[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Mar 28 20:12:58 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f3d110a3 by security tracker role at 2025-03-28T20:12:51+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,231 @@
+CVE-2025-31474 (Cross-Site Request Forgery (CSRF) vulnerability in matthewprice1178 WP ...)
+	TODO: check
+CVE-2025-31473 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-31472 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-31471 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-31470 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-31469 (Missing Authorization vulnerability in webrangers Clear Sucuri Cache a ...)
+	TODO: check
+CVE-2025-31466 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2025-31465 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...)
+	TODO: check
+CVE-2025-31464 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-31463 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-31460 (Cross-Site Request Forgery (CSRF) vulnerability in danielmuldernl Omni ...)
+	TODO: check
+CVE-2025-31459 (Cross-Site Request Forgery (CSRF) vulnerability in PasqualePuzio Login ...)
+	TODO: check
+CVE-2025-31458 (Cross-Site Request Forgery (CSRF) vulnerability in forsgren Video Embe ...)
+	TODO: check
+CVE-2025-31457 (Cross-Site Request Forgery (CSRF) vulnerability in Aur\xe9lien LWS LWS ...)
+	TODO: check
+CVE-2025-31456 (Cross-Site Request Forgery (CSRF) vulnerability in bsndev Ultimate Sec ...)
+	TODO: check
+CVE-2025-31453 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-31452 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-31451 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-31450 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-31449 (Cross-Site Request Forgery (CSRF) vulnerability in EricH The Visitor C ...)
+	TODO: check
+CVE-2025-31448 (Cross-Site Request Forgery (CSRF) vulnerability in misteraon Simple Tr ...)
+	TODO: check
+CVE-2025-31447 (Cross-Site Request Forgery (CSRF) vulnerability in nertworks NertWorks ...)
+	TODO: check
+CVE-2025-31444 (Cross-Site Request Forgery (CSRF) vulnerability in youtag ShowTime Sli ...)
+	TODO: check
+CVE-2025-31443 (Cross-Site Request Forgery (CSRF) vulnerability in Krzysztof Furtak KK ...)
+	TODO: check
+CVE-2025-31440 (Cross-Site Request Forgery (CSRF) vulnerability in Strategy11 Team Ter ...)
+	TODO: check
+CVE-2025-31439 (Cross-Site Request Forgery (CSRF) vulnerability in tobias_.MerZ Browse ...)
+	TODO: check
+CVE-2025-31438 (Cross-Site Request Forgery (CSRF) vulnerability in Benoit De Boeck WP  ...)
+	TODO: check
+CVE-2025-31437 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-31435 (Cross-Site Request Forgery (CSRF) vulnerability in Efficient Scripts M ...)
+	TODO: check
+CVE-2025-31434 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-31433 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-31432 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+	TODO: check
+CVE-2025-31164 (heap-buffer overflow in fig2dev in version 3.2.9aallows an attacker to ...)
+	TODO: check
+CVE-2025-31163 (Segmentation fault in fig2dev in version 3.2.9aallows an attacker to a ...)
+	TODO: check
+CVE-2025-31162 (Floating point exception in fig2dev in version 3.2.9aallows an attacke ...)
+	TODO: check
+CVE-2025-31102 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-31099 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2025-31096 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-31094 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-31093 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-31090 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-31088 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-31083 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-31079 (Cross-Site Request Forgery (CSRF) vulnerability in usermaven Usermaven ...)
+	TODO: check
+CVE-2025-31077 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-31076 (Server-Side Request Forgery (SSRF) vulnerability in WP Compress WP Com ...)
+	TODO: check
+CVE-2025-31075 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...)
+	TODO: check
+CVE-2025-31073 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-31010 (Cross-Site Request Forgery (CSRF) vulnerability in ReichertBrothers Si ...)
+	TODO: check
+CVE-2025-30372 (Emlog is an open source website building system. Emlog Pro versions pr ...)
+	TODO: check
+CVE-2025-30371 (Metabase is a business intelligence and embedded analytics tool. Versi ...)
+	TODO: check
+CVE-2025-30211 (Erlang/OTP is a set of libraries for the Erlang programming language.  ...)
+	TODO: check
+CVE-2025-2926 (A vulnerability was found in HDF5 up to 1.14.6 and classified as probl ...)
+	TODO: check
+CVE-2025-2925 (A vulnerability has been found in HDF5 up to 1.14.6 and classified as  ...)
+	TODO: check
+CVE-2025-2924 (A vulnerability, which was classified as problematic, was found in HDF ...)
+	TODO: check
+CVE-2025-2923 (A vulnerability, which was classified as problematic, has been found i ...)
+	TODO: check
+CVE-2025-2922 (A vulnerability classified as problematic was found in Netis WF-2404 1 ...)
+	TODO: check
+CVE-2025-2921 (A vulnerability classified as critical has been found in Netis WF-2404 ...)
+	TODO: check
+CVE-2025-2920 (A vulnerability was found in Netis WF-2404 1.1.124EN. It has been rate ...)
+	TODO: check
+CVE-2025-2919 (A vulnerability was found in Netis WF-2404 1.1.124EN. It has been decl ...)
+	TODO: check
+CVE-2025-2917 (A vulnerability, which was classified as problematic, was found in Che ...)
+	TODO: check
+CVE-2025-2916 (A vulnerability, which was classified as critical, has been found in A ...)
+	TODO: check
+CVE-2025-2915 (A vulnerability classified as problematic was found in HDF5 up to 1.14 ...)
+	TODO: check
+CVE-2025-2914 (A vulnerability classified as problematic has been found in HDF5 up to ...)
+	TODO: check
+CVE-2025-2913 (A vulnerability was found in HDF5 up to 1.14.6. It has been rated as p ...)
+	TODO: check
+CVE-2025-2912 (A vulnerability was found in HDF5 up to 1.14.6. It has been declared a ...)
+	TODO: check
+CVE-2025-2911 (Unauthorised access to the call forwarding service system in MeetMe pr ...)
+	TODO: check
+CVE-2025-2910 (User enumeration in the password reset module of the MeetMe authentica ...)
+	TODO: check
+CVE-2025-2909 (The lack of encryption in the DuoxMe (formerly Blue) application binar ...)
+	TODO: check
+CVE-2025-2908 (The exposure of credentials in the call forwarding configuration modul ...)
+	TODO: check
+CVE-2025-2901 (A flaw was found in the JBoss EAP Management Console, where a stored C ...)
+	TODO: check
+CVE-2025-2877 (A flaw was found in the Ansible Automation Platform's Event-Driven Ans ...)
+	TODO: check
+CVE-2025-2870 (Reflected Cross-Site Scripting (XSS) vulnerability in version 1.0 of t ...)
+	TODO: check
+CVE-2025-2869 (Reflected Cross-Site Scripting (XSS) vulnerability in version 1.0 of t ...)
+	TODO: check
+CVE-2025-2868 (Reflected Cross-Site Scripting (XSS) vulnerability in version 1.0 of t ...)
+	TODO: check
+CVE-2025-2865 (SaTECH BCU, in its firmware version 2.1.3, could allow XSS attacks and ...)
+	TODO: check
+CVE-2025-2864 (SaTECH BCU in its firmware version 2.1.3 allows an attacker to inject  ...)
+	TODO: check
+CVE-2025-2863 (Cross-site request forgery (CSRF) vulnerability in the web application ...)
+	TODO: check
+CVE-2025-2862 (SaTECH BCU, in its firmware version 2.1.3, performs weak password encr ...)
+	TODO: check
+CVE-2025-2861 (SaTECH BCU in its firmware version 2.1.3 uses the HTTP protocol. The u ...)
+	TODO: check
+CVE-2025-2860 (SaTECH BCU in its firmware version 2.1.3, allows an authenticated atta ...)
+	TODO: check
+CVE-2025-2859 (An attacker with access to the network where the vulnerable device is  ...)
+	TODO: check
+CVE-2025-2858 (Privilege escalation vulnerability in the saTECH BCU firmware version  ...)
+	TODO: check
+CVE-2025-2815 (The Administrator Z plugin for WordPress is vulnerable to unauthorized ...)
+	TODO: check
+CVE-2025-2713 (Google gVisor's runsc component exhibited a local privilege escalation ...)
+	TODO: check
+CVE-2025-29928 (authentik is an open-source identity provider. Prior to versions 2024. ...)
+	TODO: check
+CVE-2025-28221 (Tenda W6_S v1.0.0.4_510 has a Buffer Overflow vulnerability in the set ...)
+	TODO: check
+CVE-2025-28220 (Tenda W6_S v1.0.0.4_510 has a Buffer Overflow vulnerability in the set ...)
+	TODO: check
+CVE-2025-28219 (Netgear DC112A V1.0.0.64 has an OS command injection vulnerability in  ...)
+	TODO: check
+CVE-2025-27932 (Improper limitation of a pathname to a restricted directory ('Path Tra ...)
+	TODO: check
+CVE-2025-27726 (Improper limitation of a pathname to a restricted directory ('Path Tra ...)
+	TODO: check
+CVE-2025-27718 (Improper limitation of a pathname to a restricted directory ('Path Tra ...)
+	TODO: check
+CVE-2025-27716 (Improper limitation of a pathname to a restricted directory ('Path Tra ...)
+	TODO: check
+CVE-2025-27574 (Cross-site scripting vulnerability exists in the USB storage file-shar ...)
+	TODO: check
+CVE-2025-27567 (Cross-site scripting vulnerability exists in the NickName registration ...)
+	TODO: check
+CVE-2025-27001 (Insertion of Sensitive Information Into Sent Data vulnerability in Shi ...)
+	TODO: check
+CVE-2025-22767 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-22575 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-22566 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-22526 (Deserialization of Untrusted Data vulnerability in NotFound PHP/MySQL  ...)
+	TODO: check
+CVE-2025-22523 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2025-22501 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...)
+	TODO: check
+CVE-2025-22360 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-22356 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-1781 (There is a XXE in W3CSS Validator versions beforecssval-20250226 that  ...)
+	TODO: check
+CVE-2025-1705 (The tagDiv Composer plugin for WordPress is vulnerable to Cross-Site R ...)
+	TODO: check
+CVE-2025-0986 (IBM PowerVM Hypervisor FW1050.00 through FW1050.30 and FW1060.00 throu ...)
+	TODO: check
+CVE-2024-7407 (Use of a custom password encoding algorithmin Streamsoft Presti\u017c  ...)
+	TODO: check
+CVE-2024-54362 (Path Traversal vulnerability in NotFound GetShop ecommerce allows Path ...)
+	TODO: check
+CVE-2024-54291 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+	TODO: check
+CVE-2024-51624 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2024-48615 (Null Pointer Dereference vulnerability in libarchive 3.7.6 and earlier ...)
+	TODO: check
+CVE-2024-39311 (Publify is a self hosted Web publishing platform on Rails. Prior to ve ...)
+	TODO: check
+CVE-2024-11504 (Input from multiple fields inStreamsoft Presti\u017c is not sanitized  ...)
+	TODO: check
 CVE-2025-31101 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-31092 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -1431,9 +1659,9 @@ CVE-2024-13411 (The Zapier for WordPress plugin for WordPress is vulnerable to S
 	NOT-FOR-US: WordPress plugin
 CVE-2024-9773 (An issue was discovered in GitLab EE affecting all versions starting f ...)
 	- gitlab <not-affected> (Specific to EE)
-CVE-2024-10307
+CVE-2024-10307 (An issue has been discovered in GitLab EE/CE affecting all versions fr ...)
 	- gitlab <unfixed>
-CVE-2024-12619
+CVE-2024-12619 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
 	- gitlab <unfixed>
 CVE-2025-2242 (An improper access control vulnerability in GitLab CE/EE affecting all ...)
 	- gitlab <unfixed>
@@ -335668,8 +335896,8 @@ CVE-2021-24010 (Improper limitation of a pathname to a restricted directory vuln
 	NOT-FOR-US: FortiSandbox
 CVE-2021-24009 (Multiple improper neutralization of special elements used in an OS com ...)
 	NOT-FOR-US: FortiWAN
-CVE-2021-24008
-	RESERVED
+CVE-2021-24008 (An exposure of sensitive system information to an unauthorized control ...)
+	TODO: check
 CVE-2021-24007 (Multiple improper neutralization of special elements of SQL commands v ...)
 	NOT-FOR-US: Fortiguard
 CVE-2021-24006 (An improper access control vulnerability in FortiManager versions 6.4. ...)
@@ -437652,8 +437880,8 @@ CVE-2019-16151 (An improper neutralization of input during web page generation v
 	NOT-FOR-US: Fortinet
 CVE-2019-16150 (Use of a hard-coded cryptographic key to encrypt security sensitive da ...)
 	NOT-FOR-US: Fortiguard
-CVE-2019-16149
-	RESERVED
+CVE-2019-16149 (An Improper Neutralization of Input During Web Page Generation in Fort ...)
+	TODO: check
 CVE-2019-16168 (In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can cras ...)
 	{DLA-2340-1}
 	- sqlite3 3.29.0-2



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f3d110a3480f9825d0f6b017352f52b8f610685c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f3d110a3480f9825d0f6b017352f52b8f610685c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250328/db47c909/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list