Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ded10985 by security tracker role at 2025-02-14T20:12:10+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,214 @@
-CVE-2025-26791 [conditional and config dependent mXSS-style bypass]
+CVE-2025-26524 (This vulnerability exists in RupeeWeb trading platform due to
missing ...)
+ TODO: check
+CVE-2025-26523 (This vulnerability exists in RupeeWeb trading platform due to
insuffic ...)
+ TODO: check
+CVE-2025-26522 (This vulnerability exists in RupeeWeb trading platform due to
improper ...)
+ TODO: check
+CVE-2025-26508 (Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP
LaserJet Manag ...)
+ TODO: check
+CVE-2025-26507 (Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP
LaserJet Manag ...)
+ TODO: check
+CVE-2025-26506 (Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP
LaserJet Manag ...)
+ TODO: check
+CVE-2025-26158 (A Stored Cross-Site Scripting (XSS) vulnerability was
discovered in th ...)
+ TODO: check
+CVE-2025-26157 (A SQL Injection vulnerability was found in /bpms/index.php in
Source C ...)
+ TODO: check
+CVE-2025-26156 (A SQL Injection vulnerability was found in
/shopping/track-orders.php ...)
+ TODO: check
+CVE-2025-25997 (Directory Traversal vulnerability in FeMiner wms v.1.0 allows
a remote ...)
+ TODO: check
+CVE-2025-25994 (SQL Injection vulnerability in FeMiner wms wms 1.0 allows a
remote att ...)
+ TODO: check
+CVE-2025-25993 (SQL Injection vulnerability in FeMiner wms wms 1.0 allows a
remote att ...)
+ TODO: check
+CVE-2025-25992 (SQL Injection vulnerability in FeMiner wms 1.0 allows a remote
attacke ...)
+ TODO: check
+CVE-2025-25991 (SQL Injection vulnerability in hooskcms v.1.7.1 allows a
remote attack ...)
+ TODO: check
+CVE-2025-25990 (Cross Site Scripting vulnerability in hooskcms v.1.7.1 allows
a remote ...)
+ TODO: check
+CVE-2025-25988 (Cross Site Scripting vulnerability in hooskcms v.1.8 allows a
remote a ...)
+ TODO: check
+CVE-2025-25745 (D-Link DIR-853 A1 FW1.20B07 was discovered to contain a
stack-based bu ...)
+ TODO: check
+CVE-2025-25740 (D-Link DIR-853 A1 FW1.20B07 was discovered to contain a
stack-based bu ...)
+ TODO: check
+CVE-2025-25304 (Vega is a visualization grammar, a declarative format for
creating, sa ...)
+ TODO: check
+CVE-2025-25297 (Label Studio is an open source data labeling tool. Prior to
version 1. ...)
+ TODO: check
+CVE-2025-25296 (Label Studio is an open source data labeling tool. Prior to
version 1. ...)
+ TODO: check
+CVE-2025-25295 (Label Studio is an open source data labeling tool. A path
traversal vu ...)
+ TODO: check
+CVE-2025-25290 (@octokit/request sends parameterized requests to GitHub\u2019s
APIs wi ...)
+ TODO: check
+CVE-2025-25289 (@octokit/request-error is an error class for Octokit request
errors. S ...)
+ TODO: check
+CVE-2025-25288 (@octokit/plugin-paginate-rest is the Octokit plugin to
paginate REST A ...)
+ TODO: check
+CVE-2025-25285 (@octokit/endpoint turns REST API endpoints into generic
request option ...)
+ TODO: check
+CVE-2025-25206 (eLabFTW is an open source electronic lab notebook for research
labs. P ...)
+ TODO: check
+CVE-2025-25204 (`gh` is GitHub\u2019s official command line tool. Starting in
version ...)
+ TODO: check
+CVE-2025-24700 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-24699 (Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company
WP Code ...)
+ TODO: check
+CVE-2025-24692 (Missing Authorization vulnerability in Michael Revellin-Clerc
Bulk Men ...)
+ TODO: check
+CVE-2025-24688 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-24641 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-24617 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-24616 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-24615 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-24614 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-24607 (Missing Authorization vulnerability in Northern Beaches
Websites IdeaP ...)
+ TODO: check
+CVE-2025-24592 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-24567 (Insertion of Sensitive Information Into Sent Data
vulnerability in bra ...)
+ TODO: check
+CVE-2025-24566 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-24565 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-24564 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-24558 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-24554 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23905 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23857 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23853 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23851 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23790 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23789 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23788 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23787 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23786 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23771 (Missing Authorization vulnerability in Murali Push
Notification for Po ...)
+ TODO: check
+CVE-2025-23766 (Missing Authorization vulnerability in ashamil OPSI Israel
Domestic Sh ...)
+ TODO: check
+CVE-2025-23751 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23750 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23748 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23742 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23658 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23657 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23655 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23653 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23652 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23651 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23650 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23648 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23647 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23646 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23598 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23571 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23568 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23534 (Missing Authorization vulnerability in Mark Winiarski WPLingo
allows E ...)
+ TODO: check
+CVE-2025-23525 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23523 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23492 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23474 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23431 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-23428 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22705 (Cross-Site Request Forgery (CSRF) vulnerability in godthor
Disqus Popu ...)
+ TODO: check
+CVE-2025-22702 (Missing Authorization vulnerability in EPC Photography. This
issue aff ...)
+ TODO: check
+CVE-2025-22698 (Missing Authorization vulnerability in Ability, Inc
Accessibility Suit ...)
+ TODO: check
+CVE-2025-1239 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2025-1071 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2025-0867 (The standard user uses the run as function to start the MEAC
applicati ...)
+ TODO: check
+CVE-2025-0821 (Bit Assist plugin for WordPress is vulnerable to time-based SQL
Inject ...)
+ TODO: check
+CVE-2025-0503 (Mattermost versions 9.11.x <= 9.11.6 fail to filter out DMs
from the d ...)
+ TODO: check
+CVE-2025-0178 (Improper Input Validation vulnerability in WatchGuard Fireware
OS allo ...)
+ TODO: check
+CVE-2024-8893 (Use of Hard-coded Credentials vulnerability in GoodWe
Technologies Co. ...)
+ TODO: check
+CVE-2024-57790 (IXON B.V. IXrouter IX2400 (Industrial Edge Gateway) v3.0 was
discovere ...)
+ TODO: check
+CVE-2024-57778 (An issue in Orbe ONetView Roeador Onet-1200 Orbe 1680210096
allows a r ...)
+ TODO: check
+CVE-2024-57725 (An issue in the Arcadyan Livebox Fibra PRV3399B_B_LT allows a
remote o ...)
+ TODO: check
+CVE-2024-56973 (Insecure Permissions vulnerability in Alvaria, Inc Unified IP
Unified ...)
+ TODO: check
+CVE-2024-56477 (IBM Power Hardware Management Console V10.3.1050.0 could allow
an auth ...)
+ TODO: check
+CVE-2024-56463 (IBM QRadar SIEM 7.5 is vulnerable to cross-site scripting.
This vulner ...)
+ TODO: check
+CVE-2024-56180 (CWE-502 Deserialization of Untrusted Data at the
eventmesh-meta-raftpl ...)
+ TODO: check
+CVE-2024-52895 (IBM i 7.4 and 7.5 is vulnerable to a database access denial of
service ...)
+ TODO: check
+CVE-2024-52577 (In Apache Ignite versions from 2.6.0 and before 2.17.0,
configured Cla ...)
+ TODO: check
+CVE-2024-52500 (Missing Authorization vulnerability in monetagwp Monetag
Official Plug ...)
+ TODO: check
+CVE-2024-3220 (There is a defect in the CPython standard library module
\u201cmimetyp ...)
+ TODO: check
+CVE-2024-13791 (Bit Assist plugin for WordPress is vulnerable to Path
Traversal in all ...)
+ TODO: check
+CVE-2024-13735 (The HurryTimer \u2013 An Scarcity and Urgency Countdown Timer
for Word ...)
+ TODO: check
+CVE-2024-13152 (Authorization Bypass Through User-Controlled SQL Primary Key
vulnerabi ...)
+ TODO: check
+CVE-2024-12651 (Exposed Dangerous Method or Function vulnerability in PTT Inc.
HGS Mob ...)
+ TODO: check
+CVE-2025-26791 (DOMPurify before 3.2.4 has an incorrect template literal
regular expre ...)
- node-dompurify <unfixed>
[bookworm] - node-dompurify <no-dsa> (Minor issue)
NOTE: Fixed by:
https://github.com/cure53/DOMPurify/commit/d18ffcb554e0001748865da03ac75dd7829f0f02
(3.2.4)
@@ -872,7 +1082,8 @@ CVE-2024-57777 (Directory Traversal vulnerability in
Ianproxy v.0.1 and before a
NOT-FOR-US: ffay/lanproxy
CVE-2024-57241 (Dedecms 5.71sp1 and earlier is vulnerable to URL redirect. In
the web ...)
NOT-FOR-US: Dedecms
-CVE-2024-57000 (An issue in Anyscale Inc Ray between v.2.9.3 and v.2.40.0
allows a rem ...)
+CVE-2024-57000
+ REJECTED
NOT-FOR-US: Anyscale Inc Ray
CVE-2024-55212 (DNNGo xBlog v6.5.0 was discovered to contain a SQL injection
vulnerabi ...)
NOT-FOR-US: DNNGo xBlog
@@ -974,9 +1185,11 @@ CVE-2025-26493 (In JetBrains TeamCity before 2024.12.2
several DOM-based XSS wer
NOT-FOR-US: JetBrains TeamCity
CVE-2025-26492 (In JetBrains TeamCity before 2024.12.2 improper Kubernetes
connection ...)
NOT-FOR-US: JetBrains TeamCity
-CVE-2025-26491 (A vulnerability has been identified in Opcenter Intelligence
(All vers ...)
+CVE-2025-26491
+ REJECTED
NOT-FOR-US: Opcenter Intelligence
-CVE-2025-26490 (A vulnerability has been identified in Opcenter Intelligence
(All vers ...)
+CVE-2025-26490
+ REJECTED
NOT-FOR-US: Opcenter Intelligence
CVE-2025-26411 (An authenticated attacker is able to use the Plugin Manager of
the web ...)
NOT-FOR-US: Wattsense Bridge devices
@@ -1799,7 +2012,7 @@ CVE-2025-1147 (A vulnerability has been found in GNU
Binutils 2.43 and classifie
- binutils <unfixed> (unimportant)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=32556
NOTE: binutils not covered by security support
-CVE-2025-1099 (The TP-Link Tapo C500 V1 and V2 are a pan-and-tilt outdoor
Wi-Fi secur ...)
+CVE-2025-1099 (This vulnerability exists in Tapo C500 Wi-Fi camera due to
hard-coded ...)
NOT-FOR-US: TP-Link
CVE-2024-8685 (Path-Traversal vulnerability in Revolution Pi version
2022-07-28-revpi ...)
NOT-FOR-US: Revolution Pi
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ded1098592c44729852d3ca3bbae0a3801c01313
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ded1098592c44729852d3ca3bbae0a3801c01313
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
