[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Apr 8 21:12:01 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
384c70a6 by security tracker role at 2025-04-08T20:11:54+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,487 @@
+CVE-2025-3437 (The Motors \u2013 Car Dealership & Classified Listings Plugin plugin f ...)
+ TODO: check
+CVE-2025-3436 (The coreActivity: Activity Logging for WordPress plugin for WordPress ...)
+ TODO: check
+CVE-2025-3433 (The Advanced Advertising System plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2025-3432 (The AAWP Obfuscator plugin for WordPress is vulnerable to Stored Cross ...)
+ TODO: check
+CVE-2025-3416 (A flaw was found in OpenSSL's handling of the properties argument in c ...)
+ TODO: check
+CVE-2025-3289 (A local code execution vulnerability exists in the Rockwell Automation ...)
+ TODO: check
+CVE-2025-3288 (A local code execution vulnerability exists in the Rockwell Automation ...)
+ TODO: check
+CVE-2025-3287 (A local code execution vulnerability exists in the Rockwell Automation ...)
+ TODO: check
+CVE-2025-3286 (A local code execution vulnerability exists in the Rockwell Automation ...)
+ TODO: check
+CVE-2025-3285 (A local code execution vulnerability exists in the Rockwell Automation ...)
+ TODO: check
+CVE-2025-3064 (The WPFront User Role Editor plugin for WordPress is vulnerable to Cro ...)
+ TODO: check
+CVE-2025-32406 (An XXE issue in the Director NBR component in NAKIVO Backup & Replicat ...)
+ TODO: check
+CVE-2025-32279 (Missing Authorization vulnerability in Shahjada Live Forms. This issue ...)
+ TODO: check
+CVE-2025-32211 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-32164 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
+ TODO: check
+CVE-2025-32117 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-32036 (DNN (formerly DotNetNuke) is an open-source web content management pla ...)
+ TODO: check
+CVE-2025-32035 (DNN (formerly DotNetNuke) is an open-source web content management pla ...)
+ TODO: check
+CVE-2025-32028 (HAX CMS PHP allows you to manage your microsite universe with PHP back ...)
+ TODO: check
+CVE-2025-32026 (Element Web is a Matrix web client built using the Matrix React SDK. E ...)
+ TODO: check
+CVE-2025-32025 (bep/imagemeta is a Go library for reading EXIF, IPTC and XMP image met ...)
+ TODO: check
+CVE-2025-32024 (bep/imagemeta is a Go library for reading EXIF, IPTC and XMP image met ...)
+ TODO: check
+CVE-2025-32020 (The crud-query-parser library parses query parameters from HTTP reques ...)
+ TODO: check
+CVE-2025-32018 (Cursor is a code editor built for programming with AI. In versions 0.4 ...)
+ TODO: check
+CVE-2025-32017 (Umbraco is a free and open source .NET content management system. Auth ...)
+ TODO: check
+CVE-2025-30671 (Null pointer dereference in some Zoom Workplace Apps for Windows may a ...)
+ TODO: check
+CVE-2025-30670 (Null pointer dereference in some Zoom Workplace Apps for Windows may a ...)
+ TODO: check
+CVE-2025-30309 (XMP Toolkit versions 2023.12 and earlier are affected by an out-of-bou ...)
+ TODO: check
+CVE-2025-30308 (XMP Toolkit versions 2023.12 and earlier are affected by an out-of-bou ...)
+ TODO: check
+CVE-2025-30307 (XMP Toolkit versions 2023.12 and earlier are affected by an out-of-bou ...)
+ TODO: check
+CVE-2025-30306 (XMP Toolkit versions 2023.12 and earlier are affected by an out-of-bou ...)
+ TODO: check
+CVE-2025-30305 (XMP Toolkit versions 2023.12 and earlier are affected by an out-of-bou ...)
+ TODO: check
+CVE-2025-30304 (Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a ...)
+ TODO: check
+CVE-2025-30303 (Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a ...)
+ TODO: check
+CVE-2025-30302 (Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a ...)
+ TODO: check
+CVE-2025-30301 (Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a ...)
+ TODO: check
+CVE-2025-30300 (Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a ...)
+ TODO: check
+CVE-2025-30299 (Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a ...)
+ TODO: check
+CVE-2025-30298 (Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a ...)
+ TODO: check
+CVE-2025-30297 (Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a ...)
+ TODO: check
+CVE-2025-30296 (Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a ...)
+ TODO: check
+CVE-2025-30295 (Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a ...)
+ TODO: check
+CVE-2025-30291 (ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected ...)
+ TODO: check
+CVE-2025-30286 (ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected ...)
+ TODO: check
+CVE-2025-30285 (ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected ...)
+ TODO: check
+CVE-2025-30280 (A vulnerability has been identified in Mendix Runtime V10 (All version ...)
+ TODO: check
+CVE-2025-30166 (Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. An H ...)
+ TODO: check
+CVE-2025-30151 (Shopware is an open commerce platform. It's possible to pass long pass ...)
+ TODO: check
+CVE-2025-30150 (Shopware 6 is an open commerce platform based on Symfony Framework and ...)
+ TODO: check
+CVE-2025-30000 (A vulnerability has been identified in Siemens License Server (SLS) (A ...)
+ TODO: check
+CVE-2025-2883 (The Accept SagePay Payments Using Contact Form 7 plugin for WordPress ...)
+ TODO: check
+CVE-2025-2876 (The MelaPress Login Security and MelaPress Login Security Premium plug ...)
+ TODO: check
+CVE-2025-2829 (A local code execution vulnerability exists in the Rockwell Automation ...)
+ TODO: check
+CVE-2025-2808 (The Motors \u2013 Car Dealership & Classified Listings Plugin plugin f ...)
+ TODO: check
+CVE-2025-2807 (The Motors \u2013 Car Dealership & Classified Listings Plugin plugin f ...)
+ TODO: check
+CVE-2025-2568 (The Vayu Blocks \u2013 Gutenberg Blocks for WordPress & WooCommerce pl ...)
+ TODO: check
+CVE-2025-2293 (A local code execution vulnerability exists in the Rockwell Automation ...)
+ TODO: check
+CVE-2025-2288 (A local code execution vulnerability exists in the Rockwell Automation ...)
+ TODO: check
+CVE-2025-2287 (A local code execution vulnerability exists in the Rockwell Automation ...)
+ TODO: check
+CVE-2025-2286 (A local code execution vulnerability exists in the Rockwell Automation ...)
+ TODO: check
+CVE-2025-2285 (A local code execution vulnerability exists in the Rockwell Automation ...)
+ TODO: check
+CVE-2025-29999 (A vulnerability has been identified in Siemens License Server (SLS) (A ...)
+ TODO: check
+CVE-2025-29986 (Dell Common Event Enabler, version(s) CEE 9.0.0.0, contain(s) an Impro ...)
+ TODO: check
+CVE-2025-29985 (Dell Common Event Enabler, version(s) CEE 9.0.0.0, contain(s) an Initi ...)
+ TODO: check
+CVE-2025-29824 (Use after free in Windows Common Log File System Driver allows an auth ...)
+ TODO: check
+CVE-2025-29823 (Use after free in Microsoft Office Excel allows an unauthorized attack ...)
+ TODO: check
+CVE-2025-29822 (Incomplete list of disallowed inputs in Microsoft Office OneNote allow ...)
+ TODO: check
+CVE-2025-29821 (Improper input validation in Dynamics Business Central allows an autho ...)
+ TODO: check
+CVE-2025-29820 (Use after free in Microsoft Office Word allows an unauthorized attacke ...)
+ TODO: check
+CVE-2025-29819 (External control of file name or path in Azure Portal Windows Admin Ce ...)
+ TODO: check
+CVE-2025-29816 (Improper input validation in Microsoft Office Word allows an unauthori ...)
+ TODO: check
+CVE-2025-29812 (Untrusted pointer dereference in Windows Kernel Memory allows an autho ...)
+ TODO: check
+CVE-2025-29811 (Improper input validation in Windows Mobile Broadband allows an author ...)
+ TODO: check
+CVE-2025-29810 (Improper access control in Active Directory Domain Services allows an ...)
+ TODO: check
+CVE-2025-29809 (Insecure storage of sensitive information in Windows Kerberos allows a ...)
+ TODO: check
+CVE-2025-29808 (Use of a cryptographic primitive with a risky implementation in Window ...)
+ TODO: check
+CVE-2025-29805 (Exposure of sensitive information to an unauthorized actor in Outlook ...)
+ TODO: check
+CVE-2025-29804 (Improper access control in Visual Studio allows an authorized attacker ...)
+ TODO: check
+CVE-2025-29802 (Improper access control in Visual Studio allows an authorized attacker ...)
+ TODO: check
+CVE-2025-29801 (Incorrect default permissions in Microsoft AutoUpdate (MAU) allows an ...)
+ TODO: check
+CVE-2025-29800 (Improper privilege management in Microsoft AutoUpdate (MAU) allows an ...)
+ TODO: check
+CVE-2025-29794 (Improper authorization in Microsoft Office SharePoint allows an author ...)
+ TODO: check
+CVE-2025-29793 (Deserialization of untrusted data in Microsoft Office SharePoint allow ...)
+ TODO: check
+CVE-2025-29792 (Use after free in Microsoft Office allows an authorized attacker to el ...)
+ TODO: check
+CVE-2025-29791 (Access of resource using incompatible type ('type confusion') in Micro ...)
+ TODO: check
+CVE-2025-27752 (Heap-based buffer overflow in Microsoft Office Excel allows an unautho ...)
+ TODO: check
+CVE-2025-27751 (Use after free in Microsoft Office Excel allows an unauthorized attack ...)
+ TODO: check
+CVE-2025-27750 (Use after free in Microsoft Office Excel allows an unauthorized attack ...)
+ TODO: check
+CVE-2025-27749 (Use after free in Microsoft Office allows an unauthorized attacker to ...)
+ TODO: check
+CVE-2025-27748 (Use after free in Microsoft Office allows an unauthorized attacker to ...)
+ TODO: check
+CVE-2025-27747 (Use after free in Microsoft Office Word allows an unauthorized attacke ...)
+ TODO: check
+CVE-2025-27746 (Use after free in Microsoft Office allows an unauthorized attacker to ...)
+ TODO: check
+CVE-2025-27745 (Use after free in Microsoft Office allows an unauthorized attacker to ...)
+ TODO: check
+CVE-2025-27744 (Improper access control in Microsoft Office allows an authorized attac ...)
+ TODO: check
+CVE-2025-27743 (Untrusted search path in System Center allows an authorized attacker t ...)
+ TODO: check
+CVE-2025-27742 (Out-of-bounds read in Windows NTFS allows an unauthorized attacker to ...)
+ TODO: check
+CVE-2025-27741 (Out-of-bounds read in Windows NTFS allows an unauthorized attacker to ...)
+ TODO: check
+CVE-2025-27740 (Weak authentication in Windows Active Directory Certificate Services a ...)
+ TODO: check
+CVE-2025-27739 (Untrusted pointer dereference in Windows Kernel allows an authorized a ...)
+ TODO: check
+CVE-2025-27738 (Improper access control in Windows Resilient File System (ReFS) allows ...)
+ TODO: check
+CVE-2025-27737 (Improper input validation in Windows Security Zone Mapping allows an u ...)
+ TODO: check
+CVE-2025-27736 (Exposure of sensitive information to an unauthorized actor in Windows ...)
+ TODO: check
+CVE-2025-27735 (Insufficient verification of data authenticity in Windows Virtualizati ...)
+ TODO: check
+CVE-2025-27733 (Out-of-bounds read in Windows NTFS allows an unauthorized attacker to ...)
+ TODO: check
+CVE-2025-27732 (Sensitive data storage in improperly locked memory in Windows Win32K - ...)
+ TODO: check
+CVE-2025-27731 (Improper input validation in OpenSSH for Windows allows an authorized ...)
+ TODO: check
+CVE-2025-27730 (Use after free in Windows Digital Media allows an authorized attacker ...)
+ TODO: check
+CVE-2025-27729 (Use after free in Windows Shell allows an unauthorized attacker to exe ...)
+ TODO: check
+CVE-2025-27728 (Out-of-bounds read in Windows Kernel-Mode Drivers allows an authorized ...)
+ TODO: check
+CVE-2025-27727 (Improper link resolution before file access ('link following') in Wind ...)
+ TODO: check
+CVE-2025-27492 (Concurrent execution using shared resource with improper synchronizati ...)
+ TODO: check
+CVE-2025-27491 (Use after free in Windows Hyper-V allows an authorized attacker to exe ...)
+ TODO: check
+CVE-2025-27490 (Heap-based buffer overflow in Windows Bluetooth Service allows an auth ...)
+ TODO: check
+CVE-2025-27489 (Improper input validation in Azure Local allows an authorized attacker ...)
+ TODO: check
+CVE-2025-27487 (Heap-based buffer overflow in Remote Desktop Client allows an authoriz ...)
+ TODO: check
+CVE-2025-27486 (Uncontrolled resource consumption in Windows Standards-Based Storage M ...)
+ TODO: check
+CVE-2025-27485 (Uncontrolled resource consumption in Windows Standards-Based Storage M ...)
+ TODO: check
+CVE-2025-27484 (Sensitive data storage in improperly locked memory in Windows Universa ...)
+ TODO: check
+CVE-2025-27483 (Out-of-bounds read in Windows NTFS allows an unauthorized attacker to ...)
+ TODO: check
+CVE-2025-27482 (Sensitive data storage in improperly locked memory in Remote Desktop G ...)
+ TODO: check
+CVE-2025-27481 (Stack-based buffer overflow in Windows Telephony Service allows an una ...)
+ TODO: check
+CVE-2025-27480 (Use after free in Remote Desktop Gateway Service allows an unauthorize ...)
+ TODO: check
+CVE-2025-27479 (Insufficient resource pool in Windows Kerberos allows an unauthorized ...)
+ TODO: check
+CVE-2025-27478 (Heap-based buffer overflow in Windows Local Security Authority (LSA) a ...)
+ TODO: check
+CVE-2025-27477 (Heap-based buffer overflow in Windows Telephony Service allows an unau ...)
+ TODO: check
+CVE-2025-27476 (Use after free in Windows Digital Media allows an authorized attacker ...)
+ TODO: check
+CVE-2025-27475 (Sensitive data storage in improperly locked memory in Windows Update S ...)
+ TODO: check
+CVE-2025-27474 (Use of uninitialized resource in Windows Routing and Remote Access Ser ...)
+ TODO: check
+CVE-2025-27473 (Uncontrolled resource consumption in Windows HTTP.sys allows an unauth ...)
+ TODO: check
+CVE-2025-27472 (Protection mechanism failure in Windows Mark of the Web (MOTW) allows ...)
+ TODO: check
+CVE-2025-27471 (Sensitive data storage in improperly locked memory in Microsoft Stream ...)
+ TODO: check
+CVE-2025-27470 (Uncontrolled resource consumption in Windows Standards-Based Storage M ...)
+ TODO: check
+CVE-2025-27469 (Uncontrolled resource consumption in Windows LDAP - Lightweight Direct ...)
+ TODO: check
+CVE-2025-27467 (Use after free in Windows Digital Media allows an authorized attacker ...)
+ TODO: check
+CVE-2025-27443 (Insecure default variable initialization in some Zoom Workplace Apps f ...)
+ TODO: check
+CVE-2025-27442 (Cross site scripting in some Zoom Workplace Apps may allow an unauthen ...)
+ TODO: check
+CVE-2025-27441 (Cross site scripting in some Zoom Workplace Apps may allow an unauthen ...)
+ TODO: check
+CVE-2025-27205 (Adobe Experience Manager Screens versions FP11.3 and earlier are affec ...)
+ TODO: check
+CVE-2025-27204 (After Effects versions 25.1, 24.6.4 and earlier are affected by an out ...)
+ TODO: check
+CVE-2025-27202 (Animate versions 24.0.7, 23.0.10 and earlier are affected by an out-of ...)
+ TODO: check
+CVE-2025-27201 (Animate versions 24.0.7, 23.0.10 and earlier are affected by an out-of ...)
+ TODO: check
+CVE-2025-27200 (Animate versions 24.0.7, 23.0.10 and earlier are affected by a Use Aft ...)
+ TODO: check
+CVE-2025-27199 (Animate versions 24.0.7, 23.0.10 and earlier are affected by a Heap-ba ...)
+ TODO: check
+CVE-2025-27198 (Photoshop Desktop versions 25.12.1, 26.4.1 and earlier are affected by ...)
+ TODO: check
+CVE-2025-27196 (Premiere Pro versions 25.1, 24.6.4 and earlier are affected by a Heap- ...)
+ TODO: check
+CVE-2025-27195 (Media Encoder versions 25.1, 24.6.4 and earlier are affected by a Heap ...)
+ TODO: check
+CVE-2025-27194 (Media Encoder versions 25.1, 24.6.4 and earlier are affected by an out ...)
+ TODO: check
+CVE-2025-27193 (Bridge versions 14.1.5, 15.0.2 and earlier are affected by a Heap-base ...)
+ TODO: check
+CVE-2025-27187 (After Effects versions 25.1, 24.6.4 and earlier are affected by an out ...)
+ TODO: check
+CVE-2025-27186 (After Effects versions 25.1, 24.6.4 and earlier are affected by an out ...)
+ TODO: check
+CVE-2025-27185 (After Effects versions 25.1, 24.6.4 and earlier are affected by a NULL ...)
+ TODO: check
+CVE-2025-27184 (After Effects versions 25.1, 24.6.4 and earlier are affected by an out ...)
+ TODO: check
+CVE-2025-27183 (After Effects versions 25.1, 24.6.4 and earlier are affected by an out ...)
+ TODO: check
+CVE-2025-27182 (After Effects versions 25.1, 24.6.4 and earlier are affected by an out ...)
+ TODO: check
+CVE-2025-27085 (Multiple vulnerabilities exist in the web-based management interface o ...)
+ TODO: check
+CVE-2025-27084 (A vulnerability in the Captive Portal of an AOS-10 GW and AOS-8 Contro ...)
+ TODO: check
+CVE-2025-27083 (Authenticated command injection vulnerabilities exist in the AOS-10 GW ...)
+ TODO: check
+CVE-2025-27082 (Arbitrary File Write vulnerabilities exist in the web-based management ...)
+ TODO: check
+CVE-2025-27079 (A vulnerability in the file creation process on the command line inter ...)
+ TODO: check
+CVE-2025-27078 (A vulnerability in a system binary of AOS-8 Instant and AOS-10 AP coul ...)
+ TODO: check
+CVE-2025-26688 (Stack-based buffer overflow in Microsoft Virtual Hard Drive allows an ...)
+ TODO: check
+CVE-2025-26687 (Use after free in Windows Win32K - GRFX allows an unauthorized attacke ...)
+ TODO: check
+CVE-2025-26686 (Sensitive data storage in improperly locked memory in Windows TCP/IP a ...)
+ TODO: check
+CVE-2025-26682 (Allocation of resources without limits or throttling in ASP.NET Core a ...)
+ TODO: check
+CVE-2025-26681 (Use after free in Windows Win32K - GRFX allows an authorized attacker ...)
+ TODO: check
+CVE-2025-26680 (Uncontrolled resource consumption in Windows Standards-Based Storage M ...)
+ TODO: check
+CVE-2025-26679 (Use after free in RPC Endpoint Mapper Service allows an authorized att ...)
+ TODO: check
+CVE-2025-26678 (Improper access control in Windows Defender Application Control (WDAC) ...)
+ TODO: check
+CVE-2025-26676 (Buffer over-read in Windows Routing and Remote Access Service (RRAS) a ...)
+ TODO: check
+CVE-2025-26675 (Out-of-bounds read in Windows Subsystem for Linux allows an authorized ...)
+ TODO: check
+CVE-2025-26674 (Heap-based buffer overflow in Windows Media allows an authorized attac ...)
+ TODO: check
+CVE-2025-26673 (Uncontrolled resource consumption in Windows LDAP - Lightweight Direct ...)
+ TODO: check
+CVE-2025-26672 (Buffer over-read in Windows Routing and Remote Access Service (RRAS) a ...)
+ TODO: check
+CVE-2025-26671 (Use after free in Windows Remote Desktop Services allows an unauthoriz ...)
+ TODO: check
+CVE-2025-26670 (Use after free in Windows LDAP - Lightweight Directory Access Protocol ...)
+ TODO: check
+CVE-2025-26669 (Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) ...)
+ TODO: check
+CVE-2025-26668 (Heap-based buffer overflow in Windows Routing and Remote Access Servic ...)
+ TODO: check
+CVE-2025-26667 (Exposure of sensitive information to an unauthorized actor in Windows ...)
+ TODO: check
+CVE-2025-26666 (Heap-based buffer overflow in Windows Media allows an authorized attac ...)
+ TODO: check
+CVE-2025-26665 (Sensitive data storage in improperly locked memory in Windows upnphost ...)
+ TODO: check
+CVE-2025-26664 (Buffer over-read in Windows Routing and Remote Access Service (RRAS) a ...)
+ TODO: check
+CVE-2025-26663 (Use after free in Windows LDAP - Lightweight Directory Access Protocol ...)
+ TODO: check
+CVE-2025-26652 (Uncontrolled resource consumption in Windows Standards-Based Storage M ...)
+ TODO: check
+CVE-2025-26651 (Exposed dangerous method or function in Windows Local Session Manager ...)
+ TODO: check
+CVE-2025-26649 (Concurrent execution using shared resource with improper synchronizati ...)
+ TODO: check
+CVE-2025-26648 (Sensitive data storage in improperly locked memory in Windows Kernel a ...)
+ TODO: check
+CVE-2025-26647 (Improper input validation in Windows Kerberos allows an unauthorized a ...)
+ TODO: check
+CVE-2025-26644 (Automated recognition mechanism with inadequate detection or handling ...)
+ TODO: check
+CVE-2025-26642 (Out-of-bounds read in Microsoft Office allows an unauthorized attacker ...)
+ TODO: check
+CVE-2025-26641 (Uncontrolled resource consumption in Windows Cryptographic Services al ...)
+ TODO: check
+CVE-2025-26640 (Use after free in Windows Digital Media allows an authorized attacker ...)
+ TODO: check
+CVE-2025-26639 (Integer overflow or wraparound in Windows USB Print Driver allows an a ...)
+ TODO: check
+CVE-2025-26637 (Protection mechanism failure in Windows BitLocker allows an unauthoriz ...)
+ TODO: check
+CVE-2025-26635 (Weak authentication in Windows Hello allows an authorized attacker to ...)
+ TODO: check
+CVE-2025-26628 (Insufficiently protected credentials in Azure Local Cluster allows an ...)
+ TODO: check
+CVE-2025-25254 (An Improper Limitation of a Pathname to a Restricted Directory ('Path ...)
+ TODO: check
+CVE-2025-25227 (Insufficient state checks lead to a vector that allows to bypass 2FA c ...)
+ TODO: check
+CVE-2025-25226 (Improper handling of identifiers lead to a SQL injection vulnerability ...)
+ TODO: check
+CVE-2025-25002 (Insertion of sensitive information into log file in Azure Local Cluste ...)
+ TODO: check
+CVE-2025-24074 (Improper input validation in Windows DWM Core Library allows an author ...)
+ TODO: check
+CVE-2025-24073 (Improper input validation in Windows DWM Core Library allows an author ...)
+ TODO: check
+CVE-2025-24062 (Improper input validation in Windows DWM Core Library allows an author ...)
+ TODO: check
+CVE-2025-24060 (Improper input validation in Windows DWM Core Library allows an author ...)
+ TODO: check
+CVE-2025-24058 (Improper input validation in Windows DWM Core Library allows an author ...)
+ TODO: check
+CVE-2025-22855 (An improper neutralization of input during web page generation ('Cross ...)
+ TODO: check
+CVE-2025-22466 (Reflected XSS in Ivanti Endpoint Manager before version 2024 SU1 or be ...)
+ TODO: check
+CVE-2025-22465 (Reflected XSS in Ivanti Endpoint Manager before version 2024 SU1 or be ...)
+ TODO: check
+CVE-2025-22464 (An untrusted pointer dereference vulnerability in Ivanti Endpoint Mana ...)
+ TODO: check
+CVE-2025-22461 (SQL injection in Ivanti Endpoint Manager before version 2024 SU1 or be ...)
+ TODO: check
+CVE-2025-22459 (Improper certificate validation in Ivanti Endpoint Manager before vers ...)
+ TODO: check
+CVE-2025-22458 (DLL hijacking in Ivanti Endpoint Manager before version 2024 SU1 or be ...)
+ TODO: check
+CVE-2025-21222 (Heap-based buffer overflow in Windows Telephony Service allows an unau ...)
+ TODO: check
+CVE-2025-21221 (Heap-based buffer overflow in Windows Telephony Service allows an unau ...)
+ TODO: check
+CVE-2025-21205 (Heap-based buffer overflow in Windows Telephony Service allows an unau ...)
+ TODO: check
+CVE-2025-21204 (Improper link resolution before file access ('link following') in Wind ...)
+ TODO: check
+CVE-2025-21203 (Buffer over-read in Windows Routing and Remote Access Service (RRAS) a ...)
+ TODO: check
+CVE-2025-21197 (Improper access control in Windows NTFS allows an authorized attacker ...)
+ TODO: check
+CVE-2025-21191 (Time-of-check time-of-use (toctou) race condition in Windows Local Sec ...)
+ TODO: check
+CVE-2025-21174 (Uncontrolled resource consumption in Windows Standards-Based Storage M ...)
+ TODO: check
+CVE-2025-1095 (IBM Personal Communications v14 and v15 include a Windows service that ...)
+ TODO: check
+CVE-2024-54092 (A vulnerability has been identified in Industrial Edge Device Kit - ar ...)
+ TODO: check
+CVE-2024-54025 (An improper neutralization of special elements used in an OS command ( ...)
+ TODO: check
+CVE-2024-54024 (An improper neutralization of special elements used in an OS command ( ...)
+ TODO: check
+CVE-2024-52981 (An issue was discovered in Elasticsearch, where a large recursion usin ...)
+ TODO: check
+CVE-2024-52980 (A flaw was discovered in Elasticsearch, where a large recursion using ...)
+ TODO: check
+CVE-2024-52974 (An issue has been identified where a specially crafted request sent to ...)
+ TODO: check
+CVE-2024-52962 (AnImproper Output Neutralization for Logs vulnerability [CWE-117] in F ...)
+ TODO: check
+CVE-2024-50565 (A improper restriction of communication channel to intended endpoints ...)
+ TODO: check
+CVE-2024-48887 (A unverified password change vulnerability in Fortinet FortiSwitch GU ...)
+ TODO: check
+CVE-2024-46671 (An Incorrect User Management vulnerability [CWE-286] in FortiWeb versi ...)
+ TODO: check
+CVE-2024-41796 (A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manage ...)
+ TODO: check
+CVE-2024-41795 (A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manage ...)
+ TODO: check
+CVE-2024-41794 (A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manage ...)
+ TODO: check
+CVE-2024-41793 (A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manage ...)
+ TODO: check
+CVE-2024-41792 (A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manage ...)
+ TODO: check
+CVE-2024-41791 (A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manage ...)
+ TODO: check
+CVE-2024-41790 (A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manage ...)
+ TODO: check
+CVE-2024-41789 (A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manage ...)
+ TODO: check
+CVE-2024-41788 (A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manage ...)
+ TODO: check
+CVE-2024-32122 (A storing passwords in a recoverable format in Fortinet FortiOS versio ...)
+ TODO: check
+CVE-2024-26013 (A improper restriction of communication channel to intended endpoints ...)
+ TODO: check
+CVE-2023-37930 (Multiple issues including the use of uninitialized ressources [CWE-908 ...)
+ TODO: check
CVE-2025-XXXX [Heap-buffer-overflow in ImportViewPixelArea()]
- graphicsmagick 1.4+really1.3.45+hg17696-1
NOTE: https://foss.heptapod.net/graphicsmagick/graphicsmagick/-/commit/8e56520435df50f618a03f2721a39a70a515f1cb
@@ -9,48 +493,48 @@ CVE-2025-31344
- giflib <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2025/04/07/3
NOTE: https://sourceforge.net/p/giflib/bugs/176/
-CVE-2025-22017 [devlink: fix xa_alloc_cyclic() error handling]
+CVE-2025-22017 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.12.21-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/f3b97b7d4bf316c3991e5634c9f4847c2df35478 (6.14)
-CVE-2025-22016 [dpll: fix xa_alloc_cyclic() error handling]
+CVE-2025-22016 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.12.21-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/3614bf90130d60f191a5fe218d04f6251c678e13 (6.14)
-CVE-2025-22015 [mm/migrate: fix shmem xarray update during migration]
+CVE-2025-22015 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.12.21-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/60cf233b585cdf1f3c5e52d1225606b86acd08b0 (6.14)
-CVE-2025-22014 [soc: qcom: pdr: Fix the potential deadlock]
+CVE-2025-22014 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.12.21-1
NOTE: https://git.kernel.org/linus/2eeb03ad9f42dfece63051be2400af487ddb96d2 (6.14)
-CVE-2025-22013 [KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state]
+CVE-2025-22013 (In the Linux kernel, the following vulnerability has been resolved: K ...)
- linux 6.12.21-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/fbc7e61195e23f744814e78524b73b59faa54ab4 (6.14-rc3)
-CVE-2025-22012 [Revert "arm64: dts: qcom: sdm845: Affirm IDR0.CCTW on apps_smmu"]
+CVE-2025-22012 (In the Linux kernel, the following vulnerability has been resolved: R ...)
- linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/f00db31d235946853fb430de8c6aa1295efc8353 (6.14)
-CVE-2025-22011 [ARM: dts: bcm2711: Fix xHCI power-domain]
+CVE-2025-22011 (In the Linux kernel, the following vulnerability has been resolved: A ...)
- linux 6.12.21-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/f44fa354a0715577ca32b085f6f60bcf32c748dd (6.14)
-CVE-2025-22010 [RDMA/hns: Fix soft lockup during bt pages loop]
+CVE-2025-22010 (In the Linux kernel, the following vulnerability has been resolved: R ...)
- linux 6.12.21-1
NOTE: https://git.kernel.org/linus/25655580136de59ec89f09089dd28008ea440fc9 (6.14)
-CVE-2025-22009 [regulator: dummy: force synchronous probing]
+CVE-2025-22009 (In the Linux kernel, the following vulnerability has been resolved: r ...)
- linux 6.12.21-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/8619909b38eeebd3e60910158d7d68441fc954e9 (6.14)
-CVE-2025-22008 [regulator: check that dummy regulator has been probed before using it]
+CVE-2025-22008 (In the Linux kernel, the following vulnerability has been resolved: r ...)
- linux 6.12.21-1
NOTE: https://git.kernel.org/linus/2c7a50bec4958f1d1c84d19cde518d0e96a676fd (6.14)
-CVE-2025-31498 [use-after-free]
+CVE-2025-31498 (c-ares is an asynchronous resolver library. From 1.32.3 through 1.34.4 ...)
- c-ares 1.34.5-1
[bookworm] - c-ares <not-affected> (Vulnerable code not present)
[bullseye] - c-ares <not-affected> (Vulnerable code not present)
@@ -454,7 +938,7 @@ CVE-2025-30195 (An attacker can publish a zone containing specific Resource Reco
NOTE: https://www.openwall.com/lists/oss-security/2025/04/07/1
NOTE: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2025-01.html
CVE-2025-31510 [XSS/HTML Injection through tab parameter when using "Choice" authentication module]
- {DLA-4119-1}
+ {DSA-5897-1 DLA-4119-1}
- lemonldap-ng 2.21.0+ds-1
NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3341
NOTE: Fixed by: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/a790b15e94f1435d9dfe1fe30750f35d54ed072a (v2.16.5)
@@ -2015,7 +2499,7 @@ CVE-2025-3067 (Inappropriate implementation in Custom Tabs in Google Chrome on A
{DSA-5890-1}
- chromium 135.0.7049.52-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-3066 (Use after free in Navigations in Google Chrome prior to 135.0.7049.52 ...)
+CVE-2025-3066 (Use after free in Site Isolation in Google Chrome prior to 135.0.7049. ...)
{DSA-5890-1}
- chromium 135.0.7049.52-1
[bullseye] - chromium <end-of-life> (see #1061268)
@@ -20337,7 +20821,7 @@ CVE-2024-27781 (An improper neutralization of input during web page generation (
NOT-FOR-US: FortiGuard
CVE-2024-27780 (MultipleImproper Neutralization of Input During Web Page Generation (' ...)
NOT-FOR-US: FortiGuard
-CVE-2024-23814 (A vulnerability has been identified in SCALANCE WAB762-1 (6GK5762-1AJ0 ...)
+CVE-2024-23814 (The integrated ICMP service of the network stack of affected devices c ...)
NOT-FOR-US: Siemens
CVE-2024-21966 (A DLL hijacking vulnerability in the AMD Ryzen\u2122 Master Utility c ...)
NOT-FOR-US: AMD
@@ -24958,11 +25442,13 @@ CVE-2025-0314 (An issue has been discovered in GitLab CE/EE affecting all versio
CVE-2024-53299 (The request handling in the core in Apache Wicket 7.0.0 on any platfor ...)
NOT-FOR-US: Apache Wicket
CVE-2025-24530 (An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnera ...)
+ {DLA-4121-1}
- phpmyadmin 4:5.2.2-really5.2.2+20250121+dfsg-1
[bookworm] - phpmyadmin <no-dsa> (Minor issue)
NOTE: https://www.phpmyadmin.net/security/PMASA-2025-1/
NOTE: Fixed by: https://github.com/phpmyadmin/phpmyadmin/commit/23c13a81709728089ff031e5b1c29b5e91baa6a7 (RELEASE_5_2_2)
CVE-2025-24529 (An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnera ...)
+ {DLA-4121-1}
- phpmyadmin 4:5.2.2-really5.2.2+20250121+dfsg-1
[bookworm] - phpmyadmin <no-dsa> (Minor issue)
NOTE: https://www.phpmyadmin.net/security/PMASA-2025-2/
@@ -38347,7 +38833,7 @@ CVE-2024-54094 (A vulnerability has been identified in Solid Edge SE2024 (All ve
NOT-FOR-US: Siemens
CVE-2024-54093 (A vulnerability has been identified in Solid Edge SE2024 (All versions ...)
NOT-FOR-US: Siemens
-CVE-2024-54091 (A vulnerability has been identified in Parasolid V36.1 (All versions < ...)
+CVE-2024-54091 (A vulnerability has been identified in Solid Edge SE2024 (All versions ...)
NOT-FOR-US: Siemens
CVE-2024-54008 (An authenticated Remote Code Execution (RCE) vulnerability exists in t ...)
NOT-FOR-US: HPE
@@ -186091,6 +186577,7 @@ CVE-2023-0807
CVE-2023-0806
RESERVED
CVE-2023-25727 (In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated use ...)
+ {DLA-4121-1}
- phpmyadmin 4:5.2.1+dfsg-1
NOTE: https://www.phpmyadmin.net/security/PMASA-2023-1/
CVE-2023-25726
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/384c70a6ebc68f4bc73a5044236d1421bd1ffd7e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/384c70a6ebc68f4bc73a5044236d1421bd1ffd7e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250408/4331cb3e/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list