[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon May 12 21:18:36 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
228491a6 by security tracker role at 2025-05-12T20:18:29+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,83 @@
+CVE-2025-47682 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-47578 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-47274 (ToolHive is a utility designed to simplify the deployment and manageme ...)
+ TODO: check
+CVE-2025-47271 (The OZI action is a GitHub Action that publishes releases to PyPI and ...)
+ TODO: check
+CVE-2025-47270 (nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of ...)
+ TODO: check
+CVE-2025-46750 (SEL BIOS packages prior to 1.3.49152.117 or 2.6.49152.98 allow a local ...)
+ TODO: check
+CVE-2025-46749 (An authenticated user could submit scripting to fields that lack prope ...)
+ TODO: check
+CVE-2025-46748 (An authenticated user attempting to change their password could do so ...)
+ TODO: check
+CVE-2025-46747 (An authenticated user without user-management permissions could identi ...)
+ TODO: check
+CVE-2025-46746 (An administrator could discover another account's credentials.)
+ TODO: check
+CVE-2025-46745 (An authenticated user without user-management permissions could view o ...)
+ TODO: check
+CVE-2025-46744 (An authenticated administrator could modify the Created By username fo ...)
+ TODO: check
+CVE-2025-46743 (An authenticated user's token could be used by another source after th ...)
+ TODO: check
+CVE-2025-46742 (Users who were required to change their password could still access sy ...)
+ TODO: check
+CVE-2025-46741 (A suspended or recently logged-out user could continue to interact wit ...)
+ TODO: check
+CVE-2025-46740 (An authenticated user without user administrative permissions could c ...)
+ TODO: check
+CVE-2025-46739 (An unauthenticated user could discover account credentials via a brute ...)
+ TODO: check
+CVE-2025-46738 (An authenticated attacker can maliciously modify layout data files in ...)
+ TODO: check
+CVE-2025-46737 (SEL-5037 Grid Configurator contains an overly permissive Cross Origin ...)
+ TODO: check
+CVE-2025-46729 (julmud/phpDVDProfiler is an adoption of the defunct phpDVDProfiler pro ...)
+ TODO: check
+CVE-2025-46611 (Cross Site Scripting vulnerability in ARTEC EMA Mail v6.92 allows an a ...)
+ TODO: check
+CVE-2025-46610 (ARTEC EMA Mail 6.92 allows CSRF.)
+ TODO: check
+CVE-2025-45835 (A null pointer dereference vulnerability was discovered in Netis WF288 ...)
+ TODO: check
+CVE-2025-45779 (Tenda AC10 V1.0re_V15.03.06.46 is vulnerable to Buffer Overflow in the ...)
+ TODO: check
+CVE-2025-44830 (EngineerCMS v1.02 through v.2.0.5 has a SQL injection vulnerability in ...)
+ TODO: check
+CVE-2025-44176 (Tenda FH451 V1.0.0.9 is vulnerable to Remote Code Execution in the for ...)
+ TODO: check
+CVE-2025-44175 (Tenda AC10 v4 V16.03.10.13 is vulnerable to Buffer Overflow in the Get ...)
+ TODO: check
+CVE-2025-44022 (An issue in vvveb CMS v.1.0.6 allows a remote attacker to execute arbi ...)
+ TODO: check
+CVE-2025-41393 (Reflected cross-site scripting vulnerability exists in the laser print ...)
+ TODO: check
+CVE-2025-40627 (Reflected Cross-Site Scripting (XSS) vulnerability inAbanteCart v1.4.0 ...)
+ TODO: check
+CVE-2025-40626 (Reflected Cross-Site Scripting (XSS) vulnerability inAbanteCart v1.4.0 ...)
+ TODO: check
+CVE-2025-3632 (IBM 4769 Developers Toolkit 7.0.0 through 7.5.52 could allow a remote ...)
+ TODO: check
+CVE-2025-32390 (EspoCRM is a free, open-source customer relationship management platfo ...)
+ TODO: check
+CVE-2025-26841 (Cross Site Scripting vulnerability in WPEVEREST Everest Forms before 3 ...)
+ TODO: check
+CVE-2025-1533 (A stack buffer overflow has been identified in the AsIO3.sys driver. T ...)
+ TODO: check
+CVE-2025-1079 (Client RCE on macOS and Linux via improper symbolic link resolution in ...)
+ TODO: check
+CVE-2024-56524 (Radware Cloud Web Application Firewall (WAF) before 2025-05-07 allows ...)
+ TODO: check
+CVE-2024-56523 (Radware Cloud Web Application Firewall (WAF) before 2025-05-07 allows ...)
+ TODO: check
+CVE-2024-55466 (An arbitrary file upload vulnerability in the Image Gallery of ThingsB ...)
+ TODO: check
+CVE-2023-34732 (An issue in the userId parameter in the change password function of Fl ...)
+ TODO: check
CVE-2025-20012
- intel-microcode <unfixed> (bug #1105172)
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01322.html
@@ -42,7 +122,7 @@ CVE-2025-23395
NOTE: Introduced with: https://git.savannah.gnu.org/cgit/screen.git/commit/?id=441bca708bd197ae15d031ccfd2b42077eeebedc (v.5.0.0)
NOTE: Fixed by: https://git.savannah.gnu.org/cgit/screen.git/commit/?id=e894caeffccdb62f9c644989a936dc7ec83cc747
NOTE: https://www.openwall.com/lists/oss-security/2025/05/12/1
-CVE-2025-22247 [insecure file handling vulnerability (CVE-2025-22247)]
+CVE-2025-22247 (VMware Tools contains an insecure file handling vulnerability.A malici ...)
- open-vm-tools 2:12.5.0-2 (bug #1105159)
NOTE: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25683
NOTE: Patches: https://github.com/vmware/open-vm-tools/tree/CVE-2025-22247.patch
@@ -105,13 +185,13 @@ CVE-2025-4537 (A vulnerability was found in yangzongzhuan RuoYi-Vue up to 3.8.9
NOT-FOR-US: yangzongzhuan RuoYi-Vue
CVE-2025-4536 (A vulnerability has been found in Gosuncn Technology Group Audio-Visua ...)
NOT-FOR-US: Gosuncn Technology Group Audio-Visual Integrated Management Platform
-CVE-2025-46718
+CVE-2025-46718 (sudo-rs is a memory safe implementation of sudo and su written in Rust ...)
- rust-sudo-rs 0.2.5-5
NOTE: https://github.com/trifectatechfoundation/sudo-rs/releases/tag/v0.2.6
NOTE: https://github.com/trifectatechfoundation/sudo-rs/commit/54984189d62a0763235d4a02a4b2d09d768a9986 (v0.2.6)
NOTE: https://github.com/trifectatechfoundation/sudo-rs/commit/848719f28067d3b5e6672d07f34da5b24f85765b (v0.2.6)
TODO: check details
-CVE-2025-46717
+CVE-2025-46717 (sudo-rs is a memory safe implementation of sudo and su written in Rust ...)
- rust-sudo-rs 0.2.5-5
NOTE: https://github.com/trifectatechfoundation/sudo-rs/releases/tag/v0.2.6
NOTE: https://github.com/trifectatechfoundation/sudo-rs/commit/54984189d62a0763235d4a02a4b2d09d768a9986 (v0.2.6)
@@ -713,7 +793,8 @@ CVE-2025-4207 (Buffer over-read in PostgreSQL GB18030 encoding validation allows
NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=ec5f89e8a29f32c7dbc4dd8734ed8406d771de2f (REL_17_5)
NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=44ba3f55f552b56b2fbefae028fcf3ea5b53461d (REL_15_13)
NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=cbadeaca9271a1bade8ef9790bae09dc92e0ed30 (REL_13_21)
-CVE-2025-4132 (Rapid7 Corporate Website prior to May 2nd 2025, suffered from a URL Re ...)
+CVE-2025-4132
+ REJECTED
NOT-FOR-US: Rapid7
CVE-2025-4098 (Horner Automation Cscape version 10.0 (10.0.415.2) SP1 is vulnerable t ...)
NOT-FOR-US: Horner Automation Cscape
@@ -2329,11 +2410,11 @@ CVE-2024-41753 (IBM Cloud Pak for Business Automation 24.0.0 through 24.0.0 IF00
CVE-2025-37799 (In the Linux kernel, the following vulnerability has been resolved: v ...)
- linux 6.12.27-1
NOTE: https://git.kernel.org/linus/4c2227656d9003f4d77afc76f34dd81b95e4c2c4
-CVE-2024-58135 (Mojolicious versions from 7.28 through 9.39 for Perl may generate weak ...)
+CVE-2024-58135 (Mojolicious versions from 7.28 through 9.40 for Perl may generate weak ...)
- libmojolicious-perl <unfixed> (bug #1104633)
NOTE: https://lists.security.metacpan.org/cve-announce/msg/29241187/
NOTE: https://github.com/mojolicious/mojo/pull/2200
-CVE-2024-58134 (Mojolicious versions from 0.999922 through 9.39 for Perl uses a hard c ...)
+CVE-2024-58134 (Mojolicious versions from 0.999922 through 9.40 for Perl uses a hard c ...)
- libmojolicious-perl <unfixed> (bug #1104648)
NOTE: https://lists.security.metacpan.org/cve-announce/msg/29247502/
NOTE: https://github.com/mojolicious/mojo/pull/1791
@@ -5820,6 +5901,7 @@ CVE-2025-28018 (TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a bu
CVE-2025-28017 (TOTOLINK A800R V4.1.2cu.5032_B20200408 is vulnerable to Command Inject ...)
NOT-FOR-US: TOTOLINK
CVE-2025-21605 (Redis is an open source, in-memory database that persists on disk. In ...)
+ {DLA-4162-1}
- redis 5:7.0.15-3.1 (bug #1104010)
- redict <unfixed> (bug #1104011)
- valkey 8.1.1+dfsg1-1 (bug #1104012)
@@ -29355,7 +29437,7 @@ CVE-2025-26842 (An issue was discovered in Znuny through 7.1.3. If access to a t
- znuny 6.5.13-1
[bookworm] - znuny <no-dsa> (Non-free not supported)
NOTE: https://www.znuny.org/en/advisories/zsa-2025-01
-CVE-2025-26846 [znuny: Wrong permissions check in the generic interface]
+CVE-2025-26846 (An issue was discovered in Znuny before 7.1.4. Permissions are not che ...)
- znuny 6.5.13-1
[bookworm] - znuny <no-dsa> (Non-free not supported)
NOTE: https://www.znuny.org/en/advisories/zsa-2025-02
@@ -45989,11 +46071,11 @@ CVE-2024-9427 (A vulnerability in Koji was found. An unsanitized input allows fo
- koji <removed>
CVE-2024-53961 (ColdFusion versions 2023.11, 2021.17 and earlier are affected by an Im ...)
NOT-FOR-US: Adobe
-CVE-2024-4982 [Path traversal in view_issue_raw_file()]
+CVE-2024-4982 (A directory traversal vulnerability was discovered in Pagure server. I ...)
- pagure 5.14.1+dfsg-1 (bug #1091383)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2280726
NOTE: Fixed by: https://pagure.io/pagure/c/c43844d23c919133fc983fe8c0f1dfb3b86e67d0 (5.14.1)
-CVE-2024-4981 [pagure: _update_file_in_git() follows symbolic links in temporary clones]
+CVE-2024-4981 (A vulnerability was discovered in Pagure server. If a malicious user w ...)
- pagure 5.14.1+dfsg-1 (bug #1091383)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2280723
NOTE: Fixed by: https://pagure.io/pagure/c/454f2677bc50d7176f07da9784882eb2176537f4 (5.14.1)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/228491a67e54a9ad2816dda8fc93d014fa50dc8b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/228491a67e54a9ad2816dda8fc93d014fa50dc8b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250512/3c306a32/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list