Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0340897d by security tracker role at 2025-05-06T08:12:37+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,141 @@
+CVE-2025-4340 (A vulnerability classified as critical has been found in D-Link
DIR-89 ...)
+ TODO: check
+CVE-2025-4337 (The AHAthat Plugin plugin for WordPress is vulnerable to
Cross-Site Re ...)
+ TODO: check
+CVE-2025-4333 (A vulnerability was found in feng_ha_ha/megagao ssm-erp and
production ...)
+ TODO: check
+CVE-2025-4332 (A vulnerability was found in PHPGurukul Company Visitor
Management Sys ...)
+ TODO: check
+CVE-2025-4331 (A vulnerability classified as critical was found in
SourceCodester Onl ...)
+ TODO: check
+CVE-2025-4329 (A vulnerability was found in 74CMS up to 3.33.0. It has been
rated as ...)
+ TODO: check
+CVE-2025-4328 (A vulnerability was found in fp2952 spring-cloud-base up to
7f050dc6db ...)
+ TODO: check
+CVE-2025-4327 (A vulnerability was found in MRCMS 3.1.2. It has been
classified as pr ...)
+ TODO: check
+CVE-2025-4326 (A vulnerability was found in MRCMS 3.1.2 and classified as
problematic ...)
+ TODO: check
+CVE-2025-4325 (A vulnerability has been found in MRCMS 3.1.2 and classified as
proble ...)
+ TODO: check
+CVE-2025-4324 (A vulnerability, which was classified as problematic, was found
in MRC ...)
+ TODO: check
+CVE-2025-4323 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2025-4314 (A vulnerability has been found in SourceCodester Advanced Web
Store 1. ...)
+ TODO: check
+CVE-2025-4313 (A vulnerability, which was classified as critical, was found in
Source ...)
+ TODO: check
+CVE-2025-4312 (A vulnerability, which was classified as critical, has been
found in S ...)
+ TODO: check
+CVE-2025-4311 (A vulnerability classified as critical was found in
itsourcecode Conte ...)
+ TODO: check
+CVE-2025-4310 (A vulnerability classified as critical has been found in
itsourcecode ...)
+ TODO: check
+CVE-2025-4309 (A vulnerability was found in PHPGurukul Art Gallery Management
System ...)
+ TODO: check
+CVE-2025-4308 (A vulnerability was found in PHPGurukul Art Gallery Management
System ...)
+ TODO: check
+CVE-2025-4307 (A vulnerability was found in PHPGurukul Art Gallery Management
System ...)
+ TODO: check
+CVE-2025-4306 (A vulnerability was found in PHPGurukul Nipah Virus Testing
Management ...)
+ TODO: check
+CVE-2025-4305 (A vulnerability has been found in kefaming mayi up to 1.3.9 and
classi ...)
+ TODO: check
+CVE-2025-4304 (A vulnerability, which was classified as critical, was found in
PHPGur ...)
+ TODO: check
+CVE-2025-4303 (A vulnerability, which was classified as critical, has been
found in P ...)
+ TODO: check
+CVE-2025-4301 (A vulnerability classified as critical was found in
itsourcecode Conte ...)
+ TODO: check
+CVE-2025-4300 (A vulnerability classified as critical has been found in
itsourcecode ...)
+ TODO: check
+CVE-2025-4299 (A vulnerability was found in Tenda AC1206 up to 15.03.06.23. It
has be ...)
+ TODO: check
+CVE-2025-4298 (A vulnerability was found in Tenda AC1206 up to 15.03.06.23. It
has be ...)
+ TODO: check
+CVE-2025-4297 (A vulnerability was found in PHPGurukul Men Salon Management
System 2. ...)
+ TODO: check
+CVE-2025-4293 (A vulnerability was found in MRCMS 3.1.3 and classified as
problematic ...)
+ TODO: check
+CVE-2025-4292 (A vulnerability has been found in MRCMS 3.1.3 and classified as
proble ...)
+ TODO: check
+CVE-2025-4291 (A vulnerability, which was classified as critical, was found in
IdeaCM ...)
+ TODO: check
+CVE-2025-4290 (A vulnerability, which was classified as critical, has been
found in P ...)
+ TODO: check
+CVE-2025-4289 (A vulnerability classified as critical was found in PCMan FTP
Server 2 ...)
+ TODO: check
+CVE-2025-4288 (A vulnerability classified as critical has been found in PCMan
FTP Ser ...)
+ TODO: check
+CVE-2025-47303
+ REJECTED
+CVE-2025-47302
+ REJECTED
+CVE-2025-47301
+ REJECTED
+CVE-2025-47300
+ REJECTED
+CVE-2025-47299
+ REJECTED
+CVE-2025-47298
+ REJECTED
+CVE-2025-47297
+ REJECTED
+CVE-2025-47296
+ REJECTED
+CVE-2025-46728 (cpp-httplib is a C++ header-only HTTP/HTTPS server and client
library. ...)
+ TODO: check
+CVE-2025-46593 (Process residence vulnerability in abnormal scenarios in the
print mod ...)
+ TODO: check
+CVE-2025-46592 (Null pointer dereference vulnerability in the USB HDI driver
module Im ...)
+ TODO: check
+CVE-2025-46591 (Out-of-bounds data read vulnerability in the authorization
module Impa ...)
+ TODO: check
+CVE-2025-46590 (Bypass vulnerability in the network search instruction
authentication ...)
+ TODO: check
+CVE-2025-46589 (Vulnerability of unauthorized access in the app lock module
Impact: Su ...)
+ TODO: check
+CVE-2025-46588 (Vulnerability of unauthorized access in the app lock module
Impact: Su ...)
+ TODO: check
+CVE-2025-46587 (Permission control vulnerability in the media library module
Impact: S ...)
+ TODO: check
+CVE-2025-46586 (Permission control vulnerability in the contacts module
Impact: Succes ...)
+ TODO: check
+CVE-2025-46585 (Out-of-bounds array read/write vulnerability in the kernel
module Impa ...)
+ TODO: check
+CVE-2025-46584 (Vulnerability of improper authentication logic implementation
in the f ...)
+ TODO: check
+CVE-2025-44074 (SeaCMS v13.3 was discovered to contain a SQL injection
vulnerability v ...)
+ TODO: check
+CVE-2025-44072 (SeaCMS v13.3 was discovered to contain a SQL injection
vulnerability v ...)
+ TODO: check
+CVE-2025-44071 (SeaCMS v13.3 was discovered to contain a remote code execution
(RCE) v ...)
+ TODO: check
+CVE-2025-3610 (The Reales WP STPT plugin for WordPress is vulnerable to
privilege esc ...)
+ TODO: check
+CVE-2025-3609 (The Reales WP STPT plugin for WordPress is vulnerable to
unauthorized ...)
+ TODO: check
+CVE-2025-3281 (The User Registration & Membership \u2013 Custom Registration
Form, Lo ...)
+ TODO: check
+CVE-2025-3020 (An low privileged remote Attacker can execute arbitrary web
scripts or ...)
+ TODO: check
+CVE-2025-2802 (The LayoutBoxx plugin for WordPress is vulnerable to arbitrary
shortco ...)
+ TODO: check
+CVE-2025-2509 (Out-of-Bounds Read in Virglrenderer in ChromeOS 16093.57.0
allows a m ...)
+ TODO: check
+CVE-2025-1493 (IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect
Server) 12.1 ...)
+ TODO: check
+CVE-2025-1000 (IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect
Server) 11.5 ...)
+ TODO: check
+CVE-2025-0915 (IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect
Server) 11.5 ...)
+ TODO: check
+CVE-2024-58252 (Vulnerability of insufficient information protection in the
media libr ...)
+ TODO: check
+CVE-2024-39442 (In sprd ssense service, there is a possible missing permission
check. ...)
+ TODO: check
+CVE-2023-46716
+ REJECTED
CVE-2025-4318 (The AWS Amplify Studio UI component property expressions in the
aws-am ...)
NOT-FOR-US: Amazon
CVE-2025-4316 (Improper access control in PAM feature in Devolutions Server
2025.1.6. ...)
@@ -5275,7 +5413,7 @@ CVE-2025-2903 (An attacker with knowledge of creating
user accounts during VM de
NOT-FOR-US: Perforce
CVE-2025-2400
REJECTED
-CVE-2025-2073 (Out-of-Bounds Read in ip_set_bitmap_ip.c in Google ChromeOS
Kernel Ver ...)
+CVE-2025-2073 (Out-of-Bounds Read in netfilter/ipset in Linux Kernel ChromeOS
[6.1, 5 ...)
NOT-FOR-US: ChromeOS
CVE-2025-29710 (SourceCodester Company Website CMS 1.0 is vulnerable to Cross
Site Scr ...)
NOT-FOR-US: SourceCodester
@@ -5307,7 +5445,7 @@ CVE-2025-24907 (Overview The product uses
external input to construct a
NOT-FOR-US: Hitachi Vantara Pentaho Data Integration & Analytics
CVE-2025-1704 (ComponentInstaller Modification in ComponentInstaller in Google
Chrome ...)
NOT-FOR-US: ChromeOS
-CVE-2025-1568 (Access Control Vulnerability in Gerrit chromiumos project
configuratio ...)
+CVE-2025-1568 (or other security impacts via manipulating IPSET_ATTR_CIDR
Netlink att ...)
NOT-FOR-US: ChromeOS
CVE-2025-1566 (DNS Leak in Native System VPN in Google ChromeOS Dev Channel on
Chrome ...)
NOT-FOR-US: ChromeOS
@@ -6846,7 +6984,7 @@ CVE-2025-1688 (Milestone Systems has discovered a
security vulnerability in Mile
NOT-FOR-US: Milestone XProtect installer
CVE-2025-1292 (Out-Of-Bounds Write in TPM2 Reference Library in Google
ChromeOS 122.0 ...)
NOT-FOR-US: ChromeOS
-CVE-2025-1122 (Out-Of-Bounds Write in TPM2 Reference Library in Google
ChromeOS 122.0 ...)
+CVE-2025-1122 (Out-Of-Bounds Write in TPM2 Reference Library in Google
ChromeOS 15753 ...)
NOT-FOR-US: ChromeOS
CVE-2024-50960 (A command injection vulnerability in the Nmap diagnostic tool
in the a ...)
NOT-FOR-US: Extron
@@ -299383,7 +299521,7 @@ CVE-2021-43071 (A heap-based buffer overflow in
Fortinet FortiWeb version 6.4.1
CVE-2021-43070 (Multiple relative path traversal vulnerabilities [CWE-23] in
FortiWLM ...)
NOT-FOR-US: FortiGuard
CVE-2021-43069
- RESERVED
+ REJECTED
CVE-2021-43068 (A improper authentication in Fortinet FortiAuthenticator
version 6.4.0 ...)
NOT-FOR-US: FortiGuard
CVE-2021-43067 (A exposure of sensitive information to an unauthorized actor
in Fortin ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0340897dbb5d9988cf15820e1eb7dbbe7e9b44a5
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0340897dbb5d9988cf15820e1eb7dbbe7e9b44a5
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
