[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Sat, 15 Mar 2025 10:45:19 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
4af30de3 by security tracker role at 2025-03-13T08:12:08+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,61 @@
+CVE-2025-2271 (A vulnerability exists in Issuetrak v17.2.2 and prior that 
allows a lo ...)
+       TODO: check
+CVE-2025-2250 (The WordPress Report Brute Force Attacks and Login Protection 
ReportAt ...)
+       TODO: check
+CVE-2025-2107 (The ArielBrailovsky-ViralAd plugin for WordPress is vulnerable 
to SQL  ...)
+       TODO: check
+CVE-2025-2106 (The ArielBrailovsky-ViralAd plugin for WordPress is vulnerable 
to SQL  ...)
+       TODO: check
+CVE-2025-2104 (The Page Builder: Pagelayer \u2013 Drag and Drop website 
builder plugi ...)
+       TODO: check
+CVE-2025-25293 (ruby-saml provides security assertion markup language (SAML) 
single si ...)
+       TODO: check
+CVE-2025-25292 (ruby-saml provides security assertion markup language (SAML) 
single si ...)
+       TODO: check
+CVE-2025-25291 (ruby-saml provides security assertion markup language (SAML) 
single si ...)
+       TODO: check
+CVE-2025-1785 (The Download Manager plugin for WordPress is vulnerable to 
Directory T ...)
+       TODO: check
+CVE-2025-1561 (The AppPresser \u2013 Mobile App Framework plugin for WordPress 
is vul ...)
+       TODO: check
+CVE-2025-1559 (The CC-IMG-Shortcode plugin for WordPress is vulnerable to 
Stored Cros ...)
+       TODO: check
+CVE-2025-1503 (The WP Recipe Maker plugin for WordPress is vulnerable to 
Stored Cross ...)
+       TODO: check
+CVE-2025-1487 (The WoWPth WordPress plugin through 2.0 does not sanitise and 
escape a ...)
+       TODO: check
+CVE-2025-1486 (The WoWPth WordPress plugin through 2.0 does not sanitise and 
escape a ...)
+       TODO: check
+CVE-2025-1436 (The Limit Bio WordPress plugin through 1.0 does not have CSRF 
check wh ...)
+       TODO: check
+CVE-2025-1401 (The WP Click Info WordPress plugin through 2.7.4 does not 
sanitise and ...)
+       TODO: check
+CVE-2025-1257 (An issue was discovered in GitLab EE affecting all versions 
starting w ...)
+       TODO: check
+CVE-2025-1119 (The Appointment Booking Calendar \u2014 Simply Schedule 
Appointments B ...)
+       TODO: check
+CVE-2025-0652 (An issue has been discovered in GitLab EE/CE affecting all 
versions st ...)
+       TODO: check
+CVE-2024-8402 (An issue was discovered in GitLab EE affecting all versions 
starting f ...)
+       TODO: check
+CVE-2024-7296 (An issue was discovered in GitLab EE affecting all versions 
from 16.5  ...)
+       TODO: check
+CVE-2024-13891 (The Schedule WordPress plugin through 1.0.0 does not sanitise 
and esca ...)
+       TODO: check
+CVE-2024-13887 (The Business Directory Plugin \u2013 Easy Listing Directories 
for Word ...)
+       TODO: check
+CVE-2024-13885 (The WP e-Customers Beta WordPress plugin through 0.0.1 does 
not saniti ...)
+       TODO: check
+CVE-2024-13884 (The Limit Bio WordPress plugin through 1.0 does not sanitise 
and escap ...)
+       TODO: check
+CVE-2024-13703 (The CRM and Lead Management by vcita plugin for WordPress is 
vulnerabl ...)
+       TODO: check
+CVE-2024-13054 (An issue was discovered in GitLab CE/EE affecting all versions 
before  ...)
+       TODO: check
+CVE-2024-12380 (An issue was discovered in GitLab EE/CE affecting all versions 
startin ...)
+       TODO: check
+CVE-2020-36843 (The implementation of EdDSA in EdDSA-Java (aka ed25519-java) 
through 0 ...)
+       TODO: check
 CVE-2025-2240 (A flaw was found in Smallrye, where smallrye-fault-tolerance is 
vulner ...)
        NOT-FOR-US: Smallrye
 CVE-2025-2239 (Generation of Error Message Containing Sensitive Information 
vulnerabi ...)
@@ -43,7 +101,7 @@ CVE-2025-25566 (Memory Leak vulnerability in SoftEtherVPN 
5.02.5187 allows an at
        NOT-FOR-US: SoftEtherVPN
 CVE-2025-25565 (SoftEther VPN 5.02.5187 is vulnerable to Buffer Overflow in 
the Comman ...)
        NOT-FOR-US: SoftEtherVPN
-CVE-2025-22954 (Koha <= 21.11 is contains a SQL Injection vulnerability in 
/serials/la ...)
+CVE-2025-22954 (GetLateOrMissingIssues in C4/Serials.pm in Koha before 
24.11.02 allows ...)
        NOT-FOR-US: Koha Library Management System
 CVE-2025-21590 (An Improper Isolation or Compartmentalization vulnerability in 
the ker ...)
        NOT-FOR-US: Juniper
@@ -801,7 +859,8 @@ CVE-2024-32123 (Multiple improper neutralization of special 
elements used in an
        NOT-FOR-US: Fortinet
 CVE-2024-28607 (The ip-utils package through 2.4.0 for Node.js might allow 
SSRF becaus ...)
        NOT-FOR-US: Node ip-utils
-CVE-2024-12546 (EDK2 contains a vulnerability in BIOS where a user may cause 
an Intege ...)
+CVE-2024-12546
+       REJECTED
        TODO: check
 CVE-2023-48790 (A cross site request forgery vulnerability [CWE-352] in 
Fortinet Forti ...)
        NOT-FOR-US: Fortinet
@@ -9679,7 +9738,7 @@ CVE-2025-1356 (A vulnerability was found in needyamin 
Library Card System 1.0. I
        NOT-FOR-US: Needyamin Library Card System
 CVE-2025-1355 (A vulnerability was found in needyamin Library Card System 1.0. 
It has ...)
        NOT-FOR-US: Needyamin Library Card System
-CVE-2025-1354 (A vulnerability was found in Asus RT-N12E 2.0.0.19. It has been 
classi ...)
+CVE-2025-1354 (A cross-site scripting (XSS)  vulnerability in the RT-N10E/ 
RT-N12E 2. ...)
        NOT-FOR-US: Asus
 CVE-2025-1353 (A vulnerability was found in Kong Insomnia up to 10.3.0 and 
classified ...)
        NOT-FOR-US: Kong Insomnia
@@ -89533,7 +89592,7 @@ CVE-2024-4345 (The Startklar Elementor Addons plugin 
for WordPress is vulnerable
        NOT-FOR-US: WordPress plugin
 CVE-2024-34523 (AChecker 1.5 allows remote attackers to read the contents of 
arbitrary ...)
        NOT-FOR-US: AChecker
-CVE-2024-34517 (The Cypher component in Neo4j between v.5.0.0 and v.5.19.0 
mishandles  ...)
+CVE-2024-34517 (The Cypher component in Neo4j 5.0.0 through 5.18 mishandles 
IMMUTABLE  ...)
        NOT-FOR-US: Neo4j Cypher
 CVE-2024-34342 (react-pdf displays PDFs in React apps. If PDF.js is used to 
load a mal ...)
        NOT-FOR-US: react-pdf



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4af30de3b7566354dfd04e7f548870db50131382

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4af30de3b7566354dfd04e7f548870db50131382
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to