[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed May 21 21:13:03 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
33bb491e by security tracker role at 2025-05-21T20:12:55+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,184 @@
-CVE-2025-40775
+CVE-2025-5051 (A vulnerability classified as critical has been found in FreeFloat FTP ...)
+	TODO: check
+CVE-2025-5050 (A vulnerability was found in FreeFloat FTP Server 1.0. It has been rat ...)
+	TODO: check
+CVE-2025-5049 (A vulnerability was found in FreeFloat FTP Server 1.0. It has been dec ...)
+	TODO: check
+CVE-2025-5033 (A vulnerability classified as problematic was found in XiaoBingby TeaC ...)
+	TODO: check
+CVE-2025-5032 (A vulnerability classified as critical has been found in Campcodes Onl ...)
+	TODO: check
+CVE-2025-5031 (A vulnerability was found in Ackites KillWxapkg up to 2.4.1. It has be ...)
+	TODO: check
+CVE-2025-5030 (A vulnerability was found in Ackites KillWxapkg up to 2.4.1. It has be ...)
+	TODO: check
+CVE-2025-5029 (A vulnerability has been found in Kingdee Cloud Galaxy Private Cloud B ...)
+	TODO: check
+CVE-2025-5020 (Opening maliciously-crafted URLs in Firefox from other apps such as Sa ...)
+	TODO: check
+CVE-2025-4803 (The Glossary by WPPedia \u2013 Best Glossary plugin for WordPress plug ...)
+	TODO: check
+CVE-2025-4611 (The Slim SEO \u2013 Fast & Automated WordPress SEO Plugin plugin for W ...)
+	TODO: check
+CVE-2025-4416 (Allocation of Resources Without Limits or Throttling vulnerability in  ...)
+	TODO: check
+CVE-2025-4415 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-4221 (The Animated Buttons plugin for WordPress is vulnerable to Stored Cros ...)
+	TODO: check
+CVE-2025-4219 (The DPEPress plugin for WordPress is vulnerable to Stored Cross-Site S ...)
+	TODO: check
+CVE-2025-4217 (The WP YouTube Video Optimizer plugin for WordPress is vulnerable to S ...)
+	TODO: check
+CVE-2025-4105 (The Splitit plugin for WordPress is vulnerable to unauthorized modific ...)
+	TODO: check
+CVE-2025-4008 (The Meteobridge web interface let meteobridge administrator manage the ...)
+	TODO: check
+CVE-2025-48417 (The certificate and private key used for providing transport layer sec ...)
+	TODO: check
+CVE-2025-48416 (An OpenSSH daemon listens on TCP port 22. There is a hard-coded entry  ...)
+	TODO: check
+CVE-2025-48415 (A USB backdoor feature can be triggered by attaching a USB drive that  ...)
+	TODO: check
+CVE-2025-48414 (There are several scripts in the web interface that are accessible via ...)
+	TODO: check
+CVE-2025-48413 (The `/etc/passwd` and `/etc/shadow` files reveal hard-coded password h ...)
+	TODO: check
+CVE-2025-48207 (The reint_downloadmanager extension through 5.0.0 for TYPO3 allows Ins ...)
+	TODO: check
+CVE-2025-48206 (The ns_backup extension through 13.0.0 for TYPO3 allows XSS.)
+	TODO: check
+CVE-2025-48205 (The sr_feuser_register extension through 12.4.8 for TYPO3 allows Insec ...)
+	TODO: check
+CVE-2025-48204 (The ns_backup extension through 13.0.0 for TYPO3 allows command inject ...)
+	TODO: check
+CVE-2025-48203 (The cs_seo extension through 9.2.0 for TYPO3 allows XSS.)
+	TODO: check
+CVE-2025-48202 (The femanager extension through 8.2.1 for TYPO3 allows Insecure Direct ...)
+	TODO: check
+CVE-2025-48201 (The ns_backup extension through 13.0.0 for TYPO3 has a Predictable Res ...)
+	TODO: check
+CVE-2025-48200 (The sr_feuser_register extension through 12.4.8 for TYPO3 allows Remot ...)
+	TODO: check
+CVE-2025-48069 (ejson2env allows users to decrypt EJSON secrets and export them as env ...)
+	TODO: check
+CVE-2025-48064 (GitHub Desktop is an open-source, Electron-based GitHub app designed f ...)
+	TODO: check
+CVE-2025-48063 (XWiki is a generic wiki platform. In XWiki 16.10.0, required rights we ...)
+	TODO: check
+CVE-2025-48060 (jq is a command-line JSON processor. In versions up to and including 1 ...)
+	TODO: check
+CVE-2025-48012 (Authentication Bypass by Capture-replay vulnerability in Drupal One Ti ...)
+	TODO: check
+CVE-2025-48011 (Authentication Bypass Using an Alternate Path or Channel vulnerability ...)
+	TODO: check
+CVE-2025-48010 (Authentication Bypass Using an Alternate Path or Channel vulnerability ...)
+	TODO: check
+CVE-2025-48009 (Missing Authorization vulnerability in Drupal Single Content Sync allo ...)
+	TODO: check
+CVE-2025-47291 (containerd is an open-source container runtime. A bug was found in the ...)
+	TODO: check
+CVE-2025-46822 (OsamaTaher/Java-springboot-codebase is a collection of Java and Spring ...)
+	TODO: check
+CVE-2025-46412 (Affected Vertiv products do not properly protect webserver functions t ...)
+	TODO: check
+CVE-2025-45755 (A Stored Cross-Site Scripting (XSS) vulnerability exists in Vtiger CRM ...)
+	TODO: check
+CVE-2025-45754 (A stored cross-site scripting (XSS) vulnerability exists in SeedDMS 6. ...)
+	TODO: check
+CVE-2025-45752 (A vulnerability in SeedDMS 6.0.32 allows an attacker with admin privil ...)
+	TODO: check
+CVE-2025-44895 (FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow ...)
+	TODO: check
+CVE-2025-44892 (FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow ...)
+	TODO: check
+CVE-2025-44083 (An issue in D-Link DI-8100 16.07.26A1 allows a remote attacker to bypa ...)
+	TODO: check
+CVE-2025-41426 (Affected Vertiv products contain a stack based buffer overflow vulnera ...)
+	TODO: check
+CVE-2025-41232 (Spring Security Aspects may not correctly locate method security annot ...)
+	TODO: check
+CVE-2025-3781 (The Raisely Donation Form plugin for WordPress is vulnerable to Stored ...)
+	TODO: check
+CVE-2025-3751 (The component listed above contains a vulnerability that can be exploi ...)
+	TODO: check
+CVE-2025-3750 (The Network Posts Extended plugin for WordPress is vulnerable to Store ...)
+	TODO: check
+CVE-2025-36535 (The embedded web server lacks authentication and access controls, allo ...)
+	TODO: check
+CVE-2025-2261 (Stored XSS in TIBCO ActiveMatrix Administrator allows malicious data t ...)
+	TODO: check
+CVE-2025-2102 (Improper Link Resolution Before File Access ('Link Following') vulnera ...)
+	TODO: check
+CVE-2025-27998 (An issue in Valvesoftware Steam Client Steam Client 1738026274 allows  ...)
+	TODO: check
+CVE-2025-27997 (An issue in Blizzard Battle.net v2.40.0.15267 allows attackers to esca ...)
+	TODO: check
+CVE-2025-27804 (Several OS command injection vulnerabilities exist in the device firmw ...)
+	TODO: check
+CVE-2025-27803 (The devices do not implement any authentication for the web interface  ...)
+	TODO: check
+CVE-2025-27558 (IEEE P802.11-REVme D1.1 through D7.0 allows FragAttacks against mesh n ...)
+	TODO: check
+CVE-2025-25539 (Local File Inclusion vulnerability in Vasco v3.14and before allows a r ...)
+	TODO: check
+CVE-2025-20267 (A vulnerability in the web-based management interface of Cisco Identit ...)
+	TODO: check
+CVE-2025-20258 (A vulnerability in the self-service portal of Cisco Duo could allow an ...)
+	TODO: check
+CVE-2025-20257 (A vulnerability in an API subsystem of Cisco Secure Network Analytics  ...)
+	TODO: check
+CVE-2025-20256 (A vulnerability in the web-based management interface of Cisco Secure  ...)
+	TODO: check
+CVE-2025-20255 (A vulnerability in client join services of Cisco Webex Meetings could  ...)
+	TODO: check
+CVE-2025-20250 (A vulnerability in Cisco Webex could allow an unauthenticated, remote  ...)
+	TODO: check
+CVE-2025-20247 (A vulnerability in Cisco Webex could allow an unauthenticated, remote  ...)
+	TODO: check
+CVE-2025-20246 (A vulnerability in Cisco Webex could allow an unauthenticated, remote  ...)
+	TODO: check
+CVE-2025-20242 (A vulnerability in the Cloud Connect component of Cisco Unified Contac ...)
+	TODO: check
+CVE-2025-20152 (A vulnerability in the RADIUS message processing feature of Cisco Iden ...)
+	TODO: check
+CVE-2025-20114 (A vulnerability in the API of Cisco Unified Intelligence Center could  ...)
+	TODO: check
+CVE-2025-20113 (A vulnerability in Cisco Unified Intelligence Center could allow an au ...)
+	TODO: check
+CVE-2025-20112 (A vulnerability in multiple Cisco Unified Communications and Contact C ...)
+	TODO: check
+CVE-2025-1712 (Argument injection in special agent configuration in Checkmk <2.4.0p1, ...)
+	TODO: check
+CVE-2025-1421 (Data provided in a request performed to the server while activating a  ...)
+	TODO: check
+CVE-2025-1420 (Input provided in a field containing "activationMessage"in Konsola Pro ...)
+	TODO: check
+CVE-2025-1419 (Input provided in comment section of Konsola Proget is not sanitized c ...)
+	TODO: check
+CVE-2025-1418 (A low-privileged user can access information about profiles created in ...)
+	TODO: check
+CVE-2025-1417 (In Proget MDM, a low-privileged user can access information about chan ...)
+	TODO: check
+CVE-2025-1416 (In Proget MDM, a low-privileged user can retrieve passwords for manage ...)
+	TODO: check
+CVE-2025-1415 (A low-privileged user is able to obtain information about tasks execut ...)
+	TODO: check
+CVE-2025-0372 (Concurrent Execution using Shared Resource with Improper Synchronizati ...)
+	TODO: check
+CVE-2024-57529 (Cross Site Scripting vulnerability in Jeppesen JetPlanner Pro v.1.6.2. ...)
+	TODO: check
+CVE-2024-56429 (itech iLabClient 3.7.1 relies on the hard-coded YngAYdgAE/kKZYu2F2wm6w ...)
+	TODO: check
+CVE-2024-56428 (The local iLabClient database in itech iLabClient 3.7.1 allows local a ...)
+	TODO: check
+CVE-2024-42922 (AAPanel v7.0.7 was discovered to contain an OS command injection vulne ...)
+	TODO: check
+CVE-2024-23337 (jq is a command-line JSON processor. In versions up to and including 1 ...)
+	TODO: check
+CVE-2024-12561 (The Affiliate Sales in Google Analytics and other tools plugin for Wor ...)
+	TODO: check
+CVE-2025-40775 (When an incoming DNS protocol message includes a Transaction Signature ...)
 	- bind9 1:9.20.9-1
 	[bookworm] - bind9 <not-affected> (Vulnerable code not present)
 	[bullseye] - bind9 <not-affected> (Vulnerable code not present)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/33bb491ec92d8568e9e421768359aaf32df861ee

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/33bb491ec92d8568e9e421768359aaf32df861ee
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250521/7d6999d6/attachment.htm>

More information about the debian-security-tracker-commits mailing list