[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Apr 23 21:12:13 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
27405e87 by security tracker role at 2025-04-23T20:12:05+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,123 @@
+CVE-2025-46394 (In tar in BusyBox through 1.37.0, a TAR archive can have filenames hid ...)
+ TODO: check
+CVE-2025-46393 (In multispectral MIFF image processing in ImageMagick before 7.1.1-44, ...)
+ TODO: check
+CVE-2025-45429 (In the Tenda ac9 v1.0 router with firmware V15.03.05.14_multi, there i ...)
+ TODO: check
+CVE-2025-45428 (In Tenda ac9 v1.0 with firmware V15.03.05.14_multi, the rebootTime par ...)
+ TODO: check
+CVE-2025-45427 (In Tenda AC9 v1.0 with firmware V15.03.05.14_multi, the security param ...)
+ TODO: check
+CVE-2025-43965 (In MIFF image processing in ImageMagick before 7.1.1-44, image depth i ...)
+ TODO: check
+CVE-2025-43716 (A directory traversal vulnerability exists in Ivanti LANDesk Managemen ...)
+ TODO: check
+CVE-2025-42605 (This vulnerability exists in Meon Bidding Solutions due to improper au ...)
+ TODO: check
+CVE-2025-42604 (This vulnerability exists in Meon KYC solutions due to debug mode is e ...)
+ TODO: check
+CVE-2025-42603 (This vulnerability exists in the Meon KYC solutions due to transmissio ...)
+ TODO: check
+CVE-2025-42602 (This vulnerability exists in Meon KYC solutions due to improper handli ...)
+ TODO: check
+CVE-2025-42601 (This vulnerability exists in Meon KYC solutions due to insufficient se ...)
+ TODO: check
+CVE-2025-42600 (This vulnerability exists in Meon KYC solutions due to missing restric ...)
+ TODO: check
+CVE-2025-3907 (Cross-Site Request Forgery (CSRF) vulnerability in Drupal Search API S ...)
+ TODO: check
+CVE-2025-3904 (Vulnerability in Drupal Sportsleague.This issue affects Sportsleague: ...)
+ TODO: check
+CVE-2025-3903 (Vulnerability in Drupal UEditor - \u767e\u5ea6\u7f16\u8f91\u5668.This ...)
+ TODO: check
+CVE-2025-3902 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-3901 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-3900 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-3673
+ REJECTED
+CVE-2025-32969 (XWiki is a generic wiki platform. In versions starting from 1.8 and pr ...)
+ TODO: check
+CVE-2025-32968 (XWiki is a generic wiki platform. In versions starting from 1.6-milest ...)
+ TODO: check
+CVE-2025-32966 (DataEase is an open-source BI tool alternative to Tableau. Prior to ve ...)
+ TODO: check
+CVE-2025-32818 (A Null Pointer Dereference vulnerability in the SonicOS SSLVPN Virtual ...)
+ TODO: check
+CVE-2025-2773 (BEC Technologies Multiple Routers sys ping Command Injection Remote Co ...)
+ TODO: check
+CVE-2025-2772 (BEC Technologies Multiple Routers Insufficiently Protected Credentials ...)
+ TODO: check
+CVE-2025-2771 (BEC Technologies Multiple Routers Authentication Bypass Vulnerability. ...)
+ TODO: check
+CVE-2025-2770 (BEC Technologies Multiple Routers Cleartext Password Storage Informati ...)
+ TODO: check
+CVE-2025-2769 (Bdrive NetDrive Uncontrolled Search Path Element Local Privilege Escal ...)
+ TODO: check
+CVE-2025-2768 (Bdrive NetDrive Uncontrolled Search Path Element Local Privilege Escal ...)
+ TODO: check
+CVE-2025-2767 (Arista NG Firewall User-Agent Cross-Site Scripting Remote Code Executi ...)
+ TODO: check
+CVE-2025-2765 (CarlinKit CPC200-CCPA Wireless Hotspot Hard-Coded Credentials Authenti ...)
+ TODO: check
+CVE-2025-2764 (CarlinKit CPC200-CCPA update.cgi Improper Verification of Cryptographi ...)
+ TODO: check
+CVE-2025-2763 (CarlinKit CPC200-CCPA Improper Verification of Cryptographic Signature ...)
+ TODO: check
+CVE-2025-2762 (CarlinKit CPC200-CCPA Missing Root of Trust Local Privilege Escalation ...)
+ TODO: check
+CVE-2025-2703 (The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability. ...)
+ TODO: check
+CVE-2025-29526 (A Cross-Site Scripting (XSS) vulnerability in the search function of Q ...)
+ TODO: check
+CVE-2025-28169 (BYD QIN PLUS DM-i Dilink OS v3.0_13.1.7.2204050.1 to v3.0_13.1.7.23122 ...)
+ TODO: check
+CVE-2025-28028 (TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903 ...)
+ TODO: check
+CVE-2025-28025 (TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903 ...)
+ TODO: check
+CVE-2025-28022 (TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer o ...)
+ TODO: check
+CVE-2025-28021 (TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer o ...)
+ TODO: check
+CVE-2025-28020 (TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a buffer o ...)
+ TODO: check
+CVE-2025-28019 (TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a buffer o ...)
+ TODO: check
+CVE-2025-28018 (TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a buffer o ...)
+ TODO: check
+CVE-2025-28017 (TOTOLINK A800R V4.1.2cu.5032_B20200408 is vulnerable to Command Inject ...)
+ TODO: check
+CVE-2025-21605 (Redis is an open source, in-memory database that persists on disk. In ...)
+ TODO: check
+CVE-2025-1522 (PostHog database_schema Server-Side Request Forgery Information Disclo ...)
+ TODO: check
+CVE-2025-1521 (PostHog slack_incoming_webhook Server-Side Request Forgery Information ...)
+ TODO: check
+CVE-2025-1520 (PostHog ClickHouse Table Functions SQL Injection Remote Code Execution ...)
+ TODO: check
+CVE-2025-1054 (The UiCore Elements \u2013 Free Elementor widgets and templates plugin ...)
+ TODO: check
+CVE-2025-1050 (Sonos Era 300 Out-of-Bounds Write Remote Code Execution Vulnerability. ...)
+ TODO: check
+CVE-2025-1049 (Sonos Era 300 Heap-based Buffer Overflow Remote Code Execution Vulnera ...)
+ TODO: check
+CVE-2025-1048 (Sonos Era 300 Speaker libsmb2 Use-After-Free Remote Code Execution Vul ...)
+ TODO: check
+CVE-2025-1047 (Luxion KeyShot PVS File Parsing Access of Uninitialized Pointer Remote ...)
+ TODO: check
+CVE-2025-1046 (Luxion KeyShot SKP File Parsing Use-After-Free Remote Code Execution V ...)
+ TODO: check
+CVE-2025-1045 (Luxion KeyShot Viewer KSP File Parsing Heap-based Buffer Overflow Remo ...)
+ TODO: check
+CVE-2024-58251 (In netstat in BusyBox through 1.37.0, local users can launch of networ ...)
+ TODO: check
+CVE-2024-47829 (pnpm is a package manager. Prior to version 10.0.0, the path shortenin ...)
+ TODO: check
+CVE-2024-10306 (A vulnerability was found in mod_proxy_cluster. The issue is that the ...)
+ TODO: check
CVE-2025-XXXX [RUSTSEC-2025-0024]
- rust-crossbeam-channel 0.5.15-1 (bug #1103987)
[bookworm] - rust-crossbeam-channel <not-affected> (Only affects 0.5.12 to 0.5.14)
@@ -3876,12 +3996,12 @@ CVE-2024-13874 (The Feedify WordPress plugin before 2.4.6 does not sanitise and
NOT-FOR-US: WordPress plugin
CVE-2024-10894 (The Payment Forms for Paystack plugin for WordPress is vulnerable to S ...)
NOT-FOR-US: WordPress plugin
-CVE-2025-2761 [GIMP FLI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability]
+CVE-2025-2761 (GIMP FLI File Parsing Out-Of-Bounds Write Remote Code Execution Vulner ...)
- gimp 3.0.0-1
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-25-204/
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/13073
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gimp/-/commit/0806bc76ca74543d20e1307ccf6aebd26395c56c (GIMP_3_0_0)
-CVE-2025-2760 [GIMP XWD File Parsing Integer Overflow Remote Code Execution Vulnerability]
+CVE-2025-2760 (GIMP XWD File Parsing Integer Overflow Remote Code Execution Vulnerabi ...)
- gimp 3.0.0-1
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-25-203/
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/12790
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/27405e87b8ae78392f6810ca8354b09e6c6f2bdb
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/27405e87b8ae78392f6810ca8354b09e6c6f2bdb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250423/3b933759/attachment.htm>
More information about the debian-security-tracker-commits
mailing list