[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fd4b6146 by security tracker role at 2025-05-17T20:12:42+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,57 @@
+CVE-2025-4836 (A vulnerability was found in Projectworlds Life Insurance Management S ...)
+	TODO: check
+CVE-2025-4835 (A vulnerability was found in TOTOLINK A702R, A3002R and A3002RU 3.0.0- ...)
+	TODO: check
+CVE-2025-4834 (A vulnerability was found in TOTOLINK A702R, A3002R and A3002RU 3.0.0- ...)
+	TODO: check
+CVE-2025-4833 (A vulnerability was found in TOTOLINK A702R, A3002R and A3002RU 3.0.0- ...)
+	TODO: check
+CVE-2025-4832 (A vulnerability has been found in TOTOLINK A702R, A3002R and A3002RU 3 ...)
+	TODO: check
+CVE-2025-4831 (A vulnerability, which was classified as critical, was found in TOTOLI ...)
+	TODO: check
+CVE-2025-4830 (A vulnerability, which was classified as critical, has been found in T ...)
+	TODO: check
+CVE-2025-4829 (A vulnerability classified as critical was found in TOTOLINK A702R, A3 ...)
+	TODO: check
+CVE-2025-4827 (A vulnerability, which was classified as critical, was found in TOTOLI ...)
+	TODO: check
+CVE-2025-4826 (A vulnerability, which was classified as critical, has been found in T ...)
+	TODO: check
+CVE-2025-4825 (A vulnerability classified as critical was found in TOTOLINK A702R, A3 ...)
+	TODO: check
+CVE-2025-4824 (A vulnerability classified as critical has been found in TOTOLINK A702 ...)
+	TODO: check
+CVE-2025-4823 (A vulnerability was found in TOTOLINK A702R, A3002R and A3002RU 3.0.0- ...)
+	TODO: check
+CVE-2025-4669 (The WP Booking Calendar plugin for WordPress is vulnerable to Stored C ...)
+	TODO: check
+CVE-2025-4610 (The WP-Members Membership Plugin plugin for WordPress is vulnerable to ...)
+	TODO: check
+CVE-2025-4101 (The MultiVendorX \u2013 WooCommerce Multivendor Marketplace Solutions  ...)
+	TODO: check
+CVE-2025-48187 (RAGFlow through 0.18.1 allows account takeover because it is possible  ...)
+	TODO: check
+CVE-2025-47948 (Cocotais Bot is a QQ official robot framework based on qq-bot-sdk. Sta ...)
+	TODO: check
+CVE-2025-47945 (Donetick an open-source app for managing tasks and chores. Prior to ve ...)
+	TODO: check
+CVE-2025-47931 (LibreNMS is PHP/MySQL/SNMP based network monitoring software. LibreNMS ...)
+	TODO: check
+CVE-2025-47273 (setuptools is a package that allows users to download, build, install, ...)
+	TODO: check
+CVE-2025-3888 (The Jupiter X Core plugin for WordPress is vulnerable to Stored Cross- ...)
+	TODO: check
+CVE-2025-3527 (The EventON Pro plugin for WordPress is vulnerable to unauthorized mod ...)
+	TODO: check
+CVE-2025-33103 (IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 product IBM TCP/IP Connectivity Util ...)
+	TODO: check
+CVE-2024-13965
+	REJECTED
+CVE-2024-13964
+	REJECTED
+CVE-2024-13613 (The Wise Chat plugin for WordPress is vulnerable to Sensitive Informat ...)
+	TODO: check
 CVE-2025-4819 (A vulnerability classified as problematic has been found in y_project  ...)
 	NOT-FOR-US: RuoYi
 CVE-2025-4818 (A vulnerability was found in SourceCodester Doctor's Appointment Syste ...)
@@ -59539,7 +59593,7 @@ CVE-2023-4458 (A flaw was found within the parsing of extended attributes in the
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/17d5b135bb720832364e8f55f6a887a3c7ec8fdb (6.6-rc1)
 CVE-2024-10397 (A malicious server can crash the OpenAFS cache manager and other clien ...)
-	{DSA-5842-1}
+	{DSA-5842-1 DLA-4168-1}
 	- openafs 1.8.13-1 (bug #1087406; bug #1087407)
 	NOTE: http://openafs.org/pages/security/OPENAFS-SA-2024-003.txt
 	NOTE: https://lists.openafs.org/pipermail/openafs-devel/2024-November/020961.html
@@ -59554,7 +59608,7 @@ CVE-2024-10397 (A malicious server can crash the OpenAFS cache manager and other
 	NOTE: http://git.openafs.org/?p=openafs.git;a=commit;h=4871f8ad2775e97bb85ff7efc33a4ad8d3f6d9d1 (openafs-stable-1_8_13)
 	NOTE: http://git.openafs.org/?p=openafs.git;a=commit;h=37e585f0841803cdf3a1f99770034890ba162d7c (openafs-stable-1_8_13)
 CVE-2024-10396 (An authenticated user can provide a malformed ACL to the fileserver's  ...)
-	{DSA-5842-1}
+	{DSA-5842-1 DLA-4168-1}
 	- openafs 1.8.13-1 (bug #1087406; bug #1087407)
 	NOTE: http://openafs.org/pages/security/OPENAFS-SA-2024-002.txt
 	NOTE: https://lists.openafs.org/pipermail/openafs-devel/2024-November/020961.html
@@ -59571,7 +59625,7 @@ CVE-2024-10396 (An authenticated user can provide a malformed ACL to the fileser
 	NOTE: http://git.openafs.org/?p=openafs.git;a=commit;h=a9ede52673b8c8abbfc2577ac6987a8a5686206f (openafs-stable-1_8_13)
 	NOTE: http://git.openafs.org/?p=openafs.git;a=commit;h=21941c0ab2d28fa3a074f46e4d448d518a7c1b8a (openafs-stable-1_8_13)
 CVE-2024-10394 (A local user can bypass the OpenAFS PAG (Process Authentication Group) ...)
-	{DSA-5842-1}
+	{DSA-5842-1 DLA-4168-1}
 	- openafs 1.8.13-1 (bug #1087406; bug #1087407)
 	NOTE: http://openafs.org/pages/security/OPENAFS-SA-2024-001.txt
 	NOTE: https://lists.openafs.org/pipermail/openafs-devel/2024-November/020961.html



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd4b6146885d9cbaf008bd11100efc8de5e8d6d8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd4b6146885d9cbaf008bd11100efc8de5e8d6d8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250517/45274255/attachment.htm>