[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Apr 14 21:12:13 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8eb29a43 by security tracker role at 2025-04-14T20:11:58+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,105 @@
+CVE-2025-3587 (A vulnerability classified as critical was found in ZeroWdd/code-proje ...)
+ TODO: check
+CVE-2025-3585 (A vulnerability classified as critical has been found in westboy Cicad ...)
+ TODO: check
+CVE-2025-3571 (A vulnerability was found in Fannuo Enterprise Content Management Syst ...)
+ TODO: check
+CVE-2025-3570 (A vulnerability was found in JamesZBL/code-projects db-hospital-drug 1 ...)
+ TODO: check
+CVE-2025-3569 (A vulnerability was found in JamesZBL/code-projects db-hospital-drug 1 ...)
+ TODO: check
+CVE-2025-3568 (A vulnerability has been found in Webkul Krayin CRM up to 2.1.0 and cl ...)
+ TODO: check
+CVE-2025-3567 (A vulnerability, which was classified as problematic, was found in vea ...)
+ TODO: check
+CVE-2025-3566 (A vulnerability, which was classified as critical, has been found in v ...)
+ TODO: check
+CVE-2025-3565 (A vulnerability classified as critical was found in huanfenz/code-proj ...)
+ TODO: check
+CVE-2025-3564 (A vulnerability classified as problematic has been found in huanfenz/c ...)
+ TODO: check
+CVE-2025-3563 (A vulnerability was found in WuzhiCMS 4.1. It has been rated as critic ...)
+ TODO: check
+CVE-2025-3562 (A vulnerability was found in Yonyou YonBIP MA2.7. It has been declared ...)
+ TODO: check
+CVE-2025-3561 (A vulnerability was found in ghostxbh uzy-ssm-mall 1.0.0. It has been ...)
+ TODO: check
+CVE-2025-3560 (A vulnerability was found in ghostxbh uzy-ssm-mall 1.0.0 and classifie ...)
+ TODO: check
+CVE-2025-3559 (A vulnerability has been found in ghostxbh uzy-ssm-mall 1.0.0 and clas ...)
+ TODO: check
+CVE-2025-3558 (A vulnerability, which was classified as critical, was found in ghostx ...)
+ TODO: check
+CVE-2025-3557 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2025-3277 (An integer overflow can be triggered in SQLite\u2019s `concat_ws()` fu ...)
+ TODO: check
+CVE-2025-32931 (DevDojo Voyager 1.4.0 through 1.8.0, when Laravel 8 or later is used, ...)
+ TODO: check
+CVE-2025-32930
+ REJECTED
+CVE-2025-32914 (A flaw was found in libsoup, where the soup_multipart_new_from_message ...)
+ TODO: check
+CVE-2025-32913 (A flaw was found in libsoup, where the soup_message_headers_get_conten ...)
+ TODO: check
+CVE-2025-32912 (A flaw was found in libsoup, where SoupAuthDigest is vulnerable to a N ...)
+ TODO: check
+CVE-2025-32910 (A flaw was found in libsoup, where soup_auth_digest_authenticate() is ...)
+ TODO: check
+CVE-2025-32909 (A flaw was found in libsoup. SoupContentSniffer may be vulnerable to a ...)
+ TODO: check
+CVE-2025-32908 (A flaw was found in libsoup. The HTTP/2 server in libsoup may not full ...)
+ TODO: check
+CVE-2025-32907 (A flaw was found in libsoup. The implementation of HTTP range requests ...)
+ TODO: check
+CVE-2025-32906 (A flaw was found in libsoup, where the soup_headers_parse_request() fu ...)
+ TODO: check
+CVE-2025-2572 (In WhatsUp Gold versions released before 2024.0.3, a database manipu ...)
+ TODO: check
+CVE-2025-2475 (Mattermost versions 10.5.x <= 10.5.1, 10.4.x <= 10.4.3, 9.11.x <= 9.11 ...)
+ TODO: check
+CVE-2025-2424 (Mattermost versions 10.5.x <= 10.5.1, 9.11.x <= 9.11.9 fail to check i ...)
+ TODO: check
+CVE-2025-2161 (Pega Platform versions 7.2.1 to Infinity 24.2.1 are affected by an XSS ...)
+ TODO: check
+CVE-2025-2160 (Pega Platform versions 8.4.3 to Infinity 24.2.1 are affected by an XSS ...)
+ TODO: check
+CVE-2025-29720 (Dify v1.0 was discovered to contain a Server-Side Request Forgery (SSR ...)
+ TODO: check
+CVE-2025-27009 (Cross-Site Request Forgery (CSRF) vulnerability in wphocus My auctions ...)
+ TODO: check
+CVE-2025-22373 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2025-22372 (Insufficiently Protected Credentials vulnerability in SicommNet BASEC ...)
+ TODO: check
+CVE-2025-22371 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-1782 (In HylaFAX Enterprise Web Interface and AvantFAX, the language form el ...)
+ TODO: check
+CVE-2024-49825 (IBM Robotic Process Automation and Robotic Process Automation for Clou ...)
+ TODO: check
+CVE-2024-49709 (Internet Starter, one of SoftCOM iKSORIS system modules,allows for set ...)
+ TODO: check
+CVE-2024-49708 (Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable ...)
+ TODO: check
+CVE-2024-49707 (Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable ...)
+ TODO: check
+CVE-2024-49706 (Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable ...)
+ TODO: check
+CVE-2024-49705 (Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable ...)
+ TODO: check
+CVE-2024-13598 (Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerabl ...)
+ TODO: check
+CVE-2024-13597 (Internet Starter, one of SoftCOMiKSORIS system modules,is vulnerable t ...)
+ TODO: check
+CVE-2024-10090 (Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable ...)
+ TODO: check
+CVE-2024-10089 (Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable ...)
+ TODO: check
+CVE-2024-10088 (Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable ...)
+ TODO: check
+CVE-2024-10087 (Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable ...)
+ TODO: check
CVE-2025-3572 (SmartRobot from INTUMIT has a Server-Side Request Forgery vulnerabilit ...)
NOT-FOR-US: INTUMIT
CVE-2025-3556 (A vulnerability classified as problematic was found in ScriptAndTools ...)
@@ -68,7 +170,7 @@ CVE-2025-3423 (IBM Aspera Faspex 5.0.0 through 5.0.11 is vulnerable to cross-sit
NOT-FOR-US: IBM
CVE-2025-32896
NOT-FOR-US: Apache SeaTunnel
-CVE-2025-24859
+CVE-2025-24859 (A session management vulnerability exists in Apache Roller before vers ...)
NOT-FOR-US: Apache Roller
CVE-2024-56406 (A heap buffer overflow vulnerability was discovered in Perl. Release ...)
{DSA-5902-1}
@@ -516,7 +618,7 @@ CVE-2025-30148 (Silverstripe Framework is a PHP framework which powers the Silve
NOT-FOR-US: Silverstripe Framework
CVE-2025-29150 (BlueCMS 1.6 suffers from Arbitrary File Deletion via the id parameter ...)
NOT-FOR-US: BlueCMS
-CVE-2025-29088 (An issue in sqlite v.3.49.0 allows an attacker to cause a denial of se ...)
+CVE-2025-29088 (In SQLite 3.49.0 before 3.49.1, certain argument values to sqlite3_db_ ...)
- sqlite3 <unfixed> (bug #1102670)
[bookworm] - sqlite3 <no-dsa> (Minor issue)
NOTE: https://github.com/sqlite/sqlite/commit/56d2fd008b108109f489339f5fd55212bb50afd4
@@ -1935,7 +2037,7 @@ CVE-2025-29479
REJECTED
CVE-2025-29478 (An issue in fluent-bit v.3.7.2 allows a local attacker to cause a deni ...)
NOT-FOR-US: fluent-bit
-CVE-2025-29087 (Sqlite 3.49.0 is susceptible to integer overflow through the concat fu ...)
+CVE-2025-29087 (In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concat_ws() SQL fun ...)
- sqlite3 3.46.1-3 (bug #1102411)
[bookworm] - sqlite3 <not-affected> (Vulnerable code not present)
[bullseye] - sqlite3 <not-affected> (Vulnerable code not present)
@@ -2476,7 +2578,8 @@ CVE-2025-32203 (Improper Neutralization of Special Elements used in an SQL Comma
NOT-FOR-US: WordPress plugin or theme
CVE-2025-32201 (Missing Authorization vulnerability in Xpro Xpro Theme Builder allows ...)
NOT-FOR-US: WordPress plugin or theme
-CVE-2025-32200 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...)
+CVE-2025-32200
+ REJECTED
NOT-FOR-US: WordPress plugin or theme
CVE-2025-32197 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8eb29a4392beea9859e08a883ee9bf5fa8b584f0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8eb29a4392beea9859e08a883ee9bf5fa8b584f0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250414/42b03cbe/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list