified as critical has been found in mannaandpoem  ...)
+	TODO: check
+CVE-2025-2732 (A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX4 ...)
+	TODO: check
+CVE-2025-2731 (A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX4 ...)
+	TODO: check
+CVE-2025-2730 (A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX4 ...)
+	TODO: check
+CVE-2025-2729 (A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX4 ...)
+	TODO: check
+CVE-2025-2728 (A vulnerability has been found in H3C Magic NX30 Pro and Magic NX400 u ...)
+	TODO: check
+CVE-2025-2727 (A vulnerability, which was classified as critical, was found in H3C Ma ...)
+	TODO: check
+CVE-2025-2726 (A vulnerability, which was classified as critical, has been found in H ...)
+	TODO: check
+CVE-2025-2725 (A vulnerability classified as critical was found in H3C Magic NX15, Ma ...)
+	TODO: check
+CVE-2025-2724 (A vulnerability classified as problematic has been found in GNOME libg ...)
+	TODO: check
+CVE-2025-2723 (A vulnerability was found in GNOME libgsf up to 1.14.53. It has been r ...)
+	TODO: check
+CVE-2025-2722 (A vulnerability was found in GNOME libgsf up to 1.14.53. It has been d ...)
+	TODO: check
+CVE-2025-2721 (A vulnerability was found in GNOME libgsf up to 1.14.53. It has been c ...)
+	TODO: check
+CVE-2025-2720 (A vulnerability was found in GNOME libgsf up to 1.14.53 and classified ...)
+	TODO: check
+CVE-2025-2717 (A vulnerability, which was classified as critical, has been found in D ...)
+	TODO: check
+CVE-2025-2716 (A vulnerability classified as problematic was found in China Mobile P2 ...)
+	TODO: check
+CVE-2025-2715 (A vulnerability classified as problematic has been found in timschofie ...)
+	TODO: check
+CVE-2025-2714 (A vulnerability was found in JoomlaUX JUX Real Estate 3.4.0. It has be ...)
+	TODO: check
+CVE-2025-2712 (A vulnerability was found in Yonyou UFIDA ERP-NC 5.0. It has been decl ...)
+	TODO: check
+CVE-2025-2711 (A vulnerability was found in Yonyou UFIDA ERP-NC 5.0. It has been clas ...)
+	TODO: check
+CVE-2025-2710 (A vulnerability was found in Yonyou UFIDA ERP-NC 5.0 and classified as ...)
+	TODO: check
+CVE-2025-2252 (The Easy Digital Downloads \u2013 eCommerce Payments and Subscriptions ...)
+	TODO: check
+CVE-2025-2224 (The Directorist: AI-Powered Business Directory Plugin with Classified  ...)
+	TODO: check
+CVE-2025-29315 (An issue in the Shiro-based RBAC (Role-based Access Control) mechanism ...)
+	TODO: check
+CVE-2025-29314 (Insecure Shiro cookie configurations in OpenDaylight Service Function  ...)
+	TODO: check
+CVE-2025-29313 (Use of incorrectly resolved name or reference in OpenDaylight Service  ...)
+	TODO: check
+CVE-2025-29312 (An issue in onos v2.7.0 allows attackers to trigger unexpected behavio ...)
+	TODO: check
+CVE-2025-29311 (Limited secret space in LLDP packets used in onos v2.7.0 allows attack ...)
+	TODO: check
+CVE-2025-29310 (An issue in onos v2.7.0 allows attackers to trigger a packet deseriali ...)
+	TODO: check
+CVE-2025-29135 (A stack-based buffer overflow vulnerability in Tenda AC7 V15.03.06.44  ...)
+	TODO: check
+CVE-2025-29100 (Tenda AC8 V16.03.34.06 is vulnerable to Buffer Overflow in the fromSet ...)
+	TODO: check
+CVE-2025-27810 (Mbed TLS before 2.28.10 and 3.x before 3.6.3, in some cases of failed  ...)
+	TODO: check
+CVE-2025-27809 (Mbed TLS before 2.28.10 and 3.x before 3.6.3, on the client side, acce ...)
+	TODO: check
+CVE-2025-26512 (SnapCenter versions prior to  6.0.1P1 and 6.1P1 are susceptible to a v ...)
+	TODO: check
+CVE-2025-1798 (The  does not sanitise and escape some parameters when outputting them ...)
+	TODO: check
+CVE-2025-1452 (The Favorites WordPress plugin before 2.3.5 does not sanitise and esca ...)
+	TODO: check
+CVE-2025-1320 (The teachPress plugin for WordPress is vulnerable to Cross-Site Reques ...)
+	TODO: check
+CVE-2025-0845 (The DesignThemes Core Features plugin for WordPress is vulnerable to S ...)
+	TODO: check
+CVE-2025-0717 (To exploit the vulnerability, it is necessary:)
+	TODO: check
+CVE-2024-9770 (The WP-Recall  WordPress plugin before 16.26.12 does not sanitize and  ...)
+	TODO: check
+CVE-2024-8315 (An Improper Handling of Insufficient Permissions or Privileges vulnera ...)
+	TODO: check
+CVE-2024-8314 (An Incorrect Implementation of Authentication Algorithm and Exposure o ...)
+	TODO: check
+CVE-2024-8313 (An Exposure of Sensitive System Information to an Unauthorized Control ...)
+	TODO: check
+CVE-2024-45484 (An Allocation of Resources Without Limits or Throttling vulnerability  ...)
+	TODO: check
+CVE-2024-45483 (A Missing Authentication for Critical Function vulnerability in the GR ...)
+	TODO: check
+CVE-2024-45482 (An Inclusion of Functionality from Untrusted Control Sphere vulnerabil ...)
+	TODO: check
+CVE-2024-45481 (An Incomplete Filtering of Special Elements vulnerability in scripts u ...)
+	TODO: check
+CVE-2024-45480 (An improper control of generation of code ('Code Injection') vulnerabi ...)
+	TODO: check
+CVE-2024-44903 (SQL Injection can occur in the SirsiDynix Horizon Information Portal ( ...)
+	TODO: check
+CVE-2024-13863 (The Stylish Google Sheet Reader 4.0  WordPress plugin before 4.1 does  ...)
+	TODO: check
+CVE-2024-13618 (The aoa-downloadable WordPress plugin through 0.1.0 lacks authorizatio ...)
+	TODO: check
+CVE-2024-13617 (The aoa-downloadable WordPress plugin through 0.1.0 doesn't validate a ...)
+	TODO: check
+CVE-2024-13123 (The AFI  WordPress plugin before 1.100.0 does not sanitise and escape  ...)
+	TODO: check
+CVE-2024-13122 (The AFI  WordPress plugin before 1.100.0 does not sanitise and escape  ...)
+	TODO: check
+CVE-2024-13118 (The IP Based Login WordPress plugin before 2.4.1 does not have CSRF ch ...)
+	TODO: check
+CVE-2024-12769 (The Simple Banner  WordPress plugin before 3.0.4 does not sanitise and ...)
+	TODO: check
+CVE-2024-12682 (The Smart Maintenance Mode WordPress plugin before 1.5.2 does not sani ...)
+	TODO: check
+CVE-2024-12623 (The DICOM Support plugin for WordPress is vulnerable to Stored Cross-S ...)
+	TODO: check
+CVE-2024-12109 (The Product Labels For Woocommerce (Sale Badges) WordPress plugin befo ...)
+	TODO: check
+CVE-2024-11503 (The WP Tabs  WordPress plugin before 2.2.7 does not sanitise and escap ...)
+	TODO: check
+CVE-2024-11273 (The Contact Form & SMTP Plugin for WordPress by PirateForms WordPress  ...)
+	TODO: check
+CVE-2024-11272 (The Contact Form & SMTP Plugin for WordPress by PirateForms WordPress  ...)
+	TODO: check
+CVE-2024-10703 (The Registrations for the Events Calendar  WordPress plugin before 2.1 ...)
+	TODO: check
+CVE-2024-10679 (The Quiz and Survey Master (QSM)  WordPress plugin before 9.2.1 does n ...)
+	TODO: check
+CVE-2024-10638 (The Product Labels For Woocommerce (Sale Badges) WordPress plugin befo ...)
+	TODO: check
+CVE-2024-10566 (The Slider by 10Web  WordPress plugin before 1.2.62 does not sanitise  ...)
+	TODO: check
+CVE-2024-10565 (The Slider by 10Web  WordPress plugin before 1.2.62 does not sanitise  ...)
+	TODO: check
+CVE-2024-10560 (The Form Maker by 10Web  WordPress plugin before 1.15.30 does not sani ...)
+	TODO: check
+CVE-2024-10554 (The WordPress WP-Advanced-Search WordPress plugin before 3.3.9.3 does  ...)
+	TODO: check
+CVE-2024-10472 (The Stylish Price List  WordPress plugin before 7.1.12 does not saniti ...)
+	TODO: check
+CVE-2024-10210 (An External Control of File Name or Path vulnerability in the APROL We ...)
+	TODO: check
+CVE-2024-10209 (An Incorrect Permission Assignment for Critical Resource vulnerability ...)
+	TODO: check
+CVE-2024-10208 (An Improper Neutralization of Input During Web Page Generation vulnera ...)
+	TODO: check
+CVE-2024-10207 (A Server-Side Request Forgery vulnerability in the APROL Web Portal us ...)
+	TODO: check
+CVE-2024-10206 (A Server-Side Request Forgery vulnerability in the APROL Web Portal us ...)
+	TODO: check
+CVE-2024-10105 (The Job Postings WordPress plugin before 2.7.11 does not sanitise and  ...)
+	TODO: check
+CVE-2025-1974 (A security issue was discovered in Kubernetes where under certain cond ...)
 	NOT-FOR-US: Kubernetes ingress-nginx
-CVE-2025-1098
+CVE-2025-1098 (A security issue was discovered in  ingress-nginx https://github.com/k ...)
 	NOT-FOR-US: Kubernetes ingress-nginx
-CVE-2025-1097
+CVE-2025-1097 (A security issue was discovered in  ingress-nginx https://github.com/k ...)
 	NOT-FOR-US: Kubernetes ingress-nginx
-CVE-2025-24514
+CVE-2025-24514 (A security issue was discovered in  ingress-nginx https://github.com/k ...)
 	NOT-FOR-US: Kubernetes ingress-nginx
-CVE-2025-24513
+CVE-2025-24513 (A security issue was discovered in  ingress-nginx https://github.com/k ...)
 	NOT-FOR-US: Kubernetes ingress-nginx
 CVE-2024-53679
 	NOT-FOR-US: Apache VCL
@@ -3632,6 +3810,7 @@ CVE-2025-27911 (An issue was discovered in Datalust Seq before 2024.3.13545. Exp
 CVE-2025-27910 (tianti v2.3 was discovered to contain a Cross-Site Request Forgery (CS ...)
 	NOT-FOR-US: tianti
 CVE-2025-27610 (Rack provides an interface for developing web applications in Ruby. Pr ...)
+	{DLA-4090-1}
 	- ruby-rack 3.1.12-1 (bug #1100444)
 	NOTE: https://github.com/rack/rack/security/advisories/GHSA-7wqh-767x-r66v
 	NOTE: Fixed by: https://github.com/rack/rack/commit/50caab74fa01ee8f5dbdee7bb2782126d20c6583 (main)
@@ -5095,6 +5274,7 @@ CVE-2025-27155 (Pinecone is an experimental overlay routing protocol suite which
 CVE-2025-27150 (Tuleap is an Open Source Suite to improve management of software devel ...)
 	NOT-FOR-US: Tuleap
 CVE-2025-27111 (Rack is a modular Ruby web server interface. The Rack::Sendfile middle ...)
+	{DLA-4090-1}
 	- ruby-rack 3.1.12-1 (bug #1099546)
 	NOTE: https://github.com/rack/rack/security/advisories/GHSA-8cgq-6mh2-7j6v
 	NOTE: Fixed by: https://github.com/rack/rack/commit/b13bc6bfc7506aca3478dc5ac1c2ec6fc53f82a3 (v2.2.12)
@@ -13405,6 +13585,7 @@ CVE-2025-25199 (go-crypto-winnative Go crypto backend for Windows using Cryptogr
 CVE-2025-25198 (mailcow: dockerized is an open source groupware/email suite based on d ...)
 	NOT-FOR-US: mailcow
 CVE-2025-25184 (Rack provides an interface for developing web applications in Ruby. Pr ...)
+	{DLA-4090-1}
 	- ruby-rack 3.1.12-1 (bug #1098257)
 	NOTE: https://github.com/rack/rack/security/advisories/GHSA-7g2v-jj9q-g3rg
 	NOTE: https://github.com/rack/rack/commit/074ae244430cda05c27ca91cda699709cfb3ad8e (main)
@@ -15833,9 +16014,9 @@ CVE-2025-20888 (Out-of-bounds write in handling the block size for smp4vtd in li
 	NOT-FOR-US: Samsung
 CVE-2025-20887 (Out-of-bounds read in accessing table used for svp8t in libsthmbc.so p ...)
 	NOT-FOR-US: Samsung
-CVE-2025-20886 (Inclusion of sensitive information in test code in softsim TA prior to ...)
+CVE-2025-20886 (Inclusion of sensitive information in test code in softsim trustlet pr ...)
 	NOT-FOR-US: Samsung
-CVE-2025-20885 (Out-of-bounds write in softsim TA prior to SMR Jan-2025 Release 1 allo ...)
+CVE-2025-20885 (Out-of-bounds write in softsim trustlet prior to SMR Jan-2025 Release  ...)
 	NOT-FOR-US: Samsung
 CVE-2025-20884 (Improper access control in Samsung Message prior to SMR Jan-2025 Relea ...)
 	NOT-FOR-US: Samsung



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af55caad42a1f55af02a878087b1a5c52d171f10

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af55caad42a1f55af02a878087b1a5c52d171f10
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250325/e428bede/attachment-0001.htm>
