Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
328ce30d by security tracker role at 2025-05-23T20:11:58+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,379 @@
+CVE-2025-5114 (A vulnerability has been found in easysoft zentaopms
21.5_20250307 and ...)
+ TODO: check
+CVE-2025-5112 (A vulnerability, which was classified as critical, was found in
FreeFl ...)
+ TODO: check
+CVE-2025-5111 (A vulnerability, which was classified as critical, has been
found in F ...)
+ TODO: check
+CVE-2025-5110 (A vulnerability classified as critical was found in FreeFloat
FTP Serv ...)
+ TODO: check
+CVE-2025-5109 (A vulnerability classified as critical has been found in
FreeFloat FTP ...)
+ TODO: check
+CVE-2025-5108 (A vulnerability was found in zongzhige ShopXO 6.5.0. It has
been rated ...)
+ TODO: check
+CVE-2025-5107 (A vulnerability was found in Fujian Kelixun 1.0. It has been
declared ...)
+ TODO: check
+CVE-2025-5106 (A vulnerability was found in Fujian Kelixun 1.0. It has been
classifie ...)
+ TODO: check
+CVE-2025-5105 (A vulnerability was found in TOZED ZLT W51 up to 1.4.2 and
classified ...)
+ TODO: check
+CVE-2025-5100 (A double-free condition occurs during the cleanup of temporary
image f ...)
+ TODO: check
+CVE-2025-5099 (An Out of Bounds Write occurs when the native library attempts
PDF ren ...)
+ TODO: check
+CVE-2025-5098 (PrinterShare Android application allows the capture of Gmail
authentic ...)
+ TODO: check
+CVE-2025-5096 (The TablePress plugin for WordPress is vulnerable to DOM-Based
Stored ...)
+ TODO: check
+CVE-2025-4975 (When a notification relating to low battery appears for a user
with wh ...)
+ TODO: check
+CVE-2025-4692 (Actors can use a maliciously crafted JavaScript object notation
(JSON) ...)
+ TODO: check
+CVE-2025-4642
+ REJECTED
+CVE-2025-4594 (The Tournamatch plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
+ TODO: check
+CVE-2025-4562
+ REJECTED
+CVE-2025-4379 (DobryCMS in versions 2.* and lower is vulnerable to Reflected
Cross-Si ...)
+ TODO: check
+CVE-2025-4338 (Lantronix Device installer is vulnerable to XML external entity
(XXE) ...)
+ TODO: check
+CVE-2025-48741 (A Broken Access Control vulnerability in StrangeBee TheHive
5.2.0 befo ...)
+ TODO: check
+CVE-2025-48740 (A Cross-Site Request Forgery (CSRF) vulnerability in
StrangeBee TheHiv ...)
+ TODO: check
+CVE-2025-48735 (A SQL Injection issue in the request body processing in BOS
IPCs with ...)
+ TODO: check
+CVE-2025-48708 (gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex
Ghostscri ...)
+ TODO: check
+CVE-2025-48701 (openDCIM through 23.04 allows SQL injection in
people_depts.php becaus ...)
+ TODO: check
+CVE-2025-48695 (An issue was discovered in CyberDAVA before 1.1.20. A
privilege escala ...)
+ TODO: check
+CVE-2025-48378 (DNN (formerly DotNetNuke) is an open-source web content
management pla ...)
+ TODO: check
+CVE-2025-48377 (DNN (formerly DotNetNuke) is an open-source web content
management pla ...)
+ TODO: check
+CVE-2025-48376 (DNN (formerly DotNetNuke) is an open-source web content
management pla ...)
+ TODO: check
+CVE-2025-48375 (Schule is open-source school management system software. Prior
to vers ...)
+ TODO: check
+CVE-2025-48374 (zot is ancontainer image/artifact registry based on the Open
Container ...)
+ TODO: check
+CVE-2025-48373 (Schule is open-source school management system software. The
applicati ...)
+ TODO: check
+CVE-2025-48372 (Schule is open-source school management system software. The
generateO ...)
+ TODO: check
+CVE-2025-48371 (OpenFGA is an authorization/permission engine. OpenFGA
versions 1.8.0 ...)
+ TODO: check
+CVE-2025-48292 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-48289 (Deserialization of Untrusted Data vulnerability in
AncoraThemes Kids P ...)
+ TODO: check
+CVE-2025-48287 (Deserialization of Untrusted Data vulnerability in Pagaleve
Pix 4x sem ...)
+ TODO: check
+CVE-2025-48286 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-48283 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-48275 (Missing Authorization vulnerability in dastan800 Visual Header
allows ...)
+ TODO: check
+CVE-2025-48273 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2025-48271 (Missing Authorization vulnerability in Leadinfo Leadinfo
allows Exploi ...)
+ TODO: check
+CVE-2025-48245 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-48241 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-47690 (Missing Authorization vulnerability in smackcoders Lead Form
Data Coll ...)
+ TODO: check
+CVE-2025-47687 (Unrestricted Upload of File with Dangerous Type vulnerability
in Store ...)
+ TODO: check
+CVE-2025-47680 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-47678 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-47673 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-47672 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-47671 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-47670 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-47663 (Unrestricted Upload of File with Dangerous Type vulnerability
in mojoo ...)
+ TODO: check
+CVE-2025-47660 (Deserialization of Untrusted Data vulnerability in Codexpert,
Inc WC A ...)
+ TODO: check
+CVE-2025-47658 (Unrestricted Upload of File with Dangerous Type vulnerability
in ELEXt ...)
+ TODO: check
+CVE-2025-47646 (Weak Password Recovery Mechanism for Forgotten Password
vulnerability ...)
+ TODO: check
+CVE-2025-47642 (Unrestricted Upload of File with Dangerous Type vulnerability
in Ajar ...)
+ TODO: check
+CVE-2025-47641 (Unrestricted Upload of File with Dangerous Type vulnerability
in print ...)
+ TODO: check
+CVE-2025-47640 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-47637 (Unrestricted Upload of File with Dangerous Type vulnerability
in STAGG ...)
+ TODO: check
+CVE-2025-47631 (Incorrect Privilege Assignment vulnerability in mojoomla
Hospital Mana ...)
+ TODO: check
+CVE-2025-47619 (Missing Authorization vulnerability in 6Storage 6Storage
Rentals allow ...)
+ TODO: check
+CVE-2025-47618 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-47613 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-47611 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-47603 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2025-47599 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-47575 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-47568 (Deserialization of Untrusted Data vulnerability in ZoomIt
ZoomSounds a ...)
+ TODO: check
+CVE-2025-47558 (Missing Authorization vulnerability in RomanCode MapSVG allows
Accessi ...)
+ TODO: check
+CVE-2025-47541 (Insertion of Sensitive Information Into Sent Data
vulnerability in WPF ...)
+ TODO: check
+CVE-2025-47539 (Incorrect Privilege Assignment vulnerability in Themewinter
Eventin al ...)
+ TODO: check
+CVE-2025-47535 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2025-47532 (Deserialization of Untrusted Data vulnerability in
CoinPayments CoinPa ...)
+ TODO: check
+CVE-2025-47530 (Deserialization of Untrusted Data vulnerability in WPFunnels
WPFunnels ...)
+ TODO: check
+CVE-2025-47529 (Missing Authorization vulnerability in UX Design Experts
Experto CTA W ...)
+ TODO: check
+CVE-2025-47513 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2025-47512 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2025-47492 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2025-47478 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-47461 (Authentication Bypass Using an Alternate Path or Channel
vulnerability ...)
+ TODO: check
+CVE-2025-47458 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-47453 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-47438 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-47181 (Improper link resolution before file access ('link following')
in Micr ...)
+ TODO: check
+CVE-2025-47149 (The optional feature 'Anti-Virus & Sandbox' of i-FILTER
contains an is ...)
+ TODO: check
+CVE-2025-46539 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-46537 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-46527 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2025-46526 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-46518 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-46515 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-46493 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-46490 (Unrestricted Upload of File with Dangerous Type vulnerability
in wordw ...)
+ TODO: check
+CVE-2025-46488 (Missing Authorization vulnerability in dastan800 Visual
Builder allows ...)
+ TODO: check
+CVE-2025-46487 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-46486 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2025-46474 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-46468 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-46463 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-46460 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-46458 (Cross-Site Request Forgery (CSRF) vulnerability in x000x
occupancyplan ...)
+ TODO: check
+CVE-2025-46456 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-46455 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-46454 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-46448 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-46446 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-46444 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-46440 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-46437 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-46176 (Hardcoded credentials in the Telnet service in D-Link DIR-605L
v2.13B0 ...)
+ TODO: check
+CVE-2025-44998 (A stored cross-site scripting (XSS) vulnerability in the
component /ti ...)
+ TODO: check
+CVE-2025-43860 (OpenEMR is a free and open source electronic health records
and medica ...)
+ TODO: check
+CVE-2025-41407 (Zohocorp ManageEngine ADAudit Plus versions below 8511 are
vulnerable ...)
+ TODO: check
+CVE-2025-41380 (Iridium Certus 700 version 1.0.1 has an embedded credentials
vulnerabi ...)
+ TODO: check
+CVE-2025-41379 (The Intellian C700 web panel allows you to add firewall rules.
Each of ...)
+ TODO: check
+CVE-2025-41378 (The SSID field is not parsed correctly and can be used to
inject comma ...)
+ TODO: check
+CVE-2025-41377 (Cryptographic vulnerability in Iridium Certus 700. This
vulnerability ...)
+ TODO: check
+CVE-2025-3895 (Token used for resetting passwords in MegaBIP softwareare
generated us ...)
+ TODO: check
+CVE-2025-3894 (Text editor embedded into MegaBIP software does not neutralize
user in ...)
+ TODO: check
+CVE-2025-3893 (While editing pages managed by MegaBIP a user with high
privileges is ...)
+ TODO: check
+CVE-2025-3580 (An access control vulnerability was discovered in Grafana OSS
where an ...)
+ TODO: check
+CVE-2025-39536 (Missing Authorization vulnerability in Chimpstudio JobHunt Job
Alerts ...)
+ TODO: check
+CVE-2025-39506 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-39505 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-39504 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-39503 (Deserialization of Untrusted Data vulnerability in GoodLayers
Goodlaye ...)
+ TODO: check
+CVE-2025-39502 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-39501 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-39500 (Deserialization of Untrusted Data vulnerability in GoodLayers
Goodlaye ...)
+ TODO: check
+CVE-2025-39499 (Deserialization of Untrusted Data vulnerability in BoldThemes
Medicare ...)
+ TODO: check
+CVE-2025-39495 (Deserialization of Untrusted Data vulnerability in BoldThemes
Avantage ...)
+ TODO: check
+CVE-2025-39494 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-39490 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-39489 (Incorrect Privilege Assignment vulnerability in pebas CouponXL
allows ...)
+ TODO: check
+CVE-2025-39485 (Deserialization of Untrusted Data vulnerability in ThemeGoods
Grand To ...)
+ TODO: check
+CVE-2025-39480 (Deserialization of Untrusted Data vulnerability in ThemeMakers
Car Dea ...)
+ TODO: check
+CVE-2025-36527 (Zohocorp ManageEngineADAudit Plus versions below 8511 are
vulnerable t ...)
+ TODO: check
+CVE-2025-32967 (OpenEMR is a free and open source electronic health records
and medica ...)
+ TODO: check
+CVE-2025-32794 (OpenEMR is a free and open source electronic health records
and medica ...)
+ TODO: check
+CVE-2025-32309 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-32302 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-32294 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-32293 (Deserialization of Untrusted Data vulnerability in
designthemes Financ ...)
+ TODO: check
+CVE-2025-32292 (Deserialization of Untrusted Data vulnerability in
AncoraThemes Jarvis ...)
+ TODO: check
+CVE-2025-32289 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-32286 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-32285 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-32284 (Deserialization of Untrusted Data vulnerability in
designthemes Pet Wo ...)
+ TODO: check
+CVE-2025-31927 (Deserialization of Untrusted Data vulnerability in themeton
Acerola al ...)
+ TODO: check
+CVE-2025-31924 (Deserialization of Untrusted Data vulnerability in
designthemes Crafts ...)
+ TODO: check
+CVE-2025-31918 (Incorrect Privilege Assignment vulnerability in quantumcloud
Simple Bu ...)
+ TODO: check
+CVE-2025-31916 (Unrestricted Upload of File with Dangerous Type vulnerability
in joy20 ...)
+ TODO: check
+CVE-2025-31914 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-31913 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-31912 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-31636 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-31633 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-31632 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-31631 (Deserialization of Untrusted Data vulnerability in
AncoraThemes Fish H ...)
+ TODO: check
+CVE-2025-31430 (Deserialization of Untrusted Data vulnerability in themeton
The Busine ...)
+ TODO: check
+CVE-2025-31423 (Deserialization of Untrusted Data vulnerability in
AncoraThemes Umbert ...)
+ TODO: check
+CVE-2025-31397 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-31069 (Deserialization of Untrusted Data vulnerability in themeton
HotStar \u ...)
+ TODO: check
+CVE-2025-31064 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-31060 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-31056 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-31053 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2025-31049 (Deserialization of Untrusted Data vulnerability in themeton
Dash allow ...)
+ TODO: check
+CVE-2025-2394 (Ecovacs Home Android and iOS Mobile Applications up to version
3.3.0 c ...)
+ TODO: check
+CVE-2025-24917 (In Tenable Network Monitor versions prior to 6.5.1 on a
Windows host, ...)
+ TODO: check
+CVE-2025-24916 (When installing Tenable Network Monitor to a non-default
location on a ...)
+ TODO: check
+CVE-2025-1123 (The Solid Mail \u2013 SMTP email and logging made by SolidWP
plugin fo ...)
+ TODO: check
+CVE-2024-9163 (A business logic error in GitLab CE/EE affecting all versions
starting ...)
+ TODO: check
+CVE-2024-7803 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
+ TODO: check
+CVE-2024-51360 (An issue in Hospital Management System In PHP V4.0 allows a
remote att ...)
+ TODO: check
+CVE-2024-51108 (Multiple stored cross-site scripting (XSS) vulnerabilities in
the comp ...)
+ TODO: check
+CVE-2024-51107 (Multiple stored cross-site scripting (XSS) vulnerabilities in
the comp ...)
+ TODO: check
+CVE-2024-51103 (PHPGURUKUL Student Management System using PHP and MySQL v1
was discov ...)
+ TODO: check
+CVE-2024-51102 (PHPGURUKUL Student Management System using PHP and MySQL v1
was discov ...)
+ TODO: check
+CVE-2024-51101 (PHPGURUKUL Restaurant Table Booking System using PHP and MySQL
v1.0 wa ...)
+ TODO: check
+CVE-2024-51099 (A reflected cross-site scripting (XSS) vulnerability in the
component ...)
+ TODO: check
+CVE-2024-48704 (Phpgurukul Medical Card Generation System v1.0 is vulnerable
to HTML I ...)
+ TODO: check
+CVE-2024-48702 (PHPGurukul Old Age Home Management System v1.0 is vulnerable
to HTML I ...)
+ TODO: check
+CVE-2024-13945 (Stored Absolute Path Traversal vulnerabilities in ASPECT could
expose ...)
+ TODO: check
+CVE-2023-53154 (parse_string in cJSON before 1.7.18 has a heap-based buffer
over-read ...)
+ TODO: check
+CVE-2023-34873 (On MOBOTIX P3 cameras before MX-V4.7.2.18 and Mx6 cameras
before MX-V5 ...)
+ TODO: check
+CVE-2018-25110 (Marked prior to version 0.3.17 is vulnerable to a Regular
Expression D ...)
+ TODO: check
CVE-2025-40909 [Thread creation while a directory handle is open does a
fchdir, affecting other threads (race condition)]
- perl <unfixed> (bug #1098226)
[bookworm] - perl <postponed> (Minor issue; decide for DSA or no-DSA
once upstream lands a fix)
@@ -2912,7 +3288,7 @@ CVE-2024-45067 (Incorrect default permissions in some
Intel(R) Gaudi(R) software
NOT-FOR-US: Intel
CVE-2024-13914 (The File Manager Advanced Shortcode WordPress plugin for
WordPress is ...)
NOT-FOR-US: WordPress plugin
-CVE-2025-4478 (A flaw was found in the gnome-remote-desktop used by Anaconda's
remote ...)
+CVE-2025-4478 (A flaw was found in the FreeRDP used by Anaconda's remote
install feat ...)
- freerdp3 <unfixed> (bug #1105917)
- freerdp2 <removed>
[bullseye] - freerdp2 <not-affected> (Vulnerable code introduced later)
@@ -4048,44 +4424,44 @@ CVE-2024-55466 (An arbitrary file upload vulnerability
in the Image Gallery of T
CVE-2023-34732 (An issue in the userId parameter in the change password
function of Fl ...)
NOT-FOR-US: Flytxt NEON-dX
CVE-2025-20054 (Uncaught exception in the core management mechanism for some
Intel(R) ...)
- {DLA-4170-1}
+ {DSA-5924-1 DLA-4170-1}
- intel-microcode 3.20250512.1 (bug #1105172)
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01244.html
NOTE:
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250512
CVE-2025-20103 (Insufficient resource pool in the core management mechanism
for some I ...)
- {DLA-4170-1}
+ {DSA-5924-1 DLA-4170-1}
- intel-microcode 3.20250512.1 (bug #1105172)
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01244.html
NOTE:
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250512
CVE-2024-45332 (Exposure of sensitive information caused by shared
microarchitectural ...)
- {DLA-4170-1}
+ {DSA-5924-1 DLA-4170-1}
- intel-microcode 3.20250512.1 (bug #1105172)
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01247.html
NOTE:
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250512
NOTE:
https://comsec.ethz.ch/research/microarch/branch-privilege-injection/
NOTE: https://comsec.ethz.ch/wp-content/files/bprc_sec25.pdf
CVE-2025-20623 (Exposure of sensitive information caused by shared
microarchitectural ...)
- {DLA-4170-1}
+ {DSA-5924-1 DLA-4170-1}
- intel-microcode 3.20250512.1 (bug #1105172)
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01247.html
NOTE:
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250512
CVE-2024-43420 (Exposure of sensitive information caused by shared
microarchitectural ...)
- {DLA-4170-1}
+ {DSA-5924-1 DLA-4170-1}
- intel-microcode 3.20250512.1 (bug #1105172)
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01247.html
NOTE:
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250512
CVE-2025-20012 (Incorrect behavior order for some Intel(R) Core\u2122 Ultra
Processors ...)
- {DLA-4170-1}
+ {DSA-5924-1 DLA-4170-1}
- intel-microcode 3.20250512.1 (bug #1105172)
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01322.html
NOTE:
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250512
CVE-2025-24495 (Incorrect initialization of resource in the branch prediction
unit for ...)
- {DLA-4170-1}
+ {DSA-5924-1 DLA-4170-1}
- intel-microcode 3.20250512.1 (bug #1105172)
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01322.html
NOTE:
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250512
CVE-2024-28956 (Exposure of Sensitive Information in Shared Microarchitectural
Structu ...)
- {DLA-4170-1}
+ {DSA-5924-1 DLA-4170-1}
- intel-microcode 3.20250512.1 (bug #1105172)
- linux 6.12.29-1
- xen <unfixed> (bug #1105193)
@@ -4176,7 +4552,7 @@ CVE-2025-4542 (A vulnerability, which was classified as
problematic, has been fo
NOT-FOR-US: Freeebird Hotel API
CVE-2025-4541 (A vulnerability classified as critical has been found in LmxCMS
1.41. ...)
NOT-FOR-US: LmxCMS
-CVE-2025-4540 (A vulnerability was found in MTSoftware C-Lodop 6.6.1.1. It has
been r ...)
+CVE-2025-4540 (A vulnerability was found in MTSoftware C-Lodop 6.6.1.1 on
Windows. It ...)
NOT-FOR-US: MTSoftware C-Lodop
CVE-2025-4539 (A vulnerability was found in Hainan ToDesk 4.7.6.3. It has been
declar ...)
NOT-FOR-US: Hainan ToDesk
@@ -36660,7 +37036,7 @@ CVE-2024-56470 (IBM Aspera Shares1.9.0 through 1.10.0
PL6 is vulnerable to serv
NOT-FOR-US: IBM
CVE-2024-54853 (A Stored Cross-Site Scripting (XSS) vulnerability was
identified affec ...)
NOT-FOR-US: Skybox Change Manager
-CVE-2024-51547 (Credentials/keys may be disclosed in ASPECT exposing sensitive
informa ...)
+CVE-2024-51547 (Use of Hard-coded Credentials vulnerability in ABB
ASPECT-Enterprise, ...)
NOT-FOR-US: ABB
CVE-2024-51450 (IBM Security Verify Directory 10.0.0 through 10.0.3 could
allow a remo ...)
NOT-FOR-US: IBM
@@ -262850,8 +263226,8 @@ CVE-2022-31813 (Apache HTTP Server 2.4.53 and earlier
may not send the X-Forward
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-31813
NOTE:
https://github.com/apache/httpd/commit/956f708b094698ac9ad570d640d4f30eb0df7305
NOTE:
https://www.synacktiv.com/publications/cve-2022-31813-forwarding-addresses-is-hard.html
-CVE-2022-31812
- RESERVED
+CVE-2022-31812 (A vulnerability has been identified in SiPass integrated (All
versions ...)
+ TODO: check
CVE-2022-31811
RESERVED
CVE-2022-31810 (A vulnerability has been identified in SiPass integrated (All
versions ...)
@@ -262860,8 +263236,8 @@ CVE-2022-31809
RESERVED
CVE-2022-31808 (A vulnerability has been identified in SiPass integrated
AC5102 (ACC-G ...)
NOT-FOR-US: SiPass
-CVE-2022-31807
- RESERVED
+CVE-2022-31807 (A vulnerability has been identified in SiPass integrated
AC5102 (ACC-G ...)
+ TODO: check
CVE-2022-31806 (In CODESYS V2 PLCWinNT and Runtime Toolkit 32 in versions
prior to V2. ...)
NOT-FOR-US: CODESYS
CVE-2022-31805 (In the CODESYS Development System multiple components in
multiple vers ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/328ce30dee308711638f562b5ca697b61d9074d6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/328ce30dee308711638f562b5ca697b61d9074d6
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
