[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Mar 13 20:12:39 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cdb2184e by security tracker role at 2025-03-13T20:12:33+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,131 @@
+CVE-2025-2284 (A denial-of-service vulnerability exists in the "GetWebLoginCredential ...)
+	TODO: check
+CVE-2025-2280 (Improper access control in web extension restriction feature in Devolu ...)
+	TODO: check
+CVE-2025-2278 (Improper access control in temporary access requests and checkout requ ...)
+	TODO: check
+CVE-2025-2277 (Exposure of password in web-based SSH authentication component in Devo ...)
+	TODO: check
+CVE-2025-2275
+	REJECTED
+CVE-2025-2265 (The password of a web user in "Sante PACS Server.exe" is zero-padded t ...)
+	TODO: check
+CVE-2025-2264 (A Path Traversal Information Disclosure vulnerability exists in "Sante ...)
+	TODO: check
+CVE-2025-2263 (During login to the web server in "Sante PACS Server.exe", OpenSSL fun ...)
+	TODO: check
+CVE-2025-2230 (A flaw exists in the Windows login flow where an AuthContext token can ...)
+	TODO: check
+CVE-2025-2229 (A token is created using the username, current date/time, and a fixed  ...)
+	TODO: check
+CVE-2025-2081 (Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks  ...)
+	TODO: check
+CVE-2025-2080 (Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks  ...)
+	TODO: check
+CVE-2025-2079 (Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks  ...)
+	TODO: check
+CVE-2025-29998 (This vulnerability exists in the CAP back office application due to mi ...)
+	TODO: check
+CVE-2025-29997 (This vulnerability exists in the CAP back office application due to im ...)
+	TODO: check
+CVE-2025-29996 (This vulnerability exists in the CAP back office application due to im ...)
+	TODO: check
+CVE-2025-29995 (This vulnerability exists in the CAP back office application due to a  ...)
+	TODO: check
+CVE-2025-29994 (This vulnerability exists in the CAP back office application due to im ...)
+	TODO: check
+CVE-2025-29773 (Froxlor is open-source server administration software. A vulnerability ...)
+	TODO: check
+CVE-2025-29768 (Vim, a text editor, is vulnerable to potential data loss with zip.vim  ...)
+	TODO: check
+CVE-2025-29363 (Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to buffe ...)
+	TODO: check
+CVE-2025-29362 (Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffe ...)
+	TODO: check
+CVE-2025-29361 (Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffe ...)
+	TODO: check
+CVE-2025-29360 (Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffe ...)
+	TODO: check
+CVE-2025-29359 (Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffe ...)
+	TODO: check
+CVE-2025-29358 (Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffe ...)
+	TODO: check
+CVE-2025-29357 (Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffe ...)
+	TODO: check
+CVE-2025-28015 (A HTML Injection vulnerability was found in loginsystem/edit-profile.p ...)
+	TODO: check
+CVE-2025-28011 (A SQL Injection was found in loginsystem/change-password.php in PHPGur ...)
+	TODO: check
+CVE-2025-28010 (A cross-site scripting (XSS) vulnerability has been identified in MODX ...)
+	TODO: check
+CVE-2025-27496 (Snowflake, a platform for using artificial intelligence in the context ...)
+	TODO: check
+CVE-2025-27138 (DataEase is an open source business intelligence and data visualizatio ...)
+	TODO: check
+CVE-2025-27107 (Integrated Scripting is a tool for creating scripts for handling compl ...)
+	TODO: check
+CVE-2025-27103 (DataEase is an open source business intelligence and data visualizatio ...)
+	TODO: check
+CVE-2025-25625 (FS Inc S3150 8T2F Switch s3150-8t2f-switch-fsos-220d_118101 has a stor ...)
+	TODO: check
+CVE-2025-25598 (Incorrect access control in the scheduled tasks console of Inova Logic ...)
+	TODO: check
+CVE-2025-25363 (An authenticated stored cross-site scripting (XSS) vulnerability in Th ...)
+	TODO: check
+CVE-2025-25175 (A vulnerability has been identified in Simcenter Femap V2401 (All vers ...)
+	TODO: check
+CVE-2025-24974 (DataEase is an open source business intelligence and data visualizatio ...)
+	TODO: check
+CVE-2025-24053 (Improper authentication in Microsoft Dataverse allows an authorized at ...)
+	TODO: check
+CVE-2025-21104 (Dell NetWorker, 19.11.0.3 and below versions, contain(s) an Open Redir ...)
+	TODO: check
+CVE-2025-1767 (This CVE only affects Kubernetes clusters that utilize the in-tree git ...)
+	TODO: check
+CVE-2025-1652 (A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD ...)
+	TODO: check
+CVE-2025-1651 (A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD ...)
+	TODO: check
+CVE-2025-1650 (A maliciously crafted CATPRODUCT file, when parsed through Autodesk Au ...)
+	TODO: check
+CVE-2025-1649 (A maliciously crafted CATPRODUCT file, when parsed through Autodesk Au ...)
+	TODO: check
+CVE-2025-1636 (Exposure of sensitive information in My Personal Credentials password  ...)
+	TODO: check
+CVE-2025-1635 (Exposure of sensitive information in hub data source export feature in ...)
+	TODO: check
+CVE-2025-1433 (A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD ...)
+	TODO: check
+CVE-2025-1432 (A maliciously crafted 3DM file, when parsed through Autodesk AutoCAD,  ...)
+	TODO: check
+CVE-2025-1431 (A maliciously crafted SLDPRT file, when parsed through Autodesk AutoCA ...)
+	TODO: check
+CVE-2025-1430 (A maliciously crafted SLDPRT file, when parsed through Autodesk AutoCA ...)
+	TODO: check
+CVE-2025-1429 (A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD ...)
+	TODO: check
+CVE-2025-1428 (A maliciously crafted CATPART file, when parsed through Autodesk AutoC ...)
+	TODO: check
+CVE-2025-1427 (A maliciously crafted CATPRODUCT file, when parsed through Autodesk Au ...)
+	TODO: check
+CVE-2024-57348 (Cross Site Scripting vulnerability in PecanProject pecan through v.1.8 ...)
+	TODO: check
+CVE-2024-57062 (An issue in SoundCloud IOS application v.7.65.2 allows a local attacke ...)
+	TODO: check
+CVE-2024-55198 (User Enumeration via Discrepancies in Error Messages in the Celk Siste ...)
+	TODO: check
+CVE-2024-53406 (Espressif Esp idf v5.3.0 is vulnerable to Insecure Permissions resulti ...)
+	TODO: check
+CVE-2024-30143 (HCL AppScan Traffic Recorder fails to adequately neutralize special ch ...)
+	TODO: check
+CVE-2024-28803 (Cross-site scripting (XSS) vulnerability in Italtel S.p.A. i-MCS NFV v ...)
+	TODO: check
+CVE-2024-22880 (Cross Site Scripting vulnerability in Zadarma Zadarma extension v.1.0. ...)
+	TODO: check
+CVE-2024-12858 (Delta Electronics CNCSoft-G2 Version 2.1.0.16 and prior lacks proper   ...)
+	TODO: check
+CVE-2024-10942 (The All-in-One WP Migration and Backup plugin for WordPress is vulnera ...)
+	TODO: check
 CVE-2025-2271 (A vulnerability exists in Issuetrak v17.2.2 and prior that allows a lo ...)
 	TODO: check
 CVE-2025-2250 (The WordPress Report Brute Force Attacks and Login Protection ReportAt ...)
@@ -554,7 +682,7 @@ CVE-2025-27393 (A vulnerability has been identified in SCALANCE LPE9403 (6GK5998
 	NOT-FOR-US: Siemens
 CVE-2025-27392 (A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00 ...)
 	NOT-FOR-US: Siemens
-CVE-2025-27363 (An out of bounds write exists in FreeType versions 2.13.0 and below wh ...)
+CVE-2025-27363 (An out of bounds write exists in FreeType versions 2.13.0 and below (n ...)
 	- freetype 2.13.1+dfsg-1
 	NOTE: https://www.facebook.com/security/advisories/cve-2025-27363
 	NOTE: https://gitlab.freedesktop.org/freetype/freetype/-/issues/1322
@@ -3567,7 +3695,7 @@ CVE-2025-27408 (Manifest offers users a one-file micro back end. Prior to versio
 	NOT-FOR-US: Manifest
 CVE-2025-27400 (Magento Long Term Support (LTS) is an unofficial, community-driven pro ...)
 	NOT-FOR-US: Magento LTS (alternative to Magento Community Edition)
-CVE-2025-26326 (A vulnerability in the remote connection complements of the NVDA (Nonv ...)
+CVE-2025-26326 (A vulnerability was identified in the NVDA Remote (version 2.6.4) and  ...)
 	NOT-FOR-US: NVDA (Nonvisual Desktop Access)
 CVE-2025-26263 (GeoVision ASManager Windows desktop application with the version 6.1.2 ...)
 	NOT-FOR-US: GeoVision
@@ -17691,7 +17819,7 @@ CVE-2024-7595 (GRE and GRE6 Protocols (RFC2784) do not validate or verify the so
 	NOTE: https://www.top10vpn.com/research/tunneling-protocol-vulnerability/
 	NOTE: https://kb.cert.org/vuls/id/199397
 	NOTE: https://www.openwall.com/lists/oss-security/2025/01/21/10
-CVE-2024-9042
+CVE-2024-9042 (This CVE affects only Windows worker nodes. Your worker node is vulner ...)
 	- kubernetes <not-affected> (Windows-specific)
 CVE-2025-23965 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cdb2184e14f748a0383b47b7e8243c6945a82ce5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cdb2184e14f748a0383b47b7e8243c6945a82ce5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250313/d2e2a380/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list