[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Thu, 24 Apr 2025 01:12:23 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
80d9ac01 by security tracker role at 2025-04-24T08:12:03+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,65 @@
+CVE-2025-46419 (Westermo WeOS 5 through 5.23.0 allows a reboot via a malformed 
ESP pac ...)
+       TODO: check
+CVE-2025-46417 (The unsafe globals in Picklescan before 0.0.25 do not include 
ssl. Con ...)
+       TODO: check
+CVE-2025-46400 (Segmentation fault in fig2dev in version 3.2.9a allows an 
attacker to  ...)
+       TODO: check
+CVE-2025-46399 (Segmentation fault in fig2dev in version 3.2.9aallows an 
attacker to a ...)
+       TODO: check
+CVE-2025-46398 (Stack-overflowin fig2dev in version 3.2.9a allows an attacker 
possible ...)
+       TODO: check
+CVE-2025-46397 (Stack-overflowin fig2dev in version 3.2.9a allows an attacker 
possible ...)
+       TODO: check
+CVE-2025-46381
+       REJECTED
+CVE-2025-46380
+       REJECTED
+CVE-2025-46379
+       REJECTED
+CVE-2025-46378
+       REJECTED
+CVE-2025-46377
+       REJECTED
+CVE-2025-46376
+       REJECTED
+CVE-2025-46375
+       REJECTED
+CVE-2025-46374
+       REJECTED
+CVE-2025-41423 (Mattermost versions 10.4.x <= 10.4.2, 10.5.x <= 10.5.0, 9.11.x 
<= 9.11 ...)
+       TODO: check
+CVE-2025-41395 (Mattermost versions 10.4.x <= 10.4.2, 10.5.x <= 10.5.0, 9.11.x 
<= 9.11 ...)
+       TODO: check
+CVE-2025-3761 (The My Tickets \u2013 Accessible Event Ticketing plugin for 
WordPress  ...)
+       TODO: check
+CVE-2025-3435 (The Mang Board WP plugin for WordPress is vulnerable to Stored 
Cross-S ...)
+       TODO: check
+CVE-2025-35965 (Mattermost versions 10.4.x <= 10.4.2, 10.5.x <= 10.5.0, 9.11.x 
<= 9.11 ...)
+       TODO: check
+CVE-2025-32730 (Use of hard-coded cryptographic key vulnerability in i-PRO 
Configurati ...)
+       TODO: check
+CVE-2025-2558 (The-wound WordPress theme through 0.0.1 does not validate some 
paramet ...)
+       TODO: check
+CVE-2025-27581 (NIH BRICS (aka Biomedical Research Informatics Computing 
System) throu ...)
+       TODO: check
+CVE-2025-27580 (NIH BRICS (aka Biomedical Research Informatics Computing 
System) throu ...)
+       TODO: check
+CVE-2025-25046 (IBM InfoSphere Information Server 11.7DataStage Flow Designer  
transmi ...)
+       TODO: check
+CVE-2025-25045 (IBM InfoSphere Information 11.7 Server authenticated user to 
obtain se ...)
+       TODO: check
+CVE-2025-1976 (Brocade Fabric OS versions starting with 9.1.0 have root access 
remove ...)
+       TODO: check
+CVE-2025-1908 (An issue has been discovered in GitLab EE/CE that could allow 
an attac ...)
+       TODO: check
+CVE-2025-1453 (The Category Posts Widget WordPress plugin before 4.9.20 does 
not sani ...)
+       TODO: check
+CVE-2025-0639 (An issue has been discovered affecting service availability via 
issue  ...)
+       TODO: check
+CVE-2024-22351 (IBM InfoSphere Information 11.7 Server does not invalidate 
session aft ...)
+       TODO: check
+CVE-2024-12244 (An issue has been discovered in access controls could allow 
users to v ...)
+       TODO: check
 CVE-2025-46394 (In tar in BusyBox through 1.37.0, a TAR archive can have 
filenames hid ...)
        - busybox <unfixed> (bug #1104008)
        NOTE: https://bugs.busybox.net/show_bug.cgi?id=16018
@@ -2965,6 +3027,7 @@ CVE-2025-32780 (BleachBit cleans files to free disk space 
and to maintain privac
 CVE-2025-32779 (E.D.D.I (Enhanced Dialog Driven Interface) is a middleware to 
connect  ...)
        NOT-FOR-US: E.D.D.I (Enhanced Dialog Driven Interface) middleware
 CVE-2025-32776 (OpenRazer is an open source driver and user-space daemon to 
control Ra ...)
+       {DLA-4136-1}
        - openrazer 3.10.2+dfsg-1
        NOTE: 
https://github.com/openrazer/openrazer/security/advisories/GHSA-835j-6976-46jx
        NOTE: https://github.com/openrazer/openrazer/issues/2433
@@ -4384,6 +4447,7 @@ CVE-2025-3442 (This vulnerability exists in TP-Link 
TapoH200 V1  IoT Smart Hub d
 CVE-2025-3100 (The WP Project Manager \u2013 Task, team, and project 
management plugi ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-32464 (HAProxy 2.2 through 3.1.6, in certain uncommon configurations, 
has a s ...)
+       {DLA-4135-1}
        [experimental] - haproxy 3.1.7-1
        - haproxy <unfixed> (bug #1102673)
        NOTE: Introduced with: 
https://github.com/haproxy/haproxy/commit/07e1e3c93e74e44389545e457f0e1ff2e807cb9a
 (v2.2-dev3)
@@ -101902,7 +101966,7 @@ CVE-2024-30001 (Windows Mobile Broadband Driver 
Remote Code Execution Vulnerabil
        NOT-FOR-US: Microsoft
 CVE-2024-30000 (Windows Mobile Broadband Driver Remote Code Execution 
Vulnerability)
        NOT-FOR-US: Microsoft
-CVE-2024-2637 (An Uncontrolled Search Path Element vulnerability in B&R 
Industrial Au ...)
+CVE-2024-2637 (An Uncontrolled Search Path Element vulnerabilityin B&R 
Industrial Aut ...)
        NOT-FOR-US: BR Automation
 CVE-2024-29999 (Windows Mobile Broadband Driver Remote Code Execution 
Vulnerability)
        NOT-FOR-US: Microsoft
@@ -261420,16 +261484,19 @@ CVE-2022-29025
 CVE-2022-29024
        RESERVED
 CVE-2022-29023 (A buffer overflow vulnerability exists in the razermouse 
driver of Ope ...)
+       {DLA-4136-1}
        - openrazer 3.3.0+dfsg-1 (unimportant)
        NOTE: https://github.com/openrazer/openrazer/pull/1790
        NOTE: 
https://github.com/openrazer/openrazer/commit/7e8a04feb378a679f1bcdcae079a5100cc45663b
 (v3.3.0)
        NOTE: Negligible security impact
 CVE-2022-29022 (A buffer overflow vulnerability exists in the razeraccessory 
driver of ...)
+       {DLA-4136-1}
        - openrazer 3.3.0+dfsg-1 (unimportant)
        NOTE: https://github.com/openrazer/openrazer/pull/1790
        NOTE: 
https://github.com/openrazer/openrazer/commit/7e8a04feb378a679f1bcdcae079a5100cc45663b
 (v3.3.0)
        NOTE: Negligible security impact
 CVE-2022-29021 (A buffer overflow vulnerability exists in the razerkbd driver 
of OpenR ...)
+       {DLA-4136-1}
        - openrazer 3.3.0+dfsg-1 (unimportant)
        NOTE: https://github.com/openrazer/openrazer/pull/1790
        NOTE: 
https://github.com/openrazer/openrazer/commit/7e8a04feb378a679f1bcdcae079a5100cc45663b
 (v3.3.0)
@@ -278710,6 +278777,7 @@ CVE-2022-23468 (xrdp is an open source project which 
provides a graphical login
        NOTE: 
https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-8c2f-mw8m-qpx6
        NOTE: 
https://github.com/neutrinolabs/xrdp/commit/43cf272b1138462c1bdfc48ef7e9142208194382
 CVE-2022-23467 (OpenRazer is an open source driver and user-space daemon to 
control Ra ...)
+       {DLA-4136-1}
        - openrazer 3.5.1+dfsg-1
        [buster] - openrazer <no-dsa> (Minor issue)
        NOTE: 
https://github.com/openrazer/openrazer/security/advisories/GHSA-39hg-jvc9-fg7h



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/80d9ac019575bad8f8ddc011cae8521478770902

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/80d9ac019575bad8f8ddc011cae8521478770902
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to