[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Apr 28 21:11:58 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1b80df06 by security tracker role at 2025-04-28T20:11:52+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,113 @@
+CVE-2025-4036 (A vulnerability was found in 201206030 Novel 3.5.0 and classified as c ...)
+ TODO: check
+CVE-2025-4034 (A vulnerability classified as critical was found in projectworlds Onli ...)
+ TODO: check
+CVE-2025-4033 (A vulnerability classified as critical has been found in PHPGurukul Ni ...)
+ TODO: check
+CVE-2025-4032 (A vulnerability was found in inclusionAI AWorld up to 8c257626e648d98d ...)
+ TODO: check
+CVE-2025-4031 (A vulnerability was found in PHPGurukul Pre-School Enrollment System 1 ...)
+ TODO: check
+CVE-2025-4030 (A vulnerability was found in PHPGurukul COVID19 Testing Management Sys ...)
+ TODO: check
+CVE-2025-4029 (A vulnerability was found in code-projects Personal Diary Management S ...)
+ TODO: check
+CVE-2025-4028 (A vulnerability has been found in PHPGurukul COVID19 Testing Managemen ...)
+ TODO: check
+CVE-2025-4027 (A vulnerability, which was classified as critical, was found in PHPGur ...)
+ TODO: check
+CVE-2025-4026 (A vulnerability, which was classified as critical, has been found in P ...)
+ TODO: check
+CVE-2025-4025 (A vulnerability classified as critical was found in itsourcecode Place ...)
+ TODO: check
+CVE-2025-4024 (A vulnerability classified as critical has been found in itsourcecode ...)
+ TODO: check
+CVE-2025-4023 (A vulnerability was found in itsourcecode Placement Management System ...)
+ TODO: check
+CVE-2025-4022 (A vulnerability was found in web-arena-x webarena up to 0.2.0. It has ...)
+ TODO: check
+CVE-2025-4021 (A vulnerability was found in code-projects Patient Record Management S ...)
+ TODO: check
+CVE-2025-4020 (A vulnerability was found in PHPGurukul Old Age Home Management System ...)
+ TODO: check
+CVE-2025-4019 (A vulnerability, which was classified as critical, was found in 201206 ...)
+ TODO: check
+CVE-2025-4018 (A vulnerability, which was classified as critical, has been found in 2 ...)
+ TODO: check
+CVE-2025-4017 (A vulnerability classified as problematic was found in 20120630 Novel- ...)
+ TODO: check
+CVE-2025-4016 (A vulnerability classified as critical has been found in 20120630 Nove ...)
+ TODO: check
+CVE-2025-4015 (A vulnerability was found in 20120630 Novel-Plus up to 0e156c04b4b7ce0 ...)
+ TODO: check
+CVE-2025-4014 (A vulnerability was found in PHPGurukul Art Gallery Management System ...)
+ TODO: check
+CVE-2025-4013 (A vulnerability was found in PHPGurukul Art Gallery Management System ...)
+ TODO: check
+CVE-2025-4012 (A vulnerability was found in playeduxyz PlayEdu \u5f00\u6e90\u57f9\u8b ...)
+ TODO: check
+CVE-2025-4011 (A vulnerability has been found in Redmine 6.0.0/6.0.1/6.0.2/6.0.3 and ...)
+ TODO: check
+CVE-2025-46661 (IPW Systems Metazo through 8.1.3 allows unauthenticated Remote Code Ex ...)
+ TODO: check
+CVE-2025-46614 (In Snowflake ODBC Driver before 3.7.0, in certain code paths, the Driv ...)
+ TODO: check
+CVE-2025-45953 (A vulnerability was found in PHPGurukul Hostel Management System 2.1 i ...)
+ TODO: check
+CVE-2025-45949 (A critical vulnerability was found in PHPGurukul User Registration & L ...)
+ TODO: check
+CVE-2025-45947 (An issue in phpgurukul Online Banquet Booking System V1.2 allows an at ...)
+ TODO: check
+CVE-2025-43857 (Net::IMAP implements Internet Message Access Protocol (IMAP) client fu ...)
+ TODO: check
+CVE-2025-43854 (DIFY is an open-source LLM app development platform. Prior to version ...)
+ TODO: check
+CVE-2025-42598 (Multiple SEIKO EPSON printer drivers for Windows OS are configured wit ...)
+ TODO: check
+CVE-2025-3224 (A vulnerability in the update process of Docker Desktop for Windows ve ...)
+ TODO: check
+CVE-2025-3200 (An unauthenticated remote attacker could exploit the used, insecure TL ...)
+ TODO: check
+CVE-2025-39367 (Missing Authorization vulnerability in SeventhQueen Kleo.This issue af ...)
+ TODO: check
+CVE-2025-34491 (GFI MailEssentials prior to version 21.8 is vulnerable to a .NET deser ...)
+ TODO: check
+CVE-2025-34490 (GFI MailEssentials prior to version 21.8 is vulnerable to an XML Exter ...)
+ TODO: check
+CVE-2025-34489 (GFI MailEssentials prior to version 21.8 is vulnerable to a local priv ...)
+ TODO: check
+CVE-2025-32472 (The multiScan and picoScan are vulnerable to a denial-of-service (DoS) ...)
+ TODO: check
+CVE-2025-32471 (The device\u2019s passwords have not been adequately salted, making th ...)
+ TODO: check
+CVE-2025-32470 (A remote unauthenticated attacker may be able to change the IP adress ...)
+ TODO: check
+CVE-2025-31651 (Improper Neutralization of Escape, Meta, or Control Sequences vulnerab ...)
+ TODO: check
+CVE-2025-31650 (Improper Input Validation vulnerability in Apache Tomcat. Incorrect er ...)
+ TODO: check
+CVE-2025-25776 (Cross-Site Scripting (XSS) vulnerability exists in the User Registrati ...)
+ TODO: check
+CVE-2025-23377 (Dell PowerProtect Data Manager Reporting, version(s) 19.17, 19.18 cont ...)
+ TODO: check
+CVE-2025-23376 (Dell PowerProtect Data Manager Reporting, version(s) 19.16, 19.17, 19. ...)
+ TODO: check
+CVE-2025-23375 (Dell PowerProtect Data Manager Reporting, version(s) 19.17, contain(s) ...)
+ TODO: check
+CVE-2024-32499 (Newforma Project Center Server through 2023.3.0.32259 allows remote co ...)
+ TODO: check
+CVE-2024-12706 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-42404 (OneVision Workspace before WS23.1 SR1 (build w31.040) allows arbitrary ...)
+ TODO: check
+CVE-2023-35817 (DevExpress before 23.1.3 allows AsyncDownloader SSRF.)
+ TODO: check
+CVE-2023-35816 (DevExpress before 23.1.3 allows arbitrary TypeConverter conversion.)
+ TODO: check
+CVE-2023-35815 (DevExpress before 23.1.3 has a data-source protection mechanism bypass ...)
+ TODO: check
+CVE-2023-35814 (DevExpress before 23.1.3 does not properly protect XtraReport serializ ...)
+ TODO: check
CVE-2025-4007 (A vulnerability classified as critical was found in Tenda W12 and i24 ...)
NOT-FOR-US: Tenda
CVE-2025-4006 (A vulnerability classified as critical has been found in youyiio Beyon ...)
@@ -190,7 +300,7 @@ CVE-2024-53636 (An arbitrary file upload vulnerability via writefile.php of Sero
NOT-FOR-US: Serosoft Solutions
CVE-2024-13812 (The The Anps Theme plugin plugin for WordPress is vulnerable to arbitr ...)
NOT-FOR-US: WordPress plugin
-CVE-2025-46333 (z2d is a pure Zig 2D graphics library. In version 0.6.0, when writing ...)
+CVE-2025-46333 (z2d is a pure Zig 2D graphics library. Versions of z2d after `0.5.1` a ...)
NOT-FOR-US: z2d
CVE-2025-3915 (The Aeropage Sync for Airtable plugin for WordPress is vulnerable to u ...)
NOT-FOR-US: WordPress plugin
@@ -1474,6 +1584,7 @@ CVE-2024-13926 (The WP-Syntax WordPress plugin through 1.2 does not properly han
CVE-2021-4455 (The Wordpress Plugin Smart Product Review plugin for WordPress is vuln ...)
NOT-FOR-US: WordPress plugin
CVE-2025-2866 (Improper Verification of Cryptographic Signature vulnerability in Libr ...)
+ {DSA-5908-1}
- libreoffice 4:25.2.2-1
NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2025-2866/
NOTE: Fixed by: https://gerrit.libreoffice.org/c/core/+/183059 (25.8.0.0.alpha0+)
@@ -4130,7 +4241,7 @@ CVE-2025-32912 (A flaw was found in libsoup, where SoupAuthDigest is vulnerable
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/434
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libsoup/-/commit/cd077513f267e43ce4b659eb18a1734d8a369992 (3.6.5)
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libsoup/-/commit/910ebdcd3dd82386717a201c13c834f3a63eed7f (3.6.5)
-CVE-2025-32911 (A flaw was found in libsoup, which is vulnerable to a use-after-free m ...)
+CVE-2025-32911 (A use-after-free type vulnerability was found in libsoup, in the soup_ ...)
{DLA-4140-1}
- libsoup3 3.6.4-1
- libsoup2.4 <unfixed> (bug #1103515)
@@ -6489,12 +6600,14 @@ CVE-2025-32366 (In ConnMan through 1.44, parse_rr in dnsproxy.c has a memcpy len
[bookworm] - connman <no-dsa> (Minor issue)
[bullseye] - connman <postponed> (Minor issue)
CVE-2025-32365 (Poppler before 25.04.0 allows crafted input files to trigger out-of-bo ...)
+ {DLA-4141-1}
- poppler 25.03.0-3 (bug #1102191)
[bookworm] - poppler <no-dsa> (Minor issue; can be fixed in point release)
NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/issues/1577
NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/merge_requests/1792
NOTE: Fixed by: https://gitlab.freedesktop.org/poppler/poppler/-/commit/1f151565bbca5be7449ba8eea6833051cc1baa41 (poppler-25.04.0))
CVE-2025-32364 (A floating-point exception in the PSStack::roll function of Poppler be ...)
+ {DLA-4141-1}
- poppler 25.03.0-3 (bug #1102190)
[bookworm] - poppler <no-dsa> (Minor issue; can be fixed in point release)
NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/issues/1574
@@ -41117,6 +41230,7 @@ CVE-2024-XXXX [RUSTSEC-2024-0429]
NOTE: https://github.com/gtk-rs/gtk-rs-core/pull/1343
NOTE: https://github.com/gtk-rs/gtk-rs-core/commit/b5a4071e439bef2b5eea76c3aa25e5ae84839e34
CVE-2024-56378 (libpoppler.so in Poppler through 24.12.0 has an out-of-bounds read vul ...)
+ {DLA-4141-1}
- poppler 24.08.0-4 (bug #1091322)
[bookworm] - poppler <no-dsa> (Minor issue)
NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/issues/1553
@@ -69841,7 +69955,7 @@ CVE-2024-8373 (Improper sanitization of the value of the [srcset] attribute in <
[bookworm] - angular.js <postponed> (Minor issue, revisit when fixed upstream)
[bullseye] - angular.js <postponed> (Minor issue)
NOTE: https://codepen.io/herodevs/full/bGPQgMp/8da9ce87e99403ee13a295c305ebfa0b
-CVE-2024-8372 (Improper sanitization of the value of the '[srcset]' attribute in Angu ...)
+CVE-2024-8372 (Improper sanitization of the value of the 'srcset' attribute in Angula ...)
- angular.js <unfixed> (bug #1088804)
[trixie] - angular.js <postponed> (Minor issue, revisit when fixed upstream)
[bookworm] - angular.js <postponed> (Minor issue, revisit when fixed upstream)
@@ -226232,8 +226346,8 @@ CVE-2022-41873 (Contiki-NG is an open-source, cross-platform operating system fo
NOT-FOR-US: Contiki-NG
CVE-2022-41872
RESERVED
-CVE-2022-41871
- RESERVED
+CVE-2022-41871 (SEPPmail through 12.1.17 allows command injection within the Admin Por ...)
+ TODO: check
CVE-2022-41870 (AP Manager in Innovaphone before 13r2 Service Release 17 allows comman ...)
NOT-FOR-US: Innovaphone
CVE-2022-41869
@@ -235953,6 +236067,7 @@ CVE-2022-38351 (A vulnerability in Suprema BioStar (aka Bio Star) 2 v2.8.16 allo
CVE-2022-38350
RESERVED
CVE-2022-38349 (An issue was discovered in Poppler 22.08.0. There is a reachable asser ...)
+ {DLA-4141-1}
- poppler 22.12.0-2
[buster] - poppler <no-dsa> (Minor issue)
NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/issues/1282
@@ -239357,17 +239472,18 @@ CVE-2022-37054
CVE-2022-37053 (TRENDnet TEW733GR v1.03B01 is vulnerable to Command injection via /htd ...)
NOT-FOR-US: Trendnet
CVE-2022-37052 (A reachable Object::getString assertion in Poppler 22.07.0 allows atta ...)
+ {DLA-4141-1}
- poppler 22.08.0-2
[buster] - poppler <no-dsa> (Minor issue)
NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/issues/1278
NOTE: Fixed by: https://gitlab.freedesktop.org/poppler/poppler/-/commit/8677500399fc2548fa816b619580c2c07915a98c (poppler-22.08.0)
CVE-2022-37051 (An issue was discovered in Poppler 22.07.0. There is a reachable abort ...)
- {DLA-3620-1}
+ {DLA-4141-1 DLA-3620-1}
- poppler 22.08.0-2
NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/issues/1276
NOTE: Fixed by: https://gitlab.freedesktop.org/poppler/poppler/-/commit/4631115647c1e4f0482ffe0491c2f38d2231337b (poppler-22.08.0)
CVE-2022-37050 (In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers t ...)
- {DLA-3620-1}
+ {DLA-4141-1 DLA-3620-1}
- poppler 22.08.0-2
NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/issues/1274
NOTE: Fixed by: https://gitlab.freedesktop.org/poppler/poppler/-/commit/dcd5bd8238ea448addd102ff045badd0aca1b990 (poppler-22.08.0)
@@ -352760,13 +352876,13 @@ CVE-2020-36026
CVE-2020-36025
RESERVED
CVE-2020-36024 (An issue was discovered in freedesktop poppler version 20.12.1, allows ...)
- {DLA-3528-1}
+ {DLA-4141-1 DLA-3528-1}
- poppler 22.08.0-2
NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/issues/1016
NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/merge_requests/748
NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/commit/3cc28b66132e66ed2dfe13a9a285ac41ac7267d5 (poppler-21.01.0)
CVE-2020-36023 (An issue was discovered in freedesktop poppler version 20.12.1, allows ...)
- {DLA-3528-1}
+ {DLA-4141-1 DLA-3528-1}
- poppler 22.08.0-2
NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/issues/1013
NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/merge_requests/744
@@ -644222,8 +644338,8 @@ CVE-2015-4584
RESERVED
CVE-2015-4583
RESERVED
-CVE-2015-4582
- RESERVED
+CVE-2015-4582 (The TheCartPress boot-store (aka Boot Store) theme 1.6.4 for WordPress ...)
+ TODO: check
CVE-2015-4581
RESERVED
CVE-2015-4580
@@ -651781,8 +651897,8 @@ CVE-2011-5320 (scanf and related functions in glibc before 2.15 allow local user
NOTE: https://www.openwall.com/lists/oss-security/2015/02/26/2
NOTE: https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=3f8cc204fdd0
NOTE: CVE assigned specific to the https://sourceware.org/bugzilla/show_bug.cgi?id=13138#c4 issue
-CVE-2015-2079
- RESERVED
+CVE-2015-2079 (Usermin 0.980 through 1.x before 1.660 allows uconfig_save.cgi sig_fil ...)
+ TODO: check
CVE-2015-2078 (The SDK for Komodia Redirector with SSL Digestor, as used in Lavasoft ...)
NOT-FOR-US: Lavasoft Ad-Aware Web Companion
CVE-2015-2077 (The SDK for Komodia Redirector with SSL Digestor, as used in Lavasoft ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1b80df06f6457df21a5dbb0da88c862a08c91e8e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1b80df06f6457df21a5dbb0da88c862a08c91e8e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250428/739cc47e/attachment.htm>
More information about the debian-security-tracker-commits
mailing list