Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2861351c by security tracker role at 2025-03-24T20:12:28+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,229 @@
+CVE-2025-30623 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-30621 (Cross-Site Request Forgery (CSRF) vulnerability in kornelly
Translator ...)
+ TODO: check
+CVE-2025-30620 (Cross-Site Request Forgery (CSRF) vulnerability in coderscom
WP Odoo F ...)
+ TODO: check
+CVE-2025-30619 (Cross-Site Request Forgery (CSRF) vulnerability in SpeakPipe
SpeakPipe ...)
+ TODO: check
+CVE-2025-30617 (Cross-Site Request Forgery (CSRF) vulnerability in takien
Rewrite allo ...)
+ TODO: check
+CVE-2025-30615 (Cross-Site Request Forgery (CSRF) vulnerability in Jacob
Schwartz WP e ...)
+ TODO: check
+CVE-2025-30612 (Cross-Site Request Forgery (CSRF) vulnerability in mandegarweb
Replace ...)
+ TODO: check
+CVE-2025-30610 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-30609 (Insertion of Sensitive Information Into Sent Data
vulnerability in App ...)
+ TODO: check
+CVE-2025-30608 (Cross-Site Request Forgery (CSRF) vulnerability in Anthony
WordPress S ...)
+ TODO: check
+CVE-2025-30606 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-30605 (Missing Authorization vulnerability in ldwin79
sourceplay-navermap all ...)
+ TODO: check
+CVE-2025-30604 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-30603 (Cross-Site Request Forgery (CSRF) vulnerability in DEJAN
CopyLink allo ...)
+ TODO: check
+CVE-2025-30602 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-30601 (Cross-Site Request Forgery (CSRF) vulnerability in flipdish
Flipdish O ...)
+ TODO: check
+CVE-2025-30600 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-30599 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-30598 (Cross-Site Request Forgery (CSRF) vulnerability in Link OSS
Upload all ...)
+ TODO: check
+CVE-2025-30597 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-30595 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-30593 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-30592 (Missing Authorization vulnerability in westerndeal Advanced
Dewplayer ...)
+ TODO: check
+CVE-2025-30591 (Missing Authorization vulnerability in tuyennv Music Press Pro
allows ...)
+ TODO: check
+CVE-2025-30590 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-30588 (Cross-Site Request Forgery (CSRF) vulnerability in ryan_xantoo
Map Con ...)
+ TODO: check
+CVE-2025-30587 (Cross-Site Request Forgery (CSRF) vulnerability in shawfactor
LH OGP M ...)
+ TODO: check
+CVE-2025-30586 (Cross-Site Request Forgery (CSRF) vulnerability in bbodine1
cTabs allo ...)
+ TODO: check
+CVE-2025-30585 (Cross-Site Request Forgery (CSRF) vulnerability in marynixie
Generate ...)
+ TODO: check
+CVE-2025-30584 (Cross-Site Request Forgery (CSRF) vulnerability in
alphaomegaplugins A ...)
+ TODO: check
+CVE-2025-30583 (Cross-Site Request Forgery (CSRF) vulnerability in
ProRankTracker Pro ...)
+ TODO: check
+CVE-2025-30581 (Missing Authorization vulnerability in PluginOps Top Bar
allows Exploi ...)
+ TODO: check
+CVE-2025-30578 (Cross-Site Request Forgery (CSRF) vulnerability in hotvanrod
AdSense P ...)
+ TODO: check
+CVE-2025-30577 (Cross-Site Request Forgery (CSRF) vulnerability in mendibass
Browser A ...)
+ TODO: check
+CVE-2025-30576 (Cross-Site Request Forgery (CSRF) vulnerability in HuangYe
WuDeng Hack ...)
+ TODO: check
+CVE-2025-30575 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-30574 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-30573 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-30572 (Cross-Site Request Forgery (CSRF) vulnerability in Igor Yavych
Simple ...)
+ TODO: check
+CVE-2025-30571 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-30570 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-30569 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-30568 (Cross-Site Request Forgery (CSRF) vulnerability in hitoy Super
Static ...)
+ TODO: check
+CVE-2025-30566 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-30565 (Cross-Site Request Forgery (CSRF) vulnerability in karrikas
banner-man ...)
+ TODO: check
+CVE-2025-30564 (Cross-Site Request Forgery (CSRF) vulnerability in wpwox
Custom Script ...)
+ TODO: check
+CVE-2025-30561 (Cross-Site Request Forgery (CSRF) vulnerability in Henrique
Mouta CAS ...)
+ TODO: check
+CVE-2025-30560 (Cross-Site Request Forgery (CSRF) vulnerability in Sana Ullah
jQuery D ...)
+ TODO: check
+CVE-2025-30558 (Cross-Site Request Forgery (CSRF) vulnerability in
EnzoCostantini55 AN ...)
+ TODO: check
+CVE-2025-30557 (Cross-Site Request Forgery (CSRF) vulnerability in odihost
Easy 301 Re ...)
+ TODO: check
+CVE-2025-30556 (Cross-Site Request Forgery (CSRF) vulnerability in flyaga Fix
Rss Feed ...)
+ TODO: check
+CVE-2025-30555 (Cross-Site Request Forgery (CSRF) vulnerability in iiiryan
WordPres \u ...)
+ TODO: check
+CVE-2025-30553 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-30552 (Cross-Site Request Forgery (CSRF) vulnerability in Donald
Gilbert Word ...)
+ TODO: check
+CVE-2025-30551 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-30550 (Cross-Site Request Forgery (CSRF) vulnerability in WPShop.ru
CallPhone ...)
+ TODO: check
+CVE-2025-30549 (Cross-Site Request Forgery (CSRF) vulnerability in Yummly
Yummly Rich ...)
+ TODO: check
+CVE-2025-30546 (Cross-Site Request Forgery (CSRF) vulnerability in boroV
Cackle allows ...)
+ TODO: check
+CVE-2025-30545 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-30543 (Missing Authorization vulnerability in swayam.tejwani Menu
Duplicator ...)
+ TODO: check
+CVE-2025-30542 (Cross-Site Request Forgery (CSRF) vulnerability in wpsolutions
SoundCl ...)
+ TODO: check
+CVE-2025-30541 (Cross-Site Request Forgery (CSRF) vulnerability in OTWthemes
Info Boxe ...)
+ TODO: check
+CVE-2025-30540 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-30539 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-30538 (Cross-Site Request Forgery (CSRF) vulnerability in ChrisHurst
Simple O ...)
+ TODO: check
+CVE-2025-30537 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-30536 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-30535 (Cross-Site Request Forgery (CSRF) vulnerability in muro
External image ...)
+ TODO: check
+CVE-2025-30534 (Cross-Site Request Forgery (CSRF) vulnerability in
captcha.soft Image ...)
+ TODO: check
+CVE-2025-30533 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-30532 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-30531 (Cross-Site Request Forgery (CSRF) vulnerability in GBS
Developer WP Ri ...)
+ TODO: check
+CVE-2025-30530 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-30529 (Cross-Site Request Forgery (CSRF) vulnerability in
S\xe9bastien Dumont ...)
+ TODO: check
+CVE-2025-30528 (Cross-Site Request Forgery (CSRF) vulnerability in wpshopee
Awesome Lo ...)
+ TODO: check
+CVE-2025-30527 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-30526 (Cross-Site Request Forgery (CSRF) vulnerability in lucksy
Typekit plug ...)
+ TODO: check
+CVE-2025-30525 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-30523 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-30522 (Cross-Site Request Forgery (CSRF) vulnerability in Damian
Orzol Contac ...)
+ TODO: check
+CVE-2025-30521 (Cross-Site Request Forgery (CSRF) vulnerability in giangmd93
GP Back T ...)
+ TODO: check
+CVE-2025-30208 (Vite, a provider of frontend development tooling, has a
vulnerability ...)
+ TODO: check
+CVE-2025-30205 (kanidim-provision is a helper utility that uses kanidm's API
to provis ...)
+ TODO: check
+CVE-2025-30163 (Cilium is a networking, observability, and security solution
with an e ...)
+ TODO: check
+CVE-2025-30162 (Cilium is a networking, observability, and security solution
with an e ...)
+ TODO: check
+CVE-2025-30112 (On 70mai Dash Cam 1S devices, by connecting directly to the
dashcam's ...)
+ TODO: check
+CVE-2025-2749 (An authenticated remote code execution in Kentico Xperience
allows aut ...)
+ TODO: check
+CVE-2025-2748 (TheKentico Xperience application does not fully validate or
filter fil ...)
+ TODO: check
+CVE-2025-2747 (An authentication bypass vulnerability in Kentico Xperience
allows aut ...)
+ TODO: check
+CVE-2025-2746 (An authentication bypass vulnerability in Kentico Xperience
allows aut ...)
+ TODO: check
+CVE-2025-2709 (A vulnerability has been found in Yonyou UFIDA ERP-NC 5.0 and
classifi ...)
+ TODO: check
+CVE-2025-2708 (A vulnerability, which was classified as critical, was found in
zhijia ...)
+ TODO: check
+CVE-2025-2707 (A vulnerability, which was classified as critical, has been
found in z ...)
+ TODO: check
+CVE-2025-2706 (A vulnerability classified as critical was found in Digiwin ERP
5.0.1. ...)
+ TODO: check
+CVE-2025-2705 (A vulnerability classified as critical has been found in
Digiwin ERP 5 ...)
+ TODO: check
+CVE-2025-2702 (A vulnerability, which was classified as critical, has been
found in S ...)
+ TODO: check
+CVE-2025-2701 (A vulnerability classified as critical was found in AMTT Hotel
Broadba ...)
+ TODO: check
+CVE-2025-2700 (A vulnerability classified as problematic has been found in
michelson ...)
+ TODO: check
+CVE-2025-2326
+ REJECTED
+CVE-2025-2231 (PDF-XChange Editor RTF File Parsing Out-Of-Bounds Read Remote
Code Exe ...)
+ TODO: check
+CVE-2025-29778 (Kyverno is a policy engine designed for cloud native platform
engineer ...)
+ TODO: check
+CVE-2025-29294
+ REJECTED
+CVE-2025-23204 (API Platform Core is a system to create hypermedia-driven REST
and Gra ...)
+ TODO: check
+CVE-2025-22223 (Spring Security 6.4.0 - 6.4.3 may not correctly locate method
security ...)
+ TODO: check
+CVE-2025-1558 (Mattermost Mobile Apps versions <=2.25.0 fail to properly
validate GIF ...)
+ TODO: check
+CVE-2025-0835 (Software installed and run as a non-privileged user may conduct
improp ...)
+ TODO: check
+CVE-2025-0478 (Software installed and run as a non-privileged user may conduct
improp ...)
+ TODO: check
+CVE-2025-0256 (HCL DevOps Deploy / HCL Launch could allow an authenticated
user to ob ...)
+ TODO: check
+CVE-2025-0255 (HCL DevOps Deploy / HCL Launch could allow a remote privileged
authent ...)
+ TODO: check
+CVE-2024-9103 (Improper Neutralization of Script in Attributes in a Web Page
vulnerab ...)
+ TODO: check
+CVE-2024-8774 (The SIMPLE.ERP client stores superuser password in a
recoverable forma ...)
+ TODO: check
+CVE-2024-8773 (SIMPLE.ERP client is vulnerable to MS SQL protocol downgrade
request f ...)
+ TODO: check
+CVE-2024-55279 (Uguu through 1.8.9 allows Cross Site Scripting (XSS) via
JavaScript in ...)
+ TODO: check
CVE-2025-2699 (A vulnerability was found in GetmeUK ContentTools up to 1.6.16.
It has ...)
NOT-FOR-US: GetmeUK ContentTools
CVE-2025-2690 (A vulnerability, which was classified as critical, was found in
yiisof ...)
@@ -2220,7 +2446,7 @@ CVE-2025-2056 (The WP Ghost (Hide My WP Ghost) \u2013
Security & Firewall plugin
CVE-2025-26163 (CM Soluces Informatica Ltda Auto Atendimento 1.x.x was
discovered to c ...)
NOT-FOR-US: CM Soluces Informatica Ltda Auto Atendimento
CVE-2025-24855 (numbers.c in libxslt before 1.1.43 has a use-after-free
because, in ne ...)
- {DSA-5884-1}
+ {DSA-5884-1 DLA-4089-1}
- libxslt 1.1.35-1.2 (bug #1100566)
NOTE: https://gitlab.gnome.org/GNOME/libxslt/-/issues/128
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/libxslt/-/commit/c7c7f1f78dd202a053996fcefe57eb994aec8ef2
(v1.1.43)
@@ -2239,7 +2465,7 @@ CVE-2025-0955 (The VidoRev Extensions plugin for
WordPress is vulnerable to unau
CVE-2025-0952 (The Eco Nature - Environment & Ecology WordPress Theme theme
for WordP ...)
NOT-FOR-US: WordPress plugin
CVE-2024-55549 (xsltGetInheritedNsList in libxslt before 1.1.43 has a
use-after-free i ...)
- {DSA-5884-1}
+ {DSA-5884-1 DLA-4089-1}
- libxslt 1.1.35-1.2 (bug #1100565)
NOTE: https://gitlab.gnome.org/GNOME/libxslt/-/issues/127
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/libxslt/-/commit/46041b65f2fbddf5c284ee1a1332fa2c515c0515
(v1.1.43)
@@ -52258,7 +52484,7 @@ CVE-2024-46977 (OpenC3 COSMOS provides the
functionality needed to send commands
NOT-FOR-US: OpenC3 COSMOS
CVE-2024-46626 (OS4ED openSIS-Classic v9.1 was discovered to contain a SQL
injection v ...)
NOT-FOR-US: OS4ED openSIS-Classic
-CVE-2024-45965 (Contao 5.4.1 allows an authenticated admin account to upload a
SVG fil ...)
+CVE-2024-45965 (Contao before 5.5.6 allows XSS via an SVG document. This
affects (in c ...)
NOT-FOR-US: Contao CMS
CVE-2024-45964 (Zenario 9.7.61188 is vulnerable to Cross Site Scripting (XSS)
in the I ...)
NOT-FOR-US: Zenario
@@ -180188,8 +180414,8 @@ CVE-2015-10076 (A vulnerability was found in dimtion
Shaarlier up to 1.2.2. It h
NOT-FOR-US: dimtion Shaarlier
CVE-2023-25611 (A improper neutralization of formula elements in a CSV file
vulnerabil ...)
NOT-FOR-US: Fortinet
-CVE-2023-25610
- RESERVED
+CVE-2023-25610 (A buffer underwrite ('buffer underflow') vulnerability in the
administ ...)
+ TODO: check
CVE-2023-25609 (A server-side request forgery (SSRF) vulnerability[CWE-918]
inFortiMan ...)
NOT-FOR-US: Fortinet
CVE-2023-25608 (An incomplete filtering of one or more instances of special
elements v ...)
@@ -328671,8 +328897,8 @@ CVE-2021-26107 (An improper access control
vulnerability [CWE-284] in FortiManag
NOT-FOR-US: Fortiguard
CVE-2021-26106 (An improper neutralization of special elements used in an OS
Command v ...)
NOT-FOR-US: Fortiguard
-CVE-2021-26105
- RESERVED
+CVE-2021-26105 (A stack-based buffer overflow vulnerability (CWE-121) in the
profile p ...)
+ TODO: check
CVE-2021-26104 (Multiple OS command injection (CWE-78) vulnerabilities in the
command ...)
NOT-FOR-US: Fortiguard
CVE-2021-26103 (An insufficient verification of data authenticity
vulnerability (CWE-3 ...)
@@ -328699,8 +328925,8 @@ CVE-2021-26093 (An access of uninitialized pointer
(CWE-824) vulnerabilityin For
NOT-FOR-US: FortiGuard
CVE-2021-26092 (Failure to sanitize input in the SSL VPN web portal of FortiOS
5.2.10 ...)
NOT-FOR-US: FortiGuard
-CVE-2021-26091
- RESERVED
+CVE-2021-26091 (A use of a cryptographically weak pseudo-random number
generator vulne ...)
+ TODO: check
CVE-2021-26090 (A missing release of memory after its effective lifetime
vulnerability ...)
NOT-FOR-US: FortiMail
CVE-2021-26089 (An improper symlink following in FortiClient for Mac 6.4.3 and
below m ...)
@@ -511337,7 +511563,7 @@ CVE-2018-9195 (Use of a hardcoded cryptographic key
in the FortiGuard services c
NOT-FOR-US: FortiGuard
CVE-2018-9194 (A plaintext recovery of encrypted messages or a
Man-in-the-middle (MiT ...)
NOT-FOR-US: Fortinet FortiOS
-CVE-2018-9193 (A local privilege escalation in Fortinet FortiClient for
Windows 6.0.4 ...)
+CVE-2018-9193 (A researcher has disclosed several vulnerabilities against
FortiClient ...)
NOT-FOR-US: Fortinet FortiClient
CVE-2018-9192 (A plaintext recovery of encrypted messages or a
Man-in-the-middle (MiT ...)
NOT-FOR-US: Fortinet FortiOS
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2861351c610d645d863f77862b4aa9359deea4e7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2861351c610d645d863f77862b4aa9359deea4e7
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
