Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6ba03970 by security tracker role at 2025-02-22T20:11:58+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,50 @@
-CVE-2025-21704 [usb: cdc-acm: Check control transfer buffer size before access]
+CVE-2025-27012 (Cross-Site Request Forgery (CSRF) vulnerability in a1post
A1POST.BG Sh ...)
+ TODO: check
+CVE-2025-26973 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-26776 (Unrestricted Upload of File with Dangerous Type vulnerability
in NotFo ...)
+ TODO: check
+CVE-2025-26774 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-26764 (Missing Authorization vulnerability in enituretechnology
Distance Base ...)
+ TODO: check
+CVE-2025-26763 (Deserialization of Untrusted Data vulnerability in MetaSlider
Responsi ...)
+ TODO: check
+CVE-2025-26760 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-26757 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-26756 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-26750 (Missing Authorization vulnerability in appsbd Vitepos allows
Exploitin ...)
+ TODO: check
+CVE-2025-1557 (A vulnerability, which was classified as problematic, was found
in OFC ...)
+ TODO: check
+CVE-2025-1556 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2025-1553 (A vulnerability was found in pankajindevops scale up to
3633544a00245d ...)
+ TODO: check
+CVE-2025-1361 (The IP2Location Country Blocker plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2025-0957 (The SMTP for Amazon SES \u2013 YaySMTP plugin for WordPress is
vulnera ...)
+ TODO: check
+CVE-2025-0953 (The SMTP for Sendinblue \u2013 YaySMTP plugin for WordPress is
vulnera ...)
+ TODO: check
+CVE-2025-0918 (The SMTP for SendGrid \u2013 YaySMTP plugin for WordPress is
vulnerabl ...)
+ TODO: check
+CVE-2024-52939 (Kernel software installed and running inside a Guest VM may
post impro ...)
+ TODO: check
+CVE-2024-47896 (Kernel software installed and running inside a Guest VM may
exploit me ...)
+ TODO: check
+CVE-2024-46975 (Kernel software installed and running inside a Guest VM may
exploit me ...)
+ TODO: check
+CVE-2024-13869 (The Migration, Backup, Staging \u2013 WPvivid Backup &
Migration plugi ...)
+ TODO: check
+CVE-2024-13564 (The Rife Elementor Extensions & Templates plugin for WordPress
is vuln ...)
+ TODO: check
+CVE-2024-12577 (Kernel software installed and running inside a Guest VM may
exploit me ...)
+ TODO: check
+CVE-2025-21704 (In the Linux kernel, the following vulnerability has been
resolved: u ...)
- linux 6.12.16-1
NOTE:
https://git.kernel.org/linus/e563b01208f4d1f609bcab13333b6c0e24ce6a01 (6.14-rc3)
CVE-2025-27109 (solid-js is a declarative, efficient, and flexible JavaScript
library ...)
@@ -958,18 +1004,21 @@ CVE-2024-45774 (A flaw was found in grub2. A specially
crafted JPEG file can cau
NOTE:
https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
CVE-2025-27113 (libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL
pointer der ...)
+ {DLA-4064-1}
- libxml2 <unfixed> (bug #1098322)
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/861
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/2
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/libxml2/-/commit/6c716d491dd2e67f08066f4dc0619efeb49e43e6
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/libxml2/-/commit/503f788e84f1c1f1d769c2c7258d77faee94b5a3
(v2.12.10)
CVE-2025-24928 (libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a
stack-based buff ...)
+ {DLA-4064-1}
- libxml2 <unfixed> (bug #1098321)
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/847
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/2
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/libxml2/-/commit/8c8753ad5280ee13aee5eec9b0f6eee2ed920f57
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/libxml2/-/commit/858ca26c0689161a6b903a6682cc8a1cc10a0ea8
(v2.12.10)
CVE-2024-56171 (libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a
use-after-free i ...)
+ {DLA-4064-1}
- libxml2 <unfixed> (bug #1098320)
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/828
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/2
@@ -6780,6 +6829,7 @@ CVE-2024-10628 (The Quiz Maker Business, Developer, and
Agency plugins for WordP
CVE-2024-10574 (The Quiz Maker Business, Developer, and Agency plugins for
WordPress i ...)
NOT-FOR-US: WordPress plugin
CVE-2022-49043 (xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has
a use-af ...)
+ {DLA-4064-1}
[experimental] - libxml2 2.12.3+dfsg-0exp1
- libxml2 <unfixed> (bug #1094238)
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/libxml2/-/commit/5a19e21605398cef6a8b1452477a8705cb41562b
(v2.11.0)
@@ -109024,6 +109074,7 @@ CVE-2021-46903 (An issue was discovered in
LTOS-Web-Interface in Meinberg LANTIM
CVE-2021-46902 (An issue was discovered in LTOS-Web-Interface in Meinberg
LANTIME-Firm ...)
NOT-FOR-US: Meinberg
CVE-2024-25062 (An issue was discovered in libxml2 before 2.11.7 and 2.12.x
before 2.1 ...)
+ {DLA-4064-1}
[experimental] - libxml2 2.12.5+dfsg-0exp1
- libxml2 <unfixed> (bug #1063234)
[bookworm] - libxml2 <no-dsa> (Minor issue)
@@ -131180,6 +131231,7 @@ CVE-2023-40631 (In Dialer, there is a possible
missing permission check. This co
CVE-2023-5182 (Sensitive data could be exposed in logs of subiquity version
23.09.1 a ...)
NOT-FOR-US: Subiquity
CVE-2023-45322 (libxml2 through 2.11.5 has a use-after-free that can only
occur after ...)
+ {DLA-4064-1}
[experimental] - libxml2 2.12.3+dfsg-0exp1
- libxml2 <unfixed> (bug #1053629)
[bookworm] - libxml2 <no-dsa> (Minor issue)
@@ -137110,6 +137162,7 @@ CVE-2023-39616 (AOMedia v3.0.0 to v3.5.0 was
discovered to contain an invalid re
NOTE: For Debian this was initially fixed in Debian unstable with
3.7.0~rc3-1 but reverted with the
NOTE: 3.7.0~really3.6.1-1 upload re-introducing the issue.
CVE-2023-39615 (Xmlsoft Libxml2 v2.11.0 was discovered to contain an
out-of-bounds rea ...)
+ {DLA-4064-1}
[experimental] - libxml2 2.12.3+dfsg-0exp1
- libxml2 <unfixed> (bug #1051230)
[bookworm] - libxml2 <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ba039701e3f81d434ea39ceedfb88c24533a1b8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ba039701e3f81d434ea39ceedfb88c24533a1b8
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
