Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
27405e87 by security tracker role at 2025-04-23T20:12:05+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,123 @@
+CVE-2025-46394 (In tar in BusyBox through 1.37.0, a TAR archive can have
filenames hid ...)
+ TODO: check
+CVE-2025-46393 (In multispectral MIFF image processing in ImageMagick before
7.1.1-44, ...)
+ TODO: check
+CVE-2025-45429 (In the Tenda ac9 v1.0 router with firmware V15.03.05.14_multi,
there i ...)
+ TODO: check
+CVE-2025-45428 (In Tenda ac9 v1.0 with firmware V15.03.05.14_multi, the
rebootTime par ...)
+ TODO: check
+CVE-2025-45427 (In Tenda AC9 v1.0 with firmware V15.03.05.14_multi, the
security param ...)
+ TODO: check
+CVE-2025-43965 (In MIFF image processing in ImageMagick before 7.1.1-44, image
depth i ...)
+ TODO: check
+CVE-2025-43716 (A directory traversal vulnerability exists in Ivanti LANDesk
Managemen ...)
+ TODO: check
+CVE-2025-42605 (This vulnerability exists in Meon Bidding Solutions due to
improper au ...)
+ TODO: check
+CVE-2025-42604 (This vulnerability exists in Meon KYC solutions due to debug
mode is e ...)
+ TODO: check
+CVE-2025-42603 (This vulnerability exists in the Meon KYC solutions due to
transmissio ...)
+ TODO: check
+CVE-2025-42602 (This vulnerability exists in Meon KYC solutions due to
improper handli ...)
+ TODO: check
+CVE-2025-42601 (This vulnerability exists in Meon KYC solutions due to
insufficient se ...)
+ TODO: check
+CVE-2025-42600 (This vulnerability exists in Meon KYC solutions due to missing
restric ...)
+ TODO: check
+CVE-2025-3907 (Cross-Site Request Forgery (CSRF) vulnerability in Drupal
Search API S ...)
+ TODO: check
+CVE-2025-3904 (Vulnerability in Drupal Sportsleague.This issue affects
Sportsleague: ...)
+ TODO: check
+CVE-2025-3903 (Vulnerability in Drupal UEditor -
\u767e\u5ea6\u7f16\u8f91\u5668.This ...)
+ TODO: check
+CVE-2025-3902 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-3901 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-3900 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-3673
+ REJECTED
+CVE-2025-32969 (XWiki is a generic wiki platform. In versions starting from
1.8 and pr ...)
+ TODO: check
+CVE-2025-32968 (XWiki is a generic wiki platform. In versions starting from
1.6-milest ...)
+ TODO: check
+CVE-2025-32966 (DataEase is an open-source BI tool alternative to Tableau.
Prior to ve ...)
+ TODO: check
+CVE-2025-32818 (A Null Pointer Dereference vulnerability in the SonicOS SSLVPN
Virtual ...)
+ TODO: check
+CVE-2025-2773 (BEC Technologies Multiple Routers sys ping Command Injection
Remote Co ...)
+ TODO: check
+CVE-2025-2772 (BEC Technologies Multiple Routers Insufficiently Protected
Credentials ...)
+ TODO: check
+CVE-2025-2771 (BEC Technologies Multiple Routers Authentication Bypass
Vulnerability. ...)
+ TODO: check
+CVE-2025-2770 (BEC Technologies Multiple Routers Cleartext Password Storage
Informati ...)
+ TODO: check
+CVE-2025-2769 (Bdrive NetDrive Uncontrolled Search Path Element Local
Privilege Escal ...)
+ TODO: check
+CVE-2025-2768 (Bdrive NetDrive Uncontrolled Search Path Element Local
Privilege Escal ...)
+ TODO: check
+CVE-2025-2767 (Arista NG Firewall User-Agent Cross-Site Scripting Remote Code
Executi ...)
+ TODO: check
+CVE-2025-2765 (CarlinKit CPC200-CCPA Wireless Hotspot Hard-Coded Credentials
Authenti ...)
+ TODO: check
+CVE-2025-2764 (CarlinKit CPC200-CCPA update.cgi Improper Verification of
Cryptographi ...)
+ TODO: check
+CVE-2025-2763 (CarlinKit CPC200-CCPA Improper Verification of Cryptographic
Signature ...)
+ TODO: check
+CVE-2025-2762 (CarlinKit CPC200-CCPA Missing Root of Trust Local Privilege
Escalation ...)
+ TODO: check
+CVE-2025-2703 (The built-in XY Chart plugin is vulnerable to a DOM XSS
vulnerability. ...)
+ TODO: check
+CVE-2025-29526 (A Cross-Site Scripting (XSS) vulnerability in the search
function of Q ...)
+ TODO: check
+CVE-2025-28169 (BYD QIN PLUS DM-i Dilink OS v3.0_13.1.7.2204050.1 to
v3.0_13.1.7.23122 ...)
+ TODO: check
+CVE-2025-28028 (TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG
V4.1.2cu.5161_B20200903 ...)
+ TODO: check
+CVE-2025-28025 (TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG
V4.1.2cu.5161_B20200903 ...)
+ TODO: check
+CVE-2025-28022 (TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a
buffer o ...)
+ TODO: check
+CVE-2025-28021 (TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a
buffer o ...)
+ TODO: check
+CVE-2025-28020 (TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a
buffer o ...)
+ TODO: check
+CVE-2025-28019 (TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a
buffer o ...)
+ TODO: check
+CVE-2025-28018 (TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a
buffer o ...)
+ TODO: check
+CVE-2025-28017 (TOTOLINK A800R V4.1.2cu.5032_B20200408 is vulnerable to
Command Inject ...)
+ TODO: check
+CVE-2025-21605 (Redis is an open source, in-memory database that persists on
disk. In ...)
+ TODO: check
+CVE-2025-1522 (PostHog database_schema Server-Side Request Forgery Information
Disclo ...)
+ TODO: check
+CVE-2025-1521 (PostHog slack_incoming_webhook Server-Side Request Forgery
Information ...)
+ TODO: check
+CVE-2025-1520 (PostHog ClickHouse Table Functions SQL Injection Remote Code
Execution ...)
+ TODO: check
+CVE-2025-1054 (The UiCore Elements \u2013 Free Elementor widgets and templates
plugin ...)
+ TODO: check
+CVE-2025-1050 (Sonos Era 300 Out-of-Bounds Write Remote Code Execution
Vulnerability. ...)
+ TODO: check
+CVE-2025-1049 (Sonos Era 300 Heap-based Buffer Overflow Remote Code Execution
Vulnera ...)
+ TODO: check
+CVE-2025-1048 (Sonos Era 300 Speaker libsmb2 Use-After-Free Remote Code
Execution Vul ...)
+ TODO: check
+CVE-2025-1047 (Luxion KeyShot PVS File Parsing Access of Uninitialized Pointer
Remote ...)
+ TODO: check
+CVE-2025-1046 (Luxion KeyShot SKP File Parsing Use-After-Free Remote Code
Execution V ...)
+ TODO: check
+CVE-2025-1045 (Luxion KeyShot Viewer KSP File Parsing Heap-based Buffer
Overflow Remo ...)
+ TODO: check
+CVE-2024-58251 (In netstat in BusyBox through 1.37.0, local users can launch
of networ ...)
+ TODO: check
+CVE-2024-47829 (pnpm is a package manager. Prior to version 10.0.0, the path
shortenin ...)
+ TODO: check
+CVE-2024-10306 (A vulnerability was found in mod_proxy_cluster. The issue is
that the ...)
+ TODO: check
CVE-2025-XXXX [RUSTSEC-2025-0024]
- rust-crossbeam-channel 0.5.15-1 (bug #1103987)
[bookworm] - rust-crossbeam-channel <not-affected> (Only affects 0.5.12
to 0.5.14)
@@ -3876,12 +3996,12 @@ CVE-2024-13874 (The Feedify WordPress plugin before
2.4.6 does not sanitise and
NOT-FOR-US: WordPress plugin
CVE-2024-10894 (The Payment Forms for Paystack plugin for WordPress is
vulnerable to S ...)
NOT-FOR-US: WordPress plugin
-CVE-2025-2761 [GIMP FLI File Parsing Out-Of-Bounds Write Remote Code Execution
Vulnerability]
+CVE-2025-2761 (GIMP FLI File Parsing Out-Of-Bounds Write Remote Code Execution
Vulner ...)
- gimp 3.0.0-1
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-25-204/
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/13073
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/gimp/-/commit/0806bc76ca74543d20e1307ccf6aebd26395c56c
(GIMP_3_0_0)
-CVE-2025-2760 [GIMP XWD File Parsing Integer Overflow Remote Code Execution
Vulnerability]
+CVE-2025-2760 (GIMP XWD File Parsing Integer Overflow Remote Code Execution
Vulnerabi ...)
- gimp 3.0.0-1
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-25-203/
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/12790
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/27405e87b8ae78392f6810ca8354b09e6c6f2bdb
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/27405e87b8ae78392f6810ca8354b09e6c6f2bdb
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
