[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed May 7 09:12:06 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
24391786 by security tracker role at 2025-05-07T08:11:59+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,93 @@
+CVE-2025-4335 (The Woocommerce Multiple Addresses plugin for WordPress is vulnerable  ...)
+	TODO: check
+CVE-2025-4220 (The Xavin's List Subpages plugin for WordPress is vulnerable to S ...)
+	TODO: check
+CVE-2025-4171 (The WZ Followed Posts \u2013 Display what visitors are reading plugin  ...)
+	TODO: check
+CVE-2025-4055 (The Multiple Post Type Order plugin for WordPress is vulnerable to Sto ...)
+	TODO: check
+CVE-2025-4054 (The Relevanssi \u2013 A Better Search plugin for WordPress is vulnerab ...)
+	TODO: check
+CVE-2025-47420 (266 vulnerability in Crestron Automate VX allows Privilege Escalation. ...)
+	TODO: check
+CVE-2025-47419 (Cleartext Transmission of Sensitive Information vulnerability in Crest ...)
+	TODO: check
+CVE-2025-47418 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+	TODO: check
+CVE-2025-46573 (passport-wsfed-saml2 provides passport strategy for both WS-fed and SA ...)
+	TODO: check
+CVE-2025-46572 (passport-wsfed-saml2 provides passport strategy for both WS-fed and SA ...)
+	TODO: check
+CVE-2025-44899 (There is a stack overflow vulnerability in Tenda RX3 V1.0br_V16.03.13. ...)
+	TODO: check
+CVE-2025-44073 (SeaCMS v13.3 was discovered to contain a SQL injection vulnerability v ...)
+	TODO: check
+CVE-2025-3924 (The PeproDev Ultimate Profile Solutions plugin for WordPress is vulner ...)
+	TODO: check
+CVE-2025-3921 (The PeproDev Ultimate Profile Solutions plugin for WordPress is vulner ...)
+	TODO: check
+CVE-2025-3860 (The CarDealerPress plugin for WordPress is vulnerable to Stored Cross- ...)
+	TODO: check
+CVE-2025-3853 (The WPshop 2 \u2013 E-Commerce plugin for WordPress is vulnerable to I ...)
+	TODO: check
+CVE-2025-3852 (The WPshop 2 \u2013 E-Commerce plugin for WordPress is vulnerable to p ...)
+	TODO: check
+CVE-2025-3851 (The Download Manager and Payment Form WordPress Plugin \u2013 WP Smart ...)
+	TODO: check
+CVE-2025-3844 (The PeproDev Ultimate Profile Solutions plugin for WordPress is vulner ...)
+	TODO: check
+CVE-2025-3766 (The Login Lockdown & Protection plugin for WordPress is vulnerable to  ...)
+	TODO: check
+CVE-2025-3218 (IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 is vulnerable to authentication and  ...)
+	TODO: check
+CVE-2025-32405 (An Out-of-bounds Write in RT-Labs P-Net version 1.0.1 or earlier allow ...)
+	TODO: check
+CVE-2025-32404 (An Out-of-bounds Write in RT-Labs P-Net version 1.0.1 or earlier allow ...)
+	TODO: check
+CVE-2025-32403 (An Out-of-bounds Write in RT-Labs P-Net version 1.0.1 or earlier allow ...)
+	TODO: check
+CVE-2025-32402 (An Out-of-bounds Write in RT-Labs P-Net version 1.0.1 or earlier allow ...)
+	TODO: check
+CVE-2025-32401 (An Heap-based Buffer Overflow in RT-Labs P-Net version 1.0.1 or earlie ...)
+	TODO: check
+CVE-2025-32400 (An Heap-based Buffer Overflow in RT-Labs P-Net version 1.0.1 or earlie ...)
+	TODO: check
+CVE-2025-32399 (An Unchecked Input for Loop Condition in RT-Labs P-Net version 1.0.1 o ...)
+	TODO: check
+CVE-2025-32398 (A NULL Pointer Dereference in RT-Labs P-Net version 1.0.1 or earlier a ...)
+	TODO: check
+CVE-2025-32397 (An Heap-based Buffer Overflow in RT-Labs P-Net version 1.0.1 or earlie ...)
+	TODO: check
+CVE-2025-32396 (An Heap-based Buffer Overflow in RT-Labs P-Net version 1.0.1 or earlie ...)
+	TODO: check
+CVE-2025-2821 (The Search Exclude plugin for WordPress is vulnerable to unauthorized  ...)
+	TODO: check
+CVE-2025-1400 (Out-of-bounds Read vulnerability inunpack_response (conn.c) in libplct ...)
+	TODO: check
+CVE-2025-1399 (Out-of-bounds Read vulnerability inunpack_response (session.c) in libp ...)
+	TODO: check
+CVE-2025-0856 (The PGS Core plugin for WordPress is vulnerable to unauthorized access ...)
+	TODO: check
+CVE-2025-0855 (The PGS Core plugin for WordPress is vulnerable to PHP Object Injectio ...)
+	TODO: check
+CVE-2025-0853 (The PGS Core plugin for WordPress is vulnerable to SQL Injection via t ...)
+	TODO: check
+CVE-2025-0669 (Cross-Site Request Forgery (CSRF) vulnerability in BOINC Server allows ...)
+	TODO: check
+CVE-2025-0668 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2025-0667 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2025-0666 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2025-0649 (Incorrect JSON input stringificationin Google's Tensorflow serving ver ...)
+	TODO: check
+CVE-2024-12120 (The Royal Elementor Addons and Templates plugin for WordPress is vulne ...)
+	TODO: check
 CVE-2025-27533 [Unchecked buffer length can cause excessive memory allocation]
 	- activemq <unfixed>
 	NOTE: https://issues.apache.org/jira/browse/AMQ-6596
-CVE-2025-4372
+CVE-2025-4372 (Use after free in WebAudio in Google Chrome prior to 136.0.7103.92 all ...)
 	- chromium 136.0.7103.92-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2025-4388 (A reflected cross-site scripting (XSS) vulnerability in the Liferay Po ...)
@@ -140897,7 +140983,8 @@ CVE-2023-52028 (TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain
 	NOT-FOR-US: TOTOlink
 CVE-2023-52027 (TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a rem ...)
 	NOT-FOR-US: TOTOlink
-CVE-2023-51989 (D-Link DIR-822+ V1.0.2 contains a login bypass in the HNAP1 interface, ...)
+CVE-2023-51989
+	REJECTED
 	NOT-FOR-US: D-Link
 CVE-2023-51987 (D-Link DIR-822+ V1.0.2 contains a login bypass in the HNAP1 interface, ...)
 	NOT-FOR-US: D-Link



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2439178635045c4e25ca59e8014984582907e1bf

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2439178635045c4e25ca59e8014984582907e1bf
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250507/22ae18b7/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list