Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c60ba445 by security tracker role at 2025-03-07T20:12:00+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,35 +1,157 @@
-CVE-2025-21843 [drm/panthor: avoid garbage value in panthor_ioctl_dev_query()]
+CVE-2025-2090 (A vulnerability was found in PHPGurukul Pre-School Enrollment
System 1 ...)
+ TODO: check
+CVE-2025-2089 (A vulnerability has been found in StarSea99 starsea-mall
1.0/2.X and c ...)
+ TODO: check
+CVE-2025-2088 (A vulnerability, which was classified as critical, was found in
PHPGur ...)
+ TODO: check
+CVE-2025-2087 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2025-2086 (A vulnerability classified as problematic was found in
StarSea99 stars ...)
+ TODO: check
+CVE-2025-2085 (A vulnerability classified as problematic has been found in
StarSea99 ...)
+ TODO: check
+CVE-2025-2084 (A vulnerability was found in PHPGurukul Human Metapneumovirus
Testing ...)
+ TODO: check
+CVE-2025-2024 (Trimble SketchUp SKP File Parsing Uninitialized Variable Remote
Code E ...)
+ TODO: check
+CVE-2025-27607 (Python JSON Logger is a JSON Formatter for Python Logging.
Between 30 ...)
+ TODO: check
+CVE-2025-27604 (XWiki Confluence Migrator Pro helps admins to import
confluence packag ...)
+ TODO: check
+CVE-2025-27603 (XWiki Confluence Migrator Pro helps admins to import
confluence packag ...)
+ TODO: check
+CVE-2025-27597 (Vue I18n is the internationalization plugin for Vue.js.
@intlify/messa ...)
+ TODO: check
+CVE-2025-27519 (Cognita is a RAG (Retrieval Augmented Generation) Framework
for buildi ...)
+ TODO: check
+CVE-2025-27518 (Cognita is a RAG (Retrieval Augmented Generation) Framework
for buildi ...)
+ TODO: check
+CVE-2025-27152 (axios is a promise based HTTP client for the browser and
node.js. The ...)
+ TODO: check
+CVE-2025-26643 (No cwe for this issue in Microsoft Edge (Chromium-based)
allows an una ...)
+ TODO: check
+CVE-2025-26331 (Dell ThinOS 2411 and prior, contains an Improper
Neutralization of Spe ...)
+ TODO: check
+CVE-2025-25617 (Incorrect Access Control in Unifiedtransform 2.X leads to
Privilege Es ...)
+ TODO: check
+CVE-2025-1887 (SMB forced authentication vulnerability in versions prior to
2025.35.0 ...)
+ TODO: check
+CVE-2025-1886 (Pass-Back vulnerability in versions prior to 2025.35.000 of
Sage 200 S ...)
+ TODO: check
+CVE-2025-1768 (The SEO Plugin by Squirrly SEO plugin for WordPress is
vulnerable to b ...)
+ TODO: check
+CVE-2025-1315 (The InWave Jobs plugin for WordPress is vulnerable to privilege
escala ...)
+ TODO: check
+CVE-2025-0959 (The Eventer - WordPress Event & Booking Manager Plugin plugin
for Word ...)
+ TODO: check
+CVE-2025-0162 (IBM Aspera Shares 1.9.9 through 1.10.0 PL7 is vulnerable to an
XML ext ...)
+ TODO: check
+CVE-2024-9658 (The School Management System for Wordpress plugin for WordPress
is vul ...)
+ TODO: check
+CVE-2024-9458 (The Reservit Hotel WordPress plugin before 3.0 does not
sanitise and e ...)
+ TODO: check
+CVE-2024-53700 (A command injection vulnerability has been reported to affect
QHora. I ...)
+ TODO: check
+CVE-2024-53699 (An out-of-bounds write vulnerability has been reported to
affect sever ...)
+ TODO: check
+CVE-2024-53698 (A double free vulnerability has been reported to affect
several QNAP o ...)
+ TODO: check
+CVE-2024-53697 (An out-of-bounds write vulnerability has been reported to
affect sever ...)
+ TODO: check
+CVE-2024-53696 (A server-side request forgery (SSRF) vulnerability has been
reported t ...)
+ TODO: check
+CVE-2024-53695 (A buffer overflow vulnerability has been reported to affect
HBS 3 Hybr ...)
+ TODO: check
+CVE-2024-53694 (A time-of-check time-of-use (TOCTOU) race condition
vulnerability has ...)
+ TODO: check
+CVE-2024-53693 (An improper neutralization of CRLF sequences ('CRLF
Injection') vulner ...)
+ TODO: check
+CVE-2024-53692 (A command injection vulnerability has been reported to affect
several ...)
+ TODO: check
+CVE-2024-50405 (An improper neutralization of CRLF sequences ('CRLF
Injection') vulner ...)
+ TODO: check
+CVE-2024-50394 (An improper certificate validation vulnerability has been
reported to ...)
+ TODO: check
+CVE-2024-50390 (A command injection vulnerability has been reported to affect
QHora. I ...)
+ TODO: check
+CVE-2024-48864 (A files or directories accessible to external parties
vulnerability ha ...)
+ TODO: check
+CVE-2024-38638 (An out-of-bounds write vulnerability has been reported to
affect sever ...)
+ TODO: check
+CVE-2024-13904 (The Platform.ly for WooCommerce plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2024-13857 (The WPGet API \u2013 Connect to any external REST API plugin
for WordP ...)
+ TODO: check
+CVE-2024-13805 (The Advanced File Manager \u2014 Ultimate WordPress File
Manager and D ...)
+ TODO: check
+CVE-2024-13781 (The Hero Maps Premium plugin for WordPress is vulnerable to
SQL Inject ...)
+ TODO: check
+CVE-2024-13668 (The WordPress Activity O Meter WordPress plugin through 1.0
does not s ...)
+ TODO: check
+CVE-2024-13635 (The VK Blocks plugin for WordPress is vulnerable to Sensitive
Informat ...)
+ TODO: check
+CVE-2024-13552 (The SupportCandy \u2013 Helpdesk & Customer Support Ticket
System plug ...)
+ TODO: check
+CVE-2024-13431 (The Appointment Booking Calendar \u2014 Simply Schedule
Appointments B ...)
+ TODO: check
+CVE-2024-13086 (An exposure of sensitive information vulnerability has been
reported t ...)
+ TODO: check
+CVE-2024-12975 (A buffer overread can occur in the CPC application when
operating in f ...)
+ TODO: check
+CVE-2024-12876 (The Golo - City Travel Guide WordPress Theme theme for
WordPress is vu ...)
+ TODO: check
+CVE-2024-12634 (The Related Posts, Inline Related Posts, Contextual Related
Posts, Rel ...)
+ TODO: check
+CVE-2024-12611 (The School Management System for Wordpress plugin for
WordPress is vul ...)
+ TODO: check
+CVE-2024-12610 (The School Management System for Wordpress plugin for
WordPress is vul ...)
+ TODO: check
+CVE-2024-12609 (The School Management System for Wordpress plugin for
WordPress is vul ...)
+ TODO: check
+CVE-2024-12607 (The School Management System for Wordpress plugin for
WordPress is vul ...)
+ TODO: check
+CVE-2024-12036 (The CS Framework plugin for WordPress is vulnerable to
Arbitrary File ...)
+ TODO: check
+CVE-2024-12035 (The CS Framework plugin for WordPress is vulnerable to
arbitrary file ...)
+ TODO: check
+CVE-2024-10804 (The Ultimate Video Player WordPress & WooCommerce Plugin
plugin for Wo ...)
+ TODO: check
+CVE-2023-43052 (IBM Control Center 6.2.1 through 6.3.1 is vulnerable to an
external se ...)
+ TODO: check
+CVE-2023-35894 (IBM Control Center 6.2.1 through 6.3.1 is vulnerable to HTTP
header in ...)
+ TODO: check
+CVE-2025-21843 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/3b32b7f638fe61e9d29290960172f4e360e38233 (6.14-rc3)
-CVE-2025-21842 [amdkfd: properly free gang_ctx_bo when failed to init user
queue]
+CVE-2025-21842 (In the Linux kernel, the following vulnerability has been
resolved: a ...)
- linux 6.12.16-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/a33f7f9660705fb2ecf3467b2c48965564f392ce (6.14-rc3)
-CVE-2025-21841 [cpufreq/amd-pstate: Fix cpufreq_policy ref counting]
+CVE-2025-21841 (In the Linux kernel, the following vulnerability has been
resolved: c ...)
- linux 6.12.16-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/3ace20038e19f23fe73259513f1f08d4bf1a3c83 (6.14-rc2)
-CVE-2025-21840 [thermal/netlink: Prevent userspace segmentation fault by
adjusting UAPI header]
+CVE-2025-21840 (In the Linux kernel, the following vulnerability has been
resolved: t ...)
- linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/c195b9c6ab9c383d7aa3f4a65879b3ca90cb378b (6.14-rc3)
-CVE-2025-21839 [KVM: x86: Load DR6 with guest value only before entering
.vcpu_run() loop]
+CVE-2025-21839 (In the Linux kernel, the following vulnerability has been
resolved: K ...)
- linux 6.12.16-1
NOTE:
https://git.kernel.org/linus/c2fee09fc167c74a64adb08656cb993ea475197e (6.14-rc3)
-CVE-2025-21838 [usb: gadget: core: flush gadget workqueue after device removal]
+CVE-2025-21838 (In the Linux kernel, the following vulnerability has been
resolved: u ...)
- linux 6.12.16-1
NOTE:
https://git.kernel.org/linus/399a45e5237ca14037120b1b895bd38a3b4492ea (6.14-rc3)
-CVE-2025-21837 [io_uring/uring_cmd: unconditionally copy SQEs at prep time]
+CVE-2025-21837 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/d6211ebbdaa541af197b50b8dd8f22642ce0b87f (6.14-rc3)
-CVE-2025-21836 [io_uring/kbuf: reallocate buf lists on upgrade]
+CVE-2025-21836 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
- linux 6.12.16-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/8802766324e1f5d414a81ac43365c20142e85603 (6.14-rc3)
-CVE-2025-21835 [usb: gadget: f_midi: fix MIDI Streaming descriptor lengths]
+CVE-2025-21835 (In the Linux kernel, the following vulnerability has been
resolved: u ...)
- linux 6.12.16-1
[bookworm] - linux 6.1.129-1
NOTE:
https://git.kernel.org/linus/da1668997052ed1cb00322e1f3b63702615c9429 (6.14-rc3)
@@ -91,7 +213,7 @@ CVE-2025-27816 (A vulnerability was discovered in the
Arctera InfoScale 7.0 thro
CVE-2025-27796 (WPG in GraphicsMagick before 1.3.46 mishandles palette buffer
allocati ...)
- graphicsmagick <unfixed>
NOTE:
https://foss.heptapod.net/graphicsmagick/graphicsmagick/-/commit/883ebf8cae6dfa5873d975fe3476b1a188ef3f9f
-CVE-2025-27795 (JXL in GraphicsMagick before 1.3.46 lacks image dimension
resource lim ...)
+CVE-2025-27795 (ReadJXLImage in JXL in GraphicsMagick before 1.3.46 lacks
image dimens ...)
- graphicsmagick <unfixed>
NOTE:
https://foss.heptapod.net/graphicsmagick/graphicsmagick/-/commit/9bbae7314e3c3b19b830591010ed90bb136b9c42
CVE-2025-27598 (ImageSharp is a 2D graphics API. An Out-of-bounds Write
vulnerability ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c60ba445f240e3e87870771bb3849038a3a017de
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c60ba445f240e3e87870771bb3849038a3a017de
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
