[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon May 5 21:12:52 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0afca3c0 by security tracker role at 2025-05-05T20:12:45+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,170 @@
-CVE-2025-47268
+CVE-2025-4318 (The AWS Amplify Studio UI component property expressions in the aws-am ...)
+ TODO: check
+CVE-2025-4316 (Improper access control in PAM feature in Devolutions Server 2025.1.6. ...)
+ TODO: check
+CVE-2025-4287 (A vulnerability was found in PyTorch 2.6.0+cu124. It has been rated as ...)
+ TODO: check
+CVE-2025-4286 (A vulnerability was found in Intelbras InControl up to 2.21.59. It has ...)
+ TODO: check
+CVE-2025-4283 (A vulnerability was found in SourceCodester/oretnom23 Stock Management ...)
+ TODO: check
+CVE-2025-4282 (A vulnerability has been found in SourceCodester/oretnom23 Stock Manag ...)
+ TODO: check
+CVE-2025-4281 (A vulnerability, which was classified as problematic, was found in She ...)
+ TODO: check
+CVE-2025-4279 (The External image replace plugin for WordPress is vulnerable to arbit ...)
+ TODO: check
+CVE-2025-4272 (A vulnerability was found in Mechrevo Control Console 1.0.2.70. It has ...)
+ TODO: check
+CVE-2025-47240
+ REJECTED
+CVE-2025-46813 (Discourse is an open-source community platform. A data leak vulnerabil ...)
+ TODO: check
+CVE-2025-46734 (league/commonmark is a PHP Markdown parser. A cross-site scripting (XS ...)
+ TODO: check
+CVE-2025-46731 (Craft is a content management system. Versions of Craft CMS on the 4.x ...)
+ TODO: check
+CVE-2025-46730 (MobSF is a mobile application security testing tool used. Typically, M ...)
+ TODO: check
+CVE-2025-46726 (Langroid is a framework for building large-language-model-powered appl ...)
+ TODO: check
+CVE-2025-46720 (Keystone is a content management system for Node.js. Prior to version ...)
+ TODO: check
+CVE-2025-46719 (Open WebUI is a self-hosted artificial intelligence platform designed ...)
+ TODO: check
+CVE-2025-46571 (Open WebUI is a self-hosted artificial intelligence platform designed ...)
+ TODO: check
+CVE-2025-46559 (Misskey is an open source, federated social media platform. Starting i ...)
+ TODO: check
+CVE-2025-46553 (@misskey-dev/summaly is a tool for getting a summary of a web page. St ...)
+ TODO: check
+CVE-2025-46340 (Misskey is an open source, federated social media platform. Starting i ...)
+ TODO: check
+CVE-2025-46335 (Mobile Security Framework (MobSF) is a security research platform for ...)
+ TODO: check
+CVE-2025-45751 (SourceCodester Web Based Pharmacy Product Management System 1.0 is vul ...)
+ TODO: check
+CVE-2025-45618 (Incorrect access control in the component /admin/sys/datasource/ajaxLi ...)
+ TODO: check
+CVE-2025-45617 (Incorrect access control in the component /user/list of production_ssm ...)
+ TODO: check
+CVE-2025-45616 (Incorrect access control in the /admin/** API of brcc v1.2.0 allows at ...)
+ TODO: check
+CVE-2025-45615 (Incorrect access control in the /admin/ API of yaoqishan v0.0.1-SNAPSH ...)
+ TODO: check
+CVE-2025-45614 (Incorrect access control in the component /api/user/manager of One v1. ...)
+ TODO: check
+CVE-2025-45613 (Incorrect access control in the component /user/list of Shiro-Action v ...)
+ TODO: check
+CVE-2025-45612 (Incorrect access control in xmall v1.1 allows attackers to bypass auth ...)
+ TODO: check
+CVE-2025-45611 (Incorrect access control in the /user/edit/ component of hope-boot v1. ...)
+ TODO: check
+CVE-2025-45610 (Incorrect access control in the component /scheduleLog/info/1 of PassJ ...)
+ TODO: check
+CVE-2025-45609 (Incorrect access control in the doFilter function of kob latest v1.0.0 ...)
+ TODO: check
+CVE-2025-45608 (Incorrect access control in the /system/user/findUserList API of Xingu ...)
+ TODO: check
+CVE-2025-45607 (An issue in the component /manage/ of itranswarp v2.19 allows attacker ...)
+ TODO: check
+CVE-2025-45322 (kashipara Online Service Management Portal V1.0 is vulnerable to SQL I ...)
+ TODO: check
+CVE-2025-45321 (kashipara Online Service Management Portal V1.0 is vulnerable to SQL I ...)
+ TODO: check
+CVE-2025-45320 (A Directory Listing Vulnerability was found in the /osms/Requester/ di ...)
+ TODO: check
+CVE-2025-45242 (Rhymix v2.1.22 was discovered to contain an arbitrary file deletion vu ...)
+ TODO: check
+CVE-2025-45240 (foxcms v1.2.5 was discovered to contain a SQL injection vulnerability ...)
+ TODO: check
+CVE-2025-45239 (An issue in the restores method (DataBackup.php) of foxcms v2.0.6 allo ...)
+ TODO: check
+CVE-2025-45238 (foxcms v1.2.5 was discovered to contain an arbitrary file deletion vul ...)
+ TODO: check
+CVE-2025-45237 (Incorrect access control in the component /config/download of DBSyncer ...)
+ TODO: check
+CVE-2025-45236 (A stored cross-site scripting (XSS) vulnerability in the Edit Profile ...)
+ TODO: check
+CVE-2025-45042 (Tenda AC9 v15.03.05.14 was discovered to contain a command injection v ...)
+ TODO: check
+CVE-2025-43915 (In Buoyant Edge releases before edge-25.2.1 and Enterprise for Linkerd ...)
+ TODO: check
+CVE-2025-43852 (Retrieval-based-Voice-Conversion-WebUI is a voice changing framework b ...)
+ TODO: check
+CVE-2025-43851 (Retrieval-based-Voice-Conversion-WebUI is a voice changing framework b ...)
+ TODO: check
+CVE-2025-43850 (Retrieval-based-Voice-Conversion-WebUI is a voice changing framework b ...)
+ TODO: check
+CVE-2025-43849 (Retrieval-based-Voice-Conversion-WebUI is a voice changing framework b ...)
+ TODO: check
+CVE-2025-43848 (Retrieval-based-Voice-Conversion-WebUI is a voice changing framework b ...)
+ TODO: check
+CVE-2025-43847 (Retrieval-based-Voice-Conversion-WebUI is a voice changing framework b ...)
+ TODO: check
+CVE-2025-43846 (Retrieval-based-Voice-Conversion-WebUI is a voice changing framework b ...)
+ TODO: check
+CVE-2025-43845 (Retrieval-based-Voice-Conversion-WebUI is a voice changing framework b ...)
+ TODO: check
+CVE-2025-43844 (Retrieval-based-Voice-Conversion-WebUI is a voice changing framework b ...)
+ TODO: check
+CVE-2025-43843 (Retrieval-based-Voice-Conversion-WebUI is a voice changing framework b ...)
+ TODO: check
+CVE-2025-43842 (Retrieval-based-Voice-Conversion-WebUI is a voice changing framework b ...)
+ TODO: check
+CVE-2025-2905 (An XML External Entity (XXE) vulnerability exists in the gateway compo ...)
+ TODO: check
+CVE-2025-29573 (Cross-Site Scripting (XSS) vulnerability exists in Mezzanine CMS 6.0.0 ...)
+ TODO: check
+CVE-2025-28168 (Outsystems Multiple File Upload < 3.1.0 is vulnerable to Unrestricted ...)
+ TODO: check
+CVE-2025-28062 (A Cross-Site Request Forgery (CSRF) vulnerability was discovered in ER ...)
+ TODO: check
+CVE-2025-27921 (A reflected cross-site scripting (XSS) vulnerability was discovered in ...)
+ TODO: check
+CVE-2025-27920 (Output Messenger before 2.0.63 was vulnerable to a directory traversal ...)
+ TODO: check
+CVE-2025-26241 (A SQL injection vulnerability in the "Search" functionality of "ticket ...)
+ TODO: check
+CVE-2025-25504 (An issue in the /usr/local/bin/jncs.sh script of Gefen WebFWC (In AV o ...)
+ TODO: check
+CVE-2025-24977 (OpenCTI is an open cyber threat intelligence (CTI) platform. Prior to ...)
+ TODO: check
+CVE-2025-1992 (IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 ...)
+ TODO: check
+CVE-2025-1909 (The BuddyBoss Platform Pro plugin for WordPress is vulnerable to authe ...)
+ TODO: check
+CVE-2025-0217 (BeyondTrust Privileged Remote Access (PRA) versions prior to 25.1 are ...)
+ TODO: check
+CVE-2024-58237 (In the Linux kernel, the following vulnerability has been resolved: b ...)
+ TODO: check
+CVE-2024-58100 (In the Linux kernel, the following vulnerability has been resolved: b ...)
+ TODO: check
+CVE-2024-58098 (In the Linux kernel, the following vulnerability has been resolved: b ...)
+ TODO: check
+CVE-2024-57235 (NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain ...)
+ TODO: check
+CVE-2024-57234 (NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain ...)
+ TODO: check
+CVE-2024-57233 (NETGEAR RAX5 (AX1600 WiFi Router) v1.0.2.26 was discovered to contain ...)
+ TODO: check
+CVE-2024-57232 (NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain ...)
+ TODO: check
+CVE-2024-57231 (NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain ...)
+ TODO: check
+CVE-2024-57230 (NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain ...)
+ TODO: check
+CVE-2024-57229 (NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain ...)
+ TODO: check
+CVE-2024-51991 (October is a Content Management System (CMS) and web platform. A vulne ...)
+ TODO: check
+CVE-2024-42213 (HCL BigFix Compliance is affected by inclusion of temporary files left ...)
+ TODO: check
+CVE-2024-42212 (HCL BigFix Compliance is affected by an improper or missing SameSite a ...)
+ TODO: check
+CVE-2024-11615 (The Envolve Plugin plugin for WordPress is vulnerable to arbitrary fil ...)
+ TODO: check
+CVE-2025-47268 (ping in iputils through 20240905 allows a denial of service (applicati ...)
- iputils <unfixed> (bug #1104746)
[bookworm] - iputils <no-dsa> (Minor issue)
NOTE: https://github.com/iputils/iputils/issues/584
@@ -2212,19 +2378,19 @@ CVE-2024-47784 (Unverified Password Change for ANC software that allows an authe
NOT-FOR-US: ABB group
CVE-2024-13943 (Tesla Model S Iris Modem QCMAP_ConnectionManager Improper Input Valida ...)
NOT-FOR-US: Tesla
-CVE-2025-4096
+CVE-2025-4096 (Heap buffer overflow in HTML in Google Chrome prior to 136.0.7103.59 a ...)
{DSA-5914-1}
- chromium 136.0.7103.59-2
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-4052
+CVE-2025-4052 (Inappropriate implementation in DevTools in Google Chrome prior to 136 ...)
{DSA-5914-1}
- chromium 136.0.7103.59-2
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-4051
+CVE-2025-4051 (Insufficient data validation in DevTools in Google Chrome prior to 136 ...)
{DSA-5914-1}
- chromium 136.0.7103.59-2
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-4050
+CVE-2025-4050 (Out of bounds memory access in DevTools in Google Chrome prior to 136. ...)
{DSA-5914-1}
- chromium 136.0.7103.59-2
[bullseye] - chromium <end-of-life> (see #1061268)
@@ -2459,7 +2625,7 @@ CVE-2025-30087 [Cross Site Scripting via injection of malicious parameters in a
NOTE: Fixed by: https://github.com/bestpractical/rt/commit/e144e90f6a5ad2accad2dde1fef17187939b7110 (rt-4.4.8)
NOTE: Fixed by: https://github.com/bestpractical/rt/commit/367359e56a599b72c8e38e177eaba9d32e9a5471 (rt-5.0.8)
NOTE: Fixed by: https://github.com/bestpractical/rt/commit/e24ca3b0a63ce9c2b5d4e01cc419af5056deb346 (rt-5.0.8)
-CVE-2025-2545 [uses the default OpenSSL cipher, 3DES (des3), for encrypting SMIME email]
+CVE-2025-2545 (Vulnerability in Best Practical Solutions, LLC's Request Tracker v5.0. ...)
{DSA-5911-1 DSA-5909-1}
- request-tracker5 5.0.7+dfsg-3 (bug #1104422)
- request-tracker4 <unfixed> (bug #1104424)
@@ -6958,9 +7124,11 @@ CVE-2025-3554 (A vulnerability was found in phpshe 1.8. It has been rated as pro
NOT-FOR-US: phpshe
CVE-2025-3553 (A vulnerability was found in phpshe 1.8. It has been declared as criti ...)
NOT-FOR-US: phpshe
-CVE-2025-3552 (A vulnerability was found in Lingxing ERP 2. It has been classified as ...)
+CVE-2025-3552
+ REJECTED
NOT-FOR-US: Lingxing ERP
-CVE-2025-3551 (A vulnerability was found in Lingxing ERP 2 and classified as critical ...)
+CVE-2025-3551
+ REJECTED
NOT-FOR-US: Lingxing ERP
CVE-2025-3550 (A vulnerability has been found in wowjoy \u6d59\u6c5f\u6e56\u5dde\u534 ...)
NOT-FOR-US: wowjoy Internet Doctor Workstation System
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0afca3c06637e12b676747cb762baebfd44736c7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0afca3c06637e12b676747cb762baebfd44736c7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250505/d5afbe0a/attachment.htm>
More information about the debian-security-tracker-commits
mailing list