[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Apr 18 21:13:05 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
16dd7fb7 by security tracker role at 2025-04-18T20:12:58+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,125 @@
-CVE-2025-37838 [HSI: ssi_protocol: Fix use after free vulnerability in ssi_protocol Driver Due to Race Condition]
+CVE-2025-3795 (A vulnerability was found in DaiCuo 1.3.13. It has been rated as probl ...)
+	TODO: check
+CVE-2025-3792 (A vulnerability, which was classified as critical, has been found in S ...)
+	TODO: check
+CVE-2025-3791 (A vulnerability classified as critical was found in symisc UnQLite up  ...)
+	TODO: check
+CVE-2025-3790 (A vulnerability classified as critical has been found in baseweb JSite ...)
+	TODO: check
+CVE-2025-3789 (A vulnerability was found in baseweb JSite 1.0. It has been rated as p ...)
+	TODO: check
+CVE-2025-3788 (A vulnerability was found in baseweb JSite 1.0. It has been declared a ...)
+	TODO: check
+CVE-2025-3787 (A vulnerability was found in PbootCMS 3.2.5. It has been classified as ...)
+	TODO: check
+CVE-2025-3786 (A vulnerability was found in Tenda AC15 up to 15.03.05.19 and classifi ...)
+	TODO: check
+CVE-2025-3785 (A vulnerability has been found in D-Link DWR-M961 1.1.36 and classifie ...)
+	TODO: check
+CVE-2025-3106 (The LA-Studio Element Kit for Elementor plugin for WordPress is vulner ...)
+	TODO: check
+CVE-2025-3056 (The Download Manager plugin for WordPress is vulnerable to Stored Cros ...)
+	TODO: check
+CVE-2025-36625 (In Nessus versions prior to 10.8.4, a non-authenticated attacker could ...)
+	TODO: check
+CVE-2025-32796 (Dify is an open-source LLM app development platform. Prior to version  ...)
+	TODO: check
+CVE-2025-32795 (Dify is an open-source LLM app development platform. Prior to version  ...)
+	TODO: check
+CVE-2025-32792 (SES safely executes third-party JavaScript 'strict' mode programs in c ...)
+	TODO: check
+CVE-2025-32790 (Dify is an open-source LLM app development platform. In versions 0.6.8 ...)
+	TODO: check
+CVE-2025-32442 (Fastify is a fast and low overhead web framework, for Node.js. In vers ...)
+	TODO: check
+CVE-2025-32434 (PyTorch is a Python package that provides tensor computation with stro ...)
+	TODO: check
+CVE-2025-32389 (NamelessMC is a free, easy to use & powerful website software for Mine ...)
+	TODO: check
+CVE-2025-32377 (Rasa Pro is a framework for building scalable, dynamic conversational  ...)
+	TODO: check
+CVE-2025-31120 (NamelessMC is a free, easy to use & powerful website software for Mine ...)
+	TODO: check
+CVE-2025-31118 (NamelessMC is a free, easy to use & powerful website software for Mine ...)
+	TODO: check
+CVE-2025-30357 (NamelessMC is a free, easy to use & powerful website software for Mine ...)
+	TODO: check
+CVE-2025-30158 (NamelessMC is a free, easy to use & powerful website software for Mine ...)
+	TODO: check
+CVE-2025-2950 (IBM i 7.3, 7.4, 7.5, and 7.5 is vulnerable to a host header injection  ...)
+	TODO: check
+CVE-2025-2492 (An improper authentication control vulnerability exists in AiCloud. Th ...)
+	TODO: check
+CVE-2025-29953 (Deserialization of Untrusted Data vulnerability in Apache ActiveMQ NMS ...)
+	TODO: check
+CVE-2025-29784 (NamelessMC is a free, easy to use & powerful website software for Mine ...)
+	TODO: check
+CVE-2025-29625 (A buffer overflow vulnerability in Astrolog v7.70 allows attackers to  ...)
+	TODO: check
+CVE-2025-29513 (Cross-Site Scripting (XSS) vulnerability in NodeBB v4.0.4 and before a ...)
+	TODO: check
+CVE-2025-29512 (Cross-Site Scripting (XSS) vulnerability in NodeBB v4.0.4 and before a ...)
+	TODO: check
+CVE-2025-29209 (TOTOLINK X18 v9.1.0cu.2024_B20220329 has an unauthorized arbitrary com ...)
+	TODO: check
+CVE-2025-28355 (Volmarg Personal Management System 1.4.65 is vulnerable to Cross Site  ...)
+	TODO: check
+CVE-2025-28242 (Improper session management in the /login_ok.htm endpoint of DAEnetIP4 ...)
+	TODO: check
+CVE-2025-28238 (Improper session management in Elber REBLE310 Firmware v5.5.1.R , Equi ...)
+	TODO: check
+CVE-2025-28237 (An issue in WorldCast Systems ECRESO FM/DAB/TV Transmitter v1.10.1 all ...)
+	TODO: check
+CVE-2025-28236 (Nautel VX Series transmitters VX SW v6.4.0 and below was discovered to ...)
+	TODO: check
+CVE-2025-28235 (An information disclosure vulnerability in the component /socket.io/1/ ...)
+	TODO: check
+CVE-2025-28233 (Incorrect access control in BW Broadcast TX600 (14980), TX300 (32990)  ...)
+	TODO: check
+CVE-2025-28232 (Incorrect access control in the HOME.php endpoint of JMBroadcast JMB01 ...)
+	TODO: check
+CVE-2025-28231 (Incorrect access control in Itel Electronics IP Stream v1.7.0.6 allows ...)
+	TODO: check
+CVE-2025-28230 (Incorrect access control in JMBroadcast JMB0150 Firmware v1.0 allows a ...)
+	TODO: check
+CVE-2025-28229 (Incorrect access control in Orban OPTIMOD 5950 Firmware v1.0.0.2 and S ...)
+	TODO: check
+CVE-2025-28228 (A credential exposure vulnerability in Electrolink 500W, 1kW, 2kW Medi ...)
+	TODO: check
+CVE-2025-28197 (Crawl4AI <=0.4.247 is vulnerable to SSRF in /crawl4ai/async_dispatcher ...)
+	TODO: check
+CVE-2025-28059 (An access control vulnerability in Nagios Network Analyzer 2024R1.0.3  ...)
+	TODO: check
+CVE-2025-27599 (Element X Android is a Matrix Android Client provided by element.io. P ...)
+	TODO: check
+CVE-2025-25985 (An issue in Macro-video Technologies Co.,Ltd V380E6_C1 IP camera (Hw_H ...)
+	TODO: check
+CVE-2025-25984 (An issue in Macro-video Technologies Co.,Ltd V380E6_C1 IP camera (Hw_H ...)
+	TODO: check
+CVE-2025-25983 (An issue in Macro-video Technologies Co.,Ltd V380 Pro android applicat ...)
+	TODO: check
+CVE-2025-24914 (When installing Nessus to a non-default location on a Windows host, Ne ...)
+	TODO: check
+CVE-2025-1697 (A potential security vulnerability has been identified in the HP Touch ...)
+	TODO: check
+CVE-2024-57493 (An issue in redoxOS relibc before commit 98aa4ea5 allows a local attac ...)
+	TODO: check
+CVE-2024-49808 (IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0 could ...)
+	TODO: check
+CVE-2024-46089 (74cms <=3.33 is vulnerable to remote code execution (RCE) in the backg ...)
+	TODO: check
+CVE-2024-45651 (IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0   doe ...)
+	TODO: check
+CVE-2024-41447 (A stored cross-site scripting (XSS) vulnerability in Alkacon OpenCMS v ...)
+	TODO: check
+CVE-2024-29643 (An issue in croogo v.3.0.2 allows an attacker to perform Host header i ...)
+	TODO: check
+CVE-2024-11421
+	REJECTED
+CVE-2025-37838 (In the Linux kernel, the following vulnerability has been resolved:  H ...)
 	- linux <unfixed>
 	NOTE: https://git.kernel.org/linus/e3f88665a78045fe35c7669d2926b8d97b892c11 (6.15-rc1)
-CVE-2025-40364 [io_uring: fix io_req_prep_async with provided buffers]
+CVE-2025-40364 (In the Linux kernel, the following vulnerability has been resolved:  i ...)
 	- linux 6.7.7-1
 	[bookworm] - linux 6.1.129-1
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -158875,6 +158993,7 @@ CVE-2023-4650 (Improper Access Control in GitHub repository instantsoft/icms2 pr
 CVE-2023-4649 (Session Fixation in GitHub repository instantsoft/icms2 prior to 2.16. ...)
 	NOT-FOR-US: icms2
 CVE-2023-4641 (A flaw was found in shadow-utils. When asking for a new password, shad ...)
+	{DLA-4130-1}
 	- shadow 1:4.13+dfsg1-2 (bug #1051062)
 	[bookworm] - shadow <no-dsa> (Minor issue)
 	[buster] - shadow <no-dsa> (Minor issue)
@@ -178990,6 +179109,7 @@ CVE-2021-4334 (The Fancy Product Designer plugin for WordPress is vulnerable to
 CVE-2014-125094 (A vulnerability classified as problematic was found in phpMiniAdmin up ...)
 	NOT-FOR-US: phpMiniAdmin
 CVE-2023-29383 (In Shadow 4.13, it is possible to inject control characters into field ...)
+	{DLA-4130-1}
 	- shadow 1:4.13+dfsg1-2 (bug #1034482)
 	[bookworm] - shadow <no-dsa> (Minor issue)
 	[buster] - shadow <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/16dd7fb72f5ef24c812293959d0937fa3800e6ac

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/16dd7fb72f5ef24c812293959d0937fa3800e6ac
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250418/2cd73eed/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list