[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Sat, 08 Mar 2025 12:12:13 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
e3043565 by security tracker role at 2025-03-08T20:11:57+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,39 @@
+CVE-2025-27840 (Espressif ESP32 chips allow 29 hidden HCI commands, such as 
0xFC02 (Wr ...)
+       TODO: check
+CVE-2025-1783 (The Gallery Styles plugin for WordPress is vulnerable to Stored 
Cross- ...)
+       TODO: check
+CVE-2025-1664 (The Essential Blocks \u2013 Page Builder Gutenberg Blocks, 
Patterns &  ...)
+       TODO: check
+CVE-2025-1325 (The WP-Recall \u2013 Registration, Profile, Commerce & More 
plugin for ...)
+       TODO: check
+CVE-2025-1324 (The WP-Recall \u2013 Registration, Profile, Commerce & More 
plugin for ...)
+       TODO: check
+CVE-2025-1323 (The WP-Recall \u2013 Registration, Profile, Commerce & More 
plugin for ...)
+       TODO: check
+CVE-2025-1322 (The WP-Recall \u2013 Registration, Profile, Commerce & More 
plugin for ...)
+       TODO: check
+CVE-2025-1287 (The The Plus Addons for Elementor \u2013 Elementor Addons, Page 
Templa ...)
+       TODO: check
+CVE-2025-0177 (The Javo Core plugin for WordPress is vulnerable to privilege 
escalati ...)
+       TODO: check
+CVE-2024-13924 (The Starter Templates by FancyWP plugin for WordPress is 
vulnerable to ...)
+       TODO: check
+CVE-2024-13882 (The Aiomatic - Automatic AI Content Writer & Editor, GPT-3 & 
GPT-4, Ch ...)
+       TODO: check
+CVE-2024-13816 (The Aiomatic - Automatic AI Content Writer & Editor, GPT-3 & 
GPT-4, Ch ...)
+       TODO: check
+CVE-2024-13675 (The SlingBlocks \u2013 Gutenberg Blocks by FunnelKit (Formerly 
WooFunn ...)
+       TODO: check
+CVE-2024-13649 (The 140+ Widgets | Xpro Addons For Elementor \u2013 FREE 
plugin for Wo ...)
+       TODO: check
+CVE-2024-13359 (The Product Input Fields for WooCommerce plugin for WordPress 
is vulne ...)
+       TODO: check
+CVE-2024-11640 (The VikRentCar Car Rental Management System plugin for 
WordPress is vu ...)
+       TODO: check
+CVE-2024-10326 (The RomethemeKit For Elementor plugin for WordPress is 
vulnerable to u ...)
+       TODO: check
+CVE-2024-10321 (The All-in-One Addons for Elementor \u2013 WidgetKit plugin 
for WordPr ...)
+       TODO: check
 CVE-2025-2097 (A vulnerability, which was classified as critical, has been 
found in T ...)
        NOT-FOR-US: TOTOLINK
 CVE-2025-2096 (A vulnerability classified as critical was found in TOTOLINK 
EX1800T 9 ...)
@@ -1140,7 +1176,7 @@ CVE-2025-1943 (Memory safety bugs present in Firefox 135 
and Thunderbird 135. So
        - firefox 136.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-14/#CVE-2025-1943
 CVE-2025-1938 (Memory safety bugs present in Firefox 135, Thunderbird 135, 
Firefox ES ...)
-       {DSA-5874-1 DLA-4078-1}
+       {DSA-5876-1 DSA-5874-1 DLA-4078-1}
        - firefox 136.0-1
        - firefox-esr 128.8.0esr-1
        - thunderbird 1:128.8.0esr-1
@@ -1148,7 +1184,7 @@ CVE-2025-1938 (Memory safety bugs present in Firefox 135, 
Thunderbird 135, Firef
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-16/#CVE-2025-1938
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-18/#CVE-2025-1938
 CVE-2025-1937 (Memory safety bugs present in Firefox 135, Thunderbird 135, 
Firefox ES ...)
-       {DSA-5874-1 DLA-4078-1}
+       {DSA-5876-1 DSA-5874-1 DLA-4078-1}
        - firefox 136.0-1
        - firefox-esr 128.8.0esr-1
        - thunderbird 1:128.8.0esr-1
@@ -1156,7 +1192,7 @@ CVE-2025-1937 (Memory safety bugs present in Firefox 135, 
Thunderbird 135, Firef
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-16/#CVE-2025-1937
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-18/#CVE-2025-1937
 CVE-2025-1936 (jar: URLs retrieve local file content packaged in a ZIP 
archive. The n ...)
-       {DSA-5874-1 DLA-4078-1}
+       {DSA-5876-1 DSA-5874-1 DLA-4078-1}
        - firefox 136.0-1
        - firefox-esr 128.8.0esr-1
        - thunderbird 1:128.8.0esr-1
@@ -1164,7 +1200,7 @@ CVE-2025-1936 (jar: URLs retrieve local file content 
packaged in a ZIP archive.
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-16/#CVE-2025-1936
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-18/#CVE-2025-1936
 CVE-2025-1935 (A web page could trick a user into setting that site as the 
default ha ...)
-       {DSA-5874-1 DLA-4078-1}
+       {DSA-5876-1 DSA-5874-1 DLA-4078-1}
        - firefox 136.0-1
        - firefox-esr 128.8.0esr-1
        - thunderbird 1:128.8.0esr-1
@@ -1178,7 +1214,7 @@ CVE-2025-1941 (Under certain circumstances, a user opt-in 
setting that Focus sho
        - firefox <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-14/#CVE-2025-1941
 CVE-2025-1934 (It was possible to interrupt the processing of a RegExp bailout 
and ru ...)
-       {DSA-5874-1 DLA-4078-1}
+       {DSA-5876-1 DSA-5874-1 DLA-4078-1}
        - firefox 136.0-1
        - firefox-esr 128.8.0esr-1
        - thunderbird 1:128.8.0esr-1
@@ -1189,7 +1225,7 @@ CVE-2025-1940 (A select option could partially obscure 
the confirmation prompt s
        - firefox <not-affected> (Only affects Firefox on Android)
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-14/#CVE-2025-1940
 CVE-2025-1933 (On 64-bit CPUs, when the JIT compiles WASM i32 return values 
they can  ...)
-       {DSA-5874-1 DLA-4078-1}
+       {DSA-5876-1 DSA-5874-1 DLA-4078-1}
        - firefox 136.0-1
        - firefox-esr 128.8.0esr-1
        - thunderbird 1:128.8.0esr-1
@@ -1197,7 +1233,7 @@ CVE-2025-1933 (On 64-bit CPUs, when the JIT compiles WASM 
i32 return values they
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-16/#CVE-2025-1933
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-18/#CVE-2025-1932
 CVE-2025-1932 (An inconsistent comparator in xslt/txNodeSorter could have 
resulted in ...)
-       {DSA-5874-1 DLA-4078-1}
+       {DSA-5876-1 DSA-5874-1 DLA-4078-1}
        - firefox 136.0-1
        - firefox-esr 128.8.0esr-1
        - thunderbird 1:128.8.0esr-1
@@ -1205,7 +1241,7 @@ CVE-2025-1932 (An inconsistent comparator in 
xslt/txNodeSorter could have result
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-16/#CVE-2025-1932
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-18/#CVE-2025-1932
 CVE-2025-1931 (It was possible to cause a use-after-free in the content 
process side  ...)
-       {DSA-5874-1 DLA-4078-1}
+       {DSA-5876-1 DSA-5874-1 DLA-4078-1}
        - firefox 136.0-1
        - firefox-esr 128.8.0esr-1
        - thunderbird 1:128.8.0esr-1
@@ -21728,7 +21764,7 @@ CVE-2024-43764 (In onPrimaryClipChanged of 
ClipboardListener.java, there is a po
 CVE-2024-43762 (In multiple locations, there is a possible way to avoid 
unbinding of a ...)
        NOT-FOR-US: Android
 CVE-2024-43097 (In resizeToAtLeast of SkRegion.cpp, there is a possible out of 
bounds  ...)
-       {DSA-5874-1 DLA-4078-1}
+       {DSA-5876-1 DSA-5874-1 DLA-4078-1}
        - firefox-esr 128.8.0esr-1
        - thunderbird 1:128.8.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-16/#CVE-2024-43097
@@ -71753,6 +71789,7 @@ CVE-2024-28882 (OpenVPN from 2.6.0 through 2.6.10 in a 
server role accepts multi
        NOTE: Introduced by: 
https://github.com/OpenVPN/openvpn/commit/d468dff7bdfd79059818c190ddf41b125bb658de
 (v2.6_beta1)
        NOTE: Fixed by: 
https://github.com/OpenVPN/openvpn/commit/65fb67cd6c320a426567b2922c4282fb8738ba3f
 (v2.6.11)
 CVE-2024-5594 (OpenVPN before 2.6.11 does not santize PUSH_REPLY messages 
properly wh ...)
+       {DLA-4079-1}
        - openvpn 2.6.11-1 (bug #1074488)
        [bookworm] - openvpn <no-dsa> (Minor issue)
        NOTE: 
https://github.com/OpenVPN/openvpn/commit/90e7a858e5594d9a019ad2b4ac6154124986291a
 (v2.6.11)
@@ -258672,7 +258709,7 @@ CVE-2022-24670 (An attacker can use the unrestricted 
LDAP queries to determine c
 CVE-2022-24669 (It may be possible to gain some details of the deployment 
through a we ...)
        NOT-FOR-US: forgerock
 CVE-2022-0547 (OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication 
bypass  ...)
-       {DLA-2992-1}
+       {DLA-4079-1 DLA-2992-1}
        - openvpn 2.5.6-1 (bug #1008015)
        [buster] - openvpn <no-dsa> (Minor issue)
        NOTE: https://community.openvpn.net/openvpn/wiki/CVE-2022-0547



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e3043565a591003d12e8358e77c0aa3d3f71c994

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e3043565a591003d12e8358e77c0aa3d3f71c994
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to