[Git][security-tracker-team/security-tracker][master] automatic update

Wed Mar 26 08:12:46 GMT 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
eb0e06b0 by security tracker role at 2025-03-26T08:12:38+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,51 @@
+CVE-2025-30742 (httpd.c in atophttpd 2.8.0 has an off-by-one error and resultant out-o ...)
+	TODO: check
+CVE-2025-30741 (Pixelfed before 0.12.5 allows anyone to follow private accounts and se ...)
+	TODO: check
+CVE-2025-30222 (Shescape is a simple shell escape library for JavaScript. Versions 1.7 ...)
+	TODO: check
+CVE-2025-30219 (RabbitMQ is a messaging and streaming broker. Versions prior to 4.0.3  ...)
+	TODO: check
+CVE-2025-2576 (The Ayyash Studio \u2014 The kick-start kit plugin for WordPress is vu ...)
+	TODO: check
+CVE-2025-2573 (The Amazing service box Addons For WPBakery Page Builder (formerly Vis ...)
+	TODO: check
+CVE-2025-2302 (The Advanced Woo Search plugin for WordPress is vulnerable to Stored C ...)
+	TODO: check
+CVE-2025-2276 (The Ultimate Dashboard \u2013 Custom WordPress Dashboard plugin for Wo ...)
+	TODO: check
+CVE-2025-2165 (The SH Email Alert plugin for WordPress is vulnerable to Reflected Cro ...)
+	TODO: check
+CVE-2025-29789 (OpenEMR is a free and open source electronic health records and medica ...)
+	TODO: check
+CVE-2025-25374 (In NASA cFS (Core Flight System) Aquila, it is possible to put the onb ...)
+	TODO: check
+CVE-2025-25373 (The Memory Management Module of NASA cFS (Core Flight System) Aquila h ...)
+	TODO: check
+CVE-2025-25372 (NASA cFS (Core Flight System) Aquila is vulnerable to segmentation fau ...)
+	TODO: check
+CVE-2025-25371 (NASA cFS (Core Flight System) Aquila is vulnerable to path traversal i ...)
+	TODO: check
+CVE-2025-1784 (The Spectra \u2013 WordPress Gutenberg Blocks plugin for WordPress is  ...)
+	TODO: check
+CVE-2025-1490 (The Smart Maintenance Mode plugin for WordPress is vulnerable to Refle ...)
+	TODO: check
+CVE-2024-55030 (A command injection vulnerability in the Command Dispatcher Service of ...)
+	TODO: check
+CVE-2024-55029 (NASA Fprime v3.4.3 was discovered to contain multiple cross-site scrip ...)
+	TODO: check
+CVE-2024-55028 (A template injection vulnerability in the Dashboard of NASA Fprime v3. ...)
+	TODO: check
+CVE-2024-30155 (HCL SX does not set the secure attribute on authorization tokens or se ...)
+	TODO: check
+CVE-2024-13146 (The Booknetic WordPress plugin before 4.1.5 does not have CSRF check w ...)
+	TODO: check
+CVE-2024-12683 (The Smart Maintenance Mode WordPress plugin before 1.5.2 does not sani ...)
+	TODO: check
+CVE-2024-11847 (The wp-svg-upload WordPress plugin through 1.0.0 does not sanitize SVG ...)
+	TODO: check
+CVE-2023-52972 (Huawei PCs have a vulnerability that allows low-privilege users to byp ...)
+	TODO: check
 CVE-2025-2783
 	- chromium <not-affected> (Only affects Chromium on Windows)
 CVE-2025-30567 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
@@ -4035,7 +4083,7 @@ CVE-2024-12009 (A post-authentication command injection vulnerability in the "Zy
 	NOT-FOR-US: Zyxel
 CVE-2024-11253 (A post-authentication command injection vulnerability in the "DNSServe ...)
 	NOT-FOR-US: Zyxel
-CVE-2025-1828 (Crypt::Random Perl package 1.05 through 1.55 may use rand() function,  ...)
+CVE-2025-1828 (Crypt::Random Perl package 1.05 through 1.55 may use rand() function,w ...)
 	NOT-FOR-US: Crypt-Random Perl module
 	NOTE: https://github.com/perl-Crypt-OpenPGP/Crypt-Random/pull/1
 	NOTE: Fixed by: https://github.com/perl-Crypt-OpenPGP/Crypt-Random/commit/1f8b29e9e89d8d083fd025152e76ec918136cc05 (1.55)
@@ -29029,7 +29077,7 @@ CVE-2024-4981 [pagure: _update_file_in_git() follows symbolic links in temporary
 	- pagure 5.14.1+dfsg-1 (bug #1091383)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2280723
 	NOTE: Fixed by: https://pagure.io/pagure/c/454f2677bc50d7176f07da9784882eb2176537f4 (5.14.1)
-CVE-2024-47516 [Argument Injection in PagureRepo.log()]
+CVE-2024-47516 (A vulnerability was found in Pagure. An argument injection in Git duri ...)
 	- pagure 5.14.1+dfsg-1 (bug #1091383)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2315805
 	NOTE: Fixed by: https://pagure.io/pagure/c/1db796dd0fa85c5f30f1e7123638e237f73bc92d (5.14.1)
@@ -44598,35 +44646,35 @@ CVE-2024-10108 (The WPAdverts \u2013 Classifieds Plugin plugin for WordPress is
 	NOT-FOR-US: WordPress plugin
 CVE-2023-5816 (The Code Explorer plugin for WordPress is vulnerable to arbitrary exte ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2025-27834
+CVE-2025-27834 (An issue was discovered in Artifex Ghostscript before 10.05.0. A buffe ...)
 	- ghostscript 10.05.0~dfsg-1
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=708253
 	NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=ef42ff180a04926e187d40faea40d4a43e304e3b (ghostpdl-10.05.0)
-CVE-2025-27837
+CVE-2025-27837 (An issue was discovered in Artifex Ghostscript before 10.05.0. Access  ...)
 	- ghostscript <not-affected> (Only impacts codepaths relevant for Windows builds)
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=708238
 	NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=dbb9f2b11f820697e77863523a8d835ab040e5d1 (ghostpdl-10.05.0)
-CVE-2025-27833
+CVE-2025-27833 (An issue was discovered in Artifex Ghostscript before 10.05.0. A buffe ...)
 	- ghostscript 10.05.0~dfsg-1
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=708259
 	NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=a82738e387bbb44c7c4698404776dca53f62b158 (ghostpdl-10.05.0)
-CVE-2025-27830
+CVE-2025-27830 (An issue was discovered in Artifex Ghostscript before 10.05.0. A buffe ...)
 	- ghostscript 10.05.0~dfsg-1
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=708241
 	NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=8474e1d6b896e35741d3c608ea5c21deeec1078f (ghostpdl-10.05.0)
-CVE-2025-27836
+CVE-2025-27836 (An issue was discovered in Artifex Ghostscript before 10.05.0. The BJ1 ...)
 	- ghostscript 10.05.0~dfsg-1
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=708192
 	NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=8b6d19b2b4079da6863ef25f2370f25d4b054919 (ghostpdl-10.05.0)
-CVE-2025-27831
+CVE-2025-27831 (An issue was discovered in Artifex Ghostscript before 10.05.0. The DOC ...)
 	- ghostscript 10.05.0~dfsg-1
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=708132
 	NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=d6e713dda4f8d75c6a4ed8c7568a0d4f532dcb17 (ghostpdl-10.05.0)
-CVE-2025-27832
+CVE-2025-27832 (An issue was discovered in Artifex Ghostscript before 10.05.0. The NPD ...)
 	- ghostscript 10.05.0~dfsg-1
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=708133
 	NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=57291c846334f1585552010faa42d7cb2cbd5c41 (ghostpdl-10.05.0)
-CVE-2025-27835
+CVE-2025-27835 (An issue was discovered in Artifex Ghostscript before 10.05.0. A buffe ...)
 	- ghostscript 10.05.0~dfsg-1
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=708131
 	NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=de900010a6f2310d1fd54e99eeba466693da0e13 (ghostpdl-10.05.0)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eb0e06b0a9367ab7c3b79672ce71e7f0cd228a36

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eb0e06b0a9367ab7c3b79672ce71e7f0cd228a36
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250326/9ef2a774/attachment-0001.htm>
