[Git][security-tracker-team/security-tracker][master] automatic update

Sat May 3 09:12:37 BST 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fdf2d51d by security tracker role at 2025-05-03T08:12:29+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,41 @@
+CVE-2025-4222 (The Database Toolset plugin for WordPress is vulnerable to Sensitive I ...)
+	TODO: check
+CVE-2025-4218 (A vulnerability was found in handrew browserpilot up to 0.2.51. It has ...)
+	TODO: check
+CVE-2025-4215 (A vulnerability was found in gorhill uBlock Origin up to 1.63.3b16. It ...)
+	TODO: check
+CVE-2025-4199 (The Abundatrade Plugin plugin for WordPress is vulnerable to Cross-Sit ...)
+	TODO: check
+CVE-2025-4198 (The Alink Tap plugin for WordPress is vulnerable to Cross-Site Request ...)
+	TODO: check
+CVE-2025-4188 (The Advanced Reorder Image Text Slider plugin for WordPress is vulnera ...)
+	TODO: check
+CVE-2025-4172 (The VerticalResponse Newsletter Widget plugin for WordPress is vulnera ...)
+	TODO: check
+CVE-2025-4170 (The Xavin's Review Ratings plugin for WordPress is vulnerable to  ...)
+	TODO: check
+CVE-2025-4168 (The Subpage List plugin for WordPress is vulnerable to Stored Cross-Si ...)
+	TODO: check
+CVE-2025-47229 (libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause a d ...)
+	TODO: check
+CVE-2025-47226 (Grokability Snipe-IT before 8.1.0 has incorrect authorization for acce ...)
+	TODO: check
+CVE-2025-46723 (OpenVM is a performant and modular zkVM framework built for customizat ...)
+	TODO: check
+CVE-2025-3918 (The Job Listings plugin for WordPress is vulnerable to Privilege Escal ...)
+	TODO: check
+CVE-2025-3815 (The SurveyJS plugin for WordPress is vulnerable to Stored Cross-Site S ...)
+	TODO: check
+CVE-2025-3779 (The Personizely plugin for WordPress is vulnerable to Stored Cross-Sit ...)
+	TODO: check
+CVE-2025-21572 (OpenGrok 1.13.25 has a reflected Cross-Site Scripting (XSS) issue when ...)
+	TODO: check
+CVE-2025-0782 (A vulnerability in the S3 bucket configuration for h2oai/h2o-3 allows  ...)
+	TODO: check
+CVE-2024-55069 (ffmpeg 7.1 is vulnerable to Null Pointer Dereference in function iamf_ ...)
+	TODO: check
+CVE-2024-13738 (The The Motors - Car Dealer, Rental & Listing WordPress theme theme fo ...)
+	TODO: check
 CVE-2025-4214 (A vulnerability was found in PHPGuruku Online DJ Booking Management Sy ...)
 	NOT-FOR-US: PHPGuruku Online DJ Booking Management System
 CVE-2025-4213 (A vulnerability has been found in PHPGurukul Online Birth Certificate  ...)
@@ -8710,7 +8748,7 @@ CVE-2025-30373 (Graylog is a free and open log management platform. Starting wit
 CVE-2025-2251 (A security flaw exists in WildFly and JBoss Enterprise Application Pla ...)
 	NOT-FOR-US: Red Hat WildFly and JBoss Enterprise Application Platform (EAP)
 CVE-2025-29769 (libvips is a demand-driven, horizontally threaded image processing lib ...)
-	{DLA-4148-1}
+	{DSA-5915-1 DLA-4148-1}
 	- vips 8.16.1-1
 	NOTE: https://github.com/libvips/libvips/security/advisories/GHSA-f8r8-43hh-rghm
 	NOTE: https://github.com/libvips/libvips/pull/4392
@@ -295328,8 +295366,8 @@ CVE-2022-21548 (Vulnerability in the Oracle WebLogic Server product of Oracle Fu
 	NOT-FOR-US: Oracle
 CVE-2022-21547 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
 	- mysql-8.0 8.0.30-1 (bug #1015789)
-CVE-2022-21546
-	RESERVED
+CVE-2022-21546 (In newer version of the SBC specs, we have a NDOB bit that indicates t ...)
+	TODO: check
 CVE-2022-21545 (Vulnerability in the Oracle iRecruitment product of Oracle E-Business  ...)
 	NOT-FOR-US: Oracle
 CVE-2022-21544 (Vulnerability in the Oracle FLEXCUBE Universal Banking product of Orac ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fdf2d51d782387d645e789108945a49d9456e2f5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fdf2d51d782387d645e789108945a49d9456e2f5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250503/1ae58331/attachment.htm>
