[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Apr 30 21:12:42 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0200f500 by security tracker role at 2025-04-30T20:12:35+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,181 @@
+CVE-2025-4136 (A vulnerability was found in Weitong Mall 1.0.0. It has been classifie ...)
+ TODO: check
+CVE-2025-4135 (A vulnerability was found in Netgear WG302v2 up to 5.2.9 and classifie ...)
+ TODO: check
+CVE-2025-4125 (Delta Electronics ISPSoft version 3.20 is vulnerable to anOut-Of-Bound ...)
+ TODO: check
+CVE-2025-4124 (Delta Electronics ISPSoft version 3.20 is vulnerable to anOut-Of-Bound ...)
+ TODO: check
+CVE-2025-4122 (A vulnerability was found in Netgear JWNR2000v2 1.0.0.11. It has been ...)
+ TODO: check
+CVE-2025-4121 (A vulnerability was found in Netgear JWNR2000v2 1.0.0.11. It has been ...)
+ TODO: check
+CVE-2025-4120 (A vulnerability was found in Netgear JWNR2000v2 1.0.0.11. It has been ...)
+ TODO: check
+CVE-2025-4119 (A vulnerability classified as critical was found in Weitong Mall 1.0.0 ...)
+ TODO: check
+CVE-2025-4118 (A vulnerability classified as critical has been found in Weitong Mall ...)
+ TODO: check
+CVE-2025-4117 (A vulnerability, which was classified as critical, was found in Netgea ...)
+ TODO: check
+CVE-2025-4116 (A vulnerability, which was classified as critical, has been found in N ...)
+ TODO: check
+CVE-2025-4115 (A vulnerability classified as critical was found in Netgear JWNR2000v2 ...)
+ TODO: check
+CVE-2025-4114 (A vulnerability classified as critical has been found in Netgear JWNR2 ...)
+ TODO: check
+CVE-2025-4113 (A vulnerability was found in PHPGurukul Curfew e-Pass Management Syste ...)
+ TODO: check
+CVE-2025-4112 (A vulnerability was found in PHPGurukul Student Record System 3.20. It ...)
+ TODO: check
+CVE-2025-4111 (A vulnerability was found in PHPGurukul Pre-School Enrollment System 1 ...)
+ TODO: check
+CVE-2025-4110 (A vulnerability was found in PHPGurukul Pre-School Enrollment System 1 ...)
+ TODO: check
+CVE-2025-4109 (A vulnerability has been found in PHPGurukul Pre-School Enrollment Sys ...)
+ TODO: check
+CVE-2025-4108 (A vulnerability, which was classified as critical, was found in PHPGur ...)
+ TODO: check
+CVE-2025-46619 (A security issue has been discovered in Couchbase Server before 7.6.4 ...)
+ TODO: check
+CVE-2025-46558 (XWiki Contrib's Syntax Markdown allows importing Markdown content into ...)
+ TODO: check
+CVE-2025-46557 (XWiki is a generic wiki platform. In versions starting from 15.3-rc-1 ...)
+ TODO: check
+CVE-2025-46554 (XWiki is a generic wiki platform. In versions starting from 1.8.1 to b ...)
+ TODO: check
+CVE-2025-46342 (Kyverno is a policy engine designed for cloud native platform engineer ...)
+ TODO: check
+CVE-2025-46331 (OpenFGA is a high-performance and flexible authorization/permission en ...)
+ TODO: check
+CVE-2025-45021 (A SQL Injection vulnerability was identified in the admin/edit-directo ...)
+ TODO: check
+CVE-2025-45020 (A SQL Injection vulnerability was discovered in the normal-bwdates-rep ...)
+ TODO: check
+CVE-2025-45019 (A SQL injection vulnerability was discovered in /add-foreigners-ticket ...)
+ TODO: check
+CVE-2025-45018 (A SQL Injection vulnerability was discovered in the foreigner-bwdates- ...)
+ TODO: check
+CVE-2025-45017 (A SQL injection vulnerability was discovered in edit-ticket.php of PHP ...)
+ TODO: check
+CVE-2025-45015 (A Cross-Site Scripting (XSS) vulnerability was discovered in the forei ...)
+ TODO: check
+CVE-2025-45011 (A HTML Injection vulnerability was discovered in the foreigner-search. ...)
+ TODO: check
+CVE-2025-45010 (A HTML Injection vulnerability was discovered in the normal-bwdates-re ...)
+ TODO: check
+CVE-2025-45009 (A HTML Injection vulnerability was discovered in the normal-search.php ...)
+ TODO: check
+CVE-2025-45007 (A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in ...)
+ TODO: check
+CVE-2025-44194 (SourceCodester Simple Barangay Management System v1.0 has a SQL inject ...)
+ TODO: check
+CVE-2025-44193 (SourceCodester Simple Barangay Management System v1.0 has a SQL inject ...)
+ TODO: check
+CVE-2025-44192 (SourceCodester Simple Barangay Management System v1.0 has a SQL inject ...)
+ TODO: check
+CVE-2025-3859 (Websites directing users to long URLs that caused eliding to occur in ...)
+ TODO: check
+CVE-2025-3599 (Symantec Endpoint Protection Windows Agent, running an ERASER Engine p ...)
+ TODO: check
+CVE-2025-3395 (Incorrect Permission Assignment for Critical Resource, Cleartext Stora ...)
+ TODO: check
+CVE-2025-3394 (Incorrect Permission Assignment for Critical Resource vulnerability in ...)
+ TODO: check
+CVE-2025-3269
+ REJECTED
+CVE-2025-39413 (Missing Authorization vulnerability in David Gwyer Simple Sitemap \u20 ...)
+ TODO: check
+CVE-2025-33074 (Improper verification of cryptographic signature in Microsoft Azure Fu ...)
+ TODO: check
+CVE-2025-32974 (XWiki is a generic wiki platform. In versions starting from 15.9-rc-1 ...)
+ TODO: check
+CVE-2025-32973 (XWiki is a generic wiki platform. In versions starting from 15.9-rc-1 ...)
+ TODO: check
+CVE-2025-32972 (XWiki is a generic wiki platform. In versions starting from 6.1-milest ...)
+ TODO: check
+CVE-2025-32971 (XWiki is a generic wiki platform. In versions starting from 4.5.1 to b ...)
+ TODO: check
+CVE-2025-32970 (XWiki is a generic wiki platform. In versions starting from 13.5-rc-1 ...)
+ TODO: check
+CVE-2025-32777 (Volcano is a Kubernetes-native batch scheduling system. Prior to versi ...)
+ TODO: check
+CVE-2025-32376 (Discourse is an open-source discussion platform. Prior to versions 3.4 ...)
+ TODO: check
+CVE-2025-30392 (Improper authorization in Azure Bot Framework SDK allows an unauthoriz ...)
+ TODO: check
+CVE-2025-30391 (Improper input validation in Microsoft Dynamics allows an unauthorized ...)
+ TODO: check
+CVE-2025-30390 (Improper authorization in Azure allows an authorized attacker to eleva ...)
+ TODO: check
+CVE-2025-30389 (Improper authorization in Azure Bot Framework SDK allows an unauthoriz ...)
+ TODO: check
+CVE-2025-2890 (The tagDiv Opt-In Builder plugin for WordPress is vulnerable to time-b ...)
+ TODO: check
+CVE-2025-2170 (A Server-side request forgery (SSRF) vulnerability has been identified ...)
+ TODO: check
+CVE-2025-2156
+ REJECTED
+CVE-2025-2082 (Tesla Model 3 VCSEC Integer Overflow Remote Code Execution Vulnerabili ...)
+ TODO: check
+CVE-2025-27611 (base-x is a base encoder and decoder of any given alphabet using bitco ...)
+ TODO: check
+CVE-2025-27532 (A vulnerability in the \u201cBackup & Restore\u201d functionality of t ...)
+ TODO: check
+CVE-2025-27409 (Joplin is a free, open source note taking and to-do application, which ...)
+ TODO: check
+CVE-2025-27134 (Joplin is a free, open source note taking and to-do application, which ...)
+ TODO: check
+CVE-2025-24887 (OpenCTI is an open-source cyber threat intelligence platform. In versi ...)
+ TODO: check
+CVE-2025-24351 (A vulnerability in the \u201cRemote Logging\u201d functionality of the ...)
+ TODO: check
+CVE-2025-24350 (A vulnerability in the \u201cCertificates and Keys\u201d functionality ...)
+ TODO: check
+CVE-2025-24349 (A vulnerability in the \u201cNetwork Interfaces\u201d functionality of ...)
+ TODO: check
+CVE-2025-24348 (A vulnerability in the \u201cNetwork Interfaces\u201d functionality of ...)
+ TODO: check
+CVE-2025-24347 (A vulnerability in the \u201cNetwork Interfaces\u201d functionality of ...)
+ TODO: check
+CVE-2025-24346 (A vulnerability in the \u201cProxy\u201d functionality of the web appl ...)
+ TODO: check
+CVE-2025-24345 (A vulnerability in the \u201cHosts\u201d functionality of the web appl ...)
+ TODO: check
+CVE-2025-24344 (A vulnerability in the error notification messages of the web applicat ...)
+ TODO: check
+CVE-2025-24343 (A vulnerability in the \u201cManages app data\u201d functionality of t ...)
+ TODO: check
+CVE-2025-24342 (A vulnerability in the login functionality of the web application of c ...)
+ TODO: check
+CVE-2025-24341 (A vulnerability in the web application of ctrlX OS allows a remote aut ...)
+ TODO: check
+CVE-2025-24340 (A vulnerability in the users configuration file of ctrlX OS may allow ...)
+ TODO: check
+CVE-2025-24339 (A vulnerability in the web application of ctrlX OS allows a remote una ...)
+ TODO: check
+CVE-2025-24338 (A vulnerability in the \u201cManages app data\u201d functionality of t ...)
+ TODO: check
+CVE-2025-24091 (An app could impersonate system notifications. Sensitive notifications ...)
+ TODO: check
+CVE-2025-21416 (Missing authorization in Azure Virtual Desktop allows an authorized at ...)
+ TODO: check
+CVE-2024-9877 (: Use of GET Request Method With Sensitive Query Strings vulnerability ...)
+ TODO: check
+CVE-2024-9876 (: Modification of Assumed-Immutable Data (MAID) vulnerability in ABB A ...)
+ TODO: check
+CVE-2024-6032 (Tesla Model S Iris Modem ql_atfwd Command Injection Code Execution Vul ...)
+ TODO: check
+CVE-2024-6031 (Tesla Model S oFono AT Command Heap-based Buffer Overflow Code Executi ...)
+ TODO: check
+CVE-2024-6030 (Tesla Model S oFono Unnecessary Privileges Sandbox Escape Vulnerabilit ...)
+ TODO: check
+CVE-2024-6029 (Tesla Model S Iris Modem Race Condition Firewall Bypass Vulnerability. ...)
+ TODO: check
+CVE-2024-47784 (Unverified Password Change for ANC software that allows an authenticat ...)
+ TODO: check
+CVE-2024-13943 (Tesla Model S Iris Modem QCMAP_ConnectionManager Improper Input Valida ...)
+ TODO: check
CVE-2025-4096
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
@@ -1193,23 +1371,31 @@ CVE-2025-46419 (Westermo WeOS 5 through 5.23.0 allows a reboot via a malformed E
NOT-FOR-US: Westermo WeOS
CVE-2025-46417 (The unsafe globals in Picklescan before 0.0.25 do not include ssl. Con ...)
NOT-FOR-US: Picklescan
-CVE-2025-46400 (Segmentation fault in fig2dev in version 3.2.9a allows an attacker to ...)
+CVE-2025-46400
+ REJECTED
+ {DLA-4147-1}
- fig2dev 1:3.2.9a-3
[bookworm] - fig2dev <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/mcj/tickets/187/
NOTE: Fixed by: https://sourceforge.net/p/mcj/fig2dev/ci/1e5515a1ea2ec8651cf85ab5000d026bb962492a/
NOTE: Fixed by: https://sourceforge.net/p/mcj/fig2dev/ci/c4465e0d9af89d9738aad31c2d0873ac1fa03c96/
-CVE-2025-46399 (Segmentation fault in fig2dev in version 3.2.9aallows an attacker to a ...)
+CVE-2025-46399
+ REJECTED
+ {DLA-4147-1}
- fig2dev 1:3.2.9a-4
[bookworm] - fig2dev <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/mcj/tickets/190/
NOTE: Fixed by: https://sourceforge.net/p/mcj/fig2dev/ci/2bd6c0b210916d0d3ca81f304535b5af0849aa93/
-CVE-2025-46398 (Stack-overflowin fig2dev in version 3.2.9a allows an attacker possible ...)
+CVE-2025-46398
+ REJECTED
+ {DLA-4147-1}
- fig2dev 1:3.2.9a-4
[bookworm] - fig2dev <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/mcj/tickets/191/
NOTE: Fixed by: https://sourceforge.net/p/mcj/fig2dev/ci/5f22009dba73922e98d49c0096cece8b215cd45b/
-CVE-2025-46397 (Stack-overflowin fig2dev in version 3.2.9a allows an attacker possible ...)
+CVE-2025-46397
+ REJECTED
+ {DLA-4147-1}
- fig2dev 1:3.2.9a-4
[bookworm] - fig2dev <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/mcj/tickets/192/
@@ -1768,7 +1954,7 @@ CVE-2024-12543 (User Enumeration and Data Integrity in Barcode functionality in
CVE-2024-40446 (An issue in forkosh Mime Tex before v.1.77 allows an attacker to execu ...)
- mimetex <unfixed> (bug #1103801)
NOTE: https://github.com/TaiYou-TW/CVE-2024-40445_CVE-2024-40446
-CVE-2024-40445 (Directory Traversal vulnerability in forkosh Mime Tex before v.1.77 al ...)
+CVE-2024-40445 (A directory traversal vulnerability in forkosh Mime TeX before version ...)
- mimetex <unfixed> (bug #1103801)
NOTE: https://github.com/TaiYou-TW/CVE-2024-40445_CVE-2024-40446
CVE-2025-25228 (A SQL injection in VirtueMart component 1.0.0 - 4.4.7 for Joomla allow ...)
@@ -2571,6 +2757,7 @@ CVE-2025-32504 (Improper Neutralization of Input During Web Page Generation ('Cr
CVE-2025-32490 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin
CVE-2025-32415 (In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNod ...)
+ {DLA-4146-1}
- libxml2 <unfixed> (bug #1103511)
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/890
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/487ee1d8711c6415218b373ef455fcd969d12399 (master)
@@ -4677,7 +4864,8 @@ CVE-2025-22372 (Insufficiently Protected Credentials vulnerability in SicommNet
NOT-FOR-US: SicommNet BASEC
CVE-2025-22371 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: SicommNet BASEC
-CVE-2025-1782 (In HylaFAX Enterprise Web Interface and AvantFAX, the language form el ...)
+CVE-2025-1782
+ REJECTED
NOT-FOR-US: HylaFAX Enterprise Web Interface / AvantFAX
CVE-2024-49825 (IBM Robotic Process Automation and Robotic Process Automation for Clou ...)
NOT-FOR-US: IBM
@@ -6445,6 +6633,7 @@ CVE-2025-3362 (The web service of iSherlock from HGiga has an OS Command Injecti
CVE-2025-3361 (The web service of iSherlock from HGiga has an OS Command Injection vu ...)
NOT-FOR-US: HGiga
CVE-2025-32414 (In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memor ...)
+ {DLA-4146-1}
- libxml2 <unfixed> (bug #1102521)
[bookworm] - libxml2 <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/889
@@ -6637,6 +6826,7 @@ CVE-2025-30373 (Graylog is a free and open log management platform. Starting wit
CVE-2025-2251 (A security flaw exists in WildFly and JBoss Enterprise Application Pla ...)
NOT-FOR-US: Red Hat WildFly and JBoss Enterprise Application Platform (EAP)
CVE-2025-29769 (libvips is a demand-driven, horizontally threaded image processing lib ...)
+ {DLA-4148-1}
- vips 8.16.1-1
NOTE: https://github.com/libvips/libvips/security/advisories/GHSA-f8r8-43hh-rghm
NOTE: https://github.com/libvips/libvips/pull/4392
@@ -58147,6 +58337,7 @@ CVE-2024-10414 (A vulnerability, which was classified as problematic, was found
CVE-2024-10413 (A vulnerability, which was classified as critical, has been found in S ...)
NOT-FOR-US: SourceCodester
CVE-2024-50602 (An issue was discovered in libexpat before 2.6.4. There is a crash wit ...)
+ {DLA-4145-1}
- expat 2.6.3-2 (bug #1086134)
[bookworm] - expat <no-dsa> (Minor issue)
NOTE: https://github.com/libexpat/libexpat/pull/915
@@ -114933,6 +115124,7 @@ CVE-2024-26815 (In the Linux kernel, the following vulnerability has been resolv
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/343041b59b7810f9cdca371f445dd43b35c740b1 (6.9-rc1)
CVE-2024-3447 (A heap-based buffer overflow was found in the SDHCI device emulation o ...)
+ {DLA-4144-1}
- qemu 1:8.2.3+ds-1 (bug #1068821)
[bookworm] - qemu 1:7.2+dfsg-7+deb12u6
[buster] - qemu <no-dsa> (Minor issue)
@@ -121206,7 +121398,7 @@ CVE-2024-2779 (A vulnerability was found in Campcodes Online Marriage Registrati
NOT-FOR-US: Campcodes Online Marriage Registration System
CVE-2024-2778 (A vulnerability was found in Campcodes Online Marriage Registration Sy ...)
NOT-FOR-US: Campcodes Online Marriage Registration System
-CVE-2024-2777 (A vulnerability has been found in Campcodes Online Marriage Registrati ...)
+CVE-2024-2777 (A vulnerability has been found in Campcodes/PHPGurukul Online Marriage ...)
NOT-FOR-US: Campcodes Online Marriage Registration System
CVE-2024-2776 (A vulnerability, which was classified as critical, was found in Campco ...)
NOT-FOR-US: Campcodes Online Marriage Registration System
@@ -140084,6 +140276,7 @@ CVE-2017-20188 (A vulnerability has been found in Zimbra zm-ajax up to 8.8.1 and
CVE-2015-10128 (A vulnerability was found in rt-prettyphoto Plugin up to 1.2 on WordPr ...)
NOT-FOR-US: WordPress plugin
CVE-2023-6693 (A stack based buffer overflow was found in the virtio-net device of QE ...)
+ {DLA-4144-1}
- qemu 1:8.2.0+ds-3
[bookworm] - qemu 1:7.2+dfsg-7+deb12u4
[buster] - qemu <not-affected> (Vulnerable code introduced later)
@@ -150452,7 +150645,7 @@ CVE-2023-5945 (The video carousel slider with lightbox plugin for WordPress is v
CVE-2023-5707 (The SEO Slider plugin for WordPress is vulnerable to Stored Cross-Site ...)
NOT-FOR-US: WordPress plugin
CVE-2023-5088 (A bug in QEMU could cause a guest I/O operation otherwise addressed to ...)
- {DLA-3759-1}
+ {DLA-4144-1 DLA-3759-1}
- qemu 1:8.1.1+ds-2
[bookworm] - qemu 1:7.2+dfsg-7+deb12u3
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2247283
@@ -168007,6 +168200,7 @@ CVE-2023-3080 (The WP Mail Catcher plugin for WordPress is vulnerable to Stored
CVE-2023-3023 (The WP EasyCart plugin for WordPress is vulnerable to time-based SQL I ...)
NOT-FOR-US: WP EasyCart plugin for WordPress
CVE-2023-3019 (A DMA reentrancy issue leading to a use-after-free error was found in ...)
+ {DLA-4144-1}
[experimental] - qemu 1:8.1.0+ds-1~exp1
- qemu 1:8.2.0+ds-1 (bug #1041102)
[bookworm] - qemu 1:7.2+dfsg-7+deb12u4
@@ -183709,6 +183903,7 @@ CVE-2023-1546 (The MyCryptoCheckout WordPress plugin before 2.124 does not escap
CVE-2023-1545 (SQL Injection in GitHub repository nilsteampassnet/teampass prior to 3 ...)
- teampass <itp> (bug #730180)
CVE-2023-1544 (A flaw was found in the QEMU implementation of VMWare's paravirtual RD ...)
+ {DLA-4144-1}
- qemu 1:8.2.0+ds-1 (bug #1034179)
[bookworm] - qemu 1:7.2+dfsg-7+deb12u3
[buster] - qemu <ignored> (PVRDMA support not enabled in the binary packages)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0200f500a7cda5e2af6267978fe531c1ef03851f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0200f500a7cda5e2af6267978fe531c1ef03851f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250430/1637c6a1/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list