[Git][security-tracker-team/security-tracker][master] Add CVE-2025-15581/orthanc
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Feb 19 08:50:30 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
520336b2 by Salvatore Bonaccorso at 2026-02-19T09:49:50+01:00
Add CVE-2025-15581/orthanc
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -161,7 +161,9 @@ CVE-2025-15586 (OGP-Website installs prior git commit 52f865a4fba763594453068acf
CVE-2025-15585 (Fileflows versions before 25.05.2 are affected by an authenticated SQL ...)
NOT-FOR-US: Fileflows
CVE-2025-15581 (Orthanc versions before 1.12.10 are affected by an authorisation logic ...)
- TODO: check
+ - orthanc 1.12.10+dfsg-1
+ NOTE: https://projectblack.io/blog/orthanc-1-12-9-user-impersonation/#exploitation
+ NOTE: https://orthanc.uclouvain.be/bugs/show_bug.cgi?id=252
CVE-2025-15041 (The BackWPup \u2013 WordPress Backup & Restore Plugin plugin for WordP ...)
NOT-FOR-US: WordPress plugin
CVE-2025-14983 (The Advanced Custom Fields: Font Awesome Field plugin for WordPress is ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/520336b20819074dfba40d22a2cbd1419ccb70d5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/520336b20819074dfba40d22a2cbd1419ccb70d5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260219/111c0a21/attachment.htm>
More information about the debian-security-tracker-commits
mailing list