[Git][security-tracker-team/security-tracker][master] automatic update

Mon Mar 31 21:12:35 BST 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6aecc422 by security tracker role at 2025-03-31T20:12:29+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,306 @@
-CVE-2025-21893 [keys: Fix UAF in key_put()]
+CVE-2025-3048 (After completing a build with AWS Serverless Application Model Command ...)
+	TODO: check
+CVE-2025-3047 (When running the AWS Serverless Application Model Command Line Interfa ...)
+	TODO: check
+CVE-2025-3027 (The vulnerability exists in the EJBCA service, version 8.0 Enterprise. ...)
+	TODO: check
+CVE-2025-3026 (The vulnerability exists in the EJBCA service, version 8.0 Enterprise. ...)
+	TODO: check
+CVE-2025-3022 (Os command injection vulnerability in e-solutions e-management. This v ...)
+	TODO: check
+CVE-2025-3021 (Path Traversal vulnerability in e-solutions e-management. This vulnera ...)
+	TODO: check
+CVE-2025-3010 (A vulnerability, which was classified as problematic, has been found i ...)
+	TODO: check
+CVE-2025-3009 (A vulnerability classified as critical was found in Jinher Network OA  ...)
+	TODO: check
+CVE-2025-3008 (A vulnerability classified as critical has been found in Novastar CX40 ...)
+	TODO: check
+CVE-2025-3007 (A vulnerability was found in Novastar CX40 up to 2.44.0. It has been r ...)
+	TODO: check
+CVE-2025-3006 (A vulnerability was found in PHPGurukul e-Diary Management System 1.0. ...)
+	TODO: check
+CVE-2025-3005 (A vulnerability was found in Sayski ForestBlog up to 20250321 and clas ...)
+	TODO: check
+CVE-2025-3004 (A vulnerability has been found in Sayski ForestBlog up to 20250321 and ...)
+	TODO: check
+CVE-2025-3003 (A vulnerability, which was classified as critical, was found in ESAFEN ...)
+	TODO: check
+CVE-2025-3002 (A vulnerability, which was classified as critical, has been found in D ...)
+	TODO: check
+CVE-2025-3001 (A vulnerability classified as critical was found in PyTorch 2.6.0. Thi ...)
+	TODO: check
+CVE-2025-3000 (A vulnerability classified as critical has been found in PyTorch 2.6.0 ...)
+	TODO: check
+CVE-2025-31629 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-31627 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-31625 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-31624 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-31623 (Cross-Site Request Forgery (CSRF) vulnerability in richtexteditor Rich ...)
+	TODO: check
+CVE-2025-31621 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-31620 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-31618 (Missing Authorization vulnerability in Jaap Jansma Connector to CiviCR ...)
+	TODO: check
+CVE-2025-31617 (Cross-Site Request Forgery (CSRF) vulnerability in Gagan Deep Singh Po ...)
+	TODO: check
+CVE-2025-31616 (Cross-Site Request Forgery (CSRF) vulnerability in AdminGeekZ Varnish  ...)
+	TODO: check
+CVE-2025-31615 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-31614 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-31613 (Cross-Site Request Forgery (CSRF) vulnerability in Aboobacker. AB Goog ...)
+	TODO: check
+CVE-2025-31611 (Missing Authorization vulnerability in Shaharia Azam Auto Post After I ...)
+	TODO: check
+CVE-2025-31610 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-31609 (Missing Authorization vulnerability in Arni Cinco WPCargo Track & Trac ...)
+	TODO: check
+CVE-2025-31608 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-31607 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-31606 (Missing Authorization vulnerability in softpulseinfotech SP Blog Desig ...)
+	TODO: check
+CVE-2025-31605 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-31604 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...)
+	TODO: check
+CVE-2025-31603 (Missing Authorization vulnerability in moshensky CF7 Spreadsheets allo ...)
+	TODO: check
+CVE-2025-31602 (Cross-Site Request Forgery (CSRF) vulnerability in apimofficiel Apimo  ...)
+	TODO: check
+CVE-2025-31601 (Cross-Site Request Forgery (CSRF) vulnerability in appointy Appointy A ...)
+	TODO: check
+CVE-2025-31600 (Cross-Site Request Forgery (CSRF) vulnerability in designnbuy DesignO  ...)
+	TODO: check
+CVE-2025-31598 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-31597 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-31596 (Missing Authorization vulnerability in Chatwee Chat by Chatwee allows  ...)
+	TODO: check
+CVE-2025-31595 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-31593 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-31592 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-31591 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-31590 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-31589 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-31588 (Cross-Site Request Forgery (CSRF) vulnerability in elfsight Elfsight T ...)
+	TODO: check
+CVE-2025-31587 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-31586 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-31585 (Cross-Site Request Forgery (CSRF) vulnerability in leadfox Leadfox for ...)
+	TODO: check
+CVE-2025-31584 (Missing Authorization vulnerability in elfsight Elfsight Testimonials  ...)
+	TODO: check
+CVE-2025-31583 (Cross-Site Request Forgery (CSRF) vulnerability in Ashish Ajani WP Cop ...)
+	TODO: check
+CVE-2025-31577 (Unrestricted Upload of File with Dangerous Type vulnerability in appoi ...)
+	TODO: check
+CVE-2025-31576 (Missing Authorization vulnerability in Gagan Deep Singh PostmarkApp Em ...)
+	TODO: check
+CVE-2025-31575 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...)
+	TODO: check
+CVE-2025-31574 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-31572 (Cross-Site Request Forgery (CSRF) vulnerability in v20202020 Multi Day ...)
+	TODO: check
+CVE-2025-31570 (Cross-Site Request Forgery (CSRF) vulnerability in wp-buy Related Post ...)
+	TODO: check
+CVE-2025-31569 (Cross-Site Request Forgery (CSRF) vulnerability in wp-buy wordpress re ...)
+	TODO: check
+CVE-2025-31567 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-31566 (Cross-Site Request Forgery (CSRF) vulnerability in riosisgroup Rio Vid ...)
+	TODO: check
+CVE-2025-31562 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-31559 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-31557 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-31556 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-31555 (Missing Authorization vulnerability in ContentMX ContentMX Content Pub ...)
+	TODO: check
+CVE-2025-31549 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-31547 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2025-31546 (Missing Authorization vulnerability in WP Messiah Swiss Toolkit For WP ...)
+	TODO: check
+CVE-2025-31545 (Missing Authorization vulnerability in WP Messiah Safe Ai Malware Prot ...)
+	TODO: check
+CVE-2025-31544 (Missing Authorization vulnerability in WP Messiah Swiss Toolkit For WP ...)
+	TODO: check
+CVE-2025-31543 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-31542 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2025-31540 (Missing Authorization vulnerability in acmemediakits ACME Divi Modules ...)
+	TODO: check
+CVE-2025-31539 (Missing Authorization vulnerability in Blocksera Cryptocurrency Widget ...)
+	TODO: check
+CVE-2025-31538 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-31535 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-31533 (Missing Authorization vulnerability in Salesmate.io Salesmate Add-On f ...)
+	TODO: check
+CVE-2025-31532 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-31530 (Missing Authorization vulnerability in smackcoders Google SEO Pressor  ...)
+	TODO: check
+CVE-2025-31529 (Missing Authorization vulnerability in Rashid Slider Path for Elemento ...)
+	TODO: check
+CVE-2025-31528 (Missing Authorization vulnerability in wokamoto StaticPress allows Exp ...)
+	TODO: check
+CVE-2025-31527 (Server-Side Request Forgery (SSRF) vulnerability in Kishan WP Link Pre ...)
+	TODO: check
+CVE-2025-31526 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2025-31419 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-31410 (Cross-Site Request Forgery (CSRF) vulnerability in Ashish Ajani WP Chu ...)
+	TODO: check
+CVE-2025-31406 (Subscriber Broken Access Control in ELEX WooCommerce Request a Quote < ...)
+	TODO: check
+CVE-2025-31386 (Missing Authorization vulnerability in Simplepress Simple:Press allows ...)
+	TODO: check
+CVE-2025-31376 (Missing Authorization vulnerability in Mayeenul Islam NanoSupport allo ...)
+	TODO: check
+CVE-2025-31129 (Jooby is a web framework for Java and Kotlin. The pac4j io.jooby.inter ...)
+	TODO: check
+CVE-2025-31128 (gifplayer is a customizable jquery plugin to play and stop animated gi ...)
+	TODO: check
+CVE-2025-31125 (Vite is a frontend tooling framework for javascript. Vite exposes cont ...)
+	TODO: check
+CVE-2025-31124 (Zitadel is open-source identity infrastructure software. ZITADEL admin ...)
+	TODO: check
+CVE-2025-31123 (Zitadel is open-source identity infrastructure software. A vulnerabili ...)
+	TODO: check
+CVE-2025-31122 (scratch-coding-hut.github.io is the website for Coding Hut. In 1.0-bet ...)
+	TODO: check
+CVE-2025-31117 (OpenEMR is a free and open source electronic health records and medica ...)
+	TODO: check
+CVE-2025-31116 (Mobile Security Framework (MobSF) is a pen-testing, malware analysis a ...)
+	TODO: check
+CVE-2025-30963 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-30961 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-30369 (Zulip is an open-source team collaboration tool. The API for deleting  ...)
+	TODO: check
+CVE-2025-30368 (Zulip is an open-source team collaboration tool. The API for deleting  ...)
+	TODO: check
+CVE-2025-30223 (Beego is an open-source web framework for the Go programming language. ...)
+	TODO: check
+CVE-2025-30209 (Tuleap is an Open Source Suite to improve management of software devel ...)
+	TODO: check
+CVE-2025-30203 (Tuleap is an Open Source Suite to improve management of software devel ...)
+	TODO: check
+CVE-2025-30161 (OpenEMR is a free and open source electronic health records and medica ...)
+	TODO: check
+CVE-2025-30155 (Tuleap is an Open Source Suite to improve management of software devel ...)
+	TODO: check
+CVE-2025-30149 (OpenEMR is a free and open source electronic health records and medica ...)
+	TODO: check
+CVE-2025-30095 (VyOS 1.3 through 1.5 or any Debian-based system using dropbear in comb ...)
+	TODO: check
+CVE-2025-30006 (Xorcom CompletePBX is vulnerable to a reflected cross-site scripting ( ...)
+	TODO: check
+CVE-2025-30005 (Xorcom CompletePBX is vulnerable to a path traversal via the Diagnosti ...)
+	TODO: check
+CVE-2025-30004 (Xorcom CompletePBX is vulnerable to command injection in the administr ...)
+	TODO: check
+CVE-2025-2999 (A vulnerability was found in PyTorch 2.6.0. It has been rated as criti ...)
+	TODO: check
+CVE-2025-2998 (A vulnerability was found in PyTorch 2.6.0. It has been declared as cr ...)
+	TODO: check
+CVE-2025-2997 (A vulnerability was found in zhangyanbo2007 youkefu 4.2.0. It has been ...)
+	TODO: check
+CVE-2025-2996 (A vulnerability was found in Tenda FH1202 1.2.0.14(408) and classified ...)
+	TODO: check
+CVE-2025-2995 (A vulnerability has been found in Tenda FH1202 1.2.0.14(408) and class ...)
+	TODO: check
+CVE-2025-2994 (A vulnerability, which was classified as critical, was found in Tenda  ...)
+	TODO: check
+CVE-2025-2993 (A vulnerability, which was classified as critical, has been found in T ...)
+	TODO: check
+CVE-2025-2992 (A vulnerability classified as critical was found in Tenda FH1202 1.2.0 ...)
+	TODO: check
+CVE-2025-2991 (A vulnerability classified as critical has been found in Tenda FH1202  ...)
+	TODO: check
+CVE-2025-2990 (A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been r ...)
+	TODO: check
+CVE-2025-2989 (A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been d ...)
+	TODO: check
+CVE-2025-2985 (A vulnerability was found in code-projects Payroll Management System 1 ...)
+	TODO: check
+CVE-2025-2984 (A vulnerability was found in code-projects Payroll Management System 1 ...)
+	TODO: check
+CVE-2025-2794 (An unsafe reflection vulnerability in Kentico Xperience allows an unau ...)
+	TODO: check
+CVE-2025-2586 (A flaw was found in the OpenShift Lightspeed Service, which is vulnera ...)
+	TODO: check
+CVE-2025-2292 (Xorcom CompletePBX is vulnerable to an authenticated path traversal, a ...)
+	TODO: check
+CVE-2025-2072 (A Reflected Cross-Site Scripting (XSS) vulnerability has been discover ...)
+	TODO: check
+CVE-2025-2071 (A critical OS Command Injection vulnerability has been identified in t ...)
+	TODO: check
+CVE-2025-29929 (Tuleap is an Open Source Suite to improve management of software devel ...)
+	TODO: check
+CVE-2025-29908 (Netty QUIC codec is a QUIC codec for netty which makes use of quiche.  ...)
+	TODO: check
+CVE-2025-29772 (OpenEMR is a free and open source electronic health records and medica ...)
+	TODO: check
+CVE-2025-29766 (Tuleap is an Open Source Suite to improve management of software devel ...)
+	TODO: check
+CVE-2025-29266 (Unraid 7.0.0 before 7.0.1 allows remote users to access the Unraid Web ...)
+	TODO: check
+CVE-2025-27149 (Zulip server provides an open-source team chat that helps teams stay p ...)
+	TODO: check
+CVE-2025-27095 (JumpServer is an open source bastion host and an operation and mainten ...)
+	TODO: check
+CVE-2025-23995 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-22941 (A command injection vulnerability in the web interface of Adtran 411 O ...)
+	TODO: check
+CVE-2025-22940 (Incorrect access control in Adtran 411 ONT L80.00.0011.M2 allows unaut ...)
+	TODO: check
+CVE-2025-22939 (A command injection vulnerability in the telnet service of Adtran 411  ...)
+	TODO: check
+CVE-2025-22938 (Adtran 411 ONT L80.00.0011.M2 was discovered to contain weak default p ...)
+	TODO: check
+CVE-2025-22937 (An issue in Adtran 411 ONT vL80.00.0011.M2 allows attackers to escalat ...)
+	TODO: check
+CVE-2025-1449 (A vulnerability exists in the Rockwell Automation Verve Asset Manager  ...)
+	TODO: check
+CVE-2024-55093 (phpIPAM through 1.7.3 has a reflected Cross-Site Scripting (XSS) vulne ...)
+	TODO: check
+CVE-2024-12021 (Coverity versions prior to 2024.9.0 are vulnerable to stored cross-sit ...)
+	TODO: check
+CVE-2023-33302 (A buffer copy without checking size of input ('classic buffer overflow ...)
+	TODO: check
+CVE-2025-21893 (In the Linux kernel, the following vulnerability has been resolved:  k ...)
 	- linux 6.12.21-1
 	[bookworm] - linux <not-affected> (Vulnerable code not present)
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -537,6 +839,7 @@ CVE-2025-22739 (Missing Authorization vulnerability in ThimPress LearnPress allo
 CVE-2025-22398 (Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutraliz ...)
 	NOT-FOR-US: Dell / EMC
 CVE-2025-1860 (Data::Entropy for Perl 0.007 and earlier use the rand() function as th ...)
+	{DLA-4100-1}
 	- libdata-entropy-perl 0.008-1 (bug #1101503)
 	[bookworm] - libdata-entropy-perl <no-dsa> (Minor issue)
 	NOTE: https://lists.security.metacpan.org/cve-announce/msg/28284586/
@@ -65935,7 +66238,7 @@ CVE-2024-42259 (In the Linux kernel, the following vulnerability has been resolv
 	NOTE: https://git.kernel.org/linus/8bdd9ef7e9b1b2a73e394712b72b22055e0e26c3 (6.11-rc3)
 	NOTE: https://project-zero.issues.chromium.org/issues/42451707
 CVE-2024-42472 (Flatpak is a Linux application sandboxing and distribution framework.  ...)
-	{DSA-5749-1}
+	{DSA-5749-1 DLA-4099-1}
 	- flatpak 1.14.10-1 (bug #1082927)
 	NOTE: https://github.com/flatpak/flatpak/releases/tag/1.14.10
 	NOTE: Requisite: https://github.com/flatpak/flatpak/commit/8a18137d7e80f0575e8defabf677d81e5cc3a788 (1.14.10)
@@ -111144,7 +111447,7 @@ CVE-2024-28231 (eprosima Fast DDS is a C++ implementation of the Data Distributi
 	NOTE: https://github.com/eProsima/Fast-DDS/commit/355706386f4af9ce74125eeec3c449b06113112b (v2.14.0)
 CVE-2024-28179 (Jupyter Server Proxy allows users to run arbitrary external processes  ...)
 	NOT-FOR-US: Jupyter Server Proxy
-CVE-2024-27286 (Zulip is an open-source team collaboration. When a user moves a Zulip  ...)
+CVE-2024-27286 (Zulip is an open-source team collaboration tool. When a user moves a Z ...)
 	- zulip-server <itp> (bug #800052)
 CVE-2024-27105 (Frappe is a full-stack web application framework. Prior to versions 14 ...)
 	NOT-FOR-US: Frappe Framework
@@ -181476,8 +181779,8 @@ CVE-2023-22329 (Improper input validation in the BIOS firmware for some Intel(R)
 	NOT-FOR-US: Intel
 CVE-2023-0882 (Improper Input Validation, Authorization Bypass Through User-Controlle ...)
 	NOT-FOR-US: Kron Tech Single Connect
-CVE-2023-0881
-	RESERVED
+CVE-2023-0881 (Running DDoS on tcp port 22 will trigger a kernel crash. This issue is ...)
+	TODO: check
 CVE-2023-0880 (Misinterpretation of Input in GitHub repository thorsten/phpmyfaq prio ...)
 	NOT-FOR-US: phpmyfaq
 CVE-2023-0879 (Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/ ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6aecc4224d29c6cbd548a389b54c7f1d11e73255

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6aecc4224d29c6cbd548a389b54c7f1d11e73255
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250331/d314ac32/attachment.htm>
