Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ac4a27b7 by security tracker role at 2025-04-13T20:12:45+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,8 +1,23 @@
+CVE-2025-3538 (A vulnerability was found in D-Link DI-8100 16.07.26A1. It has
been ra ...)
+ TODO: check
+CVE-2025-3537 (A vulnerability was found in Tutorials-Website Employee
Management Sys ...)
+ TODO: check
+CVE-2025-3536 (A vulnerability was found in Tutorials-Website Employee
Management Sys ...)
+ TODO: check
+CVE-2025-3535 (A vulnerability has been found in shuanx BurpAPIFinder up to
2.0.2 and ...)
+ TODO: check
+CVE-2025-3534 (A vulnerability, which was classified as critical, was found in
PowerC ...)
+ TODO: check
+CVE-2025-3533 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2025-3423 (IBM Aspera Faspex 5.0.0 through 5.0.11 is vulnerable to
cross-site scr ...)
+ TODO: check
CVE-2025-32896
NOT-FOR-US: Apache SeaTunnel
CVE-2025-24859
NOT-FOR-US: Apache Roller
-CVE-2024-56406 [heap buffer overflow when transliterating non-ASCII bytes]
+CVE-2024-56406 (A heap buffer overflow vulnerability was discovered in Perl.
Release ...)
+ {DSA-5902-1}
- perl 5.40.1-3
[bullseye] - perl <not-affected> (Vulnerable code introduced later)
NOTE: https://lists.security.metacpan.org/cve-announce/msg/28708725/
@@ -490,28 +505,34 @@ CVE-2023-43035 (IBM Sterling Control Center 6.2.1, 6.3.1,
and 6.4.0 allows web p
CVE-2023-42007 (IBM Sterling Control Center 6.2.1, 6.3.1, and 6.4.0 is
vulnerable to c ...)
NOT-FOR-US: IBM
CVE-2025-32700 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ {DSA-5901-1}
- mediawiki 1:1.43.1+dfsg-1
NOTE: https://phabricator.wikimedia.org/T389235
NOTE:
https://gerrit.wikimedia.org/r/c/mediawiki/extensions/AbuseFilter/+/1135788
CVE-2025-32699 (Vulnerability in Wikimedia Foundation MediaWiki, Wikimedia
Foundation ...)
+ {DSA-5901-1}
- mediawiki 1:1.43.1+dfsg-1
NOTE: https://phabricator.wikimedia.org/T387130
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1135794
CVE-2025-32698 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ {DSA-5901-1}
- mediawiki 1:1.43.1+dfsg-1
NOTE: https://phabricator.wikimedia.org/T385958
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1135793
CVE-2025-32697 (Improper Preservation of Permissions vulnerability in
Wikimedia Founda ...)
+ {DSA-5901-1}
- mediawiki 1:1.43.1+dfsg-1
NOTE: https://phabricator.wikimedia.org/T140010
NOTE: https://phabricator.wikimedia.org/T62109
NOTE: https://phabricator.wikimedia.org/T24521
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1112359
CVE-2025-32696 (Improper Preservation of Permissions vulnerability in
Wikimedia Founda ...)
+ {DSA-5901-1}
- mediawiki 1:1.43.1+dfsg-1
NOTE: https://phabricator.wikimedia.org/T304474
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/737454
CVE-2025-3469 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ {DSA-5901-1}
- mediawiki 1:1.43.1+dfsg-1
NOTE: https://phabricator.wikimedia.org/T358689
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1135795
@@ -1780,6 +1801,7 @@ CVE-2025-3370 (A vulnerability classified as critical has
been found in PHPGuruk
CVE-2025-3369 (A vulnerability was found in xxyopen Novel-Plus 5.1.0. It has
been rat ...)
NOT-FOR-US: xxyopen Novel-Plus
CVE-2025-3360 (A flaw was found in GLib. An integer overflow and buffer
under-read oc ...)
+ {DLA-4128-1}
- glib2.0 2.84.1-1
[bookworm] - glib2.0 <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/3647
@@ -12388,6 +12410,7 @@ CVE-2025-27623 (Jenkins 2.499 and earlier, LTS 2.492.1
and earlier does not reda
CVE-2025-27622 (Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not
redact enc ...)
NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-27516 (Jinja is an extensible templating engine. Prior to 3.1.6, an
oversight ...)
+ {DLA-4126-1}
- jinja2 3.1.6-1 (bug #1099690)
[bookworm] - jinja2 <no-dsa> (Minor issue)
NOTE:
https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7
@@ -36628,6 +36651,7 @@ CVE-2024-56363 (APTRS (Automated Penetration Testing
Reporting System) is a Pyth
CVE-2024-56362 (Navidrome is an open source web-based music collection server
and stre ...)
NOT-FOR-US: Navidrome
CVE-2024-56326 (Jinja is an extensible templating engine. Prior to 3.1.5, An
oversight ...)
+ {DLA-4126-1}
- jinja2 3.1.5-1 (bug #1091331)
[bookworm] - jinja2 3.1.2-1+deb12u2
NOTE:
https://github.com/pallets/jinja/security/advisories/GHSA-q2x7-8rv6-6q7h
@@ -40483,6 +40507,7 @@ CVE-2024-49600 (Dell Power Manager (DPM), versions
prior to 3.17, contain an imp
CVE-2024-48956 (Serviceware Processes 6.0 through 7.3 before 7.4 allows
attackers with ...)
NOT-FOR-US: Serviceware Processes
CVE-2024-46901 (Insufficient validation of filenames against control
characters in Apa ...)
+ {DLA-4127-1}
- subversion 1.14.5-1
[bookworm] - subversion 1.14.2-4+deb12u1
NOTE: https://subversion.apache.org/security/CVE-2024-46901-advisory.txt
@@ -79494,6 +79519,7 @@ CVE-2024-6679 (A vulnerability classified as critical
has been found in witmy my
CVE-2024-6643
REJECTED
CVE-2024-6531 (A vulnerability has been identified in Bootstrap that exposes
users to ...)
+ {DLA-4125-1}
- twitter-bootstrap4 4.6.1+dfsg1-5 (bug #1084059)
[bookworm] - twitter-bootstrap4 <postponed> (Minor issue, revisit when
fixed upstream)
- twitter-bootstrap3 <not-affected> (Only affects 4.x)
@@ -79503,11 +79529,13 @@ CVE-2024-6531 (A vulnerability has been identified in
Bootstrap that exposes use
CVE-2024-6528 (CWE-79: Improper Neutralization of Input During Web Page
Generation (' ...)
NOT-FOR-US: Schneider Electric
CVE-2024-6485 (A security vulnerability has been discovered in bootstrap that
could e ...)
+ {DLA-4124-1}
- twitter-bootstrap4 <not-affected> (Only affects 3.x)
- twitter-bootstrap3 3.4.1+dfsg-4 (bug #1084060)
[bookworm] - twitter-bootstrap3 <postponed> (Minor issue, revisit when
fixed upstream)
NOTE: https://www.herodevs.com/vulnerability-directory/cve-2024-6485
CVE-2024-6484 (A vulnerability has been identified in Bootstrap that exposes
users to ...)
+ {DLA-4124-1}
- twitter-bootstrap4 <not-affected> (Only affects 3.x)
- twitter-bootstrap3 3.4.1+dfsg-4 (bug #1084060)
[bookworm] - twitter-bootstrap3 <postponed> (Minor issue, revisit when
fixed upstream)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ac4a27b7ece79364574e192fb278f6e362de0e85
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ac4a27b7ece79364574e192fb278f6e362de0e85
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
