[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Mar 28 08:12:07 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
aaadf205 by security tracker role at 2025-03-28T08:12:00+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,89 @@
+CVE-2025-31101 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-31092 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-31031 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-2894 (The Go1also known as "The World's First Intelligence Bionic Quadruped ...)
+ TODO: check
+CVE-2025-2888 (During a snapshot rollback, the client incorrectly caches the timestam ...)
+ TODO: check
+CVE-2025-2887 (During a target rollback, the client fails to detect the rollback for ...)
+ TODO: check
+CVE-2025-2886 (Missing validation of terminating delegation causes the client to cont ...)
+ TODO: check
+CVE-2025-2885 (Missing validation of the root metatdata version number could allow an ...)
+ TODO: check
+CVE-2025-2878 (A vulnerability was found in Kentico CMS up to 13.0.178. It has been d ...)
+ TODO: check
+CVE-2025-2804 (The tagDiv Composer plugin for WordPress, used by the Newspaper theme, ...)
+ TODO: check
+CVE-2025-2578 (The Booking for Appointments and Events Calendar – Amelia plugin ...)
+ TODO: check
+CVE-2025-2485 (The Drag and Drop Multiple File Upload for Contact Form 7 plugin for W ...)
+ TODO: check
+CVE-2025-2328 (The Drag and Drop Multiple File Upload for Contact Form 7 plugin for W ...)
+ TODO: check
+CVE-2025-2294 (The Kubio AI Page Builder plugin for WordPress is vulnerable to Local ...)
+ TODO: check
+CVE-2025-2074 (The Advanced Google reCAPTCHA plugin for WordPress is vulnerable to ge ...)
+ TODO: check
+CVE-2025-2027 (A double free vulnerability has been identified in the ASUS System Ana ...)
+ TODO: check
+CVE-2025-28253 (Cross-Site Scripting (XSS) vulnerability in MainWP MainWP Dashboard v5 ...)
+ TODO: check
+CVE-2025-26956 (Missing Authorization vulnerability in Shinetheme Traveler.This issue ...)
+ TODO: check
+CVE-2025-26898 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-26890 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-26874 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-26873 (Deserialization of Untrusted Data vulnerability in Shinetheme Traveler ...)
+ TODO: check
+CVE-2025-26733 (Missing Authorization vulnerability in Shinetheme Traveler.This issue ...)
+ TODO: check
+CVE-2025-24386 (Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutraliz ...)
+ TODO: check
+CVE-2025-24385 (Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutraliz ...)
+ TODO: check
+CVE-2025-24383 (Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutraliz ...)
+ TODO: check
+CVE-2025-24382 (Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutraliz ...)
+ TODO: check
+CVE-2025-24381 (Dell Unity, version(s) 5.4 and prior, contain(s) an URL Redirection to ...)
+ TODO: check
+CVE-2025-24380 (Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutraliz ...)
+ TODO: check
+CVE-2025-24379 (Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutraliz ...)
+ TODO: check
+CVE-2025-24378 (Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutraliz ...)
+ TODO: check
+CVE-2025-24377 (Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutraliz ...)
+ TODO: check
+CVE-2025-23383 (Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutraliz ...)
+ TODO: check
+CVE-2025-22740 (Missing Authorization vulnerability in Automattic Sensei LMS allows Ex ...)
+ TODO: check
+CVE-2025-22739 (Missing Authorization vulnerability in ThimPress LearnPress allows Exp ...)
+ TODO: check
+CVE-2025-22398 (Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutraliz ...)
+ TODO: check
+CVE-2025-1860 (Data::Entropy for Perl 0.007 and earlier use the rand() function as th ...)
+ TODO: check
+CVE-2025-1762 (The Event Tickets with Ticket Scanner WordPress plugin before 2.5.4 do ...)
+ TODO: check
+CVE-2024-49601 (Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutraliz ...)
+ TODO: check
+CVE-2024-49565 (Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutraliz ...)
+ TODO: check
+CVE-2024-49564 (Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutraliz ...)
+ TODO: check
+CVE-2024-49563 (Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutraliz ...)
+ TODO: check
+CVE-2024-13939 (String::Compare::ConstantTime for Perl through 0.321 is vulnerable to ...)
+ TODO: check
CVE-2024-56325
NOT-FOR-US: Apache Pinot
CVE-2025-31181 (A flaw was found in gnuplot. The X11_graphics() function may lead to a ...)
@@ -486,7 +572,8 @@ CVE-2023-53028 (In the Linux kernel, the following vulnerability has been resolv
- linux 6.1.8-1
[bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/80f8a66dede0a4b4e9e846765a97809c6fe49ce5 (6.2-rc5)
-CVE-2023-53027 (In the Linux kernel, the following vulnerability has been resolved: e ...)
+CVE-2023-53027
+ REJECTED
- linux 6.1.11-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/12724ba38992bd045e92a9a88a868a530f89d13e (6.2-rc5)
@@ -1351,7 +1438,7 @@ CVE-2025-0811 (An issue has been discovered in GitLab CE/EE affecting all versio
- gitlab <unfixed>
CVE-2025-2255 (An issue has been discovered in Gitlab EE/CE for AppSec affecting all ...)
- gitlab <unfixed>
-CVE-2025-30232
+CVE-2025-30232 (A use-after-free in Exim 4.96 through 4.98.1 could allow users (with c ...)
{DSA-5887-1}
- exim4 4.98.1-2
[bullseye] - exim4 <not-affected> (Vulnerable code not present)
@@ -4146,7 +4233,8 @@ CVE-2023-33300 (A improper neutralization of special elements used in a command
CVE-2023-52927 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.6.8-1
NOTE: https://git.kernel.org/linus/4914109a8e1e494c6aa9852f9e84ec77a5fc643f (6.6-rc1)
-CVE-2025-31335 [Parameter manipulation allows the forging of signed SAML messages]
+CVE-2025-31335 (The OpenSAML C++ library before 3.3.1 allows forging of signed SAML me ...)
+ {DSA-5879-1 DLA-4093-1}
- opensaml 3.3.1-1 (bug #1100464)
NOTE: https://shibboleth.net/community/advisories/secadv_20250313.txt
NOTE: https://git.shibboleth.net/view/?p=cpp-opensaml.git;a=commit;h=22a610b322e2178abd03e97cdbc8fb50b45efaee (3.3.1)
@@ -19347,7 +19435,7 @@ CVE-2025-24665 (Improper Neutralization of Special Elements used in an SQL Comma
NOT-FOR-US: WordPress plugin
CVE-2025-24664 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: WordPress plugin
-CVE-2025-24662 (Missing Authorization vulnerability in NotFound LearnDash LMS allows E ...)
+CVE-2025-24662 (Missing Authorization vulnerability in LearnDash LearnDash LMS allows ...)
NOT-FOR-US: WordPress plugin
CVE-2025-24653 (Missing Authorization vulnerability in NotFound Admin and Site Enhance ...)
NOT-FOR-US: WordPress plugin
@@ -23074,7 +23162,8 @@ CVE-2024-57895 (In the Linux kernel, the following vulnerability has been resolv
- linux 6.12.9-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/21e46a79bbe6c4e1aa73b3ed998130f2ff07b128 (6.13-rc3)
-CVE-2024-57894 (In the Linux kernel, the following vulnerability has been resolved: B ...)
+CVE-2024-57894
+ REJECTED
{DLA-4076-1}
- linux 6.12.9-1
[bookworm] - linux 6.1.124-1
@@ -202251,7 +202340,7 @@ CVE-2022-4065 (A vulnerability was found in cbeust testng 7.5.0/7.6.0/7.6.1/7.7.
- testng <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/cbeust/testng/pull/2806
NOTE: https://github.com/cbeust/testng/commit/47afa2c8a29e2cf925238af1ad7c76fba282793f
-CVE-2022-4064 (A vulnerability was found in Dalli. It has been classified as problema ...)
+CVE-2022-4064 (A vulnerability was found in Dalli up to 3.2.2. It has been classified ...)
- ruby-dalli <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/petergoldstein/dalli/issues/932
NOTE: https://github.com/petergoldstein/dalli/pull/933
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aaadf2052f1449957a67f82d10dfe534a19a8a76
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aaadf2052f1449957a67f82d10dfe534a19a8a76
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250328/cce2b557/attachment.htm>
More information about the debian-security-tracker-commits
mailing list