[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Mar 18 20:12:34 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
58ae417e by security tracker role at 2025-03-18T20:12:27+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,132 @@
-CVE-2025-0755
+CVE-2025-30142 (An issue was discovered on G-Net Dashcam BB GONX devices. Bypassing of ...)
+	TODO: check
+CVE-2025-30141 (An issue was discovered on G-Net Dashcam BB GONX devices. One can Remo ...)
+	TODO: check
+CVE-2025-30139 (An issue was discovered on G-Net Dashcam BB GONX devices. Default cred ...)
+	TODO: check
+CVE-2025-30138 (An issue was discovered on G-Net Dashcam BB GONX devices. Managing Set ...)
+	TODO: check
+CVE-2025-30137 (An issue was discovered in the G-Net GNET APK 2.6.2. Hardcoded credent ...)
+	TODO: check
+CVE-2025-30132 (An issue was discovered on IROAD Dashcam V devices. It uses an unregis ...)
+	TODO: check
+CVE-2025-30123 (An issue was discovered on ROADCAM X3 devices. The mobile app APK (Vii ...)
+	TODO: check
+CVE-2025-30122 (An issue was discovered on ROADCAM X3 devices. It has a uniform defaul ...)
+	TODO: check
+CVE-2025-30117 (An issue was discovered on the Forvia Hella HELLA Driving Recorder DR  ...)
+	TODO: check
+CVE-2025-30116 (An issue was discovered on the Forvia Hella HELLA Driving Recorder DR  ...)
+	TODO: check
+CVE-2025-30115 (An issue was discovered on the Forvia Hella HELLA Driving Recorder DR  ...)
+	TODO: check
+CVE-2025-30114 (An issue was discovered on the Forvia Hella HELLA Driving Recorder DR  ...)
+	TODO: check
+CVE-2025-30113 (An issue was discovered on the Forvia Hella HELLA Driving Recorder DR  ...)
+	TODO: check
+CVE-2025-30111 (On IROAD v9 devices, one can Remotely Dump Video Footage and the Live  ...)
+	TODO: check
+CVE-2025-30110 (On IROAD X5 devices, a Bypass of Device Pairing can occur via MAC Addr ...)
+	TODO: check
+CVE-2025-30109 (In the IROAD APK 5.2.5, there are Hardcoded Credentials in the APK for ...)
+	TODO: check
+CVE-2025-30107 (On IROAD V9 devices, Managing Settings and Obtaining Sensitive Data an ...)
+	TODO: check
+CVE-2025-30106 (On IROAD v9 devices, the dashcam has hardcoded default credentials ("q ...)
+	TODO: check
+CVE-2025-2495 (Stored Cross-Site Scripting (XSS) in Softdial Contact Center of Sytel  ...)
+	TODO: check
+CVE-2025-2494 (Unrestricted file upload to Softdial Contact Center of Sytel Ltd. This ...)
+	TODO: check
+CVE-2025-2493 (Path Traversal vulnerability in Softdial Contact Center of Sytel Ltd.  ...)
+	TODO: check
+CVE-2025-2491 (A vulnerability classified as problematic has been found in Dromara uj ...)
+	TODO: check
+CVE-2025-2490 (A vulnerability was found in Dromara ujcms 9.7.5. It has been rated as ...)
+	TODO: check
+CVE-2025-2489 (Insecure information storage vulnerability in NTFS Tools version 3.5.1 ...)
+	TODO: check
+CVE-2025-2487 (A flaw was found in the 389-ds-base LDAP Server. This issue occurs whe ...)
+	TODO: check
+CVE-2025-2450 (NI Vision Builder AI VBAI File Processing Missing Warning Remote Code  ...)
+	TODO: check
+CVE-2025-2449 (NI FlexLogger usiReg URI File Parsing Directory Traversal Remote Code  ...)
+	TODO: check
+CVE-2025-29930 (imFAQ is an advanced questions and answers management system for Impre ...)
+	TODO: check
+CVE-2025-29907 (jsPDF is a library to generate PDFs in JavaScript. Prior to 3.0.1, use ...)
+	TODO: check
+CVE-2025-29790 (Contao is an Open Source CMS. Users can upload SVG files with maliciou ...)
+	TODO: check
+CVE-2025-27688 (Dell ThinOS 2408 and prior, contains an improper permissions vulnerabi ...)
+	TODO: check
+CVE-2025-27080 (Vulnerabilities in the command line interface of AOS-CX could allow an ...)
+	TODO: check
+CVE-2025-26138 (Systemic Risk Value <=2.8.0 is vulnerable to improper access control i ...)
+	TODO: check
+CVE-2025-26137 (Systemic Risk Value <=2.8.0 is vulnerable to Local File Inclusion via  ...)
+	TODO: check
+CVE-2025-25595 (A lack of rate limiting in the login page of Safe App version a3.0.9 a ...)
+	TODO: check
+CVE-2025-25590 (yimioa before v2024.07.04 was discovered to contain a SQL injection vu ...)
+	TODO: check
+CVE-2025-25589 (An XML external entity (XXE) injection vulnerability in the component  ...)
+	TODO: check
+CVE-2025-25586 (yimioa before v2024.07.04 was discovered to contain an information dis ...)
+	TODO: check
+CVE-2025-25585 (Incorrect access control in the component /config/WebSecurityConfig.ja ...)
+	TODO: check
+CVE-2025-25582 (yimioa before v2024.07.04 was discovered to contain a SQL injection vu ...)
+	TODO: check
+CVE-2025-25580 (yimioa before v2024.07.04 was discovered to contain a SQL injection vu ...)
+	TODO: check
+CVE-2025-25500 (An issue in CosmWasm prior to v2.2.0 allows attackers to bypass capabi ...)
+	TODO: check
+CVE-2025-25220 (Improper neutralization of special elements used in an OS command ('OS ...)
+	TODO: check
+CVE-2025-25042 (A vulnerability in the AOS-CX REST interface could allow an authentica ...)
+	TODO: check
+CVE-2025-25040 (A vulnerability has been identified in the port ACL functionality of A ...)
+	TODO: check
+CVE-2025-24801 (GLPI is a free asset and IT management software package. An authentica ...)
+	TODO: check
+CVE-2025-24799 (GLPI is a free asset and IT management software package. An unauthenti ...)
+	TODO: check
+CVE-2025-24306 (Improper neutralization of special elements used in an OS command ('OS ...)
+	TODO: check
+CVE-2025-21619 (GLPI is a free asset and IT management software package. An administra ...)
+	TODO: check
+CVE-2025-1468 (An unauthenticated remote attacker can gain access to sensitive inform ...)
+	TODO: check
+CVE-2025-0694 (Insufficient path validation in CODESYS Control allows low privileged  ...)
+	TODO: check
+CVE-2024-8997 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2024-57170 (SOPlanning 1.53.00 is vulnerable to a directory traversal issue in /pr ...)
+	TODO: check
+CVE-2024-57169 (A file upload bypass vulnerability exists in SOPlanning 1.53.00, speci ...)
+	TODO: check
+CVE-2024-56347 (IBM AIX 7.2 and 7.3 nimsh service SSL/TLS protection mechanisms could  ...)
+	TODO: check
+CVE-2024-56346 (IBM AIX 7.2 and 7.3 nimesis NIM master service could allow a remote at ...)
+	TODO: check
+CVE-2024-49822 (IBM QRadar Advisor 1.0.0 through 2.6.5 is vulnerable to server-side re ...)
+	TODO: check
+CVE-2024-44314 (TastyIgniter 3.7.6 contains an Incorrect Access Control vulnerability  ...)
+	TODO: check
+CVE-2024-44313 (TastyIgniter 3.7.6 contains an Incorrect Access Control vulnerability  ...)
+	TODO: check
+CVE-2024-41975 (An unauthenticated remote attacker can gain limited information of the ...)
+	TODO: check
+CVE-2024-23943 (An unauthenticated remote attacker can gain access to the cloud API du ...)
+	TODO: check
+CVE-2024-23942 (A local user may find a configuration file on the client workstation w ...)
+	TODO: check
+CVE-2024-21760 (An improper control of generation of code ('Code Injection') vulnerabi ...)
+	TODO: check
+CVE-2023-47539 (An improper access control vulnerability in FortiMail version 7.4.0 co ...)
+	TODO: check
+CVE-2025-0755 (The various bson_appendfunctions in the MongoDB C driver library may b ...)
 	- mongo-c-driver 1.27.5-1
 	[bookworm] - mongo-c-driver <no-dsa> (Minor issue; can be fixed via point-release)
 	NOTE: https://jira.mongodb.org/browse/SERVER-94461
@@ -151,7 +279,7 @@ CVE-2025-2202 (Broken access control vulnerability in the Innovaci\xf3n y Cualif
 	NOT-FOR-US: Moodle plugin
 CVE-2025-2201 (Broken access control vulnerability in the IcProgress Innovaci\xf3n y  ...)
 	NOT-FOR-US: Moodle plugin
-CVE-2025-2200 (QL injection vulnerability in the IcProgreso Innovaci\xf3n y Cualifica ...)
+CVE-2025-2200 (SQL injection vulnerability in the IcProgreso Innovaci\xf3n y Cualific ...)
 	NOT-FOR-US: Moodle plugin
 CVE-2025-2199 (SQL injection vulnerability in the Innovaci\xf3n y Cualificaci\xf3n lo ...)
 	NOT-FOR-US: Moodle plugin
@@ -808,7 +936,7 @@ CVE-2025-27107 (Integrated Scripting is a tool for creating scripts for handling
 	NOT-FOR-US: Integrated Scripting
 CVE-2025-27103 (DataEase is an open source business intelligence and data visualizatio ...)
 	NOT-FOR-US: DataEase
-CVE-2025-25625 (FS Inc S3150 8T2F Switch s3150-8t2f-switch-fsos-220d_118101 has a stor ...)
+CVE-2025-25625 (A stored cross-site scripting vulnerability exists in FS model S3150-8 ...)
 	NOT-FOR-US: FS Inc S3150 8T2F Switch
 CVE-2025-25598 (Incorrect access control in the scheduled tasks console of Inova Logic ...)
 	NOT-FOR-US: Inova Logic CUSTOMER MONITOR (CM)
@@ -15183,7 +15311,7 @@ CVE-2024-54851 (Teedy <= 1.12 is vulnerable to Cross Site Request Forgery (CSRF)
 	NOT-FOR-US: Teedy
 CVE-2024-51182 (HTML Injection vulnerability in Celk Sistemas Celk Saude v.3.1.252.1 a ...)
 	NOT-FOR-US: Celk Sistemas Celk Saude
-CVE-2024-48761 (The specific component in Celk Saude 3.1.252.1 that processes user inp ...)
+CVE-2024-48761 (Reflected XSS vulnerability in Celk Sistemas Celk Saude v.3.1.252.1 al ...)
 	NOT-FOR-US: Celk Saude
 CVE-2024-23733 (The /WmAdmin/,/invoke/vm.server/login login page in the Integration Se ...)
 	NOT-FOR-US: Software AG webMethods
@@ -188410,8 +188538,8 @@ CVE-2023-22516 (This High severity RCE (Remote Code Execution) vulnerability was
 	NOT-FOR-US: Bamboo Data Center and Server
 CVE-2023-22515 (Atlassian has been made aware of an issue reported by a handful of cus ...)
 	NOT-FOR-US: Atlassian
-CVE-2023-22514
-	REJECTED
+CVE-2023-22514 (This High severity RCE (Remote Code Execution) vulnerability was intro ...)
+	TODO: check
 CVE-2023-22513 (This High severity RCE (Remote Code Execution) vulnerability was intro ...)
 	NOT-FOR-US: Bitbucket Data Center and Server
 CVE-2023-22512 (This High severity DoS (Denial of Service) vulnerability was introduce ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/58ae417ee0ee3d2db69c38c0dbe950ba73c1ead8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/58ae417ee0ee3d2db69c38c0dbe950ba73c1ead8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250318/1fa98fb6/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list