Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
16dd7fb7 by security tracker role at 2025-04-18T20:12:58+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,125 @@
-CVE-2025-37838 [HSI: ssi_protocol: Fix use after free vulnerability in
ssi_protocol Driver Due to Race Condition]
+CVE-2025-3795 (A vulnerability was found in DaiCuo 1.3.13. It has been rated
as probl ...)
+ TODO: check
+CVE-2025-3792 (A vulnerability, which was classified as critical, has been
found in S ...)
+ TODO: check
+CVE-2025-3791 (A vulnerability classified as critical was found in symisc
UnQLite up ...)
+ TODO: check
+CVE-2025-3790 (A vulnerability classified as critical has been found in
baseweb JSite ...)
+ TODO: check
+CVE-2025-3789 (A vulnerability was found in baseweb JSite 1.0. It has been
rated as p ...)
+ TODO: check
+CVE-2025-3788 (A vulnerability was found in baseweb JSite 1.0. It has been
declared a ...)
+ TODO: check
+CVE-2025-3787 (A vulnerability was found in PbootCMS 3.2.5. It has been
classified as ...)
+ TODO: check
+CVE-2025-3786 (A vulnerability was found in Tenda AC15 up to 15.03.05.19 and
classifi ...)
+ TODO: check
+CVE-2025-3785 (A vulnerability has been found in D-Link DWR-M961 1.1.36 and
classifie ...)
+ TODO: check
+CVE-2025-3106 (The LA-Studio Element Kit for Elementor plugin for WordPress is
vulner ...)
+ TODO: check
+CVE-2025-3056 (The Download Manager plugin for WordPress is vulnerable to
Stored Cros ...)
+ TODO: check
+CVE-2025-36625 (In Nessus versions prior to 10.8.4, a non-authenticated
attacker could ...)
+ TODO: check
+CVE-2025-32796 (Dify is an open-source LLM app development platform. Prior to
version ...)
+ TODO: check
+CVE-2025-32795 (Dify is an open-source LLM app development platform. Prior to
version ...)
+ TODO: check
+CVE-2025-32792 (SES safely executes third-party JavaScript 'strict' mode
programs in c ...)
+ TODO: check
+CVE-2025-32790 (Dify is an open-source LLM app development platform. In
versions 0.6.8 ...)
+ TODO: check
+CVE-2025-32442 (Fastify is a fast and low overhead web framework, for Node.js.
In vers ...)
+ TODO: check
+CVE-2025-32434 (PyTorch is a Python package that provides tensor computation
with stro ...)
+ TODO: check
+CVE-2025-32389 (NamelessMC is a free, easy to use & powerful website software
for Mine ...)
+ TODO: check
+CVE-2025-32377 (Rasa Pro is a framework for building scalable, dynamic
conversational ...)
+ TODO: check
+CVE-2025-31120 (NamelessMC is a free, easy to use & powerful website software
for Mine ...)
+ TODO: check
+CVE-2025-31118 (NamelessMC is a free, easy to use & powerful website software
for Mine ...)
+ TODO: check
+CVE-2025-30357 (NamelessMC is a free, easy to use & powerful website software
for Mine ...)
+ TODO: check
+CVE-2025-30158 (NamelessMC is a free, easy to use & powerful website software
for Mine ...)
+ TODO: check
+CVE-2025-2950 (IBM i 7.3, 7.4, 7.5, and 7.5 is vulnerable to a host header
injection ...)
+ TODO: check
+CVE-2025-2492 (An improper authentication control vulnerability exists in
AiCloud. Th ...)
+ TODO: check
+CVE-2025-29953 (Deserialization of Untrusted Data vulnerability in Apache
ActiveMQ NMS ...)
+ TODO: check
+CVE-2025-29784 (NamelessMC is a free, easy to use & powerful website software
for Mine ...)
+ TODO: check
+CVE-2025-29625 (A buffer overflow vulnerability in Astrolog v7.70 allows
attackers to ...)
+ TODO: check
+CVE-2025-29513 (Cross-Site Scripting (XSS) vulnerability in NodeBB v4.0.4 and
before a ...)
+ TODO: check
+CVE-2025-29512 (Cross-Site Scripting (XSS) vulnerability in NodeBB v4.0.4 and
before a ...)
+ TODO: check
+CVE-2025-29209 (TOTOLINK X18 v9.1.0cu.2024_B20220329 has an unauthorized
arbitrary com ...)
+ TODO: check
+CVE-2025-28355 (Volmarg Personal Management System 1.4.65 is vulnerable to
Cross Site ...)
+ TODO: check
+CVE-2025-28242 (Improper session management in the /login_ok.htm endpoint of
DAEnetIP4 ...)
+ TODO: check
+CVE-2025-28238 (Improper session management in Elber REBLE310 Firmware
v5.5.1.R , Equi ...)
+ TODO: check
+CVE-2025-28237 (An issue in WorldCast Systems ECRESO FM/DAB/TV Transmitter
v1.10.1 all ...)
+ TODO: check
+CVE-2025-28236 (Nautel VX Series transmitters VX SW v6.4.0 and below was
discovered to ...)
+ TODO: check
+CVE-2025-28235 (An information disclosure vulnerability in the component
/socket.io/1/ ...)
+ TODO: check
+CVE-2025-28233 (Incorrect access control in BW Broadcast TX600 (14980), TX300
(32990) ...)
+ TODO: check
+CVE-2025-28232 (Incorrect access control in the HOME.php endpoint of
JMBroadcast JMB01 ...)
+ TODO: check
+CVE-2025-28231 (Incorrect access control in Itel Electronics IP Stream
v1.7.0.6 allows ...)
+ TODO: check
+CVE-2025-28230 (Incorrect access control in JMBroadcast JMB0150 Firmware v1.0
allows a ...)
+ TODO: check
+CVE-2025-28229 (Incorrect access control in Orban OPTIMOD 5950 Firmware
v1.0.0.2 and S ...)
+ TODO: check
+CVE-2025-28228 (A credential exposure vulnerability in Electrolink 500W, 1kW,
2kW Medi ...)
+ TODO: check
+CVE-2025-28197 (Crawl4AI <=0.4.247 is vulnerable to SSRF in
/crawl4ai/async_dispatcher ...)
+ TODO: check
+CVE-2025-28059 (An access control vulnerability in Nagios Network Analyzer
2024R1.0.3 ...)
+ TODO: check
+CVE-2025-27599 (Element X Android is a Matrix Android Client provided by
element.io. P ...)
+ TODO: check
+CVE-2025-25985 (An issue in Macro-video Technologies Co.,Ltd V380E6_C1 IP
camera (Hw_H ...)
+ TODO: check
+CVE-2025-25984 (An issue in Macro-video Technologies Co.,Ltd V380E6_C1 IP
camera (Hw_H ...)
+ TODO: check
+CVE-2025-25983 (An issue in Macro-video Technologies Co.,Ltd V380 Pro android
applicat ...)
+ TODO: check
+CVE-2025-24914 (When installing Nessus to a non-default location on a Windows
host, Ne ...)
+ TODO: check
+CVE-2025-1697 (A potential security vulnerability has been identified in the
HP Touch ...)
+ TODO: check
+CVE-2024-57493 (An issue in redoxOS relibc before commit 98aa4ea5 allows a
local attac ...)
+ TODO: check
+CVE-2024-49808 (IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and
6.3.0 could ...)
+ TODO: check
+CVE-2024-46089 (74cms <=3.33 is vulnerable to remote code execution (RCE) in
the backg ...)
+ TODO: check
+CVE-2024-45651 (IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and
6.3.0 doe ...)
+ TODO: check
+CVE-2024-41447 (A stored cross-site scripting (XSS) vulnerability in Alkacon
OpenCMS v ...)
+ TODO: check
+CVE-2024-29643 (An issue in croogo v.3.0.2 allows an attacker to perform Host
header i ...)
+ TODO: check
+CVE-2024-11421
+ REJECTED
+CVE-2025-37838 (In the Linux kernel, the following vulnerability has been
resolved: H ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/e3f88665a78045fe35c7669d2926b8d97b892c11 (6.15-rc1)
-CVE-2025-40364 [io_uring: fix io_req_prep_async with provided buffers]
+CVE-2025-40364 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
- linux 6.7.7-1
[bookworm] - linux 6.1.129-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -158875,6 +158993,7 @@ CVE-2023-4650 (Improper Access Control in GitHub
repository instantsoft/icms2 pr
CVE-2023-4649 (Session Fixation in GitHub repository instantsoft/icms2 prior
to 2.16. ...)
NOT-FOR-US: icms2
CVE-2023-4641 (A flaw was found in shadow-utils. When asking for a new
password, shad ...)
+ {DLA-4130-1}
- shadow 1:4.13+dfsg1-2 (bug #1051062)
[bookworm] - shadow <no-dsa> (Minor issue)
[buster] - shadow <no-dsa> (Minor issue)
@@ -178990,6 +179109,7 @@ CVE-2021-4334 (The Fancy Product Designer plugin for
WordPress is vulnerable to
CVE-2014-125094 (A vulnerability classified as problematic was found in
phpMiniAdmin up ...)
NOT-FOR-US: phpMiniAdmin
CVE-2023-29383 (In Shadow 4.13, it is possible to inject control characters
into field ...)
+ {DLA-4130-1}
- shadow 1:4.13+dfsg1-2 (bug #1034482)
[bookworm] - shadow <no-dsa> (Minor issue)
[buster] - shadow <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/16dd7fb72f5ef24c812293959d0937fa3800e6ac
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/16dd7fb72f5ef24c812293959d0937fa3800e6ac
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
