[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Apr 8 09:11:56 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
cd2cce9a by security tracker role at 2025-04-08T08:11:48+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,181 @@
+CVE-2025-3431 (The ZoomSounds - WordPress Wave Audio Player with Playlist plugin for ...)
+ TODO: check
+CVE-2025-3430 (The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection v ...)
+ TODO: check
+CVE-2025-3429 (The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection v ...)
+ TODO: check
+CVE-2025-3428 (The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection v ...)
+ TODO: check
+CVE-2025-3427 (The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection v ...)
+ TODO: check
+CVE-2025-3413 (A vulnerability has been found in opplus springboot-admin up to a2d531 ...)
+ TODO: check
+CVE-2025-3412 (A vulnerability, which was classified as critical, was found in mymagi ...)
+ TODO: check
+CVE-2025-3411 (A vulnerability, which was classified as critical, has been found in m ...)
+ TODO: check
+CVE-2025-3410 (A vulnerability classified as critical was found in mymagicpower AIAS ...)
+ TODO: check
+CVE-2025-3409 (A vulnerability classified as critical has been found in Nothings stb ...)
+ TODO: check
+CVE-2025-3408 (A vulnerability was found in Nothings stb up to f056911. It has been r ...)
+ TODO: check
+CVE-2025-3407 (A vulnerability was found in Nothings stb up to f056911. It has been d ...)
+ TODO: check
+CVE-2025-3406 (A vulnerability was found in Nothings stb up to f056911. It has been c ...)
+ TODO: check
+CVE-2025-3405 (A vulnerability was found in FCJ Venture Builder appclientefiel 3.0.27 ...)
+ TODO: check
+CVE-2025-3403 (A vulnerability was found in Vivotek NVR ND8422P, NVR ND9525P and NVR ...)
+ TODO: check
+CVE-2025-3402 (A vulnerability was found in Seeyon Zhiyuan Interconnect FE Collaborat ...)
+ TODO: check
+CVE-2025-3401 (A vulnerability has been found in ESAFENET CDG 5.6.3.154.205_20250114 ...)
+ TODO: check
+CVE-2025-3400 (A vulnerability, which was classified as critical, was found in ESAFEN ...)
+ TODO: check
+CVE-2025-3399 (A vulnerability, which was classified as critical, has been found in E ...)
+ TODO: check
+CVE-2025-3398 (A vulnerability classified as critical was found in lenve VBlog up to ...)
+ TODO: check
+CVE-2025-3397 (A vulnerability classified as problematic has been found in YzmCMS 7.1 ...)
+ TODO: check
+CVE-2025-3393 (A vulnerability was found in mrcen springboot-ucan-admin up to 5f35162 ...)
+ TODO: check
+CVE-2025-3392 (A vulnerability was found in hailey888 oa_system up to 2025.01.01 and ...)
+ TODO: check
+CVE-2025-3391 (A vulnerability has been found in hailey888 oa_system up to 2025.01.01 ...)
+ TODO: check
+CVE-2025-3390 (A vulnerability, which was classified as problematic, was found in hai ...)
+ TODO: check
+CVE-2025-3389 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2025-3388 (A vulnerability classified as problematic was found in hailey888 oa_sy ...)
+ TODO: check
+CVE-2025-3387 (A vulnerability classified as problematic has been found in renrenio r ...)
+ TODO: check
+CVE-2025-3386 (A vulnerability was found in LinZhaoguan pb-cms 2.0. It has been rated ...)
+ TODO: check
+CVE-2025-3385 (A vulnerability was found in LinZhaoguan pb-cms 2.0. It has been decla ...)
+ TODO: check
+CVE-2025-3384 (A vulnerability was found in 1000 Projects Human Resource Management S ...)
+ TODO: check
+CVE-2025-3383 (A vulnerability was found in SourceCodester Web-based Pharmacy Product ...)
+ TODO: check
+CVE-2025-3364 (The SSH service of PowerStation from HGiga has a Chroot Escape vulnera ...)
+ TODO: check
+CVE-2025-3363 (The web service of iSherlock from HGiga has an OS Command Injection vu ...)
+ TODO: check
+CVE-2025-3362 (The web service of iSherlock from HGiga has an OS Command Injection vu ...)
+ TODO: check
+CVE-2025-3361 (The web service of iSherlock from HGiga has an OS Command Injection vu ...)
+ TODO: check
+CVE-2025-32414 (In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memor ...)
+ TODO: check
+CVE-2025-32413 (Vulnerability-Lookup before 2.7.1 allows stored XSS via a user bio in ...)
+ TODO: check
+CVE-2025-32409 (Ratta SuperNote A6 X2 Nomad before December 2024 allows remote code ex ...)
+ TODO: check
+CVE-2025-32034 (The Apollo Router Core is a configurable, high-performance graph route ...)
+ TODO: check
+CVE-2025-32033 (The Apollo Router Core is a configurable, high-performance graph route ...)
+ TODO: check
+CVE-2025-32032 (The Apollo Router Core is a configurable, high-performance graph route ...)
+ TODO: check
+CVE-2025-32031 (Apollo Gateway provides utilities for combining multiple GraphQL micro ...)
+ TODO: check
+CVE-2025-32030 (Apollo Gateway provides utilities for combining multiple GraphQL micro ...)
+ TODO: check
+CVE-2025-32029 (ts-asn1-der is a collection of utility classes to encode ASN.1 data fo ...)
+ TODO: check
+CVE-2025-31496 (apollo-compiler is a query-based compiler for the GraphQL query langua ...)
+ TODO: check
+CVE-2025-31333 (SAP S4CORE OData meta-data property is vulnerable to data tampering, d ...)
+ TODO: check
+CVE-2025-31332 (Due to insecure file permissions in SAP BusinessObjects Business Intel ...)
+ TODO: check
+CVE-2025-31331 (SAP NetWeaver allows an attacker to bypass authorization checks, enabl ...)
+ TODO: check
+CVE-2025-31330 (SAP Landscape Transformation (SLT) allows an attacker with user privil ...)
+ TODO: check
+CVE-2025-30017 (Due to a missing authorization check, an authenticated attacker could ...)
+ TODO: check
+CVE-2025-30016 (SAP Financial Consolidation allows an unauthenticated attacker to gain ...)
+ TODO: check
+CVE-2025-30015 (Due to incorrect memory address handling in ABAP SQL of SAP NetWeaver ...)
+ TODO: check
+CVE-2025-30014 (SAP Capital Yield Tax Management has directory traversal vulnerability ...)
+ TODO: check
+CVE-2025-30013 (SAP ERP BW Business Content is vulnerable to OS Command Injection thro ...)
+ TODO: check
+CVE-2025-2882 (The GreenPay(tm) by Green.Money plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2025-2526 (The Streamit theme for WordPress is vulnerable to privilege escalation ...)
+ TODO: check
+CVE-2025-2525 (The Streamit theme for WordPress is vulnerable to arbitrary file uploa ...)
+ TODO: check
+CVE-2025-2519 (The Sreamit theme for WordPress is vulnerable to arbitrary file downlo ...)
+ TODO: check
+CVE-2025-2004 (The Simple WP Events plugin for WordPress is vulnerable to arbitrary f ...)
+ TODO: check
+CVE-2025-27437 (A Missing Authorization Check vulnerability exists in the Virus Scanne ...)
+ TODO: check
+CVE-2025-27435 (Under specific conditions and prerequisites, an unauthenticated attack ...)
+ TODO: check
+CVE-2025-27429 (SAP S/4HANA allows an attacker with user privileges to exploit a vulne ...)
+ TODO: check
+CVE-2025-27428 (Due to directory traversal vulnerability, an authorized attacker could ...)
+ TODO: check
+CVE-2025-26657 (SAP KMC WPC allows an unauthenticated attacker to remotely retrieve us ...)
+ TODO: check
+CVE-2025-26654 (SAP Commerce Cloud (Public Cloud) does not allow to disable unencrypte ...)
+ TODO: check
+CVE-2025-26653 (SAP NetWeaver Application Server ABAP does not sufficiently encode use ...)
+ TODO: check
+CVE-2025-23186 (In certain conditions, SAP NetWeaver Application Server ABAP allows an ...)
+ TODO: check
+CVE-2025-20951 (Improper verification of intent by broadcast receiver vulnerability in ...)
+ TODO: check
+CVE-2025-20950 (Use of implicit intent for sensitive communication in SamsungNotes pri ...)
+ TODO: check
+CVE-2025-20948 (Out-of-bounds read in enrollment with cdsp frame secfr trustlet prior ...)
+ TODO: check
+CVE-2025-20947 (Improper handling of insufficient permission or privileges in Clipboar ...)
+ TODO: check
+CVE-2025-20946 (Improper handling of exceptional conditions in pairing specific blueto ...)
+ TODO: check
+CVE-2025-20945 (Improper access control in Galaxy Watch prior to SMR Apr-2025 Release ...)
+ TODO: check
+CVE-2025-20944 (Out-of-bounds read in parsing audio data in libsavsac.so prior to SMR ...)
+ TODO: check
+CVE-2025-20943 (Out-of-bounds write in secfr trustlet prior to SMR Apr-2025 Release 1 ...)
+ TODO: check
+CVE-2025-20942 (Improper Verification of Intent by Broadcast Receiver in DeviceIdServi ...)
+ TODO: check
+CVE-2025-20941 (Improper access control in InputManager to SMR Apr-2025 Release 1 allo ...)
+ TODO: check
+CVE-2025-20940 (Improper handling of insufficient permission in Samsung Device Health ...)
+ TODO: check
+CVE-2025-20939 (Improper authorization in wireless download protocol in Galaxy Watch p ...)
+ TODO: check
+CVE-2025-20938 (Improper access control in SamsungContacts prior to SMR Apr-2025 Relea ...)
+ TODO: check
+CVE-2025-20936 (Improper access control in HDCP trustlet prior to SMR Apr-2025 Release ...)
+ TODO: check
+CVE-2025-20935 (Improper handling of insufficient permission or privileges in Clipboar ...)
+ TODO: check
+CVE-2025-20934 (Improper access control in Sticker Center prior to SMR Apr-2025 Releas ...)
+ TODO: check
+CVE-2025-0942 (The DB chooser functionality inJalios JPlatform 10 SP6 before 10.0.6 i ...)
+ TODO: check
+CVE-2025-0361 (During an annual penetration test conducted on behalf of Axis Communic ...)
+ TODO: check
+CVE-2024-47261 (51l3nc3, a member of the AXIS OS Bug Bounty Program, has found that th ...)
+ TODO: check
+CVE-2024-13820 (The Melhor Envio plugin for WordPress is vulnerable to Sensitive Infor ...)
+ TODO: check
+CVE-2019-25223 (The Team Circle Image Slider With Lightbox plugin for WordPress is vul ...)
+ TODO: check
CVE-2025-3426 (We observed that Intellispace Portal binaries doesn\u2019t have any pr ...)
NOT-FOR-US: Intellispace Portal
CVE-2025-3425 (The IntelliSpace portal application utilizes .NET Remoting for its fun ...)
@@ -207,6 +385,7 @@ CVE-2025-30195 (An attacker can publish a zone containing specific Resource Reco
NOTE: https://www.openwall.com/lists/oss-security/2025/04/07/1
NOTE: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2025-01.html
CVE-2025-31510 [XSS/HTML Injection through tab parameter when using "Choice" authentication module]
+ {DLA-4119-1}
- lemonldap-ng 2.21.0+ds-1
NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3341
NOTE: Fixed by: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/a790b15e94f1435d9dfe1fe30750f35d54ed072a (v2.16.5)
@@ -3510,7 +3689,8 @@ CVE-2025-2973 (A vulnerability, which was classified as critical, was found in c
NOT-FOR-US: code-projects
CVE-2025-2972
REJECTED
-CVE-2025-2971 (A vulnerability classified as problematic was found in ConcreteCMS up ...)
+CVE-2025-2971
+ REJECTED
NOT-FOR-US: ConcreteCMS
CVE-2025-2970
REJECTED
@@ -32227,6 +32407,7 @@ CVE-2024-56826 (A flaw was found in the OpenJPEG project. A heap buffer overflow
CVE-2025-22214 (Landray EIS 2001 through 2006 allows Message/fi_message_receiver.aspx? ...)
NOT-FOR-US: WordPress pluginEIS
CVE-2024-56830 (The Net::EasyTCP package 0.15 through 0.26 for Perl uses Perl's builti ...)
+ {DLA-4120-1}
- libnet-easytcp-perl <removed>
NOTE: https://github.com/briandfoy/cpan-security-advisory/issues/184
NOTE: Related to CVE-2002-20002 (direct use of rand for version before < 0.15)
@@ -50278,27 +50459,27 @@ CVE-2025-27833 (An issue was discovered in Artifex Ghostscript before 10.05.0. A
NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=a82738e387bbb44c7c4698404776dca53f62b158 (ghostpdl-10.05.0)
NOTE: Introduced by: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=316c3a08269212f1005709da64efcb383f8f5ce0 (ghostpdl-9.55.0rc1)
CVE-2025-27830 (An issue was discovered in Artifex Ghostscript before 10.05.0. A buffe ...)
- {DSA-5888-1}
+ {DSA-5888-1 DLA-4118-1}
- ghostscript 10.05.0~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=708241
NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=8474e1d6b896e35741d3c608ea5c21deeec1078f (ghostpdl-10.05.0)
CVE-2025-27836 (An issue was discovered in Artifex Ghostscript before 10.05.0. The BJ1 ...)
- {DSA-5888-1}
+ {DSA-5888-1 DLA-4118-1}
- ghostscript 10.05.0~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=708192
NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=8b6d19b2b4079da6863ef25f2370f25d4b054919 (ghostpdl-10.05.0)
CVE-2025-27831 (An issue was discovered in Artifex Ghostscript before 10.05.0. The DOC ...)
- {DSA-5888-1}
+ {DSA-5888-1 DLA-4118-1}
- ghostscript 10.05.0~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=708132
NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=d6e713dda4f8d75c6a4ed8c7568a0d4f532dcb17 (ghostpdl-10.05.0)
CVE-2025-27832 (An issue was discovered in Artifex Ghostscript before 10.05.0. The NPD ...)
- {DSA-5888-1}
+ {DSA-5888-1 DLA-4118-1}
- ghostscript 10.05.0~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=708133
NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=57291c846334f1585552010faa42d7cb2cbd5c41 (ghostpdl-10.05.0)
CVE-2025-27835 (An issue was discovered in Artifex Ghostscript before 10.05.0. A buffe ...)
- {DSA-5888-1}
+ {DSA-5888-1 DLA-4118-1}
- ghostscript 10.05.0~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=708131
NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=de900010a6f2310d1fd54e99eeba466693da0e13 (ghostpdl-10.05.0)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd2cce9af560773e94ee9f9f55d2b146947282b5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd2cce9af560773e94ee9f9f55d2b146947282b5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250408/feb47c93/attachment.htm>
More information about the debian-security-tracker-commits
mailing list