[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Apr 22 21:12:09 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0a3ec448 by security tracker role at 2025-04-22T20:12:02+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,185 @@
+CVE-2025-46254 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-46253 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-46252 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-46251 (Cross-Site Request Forgery (CSRF) vulnerability in e4jvikwp VikRestaur ...)
+ TODO: check
+CVE-2025-46250 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-46249 (Cross-Site Request Forgery (CSRF) vulnerability in Michael Simple cale ...)
+ TODO: check
+CVE-2025-46247 (Missing Authorization vulnerability in codepeople Appointment Booking ...)
+ TODO: check
+CVE-2025-46246 (Cross-Site Request Forgery (CSRF) vulnerability in CreativeMindsSoluti ...)
+ TODO: check
+CVE-2025-46245 (Cross-Site Request Forgery (CSRF) vulnerability in CreativeMindsSoluti ...)
+ TODO: check
+CVE-2025-46244 (Missing Authorization vulnerability in Dotstore Advanced Linked Variat ...)
+ TODO: check
+CVE-2025-46243 (Cross-Site Request Forgery (CSRF) vulnerability in sonalsinha21 Recove ...)
+ TODO: check
+CVE-2025-46242 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-46241 (Cross-Site Request Forgery (CSRF) vulnerability in codepeople Appointm ...)
+ TODO: check
+CVE-2025-46240 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-46239 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-46238 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-46237 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-46236 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-46235 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-46233 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-46232 (Missing Authorization vulnerability in alttextai Download Alt Text AI ...)
+ TODO: check
+CVE-2025-46231 (Cross-Site Request Forgery (CSRF) vulnerability in SERVIT Software Sol ...)
+ TODO: check
+CVE-2025-46229 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-46228 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-46227 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-46226 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-46225 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-43952 (A cross-site scripting (reflected XSS) vulnerability was found in Mett ...)
+ TODO: check
+CVE-2025-43951 (LabVantage before LV 8.8.0.13 HF6 allows local file inclusion. Authent ...)
+ TODO: check
+CVE-2025-43950 (DPMAdirektPro 4.1.5 is vulnerable to DLL Hijacking. It happens by plac ...)
+ TODO: check
+CVE-2025-43949 (MuM (aka Mensch und Maschine) MapEdit (aka mapedit-web) 24.2.3 is vuln ...)
+ TODO: check
+CVE-2025-43948 (Codemers KLIMS 1.6.DEV allows Python code injection. A user can provid ...)
+ TODO: check
+CVE-2025-43947 (Codemers KLIMS 1.6.DEV lacks a proper access control mechanism, allowi ...)
+ TODO: check
+CVE-2025-43946 (TCPWave DDI 11.34P1C2 allows Remote Code Execution via Unrestricted Fi ...)
+ TODO: check
+CVE-2025-3767 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-3519 (An authorization bypassinUnblu Spark allows aparticipant of a conversa ...)
+ TODO: check
+CVE-2025-3518 (It technically possible for a user to upload a file to a conversation ...)
+ TODO: check
+CVE-2025-3472 (The Ocean Extra plugin for WordPress is vulnerable to arbitrary shortc ...)
+ TODO: check
+CVE-2025-3458 (The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Sit ...)
+ TODO: check
+CVE-2025-3457 (The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Sit ...)
+ TODO: check
+CVE-2025-34028 (A path traversal vulnerability in Commvault Command Center Innovation ...)
+ TODO: check
+CVE-2025-32964 (ManageWiki is a MediaWiki extension allowing users to manage wikis. Pr ...)
+ TODO: check
+CVE-2025-32963 (MinIO Operator STS is a native IAM Authentication for Kubernetes. Prio ...)
+ TODO: check
+CVE-2025-32961 (The Cuba JPA web API enables loading and saving any entities defined i ...)
+ TODO: check
+CVE-2025-32960 (The CUBA REST API add-on performs operations on data and entities. Pri ...)
+ TODO: check
+CVE-2025-32959 (CUBA Platform is a high level framework for enterprise applications de ...)
+ TODO: check
+CVE-2025-32952 (Jmix is a set of libraries and tools to speed up Spring Boot data-cent ...)
+ TODO: check
+CVE-2025-32951 (Jmix is a set of libraries and tools to speed up Spring Boot data-cent ...)
+ TODO: check
+CVE-2025-32950 (Jmix is a set of libraries and tools to speed up Spring Boot data-cent ...)
+ TODO: check
+CVE-2025-32788 (OctoPrint provides a web interface for controlling consumer 3D printer ...)
+ TODO: check
+CVE-2025-31328 (SAP Learning Solution is vulnerable to Cross-Site Request Forgery (CSR ...)
+ TODO: check
+CVE-2025-31327 (SAP Field Logistics Manage Logistics application OData meta-data prope ...)
+ TODO: check
+CVE-2025-2092 (Insertion of Sensitive Information into Log File in Checkmk GmbH's Che ...)
+ TODO: check
+CVE-2025-29743 (D-Link DIR-816 A2V1.1.0B05 was found to contain a command injection in ...)
+ TODO: check
+CVE-2025-29621 (Francois Jacquet RosarioSIS v12.0.0 was discovered to contain a conten ...)
+ TODO: check
+CVE-2025-29547 (In Rollback Rx Professional 12.8.0.0, the driver file shieldm.sys allo ...)
+ TODO: check
+CVE-2025-29339 (An issue in UPF in Open5GS UPF versions up to v2.7.2 results an assert ...)
+ TODO: check
+CVE-2025-28039 (TOTOLINK EX1200T V4.1.2cu.5232_B20210713 was found to contain a pre-au ...)
+ TODO: check
+CVE-2025-28038 (TOTOLINK EX1200T V4.1.2cu.5232_B20210713 was found to contain a pre-au ...)
+ TODO: check
+CVE-2025-28037 (TOTOLINK A810R V4.1.2cu.5182_B20201026 and A950RG V4.1.2cu.5161_B20200 ...)
+ TODO: check
+CVE-2025-28036 (TOTOLINK A950RG V4.1.2cu.5161_B20200903 was found to contain a pre-aut ...)
+ TODO: check
+CVE-2025-28035 (TOTOLINK A830R V4.1.2cu.5182_B20201102 was found to contain a pre-auth ...)
+ TODO: check
+CVE-2025-28034 (TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, ...)
+ TODO: check
+CVE-2025-28033 (TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, ...)
+ TODO: check
+CVE-2025-28032 (TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, ...)
+ TODO: check
+CVE-2025-28031 (TOTOLINK A810R V4.1.2cu.5182_B20201026 was discovered to contain a har ...)
+ TODO: check
+CVE-2025-28030 (TOTOLINK A810R V4.1.2cu.5182_B20201026 was discovered to contain a sta ...)
+ TODO: check
+CVE-2025-28029 (TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903 ...)
+ TODO: check
+CVE-2025-28027 (TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903 ...)
+ TODO: check
+CVE-2025-28026 (TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903 ...)
+ TODO: check
+CVE-2025-28024 (TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer o ...)
+ TODO: check
+CVE-2025-27907 (IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to server-s ...)
+ TODO: check
+CVE-2025-26159 (Laravel Starter 11.11.0 is vulnerable to Cross Site Scripting (XSS) in ...)
+ TODO: check
+CVE-2025-23253 (NVIDIA NvContainer service for Windows contains a vulnerability in its ...)
+ TODO: check
+CVE-2025-23251 (NVIDIA NeMo Framework contains a vulnerability where a user could caus ...)
+ TODO: check
+CVE-2025-23250 (NVIDIA NeMo Framework contains a vulnerability where an attacker could ...)
+ TODO: check
+CVE-2025-23249 (NVIDIA NeMo Framework contains a vulnerability where a user could caus ...)
+ TODO: check
+CVE-2025-23176 (CWE-89: Improper Neutralization of Special Elements used in an SQL Com ...)
+ TODO: check
+CVE-2025-23175 (Multiple XSS (CWE-79))
+ TODO: check
+CVE-2025-1951 (IBM Hardware Management Console - Power Systems V10.2.1030.0 and V10.3 ...)
+ TODO: check
+CVE-2025-1950 (IBM Hardware Management Console - Power Systems V10.2.1030.0 and V10.3 ...)
+ TODO: check
+CVE-2024-53569 (A stored cross-site scripting (XSS) vulnerability in the New Goal Crea ...)
+ TODO: check
+CVE-2024-53568 (A stored cross-site scripting (XSS) vulnerability in the Image Upload ...)
+ TODO: check
+CVE-2024-46546 (NEXTU FLETA AX1500 WIFI6 Router v1.0.3 was discovered to contain a sta ...)
+ TODO: check
+CVE-2024-33452 (An issue in OpenResty lua-nginx-module v.0.10.26 and before allows a r ...)
+ TODO: check
+CVE-2024-11299 (The Memberpress plugin for WordPress is vulnerable to Sensitive Inform ...)
+ TODO: check
+CVE-2023-44755 (Sacco Management system v1.0 was discovered to contain a SQL injection ...)
+ TODO: check
+CVE-2023-44753 (A stored cross-site scripting (XSS) vulnerability fin Student Manageme ...)
+ TODO: check
+CVE-2023-44752 (An issue in Student Study Center Desk Management System v1.0 allows at ...)
+ TODO: check
+CVE-2023-43958 (An arbitrary file upload vulnerability in the component /jquery-file-u ...)
+ TODO: check
+CVE-2023-43378 (A cross-site scripting (XSS) vulnerability in Hoteldruid v3.0.5 allows ...)
+ TODO: check
CVE-2025-3856 (A vulnerability was found in xxyopen Novel-Plus 5.1.0. It has been cla ...)
NOT-FOR-US: xxyopen Novel-Plus
CVE-2025-3855 (A vulnerability was found in CodeCanyon RISE Ultimate Project Manager ...)
@@ -116,10 +298,10 @@ CVE-2024-12862 (Incorrect Authorization vulnerability in the OpenText Content Se
NOT-FOR-US: OpenText
CVE-2024-12543 (User Enumeration and Data Integrity in Barcode functionality in OpenTe ...)
NOT-FOR-US: OpenText
-CVE-2024-40446
+CVE-2024-40446 (An issue in forkosh Mime Tex before v.1.77 allows an attacker to execu ...)
- mimetex <unfixed> (bug #1103801)
NOTE: https://github.com/TaiYou-TW/CVE-2024-40445_CVE-2024-40446
-CVE-2024-40445
+CVE-2024-40445 (Directory Traversal vulnerability in forkosh Mime Tex before v.1.77 al ...)
- mimetex <unfixed> (bug #1103801)
NOTE: https://github.com/TaiYou-TW/CVE-2024-40445_CVE-2024-40446
CVE-2025-25228 (A SQL injection in VirtueMart component 1.0.0 - 4.4.7 for Joomla allow ...)
@@ -1022,7 +1204,7 @@ CVE-2025-26478 (Dell ECS version 3.8.1.4 and prior contain an Improper Certifica
NOT-FOR-US: Dell / EMC
CVE-2025-26477 (Dell ECS version 3.8.1.4 and prior contain an Improper Input Validatio ...)
NOT-FOR-US: Dell / EMC
-CVE-2025-26269 (DragonflyDB Dragonfly through 1.28.2 allows authenticated users to cau ...)
+CVE-2025-26269 (DragonflyDB Dragonfly through 1.28.2 (fixed in 1.29.0) allows authenti ...)
NOT-FOR-US: DragonflyDB Dragonfly
CVE-2025-26268 (DragonflyDB Dragonfly before 1.27.0 allows authenticated users to caus ...)
NOT-FOR-US: DragonflyDB Dragonfly
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0a3ec4488338a2bb336ab2a52993d82f01914298
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0a3ec4488338a2bb336ab2a52993d82f01914298
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250422/240695c1/attachment.htm>
More information about the debian-security-tracker-commits
mailing list