[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed May 14 21:12:46 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
226a50bf by security tracker role at 2025-05-14T20:12:39+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,10 +1,166 @@
+CVE-2025-4641 (Improper Restriction of XML External Entity Reference vulnerability in ...)
+ TODO: check
+CVE-2025-4640 (Out-of-bounds Write vulnerability in PointCloudLibrary pcl allows Over ...)
+ TODO: check
+CVE-2025-4639 (CWE-611 Improper Restriction of XML External Entity Reference in the g ...)
+ TODO: check
+CVE-2025-4638 (A vulnerability exists in the inftrees.c component of the zlib library ...)
+ TODO: check
+CVE-2025-4637 (Divide By Zero vulnerability in davisking dlib allows remote attacke ...)
+ TODO: check
+CVE-2025-4430 (Unauthorized access to "/api/Token/gettoken" endpoint in EZD RP allows ...)
+ TODO: check
+CVE-2025-47782 (motionEye is an online interface for the software motion, a video surv ...)
+ TODO: check
+CVE-2025-47781 (Rallly is an open-source scheduling and collaboration tool. Versions u ...)
+ TODO: check
+CVE-2025-47778 (Sulu is an open-source PHP content management system based on the Symf ...)
+ TODO: check
+CVE-2025-47777 (5ire is a cross-platform desktop artificial intelligence assistant and ...)
+ TODO: check
+CVE-2025-47775 (Bullfrog is a GithHb Action to block unauthorized outbound traffic in ...)
+ TODO: check
+CVE-2025-47710 (Authentication Bypass Using an Alternate Path or Channel vulnerability ...)
+ TODO: check
+CVE-2025-47709 (Missing Authorization vulnerability in Drupal Enterprise MFA - TFA for ...)
+ TODO: check
+CVE-2025-47708 (Cross-Site Request Forgery (CSRF) vulnerability in Drupal Enterprise M ...)
+ TODO: check
+CVE-2025-47707 (Authentication Bypass Using an Alternate Path or Channel vulnerability ...)
+ TODO: check
+CVE-2025-47706 (Authentication Bypass by Capture-replay vulnerability in Drupal Enterp ...)
+ TODO: check
+CVE-2025-47705 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-47704 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-47703 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-47702 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-47701 (Cross-Site Request Forgery (CSRF) vulnerability in Drupal Restrict rou ...)
+ TODO: check
+CVE-2025-47445 (Relative Path Traversal vulnerability in Themewinter Eventin allows Pa ...)
+ TODO: check
+CVE-2025-47436 (Heap-based Buffer Overflow vulnerability in Apache ORC. A vulnerabili ...)
+ TODO: check
+CVE-2025-47292 (Cap Collectif is an online decision making platform that integrates se ...)
+ TODO: check
+CVE-2025-46786 (Improper neutralization of special elements in some Zoom Workplace App ...)
+ TODO: check
+CVE-2025-46785 (Buffer over-read in some Zoom Workplace Apps for Windows may allow an ...)
+ TODO: check
+CVE-2025-44186 (SourceCodester Best Employee Management System 1.0 is vulnerable to Cr ...)
+ TODO: check
+CVE-2025-44184 (SourceCodester Best Employee Management System V1.0 is vulnerable to C ...)
+ TODO: check
+CVE-2025-40595 (A Server-side request forgery (SSRF) vulnerability has been identified ...)
+ TODO: check
+CVE-2025-3932 (It was possible to craft an email that showed a tracking link as an at ...)
+ TODO: check
+CVE-2025-3931 (A flaw was found in Yggdrasil, which acts as a system broker, allowing ...)
+ TODO: check
+CVE-2025-3909 (Thunderbird's handling of the X-Mozilla-External-Attachment-URL header ...)
+ TODO: check
+CVE-2025-3877 (A crafted HTML email using mailbox:/// links can trigger automatic, un ...)
+ TODO: check
+CVE-2025-3875 (Thunderbird parses addresses in a way that can allow sender spoofing i ...)
+ TODO: check
+CVE-2025-3834 (Zohocorp ManageEngineADAudit Plus versions8510and prior are vulnerable ...)
+ TODO: check
+CVE-2025-3833 (Zohocorp ManageEngineADSelfService Plus versions6513 and prior are vul ...)
+ TODO: check
+CVE-2025-3769 (The LatePoint \u2013 Calendar Booking Plugin for Appointments and Even ...)
+ TODO: check
+CVE-2025-3600 (In Progress\xae Telerik\xae UI for AJAX, versions 2011.2.712 to 2025.1 ...)
+ TODO: check
+CVE-2025-33104 (IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-si ...)
+ TODO: check
+CVE-2025-32363 (mediDOK before 2.5.18.43 allows remote attackers to achieve remote cod ...)
+ TODO: check
+CVE-2025-30668 (Integer underflow in some Zoom Workplace Apps may allow an authenticat ...)
+ TODO: check
+CVE-2025-30667 (NULL pointer dereference in some Zoom Workplace Apps for Windows may a ...)
+ TODO: check
+CVE-2025-30666 (NULL pointer dereference in some Zoom Workplace Apps for Windows may a ...)
+ TODO: check
+CVE-2025-30665 (NULL pointer dereference in some Zoom Workplace Apps for Windows may a ...)
+ TODO: check
+CVE-2025-30664 (Improper neutralization of special elements in some Zoom Workplace App ...)
+ TODO: check
+CVE-2025-30663 (Time-of-check time-of-use race condition in some Zoom Workplace Apps m ...)
+ TODO: check
+CVE-2025-2900 (IBM Semeru Runtime 8.0.302.0 through 8.0.442.0, 11.0.12.0 through 11.0 ...)
+ TODO: check
+CVE-2025-2875 (CWE-610: Externally Controlled Reference to a Resource in Another Sphe ...)
+ TODO: check
+CVE-2025-26785 (An issue was discovered in NAS in Samsung Mobile Processor, Wearable P ...)
+ TODO: check
+CVE-2025-26784 (An issue was discovered in NAS in Samsung Mobile Processor, Wearable P ...)
+ TODO: check
+CVE-2025-25370 (An issue in realme GT 2 (RMX3311) running Android 14 with realme UI 5. ...)
+ TODO: check
+CVE-2025-24969 (iTop is an web based IT Service Management tool. Prior to version 3.2. ...)
+ TODO: check
+CVE-2025-24785 (iTop is an web based IT Service Management tool. In version 3.2.0, an ...)
+ TODO: check
+CVE-2025-24026 (iTop is an web based IT Service Management tool. Versions prior to 3.2 ...)
+ TODO: check
+CVE-2025-24022 (iTop is an web based IT Service Management tool. Prior to versions 2.7 ...)
+ TODO: check
+CVE-2025-24021 (iTop is an web based IT Service Management tool. Prior to versions 2.7 ...)
+ TODO: check
+CVE-2025-22756
+ REJECTED
+CVE-2025-0138 (Web sessions in the web interface of Palo Alto Networks Prisma\xae Clo ...)
+ TODO: check
+CVE-2025-0137 (An improper input neutralization vulnerability in the management web i ...)
+ TODO: check
+CVE-2025-0136 (Using the AES-128-CCM algorithm for IPSec on certain Palo Alto Network ...)
+ TODO: check
+CVE-2025-0135 (An incorrect privilege assignment vulnerability in the Palo Alto Netwo ...)
+ TODO: check
+CVE-2025-0134 (A code injection vulnerability in the Palo Alto Networks Cortex XDR\xa ...)
+ TODO: check
+CVE-2025-0133 (A reflected cross-site scripting (XSS) vulnerability in the GlobalProt ...)
+ TODO: check
+CVE-2025-0132 (A missing authentication vulnerability in Palo Alto Networks Cortex XD ...)
+ TODO: check
+CVE-2025-0131 (An incorrect privilege management vulnerability in the OPSWAT MetaDefe ...)
+ TODO: check
+CVE-2025-0130 (A missing exception check in Palo Alto Networks PAN-OS\xae software wi ...)
+ TODO: check
+CVE-2024-8988 (The PeepSo Core: File Uploads plugin for WordPress is vulnerable to In ...)
+ TODO: check
+CVE-2024-58101 (Samsung Galaxy Buds and Galaxy Buds 2 audio devices are Bluetooth pair ...)
+ TODO: check
+CVE-2024-57273 (Netgate pfSense CE (prior to 2.8.0 beta release) and corresponding Plu ...)
+ TODO: check
+CVE-2024-57096 (An issue in wps office before v.19302 allows a local attacker to obtai ...)
+ TODO: check
+CVE-2024-56157 (iTop is an web based IT Service Management tool. Prior to versions 3.1 ...)
+ TODO: check
+CVE-2024-54780 (Netgate pfSense CE (prior to 2.8.0 beta release) and corresponding Plu ...)
+ TODO: check
+CVE-2024-54779 (Netgate pfSense CE (prior to 2.8.0 beta release) and corresponding Plu ...)
+ TODO: check
+CVE-2024-52601 (iTop is an web based IT Service Management tool. Prior to versions 2.7 ...)
+ TODO: check
+CVE-2024-45516 (An issue was discovered in Zimbra Collaboration (ZCS) 9.0.0 before Pat ...)
+ TODO: check
+CVE-2024-13940 (The Ninja Forms Webhooks plugin for WordPress is vulnerable to Server- ...)
+ TODO: check
+CVE-2024-10865 (Improper Input validation leads to XSS or Cross-site Scripting vulnera ...)
+ TODO: check
+CVE-2024-10864 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
CVE-2025-4609
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-4664
+CVE-2025-4664 (Insufficient policy enforcement in Loader in Google Chrome prior to 13 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2023-53146 [media: dw2102: Fix null-ptr-deref in dw2102_i2c_transfer()]
+CVE-2023-53146 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.5.6-1
[bookworm] - linux 6.1.55-1
[bullseye] - linux 5.10.197-1
@@ -226,11 +382,11 @@ CVE-2024-28954 (Incorrect default permissions for some Intel(R) Graphics Driver
NOT-FOR-US: Intel graphics drivers for Windows
CVE-2024-28036 (Improper conditions check for some Intel(R) Arc\u2122 GPU may allow an ...)
TODO: check
-CVE-2025-26864
+CVE-2025-26864 (Exposure of Sensitive Information to an Unauthorized Actor, Insertion ...)
NOT-FOR-US: Apache IoTDB
-CVE-2025-26795
+CVE-2025-26795 (Exposure of Sensitive Information to an Unauthorized Actor, Insertion ...)
NOT-FOR-US: Apache IoTDB
-CVE-2024-24780
+CVE-2024-24780 (Remote Code Execution with untrusted URI of UDF vulnerability in Apach ...)
NOT-FOR-US: Apache IoTDB
CVE-2025-4660 (A remote code execution vulnerability exists in the Windows agent comp ...)
NOT-FOR-US: Forescout
@@ -822,7 +978,8 @@ CVE-2025-47711
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2365687
NOTE: Fixed by: https://gitlab.com/nbdkit/nbdkit/-/commit/e6f96bd1b77c0cc927ce6aeff650b52238304f39 (v1.43.7)
NOTE: Fixed by: https://gitlab.com/nbdkit/nbdkit/-/commit/c3c1950867ea8d9c2108ff066ed9e78dde3cfc3f (v1.42.3)
-CVE-2025-47905 [Request Smuggling Attac]
+CVE-2025-47905 (Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterpris ...)
+ {DSA-5918-1}
- varnish 7.7.0-2
NOTE: https://varnish-cache.org/security/VSV00016.html
NOTE: https://github.com/varnishcache/varnish-cache/commit/b5f1faba6e8d9848cfe0cba566986e7e5cc5f65b (varnish-7.7.1)
@@ -977,6 +1134,7 @@ CVE-2025-23395
NOTE: Fixed by: https://git.savannah.gnu.org/cgit/screen.git/commit/?id=e894caeffccdb62f9c644989a936dc7ec83cc747
NOTE: https://www.openwall.com/lists/oss-security/2025/05/12/1
CVE-2025-22247 (VMware Tools contains an insecure file handling vulnerability.A malici ...)
+ {DLA-4165-1}
- open-vm-tools 2:12.5.0-2 (bug #1105159)
NOTE: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25683
NOTE: Patches: https://github.com/vmware/open-vm-tools/tree/CVE-2025-22247.patch
@@ -2976,7 +3134,7 @@ CVE-2023-46716
REJECTED
CVE-2025-4318 (The AWS Amplify Studio UI component property expressions in the aws-am ...)
NOT-FOR-US: Amazon
-CVE-2025-4316 (Improper access control in PAM feature in Devolutions Server 2025.1.6. ...)
+CVE-2025-4316 (Improper access control in PAM feature in Devolutions Server allows a ...)
NOT-FOR-US: Devolutions
CVE-2025-4287 (A vulnerability was found in PyTorch 2.6.0+cu124. It has been rated as ...)
- pytorch <unfixed> (bug #1104931)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/226a50bf3976fa0923918df24b88fc72b6a83601
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/226a50bf3976fa0923918df24b88fc72b6a83601
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250514/89cd1f19/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list