Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6b59acad by security tracker role at 2025-02-24T20:12:50+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,160 @@
-CVE-2023-52926 [io_uring/rw: split io_read() into a helper]
+CVE-2025-27364 (In MITRE Caldera through 4.2.0 and 5.0.0 before 35bc06e, a
Remote Code ...)
+ TODO: check
+CVE-2025-27357 (Cross-Site Request Forgery (CSRF) vulnerability in Musa AVCI
\xd6nceki ...)
+ TODO: check
+CVE-2025-27356 (Missing Authorization vulnerability in Hardik Sticky Header On
Scroll ...)
+ TODO: check
+CVE-2025-27355 (Cross-Site Request Forgery (CSRF) vulnerability in Nicolas
GRILLET Woo ...)
+ TODO: check
+CVE-2025-27353 (Cross-Site Request Forgery (CSRF) vulnerability in Bob
Namaste! LMS al ...)
+ TODO: check
+CVE-2025-27352 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-27351 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-27349 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-27348 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-27347 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-27344 (Cross-Site Request Forgery (CSRF) vulnerability in
filipstepanov Phee' ...)
+ TODO: check
+CVE-2025-27342 (Cross-Site Request Forgery (CSRF) vulnerability in josesan
WooCommerce ...)
+ TODO: check
+CVE-2025-27341 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-27340 (Cross-Site Request Forgery (CSRF) vulnerability in Marc
F12-Profiler a ...)
+ TODO: check
+CVE-2025-27339 (Cross-Site Request Forgery (CSRF) vulnerability in Will
Anderson Minim ...)
+ TODO: check
+CVE-2025-27336 (Cross-Site Request Forgery (CSRF) vulnerability in Alex
Prokopenko / J ...)
+ TODO: check
+CVE-2025-27335 (Cross-Site Request Forgery (CSRF) vulnerability in Free plug
in by SEO ...)
+ TODO: check
+CVE-2025-27332 (Cross-Site Request Forgery (CSRF) vulnerability in gmnazmul
Smart Main ...)
+ TODO: check
+CVE-2025-27331 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-27330 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-27329 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-27328 (Cross-Site Request Forgery (CSRF) vulnerability in queeez
WP-PostRatin ...)
+ TODO: check
+CVE-2025-27327 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-27325 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-27323 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-27321 (Cross-Site Request Forgery (CSRF) vulnerability in Blighty
Blightly Ex ...)
+ TODO: check
+CVE-2025-27320 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-27318 (Cross-Site Request Forgery (CSRF) vulnerability in ixiter
Simple Googl ...)
+ TODO: check
+CVE-2025-27317 (Cross-Site Request Forgery (CSRF) vulnerability in IT-RAYS
RAYS Grid a ...)
+ TODO: check
+CVE-2025-27316 (Cross-Site Request Forgery (CSRF) vulnerability in hosting.io
JPG, PNG ...)
+ TODO: check
+CVE-2025-27315 (Cross-Site Request Forgery (CSRF) vulnerability in wptom
All-In-One Cu ...)
+ TODO: check
+CVE-2025-27312 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-27311 (Cross-Site Request Forgery (CSRF) vulnerability in luk3thomas
Bulk Con ...)
+ TODO: check
+CVE-2025-27307 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-27306 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-27305 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-27304 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-27303 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-27301 (Deserialization of Untrusted Data vulnerability in Nazmul
Hasan Robin ...)
+ TODO: check
+CVE-2025-27300 (Deserialization of Untrusted Data vulnerability in giuliopanda
ADFO al ...)
+ TODO: check
+CVE-2025-27298 (Cross-Site Request Forgery (CSRF) vulnerability in cmstactics
WP Video ...)
+ TODO: check
+CVE-2025-27297 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-27296 (Missing Authorization vulnerability in revenueflex Auto Ad
Inserter \u ...)
+ TODO: check
+CVE-2025-27294 (Missing Authorization vulnerability in platcom WP-Asambleas
allows Exp ...)
+ TODO: check
+CVE-2025-27290 (Cross-Site Request Forgery (CSRF) vulnerability in seyyed-amir
Erima Z ...)
+ TODO: check
+CVE-2025-27280 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-27277 (Cross-Site Request Forgery (CSRF) vulnerability in tiefpunkt
Add Linke ...)
+ TODO: check
+CVE-2025-27276 (Cross-Site Request Forgery (CSRF) vulnerability in lizeipe
Photo Galle ...)
+ TODO: check
+CVE-2025-27272 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-27266 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-27265 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-27133 (WeGIA is a Web manager for charitable institutions. A SQL
Injection vu ...)
+ TODO: check
+CVE-2025-27112 (Navidrome is an open source web-based music collection server
and stre ...)
+ TODO: check
+CVE-2025-26883 (Missing Authorization vulnerability in bPlugins Animated Text
Block al ...)
+ TODO: check
+CVE-2025-26803 (The http parser in Phusion Passenger 6.0.21 through 6.0.25
before 6.0. ...)
+ TODO: check
+CVE-2025-26532 (Additional checks were required to ensure trusttext is applied
(when e ...)
+ TODO: check
+CVE-2025-26531 (Insufficient capability checks made it possible to disable
badges a us ...)
+ TODO: check
+CVE-2025-26530 (The question bank filter required additional sanitizing to
prevent a r ...)
+ TODO: check
+CVE-2025-26529 (Description information displayed in the site administration
live log ...)
+ TODO: check
+CVE-2025-26528 (The drag-and-drop onto image (ddimageortext) question type
required ad ...)
+ TODO: check
+CVE-2025-26527 (Tags not expected to be visible to a user could still be
discovered by ...)
+ TODO: check
+CVE-2025-26526 (Separate Groups mode restrictions were not factored into
permission c ...)
+ TODO: check
+CVE-2025-26525 (Insufficient sanitizing in the TeX notation filter resulted in
an arb ...)
+ TODO: check
+CVE-2025-26201 (Credential disclosure vulnerability via the /staff route in
GreaterWMS ...)
+ TODO: check
+CVE-2025-26200 (SQL injection in SLIMS v.9.6.1 allows a remote attacker to
escalate pr ...)
+ TODO: check
+CVE-2025-25460 (A stored Cross-Site Scripting (XSS) vulnerability was
identified in Fl ...)
+ TODO: check
+CVE-2025-23017 (WorkOS Hosted AuthKit before 2025-01-07 allows a password
authenticati ...)
+ TODO: check
+CVE-2025-22495 (An improper input validation vulnerability was discovered in
the NTP s ...)
+ TODO: check
+CVE-2025-1632 (A vulnerability was found in libarchive up to 3.7.7. It has
been class ...)
+ TODO: check
+CVE-2025-1488 (The WPO365 | MICROSOFT 365 GRAPH MAILER plugin for WordPress is
vulner ...)
+ TODO: check
+CVE-2025-0545 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-5174 (A flaw in Gliffy results in broken authentication through the
reset fu ...)
+ TODO: check
+CVE-2024-57026 (TawkTo Widget Version <= 1.3.7 is vulnerable to Cross Site
Scripting ( ...)
+ TODO: check
+CVE-2024-56897 (Improper access control in the HTTP server in YI Car Dashcam
v3.88 all ...)
+ TODO: check
+CVE-2024-54820 (XOne Web Monitor v02.10.2024.530 framework 1.0.4.9 was
discovered to c ...)
+ TODO: check
+CVE-2024-12918 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2024-12917 (Files or Directories Accessible to External Parties
vulnerability in A ...)
+ TODO: check
+CVE-2024-12916 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2023-52926 (In the Linux kernel, the following vulnerability has been
resolved: I ...)
- linux 6.7.7-1
[bookworm] - linux 6.1.123-1
NOTE:
https://git.kernel.org/linus/a08d195b586a217d76b42062f88f375a3eedda4d (6.7-rc1)
@@ -2709,7 +2865,7 @@ CVE-2024-55212 (DNNGo xBlog v6.5.0 was discovered to
contain a SQL injection vul
NOT-FOR-US: DNNGo xBlog
CVE-2024-54916 (An issue in the SharedConfig class of Telegram Android APK
v.11.7.0 al ...)
NOT-FOR-US: Telegram Android APK
-CVE-2024-54772 (An issue was discovered in the Winbox service of MikroTik
RouterOS v6. ...)
+CVE-2024-54772 (An issue was discovered in the Winbox service of MikroTik
RouterOS lon ...)
NOT-FOR-US: MikroTik
CVE-2024-53880 (NVIDIA Triton Inference Server contains a vulnerability in the
model l ...)
NOT-FOR-US: NVIDIA Triton Inference Server
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b59acad68820c8a51a054047a316773cb2daa61
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b59acad68820c8a51a054047a316773cb2daa61
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
