Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
740628af by security tracker role at 2025-03-21T20:12:10+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,79 @@
+CVE-2025-30349 (Horde IMP through 6.2.27, as used with Horde Application
Framework thr ...)
+ TODO: check
+CVE-2025-30179 (Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x
<= 9.11 ...)
+ TODO: check
+CVE-2025-30168 (Parse Server is an open source backend that can be deployed to
any inf ...)
+ TODO: check
+CVE-2025-30157 (Envoy is a cloud-native high-performance edge/middle/service
proxy. Pr ...)
+ TODO: check
+CVE-2025-2603 (A vulnerability was found in SourceCodester Kortex Lite
Advocate Offic ...)
+ TODO: check
+CVE-2025-2602 (A vulnerability has been found in SourceCodester Kortex Lite
Advocate ...)
+ TODO: check
+CVE-2025-2601 (A vulnerability, which was classified as critical, was found in
Source ...)
+ TODO: check
+CVE-2025-2598 (When the AWS Cloud Development Kit (AWS CDK) Command Line
Interface (A ...)
+ TODO: check
+CVE-2025-2597 (Reflected Cross-Site Scripting (XSS) in ITIUM 6050 version
5.5.5.2-b35 ...)
+ TODO: check
+CVE-2025-2593 (A vulnerability has been found in FastCMS up to 0.1.5 and
classified a ...)
+ TODO: check
+CVE-2025-2592 (A vulnerability, which was classified as critical, has been
found in O ...)
+ TODO: check
+CVE-2025-2591 (A vulnerability classified as problematic was found in Open
Asset Impo ...)
+ TODO: check
+CVE-2025-2590 (A vulnerability was found in code-projects Human Resource
Management S ...)
+ TODO: check
+CVE-2025-2589 (A vulnerability was found in code-projects Human Resource
Management S ...)
+ TODO: check
+CVE-2025-2588 (A vulnerability has been found in Hercules Augeas 1.14.1 and
classifie ...)
+ TODO: check
+CVE-2025-2587 (A vulnerability, which was classified as critical, was found in
Jinher ...)
+ TODO: check
+CVE-2025-29927 (Next.js is a React framework for building full-stack web
applications. ...)
+ TODO: check
+CVE-2025-29641 (Phpgurukul Vehicle Record Management System v1.0 is vulnerable
to SQL ...)
+ TODO: check
+CVE-2025-29640 (Phpgurukul Human Metapneumovirus (HMPV) \u2013 Testing
Management Syst ...)
+ TODO: check
+CVE-2025-29230 (Linksys E5600 v1.1.0.26 was discovered to contain a command
injection ...)
+ TODO: check
+CVE-2025-29227 (In Linksys E5600 V1.1.0.26, the \usr\share\lua\runtime.lua
file contai ...)
+ TODO: check
+CVE-2025-29226 (In Linksys E5600 V1.1.0.26, the \usr\share\lua\runtime.lua
file contai ...)
+ TODO: check
+CVE-2025-29223 (Linksys E5600 v1.1.0.26 was discovered to contain a command
injection ...)
+ TODO: check
+CVE-2025-27933 (Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x
<= 9.11 ...)
+ TODO: check
+CVE-2025-27715 (Mattermost versions 9.11.x <= 9.11.8 fail to prompt for
explicit appro ...)
+ TODO: check
+CVE-2025-27612 (libcontainer is a library for container control. Prior to
libcontainer ...)
+ TODO: check
+CVE-2025-25274 (Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x
<= 9.11 ...)
+ TODO: check
+CVE-2025-25068 (Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x
<= 9.11 ...)
+ TODO: check
+CVE-2025-25036 (Improper Restriction of XML External Entity Reference
vulnerability in ...)
+ TODO: check
+CVE-2025-25035 (Improper Neutralization of Input During Web Page Generation
Cross-site ...)
+ TODO: check
+CVE-2025-24920 (Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x
<= 9.11 ...)
+ TODO: check
+CVE-2025-24915 (When installing Nessus Agent to a non-default location on a
Windows ho ...)
+ TODO: check
+CVE-2024-57490 (Guangzhou Hongfan Technology Co., LTD. iOffice20 has any user
login vu ...)
+ TODO: check
+CVE-2024-53351 (Insecure permissions in pipecd v0.49 allow attackers to gain
access to ...)
+ TODO: check
+CVE-2024-53350 (Insecure permissions in kubeslice v1.3.1 allow attackers to
gain acces ...)
+ TODO: check
+CVE-2024-53349 (Insecure permissions in kuadrant v0.11.3 allow attackers to
gain acces ...)
+ TODO: check
+CVE-2024-53348 (LoxiLB v.0.9.7 and before is vulnerable to Incorrect Access
Control wh ...)
+ TODO: check
+CVE-2023-43029 (IBM Storage Virtualize vSphere Remote Plug-in 1.0 and 1.1
could allow ...)
+ TODO: check
CVE-2025-30348 (encodeText in QDom in Qt before 6.8.0 has a complex algorithm
involvin ...)
- qt6-base 6.8.2+dfsg-5
[bookworm] - qt6-base <no-dsa> (Minor issue)
@@ -42,7 +118,7 @@ CVE-2025-2581 (A vulnerability has been found in xmedcon
0.25.0 and classified a
NOTE:
https://sourceforge.net/p/xmedcon/code/ci/e7a88836fc2277f8ab777f3ef24f917d08415559/
CVE-2025-2574 (Out-of-bounds array write in Xpdf 4.05 and earlier, due to
incorrect i ...)
- xpdf <not-affected> (Debian uses poppler)
-CVE-2025-2538 (A specific type of ArcGIS Enterprise deployment, is vulnerable
to a Pa ...)
+CVE-2025-2538 (A specific type of ArcGIS Enterprise deployment is vulnerable
to a Pas ...)
NOT-FOR-US: ArcGIS Enterprise
CVE-2025-2198
REJECTED
@@ -222968,7 +223044,7 @@ CVE-2022-38331
RESERVED
CVE-2022-38330
RESERVED
-CVE-2022-38329 (An issue was discovered in Shopxian CMS 3.0.0. There is a CSRF
vulnera ...)
+CVE-2022-38329 (A CSRF vulnerability in Shopxian CMS 3.0.0 could allow an
unauthentica ...)
NOT-FOR-US: Shopxian CMS
CVE-2022-38328
RESERVED
@@ -329670,8 +329746,7 @@ CVE-2021-25636 (LibreOffice supports digital
signatures of ODF documents and mac
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2056955
NOTE:
https://www.libreoffice.org/about-us/security/advisories/CVE-2021-25636
NOTE: Fixed by:
https://github.com/LibreOffice/core/commit/b0404f80577de9ff69e58390c6f6ef949fdb0139
-CVE-2021-25635
- RESERVED
+CVE-2021-25635 (An Improper Certificate Validation vulnerability in
LibreOffice allowe ...)
- libreoffice <not-affected> (Only affects Microsoft Crypto API
back-end)
NOTE:
https://www.libreoffice.org/about-us/security/advisories/CVE-2021-25635
NOTE: https://www.openwall.com/lists/oss-security/2021/10/11/3
@@ -434789,7 +434864,7 @@ CVE-2019-16263 (The Twitter Kit framework through
3.4.2 for iOS does not properl
NOT-FOR-US: Twitter Kit framework
CVE-2019-16262
RESERVED
-CVE-2019-16261 (Tripp Lite PDUMH15AT 12.04.0053 devices allow unauthenticated
POST req ...)
+CVE-2019-16261 (Tripp Lite PDUMH15AT 12.04.0053 and SU750XL 12.04.0052 devices
allow u ...)
NOT-FOR-US: Tripp Lite PDUMH15AT
CVE-2019-16260
RESERVED
@@ -435241,8 +435316,8 @@ CVE-2019-16153 (A hard-coded password vulnerability
in the Fortinet FortiSIEM da
NOT-FOR-US: Fortinet
CVE-2019-16152 (A Denial of service (DoS) vulnerability in FortiClient for
Linux 6.2.1 ...)
NOT-FOR-US: Fortiguard FortiClient
-CVE-2019-16151
- RESERVED
+CVE-2019-16151 (An improper neutralization of input during web page generation
vulnera ...)
+ TODO: check
CVE-2019-16150 (Use of a hard-coded cryptographic key to encrypt security
sensitive da ...)
NOT-FOR-US: Fortiguard
CVE-2019-16149
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/740628af69e57faeb3a41b8f9d2bc9236f9a8bb4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/740628af69e57faeb3a41b8f9d2bc9236f9a8bb4
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
