[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Apr 15 21:12:56 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
36093975 by security tracker role at 2025-04-15T20:12:49+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,10 +1,178 @@
-CVE-2025-3523
+CVE-2025-3618 (A denial-of-service vulnerability exists in the Rockwell Automation Th ...)
+ TODO: check
+CVE-2025-3617 (A privilege escalation vulnerability exists in the Rockwell Automation ...)
+ TODO: check
+CVE-2025-3608 (A race condition existed in nsHttpTransaction that could have been exp ...)
+ TODO: check
+CVE-2025-3579 (In versions prior to Aidex 1.7, an authenticated malicious user, takin ...)
+ TODO: check
+CVE-2025-3578 (A malicious, authenticated user in Aidex, versions prior to 1.7, could ...)
+ TODO: check
+CVE-2025-3575 (Insecure Direct Object Reference vulnerability in Deporsite from T-INN ...)
+ TODO: check
+CVE-2025-3574 (Insecure Direct Object Reference vulnerability in Deporsite from T-INN ...)
+ TODO: check
+CVE-2025-33028 (In WinZip through 29.0, there is a Mark-of-the-Web Bypass Vulnerabilit ...)
+ TODO: check
+CVE-2025-33027 (In Bandisoft Bandizip through 7.37, there is a Mark-of-the-Web Bypass ...)
+ TODO: check
+CVE-2025-33026 (In PeaZip through 10.4.0, there is a Mark-of-the-Web Bypass Vulnerabil ...)
+ TODO: check
+CVE-2025-32949 (This vulnerability allows any authenticated user to cause the server t ...)
+ TODO: check
+CVE-2025-32948 (The vulnerability allows any attacker to cause the PeerTube server to ...)
+ TODO: check
+CVE-2025-32947 (This vulnerability allows any attacker to cause the PeerTube server to ...)
+ TODO: check
+CVE-2025-32946 (This vulnerability allows any attacker to add playlists to a different ...)
+ TODO: check
+CVE-2025-32945 (The vulnerability allows an existing user to add playlists to a differ ...)
+ TODO: check
+CVE-2025-32944 (The vulnerability allows any authenticated user to cause the PeerTube ...)
+ TODO: check
+CVE-2025-32943 (The vulnerability allows any authenticated user to leak the contents o ...)
+ TODO: check
+CVE-2025-32929 (Missing Authorization vulnerability in Dmitry V. (CEO of "UKR Solution ...)
+ TODO: check
+CVE-2025-32780 (BleachBit cleans files to free disk space and to maintain privacy. Ble ...)
+ TODO: check
+CVE-2025-32779 (E.D.D.I (Enhanced Dialog Driven Interface) is a middleware to connect ...)
+ TODO: check
+CVE-2025-32776 (OpenRazer is an open source driver and user-space daemon to control Ra ...)
+ TODO: check
+CVE-2025-32445 (Argo Events is an event-driven workflow automation framework for Kuber ...)
+ TODO: check
+CVE-2025-32439 (pleezer is a headless Deezer Connect player. Hook scripts in pleezer c ...)
+ TODO: check
+CVE-2025-32438 (make-initrd-ng is a tool for copying binaries and their dependencies. ...)
+ TODO: check
+CVE-2025-32103 (CrushFTP 9.x and 10.x through 10.8.4 and 11.x through 11.3.1 allows di ...)
+ TODO: check
+CVE-2025-32102 (CrushFTP 9.x and 10.x through 10.8.4 and 11.x through 11.3.1 allows SS ...)
+ TODO: check
+CVE-2025-32012 (Jellyfin is an open source self hosted media server. In versions 10.9. ...)
+ TODO: check
+CVE-2025-31497 (TEIGarage is a webservice and RESTful service to transform, convert an ...)
+ TODO: check
+CVE-2025-31011 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-30985 (Deserialization of Untrusted Data vulnerability in NotFound GNUCommerc ...)
+ TODO: check
+CVE-2025-30965 (Cross-Site Request Forgery (CSRF) vulnerability in NotFound WPJobBoard ...)
+ TODO: check
+CVE-2025-30964 (Server-Side Request Forgery (SSRF) vulnerability in EPC Photography. T ...)
+ TODO: check
+CVE-2025-30962 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-30206 (Dpanel is a Docker visualization panel system which provides complete ...)
+ TODO: check
+CVE-2025-2567 (An attacker could modify or disable settings, disrupt fuel monitoring ...)
+ TODO: check
+CVE-2025-2083 (The Logo Carousel Gutenberg Block plugin for WordPress is vulnerable t ...)
+ TODO: check
+CVE-2025-29817 (Uncontrolled search path element in Power Automate allows an authorize ...)
+ TODO: check
+CVE-2025-29705 (code-gen <=2.0.6 is vulnerable to Incorrect Access Control. The projec ...)
+ TODO: check
+CVE-2025-29281 (In PerfreeBlog version 4.0.11, regular users can exploit the arbitrary ...)
+ TODO: check
+CVE-2025-29280 (Stored cross-site scripting vulnerability exists in PerfreeBlog v4.0.1 ...)
+ TODO: check
+CVE-2025-29213 (A zip slip vulnerability in the component \service\migrate\MigrateForm ...)
+ TODO: check
+CVE-2025-28399 (An issue in Erick xmall v.1.1 and before allows a remote attacker to e ...)
+ TODO: check
+CVE-2025-28198 (A SQL injection vulnerability in Hitout car sale 1.0 allows a remote a ...)
+ TODO: check
+CVE-2025-28145 (Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3 1.0.15 was ...)
+ TODO: check
+CVE-2025-28144 (Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3 1.0.15 was ...)
+ TODO: check
+CVE-2025-28143 (Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3_1.0.15 was ...)
+ TODO: check
+CVE-2025-28142 (Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3_1.0.15 was ...)
+ TODO: check
+CVE-2025-28137 (The TOTOLINK A810R V4.1.2cu.5182_B20201026 were found to contain a pre ...)
+ TODO: check
+CVE-2025-28136 (TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a buffer o ...)
+ TODO: check
+CVE-2025-28100 (A SQL Injection vulnerability in dingfanzuCMS v.1.0 allows a attacker ...)
+ TODO: check
+CVE-2025-27980 (cashbook v4.0.3 has an arbitrary file read vulnerability in /api/entry ...)
+ TODO: check
+CVE-2025-27791 (Collabora Online is a collaborative online office suite based on Libre ...)
+ TODO: check
+CVE-2025-26992 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-26990 (Server-Side Request Forgery (SSRF) vulnerability in WP Royal Royal Ele ...)
+ TODO: check
+CVE-2025-26982 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-26959 (Missing Authorization vulnerability in Qu\xfd L\xea 91 Administrator Z ...)
+ TODO: check
+CVE-2025-26958 (Missing Authorization vulnerability in NotFound JetBlog allows Accessi ...)
+ TODO: check
+CVE-2025-26955 (Missing Authorization vulnerability in VW Themes Industrial Lite allow ...)
+ TODO: check
+CVE-2025-26954 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-26944 (Missing Authorization vulnerability in NotFound JetPopup allows Access ...)
+ TODO: check
+CVE-2025-26942 (Missing Authorization vulnerability in NotFound JetTricks allows Acces ...)
+ TODO: check
+CVE-2025-26894 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-26889 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-26745 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-26744 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-26743 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-26741 (Missing Authorization vulnerability in AWEOS GmbH Email Notifications ...)
+ TODO: check
+CVE-2025-25456 (Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in Adv ...)
+ TODO: check
+CVE-2025-24949 (In JotUrl 2.0, is possible to bypass security requirements during the ...)
+ TODO: check
+CVE-2025-24948 (In JotUrl 2.0, passwords are sent via HTTP GET-type requests, potentia ...)
+ TODO: check
+CVE-2025-24358 (gorilla/csrf provides Cross Site Request Forgery (CSRF) prevention mid ...)
+ TODO: check
+CVE-2025-22903 (TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a sta ...)
+ TODO: check
+CVE-2025-22900 (Totolink N600R v4.3.0cu.7647_B20210106 was discovered to contain a sta ...)
+ TODO: check
+CVE-2025-1688 (Milestone Systems has discovered a security vulnerability in Milestone ...)
+ TODO: check
+CVE-2025-1292 (Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 122.0 ...)
+ TODO: check
+CVE-2025-1122 (Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 122.0 ...)
+ TODO: check
+CVE-2024-50960 (A command injection vulnerability in the Nmap diagnostic tool in the a ...)
+ TODO: check
+CVE-2024-45712 (SolarWinds Serv-U is vulnerable to a client-side cross-site scripting ...)
+ TODO: check
+CVE-2024-42200 (HCL BigFix Web Reports might be subject to a Stored Cross-Site Scripti ...)
+ TODO: check
+CVE-2024-42193 (HCL BigFix Web Reports' service communicates over HTTPS but exhibits a ...)
+ TODO: check
+CVE-2024-42189 (HCL BigFix Web Reports might be subject to a Denial of Service (DoS) a ...)
+ TODO: check
+CVE-2024-36842 (An issue in Oncord+ Android Infotainment Systems OS Android 12, Model ...)
+ TODO: check
+CVE-2024-13177 (Netskope Client on Mac OS is impacted by a vulnerability in which the ...)
+ TODO: check
+CVE-2024-11084 (Helix ALM prior to 2025.1 returns distinct error responses during auth ...)
+ TODO: check
+CVE-2025-3523 (When an email contains multiple attachments with external links via th ...)
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-27/#CVE-2025-3523
-CVE-2025-2830
+CVE-2025-2830 (By crafting a malformed file name for an attachment in a multipart mes ...)
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-27/#CVE-2025-2830
-CVE-2025-3522
+CVE-2025-3522 (Thunderbird processes the X-Mozilla-External-Attachment-URL header to ...)
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-27/#CVE-2025-3522
CVE-2025-3622 (A vulnerability, which was classified as critical, has been found in X ...)
@@ -142,7 +310,7 @@ CVE-2025-32912 (A flaw was found in libsoup, where SoupAuthDigest is vulnerable
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/434
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libsoup/-/commit/cd077513f267e43ce4b659eb18a1734d8a369992 (3.6.5)
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libsoup/-/commit/910ebdcd3dd82386717a201c13c834f3a63eed7f (3.6.5)
-CVE-2025-32911
+CVE-2025-32911 (A flaw was found in libsoup, which is vulnerable to a use-after-free m ...)
- libsoup3 3.6.4-1
- libsoup2.4 <unfixed>
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/issues/433
@@ -5781,7 +5949,7 @@ CVE-2025-28087 (Sourcecodester Online Exam System 1.0 is vulnerable to SQL Injec
NOT-FOR-US: SourceCodester
CVE-2025-25579 (TOTOLINK A3002R V4.0.0-B20230531.1404 is vulnerable to Command Injecti ...)
NOT-FOR-US: TOTOLINK
-CVE-2025-22953 (A SQL injection vulnerability exists in the Epicor HCM 2021 1.9, speci ...)
+CVE-2025-22953 (A SQL injection vulnerability exists in Epicor HCM 2021 1.9, with patc ...)
NOT-FOR-US: Epicor HCM
CVE-2024-7577 (IBM InfoSphere Information Server 11.7 could disclose sensitive user c ...)
NOT-FOR-US: IBM
@@ -6533,7 +6701,7 @@ CVE-2025-29306 (An issue in FoxCMS v.1.2.5 allows a remote attacker to execute a
NOT-FOR-US: FoxCMS
CVE-2025-29072 (An integer overflow in Nethermind Juno before v.12.05 within the Sierr ...)
NOT-FOR-US: Nethermind Juno
-CVE-2025-28138 (TOTOLINK A800R V4.1.2cu.5137_B20200730 contains a remote command execu ...)
+CVE-2025-28138 (The TOTOLINK A800R V4.1.2cu.5137_B20200730 were found to contain a pre ...)
NOT-FOR-US: TOTOLINK
CVE-2025-28135 (TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer o ...)
NOT-FOR-US: TOTOLINK
@@ -8650,7 +8818,8 @@ CVE-2025-1451 (A vulnerability in parisneo/lollms-webui v13 arises from the serv
NOT-FOR-US: parisneo/lollms-webui
CVE-2025-1040 (AutoGPT versions 0.3.4 and earlier are vulnerable to a Server-Side Tem ...)
NOT-FOR-US: AutoGPT
-CVE-2025-0655 (A vulnerability in man-group/dtale versions 3.15.1 allows an attacker ...)
+CVE-2025-0655
+ REJECTED
NOT-FOR-US: man-group/dtale
CVE-2025-0628 (An improper authorization vulnerability exists in the main-latest vers ...)
NOT-FOR-US: BerriAI/litellm
@@ -8668,7 +8837,8 @@ CVE-2025-0317 (A vulnerability in ollama/ollama versions <=0.3.14 allows a malic
- ollama <itp> (bug #1094806)
CVE-2025-0315 (A vulnerability in ollama/ollama <=0.3.14 allows a malicious user to c ...)
- ollama <itp> (bug #1094806)
-CVE-2025-0313 (A vulnerability in ollama/ollama versions <=0.3.14 allows a malicious ...)
+CVE-2025-0313
+ REJECTED
- ollama <itp> (bug #1094806)
CVE-2025-0312 (A vulnerability in ollama/ollama versions <=0.3.14 allows a malicious ...)
- ollama <itp> (bug #1094806)
@@ -8700,7 +8870,8 @@ CVE-2024-9920 (In version v12 of parisneo/lollms-webui, the 'Send file to AL' fu
NOT-FOR-US: parisneo/lollms-webui
CVE-2024-9919 (A missing authentication check in the uninstall endpoint of parisneo/l ...)
NOT-FOR-US: parisneo/lollms-webui
-CVE-2024-9901 (LocalAI version v2.19.4 (af0545834fd565ab56af0b9348550ca9c3cb5349) con ...)
+CVE-2024-9901
+ REJECTED
NOT-FOR-US: LocalAI
CVE-2024-9900 (mudler/localai version v2.21.1 contains a Cross-Site Scripting (XSS) v ...)
NOT-FOR-US: LocalAI
@@ -8708,7 +8879,8 @@ CVE-2024-9880
REJECTED
CVE-2024-9847 (FlatPress CMS version latest is vulnerable to Cross-Site Request Forge ...)
- flatpress <itp> (bug #466297)
-CVE-2024-9840 (A Denial of Service (DoS) vulnerability exists in open-webui/open-webu ...)
+CVE-2024-9840
+ REJECTED
NOT-FOR-US: open-webui/open-webui
CVE-2024-9701 (A Remote Code Execution (RCE) vulnerability has been identified in the ...)
NOT-FOR-US: Kedro
@@ -8772,7 +8944,8 @@ CVE-2024-9053 (vllm-project vllm version 0.6.0 contains a vulnerability in the A
- vllm <itp> (bug #1095237)
CVE-2024-9052
REJECTED
-CVE-2024-9016 (man-group dtale version <= 3.13.1 contains a vulnerability where the q ...)
+CVE-2024-9016
+ REJECTED
NOT-FOR-US: man-group/dtale
CVE-2024-9000 (In lunary-ai/lunary before version 1.4.26, the checklists.post() endpo ...)
NOT-FOR-US: lunary-ai/lunary
@@ -8892,7 +9065,8 @@ CVE-2024-8018 (A vulnerability in imartinez/privategpt version 0.5.0 allows for
NOT-FOR-US: imartinez/privategpt
CVE-2024-8017 (An XSS vulnerability exists in open-webui/open-webui versions <= 0.3.8 ...)
NOT-FOR-US: open-webui/open-webui
-CVE-2024-7999 (A vulnerability in open-webui/open-webui version 79778fa allows an att ...)
+CVE-2024-7999
+ REJECTED
NOT-FOR-US: open-webui/open-webui
CVE-2024-7990 (A stored cross-site scripting (XSS) vulnerability exists in open-webui ...)
NOT-FOR-US: open-webui/open-webui
@@ -8920,7 +9094,8 @@ CVE-2024-7776 (A vulnerability in the `download_model` function of the onnx/onnx
NOTE: Follow-up to CVE-2024-5187 but different vulnerability in the download_model function
NOTE: https://github.com/onnx/onnx/commit/1b70f9b673259360b6a2339c4bd97db9ea6e552f (v1.17.0)
NOTE: cherry picks of fixes: https://github.com/onnx/onnx/commit/84051888d0943883a0edbf683f68c05ca3b28c40 (v1.16.2)
-CVE-2024-7773 (A vulnerability in ollama/ollama version 0.1.37 allows for remote code ...)
+CVE-2024-7773
+ REJECTED
- ollama <itp> (bug #1094806)
CVE-2024-7771 (A vulnerability in the Dockerized version of mintplex-labs/anything-ll ...)
NOT-FOR-US: anything-llm
@@ -9051,7 +9226,8 @@ CVE-2024-12870 (A stored cross-site scripting (XSS) vulnerability exists in infi
NOT-FOR-US: infiniflow/ragflow
CVE-2024-12869 (In infiniflow/ragflow version v0.12.0, there is an improper authentica ...)
NOT-FOR-US: infiniflow/ragflow
-CVE-2024-12868 (In version 0.3.32 of open-webui, the application uses a vulnerable ver ...)
+CVE-2024-12868
+ REJECTED
NOT-FOR-US: open-webui/open-webui
CVE-2024-12866 (A local file inclusion vulnerability exists in netease-youdao/qanythin ...)
NOT-FOR-US: netease-youdao/qanything
@@ -9071,9 +9247,11 @@ CVE-2024-12766 (parisneo/lollms-webui version V13 (feather) suffers from a Serve
NOT-FOR-US: parisneo/lollms-webui
CVE-2024-12761 (A Denial of Service (DoS) vulnerability exists in the brycedrennan/ima ...)
NOT-FOR-US: brycedrennan/imaginairy
-CVE-2024-12760 (An open redirect vulnerability in bentoml/bentoml v1.3.9 allows a remo ...)
+CVE-2024-12760
+ REJECTED
NOT-FOR-US: bentoml/bentoml
-CVE-2024-12759 (In bentoml/bentoml version 1.3.9, the `/login` endpoint of the newly i ...)
+CVE-2024-12759
+ REJECTED
NOT-FOR-US: bentoml/bentoml
CVE-2024-12720 (A Regular Expression Denial of Service (ReDoS) vulnerability was ident ...)
NOT-FOR-US: huggingface/transformers
@@ -9181,7 +9359,8 @@ CVE-2024-11042 (In invoke-ai/invokeai version v5.0.2, the web API `POST /api/v1/
NOT-FOR-US: invoke-ai/invokeai
CVE-2024-11041 (vllm-project vllm version v0.6.2 contains a vulnerability in the Messa ...)
- vllm <itp> (bug #1095237)
-CVE-2024-11040 (vllm-project vllm version 0.5.2.2 is vulnerable to Denial of Service a ...)
+CVE-2024-11040
+ REJECTED
- vllm <itp> (bug #1095237)
CVE-2024-11039 (A pickle deserialization vulnerability exists in the Latex English err ...)
NOT-FOR-US: binary-husky/gpt_academic
@@ -21989,9 +22168,9 @@ CVE-2025-24470 (AnImproper Resolution of Path Equivalence vulnerability [CWE-41]
NOT-FOR-US: FortiGuard
CVE-2025-24438 (Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2. ...)
NOT-FOR-US: Adobe
-CVE-2025-24437 (Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2. ...)
+CVE-2025-24437 (Adobe Commerce versions 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11, 2.4. ...)
NOT-FOR-US: Adobe
-CVE-2025-24436 (Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2. ...)
+CVE-2025-24436 (Adobe Commerce versions 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11, 2.4. ...)
NOT-FOR-US: Adobe
CVE-2025-24435 (Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2. ...)
NOT-FOR-US: Adobe
@@ -142261,7 +142440,7 @@ CVE-2023-5641 (The Martins Free & Easy SEO BackLink Link Building Network WordPr
NOT-FOR-US: WordPress plugin
CVE-2023-5620 (The Web Push Notifications WordPress plugin before 4.35.0 does not pre ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-5616 [gnome-control-center incorrectly claims remote login is off]
+CVE-2023-5616 (In Ubuntu, gnome-control-center did not properly reflect SSH remote lo ...)
- gnome-control-center <unfixed> (bug #1058624)
[bookworm] - gnome-control-center <postponed> (Minor issue, revisit when fixed upstream)
[bullseye] - gnome-control-center <no-dsa> (Minor issue)
@@ -334086,8 +334265,8 @@ CVE-2021-27290 (ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular
[buster] - node-ssri <no-dsa> (Minor issue)
NOTE: https://doyensec.com/resources/Doyensec_Advisory_ssri_redos.pdf
NOTE: https://github.com/npm/ssri/commit/76e223317d971f19e4db8191865bdad5edee40d2 (v8.0.1)
-CVE-2021-27289
- RESERVED
+CVE-2021-27289 (A replay attack vulnerability was discovered in a Zigbee smart home ki ...)
+ TODO: check
CVE-2021-27288 (Cross Site Scripting (XSS) in X2Engine X2CRM v7.1 allows remote attack ...)
NOT-FOR-US: X2Engine X2CRM
CVE-2021-27287
@@ -386498,8 +386677,8 @@ CVE-2020-18245
RESERVED
CVE-2020-18244
RESERVED
-CVE-2020-18243
- RESERVED
+CVE-2020-18243 (SQL injection vulnerability found in Enricozab CMS v.1.0 allows a remo ...)
+ TODO: check
CVE-2020-18242
RESERVED
CVE-2020-18241
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/360939756894bc8954086569ddc85e074d077a37
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/360939756894bc8954086569ddc85e074d077a37
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250415/31a1f34d/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list