[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Oct 14 21:13:08 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
dc508707 by security tracker role at 2025-10-14T20:13:00+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,76 +1,730 @@
+CVE-2025-9437 (A security issue exists within the Studio 5000 Logix Designer add-on p ...)
+ TODO: check
+CVE-2025-9178 (A denial-of-service security issue exists in the affected product and ...)
+ TODO: check
+CVE-2025-9177 (A denial-of-service security issue exists in the affected product and ...)
+ TODO: check
+CVE-2025-9124 (A denial-of-service security issue in the affected product. The securi ...)
+ TODO: check
+CVE-2025-9068 (A security issue exists within the Rockwell Automation Driver Package ...)
+ TODO: check
+CVE-2025-9067 (A security issue exists within the x86 Microsoft Installer File (MSI), ...)
+ TODO: check
+CVE-2025-9066 (A security issue was discovered within FactoryTalk\xae ViewPoint, allo ...)
+ TODO: check
+CVE-2025-9064 (A path traversal security issue exists within FactoryTalk View Machine ...)
+ TODO: check
+CVE-2025-9063 (An authentication bypass security issue exists within FactoryTalk View ...)
+ TODO: check
+CVE-2025-8459 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2025-8430 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2025-8429 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2025-8428 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2025-7330 (A cross-site request forgery security issue exists in the product and ...)
+ TODO: check
+CVE-2025-7329 (A Stored Cross-Site Scripting security issue exists in the affected pr ...)
+ TODO: check
+CVE-2025-7328 (Multiple Broken Authentication security issues exist in the affected p ...)
+ TODO: check
+CVE-2025-62366 (mailgen is a Node.js package that generates responsive HTML e-mails fo ...)
+ TODO: check
+CVE-2025-62172 (Home Assistant is open source home automation software that puts local ...)
+ TODO: check
+CVE-2025-62157 (Argo Workflows is an open source container-native workflow engine for ...)
+ TODO: check
+CVE-2025-62156 (Argo Workflows is an open source container-native workflow engine for ...)
+ TODO: check
+CVE-2025-61807 (Substance3D - Stager versions 3.1.4 and earlier are affected by an Int ...)
+ TODO: check
+CVE-2025-61806 (Substance3D - Stager versions 3.1.4 and earlier are affected by an out ...)
+ TODO: check
+CVE-2025-61805 (Substance3D - Stager versions 3.1.4 and earlier are affected by an out ...)
+ TODO: check
+CVE-2025-61803 (Substance3D - Stager versions 3.1.4 and earlier are affected by an Int ...)
+ TODO: check
+CVE-2025-61802 (Substance3D - Stager versions 3.1.4 and earlier are affected by a Use ...)
+ TODO: check
+CVE-2025-61801 (Dimension versions 4.1.4 and earlier are affected by a Use After Free ...)
+ TODO: check
+CVE-2025-61800 (Dimension versions 4.1.4 and earlier are affected by an Integer Overfl ...)
+ TODO: check
+CVE-2025-61799 (Dimension versions 4.1.4 and earlier are affected by an out-of-bounds ...)
+ TODO: check
+CVE-2025-61798 (Dimension versions 4.1.4 and earlier are affected by an out-of-bounds ...)
+ TODO: check
+CVE-2025-61678 (FreePBX Endpoint Manager is a module for managing telephony endpoints ...)
+ TODO: check
+CVE-2025-61675 (FreePBX Endpoint Manager is a module for managing telephony endpoints ...)
+ TODO: check
+CVE-2025-60540 (karakeep v0.26.0 to v0.7.0 was discovered to contain a Server-Side Req ...)
+ TODO: check
+CVE-2025-60537 (Improper input validation in the component /kafka/ui/serdes/CustomSerd ...)
+ TODO: check
+CVE-2025-60536 (An issue in the Configure New Cluster interface of kafka-ui v0.6.0 to ...)
+ TODO: check
+CVE-2025-60535 (A Cross-Site Request Forgery (CSRF) in the component /endpoints/curren ...)
+ TODO: check
+CVE-2025-60374 (Stored Cross-Site Scripting (XSS) in Perfex CRM chatbot before 3.3.1 a ...)
+ TODO: check
+CVE-2025-5946 (Improper Neutralization of Special Elements used in an OS Command ('OS ...)
+ TODO: check
+CVE-2025-59921 (An exposure of sensitive information to an unauthorized actor vulnerab ...)
+ TODO: check
+CVE-2025-59502 (Uncontrolled resource consumption in Windows Remote Procedure Call all ...)
+ TODO: check
+CVE-2025-59497 (Time-of-check time-of-use (toctou) race condition in Microsoft Defende ...)
+ TODO: check
+CVE-2025-59494 (Improper access control in Azure Monitor Agent allows an authorized at ...)
+ TODO: check
+CVE-2025-59429 (FreePBX is an open source GUI for managing Asterisk. In versions prior ...)
+ TODO: check
+CVE-2025-59428 (EspoCRM is an open source customer relationship management application ...)
+ TODO: check
+CVE-2025-59295 (Heap-based buffer overflow in Internet Explorer allows an unauthorized ...)
+ TODO: check
+CVE-2025-59294 (Exposure of sensitive information to an unauthorized actor in Windows ...)
+ TODO: check
+CVE-2025-59292 (External control of file name or path in Confidential Azure Container ...)
+ TODO: check
+CVE-2025-59291 (External control of file name or path in Confidential Azure Container ...)
+ TODO: check
+CVE-2025-59290 (Use after free in Windows Bluetooth Service allows an authorized attac ...)
+ TODO: check
+CVE-2025-59289 (Double free in Windows Bluetooth Service allows an authorized attacker ...)
+ TODO: check
+CVE-2025-59288 (Improper verification of cryptographic signature in GitHub allows an u ...)
+ TODO: check
+CVE-2025-59287 (Deserialization of untrusted data in Windows Server Update Service all ...)
+ TODO: check
+CVE-2025-59285 (Deserialization of untrusted data in Azure Monitor Agent allows an aut ...)
+ TODO: check
+CVE-2025-59284 (Exposure of sensitive information to an unauthorized actor in Windows ...)
+ TODO: check
+CVE-2025-59282 (Concurrent execution using shared resource with improper synchronizati ...)
+ TODO: check
+CVE-2025-59281 (Improper link resolution before file access ('link following') in XBox ...)
+ TODO: check
+CVE-2025-59280 (Improper authentication in Windows SMB Client allows an unauthorized a ...)
+ TODO: check
+CVE-2025-59278 (Improper validation of specified type of input in Windows Authenticati ...)
+ TODO: check
+CVE-2025-59277 (Improper validation of specified type of input in Windows Authenticati ...)
+ TODO: check
+CVE-2025-59275 (Improper validation of specified type of input in Windows Authenticati ...)
+ TODO: check
+CVE-2025-59261 (Time-of-check time-of-use (toctou) race condition in Microsoft Graphic ...)
+ TODO: check
+CVE-2025-59260 (Exposure of sensitive information to an unauthorized actor in Microsof ...)
+ TODO: check
+CVE-2025-59259 (Improper validation of specified type of input in Windows Local Sessio ...)
+ TODO: check
+CVE-2025-59258 (Insertion of sensitive information into log file in Active Directory F ...)
+ TODO: check
+CVE-2025-59257 (Improper validation of specified type of input in Windows Local Sessio ...)
+ TODO: check
+CVE-2025-59255 (Heap-based buffer overflow in Windows DWM Core Library allows an autho ...)
+ TODO: check
+CVE-2025-59254 (Heap-based buffer overflow in Windows DWM Core Library allows an autho ...)
+ TODO: check
+CVE-2025-59253 (Improper access control in Microsoft Windows Search Component allows a ...)
+ TODO: check
+CVE-2025-59250 (Improper input validation in JDBC Driver for SQL Server allows an unau ...)
+ TODO: check
+CVE-2025-59249 (Weak authentication in Microsoft Exchange Server allows an authorized ...)
+ TODO: check
+CVE-2025-59248 (Improper input validation in Microsoft Exchange Server allows an unaut ...)
+ TODO: check
+CVE-2025-59244 (External control of file name or path in Windows Core Shell allows an ...)
+ TODO: check
+CVE-2025-59243 (Use after free in Microsoft Office Excel allows an unauthorized attack ...)
+ TODO: check
+CVE-2025-59242 (Heap-based buffer overflow in Windows Ancillary Function Driver for Wi ...)
+ TODO: check
+CVE-2025-59241 (Improper link resolution before file access ('link following') in Wind ...)
+ TODO: check
+CVE-2025-59238 (Use after free in Microsoft Office PowerPoint allows an unauthorized a ...)
+ TODO: check
+CVE-2025-59237 (Deserialization of untrusted data in Microsoft Office SharePoint allow ...)
+ TODO: check
+CVE-2025-59236 (Use after free in Microsoft Office Excel allows an unauthorized attack ...)
+ TODO: check
+CVE-2025-59235 (Out-of-bounds read in Microsoft Office Excel allows an unauthorized at ...)
+ TODO: check
+CVE-2025-59234 (Use after free in Microsoft Office allows an unauthorized attacker to ...)
+ TODO: check
+CVE-2025-59233 (Access of resource using incompatible type ('type confusion') in Micro ...)
+ TODO: check
+CVE-2025-59232 (Out-of-bounds read in Microsoft Office Excel allows an unauthorized at ...)
+ TODO: check
+CVE-2025-59231 (Access of resource using incompatible type ('type confusion') in Micro ...)
+ TODO: check
+CVE-2025-59230 (Improper access control in Windows Remote Access Connection Manager al ...)
+ TODO: check
+CVE-2025-59229 (Uncaught exception in Microsoft Office allows an unauthorized attacker ...)
+ TODO: check
+CVE-2025-59228 (Improper input validation in Microsoft Office SharePoint allows an aut ...)
+ TODO: check
+CVE-2025-59227 (Use after free in Microsoft Office allows an unauthorized attacker to ...)
+ TODO: check
+CVE-2025-59226 (Use after free in Microsoft Office Visio allows an unauthorized attack ...)
+ TODO: check
+CVE-2025-59225 (Use after free in Microsoft Office Excel allows an unauthorized attack ...)
+ TODO: check
+CVE-2025-59224 (Use after free in Microsoft Office Excel allows an unauthorized attack ...)
+ TODO: check
+CVE-2025-59223 (Use after free in Microsoft Office Excel allows an unauthorized attack ...)
+ TODO: check
+CVE-2025-59222 (Use after free in Microsoft Office Word allows an unauthorized attacke ...)
+ TODO: check
+CVE-2025-59221 (Use after free in Microsoft Office Word allows an unauthorized attacke ...)
+ TODO: check
+CVE-2025-59214 (Exposure of sensitive information to an unauthorized actor in Windows ...)
+ TODO: check
+CVE-2025-59213 (Improper neutralization of special elements used in an sql command ('s ...)
+ TODO: check
+CVE-2025-59211 (Exposure of sensitive information to an unauthorized actor in Windows ...)
+ TODO: check
+CVE-2025-59210 (Windows Resilient File System (ReFS) Deduplication Service Elevation o ...)
+ TODO: check
+CVE-2025-59209 (Exposure of sensitive information to an unauthorized actor in Windows ...)
+ TODO: check
+CVE-2025-59208 (Out-of-bounds read in Windows MapUrlToZone allows an unauthorized atta ...)
+ TODO: check
+CVE-2025-59207 (Untrusted pointer dereference in Windows Kernel allows an authorized a ...)
+ TODO: check
+CVE-2025-59206 (Windows Resilient File System (ReFS) Deduplication Service Elevation o ...)
+ TODO: check
+CVE-2025-59205 (Concurrent execution using shared resource with improper synchronizati ...)
+ TODO: check
+CVE-2025-59204 (Use of uninitialized resource in Windows Management Services allows an ...)
+ TODO: check
+CVE-2025-59203 (Insertion of sensitive information into log file in Windows StateRepos ...)
+ TODO: check
+CVE-2025-59202 (Use after free in Windows Remote Desktop Services allows an authorized ...)
+ TODO: check
+CVE-2025-59201 (Improper access control in Network Connection Status Indicator (NCSI) ...)
+ TODO: check
+CVE-2025-59200 (Concurrent execution using shared resource with improper synchronizati ...)
+ TODO: check
+CVE-2025-59199 (Improper access control in Software Protection Platform (SPP) allows a ...)
+ TODO: check
+CVE-2025-59198 (Improper input validation in Microsoft Windows Search Component allows ...)
+ TODO: check
+CVE-2025-59197 (Insertion of sensitive information into log file in Windows ETL Channe ...)
+ TODO: check
+CVE-2025-59196 (Concurrent execution using shared resource with improper synchronizati ...)
+ TODO: check
+CVE-2025-59195 (Concurrent execution using shared resource with improper synchronizati ...)
+ TODO: check
+CVE-2025-59194 (Use of uninitialized resource in Windows Kernel allows an authorized a ...)
+ TODO: check
+CVE-2025-59193 (Concurrent execution using shared resource with improper synchronizati ...)
+ TODO: check
+CVE-2025-59192 (Buffer over-read in Storport.sys Driver allows an authorized attacker ...)
+ TODO: check
+CVE-2025-59191 (Heap-based buffer overflow in Connected Devices Platform Service (Cdps ...)
+ TODO: check
+CVE-2025-59190 (Improper input validation in Microsoft Windows Search Component allows ...)
+ TODO: check
+CVE-2025-59189 (Use after free in Microsoft Brokering File System allows an unauthoriz ...)
+ TODO: check
+CVE-2025-59188 (Exposure of sensitive information to an unauthorized actor in Windows ...)
+ TODO: check
+CVE-2025-59187 (Improper input validation in Windows Kernel allows an authorized attac ...)
+ TODO: check
+CVE-2025-59186 (Exposure of sensitive information to an unauthorized actor in Windows ...)
+ TODO: check
+CVE-2025-59185 (External control of file name or path in Windows Core Shell allows an ...)
+ TODO: check
+CVE-2025-59184 (Exposure of sensitive information to an unauthorized actor in Windows ...)
+ TODO: check
+CVE-2025-59051 (The FreePBX Endpoint Manager module includes a Network Scanning featur ...)
+ TODO: check
+CVE-2025-58903 (An Unchecked Return Value vulnerability [CWE-252] in Fortinet FortiOS ...)
+ TODO: check
+CVE-2025-58739 (Exposure of sensitive information to an unauthorized actor in Windows ...)
+ TODO: check
+CVE-2025-58738 (Use after free in Inbox COM Objects allows an unauthorized attacker to ...)
+ TODO: check
+CVE-2025-58737 (Use after free in Windows Remote Desktop allows an unauthorized attack ...)
+ TODO: check
+CVE-2025-58736 (Use after free in Inbox COM Objects allows an unauthorized attacker to ...)
+ TODO: check
+CVE-2025-58735 (Use after free in Inbox COM Objects allows an unauthorized attacker to ...)
+ TODO: check
+CVE-2025-58734 (Use after free in Inbox COM Objects allows an unauthorized attacker to ...)
+ TODO: check
+CVE-2025-58733 (Use after free in Inbox COM Objects allows an unauthorized attacker to ...)
+ TODO: check
+CVE-2025-58732 (Use after free in Inbox COM Objects allows an unauthorized attacker to ...)
+ TODO: check
+CVE-2025-58731 (Use after free in Inbox COM Objects allows an unauthorized attacker to ...)
+ TODO: check
+CVE-2025-58730 (Use after free in Inbox COM Objects allows an unauthorized attacker to ...)
+ TODO: check
+CVE-2025-58729 (Improper validation of specified type of input in Windows Local Sessio ...)
+ TODO: check
+CVE-2025-58728 (Use after free in Windows Bluetooth Service allows an authorized attac ...)
+ TODO: check
+CVE-2025-58727 (Concurrent execution using shared resource with improper synchronizati ...)
+ TODO: check
+CVE-2025-58726 (Improper access control in Windows SMB Server allows an authorized att ...)
+ TODO: check
+CVE-2025-58725 (Heap-based buffer overflow in Windows COM allows an authorized attacke ...)
+ TODO: check
+CVE-2025-58724 (Improper access control in Azure Connected Machine Agent allows an aut ...)
+ TODO: check
+CVE-2025-58722 (Heap-based buffer overflow in Windows DWM allows an authorized attacke ...)
+ TODO: check
+CVE-2025-58720 (Use of a cryptographic primitive with a risky implementation in Window ...)
+ TODO: check
+CVE-2025-58719 (Use after free in Connected Devices Platform Service (Cdpsvc) allows a ...)
+ TODO: check
+CVE-2025-58718 (Use after free in Remote Desktop Client allows an unauthorized attacke ...)
+ TODO: check
+CVE-2025-58717 (Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) ...)
+ TODO: check
+CVE-2025-58716 (Improper input validation in Microsoft Windows Speech allows an author ...)
+ TODO: check
+CVE-2025-58715 (Integer overflow or wraparound in Microsoft Windows Speech allows an a ...)
+ TODO: check
+CVE-2025-58714 (Improper access control in Windows Ancillary Function Driver for WinSo ...)
+ TODO: check
+CVE-2025-58325 (An Incorrect Provision of Specified Functionality vulnerability [CWE-6 ...)
+ TODO: check
+CVE-2025-58324 (An improper neutralization of input during web page generation vulnera ...)
+ TODO: check
+CVE-2025-57741 (An Incorrect Permission Assignment for Critical Resource vulnerability ...)
+ TODO: check
+CVE-2025-57740 (An Heap-based Buffer Overflow vulnerability [CWE-122] in FortiOS versi ...)
+ TODO: check
+CVE-2025-57716 (An Uncontrolled Search Path Element vulnerability [CWE-427] in FortiCl ...)
+ TODO: check
+CVE-2025-57618 (A path traversal vulnerability in FastX3 thru 3.3.67 allows an unauthe ...)
+ TODO: check
+CVE-2025-57563 (A path traversal in StarNet Communications Corporation FastX v.4 throu ...)
+ TODO: check
+CVE-2025-56747 (Creativeitem Academy LMS up to and including 5.13 contains a privilege ...)
+ TODO: check
+CVE-2025-55701 (Improper validation of specified type of input in Microsoft Windows al ...)
+ TODO: check
+CVE-2025-55700 (Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) ...)
+ TODO: check
+CVE-2025-55699 (Exposure of sensitive information to an unauthorized actor in Windows ...)
+ TODO: check
+CVE-2025-55698 (Null pointer dereference in Windows DirectX allows an authorized attac ...)
+ TODO: check
+CVE-2025-55697 (Heap-based buffer overflow in Azure Local allows an authorized attacke ...)
+ TODO: check
+CVE-2025-55696 (Time-of-check time-of-use (toctou) race condition in NtQueryInformatio ...)
+ TODO: check
+CVE-2025-55695 (Out-of-bounds read in Windows WLAN Auto Config Service allows an autho ...)
+ TODO: check
+CVE-2025-55694 (Improper access control in Windows Error Reporting allows an authorize ...)
+ TODO: check
+CVE-2025-55693 (Use after free in Windows Kernel allows an unauthorized attacker to el ...)
+ TODO: check
+CVE-2025-55692 (Improper input validation in Windows Error Reporting allows an authori ...)
+ TODO: check
+CVE-2025-55691 (Use after free in Windows PrintWorkflowUserSvc allows an authorized at ...)
+ TODO: check
+CVE-2025-55690 (Use after free in Windows PrintWorkflowUserSvc allows an authorized at ...)
+ TODO: check
+CVE-2025-55689 (Use after free in Windows PrintWorkflowUserSvc allows an authorized at ...)
+ TODO: check
+CVE-2025-55688 (Use after free in Windows PrintWorkflowUserSvc allows an authorized at ...)
+ TODO: check
+CVE-2025-55687 (Concurrent execution using shared resource with improper synchronizati ...)
+ TODO: check
+CVE-2025-55686 (Use after free in Windows PrintWorkflowUserSvc allows an authorized at ...)
+ TODO: check
+CVE-2025-55685 (Use after free in Windows PrintWorkflowUserSvc allows an authorized at ...)
+ TODO: check
+CVE-2025-55684 (Use after free in Windows PrintWorkflowUserSvc allows an authorized at ...)
+ TODO: check
+CVE-2025-55683 (Exposure of sensitive information to an unauthorized actor in Windows ...)
+ TODO: check
+CVE-2025-55682 (Improper enforcement of behavioral workflow in Windows BitLocker allow ...)
+ TODO: check
+CVE-2025-55681 (Out-of-bounds read in Windows DWM allows an authorized attacker to ele ...)
+ TODO: check
+CVE-2025-55680 (Time-of-check time-of-use (toctou) race condition in Windows Cloud Fil ...)
+ TODO: check
+CVE-2025-55679 (Improper input validation in Windows Kernel allows an unauthorized att ...)
+ TODO: check
+CVE-2025-55678 (Use after free in Windows DirectX allows an authorized attacker to ele ...)
+ TODO: check
+CVE-2025-55677 (Untrusted pointer dereference in Windows Device Association Broker ser ...)
+ TODO: check
+CVE-2025-55676 (Generation of error message containing sensitive information in Window ...)
+ TODO: check
+CVE-2025-55340 (Improper authentication in Windows Remote Desktop Protocol allows an a ...)
+ TODO: check
+CVE-2025-55339 (Out-of-bounds read in Windows NDIS allows an authorized attacker to el ...)
+ TODO: check
+CVE-2025-55338 (Missing Ability to Patch ROM Code in Windows BitLocker allows an unaut ...)
+ TODO: check
+CVE-2025-55337 (Improper enforcement of behavioral workflow in Windows BitLocker allow ...)
+ TODO: check
+CVE-2025-55336 (Exposure of sensitive information to an unauthorized actor in Windows ...)
+ TODO: check
+CVE-2025-55335 (Use after free in Windows NTFS allows an unauthorized attacker to elev ...)
+ TODO: check
+CVE-2025-55334 (Cleartext storage of sensitive information in Windows Kernel allows an ...)
+ TODO: check
+CVE-2025-55333 (Incomplete comparison with missing factors in Windows BitLocker allows ...)
+ TODO: check
+CVE-2025-55332 (Improper enforcement of behavioral workflow in Windows BitLocker allow ...)
+ TODO: check
+CVE-2025-55331 (Use after free in Windows PrintWorkflowUserSvc allows an authorized at ...)
+ TODO: check
+CVE-2025-55330 (Improper enforcement of behavioral workflow in Windows BitLocker allow ...)
+ TODO: check
+CVE-2025-55328 (Concurrent execution using shared resource with improper synchronizati ...)
+ TODO: check
+CVE-2025-55326 (Use after free in Connected Devices Platform Service (Cdpsvc) allows a ...)
+ TODO: check
+CVE-2025-55325 (Buffer over-read in Windows Storage Management Provider allows an auth ...)
+ TODO: check
+CVE-2025-55320 (Improper neutralization of special elements used in an sql command ('s ...)
+ TODO: check
+CVE-2025-55315 (Inconsistent interpretation of http requests ('http request/response s ...)
+ TODO: check
+CVE-2025-55248 (Inadequate encryption strength in .NET, .NET Framework, Visual Studio ...)
+ TODO: check
+CVE-2025-55247 (Improper link resolution before file access ('link following') in .NET ...)
+ TODO: check
+CVE-2025-55240 (Improper access control in Visual Studio allows an authorized attacker ...)
+ TODO: check
+CVE-2025-54973 (A concurrent execution using shared resource with improper synchroniza ...)
+ TODO: check
+CVE-2025-54893 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2025-54892 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2025-54891 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2025-54889 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2025-54822 (An improper authorization vulnerability [CWE-285] in Fortinet FortiOS ...)
+ TODO: check
+CVE-2025-54603 (An incorrect OIDC authentication flow in Claroty Secure Access 3.3.0 t ...)
+ TODO: check
+CVE-2025-54284 (Illustrator versions 29.7, 28.7.9 and earlier are affected by an out-o ...)
+ TODO: check
+CVE-2025-54283 (Illustrator versions 29.7, 28.7.9 and earlier are affected by an out-o ...)
+ TODO: check
+CVE-2025-54282 (Adobe Framemaker versions 2020.9, 2022.7 and earlier are affected by a ...)
+ TODO: check
+CVE-2025-54281 (Adobe Framemaker versions 2020.9, 2022.7 and earlier are affected by a ...)
+ TODO: check
+CVE-2025-54280 (Substance3D - Viewer versions 0.25.2 and earlier are affected by an ou ...)
+ TODO: check
+CVE-2025-54276 (Substance3D - Modeler versions 1.22.3 and earlier are affected by an o ...)
+ TODO: check
+CVE-2025-54275 (Substance3D - Viewer versions 0.25.2 and earlier are affected by an ou ...)
+ TODO: check
+CVE-2025-54274 (Substance3D - Viewer versions 0.25.2 and earlier are affected by a Sta ...)
+ TODO: check
+CVE-2025-54273 (Substance3D - Viewer versions 0.25.2 and earlier are affected by an ou ...)
+ TODO: check
+CVE-2025-53845 (An improper authentication vulnerability [CWE-287] in Fortinet FortiAn ...)
+ TODO: check
+CVE-2025-53782 (Incorrect implementation of authentication algorithm in Microsoft Exch ...)
+ TODO: check
+CVE-2025-53768 (Use after free in Xbox allows an authorized attacker to elevate privil ...)
+ TODO: check
+CVE-2025-53717 (Reliance on untrusted inputs in a security decision in Windows Virtual ...)
+ TODO: check
+CVE-2025-53150 (Use after free in Windows Digital Media allows an authorized attacker ...)
+ TODO: check
+CVE-2025-53139 (Cleartext transmission of sensitive information in Windows Hello allow ...)
+ TODO: check
+CVE-2025-50175 (Use after free in Windows Digital Media allows an authorized attacker ...)
+ TODO: check
+CVE-2025-50174 (Use after free in Windows Device Association Broker service allows an ...)
+ TODO: check
+CVE-2025-50152 (Out-of-bounds read in Windows Kernel allows an authorized attacker to ...)
+ TODO: check
+CVE-2025-49708 (Use after free in Microsoft Graphics Component allows an authorized at ...)
+ TODO: check
+CVE-2025-49201 (A weak authentication in Fortinet FortiPAM 1.5.0, 1.4.0 through 1.4.2, ...)
+ TODO: check
+CVE-2025-48813 (Use of a key past its expiration date in Virtual Secure Mode allows an ...)
+ TODO: check
+CVE-2025-48004 (Use after free in Microsoft Brokering File System allows an unauthoriz ...)
+ TODO: check
+CVE-2025-47989 (Improper access control in Azure Connected Machine Agent allows an aut ...)
+ TODO: check
+CVE-2025-47979 (Insertion of sensitive information into log file in Windows Failover C ...)
+ TODO: check
+CVE-2025-47890 (An URL Redirection to Untrusted Site vulnerabilities [CWE-601] in Fort ...)
+ TODO: check
+CVE-2025-47856 (Two improper neutralization of special elements used in an OS command ...)
+ TODO: check
+CVE-2025-46774 (An Improper Verification of Cryptographic Signature vulnerability [CWE ...)
+ TODO: check
+CVE-2025-46581 (ZTE's ZXCDN product is affected by a Struts remote code execution (RC ...)
+ TODO: check
+CVE-2025-41718 (A cleartext transmission of sensitive information vulnerability in the ...)
+ TODO: check
+CVE-2025-41707 (The websocket handler is vulnerable to a denial of service condition. ...)
+ TODO: check
+CVE-2025-41706 (The webserver is vulnerable to a denial of service condition. An unaut ...)
+ TODO: check
+CVE-2025-41705 (An unauthenticated remote attacker (MITM) can intercept the websocket ...)
+ TODO: check
+CVE-2025-41704 (An unauthanticated remote attacker can perform a DoS of the Modbus ser ...)
+ TODO: check
+CVE-2025-41703 (An unauthenticated remote attacker can cause a Denial of Service by tu ...)
+ TODO: check
+CVE-2025-41699 (An low privileged remote attacker with an account for the Web-based ma ...)
+ TODO: check
+CVE-2025-40812 (A vulnerability has been identified in Solid Edge SE2024 (All versions ...)
+ TODO: check
+CVE-2025-40811 (A vulnerability has been identified in Solid Edge SE2024 (All versions ...)
+ TODO: check
+CVE-2025-40810 (A vulnerability has been identified in Solid Edge SE2024 (All versions ...)
+ TODO: check
+CVE-2025-40809 (A vulnerability has been identified in Solid Edge SE2024 (All versions ...)
+ TODO: check
+CVE-2025-40774 (A vulnerability has been identified in SiPass integrated (All versions ...)
+ TODO: check
+CVE-2025-40773 (A vulnerability has been identified in SiPass integrated (All versions ...)
+ TODO: check
+CVE-2025-40772 (A vulnerability has been identified in SiPass integrated (All versions ...)
+ TODO: check
+CVE-2025-40771 (A vulnerability has been identified in SIMATIC CP 1542SP-1 (6GK7542-6U ...)
+ TODO: check
+CVE-2025-40765 (A vulnerability has been identified in TeleControl Server Basic V3.1 ( ...)
+ TODO: check
+CVE-2025-40755 (A vulnerability has been identified in SINEC NMS (All versions < V4.0 ...)
+ TODO: check
+CVE-2025-37149 (A potential out-of-bound reads vulnerability in HPE ProLiant RL300 G ...)
+ TODO: check
+CVE-2025-37148 (A vulnerability in the parsing of ethernet frames in AOS-8 Instant and ...)
+ TODO: check
+CVE-2025-37147 (A Secure Boot Bypass Vulnerability exists in affected Access Points th ...)
+ TODO: check
+CVE-2025-37146 (A vulnerability in the web-based management interface of network acces ...)
+ TODO: check
+CVE-2025-37145 (Arbitrary file download vulnerabilities exist in a low-level interface ...)
+ TODO: check
+CVE-2025-37144 (Arbitrary file download vulnerabilities exist in a low-level interface ...)
+ TODO: check
+CVE-2025-37143 (An arbitrary file download vulnerability exists in the web-based manag ...)
+ TODO: check
+CVE-2025-37142 (Arbitrary file download vulnerabilities exist in the CLI binary of AOS ...)
+ TODO: check
+CVE-2025-37141 (Arbitrary file download vulnerabilities exist in the CLI binary of AOS ...)
+ TODO: check
+CVE-2025-37140 (Arbitrary file download vulnerabilities exist in the CLI binary of AOS ...)
+ TODO: check
+CVE-2025-37139 (A vulnerability in an AOS firmware binary allows an authenticated mali ...)
+ TODO: check
+CVE-2025-37138 (An authenticated command injection vulnerability exists in the command ...)
+ TODO: check
+CVE-2025-37137 (Arbitrary file deletion vulnerabilities have been identified in the co ...)
+ TODO: check
+CVE-2025-37136 (Arbitrary file deletion vulnerabilities have been identified in the co ...)
+ TODO: check
+CVE-2025-37135 (Arbitrary file deletion vulnerabilities have been identified in the co ...)
+ TODO: check
+CVE-2025-37134 (An authenticated command injection vulnerability exists in the CLI bin ...)
+ TODO: check
+CVE-2025-37133 (An authenticated command injection vulnerability exists in the CLI bin ...)
+ TODO: check
+CVE-2025-37132 (An arbitrary file write vulnerability exists in the web-based manageme ...)
+ TODO: check
+CVE-2025-36730 (A prompt injection vulnerability exists in Windsurft version 1.10.7 in ...)
+ TODO: check
+CVE-2025-34267 (Flowise v3.0.1 < 3.0.8 and all versions after with 'ALLOW_BUILTIN_DEP' ...)
+ TODO: check
+CVE-2025-33182 (NVIDIA Jetson Linux contains a vulnerability in UEFI, where improper a ...)
+ TODO: check
+CVE-2025-33177 (NVIDIA Jetson Linux and IGX OS contain a vulnerability in NvMap, where ...)
+ TODO: check
+CVE-2025-33044 (APTIOV contains a vulnerability in BIOS where an attacker may cause an ...)
+ TODO: check
+CVE-2025-31514 (An Insertion of Sensitive Information into Log File vulnerability [CWE ...)
+ TODO: check
+CVE-2025-31366 (An Improper Neutralization of Input During Web Page Generation vulnera ...)
+ TODO: check
+CVE-2025-31365 (An Improper Control of Generation of Code ('Code Injection') vulnerabi ...)
+ TODO: check
+CVE-2025-27906 (IBM Content Navigator 3.0.11, 3.0.15, 3.1.0, and 3.2.0 could expose th ...)
+ TODO: check
+CVE-2025-25255 (An Improperly Implemented Security Check for Standard vulnerability [C ...)
+ TODO: check
+CVE-2025-25253 (An Improper Validation of Certificate with Host Mismatch vulnerability ...)
+ TODO: check
+CVE-2025-25252 (An Insufficient Session Expiration vulnerability [CWE-613] in FortiOS ...)
+ TODO: check
+CVE-2025-25004 (Improper access control in Microsoft PowerShell allows an authorized a ...)
+ TODO: check
+CVE-2025-24990 (Microsoft is aware of vulnerabilities in the third party Agere Modem d ...)
+ TODO: check
+CVE-2025-24052 (Microsoft is aware of vulnerabilities in the third party Agere Modem d ...)
+ TODO: check
+CVE-2025-23356 (NVIDIA Isaac Lab contains a vulnerability in SB3 configuration parsing ...)
+ TODO: check
+CVE-2025-22833 (APTIOV contains a vulnerability in BIOS where an attacker may cause a ...)
+ TODO: check
+CVE-2025-22832 (APTIOV contains a vulnerability in BIOS where an attacker may cause an ...)
+ TODO: check
+CVE-2025-22831 (APTIOV contains a vulnerability in BIOS where an attacker may cause an ...)
+ TODO: check
+CVE-2025-22258 (A heap-based buffer overflow in Fortinet FortiSRA 1.5.0, 1.4.0 through ...)
+ TODO: check
+CVE-2025-20724 (In wlan AP driver, there is a possible out of bounds read due to an in ...)
+ TODO: check
+CVE-2025-20723 (In gnss driver, there is a possible out of bounds write due to an inco ...)
+ TODO: check
+CVE-2025-20722 (In gnss driver, there is a possible out of bounds read due to an integ ...)
+ TODO: check
+CVE-2025-20721 (In imgsensor, there is a possible out of bounds write due to a missing ...)
+ TODO: check
+CVE-2025-20720 (In wlan AP driver, there is a possible out of bounds write due to an i ...)
+ TODO: check
+CVE-2025-20719 (In wlan AP driver, there is a possible out of bounds write due to an i ...)
+ TODO: check
+CVE-2025-20718 (In wlan AP driver, there is a possible out of bounds write due to an i ...)
+ TODO: check
+CVE-2025-20717 (In wlan AP driver, there is a possible out of bounds write due to an i ...)
+ TODO: check
+CVE-2025-20716 (In wlan AP driver, there is a possible out of bounds write due to an i ...)
+ TODO: check
+CVE-2025-20715 (In wlan AP driver, there is a possible out of bounds write due to an i ...)
+ TODO: check
+CVE-2025-20714 (In wlan AP driver, there is a possible out of bounds write due to an i ...)
+ TODO: check
+CVE-2025-20713 (In wlan AP driver, there is a possible out of bounds write due to an i ...)
+ TODO: check
+CVE-2025-20712 (In wlan AP driver, there is a possible out of bounds write due to an i ...)
+ TODO: check
+CVE-2025-20711 (In wlan AP driver, there is a possible out of bounds write due to an i ...)
+ TODO: check
+CVE-2025-20710 (In wlan AP driver, there is a possible out of bounds write due to an i ...)
+ TODO: check
+CVE-2025-20709 (In wlan AP driver, there is a possible out of bounds write due to an i ...)
+ TODO: check
+CVE-2025-11736 (A flaw has been found in itsourcecode Online Examination System 1.0. A ...)
+ TODO: check
+CVE-2025-11577 (Clevo\u2019s UEFI firmware update packages, including B10717.exe, inad ...)
+ TODO: check
+CVE-2025-11548 (A remote, unauthenticated privilege escalation in ibi WebFOCUS allows ...)
+ TODO: check
+CVE-2025-11498 (An Improper Neutralization of Formula Elements in a CSV File vulnerabi ...)
+ TODO: check
+CVE-2025-10986 (Path traversal in the admin panel of Ivanti EPMM before version 12.6.0 ...)
+ TODO: check
+CVE-2025-10985 (OS command injection in the admin panel of Ivanti EPMM before version ...)
+ TODO: check
+CVE-2025-10610 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-10243 (OS command injection in the admin panel of Ivanti EPMM before version ...)
+ TODO: check
+CVE-2025-10242 (OS command injection in the admin panel of Ivanti EPMM before version ...)
+ TODO: check
+CVE-2025-10228 (Session Fixation vulnerability in Rolantis Information Technologies Ag ...)
+ TODO: check
+CVE-2025-0033 (Improper access control within AMD SEV-SNP could allow an admin privil ...)
+ TODO: check
+CVE-2024-50571 (A heap-based buffer overflow in Fortinet FortiOS 7.6.0 through 7.6.1, ...)
+ TODO: check
+CVE-2024-48891 (An Improper Neutralization of Special Elements used in an OS Command ( ...)
+ TODO: check
+CVE-2024-47569 (A insertion of sensitive information into sent data in Fortinet FortiM ...)
+ TODO: check
+CVE-2024-44088 (Malicious script injection ('Cross-site Scripting') vulnerability in A ...)
+ TODO: check
+CVE-2024-33507 (An insufficient session expiration vulnerability [CWE-613] and an inco ...)
+ TODO: check
+CVE-2024-26008 (An improper check or handling of exceptional conditions vulnerability ...)
+ TODO: check
+CVE-2023-46718 (A stack-based buffer overflow in Fortinet FortiOS version 7.4.0 throug ...)
+ TODO: check
+CVE-2011-20002 (A vulnerability has been identified in SIMATIC S7-1200 CPU V1 family ( ...)
+ TODO: check
+CVE-2011-20001 (A vulnerability has been identified in SIMATIC S7-1200 CPU V1 family ( ...)
+ TODO: check
CVE-2025-11687
- gi-docgen <unfixed>
NOTE: https://gitlab.gnome.org/GNOME/gi-docgen/-/issues/228
NOTE: https://gitlab.gnome.org/GNOME/gi-docgen/-/merge_requests/254
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gi-docgen/-/commit/c53d2640bfa5823bbdf33683d95c160267c0ec68 (2025.5)
-CVE-2025-11721
+CVE-2025-11721 (Memory safety bug present in Firefox 143 and Thunderbird 143. This bug ...)
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-81/#CVE-2025-11721
-CVE-2025-11715
+CVE-2025-11715 (Memory safety bugs present in Firefox ESR 140.3, Thunderbird ESR 140.3 ...)
- firefox <unfixed>
- firefox-esr <unfixed>
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-81/#CVE-2025-11715
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-83/#CVE-2025-11715
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-85/#CVE-2025-11715
-CVE-2025-11714
+CVE-2025-11714 (Memory safety bugs present in Firefox ESR 115.28, Firefox ESR 140.3, T ...)
- firefox <unfixed>
- firefox-esr <unfixed>
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-81/#CVE-2025-11714
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-83/#CVE-2025-11714
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-85/#CVE-2025-11714
-CVE-2025-11720
+CVE-2025-11720 (The Firefox and Firefox Focus UI for the Android custom tab feature on ...)
- firefox <not-affected> (Only affects Firefox on Android)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-81/#CVE-2025-11720
-CVE-2025-11719
+CVE-2025-11719 (Starting in Firefox 143, the use of the native messaging API by web ex ...)
- firefox <not-affected> (Only affects Firefox on Windows)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-81/#CVE-2025-11719
-CVE-2025-11713
+CVE-2025-11713 (Insufficient escaping in the \u201cCopy as cURL\u201d feature could ha ...)
- firefox <not-affected> (Only affects Firefox on Windows)
- firefox-esr <not-affected> (Only affects Firefox ESR on Windows)
- thunderbird <not-affected> (Only affects Thunderbird on Windows)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-81/#CVE-2025-11713
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-83/#CVE-2025-11713
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-85/#CVE-2025-11713
-CVE-2025-11718
+CVE-2025-11718 (When the address bar was hidden due to scrolling on Android, a malicio ...)
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-81/#CVE-2025-11718
-CVE-2025-11712
+CVE-2025-11712 (A malicious page could have used the type attribute of an OBJECT tag t ...)
- firefox <unfixed>
- firefox-esr <unfixed>
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-81/#CVE-2025-11712
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-83/#CVE-2025-11712
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-85/#CVE-2025-11712
-CVE-2025-11717
+CVE-2025-11717 (When switching between Android apps using the card carousel Firefox sh ...)
- firefox <not-affected> (Only affects Firefox on Android)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-81/#CVE-2025-11717
-CVE-2025-11716
+CVE-2025-11716 (Links in a sandboxed iframe could open an external app on Android with ...)
- firefox <not-affected> (Only affects Firefox on Android)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-81/#CVE-2025-11716
-CVE-2025-11711
+CVE-2025-11711 (There was a way to change the value of JavaScript Object properties th ...)
- firefox <unfixed>
- firefox-esr <unfixed>
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-81/#CVE-2025-11711
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-83/#CVE-2025-11711
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-85/#CVE-2025-11711
-CVE-2025-11710
+CVE-2025-11710 (A compromised web process using malicious IPC messages could have caus ...)
- firefox <unfixed>
- firefox-esr <unfixed>
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-81/#CVE-2025-11710
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-83/#CVE-2025-11710
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-85/#CVE-2025-11710
-CVE-2025-11709
+CVE-2025-11709 (A compromised web process was able to trigger out of bounds reads and ...)
- firefox <unfixed>
- firefox-esr <unfixed>
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-81/#CVE-2025-11709
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-83/#CVE-2025-11709
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-85/#CVE-2025-11709
-CVE-2025-11708
+CVE-2025-11708 (Use-after-free in MediaTrackGraphImpl::GetInstance() This vulnerabilit ...)
- firefox <unfixed>
- firefox-esr <unfixed>
- thunderbird <unfixed>
@@ -72542,7 +73196,7 @@ CVE-2024-13892 (Smartwares camerasCIP-37210AT andC724IP, as well as others which
NOT-FOR-US: Smartwares
CVE-2024-12742 (A deserialization of untrusted data vulnerability exists in NI G Web D ...)
NOT-FOR-US: NI
-CVE-2024-12146 (Improper Validation of Syntactic Correctness of Input vulnerability in ...)
+CVE-2024-12146 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: Finder Fire Safety Finder ERP/CRM (New System)
CVE-2024-12144 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: Finder Fire Safety Finder ERP/CRM (Old System)
@@ -81091,7 +81745,7 @@ CVE-2024-13791 (Bit Assist plugin for WordPress is vulnerable to Path Traversal
NOT-FOR-US: WordPress plugin
CVE-2024-13735 (The HurryTimer \u2013 An Scarcity and Urgency Countdown Timer for Word ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-13152 (Authorization Bypass Through User-Controlled SQL Primary Key vulnerabi ...)
+CVE-2024-13152 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: BSS Software Mobuy Online Machinery Monitoring Panel
CVE-2024-12651 (Exposed Dangerous Method or Function vulnerability in PTT Inc. HGS Mob ...)
NOT-FOR-US: PTT Inc. HGS Mobile App
@@ -102051,7 +102705,7 @@ CVE-2024-8962 (The WPBITS Addons For Elementor Page Builder plugin for WordPress
NOT-FOR-US: WordPress plugin
CVE-2024-8894 (Out-of-bounds Writevulnerability was discovered in Open Design Allianc ...)
NOT-FOR-US: Open Design Alliance Drawings SDK
-CVE-2024-7488 (Improper Input Validation vulnerability in RestApp Inc. Online Orderin ...)
+CVE-2024-7488 (Integer Overflow or Wraparound, Improper Validation of Specified Quant ...)
NOT-FOR-US: RestApp Inc. Online Ordering System
CVE-2024-5020 (Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scr ...)
NOT-FOR-US: WordPress plugin
@@ -105531,7 +106185,7 @@ CVE-2024-11409 (The Grid View Gallery plugin for WordPress is vulnerable to PHP
NOT-FOR-US: WordPress plugin
CVE-2024-11406 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
NOT-FOR-US: Django CMS
-CVE-2024-11404 (Unrestricted Upload of File with Dangerous Type, Improper Input Valida ...)
+CVE-2024-11404 (Unrestricted Upload of File with Dangerous Type, Improper Neutralizati ...)
NOT-FOR-US: Django CMS
CVE-2024-11400 (The HUSKY \u2013 Products Filter Professional for WooCommerce plugin f ...)
NOT-FOR-US: WordPress plugin
@@ -108468,7 +109122,7 @@ CVE-2024-8534 (Memory safety vulnerability leading to memory corruption and Deni
NOT-FOR-US: Citrix
CVE-2024-8495 (A null pointer dereference in Ivanti Connect Secure before version 22. ...)
NOT-FOR-US: Ivanti
-CVE-2024-8074 (Improper Privilege Management vulnerability in Nomysoft Informatics No ...)
+CVE-2024-8074 (Missing Authentication for Critical Function, Missing Authorization vu ...)
NOT-FOR-US: Nomysoft Informatics Nomysem
CVE-2024-8069 (Limited remote code execution with privilege of a NetworkService Accou ...)
NOT-FOR-US: Citrix
@@ -111668,7 +112322,7 @@ CVE-2024-10523 (This vulnerability exists in TP-Link IoT Smart Hub due to storag
NOT-FOR-US: TP-Link
CVE-2024-10389 (There exists a Path Traversal vulnerability in Safearchive on Platform ...)
NOT-FOR-US: Safearchive
-CVE-2024-10035 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
+CVE-2024-10035 (Improper Control of Generation of Code ('Code Injection'), Improper Ne ...)
NOT-FOR-US: BG-TEK Informatics Security Technologies CoslatV3
CVE-2024-23590 (Session Fixation vulnerability in Apache Kylin. This issue affects Ap ...)
NOT-FOR-US: Apache Kylin (different from Kylin desktop environment)
@@ -119056,7 +119710,7 @@ CVE-2024-6530 (A cross-site scripting issue has been discovered in GitLab affect
- gitlab 17.3.5-2
CVE-2024-6157 (An attacker who successfully exploited these vulnerabilities could cau ...)
NOT-FOR-US: ABB
-CVE-2024-4658 (SQL Injection: Hibernate vulnerability in TE Informatics Nova CMS allo ...)
+CVE-2024-4658 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: Nova CMS
CVE-2024-48902 (In JetBrains YouTrack before 2024.3.46677 improper access control allo ...)
NOT-FOR-US: JetBrains YouTrack
@@ -120646,7 +121300,7 @@ CVE-2024-8148 (There is an unvalidated redirect vulnerability in Esri Portal for
NOT-FOR-US: Esri Portal for ArcGIS
CVE-2024-7801 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: Microchip
-CVE-2024-6400 (Cleartext Storage of Sensitive Information vulnerability in Finrota Ne ...)
+CVE-2024-6400 (Cleartext Storage of Sensitive Information, Exposure of Sensitive Info ...)
NOT-FOR-US: Finrota Netahsilat
CVE-2024-47790 (** UNSUPPORTED WHEN ASSIGNED ** This vulnerability exists in D3D Secur ...)
NOT-FOR-US: D3D Security IP Camera
@@ -123276,7 +123930,7 @@ CVE-2024-6877 (Improper Neutralization of Input During Web Page Generation (XSS
NOT-FOR-US: Eliz Software Panel
CVE-2024-6641 (The WP Hardening \u2013 Fix Your WordPress Security plugin for WordPre ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-6406 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+CVE-2024-6406 (Missing Authentication for Critical Function, Missing Authorization vu ...)
NOT-FOR-US: Yordam Information Technology Mobile Library Application
CVE-2024-5960 (Plaintext Storage of a Password vulnerability in Eliz Software Panel a ...)
NOT-FOR-US: Eliz Software Panel
@@ -125179,7 +125833,7 @@ CVE-2024-40457 (No-IP Dynamic Update Client (DUC) v3.x uses cleartext credential
NOT-FOR-US: No-IP Dynamic Update Client (DUC)
CVE-2024-3306 (Authorization Bypass Through User-Controlled Key vulnerability in Utar ...)
NOT-FOR-US: Utarit Information SoliClub
-CVE-2024-3305 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+CVE-2024-3305 (Authorization Bypass Through User-Controlled Key, Missing Authorizatio ...)
NOT-FOR-US: Utarit Information SoliClub
CVE-2024-3163 (The Easy Property Listings WordPress plugin before 3.5.4 does not have ...)
NOT-FOR-US: WordPress plugin
@@ -125892,7 +126546,7 @@ CVE-2024-35282 (A cleartext storage of sensitive information in memory vulnerabi
NOT-FOR-US: Fortinet
CVE-2024-34831 (cross-site scripting (XSS) vulnerability in Gibbon Core v26.0.00 allow ...)
NOT-FOR-US: Gibbon Core
-CVE-2024-33698 (A vulnerability has been identified in Opcenter Execution Foundation ( ...)
+CVE-2024-33698 (A vulnerability has been identified in Opcenter Quality (All versions ...)
NOT-FOR-US: Siemens
CVE-2024-33508 (An improper neutralization of special elements used in a command('Comm ...)
NOT-FOR-US: Fortinet
@@ -126062,7 +126716,7 @@ CVE-2024-7318 (A vulnerability was found in Keycloak. Expired OTP codes are stil
- keycloak <itp> (bug #1088287)
CVE-2024-7260 (An open redirect vulnerability was found in Keycloak. A specially craf ...)
- keycloak <itp> (bug #1088287)
-CVE-2024-7015 (Improper Authentication, Missing Authentication for Critical Function, ...)
+CVE-2024-7015 (Missing Authentication for Critical Function vulnerability in Profelis ...)
NOT-FOR-US: Profelis Informatics and Consulting PassBox
CVE-2024-6796 (In Baxter Connex health portal released before 8/30/2024, an improper ...)
NOT-FOR-US: Baxter Connex health portal
@@ -126410,7 +127064,7 @@ CVE-2024-21898 (An OS command injection vulnerability has been reported to affec
NOT-FOR-US: QNAP
CVE-2024-21897 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
NOT-FOR-US: QNAP
-CVE-2024-1744 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+CVE-2024-1744 (Authorization Bypass Through User-Controlled Key, Missing Authorizatio ...)
NOT-FOR-US: Ariva Computer Accord ORS
CVE-2023-51368 (A NULL pointer dereference vulnerability has been reported to affect s ...)
NOT-FOR-US: QNAP
@@ -127300,7 +127954,7 @@ CVE-2024-6473 (Yandex Browser for Desktop before 24.7.1.380 has a DLL Hijacking
NOT-FOR-US: Yandex Browser for Desktop
CVE-2024-4629 (A vulnerability was found in Keycloak. This flaw allows attackers to b ...)
- keycloak <itp> (bug #1088287)
-CVE-2024-4259 (Improper Privilege Management vulnerability in SAMPA\u015e Holding AKO ...)
+CVE-2024-4259 (Missing Authorization vulnerability in SAMPA\u015e Holding AKOS (AkosC ...)
NOT-FOR-US: SAMPAS Holding AKOS
CVE-2024-45678 (Yubico YubiKey 5 Series devices with firmware before 5.7.0 and YubiHSM ...)
NOT-FOR-US: YubiKeys
@@ -128152,7 +128806,7 @@ CVE-2024-5857 (The Interactive Contact Form and Multi Step Form Builder with Dra
NOT-FOR-US: WordPress plugin
CVE-2024-5417 (The Gutentor WordPress plugin before 3.3.6 does not validate and esca ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-4428 (Improper Privilege Management vulnerability in Menulux Information Tec ...)
+CVE-2024-4428 (Missing Authentication for Critical Function, Missing Authorization vu ...)
NOT-FOR-US: Menulux Information Technologies Managment Portal
CVE-2024-45440 (core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure (eve ...)
- drupal7 <removed>
@@ -141785,7 +142439,7 @@ CVE-2024-6163 (Certain http endpoints of Checkmk in Checkmk < 2.3.0p10 < 2.2.0p3
- check-mk <removed>
CVE-2024-4882 (The user may be redirected to an arbitrary site in Sitefinity 15.1.832 ...)
NOT-FOR-US: Sitefinity
-CVE-2024-4341 (Improper Privilege Management vulnerability in Ekstrem Bir Bilgisayar ...)
+CVE-2024-4341 (Authorization Bypass Through User-Controlled Key, Missing Authorizatio ...)
NOT-FOR-US: Ekstrem Bir Bilgisayar Danismanlik Ic Ve Dis Ticaret Ltd. Sti. Extreme XDS
CVE-2024-39896 (Directus is a real-time API and App dashboard for managing SQL databas ...)
NOT-FOR-US: Directus
@@ -143595,11 +144249,11 @@ CVE-2024-24792 (Parsing a corrupt or malicious image with invalid color indices
NOTE: https://github.com/golang/go/issues/67624
NOTE: https://go-review.googlesource.com/c/image/+/588115
NOTE: Fixed by: https://github.com/golang/image/commit/3bbf4a659e56fde394e7214ddd17673223aca672 (v0.18.0)
-CVE-2024-1153 (Improper Access Control vulnerability in Talya Informatics Travel APPS ...)
+CVE-2024-1153 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: Talya Informatics Travel APPS
CVE-2024-1107 (Authorization Bypass Through User-Controlled Key vulnerability in Taly ...)
NOT-FOR-US: Talya Informatics Travel APPS
-CVE-2024-0949 (Improper Access Control, Missing Authorization, Incorrect Authorizatio ...)
+CVE-2024-0949 (Missing Authentication, Files or Directories Accessible to External Pa ...)
NOT-FOR-US: Elektraweb
CVE-2024-0947 (Reliance on Cookies without Validation and Integrity Checking vulnerab ...)
NOT-FOR-US: Talya Informatics Elektraweb
@@ -150166,7 +150820,7 @@ CVE-2024-20405 (A vulnerability in the web-based management interface of Cisco F
NOT-FOR-US: Cisco
CVE-2024-20404 (A vulnerability in the web-based management interface of Cisco Finesse ...)
NOT-FOR-US: Cisco
-CVE-2024-1662 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+CVE-2024-1662 (Missing Authentication for Critical Function, Missing Authorization vu ...)
NOT-FOR-US: PORTY Smart Tech Technology Joint Stock Company PowerBank Application
CVE-2024-1272 (Inclusion of Sensitive Information in Source Code vulnerability in TNB ...)
NOT-FOR-US: TNB Mobile Solutions Cockpit Software
@@ -150715,7 +151369,7 @@ CVE-2024-23360 (Memory corruption while creating a LPAC client as LPAC engine wa
NOT-FOR-US: Qualcomm
CVE-2024-21478 (transient DOS when setting up a fence callback to free a KGSL memory e ...)
NOT-FOR-US: Qualcomm
-CVE-2024-0336 (Improper Access Control vulnerability in EMTA Grup PDKS allows Exploit ...)
+CVE-2024-0336 (Missing Authentication for Critical Function vulnerability in EMTA Gru ...)
NOT-FOR-US: EMTA Grup PDKS
CVE-2023-52162 (Mercusys MW325R EU V3 (Firmware MW325R(EU)_V3_1.11.0 Build 221019) is ...)
NOT-FOR-US: Mercusys MW325R EU V3
@@ -458686,6 +459340,7 @@ CVE-2020-13757 (Python-RSA before 4.1 ignores leading '\0' bytes during decrypti
NOTE: https://github.com/sybrenstuvel/python-rsa/issues/146
NOTE: https://github.com/sybrenstuvel/python-rsa/commit/93af6f2f89a9bf28361e67716c4240e691520f30 (version-4.1)
CVE-2020-13756 (Sabberworm PHP CSS Parser before 8.3.1 calls eval on uncontrolled data ...)
+ {DLA-4333-1}
- php-horde-css-parser 1.0.11-8.1 (bug #1104702)
[bookworm] - php-horde-css-parser <ignored> (Horde is non-functional in Bookworm)
NOTE: https://github.com/MyIntervals/PHP-CSS-Parser/commit/2ebf59e8bfbf6cfc1653a5f0ed743b95062c62a4
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dc50870704564b06276e75ee5e7e2b28e0ba5a03
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dc50870704564b06276e75ee5e7e2b28e0ba5a03
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251014/f259fb32/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list