Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b2181c14 by security tracker role at 2025-05-13T08:12:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,211 @@
+CVE-2025-4632 (Improper limitation of a pathname to a restricted directory
vulnerabil ...)
+ TODO: check
+CVE-2025-4474 (The Frontend Dashboard plugin for WordPress is vulnerable to
Privilege ...)
+ TODO: check
+CVE-2025-4473 (The Frontend Dashboard plugin for WordPress is vulnerable to
Privilege ...)
+ TODO: check
+CVE-2025-4396 (The Relevanssi \u2013 A Better Search plugin for WordPress is
vulnerab ...)
+ TODO: check
+CVE-2025-4339 (The TheGem theme for WordPress is vulnerable to unauthorized
modificat ...)
+ TODO: check
+CVE-2025-4317 (The TheGem theme for WordPress is vulnerable to arbitrary file
uploads ...)
+ TODO: check
+CVE-2025-47864
+ REJECTED
+CVE-2025-47863
+ REJECTED
+CVE-2025-47862
+ REJECTED
+CVE-2025-47861
+ REJECTED
+CVE-2025-47860
+ REJECTED
+CVE-2025-47859
+ REJECTED
+CVE-2025-47858
+ REJECTED
+CVE-2025-46825 (Kanboard is project management software that focuses on the
Kanban met ...)
+ TODO: check
+CVE-2025-43011 (Under certain conditions, SAP Landscape Transformation's PCL
Basis mod ...)
+ TODO: check
+CVE-2025-43010 (SAP S/4HANA Cloud Private Edition or on Premise (SCM Master
Data Layer ...)
+ TODO: check
+CVE-2025-43009 (SAP Service Parts Management (SPM) does not perform necessary
authoriz ...)
+ TODO: check
+CVE-2025-43008 (Due to missing authorization check, an unauthorized user can
view the ...)
+ TODO: check
+CVE-2025-43007 (SAP Service Parts Management (SPM) does not perform necessary
authoriz ...)
+ TODO: check
+CVE-2025-43006 (SAP Supplier Relationship Management (Master Data Management
Catalogue ...)
+ TODO: check
+CVE-2025-43005 (SAP GUI for Windows allows an unauthenticated attacker to
exploit inse ...)
+ TODO: check
+CVE-2025-43004 (Due to a security misconfiguration vulnerability, customers
can develo ...)
+ TODO: check
+CVE-2025-43003 (SAP S/4 HANA allows an authenticated attacker with user
privileges to ...)
+ TODO: check
+CVE-2025-43002 (SAP S4CORE OData meta-data property allows an authenticated
attacker t ...)
+ TODO: check
+CVE-2025-43000 (Under certain conditions Promotion Management Wizard (PMW)
allows an a ...)
+ TODO: check
+CVE-2025-42999 (SAP NetWeaver Visual Composer Metadata Uploader is vulnerable
when a p ...)
+ TODO: check
+CVE-2025-42997 (Under certain conditions, SAP Gateway Client allows a
high-privileged ...)
+ TODO: check
+CVE-2025-3659 (Improper authentication handling was identified in a set of
HTTP POST ...)
+ TODO: check
+CVE-2025-3107 (The Newsletters plugin for WordPress is vulnerable to
time-based SQL I ...)
+ TODO: check
+CVE-2025-35471 (conda-forge openssl-feedstock before 066e83c (2024-05-20), on
Microsof ...)
+ TODO: check
+CVE-2025-31329 (SAP NetWeaver is vulnerable to an Information Disclosure
vulnerability ...)
+ TODO: check
+CVE-2025-31260 (A permissions issue was addressed with additional
restrictions. This i ...)
+ TODO: check
+CVE-2025-31259 (The issue was addressed with improved input sanitization. This
issue i ...)
+ TODO: check
+CVE-2025-31258 (This issue was addressed by removing the vulnerable code. This
issue i ...)
+ TODO: check
+CVE-2025-31257 (This issue was addressed with improved memory handling. This
issue is ...)
+ TODO: check
+CVE-2025-31256 (The issue was addressed with improved handling of caches. This
issue i ...)
+ TODO: check
+CVE-2025-31253 (This issue was addressed through improved state management.
This issue ...)
+ TODO: check
+CVE-2025-31251 (The issue was addressed with improved input sanitization. This
issue i ...)
+ TODO: check
+CVE-2025-31250 (An information disclosure issue was addressed with improved
privacy co ...)
+ TODO: check
+CVE-2025-31249 (A logic issue was addressed with improved checks. This issue
is fixed ...)
+ TODO: check
+CVE-2025-31247 (A logic issue was addressed with improved state management.
This issue ...)
+ TODO: check
+CVE-2025-31246 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2025-31245 (The issue was addressed with improved checks. This issue is
fixed in m ...)
+ TODO: check
+CVE-2025-31244 (A file quarantine bypass was addressed with additional checks.
This is ...)
+ TODO: check
+CVE-2025-31242 (A privacy issue was addressed with improved private data
redaction for ...)
+ TODO: check
+CVE-2025-31241 (A double free issue was addressed with improved memory
management. Thi ...)
+ TODO: check
+CVE-2025-31240 (This issue was addressed with improved checks. This issue is
fixed in ...)
+ TODO: check
+CVE-2025-31239 (A use-after-free issue was addressed with improved memory
management. ...)
+ TODO: check
+CVE-2025-31238 (The issue was addressed with improved checks. This issue is
fixed in w ...)
+ TODO: check
+CVE-2025-31237 (This issue was addressed with improved checks. This issue is
fixed in ...)
+ TODO: check
+CVE-2025-31236 (An information disclosure issue was addressed with improved
privacy co ...)
+ TODO: check
+CVE-2025-31235 (A double free issue was addressed with improved memory
management. Thi ...)
+ TODO: check
+CVE-2025-31234 (The issue was addressed with improved input sanitization. This
issue i ...)
+ TODO: check
+CVE-2025-31233 (The issue was addressed with improved input sanitization. This
issue i ...)
+ TODO: check
+CVE-2025-31232 (A logic issue was addressed with improved checks. This issue
is fixed ...)
+ TODO: check
+CVE-2025-31228 (The issue was addressed with improved authentication. This
issue is fi ...)
+ TODO: check
+CVE-2025-31227 (A logic issue was addressed with improved checks. This issue
is fixed ...)
+ TODO: check
+CVE-2025-31226 (A logic issue was addressed with improved checks. This issue
is fixed ...)
+ TODO: check
+CVE-2025-31225 (A privacy issue was addressed by removing sensitive data. This
issue i ...)
+ TODO: check
+CVE-2025-31224 (A logic issue was addressed with improved checks. This issue
is fixed ...)
+ TODO: check
+CVE-2025-31223 (The issue was addressed with improved checks. This issue is
fixed in w ...)
+ TODO: check
+CVE-2025-31222 (A correctness issue was addressed with improved checks. This
issue is ...)
+ TODO: check
+CVE-2025-31221 (An integer overflow was addressed with improved input
validation. This ...)
+ TODO: check
+CVE-2025-31220 (A privacy issue was addressed by removing sensitive data. This
issue i ...)
+ TODO: check
+CVE-2025-31219 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2025-31218 (This issue was addressed by removing the vulnerable code. This
issue i ...)
+ TODO: check
+CVE-2025-31217 (The issue was addressed with improved input validation. This
issue is ...)
+ TODO: check
+CVE-2025-31215 (The issue was addressed with improved checks. This issue is
fixed in w ...)
+ TODO: check
+CVE-2025-31214 (This issue was addressed through improved state management.
This issue ...)
+ TODO: check
+CVE-2025-31213 (A logging issue was addressed with improved data redaction.
This issue ...)
+ TODO: check
+CVE-2025-31212 (This issue was addressed through improved state management.
This issue ...)
+ TODO: check
+CVE-2025-31210 (The issue was addressed with improved UI. This issue is fixed
in iPadO ...)
+ TODO: check
+CVE-2025-31209 (An out-of-bounds read was addressed with improved bounds
checking. Thi ...)
+ TODO: check
+CVE-2025-31208 (The issue was addressed with improved checks. This issue is
fixed in w ...)
+ TODO: check
+CVE-2025-31207 (A logic issue was addressed with improved checks. This issue
is fixed ...)
+ TODO: check
+CVE-2025-31206 (A type confusion issue was addressed with improved state
handling. Thi ...)
+ TODO: check
+CVE-2025-31205 (The issue was addressed with improved checks. This issue is
fixed in w ...)
+ TODO: check
+CVE-2025-31204 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2025-31196 (An out-of-bounds read was addressed with improved input
validation. Th ...)
+ TODO: check
+CVE-2025-31195 (The issue was addressed by adding additional logic. This issue
is fixe ...)
+ TODO: check
+CVE-2025-30453 (The issue was addressed with additional permissions checks.
This issue ...)
+ TODO: check
+CVE-2025-30448 (This issue was addressed with additional entitlement checks.
This issu ...)
+ TODO: check
+CVE-2025-30442 (The issue was addressed with improved input sanitization. This
issue i ...)
+ TODO: check
+CVE-2025-30440 (The issue was addressed with improved checks. This issue is
fixed in m ...)
+ TODO: check
+CVE-2025-30436 (This issue was addressed by restricting options offered on a
locked de ...)
+ TODO: check
+CVE-2025-30018 (The Live Auction Cockpit in SAP Supplier Relationship
Management (SRM) ...)
+ TODO: check
+CVE-2025-30012 (The Live Auction Cockpit in SAP Supplier Relationship
Management (SRM) ...)
+ TODO: check
+CVE-2025-30011 (The Live Auction Cockpit in SAP Supplier Relationship
Management (SRM) ...)
+ TODO: check
+CVE-2025-30010 (The Live Auction Cockpit in SAP Supplier Relationship
Management (SRM) ...)
+ TODO: check
+CVE-2025-30009 (he Live Auction Cockpit in SAP Supplier Relationship
Management (SRM) ...)
+ TODO: check
+CVE-2025-26662 (The Data Services Management Console does not sufficiently
encode user ...)
+ TODO: check
+CVE-2025-24274 (An input validation issue was addressed by removing the
vulnerable cod ...)
+ TODO: check
+CVE-2025-24258 (A permissions issue was addressed with additional
restrictions. This i ...)
+ TODO: check
+CVE-2025-24225 (An injection issue was addressed with improved input
validation. This ...)
+ TODO: check
+CVE-2025-24223 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2025-24222 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2025-24220 (A permissions issue was addressed with additional
restrictions. This i ...)
+ TODO: check
+CVE-2025-24155 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2025-24144 (An information disclosure issue was addressed by removing the
vulnerab ...)
+ TODO: check
+CVE-2025-24142 (A privacy issue was addressed with improved private data
redaction for ...)
+ TODO: check
+CVE-2025-24111 (A memory corruption issue was addressed with improved state
management ...)
+ TODO: check
+CVE-2025-22249 (VMware Aria automation contains a DOM based Cross-Site
Scripting (XSS) ...)
+ TODO: check
+CVE-2025-22246 (Cloud Foundry UAA release versions from v77.21.0 to v7.31.0
are vulner ...)
+ TODO: check
+CVE-2023-49641 (Billing Software v1.0 is vulnerable to multiple
Unauthenticated SQL In ...)
+ TODO: check
CVE-2025-47712
- nbdkit <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2365724
@@ -22469,7 +22677,7 @@ CVE-2025-1930 (On Windows, a compromised content
process could use bad StreamDat
CVE-2025-27521 (Vulnerability of improper access permission in the process
management ...)
NOT-FOR-US: Huawei
CVE-2025-27221 (In the URI gem before 1.0.3 for Ruby, the URI handling methods
(URI.jo ...)
- {DLA-4082-1}
+ {DLA-4163-1 DLA-4082-1}
- ruby3.3 3.3.7-2
- ruby3.1 <removed> (bug #1103794)
[bookworm] - ruby3.1 <no-dsa> (Minor issue)
@@ -46409,7 +46617,8 @@ CVE-2024-12842 (A vulnerability was found in Emlog Pro
up to 2.4.1. It has been
NOT-FOR-US: Emlog Pro
CVE-2024-12841 (A vulnerability was found in Emlog Pro up to 2.4.1. It has
been classi ...)
NOT-FOR-US: Emlog Pro
-CVE-2024-12840 (A server-side request forgery exists in Satellite. When a PUT
HTTP req ...)
+CVE-2024-12840
+ REJECTED
NOT-FOR-US: Red Hat Satellite
CVE-2024-12677 (Delta Electronics DTM Soft deserializes objects, which could
allow an ...)
NOT-FOR-US: Delta Electronics
@@ -71227,7 +71436,8 @@ CVE-2024-30134 (The HCL Traveler for Microsoft Outlook
executable (HTMO.exe) is
NOT-FOR-US: HCL
CVE-2023-46175 (IBM Cloud Pak for Multicloud Management 2.3 through 2.3 FP8
stores use ...)
NOT-FOR-US: IBM
-CVE-2024-47177 (** DISPUTED ** CUPS is a standards-based, open-source printing
system, ...)
+CVE-2024-47177
+ REJECTED
- cups-filters <unfixed> (bug #1082822)
[trixie] - cups-filters <ignored> (Mitigated with fixes around
CVE-2024-47076, CVE-2024-47175 and CVE-2024-47176)
[bookworm] - cups-filters <ignored> (Mitigated with fixes around
CVE-2024-47076, CVE-2024-47175 and CVE-2024-47176)
@@ -188072,7 +188282,7 @@ CVE-2023-28756 (A ReDoS issue was discovered in the
Time component through 0.2.1
NOTE:
https://www.ruby-lang.org/en/news/2023/03/30/redos-in-time-cve-2023-28756/
NOTE:
https://github.com/jruby/jruby/commit/36637a1b4e434cbb75c8f87be128b7763cedf99d
(9.4.3.0)
CVE-2023-28755 (A ReDoS issue was discovered in the URI component through
0.12.0 in Ru ...)
- {DLA-3858-1 DLA-3447-1 DLA-3408-1}
+ {DLA-4163-1 DLA-3858-1 DLA-3447-1 DLA-3408-1}
- rubygems 3.4.20-1
[bookworm] - rubygems <no-dsa> (Minor issue)
- ruby3.1 <removed> (bug #1038408)
@@ -207172,6 +207382,7 @@ CVE-2023-22665 (There is insufficient checking of
user queries in Apache Jena ve
[bookworm] - apache-jena <ignored> (Minor issue)
NOTE: https://lists.apache.org/thread/s0dmpsxcwqs57l4qfs415klkgmhdxq7s
CVE-2023-22652 (A Buffer Copy without Checking Size of Input ('Classic Buffer
Overflow ...)
+ {DLA-4164-1}
- libeconf 0.5.2+dfsg1-1 (bug #1037333)
[bookworm] - libeconf 0.5.1+dfsg1-1+deb12u1
NOTE: https://github.com/openSUSE/libeconf/issues/177
@@ -297531,6 +297742,7 @@ CVE-2021-43811 (Sockeye is an open-source
sequence-to-sequence framework for Neu
CVE-2021-43810 (Admidio is a free open source user management system for
websites of o ...)
NOT-FOR-US: Admidio
CVE-2021-43809 (`Bundler` is a package for managing application dependencies
in Ruby. ...)
+ {DLA-4163-1}
- rubygems 3.3.5-1
NOTE:
https://github.com/rubygems/rubygems/security/advisories/GHSA-fj7f-vq84-fh43
NOTE:
https://github.com/rubygems/rubygems/commit/90b1ed8b9f8b636aa8c913f7b5a764a2e03d179c
(v3.3.0)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b2181c146c8a4fcb6dcd4b660aa142fd89d5ec97
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b2181c146c8a4fcb6dcd4b660aa142fd89d5ec97
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
