[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Wed, 07 May 2025 01:12:36 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
24391786 by security tracker role at 2025-05-07T08:11:59+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,93 @@
+CVE-2025-4335 (The Woocommerce Multiple Addresses plugin for WordPress is 
vulnerable  ...)
+       TODO: check
+CVE-2025-4220 (The Xavin&#039;s List Subpages plugin for WordPress is 
vulnerable to S ...)
+       TODO: check
+CVE-2025-4171 (The WZ Followed Posts \u2013 Display what visitors are reading 
plugin  ...)
+       TODO: check
+CVE-2025-4055 (The Multiple Post Type Order plugin for WordPress is vulnerable 
to Sto ...)
+       TODO: check
+CVE-2025-4054 (The Relevanssi \u2013 A Better Search plugin for WordPress is 
vulnerab ...)
+       TODO: check
+CVE-2025-47420 (266 vulnerability in Crestron Automate VX allows Privilege 
Escalation. ...)
+       TODO: check
+CVE-2025-47419 (Cleartext Transmission of Sensitive Information vulnerability 
in Crest ...)
+       TODO: check
+CVE-2025-47418 (Exposure of Sensitive Information to an Unauthorized Actor 
vulnerabili ...)
+       TODO: check
+CVE-2025-46573 (passport-wsfed-saml2 provides passport strategy for both 
WS-fed and SA ...)
+       TODO: check
+CVE-2025-46572 (passport-wsfed-saml2 provides passport strategy for both 
WS-fed and SA ...)
+       TODO: check
+CVE-2025-44899 (There is a stack overflow vulnerability in Tenda RX3 
V1.0br_V16.03.13. ...)
+       TODO: check
+CVE-2025-44073 (SeaCMS v13.3 was discovered to contain a SQL injection 
vulnerability v ...)
+       TODO: check
+CVE-2025-3924 (The PeproDev Ultimate Profile Solutions plugin for WordPress is 
vulner ...)
+       TODO: check
+CVE-2025-3921 (The PeproDev Ultimate Profile Solutions plugin for WordPress is 
vulner ...)
+       TODO: check
+CVE-2025-3860 (The CarDealerPress plugin for WordPress is vulnerable to Stored 
Cross- ...)
+       TODO: check
+CVE-2025-3853 (The WPshop 2 \u2013 E-Commerce plugin for WordPress is 
vulnerable to I ...)
+       TODO: check
+CVE-2025-3852 (The WPshop 2 \u2013 E-Commerce plugin for WordPress is 
vulnerable to p ...)
+       TODO: check
+CVE-2025-3851 (The Download Manager and Payment Form WordPress Plugin \u2013 
WP Smart ...)
+       TODO: check
+CVE-2025-3844 (The PeproDev Ultimate Profile Solutions plugin for WordPress is 
vulner ...)
+       TODO: check
+CVE-2025-3766 (The Login Lockdown & Protection plugin for WordPress is 
vulnerable to  ...)
+       TODO: check
+CVE-2025-3218 (IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 is vulnerable to 
authentication and  ...)
+       TODO: check
+CVE-2025-32405 (An Out-of-bounds Write in RT-Labs P-Net version 1.0.1 or 
earlier allow ...)
+       TODO: check
+CVE-2025-32404 (An Out-of-bounds Write in RT-Labs P-Net version 1.0.1 or 
earlier allow ...)
+       TODO: check
+CVE-2025-32403 (An Out-of-bounds Write in RT-Labs P-Net version 1.0.1 or 
earlier allow ...)
+       TODO: check
+CVE-2025-32402 (An Out-of-bounds Write in RT-Labs P-Net version 1.0.1 or 
earlier allow ...)
+       TODO: check
+CVE-2025-32401 (An Heap-based Buffer Overflow in RT-Labs P-Net version 1.0.1 
or earlie ...)
+       TODO: check
+CVE-2025-32400 (An Heap-based Buffer Overflow in RT-Labs P-Net version 1.0.1 
or earlie ...)
+       TODO: check
+CVE-2025-32399 (An Unchecked Input for Loop Condition in RT-Labs P-Net version 
1.0.1 o ...)
+       TODO: check
+CVE-2025-32398 (A NULL Pointer Dereference in RT-Labs P-Net version 1.0.1 or 
earlier a ...)
+       TODO: check
+CVE-2025-32397 (An Heap-based Buffer Overflow in RT-Labs P-Net version 1.0.1 
or earlie ...)
+       TODO: check
+CVE-2025-32396 (An Heap-based Buffer Overflow in RT-Labs P-Net version 1.0.1 
or earlie ...)
+       TODO: check
+CVE-2025-2821 (The Search Exclude plugin for WordPress is vulnerable to 
unauthorized  ...)
+       TODO: check
+CVE-2025-1400 (Out-of-bounds Read vulnerability inunpack_response (conn.c) in 
libplct ...)
+       TODO: check
+CVE-2025-1399 (Out-of-bounds Read vulnerability inunpack_response (session.c) 
in libp ...)
+       TODO: check
+CVE-2025-0856 (The PGS Core plugin for WordPress is vulnerable to unauthorized 
access ...)
+       TODO: check
+CVE-2025-0855 (The PGS Core plugin for WordPress is vulnerable to PHP Object 
Injectio ...)
+       TODO: check
+CVE-2025-0853 (The PGS Core plugin for WordPress is vulnerable to SQL 
Injection via t ...)
+       TODO: check
+CVE-2025-0669 (Cross-Site Request Forgery (CSRF) vulnerability in BOINC Server 
allows ...)
+       TODO: check
+CVE-2025-0668 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
+       TODO: check
+CVE-2025-0667 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
+       TODO: check
+CVE-2025-0666 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
+       TODO: check
+CVE-2025-0649 (Incorrect JSON input stringificationin Google's Tensorflow 
serving ver ...)
+       TODO: check
+CVE-2024-12120 (The Royal Elementor Addons and Templates plugin for WordPress 
is vulne ...)
+       TODO: check
 CVE-2025-27533 [Unchecked buffer length can cause excessive memory allocation]
        - activemq <unfixed>
        NOTE: https://issues.apache.org/jira/browse/AMQ-6596
-CVE-2025-4372
+CVE-2025-4372 (Use after free in WebAudio in Google Chrome prior to 
136.0.7103.92 all ...)
        - chromium 136.0.7103.92-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2025-4388 (A reflected cross-site scripting (XSS) vulnerability in the 
Liferay Po ...)
@@ -140897,7 +140983,8 @@ CVE-2023-52028 (TOTOlink A3700R 
v9.1.2u.5822_B20200513 was discovered to contain
        NOT-FOR-US: TOTOlink
 CVE-2023-52027 (TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to 
contain a rem ...)
        NOT-FOR-US: TOTOlink
-CVE-2023-51989 (D-Link DIR-822+ V1.0.2 contains a login bypass in the HNAP1 
interface, ...)
+CVE-2023-51989
+       REJECTED
        NOT-FOR-US: D-Link
 CVE-2023-51987 (D-Link DIR-822+ V1.0.2 contains a login bypass in the HNAP1 
interface, ...)
        NOT-FOR-US: D-Link



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2439178635045c4e25ca59e8014984582907e1bf

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2439178635045c4e25ca59e8014984582907e1bf
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to