[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Apr 7 21:12:47 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4c5f9f36 by security tracker role at 2025-04-07T20:12:41+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,196 @@
-CVE-2025-30195
+CVE-2025-3426 (We observed that Intellispace Portal binaries doesn\u2019t have any pr ...)
+ TODO: check
+CVE-2025-3425 (The IntelliSpace portal application utilizes .NET Remoting for its fun ...)
+ TODO: check
+CVE-2025-3424 (The IntelliSpace portal application utilizes .NET Remoting for its fun ...)
+ TODO: check
+CVE-2025-3382 (A vulnerability has been found in joey-zhou xiaozhi-esp32-server-java ...)
+ TODO: check
+CVE-2025-3381 (A vulnerability, which was classified as critical, was found in zhangy ...)
+ TODO: check
+CVE-2025-3380 (A vulnerability, which was classified as critical, has been found in P ...)
+ TODO: check
+CVE-2025-3379 (A vulnerability classified as critical was found in PCMan FTP Server 2 ...)
+ TODO: check
+CVE-2025-3378 (A vulnerability classified as critical has been found in PCMan FTP Ser ...)
+ TODO: check
+CVE-2025-3377 (A vulnerability was found in PCMan FTP Server 2.0.7. It has been rated ...)
+ TODO: check
+CVE-2025-3376 (A vulnerability was found in PCMan FTP Server 2.0.7. It has been decla ...)
+ TODO: check
+CVE-2025-3375 (A vulnerability was found in PCMan FTP Server 2.0.7. It has been class ...)
+ TODO: check
+CVE-2025-3374 (A vulnerability was found in PCMan FTP Server 2.0.7 and classified as ...)
+ TODO: check
+CVE-2025-3373 (A vulnerability has been found in PCMan FTP Server 2.0.7 and classifie ...)
+ TODO: check
+CVE-2025-3372 (A vulnerability, which was classified as critical, was found in PCMan ...)
+ TODO: check
+CVE-2025-3371 (A vulnerability, which was classified as critical, has been found in P ...)
+ TODO: check
+CVE-2025-3370 (A vulnerability classified as critical has been found in PHPGurukul Me ...)
+ TODO: check
+CVE-2025-3369 (A vulnerability was found in xxyopen Novel-Plus 5.1.0. It has been rat ...)
+ TODO: check
+CVE-2025-3360 (A flaw was found in GLib. An integer overflow and buffer under-read oc ...)
+ TODO: check
+CVE-2025-3359 (A flaw was found in GNUPlot. A segmentation fault via IO_str_init_stat ...)
+ TODO: check
+CVE-2025-3353 (A vulnerability was found in PHPGurukul Men Salon Management System 1. ...)
+ TODO: check
+CVE-2025-3352 (A vulnerability was found in PHPGurukul Old Age Home Management System ...)
+ TODO: check
+CVE-2025-3351 (A vulnerability has been found in PHPGurukul Old Age Home Management S ...)
+ TODO: check
+CVE-2025-3350 (A vulnerability, which was classified as critical, was found in PHPGur ...)
+ TODO: check
+CVE-2025-3349 (A vulnerability, which was classified as critical, has been found in P ...)
+ TODO: check
+CVE-2025-3348 (A vulnerability classified as critical was found in code-projects Pati ...)
+ TODO: check
+CVE-2025-3347 (A vulnerability classified as critical has been found in code-projects ...)
+ TODO: check
+CVE-2025-3346 (A vulnerability was found in Tenda AC7 15.03.06.44. It has been rated ...)
+ TODO: check
+CVE-2025-3345 (A vulnerability was found in codeprojects Online Restaurant Management ...)
+ TODO: check
+CVE-2025-3344 (A vulnerability was found in codeprojects Online Restaurant Management ...)
+ TODO: check
+CVE-2025-3248 (Langflow versions prior to 1.3.0 are susceptible to code injection in ...)
+ TODO: check
+CVE-2025-32014 (estree-util-value-to-estree converts a JavaScript value to an ESTree e ...)
+ TODO: check
+CVE-2025-31476 (tarteaucitron.js is a compliant and accessible cookie banner. A vulner ...)
+ TODO: check
+CVE-2025-31475 (tarteaucitron.js is a compliant and accessible cookie banner. A vulner ...)
+ TODO: check
+CVE-2025-31138 (tarteaucitron.js is a compliant and accessible cookie banner. A vulner ...)
+ TODO: check
+CVE-2025-30373 (Graylog is a free and open log management platform. Starting with 6.1, ...)
+ TODO: check
+CVE-2025-2251 (A security flaw exists in WildFly and JBoss Enterprise Application Pla ...)
+ TODO: check
+CVE-2025-29769 (libvips is a demand-driven, horizontally threaded image processing lib ...)
+ TODO: check
+CVE-2025-29594 (A vulnerability exists in the errorpage.php file of the CS2-WeaponPain ...)
+ TODO: check
+CVE-2025-29482 (Buffer Overflow vulnerability in libheif 1.19.7 allows a local attacke ...)
+ TODO: check
+CVE-2025-29481 (Buffer Overflow vulnerability in libbpf 1.5.0 allows a local attacker ...)
+ TODO: check
+CVE-2025-29480 (Buffer Overflow vulnerability in gdal 3.10.2 allows a local attacker t ...)
+ TODO: check
+CVE-2025-29479 (Buffer Overflow in hiredis 1.2.0 allows a local attacker to cause a de ...)
+ TODO: check
+CVE-2025-29478 (An issue in fluent-bit v.3.7.2 allows a local attacker to cause a deni ...)
+ TODO: check
+CVE-2025-29087 (Sqlite 3.49.0 is susceptible to integer overflow through the concat fu ...)
+ TODO: check
+CVE-2025-28413 (An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privile ...)
+ TODO: check
+CVE-2025-28412 (An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privile ...)
+ TODO: check
+CVE-2025-28411 (An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privile ...)
+ TODO: check
+CVE-2025-28410 (An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privile ...)
+ TODO: check
+CVE-2025-28409 (An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privile ...)
+ TODO: check
+CVE-2025-28408 (An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privile ...)
+ TODO: check
+CVE-2025-28407 (An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privile ...)
+ TODO: check
+CVE-2025-28406 (An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privile ...)
+ TODO: check
+CVE-2025-28405 (An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privile ...)
+ TODO: check
+CVE-2025-28403 (An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privile ...)
+ TODO: check
+CVE-2025-28402 (An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privile ...)
+ TODO: check
+CVE-2025-28401 (An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privile ...)
+ TODO: check
+CVE-2025-28400 (An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privile ...)
+ TODO: check
+CVE-2025-27686 (Dell Unisphere for PowerMax, version(s) prior to 10.2.0.9 and PowerMax ...)
+ TODO: check
+CVE-2025-21448 (Transient DOS may occur while parsing SSID in action frames.)
+ TODO: check
+CVE-2025-21447 (Memory corruption may occur while processing device IO control call fo ...)
+ TODO: check
+CVE-2025-21443 (Memory corruption while processing message content in eAVB.)
+ TODO: check
+CVE-2025-21442 (Memory corruption while transmitting packet mapping information with i ...)
+ TODO: check
+CVE-2025-21441 (Memory corruption when IOCTL call is invoked from user-space to write ...)
+ TODO: check
+CVE-2025-21440 (Memory corruption when IOCTL call is invoked from user-space to write ...)
+ TODO: check
+CVE-2025-21439 (Memory corruption may occur while reading board data via IOCTL call wh ...)
+ TODO: check
+CVE-2025-21438 (Memory corruption while IOCTL call is invoked from user-space to read ...)
+ TODO: check
+CVE-2025-21437 (Memory corruption while processing memory map or unmap IOCTL operation ...)
+ TODO: check
+CVE-2025-21436 (Memory corruption may occur while initiating two IOCTL calls simultane ...)
+ TODO: check
+CVE-2025-21435 (Transient DOS may occur while parsing extended IE in beacon.)
+ TODO: check
+CVE-2025-21434 (Transient DOS may occur while parsing EHT operation IE or EHT capabili ...)
+ TODO: check
+CVE-2025-21431 (Information disclosure may be there when a guest VM is connected.)
+ TODO: check
+CVE-2025-21430 (Transient DOS while connecting STA to AP and initiating ADD TS request ...)
+ TODO: check
+CVE-2025-21429 (Memory corruption occurs while connecting a STA to an AP and initiatin ...)
+ TODO: check
+CVE-2025-21428 (Memory corruption occurs while connecting a STA to an AP and initiatin ...)
+ TODO: check
+CVE-2025-21425 (Memory corruption may occur due top improper access control in HAB pro ...)
+ TODO: check
+CVE-2025-21423 (Memory corruption occurs when handling client calls to EnableTestMode ...)
+ TODO: check
+CVE-2025-21421 (Memory corruption while processing escape code in API.)
+ TODO: check
+CVE-2025-0050 (Improper Restriction of Operations within the Bounds of a Memory Buffe ...)
+ TODO: check
+CVE-2024-49848 (Memory corruption while processing multiple IOCTL calls from HLOS to D ...)
+ TODO: check
+CVE-2024-46494 (A cross-site scripting (XSS) vulnerability in Typecho v1.2.1 allows at ...)
+ TODO: check
+CVE-2024-45557 (Memory corruption can occur when TME processes addresses from TZ and M ...)
+ TODO: check
+CVE-2024-45556 (Cryptographic issue may arise because the access control configuration ...)
+ TODO: check
+CVE-2024-45552 (Information disclosure may occur during a video call if a device reset ...)
+ TODO: check
+CVE-2024-45551 (Cryptographic issue occurs during PIN/password verification using Gate ...)
+ TODO: check
+CVE-2024-45549 (Information disclosure while creating MQ channels.)
+ TODO: check
+CVE-2024-45544 (Memory corruption while processing IOCTL calls to add route entry in t ...)
+ TODO: check
+CVE-2024-45543 (Memory corruption while accessing MSM channel map and mixer functions.)
+ TODO: check
+CVE-2024-45540 (Memory corruption while invoking IOCTL map buffer request from userspa ...)
+ TODO: check
+CVE-2024-43067 (Memory corruption occurs during the copying of read data from the EEPR ...)
+ TODO: check
+CVE-2024-43066 (Memory corruption while handling file descriptor during listener regis ...)
+ TODO: check
+CVE-2024-43065 (Cryptographic issues while generating an asymmetric key pair for RKP u ...)
+ TODO: check
+CVE-2024-43058 (Memory corruption while processing IOCTL calls.)
+ TODO: check
+CVE-2024-43046 (There may be information disclosure during memory re-allocation in TZ ...)
+ TODO: check
+CVE-2024-38797 (EDK2 contains a vulnerability in the HashPeImageByType(). A user may c ...)
+ TODO: check
+CVE-2024-33058 (Memory corruption while assigning memory from the source DDR memory(HL ...)
+ TODO: check
+CVE-2024-11859 (DLL Search Order Hijacking vulnerability potentially allowed an attack ...)
+ TODO: check
+CVE-2025-30195 (An attacker can publish a zone containing specific Resource Record Set ...)
- pdns-recursor 5.2.1-1
[bookworm] - pdns-recursor <not-affected> (Vulnerable code not present)
[bullseye] - pdns-recursor <not-affected> (Vulnerable code not present)
@@ -224,7 +416,7 @@ CVE-2024-58036 (Net::Dropbox::API 1.9 and earlier for Perl uses the rand() funct
CVE-2024-57868 (Web::API 2.8 and earlier for Perl uses the rand() function as the defa ...)
- libweb-api-perl <unfixed> (bug #1102148)
NOTE: https://lists.security.metacpan.org/cve-announce/msg/28503730/
-CVE-2025-30473
+CVE-2025-30473 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: Apache Airflow SQL provider
CVE-2025-XXXX [RUSTSEC-2025-0022]
- rust-openssl <unfixed> (bug #1102137)
@@ -3757,7 +3949,8 @@ CVE-2025-2074 (The Advanced Google reCAPTCHA plugin for WordPress is vulnerable
NOT-FOR-US: WordPress plugin
CVE-2025-2027 (A double free vulnerability has been identified in the ASUS System Ana ...)
NOT-FOR-US: ASUS
-CVE-2025-28253 (Cross-Site Scripting (XSS) vulnerability in MainWP MainWP Dashboard v5 ...)
+CVE-2025-28253
+ REJECTED
NOT-FOR-US: WordPress plugin or theme
CVE-2025-26956 (Missing Authorization vulnerability in Shinetheme Traveler.This issue ...)
NOT-FOR-US: WordPress plugin or theme
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4c5f9f36e97bff2ff54b4216bd34866515b10d5a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4c5f9f36e97bff2ff54b4216bd34866515b10d5a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250407/c0baa2da/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list