[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed May 7 21:12:40 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b295a3a3 by security tracker role at 2025-05-07T20:12:33+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,502 @@
-CVE-2020-36791 [net_sched: keep alloc_hash updated after hash allocation]
+CVE-2025-4104 (The Frontend Dashboard plugin for WordPress is vulnerable to Privilege ...)
+ TODO: check
+CVE-2025-47692 (Missing Authorization vulnerability in contentstudio ContentStudio all ...)
+ TODO: check
+CVE-2025-47691 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
+ TODO: check
+CVE-2025-47688 (Missing Authorization vulnerability in Saad Iqbal Advanced File Manage ...)
+ TODO: check
+CVE-2025-47686 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-47685 (Cross-Site Request Forgery (CSRF) vulnerability in Moloni Contribuinte ...)
+ TODO: check
+CVE-2025-47684 (Cross-Site Request Forgery (CSRF) vulnerability in Smaily Smaily for W ...)
+ TODO: check
+CVE-2025-47683 (Deserialization of Untrusted Data vulnerability in Florent Maillefaud ...)
+ TODO: check
+CVE-2025-47681 (Cross-Site Request Forgery (CSRF) vulnerability in Ability, Inc Web Ac ...)
+ TODO: check
+CVE-2025-47679 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-47677 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-47676 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-47675 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-47674 (Cross-Site Request Forgery (CSRF) vulnerability in Credova Financial C ...)
+ TODO: check
+CVE-2025-47669 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-47668 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-47667 (Cross-Site Request Forgery (CSRF) vulnerability in qusupport LiveAgent ...)
+ TODO: check
+CVE-2025-47665 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-47664 (Server-Side Request Forgery (SSRF) vulnerability in ThimPress WP Pipes ...)
+ TODO: check
+CVE-2025-47662 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-47661 (Cross-Site Request Forgery (CSRF) vulnerability in codemstory \uc6cc\u ...)
+ TODO: check
+CVE-2025-47659 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-47657 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-47656 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-47655 (Cross-Site Request Forgery (CSRF) vulnerability in themarketer2023 the ...)
+ TODO: check
+CVE-2025-47653 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-47649 (Path Traversal vulnerability in ilmosys Open Close WooCommerce Store a ...)
+ TODO: check
+CVE-2025-47648 (Cross-Site Request Forgery (CSRF) vulnerability in axima Pays \u2013 W ...)
+ TODO: check
+CVE-2025-47647 (Cross-Site Request Forgery (CSRF) vulnerability in OTWthemes Sidebar M ...)
+ TODO: check
+CVE-2025-47644 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in f ...)
+ TODO: check
+CVE-2025-47643 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-47639 (Cross-Site Request Forgery (CSRF) vulnerability in Supertext Supertext ...)
+ TODO: check
+CVE-2025-47638 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-47636 (Path Traversal vulnerability in Fernando Briano List category posts al ...)
+ TODO: check
+CVE-2025-47635 (Server-Side Request Forgery (SSRF) vulnerability in WPWebinarSystem We ...)
+ TODO: check
+CVE-2025-47633 (Cross-Site Request Forgery (CSRF) vulnerability in Awin Awin \u2013 Ad ...)
+ TODO: check
+CVE-2025-47632 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-47630 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-47629 (Deserialization of Untrusted Data vulnerability in Mario Peshev WP-CRM ...)
+ TODO: check
+CVE-2025-47628 (Missing Authorization vulnerability in quomodosoft QS Dark Mode allows ...)
+ TODO: check
+CVE-2025-47626 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-47625 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-47624 (Cross-Site Request Forgery (CSRF) vulnerability in apasionados DoFollo ...)
+ TODO: check
+CVE-2025-47623 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-47622 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-47621 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-47620 (Cross-Site Request Forgery (CSRF) vulnerability in bundgaard Martins F ...)
+ TODO: check
+CVE-2025-47617 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-47616 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-47615 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-47614 (Cross-Site Request Forgery (CSRF) vulnerability in Chris Clark LessBut ...)
+ TODO: check
+CVE-2025-47612 (Missing Authorization vulnerability in flowdee ClickWhale allows Explo ...)
+ TODO: check
+CVE-2025-47609 (Cross-Site Request Forgery (CSRF) vulnerability in easymebiz EasyMe Co ...)
+ TODO: check
+CVE-2025-47607 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-47606 (Cross-Site Request Forgery (CSRF) vulnerability in Igor Benic Simple G ...)
+ TODO: check
+CVE-2025-47605 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-47604 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-47602 (Missing Authorization vulnerability in ammarahmad786 Calculate Prices ...)
+ TODO: check
+CVE-2025-47597 (Cross-Site Request Forgery (CSRF) vulnerability in Maulik Vora WP Podc ...)
+ TODO: check
+CVE-2025-47596 (Cross-Site Request Forgery (CSRF) vulnerability in Syed Balkhi Beacon ...)
+ TODO: check
+CVE-2025-47595 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-47594 (Cross-Site Request Forgery (CSRF) vulnerability in DAEXT Soccer Live S ...)
+ TODO: check
+CVE-2025-47593 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-47592 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-47591 (Missing Authorization vulnerability in CreedAlly Bulk Featured Image a ...)
+ TODO: check
+CVE-2025-47590 (Cross-Site Request Forgery (CSRF) vulnerability in John Dagelmore WPSp ...)
+ TODO: check
+CVE-2025-47589 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-47587 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-47551 (Cross-Site Request Forgery (CSRF) vulnerability in ctltwp Wiki Embed a ...)
+ TODO: check
+CVE-2025-47550 (Unrestricted Upload of File with Dangerous Type vulnerability in Theme ...)
+ TODO: check
+CVE-2025-47549 (Unrestricted Upload of File with Dangerous Type vulnerability in Theme ...)
+ TODO: check
+CVE-2025-47548 (Server-Side Request Forgery (SSRF) vulnerability in Varun Dubey Wbcom ...)
+ TODO: check
+CVE-2025-47547 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-47546 (Cross-Site Request Forgery (CSRF) vulnerability in AresIT WP Compress ...)
+ TODO: check
+CVE-2025-47545 (Concurrent Execution using Shared Resource with Improper Synchronizati ...)
+ TODO: check
+CVE-2025-47544 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-47543 (Cross-Site Request Forgery (CSRF) vulnerability in themetechmount True ...)
+ TODO: check
+CVE-2025-47542 (Cross-Site Request Forgery (CSRF) vulnerability in Michael Simple cale ...)
+ TODO: check
+CVE-2025-47540 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
+ TODO: check
+CVE-2025-47538 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-47537 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-47533 (Cross-Site Request Forgery (CSRF) vulnerability in Iqonic Design Graph ...)
+ TODO: check
+CVE-2025-47531 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-47528 (Missing Authorization vulnerability in pewilliams Ovation Elements all ...)
+ TODO: check
+CVE-2025-47526 (Missing Authorization vulnerability in GS Plugins GS Variation Swatche ...)
+ TODO: check
+CVE-2025-47525 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-47524 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-47523 (Cross-Site Request Forgery (CSRF) vulnerability in Luk\xe1\u0161 Hartm ...)
+ TODO: check
+CVE-2025-47522 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-47521 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-47520 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-47519 (Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Easy ...)
+ TODO: check
+CVE-2025-47518 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-47517 (Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Acce ...)
+ TODO: check
+CVE-2025-47516 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-47515 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-47514 (Cross-Site Request Forgery (CSRF) vulnerability in Eli ELI's Related P ...)
+ TODO: check
+CVE-2025-47510 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-47509 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-47508 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-47507 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-47506 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-47505 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-47504 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-47503 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-47502 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-47501 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-47499 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-47498 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-47497 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-47496 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-47495 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-47494 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-47493 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-47491 (Cross-Site Request Forgery (CSRF) vulnerability in A WP Life Contact F ...)
+ TODO: check
+CVE-2025-47490 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-47489 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-47488 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-47486 (Missing Authorization vulnerability in CyberChimps Gutenberg & Element ...)
+ TODO: check
+CVE-2025-47485 (Missing Authorization vulnerability in CozyThemes Cozy Blocks allows E ...)
+ TODO: check
+CVE-2025-47484 (Server-Side Request Forgery (SSRF) vulnerability in Oliver Campion Dis ...)
+ TODO: check
+CVE-2025-47483 (Server-Side Request Forgery (SSRF) vulnerability in Iulia Cazan Easy R ...)
+ TODO: check
+CVE-2025-47482 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-47481 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
+ TODO: check
+CVE-2025-47480 (Missing Authorization vulnerability in Iqonic Design Graphina allows E ...)
+ TODO: check
+CVE-2025-47476 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-47475 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-47473 (Cross-Site Request Forgery (CSRF) vulnerability in pimwick PW WooComme ...)
+ TODO: check
+CVE-2025-47472 (Missing Authorization vulnerability in codepeople Music Player for Woo ...)
+ TODO: check
+CVE-2025-47471 (Missing Authorization vulnerability in EnvoThemes Envo Extra allows Ex ...)
+ TODO: check
+CVE-2025-47470 (Cross-Site Request Forgery (CSRF) vulnerability in senols GPT3 AI Cont ...)
+ TODO: check
+CVE-2025-47469 (Missing Authorization vulnerability in slui Media Hygiene allows Explo ...)
+ TODO: check
+CVE-2025-47468 (Cross-Site Request Forgery (CSRF) vulnerability in hashthemes Hash For ...)
+ TODO: check
+CVE-2025-47467 (Missing Authorization vulnerability in GS Plugins GS Testimonial Slide ...)
+ TODO: check
+CVE-2025-47466 (Cross-Site Request Forgery (CSRF) vulnerability in Rustaurius Ultimate ...)
+ TODO: check
+CVE-2025-47465 (Missing Authorization vulnerability in CreativeThemes Blocksy allows E ...)
+ TODO: check
+CVE-2025-47464 (Server-Side Request Forgery (SSRF) vulnerability in solacewp Solace Ex ...)
+ TODO: check
+CVE-2025-47462 (Cross-Site Request Forgery (CSRF) vulnerability in Ohidul Islam Challa ...)
+ TODO: check
+CVE-2025-47460 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-47459 (Cross-Site Request Forgery (CSRF) vulnerability in XpeedStudio WP Fund ...)
+ TODO: check
+CVE-2025-47457 (Missing Authorization vulnerability in dgamoni LocateAndFilter allows ...)
+ TODO: check
+CVE-2025-47456 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in C ...)
+ TODO: check
+CVE-2025-47455 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in C ...)
+ TODO: check
+CVE-2025-47454 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in C ...)
+ TODO: check
+CVE-2025-47451 (Cross-Site Request Forgery (CSRF) vulnerability in silverplugins217 Pr ...)
+ TODO: check
+CVE-2025-47450 (Missing Authorization vulnerability in Mitchell Bennis Simple File Lis ...)
+ TODO: check
+CVE-2025-47449 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-47448 (Cross-Site Request Forgery (CSRF) vulnerability in ThimPress WP Hotel ...)
+ TODO: check
+CVE-2025-47447 (Cross-Site Request Forgery (CSRF) vulnerability in Hossni Mubarak Cool ...)
+ TODO: check
+CVE-2025-47446 (Cross-Site Request Forgery (CSRF) vulnerability in listamester Listame ...)
+ TODO: check
+CVE-2025-47443 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-47442 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-47441 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-47440 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-47439 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-47423 (Personal Weather Station Dashboard 12_lts allows unauthenticated remot ...)
+ TODO: check
+CVE-2025-47203 (dbclient in Dropbear SSH before 2025.88 allows command injection via a ...)
+ TODO: check
+CVE-2025-46828 (WeGIA is a web manager for charitable institutions. An unauthenticate ...)
+ TODO: check
+CVE-2025-46827 (Graylog is a free and open log management platform. Prior to versions ...)
+ TODO: check
+CVE-2025-46824 (The Discourse Code Review Plugin allows users to review GitHub commits ...)
+ TODO: check
+CVE-2025-46551 (JRuby-OpenSSL is an add-on gem for JRuby that emulates the Ruby OpenSS ...)
+ TODO: check
+CVE-2025-45514 (Tenda FH451 V1.0.0.9 has a stack overflow vulnerability in the functio ...)
+ TODO: check
+CVE-2025-45388 (Wagtail CMS 6.4.1 is vulnerable to a Stored Cross-Site Scripting (XSS) ...)
+ TODO: check
+CVE-2025-3476 (Incorrect Authorization vulnerability in OpenText\u2122 Operations Bri ...)
+ TODO: check
+CVE-2025-3272 (Incorrect Authorization vulnerability in OpenText\u2122 Operations Bri ...)
+ TODO: check
+CVE-2025-39361 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-33093 (IBM Sterling Partner Engagement Manager 6.1.0, 6.2.0, 6.2.2 JWT secret ...)
+ TODO: check
+CVE-2025-32821 (A vulnerability in SMA100 allows a remote authenticated attacker with ...)
+ TODO: check
+CVE-2025-32820 (A vulnerability in SMA100 allows a remote authenticated attacker with ...)
+ TODO: check
+CVE-2025-32819 (A vulnerability in SMA100 allows a remote authenticated attacker with ...)
+ TODO: check
+CVE-2025-30147 (Besu Native contains scripts and tooling that is used to build and pac ...)
+ TODO: check
+CVE-2025-2778
+ REJECTED
+CVE-2025-2777 (SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticate ...)
+ TODO: check
+CVE-2025-2776 (SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticate ...)
+ TODO: check
+CVE-2025-2775 (SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticate ...)
+ TODO: check
+CVE-2025-29746 (Cross Site Scripting vulnerability in Koillection v.1.6.10 allows a re ...)
+ TODO: check
+CVE-2025-29602 (flatpress 1.3.1 is vulnerable to Cross Site Scripting (XSS) in Adminis ...)
+ TODO: check
+CVE-2025-29448 (A business logic vulnerability in Easy Appointments v1.5.1 allows atta ...)
+ TODO: check
+CVE-2025-29154 (HTML injection vulnerability in lemeconsultoria HCM galera.app v.4.58. ...)
+ TODO: check
+CVE-2025-29153 (SQL Injection vulnerability in lemeconsultoria HCM galera.app v.4.58.0 ...)
+ TODO: check
+CVE-2025-29152 (Cross-Site Scripting vulnerability in lemeconsultoria HCM galera.app v ...)
+ TODO: check
+CVE-2025-26169 (IXON VPN Client before 1.4.4 on Windows allows Local Privilege Escalat ...)
+ TODO: check
+CVE-2025-26168 (IXON VPN Client before 1.4.4 on Linux and macOS allows Local Privilege ...)
+ TODO: check
+CVE-2025-20980 (Out-of-bounds write in libsavscmn prior to Android 15 allows local att ...)
+ TODO: check
+CVE-2025-20979 (Out-of-bounds write in libsavscmn prior to Android 15 allows local att ...)
+ TODO: check
+CVE-2025-20978 (Improper access control in PENUP prior to version 3.9.19.32 allows loc ...)
+ TODO: check
+CVE-2025-20977 (Use of implicit intent for sensitive communication in translation in S ...)
+ TODO: check
+CVE-2025-20976 (Out-of-bounds read in applying binary of text content in Samsung Notes ...)
+ TODO: check
+CVE-2025-20975 (Improper Export of Android Application Components in AODService prior ...)
+ TODO: check
+CVE-2025-20974 (Improper handling of insufficient permission in PackageInstallerCN pri ...)
+ TODO: check
+CVE-2025-20973 (Improper authentication in Secure Folder prior to version 1.8.12.0 in ...)
+ TODO: check
+CVE-2025-20972 (Improper verification of intent by broadcast receiver in Samsung Flow ...)
+ TODO: check
+CVE-2025-20971 (Improper input validation in Samsung Flow prior to version 4.9.17.6 al ...)
+ TODO: check
+CVE-2025-20970 (Improper access control in Bixby Vision prior to version 3.8.1 in Andr ...)
+ TODO: check
+CVE-2025-20969 (Improper input validation in Samsung Gallery prior to version 14.5.10. ...)
+ TODO: check
+CVE-2025-20968 (Improper access control in Samsung Gallery prior to version 14.5.10.3 ...)
+ TODO: check
+CVE-2025-20967 (Improper access control in Samsung Gallery prior to version 14.5.10.3 ...)
+ TODO: check
+CVE-2025-20966 (Improper access control in Samsung Gallery prior to version 14.5.10.3 ...)
+ TODO: check
+CVE-2025-20965 (Improper handling of insufficient permission in Bixby wakeup prior to ...)
+ TODO: check
+CVE-2025-20964 (Out-of-bounds write in parsing media files in libsavsvc.so prior to SM ...)
+ TODO: check
+CVE-2025-20963 (Out-of-bounds write in memory initialization in libsavsvc.so prior to ...)
+ TODO: check
+CVE-2025-20962 (Improper handling of insufficient permission in SpenGesture service pr ...)
+ TODO: check
+CVE-2025-20961 (Improper handling of insufficient permission or privileges in sepunion ...)
+ TODO: check
+CVE-2025-20960 (Improper handling of insufficient permission in CocktailBarService pri ...)
+ TODO: check
+CVE-2025-20959 (Use of implicit intent for sensitive communication in Wi-Fi P2P servic ...)
+ TODO: check
+CVE-2025-20958 (Improper verification of intent by broadcast receiver in UnifiedWFC pr ...)
+ TODO: check
+CVE-2025-20957 (Improper access control in SmartManagerCN prior to SMR May-2025 Releas ...)
+ TODO: check
+CVE-2025-20956 (Improper export of android application components in Settings in Galax ...)
+ TODO: check
+CVE-2025-20955 (Improper Export of Android Application Components in NotificationHisto ...)
+ TODO: check
+CVE-2025-20954 (Use of implicit intent for sensitive communication in EnrichedCall pri ...)
+ TODO: check
+CVE-2025-20953 (Improper access control in SmartManagerCN prior to SMR May-2025 Releas ...)
+ TODO: check
+CVE-2025-20949 (Path traversal vulnerability in Samsung Members prior to version 5.0.0 ...)
+ TODO: check
+CVE-2025-20937 (Out-of-bounds write in Keymaster trustlet prior to SMR May-2025 Releas ...)
+ TODO: check
+CVE-2025-20223 (A vulnerability in Cisco Catalyst Center, formerly Cisco DNA Center, c ...)
+ TODO: check
+CVE-2025-20221 (A vulnerability in the packet filtering features of Cisco IOS XE SD-WA ...)
+ TODO: check
+CVE-2025-20216 (A vulnerability in the web interface of Cisco Catalyst SD-WAN Manager, ...)
+ TODO: check
+CVE-2025-20214 (A vulnerability in the Network Configuration Access Control Module (NA ...)
+ TODO: check
+CVE-2025-20213 (A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly ...)
+ TODO: check
+CVE-2025-20210 (A vulnerability in the management API of Cisco Catalyst Center, former ...)
+ TODO: check
+CVE-2025-20202 (A vulnerability in Cisco IOS XE Wireless Controller Software could all ...)
+ TODO: check
+CVE-2025-20201 (A vulnerabilityin the CLI of Cisco IOS XE Software could allow an auth ...)
+ TODO: check
+CVE-2025-20200 (A vulnerabilityin the CLI of Cisco IOS XE Software could allow an auth ...)
+ TODO: check
+CVE-2025-20199 (A vulnerability in the CLI of Cisco IOS XE Software could allow an aut ...)
+ TODO: check
+CVE-2025-20198 (A vulnerabilityin the CLI of Cisco IOS XE Software could allow an auth ...)
+ TODO: check
+CVE-2025-20197 (A vulnerability in the CLI of Cisco IOS XE Software could allow an aut ...)
+ TODO: check
+CVE-2025-20196 (A vulnerability in the Cisco IOx application hosting environment of Ci ...)
+ TODO: check
+CVE-2025-20195 (A vulnerability in the web-based management interface of Cisco IOS XE ...)
+ TODO: check
+CVE-2025-20194 (A vulnerability in the web-based management interface of Cisco IOS XE ...)
+ TODO: check
+CVE-2025-20193 (A vulnerability in the web-based management interface of Cisco IOS XE ...)
+ TODO: check
+CVE-2025-20192 (A vulnerability in the Internet Key Exchange version 1 (IKEv1) impleme ...)
+ TODO: check
+CVE-2025-20191 (A vulnerability in the Switch Integrated Security Features (SISF) of C ...)
+ TODO: check
+CVE-2025-20190 (A vulnerability in the lobby ambassador web interface of Cisco IOS XE ...)
+ TODO: check
+CVE-2025-20189 (A vulnerability in the Cisco Express Forwarding functionality of Cisco ...)
+ TODO: check
+CVE-2025-20188 (A vulnerability in the Out-of-Band Access Point (AP) Image Download fe ...)
+ TODO: check
+CVE-2025-20187 (A vulnerability in the application data endpoints of Cisco Catalyst SD ...)
+ TODO: check
+CVE-2025-20186 (A vulnerability in the web-based management interface of the Wireless ...)
+ TODO: check
+CVE-2025-20182 (A vulnerability in the Internet Key Exchange version 2 (IKEv2) protoco ...)
+ TODO: check
+CVE-2025-20181 (A vulnerability in Cisco IOS Software for Cisco Catalyst 2960X, 2960XR ...)
+ TODO: check
+CVE-2025-20164 (A vulnerability in the Cisco Industrial Ethernet Switch Device Manager ...)
+ TODO: check
+CVE-2025-20162 (A vulnerability in the DHCP snooping security feature of Cisco IOS XE ...)
+ TODO: check
+CVE-2025-20157 (A vulnerability in certificate validation processing of Cisco Catalyst ...)
+ TODO: check
+CVE-2025-20155 (A vulnerability in the bootstrap loading of Cisco IOS XE Software coul ...)
+ TODO: check
+CVE-2025-20154 (A vulnerability in the Two-Way Active Measurement Protocol (TWAMP) ser ...)
+ TODO: check
+CVE-2025-20151 (A vulnerability in the implementation of the Simple Network Management ...)
+ TODO: check
+CVE-2025-20147 (A vulnerability in the web-based management interface of Cisco Catalys ...)
+ TODO: check
+CVE-2025-20140 (A vulnerability in the Wireless Network Control daemon (wncd) of Cisco ...)
+ TODO: check
+CVE-2025-20137 (A vulnerability in the access control list (ACL) programming of Cisco ...)
+ TODO: check
+CVE-2025-20122 (A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly ...)
+ TODO: check
+CVE-2024-47619 (syslog-ng is an enhanced log daemo. Prior to version 4.8.2, `tls_wildc ...)
+ TODO: check
+CVE-2020-36791 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 5.5.17-1
NOTE: https://git.kernel.org/linus/0d1c3530e1bd38382edef72591b78e877e0edcd3 (5.6)
CVE-2025-32873
@@ -91,10 +589,11 @@ CVE-2025-0649 (Incorrect JSON input stringificationin Google's Tensorflow servin
TODO: check
CVE-2024-12120 (The Royal Elementor Addons and Templates plugin for WordPress is vulne ...)
NOT-FOR-US: WordPress plugin
-CVE-2025-27533 [Unchecked buffer length can cause excessive memory allocation]
+CVE-2025-27533 (Memory Allocation with Excessive Size Value vulnerability in Apache Ac ...)
- activemq <unfixed>
NOTE: https://issues.apache.org/jira/browse/AMQ-6596
CVE-2025-4372 (Use after free in WebAudio in Google Chrome prior to 136.0.7103.92 all ...)
+ {DSA-5916-1}
- chromium 136.0.7103.92-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-4388 (A reflected cross-site scripting (XSS) vulnerability in the Liferay Po ...)
@@ -19463,6 +19962,7 @@ CVE-2023-52971 (MariaDB Server 10.10 through 10.11.* and 11.0 through 11.4.* cra
NOTE: Fixed in MariaDB: 10.11.12, 11.4.6, 11.8.2
NOTE: MariaDB commit: https://github.com/MariaDB/server/commit/3b4de4c281cb3e33e6d3ee9537e542bf0a84b83e
CVE-2023-52970 (MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through ...)
+ {DLA-4154-1}
- mariadb <unfixed> (bug #1100437)
[bookworm] - mariadb <no-dsa> (Minor issue)
- mariadb-10.5 <removed>
@@ -19471,6 +19971,7 @@ CVE-2023-52970 (MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 th
NOTE: MariaDB commit [1/2]: https://github.com/MariaDB/server/commit/9b313d2de1df65626abb3b1d6c973f74addb12fb (mariadb-10.5.29)
NOTE: MariaDB commit [2/2]: https://github.com/MariaDB/server/commit/4fc9dc84b017cf9f30585bcdef0663f9425fe460 (mariadb-10.5.29)
CVE-2023-52969 (MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through ...)
+ {DLA-4154-1}
- mariadb <unfixed> (bug #1100437)
[bookworm] - mariadb <no-dsa> (Minor issue)
- mariadb-10.5 <removed>
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b295a3a3dc1431d7d0a13de3c563126e6f4ad689
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b295a3a3dc1431d7d0a13de3c563126e6f4ad689
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250507/11f6e3eb/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list