Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b295a3a3 by security tracker role at 2025-05-07T20:12:33+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,502 @@
-CVE-2020-36791 [net_sched: keep alloc_hash updated after hash allocation]
+CVE-2025-4104 (The Frontend Dashboard plugin for WordPress is vulnerable to
Privilege ...)
+ TODO: check
+CVE-2025-47692 (Missing Authorization vulnerability in contentstudio
ContentStudio all ...)
+ TODO: check
+CVE-2025-47691 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
+ TODO: check
+CVE-2025-47688 (Missing Authorization vulnerability in Saad Iqbal Advanced
File Manage ...)
+ TODO: check
+CVE-2025-47686 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-47685 (Cross-Site Request Forgery (CSRF) vulnerability in Moloni
Contribuinte ...)
+ TODO: check
+CVE-2025-47684 (Cross-Site Request Forgery (CSRF) vulnerability in Smaily
Smaily for W ...)
+ TODO: check
+CVE-2025-47683 (Deserialization of Untrusted Data vulnerability in Florent
Maillefaud ...)
+ TODO: check
+CVE-2025-47681 (Cross-Site Request Forgery (CSRF) vulnerability in Ability,
Inc Web Ac ...)
+ TODO: check
+CVE-2025-47679 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-47677 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-47676 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-47675 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-47674 (Cross-Site Request Forgery (CSRF) vulnerability in Credova
Financial C ...)
+ TODO: check
+CVE-2025-47669 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-47668 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-47667 (Cross-Site Request Forgery (CSRF) vulnerability in qusupport
LiveAgent ...)
+ TODO: check
+CVE-2025-47665 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-47664 (Server-Side Request Forgery (SSRF) vulnerability in ThimPress
WP Pipes ...)
+ TODO: check
+CVE-2025-47662 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-47661 (Cross-Site Request Forgery (CSRF) vulnerability in codemstory
\uc6cc\u ...)
+ TODO: check
+CVE-2025-47659 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-47657 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-47656 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-47655 (Cross-Site Request Forgery (CSRF) vulnerability in
themarketer2023 the ...)
+ TODO: check
+CVE-2025-47653 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-47649 (Path Traversal vulnerability in ilmosys Open Close WooCommerce
Store a ...)
+ TODO: check
+CVE-2025-47648 (Cross-Site Request Forgery (CSRF) vulnerability in axima Pays
\u2013 W ...)
+ TODO: check
+CVE-2025-47647 (Cross-Site Request Forgery (CSRF) vulnerability in OTWthemes
Sidebar M ...)
+ TODO: check
+CVE-2025-47644 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in f ...)
+ TODO: check
+CVE-2025-47643 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-47639 (Cross-Site Request Forgery (CSRF) vulnerability in Supertext
Supertext ...)
+ TODO: check
+CVE-2025-47638 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-47636 (Path Traversal vulnerability in Fernando Briano List category
posts al ...)
+ TODO: check
+CVE-2025-47635 (Server-Side Request Forgery (SSRF) vulnerability in
WPWebinarSystem We ...)
+ TODO: check
+CVE-2025-47633 (Cross-Site Request Forgery (CSRF) vulnerability in Awin Awin
\u2013 Ad ...)
+ TODO: check
+CVE-2025-47632 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-47630 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-47629 (Deserialization of Untrusted Data vulnerability in Mario
Peshev WP-CRM ...)
+ TODO: check
+CVE-2025-47628 (Missing Authorization vulnerability in quomodosoft QS Dark
Mode allows ...)
+ TODO: check
+CVE-2025-47626 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-47625 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-47624 (Cross-Site Request Forgery (CSRF) vulnerability in apasionados
DoFollo ...)
+ TODO: check
+CVE-2025-47623 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-47622 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-47621 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-47620 (Cross-Site Request Forgery (CSRF) vulnerability in bundgaard
Martins F ...)
+ TODO: check
+CVE-2025-47617 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-47616 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-47615 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-47614 (Cross-Site Request Forgery (CSRF) vulnerability in Chris Clark
LessBut ...)
+ TODO: check
+CVE-2025-47612 (Missing Authorization vulnerability in flowdee ClickWhale
allows Explo ...)
+ TODO: check
+CVE-2025-47609 (Cross-Site Request Forgery (CSRF) vulnerability in easymebiz
EasyMe Co ...)
+ TODO: check
+CVE-2025-47607 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-47606 (Cross-Site Request Forgery (CSRF) vulnerability in Igor Benic
Simple G ...)
+ TODO: check
+CVE-2025-47605 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-47604 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-47602 (Missing Authorization vulnerability in ammarahmad786 Calculate
Prices ...)
+ TODO: check
+CVE-2025-47597 (Cross-Site Request Forgery (CSRF) vulnerability in Maulik Vora
WP Podc ...)
+ TODO: check
+CVE-2025-47596 (Cross-Site Request Forgery (CSRF) vulnerability in Syed Balkhi
Beacon ...)
+ TODO: check
+CVE-2025-47595 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-47594 (Cross-Site Request Forgery (CSRF) vulnerability in DAEXT
Soccer Live S ...)
+ TODO: check
+CVE-2025-47593 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-47592 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-47591 (Missing Authorization vulnerability in CreedAlly Bulk Featured
Image a ...)
+ TODO: check
+CVE-2025-47590 (Cross-Site Request Forgery (CSRF) vulnerability in John
Dagelmore WPSp ...)
+ TODO: check
+CVE-2025-47589 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-47587 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-47551 (Cross-Site Request Forgery (CSRF) vulnerability in ctltwp Wiki
Embed a ...)
+ TODO: check
+CVE-2025-47550 (Unrestricted Upload of File with Dangerous Type vulnerability
in Theme ...)
+ TODO: check
+CVE-2025-47549 (Unrestricted Upload of File with Dangerous Type vulnerability
in Theme ...)
+ TODO: check
+CVE-2025-47548 (Server-Side Request Forgery (SSRF) vulnerability in Varun
Dubey Wbcom ...)
+ TODO: check
+CVE-2025-47547 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-47546 (Cross-Site Request Forgery (CSRF) vulnerability in AresIT WP
Compress ...)
+ TODO: check
+CVE-2025-47545 (Concurrent Execution using Shared Resource with Improper
Synchronizati ...)
+ TODO: check
+CVE-2025-47544 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-47543 (Cross-Site Request Forgery (CSRF) vulnerability in
themetechmount True ...)
+ TODO: check
+CVE-2025-47542 (Cross-Site Request Forgery (CSRF) vulnerability in Michael
Simple cale ...)
+ TODO: check
+CVE-2025-47540 (Exposure of Sensitive System Information to an Unauthorized
Control Sp ...)
+ TODO: check
+CVE-2025-47538 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-47537 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-47533 (Cross-Site Request Forgery (CSRF) vulnerability in Iqonic
Design Graph ...)
+ TODO: check
+CVE-2025-47531 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-47528 (Missing Authorization vulnerability in pewilliams Ovation
Elements all ...)
+ TODO: check
+CVE-2025-47526 (Missing Authorization vulnerability in GS Plugins GS Variation
Swatche ...)
+ TODO: check
+CVE-2025-47525 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-47524 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-47523 (Cross-Site Request Forgery (CSRF) vulnerability in
Luk\xe1\u0161 Hartm ...)
+ TODO: check
+CVE-2025-47522 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-47521 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-47520 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-47519 (Cross-Site Request Forgery (CSRF) vulnerability in Scott
Paterson Easy ...)
+ TODO: check
+CVE-2025-47518 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-47517 (Cross-Site Request Forgery (CSRF) vulnerability in Scott
Paterson Acce ...)
+ TODO: check
+CVE-2025-47516 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-47515 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-47514 (Cross-Site Request Forgery (CSRF) vulnerability in Eli ELI's
Related P ...)
+ TODO: check
+CVE-2025-47510 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-47509 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-47508 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-47507 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-47506 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-47505 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-47504 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-47503 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-47502 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-47501 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-47499 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-47498 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-47497 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-47496 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-47495 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-47494 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-47493 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-47491 (Cross-Site Request Forgery (CSRF) vulnerability in A WP Life
Contact F ...)
+ TODO: check
+CVE-2025-47490 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-47489 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-47488 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-47486 (Missing Authorization vulnerability in CyberChimps Gutenberg &
Element ...)
+ TODO: check
+CVE-2025-47485 (Missing Authorization vulnerability in CozyThemes Cozy Blocks
allows E ...)
+ TODO: check
+CVE-2025-47484 (Server-Side Request Forgery (SSRF) vulnerability in Oliver
Campion Dis ...)
+ TODO: check
+CVE-2025-47483 (Server-Side Request Forgery (SSRF) vulnerability in Iulia
Cazan Easy R ...)
+ TODO: check
+CVE-2025-47482 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-47481 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
+ TODO: check
+CVE-2025-47480 (Missing Authorization vulnerability in Iqonic Design Graphina
allows E ...)
+ TODO: check
+CVE-2025-47476 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-47475 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-47473 (Cross-Site Request Forgery (CSRF) vulnerability in pimwick PW
WooComme ...)
+ TODO: check
+CVE-2025-47472 (Missing Authorization vulnerability in codepeople Music Player
for Woo ...)
+ TODO: check
+CVE-2025-47471 (Missing Authorization vulnerability in EnvoThemes Envo Extra
allows Ex ...)
+ TODO: check
+CVE-2025-47470 (Cross-Site Request Forgery (CSRF) vulnerability in senols GPT3
AI Cont ...)
+ TODO: check
+CVE-2025-47469 (Missing Authorization vulnerability in slui Media Hygiene
allows Explo ...)
+ TODO: check
+CVE-2025-47468 (Cross-Site Request Forgery (CSRF) vulnerability in hashthemes
Hash For ...)
+ TODO: check
+CVE-2025-47467 (Missing Authorization vulnerability in GS Plugins GS
Testimonial Slide ...)
+ TODO: check
+CVE-2025-47466 (Cross-Site Request Forgery (CSRF) vulnerability in Rustaurius
Ultimate ...)
+ TODO: check
+CVE-2025-47465 (Missing Authorization vulnerability in CreativeThemes Blocksy
allows E ...)
+ TODO: check
+CVE-2025-47464 (Server-Side Request Forgery (SSRF) vulnerability in solacewp
Solace Ex ...)
+ TODO: check
+CVE-2025-47462 (Cross-Site Request Forgery (CSRF) vulnerability in Ohidul
Islam Challa ...)
+ TODO: check
+CVE-2025-47460 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-47459 (Cross-Site Request Forgery (CSRF) vulnerability in XpeedStudio
WP Fund ...)
+ TODO: check
+CVE-2025-47457 (Missing Authorization vulnerability in dgamoni LocateAndFilter
allows ...)
+ TODO: check
+CVE-2025-47456 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in C ...)
+ TODO: check
+CVE-2025-47455 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in C ...)
+ TODO: check
+CVE-2025-47454 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in C ...)
+ TODO: check
+CVE-2025-47451 (Cross-Site Request Forgery (CSRF) vulnerability in
silverplugins217 Pr ...)
+ TODO: check
+CVE-2025-47450 (Missing Authorization vulnerability in Mitchell Bennis Simple
File Lis ...)
+ TODO: check
+CVE-2025-47449 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-47448 (Cross-Site Request Forgery (CSRF) vulnerability in ThimPress
WP Hotel ...)
+ TODO: check
+CVE-2025-47447 (Cross-Site Request Forgery (CSRF) vulnerability in Hossni
Mubarak Cool ...)
+ TODO: check
+CVE-2025-47446 (Cross-Site Request Forgery (CSRF) vulnerability in listamester
Listame ...)
+ TODO: check
+CVE-2025-47443 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-47442 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-47441 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-47440 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-47439 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-47423 (Personal Weather Station Dashboard 12_lts allows
unauthenticated remot ...)
+ TODO: check
+CVE-2025-47203 (dbclient in Dropbear SSH before 2025.88 allows command
injection via a ...)
+ TODO: check
+CVE-2025-46828 (WeGIA is a web manager for charitable institutions. An
unauthenticate ...)
+ TODO: check
+CVE-2025-46827 (Graylog is a free and open log management platform. Prior to
versions ...)
+ TODO: check
+CVE-2025-46824 (The Discourse Code Review Plugin allows users to review GitHub
commits ...)
+ TODO: check
+CVE-2025-46551 (JRuby-OpenSSL is an add-on gem for JRuby that emulates the
Ruby OpenSS ...)
+ TODO: check
+CVE-2025-45514 (Tenda FH451 V1.0.0.9 has a stack overflow vulnerability in the
functio ...)
+ TODO: check
+CVE-2025-45388 (Wagtail CMS 6.4.1 is vulnerable to a Stored Cross-Site
Scripting (XSS) ...)
+ TODO: check
+CVE-2025-3476 (Incorrect Authorization vulnerability in OpenText\u2122
Operations Bri ...)
+ TODO: check
+CVE-2025-3272 (Incorrect Authorization vulnerability in OpenText\u2122
Operations Bri ...)
+ TODO: check
+CVE-2025-39361 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-33093 (IBM Sterling Partner Engagement Manager 6.1.0, 6.2.0, 6.2.2
JWT secret ...)
+ TODO: check
+CVE-2025-32821 (A vulnerability in SMA100 allows a remote authenticated
attacker with ...)
+ TODO: check
+CVE-2025-32820 (A vulnerability in SMA100 allows a remote authenticated
attacker with ...)
+ TODO: check
+CVE-2025-32819 (A vulnerability in SMA100 allows a remote authenticated
attacker with ...)
+ TODO: check
+CVE-2025-30147 (Besu Native contains scripts and tooling that is used to build
and pac ...)
+ TODO: check
+CVE-2025-2778
+ REJECTED
+CVE-2025-2777 (SysAid On-Prem versions <= 23.3.40 are vulnerable to an
unauthenticate ...)
+ TODO: check
+CVE-2025-2776 (SysAid On-Prem versions <= 23.3.40 are vulnerable to an
unauthenticate ...)
+ TODO: check
+CVE-2025-2775 (SysAid On-Prem versions <= 23.3.40 are vulnerable to an
unauthenticate ...)
+ TODO: check
+CVE-2025-29746 (Cross Site Scripting vulnerability in Koillection v.1.6.10
allows a re ...)
+ TODO: check
+CVE-2025-29602 (flatpress 1.3.1 is vulnerable to Cross Site Scripting (XSS) in
Adminis ...)
+ TODO: check
+CVE-2025-29448 (A business logic vulnerability in Easy Appointments v1.5.1
allows atta ...)
+ TODO: check
+CVE-2025-29154 (HTML injection vulnerability in lemeconsultoria HCM galera.app
v.4.58. ...)
+ TODO: check
+CVE-2025-29153 (SQL Injection vulnerability in lemeconsultoria HCM galera.app
v.4.58.0 ...)
+ TODO: check
+CVE-2025-29152 (Cross-Site Scripting vulnerability in lemeconsultoria HCM
galera.app v ...)
+ TODO: check
+CVE-2025-26169 (IXON VPN Client before 1.4.4 on Windows allows Local Privilege
Escalat ...)
+ TODO: check
+CVE-2025-26168 (IXON VPN Client before 1.4.4 on Linux and macOS allows Local
Privilege ...)
+ TODO: check
+CVE-2025-20980 (Out-of-bounds write in libsavscmn prior to Android 15 allows
local att ...)
+ TODO: check
+CVE-2025-20979 (Out-of-bounds write in libsavscmn prior to Android 15 allows
local att ...)
+ TODO: check
+CVE-2025-20978 (Improper access control in PENUP prior to version 3.9.19.32
allows loc ...)
+ TODO: check
+CVE-2025-20977 (Use of implicit intent for sensitive communication in
translation in S ...)
+ TODO: check
+CVE-2025-20976 (Out-of-bounds read in applying binary of text content in
Samsung Notes ...)
+ TODO: check
+CVE-2025-20975 (Improper Export of Android Application Components in
AODService prior ...)
+ TODO: check
+CVE-2025-20974 (Improper handling of insufficient permission in
PackageInstallerCN pri ...)
+ TODO: check
+CVE-2025-20973 (Improper authentication in Secure Folder prior to version
1.8.12.0 in ...)
+ TODO: check
+CVE-2025-20972 (Improper verification of intent by broadcast receiver in
Samsung Flow ...)
+ TODO: check
+CVE-2025-20971 (Improper input validation in Samsung Flow prior to version
4.9.17.6 al ...)
+ TODO: check
+CVE-2025-20970 (Improper access control in Bixby Vision prior to version 3.8.1
in Andr ...)
+ TODO: check
+CVE-2025-20969 (Improper input validation in Samsung Gallery prior to version
14.5.10. ...)
+ TODO: check
+CVE-2025-20968 (Improper access control in Samsung Gallery prior to version
14.5.10.3 ...)
+ TODO: check
+CVE-2025-20967 (Improper access control in Samsung Gallery prior to version
14.5.10.3 ...)
+ TODO: check
+CVE-2025-20966 (Improper access control in Samsung Gallery prior to version
14.5.10.3 ...)
+ TODO: check
+CVE-2025-20965 (Improper handling of insufficient permission in Bixby wakeup
prior to ...)
+ TODO: check
+CVE-2025-20964 (Out-of-bounds write in parsing media files in libsavsvc.so
prior to SM ...)
+ TODO: check
+CVE-2025-20963 (Out-of-bounds write in memory initialization in libsavsvc.so
prior to ...)
+ TODO: check
+CVE-2025-20962 (Improper handling of insufficient permission in SpenGesture
service pr ...)
+ TODO: check
+CVE-2025-20961 (Improper handling of insufficient permission or privileges in
sepunion ...)
+ TODO: check
+CVE-2025-20960 (Improper handling of insufficient permission in
CocktailBarService pri ...)
+ TODO: check
+CVE-2025-20959 (Use of implicit intent for sensitive communication in Wi-Fi
P2P servic ...)
+ TODO: check
+CVE-2025-20958 (Improper verification of intent by broadcast receiver in
UnifiedWFC pr ...)
+ TODO: check
+CVE-2025-20957 (Improper access control in SmartManagerCN prior to SMR
May-2025 Releas ...)
+ TODO: check
+CVE-2025-20956 (Improper export of android application components in Settings
in Galax ...)
+ TODO: check
+CVE-2025-20955 (Improper Export of Android Application Components in
NotificationHisto ...)
+ TODO: check
+CVE-2025-20954 (Use of implicit intent for sensitive communication in
EnrichedCall pri ...)
+ TODO: check
+CVE-2025-20953 (Improper access control in SmartManagerCN prior to SMR
May-2025 Releas ...)
+ TODO: check
+CVE-2025-20949 (Path traversal vulnerability in Samsung Members prior to
version 5.0.0 ...)
+ TODO: check
+CVE-2025-20937 (Out-of-bounds write in Keymaster trustlet prior to SMR
May-2025 Releas ...)
+ TODO: check
+CVE-2025-20223 (A vulnerability in Cisco Catalyst Center, formerly Cisco DNA
Center, c ...)
+ TODO: check
+CVE-2025-20221 (A vulnerability in the packet filtering features of Cisco IOS
XE SD-WA ...)
+ TODO: check
+CVE-2025-20216 (A vulnerability in the web interface of Cisco Catalyst SD-WAN
Manager, ...)
+ TODO: check
+CVE-2025-20214 (A vulnerability in the Network Configuration Access Control
Module (NA ...)
+ TODO: check
+CVE-2025-20213 (A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager,
formerly ...)
+ TODO: check
+CVE-2025-20210 (A vulnerability in the management API of Cisco Catalyst
Center, former ...)
+ TODO: check
+CVE-2025-20202 (A vulnerability in Cisco IOS XE Wireless Controller Software
could all ...)
+ TODO: check
+CVE-2025-20201 (A vulnerabilityin the CLI of Cisco IOS XE Software could allow
an auth ...)
+ TODO: check
+CVE-2025-20200 (A vulnerabilityin the CLI of Cisco IOS XE Software could allow
an auth ...)
+ TODO: check
+CVE-2025-20199 (A vulnerability in the CLI of Cisco IOS XE Software could
allow an aut ...)
+ TODO: check
+CVE-2025-20198 (A vulnerabilityin the CLI of Cisco IOS XE Software could allow
an auth ...)
+ TODO: check
+CVE-2025-20197 (A vulnerability in the CLI of Cisco IOS XE Software could
allow an aut ...)
+ TODO: check
+CVE-2025-20196 (A vulnerability in the Cisco IOx application hosting
environment of Ci ...)
+ TODO: check
+CVE-2025-20195 (A vulnerability in the web-based management interface of Cisco
IOS XE ...)
+ TODO: check
+CVE-2025-20194 (A vulnerability in the web-based management interface of Cisco
IOS XE ...)
+ TODO: check
+CVE-2025-20193 (A vulnerability in the web-based management interface of Cisco
IOS XE ...)
+ TODO: check
+CVE-2025-20192 (A vulnerability in the Internet Key Exchange version 1 (IKEv1)
impleme ...)
+ TODO: check
+CVE-2025-20191 (A vulnerability in the Switch Integrated Security Features
(SISF) of C ...)
+ TODO: check
+CVE-2025-20190 (A vulnerability in the lobby ambassador web interface of Cisco
IOS XE ...)
+ TODO: check
+CVE-2025-20189 (A vulnerability in the Cisco Express Forwarding functionality
of Cisco ...)
+ TODO: check
+CVE-2025-20188 (A vulnerability in the Out-of-Band Access Point (AP) Image
Download fe ...)
+ TODO: check
+CVE-2025-20187 (A vulnerability in the application data endpoints of Cisco
Catalyst SD ...)
+ TODO: check
+CVE-2025-20186 (A vulnerability in the web-based management interface of the
Wireless ...)
+ TODO: check
+CVE-2025-20182 (A vulnerability in the Internet Key Exchange version 2 (IKEv2)
protoco ...)
+ TODO: check
+CVE-2025-20181 (A vulnerability in Cisco IOS Software for Cisco Catalyst
2960X, 2960XR ...)
+ TODO: check
+CVE-2025-20164 (A vulnerability in the Cisco Industrial Ethernet Switch Device
Manager ...)
+ TODO: check
+CVE-2025-20162 (A vulnerability in the DHCP snooping security feature of Cisco
IOS XE ...)
+ TODO: check
+CVE-2025-20157 (A vulnerability in certificate validation processing of Cisco
Catalyst ...)
+ TODO: check
+CVE-2025-20155 (A vulnerability in the bootstrap loading of Cisco IOS XE
Software coul ...)
+ TODO: check
+CVE-2025-20154 (A vulnerability in the Two-Way Active Measurement Protocol
(TWAMP) ser ...)
+ TODO: check
+CVE-2025-20151 (A vulnerability in the implementation of the Simple Network
Management ...)
+ TODO: check
+CVE-2025-20147 (A vulnerability in the web-based management interface of Cisco
Catalys ...)
+ TODO: check
+CVE-2025-20140 (A vulnerability in the Wireless Network Control daemon (wncd)
of Cisco ...)
+ TODO: check
+CVE-2025-20137 (A vulnerability in the access control list (ACL) programming
of Cisco ...)
+ TODO: check
+CVE-2025-20122 (A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager,
formerly ...)
+ TODO: check
+CVE-2024-47619 (syslog-ng is an enhanced log daemo. Prior to version 4.8.2,
`tls_wildc ...)
+ TODO: check
+CVE-2020-36791 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 5.5.17-1
NOTE:
https://git.kernel.org/linus/0d1c3530e1bd38382edef72591b78e877e0edcd3 (5.6)
CVE-2025-32873
@@ -91,10 +589,11 @@ CVE-2025-0649 (Incorrect JSON input stringificationin
Google's Tensorflow servin
TODO: check
CVE-2024-12120 (The Royal Elementor Addons and Templates plugin for WordPress
is vulne ...)
NOT-FOR-US: WordPress plugin
-CVE-2025-27533 [Unchecked buffer length can cause excessive memory allocation]
+CVE-2025-27533 (Memory Allocation with Excessive Size Value vulnerability in
Apache Ac ...)
- activemq <unfixed>
NOTE: https://issues.apache.org/jira/browse/AMQ-6596
CVE-2025-4372 (Use after free in WebAudio in Google Chrome prior to
136.0.7103.92 all ...)
+ {DSA-5916-1}
- chromium 136.0.7103.92-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-4388 (A reflected cross-site scripting (XSS) vulnerability in the
Liferay Po ...)
@@ -19463,6 +19962,7 @@ CVE-2023-52971 (MariaDB Server 10.10 through 10.11.*
and 11.0 through 11.4.* cra
NOTE: Fixed in MariaDB: 10.11.12, 11.4.6, 11.8.2
NOTE: MariaDB commit:
https://github.com/MariaDB/server/commit/3b4de4c281cb3e33e6d3ee9537e542bf0a84b83e
CVE-2023-52970 (MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7
through ...)
+ {DLA-4154-1}
- mariadb <unfixed> (bug #1100437)
[bookworm] - mariadb <no-dsa> (Minor issue)
- mariadb-10.5 <removed>
@@ -19471,6 +19971,7 @@ CVE-2023-52970 (MariaDB Server 10.4 through 10.5.*,
10.6 through 10.6.*, 10.7 th
NOTE: MariaDB commit [1/2]:
https://github.com/MariaDB/server/commit/9b313d2de1df65626abb3b1d6c973f74addb12fb
(mariadb-10.5.29)
NOTE: MariaDB commit [2/2]:
https://github.com/MariaDB/server/commit/4fc9dc84b017cf9f30585bcdef0663f9425fe460
(mariadb-10.5.29)
CVE-2023-52969 (MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7
through ...)
+ {DLA-4154-1}
- mariadb <unfixed> (bug #1100437)
[bookworm] - mariadb <no-dsa> (Minor issue)
- mariadb-10.5 <removed>
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b295a3a3dc1431d7d0a13de3c563126e6f4ad689
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b295a3a3dc1431d7d0a13de3c563126e6f4ad689
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
