Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
fbd213ca by security tracker role at 2025-05-16T20:12:41+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,9 +1,253 @@
-CVE-2025-40907
+CVE-2025-4809 (A vulnerability was found in Tenda AC7 15.03.06.44. It has been
classi ...)
+ TODO: check
+CVE-2025-4808 (A vulnerability was found in PHPGurukul Park Ticketing
Management Syst ...)
+ TODO: check
+CVE-2025-4807 (A vulnerability, which was classified as problematic, was found
in Sou ...)
+ TODO: check
+CVE-2025-4806 (A vulnerability, which was classified as critical, has been
found in S ...)
+ TODO: check
+CVE-2025-4802 (Untrusted LD_LIBRARY_PATH environment variable vulnerability in
the GN ...)
+ TODO: check
+CVE-2025-4795 (A vulnerability classified as critical has been found in
gongfuxiang s ...)
+ TODO: check
+CVE-2025-4794 (A vulnerability was found in PHPGurukul Online Course
Registration 3.1 ...)
+ TODO: check
+CVE-2025-4793 (A vulnerability was found in PHPGurukul Online Course
Registration 3.1 ...)
+ TODO: check
+CVE-2025-4792 (A vulnerability was found in FreeFloat FTP Server 1.0 and
classified a ...)
+ TODO: check
+CVE-2025-4791 (A vulnerability has been found in FreeFloat FTP Server 1.0 and
classif ...)
+ TODO: check
+CVE-2025-4790 (A vulnerability, which was classified as critical, was found in
FreeFl ...)
+ TODO: check
+CVE-2025-4789 (A vulnerability, which was classified as critical, has been
found in F ...)
+ TODO: check
+CVE-2025-4788 (A vulnerability classified as critical was found in FreeFloat
FTP Serv ...)
+ TODO: check
+CVE-2025-4787 (A vulnerability classified as critical has been found in
SourceCodeste ...)
+ TODO: check
+CVE-2025-4786 (A vulnerability was found in SourceCodester/oretnom23 Stock
Management ...)
+ TODO: check
+CVE-2025-4785 (A vulnerability was found in PHPGurukul Daily Expense Tracker
System 1 ...)
+ TODO: check
+CVE-2025-4782 (A vulnerability has been found in SourceCodester/oretnom23
Stock Manag ...)
+ TODO: check
+CVE-2025-4781 (A vulnerability classified as critical has been found in
PHPGurukul Pa ...)
+ TODO: check
+CVE-2025-4780 (A vulnerability was found in PHPGurukul Park Ticketing
Management Syst ...)
+ TODO: check
+CVE-2025-4778 (A vulnerability was found in PHPGurukul Park Ticketing
Management Syst ...)
+ TODO: check
+CVE-2025-4777 (A vulnerability was found in PHPGurukul Park Ticketing
Management Syst ...)
+ TODO: check
+CVE-2025-4773 (A vulnerability was found in PHPGurukul Online Course
Registration 3.1 ...)
+ TODO: check
+CVE-2025-4772 (A vulnerability has been found in PHPGurukul Online Course
Registratio ...)
+ TODO: check
+CVE-2025-4771 (A vulnerability, which was classified as critical, was found in
PHPGur ...)
+ TODO: check
+CVE-2025-4770 (A vulnerability, which was classified as critical, has been
found in P ...)
+ TODO: check
+CVE-2025-4769 (A vulnerability classified as critical was found in CBEWIN
Anytxt Sear ...)
+ TODO: check
+CVE-2025-4768 (A vulnerability classified as critical has been found in
feng_ha_ha/me ...)
+ TODO: check
+CVE-2025-4767 (A vulnerability was found in defog-ai introspect up to 0.1.4.
It has b ...)
+ TODO: check
+CVE-2025-4766 (A vulnerability was found in PHPGurukul Zoo Management System
2.1. It ...)
+ TODO: check
+CVE-2025-4765 (A vulnerability was found in PHPGurukul Zoo Management System
2.1. It ...)
+ TODO: check
+CVE-2025-4761 (A vulnerability has been found in PHPGurukul Complaint
Management Syst ...)
+ TODO: check
+CVE-2025-4758 (A vulnerability classified as critical has been found in
PHPGurukul Be ...)
+ TODO: check
+CVE-2025-4679 (A vulnerability in Synology Active Backup for Microsoft 365
allows rem ...)
+ TODO: check
+CVE-2025-4600 (A request smuggling vulnerability existed in the Google Cloud
Classic ...)
+ TODO: check
+CVE-2025-4211 (Improper Link Resolution Before File Access ('Link Following')
vulnera ...)
+ TODO: check
+CVE-2025-48146 (Cross-Site Request Forgery (CSRF) vulnerability in Michael
Lups SEO Fl ...)
+ TODO: check
+CVE-2025-48144 (Cross-Site Request Forgery (CSRF) vulnerability in sidngr
Import Expor ...)
+ TODO: check
+CVE-2025-48138 (Missing Authorization vulnerability in berthaai BERTHA AI
allows Explo ...)
+ TODO: check
+CVE-2025-48137 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-48136 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-48135 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-48134 (Deserialization of Untrusted Data vulnerability in
ShapedPlugin LLC WP ...)
+ TODO: check
+CVE-2025-48132 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-48131 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-48128 (Missing Authorization vulnerability in Sharespine Sharespine
Woocommer ...)
+ TODO: check
+CVE-2025-48127 (Missing Authorization vulnerability in App Cheap Push
notification for ...)
+ TODO: check
+CVE-2025-48121 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-48120 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
+ TODO: check
+CVE-2025-48119 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
+ TODO: check
+CVE-2025-48117 (Missing Authorization vulnerability in kilbot WooCommerce POS
allows E ...)
+ TODO: check
+CVE-2025-48116 (Missing Authorization vulnerability in Ashan Perera EventON
allows Acc ...)
+ TODO: check
+CVE-2025-48115 (Cross-Site Request Forgery (CSRF) vulnerability in Javier
Revilla Vali ...)
+ TODO: check
+CVE-2025-48114 (Cross-Site Request Forgery (CSRF) vulnerability in Shayan
Farhang Pazh ...)
+ TODO: check
+CVE-2025-48113 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-48112 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-48080 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-48079 (Missing Authorization vulnerability in Metagauss ProfileGrid
allows E ...)
+ TODO: check
+CVE-2025-47916 (Invision Community 5.0.0 before 5.0.7 allows remote code
execution via ...)
+ TODO: check
+CVE-2025-47794 (Nextcloud Server is a self hosted personal cloud system. In
Nextcloud ...)
+ TODO: check
+CVE-2025-47793 (Nextcloud Server is a self hosted personal cloud system, and
the Nextc ...)
+ TODO: check
+CVE-2025-47792 (Nextcloud Desktop is the desktop sync client for Nextcloud. In
version ...)
+ TODO: check
+CVE-2025-47791 (Nextcloud Server is a self hosted personal cloud system. In
Nextcloud ...)
+ TODO: check
+CVE-2025-47790 (Nextcloud Server is a self hosted personal cloud system.
Nextcloud Ser ...)
+ TODO: check
+CVE-2025-47693 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-47567 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-47564 (Missing Authorization vulnerability in ashanjay EventON allows
Accessi ...)
+ TODO: check
+CVE-2025-47563 (Missing Authorization vulnerability in villatheme CURCY allows
Accessi ...)
+ TODO: check
+CVE-2025-47562 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
+ TODO: check
+CVE-2025-47560 (Missing Authorization vulnerability in RomanCode MapSVG allows
Exploit ...)
+ TODO: check
+CVE-2025-47557 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-47556 (Missing Authorization vulnerability in QuanticaLabs CSS3
Compare Prici ...)
+ TODO: check
+CVE-2025-47534 (Missing Authorization vulnerability in ValvePress Wordpress
Auto Spinn ...)
+ TODO: check
+CVE-2025-46464 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-40906 (BSON::XS versions 0.8.4 and earlier for Perl includes a
bundled libbso ...)
+ TODO: check
+CVE-2025-40632 (Cross-site scripting (XSS) in Icewarp Mail Server affecting
version 11 ...)
+ TODO: check
+CVE-2025-40631 (HTTP host header injection vulnerability in Icewarp Mail
Server affect ...)
+ TODO: check
+CVE-2025-40630 (Open redirection vulnerability in IceWarp Mail Server
affecting versio ...)
+ TODO: check
+CVE-2025-40629 (PNETLab 4.2.10 does not properly sanitize user inputs in its
file acce ...)
+ TODO: check
+CVE-2025-39537 (Authorization Bypass Through User-Controlled Key vulnerability
in Chim ...)
+ TODO: check
+CVE-2025-39511 (Missing Authorization vulnerability in ValvePress Pinterest
Automatic ...)
+ TODO: check
+CVE-2025-39509 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-39507 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-39493 (Missing Authorization vulnerability in ValvePress Rankie
allows Exploi ...)
+ TODO: check
+CVE-2025-39492 (Path Traversal vulnerability in WHMPress WHMpress allows
Relative Path ...)
+ TODO: check
+CVE-2025-39491 (Path Traversal vulnerability in WHMPress WHMpress allows Path
Traversa ...)
+ TODO: check
+CVE-2025-39482 (Missing Authorization vulnerability in imithemes Eventer
allows Exploi ...)
+ TODO: check
+CVE-2025-39481 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-32962 (Flask-AppBuilder is an application development framework built
on top ...)
+ TODO: check
+CVE-2025-32643 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-32310 (Cross-Site Request Forgery (CSRF) vulnerability in ThemeMove
QuickCal ...)
+ TODO: check
+CVE-2025-32307 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-32306 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-32301 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-32299 (Exposure of Sensitive System Information to an Unauthorized
Control Sp ...)
+ TODO: check
+CVE-2025-32296 (Missing Authorization vulnerability in quantumcloud Simple
Link Direct ...)
+ TODO: check
+CVE-2025-32295 (Missing Authorization vulnerability in wordpresschef Salon
Booking Pro ...)
+ TODO: check
+CVE-2025-32290 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-32287 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-32245 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-32180 (Missing Authorization vulnerability in QuanticaLabs CSS3
Tooltips for ...)
+ TODO: check
+CVE-2025-31928 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-31926 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-31923 (Missing Authorization vulnerability in QuanticaLabs CSS3
Accordions fo ...)
+ TODO: check
+CVE-2025-31922 (Cross-Site Request Forgery (CSRF) vulnerability in
QuanticaLabs CSS3 A ...)
+ TODO: check
+CVE-2025-31921 (Cross-Site Request Forgery (CSRF) vulnerability in loopus WP
Ultimate ...)
+ TODO: check
+CVE-2025-31915 (Cross-Site Request Forgery (CSRF) vulnerability in
kamleshyadav Pixel ...)
+ TODO: check
+CVE-2025-31641 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-31640 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-31639 (Cross-Site Request Forgery (CSRF) vulnerability in themeton
Spare allo ...)
+ TODO: check
+CVE-2025-31637 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-31630 (Missing Authorization vulnerability in themeton The Business
allows Ex ...)
+ TODO: check
+CVE-2025-31071 (Missing Authorization vulnerability in themeton HotStar \u2013
Multi-P ...)
+ TODO: check
+CVE-2025-31068 (Cross-Site Request Forgery (CSRF) vulnerability in themeton
Seven Star ...)
+ TODO: check
+CVE-2025-31066 (Missing Authorization vulnerability in themeton Acerola allows
Exploit ...)
+ TODO: check
+CVE-2025-31065 (Missing Authorization vulnerability in themeton Rozario allows
Exploit ...)
+ TODO: check
+CVE-2025-31063 (Missing Authorization vulnerability in redqteam Wishlist
allows Exploi ...)
+ TODO: check
+CVE-2025-31062 (Exposure of Sensitive System Information to an Unauthorized
Control Sp ...)
+ TODO: check
+CVE-2025-2306 (An Improper Access Control vulnerability was identified in the
file do ...)
+ TODO: check
+CVE-2025-2305 (A Path traversal vulnerability in the file download
functionality was ...)
+ TODO: check
+CVE-2025-22233 (CVE-2024-38820 ensured Locale-independent, lowercase
conversion for bo ...)
+ TODO: check
+CVE-2025-1975 (A vulnerability in the Ollama server version 0.5.11 allows a
malicious ...)
+ TODO: check
+CVE-2024-40120 (seaweedfs v3.68 was discovered to contain a SQL injection
vulnerabilit ...)
+ TODO: check
+CVE-2025-40907 (FCGI versions 0.44 through 0.82, for Perl, include a
vulnerable versio ...)
- libfcgi-perl 0.79+ds-2
NOTE: https://lists.security.metacpan.org/cve-announce/msg/29651740/
NOTE: Since libfcgi-perl/0.79+ds-1 in experimental libfcgi-perl is
repackaged and
NOTE: uses the system libfcgi system library. Use 0.79+ds-2 as the
fixed version.
-CVE-2025-37890 [net_sched: hfsc: Fix a UAF vulnerability in class with netem
as child qdisc]
+CVE-2025-37890 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/141d34391abbb315d68556b7c67ad97885407547 (6.15-rc5)
CVE-2025-XXXX [Buffer overflow in range of chars in evaluated expressions]
@@ -567,7 +811,7 @@ CVE-2023-5529 (The Advanced Page Visit Counter WordPress
plugin before 8.0.6 do
NOT-FOR-US: WordPress plugin
CVE-2023-2334 (The edd-google-sheet-connector-pro WordPress plugin before 1.4,
Easy D ...)
NOT-FOR-US: WordPress plugin
-CVE-2025-4476 [libsoup: Null pointer dereference in libsoup may lead to Denial
Of Service]
+CVE-2025-4476 (A denial-of-service vulnerability has been identified in the
libsoup H ...)
- libsoup3 <unfixed> (bug #1105887)
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/issues/440
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/457
@@ -806,7 +1050,7 @@ CVE-2024-45067 (Incorrect default permissions in some
Intel(R) Gaudi(R) software
NOT-FOR-US: Intel
CVE-2024-13914 (The File Manager Advanced Shortcode WordPress plugin for
WordPress is ...)
NOT-FOR-US: WordPress plugin
-CVE-2025-4478
+CVE-2025-4478 (A flaw was found in the gnome-remote-desktop used by Anaconda's
remote ...)
- gnome-remote-desktop <unfixed>
[bookworm] - gnome-remote-desktop <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2365232
@@ -884,17 +1128,21 @@ CVE-2025-44184 (SourceCodester Best Employee Management
System V1.0 is vulnerabl
CVE-2025-40595 (A Server-side request forgery (SSRF) vulnerability has been
identified ...)
NOT-FOR-US: SonicWall
CVE-2025-3932 (It was possible to craft an email that showed a tracking link
as an at ...)
+ {DSA-5921-1}
- thunderbird 1:128.10.1esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-34/#CVE-2025-3932
CVE-2025-3931 (A flaw was found in Yggdrasil, which acts as a system broker,
allowing ...)
NOT-FOR-US: Red Hat Yggdrasil, different from src:yggdrasil
CVE-2025-3909 (Thunderbird's handling of the X-Mozilla-External-Attachment-URL
header ...)
+ {DSA-5921-1}
- thunderbird 1:128.10.1esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-34/#CVE-2025-3909
CVE-2025-3877 (A crafted HTML email using mailbox:/// links can trigger
automatic, un ...)
+ {DSA-5921-1}
- thunderbird 1:128.10.1esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-34/#CVE-2025-3877
CVE-2025-3875 (Thunderbird parses addresses in a way that can allow sender
spoofing i ...)
+ {DSA-5921-1}
- thunderbird 1:128.10.1esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-34/#CVE-2025-3875
CVE-2025-3834 (Zohocorp ManageEngineADAudit Plus versions8510and prior are
vulnerable ...)
@@ -1179,7 +1427,8 @@ CVE-2025-20004 (Insufficient control flow management in
the Alias Checking Trust
NOT-FOR-US: Intel
CVE-2025-20003 (Improper link resolution before file access ('Link Following')
for som ...)
NOT-FOR-US: Intel graphics drivers for Windows
-CVE-2025-0020 (Violation of Secure Design Principles, Hidden Functionality,
Incorrect ...)
+CVE-2025-0020
+ REJECTED
NOT-FOR-US: ArcGIS
CVE-2024-52290 (LF Edge eKuiper is a lightweight internet of things (IoT) data
analyti ...)
NOT-FOR-US: LF Edge eKuiper
@@ -6551,7 +6800,7 @@ CVE-2024-57698 (An issue in modernwms v.1.0 allows an
attacker view the MD5 hash
CVE-2023-4377
REJECTED
CVE-2025-4093 (Memory safety bug present in Firefox ESR 128.9, and Thunderbird
128.9. ...)
- {DSA-5912-1 DSA-5910-1}
+ {DSA-5912-1 DSA-5910-1 DLA-4167-1}
- firefox-esr 128.10.0esr-1
- thunderbird 1:128.10.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-29/#CVE-2025-4093
@@ -6560,7 +6809,7 @@ CVE-2025-4092 (Memory safety bugs present in Firefox 137
and Thunderbird 137. So
- firefox 138.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-28/#CVE-2025-4092
CVE-2025-4091 (Memory safety bugs present in Firefox 137, Thunderbird 137,
Firefox ES ...)
- {DSA-5912-1 DSA-5910-1}
+ {DSA-5912-1 DSA-5910-1 DLA-4167-1}
- firefox 138.0-1
- firefox-esr 128.10.0esr-1
- thunderbird 1:128.10.0esr-1
@@ -6577,7 +6826,7 @@ CVE-2025-4088 (A security vulnerability in Thunderbird
allowed malicious sites t
- firefox 138.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-28/#CVE-2025-4088
CVE-2025-4087 (A vulnerability was identified in Thunderbird where XPath
parsing coul ...)
- {DSA-5912-1 DSA-5910-1}
+ {DSA-5912-1 DSA-5910-1 DLA-4167-1}
- firefox 138.0-1
- firefox-esr 128.10.0esr-1
- thunderbird 1:128.10.0esr-1
@@ -6596,7 +6845,7 @@ CVE-2025-4084 (Due to insufficient escaping of the
special characters in the "co
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-29/#CVE-2025-4084
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-32/#CVE-2025-4084
CVE-2025-4083 (A process isolation vulnerability in Thunderbird stemmed from
improper ...)
- {DSA-5912-1 DSA-5910-1}
+ {DSA-5912-1 DSA-5910-1 DLA-4167-1}
- firefox 138.0-1
- firefox-esr 128.10.0esr-1
- thunderbird 1:128.10.0esr-1
@@ -10899,15 +11148,15 @@ CVE-2024-13177 (Netskope Client on Mac OS is impacted
by a vulnerability in whic
CVE-2024-11084 (Helix ALM prior to 2025.1 returns distinct error responses
during auth ...)
NOT-FOR-US: Helix ALM
CVE-2025-3523 (When an email contains multiple attachments with external links
via th ...)
- {DSA-5912-1}
+ {DSA-5912-1 DLA-4167-1}
- thunderbird 1:128.10.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-27/#CVE-2025-3523
CVE-2025-2830 (By crafting a malformed file name for an attachment in a
multipart mes ...)
- {DSA-5912-1}
+ {DSA-5912-1 DLA-4167-1}
- thunderbird 1:128.10.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-27/#CVE-2025-2830
CVE-2025-3522 (Thunderbird processes the X-Mozilla-External-Attachment-URL
header to ...)
- {DSA-5912-1}
+ {DSA-5912-1 DLA-4167-1}
- thunderbird 1:128.10.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-27/#CVE-2025-3522
CVE-2025-3622 (A vulnerability, which was classified as critical, has been
found in X ...)
@@ -90272,6 +90521,7 @@ CVE-2024-40518 (SeaCMS 12.9 has a remote code execution
vulnerability. The vulne
CVE-2024-40110 (Sourcecodester Poultry Farm Management System v1.0 contains an
Unauthe ...)
NOT-FOR-US: Sourcecodester Poultry Farm Management System
CVE-2024-39917 (xrdp is an open source RDP server. xrdp versions prior to
0.10.0 have ...)
+ {DLA-4166-1}
- xrdp 0.10.1-1 (bug #1076769)
[bookworm] - xrdp <no-dsa> (Minor issue)
NOTE:
https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-7w22-h4w7-8j5j
@@ -163849,6 +164099,7 @@ CVE-2023-43125 (BIG-IP APM clients may send IP
traffic outside of the VPN tunnel
CVE-2023-43124 (BIG-IP APM clients may send IP traffic outside of the VPN
tunnel.Note: ...)
NOT-FOR-US: F5 BIG-IP
CVE-2023-42822 (xrdp is an open source remote desktop protocol server. Access
to the f ...)
+ {DLA-4166-1}
[experimental] - xrdp 0.9.24-1
- xrdp 0.9.24-2 (bug #1053284)
[bookworm] - xrdp <no-dsa> (Minor issue)
@@ -166239,7 +166490,7 @@ CVE-2023-3170 (The tagDiv Composer WordPress plugin
before 4.2, used as a compan
NOT-FOR-US: WordPress plugin
CVE-2023-3169 (The tagDiv Composer WordPress plugin before 4.2, used as a
companion b ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-39780 (ASUS RT-AX55 v3.0.0.4.386.51598 was discovered to contain an
authentic ...)
+CVE-2023-39780 (On ASUS RT-AX55 3.0.0.4.386.51598 devices, authenticated
attackers can ...)
NOT-FOR-US: ASUS
CVE-2023-39227 (Softneta MedDream PACSstores usernames and passwords in
plaintext. The ...)
NOT-FOR-US: Softneta MedDream PACS
@@ -167916,6 +168167,7 @@ CVE-2023-40186 (FreeRDP is a free implementation of
the Remote Desktop Protocol
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hcj4-3c3r-5j3v
NOTE:
https://github.com/FreeRDP/FreeRDP/commit/d8a1ac342ae375644c70579c33b5cf38fb43b083
(2.11.0)
CVE-2023-40184 (xrdp is an open source remote desktop protocol (RDP) server.
In versio ...)
+ {DLA-4166-1}
[experimental] - xrdp 0.9.24-1
- xrdp 0.9.24-2 (bug #1051061)
[bookworm] - xrdp <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fbd213ca6f71b79c1f1c8f8a8c3c8117f5a97c44
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fbd213ca6f71b79c1f1c8f8a8c3c8117f5a97c44
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
