[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Mar 21 20:12:20 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
740628af by security tracker role at 2025-03-21T20:12:10+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,79 @@
+CVE-2025-30349 (Horde IMP through 6.2.27, as used with Horde Application Framework thr ...)
+ TODO: check
+CVE-2025-30179 (Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x <= 9.11 ...)
+ TODO: check
+CVE-2025-30168 (Parse Server is an open source backend that can be deployed to any inf ...)
+ TODO: check
+CVE-2025-30157 (Envoy is a cloud-native high-performance edge/middle/service proxy. Pr ...)
+ TODO: check
+CVE-2025-2603 (A vulnerability was found in SourceCodester Kortex Lite Advocate Offic ...)
+ TODO: check
+CVE-2025-2602 (A vulnerability has been found in SourceCodester Kortex Lite Advocate ...)
+ TODO: check
+CVE-2025-2601 (A vulnerability, which was classified as critical, was found in Source ...)
+ TODO: check
+CVE-2025-2598 (When the AWS Cloud Development Kit (AWS CDK) Command Line Interface (A ...)
+ TODO: check
+CVE-2025-2597 (Reflected Cross-Site Scripting (XSS) in ITIUM 6050 version 5.5.5.2-b35 ...)
+ TODO: check
+CVE-2025-2593 (A vulnerability has been found in FastCMS up to 0.1.5 and classified a ...)
+ TODO: check
+CVE-2025-2592 (A vulnerability, which was classified as critical, has been found in O ...)
+ TODO: check
+CVE-2025-2591 (A vulnerability classified as problematic was found in Open Asset Impo ...)
+ TODO: check
+CVE-2025-2590 (A vulnerability was found in code-projects Human Resource Management S ...)
+ TODO: check
+CVE-2025-2589 (A vulnerability was found in code-projects Human Resource Management S ...)
+ TODO: check
+CVE-2025-2588 (A vulnerability has been found in Hercules Augeas 1.14.1 and classifie ...)
+ TODO: check
+CVE-2025-2587 (A vulnerability, which was classified as critical, was found in Jinher ...)
+ TODO: check
+CVE-2025-29927 (Next.js is a React framework for building full-stack web applications. ...)
+ TODO: check
+CVE-2025-29641 (Phpgurukul Vehicle Record Management System v1.0 is vulnerable to SQL ...)
+ TODO: check
+CVE-2025-29640 (Phpgurukul Human Metapneumovirus (HMPV) \u2013 Testing Management Syst ...)
+ TODO: check
+CVE-2025-29230 (Linksys E5600 v1.1.0.26 was discovered to contain a command injection ...)
+ TODO: check
+CVE-2025-29227 (In Linksys E5600 V1.1.0.26, the \usr\share\lua\runtime.lua file contai ...)
+ TODO: check
+CVE-2025-29226 (In Linksys E5600 V1.1.0.26, the \usr\share\lua\runtime.lua file contai ...)
+ TODO: check
+CVE-2025-29223 (Linksys E5600 v1.1.0.26 was discovered to contain a command injection ...)
+ TODO: check
+CVE-2025-27933 (Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x <= 9.11 ...)
+ TODO: check
+CVE-2025-27715 (Mattermost versions 9.11.x <= 9.11.8 fail to prompt for explicit appro ...)
+ TODO: check
+CVE-2025-27612 (libcontainer is a library for container control. Prior to libcontainer ...)
+ TODO: check
+CVE-2025-25274 (Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x <= 9.11 ...)
+ TODO: check
+CVE-2025-25068 (Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x <= 9.11 ...)
+ TODO: check
+CVE-2025-25036 (Improper Restriction of XML External Entity Reference vulnerability in ...)
+ TODO: check
+CVE-2025-25035 (Improper Neutralization of Input During Web Page Generation Cross-site ...)
+ TODO: check
+CVE-2025-24920 (Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x <= 9.11 ...)
+ TODO: check
+CVE-2025-24915 (When installing Nessus Agent to a non-default location on a Windows ho ...)
+ TODO: check
+CVE-2024-57490 (Guangzhou Hongfan Technology Co., LTD. iOffice20 has any user login vu ...)
+ TODO: check
+CVE-2024-53351 (Insecure permissions in pipecd v0.49 allow attackers to gain access to ...)
+ TODO: check
+CVE-2024-53350 (Insecure permissions in kubeslice v1.3.1 allow attackers to gain acces ...)
+ TODO: check
+CVE-2024-53349 (Insecure permissions in kuadrant v0.11.3 allow attackers to gain acces ...)
+ TODO: check
+CVE-2024-53348 (LoxiLB v.0.9.7 and before is vulnerable to Incorrect Access Control wh ...)
+ TODO: check
+CVE-2023-43029 (IBM Storage Virtualize vSphere Remote Plug-in 1.0 and 1.1 could allow ...)
+ TODO: check
CVE-2025-30348 (encodeText in QDom in Qt before 6.8.0 has a complex algorithm involvin ...)
- qt6-base 6.8.2+dfsg-5
[bookworm] - qt6-base <no-dsa> (Minor issue)
@@ -42,7 +118,7 @@ CVE-2025-2581 (A vulnerability has been found in xmedcon 0.25.0 and classified a
NOTE: https://sourceforge.net/p/xmedcon/code/ci/e7a88836fc2277f8ab777f3ef24f917d08415559/
CVE-2025-2574 (Out-of-bounds array write in Xpdf 4.05 and earlier, due to incorrect i ...)
- xpdf <not-affected> (Debian uses poppler)
-CVE-2025-2538 (A specific type of ArcGIS Enterprise deployment, is vulnerable to a Pa ...)
+CVE-2025-2538 (A specific type of ArcGIS Enterprise deployment is vulnerable to a Pas ...)
NOT-FOR-US: ArcGIS Enterprise
CVE-2025-2198
REJECTED
@@ -222968,7 +223044,7 @@ CVE-2022-38331
RESERVED
CVE-2022-38330
RESERVED
-CVE-2022-38329 (An issue was discovered in Shopxian CMS 3.0.0. There is a CSRF vulnera ...)
+CVE-2022-38329 (A CSRF vulnerability in Shopxian CMS 3.0.0 could allow an unauthentica ...)
NOT-FOR-US: Shopxian CMS
CVE-2022-38328
RESERVED
@@ -329670,8 +329746,7 @@ CVE-2021-25636 (LibreOffice supports digital signatures of ODF documents and mac
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2056955
NOTE: https://www.libreoffice.org/about-us/security/advisories/CVE-2021-25636
NOTE: Fixed by: https://github.com/LibreOffice/core/commit/b0404f80577de9ff69e58390c6f6ef949fdb0139
-CVE-2021-25635
- RESERVED
+CVE-2021-25635 (An Improper Certificate Validation vulnerability in LibreOffice allowe ...)
- libreoffice <not-affected> (Only affects Microsoft Crypto API back-end)
NOTE: https://www.libreoffice.org/about-us/security/advisories/CVE-2021-25635
NOTE: https://www.openwall.com/lists/oss-security/2021/10/11/3
@@ -434789,7 +434864,7 @@ CVE-2019-16263 (The Twitter Kit framework through 3.4.2 for iOS does not properl
NOT-FOR-US: Twitter Kit framework
CVE-2019-16262
RESERVED
-CVE-2019-16261 (Tripp Lite PDUMH15AT 12.04.0053 devices allow unauthenticated POST req ...)
+CVE-2019-16261 (Tripp Lite PDUMH15AT 12.04.0053 and SU750XL 12.04.0052 devices allow u ...)
NOT-FOR-US: Tripp Lite PDUMH15AT
CVE-2019-16260
RESERVED
@@ -435241,8 +435316,8 @@ CVE-2019-16153 (A hard-coded password vulnerability in the Fortinet FortiSIEM da
NOT-FOR-US: Fortinet
CVE-2019-16152 (A Denial of service (DoS) vulnerability in FortiClient for Linux 6.2.1 ...)
NOT-FOR-US: Fortiguard FortiClient
-CVE-2019-16151
- RESERVED
+CVE-2019-16151 (An improper neutralization of input during web page generation vulnera ...)
+ TODO: check
CVE-2019-16150 (Use of a hard-coded cryptographic key to encrypt security sensitive da ...)
NOT-FOR-US: Fortiguard
CVE-2019-16149
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/740628af69e57faeb3a41b8f9d2bc9236f9a8bb4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/740628af69e57faeb3a41b8f9d2bc9236f9a8bb4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250321/931abdd0/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list