[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue May 6 21:15:33 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
91194a2e by security tracker role at 2025-05-06T20:15:26+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,215 @@
+CVE-2025-4388 (A reflected cross-site scripting (XSS) vulnerability in the Liferay Po ...)
+	TODO: check
+CVE-2025-4384 (The MQTT add-on of PcVue fails to verify that a remote device\u2019s c ...)
+	TODO: check
+CVE-2025-4374 (A flaw was found in Quay. When an organization acts as a proxy cache,  ...)
+	TODO: check
+CVE-2025-4373 (A flaw was found in GLib, which is vulnerable to an integer overflow i ...)
+	TODO: check
+CVE-2025-4368 (A vulnerability, which was classified as critical, was found in Tenda  ...)
+	TODO: check
+CVE-2025-4363 (A vulnerability, which was classified as critical, has been found in i ...)
+	TODO: check
+CVE-2025-4362 (A vulnerability classified as critical was found in itsourcecode Gym M ...)
+	TODO: check
+CVE-2025-4361 (A vulnerability classified as critical has been found in PHPGurukul Co ...)
+	TODO: check
+CVE-2025-4360 (A vulnerability, which was classified as critical, has been found in i ...)
+	TODO: check
+CVE-2025-4359 (A vulnerability classified as critical was found in itsourcecode Gym M ...)
+	TODO: check
+CVE-2025-4358 (A vulnerability classified as critical has been found in PHPGurukul Co ...)
+	TODO: check
+CVE-2025-4357 (A vulnerability was found in Tenda RX3 16.03.13.11_multi. It has been  ...)
+	TODO: check
+CVE-2025-4356 (A vulnerability was found in Tenda DAP-1520 1.10B04_BETA02. It has bee ...)
+	TODO: check
+CVE-2025-4355 (A vulnerability was found in Tenda DAP-1520 1.10B04_BETA02. It has bee ...)
+	TODO: check
+CVE-2025-4354 (A vulnerability was found in Tenda DAP-1520 1.10B04_BETA02 and classif ...)
+	TODO: check
+CVE-2025-4353 (A vulnerability, which was classified as critical, was found in Golden ...)
+	TODO: check
+CVE-2025-4352 (A vulnerability, which was classified as critical, has been found in G ...)
+	TODO: check
+CVE-2025-4350 (A vulnerability classified as critical was found in D-Link DIR-600L up ...)
+	TODO: check
+CVE-2025-4349 (A vulnerability classified as critical has been found in D-Link DIR-60 ...)
+	TODO: check
+CVE-2025-4348 (A vulnerability was found in D-Link DIR-600L up to 2.07B01. It has bee ...)
+	TODO: check
+CVE-2025-4347 (A vulnerability was found in D-Link DIR-600L up to 2.07B01. It has bee ...)
+	TODO: check
+CVE-2025-4346 (A vulnerability was found in D-Link DIR-600L up to 2.07B01. It has bee ...)
+	TODO: check
+CVE-2025-4345 (A vulnerability was found in D-Link DIR-600L up to 2.07B01 and classif ...)
+	TODO: check
+CVE-2025-4344 (A vulnerability, which was classified as critical, was found in D-Link ...)
+	TODO: check
+CVE-2025-4343 (A vulnerability has been found in D-Link DIR-600L up to 2.07B01 and cl ...)
+	TODO: check
+CVE-2025-4342 (A vulnerability, which was classified as critical, has been found in D ...)
+	TODO: check
+CVE-2025-4341 (A vulnerability classified as critical was found in D-Link DIR-880L up ...)
+	TODO: check
+CVE-2025-4041 (In Optigo Networks ONS NC600 versions 4.2.1-084 through 4.7.2-330, an  ...)
+	TODO: check
+CVE-2025-47417 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+	TODO: check
+CVE-2025-47256 (Libxmp through 4.6.2 has a stack-based buffer overflow in depack_pha i ...)
+	TODO: check
+CVE-2025-46820 (phpgt/Dom provides access to modern DOM APIs. Versions of phpgt/Dom pr ...)
+	TODO: check
+CVE-2025-46816 (goshs is a SimpleHTTPServer written in Go. Starting in version 0.3.4 a ...)
+	TODO: check
+CVE-2025-46815 (The identity infrastructure software ZITADEL offers developers the abi ...)
+	TODO: check
+CVE-2025-46814 (FastAPI Guard is a security library for FastAPI that provides middlewa ...)
+	TODO: check
+CVE-2025-46736 (Umbraco is a free and open source .NET content management system. Prio ...)
+	TODO: check
+CVE-2025-46735 (Terraform WinDNS Provider allows users to manage their Windows DNS ser ...)
+	TODO: check
+CVE-2025-45492 (Netgear EX8000 V1.0.0.126 is vulnerable to Command Injection via the I ...)
+	TODO: check
+CVE-2025-45491 (Linksys E5600 v1.1.0.26 was discovered to contain a command injection  ...)
+	TODO: check
+CVE-2025-45490 (Linksys E5600 v1.1.0.26 was discovered to contain a command injection  ...)
+	TODO: check
+CVE-2025-45489 (Linksys E5600 v1.1.0.26 was discovered to contain a command injection  ...)
+	TODO: check
+CVE-2025-45488 (Linksys E5600 v1.1.0.26 was discovered to contain a command injection  ...)
+	TODO: check
+CVE-2025-45487 (Linksys E5600 v1.1.0.26 was discovered to contain a command injection  ...)
+	TODO: check
+CVE-2025-45250 (MrDoc v0.95 and before is vulnerable to Server-Side Request Forgery (S ...)
+	TODO: check
+CVE-2025-44900 (In Tenda RX3 V1.0br_V16.03.13.11 in the GetParentControlInfo function  ...)
+	TODO: check
+CVE-2025-40625 (Unrestricted file upload in TCMAN's GIM v11. This vulnerability allows ...)
+	TODO: check
+CVE-2025-40624 (SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthe ...)
+	TODO: check
+CVE-2025-40623 (SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthe ...)
+	TODO: check
+CVE-2025-40622 (SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthe ...)
+	TODO: check
+CVE-2025-40621 (SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthe ...)
+	TODO: check
+CVE-2025-40620 (SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthe ...)
+	TODO: check
+CVE-2025-3782 (The Cision Block plugin for WordPress is vulnerable to Stored Cross-Si ...)
+	TODO: check
+CVE-2025-37730 (Improper certificate validation in Logstash's TCP output could lead to ...)
+	TODO: check
+CVE-2025-32022 (Finit provides fast init for Linux systems. Finit's urandom plugin has ...)
+	TODO: check
+CVE-2025-30165 (vLLM is an inference and serving engine for large language models. In  ...)
+	TODO: check
+CVE-2025-2898 (IBM Maximo Application Suite 9.0 could allow an attacker with some lev ...)
+	TODO: check
+CVE-2025-2011 (The Slider & Popup Builder by Depicter plugin for WordPress is vulnera ...)
+	TODO: check
+CVE-2025-27248 (in OpenHarmony v5.0.3 and prior versions allow a local attacker case D ...)
+	TODO: check
+CVE-2025-27241 (in OpenHarmony v5.0.3 and prior versions allow a local attacker case D ...)
+	TODO: check
+CVE-2025-27132 (in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitr ...)
+	TODO: check
+CVE-2025-26262 (An issue in the component /internals/functions of R-fx Networks Linux  ...)
+	TODO: check
+CVE-2025-25218 (in OpenHarmony v5.0.3 and prior versions allow a local attacker case D ...)
+	TODO: check
+CVE-2025-25052 (in OpenHarmony v5.0.3 and prior versions allow a local attacker cause  ...)
+	TODO: check
+CVE-2025-25014 (A Prototype pollution vulnerability in Kibana leads to arbitrary code  ...)
+	TODO: check
+CVE-2025-23379 (Dell Storage Center - Dell Storage Manager, version(s) 21.0.20, contai ...)
+	TODO: check
+CVE-2025-22886 (in OpenHarmony v5.0.3 and prior versions allow a local attacker case D ...)
+	TODO: check
+CVE-2025-22479 (Dell Storage Center - Dell Storage Manager, version(s) 20.0.21, contai ...)
+	TODO: check
+CVE-2025-22478 (Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contai ...)
+	TODO: check
+CVE-2025-22477 (Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contai ...)
+	TODO: check
+CVE-2025-22476 (Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contai ...)
+	TODO: check
+CVE-2025-21475 (Memory corruption while processing escape code, when DisplayId is pass ...)
+	TODO: check
+CVE-2025-21470 (Memory corruption while processing image encoding, when configuration  ...)
+	TODO: check
+CVE-2025-21469 (Memory corruption while processing image encoding, when input buffer l ...)
+	TODO: check
+CVE-2025-21468 (Memory corruption while reading response from FW, when buffer size is  ...)
+	TODO: check
+CVE-2025-21467 (Memory corruption while reading the FW response from the shared queue.)
+	TODO: check
+CVE-2025-21462 (Memory corruption while processing an IOCTL request, when buffer signi ...)
+	TODO: check
+CVE-2025-21460 (Memory corruption while processing a message, when the buffer is contr ...)
+	TODO: check
+CVE-2025-21459 (Transient DOS while parsing per STA profile in ML IE.)
+	TODO: check
+CVE-2025-21453 (Memory corruption while processing a data structure, when an iterator  ...)
+	TODO: check
+CVE-2025-0984 (Unrestricted Upload of File with Dangerous Type, Improper Neutralizati ...)
+	TODO: check
+CVE-2024-49847 (Transient DOS while processing of a registration acceptance OTA due to ...)
+	TODO: check
+CVE-2024-49846 (Memory corruption while decoding of OTA messages from T3448 IE.)
+	TODO: check
+CVE-2024-49845 (Memory corruption during the FRS UDS generation process.)
+	TODO: check
+CVE-2024-49844 (Memory corruption while triggering commands in the PlayReady Trusted a ...)
+	TODO: check
+CVE-2024-49842 (Memory corruption during memory mapping into protected VM address spac ...)
+	TODO: check
+CVE-2024-49841 (Memory corruption during memory assignment to headless peripheral VM d ...)
+	TODO: check
+CVE-2024-49835 (Memory corruption while reading secure file.)
+	TODO: check
+CVE-2024-49830 (Memory corruption while processing an IOCTL call to set mixer controls ...)
+	TODO: check
+CVE-2024-49829 (Memory corruption can occur during context user dumps due to inadequat ...)
+	TODO: check
+CVE-2024-45583 (Memory corruption while handling multiple IOCTL calls from userspace t ...)
+	TODO: check
+CVE-2024-45581 (Memory corruption while sound model registration for voice activation  ...)
+	TODO: check
+CVE-2024-45579 (Memory corruption may occur when invoking IOCTL calls from userspace t ...)
+	TODO: check
+CVE-2024-45578 (Memory corruption while acquire and update IOCTLs during IFE output re ...)
+	TODO: check
+CVE-2024-45577 (Memory corruption while invoking IOCTL calls from userspace to camera  ...)
+	TODO: check
+CVE-2024-45576 (Memory corruption while prociesing command buffer buffer in OPE module ...)
+	TODO: check
+CVE-2024-45575 (Memory corruption Camera kernel when large number of devices are attac ...)
+	TODO: check
+CVE-2024-45574 (Memory corruption during array access in Camera kernel due to invalid  ...)
+	TODO: check
+CVE-2024-45570 (Memory corruption may occur during IO configuration processing when th ...)
+	TODO: check
+CVE-2024-45568 (Memory corruption due to improper bounds check while command handling  ...)
+	TODO: check
+CVE-2024-45567 (Memory corruption while encoding JPEG format.)
+	TODO: check
+CVE-2024-45566 (Memory corruption during concurrent buffer access due to modification  ...)
+	TODO: check
+CVE-2024-45565 (Memory corruption when blob structure is modified by user-space after  ...)
+	TODO: check
+CVE-2024-45564 (Memory corruption during concurrent access to server info object due t ...)
+	TODO: check
+CVE-2024-45563 (Memory corruption while handling schedule request in Camera Request Ma ...)
+	TODO: check
+CVE-2024-45562 (Memory corruption during concurrent access to server info object due t ...)
+	TODO: check
+CVE-2024-45554 (Memory corruption during concurrent SSR execution due to race conditio ...)
+	TODO: check
+CVE-2023-33770 (Real Estate Management System v1.0 was discovered to contain a SQL inj ...)
+	TODO: check
 CVE-2025-22873
 	- golang-1.24 <unfixed>
 	- golang-1.23 <not-affected> (Vulnerable code only present in 1.24.x releases)
@@ -2810,7 +3022,7 @@ CVE-2025-4038 (A vulnerability was found in code-projects Train Ticket Reservati
 	NOT-FOR-US: code-projects
 CVE-2025-4037 (A vulnerability was found in code-projects ATM Banking 1.0. It has bee ...)
 	NOT-FOR-US: code-projects
-CVE-2025-46762
+CVE-2025-46762 (Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and ...)
 	NOT-FOR-US: Apache Parquet
 CVE-2025-46761
 	REJECTED
@@ -21298,7 +21510,7 @@ CVE-2024-53382 (Prism (aka PrismJS) through 1.29.0 allows DOM Clobbering (with r
 	NOTE: Fixed by: https://github.com/PrismJS/prism/commit/8e8b9352dac64457194dd9e51096b4772532e53d (v1.30.0)
 CVE-2025-1801 (A flaw was found in the Ansible aap-gateway. Concurrent requests handl ...)
 	NOT-FOR-US: RedHat Ansible Automation Platform Gateway
-CVE-2024-12225
+CVE-2024-12225 (A vulnerability was found in Quarkus in the quarkus-security-webauthn  ...)
 	NOT-FOR-US: Quarkus
 CVE-2025-1831 (A vulnerability classified as critical has been found in zj1983 zz up  ...)
 	NOT-FOR-US: zj1983 zz
@@ -305655,7 +305867,7 @@ CVE-2021-41184 (jQuery-UI is the official jQuery user interface library. Prior t
 	- otrs2 6.3.1-1
 	[bullseye] - otrs2 <no-dsa> (Non-free not supported)
 	[stretch] - otrs2 <no-dsa> (Non-free not supported)
-	- openshot-qt
+	- openshot-qt <unfixed>
 	NOTE: https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327
 	NOTE: https://github.com/jquery/jquery-ui/commit/effa323f1505f2ce7a324e4f429fa9032c72f280
 	NOTE: https://www.znuny.org/en/advisories/zsa-2022-01
@@ -305665,7 +305877,7 @@ CVE-2021-41183 (jQuery-UI is the official jQuery user interface library. Prior t
 	- jqueryui 1.13.0+dfsg-1
 	[bullseye] - jqueryui 1.12.1+dfsg-8+deb11u1
 	[stretch] - jqueryui <no-dsa> (Minor issue)
-	- openshot-qt
+	- openshot-qt <unfixed>
 	- otrs2 6.3.1-1
 	[bullseye] - otrs2 <no-dsa> (Non-free not supported)
 	[stretch] - otrs2 <no-dsa> (Non-free not supported)
@@ -305680,7 +305892,7 @@ CVE-2021-41182 (jQuery-UI is the official jQuery user interface library. Prior t
 	- jqueryui 1.13.0+dfsg-1
 	[bullseye] - jqueryui 1.12.1+dfsg-8+deb11u1
 	[stretch] - jqueryui <no-dsa> (Minor issue)
-	- openshot-qt
+	- openshot-qt <unfixed>
 	- otrs2 6.3.1-1
 	[bullseye] - otrs2 <no-dsa> (Non-free not supported)
 	[stretch] - otrs2 <no-dsa> (Non-free not supported)
@@ -549570,7 +549782,7 @@ CVE-2017-17552 (/LoadFrame in Zoho ManageEngine AD Manager Plus build 6590 - 661
 CVE-2018-1360 (A cleartext transmission of sensitive information vulnerability in For ...)
 	NOT-FOR-US: Fortinet
 CVE-2018-1359
-	RESERVED
+	REJECTED
 CVE-2018-1358
 	REJECTED
 CVE-2018-1357
@@ -612648,7 +612860,7 @@ CVE-2016-7103 (Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12
 	- jqueryui 1.12.1+dfsg-1
 	[jessie] - jqueryui <no-dsa> (Minor issue)
 	[wheezy] - jqueryui <no-dsa> (Minor issue)
-	- openshot-qt
+	- openshot-qt <unfixed>
 	NOTE: https://nodesecurity.io/advisories/127
 	NOTE: https://github.com/jquery/jquery-ui/pull/1622
 	NOTE: https://github.com/jquery/jquery-ui/pull/1632



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/91194a2e244c82fb41c7457ac26b44fac4f993a5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/91194a2e244c82fb41c7457ac26b44fac4f993a5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250506/325f3441/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list