[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Mar 26 20:12:48 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ff2b3465 by security tracker role at 2025-03-26T20:12:40+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,283 @@
+CVE-2025-30524 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-30353 (Directus is a real-time API and App dashboard for managing SQL databas ...)
+ TODO: check
+CVE-2025-30352 (Directus is a real-time API and App dashboard for managing SQL databas ...)
+ TODO: check
+CVE-2025-30351 (Directus is a real-time API and App dashboard for managing SQL databas ...)
+ TODO: check
+CVE-2025-30350 (Directus is a real-time API and App dashboard for managing SQL databas ...)
+ TODO: check
+CVE-2025-30225 (Directus is a real-time API and App dashboard for managing SQL databas ...)
+ TODO: check
+CVE-2025-30217 (Frappe is a full-stack web application framework. Prior to versions 14 ...)
+ TODO: check
+CVE-2025-30164 (Icinga Web 2 is an open source monitoring web interface, framework and ...)
+ TODO: check
+CVE-2025-30073 (An issue was discovered in OPC cardsystems Webapp Aufwertung 2.1.0. Th ...)
+ TODO: check
+CVE-2025-2825 (CrushFTP versions 10.0.0 through 10.8.3 and 11.0.0 through 11.3.0 are ...)
+ TODO: check
+CVE-2025-2820 (An authenticated attacker can compromise the availability of the devic ...)
+ TODO: check
+CVE-2025-2819 (There is a risk of unauthorized file uploads in GT-SoftControl and pot ...)
+ TODO: check
+CVE-2025-2600 (Improper authorization in the variable component in Devolutions Remote ...)
+ TODO: check
+CVE-2025-2596 (Session logout could be overwritten in Checkmk GmbH's Checkmk versions ...)
+ TODO: check
+CVE-2025-2562 (Insufficient logging in the autotyping feature in Devolutions Remote D ...)
+ TODO: check
+CVE-2025-2528 (Improper authorization in application password policy in Devolutions R ...)
+ TODO: check
+CVE-2025-2499 (Client side access control bypass in the permission component in Devo ...)
+ TODO: check
+CVE-2025-2257 (The Total Upkeep \u2013 WordPress Backup Plugin plus Restore & Migrate ...)
+ TODO: check
+CVE-2025-2228 (The Responsive Addons for Elementor \u2013 Free Elementor Addons Plugi ...)
+ TODO: check
+CVE-2025-2167 (The Event post plugin for WordPress is vulnerable to Stored Cross-Site ...)
+ TODO: check
+CVE-2025-2110 (The WP Compress \u2013 Instant Performance & Speed Optimization plugin ...)
+ TODO: check
+CVE-2025-2098 (Fast CAD Reader application on MacOS was found to be installed with in ...)
+ TODO: check
+CVE-2025-2009 (The Newsletters plugin for WordPress is vulnerable to Stored Cross-Sit ...)
+ TODO: check
+CVE-2025-29322 (A cross-site scripting (XSS) vulnerability in ScriptCase before v1.0.0 ...)
+ TODO: check
+CVE-2025-28942 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-28939 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-28935 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-28934 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-28928 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-28924 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-28921 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-28917 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-28916 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-28911 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-28903 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-28899 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-28898 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-28893 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
+ TODO: check
+CVE-2025-28890 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-28889 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-28885 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-28882 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-28880 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-28877 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-28873 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-28869 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-28865 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-28858 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-28855 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-28361 (Unauthorized stack overflow vulnerability in Telesquare TLR-2005KSH v. ...)
+ TODO: check
+CVE-2025-27609 (Icinga Web 2 is an open source monitoring web interface, framework and ...)
+ TODO: check
+CVE-2025-27406 (Icinga Reporting is the central component for reporting related functi ...)
+ TODO: check
+CVE-2025-27405 (Icinga Web 2 is an open source monitoring web interface, framework and ...)
+ TODO: check
+CVE-2025-27404 (Icinga Web 2 is an open source monitoring web interface, framework and ...)
+ TODO: check
+CVE-2025-27267 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-27015 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-27014 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-26986 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-26941 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-26929 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-26923 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-26922 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-26869 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-26747 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-26739 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-26584 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-26583 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-26581 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-26579 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-26576 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-26575 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-26573 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-26566 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-26565 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-26564 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-26560 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-26559 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-26546 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-26544 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-26542 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-26541 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-26537 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-26536 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-26011 (Telesquare TLR-2005KSH 1.1.4 has an unauthorized stack overflow vulner ...)
+ TODO: check
+CVE-2025-26010 (Telesquare TLR-2005KSH 1.1.4 allows unauthorized password modification ...)
+ TODO: check
+CVE-2025-26009 (Telesquare TLR-2005KSH 1.1.4 has an Information Disclosure vulnerabili ...)
+ TODO: check
+CVE-2025-26008 (In Telesquare TLR-2005KSH 1.1.4, an unauthorized stack overflow vulner ...)
+ TODO: check
+CVE-2025-26007 (Telesquare TLR-2005KSH 1.1.4 has an unauthorized stack overflow vulner ...)
+ TODO: check
+CVE-2025-26006 (Telesquare TLR-2005KSH 1.1.4 has an unauthorized stack overflow vulner ...)
+ TODO: check
+CVE-2025-26005 (Telesquare TLR-2005KSH 1.1.4 is vulnerable to unauthorized stack overf ...)
+ TODO: check
+CVE-2025-26004 (Telesquare TLR-2005KSH 1.1.4 is vulnerable to unauthorized stack buffe ...)
+ TODO: check
+CVE-2025-26003 (Telesquare TLR-2005KSH 1.1.4 is affected by an unauthorized command ex ...)
+ TODO: check
+CVE-2025-26002 (Telesquare TLR-2005KSH 1.1.4 is affected by an unauthorized stack over ...)
+ TODO: check
+CVE-2025-26001 (Telesquare TLR-2005KSH 1.1.4 is vulnerable to Information Disclosure v ...)
+ TODO: check
+CVE-2025-25535 (HTTP Response Manipulation in SCRIPT CASE v.1.0.002 Build7 allows a re ...)
+ TODO: check
+CVE-2025-25134 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-24972 (Discourse is an open-source discussion platform. Prior to versions `3. ...)
+ TODO: check
+CVE-2025-24808 (Discourse is an open-source discussion platform. Prior to versions `3. ...)
+ TODO: check
+CVE-2025-24690 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-23964 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-23952 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-23937 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-23735 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-23728 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-23714 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-23704 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-23680 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-23666 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-23638 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-23633 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-23632 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-23612 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-23546 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-23543 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-23542 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-23466 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-23460 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-23459 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-23203 (Icinga Director is an Icinga config deployment tool. A Security vulner ...)
+ TODO: check
+CVE-2025-22283 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-1913 (The Product Import Export for WooCommerce \u2013 Import Export Product ...)
+ TODO: check
+CVE-2025-1912 (The Product Import Export for WooCommerce \u2013 Import Export Product ...)
+ TODO: check
+CVE-2025-1911 (The Product Import Export for WooCommerce \u2013 Import Export Product ...)
+ TODO: check
+CVE-2025-1769 (The Product Import Export for WooCommerce \u2013 Import Export Product ...)
+ TODO: check
+CVE-2025-1703 (The Ultimate Blocks plugin for WordPress is vulnerable to Stored Cross ...)
+ TODO: check
+CVE-2025-1542 (Improper permission controlvulnerability in the OXARIServiceDeskapplic ...)
+ TODO: check
+CVE-2025-1514 (The Active Products Tables for WooCommerce. Use constructor to create ...)
+ TODO: check
+CVE-2025-1440 (The Advanced iFrame plugin for WordPress is vulnerable to unauthorized ...)
+ TODO: check
+CVE-2025-1439 (The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross ...)
+ TODO: check
+CVE-2025-1437 (The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross ...)
+ TODO: check
+CVE-2025-1312 (The Ultimate Blocks \u2013 WordPress Blocks Plugin plugin for WordPres ...)
+ TODO: check
+CVE-2025-1310 (The Jobs for WordPress plugin for WordPress is vulnerable to Directory ...)
+ TODO: check
+CVE-2024-55964 (An issue was discovered in Appsmith before 1.52. An incorrectly config ...)
+ TODO: check
+CVE-2024-55963 (An issue was discovered in Appsmith before 1.51. A user on Appsmith th ...)
+ TODO: check
+CVE-2024-45351 (A code execution vulnerability exists in the Xiaomi Game center applic ...)
+ TODO: check
+CVE-2024-41643 (An issue in Arris NVG443B 9.3.0h3d36 allows a physically proximate att ...)
+ TODO: check
+CVE-2024-13889 (The WordPress Importer plugin for WordPress is vulnerable to PHP Objec ...)
+ TODO: check
+CVE-2024-13801 (The BWL Advanced FAQ Manager plugin for WordPress is vulnerable to una ...)
+ TODO: check
+CVE-2024-13702 (The CRM and Lead Management by vcita plugin for WordPress is vulnerabl ...)
+ TODO: check
+CVE-2024-13411 (The Zapier for WordPress plugin for WordPress is vulnerable to Server- ...)
+ TODO: check
CVE-2024-9773
- gitlab <not-affected> (Specific to EE)
CVE-2024-10307
@@ -11,6 +291,7 @@ CVE-2025-0811
CVE-2025-2255
- gitlab <unfixed>
CVE-2025-30232
+ {DSA-5887-1}
- exim4 4.98.1-2
[bullseye] - exim4 <not-affected> (Vulnerable code not present)
NOTE: https://exim.org/static/doc/security/CVE-2025-30232.txt
@@ -21,10 +302,10 @@ CVE-2022-XXXX [RUSTSEC-2022-0094]
- rust-mimalloc 0.1.44-1
NOTE: https://rustsec.org/advisories/RUSTSEC-2022-0094
NOTE: https://github.com/purpleprotocol/mimalloc_rust/issues/87
-CVE-2025-27551
+CVE-2025-27551 (DBIx::Class::EncodedColumn use the rand() function, which is not crypt ...)
- libdbix-class-encodedcolumn-perl <unfixed>
NOTE: https://github.com/wreis/DBIx-Class-EncodedColumn/commit/5e9e51f574f7e64e8c014e9e4f00ee8fd87a5335 (0.11)
-CVE-2025-27552
+CVE-2025-27552 (DBIx::Class::EncodedColumn use the rand() function, which is not crypt ...)
- libdbix-class-encodedcolumn-perl <unfixed>
NOTE: https://github.com/wreis/DBIx-Class-EncodedColumn/commit/5e9e51f574f7e64e8c014e9e4f00ee8fd87a5335 (0.11)
CVE-2025-30742 (httpd.c in atophttpd 2.8.0 has an off-by-one error and resultant out-o ...)
@@ -76,7 +357,7 @@ CVE-2024-11847 (The wp-svg-upload WordPress plugin through 1.0.0 does not saniti
NOT-FOR-US: WordPress plugin
CVE-2023-52972 (Huawei PCs have a vulnerability that allows low-privilege users to byp ...)
NOT-FOR-US: Huawei
-CVE-2025-2783
+CVE-2025-2783 (Incorrect handle provided in unspecified circumstances in Mojo in Goog ...)
- chromium <not-affected> (Only affects Chromium on Windows)
CVE-2025-30567 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
NOT-FOR-US: WordPress plugin
@@ -1124,7 +1405,8 @@ CVE-2024-9901 (LocalAI version v2.19.4 (af0545834fd565ab56af0b9348550ca9c3cb5349
NOT-FOR-US: LocalAI
CVE-2024-9900 (mudler/localai version v2.21.1 contains a Cross-Site Scripting (XSS) v ...)
NOT-FOR-US: LocalAI
-CVE-2024-9880 (A command injection vulnerability exists in the `pandas.DataFrame.quer ...)
+CVE-2024-9880
+ REJECTED
- pandas <unfixed> (unimportant)
NOTE: https://huntr.com/bounties/a49baae1-4652-4d6c-a179-313c21c41a8d
NOTE: Not considered a security issue by upstream: https://github.com/pandas-dev/pandas/issues/60602
@@ -1743,7 +2025,8 @@ CVE-2024-10110 (In version 3.23.0 of aimhubio/aim, the ScheduledStatusReporter o
NOT-FOR-US: aimhubio/aim
CVE-2024-10109 (A vulnerability in the mintplex-labs/anything-llm repository, as of co ...)
NOT-FOR-US: anything-llm
-CVE-2024-10096 (Dask versions <=2024.8.2 contain a vulnerability in the Dask Distribut ...)
+CVE-2024-10096
+ REJECTED
NOTE: Not considered a valid security issue by dask upstream:
NOTE: https://distributed.dask.org/en/stable/limitations.html?highlight=host#security
CVE-2024-10051 (Realchar version v0.0.4 is vulnerable to an unauthenticated denial of ...)
@@ -12546,6 +12829,7 @@ CVE-2025-25055 (Authentication bypass by spoofing issue exists in FileMegane ver
CVE-2025-20075 (Server-side request forgery (SSRF) vulnerability exists in FileMegane ...)
NOT-FOR-US: FileMegane
CVE-2025-1390 (The PAM module pam_cap.so of libcap configuration supports group names ...)
+ {DLA-4092-1}
- libcap2 1:2.73-4 (bug #1098318)
[bookworm] - libcap2 <no-dsa> (Minor issue)
NOTE: https://bugzilla.openanolis.cn/show_bug.cgi?id=18804
@@ -44684,6 +44968,7 @@ CVE-2024-10108 (The WPAdverts \u2013 Classifieds Plugin plugin for WordPress is
CVE-2023-5816 (The Code Explorer plugin for WordPress is vulnerable to arbitrary exte ...)
NOT-FOR-US: WordPress plugin
CVE-2025-27834 (An issue was discovered in Artifex Ghostscript before 10.05.0. A buffe ...)
+ {DSA-5888-1}
- ghostscript 10.05.0~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=708253
NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=ef42ff180a04926e187d40faea40d4a43e304e3b (ghostpdl-10.05.0)
@@ -44692,26 +44977,32 @@ CVE-2025-27837 (An issue was discovered in Artifex Ghostscript before 10.05.0. A
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=708238
NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=dbb9f2b11f820697e77863523a8d835ab040e5d1 (ghostpdl-10.05.0)
CVE-2025-27833 (An issue was discovered in Artifex Ghostscript before 10.05.0. A buffe ...)
+ {DSA-5888-1}
- ghostscript 10.05.0~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=708259
NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=a82738e387bbb44c7c4698404776dca53f62b158 (ghostpdl-10.05.0)
CVE-2025-27830 (An issue was discovered in Artifex Ghostscript before 10.05.0. A buffe ...)
+ {DSA-5888-1}
- ghostscript 10.05.0~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=708241
NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=8474e1d6b896e35741d3c608ea5c21deeec1078f (ghostpdl-10.05.0)
CVE-2025-27836 (An issue was discovered in Artifex Ghostscript before 10.05.0. The BJ1 ...)
+ {DSA-5888-1}
- ghostscript 10.05.0~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=708192
NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=8b6d19b2b4079da6863ef25f2370f25d4b054919 (ghostpdl-10.05.0)
CVE-2025-27831 (An issue was discovered in Artifex Ghostscript before 10.05.0. The DOC ...)
+ {DSA-5888-1}
- ghostscript 10.05.0~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=708132
NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=d6e713dda4f8d75c6a4ed8c7568a0d4f532dcb17 (ghostpdl-10.05.0)
CVE-2025-27832 (An issue was discovered in Artifex Ghostscript before 10.05.0. The NPD ...)
+ {DSA-5888-1}
- ghostscript 10.05.0~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=708133
NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=57291c846334f1585552010faa42d7cb2cbd5c41 (ghostpdl-10.05.0)
CVE-2025-27835 (An issue was discovered in Artifex Ghostscript before 10.05.0. A buffe ...)
+ {DSA-5888-1}
- ghostscript 10.05.0~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=708131
NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=de900010a6f2310d1fd54e99eeba466693da0e13 (ghostpdl-10.05.0)
@@ -162227,6 +162518,7 @@ CVE-2023-2672 (A vulnerability classified as critical has been found in SourceCo
CVE-2023-2671 (A vulnerability was found in SourceCodester Lost and Found Information ...)
NOT-FOR-US: SourceCodester Lost and Found Information System
CVE-2023-2603 (A vulnerability was found in libcap. This issue occurs in the _libcap_ ...)
+ {DLA-4092-1}
- libcap2 1:2.66-4 (bug #1036114)
[buster] - libcap2 <not-affected> (Vulnerable code introduced later)
NOTE: https://sites.google.com/site/fullycapable/release-notes-for-libcap#h.iuvg7sbjg8pe
@@ -162234,6 +162526,7 @@ CVE-2023-2603 (A vulnerability was found in libcap. This issue occurs in the _li
NOTE: https://www.openwall.com/lists/oss-security/2023/05/15/4
NOTE: Fixed by: https://git.kernel.org/pub/scm/libs/libcap/libcap.git/commit/?id=422bec25ae4a1ab03fd4d6f728695ed279173b18 (libcap-2.69)
CVE-2023-2602 (A vulnerability was found in the pthread_create() function in libcap. ...)
+ {DLA-4092-1}
- libcap2 1:2.66-4 (bug #1036114)
[buster] - libcap2 <not-affected> (Vulnerable code introduced later)
NOTE: https://sites.google.com/site/fullycapable/release-notes-for-libcap#h.iuvg7sbjg8pe
@@ -221173,8 +221466,8 @@ CVE-2022-39165 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a non-privileged
NOT-FOR-US: IBM
CVE-2022-39164 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a non-privileged local ...)
NOT-FOR-US: IBM
-CVE-2022-39163
- RESERVED
+CVE-2022-39163 (IBM Cognos Controller 11.0.0 through 11.1.0 is vulnerable to a Client- ...)
+ TODO: check
CVE-2022-39162
RESERVED
CVE-2022-39161 (IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and IBM WebSphere ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ff2b34657ba9a274d58246138306899cbedbbdc1
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ff2b34657ba9a274d58246138306899cbedbbdc1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250326/729fb84f/attachment.htm>
More information about the debian-security-tracker-commits
mailing list