[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e47936b0 by security tracker role at 2025-03-27T08:12:05+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,12 +1,88 @@
+CVE-2025-31165 (Cross-Site Scripting (XSS) vulnerability in the Logbug module of Night ...)
+	TODO: check
+CVE-2025-31113
+	REJECTED
+CVE-2025-31112
+	REJECTED
+CVE-2025-31111
+	REJECTED
+CVE-2025-31110
+	REJECTED
+CVE-2025-31109
+	REJECTED
+CVE-2025-31108
+	REJECTED
+CVE-2025-31107
+	REJECTED
+CVE-2025-31106
+	REJECTED
+CVE-2025-31105
+	REJECTED
+CVE-2025-30407 (Local privilege escalation due to a binary hijacking vulnerability. Th ...)
+	TODO: check
+CVE-2025-2838 (Silicon Labs Gecko OS DNS Response Processing Infinite Loop Denial-of- ...)
+	TODO: check
+CVE-2025-2837 (Silicon Labs Gecko OS HTTP Request Handling Stack-based Buffer Overflo ...)
+	TODO: check
+CVE-2025-2835 (A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has bee ...)
+	TODO: check
+CVE-2025-2833 (A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has bee ...)
+	TODO: check
+CVE-2025-2832 (A vulnerability was found in mingyuefusu \u660e\u6708\u590d\u82cf tush ...)
+	TODO: check
+CVE-2025-2831 (A vulnerability has been found in mingyuefusu \u660e\u6708\u590d\u82cf ...)
+	TODO: check
+CVE-2025-2787 (KNIME Business Hub is affected by the Ingress-nginx CVE-2025-1974 ( a. ...)
+	TODO: check
+CVE-2025-2685 (The TablePress \u2013 Tables in WordPress made easy plugin for WordPre ...)
+	TODO: check
+CVE-2025-2496
+	REJECTED
+CVE-2025-2481 (The MediaView plugin for WordPress is vulnerable to Reflected Cross-Si ...)
+	TODO: check
+CVE-2025-2332 (The Export All Posts, Products, Orders, Refunds & Users plugin for Wor ...)
+	TODO: check
+CVE-2025-20233 (In the Splunk App for Lookup File Editing versions below 4.0.5, a scri ...)
+	TODO: check
+CVE-2025-20232 (In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8 and Splunk ...)
+	TODO: check
+CVE-2025-20231 (In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, an ...)
+	TODO: check
+CVE-2025-20230 (In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, an ...)
+	TODO: check
+CVE-2025-20229 (In Splunk Enterprise versions below 9.3.3, 9.2.5,  and 9.1.8, and Splu ...)
+	TODO: check
+CVE-2025-20228 (In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8 and Splunk ...)
+	TODO: check
+CVE-2025-20227 (In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, an ...)
+	TODO: check
+CVE-2025-20226 (In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8 and ...)
+	TODO: check
+CVE-2025-0273 (HCL DevOps Deploy / HCL Launch stores potentially sensitive authentica ...)
+	TODO: check
+CVE-2024-55965 (An issue was discovered in Appsmith before 1.51. Users invited as "App ...)
+	TODO: check
+CVE-2024-45361 (A protocol flaw vulnerability exists in the Xiaomi Mi Connect Service  ...)
+	TODO: check
+CVE-2024-45356 (A unauthorized access vulnerability exists in the Xiaomi phone framewo ...)
+	TODO: check
+CVE-2024-45355 (A unauthorized access vulnerability exists in the Xiaomi phone framewo ...)
+	TODO: check
+CVE-2024-45354 (A code execution vulnerability exists in the Xiaomi shop applicationpr ...)
+	TODO: check
+CVE-2024-45353 (An intent redriction vulnerability exists in the Xiaomi quick App fram ...)
+	TODO: check
+CVE-2024-45352 (An code execution vulnerability exists in the Xiaomi smarthome applica ...)
+	TODO: check
 CVE-2024-48944
 	NOT-FOR-US: Apache Kylin (different from Kylin desktop environment)
 CVE-2025-30067
 	NOT-FOR-US: Apache Kylin (different from Kylin desktop environment)
-CVE-2025-30355
+CVE-2025-30355 (Synapse is an open source Matrix homeserver implementation. A maliciou ...)
 	- matrix-synapse 1.121.0-6
 	NOTE: https://github.com/element-hq/synapse/security/advisories/GHSA-v56r-hwv5-mxg6
 	NOTE: https://github.com/element-hq/synapse/commit/2277df2a1eb685f85040ef98fa21d41aa4cdd389 (v1.127.1)
-CVE-2025-31160
+CVE-2025-31160 (atop through 2.11.0 allows local users to cause a denial of service (e ...)
 	- atop <unfixed>
 	NOTE: https://rachelbythebay.com/w/2025/03/26/atop/
 	NOTE: https://www.openwall.com/lists/oss-security/2025/03/26/2
@@ -530,7 +606,8 @@ CVE-2025-2722 (A vulnerability was found in GNOME libgsf up to 1.14.53. It has b
 CVE-2025-2721 (A vulnerability was found in GNOME libgsf up to 1.14.53. It has been c ...)
 	- libgsf <undetermined>
 	NOTE: https://vuldb.com/?submit.520181
-CVE-2025-2720 (A vulnerability was found in GNOME libgsf up to 1.14.53 and classified ...)
+CVE-2025-2720
+	REJECTED
 	- libgsf <undetermined>
 	NOTE: https://gitlab.gnome.org/GNOME/libgsf/-/issues/38
 CVE-2025-2717 (A vulnerability, which was classified as critical, has been found in D ...)
@@ -60444,7 +60521,7 @@ CVE-2024-4555 (Improper Privilege Management vulnerability in OpenText NetIQ Acc
 	NOT-FOR-US: (OpenText) NetIQ Access Manager
 CVE-2024-4554 (Improper Input Validation vulnerability in OpenText NetIQ Access Manag ...)
 	NOT-FOR-US: (OpenText) NetIQ Access Manager
-CVE-2024-45346 (A code execution vulnerability exists in the XiaomiGetApps application ...)
+CVE-2024-45346 (The Xiaomi Security Center expresses heartfelt thanks to Ken Gannon an ...)
 	NOT-FOR-US: XiaomiGetApps application
 CVE-2024-45049 (Hydra is a Continuous Integration service for Nix based projects. It i ...)
 	NOT-FOR-US: Hydra



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e47936b00e3236d2b4c0dd60d51da562fd9fe0ff

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e47936b00e3236d2b4c0dd60d51da562fd9fe0ff
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250327/03ff2be2/attachment-0001.htm>