Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
226a50bf by security tracker role at 2025-05-14T20:12:39+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,10 +1,166 @@
+CVE-2025-4641 (Improper Restriction of XML External Entity Reference
vulnerability in ...)
+ TODO: check
+CVE-2025-4640 (Out-of-bounds Write vulnerability in PointCloudLibrary pcl
allows Over ...)
+ TODO: check
+CVE-2025-4639 (CWE-611 Improper Restriction of XML External Entity Reference
in the g ...)
+ TODO: check
+CVE-2025-4638 (A vulnerability exists in the inftrees.c component of the zlib
library ...)
+ TODO: check
+CVE-2025-4637 (Divide By Zero vulnerability in davisking dlib allows remote
attacke ...)
+ TODO: check
+CVE-2025-4430 (Unauthorized access to "/api/Token/gettoken" endpoint in EZD RP
allows ...)
+ TODO: check
+CVE-2025-47782 (motionEye is an online interface for the software motion, a
video surv ...)
+ TODO: check
+CVE-2025-47781 (Rallly is an open-source scheduling and collaboration tool.
Versions u ...)
+ TODO: check
+CVE-2025-47778 (Sulu is an open-source PHP content management system based on
the Symf ...)
+ TODO: check
+CVE-2025-47777 (5ire is a cross-platform desktop artificial intelligence
assistant and ...)
+ TODO: check
+CVE-2025-47775 (Bullfrog is a GithHb Action to block unauthorized outbound
traffic in ...)
+ TODO: check
+CVE-2025-47710 (Authentication Bypass Using an Alternate Path or Channel
vulnerability ...)
+ TODO: check
+CVE-2025-47709 (Missing Authorization vulnerability in Drupal Enterprise MFA -
TFA for ...)
+ TODO: check
+CVE-2025-47708 (Cross-Site Request Forgery (CSRF) vulnerability in Drupal
Enterprise M ...)
+ TODO: check
+CVE-2025-47707 (Authentication Bypass Using an Alternate Path or Channel
vulnerability ...)
+ TODO: check
+CVE-2025-47706 (Authentication Bypass by Capture-replay vulnerability in
Drupal Enterp ...)
+ TODO: check
+CVE-2025-47705 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-47704 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-47703 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-47702 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-47701 (Cross-Site Request Forgery (CSRF) vulnerability in Drupal
Restrict rou ...)
+ TODO: check
+CVE-2025-47445 (Relative Path Traversal vulnerability in Themewinter Eventin
allows Pa ...)
+ TODO: check
+CVE-2025-47436 (Heap-based Buffer Overflow vulnerability in Apache ORC. A
vulnerabili ...)
+ TODO: check
+CVE-2025-47292 (Cap Collectif is an online decision making platform that
integrates se ...)
+ TODO: check
+CVE-2025-46786 (Improper neutralization of special elements in some Zoom
Workplace App ...)
+ TODO: check
+CVE-2025-46785 (Buffer over-read in some Zoom Workplace Apps for Windows may
allow an ...)
+ TODO: check
+CVE-2025-44186 (SourceCodester Best Employee Management System 1.0 is
vulnerable to Cr ...)
+ TODO: check
+CVE-2025-44184 (SourceCodester Best Employee Management System V1.0 is
vulnerable to C ...)
+ TODO: check
+CVE-2025-40595 (A Server-side request forgery (SSRF) vulnerability has been
identified ...)
+ TODO: check
+CVE-2025-3932 (It was possible to craft an email that showed a tracking link
as an at ...)
+ TODO: check
+CVE-2025-3931 (A flaw was found in Yggdrasil, which acts as a system broker,
allowing ...)
+ TODO: check
+CVE-2025-3909 (Thunderbird's handling of the X-Mozilla-External-Attachment-URL
header ...)
+ TODO: check
+CVE-2025-3877 (A crafted HTML email using mailbox:/// links can trigger
automatic, un ...)
+ TODO: check
+CVE-2025-3875 (Thunderbird parses addresses in a way that can allow sender
spoofing i ...)
+ TODO: check
+CVE-2025-3834 (Zohocorp ManageEngineADAudit Plus versions8510and prior are
vulnerable ...)
+ TODO: check
+CVE-2025-3833 (Zohocorp ManageEngineADSelfService Plus versions6513 and prior
are vul ...)
+ TODO: check
+CVE-2025-3769 (The LatePoint \u2013 Calendar Booking Plugin for Appointments
and Even ...)
+ TODO: check
+CVE-2025-3600 (In Progress\xae Telerik\xae UI for AJAX, versions 2011.2.712 to
2025.1 ...)
+ TODO: check
+CVE-2025-33104 (IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to
cross-si ...)
+ TODO: check
+CVE-2025-32363 (mediDOK before 2.5.18.43 allows remote attackers to achieve
remote cod ...)
+ TODO: check
+CVE-2025-30668 (Integer underflow in some Zoom Workplace Apps may allow an
authenticat ...)
+ TODO: check
+CVE-2025-30667 (NULL pointer dereference in some Zoom Workplace Apps for
Windows may a ...)
+ TODO: check
+CVE-2025-30666 (NULL pointer dereference in some Zoom Workplace Apps for
Windows may a ...)
+ TODO: check
+CVE-2025-30665 (NULL pointer dereference in some Zoom Workplace Apps for
Windows may a ...)
+ TODO: check
+CVE-2025-30664 (Improper neutralization of special elements in some Zoom
Workplace App ...)
+ TODO: check
+CVE-2025-30663 (Time-of-check time-of-use race condition in some Zoom
Workplace Apps m ...)
+ TODO: check
+CVE-2025-2900 (IBM Semeru Runtime 8.0.302.0 through 8.0.442.0, 11.0.12.0
through 11.0 ...)
+ TODO: check
+CVE-2025-2875 (CWE-610: Externally Controlled Reference to a Resource in
Another Sphe ...)
+ TODO: check
+CVE-2025-26785 (An issue was discovered in NAS in Samsung Mobile Processor,
Wearable P ...)
+ TODO: check
+CVE-2025-26784 (An issue was discovered in NAS in Samsung Mobile Processor,
Wearable P ...)
+ TODO: check
+CVE-2025-25370 (An issue in realme GT 2 (RMX3311) running Android 14 with
realme UI 5. ...)
+ TODO: check
+CVE-2025-24969 (iTop is an web based IT Service Management tool. Prior to
version 3.2. ...)
+ TODO: check
+CVE-2025-24785 (iTop is an web based IT Service Management tool. In version
3.2.0, an ...)
+ TODO: check
+CVE-2025-24026 (iTop is an web based IT Service Management tool. Versions
prior to 3.2 ...)
+ TODO: check
+CVE-2025-24022 (iTop is an web based IT Service Management tool. Prior to
versions 2.7 ...)
+ TODO: check
+CVE-2025-24021 (iTop is an web based IT Service Management tool. Prior to
versions 2.7 ...)
+ TODO: check
+CVE-2025-22756
+ REJECTED
+CVE-2025-0138 (Web sessions in the web interface of Palo Alto Networks
Prisma\xae Clo ...)
+ TODO: check
+CVE-2025-0137 (An improper input neutralization vulnerability in the
management web i ...)
+ TODO: check
+CVE-2025-0136 (Using the AES-128-CCM algorithm for IPSec on certain Palo Alto
Network ...)
+ TODO: check
+CVE-2025-0135 (An incorrect privilege assignment vulnerability in the Palo
Alto Netwo ...)
+ TODO: check
+CVE-2025-0134 (A code injection vulnerability in the Palo Alto Networks Cortex
XDR\xa ...)
+ TODO: check
+CVE-2025-0133 (A reflected cross-site scripting (XSS) vulnerability in the
GlobalProt ...)
+ TODO: check
+CVE-2025-0132 (A missing authentication vulnerability in Palo Alto Networks
Cortex XD ...)
+ TODO: check
+CVE-2025-0131 (An incorrect privilege management vulnerability in the OPSWAT
MetaDefe ...)
+ TODO: check
+CVE-2025-0130 (A missing exception check in Palo Alto Networks PAN-OS\xae
software wi ...)
+ TODO: check
+CVE-2024-8988 (The PeepSo Core: File Uploads plugin for WordPress is
vulnerable to In ...)
+ TODO: check
+CVE-2024-58101 (Samsung Galaxy Buds and Galaxy Buds 2 audio devices are
Bluetooth pair ...)
+ TODO: check
+CVE-2024-57273 (Netgate pfSense CE (prior to 2.8.0 beta release) and
corresponding Plu ...)
+ TODO: check
+CVE-2024-57096 (An issue in wps office before v.19302 allows a local attacker
to obtai ...)
+ TODO: check
+CVE-2024-56157 (iTop is an web based IT Service Management tool. Prior to
versions 3.1 ...)
+ TODO: check
+CVE-2024-54780 (Netgate pfSense CE (prior to 2.8.0 beta release) and
corresponding Plu ...)
+ TODO: check
+CVE-2024-54779 (Netgate pfSense CE (prior to 2.8.0 beta release) and
corresponding Plu ...)
+ TODO: check
+CVE-2024-52601 (iTop is an web based IT Service Management tool. Prior to
versions 2.7 ...)
+ TODO: check
+CVE-2024-45516 (An issue was discovered in Zimbra Collaboration (ZCS) 9.0.0
before Pat ...)
+ TODO: check
+CVE-2024-13940 (The Ninja Forms Webhooks plugin for WordPress is vulnerable to
Server- ...)
+ TODO: check
+CVE-2024-10865 (Improper Input validation leads to XSS or Cross-site Scripting
vulnera ...)
+ TODO: check
+CVE-2024-10864 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
CVE-2025-4609
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-4664
+CVE-2025-4664 (Insufficient policy enforcement in Loader in Google Chrome
prior to 13 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2023-53146 [media: dw2102: Fix null-ptr-deref in dw2102_i2c_transfer()]
+CVE-2023-53146 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
- linux 6.5.6-1
[bookworm] - linux 6.1.55-1
[bullseye] - linux 5.10.197-1
@@ -226,11 +382,11 @@ CVE-2024-28954 (Incorrect default permissions for some
Intel(R) Graphics Driver
NOT-FOR-US: Intel graphics drivers for Windows
CVE-2024-28036 (Improper conditions check for some Intel(R) Arc\u2122 GPU may
allow an ...)
TODO: check
-CVE-2025-26864
+CVE-2025-26864 (Exposure of Sensitive Information to an Unauthorized Actor,
Insertion ...)
NOT-FOR-US: Apache IoTDB
-CVE-2025-26795
+CVE-2025-26795 (Exposure of Sensitive Information to an Unauthorized Actor,
Insertion ...)
NOT-FOR-US: Apache IoTDB
-CVE-2024-24780
+CVE-2024-24780 (Remote Code Execution with untrusted URI of UDF vulnerability
in Apach ...)
NOT-FOR-US: Apache IoTDB
CVE-2025-4660 (A remote code execution vulnerability exists in the Windows
agent comp ...)
NOT-FOR-US: Forescout
@@ -822,7 +978,8 @@ CVE-2025-47711
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2365687
NOTE: Fixed by:
https://gitlab.com/nbdkit/nbdkit/-/commit/e6f96bd1b77c0cc927ce6aeff650b52238304f39
(v1.43.7)
NOTE: Fixed by:
https://gitlab.com/nbdkit/nbdkit/-/commit/c3c1950867ea8d9c2108ff066ed9e78dde3cfc3f
(v1.42.3)
-CVE-2025-47905 [Request Smuggling Attac]
+CVE-2025-47905 (Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish
Enterpris ...)
+ {DSA-5918-1}
- varnish 7.7.0-2
NOTE: https://varnish-cache.org/security/VSV00016.html
NOTE:
https://github.com/varnishcache/varnish-cache/commit/b5f1faba6e8d9848cfe0cba566986e7e5cc5f65b
(varnish-7.7.1)
@@ -977,6 +1134,7 @@ CVE-2025-23395
NOTE: Fixed by:
https://git.savannah.gnu.org/cgit/screen.git/commit/?id=e894caeffccdb62f9c644989a936dc7ec83cc747
NOTE: https://www.openwall.com/lists/oss-security/2025/05/12/1
CVE-2025-22247 (VMware Tools contains an insecure file handling
vulnerability.A malici ...)
+ {DLA-4165-1}
- open-vm-tools 2:12.5.0-2 (bug #1105159)
NOTE:
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25683
NOTE: Patches:
https://github.com/vmware/open-vm-tools/tree/CVE-2025-22247.patch
@@ -2976,7 +3134,7 @@ CVE-2023-46716
REJECTED
CVE-2025-4318 (The AWS Amplify Studio UI component property expressions in the
aws-am ...)
NOT-FOR-US: Amazon
-CVE-2025-4316 (Improper access control in PAM feature in Devolutions Server
2025.1.6. ...)
+CVE-2025-4316 (Improper access control in PAM feature in Devolutions Server
allows a ...)
NOT-FOR-US: Devolutions
CVE-2025-4287 (A vulnerability was found in PyTorch 2.6.0+cu124. It has been
rated as ...)
- pytorch <unfixed> (bug #1104931)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/226a50bf3976fa0923918df24b88fc72b6a83601
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/226a50bf3976fa0923918df24b88fc72b6a83601
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
