Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8c50c8f5 by security tracker role at 2025-04-21T20:12:08+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,63 @@
+CVE-2025-43922 (The FileWave Windows client before 16.0.0, in some non-default
configu ...)
+ TODO: check
+CVE-2025-43916 (Sonos api.sonos.com through 2025-04-21, when the
/login/v3/oauth endpo ...)
+ TODO: check
+CVE-2025-3857 (When reading binary Ion data through Amazon.IonDotnet using the
RawBin ...)
+ TODO: check
+CVE-2025-3841 (A vulnerability, which was classified as problematic, was found
in wix ...)
+ TODO: check
+CVE-2025-3840 (An improper neutralization of input vulnerability was
identified in th ...)
+ TODO: check
+CVE-2025-3838 (An Improper Authorization vulnerability was identified in the
EOL OVA ...)
+ TODO: check
+CVE-2025-3837 (An improper input validation vulnerability is identified in the
End of ...)
+ TODO: check
+CVE-2025-32793 (Cilium is a networking, observability, and security solution
with an e ...)
+ TODO: check
+CVE-2025-32431 (Traefik (pronounced traffic) is an HTTP reverse proxy and load
balance ...)
+ TODO: check
+CVE-2025-32408 (In Soffid Console 3.6.31 before 3.6.32, authorization to use
the pam s ...)
+ TODO: check
+CVE-2025-2517 (Reference to Expired Domain Vulnerability in OpenText\u2122
ArcSight E ...)
+ TODO: check
+CVE-2025-2298 (An improper authorization vulnerability in Dremio Software
allows auth ...)
+ TODO: check
+CVE-2025-29660 (A vulnerability exists in the daemon process of the Yi IOT
XY-3820 v6. ...)
+ TODO: check
+CVE-2025-29659 (Yi IOT XY-3820 6.0.24.10 is vulnerable to Remote Command
Execution via ...)
+ TODO: check
+CVE-2025-29446 (open-webui v0.5.16 is vulnerable to SSRF in routers/ollama.py
in funct ...)
+ TODO: check
+CVE-2025-29287 (An arbitrary file upload vulnerability in the ueditor
component of MCM ...)
+ TODO: check
+CVE-2025-28367 (mojoPortal <=2.9.0.1 is vulnerable to Directory Traversal via
BetterIm ...)
+ TODO: check
+CVE-2025-28121 (code-projects Online Exam Mastering System 1.0 is vulnerable
to Cross ...)
+ TODO: check
+CVE-2025-28104 (Incorrect access control in laskBlog v2.6.1 allows attackers
to access ...)
+ TODO: check
+CVE-2025-28103 (Incorrect access control in laskBlog v2.6.1 allows attackers
to arbitr ...)
+ TODO: check
+CVE-2025-28102 (A cross-site scripting (XSS) vulnerability in flaskBlog v2.6.1
allows ...)
+ TODO: check
+CVE-2025-28099 (opencms V2.3 is vulnerable to Arbitrary file read in
src/main/webapp/v ...)
+ TODO: check
+CVE-2025-27086 (A vulnerability in the HPE Performance Cluster Manager (HPCM)
GUI coul ...)
+ TODO: check
+CVE-2025-23174 (CWE-200: Exposure of Sensitive Information to an Unauthorized
Actor)
+ TODO: check
+CVE-2024-57394 (The quarantine - restore function in Qi-ANXIN Tianqing
Endpoint Securi ...)
+ TODO: check
+CVE-2024-42699 (Cross Site Scripting vulnerability in Create/Modify article
function i ...)
+ TODO: check
+CVE-2024-41446 (A stored cross-site scripting (XSS) vulnerability in Alkacon
OpenCMS v ...)
+ TODO: check
+CVE-2024-12863 (Stored XSS in Discussions in OpenText Content Management CE
20.2 to 25 ...)
+ TODO: check
+CVE-2024-12862 (Incorrect Authorization vulnerability in the OpenText Content
Server R ...)
+ TODO: check
+CVE-2024-12543 (User Enumeration and Data Integrity in Barcode functionality
in OpenTe ...)
+ TODO: check
CVE-2024-40446
- mimetex <unfixed> (bug #1103801)
NOTE: https://github.com/TaiYou-TW/CVE-2024-40445_CVE-2024-40446
@@ -75,7 +135,7 @@ CVE-2025-43928 (In Infodraw Media Relay Service (MRS)
7.1.0.0, the MRS web serve
CVE-2025-43921 (GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows
unauthentic ...)
- mailman <removed>
NOTE: https://github.com/0NYX-MY7H/CVE-2025-43921
-CVE-2025-43920 (GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows
unauthentic ...)
+CVE-2025-43920 (GNU Mailman 2.1.39, as bundled in cPanel (and WHM), in certain
externa ...)
- mailman <removed>
NOTE: https://github.com/0NYX-MY7H/CVE-2025-43920
CVE-2025-43919 (GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows
unauthentic ...)
@@ -8552,16 +8612,19 @@ CVE-2025-31433 (Improper Neutralization of Input During
Web Page Generation ('Cr
CVE-2025-31432 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
NOT-FOR-US: WordPress plugin
CVE-2025-31164 (heap-buffer overflow in fig2dev in version 3.2.9aallows an
attacker to ...)
+ {DLA-4134-1}
- fig2dev 1:3.2.9a-2
[bookworm] - fig2dev <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/mcj/tickets/184/
NOTE: Fixed by:
https://sourceforge.net/p/mcj/fig2dev/ci/ff9aba206a30288f456dfc91584a52ba9927b438/
CVE-2025-31163 (Segmentation fault in fig2dev in version 3.2.9aallows an
attacker to a ...)
+ {DLA-4134-1}
- fig2dev 1:3.2.9a-2
[bookworm] - fig2dev <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/mcj/tickets/186/
NOTE: Fixed by:
https://sourceforge.net/p/mcj/fig2dev/ci/c8a87d22036e62bac0c6f7836078d8103caa6457/
CVE-2025-31162 (Floating point exception in fig2dev in version 3.2.9aallows an
attacke ...)
+ {DLA-4134-1}
- fig2dev 1:3.2.9a-2
[bookworm] - fig2dev <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/mcj/tickets/185/
@@ -89087,6 +89150,7 @@ CVE-2024-38439 (Netatalk before 3.2.1 has an off-by-one
error and resultant heap
CVE-2024-36397 (Vantiva - MediaAccess DGA2232v19.4 -CWE-79: Improper
Neutralization of ...)
NOT-FOR-US: Vantiva
CVE-2024-38428 (url.c in GNU Wget through 1.24.5 mishandles semicolons in the
userinfo ...)
+ {DLA-4133-1}
- wget 1.24.5-2 (bug #1073523)
[bookworm] - wget 1.21.3-1+deb12u1
[buster] - wget <postponed> (Minor issue, infoleak in limited
conditions)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8c50c8f5e1120b4b7086cab7b679b03a84087b21
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8c50c8f5e1120b4b7086cab7b679b03a84087b21
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
