[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Apr 25 21:12:44 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
99d12ba2 by security tracker role at 2025-04-25T20:12:37+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,93 @@
+CVE-2025-46618 (In JetBrains TeamCity before 2025.03.1 stored XSS was possible on Data ...)
+	TODO: check
+CVE-2025-46535 (Missing Authorization vulnerability in AlphaEfficiencyTeam Custom Logi ...)
+	TODO: check
+CVE-2025-46433 (In JetBrains TeamCity before 2025.03.1 improper path validation in log ...)
+	TODO: check
+CVE-2025-46432 (In JetBrains TeamCity before 2025.03.1 base64-encoded credentials coul ...)
+	TODO: check
+CVE-2025-43862 (Dify is an open-source LLM app development platform. Prior to version  ...)
+	TODO: check
+CVE-2025-43016 (In JetBrains Rider before 2025.1.2 custom archive unpacker allowed arb ...)
+	TODO: check
+CVE-2025-3935 (ScreenConnect versions 25.2.3 and earlier versions may be susceptible  ...)
+	TODO: check
+CVE-2025-3928 (Commvault Web Server has an unspecified vulnerability that can be expl ...)
+	TODO: check
+CVE-2025-3912 (The WS Form LITE \u2013 Drag & Drop Contact Form Builder for WordPress ...)
+	TODO: check
+CVE-2025-3870 (The 1 Decembrie 1918 plugin for WordPress is vulnerable to Cross-Site  ...)
+	TODO: check
+CVE-2025-3647 (A flaw was discovered in Moodle. Additional checks were required to en ...)
+	TODO: check
+CVE-2025-3645 (A flaw was found in Moodle. Insufficient capability checks in a messag ...)
+	TODO: check
+CVE-2025-3644 (A flaw was found in Moodle. Additional checks were required to prevent ...)
+	TODO: check
+CVE-2025-3643 (A flaw was found in Moodle. The return URL in the policy tool required ...)
+	TODO: check
+CVE-2025-3642 (A flaw was found in Moodle. A remote code execution risk was identifie ...)
+	TODO: check
+CVE-2025-3641 (A flaw was found in Moodle. A remote code execution risk was identifie ...)
+	TODO: check
+CVE-2025-3640 (A flaw was found in Moodle. Insufficient capability checks made it pos ...)
+	TODO: check
+CVE-2025-3638 (A flaw was found in Moodle. The analysis request action in the Brickfi ...)
+	TODO: check
+CVE-2025-3637 (A security vulnerability was found in Moodle where confidential inform ...)
+	TODO: check
+CVE-2025-3636 (A flaw was found in Moodle. This vulnerability allows unauthorized use ...)
+	TODO: check
+CVE-2025-3635 (A security vulnerability was discovered in Moodle that allows anyone t ...)
+	TODO: check
+CVE-2025-3634 (A security vulnerability was discovered in Moodle that allows students ...)
+	TODO: check
+CVE-2025-3628 (A flaw has was found in Moodle where anonymous assignment submissions  ...)
+	TODO: check
+CVE-2025-3627 (A security vulnerability was discovered in Moodle that allows some use ...)
+	TODO: check
+CVE-2025-3625 (A security vulnerability was discovered in Moodle that can allow hacke ...)
+	TODO: check
+CVE-2025-32432 (Craft is a flexible, user-friendly CMS for creating custom digital exp ...)
+	TODO: check
+CVE-2025-32045 (A flaw has been identified in Moodle where insufficient capability che ...)
+	TODO: check
+CVE-2025-32044 (A flaw has been identified in Moodle where, on certain sites, unauthen ...)
+	TODO: check
+CVE-2025-2986 (IBM Maximo Asset Management 7.6.1.3 is vulnerable to stored cross-site ...)
+	TODO: check
+CVE-2025-2470 (The Service Finder Bookings plugin for WordPress, used by the Service  ...)
+	TODO: check
+CVE-2025-2070 (An improper XML parsing vulnerability was reported in the FileZ client ...)
+	TODO: check
+CVE-2025-2069 (A cross-site scripting vulnerability was reported in the FileZ client  ...)
+	TODO: check
+CVE-2025-2068 (An open redirect vulnerability was reported in the FileZ client that c ...)
+	TODO: check
+CVE-2025-28354 (An issue in the Printer Manager Systm of Entrust Corp Printer Manager  ...)
+	TODO: check
+CVE-2025-28128 (An issue in Mytel Telecom Online Account System v1.0 allows attackers  ...)
+	TODO: check
+CVE-2025-28076 (Multiple SQL injection vulnerabilities in EasyVirt DCScope <= 8.6.4 an ...)
+	TODO: check
+CVE-2025-25775 (Codeastro Bus Ticket Booking System v1.0 is vulnerable to SQL injectio ...)
+	TODO: check
+CVE-2025-1565 (The Mayosis Core plugin for WordPress is vulnerable to Arbitrary File  ...)
+	TODO: check
+CVE-2025-1279 (The BM Content Builder plugin for WordPress is vulnerable to unauthori ...)
+	TODO: check
+CVE-2024-6199 (An unauthenticated attacker on the WAN interface, with the ability to  ...)
+	TODO: check
+CVE-2024-6198 (The device exposes a web interface on ports TCP/3030 and TCP/9882. Thi ...)
+	TODO: check
+CVE-2024-57375 (Andamiro Pump It Up 20th Anniversary (aka Double X or XX/2019) 1.00.0- ...)
+	TODO: check
+CVE-2024-56156 (Halo is an open source website building tool. Prior to version 2.20.13 ...)
+	TODO: check
+CVE-2024-30152 (HCL SX v21 is affected by usage of a weak cryptographic algorithm.  An ...)
+	TODO: check
+CVE-2024-11917 (The JobSearch WP Job Board plugin for WordPress is vulnerable to authe ...)
+	TODO: check
 CVE-2025-23244
 	- nvidia-graphics-drivers <unfixed> (bug #1104068)
 	[bookworm] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
@@ -323928,7 +324018,7 @@ CVE-2021-32603 (A server-side request forgery (SSRF) (CWE-918) vulnerability in
 CVE-2021-32602 (An improper neutralization of input during web page generation vulnera ...)
 	NOT-FOR-US: FortiGuard
 CVE-2021-32601
-	RESERVED
+	REJECTED
 CVE-2021-32600 (An exposure of sensitive information to an unauthorized actor vulnerab ...)
 	NOT-FOR-US: Fortiguard
 CVE-2021-32599



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/99d12ba262258493c16ae6de31c4fdf6ccb53601

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/99d12ba262258493c16ae6de31c4fdf6ccb53601
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250425/c48b5691/attachment.htm>

More information about the debian-security-tracker-commits mailing list