[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Wed, 26 Feb 2025 12:30:20 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
d92cb2fb by security tracker role at 2025-02-26T20:12:32+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,87 @@
+CVE-2025-26925 (Cross-Site Request Forgery (CSRF) vulnerability in Required 
Admin Menu ...)
+       TODO: check
+CVE-2025-26698 (Incorrect resource transfer between spheres issue exists in 
RevoWorks  ...)
+       TODO: check
+CVE-2025-25827 (A Server-Side Request Forgery (SSRF) in the component sort.php 
of Emlo ...)
+       TODO: check
+CVE-2025-25825 (A cross-site scripting (XSS) vulnerability in Emlog Pro v2.5.4 
allows  ...)
+       TODO: check
+CVE-2025-25823 (A cross-site scripting (XSS) vulnerability in Emlog Pro v2.5.4 
allows  ...)
+       TODO: check
+CVE-2025-25818 (A cross-site scripting (XSS) vulnerability in Emlog Pro v2.5.4 
allows  ...)
+       TODO: check
+CVE-2025-25813 (SeaCMS v13.3 was discovered to contain a remote code execution 
(RCE) v ...)
+       TODO: check
+CVE-2025-25802 (SeaCMS v13.3 was discovered to contain a remote code execution 
(RCE) v ...)
+       TODO: check
+CVE-2025-25800 (SeaCMS 13.3 was discovered to contain an arbitrary file read 
vulnerabi ...)
+       TODO: check
+CVE-2025-25799 (SeaCMS 13.3 was discovered to contain an arbitrary file read 
vulnerabi ...)
+       TODO: check
+CVE-2025-25797 (SeaCMS v13.3 was discovered to contain a remote code execution 
(RCE) v ...)
+       TODO: check
+CVE-2025-25796 (SeaCMS v13.3 was discovered to contain a remote code execution 
(RCE) v ...)
+       TODO: check
+CVE-2025-25794 (SeaCMS v13.3 was discovered to contain a remote code execution 
(RCE) v ...)
+       TODO: check
+CVE-2025-25793 (SeaCMS v13.3 was discovered to contain a remote code execution 
(RCE) v ...)
+       TODO: check
+CVE-2025-25792 (SeaCMS v13.3 was discovered to contain a remote code execution 
(RCE) v ...)
+       TODO: check
+CVE-2025-25791 (An arbitrary file upload vulnerability in the plugin 
installation feat ...)
+       TODO: check
+CVE-2025-25790 (An arbitrary file upload vulnerability in the component 
\controller\Lo ...)
+       TODO: check
+CVE-2025-25789 (FoxCMS v1.2.5 was discovered to contain a remote code 
execution (RCE)  ...)
+       TODO: check
+CVE-2025-25785 (JizhiCMS v2.5.4 was discovered to contain a Server-Side 
Request Forger ...)
+       TODO: check
+CVE-2025-25784 (An arbitrary file upload vulnerability in the component 
\c\TemplateCon ...)
+       TODO: check
+CVE-2025-25783 (An arbitrary file upload vulnerability in the component 
admin\plugin.p ...)
+       TODO: check
+CVE-2025-25462 (A SQL Injection vulnerability was found in 
/admin/add-propertytype.php ...)
+       TODO: check
+CVE-2025-20161 (A vulnerability in the software upgrade process of Cisco Nexus 
3000 Se ...)
+       TODO: check
+CVE-2025-20119 (A vulnerability in the system file permission handling of 
Cisco APIC c ...)
+       TODO: check
+CVE-2025-20118 (A vulnerability in the implementation of the internal system 
processes ...)
+       TODO: check
+CVE-2025-20117 (A vulnerability in the CLI of Cisco APIC could allow an 
authenticated, ...)
+       TODO: check
+CVE-2025-20116 (A vulnerability in the web UI of Cisco APIC could allow an 
authenticat ...)
+       TODO: check
+CVE-2025-20111 (A vulnerability in the health monitoring diagnostics of Cisco 
Nexus 30 ...)
+       TODO: check
+CVE-2025-1726 (There is a SQL injection issuein Esri ArcGIS Monitor versions 
2023.0 t ...)
+       TODO: check
+CVE-2025-1716 (picklescan before 0.0.21 does not treat 'pip' as an unsafe 
global. An  ...)
+       TODO: check
+CVE-2025-1517 (The Sina Extension for Elementor (Slider, Gallery, Form, Modal, 
Data T ...)
+       TODO: check
+CVE-2025-1249 (Missing Authorization vulnerability in Pixelite Events Manager 
allows  ...)
+       TODO: check
+CVE-2025-0941 (MET ONE 3400+ instruments running software v1.0.41 can, under 
rare con ...)
+       TODO: check
+CVE-2025-0731 (An unauthenticated remote attacker can upload a .aspx file 
instead of  ...)
+       TODO: check
+CVE-2025-0719 (IBM Cloud Pak for Data 4.0.0 through 4.8.5 and 5.0.0 is 
vulnerable to  ...)
+       TODO: check
+CVE-2024-6810 (The Quiz Organizer plugin for WordPress is vulnerable to Stored 
Cross- ...)
+       TODO: check
+CVE-2024-53427 (jq v1.7.1 contains a stack-buffer-overflow in the 
decNumberCopy functi ...)
+       TODO: check
+CVE-2024-52925 (In OPSWAT MetaDefender Kiosk before 4.7.0, arbitrary code 
execution ca ...)
+       TODO: check
+CVE-2024-47053 (This advisory addresses an authorization vulnerability in 
Mautic's HTT ...)
+       TODO: check
+CVE-2024-47051 (This advisory addresses two critical security vulnerabilities 
present  ...)
+       TODO: check
+CVE-2024-46226 (A stored cross site scripting (XSS) vulnerability in HelpDeskZ 
< v2.0. ...)
+       TODO: check
+CVE-2024-13560 (The Subscriptions & Memberships for PayPal plugin for 
WordPress is vul ...)
+       TODO: check
 CVE-2024-8186
        - gitlab <unfixed>
 CVE-2025-0555
@@ -6,7 +90,7 @@ CVE-2024-10925
        - gitlab <not-affected> (Specific to EE)
 CVE-2025-0475
        - gitlab <unfixed>
-CVE-2022-49732 [sock: redo the psock vs ULP protection check]
+CVE-2022-49732 (In the Linux kernel, the following vulnerability has been 
resolved:  s ...)
        - linux 5.18.14-1
        [bullseye] - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/e34a07c0ae3906f97eb18df50902e2a01c1015b6 (5.19-rc4)
@@ -151,7 +235,7 @@ CVE-2025-25208
        NOT-FOR-US: RedHat RHCL
 CVE-2025-25207
        NOT-FOR-US: RedHat RHCL
-CVE-2025-1634
+CVE-2025-1634 (A flaw was found in the quarkus-resteasy extension, which 
causes memor ...)
        NOT-FOR-US: Quarkus
 CVE-2025-0514 (Improper Input Validation vulnerability in The Document 
Foundation Lib ...)
        - libreoffice <not-affected> (Only affects Libreoffice on Windows)
@@ -251401,8 +251485,8 @@ CVE-2022-25775 (Prior to the patched version, logged 
in users of Mautic are vuln
        NOT-FOR-US: Mautic
 CVE-2022-25774 (Prior to the patched version, logged in users of Mautic are 
vulnerable ...)
        NOT-FOR-US: Mautic
-CVE-2022-25773
-       RESERVED
+CVE-2022-25773 (This advisory addresses a file placement vulnerability that 
could allo ...)
+       TODO: check
 CVE-2022-25772 (A cross-site scripting (XSS) vulnerability in the web tracking 
compone ...)
        NOT-FOR-US: Mautic
 CVE-2022-25771



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d92cb2fbd753bd740849b58cb93af0dc05d1eec6

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d92cb2fbd753bd740849b58cb93af0dc05d1eec6
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to