[Git][security-tracker-team/security-tracker][master] Add new src:sail issues from TALOS reports

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Aug 26 07:47:37 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
723678b2 by Salvatore Bonaccorso at 2025-08-26T08:47:06+02:00
Add new src:sail issues from TALOS reports

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -107,7 +107,8 @@ CVE-2025-54481 (A stack-based buffer overflow vulnerability exists in the MFER p
 CVE-2025-54370 (PhpOffice/PhpSpreadsheet is a pure PHP library for reading and writing ...)
 	TODO: check
 CVE-2025-53510 (A memory corruption vulnerability exists in the PSD Image Decoding fun ...)
-	TODO: check
+	- sail <unfixed>
+	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2025-2218
 CVE-2025-53120 (A path traversal vulnerability in unauthenticated upload functionality ...)
 	TODO: check
 CVE-2025-53119 (An unauthenticated unrestricted file upload vulnerability allows an at ...)
@@ -115,11 +116,14 @@ CVE-2025-53119 (An unauthenticated unrestricted file upload vulnerability allows
 CVE-2025-53118 (An authentication bypass vulnerability exists which allows an unauthen ...)
 	TODO: check
 CVE-2025-53085 (A memory corruption vulnerability exists in the PSD RLE Decoding funct ...)
-	TODO: check
+	- sail <unfixed>
+	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2025-2219
 CVE-2025-52930 (A memory corruption vulnerability exists in the BMPv3 RLE Decoding fun ...)
-	TODO: check
+	- sail <unfixed>
+	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2025-2221
 CVE-2025-52456 (A memory corruption vulnerability exists in the WebP Image Decoding fu ...)
-	TODO: check
+	- sail <unfixed>
+	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2025-2224
 CVE-2025-52130 (File upload vulnerability in WebErpMesv2 1.17 in the app/Http/Controll ...)
 	TODO: check
 CVE-2025-51281 (D-Link DI-8100 16.07.26A1 is vulnerable to Buffer Overflow via the en` ...)
@@ -131,11 +135,13 @@ CVE-2025-50722 (Insecure Permissions vulnerability in sparkshop v.1.1.7 allows a
 CVE-2025-50383 (alextselegidis Easy!Appointments v1.5.1 was discovered to contain a SQ ...)
 	TODO: check
 CVE-2025-50129 (A memory corruption vulnerability exists in the PCX Image Decoding fun ...)
-	TODO: check
+	- sail <unfixed>
+	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2025-2220
 CVE-2025-48303 (Cross-Site Request Forgery (CSRF) vulnerability in Kevin Langley Jr. P ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-46407 (A memory corruption vulnerability exists in the BMPv3 Palette Decoding ...)
-	TODO: check
+	- sail <unfixed>
+	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2025-2215
 CVE-2025-45968 (An issue in System PDV v1.0 allows a remote attacker to obtain sensiti ...)
 	TODO: check
 CVE-2025-44179 (Hitron CGNF-TWN 3.1.1.43-TWN-pre3 contains a command injection vulnera ...)
@@ -149,9 +155,11 @@ CVE-2025-3478 (A Stored Cross-Site Scripting (XSS) vulnerability has been identi
 CVE-2025-3456 (On affected platforms running Arista EOS, the global common encryption ...)
 	NOT-FOR-US: Arista Networks
 CVE-2025-35984 (A memory corruption vulnerability exists in the PCX Image Decoding fun ...)
-	TODO: check
+	- sail <unfixed>
+	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2025-2217
 CVE-2025-32468 (A memory corruption vulnerability exists in the BMPv3 Image Decoding f ...)
-	TODO: check
+	- sail <unfixed>
+	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2025-2216
 CVE-2025-29525 (DASAN GPON ONU H660WM OS version H660WMR210825 Hardware version DS-E5- ...)
 	TODO: check
 CVE-2025-29524 (Incorrect access control in the component /cgi-bin/system_diagnostic_m ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/723678b2b793b624c9f0db53020f64855876a2ef

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/723678b2b793b624c9f0db53020f64855876a2ef
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250826/548b6d98/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list