Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
91194a2e by security tracker role at 2025-05-06T20:15:26+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,215 @@
+CVE-2025-4388 (A reflected cross-site scripting (XSS) vulnerability in the
Liferay Po ...)
+ TODO: check
+CVE-2025-4384 (The MQTT add-on of PcVue fails to verify that a remote
device\u2019s c ...)
+ TODO: check
+CVE-2025-4374 (A flaw was found in Quay. When an organization acts as a proxy
cache, ...)
+ TODO: check
+CVE-2025-4373 (A flaw was found in GLib, which is vulnerable to an integer
overflow i ...)
+ TODO: check
+CVE-2025-4368 (A vulnerability, which was classified as critical, was found in
Tenda ...)
+ TODO: check
+CVE-2025-4363 (A vulnerability, which was classified as critical, has been
found in i ...)
+ TODO: check
+CVE-2025-4362 (A vulnerability classified as critical was found in
itsourcecode Gym M ...)
+ TODO: check
+CVE-2025-4361 (A vulnerability classified as critical has been found in
PHPGurukul Co ...)
+ TODO: check
+CVE-2025-4360 (A vulnerability, which was classified as critical, has been
found in i ...)
+ TODO: check
+CVE-2025-4359 (A vulnerability classified as critical was found in
itsourcecode Gym M ...)
+ TODO: check
+CVE-2025-4358 (A vulnerability classified as critical has been found in
PHPGurukul Co ...)
+ TODO: check
+CVE-2025-4357 (A vulnerability was found in Tenda RX3 16.03.13.11_multi. It
has been ...)
+ TODO: check
+CVE-2025-4356 (A vulnerability was found in Tenda DAP-1520 1.10B04_BETA02. It
has bee ...)
+ TODO: check
+CVE-2025-4355 (A vulnerability was found in Tenda DAP-1520 1.10B04_BETA02. It
has bee ...)
+ TODO: check
+CVE-2025-4354 (A vulnerability was found in Tenda DAP-1520 1.10B04_BETA02 and
classif ...)
+ TODO: check
+CVE-2025-4353 (A vulnerability, which was classified as critical, was found in
Golden ...)
+ TODO: check
+CVE-2025-4352 (A vulnerability, which was classified as critical, has been
found in G ...)
+ TODO: check
+CVE-2025-4350 (A vulnerability classified as critical was found in D-Link
DIR-600L up ...)
+ TODO: check
+CVE-2025-4349 (A vulnerability classified as critical has been found in D-Link
DIR-60 ...)
+ TODO: check
+CVE-2025-4348 (A vulnerability was found in D-Link DIR-600L up to 2.07B01. It
has bee ...)
+ TODO: check
+CVE-2025-4347 (A vulnerability was found in D-Link DIR-600L up to 2.07B01. It
has bee ...)
+ TODO: check
+CVE-2025-4346 (A vulnerability was found in D-Link DIR-600L up to 2.07B01. It
has bee ...)
+ TODO: check
+CVE-2025-4345 (A vulnerability was found in D-Link DIR-600L up to 2.07B01 and
classif ...)
+ TODO: check
+CVE-2025-4344 (A vulnerability, which was classified as critical, was found in
D-Link ...)
+ TODO: check
+CVE-2025-4343 (A vulnerability has been found in D-Link DIR-600L up to 2.07B01
and cl ...)
+ TODO: check
+CVE-2025-4342 (A vulnerability, which was classified as critical, has been
found in D ...)
+ TODO: check
+CVE-2025-4341 (A vulnerability classified as critical was found in D-Link
DIR-880L up ...)
+ TODO: check
+CVE-2025-4041 (In Optigo Networks ONS NC600 versions 4.2.1-084 through
4.7.2-330, an ...)
+ TODO: check
+CVE-2025-47417 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
+CVE-2025-47256 (Libxmp through 4.6.2 has a stack-based buffer overflow in
depack_pha i ...)
+ TODO: check
+CVE-2025-46820 (phpgt/Dom provides access to modern DOM APIs. Versions of
phpgt/Dom pr ...)
+ TODO: check
+CVE-2025-46816 (goshs is a SimpleHTTPServer written in Go. Starting in version
0.3.4 a ...)
+ TODO: check
+CVE-2025-46815 (The identity infrastructure software ZITADEL offers developers
the abi ...)
+ TODO: check
+CVE-2025-46814 (FastAPI Guard is a security library for FastAPI that provides
middlewa ...)
+ TODO: check
+CVE-2025-46736 (Umbraco is a free and open source .NET content management
system. Prio ...)
+ TODO: check
+CVE-2025-46735 (Terraform WinDNS Provider allows users to manage their Windows
DNS ser ...)
+ TODO: check
+CVE-2025-45492 (Netgear EX8000 V1.0.0.126 is vulnerable to Command Injection
via the I ...)
+ TODO: check
+CVE-2025-45491 (Linksys E5600 v1.1.0.26 was discovered to contain a command
injection ...)
+ TODO: check
+CVE-2025-45490 (Linksys E5600 v1.1.0.26 was discovered to contain a command
injection ...)
+ TODO: check
+CVE-2025-45489 (Linksys E5600 v1.1.0.26 was discovered to contain a command
injection ...)
+ TODO: check
+CVE-2025-45488 (Linksys E5600 v1.1.0.26 was discovered to contain a command
injection ...)
+ TODO: check
+CVE-2025-45487 (Linksys E5600 v1.1.0.26 was discovered to contain a command
injection ...)
+ TODO: check
+CVE-2025-45250 (MrDoc v0.95 and before is vulnerable to Server-Side Request
Forgery (S ...)
+ TODO: check
+CVE-2025-44900 (In Tenda RX3 V1.0br_V16.03.13.11 in the GetParentControlInfo
function ...)
+ TODO: check
+CVE-2025-40625 (Unrestricted file upload in TCMAN's GIM v11. This
vulnerability allows ...)
+ TODO: check
+CVE-2025-40624 (SQL injection in TCMAN's GIM v11. This vulnerability allows an
unauthe ...)
+ TODO: check
+CVE-2025-40623 (SQL injection in TCMAN's GIM v11. This vulnerability allows an
unauthe ...)
+ TODO: check
+CVE-2025-40622 (SQL injection in TCMAN's GIM v11. This vulnerability allows an
unauthe ...)
+ TODO: check
+CVE-2025-40621 (SQL injection in TCMAN's GIM v11. This vulnerability allows an
unauthe ...)
+ TODO: check
+CVE-2025-40620 (SQL injection in TCMAN's GIM v11. This vulnerability allows an
unauthe ...)
+ TODO: check
+CVE-2025-3782 (The Cision Block plugin for WordPress is vulnerable to Stored
Cross-Si ...)
+ TODO: check
+CVE-2025-37730 (Improper certificate validation in Logstash's TCP output could
lead to ...)
+ TODO: check
+CVE-2025-32022 (Finit provides fast init for Linux systems. Finit's urandom
plugin has ...)
+ TODO: check
+CVE-2025-30165 (vLLM is an inference and serving engine for large language
models. In ...)
+ TODO: check
+CVE-2025-2898 (IBM Maximo Application Suite 9.0 could allow an attacker with
some lev ...)
+ TODO: check
+CVE-2025-2011 (The Slider & Popup Builder by Depicter plugin for WordPress is
vulnera ...)
+ TODO: check
+CVE-2025-27248 (in OpenHarmony v5.0.3 and prior versions allow a local
attacker case D ...)
+ TODO: check
+CVE-2025-27241 (in OpenHarmony v5.0.3 and prior versions allow a local
attacker case D ...)
+ TODO: check
+CVE-2025-27132 (in OpenHarmony v5.0.3 and prior versions allow a local
attacker arbitr ...)
+ TODO: check
+CVE-2025-26262 (An issue in the component /internals/functions of R-fx
Networks Linux ...)
+ TODO: check
+CVE-2025-25218 (in OpenHarmony v5.0.3 and prior versions allow a local
attacker case D ...)
+ TODO: check
+CVE-2025-25052 (in OpenHarmony v5.0.3 and prior versions allow a local
attacker cause ...)
+ TODO: check
+CVE-2025-25014 (A Prototype pollution vulnerability in Kibana leads to
arbitrary code ...)
+ TODO: check
+CVE-2025-23379 (Dell Storage Center - Dell Storage Manager, version(s)
21.0.20, contai ...)
+ TODO: check
+CVE-2025-22886 (in OpenHarmony v5.0.3 and prior versions allow a local
attacker case D ...)
+ TODO: check
+CVE-2025-22479 (Dell Storage Center - Dell Storage Manager, version(s)
20.0.21, contai ...)
+ TODO: check
+CVE-2025-22478 (Dell Storage Center - Dell Storage Manager, version(s)
20.1.20, contai ...)
+ TODO: check
+CVE-2025-22477 (Dell Storage Center - Dell Storage Manager, version(s)
20.1.20, contai ...)
+ TODO: check
+CVE-2025-22476 (Dell Storage Center - Dell Storage Manager, version(s)
20.1.20, contai ...)
+ TODO: check
+CVE-2025-21475 (Memory corruption while processing escape code, when DisplayId
is pass ...)
+ TODO: check
+CVE-2025-21470 (Memory corruption while processing image encoding, when
configuration ...)
+ TODO: check
+CVE-2025-21469 (Memory corruption while processing image encoding, when input
buffer l ...)
+ TODO: check
+CVE-2025-21468 (Memory corruption while reading response from FW, when buffer
size is ...)
+ TODO: check
+CVE-2025-21467 (Memory corruption while reading the FW response from the
shared queue.)
+ TODO: check
+CVE-2025-21462 (Memory corruption while processing an IOCTL request, when
buffer signi ...)
+ TODO: check
+CVE-2025-21460 (Memory corruption while processing a message, when the buffer
is contr ...)
+ TODO: check
+CVE-2025-21459 (Transient DOS while parsing per STA profile in ML IE.)
+ TODO: check
+CVE-2025-21453 (Memory corruption while processing a data structure, when an
iterator ...)
+ TODO: check
+CVE-2025-0984 (Unrestricted Upload of File with Dangerous Type, Improper
Neutralizati ...)
+ TODO: check
+CVE-2024-49847 (Transient DOS while processing of a registration acceptance
OTA due to ...)
+ TODO: check
+CVE-2024-49846 (Memory corruption while decoding of OTA messages from T3448
IE.)
+ TODO: check
+CVE-2024-49845 (Memory corruption during the FRS UDS generation process.)
+ TODO: check
+CVE-2024-49844 (Memory corruption while triggering commands in the PlayReady
Trusted a ...)
+ TODO: check
+CVE-2024-49842 (Memory corruption during memory mapping into protected VM
address spac ...)
+ TODO: check
+CVE-2024-49841 (Memory corruption during memory assignment to headless
peripheral VM d ...)
+ TODO: check
+CVE-2024-49835 (Memory corruption while reading secure file.)
+ TODO: check
+CVE-2024-49830 (Memory corruption while processing an IOCTL call to set mixer
controls ...)
+ TODO: check
+CVE-2024-49829 (Memory corruption can occur during context user dumps due to
inadequat ...)
+ TODO: check
+CVE-2024-45583 (Memory corruption while handling multiple IOCTL calls from
userspace t ...)
+ TODO: check
+CVE-2024-45581 (Memory corruption while sound model registration for voice
activation ...)
+ TODO: check
+CVE-2024-45579 (Memory corruption may occur when invoking IOCTL calls from
userspace t ...)
+ TODO: check
+CVE-2024-45578 (Memory corruption while acquire and update IOCTLs during IFE
output re ...)
+ TODO: check
+CVE-2024-45577 (Memory corruption while invoking IOCTL calls from userspace to
camera ...)
+ TODO: check
+CVE-2024-45576 (Memory corruption while prociesing command buffer buffer in
OPE module ...)
+ TODO: check
+CVE-2024-45575 (Memory corruption Camera kernel when large number of devices
are attac ...)
+ TODO: check
+CVE-2024-45574 (Memory corruption during array access in Camera kernel due to
invalid ...)
+ TODO: check
+CVE-2024-45570 (Memory corruption may occur during IO configuration processing
when th ...)
+ TODO: check
+CVE-2024-45568 (Memory corruption due to improper bounds check while command
handling ...)
+ TODO: check
+CVE-2024-45567 (Memory corruption while encoding JPEG format.)
+ TODO: check
+CVE-2024-45566 (Memory corruption during concurrent buffer access due to
modification ...)
+ TODO: check
+CVE-2024-45565 (Memory corruption when blob structure is modified by
user-space after ...)
+ TODO: check
+CVE-2024-45564 (Memory corruption during concurrent access to server info
object due t ...)
+ TODO: check
+CVE-2024-45563 (Memory corruption while handling schedule request in Camera
Request Ma ...)
+ TODO: check
+CVE-2024-45562 (Memory corruption during concurrent access to server info
object due t ...)
+ TODO: check
+CVE-2024-45554 (Memory corruption during concurrent SSR execution due to race
conditio ...)
+ TODO: check
+CVE-2023-33770 (Real Estate Management System v1.0 was discovered to contain a
SQL inj ...)
+ TODO: check
CVE-2025-22873
- golang-1.24 <unfixed>
- golang-1.23 <not-affected> (Vulnerable code only present in 1.24.x
releases)
@@ -2810,7 +3022,7 @@ CVE-2025-4038 (A vulnerability was found in code-projects
Train Ticket Reservati
NOT-FOR-US: code-projects
CVE-2025-4037 (A vulnerability was found in code-projects ATM Banking 1.0. It
has bee ...)
NOT-FOR-US: code-projects
-CVE-2025-46762
+CVE-2025-46762 (Schema parsing in the parquet-avro module of Apache Parquet
1.15.0 and ...)
NOT-FOR-US: Apache Parquet
CVE-2025-46761
REJECTED
@@ -21298,7 +21510,7 @@ CVE-2024-53382 (Prism (aka PrismJS) through 1.29.0
allows DOM Clobbering (with r
NOTE: Fixed by:
https://github.com/PrismJS/prism/commit/8e8b9352dac64457194dd9e51096b4772532e53d
(v1.30.0)
CVE-2025-1801 (A flaw was found in the Ansible aap-gateway. Concurrent
requests handl ...)
NOT-FOR-US: RedHat Ansible Automation Platform Gateway
-CVE-2024-12225
+CVE-2024-12225 (A vulnerability was found in Quarkus in the
quarkus-security-webauthn ...)
NOT-FOR-US: Quarkus
CVE-2025-1831 (A vulnerability classified as critical has been found in zj1983
zz up ...)
NOT-FOR-US: zj1983 zz
@@ -305655,7 +305867,7 @@ CVE-2021-41184 (jQuery-UI is the official jQuery user
interface library. Prior t
- otrs2 6.3.1-1
[bullseye] - otrs2 <no-dsa> (Non-free not supported)
[stretch] - otrs2 <no-dsa> (Non-free not supported)
- - openshot-qt
+ - openshot-qt <unfixed>
NOTE:
https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327
NOTE:
https://github.com/jquery/jquery-ui/commit/effa323f1505f2ce7a324e4f429fa9032c72f280
NOTE: https://www.znuny.org/en/advisories/zsa-2022-01
@@ -305665,7 +305877,7 @@ CVE-2021-41183 (jQuery-UI is the official jQuery user
interface library. Prior t
- jqueryui 1.13.0+dfsg-1
[bullseye] - jqueryui 1.12.1+dfsg-8+deb11u1
[stretch] - jqueryui <no-dsa> (Minor issue)
- - openshot-qt
+ - openshot-qt <unfixed>
- otrs2 6.3.1-1
[bullseye] - otrs2 <no-dsa> (Non-free not supported)
[stretch] - otrs2 <no-dsa> (Non-free not supported)
@@ -305680,7 +305892,7 @@ CVE-2021-41182 (jQuery-UI is the official jQuery user
interface library. Prior t
- jqueryui 1.13.0+dfsg-1
[bullseye] - jqueryui 1.12.1+dfsg-8+deb11u1
[stretch] - jqueryui <no-dsa> (Minor issue)
- - openshot-qt
+ - openshot-qt <unfixed>
- otrs2 6.3.1-1
[bullseye] - otrs2 <no-dsa> (Non-free not supported)
[stretch] - otrs2 <no-dsa> (Non-free not supported)
@@ -549570,7 +549782,7 @@ CVE-2017-17552 (/LoadFrame in Zoho ManageEngine AD
Manager Plus build 6590 - 661
CVE-2018-1360 (A cleartext transmission of sensitive information vulnerability
in For ...)
NOT-FOR-US: Fortinet
CVE-2018-1359
- RESERVED
+ REJECTED
CVE-2018-1358
REJECTED
CVE-2018-1357
@@ -612648,7 +612860,7 @@ CVE-2016-7103 (Cross-site scripting (XSS)
vulnerability in jQuery UI before 1.12
- jqueryui 1.12.1+dfsg-1
[jessie] - jqueryui <no-dsa> (Minor issue)
[wheezy] - jqueryui <no-dsa> (Minor issue)
- - openshot-qt
+ - openshot-qt <unfixed>
NOTE: https://nodesecurity.io/advisories/127
NOTE: https://github.com/jquery/jquery-ui/pull/1622
NOTE: https://github.com/jquery/jquery-ui/pull/1632
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/91194a2e244c82fb41c7457ac26b44fac4f993a5
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/91194a2e244c82fb41c7457ac26b44fac4f993a5
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
