[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri May 23 21:12:07 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
328ce30d by security tracker role at 2025-05-23T20:11:58+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,379 @@
+CVE-2025-5114 (A vulnerability has been found in easysoft zentaopms 21.5_20250307 and ...)
+ TODO: check
+CVE-2025-5112 (A vulnerability, which was classified as critical, was found in FreeFl ...)
+ TODO: check
+CVE-2025-5111 (A vulnerability, which was classified as critical, has been found in F ...)
+ TODO: check
+CVE-2025-5110 (A vulnerability classified as critical was found in FreeFloat FTP Serv ...)
+ TODO: check
+CVE-2025-5109 (A vulnerability classified as critical has been found in FreeFloat FTP ...)
+ TODO: check
+CVE-2025-5108 (A vulnerability was found in zongzhige ShopXO 6.5.0. It has been rated ...)
+ TODO: check
+CVE-2025-5107 (A vulnerability was found in Fujian Kelixun 1.0. It has been declared ...)
+ TODO: check
+CVE-2025-5106 (A vulnerability was found in Fujian Kelixun 1.0. It has been classifie ...)
+ TODO: check
+CVE-2025-5105 (A vulnerability was found in TOZED ZLT W51 up to 1.4.2 and classified ...)
+ TODO: check
+CVE-2025-5100 (A double-free condition occurs during the cleanup of temporary image f ...)
+ TODO: check
+CVE-2025-5099 (An Out of Bounds Write occurs when the native library attempts PDF ren ...)
+ TODO: check
+CVE-2025-5098 (PrinterShare Android application allows the capture of Gmail authentic ...)
+ TODO: check
+CVE-2025-5096 (The TablePress plugin for WordPress is vulnerable to DOM-Based Stored ...)
+ TODO: check
+CVE-2025-4975 (When a notification relating to low battery appears for a user with wh ...)
+ TODO: check
+CVE-2025-4692 (Actors can use a maliciously crafted JavaScript object notation (JSON) ...)
+ TODO: check
+CVE-2025-4642
+ REJECTED
+CVE-2025-4594 (The Tournamatch plugin for WordPress is vulnerable to Stored Cross-Sit ...)
+ TODO: check
+CVE-2025-4562
+ REJECTED
+CVE-2025-4379 (DobryCMS in versions 2.* and lower is vulnerable to Reflected Cross-Si ...)
+ TODO: check
+CVE-2025-4338 (Lantronix Device installer is vulnerable to XML external entity (XXE) ...)
+ TODO: check
+CVE-2025-48741 (A Broken Access Control vulnerability in StrangeBee TheHive 5.2.0 befo ...)
+ TODO: check
+CVE-2025-48740 (A Cross-Site Request Forgery (CSRF) vulnerability in StrangeBee TheHiv ...)
+ TODO: check
+CVE-2025-48735 (A SQL Injection issue in the request body processing in BOS IPCs with ...)
+ TODO: check
+CVE-2025-48708 (gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscri ...)
+ TODO: check
+CVE-2025-48701 (openDCIM through 23.04 allows SQL injection in people_depts.php becaus ...)
+ TODO: check
+CVE-2025-48695 (An issue was discovered in CyberDAVA before 1.1.20. A privilege escala ...)
+ TODO: check
+CVE-2025-48378 (DNN (formerly DotNetNuke) is an open-source web content management pla ...)
+ TODO: check
+CVE-2025-48377 (DNN (formerly DotNetNuke) is an open-source web content management pla ...)
+ TODO: check
+CVE-2025-48376 (DNN (formerly DotNetNuke) is an open-source web content management pla ...)
+ TODO: check
+CVE-2025-48375 (Schule is open-source school management system software. Prior to vers ...)
+ TODO: check
+CVE-2025-48374 (zot is ancontainer image/artifact registry based on the Open Container ...)
+ TODO: check
+CVE-2025-48373 (Schule is open-source school management system software. The applicati ...)
+ TODO: check
+CVE-2025-48372 (Schule is open-source school management system software. The generateO ...)
+ TODO: check
+CVE-2025-48371 (OpenFGA is an authorization/permission engine. OpenFGA versions 1.8.0 ...)
+ TODO: check
+CVE-2025-48292 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-48289 (Deserialization of Untrusted Data vulnerability in AncoraThemes Kids P ...)
+ TODO: check
+CVE-2025-48287 (Deserialization of Untrusted Data vulnerability in Pagaleve Pix 4x sem ...)
+ TODO: check
+CVE-2025-48286 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-48283 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-48275 (Missing Authorization vulnerability in dastan800 Visual Header allows ...)
+ TODO: check
+CVE-2025-48273 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2025-48271 (Missing Authorization vulnerability in Leadinfo Leadinfo allows Exploi ...)
+ TODO: check
+CVE-2025-48245 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-48241 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-47690 (Missing Authorization vulnerability in smackcoders Lead Form Data Coll ...)
+ TODO: check
+CVE-2025-47687 (Unrestricted Upload of File with Dangerous Type vulnerability in Store ...)
+ TODO: check
+CVE-2025-47680 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-47678 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-47673 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-47672 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-47671 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-47670 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-47663 (Unrestricted Upload of File with Dangerous Type vulnerability in mojoo ...)
+ TODO: check
+CVE-2025-47660 (Deserialization of Untrusted Data vulnerability in Codexpert, Inc WC A ...)
+ TODO: check
+CVE-2025-47658 (Unrestricted Upload of File with Dangerous Type vulnerability in ELEXt ...)
+ TODO: check
+CVE-2025-47646 (Weak Password Recovery Mechanism for Forgotten Password vulnerability ...)
+ TODO: check
+CVE-2025-47642 (Unrestricted Upload of File with Dangerous Type vulnerability in Ajar ...)
+ TODO: check
+CVE-2025-47641 (Unrestricted Upload of File with Dangerous Type vulnerability in print ...)
+ TODO: check
+CVE-2025-47640 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-47637 (Unrestricted Upload of File with Dangerous Type vulnerability in STAGG ...)
+ TODO: check
+CVE-2025-47631 (Incorrect Privilege Assignment vulnerability in mojoomla Hospital Mana ...)
+ TODO: check
+CVE-2025-47619 (Missing Authorization vulnerability in 6Storage 6Storage Rentals allow ...)
+ TODO: check
+CVE-2025-47618 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-47613 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-47611 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-47603 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2025-47599 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-47575 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-47568 (Deserialization of Untrusted Data vulnerability in ZoomIt ZoomSounds a ...)
+ TODO: check
+CVE-2025-47558 (Missing Authorization vulnerability in RomanCode MapSVG allows Accessi ...)
+ TODO: check
+CVE-2025-47541 (Insertion of Sensitive Information Into Sent Data vulnerability in WPF ...)
+ TODO: check
+CVE-2025-47539 (Incorrect Privilege Assignment vulnerability in Themewinter Eventin al ...)
+ TODO: check
+CVE-2025-47535 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2025-47532 (Deserialization of Untrusted Data vulnerability in CoinPayments CoinPa ...)
+ TODO: check
+CVE-2025-47530 (Deserialization of Untrusted Data vulnerability in WPFunnels WPFunnels ...)
+ TODO: check
+CVE-2025-47529 (Missing Authorization vulnerability in UX Design Experts Experto CTA W ...)
+ TODO: check
+CVE-2025-47513 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2025-47512 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2025-47492 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2025-47478 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-47461 (Authentication Bypass Using an Alternate Path or Channel vulnerability ...)
+ TODO: check
+CVE-2025-47458 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-47453 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-47438 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-47181 (Improper link resolution before file access ('link following') in Micr ...)
+ TODO: check
+CVE-2025-47149 (The optional feature 'Anti-Virus & Sandbox' of i-FILTER contains an is ...)
+ TODO: check
+CVE-2025-46539 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-46537 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-46527 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2025-46526 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-46518 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-46515 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-46493 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-46490 (Unrestricted Upload of File with Dangerous Type vulnerability in wordw ...)
+ TODO: check
+CVE-2025-46488 (Missing Authorization vulnerability in dastan800 Visual Builder allows ...)
+ TODO: check
+CVE-2025-46487 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-46486 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2025-46474 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-46468 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-46463 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-46460 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-46458 (Cross-Site Request Forgery (CSRF) vulnerability in x000x occupancyplan ...)
+ TODO: check
+CVE-2025-46456 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-46455 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-46454 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-46448 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-46446 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-46444 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-46440 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-46437 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-46176 (Hardcoded credentials in the Telnet service in D-Link DIR-605L v2.13B0 ...)
+ TODO: check
+CVE-2025-44998 (A stored cross-site scripting (XSS) vulnerability in the component /ti ...)
+ TODO: check
+CVE-2025-43860 (OpenEMR is a free and open source electronic health records and medica ...)
+ TODO: check
+CVE-2025-41407 (Zohocorp ManageEngine ADAudit Plus versions below 8511 are vulnerable ...)
+ TODO: check
+CVE-2025-41380 (Iridium Certus 700 version 1.0.1 has an embedded credentials vulnerabi ...)
+ TODO: check
+CVE-2025-41379 (The Intellian C700 web panel allows you to add firewall rules. Each of ...)
+ TODO: check
+CVE-2025-41378 (The SSID field is not parsed correctly and can be used to inject comma ...)
+ TODO: check
+CVE-2025-41377 (Cryptographic vulnerability in Iridium Certus 700. This vulnerability ...)
+ TODO: check
+CVE-2025-3895 (Token used for resetting passwords in MegaBIP softwareare generated us ...)
+ TODO: check
+CVE-2025-3894 (Text editor embedded into MegaBIP software does not neutralize user in ...)
+ TODO: check
+CVE-2025-3893 (While editing pages managed by MegaBIP a user with high privileges is ...)
+ TODO: check
+CVE-2025-3580 (An access control vulnerability was discovered in Grafana OSS where an ...)
+ TODO: check
+CVE-2025-39536 (Missing Authorization vulnerability in Chimpstudio JobHunt Job Alerts ...)
+ TODO: check
+CVE-2025-39506 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-39505 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-39504 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-39503 (Deserialization of Untrusted Data vulnerability in GoodLayers Goodlaye ...)
+ TODO: check
+CVE-2025-39502 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-39501 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-39500 (Deserialization of Untrusted Data vulnerability in GoodLayers Goodlaye ...)
+ TODO: check
+CVE-2025-39499 (Deserialization of Untrusted Data vulnerability in BoldThemes Medicare ...)
+ TODO: check
+CVE-2025-39495 (Deserialization of Untrusted Data vulnerability in BoldThemes Avantage ...)
+ TODO: check
+CVE-2025-39494 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-39490 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-39489 (Incorrect Privilege Assignment vulnerability in pebas CouponXL allows ...)
+ TODO: check
+CVE-2025-39485 (Deserialization of Untrusted Data vulnerability in ThemeGoods Grand To ...)
+ TODO: check
+CVE-2025-39480 (Deserialization of Untrusted Data vulnerability in ThemeMakers Car Dea ...)
+ TODO: check
+CVE-2025-36527 (Zohocorp ManageEngineADAudit Plus versions below 8511 are vulnerable t ...)
+ TODO: check
+CVE-2025-32967 (OpenEMR is a free and open source electronic health records and medica ...)
+ TODO: check
+CVE-2025-32794 (OpenEMR is a free and open source electronic health records and medica ...)
+ TODO: check
+CVE-2025-32309 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-32302 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-32294 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-32293 (Deserialization of Untrusted Data vulnerability in designthemes Financ ...)
+ TODO: check
+CVE-2025-32292 (Deserialization of Untrusted Data vulnerability in AncoraThemes Jarvis ...)
+ TODO: check
+CVE-2025-32289 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-32286 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-32285 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-32284 (Deserialization of Untrusted Data vulnerability in designthemes Pet Wo ...)
+ TODO: check
+CVE-2025-31927 (Deserialization of Untrusted Data vulnerability in themeton Acerola al ...)
+ TODO: check
+CVE-2025-31924 (Deserialization of Untrusted Data vulnerability in designthemes Crafts ...)
+ TODO: check
+CVE-2025-31918 (Incorrect Privilege Assignment vulnerability in quantumcloud Simple Bu ...)
+ TODO: check
+CVE-2025-31916 (Unrestricted Upload of File with Dangerous Type vulnerability in joy20 ...)
+ TODO: check
+CVE-2025-31914 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-31913 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-31912 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-31636 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-31633 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-31632 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-31631 (Deserialization of Untrusted Data vulnerability in AncoraThemes Fish H ...)
+ TODO: check
+CVE-2025-31430 (Deserialization of Untrusted Data vulnerability in themeton The Busine ...)
+ TODO: check
+CVE-2025-31423 (Deserialization of Untrusted Data vulnerability in AncoraThemes Umbert ...)
+ TODO: check
+CVE-2025-31397 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-31069 (Deserialization of Untrusted Data vulnerability in themeton HotStar \u ...)
+ TODO: check
+CVE-2025-31064 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-31060 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-31056 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-31053 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2025-31049 (Deserialization of Untrusted Data vulnerability in themeton Dash allow ...)
+ TODO: check
+CVE-2025-2394 (Ecovacs Home Android and iOS Mobile Applications up to version 3.3.0 c ...)
+ TODO: check
+CVE-2025-24917 (In Tenable Network Monitor versions prior to 6.5.1 on a Windows host, ...)
+ TODO: check
+CVE-2025-24916 (When installing Tenable Network Monitor to a non-default location on a ...)
+ TODO: check
+CVE-2025-1123 (The Solid Mail \u2013 SMTP email and logging made by SolidWP plugin fo ...)
+ TODO: check
+CVE-2024-9163 (A business logic error in GitLab CE/EE affecting all versions starting ...)
+ TODO: check
+CVE-2024-7803 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
+ TODO: check
+CVE-2024-51360 (An issue in Hospital Management System In PHP V4.0 allows a remote att ...)
+ TODO: check
+CVE-2024-51108 (Multiple stored cross-site scripting (XSS) vulnerabilities in the comp ...)
+ TODO: check
+CVE-2024-51107 (Multiple stored cross-site scripting (XSS) vulnerabilities in the comp ...)
+ TODO: check
+CVE-2024-51103 (PHPGURUKUL Student Management System using PHP and MySQL v1 was discov ...)
+ TODO: check
+CVE-2024-51102 (PHPGURUKUL Student Management System using PHP and MySQL v1 was discov ...)
+ TODO: check
+CVE-2024-51101 (PHPGURUKUL Restaurant Table Booking System using PHP and MySQL v1.0 wa ...)
+ TODO: check
+CVE-2024-51099 (A reflected cross-site scripting (XSS) vulnerability in the component ...)
+ TODO: check
+CVE-2024-48704 (Phpgurukul Medical Card Generation System v1.0 is vulnerable to HTML I ...)
+ TODO: check
+CVE-2024-48702 (PHPGurukul Old Age Home Management System v1.0 is vulnerable to HTML I ...)
+ TODO: check
+CVE-2024-13945 (Stored Absolute Path Traversal vulnerabilities in ASPECT could expose ...)
+ TODO: check
+CVE-2023-53154 (parse_string in cJSON before 1.7.18 has a heap-based buffer over-read ...)
+ TODO: check
+CVE-2023-34873 (On MOBOTIX P3 cameras before MX-V4.7.2.18 and Mx6 cameras before MX-V5 ...)
+ TODO: check
+CVE-2018-25110 (Marked prior to version 0.3.17 is vulnerable to a Regular Expression D ...)
+ TODO: check
CVE-2025-40909 [Thread creation while a directory handle is open does a fchdir, affecting other threads (race condition)]
- perl <unfixed> (bug #1098226)
[bookworm] - perl <postponed> (Minor issue; decide for DSA or no-DSA once upstream lands a fix)
@@ -2912,7 +3288,7 @@ CVE-2024-45067 (Incorrect default permissions in some Intel(R) Gaudi(R) software
NOT-FOR-US: Intel
CVE-2024-13914 (The File Manager Advanced Shortcode WordPress plugin for WordPress is ...)
NOT-FOR-US: WordPress plugin
-CVE-2025-4478 (A flaw was found in the gnome-remote-desktop used by Anaconda's remote ...)
+CVE-2025-4478 (A flaw was found in the FreeRDP used by Anaconda's remote install feat ...)
- freerdp3 <unfixed> (bug #1105917)
- freerdp2 <removed>
[bullseye] - freerdp2 <not-affected> (Vulnerable code introduced later)
@@ -4048,44 +4424,44 @@ CVE-2024-55466 (An arbitrary file upload vulnerability in the Image Gallery of T
CVE-2023-34732 (An issue in the userId parameter in the change password function of Fl ...)
NOT-FOR-US: Flytxt NEON-dX
CVE-2025-20054 (Uncaught exception in the core management mechanism for some Intel(R) ...)
- {DLA-4170-1}
+ {DSA-5924-1 DLA-4170-1}
- intel-microcode 3.20250512.1 (bug #1105172)
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01244.html
NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250512
CVE-2025-20103 (Insufficient resource pool in the core management mechanism for some I ...)
- {DLA-4170-1}
+ {DSA-5924-1 DLA-4170-1}
- intel-microcode 3.20250512.1 (bug #1105172)
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01244.html
NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250512
CVE-2024-45332 (Exposure of sensitive information caused by shared microarchitectural ...)
- {DLA-4170-1}
+ {DSA-5924-1 DLA-4170-1}
- intel-microcode 3.20250512.1 (bug #1105172)
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01247.html
NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250512
NOTE: https://comsec.ethz.ch/research/microarch/branch-privilege-injection/
NOTE: https://comsec.ethz.ch/wp-content/files/bprc_sec25.pdf
CVE-2025-20623 (Exposure of sensitive information caused by shared microarchitectural ...)
- {DLA-4170-1}
+ {DSA-5924-1 DLA-4170-1}
- intel-microcode 3.20250512.1 (bug #1105172)
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01247.html
NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250512
CVE-2024-43420 (Exposure of sensitive information caused by shared microarchitectural ...)
- {DLA-4170-1}
+ {DSA-5924-1 DLA-4170-1}
- intel-microcode 3.20250512.1 (bug #1105172)
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01247.html
NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250512
CVE-2025-20012 (Incorrect behavior order for some Intel(R) Core\u2122 Ultra Processors ...)
- {DLA-4170-1}
+ {DSA-5924-1 DLA-4170-1}
- intel-microcode 3.20250512.1 (bug #1105172)
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01322.html
NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250512
CVE-2025-24495 (Incorrect initialization of resource in the branch prediction unit for ...)
- {DLA-4170-1}
+ {DSA-5924-1 DLA-4170-1}
- intel-microcode 3.20250512.1 (bug #1105172)
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01322.html
NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250512
CVE-2024-28956 (Exposure of Sensitive Information in Shared Microarchitectural Structu ...)
- {DLA-4170-1}
+ {DSA-5924-1 DLA-4170-1}
- intel-microcode 3.20250512.1 (bug #1105172)
- linux 6.12.29-1
- xen <unfixed> (bug #1105193)
@@ -4176,7 +4552,7 @@ CVE-2025-4542 (A vulnerability, which was classified as problematic, has been fo
NOT-FOR-US: Freeebird Hotel API
CVE-2025-4541 (A vulnerability classified as critical has been found in LmxCMS 1.41. ...)
NOT-FOR-US: LmxCMS
-CVE-2025-4540 (A vulnerability was found in MTSoftware C-Lodop 6.6.1.1. It has been r ...)
+CVE-2025-4540 (A vulnerability was found in MTSoftware C-Lodop 6.6.1.1 on Windows. It ...)
NOT-FOR-US: MTSoftware C-Lodop
CVE-2025-4539 (A vulnerability was found in Hainan ToDesk 4.7.6.3. It has been declar ...)
NOT-FOR-US: Hainan ToDesk
@@ -36660,7 +37036,7 @@ CVE-2024-56470 (IBM Aspera Shares1.9.0 through 1.10.0 PL6 is vulnerable to serv
NOT-FOR-US: IBM
CVE-2024-54853 (A Stored Cross-Site Scripting (XSS) vulnerability was identified affec ...)
NOT-FOR-US: Skybox Change Manager
-CVE-2024-51547 (Credentials/keys may be disclosed in ASPECT exposing sensitive informa ...)
+CVE-2024-51547 (Use of Hard-coded Credentials vulnerability in ABB ASPECT-Enterprise, ...)
NOT-FOR-US: ABB
CVE-2024-51450 (IBM Security Verify Directory 10.0.0 through 10.0.3 could allow a remo ...)
NOT-FOR-US: IBM
@@ -262850,8 +263226,8 @@ CVE-2022-31813 (Apache HTTP Server 2.4.53 and earlier may not send the X-Forward
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-31813
NOTE: https://github.com/apache/httpd/commit/956f708b094698ac9ad570d640d4f30eb0df7305
NOTE: https://www.synacktiv.com/publications/cve-2022-31813-forwarding-addresses-is-hard.html
-CVE-2022-31812
- RESERVED
+CVE-2022-31812 (A vulnerability has been identified in SiPass integrated (All versions ...)
+ TODO: check
CVE-2022-31811
RESERVED
CVE-2022-31810 (A vulnerability has been identified in SiPass integrated (All versions ...)
@@ -262860,8 +263236,8 @@ CVE-2022-31809
RESERVED
CVE-2022-31808 (A vulnerability has been identified in SiPass integrated AC5102 (ACC-G ...)
NOT-FOR-US: SiPass
-CVE-2022-31807
- RESERVED
+CVE-2022-31807 (A vulnerability has been identified in SiPass integrated AC5102 (ACC-G ...)
+ TODO: check
CVE-2022-31806 (In CODESYS V2 PLCWinNT and Runtime Toolkit 32 in versions prior to V2. ...)
NOT-FOR-US: CODESYS
CVE-2022-31805 (In the CODESYS Development System multiple components in multiple vers ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/328ce30dee308711638f562b5ca697b61d9074d6
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/328ce30dee308711638f562b5ca697b61d9074d6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250523/cd2ff9d0/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list