Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
28c18f13 by security tracker role at 2025-02-07T20:11:59+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,185 @@
+CVE-2025-25183 (vLLM is a high-throughput and memory-efficient inference and
serving e ...)
+ TODO: check
+CVE-2025-25168 (Cross-Site Request Forgery (CSRF) vulnerability in
blackandwhitedigita ...)
+ TODO: check
+CVE-2025-25167 (Missing Authorization vulnerability in blackandwhitedigital
BookPress ...)
+ TODO: check
+CVE-2025-25166 (Cross-Site Request Forgery (CSRF) vulnerability in
gabrieldarezzo InLo ...)
+ TODO: check
+CVE-2025-25163 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2025-25160 (Cross-Site Request Forgery (CSRF) vulnerability in Mark Barnes
Style T ...)
+ TODO: check
+CVE-2025-25159 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-25156 (Cross-Site Request Forgery (CSRF) vulnerability in Stanko
Metodiev Quo ...)
+ TODO: check
+CVE-2025-25155 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2025-25154 (Cross-Site Request Forgery (CSRF) vulnerability in scweber
Custom Comm ...)
+ TODO: check
+CVE-2025-25153 (Cross-Site Request Forgery (CSRF) vulnerability in djjmz
Simple Auto T ...)
+ TODO: check
+CVE-2025-25152 (Cross-Site Request Forgery (CSRF) vulnerability in
LukaszWiecek Smart ...)
+ TODO: check
+CVE-2025-25151 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-25149 (Cross-Site Request Forgery (CSRF) vulnerability in Danillo
Nunes Login ...)
+ TODO: check
+CVE-2025-25148 (Cross-Site Request Forgery (CSRF) vulnerability in ElbowRobo
Read More ...)
+ TODO: check
+CVE-2025-25147 (Cross-Site Request Forgery (CSRF) vulnerability in
Phillip.Gooch Auto ...)
+ TODO: check
+CVE-2025-25146 (Cross-Site Request Forgery (CSRF) vulnerability in saleandro
Songkick ...)
+ TODO: check
+CVE-2025-25145 (Cross-Site Request Forgery (CSRF) vulnerability in
jordan.hatch Infusi ...)
+ TODO: check
+CVE-2025-25144 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-25143 (Cross-Site Request Forgery (CSRF) vulnerability in ibasit
GlobalQuran ...)
+ TODO: check
+CVE-2025-25141 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-25140 (Cross-Site Request Forgery (CSRF) vulnerability in Scriptonite
Simple ...)
+ TODO: check
+CVE-2025-25139 (Cross-Site Request Forgery (CSRF) vulnerability in Cynob IT
Consultanc ...)
+ TODO: check
+CVE-2025-25138 (Cross-Site Request Forgery (CSRF) vulnerability in Rishi On
Page SEO + ...)
+ TODO: check
+CVE-2025-25136 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-25135 (Cross-Site Request Forgery (CSRF) vulnerability in Victor
Barkalov Cus ...)
+ TODO: check
+CVE-2025-25128 (Cross-Site Request Forgery (CSRF) vulnerability in orlandolac
Facilita ...)
+ TODO: check
+CVE-2025-25126 (Cross-Site Request Forgery (CSRF) vulnerability in zmseo ZMSEO
allows ...)
+ TODO: check
+CVE-2025-25125 (Cross-Site Request Forgery (CSRF) vulnerability in CyrilG
Fyrebox Quiz ...)
+ TODO: check
+CVE-2025-25123 (Cross-Site Request Forgery (CSRF) vulnerability in xdark Easy
Related ...)
+ TODO: check
+CVE-2025-25120 (Missing Authorization vulnerability in Melodic Media Slide
Banners all ...)
+ TODO: check
+CVE-2025-25117 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-25116 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-25111 (Cross-Site Request Forgery (CSRF) vulnerability in WP Spell
Check WP S ...)
+ TODO: check
+CVE-2025-25110 (Missing Authorization vulnerability in Metagauss Event Kikfyre
allows ...)
+ TODO: check
+CVE-2025-25107 (Cross-Site Request Forgery (CSRF) vulnerability in sainwp
OneStore Sit ...)
+ TODO: check
+CVE-2025-25106 (Cross-Site Request Forgery (CSRF) vulnerability in FancyWP
Starter Tem ...)
+ TODO: check
+CVE-2025-25105 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-25104 (Cross-Site Request Forgery (CSRF) vulnerability in mraliende
URL-Previ ...)
+ TODO: check
+CVE-2025-25103 (Cross-Site Request Forgery (CSRF) vulnerability in bnielsen
Indeed API ...)
+ TODO: check
+CVE-2025-25101 (Cross-Site Request Forgery (CSRF) vulnerability in
MetricThemes Munk S ...)
+ TODO: check
+CVE-2025-25098 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-25097 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-25096 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-25095 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-25094 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-25093 (Cross-Site Request Forgery (CSRF) vulnerability in
paulswarthout Child ...)
+ TODO: check
+CVE-2025-25091 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-25088 (Cross-Site Request Forgery (CSRF) vulnerability in blackus3r
WP Keywor ...)
+ TODO: check
+CVE-2025-25085 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-25082 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-25081 (Missing Authorization vulnerability in DeannaS Embed RSS
allows Exploi ...)
+ TODO: check
+CVE-2025-25080 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-25079 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-25078 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-25077 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-25076 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-25075 (Cross-Site Request Forgery (CSRF) vulnerability in Venugopal
Show noti ...)
+ TODO: check
+CVE-2025-25074 (Cross-Site Request Forgery (CSRF) vulnerability in Nirmal
Kumar Ram WP ...)
+ TODO: check
+CVE-2025-25073 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-25072 (Cross-Site Request Forgery (CSRF) vulnerability in thunderbax
WP Admin ...)
+ TODO: check
+CVE-2025-25071 (Cross-Site Request Forgery (CSRF) vulnerability in topplugins
Vignette ...)
+ TODO: check
+CVE-2025-25069 (A Cross-Protocol Scripting vulnerability is found in Apache
Kvrocks. ...)
+ TODO: check
+CVE-2025-24980 (pimcore/admin-ui-classic-bundle provides a Backend UI for
Pimcore. In ...)
+ TODO: check
+CVE-2025-1108 (Insufficient data authenticity verification vulnerability in
Janto, ve ...)
+ TODO: check
+CVE-2025-1107 (Unverified password change vulnerability in Janto, versions
prior to r ...)
+ TODO: check
+CVE-2025-1106 (A vulnerability classified as critical has been found in
CmsEasy 7.7.7 ...)
+ TODO: check
+CVE-2025-1105 (A vulnerability was found in SiberianCMS 4.20.6. It has been
rated as ...)
+ TODO: check
+CVE-2025-1104 (A vulnerability has been found in D-Link DHP-W310AV 1.04 and
classifie ...)
+ TODO: check
+CVE-2025-1103 (A vulnerability, which was classified as problematic, was found
in D-L ...)
+ TODO: check
+CVE-2025-1077 (A security vulnerability has been identified in the IBL
Software Engin ...)
+ TODO: check
+CVE-2025-0307
+ REJECTED
+CVE-2025-0304 (in OpenHarmony v4.1.2 and prior versions allow a local attacker
cause ...)
+ TODO: check
+CVE-2025-0303 (in OpenHarmony v4.1.2 and prior versions allow a local attacker
cause ...)
+ TODO: check
+CVE-2025-0302 (in OpenHarmony v4.1.2 and prior versions allow a local attacker
cause ...)
+ TODO: check
+CVE-2024-9664 (The WP All Import Pro plugin for WordPress is vulnerable to PHP
Object ...)
+ TODO: check
+CVE-2024-9661 (The WP All Import Pro plugin for WordPress is vulnerable to
Cross-Site ...)
+ TODO: check
+CVE-2024-7425 (The WP ALL Export Pro plugin for WordPress is vulnerable to
unauthoriz ...)
+ TODO: check
+CVE-2024-7419 (The WP ALL Export Pro plugin for WordPress is vulnerable to
Remote Cod ...)
+ TODO: check
+CVE-2024-57707 (An issue in DataEase v1 allows an attacker to execute
arbitrary code v ...)
+ TODO: check
+CVE-2024-57249 (Incorrect Access Control in the Preview Function of Gleamtech
FileVist ...)
+ TODO: check
+CVE-2024-57248 (Directory Traversal in File Upload in Gleamtech FileVista
9.2.0.0 allo ...)
+ TODO: check
+CVE-2024-55214 (Local File Inclusion vulnerability in dhtmlxFileExplorer
v.8.4.6 allow ...)
+ TODO: check
+CVE-2024-55213 (Directory Traversal vulnerability in dhtmlxFileExplorer
v.8.4.6 allows ...)
+ TODO: check
+CVE-2024-52884 (An issue was discovered in AudioCodes Mediant Session Border
Controlle ...)
+ TODO: check
+CVE-2024-52883 (An issue was discovered in AudioCodes One Voice Operations
Center (OVO ...)
+ TODO: check
+CVE-2024-52882 (An issue was discovered in AudioCodes One Voice Operations
Center (OVO ...)
+ TODO: check
+CVE-2024-52881 (An issue was discovered in AudioCodes One Voice Operations
Center (OVO ...)
+ TODO: check
+CVE-2024-48091 (Tally Prime Edit Log v2.1 was discovered to contain a DLL
hijacking vu ...)
+ TODO: check
+CVE-2024-35106 (NEXTU FLETA AX1500 WIFI6 v1.0.3 was discovered to contain a
buffer ove ...)
+ TODO: check
+CVE-2024-10383 (An issue has been discovered in the gitlab-web-ide-vscode-fork
compone ...)
+ TODO: check
CVE-2025-24032
- pam-pkcs11 <unfixed>
NOTE:
https://github.com/OpenSC/pam_pkcs11/commit/b665b287ff955bbbd9539252ff9f9e2754c3fb48
(pam_pkcs11-0.6.13)
@@ -1258,7 +1440,7 @@ CVE-2025-0366 (The Jupiter X Core plugin for WordPress is
vulnerable to Local Fi
NOT-FOR-US: WordPress plugin
CVE-2025-0365 (The Jupiter X Core plugin for WordPress is vulnerable to
Directory Tra ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-57587 (EasyVirt DCScope 8.6.0 and earlier and co2Scope 1.3.0 and
earlier are ...)
+CVE-2024-57587 (Multiple SQL injection vulnerabilities in EasyVirt DCScope <=
8.6.0 an ...)
NOT-FOR-US: EasyVirt DCScope
CVE-2024-57435 (In macrozheng mall-tiny 1.0.1, an attacker can send null data
through ...)
NOT-FOR-US: macrozheng mall-tiny
@@ -1270,11 +1452,11 @@ CVE-2024-55062 (EasyVirt DCScope 8.6.0 and earlier and
co2Scope 1.3.0 and earlie
NOT-FOR-US: EasyVirt DCScope
CVE-2024-53357 (In EasyVirt DCScope <=8.6.0 and CO2Scope <=1.3.0, the AES
encryption k ...)
NOT-FOR-US: EasyVirt DCScope
-CVE-2024-53356 (EasyVirt DCScope <=8.6.0 and CO2Scope <=1.3.0 are vulnerable
to privil ...)
+CVE-2024-53356 (Weak JWT Secret vulnerabilitiy in EasyVirt DCScope <= 8.6.0
and CO2Sco ...)
NOT-FOR-US: EasyVirt DCScope
-CVE-2024-53355 (EasyVirt DCScope <=8.6.0 and CO2Scope <=1.3.0 are vulnerable
to Incorr ...)
+CVE-2024-53355 (Multiple incorrect access control issues in EasyVirt DCScope
<= 8.6.0 ...)
NOT-FOR-US: EasyVirt DCScope
-CVE-2024-53354 (EasyVirt DCScope <=8.6.0 and CO2Scope <=1.3.0 are vulnerable
to SQL In ...)
+CVE-2024-53354 (Multiple SQL injection vulnerabilities in EasyVirt DCScope <=
8.6.0 an ...)
NOT-FOR-US: EasyVirt DCScope
CVE-2024-53296 (Dell PowerProtect DD versions prior to 7.10.1.50 and 7.13.1.20
contain ...)
NOT-FOR-US: Dell
@@ -4219,7 +4401,7 @@ CVE-2025-21504 (Vulnerability in the MySQL Server product
of Oracle MySQL (compo
CVE-2025-21503 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 8.0.41-1 (bug #1093877)
CVE-2025-21502 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK,
Oracle Gr ...)
- {DSA-5857-1 DLA-4037-1}
+ {DSA-5857-1 DLA-4043-1 DLA-4037-1}
- openjdk-8 <unfixed> (bug #1093878)
- openjdk-11 11.0.26+4-1
- openjdk-17 17.0.14+7-1
@@ -241995,10 +242177,10 @@ CVE-2022-26391
RESERVED
CVE-2022-26390 (The Baxter Spectrum Wireless Battery Module (WBM) stores
network crede ...)
NOT-FOR-US: Baxter Spectrum Wireless Battery Module (WBM)
-CVE-2022-26389
- RESERVED
-CVE-2022-26388
- RESERVED
+CVE-2022-26389 (An improper access control vulnerability may allow privilege
escalatio ...)
+ TODO: check
+CVE-2022-26388 (A use of hard-coded password vulnerability may allow
authentication ab ...)
+ TODO: check
CVE-2022-0847 (A flaw was found in the way the "flags" member of the new pipe
buffer ...)
{DSA-5092-1}
- linux 5.16.11-1
@@ -273674,10 +273856,10 @@ CVE-2021-41530 (Forcepoint NGFW Engine versions
6.5.11 and earlier, 6.8.6 and ea
NOT-FOR-US: Forcepoint NGFW Engine
CVE-2021-41529
RESERVED
-CVE-2021-41528
- RESERVED
-CVE-2021-41527
- RESERVED
+CVE-2021-41528 (An error when handling authorization related to the import /
export in ...)
+ TODO: check
+CVE-2021-41527 (An error related to the 2-factor authorization (2FA) on the
RISC Platf ...)
+ TODO: check
CVE-2021-41526 (A vulnerability has been reported in the windows installer
(MSI) built ...)
NOT-FOR-US: Flexera
CVE-2021-41525 (An issue related to modification of otherwise restricted files
through ...)
@@ -310949,8 +311131,7 @@ CVE-2021-27019 (PuppetDB logging included potentially
sensitive system informati
NOTE: https://puppet.com/security/cve/CVE-2021-27019/
CVE-2021-27018 (The mechanism which performs certificate validation was
discovered to ...)
NOT-FOR-US: Puppet Remediate
-CVE-2021-27017
- RESERVED
+CVE-2021-27017 (Utilization of a module presented a security risk by allowing
the dese ...)
- puppet <not-affected> (Specific to the Puppet 7.x stack)
NOTE: https://puppet.com/security/cve/CVE-2021-27017/
CVE-2021-27016
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/28c18f131e94920afc9353d6ebc311f5799077a4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/28c18f131e94920afc9353d6ebc311f5799077a4
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
