[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Jun 2 21:12:20 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f7cf7002 by security tracker role at 2025-06-02T20:12:12+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,10 +1,158 @@
-CVE-2024-52035 [OLE Document Parser File Allocation Table 32-bit integer overflow vulnerability]
+CVE-2025-5455 (An issue was found in the private API function qDecodeDataUrl() in QtC ...)
+ TODO: check
+CVE-2025-5447 (A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, R ...)
+ TODO: check
+CVE-2025-5446 (A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, R ...)
+ TODO: check
+CVE-2025-5445 (A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, R ...)
+ TODO: check
+CVE-2025-5444 (A vulnerability has been found in Linksys RE6500, RE6250, RE6300, RE63 ...)
+ TODO: check
+CVE-2025-5443 (A vulnerability, which was classified as critical, was found in Linksy ...)
+ TODO: check
+CVE-2025-5442 (A vulnerability, which was classified as critical, has been found in L ...)
+ TODO: check
+CVE-2025-5441 (A vulnerability classified as critical was found in Linksys RE6500, RE ...)
+ TODO: check
+CVE-2025-5440 (A vulnerability classified as critical has been found in Linksys RE650 ...)
+ TODO: check
+CVE-2025-5439 (A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, R ...)
+ TODO: check
+CVE-2025-5438 (A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, R ...)
+ TODO: check
+CVE-2025-5437 (A vulnerability classified as critical has been found in Multilaser Si ...)
+ TODO: check
+CVE-2025-5086 (A deserialization of untrusted data vulnerability affecting DELMIA Apr ...)
+ TODO: check
+CVE-2025-5036 (A maliciously crafted RFA file, when linked or imported into Autodesk ...)
+ TODO: check
+CVE-2025-49069 (Cross-Site Request Forgery (CSRF) vulnerability in Cimatti Consulting ...)
+ TODO: check
+CVE-2025-48996 (HAX open-apis provides microservice apis for HAX webcomponents repo th ...)
+ TODO: check
+CVE-2025-48995 (SignXML is an implementation of the W3C XML Signature standard in Pyth ...)
+ TODO: check
+CVE-2025-48994 (SignXML is an implementation of the W3C XML Signature standard in Pyth ...)
+ TODO: check
+CVE-2025-48990 (NeKernal is a free and open-source operating system stack. Version 0.0 ...)
+ TODO: check
+CVE-2025-48958 (Froxlor is open source server administration software. Prior to versio ...)
+ TODO: check
+CVE-2025-48957 (AstrBot is a large language model chatbot and development framework. A ...)
+ TODO: check
+CVE-2025-48955 (Para is a multitenant backend server/framework for object persistence ...)
+ TODO: check
+CVE-2025-48941 (MyBB is free and open source forum software. Prior to version 1.8.39, ...)
+ TODO: check
+CVE-2025-48940 (MyBB is free and open source forum software. Prior to version 1.8.39, ...)
+ TODO: check
+CVE-2025-48866 (ModSecurity is an open source, cross platform web application firewall ...)
+ TODO: check
+CVE-2025-48745
+ REJECTED
+CVE-2025-48495 (Gokapi is a self-hosted file sharing server with automatic expiration ...)
+ TODO: check
+CVE-2025-48494 (Gokapi is a self-hosted file sharing server with automatic expiration ...)
+ TODO: check
+CVE-2025-48387 (tar-fs provides filesystem bindings for tar-stream. Versions prior to ...)
+ TODO: check
+CVE-2025-47585 (Missing Authorization vulnerability in Mage people team Booking and Re ...)
+ TODO: check
+CVE-2025-47289 (CE Phoenix is a free, open-source eCommerce platform. A stored cross-s ...)
+ TODO: check
+CVE-2025-47272 (The CE Phoenix eCommerce platform, starting in version 1.0.9.7 and pri ...)
+ TODO: check
+CVE-2025-46807 (A Allocation of Resources Without Limits or Throttling vulnerability i ...)
+ TODO: check
+CVE-2025-46806 (A Use of Out-of-range Pointer Offset vulnerability in sslh leads to de ...)
+ TODO: check
+CVE-2025-45542 (SQL injection vulnerability in the registrationform endpoint of CloudC ...)
+ TODO: check
+CVE-2025-45387 (osTicket prior to v1.17.6 and v1.18.2 are vulnerable to Broken Access ...)
+ TODO: check
+CVE-2025-44172 (Tenda AC6 V15.03.05.16 was discovered to contain a stack overflow via ...)
+ TODO: check
+CVE-2025-44115 (A vulnerability has been found in Cotonti Siena v0.9.25. Affected by t ...)
+ TODO: check
+CVE-2025-37096 (A command injection remote code execution vulnerability exists in HPE ...)
+ TODO: check
+CVE-2025-37095 (A directory traversal information disclosure vulnerabilityexists in HP ...)
+ TODO: check
+CVE-2025-37094 (A directory traversal arbitrary file deletion vulnerabilityexists in H ...)
+ TODO: check
+CVE-2025-37093 (An authentication bypass vulnerabilityexists in HPE StoreOnce Software ...)
+ TODO: check
+CVE-2025-37092 (A command injection remote code execution vulnerability exists in HPE ...)
+ TODO: check
+CVE-2025-37091 (A command injection remote code execution vulnerabilityexists in HPE S ...)
+ TODO: check
+CVE-2025-37090 (A server-side request forgery vulnerabilityexists in HPE StoreOnce Sof ...)
+ TODO: check
+CVE-2025-37089 (A command injection remote code execution vulnerability exists in HPE ...)
+ TODO: check
+CVE-2025-29785 (quic-go is an implementation of the QUIC protocol in Go. The loss reco ...)
+ TODO: check
+CVE-2025-27956 (Directory Traversal vulnerability in WebLaudos 24.2 (04) allows a remo ...)
+ TODO: check
+CVE-2025-27955 (Clinical Collaboration Platform 12.2.1.5 has a weak logout system wher ...)
+ TODO: check
+CVE-2025-27954 (An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote a ...)
+ TODO: check
+CVE-2025-27953 (An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote a ...)
+ TODO: check
+CVE-2025-26396 (The SolarWinds Dameware Mini Remote Control was determined to be affec ...)
+ TODO: check
+CVE-2025-23105 (An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, ...)
+ TODO: check
+CVE-2025-23104 (An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, ...)
+ TODO: check
+CVE-2025-23099 (An issue was discovered in Samsung Mobile Processor Exynos 1480 and 24 ...)
+ TODO: check
+CVE-2025-20298 (In Universal Forwarder for Windows versions below 9.4.2, 9.3.4, 9.2.6, ...)
+ TODO: check
+CVE-2025-20297 (In Splunk Enterprise versions below 9.4.2, 9.3.4 and 9.2.6, and Splunk ...)
+ TODO: check
+CVE-2025-20001 (An out-of-bounds read vulnerability exists in High-Logic FontCreator 1 ...)
+ TODO: check
+CVE-2025-1750 (An SQL injection vulnerability exists in the delete function of DuckDB ...)
+ TODO: check
+CVE-2025-1246 (Improper Restriction of Operations within the Bounds of a Memory Buffe ...)
+ TODO: check
+CVE-2025-1051 (Sonos Era 300 Heap-based Buffer Overflow Remote Code Execution Vulnera ...)
+ TODO: check
+CVE-2025-0819 (Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm ...)
+ TODO: check
+CVE-2025-0073 (Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm ...)
+ TODO: check
+CVE-2024-8008 (A reflected cross-site scripting (XSS) vulnerability exists in multipl ...)
+ TODO: check
+CVE-2024-7074 (An arbitrary file upload vulnerability exists in multiple WSO2 product ...)
+ TODO: check
+CVE-2024-7073 (A server-side request forgery (SSRF) vulnerability exists in multiple ...)
+ TODO: check
+CVE-2024-57783 (The desktop application in Dot through 0.9.3 allows XSS and resultant ...)
+ TODO: check
+CVE-2024-57459 (A time-based SQL injection vulnerability exists in mydetailsstudent.ph ...)
+ TODO: check
+CVE-2024-40114 (A Cross Site Scripting (XSS) vulnerability in Sitecom WLX-2006 Wall Mo ...)
+ TODO: check
+CVE-2024-40113 (Sitecom WLX-2006 Wall Mount Range Extender N300 v.1.5 and before is vu ...)
+ TODO: check
+CVE-2024-40112 (A Local File Inclusion (LFI) vulnerability exists in Sitecom WLX-2006 ...)
+ TODO: check
+CVE-2024-3509 (A stored cross-site scripting (XSS) vulnerability exists in the Manage ...)
+ TODO: check
+CVE-2024-1440 (An open redirection vulnerability exists in multiple WSO2 products due ...)
+ TODO: check
+CVE-2024-12168 (Yandex Telemost for Desktop before 2.7.0has a DLL Hijacking Vulnerabil ...)
+ TODO: check
+CVE-2024-52035 (An integer overflow vulnerability exists in the OLE Document File Allo ...)
- catdoc <unfixed> (bug #1107168)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2024-2131
-CVE-2024-54028 [OLE Document DIFAT Parser integer underflow vulnerability]
+CVE-2024-54028 (An integer underflow vulnerability exists in the OLE Document DIFAT Pa ...)
- catdoc <unfixed> (bug #1107168)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2024-2132
-CVE-2024-48877 [ls2csv utility Shared String Table Record Parser memory corruption vulnerability]
+CVE-2024-48877 (A memory corruption vulnerability exists in the Shared String Table Re ...)
- catdoc <unfixed> (bug #1107168)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2024-2128
CVE-2025-5436 (A vulnerability was found in Multilaser Sirius RE016 MLT1.0. It has be ...)
@@ -1893,11 +2041,13 @@ CVE-2025-48066 (wire-webapp is the web application for the open-source messaging
CVE-2025-48061 (wire-webapp is the web application for the open-source messaging servi ...)
NOT-FOR-US: wire-webapp
CVE-2025-47780 (Asterisk is an open-source private branch exchange (PBX). Prior to ver ...)
+ {DLA-4206-1}
- asterisk 1:22.4.1~dfsg+~cs6.15.60671435-1 (bug #1106530)
NOTE: https://github.com/asterisk/asterisk/security/advisories/GHSA-c7p6-7mvq-8jq2
NOTE: https://github.com/asterisk/asterisk/commit/ef1ad68131ff35445660bd0d36a04cf6f9ba6456 (18.26.2)
NOTE: https://github.com/asterisk/asterisk/commit/9bcdef268432e7591142b1b8de38b2e7871566a5 (22.4.1)
CVE-2025-47779 (Asterisk is an open-source private branch exchange (PBX). Prior to ver ...)
+ {DLA-4206-1}
- asterisk 1:22.4.1~dfsg+~cs6.15.60671435-1 (bug #1106528)
NOTE: https://github.com/asterisk/asterisk/security/advisories/GHSA-2grh-7mhv-fcfw
NOTE: https://github.com/asterisk/asterisk/commit/31fcbf12837ccea6501676b50a0a3bd2dc7d8c51 (18.26.2)
@@ -11456,9 +11606,9 @@ CVE-2024-30127 (Missing "no cache" headers in HCL Leap permits sensitive data to
NOT-FOR-US: HCL
CVE-2023-37516 (Missing "no cache" headers in HCL Leap permits user directory informat ...)
NOT-FOR-US: HCL
-CVE-2025-3260
+CVE-2025-3260 (A security vulnerability in the /apis/dashboard.grafana.app/* endpoint ...)
- grafana <removed>
-CVE-2025-3454
+CVE-2025-3454 (This vulnerability in Grafana's datasource proxy API allows authorizat ...)
- grafana <removed>
CVE-2025-46542 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin
@@ -76694,6 +76844,7 @@ CVE-2024-47186 (Filament is a collection of full-stack components for Laravel de
CVE-2024-46453 (A cross-site scripting (XSS) vulnerability in the component /test/ of ...)
NOT-FOR-US: iq3xcite
CVE-2024-38796 (EDK2 contains a vulnerability in the PeCoffLoaderRelocateImage(). An A ...)
+ {DLA-4207-1}
- edk2 2024.08-3 (bug #1084055)
[bookworm] - edk2 2022.11-6+deb12u2
NOTE: https://github.com/tianocore/edk2/security/advisories/GHSA-xpcr-7hjq-m6qm
@@ -106073,6 +106224,7 @@ CVE-2024-2793 (The Visual Website Collaboration, Feedback & Project Management \
CVE-2024-23847 (Incorrect default permissions issue exists in Unifier and Unifier Cast ...)
NOT-FOR-US: Unifier and Unifier Cast
CVE-2024-1298 (EDK2 contains a vulnerability when S3 sleep is activated where an Atta ...)
+ {DLA-4207-1}
- edk2 2024.05-1
[bookworm] - edk2 2022.11-6+deb12u2
NOTE: https://github.com/tianocore/edk2/security/advisories/GHSA-chfw-xj8f-6m53
@@ -147984,42 +148136,49 @@ CVE-2023-45236 (EDK2's Network Package is susceptible to a predictable TCP Initi
NOTE: https://www.openwall.com/lists/oss-security/2024/01/16/2
NOTE: https://github.com/tianocore/edk2/commit/1904a64bcc18199738e5be183d28887ac5d837d7 (edk2-stable202405)
CVE-2023-45235 (EDK2's Network Package is susceptible to a buffer overflow vulnerabili ...)
+ {DLA-4207-1}
- edk2 2023.11-6 (bug #1061256)
[bookworm] - edk2 2022.11-6+deb12u1
[buster] - edk2 <no-dsa> (Minor issue)
NOTE: https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
NOTE: https://www.openwall.com/lists/oss-security/2024/01/16/2
CVE-2023-45234 (EDK2's Network Package is susceptible to a buffer overflow vulnerabili ...)
+ {DLA-4207-1}
- edk2 2023.11-6 (bug #1061256)
[bookworm] - edk2 2022.11-6+deb12u1
[buster] - edk2 <no-dsa> (Minor issue)
NOTE: https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
NOTE: https://www.openwall.com/lists/oss-security/2024/01/16/2
CVE-2023-45233 (EDK2's Network Package is susceptible to an infinite lop vulnerability ...)
+ {DLA-4207-1}
- edk2 2023.11-6 (bug #1061256)
[bookworm] - edk2 2022.11-6+deb12u1
[buster] - edk2 <no-dsa> (Minor issue)
NOTE: https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
NOTE: https://www.openwall.com/lists/oss-security/2024/01/16/2
CVE-2023-45232 (EDK2's Network Package is susceptible to an infinite loop vulnerabilit ...)
+ {DLA-4207-1}
- edk2 2023.11-6 (bug #1061256)
[bookworm] - edk2 2022.11-6+deb12u1
[buster] - edk2 <no-dsa> (Minor issue)
NOTE: https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
NOTE: https://www.openwall.com/lists/oss-security/2024/01/16/2
CVE-2023-45231 (EDK2's Network Package is susceptible to an out-of-bounds read vulner ...)
+ {DLA-4207-1}
- edk2 2023.11-6 (bug #1061256)
[bookworm] - edk2 2022.11-6+deb12u1
[buster] - edk2 <no-dsa> (Minor issue)
NOTE: https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
NOTE: https://www.openwall.com/lists/oss-security/2024/01/16/2
CVE-2023-45230 (EDK2's Network Package is susceptible to a buffer overflow vulnerabili ...)
+ {DLA-4207-1}
- edk2 2023.11-6 (bug #1061256)
[bookworm] - edk2 2022.11-6+deb12u1
[buster] - edk2 <no-dsa> (Minor issue)
NOTE: https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
NOTE: https://www.openwall.com/lists/oss-security/2024/01/16/2
CVE-2023-45229 (EDK2's Network Package is susceptible to an out-of-bounds read vulner ...)
+ {DLA-4207-1}
- edk2 2023.11-6 (bug #1061256)
[bookworm] - edk2 2022.11-6+deb12u1
[buster] - edk2 <no-dsa> (Minor issue)
@@ -251548,6 +251707,7 @@ CVE-2022-36767
CVE-2022-36766
RESERVED
CVE-2022-36765 (EDK2 is susceptible to a vulnerability in the CreateHob() function, al ...)
+ {DLA-4207-1}
- edk2 2023.11-5 (bug #1060408)
[bookworm] - edk2 2022.11-6+deb12u1
[buster] - edk2 <no-dsa> (Minor issue)
@@ -251555,6 +251715,7 @@ CVE-2022-36765 (EDK2 is susceptible to a vulnerability in the CreateHob() functi
NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=4166
NOTE: https://github.com/tianocore/edk2/issues/10299
CVE-2022-36764 (EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage() fun ...)
+ {DLA-4207-1}
- edk2 2023.11-5 (bug #1060408)
[bookworm] - edk2 2022.11-6+deb12u1
[buster] - edk2 <no-dsa> (Minor issue)
@@ -251562,6 +251723,7 @@ CVE-2022-36764 (EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage
NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=4118
NOTE: https://github.com/tianocore/edk2/pull/5264
CVE-2022-36763 (EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() fu ...)
+ {DLA-4207-1}
- edk2 2023.11-5 (bug #1060408)
[bookworm] - edk2 2022.11-6+deb12u1
[buster] - edk2 <no-dsa> (Minor issue)
@@ -320505,6 +320667,7 @@ CVE-2021-38580
CVE-2021-38579
RESERVED
CVE-2021-38578 (Existing CommBuffer checks in SmmEntryPoint will not catch underflow w ...)
+ {DLA-4207-1}
- edk2 2022.11-1 (bug #1014468)
[buster] - edk2 <no-dsa> (Minor issue)
NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=3387
@@ -320513,11 +320676,13 @@ CVE-2021-38578 (Existing CommBuffer checks in SmmEntryPoint will not catch under
CVE-2021-38577
REJECTED
CVE-2021-38576 (A BIOS bug in firmware for a particular PC model leaves the Platform a ...)
+ {DLA-4207-1}
- edk2 2021.11-1 (bug #1014468)
[buster] - edk2 <no-dsa> (Minor issue)
NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=3499
NOTE: Fixed by https://github.com/tianocore/edk2/pull/1968
CVE-2021-38575 (NetworkPkg/IScsiDxe has remotely exploitable buffer overflows.)
+ {DLA-4207-1}
- edk2 2021.08-1
[buster] - edk2 <no-dsa> (Minor issue)
[stretch] - edk2 <no-dsa> (Minor issue)
@@ -347404,6 +347569,7 @@ CVE-2021-3437 (Potential security vulnerabilities have been identified in an OME
CVE-2021-3436 (BT: Possible to overwrite an existing bond during keys distribution ph ...)
NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2021-28216 (BootPerformanceTable pointer is read from an NVRAM variable in PEI. Re ...)
+ {DLA-4207-1}
- edk2 2021.11~rc1-1
[buster] - edk2 <no-dsa> (Minor issue)
[stretch] - edk2 <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f7cf70026ac728d0ec81c7650d4a69b444b283de
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f7cf70026ac728d0ec81c7650d4a69b444b283de
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250602/882b7c38/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list