Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2b11c945 by security tracker role at 2025-03-11T08:12:10+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,142 @@
-CVE-2025-1828
+CVE-2025-2190 (The mobile application (com.transsnet.store) has a
man-in-the-middle a ...)
+ TODO: check
+CVE-2025-2177 (A vulnerability classified as critical was found in libzvbi up
to 0.2. ...)
+ TODO: check
+CVE-2025-2176 (A vulnerability classified as critical has been found in
libzvbi up to ...)
+ TODO: check
+CVE-2025-2175 (A vulnerability was found in libzvbi up to 0.2.43. It has been
rated a ...)
+ TODO: check
+CVE-2025-2174 (A vulnerability was found in libzvbi up to 0.2.43. It has been
declare ...)
+ TODO: check
+CVE-2025-2173 (A vulnerability was found in libzvbi up to 0.2.43. It has been
classif ...)
+ TODO: check
+CVE-2025-2169 (The The WPCS \u2013 WordPress Currency Switcher Professional
plugin fo ...)
+ TODO: check
+CVE-2025-2137 (Out of bounds read in V8 in Google Chrome prior to
134.0.6998.88 allow ...)
+ TODO: check
+CVE-2025-2136 (Use after free in Inspector in Google Chrome prior to
134.0.6998.88 al ...)
+ TODO: check
+CVE-2025-2135 (Type Confusion in V8 in Google Chrome prior to 134.0.6998.88
allowed a ...)
+ TODO: check
+CVE-2025-27926 (In Nintex Automation 5.6 and 5.7 before 5.8, the K2 SmartForms
Designe ...)
+ TODO: check
+CVE-2025-27925 (Nintex Automation 5.6 and 5.7 before 5.8 has insecure
deserialization ...)
+ TODO: check
+CVE-2025-27924 (Nintex Automation 5.6 and 5.7 before 5.8 has a stored XSS
issue associ ...)
+ TODO: check
+CVE-2025-27912 (An issue was discovered in Datalust Seq before 2024.3.13545.
Missing C ...)
+ TODO: check
+CVE-2025-27911 (An issue was discovered in Datalust Seq before 2024.3.13545.
Expansion ...)
+ TODO: check
+CVE-2025-27910 (tianti v2.3 was discovered to contain a Cross-Site Request
Forgery (CS ...)
+ TODO: check
+CVE-2025-27610 (Rack provides an interface for developing web applications in
Ruby. Pr ...)
+ TODO: check
+CVE-2025-27436 (The Manage Bank Statements in SAP S/4HANA does not perform
required ac ...)
+ TODO: check
+CVE-2025-27434 (Due to insufficient input validation, SAP Commerce (Swagger
UI) allows ...)
+ TODO: check
+CVE-2025-27433 (The Manage Bank Statements in SAP S/4HANA allows authenticated
attacke ...)
+ TODO: check
+CVE-2025-27432 (The eDocument Cockpit (Inbound NF-e) in SAP Electronic
Invoicing for B ...)
+ TODO: check
+CVE-2025-27431 (User management functionality in SAP NetWeaver Application
Server Java ...)
+ TODO: check
+CVE-2025-27430 (Under certain conditions, an SSRF vulnerability in SAP CRM and
SAP S/4 ...)
+ TODO: check
+CVE-2025-26707 (Improper Privilege Management vulnerability in ZTE GoldenDB
allows Pri ...)
+ TODO: check
+CVE-2025-26706 (Improper Privilege Management vulnerability in ZTE GoldenDB
allows Pri ...)
+ TODO: check
+CVE-2025-26705 (Improper Privilege Management vulnerability in ZTE GoldenDB
allows Pri ...)
+ TODO: check
+CVE-2025-26704 (Improper Privilege Management vulnerability in ZTE GoldenDB
allows Pri ...)
+ TODO: check
+CVE-2025-26703 (Improper Privilege Management vulnerability in ZTE GoldenDB
allows Pri ...)
+ TODO: check
+CVE-2025-26702 (Improper Input Validation vulnerability in ZTE GoldenDB allows
Input D ...)
+ TODO: check
+CVE-2025-26661 (Due to missing authorization check, SAP NetWeaver (ABAP Class
Builder) ...)
+ TODO: check
+CVE-2025-26660 (SAP Fiori applications using the posting library fail to
properly conf ...)
+ TODO: check
+CVE-2025-26659 (SAP NetWeaver Application Server ABAP does not sufficiently
encode use ...)
+ TODO: check
+CVE-2025-26658 (The Service Layer in SAP Business One, allows attackers to
potentially ...)
+ TODO: check
+CVE-2025-26656 (OData Service in Manage Purchasing Info Records does not
perform neces ...)
+ TODO: check
+CVE-2025-26655 (SAP Just In Time(JIT) does not perform necessary authorization
checks ...)
+ TODO: check
+CVE-2025-25908 (A stored cross-site scripting (XSS) vulnerability in tianti
v2.3 allow ...)
+ TODO: check
+CVE-2025-25907 (tianti v2.3 was discovered to contain a Cross-Site Request
Forgery (CS ...)
+ TODO: check
+CVE-2025-25245 (SAP BusinessObjects Business Intelligence Platform (Web
Intelligence) ...)
+ TODO: check
+CVE-2025-25244 (SAP Business Warehouse (Process Chains) allows an attacker to
manipula ...)
+ TODO: check
+CVE-2025-25242 (SAP NetWeaver Application Server ABAP allows malicious scripts
to be e ...)
+ TODO: check
+CVE-2025-23194 (SAP NetWeaver Enterprise Portal OBN does not perform proper
authentica ...)
+ TODO: check
+CVE-2025-23188 (An authenticated user with low privileges can exploit a
missing author ...)
+ TODO: check
+CVE-2025-23185 (Due to improper error handling in SAP Business Objects
Business Intell ...)
+ TODO: check
+CVE-2025-1920 (Type Confusion in V8 in Google Chrome prior to 134.0.6998.88
allowed a ...)
+ TODO: check
+CVE-2025-1661 (The HUSKY \u2013 Products Filter Professional for WooCommerce
plugin f ...)
+ TODO: check
+CVE-2025-1434 (The Spreadsheet view is vulnerable to a XSS attack, where a
remote una ...)
+ TODO: check
+CVE-2025-0660 (Concrete CMS versions 9.0.0 through 9.3.9 are affected by a
stored XSS ...)
+ TODO: check
+CVE-2025-0629 (The Coronavirus (COVID-19) Notice Message WordPress plugin
through 1.1 ...)
+ TODO: check
+CVE-2025-0071 (SAP Web Dispatcher and Internet Communication Manager allow an
attacke ...)
+ TODO: check
+CVE-2025-0062 (SAP BusinessObjects Business Intelligence Platform allows an
attacker ...)
+ TODO: check
+CVE-2024-58102 (An issue was discovered in Datalust Seq before 2024.3.13545.
An insecu ...)
+ TODO: check
+CVE-2024-56192 (In wl_notify_gscan_event of wl_cfgscan.c, there is a possible
out of b ...)
+ TODO: check
+CVE-2024-56191 (In dhd_process_full_gscan_result of dhd_pno.c, there is a
possible EoP ...)
+ TODO: check
+CVE-2024-49823 (IBM Common Cryptographic Architecture 7.0.0 through 7.5.51
could allow ...)
+ TODO: check
+CVE-2024-41760 (IBM Common Cryptographic Architecture 7.0.0 through 7.5.51
could all ...)
+ TODO: check
+CVE-2024-22340 (IBM Common Cryptographic Architecture 7.0.0 through 7.5.51
could a ...)
+ TODO: check
+CVE-2024-13864 (The Countdown Timer WordPress plugin through 1.0 does not
sanitise and ...)
+ TODO: check
+CVE-2024-13862 (The S3Bubble Media Streaming (AWS|Elementor|YouTube|Vimeo
Functionalit ...)
+ TODO: check
+CVE-2024-13853 (The SEO Tools WordPress plugin through 4.0.7 does not sanitise
and esc ...)
+ TODO: check
+CVE-2024-13836 (The WP Login Control WordPress plugin through 2.0.0 does not
sanitise ...)
+ TODO: check
+CVE-2024-13615 (The Social Share Buttons, Social Sharing Icons, Click to Tweet
\u2014 ...)
+ TODO: check
+CVE-2024-13580 (The XV Random Quotes WordPress plugin through 1.40 does not
have CSRF ...)
+ TODO: check
+CVE-2024-13574 (The XV Random Quotes WordPress plugin through 1.40 does not
sanitise a ...)
+ TODO: check
+CVE-2024-13436 (The Appsero Helper plugin for WordPress is vulnerable to
Cross-Site Re ...)
+ TODO: check
+CVE-2024-13413 (The ProductDyno plugin for WordPress is vulnerable to
Reflected Cross- ...)
+ TODO: check
+CVE-2024-13228 (The Qubely \u2013 Advanced Gutenberg Blocks plugin for
WordPress is vu ...)
+ TODO: check
+CVE-2024-12010 (A post-authentication command injection vulnerability in the
\u201dzyU ...)
+ TODO: check
+CVE-2024-12009 (A post-authentication command injection vulnerability in the
"ZyEE" fu ...)
+ TODO: check
+CVE-2024-11253 (A post-authentication command injection vulnerability in the
"DNSServe ...)
+ TODO: check
+CVE-2025-1828 (Crypt::Random Perl package 1.05 through 1.55 may use rand()
function, ...)
NOT-FOR-US: Crypt-Random Perl module
NOTE: https://github.com/perl-Crypt-OpenPGP/Crypt-Random/pull/1
NOTE: Fixed by:
https://github.com/perl-Crypt-OpenPGP/Crypt-Random/commit/1f8b29e9e89d8d083fd025152e76ec918136cc05
(1.55)
@@ -1489,6 +1627,7 @@ CVE-2025-1930 (On Windows, a compromised content process
could use bad StreamDat
CVE-2025-27521 (Vulnerability of improper access permission in the process
management ...)
NOT-FOR-US: Huawei
CVE-2025-27221 (In the URI gem before 1.0.3 for Ruby, the URI handling methods
(URI.jo ...)
+ {DLA-4082-1}
- ruby3.3 <unfixed>
- ruby3.1 <unfixed>
- ruby2.7 <removed>
@@ -1498,6 +1637,7 @@ CVE-2025-27221 (In the URI gem before 1.0.3 for Ruby, the
URI handling methods (
NOTE: https://github.com/ruby/uri/pull/154
NOTE:
https://github.com/rubysec/ruby-advisory-db/blob/master/gems/uri/CVE-2025-27221.yml
CVE-2025-27220 (In the CGI gem before 0.4.2 for Ruby, a Regular Expression
Denial of S ...)
+ {DLA-4082-1}
- ruby3.3 <unfixed>
- ruby3.1 <unfixed>
- ruby2.7 <removed>
@@ -1505,6 +1645,7 @@ CVE-2025-27220 (In the CGI gem before 0.4.2 for Ruby, a
Regular Expression Denia
NOTE:
https://github.com/ruby/cgi/commit/cd1eb08076c8b8e310d4d553d427763f2577a1b6
(v0.4.2)
NOTE: https://github.com/ruby/cgi/pull/52
CVE-2025-27219 (In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse
method in ...)
+ {DLA-4082-1}
- ruby3.3 <unfixed>
- ruby3.1 <unfixed>
- ruby2.7 <removed>
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b11c945cc6f2d5e3fafbe31219539277775b2f0
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b11c945cc6f2d5e3fafbe31219539277775b2f0
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
