[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue May 13 09:12:28 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b2181c14 by security tracker role at 2025-05-13T08:12:19+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,211 @@
+CVE-2025-4632 (Improper limitation of a pathname to a restricted directory vulnerabil ...)
+	TODO: check
+CVE-2025-4474 (The Frontend Dashboard plugin for WordPress is vulnerable to Privilege ...)
+	TODO: check
+CVE-2025-4473 (The Frontend Dashboard plugin for WordPress is vulnerable to Privilege ...)
+	TODO: check
+CVE-2025-4396 (The Relevanssi \u2013 A Better Search plugin for WordPress is vulnerab ...)
+	TODO: check
+CVE-2025-4339 (The TheGem theme for WordPress is vulnerable to unauthorized modificat ...)
+	TODO: check
+CVE-2025-4317 (The TheGem theme for WordPress is vulnerable to arbitrary file uploads ...)
+	TODO: check
+CVE-2025-47864
+	REJECTED
+CVE-2025-47863
+	REJECTED
+CVE-2025-47862
+	REJECTED
+CVE-2025-47861
+	REJECTED
+CVE-2025-47860
+	REJECTED
+CVE-2025-47859
+	REJECTED
+CVE-2025-47858
+	REJECTED
+CVE-2025-46825 (Kanboard is project management software that focuses on the Kanban met ...)
+	TODO: check
+CVE-2025-43011 (Under certain conditions, SAP Landscape Transformation's PCL Basis mod ...)
+	TODO: check
+CVE-2025-43010 (SAP S/4HANA Cloud Private Edition or on Premise (SCM Master Data Layer ...)
+	TODO: check
+CVE-2025-43009 (SAP Service Parts Management (SPM) does not perform necessary authoriz ...)
+	TODO: check
+CVE-2025-43008 (Due to missing authorization check, an unauthorized user can view the  ...)
+	TODO: check
+CVE-2025-43007 (SAP Service Parts Management (SPM) does not perform necessary authoriz ...)
+	TODO: check
+CVE-2025-43006 (SAP Supplier Relationship Management (Master Data Management Catalogue ...)
+	TODO: check
+CVE-2025-43005 (SAP GUI for Windows allows an unauthenticated attacker to exploit inse ...)
+	TODO: check
+CVE-2025-43004 (Due to a security misconfiguration vulnerability, customers can develo ...)
+	TODO: check
+CVE-2025-43003 (SAP S/4 HANA allows an authenticated attacker with user privileges to  ...)
+	TODO: check
+CVE-2025-43002 (SAP S4CORE OData meta-data property allows an authenticated attacker t ...)
+	TODO: check
+CVE-2025-43000 (Under certain conditions Promotion Management Wizard (PMW) allows an a ...)
+	TODO: check
+CVE-2025-42999 (SAP NetWeaver Visual Composer Metadata Uploader is vulnerable when a p ...)
+	TODO: check
+CVE-2025-42997 (Under certain conditions, SAP Gateway Client allows a high-privileged  ...)
+	TODO: check
+CVE-2025-3659 (Improper authentication handling was identified in a set of HTTP POST  ...)
+	TODO: check
+CVE-2025-3107 (The Newsletters plugin for WordPress is vulnerable to time-based SQL I ...)
+	TODO: check
+CVE-2025-35471 (conda-forge openssl-feedstock before 066e83c (2024-05-20), on Microsof ...)
+	TODO: check
+CVE-2025-31329 (SAP NetWeaver is vulnerable to an Information Disclosure vulnerability ...)
+	TODO: check
+CVE-2025-31260 (A permissions issue was addressed with additional restrictions. This i ...)
+	TODO: check
+CVE-2025-31259 (The issue was addressed with improved input sanitization. This issue i ...)
+	TODO: check
+CVE-2025-31258 (This issue was addressed by removing the vulnerable code. This issue i ...)
+	TODO: check
+CVE-2025-31257 (This issue was addressed with improved memory handling. This issue is  ...)
+	TODO: check
+CVE-2025-31256 (The issue was addressed with improved handling of caches. This issue i ...)
+	TODO: check
+CVE-2025-31253 (This issue was addressed through improved state management. This issue ...)
+	TODO: check
+CVE-2025-31251 (The issue was addressed with improved input sanitization. This issue i ...)
+	TODO: check
+CVE-2025-31250 (An information disclosure issue was addressed with improved privacy co ...)
+	TODO: check
+CVE-2025-31249 (A logic issue was addressed with improved checks. This issue is fixed  ...)
+	TODO: check
+CVE-2025-31247 (A logic issue was addressed with improved state management. This issue ...)
+	TODO: check
+CVE-2025-31246 (The issue was addressed with improved memory handling. This issue is f ...)
+	TODO: check
+CVE-2025-31245 (The issue was addressed with improved checks. This issue is fixed in m ...)
+	TODO: check
+CVE-2025-31244 (A file quarantine bypass was addressed with additional checks. This is ...)
+	TODO: check
+CVE-2025-31242 (A privacy issue was addressed with improved private data redaction for ...)
+	TODO: check
+CVE-2025-31241 (A double free issue was addressed with improved memory management. Thi ...)
+	TODO: check
+CVE-2025-31240 (This issue was addressed with improved checks. This issue is fixed in  ...)
+	TODO: check
+CVE-2025-31239 (A use-after-free issue was addressed with improved memory management.  ...)
+	TODO: check
+CVE-2025-31238 (The issue was addressed with improved checks. This issue is fixed in w ...)
+	TODO: check
+CVE-2025-31237 (This issue was addressed with improved checks. This issue is fixed in  ...)
+	TODO: check
+CVE-2025-31236 (An information disclosure issue was addressed with improved privacy co ...)
+	TODO: check
+CVE-2025-31235 (A double free issue was addressed with improved memory management. Thi ...)
+	TODO: check
+CVE-2025-31234 (The issue was addressed with improved input sanitization. This issue i ...)
+	TODO: check
+CVE-2025-31233 (The issue was addressed with improved input sanitization. This issue i ...)
+	TODO: check
+CVE-2025-31232 (A logic issue was addressed with improved checks. This issue is fixed  ...)
+	TODO: check
+CVE-2025-31228 (The issue was addressed with improved authentication. This issue is fi ...)
+	TODO: check
+CVE-2025-31227 (A logic issue was addressed with improved checks. This issue is fixed  ...)
+	TODO: check
+CVE-2025-31226 (A logic issue was addressed with improved checks. This issue is fixed  ...)
+	TODO: check
+CVE-2025-31225 (A privacy issue was addressed by removing sensitive data. This issue i ...)
+	TODO: check
+CVE-2025-31224 (A logic issue was addressed with improved checks. This issue is fixed  ...)
+	TODO: check
+CVE-2025-31223 (The issue was addressed with improved checks. This issue is fixed in w ...)
+	TODO: check
+CVE-2025-31222 (A correctness issue was addressed with improved checks. This issue is  ...)
+	TODO: check
+CVE-2025-31221 (An integer overflow was addressed with improved input validation. This ...)
+	TODO: check
+CVE-2025-31220 (A privacy issue was addressed by removing sensitive data. This issue i ...)
+	TODO: check
+CVE-2025-31219 (The issue was addressed with improved memory handling. This issue is f ...)
+	TODO: check
+CVE-2025-31218 (This issue was addressed by removing the vulnerable code. This issue i ...)
+	TODO: check
+CVE-2025-31217 (The issue was addressed with improved input validation. This issue is  ...)
+	TODO: check
+CVE-2025-31215 (The issue was addressed with improved checks. This issue is fixed in w ...)
+	TODO: check
+CVE-2025-31214 (This issue was addressed through improved state management. This issue ...)
+	TODO: check
+CVE-2025-31213 (A logging issue was addressed with improved data redaction. This issue ...)
+	TODO: check
+CVE-2025-31212 (This issue was addressed through improved state management. This issue ...)
+	TODO: check
+CVE-2025-31210 (The issue was addressed with improved UI. This issue is fixed in iPadO ...)
+	TODO: check
+CVE-2025-31209 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+	TODO: check
+CVE-2025-31208 (The issue was addressed with improved checks. This issue is fixed in w ...)
+	TODO: check
+CVE-2025-31207 (A logic issue was addressed with improved checks. This issue is fixed  ...)
+	TODO: check
+CVE-2025-31206 (A type confusion issue was addressed with improved state handling. Thi ...)
+	TODO: check
+CVE-2025-31205 (The issue was addressed with improved checks. This issue is fixed in w ...)
+	TODO: check
+CVE-2025-31204 (The issue was addressed with improved memory handling. This issue is f ...)
+	TODO: check
+CVE-2025-31196 (An out-of-bounds read was addressed with improved input validation. Th ...)
+	TODO: check
+CVE-2025-31195 (The issue was addressed by adding additional logic. This issue is fixe ...)
+	TODO: check
+CVE-2025-30453 (The issue was addressed with additional permissions checks. This issue ...)
+	TODO: check
+CVE-2025-30448 (This issue was addressed with additional entitlement checks. This issu ...)
+	TODO: check
+CVE-2025-30442 (The issue was addressed with improved input sanitization. This issue i ...)
+	TODO: check
+CVE-2025-30440 (The issue was addressed with improved checks. This issue is fixed in m ...)
+	TODO: check
+CVE-2025-30436 (This issue was addressed by restricting options offered on a locked de ...)
+	TODO: check
+CVE-2025-30018 (The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) ...)
+	TODO: check
+CVE-2025-30012 (The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) ...)
+	TODO: check
+CVE-2025-30011 (The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) ...)
+	TODO: check
+CVE-2025-30010 (The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) ...)
+	TODO: check
+CVE-2025-30009 (he Live Auction Cockpit in SAP Supplier Relationship Management (SRM)  ...)
+	TODO: check
+CVE-2025-26662 (The Data Services Management Console does not sufficiently encode user ...)
+	TODO: check
+CVE-2025-24274 (An input validation issue was addressed by removing the vulnerable cod ...)
+	TODO: check
+CVE-2025-24258 (A permissions issue was addressed with additional restrictions. This i ...)
+	TODO: check
+CVE-2025-24225 (An injection issue was addressed with improved input validation. This  ...)
+	TODO: check
+CVE-2025-24223 (The issue was addressed with improved memory handling. This issue is f ...)
+	TODO: check
+CVE-2025-24222 (The issue was addressed with improved memory handling. This issue is f ...)
+	TODO: check
+CVE-2025-24220 (A permissions issue was addressed with additional restrictions. This i ...)
+	TODO: check
+CVE-2025-24155 (The issue was addressed with improved memory handling. This issue is f ...)
+	TODO: check
+CVE-2025-24144 (An information disclosure issue was addressed by removing the vulnerab ...)
+	TODO: check
+CVE-2025-24142 (A privacy issue was addressed with improved private data redaction for ...)
+	TODO: check
+CVE-2025-24111 (A memory corruption issue was addressed with improved state management ...)
+	TODO: check
+CVE-2025-22249 (VMware Aria automation contains a DOM based Cross-Site Scripting (XSS) ...)
+	TODO: check
+CVE-2025-22246 (Cloud Foundry UAA release versions from v77.21.0 to v7.31.0 are vulner ...)
+	TODO: check
+CVE-2023-49641 (Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL In ...)
+	TODO: check
 CVE-2025-47712
 	- nbdkit <unfixed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2365724
@@ -22469,7 +22677,7 @@ CVE-2025-1930 (On Windows, a compromised content process could use bad StreamDat
 CVE-2025-27521 (Vulnerability of improper access permission in the process management  ...)
 	NOT-FOR-US: Huawei
 CVE-2025-27221 (In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.jo ...)
-	{DLA-4082-1}
+	{DLA-4163-1 DLA-4082-1}
 	- ruby3.3 3.3.7-2
 	- ruby3.1 <removed> (bug #1103794)
 	[bookworm] - ruby3.1 <no-dsa> (Minor issue)
@@ -46409,7 +46617,8 @@ CVE-2024-12842 (A vulnerability was found in Emlog Pro up to 2.4.1. It has been
 	NOT-FOR-US: Emlog Pro
 CVE-2024-12841 (A vulnerability was found in Emlog Pro up to 2.4.1. It has been classi ...)
 	NOT-FOR-US: Emlog Pro
-CVE-2024-12840 (A server-side request forgery exists in Satellite. When a PUT HTTP req ...)
+CVE-2024-12840
+	REJECTED
 	NOT-FOR-US: Red Hat Satellite
 CVE-2024-12677 (Delta Electronics DTM Soft deserializes objects, which could allow an  ...)
 	NOT-FOR-US: Delta Electronics
@@ -71227,7 +71436,8 @@ CVE-2024-30134 (The HCL Traveler for Microsoft Outlook executable (HTMO.exe) is
 	NOT-FOR-US: HCL
 CVE-2023-46175 (IBM Cloud Pak for Multicloud Management 2.3 through 2.3 FP8 stores use ...)
 	NOT-FOR-US: IBM
-CVE-2024-47177 (** DISPUTED ** CUPS is a standards-based, open-source printing system, ...)
+CVE-2024-47177
+	REJECTED
 	- cups-filters <unfixed> (bug #1082822)
 	[trixie] - cups-filters <ignored> (Mitigated with fixes around CVE-2024-47076, CVE-2024-47175 and CVE-2024-47176)
 	[bookworm] - cups-filters <ignored> (Mitigated with fixes around CVE-2024-47076, CVE-2024-47175 and CVE-2024-47176)
@@ -188072,7 +188282,7 @@ CVE-2023-28756 (A ReDoS issue was discovered in the Time component through 0.2.1
 	NOTE: https://www.ruby-lang.org/en/news/2023/03/30/redos-in-time-cve-2023-28756/
 	NOTE: https://github.com/jruby/jruby/commit/36637a1b4e434cbb75c8f87be128b7763cedf99d (9.4.3.0)
 CVE-2023-28755 (A ReDoS issue was discovered in the URI component through 0.12.0 in Ru ...)
-	{DLA-3858-1 DLA-3447-1 DLA-3408-1}
+	{DLA-4163-1 DLA-3858-1 DLA-3447-1 DLA-3408-1}
 	- rubygems 3.4.20-1
 	[bookworm] - rubygems <no-dsa> (Minor issue)
 	- ruby3.1 <removed> (bug #1038408)
@@ -207172,6 +207382,7 @@ CVE-2023-22665 (There is insufficient checking of user queries in Apache Jena ve
 	[bookworm] - apache-jena <ignored> (Minor issue)
 	NOTE: https://lists.apache.org/thread/s0dmpsxcwqs57l4qfs415klkgmhdxq7s
 CVE-2023-22652 (A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow ...)
+	{DLA-4164-1}
 	- libeconf 0.5.2+dfsg1-1 (bug #1037333)
 	[bookworm] - libeconf 0.5.1+dfsg1-1+deb12u1
 	NOTE: https://github.com/openSUSE/libeconf/issues/177
@@ -297531,6 +297742,7 @@ CVE-2021-43811 (Sockeye is an open-source sequence-to-sequence framework for Neu
 CVE-2021-43810 (Admidio is a free open source user management system for websites of o ...)
 	NOT-FOR-US: Admidio
 CVE-2021-43809 (`Bundler` is a package for managing application dependencies in Ruby.  ...)
+	{DLA-4163-1}
 	- rubygems 3.3.5-1
 	NOTE: https://github.com/rubygems/rubygems/security/advisories/GHSA-fj7f-vq84-fh43
 	NOTE: https://github.com/rubygems/rubygems/commit/90b1ed8b9f8b636aa8c913f7b5a764a2e03d179c (v3.3.0)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b2181c146c8a4fcb6dcd4b660aa142fd89d5ec97

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b2181c146c8a4fcb6dcd4b660aa142fd89d5ec97
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250513/1281b188/attachment.htm>

More information about the debian-security-tracker-commits mailing list