[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Wed, 21 May 2025 13:13:18 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
33bb491e by security tracker role at 2025-05-21T20:12:55+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,184 @@
-CVE-2025-40775
+CVE-2025-5051 (A vulnerability classified as critical has been found in 
FreeFloat FTP ...)
+       TODO: check
+CVE-2025-5050 (A vulnerability was found in FreeFloat FTP Server 1.0. It has 
been rat ...)
+       TODO: check
+CVE-2025-5049 (A vulnerability was found in FreeFloat FTP Server 1.0. It has 
been dec ...)
+       TODO: check
+CVE-2025-5033 (A vulnerability classified as problematic was found in 
XiaoBingby TeaC ...)
+       TODO: check
+CVE-2025-5032 (A vulnerability classified as critical has been found in 
Campcodes Onl ...)
+       TODO: check
+CVE-2025-5031 (A vulnerability was found in Ackites KillWxapkg up to 2.4.1. It 
has be ...)
+       TODO: check
+CVE-2025-5030 (A vulnerability was found in Ackites KillWxapkg up to 2.4.1. It 
has be ...)
+       TODO: check
+CVE-2025-5029 (A vulnerability has been found in Kingdee Cloud Galaxy Private 
Cloud B ...)
+       TODO: check
+CVE-2025-5020 (Opening maliciously-crafted URLs in Firefox from other apps 
such as Sa ...)
+       TODO: check
+CVE-2025-4803 (The Glossary by WPPedia \u2013 Best Glossary plugin for 
WordPress plug ...)
+       TODO: check
+CVE-2025-4611 (The Slim SEO \u2013 Fast & Automated WordPress SEO Plugin 
plugin for W ...)
+       TODO: check
+CVE-2025-4416 (Allocation of Resources Without Limits or Throttling 
vulnerability in  ...)
+       TODO: check
+CVE-2025-4415 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-4221 (The Animated Buttons plugin for WordPress is vulnerable to 
Stored Cros ...)
+       TODO: check
+CVE-2025-4219 (The DPEPress plugin for WordPress is vulnerable to Stored 
Cross-Site S ...)
+       TODO: check
+CVE-2025-4217 (The WP YouTube Video Optimizer plugin for WordPress is 
vulnerable to S ...)
+       TODO: check
+CVE-2025-4105 (The Splitit plugin for WordPress is vulnerable to unauthorized 
modific ...)
+       TODO: check
+CVE-2025-4008 (The Meteobridge web interface let meteobridge administrator 
manage the ...)
+       TODO: check
+CVE-2025-48417 (The certificate and private key used for providing transport 
layer sec ...)
+       TODO: check
+CVE-2025-48416 (An OpenSSH daemon listens on TCP port 22. There is a 
hard-coded entry  ...)
+       TODO: check
+CVE-2025-48415 (A USB backdoor feature can be triggered by attaching a USB 
drive that  ...)
+       TODO: check
+CVE-2025-48414 (There are several scripts in the web interface that are 
accessible via ...)
+       TODO: check
+CVE-2025-48413 (The `/etc/passwd` and `/etc/shadow` files reveal hard-coded 
password h ...)
+       TODO: check
+CVE-2025-48207 (The reint_downloadmanager extension through 5.0.0 for TYPO3 
allows Ins ...)
+       TODO: check
+CVE-2025-48206 (The ns_backup extension through 13.0.0 for TYPO3 allows XSS.)
+       TODO: check
+CVE-2025-48205 (The sr_feuser_register extension through 12.4.8 for TYPO3 
allows Insec ...)
+       TODO: check
+CVE-2025-48204 (The ns_backup extension through 13.0.0 for TYPO3 allows 
command inject ...)
+       TODO: check
+CVE-2025-48203 (The cs_seo extension through 9.2.0 for TYPO3 allows XSS.)
+       TODO: check
+CVE-2025-48202 (The femanager extension through 8.2.1 for TYPO3 allows 
Insecure Direct ...)
+       TODO: check
+CVE-2025-48201 (The ns_backup extension through 13.0.0 for TYPO3 has a 
Predictable Res ...)
+       TODO: check
+CVE-2025-48200 (The sr_feuser_register extension through 12.4.8 for TYPO3 
allows Remot ...)
+       TODO: check
+CVE-2025-48069 (ejson2env allows users to decrypt EJSON secrets and export 
them as env ...)
+       TODO: check
+CVE-2025-48064 (GitHub Desktop is an open-source, Electron-based GitHub app 
designed f ...)
+       TODO: check
+CVE-2025-48063 (XWiki is a generic wiki platform. In XWiki 16.10.0, required 
rights we ...)
+       TODO: check
+CVE-2025-48060 (jq is a command-line JSON processor. In versions up to and 
including 1 ...)
+       TODO: check
+CVE-2025-48012 (Authentication Bypass by Capture-replay vulnerability in 
Drupal One Ti ...)
+       TODO: check
+CVE-2025-48011 (Authentication Bypass Using an Alternate Path or Channel 
vulnerability ...)
+       TODO: check
+CVE-2025-48010 (Authentication Bypass Using an Alternate Path or Channel 
vulnerability ...)
+       TODO: check
+CVE-2025-48009 (Missing Authorization vulnerability in Drupal Single Content 
Sync allo ...)
+       TODO: check
+CVE-2025-47291 (containerd is an open-source container runtime. A bug was 
found in the ...)
+       TODO: check
+CVE-2025-46822 (OsamaTaher/Java-springboot-codebase is a collection of Java 
and Spring ...)
+       TODO: check
+CVE-2025-46412 (Affected Vertiv products do not properly protect webserver 
functions t ...)
+       TODO: check
+CVE-2025-45755 (A Stored Cross-Site Scripting (XSS) vulnerability exists in 
Vtiger CRM ...)
+       TODO: check
+CVE-2025-45754 (A stored cross-site scripting (XSS) vulnerability exists in 
SeedDMS 6. ...)
+       TODO: check
+CVE-2025-45752 (A vulnerability in SeedDMS 6.0.32 allows an attacker with 
admin privil ...)
+       TODO: check
+CVE-2025-44895 (FW-WGS-804HPT v1.305b241111 was discovered to contain a stack 
overflow ...)
+       TODO: check
+CVE-2025-44892 (FW-WGS-804HPT v1.305b241111 was discovered to contain a stack 
overflow ...)
+       TODO: check
+CVE-2025-44083 (An issue in D-Link DI-8100 16.07.26A1 allows a remote attacker 
to bypa ...)
+       TODO: check
+CVE-2025-41426 (Affected Vertiv products contain a stack based buffer overflow 
vulnera ...)
+       TODO: check
+CVE-2025-41232 (Spring Security Aspects may not correctly locate method 
security annot ...)
+       TODO: check
+CVE-2025-3781 (The Raisely Donation Form plugin for WordPress is vulnerable to 
Stored ...)
+       TODO: check
+CVE-2025-3751 (The component listed above contains a vulnerability that can be 
exploi ...)
+       TODO: check
+CVE-2025-3750 (The Network Posts Extended plugin for WordPress is vulnerable 
to Store ...)
+       TODO: check
+CVE-2025-36535 (The embedded web server lacks authentication and access 
controls, allo ...)
+       TODO: check
+CVE-2025-2261 (Stored XSS in TIBCO ActiveMatrix Administrator allows malicious 
data t ...)
+       TODO: check
+CVE-2025-2102 (Improper Link Resolution Before File Access ('Link Following') 
vulnera ...)
+       TODO: check
+CVE-2025-27998 (An issue in Valvesoftware Steam Client Steam Client 1738026274 
allows  ...)
+       TODO: check
+CVE-2025-27997 (An issue in Blizzard Battle.net v2.40.0.15267 allows attackers 
to esca ...)
+       TODO: check
+CVE-2025-27804 (Several OS command injection vulnerabilities exist in the 
device firmw ...)
+       TODO: check
+CVE-2025-27803 (The devices do not implement any authentication for the web 
interface  ...)
+       TODO: check
+CVE-2025-27558 (IEEE P802.11-REVme D1.1 through D7.0 allows FragAttacks 
against mesh n ...)
+       TODO: check
+CVE-2025-25539 (Local File Inclusion vulnerability in Vasco v3.14and before 
allows a r ...)
+       TODO: check
+CVE-2025-20267 (A vulnerability in the web-based management interface of Cisco 
Identit ...)
+       TODO: check
+CVE-2025-20258 (A vulnerability in the self-service portal of Cisco Duo could 
allow an ...)
+       TODO: check
+CVE-2025-20257 (A vulnerability in an API subsystem of Cisco Secure Network 
Analytics  ...)
+       TODO: check
+CVE-2025-20256 (A vulnerability in the web-based management interface of Cisco 
Secure  ...)
+       TODO: check
+CVE-2025-20255 (A vulnerability in client join services of Cisco Webex 
Meetings could  ...)
+       TODO: check
+CVE-2025-20250 (A vulnerability in Cisco Webex could allow an unauthenticated, 
remote  ...)
+       TODO: check
+CVE-2025-20247 (A vulnerability in Cisco Webex could allow an unauthenticated, 
remote  ...)
+       TODO: check
+CVE-2025-20246 (A vulnerability in Cisco Webex could allow an unauthenticated, 
remote  ...)
+       TODO: check
+CVE-2025-20242 (A vulnerability in the Cloud Connect component of Cisco 
Unified Contac ...)
+       TODO: check
+CVE-2025-20152 (A vulnerability in the RADIUS message processing feature of 
Cisco Iden ...)
+       TODO: check
+CVE-2025-20114 (A vulnerability in the API of Cisco Unified Intelligence 
Center could  ...)
+       TODO: check
+CVE-2025-20113 (A vulnerability in Cisco Unified Intelligence Center could 
allow an au ...)
+       TODO: check
+CVE-2025-20112 (A vulnerability in multiple Cisco Unified Communications and 
Contact C ...)
+       TODO: check
+CVE-2025-1712 (Argument injection in special agent configuration in Checkmk 
<2.4.0p1, ...)
+       TODO: check
+CVE-2025-1421 (Data provided in a request performed to the server while 
activating a  ...)
+       TODO: check
+CVE-2025-1420 (Input provided in a field containing "activationMessage"in 
Konsola Pro ...)
+       TODO: check
+CVE-2025-1419 (Input provided in comment section of Konsola Proget is not 
sanitized c ...)
+       TODO: check
+CVE-2025-1418 (A low-privileged user can access information about profiles 
created in ...)
+       TODO: check
+CVE-2025-1417 (In Proget MDM, a low-privileged user can access information 
about chan ...)
+       TODO: check
+CVE-2025-1416 (In Proget MDM, a low-privileged user can retrieve passwords for 
manage ...)
+       TODO: check
+CVE-2025-1415 (A low-privileged user is able to obtain information about tasks 
execut ...)
+       TODO: check
+CVE-2025-0372 (Concurrent Execution using Shared Resource with Improper 
Synchronizati ...)
+       TODO: check
+CVE-2024-57529 (Cross Site Scripting vulnerability in Jeppesen JetPlanner Pro 
v.1.6.2. ...)
+       TODO: check
+CVE-2024-56429 (itech iLabClient 3.7.1 relies on the hard-coded 
YngAYdgAE/kKZYu2F2wm6w ...)
+       TODO: check
+CVE-2024-56428 (The local iLabClient database in itech iLabClient 3.7.1 allows 
local a ...)
+       TODO: check
+CVE-2024-42922 (AAPanel v7.0.7 was discovered to contain an OS command 
injection vulne ...)
+       TODO: check
+CVE-2024-23337 (jq is a command-line JSON processor. In versions up to and 
including 1 ...)
+       TODO: check
+CVE-2024-12561 (The Affiliate Sales in Google Analytics and other tools plugin 
for Wor ...)
+       TODO: check
+CVE-2025-40775 (When an incoming DNS protocol message includes a Transaction 
Signature ...)
        - bind9 1:9.20.9-1
        [bookworm] - bind9 <not-affected> (Vulnerable code not present)
        [bullseye] - bind9 <not-affected> (Vulnerable code not present)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/33bb491ec92d8568e9e421768359aaf32df861ee

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/33bb491ec92d8568e9e421768359aaf32df861ee
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to