[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Fri, 28 Mar 2025 13:13:46 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
f3d110a3 by security tracker role at 2025-03-28T20:12:51+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,231 @@
+CVE-2025-31474 (Cross-Site Request Forgery (CSRF) vulnerability in 
matthewprice1178 WP ...)
+       TODO: check
+CVE-2025-31473 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-31472 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-31471 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-31470 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-31469 (Missing Authorization vulnerability in webrangers Clear Sucuri 
Cache a ...)
+       TODO: check
+CVE-2025-31466 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+       TODO: check
+CVE-2025-31465 (Improper Neutralization of Script-Related HTML Tags in a Web 
Page (Bas ...)
+       TODO: check
+CVE-2025-31464 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-31463 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-31460 (Cross-Site Request Forgery (CSRF) vulnerability in 
danielmuldernl Omni ...)
+       TODO: check
+CVE-2025-31459 (Cross-Site Request Forgery (CSRF) vulnerability in 
PasqualePuzio Login ...)
+       TODO: check
+CVE-2025-31458 (Cross-Site Request Forgery (CSRF) vulnerability in forsgren 
Video Embe ...)
+       TODO: check
+CVE-2025-31457 (Cross-Site Request Forgery (CSRF) vulnerability in Aur\xe9lien 
LWS LWS ...)
+       TODO: check
+CVE-2025-31456 (Cross-Site Request Forgery (CSRF) vulnerability in bsndev 
Ultimate Sec ...)
+       TODO: check
+CVE-2025-31453 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-31452 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-31451 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-31450 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-31449 (Cross-Site Request Forgery (CSRF) vulnerability in EricH The 
Visitor C ...)
+       TODO: check
+CVE-2025-31448 (Cross-Site Request Forgery (CSRF) vulnerability in misteraon 
Simple Tr ...)
+       TODO: check
+CVE-2025-31447 (Cross-Site Request Forgery (CSRF) vulnerability in nertworks 
NertWorks ...)
+       TODO: check
+CVE-2025-31444 (Cross-Site Request Forgery (CSRF) vulnerability in youtag 
ShowTime Sli ...)
+       TODO: check
+CVE-2025-31443 (Cross-Site Request Forgery (CSRF) vulnerability in Krzysztof 
Furtak KK ...)
+       TODO: check
+CVE-2025-31440 (Cross-Site Request Forgery (CSRF) vulnerability in Strategy11 
Team Ter ...)
+       TODO: check
+CVE-2025-31439 (Cross-Site Request Forgery (CSRF) vulnerability in 
tobias_.MerZ Browse ...)
+       TODO: check
+CVE-2025-31438 (Cross-Site Request Forgery (CSRF) vulnerability in Benoit De 
Boeck WP  ...)
+       TODO: check
+CVE-2025-31437 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-31435 (Cross-Site Request Forgery (CSRF) vulnerability in Efficient 
Scripts M ...)
+       TODO: check
+CVE-2025-31434 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-31433 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-31432 (Improper Control of Filename for Include/Require Statement in 
PHP Prog ...)
+       TODO: check
+CVE-2025-31164 (heap-buffer overflow in fig2dev in version 3.2.9aallows an 
attacker to ...)
+       TODO: check
+CVE-2025-31163 (Segmentation fault in fig2dev in version 3.2.9aallows an 
attacker to a ...)
+       TODO: check
+CVE-2025-31162 (Floating point exception in fig2dev in version 3.2.9aallows an 
attacke ...)
+       TODO: check
+CVE-2025-31102 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-31099 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+       TODO: check
+CVE-2025-31096 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-31094 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-31093 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-31090 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-31088 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-31083 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-31079 (Cross-Site Request Forgery (CSRF) vulnerability in usermaven 
Usermaven ...)
+       TODO: check
+CVE-2025-31077 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-31076 (Server-Side Request Forgery (SSRF) vulnerability in WP 
Compress WP Com ...)
+       TODO: check
+CVE-2025-31075 (Improper Neutralization of Script-Related HTML Tags in a Web 
Page (Bas ...)
+       TODO: check
+CVE-2025-31073 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-31010 (Cross-Site Request Forgery (CSRF) vulnerability in 
ReichertBrothers Si ...)
+       TODO: check
+CVE-2025-30372 (Emlog is an open source website building system. Emlog Pro 
versions pr ...)
+       TODO: check
+CVE-2025-30371 (Metabase is a business intelligence and embedded analytics 
tool. Versi ...)
+       TODO: check
+CVE-2025-30211 (Erlang/OTP is a set of libraries for the Erlang programming 
language.  ...)
+       TODO: check
+CVE-2025-2926 (A vulnerability was found in HDF5 up to 1.14.6 and classified 
as probl ...)
+       TODO: check
+CVE-2025-2925 (A vulnerability has been found in HDF5 up to 1.14.6 and 
classified as  ...)
+       TODO: check
+CVE-2025-2924 (A vulnerability, which was classified as problematic, was found 
in HDF ...)
+       TODO: check
+CVE-2025-2923 (A vulnerability, which was classified as problematic, has been 
found i ...)
+       TODO: check
+CVE-2025-2922 (A vulnerability classified as problematic was found in Netis 
WF-2404 1 ...)
+       TODO: check
+CVE-2025-2921 (A vulnerability classified as critical has been found in Netis 
WF-2404 ...)
+       TODO: check
+CVE-2025-2920 (A vulnerability was found in Netis WF-2404 1.1.124EN. It has 
been rate ...)
+       TODO: check
+CVE-2025-2919 (A vulnerability was found in Netis WF-2404 1.1.124EN. It has 
been decl ...)
+       TODO: check
+CVE-2025-2917 (A vulnerability, which was classified as problematic, was found 
in Che ...)
+       TODO: check
+CVE-2025-2916 (A vulnerability, which was classified as critical, has been 
found in A ...)
+       TODO: check
+CVE-2025-2915 (A vulnerability classified as problematic was found in HDF5 up 
to 1.14 ...)
+       TODO: check
+CVE-2025-2914 (A vulnerability classified as problematic has been found in 
HDF5 up to ...)
+       TODO: check
+CVE-2025-2913 (A vulnerability was found in HDF5 up to 1.14.6. It has been 
rated as p ...)
+       TODO: check
+CVE-2025-2912 (A vulnerability was found in HDF5 up to 1.14.6. It has been 
declared a ...)
+       TODO: check
+CVE-2025-2911 (Unauthorised access to the call forwarding service system in 
MeetMe pr ...)
+       TODO: check
+CVE-2025-2910 (User enumeration in the password reset module of the MeetMe 
authentica ...)
+       TODO: check
+CVE-2025-2909 (The lack of encryption in the DuoxMe (formerly Blue) 
application binar ...)
+       TODO: check
+CVE-2025-2908 (The exposure of credentials in the call forwarding 
configuration modul ...)
+       TODO: check
+CVE-2025-2901 (A flaw was found in the JBoss EAP Management Console, where a 
stored C ...)
+       TODO: check
+CVE-2025-2877 (A flaw was found in the Ansible Automation Platform's 
Event-Driven Ans ...)
+       TODO: check
+CVE-2025-2870 (Reflected Cross-Site Scripting (XSS) vulnerability in version 
1.0 of t ...)
+       TODO: check
+CVE-2025-2869 (Reflected Cross-Site Scripting (XSS) vulnerability in version 
1.0 of t ...)
+       TODO: check
+CVE-2025-2868 (Reflected Cross-Site Scripting (XSS) vulnerability in version 
1.0 of t ...)
+       TODO: check
+CVE-2025-2865 (SaTECH BCU, in its firmware version 2.1.3, could allow XSS 
attacks and ...)
+       TODO: check
+CVE-2025-2864 (SaTECH BCU in its firmware version 2.1.3 allows an attacker to 
inject  ...)
+       TODO: check
+CVE-2025-2863 (Cross-site request forgery (CSRF) vulnerability in the web 
application ...)
+       TODO: check
+CVE-2025-2862 (SaTECH BCU, in its firmware version 2.1.3, performs weak 
password encr ...)
+       TODO: check
+CVE-2025-2861 (SaTECH BCU in its firmware version 2.1.3 uses the HTTP 
protocol. The u ...)
+       TODO: check
+CVE-2025-2860 (SaTECH BCU in its firmware version 2.1.3, allows an 
authenticated atta ...)
+       TODO: check
+CVE-2025-2859 (An attacker with access to the network where the vulnerable 
device is  ...)
+       TODO: check
+CVE-2025-2858 (Privilege escalation vulnerability in the saTECH BCU firmware 
version  ...)
+       TODO: check
+CVE-2025-2815 (The Administrator Z plugin for WordPress is vulnerable to 
unauthorized ...)
+       TODO: check
+CVE-2025-2713 (Google gVisor's runsc component exhibited a local privilege 
escalation ...)
+       TODO: check
+CVE-2025-29928 (authentik is an open-source identity provider. Prior to 
versions 2024. ...)
+       TODO: check
+CVE-2025-28221 (Tenda W6_S v1.0.0.4_510 has a Buffer Overflow vulnerability in 
the set ...)
+       TODO: check
+CVE-2025-28220 (Tenda W6_S v1.0.0.4_510 has a Buffer Overflow vulnerability in 
the set ...)
+       TODO: check
+CVE-2025-28219 (Netgear DC112A V1.0.0.64 has an OS command injection 
vulnerability in  ...)
+       TODO: check
+CVE-2025-27932 (Improper limitation of a pathname to a restricted directory 
('Path Tra ...)
+       TODO: check
+CVE-2025-27726 (Improper limitation of a pathname to a restricted directory 
('Path Tra ...)
+       TODO: check
+CVE-2025-27718 (Improper limitation of a pathname to a restricted directory 
('Path Tra ...)
+       TODO: check
+CVE-2025-27716 (Improper limitation of a pathname to a restricted directory 
('Path Tra ...)
+       TODO: check
+CVE-2025-27574 (Cross-site scripting vulnerability exists in the USB storage 
file-shar ...)
+       TODO: check
+CVE-2025-27567 (Cross-site scripting vulnerability exists in the NickName 
registration ...)
+       TODO: check
+CVE-2025-27001 (Insertion of Sensitive Information Into Sent Data 
vulnerability in Shi ...)
+       TODO: check
+CVE-2025-22767 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-22575 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-22566 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-22526 (Deserialization of Untrusted Data vulnerability in NotFound 
PHP/MySQL  ...)
+       TODO: check
+CVE-2025-22523 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+       TODO: check
+CVE-2025-22501 (Improper Neutralization of Script-Related HTML Tags in a Web 
Page (Bas ...)
+       TODO: check
+CVE-2025-22360 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-22356 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-1781 (There is a XXE in W3CSS Validator versions 
beforecssval-20250226 that  ...)
+       TODO: check
+CVE-2025-1705 (The tagDiv Composer plugin for WordPress is vulnerable to 
Cross-Site R ...)
+       TODO: check
+CVE-2025-0986 (IBM PowerVM Hypervisor FW1050.00 through FW1050.30 and 
FW1060.00 throu ...)
+       TODO: check
+CVE-2024-7407 (Use of a custom password encoding algorithmin Streamsoft 
Presti\u017c  ...)
+       TODO: check
+CVE-2024-54362 (Path Traversal vulnerability in NotFound GetShop ecommerce 
allows Path ...)
+       TODO: check
+CVE-2024-54291 (Improper Limitation of a Pathname to a Restricted Directory 
('Path Tra ...)
+       TODO: check
+CVE-2024-51624 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-48615 (Null Pointer Dereference vulnerability in libarchive 3.7.6 and 
earlier ...)
+       TODO: check
+CVE-2024-39311 (Publify is a self hosted Web publishing platform on Rails. 
Prior to ve ...)
+       TODO: check
+CVE-2024-11504 (Input from multiple fields inStreamsoft Presti\u017c is not 
sanitized  ...)
+       TODO: check
 CVE-2025-31101 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-31092 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
@@ -1431,9 +1659,9 @@ CVE-2024-13411 (The Zapier for WordPress plugin for 
WordPress is vulnerable to S
        NOT-FOR-US: WordPress plugin
 CVE-2024-9773 (An issue was discovered in GitLab EE affecting all versions 
starting f ...)
        - gitlab <not-affected> (Specific to EE)
-CVE-2024-10307
+CVE-2024-10307 (An issue has been discovered in GitLab EE/CE affecting all 
versions fr ...)
        - gitlab <unfixed>
-CVE-2024-12619
+CVE-2024-12619 (An issue has been discovered in GitLab CE/EE affecting all 
versions fr ...)
        - gitlab <unfixed>
 CVE-2025-2242 (An improper access control vulnerability in GitLab CE/EE 
affecting all ...)
        - gitlab <unfixed>
@@ -335668,8 +335896,8 @@ CVE-2021-24010 (Improper limitation of a pathname to 
a restricted directory vuln
        NOT-FOR-US: FortiSandbox
 CVE-2021-24009 (Multiple improper neutralization of special elements used in 
an OS com ...)
        NOT-FOR-US: FortiWAN
-CVE-2021-24008
-       RESERVED
+CVE-2021-24008 (An exposure of sensitive system information to an unauthorized 
control ...)
+       TODO: check
 CVE-2021-24007 (Multiple improper neutralization of special elements of SQL 
commands v ...)
        NOT-FOR-US: Fortiguard
 CVE-2021-24006 (An improper access control vulnerability in FortiManager 
versions 6.4. ...)
@@ -437652,8 +437880,8 @@ CVE-2019-16151 (An improper neutralization of input 
during web page generation v
        NOT-FOR-US: Fortinet
 CVE-2019-16150 (Use of a hard-coded cryptographic key to encrypt security 
sensitive da ...)
        NOT-FOR-US: Fortiguard
-CVE-2019-16149
-       RESERVED
+CVE-2019-16149 (An Improper Neutralization of Input During Web Page Generation 
in Fort ...)
+       TODO: check
 CVE-2019-16168 (In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c 
can cras ...)
        {DLA-2340-1}
        - sqlite3 3.29.0-2



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f3d110a3480f9825d0f6b017352f52b8f610685c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f3d110a3480f9825d0f6b017352f52b8f610685c
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to