Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5f0d944e by security tracker role at 2025-03-01T08:11:55+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,79 @@
+CVE-2025-27554 (ToDesktop before 2024-10-03, as used by Cursor before
2024-10-03 and o ...)
+ TODO: check
+CVE-2025-27416 (Scratch-Coding-Hut.github.io is the website for Coding Hut.
The websit ...)
+ TODO: check
+CVE-2025-27414 (MinIO is a high performance object storage. Starting in
RELEASE.2024-0 ...)
+ TODO: check
+CVE-2025-27413 (PwnDoc is a penetration test reporting application. Prior to
version 1 ...)
+ TODO: check
+CVE-2025-27410 (PwnDoc is a penetration test reporting application. Prior to
version 1 ...)
+ TODO: check
+CVE-2025-25723 (Buffer Overflow vulnerability in GPAC version 2.5 allows a
local attac ...)
+ TODO: check
+CVE-2025-25478 (The account file upload functionality in Syspass 3.2.x fails
to proper ...)
+ TODO: check
+CVE-2025-25476 (A stored cross-site scripting (XSS) vulnerability in SysPass
3.2.x all ...)
+ TODO: check
+CVE-2025-25379 (Cross Site Request Forgery vulnerability in 07FLYCMS v.1.3.9
allows a ...)
+ TODO: check
+CVE-2025-23119 (An Improper Neutralization of Escape Sequences vulnerability
could all ...)
+ TODO: check
+CVE-2025-23118 (An Improper Certificate Validation vulnerability could allow
an authen ...)
+ TODO: check
+CVE-2025-23117 (An Insufficient Firmware Update Validation vulnerability could
allow a ...)
+ TODO: check
+CVE-2025-23116 (An Authentication Bypass vulnerability on UniFi Protect
Application wi ...)
+ TODO: check
+CVE-2025-23115 (A Use After Free vulnerability on UniFi Protect Cameras could
allow a ...)
+ TODO: check
+CVE-2025-1803
+ REJECTED
+CVE-2025-1780 (The BuddyPress WooCommerce My Account Integration. Create
WooCommerce ...)
+ TODO: check
+CVE-2025-1730 (The Simple Download Counter plugin for WordPress is vulnerable
to Arbi ...)
+ TODO: check
+CVE-2025-1671 (The Academist Membership plugin for WordPress is vulnerable to
Privile ...)
+ TODO: check
+CVE-2025-1638 (The Alloggio Membership plugin for WordPress is vulnerable to
Authenti ...)
+ TODO: check
+CVE-2025-1564 (The SetSail Membership plugin for WordPress is vulnerable to
in all v ...)
+ TODO: check
+CVE-2025-1502 (The IP2Location Redirection plugin for WordPress is vulnerable
to unau ...)
+ TODO: check
+CVE-2025-1459 (The Page Builder by SiteOrigin plugin for WordPress is
vulnerable to S ...)
+ TODO: check
+CVE-2025-0820 (The Clicface Trombi plugin for WordPress is vulnerable to
Stored Cross ...)
+ TODO: check
+CVE-2024-9217 (The Currency Switcher for WooCommerce plugin for WordPress is
vulnerab ...)
+ TODO: check
+CVE-2024-9212 (The SKU Generator for WooCommerce plugin for WordPress is
vulnerable t ...)
+ TODO: check
+CVE-2024-1509 (Brocade ASCG before 3.2.0 Web Interface is not enforcing
HSTS, as de ...)
+ TODO: check
+CVE-2024-13911 (The Database Backup and check Tables Automated With Scheduler
2024 plu ...)
+ TODO: check
+CVE-2024-13901 (The Counter Box: Add Engaging Countdowns, Timers & Counters to
Your Wo ...)
+ TODO: check
+CVE-2024-13806 (The The Authors List plugin for WordPress is vulnerable to
arbitrary s ...)
+ TODO: check
+CVE-2024-13750 (The Multilevel Referral Affiliate Plugin for WooCommerce
plugin for Wo ...)
+ TODO: check
+CVE-2024-13746 (The Booking Calendar and Notification plugin for WordPress is
vulnerab ...)
+ TODO: check
+CVE-2024-13568 (The Fluent Support \u2013 Helpdesk & Customer Support Ticket
System pl ...)
+ TODO: check
+CVE-2024-13559 (The TemplatesNext ToolKit plugin for WordPress is vulnerable
to Stored ...)
+ TODO: check
+CVE-2024-13518 (The Simple:Press Forum plugin for WordPress is vulnerable to
Cross-Sit ...)
+ TODO: check
+CVE-2024-13373 (The Exertio Framework plugin for WordPress is vulnerable to
privilege ...)
+ TODO: check
+CVE-2024-13358 (The BuddyPress WooCommerce My Account Integration. Create
WooCommerce ...)
+ TODO: check
+CVE-2024-12824 (The Nokri \u2013 Job Board WordPress Theme theme for WordPress
is vuln ...)
+ TODO: check
+CVE-2024-12544 (The SurveyJS: Drag & Drop WordPress Form Builder to create,
style and ...)
+ TODO: check
CVE-2025-27408 (Manifest offers users a one-file micro back end. Prior to
version 4.9. ...)
NOT-FOR-US: Manifest
CVE-2025-27400 (Magento Long Term Support (LTS) is an unofficial,
community-driven pro ...)
@@ -4247,7 +4323,7 @@ CVE-2024-11955 (A vulnerability was found in GLPI up to
10.0.17. It has been dec
- glpi <removed>
NOTE:
https://github.com/glpi-project/glpi/security/advisories/GHSA-g5fm-jq4j-c2c7
CVE-2025-26601 (A use-after-free flaw was found in X.Org and Xwayland. When
changing a ...)
- {DSA-5872-1}
+ {DSA-5872-1 DLA-4072-1}
- xorg-server 2:21.1.16-1 (bug #1098906)
- xwayland 2:24.1.6-1 (bug #1098907)
[bookworm] - xwayland <ignored> (Minor issue; Xwayland shouldn't be
running as root)
@@ -4257,14 +4333,14 @@ CVE-2025-26601 (A use-after-free flaw was found in
X.Org and Xwayland. When chan
NOTE: Fixed by:
https://gitlab.freedesktop.org/xorg/xserver/-/commit/8cbc90c8817306af75a60f494ec9dbb1061e50db
NOTE: Fixed by:
https://gitlab.freedesktop.org/xorg/xserver/-/commit/c285798984c6bb99e454a33772cde23d394d3dcd
CVE-2025-26600 (A use-after-free flaw was found in X.Org and Xwayland. When a
device i ...)
- {DSA-5872-1}
+ {DSA-5872-1 DLA-4072-1}
- xorg-server 2:21.1.16-1 (bug #1098906)
- xwayland 2:24.1.6-1 (bug #1098907)
[bookworm] - xwayland <ignored> (Minor issue; Xwayland shouldn't be
running as root)
NOTE:
https://lists.x.org/archives/xorg-announce/2025-February/003584.html
NOTE: Fixed by:
https://gitlab.freedesktop.org/xorg/xserver/-/commit/6e0f332ba4c8b8c9a9945dc9d7989bfe06f80e14
CVE-2025-26599 (An access to an uninitialized pointer flaw was found in X.Org
and Xway ...)
- {DSA-5872-1}
+ {DSA-5872-1 DLA-4072-1}
- xorg-server 2:21.1.16-1 (bug #1098906)
- xwayland 2:24.1.6-1 (bug #1098907)
[bookworm] - xwayland <ignored> (Minor issue; Xwayland shouldn't be
running as root)
@@ -4272,35 +4348,35 @@ CVE-2025-26599 (An access to an uninitialized pointer
flaw was found in X.Org an
NOTE: Fixed by:
https://gitlab.freedesktop.org/xorg/xserver/-/commit/c1ff84bef2569b4ba4be59323cf575d1798ba9be
NOTE: Fixed by:
https://gitlab.freedesktop.org/xorg/xserver/-/commit/b07192a8bedb90b039dc0f70ae69daf047ff9598
CVE-2025-26598 (An out-of-bounds write flaw was found in X.Org and Xwayland.
The funct ...)
- {DSA-5872-1}
+ {DSA-5872-1 DLA-4072-1}
- xorg-server 2:21.1.16-1 (bug #1098906)
- xwayland 2:24.1.6-1 (bug #1098907)
[bookworm] - xwayland <ignored> (Minor issue; Xwayland shouldn't be
running as root)
NOTE:
https://lists.x.org/archives/xorg-announce/2025-February/003584.html
NOTE: Fixed by:
https://gitlab.freedesktop.org/xorg/xserver/-/commit/bba9df1a9d57234c76c0b93f88dacb143d01bca2
CVE-2025-26597 (A buffer overflow flaw was found in X.Org and Xwayland. If
XkbChangeTy ...)
- {DSA-5872-1}
+ {DSA-5872-1 DLA-4072-1}
- xorg-server 2:21.1.16-1 (bug #1098906)
- xwayland 2:24.1.6-1 (bug #1098907)
[bookworm] - xwayland <ignored> (Minor issue; Xwayland shouldn't be
running as root)
NOTE:
https://lists.x.org/archives/xorg-announce/2025-February/003584.html
NOTE: Fixed by:
https://gitlab.freedesktop.org/xorg/xserver/-/commit/0e4ed94952b255c04fe910f6a1d9c852878dcd64
CVE-2025-26596 (A heap overflow flaw was found in X.Org and Xwayland. The
computation ...)
- {DSA-5872-1}
+ {DSA-5872-1 DLA-4072-1}
- xorg-server 2:21.1.16-1 (bug #1098906)
- xwayland 2:24.1.6-1 (bug #1098907)
[bookworm] - xwayland <ignored> (Minor issue; Xwayland shouldn't be
running as root)
NOTE:
https://lists.x.org/archives/xorg-announce/2025-February/003584.html
NOTE: Fixed by:
https://gitlab.freedesktop.org/xorg/xserver/-/commit/80d69f01423fc065c950e1ff4e8ddf9f675df773
CVE-2025-26595 (A buffer overflow flaw was found in X.Org and Xwayland. The
code in Xk ...)
- {DSA-5872-1}
+ {DSA-5872-1 DLA-4072-1}
- xorg-server 2:21.1.16-1 (bug #1098906)
- xwayland 2:24.1.6-1 (bug #1098907)
[bookworm] - xwayland <ignored> (Minor issue; Xwayland shouldn't be
running as root)
NOTE:
https://lists.x.org/archives/xorg-announce/2025-February/003584.html
NOTE: Fixed by:
https://gitlab.freedesktop.org/xorg/xserver/-/commit/11fcda8753e994e15eb915d28cf487660ec8e722
CVE-2025-26594 (A use-after-free flaw was found in X.Org and Xwayland. The
root cursor ...)
- {DSA-5872-1}
+ {DSA-5872-1 DLA-4072-1}
- xorg-server 2:21.1.16-1 (bug #1098906)
- xwayland 2:24.1.6-1 (bug #1098907)
[bookworm] - xwayland <ignored> (Minor issue; Xwayland shouldn't be
running as root)
@@ -5378,6 +5454,7 @@ CVE-2025-25054 (Movable Type contains a reflected
cross-site scripting vulnerabi
CVE-2025-24841 (Movable Type contains a stored cross-site scripting
vulnerability in t ...)
- movabletype-opensource <removed>
CVE-2025-22921 (FFmpeg git-master,N-113007-g8d24a28d06 was discovered to
contain a seg ...)
+ {DLA-4073-1}
- ffmpeg <unfixed>
[bookworm] - ffmpeg <postponed> (Minor issue, wait until it's fixed in
the 5.1 branch)
NOTE: https://trac.ffmpeg.org/ticket/11393
@@ -5388,6 +5465,7 @@ CVE-2025-22920 (A heap buffer overflow vulnerability in
FFmpeg before commit 4bf
NOTE: Introduced with:
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/545de54e3e0ce5ad1285aa5e111e6657ad803f79
NOTE: Fixed by:
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/4bf784c0e5615c3f934e677d5de093a8be7da7ae
CVE-2025-22919 (A reachable assertion in FFmpeg git-master commit
N-113007-g8d24a28d06 ...)
+ {DLA-4073-1}
- ffmpeg <unfixed>
[bookworm] - ffmpeg <postponed> (Minor issue, wait until it's fixed in
the 5.1 branch)
NOTE: https://trac.ffmpeg.org/ticket/11385
@@ -5727,7 +5805,7 @@ CVE-2025-26844 [znuny: HTTP Cookie not set correctly]
- znuny 6.5.13-1
[bookworm] - znuny <no-dsa> (Non-free not supported)
NOTE: https://www.znuny.org/en/advisories/zsa-2025-05
-CVE-2025-26466 [Denial of Service: asymmetric resource consumption of memory
and CPU]
+CVE-2025-26466 (A flaw was found in the OpenSSH package. For each ping packet
the SSH ...)
- openssh 1:9.9p2-1
[bookworm] - openssh <not-affected> (Vulnerable code introduced later)
[bullseye] - openssh <not-affected> (Vulnerable code introduced later)
@@ -12710,11 +12788,14 @@ CVE-2025-23237 (Improper neutralization of special
elements used in an OS comman
NOT-FOR-US: UD-LT2 firmware
CVE-2025-23090 (With the aid of the diagnostics_channel utility, an event can
be hooke ...)
TODO: check, seems to be duplicate of CVE-2025-23083, verify it with CNA
-CVE-2025-23089 (NOTE: use of the CVE List to report that a product is
unsupported, wit ...)
+CVE-2025-23089
+ REJECTED
NOT-FOR-US: EOL notification for nodejs 21
-CVE-2025-23088 (NOTE: use of the CVE List to report that a product is
unsupported, wit ...)
+CVE-2025-23088
+ REJECTED
NOT-FOR-US: EOL notification for nodejs 19
-CVE-2025-23087 (This CVE has been issued to inform users that they are using
End-of-Li ...)
+CVE-2025-23087
+ REJECTED
NOT-FOR-US: EOL notification for nodejs 17
CVE-2025-22450 (Inclusion of undocumented features issue exists in UD-LT2
firmware Ver ...)
NOT-FOR-US: UD-LT2 firmware
@@ -14524,6 +14605,7 @@ CVE-2025-20621 (Mattermost versions 10.2.x <= 10.2.0,
9.11.x <= 9.11.5, 10.0.x <
CVE-2025-20072 (Mattermost Mobile versions <= 2.22.0 fail to properly validate
the sty ...)
NOT-FOR-US: Mattermost Mobile
CVE-2025-0518 (Unchecked Return Value, Out-of-bounds Read vulnerability in
FFmpeg all ...)
+ {DLA-4073-1}
- ffmpeg <unfixed>
[bookworm] - ffmpeg <postponed> (Minor issue, wait until it's fixed in
the 5.1 branch)
NOTE: Fixed by:
https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a
@@ -28365,7 +28447,7 @@ CVE-2024-11738 (A flaw was found in Rustls 0.23.13 and
related APIs. This vulner
- rust-rustls <not-affected> (Vulnerable code introduced later)
NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0399.html
NOTE: https://github.com/rustls/rustls/issues/2227
-CVE-2024-53920 (In elisp-mode.el in GNU Emacs through 30.0.92, a user who
chooses to i ...)
+CVE-2024-53920 (In elisp-mode.el in GNU Emacs before 30.1, a user who chooses
to invok ...)
{DSA-5871-1 DLA-4069-1}
- emacs 1:30.1+1-1 (bug #1088690)
NOTE:
https://eshelyaron.com/posts/2024-11-27-emacs-aritrary-code-execution-and-how-to-avoid-it.html
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5f0d944ed6345d0b64890206651ff6cbabdfc096
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5f0d944ed6345d0b64890206651ff6cbabdfc096
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
