[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Thu, 10 Apr 2025 01:12:39 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
b7648af6 by security tracker role at 2025-04-10T08:12:03+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,67 @@
+CVE-2025-3489 (A vulnerability was found in Nababur 
Simple-User-Management-System 1.0 ...)
+       TODO: check
+CVE-2025-3417 (The Embedder plugin for WordPress is vulnerable to unauthorized 
modifi ...)
+       TODO: check
+CVE-2025-3102 (The SureTriggers: All-in-One Automation Platform plugin for 
WordPress  ...)
+       TODO: check
+CVE-2025-3023
+       REJECTED
+CVE-2025-32728 (In sshd in OpenSSH before 10.0, the DisableForwarding 
directive does n ...)
+       TODO: check
+CVE-2025-32387 (Helm is a package manager for Charts for Kubernetes. A JSON 
Schema fil ...)
+       TODO: check
+CVE-2025-32386 (Helm is a tool for managing Charts. A chart archive file can 
be crafte ...)
+       TODO: check
+CVE-2025-30660 (An Improper Check for Unusual or Exceptional Conditions 
vulnerability  ...)
+       TODO: check
+CVE-2025-30659 (An Improper Handling of Length Parameter Inconsistency 
vulnerability i ...)
+       TODO: check
+CVE-2025-30658 (A Missing Release of Memory after Effective Lifetime 
vulnerability in  ...)
+       TODO: check
+CVE-2025-30657 (An Improper Encoding or Escaping of Output vulnerability in 
the Sampli ...)
+       TODO: check
+CVE-2025-2873
+       REJECTED
+CVE-2025-2845
+       REJECTED
+CVE-2025-2809 (The azurecurve Shortcodes in Comments plugin for WordPress is 
vulnerab ...)
+       TODO: check
+CVE-2025-2805 (The ORDER POST plugin for WordPress is vulnerable to arbitrary 
shortco ...)
+       TODO: check
+CVE-2025-2719 (The Swatchly \u2013 WooCommerce Variation Swatches for Products 
(produ ...)
+       TODO: check
+CVE-2025-29989 (Dell Client Platform BIOS contains a Security Version Number 
Mutable t ...)
+       TODO: check
+CVE-2025-29018 (A Stored Cross-Site Scripting (XSS) vulnerability exists in 
the name p ...)
+       TODO: check
+CVE-2025-27690 (Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.0, 
contains a u ...)
+       TODO: check
+CVE-2025-26480 (Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.0.0, 
contains an  ...)
+       TODO: check
+CVE-2025-26479 (Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.0, 
contains an  ...)
+       TODO: check
+CVE-2025-26330 (Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.1, 
contains an  ...)
+       TODO: check
+CVE-2025-24375 (Charmed MySQL K8s operator is a Charmed Operator for running 
MySQL on  ...)
+       TODO: check
+CVE-2025-23378 (Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.0, 
contains an  ...)
+       TODO: check
+CVE-2025-22471 (Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.1, 
contains an  ...)
+       TODO: check
+CVE-2025-0539 (In affected Microsoft Windows versions of Octopus Deploy, the 
server c ...)
+       TODO: check
+CVE-2024-58136 (Yii 2 before 2.0.52 mishandles the attaching of behavior that 
is defin ...)
+       TODO: check
+CVE-2024-38865 (Improper neutralization of livestatus command delimiters in a 
specific ...)
+       TODO: check
+CVE-2024-13909 (The Accredible Certificates & Open Badges plugin for WordPress 
is vuln ...)
+       TODO: check
+CVE-2024-13896 (The WP-GeSHi-Highlight \u2014 rock-solid syntax highlighting 
for 259 l ...)
+       TODO: check
+CVE-2024-13874 (The Feedify  WordPress plugin before 2.4.6 does not sanitise 
and escap ...)
+       TODO: check
+CVE-2024-10894 (The Payment Forms for Paystack plugin for WordPress is 
vulnerable to S ...)
+       TODO: check
 CVE-2025-2761 [GIMP FLI File Parsing Out-Of-Bounds Write Remote Code Execution 
Vulnerability]
        - gimp 3.0.0-1
        NOTE: https://www.zerodayinitiative.com/advisories/ZDI-25-204/
@@ -76762,13 +76826,16 @@ CVE-2024-0857 (Improper Neutralization of Special 
Elements used in an SQL Comman
        NOT-FOR-US: Universal Software Inc. FlexWater Corporate Water Management
 CVE-2023-50304 (IBM Engineering Requirements Management DOORS Web Access 
9.7.2.8 is vu ...)
        NOT-FOR-US: IBM
-CVE-2023-40704 (Philips Vue PACS uses default credentials for potentially 
critical fun ...)
+CVE-2023-40704 (The product does not require unique and complex passwords to 
be create ...)
        NOT-FOR-US: Philips Vue PACS
-CVE-2023-40539 (Philips Vue PACS does not require that users have strong 
passwords, wh ...)
+CVE-2023-40539
+       REJECTED
        NOT-FOR-US: Philips Vue PACS
-CVE-2023-40223 (Philips Vue PACS does not properly assign, modify, track, or 
check act ...)
+CVE-2023-40223
+       REJECTED
        NOT-FOR-US: Philips Vue PACS
-CVE-2023-40159 (A validated user not explicitly authorized to have access to 
certain s ...)
+CVE-2023-40159
+       REJECTED
        NOT-FOR-US: Philips Vue PACS
 CVE-2024-6705 (The RegLevel plugin for WordPress is vulnerable to Stored 
Cross-Site S ...)
        NOT-FOR-US: WordPress plugin



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7648af6c26f35247f0bf9b3303cbec696068a3c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7648af6c26f35247f0bf9b3303cbec696068a3c
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to