Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7c33e21f by security tracker role at 2025-06-10T20:12:57+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,9 +1,424 @@
-CVE-2025-49133 [Fix potential out-of-bound access & abort due to HMAC signing
issue]
+CVE-2025-5977 (A vulnerability was found in code-projects School Fees Payment
System ...)
+ TODO: check
+CVE-2025-5976 (A vulnerability has been found in PHPGurukul Rail Pass
Management Syst ...)
+ TODO: check
+CVE-2025-5975 (A vulnerability, which was classified as problematic, was found
in PHP ...)
+ TODO: check
+CVE-2025-5974 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2025-5973 (A vulnerability classified as problematic was found in
PHPGurukul Rest ...)
+ TODO: check
+CVE-2025-5972 (A vulnerability classified as problematic has been found in
PHPGurukul ...)
+ TODO: check
+CVE-2025-5971 (A vulnerability was found in code-projects School Fees Payment
System ...)
+ TODO: check
+CVE-2025-5970 (A vulnerability was found in PHPGurukul Restaurant Table
Booking Syste ...)
+ TODO: check
+CVE-2025-5969 (A vulnerability has been found in D-Link DIR-632 FW103B08 and
classifi ...)
+ TODO: check
+CVE-2025-5943 (MicroDicom DICOM Viewer suffers from an out-of-bounds write
vulnerab ...)
+ TODO: check
+CVE-2025-5743 (CWE-78: I Improper Neutralization of Special Elements used in
an OS Co ...)
+ TODO: check
+CVE-2025-5742 (CWE-79: Improper Neutralization of Input During Web Page
Generation (\ ...)
+ TODO: check
+CVE-2025-5741 (CWE-22: Improper Limitation of a Pathname to a Restricted
Directory (' ...)
+ TODO: check
+CVE-2025-5740 (CWE-22: Improper Limitation of a Pathname to a Restricted
Directory (' ...)
+ TODO: check
+CVE-2025-5353 (A hardcoded key in Ivanti Workspace Control before version
10.19.10.0 ...)
+ TODO: check
+CVE-2025-5335 (A maliciously crafted binary file when downloaded could lead to
escala ...)
+ TODO: check
+CVE-2025-4801
+ REJECTED
+CVE-2025-4774 (The Premium Addons for Elementor plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2025-4681 (Improper Privilege Management vulnerability in upKeeper
Solutions upKe ...)
+ TODO: check
+CVE-2025-4680 (Improper Input Validation vulnerability in upKeeper Solutions
upKeeper ...)
+ TODO: check
+CVE-2025-4678 (Improper Neutralization of Special Elements in the
chromium_path varia ...)
+ TODO: check
+CVE-2025-4653 (Improper Neutralization of Special Elements in the backup name
field m ...)
+ TODO: check
+CVE-2025-4577 (The Smash Balloon Social Post Feed \u2013 Simple Social Feeds
for Word ...)
+ TODO: check
+CVE-2025-49511 (Cross-Site Request Forgery (CSRF) vulnerability in uxper Civi
Framewor ...)
+ TODO: check
+CVE-2025-49510 (Cross-Site Request Forgery (CSRF) vulnerability in WPFactory
Min Max S ...)
+ TODO: check
+CVE-2025-49509 (Missing Authorization vulnerability in Roland Beaussant Audio
Editor & ...)
+ TODO: check
+CVE-2025-49507 (Deserialization of Untrusted Data vulnerability in LoftOcean
CozyStay ...)
+ TODO: check
+CVE-2025-49455 (Deserialization of Untrusted Data vulnerability in LoftOcean
TinySalt ...)
+ TODO: check
+CVE-2025-49454 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-49143 (Nautobot is a Network Source of Truth and Network Automation
Platform. ...)
+ TODO: check
+CVE-2025-49142 (Nautobot is a Network Source of Truth and Network Automation
Platform. ...)
+ TODO: check
+CVE-2025-48937 (matrix-rust-sdk is an implementation of a Matrix client-server
library ...)
+ TODO: check
+CVE-2025-48879 (OctoPrint versions up until and including 1.11.1 contain a
vulnerabili ...)
+ TODO: check
+CVE-2025-48067 (OctoPrint provides a web interface for controlling consumer 3D
printer ...)
+ TODO: check
+CVE-2025-47977 (Improper neutralization of input during web page generation
('cross-si ...)
+ TODO: check
+CVE-2025-47969 (Exposure of sensitive information to an unauthorized actor in
Windows ...)
+ TODO: check
+CVE-2025-47968 (Improper input validation in Microsoft AutoUpdate (MAU) allows
an auth ...)
+ TODO: check
+CVE-2025-47962 (Improper access control in Windows SDK allows an authorized
attacker t ...)
+ TODO: check
+CVE-2025-47957 (Use after free in Microsoft Office Word allows an unauthorized
attacke ...)
+ TODO: check
+CVE-2025-47956 (External control of file name or path in Windows Security App
allows a ...)
+ TODO: check
+CVE-2025-47955 (Improper privilege management in Windows Remote Access
Connection Mana ...)
+ TODO: check
+CVE-2025-47953 (Use after free in Microsoft Office allows an unauthorized
attacker to ...)
+ TODO: check
+CVE-2025-47176 ('.../...//' in Microsoft Office Outlook allows an authorized
attacker ...)
+ TODO: check
+CVE-2025-47175 (Use after free in Microsoft Office PowerPoint allows an
unauthorized a ...)
+ TODO: check
+CVE-2025-47174 (Heap-based buffer overflow in Microsoft Office Excel allows an
unautho ...)
+ TODO: check
+CVE-2025-47173 (Improper input validation in Microsoft Office allows an
unauthorized a ...)
+ TODO: check
+CVE-2025-47172 (Improper neutralization of special elements used in an sql
command ('s ...)
+ TODO: check
+CVE-2025-47171 (Improper input validation in Microsoft Office Outlook allows
an author ...)
+ TODO: check
+CVE-2025-47170 (Use after free in Microsoft Office Word allows an unauthorized
attacke ...)
+ TODO: check
+CVE-2025-47169 (Heap-based buffer overflow in Microsoft Office Word allows an
unauthor ...)
+ TODO: check
+CVE-2025-47168 (Use after free in Microsoft Office Word allows an unauthorized
attacke ...)
+ TODO: check
+CVE-2025-47167 (Access of resource using incompatible type ('type confusion')
in Micro ...)
+ TODO: check
+CVE-2025-47166 (Deserialization of untrusted data in Microsoft Office
SharePoint allow ...)
+ TODO: check
+CVE-2025-47165 (Use after free in Microsoft Office Excel allows an
unauthorized attack ...)
+ TODO: check
+CVE-2025-47164 (Use after free in Microsoft Office allows an unauthorized
attacker to ...)
+ TODO: check
+CVE-2025-47163 (Deserialization of untrusted data in Microsoft Office
SharePoint allow ...)
+ TODO: check
+CVE-2025-47162 (Heap-based buffer overflow in Microsoft Office allows an
unauthorized ...)
+ TODO: check
+CVE-2025-47160 (Protection mechanism failure in Windows Shell allows an
unauthorized a ...)
+ TODO: check
+CVE-2025-47112 (Acrobat Reader versions 24.001.30235, 20.005.30763,
25.001.20521 and e ...)
+ TODO: check
+CVE-2025-47111 (Acrobat Reader versions 24.001.30235, 20.005.30763,
25.001.20521 and e ...)
+ TODO: check
+CVE-2025-47110 (Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12,
2.4.4-p ...)
+ TODO: check
+CVE-2025-47108 (Substance3D - Painter versions 11.0.1 and earlier are affected
by an o ...)
+ TODO: check
+CVE-2025-47107 (InCopy versions 20.2, 19.5.3 and earlier are affected by a
Heap-based ...)
+ TODO: check
+CVE-2025-47106 (InDesign Desktop versions ID20.2, ID19.5.3 and earlier are
affected by ...)
+ TODO: check
+CVE-2025-47105 (InDesign Desktop versions ID20.2, ID19.5.3 and earlier are
affected by ...)
+ TODO: check
+CVE-2025-47104 (InDesign Desktop versions ID20.2, ID19.5.3 and earlier are
affected by ...)
+ TODO: check
+CVE-2025-46612 (The Panel Designer dashboard in Airleader Master and Easy
before 6.36 ...)
+ TODO: check
+CVE-2025-44044 (Keyoti SearchUnit prior to 9.0.0. is vulnerable to XML
External Entity ...)
+ TODO: check
+CVE-2025-44043 (Keyoti SearchUnit prior to 9.0.0. is vulnerable to Server-Side
Request ...)
+ TODO: check
+CVE-2025-43701 (Improper Preservation of Permissions vulnerability in
Salesforce OmniS ...)
+ TODO: check
+CVE-2025-43700 (Improper Preservation of Permissions vulnerability in
Salesforce OmniS ...)
+ TODO: check
+CVE-2025-43699 (Improper Preservation of Permissions vulnerability in
Salesforce OmniS ...)
+ TODO: check
+CVE-2025-43698 (Improper Preservation of Permissions vulnerability in
Salesforce OmniS ...)
+ TODO: check
+CVE-2025-43697 (Improper Preservation of Permissions vulnerability in
Salesforce OmniS ...)
+ TODO: check
+CVE-2025-43593 (InDesign Desktop versions ID20.2, ID19.5.3 and earlier are
affected by ...)
+ TODO: check
+CVE-2025-43590 (InDesign Desktop versions ID20.2, ID19.5.3 and earlier are
affected by ...)
+ TODO: check
+CVE-2025-43589 (InDesign Desktop versions ID20.2, ID19.5.3 and earlier are
affected by ...)
+ TODO: check
+CVE-2025-43588 (Substance3D - Sampler versions 5.0 and earlier are affected by
an out- ...)
+ TODO: check
+CVE-2025-43586 (Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12,
2.4.4-p ...)
+ TODO: check
+CVE-2025-43585 (Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12,
2.4.4-p ...)
+ TODO: check
+CVE-2025-43581 (Substance3D - Sampler versions 5.0 and earlier are affected by
an out- ...)
+ TODO: check
+CVE-2025-43579 (Acrobat Reader versions 24.001.30235, 20.005.30763,
25.001.20521 and e ...)
+ TODO: check
+CVE-2025-43578 (Acrobat Reader versions 24.001.30235, 20.005.30763,
25.001.20521 and e ...)
+ TODO: check
+CVE-2025-43577 (Acrobat Reader versions 24.001.30235, 20.005.30763,
25.001.20521 and e ...)
+ TODO: check
+CVE-2025-43576 (Acrobat Reader versions 24.001.30235, 20.005.30763,
25.001.20521 and e ...)
+ TODO: check
+CVE-2025-43575 (Acrobat Reader versions 24.001.30235, 20.005.30763,
25.001.20521 and e ...)
+ TODO: check
+CVE-2025-43574 (Acrobat Reader versions 24.001.30235, 20.005.30763,
25.001.20521 and e ...)
+ TODO: check
+CVE-2025-43573 (Acrobat Reader versions 24.001.30235, 20.005.30763,
25.001.20521 and e ...)
+ TODO: check
+CVE-2025-43558 (InDesign Desktop versions ID20.2, ID19.5.3 and earlier are
affected by ...)
+ TODO: check
+CVE-2025-43550 (Acrobat Reader versions 24.001.30235, 20.005.30763,
25.001.20521 and e ...)
+ TODO: check
+CVE-2025-41657 (Due to an undocumented active bluetooth stack on products
delivered wi ...)
+ TODO: check
+CVE-2025-40662 (Absolute path disclosure vulnerability in DM Corporative CMS.
This vul ...)
+ TODO: check
+CVE-2025-40661 (An Insecure Direct Object Reference (IDOR) vulnerability has
been foun ...)
+ TODO: check
+CVE-2025-40660 (An Insecure Direct Object Reference (IDOR) vulnerability has
been foun ...)
+ TODO: check
+CVE-2025-40659 (An Insecure Direct Object Reference (IDOR) vulnerability has
been foun ...)
+ TODO: check
+CVE-2025-40658 (An Insecure Direct Object Reference (IDOR) vulnerability has
been foun ...)
+ TODO: check
+CVE-2025-40657 (A SQL injection vulnerability has been found in DM Corporative
CMS. Th ...)
+ TODO: check
+CVE-2025-40656 (A SQL injection vulnerability has been found in DM Corporative
CMS. Th ...)
+ TODO: check
+CVE-2025-40655 (A SQL injection vulnerability has been found in DM Corporative
CMS. Th ...)
+ TODO: check
+CVE-2025-40654 (A SQL injection vulnerability has been found in DM Corporative
CMS. Th ...)
+ TODO: check
+CVE-2025-40591 (A vulnerability has been identified in RUGGEDCOM ROX MX5000
(All versi ...)
+ TODO: check
+CVE-2025-40585 (A vulnerability has been identified in Energy Services (All
versions w ...)
+ TODO: check
+CVE-2025-40569 (A vulnerability has been identified in RUGGEDCOM RST2428P
(6GK6242-6PA ...)
+ TODO: check
+CVE-2025-40568 (A vulnerability has been identified in RUGGEDCOM RST2428P
(6GK6242-6PA ...)
+ TODO: check
+CVE-2025-40567 (A vulnerability has been identified in RUGGEDCOM RST2428P
(6GK6242-6PA ...)
+ TODO: check
+CVE-2025-3905 (CWE-79: Improper Neutralization of Input During Web Page
Generation (' ...)
+ TODO: check
+CVE-2025-3899 (CWE-79: Improper Neutralization of Input During Web Page
Generation (' ...)
+ TODO: check
+CVE-2025-3898 (CWE-20: Improper Input Validation vulnerability exists that
could caus ...)
+ TODO: check
+CVE-2025-3117 (CWE-79: Improper Neutralization of Input During Web Page
Generation (' ...)
+ TODO: check
+CVE-2025-3116 (CWE-20: Improper Input Validation vulnerability exists that
could caus ...)
+ TODO: check
+CVE-2025-3112 (CWE-400: Uncontrolled Resource Consumption vulnerability exists
that c ...)
+ TODO: check
+CVE-2025-3052 (An arbitrary write vulnerability in Microsoft signed UEFI
firmware all ...)
+ TODO: check
+CVE-2025-37100 (A vulnerability in the APIs of HPE Aruba Networking Private 5G
Corecou ...)
+ TODO: check
+CVE-2025-36852 (A critical security vulnerability exists in remote cache
extensions fo ...)
+ TODO: check
+CVE-2025-36580 (Dell Wyse Management Suite, versions prior to WMS 5.2, contain
an Impr ...)
+ TODO: check
+CVE-2025-36578 (Dell Wyse Management Suite, versions prior to WMS 5.2, contain
an Inco ...)
+ TODO: check
+CVE-2025-36577 (Dell Wyse Management Suite, versions prior to WMS 5.2, contain
an Impr ...)
+ TODO: check
+CVE-2025-36576 (Dell Wyse Management Suite, versions prior to WMS 5.2, contain
a Cross ...)
+ TODO: check
+CVE-2025-36575 (Dell Wyse Management Suite, versions prior to WMS 5.2, contain
an Expo ...)
+ TODO: check
+CVE-2025-36574 (Dell Wyse Management Suite, versions prior to WMS 5.2, contain
an Abso ...)
+ TODO: check
+CVE-2025-33112 (IBM AIX 7.3 and IBM VIOS 4.1.1 Perl implementation could allow
a non-p ...)
+ TODO: check
+CVE-2025-33075 (Improper link resolution before file access ('link following')
in Wind ...)
+ TODO: check
+CVE-2025-33073 (Improper access control in Windows SMB allows an authorized
attacker t ...)
+ TODO: check
+CVE-2025-33071 (Use after free in Windows KDC Proxy Service (KPSSVC) allows an
unautho ...)
+ TODO: check
+CVE-2025-33070 (Use of uninitialized resource in Windows Netlogon allows an
unauthoriz ...)
+ TODO: check
+CVE-2025-33069 (Improper verification of cryptographic signature in App
Control for Bu ...)
+ TODO: check
+CVE-2025-33068 (Uncontrolled resource consumption in Windows Standards-Based
Storage M ...)
+ TODO: check
+CVE-2025-33067 (Improper privilege management in Windows Kernel allows an
unauthorized ...)
+ TODO: check
+CVE-2025-33066 (Heap-based buffer overflow in Windows Routing and Remote
Access Servic ...)
+ TODO: check
+CVE-2025-33065 (Out-of-bounds read in Windows Storage Management Provider
allows an au ...)
+ TODO: check
+CVE-2025-33064 (Heap-based buffer overflow in Windows Routing and Remote
Access Servic ...)
+ TODO: check
+CVE-2025-33063 (Out-of-bounds read in Windows Storage Management Provider
allows an au ...)
+ TODO: check
+CVE-2025-33062 (Out-of-bounds read in Windows Storage Management Provider
allows an au ...)
+ TODO: check
+CVE-2025-33061 (Out-of-bounds read in Windows Storage Management Provider
allows an au ...)
+ TODO: check
+CVE-2025-33060 (Out-of-bounds read in Windows Storage Management Provider
allows an au ...)
+ TODO: check
+CVE-2025-33059 (Out-of-bounds read in Windows Storage Management Provider
allows an au ...)
+ TODO: check
+CVE-2025-33058 (Out-of-bounds read in Windows Storage Management Provider
allows an au ...)
+ TODO: check
+CVE-2025-33057 (Null pointer dereference in Windows Local Security Authority
(LSA) all ...)
+ TODO: check
+CVE-2025-33056 (Improper access control in Microsoft Local Security Authority
Server ( ...)
+ TODO: check
+CVE-2025-33055 (Out-of-bounds read in Windows Storage Management Provider
allows an au ...)
+ TODO: check
+CVE-2025-33053 (External control of file name or path in WebDAV allows an
unauthorized ...)
+ TODO: check
+CVE-2025-33052 (Use of uninitialized resource in Windows DWM Core Library
allows an au ...)
+ TODO: check
+CVE-2025-33050 (Protection mechanism failure in Windows DHCP Server allows an
unauthor ...)
+ TODO: check
+CVE-2025-32725 (Protection mechanism failure in Windows DHCP Server allows an
unauthor ...)
+ TODO: check
+CVE-2025-32724 (Uncontrolled resource consumption in Windows Local Security
Authority ...)
+ TODO: check
+CVE-2025-32722 (Improper access control in Windows Storage Port Driver allows
an autho ...)
+ TODO: check
+CVE-2025-32721 (Improper link resolution before file access ('link following')
in Wind ...)
+ TODO: check
+CVE-2025-32720 (Out-of-bounds read in Windows Storage Management Provider
allows an au ...)
+ TODO: check
+CVE-2025-32719 (Out-of-bounds read in Windows Storage Management Provider
allows an au ...)
+ TODO: check
+CVE-2025-32718 (Integer overflow or wraparound in Windows SMB allows an
authorized att ...)
+ TODO: check
+CVE-2025-32716 (Out-of-bounds read in Windows Media allows an authorized
attacker to e ...)
+ TODO: check
+CVE-2025-32715 (Out-of-bounds read in Remote Desktop Client allows an
unauthorized att ...)
+ TODO: check
+CVE-2025-32714 (Improper access control in Windows Installer allows an
authorized atta ...)
+ TODO: check
+CVE-2025-32713 (Heap-based buffer overflow in Windows Common Log File System
Driver al ...)
+ TODO: check
+CVE-2025-32712 (Use after free in Windows Win32K - GRFX allows an authorized
attacker ...)
+ TODO: check
+CVE-2025-32710 (Use after free in Windows Remote Desktop Services allows an
unauthoriz ...)
+ TODO: check
+CVE-2025-31104 (An Improper Neutralization of Special Elements used in an OS
Command ( ...)
+ TODO: check
+CVE-2025-30327 (InCopy versions 20.2, 19.5.3 and earlier are affected by an
Integer Ov ...)
+ TODO: check
+CVE-2025-30321 (InDesign Desktop versions ID20.2, ID19.5.3 and earlier are
affected by ...)
+ TODO: check
+CVE-2025-30317 (InDesign Desktop versions ID20.2, ID19.5.3 and earlier are
affected by ...)
+ TODO: check
+CVE-2025-30220 (GeoServer is an open source server that allows users to share
and edit ...)
+ TODO: check
+CVE-2025-30145 (GeoServer is an open source server that allows users to share
and edit ...)
+ TODO: check
+CVE-2025-2918 (The Ultimate Blocks \u2013 WordPress Blocks Plugin plugin for
WordPres ...)
+ TODO: check
+CVE-2025-2884 (TCG TPM2.0 Reference implementation's CryptHmacSign helper
function is ...)
+ TODO: check
+CVE-2025-2474 (Out-of-bounds write in the PCX image codec in QNX SDP versions
8.0, 7. ...)
+ TODO: check
+CVE-2025-29828 (Missing release of memory after effective lifetime in Windows
Cryptogr ...)
+ TODO: check
+CVE-2025-27505 (GeoServer is an open source server that allows users to share
and edit ...)
+ TODO: check
+CVE-2025-27207 (Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12,
2.4.4-p ...)
+ TODO: check
+CVE-2025-27206 (Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12,
2.4.4-p ...)
+ TODO: check
+CVE-2025-26395 (SolarWinds Observability Self-Hosted was susceptible to a
cross-site ...)
+ TODO: check
+CVE-2025-26394 (SolarWinds Observability Self-Hosted is susceptible to an
open redir ...)
+ TODO: check
+CVE-2025-25250 (An Exposure of Sensitive Information to an Unauthorized Actor
vulnerab ...)
+ TODO: check
+CVE-2025-24471 (AnImproper Certificate Validation vulnerability [CWE-295] in
FortiOS v ...)
+ TODO: check
+CVE-2025-24069 (Out-of-bounds read in Windows Storage Management Provider
allows an au ...)
+ TODO: check
+CVE-2025-24068 (Buffer over-read in Windows Storage Management Provider allows
an auth ...)
+ TODO: check
+CVE-2025-24065 (Out-of-bounds read in Windows Storage Management Provider
allows an au ...)
+ TODO: check
+CVE-2025-22463 (A hardcoded key in Ivanti Workspace Control before version
10.19.10.0 ...)
+ TODO: check
+CVE-2025-22455 (A hardcoded key in Ivanti Workspace Control before version
10.19.0.0 a ...)
+ TODO: check
+CVE-2025-22256 (A improper handling of insufficient permissions or privileges
in Forti ...)
+ TODO: check
+CVE-2025-22254 (An Improper Privilege Management vulnerability [CWE-269]
affecting For ...)
+ TODO: check
+CVE-2025-22251 (An improper restriction of communication channel to intended
endpoints ...)
+ TODO: check
+CVE-2025-0052 (Improper input validation performed during the authentication
process ...)
+ TODO: check
+CVE-2025-0051 (Improper input validation performed during the authentication
process ...)
+ TODO: check
+CVE-2024-57190 (Erxes <1.6.1 is vulnerable to Incorrect Access Control. An
attacker ca ...)
+ TODO: check
+CVE-2024-57189 (In Erxes <1.6.2, an authenticated attacker can write to
arbitrary file ...)
+ TODO: check
+CVE-2024-57186 (In Erxes <1.6.2, an unauthenticated attacker can read
arbitrary files ...)
+ TODO: check
+CVE-2024-54019 (A improper validation of certificate with host mismatch in
Fortinet Fo ...)
+ TODO: check
+CVE-2024-50568 (A channel accessible by non-endpoint vulnerability [CWE-300]
in Fortin ...)
+ TODO: check
+CVE-2024-50562 (An Insufficient Session Expiration vulnerability [CWE-613] in
FortiOS ...)
+ TODO: check
+CVE-2024-45329 (A authorization bypass through user-controlled key in Fortinet
FortiPo ...)
+ TODO: check
+CVE-2024-43706 (Improper authorization in Kibana can lead to privilege abuse
via a dir ...)
+ TODO: check
+CVE-2024-41797 (A vulnerability has been identified in RUGGEDCOM RST2428P
(6GK6242-6PA ...)
+ TODO: check
+CVE-2024-41505 (Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to
Cross Site ...)
+ TODO: check
+CVE-2024-41504 (Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to
Cross Site ...)
+ TODO: check
+CVE-2024-41503 (Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to
Cross Site ...)
+ TODO: check
+CVE-2024-41502 (Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to
Cross Site ...)
+ TODO: check
+CVE-2024-40625 (GeoServer is an open source server that allows users to share
and edit ...)
+ TODO: check
+CVE-2024-38524 (GeoServer is an open source server that allows users to share
and edit ...)
+ TODO: check
+CVE-2024-37396 (A stored cross-site scripting (XSS) vulnerability in the
Calendar func ...)
+ TODO: check
+CVE-2024-37395 (A stored cross-site scripting (XSS) vulnerability in the
Public Survey ...)
+ TODO: check
+CVE-2024-37394 (A stored cross-site scripting (XSS) vulnerability in the
Project Dashb ...)
+ TODO: check
+CVE-2024-34711 (GeoServer is an open source server that allows users to share
and edit ...)
+ TODO: check
+CVE-2024-32119 (An improper authentication vulnerability [CWE-287] in Fortinet
FortiCl ...)
+ TODO: check
+CVE-2024-29198 (GeoServer is an open source software server written in Java
that allow ...)
+ TODO: check
+CVE-2024-13090 (A privilege escalation vulnerability may enable a service
account to e ...)
+ TODO: check
+CVE-2024-13089 (An OS command injection vulnerability within the update
functionality ...)
+ TODO: check
+CVE-2023-48786 (A server-side request forgery vulnerability [CWE-918] in
Fortinet Fort ...)
+ TODO: check
+CVE-2025-49133 (Libtpms is a library that targets the integration of TPM
functionality ...)
- libtpms <unfixed> (bug #1107617)
NOTE: Fixed by:
https://github.com/stefanberger/libtpms/commit/9f9baccdba9cd3fc32f1355613abd094b21f7ba0
(v0.9.7)
CVE-2025-5952 (A vulnerability, which was classified as critical, has been
found in Z ...)
NOT-FOR-US: Zend.To
-CVE-2025-5945 (Improper Neutralization of Special Elements used in an OS
Command ('OS ...)
+CVE-2025-5945
+ REJECTED
NOT-FOR-US: Centreon
CVE-2025-5935 (A vulnerability was found in Open5GS up to 2.7.3. It has been
declared ...)
- open5gs <itp> (bug #1094791)
@@ -1645,7 +2060,7 @@ CVE-2024-13967 (This vulnerability allows the successful
attacker to gain unauth
NOT-FOR-US: ABB group
CVE-2018-25112 (An unauthenticated remote attacker may use an uncontrolled
resource co ...)
NOT-FOR-US: IEC 61131
-CVE-2025-48432 (An issue was discovered in Django 5.2 before 5.2.2, 5.1 before
5.1.10, ...)
+CVE-2025-48432 (An issue was discovered in Django 5.2 before 5.2.3, 5.1 before
5.1.11, ...)
{DLA-4210-1}
- python-django 3:4.2.23-1 (bug #1107282; bug #1107616)
NOTE:
https://www.djangoproject.com/weblog/2025/jun/04/security-releases/
@@ -195143,8 +195558,8 @@ CVE-2023-29186 (In SAP NetWeaver (BI CONT ADDON) -
versions 707, 737, 747, 757,
NOT-FOR-US: SAP
CVE-2023-29185 (SAP NetWeaver AS for ABAP (Business Server Pages) - versions
700, 701, ...)
NOT-FOR-US: SAP
-CVE-2023-29184
- RESERVED
+CVE-2023-29184 (An incomplete cleanup vulnerability [CWE-459] in FortiOS 7.2
all versi ...)
+ TODO: check
CVE-2023-29183 (An improper neutralization of input during web page generation
('Cross ...)
NOT-FOR-US: FortiGuard
CVE-2023-29182 (A stack-based buffer overflow vulnerability [CWE-121]in
Fortinet Forti ...)
@@ -232699,8 +233114,8 @@ CVE-2023-20601
RESERVED
CVE-2023-20600
RESERVED
-CVE-2023-20599
- RESERVED
+CVE-2023-20599 (Improper register access control in ASP may allow a privileged
attacke ...)
+ TODO: check
CVE-2023-20598 (An improper privilege management in the AMD
Radeon\u2122Graphics drive ...)
NOT-FOR-US: AMD
CVE-2023-20597 (Improper initialization of variables in the DXE driver may
allow a pri ...)
@@ -234257,7 +234672,7 @@ CVE-2022-43857 (IBM Navigator for i 7.3, 7.4 and 7.5
could allow an authenticate
NOT-FOR-US: IBM
CVE-2022-43856
RESERVED
-CVE-2022-43855 (IBM SPSS Statistics 26.0, 27.0.1, and 28.0 could allow a local
user to ...)
+CVE-2022-43855 (IBM SPSS Statistics 26.0, 27.0.1, and 28.0 IO Module could
allow a loc ...)
NOT-FOR-US: IBM
CVE-2022-43854
RESERVED
@@ -469507,7 +469922,7 @@ CVE-2019-13941 (A vulnerability has been identified
in OZW672 (All versions < V1
NOT-FOR-US: Siemens
CVE-2019-13940 (A vulnerability has been identified in SIMATIC ET 200pro
IM154-8 PN/DP ...)
NOT-FOR-US: Siemens
-CVE-2019-13939 (A vulnerability has been identified in Capital Embedded AR
Classic 431 ...)
+CVE-2019-13939 (A vulnerability has been identified in APOGEE MEC/MBC/PXC (P2)
(All ve ...)
NOT-FOR-US: Nucleus
CVE-2019-13938
RESERVED
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7c33e21f6cf6e0fe4d4a9f24e891ceadc89807d9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7c33e21f6cf6e0fe4d4a9f24e891ceadc89807d9
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
