Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
cdb2184e by security tracker role at 2025-03-13T20:12:33+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,131 @@
+CVE-2025-2284 (A denial-of-service vulnerability exists in the
"GetWebLoginCredential ...)
+ TODO: check
+CVE-2025-2280 (Improper access control in web extension restriction feature in
Devolu ...)
+ TODO: check
+CVE-2025-2278 (Improper access control in temporary access requests and
checkout requ ...)
+ TODO: check
+CVE-2025-2277 (Exposure of password in web-based SSH authentication component
in Devo ...)
+ TODO: check
+CVE-2025-2275
+ REJECTED
+CVE-2025-2265 (The password of a web user in "Sante PACS Server.exe" is
zero-padded t ...)
+ TODO: check
+CVE-2025-2264 (A Path Traversal Information Disclosure vulnerability exists in
"Sante ...)
+ TODO: check
+CVE-2025-2263 (During login to the web server in "Sante PACS Server.exe",
OpenSSL fun ...)
+ TODO: check
+CVE-2025-2230 (A flaw exists in the Windows login flow where an AuthContext
token can ...)
+ TODO: check
+CVE-2025-2229 (A token is created using the username, current date/time, and a
fixed ...)
+ TODO: check
+CVE-2025-2081 (Optigo Networks Visual BACnet Capture Tool and Optigo Visual
Networks ...)
+ TODO: check
+CVE-2025-2080 (Optigo Networks Visual BACnet Capture Tool and Optigo Visual
Networks ...)
+ TODO: check
+CVE-2025-2079 (Optigo Networks Visual BACnet Capture Tool and Optigo Visual
Networks ...)
+ TODO: check
+CVE-2025-29998 (This vulnerability exists in the CAP back office application
due to mi ...)
+ TODO: check
+CVE-2025-29997 (This vulnerability exists in the CAP back office application
due to im ...)
+ TODO: check
+CVE-2025-29996 (This vulnerability exists in the CAP back office application
due to im ...)
+ TODO: check
+CVE-2025-29995 (This vulnerability exists in the CAP back office application
due to a ...)
+ TODO: check
+CVE-2025-29994 (This vulnerability exists in the CAP back office application
due to im ...)
+ TODO: check
+CVE-2025-29773 (Froxlor is open-source server administration software. A
vulnerability ...)
+ TODO: check
+CVE-2025-29768 (Vim, a text editor, is vulnerable to potential data loss with
zip.vim ...)
+ TODO: check
+CVE-2025-29363 (Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable
to buffe ...)
+ TODO: check
+CVE-2025-29362 (Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable
to Buffe ...)
+ TODO: check
+CVE-2025-29361 (Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable
to Buffe ...)
+ TODO: check
+CVE-2025-29360 (Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable
to Buffe ...)
+ TODO: check
+CVE-2025-29359 (Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable
to Buffe ...)
+ TODO: check
+CVE-2025-29358 (Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable
to Buffe ...)
+ TODO: check
+CVE-2025-29357 (Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable
to Buffe ...)
+ TODO: check
+CVE-2025-28015 (A HTML Injection vulnerability was found in
loginsystem/edit-profile.p ...)
+ TODO: check
+CVE-2025-28011 (A SQL Injection was found in loginsystem/change-password.php
in PHPGur ...)
+ TODO: check
+CVE-2025-28010 (A cross-site scripting (XSS) vulnerability has been identified
in MODX ...)
+ TODO: check
+CVE-2025-27496 (Snowflake, a platform for using artificial intelligence in the
context ...)
+ TODO: check
+CVE-2025-27138 (DataEase is an open source business intelligence and data
visualizatio ...)
+ TODO: check
+CVE-2025-27107 (Integrated Scripting is a tool for creating scripts for
handling compl ...)
+ TODO: check
+CVE-2025-27103 (DataEase is an open source business intelligence and data
visualizatio ...)
+ TODO: check
+CVE-2025-25625 (FS Inc S3150 8T2F Switch s3150-8t2f-switch-fsos-220d_118101
has a stor ...)
+ TODO: check
+CVE-2025-25598 (Incorrect access control in the scheduled tasks console of
Inova Logic ...)
+ TODO: check
+CVE-2025-25363 (An authenticated stored cross-site scripting (XSS)
vulnerability in Th ...)
+ TODO: check
+CVE-2025-25175 (A vulnerability has been identified in Simcenter Femap V2401
(All vers ...)
+ TODO: check
+CVE-2025-24974 (DataEase is an open source business intelligence and data
visualizatio ...)
+ TODO: check
+CVE-2025-24053 (Improper authentication in Microsoft Dataverse allows an
authorized at ...)
+ TODO: check
+CVE-2025-21104 (Dell NetWorker, 19.11.0.3 and below versions, contain(s) an
Open Redir ...)
+ TODO: check
+CVE-2025-1767 (This CVE only affects Kubernetes clusters that utilize the
in-tree git ...)
+ TODO: check
+CVE-2025-1652 (A maliciously crafted MODEL file, when parsed through Autodesk
AutoCAD ...)
+ TODO: check
+CVE-2025-1651 (A maliciously crafted MODEL file, when parsed through Autodesk
AutoCAD ...)
+ TODO: check
+CVE-2025-1650 (A maliciously crafted CATPRODUCT file, when parsed through
Autodesk Au ...)
+ TODO: check
+CVE-2025-1649 (A maliciously crafted CATPRODUCT file, when parsed through
Autodesk Au ...)
+ TODO: check
+CVE-2025-1636 (Exposure of sensitive information in My Personal Credentials
password ...)
+ TODO: check
+CVE-2025-1635 (Exposure of sensitive information in hub data source export
feature in ...)
+ TODO: check
+CVE-2025-1433 (A maliciously crafted MODEL file, when parsed through Autodesk
AutoCAD ...)
+ TODO: check
+CVE-2025-1432 (A maliciously crafted 3DM file, when parsed through Autodesk
AutoCAD, ...)
+ TODO: check
+CVE-2025-1431 (A maliciously crafted SLDPRT file, when parsed through Autodesk
AutoCA ...)
+ TODO: check
+CVE-2025-1430 (A maliciously crafted SLDPRT file, when parsed through Autodesk
AutoCA ...)
+ TODO: check
+CVE-2025-1429 (A maliciously crafted MODEL file, when parsed through Autodesk
AutoCAD ...)
+ TODO: check
+CVE-2025-1428 (A maliciously crafted CATPART file, when parsed through
Autodesk AutoC ...)
+ TODO: check
+CVE-2025-1427 (A maliciously crafted CATPRODUCT file, when parsed through
Autodesk Au ...)
+ TODO: check
+CVE-2024-57348 (Cross Site Scripting vulnerability in PecanProject pecan
through v.1.8 ...)
+ TODO: check
+CVE-2024-57062 (An issue in SoundCloud IOS application v.7.65.2 allows a local
attacke ...)
+ TODO: check
+CVE-2024-55198 (User Enumeration via Discrepancies in Error Messages in the
Celk Siste ...)
+ TODO: check
+CVE-2024-53406 (Espressif Esp idf v5.3.0 is vulnerable to Insecure Permissions
resulti ...)
+ TODO: check
+CVE-2024-30143 (HCL AppScan Traffic Recorder fails to adequately neutralize
special ch ...)
+ TODO: check
+CVE-2024-28803 (Cross-site scripting (XSS) vulnerability in Italtel S.p.A.
i-MCS NFV v ...)
+ TODO: check
+CVE-2024-22880 (Cross Site Scripting vulnerability in Zadarma Zadarma
extension v.1.0. ...)
+ TODO: check
+CVE-2024-12858 (Delta Electronics CNCSoft-G2 Version 2.1.0.16 and prior lacks
proper ...)
+ TODO: check
+CVE-2024-10942 (The All-in-One WP Migration and Backup plugin for WordPress is
vulnera ...)
+ TODO: check
CVE-2025-2271 (A vulnerability exists in Issuetrak v17.2.2 and prior that
allows a lo ...)
TODO: check
CVE-2025-2250 (The WordPress Report Brute Force Attacks and Login Protection
ReportAt ...)
@@ -554,7 +682,7 @@ CVE-2025-27393 (A vulnerability has been identified in
SCALANCE LPE9403 (6GK5998
NOT-FOR-US: Siemens
CVE-2025-27392 (A vulnerability has been identified in SCALANCE LPE9403
(6GK5998-3GS00 ...)
NOT-FOR-US: Siemens
-CVE-2025-27363 (An out of bounds write exists in FreeType versions 2.13.0 and
below wh ...)
+CVE-2025-27363 (An out of bounds write exists in FreeType versions 2.13.0 and
below (n ...)
- freetype 2.13.1+dfsg-1
NOTE: https://www.facebook.com/security/advisories/cve-2025-27363
NOTE: https://gitlab.freedesktop.org/freetype/freetype/-/issues/1322
@@ -3567,7 +3695,7 @@ CVE-2025-27408 (Manifest offers users a one-file micro
back end. Prior to versio
NOT-FOR-US: Manifest
CVE-2025-27400 (Magento Long Term Support (LTS) is an unofficial,
community-driven pro ...)
NOT-FOR-US: Magento LTS (alternative to Magento Community Edition)
-CVE-2025-26326 (A vulnerability in the remote connection complements of the
NVDA (Nonv ...)
+CVE-2025-26326 (A vulnerability was identified in the NVDA Remote (version
2.6.4) and ...)
NOT-FOR-US: NVDA (Nonvisual Desktop Access)
CVE-2025-26263 (GeoVision ASManager Windows desktop application with the
version 6.1.2 ...)
NOT-FOR-US: GeoVision
@@ -17691,7 +17819,7 @@ CVE-2024-7595 (GRE and GRE6 Protocols (RFC2784) do not
validate or verify the so
NOTE:
https://www.top10vpn.com/research/tunneling-protocol-vulnerability/
NOTE: https://kb.cert.org/vuls/id/199397
NOTE: https://www.openwall.com/lists/oss-security/2025/01/21/10
-CVE-2024-9042
+CVE-2024-9042 (This CVE affects only Windows worker nodes. Your worker node is
vulner ...)
- kubernetes <not-affected> (Windows-specific)
CVE-2025-23965 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cdb2184e14f748a0383b47b7e8243c6945a82ce5
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cdb2184e14f748a0383b47b7e8243c6945a82ce5
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
