[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Tue, 25 Feb 2025 00:12:58 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
e7b28577 by security tracker role at 2025-02-25T08:12:23+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,65 @@
+CVE-2025-27145 (copyparty, a portable file server, has a DOM-based cross-site 
scriptin ...)
+       TODO: check
+CVE-2025-27144 (Go JOSE provides an implementation of the Javascript Object 
Signing an ...)
+       TODO: check
+CVE-2025-27143 (Better Auth is an authentication and authorization library for 
TypeScr ...)
+       TODO: check
+CVE-2025-27141 (Metabase Enterprise Edition is the enterprise version of 
Metabase busi ...)
+       TODO: check
+CVE-2025-27140 (WeGIA is a Web manager for charitable institutions. An OS 
Command Inje ...)
+       TODO: check
+CVE-2025-27137 (Dependency-Track is a component analysis platform that allows 
organiza ...)
+       TODO: check
+CVE-2025-26533 (An SQL injection risk was identified in the module list filter 
within  ...)
+       TODO: check
+CVE-2025-25513 (Seacms <=13.3 is vulnerable to SQL Injection in 
admin_members.php.)
+       TODO: check
+CVE-2025-22974 (SQL Injection vulnerability in SeaCMS v.13.2 and before allows 
a remot ...)
+       TODO: check
+CVE-2025-22210 (A SQL injection vulnerability in the Hikashop component 
versions 3.3.0 ...)
+       TODO: check
+CVE-2025-1675 (The function dns_copy_qname in dns_pack.c performs performs a 
memcpy o ...)
+       TODO: check
+CVE-2025-1674 (A lack of input validation allows for out of bounds reads 
caused by ma ...)
+       TODO: check
+CVE-2025-1673 (A malicious or malformed DNS packet without a payload can cause 
an out ...)
+       TODO: check
+CVE-2025-1648 (The Yawave plugin for WordPress is vulnerable to SQL Injection 
via the ...)
+       TODO: check
+CVE-2025-1646 (A vulnerability, which was classified as critical, has been 
found in L ...)
+       TODO: check
+CVE-2025-1645 (A vulnerability classified as critical was found in Benner 
Connecta 1. ...)
+       TODO: check
+CVE-2025-1644 (A vulnerability classified as problematic has been found in 
Benner Mod ...)
+       TODO: check
+CVE-2025-1643 (A vulnerability was found in Benner ModernaNet up to 1.1.0. It 
has bee ...)
+       TODO: check
+CVE-2025-1642 (A vulnerability was found in Benner ModernaNet up to 1.1.0. It 
has bee ...)
+       TODO: check
+CVE-2025-1641 (A vulnerability was found in Benner ModernaNet up to 1.1.0. It 
has bee ...)
+       TODO: check
+CVE-2025-1640 (A vulnerability was found in Benner ModernaNet up to 1.1.0 and 
classif ...)
+       TODO: check
+CVE-2025-1128 (The Everest Forms \u2013 Contact Forms, Quiz, Survey, 
Newsletter & Pay ...)
+       TODO: check
+CVE-2025-1063 (The Classified Listing \u2013 Classified ads & Business 
Directory Plug ...)
+       TODO: check
+CVE-2024-57685 (An issue in sparkshop v.1.1.7 and before allows a remote 
attacker to e ...)
+       TODO: check
+CVE-2024-57608 (An issue in Via Browser 6.1.0 allows a a remote attacker to 
execute ar ...)
+       TODO: check
+CVE-2024-56525 (In Public Knowledge Project (PKP) OJS, OMP, and OPS before 
3.3.0.21 an ...)
+       TODO: check
+CVE-2024-53544 (NovaCHRON Zeitsysteme GmbH & Co. KG Smart Time Plus v8.x to 
v8.6 was d ...)
+       TODO: check
+CVE-2024-53543 (NovaCHRON Zeitsysteme GmbH & Co. KG Smart Time Plus v8.x to 
v8.6 was d ...)
+       TODO: check
+CVE-2024-53542 (Incorrect access control in the component 
/iclock/Settings?restartNCS= ...)
+       TODO: check
+CVE-2024-13494 (The WordPress File Upload plugin for WordPress is vulnerable 
to Cross- ...)
+       TODO: check
+CVE-2024-10545 (The Photo Gallery, Sliders, Proofing and   WordPress plugin 
before 3.5 ...)
+       TODO: check
 CVE-2025-27364 (In MITRE Caldera through 4.2.0 and 5.0.0 before 35bc06e, a 
Remote Code ...)
        NOT-FOR-US: MITRE Caldera
 CVE-2025-27357 (Cross-Site Request Forgery (CSRF) vulnerability in Musa AVCI 
\xd6nceki ...)
@@ -1195,7 +1257,8 @@ CVE-2024-13681 (The Uncode theme for WordPress is 
vulnerable to arbitrary file r
        NOT-FOR-US: WordPress plugin
 CVE-2024-13667 (The Uncode theme for WordPress is vulnerable to Stored 
Cross-Site Scri ...)
        NOT-FOR-US: WordPress plugin
-CVE-2024-13636 (The Brooklyn theme for WordPress is vulnerable to PHP Object 
Injection ...)
+CVE-2024-13636
+       REJECTED
        NOT-FOR-US: WordPress plugin
 CVE-2024-13395 (The Threepress plugin for WordPress is vulnerable to Stored 
Cross-Site ...)
        NOT-FOR-US: WordPress plugin



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e7b28577d92ca9f195cddfd50aebce87ebfda8fb

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e7b28577d92ca9f195cddfd50aebce87ebfda8fb
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to