Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c1e3e93d by security tracker role at 2025-02-13T20:12:37+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,121 @@
-CVE-2025-1094 [Harden PQescapeString and allied functions against
invalidly-encoded input strings]
+CVE-2025-26582 (Cross-Site Request Forgery (CSRF) vulnerability in Blackbam
TinyMCE Ad ...)
+ TODO: check
+CVE-2025-26580 (Cross-Site Request Forgery (CSRF) vulnerability in
CompleteWebResource ...)
+ TODO: check
+CVE-2025-26578 (Cross-Site Request Forgery (CSRF) vulnerability in mathieuhays
Simple ...)
+ TODO: check
+CVE-2025-26577 (Cross-Site Request Forgery (CSRF) vulnerability in daxiawp
DX-auto-pub ...)
+ TODO: check
+CVE-2025-26574 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-26572 (Cross-Site Request Forgery (CSRF) vulnerability in jesseheap
WP PHPLis ...)
+ TODO: check
+CVE-2025-26571 (Cross-Site Request Forgery (CSRF) vulnerability in wibiya
Wibiya Toolb ...)
+ TODO: check
+CVE-2025-26570 (Cross-Site Request Forgery (CSRF) vulnerability in uamv Glance
That al ...)
+ TODO: check
+CVE-2025-26569 (Cross-Site Request Forgery (CSRF) vulnerability in
callmeforsox Post T ...)
+ TODO: check
+CVE-2025-26568 (Cross-Site Request Forgery (CSRF) vulnerability in jensmueller
Easy Am ...)
+ TODO: check
+CVE-2025-26567 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-26562 (Cross-Site Request Forgery (CSRF) vulnerability in Shambhu
Patnaik RSS ...)
+ TODO: check
+CVE-2025-26561 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-26558 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-26552 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-26551 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-26550 (Cross-Site Request Forgery (CSRF) vulnerability in Kunal
Shivale Globa ...)
+ TODO: check
+CVE-2025-26549 (Cross-Site Request Forgery (CSRF) vulnerability in pa1 WP Html
Page Si ...)
+ TODO: check
+CVE-2025-26547 (Cross-Site Request Forgery (CSRF) vulnerability in
nagarjunsonti My Lo ...)
+ TODO: check
+CVE-2025-26545 (Cross-Site Request Forgery (CSRF) vulnerability in shisuh
Related Post ...)
+ TODO: check
+CVE-2025-26543 (Cross-Site Request Forgery (CSRF) vulnerability in Pukhraj
Suthar Simp ...)
+ TODO: check
+CVE-2025-26539 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-26538 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-26511 (Systems running the Instaclustr fork of Stratio's
Cassandra-Lucene-In ...)
+ TODO: check
+CVE-2025-25901 (A buffer overflow vulnerability was discovered in TP-Link
TL-WR841ND V ...)
+ TODO: check
+CVE-2025-25900 (A buffer overflow vulnerability was discovered in TP-Link
TL-WR841ND V ...)
+ TODO: check
+CVE-2025-25899 (A buffer overflow vulnerability was discovered in TP-Link
TL-WR841ND V ...)
+ TODO: check
+CVE-2025-25898 (A buffer overflow vulnerability was discovered in TP-Link
TL-WR841ND V ...)
+ TODO: check
+CVE-2025-25897 (A buffer overflow vulnerability was discovered in TP-Link
TL-WR841ND V ...)
+ TODO: check
+CVE-2025-25389 (A SQL Injection vulnerability was found in
/admin/forgot-password.php ...)
+ TODO: check
+CVE-2025-25388 (A SQL Injection vulnerability was found in
/admin/edit-propertytype.ph ...)
+ TODO: check
+CVE-2025-25387 (A SQL Injection vulnerability was found in
/admin/manage-propertytype. ...)
+ TODO: check
+CVE-2025-25357 (A SQL Injection vulnerability was found in
/admin/contactus.php in PHP ...)
+ TODO: check
+CVE-2025-25356 (A SQL Injection vulnerability was found in
/admin/bwdates-reports-deta ...)
+ TODO: check
+CVE-2025-25355 (A SQL Injection vulnerability was found in
/admin/bwdates-reports-deta ...)
+ TODO: check
+CVE-2025-25354 (A SQL Injection was found in /admin/admin-profile.php in
PHPGurukul La ...)
+ TODO: check
+CVE-2025-25352 (A SQL Injection vulnerability was found in /admin/aboutus.php
in PHPGu ...)
+ TODO: check
+CVE-2025-25287 (Lakeus is a simple skin made for MediaWiki. Starting in
version 1.8.0 ...)
+ TODO: check
+CVE-2025-24904 (libsignal-service-rs is a Rust version of the
libsignal-service-java l ...)
+ TODO: check
+CVE-2025-24903 (libsignal-service-rs is a Rust version of the
libsignal-service-java l ...)
+ TODO: check
+CVE-2025-24889 (The SecureDrop Client is a desktop application for journalists
to comm ...)
+ TODO: check
+CVE-2025-24888 (The SecureDrop Client is a desktop application for journalists
to comm ...)
+ TODO: check
+CVE-2025-22480 (Dell SupportAssist OS Recovery versions prior to 5.5.13.1
contain a sy ...)
+ TODO: check
+CVE-2025-1271 (Reflected Cross-Site Scripting (XSS) in Anapi Group's h6web.
This secu ...)
+ TODO: check
+CVE-2025-1270 (Insecure direct object reference (IDOR) vulnerability in Anapi
Group's ...)
+ TODO: check
+CVE-2025-1127 (The vulnerability can be leveraged by an attacker to execute
arbitrary ...)
+ TODO: check
+CVE-2025-0426 (A security issue was discovered in Kubernetes where a large
number of ...)
+ TODO: check
+CVE-2024-13867 (The Listivo - Classified Ads WordPress Theme theme for
WordPress is vu ...)
+ TODO: check
+CVE-2024-13639 (The Read More & Accordion plugin for WordPress is vulnerable
to unauth ...)
+ TODO: check
+CVE-2024-13606 (The JS Help Desk \u2013 The Ultimate Help Desk & Support
Plugin plugin ...)
+ TODO: check
+CVE-2024-13182 (The WP Directorybox Manager plugin for WordPress is vulnerable
to Auth ...)
+ TODO: check
+CVE-2024-12013 (A CWE-1392 \u201cUse of Default Credentials\u201d was
discovered affec ...)
+ TODO: check
+CVE-2024-12012 (A CWE-598 \u201cUse of GET Request Method with Sensitive Query
Strings ...)
+ TODO: check
+CVE-2024-12011 (A CWE-126 \u201cBuffer Over-read\u201d was discovered
affecting the 13 ...)
+ TODO: check
+CVE-2024-11347 (Integer Overflow or Wraparound vulnerability in Lexmark
International ...)
+ TODO: check
+CVE-2024-11346 (: Access of Resource Using Incompatible Type ('Type
Confusion') vulner ...)
+ TODO: check
+CVE-2024-11345 (A heap-based memory vulnerability has been identified in the
Postscrip ...)
+ TODO: check
+CVE-2024-11344 (A type confusion vulnerability has been identified in the
Postscript i ...)
+ TODO: check
+CVE-2025-1094 (Improper neutralization of quoting syntax in PostgreSQL libpq
function ...)
+ {DLA-4052-1}
- postgresql-17 17.3-1
- postgresql-15 <removed>
[bookworm] - postgresql-15 <no-dsa> (Minor issue)
@@ -11,13 +128,13 @@ CVE-2025-1094 [Harden PQescapeString and allied functions
against invalidly-enco
NOTE:
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=dd3c1eb38e9add293f8be59b6aec7574e8584bdb
(REL_17_3)
NOTE:
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=05abb0f8303a78921f7113bee1d72586142df99e
(REL_17_3)
NOTE:
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=85c1fcc6563843d7ee7ae6f81f29ef813e77a4b6
(REL_17_3)
-CVE-2025-21701 [net: avoid race between device unregistration and ethnl ops]
+CVE-2025-21701 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.12.13-1
NOTE:
https://git.kernel.org/linus/12e070eb6964b341b41677fd260af5a305316a1f (6.14-rc1)
-CVE-2025-21700 [net: sched: Disallow replacing of child qdisc from one parent
to another]
+CVE-2025-21700 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.12.13-1
NOTE:
https://git.kernel.org/linus/bc50835e83f60f56e9bec2b392fb5544f250fb6f (6.14-rc1)
-CVE-2024-3303
+CVE-2024-3303 (An issue was discovered in GitLab EE affecting all versions
starting f ...)
- gitlab <not-affected> (Specific to EE)
CVE-2025-0998
- chromium 133.0.6943.98-1
@@ -251,7 +368,7 @@ CVE-2023-31276 (Heap-based buffer overflow in BMC Firmware
for the Intel(R) Serv
NOT-FOR-US: Intel
CVE-2023-29164 (Improper access control in BMC Firmware for the Intel(R)
Server Board ...)
NOT-FOR-US: Intel
-CVE-2025-1247
+CVE-2025-1247 (A flaw was found in Quarkus REST that allows request parameters
to lea ...)
NOT-FOR-US: Quarkus
CVE-2025-26378 (A CWE-862 "Missing Authorization" in
maxprofile/users/routes.lua in Q- ...)
NOT-FOR-US: Q-Free MaxTime
@@ -9857,7 +9974,7 @@ CVE-2024-46921 (An issue was discovered in Samsung Mobile
Processor and Modem Ex
NOT-FOR-US: Samsung
CVE-2024-46920 (An issue was discovered in Samsung Mobile Processor Exynos
9820, 9825, ...)
NOT-FOR-US: Samsung
-CVE-2024-46910
+CVE-2024-46910 (An authenticated user can perform XSS and potentially
impersonate anot ...)
NOT-FOR-US: Apache Atlas
CVE-2024-46919 (An issue was discovered in Samsung Mobile Processor Exynos
9820, 9825, ...)
NOT-FOR-US: Samsung
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c1e3e93d9d4aa648803a7ea8c6054beae943f956
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c1e3e93d9d4aa648803a7ea8c6054beae943f956
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
