Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
53875b0f by security tracker role at 2025-05-15T20:12:06+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,145 @@
+CVE-2025-4762 (Insecure Direct Object Reference (IDOR) vulnerability in the
eSignaVie ...)
+ TODO: check
+CVE-2025-4717 (A vulnerability, which was classified as critical, was found in
PHPGur ...)
+ TODO: check
+CVE-2025-4716 (A vulnerability was found in Campcodes Sales and Inventory
System 1.0. ...)
+ TODO: check
+CVE-2025-4715 (A vulnerability was found in Campcodes Sales and Inventory
System 1.0. ...)
+ TODO: check
+CVE-2025-4714 (A vulnerability was found in Campcodes Sales and Inventory
System 1.0. ...)
+ TODO: check
+CVE-2025-4713 (A vulnerability was found in Campcodes Sales and Inventory
System 1.0 ...)
+ TODO: check
+CVE-2025-4712 (A vulnerability has been found in Campcodes Sales and Inventory
System ...)
+ TODO: check
+CVE-2025-4711 (A vulnerability, which was classified as critical, was found in
Campco ...)
+ TODO: check
+CVE-2025-4710 (A vulnerability, which was classified as critical, has been
found in C ...)
+ TODO: check
+CVE-2025-4709 (A vulnerability classified as critical was found in Campcodes
Sales an ...)
+ TODO: check
+CVE-2025-4708 (A vulnerability classified as critical has been found in
Campcodes Sal ...)
+ TODO: check
+CVE-2025-4707 (A vulnerability was found in Campcodes Sales and Inventory
System 1.0. ...)
+ TODO: check
+CVE-2025-4706 (A vulnerability was found in projectworlds Online Examination
System 1 ...)
+ TODO: check
+CVE-2025-4705 (A vulnerability was found in PHPGurukul Vehicle Parking
Management Sys ...)
+ TODO: check
+CVE-2025-4704 (A vulnerability was found in PHPGurukul Vehicle Parking
Management Sys ...)
+ TODO: check
+CVE-2025-4703 (A vulnerability has been found in PHPGurukul Vehicle Parking
Managemen ...)
+ TODO: check
+CVE-2025-4702 (A vulnerability, which was classified as critical, was found in
PHPGur ...)
+ TODO: check
+CVE-2025-4701 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2025-4699 (A vulnerability classified as critical was found in PHPGurukul
Apartme ...)
+ TODO: check
+CVE-2025-4698 (A vulnerability classified as critical has been found in
PHPGurukul Di ...)
+ TODO: check
+CVE-2025-4697 (A vulnerability was found in PHPGurukul Directory Management
System 2. ...)
+ TODO: check
+CVE-2025-4696 (A vulnerability was found in PHPGurukul Cyber Cafe Management
System 1 ...)
+ TODO: check
+CVE-2025-4695 (A vulnerability was found in PHPGurukul Cyber Cafe Management
System 1 ...)
+ TODO: check
+CVE-2025-4564 (The TicketBAI Facturas para WooCommerce plugin for WordPress is
vulner ...)
+ TODO: check
+CVE-2025-4516 (There is an issue in CPython when using
`bytes.decode("unicode_escape" ...)
+ TODO: check
+CVE-2025-48051 (powertip.ts in Lila (for Lichess) before ab0beaf allows XSS in
some ap ...)
+ TODO: check
+CVE-2025-48050 (In DOMPurify through 3.2.5 before 6bc6d60, scripts/server.js
does not ...)
+ TODO: check
+CVE-2025-47789 (Horilla is a free and open source Human Resource Management
System (HR ...)
+ TODO: check
+CVE-2025-47788 (Atheos is a self-hosted browser-based cloud IDE. Prior to
v602, simila ...)
+ TODO: check
+CVE-2025-47787 (Emlog is an open source website building system. Emlog Pro
prior to ve ...)
+ TODO: check
+CVE-2025-47786 (Emlog is an open source website building system. Version
2.5.13 has a ...)
+ TODO: check
+CVE-2025-47785 (Emlog is an open source website building system. In versions
up to and ...)
+ TODO: check
+CVE-2025-47784 (Emlog is an open source website building system. Versions
2.5.13 and p ...)
+ TODO: check
+CVE-2025-47774 (Vyper is the Pythonic Programming Language for the Ethereum
Virtual Ma ...)
+ TODO: check
+CVE-2025-47580 (Missing Authorization vulnerability in Rustaurius Front End
Users allo ...)
+ TODO: check
+CVE-2025-47285 (Vyper is the Pythonic Programming Language for the Ethereum
Virtual Ma ...)
+ TODO: check
+CVE-2025-47279 (Undici is an HTTP/1.1 client for Node.js. Prior to versions
5.29.0, 6. ...)
+ TODO: check
+CVE-2025-47161 (Microsoft Defender for Endpoint Elevation of Privilege
Vulnerability)
+ TODO: check
+CVE-2025-46834 (Alchemy's Modular Account is a smart contract account that is
compatib ...)
+ TODO: check
+CVE-2025-46053 (A SQL Injection vulnerability in WebERP v4.15.2 allows
attackers to ex ...)
+ TODO: check
+CVE-2025-46052 (An error-based SQL Injection (SQLi) vulnerability in WebERP
v4.15.2 al ...)
+ TODO: check
+CVE-2025-44185 (SourceCodester Best Employee Management System V1.0 is
vulnerable to C ...)
+ TODO: check
+CVE-2025-44183 (Phpgurukul Vehicle Record Management System v1.0 is vulnerable
to Cros ...)
+ TODO: check
+CVE-2025-44182 (Phpgurukul Vehicle Record Management System v1.0 is vulnerable
to Cros ...)
+ TODO: check
+CVE-2025-44181 (Phpgurukul Vehicle Record Management System v1.0 is vulnerable
to Cros ...)
+ TODO: check
+CVE-2025-44180 (Phpgurukul Vehicle Record Management System v1.0 is vulnerable
to Cros ...)
+ TODO: check
+CVE-2025-44110 (FluxBB 1.5.11 is vulnerable to Cross Site Scripting (XSS) in
via the F ...)
+ TODO: check
+CVE-2025-43853 (The WebAssembly Micro Runtime's (WAMR) iwasm package is the
executable ...)
+ TODO: check
+CVE-2025-3446 (Mattermost versions 10.6.x <= 10.6.1, 10.5.x <= 10.5.2, 10.4.x
<= 10.4 ...)
+ TODO: check
+CVE-2025-3440 (IBM Security Guardium 11.5 is vulnerable to stored cross-site
scriptin ...)
+ TODO: check
+CVE-2025-32922 (Cross-Site Request Forgery (CSRF) vulnerability in Tobias
WP2LEADS all ...)
+ TODO: check
+CVE-2025-32738 (Missing authentication for critical function issue exists in
I-O DATA ...)
+ TODO: check
+CVE-2025-32002 (Improper neutralization of special elements used in an OS
command ('OS ...)
+ TODO: check
+CVE-2025-31947 (Mattermost versions 10.6.x <= 10.6.1, 10.5.x <= 10.5.2, 10.4.x
<= 10.4 ...)
+ TODO: check
+CVE-2025-30476 (Dell PowerScale InsightIQ, version 5.2, contains an
uncontrolled resou ...)
+ TODO: check
+CVE-2025-30475 (Dell PowerScale InsightIQ, versions 5.0 through 5.2, contains
an impro ...)
+ TODO: check
+CVE-2025-30421 (There is a memory corruption vulnerability due to a
stack-based buffer ...)
+ TODO: check
+CVE-2025-30420 (There is a memory corruption vulnerability due to an out of
bounds rea ...)
+ TODO: check
+CVE-2025-30419 (There is a memory corruption vulnerability due to an out of
bounds rea ...)
+ TODO: check
+CVE-2025-30418 (There is a memory corruption vulnerability due to an out of
bounds wri ...)
+ TODO: check
+CVE-2025-30417 (There is a memory corruption vulnerability due to an out of
bounds wri ...)
+ TODO: check
+CVE-2025-2570 (Mattermost versions 10.5.x <= 10.5.3, 9.11.x <= 9.11.11 fail to
check ...)
+ TODO: check
+CVE-2025-2527 (Mattermost versions 10.5.x <= 10.5.2, 9.11.x <= 9.11.11 failed
to prop ...)
+ TODO: check
+CVE-2025-26481 (Dell PowerScale OneFS, versions 9.4.0.0 through 9.9.0.0,
contains an u ...)
+ TODO: check
+CVE-2025-1647 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-56006 (Missing Authorization vulnerability in Automattic Jetpack
Debug Tools. ...)
+ TODO: check
+CVE-2024-52880 (An issue was discovered in Insyde InsydeH2O kernel 5.2 before
version ...)
+ TODO: check
+CVE-2024-52879 (An issue was discovered in Insyde InsydeH2O kernel 5.2 before
version ...)
+ TODO: check
+CVE-2024-52878 (An issue was discovered in Insyde InsydeH2O kernel 5.2 before
version ...)
+ TODO: check
+CVE-2024-52877 (An issue was discovered in Insyde InsydeH2O kernel 5.2 before
version ...)
+ TODO: check
+CVE-2024-51666 (Missing Authorization vulnerability in Automattic Tours.This
issue aff ...)
+ TODO: check
CVE-2025-4737 (Insufficient encryption vulnerability in the mobile application
(com.t ...)
TODO: check
CVE-2025-4591 (The Weluka Lite plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
@@ -244,9 +386,11 @@ CVE-2024-10865 (Improper Input validation leads to XSS or
Cross-site Scripting v
CVE-2024-10864 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: OpenText
CVE-2025-4609
+ {DSA-5920-1}
- chromium 136.0.7103.113-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-4664 (Insufficient policy enforcement in Loader in Google Chrome
prior to 13 ...)
+ {DSA-5920-1}
- chromium 136.0.7103.113-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2023-53146 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
@@ -6874,12 +7018,12 @@ CVE-2025-46400 (In xfig diagramming tool, a
segmentation fault while running fig
NOTE: Error covered with:
https://sourceforge.net/p/mcj/fig2dev/ci/1e5515a1ea2ec8651cf85ab5000d026bb962492a/
NOTE: Fixed by:
https://sourceforge.net/p/mcj/fig2dev/ci/c4465e0d9af89d9738aad31c2d0873ac1fa03c96/
NOTE: Crash in CLI tool, no security impact
-CVE-2025-46399
- REJECTED
-CVE-2025-46398
- REJECTED
-CVE-2025-46397
- REJECTED
+CVE-2025-46399 (In xfig diagramming tool, a segmentation fault in fig2dev
allows memor ...)
+ TODO: check
+CVE-2025-46398 (In xfig diagramming tool, a stack-overflow while running
fig2dev allow ...)
+ TODO: check
+CVE-2025-46397 (In xfig diagramming tool, a stack-overflowwhile running
fig2dev allows ...)
+ TODO: check
CVE-2025-46381
REJECTED
CVE-2025-46380
@@ -10732,6 +10876,7 @@ CVE-2023-42977 (A path handling issue was addressed
with improved validation. Th
CVE-2023-42973 (Private Browsing tabs may be accessed without authentication.
This iss ...)
NOT-FOR-US: Apple
CVE-2023-42970 (A use-after-free issue was addressed with improved memory
management. ...)
+ {DSA-5527-1}
- webkit2gtk 2.42.0-1
- wpewebkit 2.42.0-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
@@ -10742,6 +10887,7 @@ CVE-2023-42969 (An app may be able to break out of its
sandbox. This issue is fi
CVE-2023-42961 (A path handling issue was addressed with improved validation.
This iss ...)
NOT-FOR-US: Apple
CVE-2023-42875 (Processing web content may lead to arbitrary code execution.
This issu ...)
+ {DSA-5527-1}
- webkit2gtk 2.42.0-1
- wpewebkit 2.42.0-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
@@ -47538,7 +47684,7 @@ CVE-2024-12840
REJECTED
CVE-2024-12677 (Delta Electronics DTM Soft deserializes objects, which could
allow an ...)
NOT-FOR-US: Delta Electronics
-CVE-2024-12014 (Path Traversal and Insecure Direct Object Reference (IDOR)
vulnerabili ...)
+CVE-2024-12014 (Path Traversal vulnerability in the eSignaViewer component in
eSigna p ...)
NOT-FOR-US: eSigna
CVE-2024-10385 (Ticket management system in DirectAdmin Evolution Skin is
vulnerable t ...)
NOT-FOR-US: DirectAdmin Evolution Skin
@@ -139208,7 +139354,7 @@ CVE-2023-7077 (Sharp NEC Displays (P403, P463, P553,
P703, P801, X554UN, X464UN,
NOT-FOR-US: Sharp
CVE-2023-5800 (Vintage, member of the AXIS OS Bug Bounty Program, has found
that the ...)
NOT-FOR-US: AXIS
-CVE-2023-5677 (Brandon Rothel from QED Secure Solutions has found that the
VAPIX API ...)
+CVE-2023-5677 (Brandon Rothel from QED Secure Solutions and Sam Hanson of
Dragos have ...)
NOT-FOR-US: AXIS
CVE-2023-51504 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/53875b0f6e7954a04ff865062f37e588f7187654
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/53875b0f6e7954a04ff865062f37e588f7187654
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
