[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Apr 2 09:12:16 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e1f0baa8 by security tracker role at 2025-04-02T08:12:09+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,28 +1,186 @@
-CVE-2025-3074
+CVE-2025-31889 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-31819 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-31753 (Cross-Site Request Forgery (CSRF) vulnerability in Animesh Kumar Advan ...)
+ TODO: check
+CVE-2025-31628 (Missing Authorization vulnerability in SlicedInvoices Sliced Invoices. ...)
+ TODO: check
+CVE-2025-31619 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-31612 (Deserialization of Untrusted Data vulnerability in Sabuj Kundu CBX Pol ...)
+ TODO: check
+CVE-2025-31594 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-31580 (Missing Authorization vulnerability in Anzar Ahmed Ni WooCommerce Prod ...)
+ TODO: check
+CVE-2025-31579 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-31578 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-31571 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-31568 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-31564 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-31563 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-31561 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-31560 (Incorrect Privilege Assignment vulnerability in Dimitri Grassi Salon b ...)
+ TODO: check
+CVE-2025-31553 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-31552 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-31551 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-31550 (Insertion of Sensitive Information into Externally-Accessible File or ...)
+ TODO: check
+CVE-2025-31548 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-31537 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-31534 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-31531 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-31525 (Missing Authorization vulnerability in WP Messiah WP Mobile Bottom Men ...)
+ TODO: check
+CVE-2025-31462 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-31461 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-31455 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-31454 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-31446 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-31445 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-31441 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-31431 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-31135 (Go-Guerrilla SMTP Daemon is a lightweight SMTP server written in Go. P ...)
+ TODO: check
+CVE-2025-31097 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-31089 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-31086 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-31085 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-31082 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-31081 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-31080 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-31078 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-30913 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-30906 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-30905 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-30892 (Deserialization of Untrusted Data vulnerability in magepeopleteam WpTr ...)
+ TODO: check
+CVE-2025-30853 (Missing Authorization vulnerability in ShortPixel ShortPixel Adaptive ...)
+ TODO: check
+CVE-2025-30852 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-30844 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-30841 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2025-30825 (Missing Authorization vulnerability in WPClever WPC Smart Linked Produ ...)
+ TODO: check
+CVE-2025-30807 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-30778 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-30580 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
+ TODO: check
+CVE-2025-30554 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-30356 (CryptoLib provides a software-only solution using the CCSDS Space Data ...)
+ TODO: check
+CVE-2025-2779 (The Insert Headers and Footers Code \u2013 HT Script plugin for WordPr ...)
+ TODO: check
+CVE-2025-29982 (Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Ins ...)
+ TODO: check
+CVE-2025-29981 (Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Exp ...)
+ TODO: check
+CVE-2025-29070 (A heap buffer overflow vulnerability has been identified in thesmooth2 ...)
+ TODO: check
+CVE-2025-29049 (Cross Site Scripting vulnerability in arnog MathLive Versions v0.103.0 ...)
+ TODO: check
+CVE-2025-29036 (An issue in hackathon-starter v.8.1.0 allows a remote attacker to esca ...)
+ TODO: check
+CVE-2025-29033 (An issue in BambooHR Build v.25.0210.170831-83b08dd allows a remote at ...)
+ TODO: check
+CVE-2025-27694 (Dell Wyse Management Suite, versions prior to WMS 5.1, contains an In ...)
+ TODO: check
+CVE-2025-27693 (Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Imp ...)
+ TODO: check
+CVE-2025-27692 (Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Unr ...)
+ TODO: check
+CVE-2025-27244 (AssetView and AssetView CLOUD contain an issue with acquiring sensitiv ...)
+ TODO: check
+CVE-2025-25060 (Missing authentication for critical function vulnerability exists in A ...)
+ TODO: check
+CVE-2025-0676 (This vulnerability involves command injection in tcpdump within Moxa p ...)
+ TODO: check
+CVE-2025-0415 (A remote attacker with web administrator privileges can exploit the de ...)
+ TODO: check
+CVE-2024-45700 (Zabbix server is vulnerable to a DoS vulnerability due to uncontrolled ...)
+ TODO: check
+CVE-2024-45699 (The endpoint /zabbix.php?action=export.valuemaps suffers from a Cross- ...)
+ TODO: check
+CVE-2024-42325 (Zabbix API user.get returns all users that share common group with the ...)
+ TODO: check
+CVE-2024-39780 (A YAML deserialization vulnerability was found in the Robot Operating ...)
+ TODO: check
+CVE-2024-36469 (Execution time for an unsuccessful login differs when using a non-exis ...)
+ TODO: check
+CVE-2024-36465 (A low privilege (regular) Zabbix user with API access can use SQL inje ...)
+ TODO: check
+CVE-2024-13941 (A vulnerability was found in ouch-org ouch up to 0.3.1. It has been cl ...)
+ TODO: check
+CVE-2023-46988 (Directory Traversal vulnerability in ONLYOFFICE Document Server v.7.5. ...)
+ TODO: check
+CVE-2003-20001 (An issue was discovered on Mitel ICP VoIP 3100 devices. When a remote ...)
+ TODO: check
+CVE-2025-3074 (Inappropriate implementation in Downloads in Google Chrome prior to 13 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-3073
+CVE-2025-3073 (Inappropriate implementation in Autofill in Google Chrome prior to 135 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-3072
+CVE-2025-3072 (Inappropriate implementation in Custom Tabs in Google Chrome prior to ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-3071
+CVE-2025-3071 (Inappropriate implementation in Navigations in Google Chrome prior to ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-3070
+CVE-2025-3070 (Insufficient validation of untrusted input in Extensions in Google Chr ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-3069
+CVE-2025-3069 (Inappropriate implementation in Extensions in Google Chrome prior to 1 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-3068
+CVE-2025-3068 (Inappropriate implementation in Intents in Google Chrome on Android pr ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-3067
+CVE-2025-3067 (Inappropriate implementation in Custom Tabs in Google Chrome on Androi ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-3066
+CVE-2025-3066 (Use after free in Navigations in Google Chrome prior to 135.0.7049.52 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-3096 (Clinic\u2019s Patient Management System versions 2.0 suffers from a SQ ...)
@@ -7820,6 +7978,7 @@ CVE-2025-25382 (An issue in the Property Tax Payment Portal in Information Keral
CVE-2025-25306 (Misskey is an open source, federated social media platform. The patch ...)
NOT-FOR-US: Misskey
CVE-2025-24813 (Path Equivalence: 'file.Name' (Internal Dot) leading toRemote Code Exe ...)
+ {DLA-4108-1}
- tomcat10 10.1.35-1
- tomcat9 9.0.70-2
NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server stack, using that as the fixed version
@@ -30387,14 +30546,14 @@ CVE-2022-49035 (In the Linux kernel, the following vulnerability has been resolv
CVE-2024-8447 (A security issue was discovered in the LRA Coordinator component of Na ...)
NOT-FOR-US: Narayana
CVE-2024-56827 (A flaw was found in the OpenJPEG project. A heap buffer overflow condi ...)
- {DSA-5851-1}
+ {DSA-5851-1 DLA-4107-1}
[experimental] - openjpeg2 2.5.3-1~exp1
- openjpeg2 2.5.3-1 (bug #1092676)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2335174
NOTE: https://github.com/uclouvain/openjpeg/issues/1564
NOTE: https://github.com/uclouvain/openjpeg/commit/e492644fbded4c820ca55b5e50e598d346e850e8 (v2.5.3)
CVE-2024-56826 (A flaw was found in the OpenJPEG project. A heap buffer overflow condi ...)
- {DSA-5851-1}
+ {DSA-5851-1 DLA-4107-1}
[experimental] - openjpeg2 2.5.3-1~exp1
- openjpeg2 2.5.3-1 (bug #1092675)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2335172
@@ -54051,6 +54210,7 @@ CVE-2024-9936 (When manipulating the selection node cache, an attacker may have
- firefox 131.0.3-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-53/#CVE-2024-9936
CVE-2024-9823 (There exists a security vulnerability in Jetty's DosFilter which can b ...)
+ {DLA-4106-1}
- jetty9 9.4.54-1
- jetty <removed>
NOTE: https://github.com/jetty/jetty.project/security/advisories/GHSA-7hcf-ppf8-5w5h
@@ -54063,6 +54223,7 @@ CVE-2024-9137 (The affected product lacks an authentication check when sending c
CVE-2024-8602 (When the XML is read from the codes in the PDF and parsed using a Docu ...)
NOT-FOR-US: DocumentBuilder
CVE-2024-8184 (There exists a security vulnerability in Jetty's ThreadLimitHandler.ge ...)
+ {DLA-4106-1}
- jetty9 9.4.56-1
- jetty <removed>
NOTE: https://github.com/jetty/jetty.project/security/advisories/GHSA-g8m5-722r-8whq
@@ -54078,6 +54239,7 @@ CVE-2024-6763 (Eclipse Jetty is a lightweight, highly scalable, Java-based web s
NOTE: https://github.com/jetty/jetty.project/pull/12012
NOTE: https://github.com/jetty/jetty.project/pull/12012#issuecomment-2416450253 (and following)
CVE-2024-6762 (Jetty PushSessionCacheFilter can be exploited by unauthenticated users ...)
+ {DLA-4106-1}
- jetty9 9.4.54-1 (bug #1085697)
- jetty <removed>
NOTE: https://github.com/jetty/jetty.project/security/advisories/GHSA-r7m4-f9h5-gr79
@@ -62798,7 +62960,7 @@ CVE-2024-20469 (A vulnerability in specific CLI commands in Cisco Identity Servi
NOT-FOR-US: Cisco
CVE-2024-20440 (A vulnerability in Cisco Smart Licensing Utility could allow an unauth ...)
NOT-FOR-US: Cisco
-CVE-2024-20439 (A vulnerability in Cisco Smart Licensing Utility could allow an unauth ...)
+CVE-2024-20439 (A vulnerability in Cisco Smart Licensing Utility (CSLU) could allow an ...)
NOT-FOR-US: Cisco
CVE-2024-44082 (In OpenStack Ironic before 26.0.1 and ironic-python-agent before 9.13. ...)
- ironic 1:26.1.0-1
@@ -256779,7 +256941,7 @@ CVE-2022-27496 (Cross-site scripting vulnerability in Zero-channel BBS Plus v0.7
CVE-2022-25348 (Untrusted search path vulnerability in AttacheCase ver.4.0.2.7 and ear ...)
NOT-FOR-US: AttacheCase
CVE-2022-1122 (A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in ...)
- {DLA-2975-1}
+ {DLA-4107-1 DLA-2975-1}
- openjpeg2 2.5.0-1
[buster] - openjpeg2 <no-dsa> (Minor issue)
NOTE: https://github.com/uclouvain/openjpeg/issues/1368
@@ -312761,7 +312923,7 @@ CVE-2021-3577 (An unauthenticated remote code execution vulnerability was report
CVE-2021-3576 (Execution with Unnecessary Privileges vulnerability in Bitdefender End ...)
NOT-FOR-US: Bitdefender
CVE-2021-3575 (A heap-based buffer overflow was found in openjpeg in color.c:379:42 i ...)
- {DSA-5851-1}
+ {DSA-5851-1 DLA-4107-1}
[experimental] - openjpeg2 2.5.3-1~exp1
- openjpeg2 2.5.3-1 (bug #989775)
[buster] - openjpeg2 <no-dsa> (Minor issue)
@@ -324946,7 +325108,7 @@ CVE-2021-29340
CVE-2021-29339
RESERVED
CVE-2021-29338 (Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash t ...)
- {DLA-2975-1}
+ {DLA-4107-1 DLA-2975-1}
- openjpeg2 2.4.0-4 (bug #987276)
[buster] - openjpeg2 <no-dsa> (Minor issue)
NOTE: https://github.com/uclouvain/openjpeg/issues/1338
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e1f0baa827be9257f75b6c3f97a885e563c3fc69
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e1f0baa827be9257f75b6c3f97a885e563c3fc69
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250402/34f6f30c/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list