Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f9381baa by security tracker role at 2025-04-05T08:12:40+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,33 @@
+CVE-2025-3296 (A vulnerability, which was classified as critical, has been
found in S ...)
+ TODO: check
+CVE-2025-3268 (A vulnerability has been found in qinguoyi TinyWebServer up to
1.0 and ...)
+ TODO: check
+CVE-2025-32352 (A type confusion vulnerability in lib/NSSAuthenticator.php in
ZendTo b ...)
+ TODO: check
+CVE-2025-2941 (The Drag and Drop Multiple File Upload for WooCommerce plugin
for Word ...)
+ TODO: check
+CVE-2025-2933 (The Email Notifications for Updates plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2025-2889 (The Link Library plugin for WordPress is vulnerable to Stored
Cross-Si ...)
+ TODO: check
+CVE-2025-2789 (The MultiVendorX \u2013 Empower Your WooCommerce Store with a
Dynamic ...)
+ TODO: check
+CVE-2025-2544 (The AI Content Pipelines plugin for WordPress is vulnerable to
Stored ...)
+ TODO: check
+CVE-2025-1500 (IBM Maximo Application Suite 9.0 could allow an authenticated
user to ...)
+ TODO: check
+CVE-2025-1233 (The Lafka Plugin for WordPress is vulnerable to unauthorized
access du ...)
+ TODO: check
+CVE-2025-0839 (The ZoomSounds plugin for WordPress is vulnerable to Stored
Cross-Site ...)
+ TODO: check
+CVE-2025-0810 (The Read More & Accordion plugin for WordPress is vulnerable to
Cross- ...)
+ TODO: check
+CVE-2024-13776 (The ZoomSounds - WordPress Wave Audio Player with Playlist
plugin for ...)
+ TODO: check
+CVE-2024-13604 (The KB Support \u2013 Customer Support Ticket & Helpdesk
Plugin, Knowl ...)
+ TODO: check
+CVE-2021-47667 (An OS command injection vulnerability in lib/NSSDropoff.php in
ZendTo ...)
+ TODO: check
CVE-2025-3267 (A vulnerability, which was classified as critical, was found in
qinguo ...)
NOT-FOR-US: qinguoyi TinyWebServer
CVE-2025-3266 (A vulnerability, which was classified as critical, has been
found in q ...)
@@ -7961,6 +7991,7 @@ CVE-2025-2106 (The ArielBrailovsky-ViralAd plugin for
WordPress is vulnerable to
CVE-2025-2104 (The Page Builder: Pagelayer \u2013 Drag and Drop website
builder plugi ...)
NOT-FOR-US: WordPress plugin
CVE-2025-25293 (ruby-saml provides security assertion markup language (SAML)
single si ...)
+ {DLA-4115-1}
- ruby-saml <unfixed> (bug #1100441)
NOTE:
https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-92rq-c8cf-prrq
NOTE: Vulnerability might be the result of an incomplete fix for a
zipbomb attack.
@@ -7971,11 +8002,13 @@ CVE-2025-25293 (ruby-saml provides security assertion
markup language (SAML) sin
NOTE:
https://github.com/SAML-Toolkits/ruby-saml/commit/c21d6935b43a032701d99e398cbfc551e80bfb72
(v1.13.0)
NOTE:
https://github.com/SAML-Toolkits/ruby-saml/commit/acac9e9cc0b9a507882c614f25d41f8b47be349a
(v1.18.0)
CVE-2025-25292 (ruby-saml provides security assertion markup language (SAML)
single si ...)
+ {DLA-4115-1}
- ruby-saml <unfixed> (bug #1100441)
NOTE:
https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-754f-8gm6-c4r2
NOTE:
https://github.com/SAML-Toolkits/ruby-saml/commit/e9c1cdbd0f9afa467b585de279db0cbd0fb8ae97
(v1.18.0)
NOTE:
https://github.com/SAML-Toolkits/ruby-saml/commit/e76c5b36bac40aedbf1ba7ffaaf495be63328cd9
(v1.12.4)
CVE-2025-25291 (ruby-saml provides security assertion markup language (SAML)
single si ...)
+ {DLA-4115-1}
- ruby-saml <unfixed> (bug #1100441)
NOTE:
https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-4vc4-m8qh-g8jm
NOTE:
https://github.com/SAML-Toolkits/ruby-saml/commit/e9c1cdbd0f9afa467b585de279db0cbd0fb8ae97
(v1.18.0)
@@ -9117,7 +9150,7 @@ CVE-2025-25382 (An issue in the Property Tax Payment
Portal in Information Keral
CVE-2025-25306 (Misskey is an open source, federated social media platform.
The patch ...)
NOT-FOR-US: Misskey
CVE-2025-24813 (Path Equivalence: 'file.Name' (Internal Dot) leading toRemote
Code Exe ...)
- {DLA-4108-1}
+ {DSA-5893-1 DLA-4108-1}
- tomcat10 10.1.35-1
- tomcat9 9.0.70-2
NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server
stack, using that as the fixed version
@@ -55352,7 +55385,7 @@ CVE-2024-9936 (When manipulating the selection node
cache, an attacker may have
- firefox 131.0.3-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-53/#CVE-2024-9936
CVE-2024-9823 (There exists a security vulnerability in Jetty's DosFilter
which can b ...)
- {DLA-4106-1}
+ {DSA-5894-1 DLA-4106-1}
- jetty9 9.4.54-1
- jetty <removed>
NOTE:
https://github.com/jetty/jetty.project/security/advisories/GHSA-7hcf-ppf8-5w5h
@@ -55365,7 +55398,7 @@ CVE-2024-9137 (The affected product lacks an
authentication check when sending c
CVE-2024-8602 (When the XML is read from the codes in the PDF and parsed using
a Docu ...)
NOT-FOR-US: DocumentBuilder
CVE-2024-8184 (There exists a security vulnerability in Jetty's
ThreadLimitHandler.ge ...)
- {DLA-4106-1}
+ {DSA-5894-1 DLA-4106-1}
- jetty9 9.4.56-1
- jetty <removed>
NOTE:
https://github.com/jetty/jetty.project/security/advisories/GHSA-g8m5-722r-8whq
@@ -55381,7 +55414,7 @@ CVE-2024-6763 (Eclipse Jetty is a lightweight, highly
scalable, Java-based web s
NOTE: https://github.com/jetty/jetty.project/pull/12012
NOTE:
https://github.com/jetty/jetty.project/pull/12012#issuecomment-2416450253 (and
following)
CVE-2024-6762 (Jetty PushSessionCacheFilter can be exploited by
unauthenticated users ...)
- {DLA-4106-1}
+ {DSA-5894-1 DLA-4106-1}
- jetty9 9.4.54-1 (bug #1085697)
- jetty <removed>
NOTE:
https://github.com/jetty/jetty.project/security/advisories/GHSA-r7m4-f9h5-gr79
@@ -139688,7 +139721,7 @@ CVE-2023-6274 (A vulnerability was found in Byzoro
Smart S80 up to 20231108. It
CVE-2023-6251 (Cross-site Request Forgery (CSRF) in Checkmk < 2.2.0p15, <
2.1.0p37, < ...)
- check-mk <removed>
CVE-2023-49298 (OpenZFS through 2.1.13 and 2.2.x through 2.2.1, in certain
scenarios i ...)
- {DLA-3766-1}
+ {DLA-4114-1 DLA-3766-1}
- zfs-linux 2.1.14-1 (bug #1056752)
[bookworm] - zfs-linux 2.1.11-1+deb12u1
NOTE: https://github.com/openzfs/zfs/issues/15526
@@ -331517,7 +331550,7 @@ CVE-2021-27207
CVE-2021-27206
RESERVED
CVE-2013-20001 (An issue was discovered in OpenZFS through 2.0.3. When an NFS
share is ...)
- {DLA-3766-1}
+ {DLA-4114-1 DLA-3766-1}
[experimental] - zfs-linux 2.2.0-1~exp1
- zfs-linux 2.2.2-1 (bug #1059322)
[bookworm] - zfs-linux 2.1.11-1+deb12u1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f9381baaf40cbd258ecaa5668761a281d4fa4169
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f9381baaf40cbd258ecaa5668761a281d4fa4169
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
