Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
847444af by security tracker role at 2025-03-04T20:12:41+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,59 +1,151 @@
-CVE-2025-1943
+CVE-2025-27507 (The open-source identity infrastructure software Zitadel
allows admini ...)
+ TODO: check
+CVE-2025-27426 (Malicious websites utilizing a server-side redirect to an
internal err ...)
+ TODO: check
+CVE-2025-27425 (Scanning certain QR codes that included text with a website
URL could ...)
+ TODO: check
+CVE-2025-27424 (Websites redirecting to a non-HTTP scheme URL could allow a
website ad ...)
+ TODO: check
+CVE-2025-27402 (Tuleap is an Open Source Suite to improve management of
software devel ...)
+ TODO: check
+CVE-2025-27401 (Tuleap is an Open Source Suite to improve management of
software devel ...)
+ TODO: check
+CVE-2025-27156 (Tuleap is an Open Source Suite to improve management of
software devel ...)
+ TODO: check
+CVE-2025-27155 (Pinecone is an experimental overlay routing protocol suite
which is th ...)
+ TODO: check
+CVE-2025-27150 (Tuleap is an Open Source Suite to improve management of
software devel ...)
+ TODO: check
+CVE-2025-27111 (Rack is a modular Ruby web server interface. The
Rack::Sendfile middle ...)
+ TODO: check
+CVE-2025-26849 (There is a Hard-coded Cryptographic Key in Docusnap
13.0.1440.24261, a ...)
+ TODO: check
+CVE-2025-26320 (t0mer BroadlinkManager v5.9.1 was discovered to contain an OS
command ...)
+ TODO: check
+CVE-2025-26202 (Cross-Site Scripting (XSS) vulnerability exists in the
WPA/WAPI Passph ...)
+ TODO: check
+CVE-2025-26182 (An issue in xxyopen novel plus v.4.4.0 and before allows a
remote atta ...)
+ TODO: check
+CVE-2025-26091 (A Cross Site Scripting (XSS) vulnerability exists in
TeamPasswordManag ...)
+ TODO: check
+CVE-2025-23368 (A flaw was found in Wildfly Elytron integration. The component
does no ...)
+ TODO: check
+CVE-2025-22226 (VMware ESXi, Workstation, and Fusion containan information
disclosure ...)
+ TODO: check
+CVE-2025-22225 (VMware ESXi contains an arbitrary writevulnerability.A
malicious actor ...)
+ TODO: check
+CVE-2025-22224 (VMware ESXi, and Workstationcontain a TOCTOU (Time-of-Check
Time-of-Us ...)
+ TODO: check
+CVE-2025-1969 (Improper request input validation in Temporary Elevated Access
Managem ...)
+ TODO: check
+CVE-2025-1953 (A vulnerability has been found in vLLM AIBrix 0.2.0 and
classified as ...)
+ TODO: check
+CVE-2025-1952 (A vulnerability, which was classified as critical, was found in
PHPGur ...)
+ TODO: check
+CVE-2025-1949 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2025-1947 (A vulnerability classified as critical has been found in
hzmanyun Educ ...)
+ TODO: check
+CVE-2025-1946 (A vulnerability was found in hzmanyun Education and Training
System 2. ...)
+ TODO: check
+CVE-2025-1925 (A vulnerability classified as problematic was found in Open5GS
up to 2 ...)
+ TODO: check
+CVE-2025-1425 (A Sudo privilege misconfiguration vulnerability in PocketBook
InkPad C ...)
+ TODO: check
+CVE-2025-1424 (A privilege escalation vulnerability in PocketBook InkPad Color
3 allo ...)
+ TODO: check
+CVE-2025-1260 (On affected platforms running Arista EOS with OpenConfig
configured, a ...)
+ TODO: check
+CVE-2025-1259 (On affected platforms running Arista EOS with OpenConfig
configured, a ...)
+ TODO: check
+CVE-2025-1080 (LibreOffice supports Office URI Schemes to enable browser
integration ...)
+ TODO: check
+CVE-2025-0958 (The Ultimate WordPress Auction Plugin plugin for WordPress is
vulnerab ...)
+ TODO: check
+CVE-2025-0512 (The Structured Content (JSON-LD) #wpsc plugin for WordPress is
vulnera ...)
+ TODO: check
+CVE-2025-0433 (The Master Addons \u2013 Elementor Addons with White Label,
Free Widge ...)
+ TODO: check
+CVE-2025-0370 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for
WordPre ...)
+ TODO: check
+CVE-2024-9618 (The Master Addons \u2013 Elementor Addons with White Label,
Free Widge ...)
+ TODO: check
+CVE-2024-9149 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2024-50707 (Unauthenticated remote code execution vulnerability in
Uniguest Triple ...)
+ TODO: check
+CVE-2024-50706 (Unauthenticated SQL injection vulnerability in Uniguest
Tripleplay bef ...)
+ TODO: check
+CVE-2024-50705 (Unauthenticated reflected cross-site scripting (XSS)
vulnerability in ...)
+ TODO: check
+CVE-2024-50704 (Unauthenticated remote code execution vulnerability in
Uniguest Triple ...)
+ TODO: check
+CVE-2024-41147 (An out-of-bounds write vulnerability exists in the
ma_dr_flac__decode_ ...)
+ TODO: check
+CVE-2024-13724 (The Wallet System for WooCommerce \u2013 Wallet, Wallet
Cashback, Refu ...)
+ TODO: check
+CVE-2024-13682 (The Wallet System for WooCommerce \u2013 Wallet, Wallet
Cashback, Refu ...)
+ TODO: check
+CVE-2024-11957 (Improper verification of the digital signature in
ksojscore.dll in Kin ...)
+ TODO: check
+CVE-2024-10930 (An Uncontrolled Search Path Element vulnerability exists which
could a ...)
+ TODO: check
+CVE-2025-1943 (Memory safety bugs present in Firefox 135 and Thunderbird 135.
Some of ...)
- firefox <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-14/#CVE-2025-1943
-CVE-2025-1938
+CVE-2025-1938 (Memory safety bugs present in Firefox 135, Thunderbird 135,
Firefox ES ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-14/#CVE-2025-1938
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-16/#CVE-2025-1938
-CVE-2025-1937
+CVE-2025-1937 (Memory safety bugs present in Firefox 135, Thunderbird 135,
Firefox ES ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-14/#CVE-2025-1937
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-16/#CVE-2025-1937
-CVE-2025-1936
+CVE-2025-1936 (jar: URLs retrieve local file content packaged in a ZIP
archive. The n ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-14/#CVE-2025-1936
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-16/#CVE-2025-1936
-CVE-2025-1935
+CVE-2025-1935 (A web page could trick a user into setting that site as the
default ha ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-14/#CVE-2025-1935
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-16/#CVE-2025-1935
-CVE-2025-1942
+CVE-2025-1942 (When String.toUpperCase() caused a string to get longer it was
possibl ...)
- firefox <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-14/#CVE-2025-1942
-CVE-2025-1941
+CVE-2025-1941 (Under certain circumstances, a user opt-in setting that Focus
should r ...)
- firefox <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-14/#CVE-2025-1941
-CVE-2025-1934
+CVE-2025-1934 (It was possible to interrupt the processing of a RegExp bailout
and ru ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-14/#CVE-2025-1934
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-16/#CVE-2025-1934
-CVE-2025-1940
+CVE-2025-1940 (A select option could partially obscure the confirmation prompt
shown ...)
- firefox <not-affected> (Only affects Firefox on Android)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-14/#CVE-2025-1940
-CVE-2025-1933
+CVE-2025-1933 (On 64-bit CPUs, when the JIT compiles WASM i32 return values
they can ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-14/#CVE-2025-1933
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-16/#CVE-2025-1933
-CVE-2025-1932
+CVE-2025-1932 (An inconsistent comparator in xslt/txNodeSorter could have
resulted in ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-14/#CVE-2025-1932
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-16/#CVE-2025-1932
-CVE-2025-1931
+CVE-2025-1931 (It was possible to cause a use-after-free in the content
process side ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-14/#CVE-2025-1931
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-16/#CVE-2025-1931
-CVE-2025-1939
+CVE-2025-1939 (Android apps can load web pages using the Custom Tabs feature.
This fe ...)
- firefox <not-affected> (Android-specific)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-14/#CVE-2025-1939
-CVE-2025-1930
+CVE-2025-1930 (On Windows, a compromised content process could use bad
StreamData sen ...)
- firefox <not-affected> (Windows-specific)
- firefox-esr <not-affected> (Windows-specific)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-14/#CVE-2025-1930
@@ -413632,8 +413724,8 @@ CVE-2020-3123 (A vulnerability in the
Data-Loss-Prevention (DLP) module in Clam
[stretch] - clamav 0.102.2+dfsg-0~deb9u1
[jessie] - clamav <not-affected> (Vulnerable code introduced in 0.102.x)
NOTE:
https://blog.clamav.net/2020/02/clamav-01022-security-patch-released.html
-CVE-2020-3122
- RESERVED
+CVE-2020-3122 (A vulnerability in the web-based management interface of Cisco
AsyncOS ...)
+ TODO: check
CVE-2020-3121 (A vulnerability in the web-based management interface of Cisco
Small B ...)
NOT-FOR-US: Cisco
CVE-2020-3120 (A vulnerability in the Cisco Discovery Protocol implementation
for Cis ...)
@@ -440125,7 +440217,7 @@ CVE-2019-13455 (In Xymon through 4.3.28, a
stack-based buffer overflow vulnerabi
[buster] - xymon 4.3.28-5+deb10u1
[stretch] - xymon 4.3.28-2+deb9u1
NOTE: https://lists.xymon.com/archive/2019-July/046570.html
-CVE-2019-13454 (ImageMagick 7.0.8-54 Q16 allows Division by Zero in
RemoveDuplicateLay ...)
+CVE-2019-13454 (ImageMagick 7.0.1-0 to 7.0.8-54 Q16 allows Division by Zero in
RemoveD ...)
{DSA-4712-1 DLA-2333-1}
- imagemagick 8:6.9.11.24+dfsg-1 (low; bug #931740)
[jessie] - imagemagick <ignored> (low impact issue)
@@ -473642,8 +473734,8 @@ CVE-2019-1817 (A vulnerability in the web proxy
functionality of Cisco AsyncOS S
NOT-FOR-US: Cisco
CVE-2019-1816 (A vulnerability in the log subscription subsystem of the Cisco
Web Sec ...)
NOT-FOR-US: Cisco
-CVE-2019-1815
- RESERVED
+CVE-2019-1815 (A security vulnerability was discovered in the local status
page funct ...)
+ TODO: check
CVE-2019-1814 (A vulnerability in the interactions between the DHCP and TFTP
features ...)
NOT-FOR-US: Cisco
CVE-2019-1813 (A vulnerability in the Image Signature Verification feature of
Cisco N ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/847444af3f9e0ea927f5cca010dd3a7a0e417a58
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/847444af3f9e0ea927f5cca010dd3a7a0e417a58
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
