[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri May 16 21:12:48 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
fbd213ca by security tracker role at 2025-05-16T20:12:41+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,9 +1,253 @@
-CVE-2025-40907
+CVE-2025-4809 (A vulnerability was found in Tenda AC7 15.03.06.44. It has been classi ...)
+ TODO: check
+CVE-2025-4808 (A vulnerability was found in PHPGurukul Park Ticketing Management Syst ...)
+ TODO: check
+CVE-2025-4807 (A vulnerability, which was classified as problematic, was found in Sou ...)
+ TODO: check
+CVE-2025-4806 (A vulnerability, which was classified as critical, has been found in S ...)
+ TODO: check
+CVE-2025-4802 (Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GN ...)
+ TODO: check
+CVE-2025-4795 (A vulnerability classified as critical has been found in gongfuxiang s ...)
+ TODO: check
+CVE-2025-4794 (A vulnerability was found in PHPGurukul Online Course Registration 3.1 ...)
+ TODO: check
+CVE-2025-4793 (A vulnerability was found in PHPGurukul Online Course Registration 3.1 ...)
+ TODO: check
+CVE-2025-4792 (A vulnerability was found in FreeFloat FTP Server 1.0 and classified a ...)
+ TODO: check
+CVE-2025-4791 (A vulnerability has been found in FreeFloat FTP Server 1.0 and classif ...)
+ TODO: check
+CVE-2025-4790 (A vulnerability, which was classified as critical, was found in FreeFl ...)
+ TODO: check
+CVE-2025-4789 (A vulnerability, which was classified as critical, has been found in F ...)
+ TODO: check
+CVE-2025-4788 (A vulnerability classified as critical was found in FreeFloat FTP Serv ...)
+ TODO: check
+CVE-2025-4787 (A vulnerability classified as critical has been found in SourceCodeste ...)
+ TODO: check
+CVE-2025-4786 (A vulnerability was found in SourceCodester/oretnom23 Stock Management ...)
+ TODO: check
+CVE-2025-4785 (A vulnerability was found in PHPGurukul Daily Expense Tracker System 1 ...)
+ TODO: check
+CVE-2025-4782 (A vulnerability has been found in SourceCodester/oretnom23 Stock Manag ...)
+ TODO: check
+CVE-2025-4781 (A vulnerability classified as critical has been found in PHPGurukul Pa ...)
+ TODO: check
+CVE-2025-4780 (A vulnerability was found in PHPGurukul Park Ticketing Management Syst ...)
+ TODO: check
+CVE-2025-4778 (A vulnerability was found in PHPGurukul Park Ticketing Management Syst ...)
+ TODO: check
+CVE-2025-4777 (A vulnerability was found in PHPGurukul Park Ticketing Management Syst ...)
+ TODO: check
+CVE-2025-4773 (A vulnerability was found in PHPGurukul Online Course Registration 3.1 ...)
+ TODO: check
+CVE-2025-4772 (A vulnerability has been found in PHPGurukul Online Course Registratio ...)
+ TODO: check
+CVE-2025-4771 (A vulnerability, which was classified as critical, was found in PHPGur ...)
+ TODO: check
+CVE-2025-4770 (A vulnerability, which was classified as critical, has been found in P ...)
+ TODO: check
+CVE-2025-4769 (A vulnerability classified as critical was found in CBEWIN Anytxt Sear ...)
+ TODO: check
+CVE-2025-4768 (A vulnerability classified as critical has been found in feng_ha_ha/me ...)
+ TODO: check
+CVE-2025-4767 (A vulnerability was found in defog-ai introspect up to 0.1.4. It has b ...)
+ TODO: check
+CVE-2025-4766 (A vulnerability was found in PHPGurukul Zoo Management System 2.1. It ...)
+ TODO: check
+CVE-2025-4765 (A vulnerability was found in PHPGurukul Zoo Management System 2.1. It ...)
+ TODO: check
+CVE-2025-4761 (A vulnerability has been found in PHPGurukul Complaint Management Syst ...)
+ TODO: check
+CVE-2025-4758 (A vulnerability classified as critical has been found in PHPGurukul Be ...)
+ TODO: check
+CVE-2025-4679 (A vulnerability in Synology Active Backup for Microsoft 365 allows rem ...)
+ TODO: check
+CVE-2025-4600 (A request smuggling vulnerability existed in the Google Cloud Classic ...)
+ TODO: check
+CVE-2025-4211 (Improper Link Resolution Before File Access ('Link Following') vulnera ...)
+ TODO: check
+CVE-2025-48146 (Cross-Site Request Forgery (CSRF) vulnerability in Michael Lups SEO Fl ...)
+ TODO: check
+CVE-2025-48144 (Cross-Site Request Forgery (CSRF) vulnerability in sidngr Import Expor ...)
+ TODO: check
+CVE-2025-48138 (Missing Authorization vulnerability in berthaai BERTHA AI allows Explo ...)
+ TODO: check
+CVE-2025-48137 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-48136 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-48135 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-48134 (Deserialization of Untrusted Data vulnerability in ShapedPlugin LLC WP ...)
+ TODO: check
+CVE-2025-48132 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-48131 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-48128 (Missing Authorization vulnerability in Sharespine Sharespine Woocommer ...)
+ TODO: check
+CVE-2025-48127 (Missing Authorization vulnerability in App Cheap Push notification for ...)
+ TODO: check
+CVE-2025-48121 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-48120 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
+ TODO: check
+CVE-2025-48119 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
+ TODO: check
+CVE-2025-48117 (Missing Authorization vulnerability in kilbot WooCommerce POS allows E ...)
+ TODO: check
+CVE-2025-48116 (Missing Authorization vulnerability in Ashan Perera EventON allows Acc ...)
+ TODO: check
+CVE-2025-48115 (Cross-Site Request Forgery (CSRF) vulnerability in Javier Revilla Vali ...)
+ TODO: check
+CVE-2025-48114 (Cross-Site Request Forgery (CSRF) vulnerability in Shayan Farhang Pazh ...)
+ TODO: check
+CVE-2025-48113 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-48112 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-48080 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-48079 (Missing Authorization vulnerability in Metagauss ProfileGrid allows E ...)
+ TODO: check
+CVE-2025-47916 (Invision Community 5.0.0 before 5.0.7 allows remote code execution via ...)
+ TODO: check
+CVE-2025-47794 (Nextcloud Server is a self hosted personal cloud system. In Nextcloud ...)
+ TODO: check
+CVE-2025-47793 (Nextcloud Server is a self hosted personal cloud system, and the Nextc ...)
+ TODO: check
+CVE-2025-47792 (Nextcloud Desktop is the desktop sync client for Nextcloud. In version ...)
+ TODO: check
+CVE-2025-47791 (Nextcloud Server is a self hosted personal cloud system. In Nextcloud ...)
+ TODO: check
+CVE-2025-47790 (Nextcloud Server is a self hosted personal cloud system. Nextcloud Ser ...)
+ TODO: check
+CVE-2025-47693 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-47567 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-47564 (Missing Authorization vulnerability in ashanjay EventON allows Accessi ...)
+ TODO: check
+CVE-2025-47563 (Missing Authorization vulnerability in villatheme CURCY allows Accessi ...)
+ TODO: check
+CVE-2025-47562 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
+ TODO: check
+CVE-2025-47560 (Missing Authorization vulnerability in RomanCode MapSVG allows Exploit ...)
+ TODO: check
+CVE-2025-47557 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-47556 (Missing Authorization vulnerability in QuanticaLabs CSS3 Compare Prici ...)
+ TODO: check
+CVE-2025-47534 (Missing Authorization vulnerability in ValvePress Wordpress Auto Spinn ...)
+ TODO: check
+CVE-2025-46464 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-40906 (BSON::XS versions 0.8.4 and earlier for Perl includes a bundled libbso ...)
+ TODO: check
+CVE-2025-40632 (Cross-site scripting (XSS) in Icewarp Mail Server affecting version 11 ...)
+ TODO: check
+CVE-2025-40631 (HTTP host header injection vulnerability in Icewarp Mail Server affect ...)
+ TODO: check
+CVE-2025-40630 (Open redirection vulnerability in IceWarp Mail Server affecting versio ...)
+ TODO: check
+CVE-2025-40629 (PNETLab 4.2.10 does not properly sanitize user inputs in its file acce ...)
+ TODO: check
+CVE-2025-39537 (Authorization Bypass Through User-Controlled Key vulnerability in Chim ...)
+ TODO: check
+CVE-2025-39511 (Missing Authorization vulnerability in ValvePress Pinterest Automatic ...)
+ TODO: check
+CVE-2025-39509 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-39507 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-39493 (Missing Authorization vulnerability in ValvePress Rankie allows Exploi ...)
+ TODO: check
+CVE-2025-39492 (Path Traversal vulnerability in WHMPress WHMpress allows Relative Path ...)
+ TODO: check
+CVE-2025-39491 (Path Traversal vulnerability in WHMPress WHMpress allows Path Traversa ...)
+ TODO: check
+CVE-2025-39482 (Missing Authorization vulnerability in imithemes Eventer allows Exploi ...)
+ TODO: check
+CVE-2025-39481 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-32962 (Flask-AppBuilder is an application development framework built on top ...)
+ TODO: check
+CVE-2025-32643 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-32310 (Cross-Site Request Forgery (CSRF) vulnerability in ThemeMove QuickCal ...)
+ TODO: check
+CVE-2025-32307 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-32306 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-32301 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-32299 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
+ TODO: check
+CVE-2025-32296 (Missing Authorization vulnerability in quantumcloud Simple Link Direct ...)
+ TODO: check
+CVE-2025-32295 (Missing Authorization vulnerability in wordpresschef Salon Booking Pro ...)
+ TODO: check
+CVE-2025-32290 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-32287 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-32245 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-32180 (Missing Authorization vulnerability in QuanticaLabs CSS3 Tooltips for ...)
+ TODO: check
+CVE-2025-31928 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-31926 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-31923 (Missing Authorization vulnerability in QuanticaLabs CSS3 Accordions fo ...)
+ TODO: check
+CVE-2025-31922 (Cross-Site Request Forgery (CSRF) vulnerability in QuanticaLabs CSS3 A ...)
+ TODO: check
+CVE-2025-31921 (Cross-Site Request Forgery (CSRF) vulnerability in loopus WP Ultimate ...)
+ TODO: check
+CVE-2025-31915 (Cross-Site Request Forgery (CSRF) vulnerability in kamleshyadav Pixel ...)
+ TODO: check
+CVE-2025-31641 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-31640 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-31639 (Cross-Site Request Forgery (CSRF) vulnerability in themeton Spare allo ...)
+ TODO: check
+CVE-2025-31637 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-31630 (Missing Authorization vulnerability in themeton The Business allows Ex ...)
+ TODO: check
+CVE-2025-31071 (Missing Authorization vulnerability in themeton HotStar \u2013 Multi-P ...)
+ TODO: check
+CVE-2025-31068 (Cross-Site Request Forgery (CSRF) vulnerability in themeton Seven Star ...)
+ TODO: check
+CVE-2025-31066 (Missing Authorization vulnerability in themeton Acerola allows Exploit ...)
+ TODO: check
+CVE-2025-31065 (Missing Authorization vulnerability in themeton Rozario allows Exploit ...)
+ TODO: check
+CVE-2025-31063 (Missing Authorization vulnerability in redqteam Wishlist allows Exploi ...)
+ TODO: check
+CVE-2025-31062 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
+ TODO: check
+CVE-2025-2306 (An Improper Access Control vulnerability was identified in the file do ...)
+ TODO: check
+CVE-2025-2305 (A Path traversal vulnerability in the file download functionality was ...)
+ TODO: check
+CVE-2025-22233 (CVE-2024-38820 ensured Locale-independent, lowercase conversion for bo ...)
+ TODO: check
+CVE-2025-1975 (A vulnerability in the Ollama server version 0.5.11 allows a malicious ...)
+ TODO: check
+CVE-2024-40120 (seaweedfs v3.68 was discovered to contain a SQL injection vulnerabilit ...)
+ TODO: check
+CVE-2025-40907 (FCGI versions 0.44 through 0.82, for Perl, include a vulnerable versio ...)
- libfcgi-perl 0.79+ds-2
NOTE: https://lists.security.metacpan.org/cve-announce/msg/29651740/
NOTE: Since libfcgi-perl/0.79+ds-1 in experimental libfcgi-perl is repackaged and
NOTE: uses the system libfcgi system library. Use 0.79+ds-2 as the fixed version.
-CVE-2025-37890 [net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc]
+CVE-2025-37890 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/141d34391abbb315d68556b7c67ad97885407547 (6.15-rc5)
CVE-2025-XXXX [Buffer overflow in range of chars in evaluated expressions]
@@ -567,7 +811,7 @@ CVE-2023-5529 (The Advanced Page Visit Counter WordPress plugin before 8.0.6 do
NOT-FOR-US: WordPress plugin
CVE-2023-2334 (The edd-google-sheet-connector-pro WordPress plugin before 1.4, Easy D ...)
NOT-FOR-US: WordPress plugin
-CVE-2025-4476 [libsoup: Null pointer dereference in libsoup may lead to Denial Of Service]
+CVE-2025-4476 (A denial-of-service vulnerability has been identified in the libsoup H ...)
- libsoup3 <unfixed> (bug #1105887)
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/issues/440
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/457
@@ -806,7 +1050,7 @@ CVE-2024-45067 (Incorrect default permissions in some Intel(R) Gaudi(R) software
NOT-FOR-US: Intel
CVE-2024-13914 (The File Manager Advanced Shortcode WordPress plugin for WordPress is ...)
NOT-FOR-US: WordPress plugin
-CVE-2025-4478
+CVE-2025-4478 (A flaw was found in the gnome-remote-desktop used by Anaconda's remote ...)
- gnome-remote-desktop <unfixed>
[bookworm] - gnome-remote-desktop <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2365232
@@ -884,17 +1128,21 @@ CVE-2025-44184 (SourceCodester Best Employee Management System V1.0 is vulnerabl
CVE-2025-40595 (A Server-side request forgery (SSRF) vulnerability has been identified ...)
NOT-FOR-US: SonicWall
CVE-2025-3932 (It was possible to craft an email that showed a tracking link as an at ...)
+ {DSA-5921-1}
- thunderbird 1:128.10.1esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-34/#CVE-2025-3932
CVE-2025-3931 (A flaw was found in Yggdrasil, which acts as a system broker, allowing ...)
NOT-FOR-US: Red Hat Yggdrasil, different from src:yggdrasil
CVE-2025-3909 (Thunderbird's handling of the X-Mozilla-External-Attachment-URL header ...)
+ {DSA-5921-1}
- thunderbird 1:128.10.1esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-34/#CVE-2025-3909
CVE-2025-3877 (A crafted HTML email using mailbox:/// links can trigger automatic, un ...)
+ {DSA-5921-1}
- thunderbird 1:128.10.1esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-34/#CVE-2025-3877
CVE-2025-3875 (Thunderbird parses addresses in a way that can allow sender spoofing i ...)
+ {DSA-5921-1}
- thunderbird 1:128.10.1esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-34/#CVE-2025-3875
CVE-2025-3834 (Zohocorp ManageEngineADAudit Plus versions8510and prior are vulnerable ...)
@@ -1179,7 +1427,8 @@ CVE-2025-20004 (Insufficient control flow management in the Alias Checking Trust
NOT-FOR-US: Intel
CVE-2025-20003 (Improper link resolution before file access ('Link Following') for som ...)
NOT-FOR-US: Intel graphics drivers for Windows
-CVE-2025-0020 (Violation of Secure Design Principles, Hidden Functionality, Incorrect ...)
+CVE-2025-0020
+ REJECTED
NOT-FOR-US: ArcGIS
CVE-2024-52290 (LF Edge eKuiper is a lightweight internet of things (IoT) data analyti ...)
NOT-FOR-US: LF Edge eKuiper
@@ -6551,7 +6800,7 @@ CVE-2024-57698 (An issue in modernwms v.1.0 allows an attacker view the MD5 hash
CVE-2023-4377
REJECTED
CVE-2025-4093 (Memory safety bug present in Firefox ESR 128.9, and Thunderbird 128.9. ...)
- {DSA-5912-1 DSA-5910-1}
+ {DSA-5912-1 DSA-5910-1 DLA-4167-1}
- firefox-esr 128.10.0esr-1
- thunderbird 1:128.10.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-29/#CVE-2025-4093
@@ -6560,7 +6809,7 @@ CVE-2025-4092 (Memory safety bugs present in Firefox 137 and Thunderbird 137. So
- firefox 138.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-28/#CVE-2025-4092
CVE-2025-4091 (Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ES ...)
- {DSA-5912-1 DSA-5910-1}
+ {DSA-5912-1 DSA-5910-1 DLA-4167-1}
- firefox 138.0-1
- firefox-esr 128.10.0esr-1
- thunderbird 1:128.10.0esr-1
@@ -6577,7 +6826,7 @@ CVE-2025-4088 (A security vulnerability in Thunderbird allowed malicious sites t
- firefox 138.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-28/#CVE-2025-4088
CVE-2025-4087 (A vulnerability was identified in Thunderbird where XPath parsing coul ...)
- {DSA-5912-1 DSA-5910-1}
+ {DSA-5912-1 DSA-5910-1 DLA-4167-1}
- firefox 138.0-1
- firefox-esr 128.10.0esr-1
- thunderbird 1:128.10.0esr-1
@@ -6596,7 +6845,7 @@ CVE-2025-4084 (Due to insufficient escaping of the special characters in the "co
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-29/#CVE-2025-4084
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-32/#CVE-2025-4084
CVE-2025-4083 (A process isolation vulnerability in Thunderbird stemmed from improper ...)
- {DSA-5912-1 DSA-5910-1}
+ {DSA-5912-1 DSA-5910-1 DLA-4167-1}
- firefox 138.0-1
- firefox-esr 128.10.0esr-1
- thunderbird 1:128.10.0esr-1
@@ -10899,15 +11148,15 @@ CVE-2024-13177 (Netskope Client on Mac OS is impacted by a vulnerability in whic
CVE-2024-11084 (Helix ALM prior to 2025.1 returns distinct error responses during auth ...)
NOT-FOR-US: Helix ALM
CVE-2025-3523 (When an email contains multiple attachments with external links via th ...)
- {DSA-5912-1}
+ {DSA-5912-1 DLA-4167-1}
- thunderbird 1:128.10.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-27/#CVE-2025-3523
CVE-2025-2830 (By crafting a malformed file name for an attachment in a multipart mes ...)
- {DSA-5912-1}
+ {DSA-5912-1 DLA-4167-1}
- thunderbird 1:128.10.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-27/#CVE-2025-2830
CVE-2025-3522 (Thunderbird processes the X-Mozilla-External-Attachment-URL header to ...)
- {DSA-5912-1}
+ {DSA-5912-1 DLA-4167-1}
- thunderbird 1:128.10.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-27/#CVE-2025-3522
CVE-2025-3622 (A vulnerability, which was classified as critical, has been found in X ...)
@@ -90272,6 +90521,7 @@ CVE-2024-40518 (SeaCMS 12.9 has a remote code execution vulnerability. The vulne
CVE-2024-40110 (Sourcecodester Poultry Farm Management System v1.0 contains an Unauthe ...)
NOT-FOR-US: Sourcecodester Poultry Farm Management System
CVE-2024-39917 (xrdp is an open source RDP server. xrdp versions prior to 0.10.0 have ...)
+ {DLA-4166-1}
- xrdp 0.10.1-1 (bug #1076769)
[bookworm] - xrdp <no-dsa> (Minor issue)
NOTE: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-7w22-h4w7-8j5j
@@ -163849,6 +164099,7 @@ CVE-2023-43125 (BIG-IP APM clients may send IP traffic outside of the VPN tunnel
CVE-2023-43124 (BIG-IP APM clients may send IP traffic outside of the VPN tunnel.Note: ...)
NOT-FOR-US: F5 BIG-IP
CVE-2023-42822 (xrdp is an open source remote desktop protocol server. Access to the f ...)
+ {DLA-4166-1}
[experimental] - xrdp 0.9.24-1
- xrdp 0.9.24-2 (bug #1053284)
[bookworm] - xrdp <no-dsa> (Minor issue)
@@ -166239,7 +166490,7 @@ CVE-2023-3170 (The tagDiv Composer WordPress plugin before 4.2, used as a compan
NOT-FOR-US: WordPress plugin
CVE-2023-3169 (The tagDiv Composer WordPress plugin before 4.2, used as a companion b ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-39780 (ASUS RT-AX55 v3.0.0.4.386.51598 was discovered to contain an authentic ...)
+CVE-2023-39780 (On ASUS RT-AX55 3.0.0.4.386.51598 devices, authenticated attackers can ...)
NOT-FOR-US: ASUS
CVE-2023-39227 (Softneta MedDream PACSstores usernames and passwords in plaintext. The ...)
NOT-FOR-US: Softneta MedDream PACS
@@ -167916,6 +168167,7 @@ CVE-2023-40186 (FreeRDP is a free implementation of the Remote Desktop Protocol
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hcj4-3c3r-5j3v
NOTE: https://github.com/FreeRDP/FreeRDP/commit/d8a1ac342ae375644c70579c33b5cf38fb43b083 (2.11.0)
CVE-2023-40184 (xrdp is an open source remote desktop protocol (RDP) server. In versio ...)
+ {DLA-4166-1}
[experimental] - xrdp 0.9.24-1
- xrdp 0.9.24-2 (bug #1051061)
[bookworm] - xrdp <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fbd213ca6f71b79c1f1c8f8a8c3c8117f5a97c44
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fbd213ca6f71b79c1f1c8f8a8c3c8117f5a97c44
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250516/408b0b53/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list