Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b3fdb1da by security tracker role at 2025-03-20T08:12:33+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,69 @@
+CVE-2025-30259 (The WhatsApp cloud service before late 2024 did not block
certain craf ...)
+ TODO: check
+CVE-2025-30092 (Intrexx Portal Server 12.x <= 12.0.2 and 11.x <= 11.9.2 allows
XSS in ...)
+ TODO: check
+CVE-2025-2505 (The Age Gate plugin for WordPress is vulnerable to Local PHP
File Incl ...)
+ TODO: check
+CVE-2025-2108 (The 140+ Widgets | Xpro Addons For Elementor \u2013 FREE plugin
for Wo ...)
+ TODO: check
+CVE-2025-27787 (Applio is a voice conversion tool. Versions 3.2.8-bugfix and
prior are ...)
+ TODO: check
+CVE-2025-27786 (Applio is a voice conversion tool. Versions 3.2.8-bugfix and
prior are ...)
+ TODO: check
+CVE-2025-27785 (Applio is a voice conversion tool. Versions 3.2.8-bugfix and
prior are ...)
+ TODO: check
+CVE-2025-27784 (Applio is a voice conversion tool. Versions 3.2.8-bugfix and
prior are ...)
+ TODO: check
+CVE-2025-27783 (Applio is a voice conversion tool. Versions 3.2.8-bugfix and
prior are ...)
+ TODO: check
+CVE-2025-27782 (Applio is a voice conversion tool. Versions 3.2.8-bugfix and
prior are ...)
+ TODO: check
+CVE-2025-27781 (Applio is a voice conversion tool. Versions 3.2.8-bugfix and
prior are ...)
+ TODO: check
+CVE-2025-27780 (Applio is a voice conversion tool. Versions 3.2.8-bugfix and
prior are ...)
+ TODO: check
+CVE-2025-27779 (Applio is a voice conversion tool. Versions 3.2.8-bugfix and
prior are ...)
+ TODO: check
+CVE-2025-27778 (Applio is a voice conversion tool. Versions 3.2.8-bugfix and
prior are ...)
+ TODO: check
+CVE-2025-27777 (Applio is a voice conversion tool. Versions 3.2.7 and prior
are vulner ...)
+ TODO: check
+CVE-2025-27776 (Applio is a voice conversion tool. Versions 3.2.7 and prior
are vulner ...)
+ TODO: check
+CVE-2025-27775 (Applio is a voice conversion tool. Versions 3.2.7 and prior
are vulner ...)
+ TODO: check
+CVE-2025-27774 (Applio is a voice conversion tool. Versions 3.2.7 and prior
are vulner ...)
+ TODO: check
+CVE-2025-26816 (A vulnerability in Intrexx Portal Server 12.0.2 and earlier
which was ...)
+ TODO: check
+CVE-2025-22228 (BCryptPasswordEncoder.matches(CharSequence,String)will
incorrectly ret ...)
+ TODO: check
+CVE-2025-1770 (The Event Manager, Events Calendar, Tickets, Registrations
\u2013 Even ...)
+ TODO: check
+CVE-2025-1766 (The Event Manager, Events Calendar, Tickets, Registrations
\u2013 Even ...)
+ TODO: check
+CVE-2025-1628
+ REJECTED
+CVE-2025-1385 (When the library bridge feature is enabled, the
clickhouse-library-bri ...)
+ TODO: check
+CVE-2025-1314 (The Custom Twitter Feeds \u2013 A Tweets Widget or X Feed
Widget plugi ...)
+ TODO: check
+CVE-2024-55009 (A reflected cross-site scripting (XSS) vulnerability in
AutoBib - Bibl ...)
+ TODO: check
+CVE-2024-13881 (The Link My Posts WordPress plugin through 1.0 does not
sanitise and e ...)
+ TODO: check
+CVE-2024-13880 (The My Quota WordPress plugin through 1.0.8 does not sanitise
and esca ...)
+ TODO: check
+CVE-2024-13878 (The SpotBot WordPress plugin through 0.1.8 does not sanitise
and escap ...)
+ TODO: check
+CVE-2024-13877 (The Passbeemedia Web Push Notification WordPress plugin
through 1.0.0 ...)
+ TODO: check
+CVE-2024-13876 (The mEintopf WordPress plugin through 0.2.1 does not sanitise
and esca ...)
+ TODO: check
+CVE-2024-13875 (The WP-PManager WordPress plugin through 1.2 does not sanitise
and esc ...)
+ TODO: check
+CVE-2024-12016 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
CVE-2025-30258 (In GnuPG before 2.5.5, if a user chooses to import a
certificate with ...)
TODO: check
CVE-2025-30197 (Jenkins Zoho QEngine Plugin 1.0.29.vfa_cc23396502 and earlier
does not ...)
@@ -4837,6 +4903,7 @@ CVE-2025-20060 (An attacker could expose cross-user
personal identifiable inform
CVE-2025-20049 (The Dario Health portal service application is vulnerable to
XSS, whic ...)
NOT-FOR-US: Dario Health
CVE-2025-1795 (During an address list folding when a separating comma ends up
on a fo ...)
+ {DLA-4087-1}
- python3.13 3.13.0~b1-1
- python3.12 3.12.9-1
- python3.11 <removed>
@@ -14924,6 +14991,7 @@ CVE-2025-22332 (Improper Neutralization of Input During
Web Page Generation ('Cr
CVE-2025-22265 (Missing Authorization vulnerability in mgplugin EMI Calculator
allows ...)
NOT-FOR-US: WordPress plugin
CVE-2025-0938 (The Python standard library functions `urllib.parse.urlsplit`
and `url ...)
+ {DLA-4087-1}
- python3.13 3.13.2-1
- python3.12 3.12.9-1
- python3.11 <removed>
@@ -111322,7 +111390,7 @@ CVE-2024-27622 (A remote code execution vulnerability
has been identified in the
NOT-FOR-US: CMS Made Simple
CVE-2024-27565 (A Server-Side Request Forgery (SSRF) in weixin.php of
ChatGPT-wechat-p ...)
NOT-FOR-US: ChatGPT-wechat-personal
-CVE-2024-27564 (A Server-Side Request Forgery (SSRF) in pictureproxy.php of
ChatGPT co ...)
+CVE-2024-27564 (pictureproxy.php in the dirk1983 mm1.ltd source code f9f4bbc
allows SS ...)
NOT-FOR-US: ChatGPT
CVE-2024-27563 (A Server-Side Request Forgery (SSRF) in the getFileFromRepo
function o ...)
NOT-FOR-US: WonderCMS
@@ -263430,7 +263498,7 @@ CVE-2022-0392 (Heap-based Buffer Overflow in GitHub
repository vim prior to 8.2.
NOTE: https://huntr.dev/bounties/d00a2acd-1935-4195-9d5b-4115ef6b3126
NOTE:
https://github.com/vim/vim/commit/806d037671e133bd28a7864248763f643967973a
(v8.2.4218)
CVE-2022-0391 (A flaw was found in Python, specifically within the
urllib.parse modul ...)
- {DLA-3966-1 DLA-3575-1}
+ {DLA-4087-1 DLA-3966-1 DLA-3575-1}
- python3.9 3.9.7-1
- python3.7 <removed>
[buster] - python3.7 <ignored> (Minor issue, different approach to
sanitization; regressions reports)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b3fdb1da640e0b9b86b2e0ada1f8cc80c077fc74
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b3fdb1da640e0b9b86b2e0ada1f8cc80c077fc74
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
