Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
723678b2 by Salvatore Bonaccorso at 2025-08-26T08:47:06+02:00
Add new src:sail issues from TALOS reports
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -107,7 +107,8 @@ CVE-2025-54481 (A stack-based buffer overflow vulnerability
exists in the MFER p
CVE-2025-54370 (PhpOffice/PhpSpreadsheet is a pure PHP library for reading and
writing ...)
TODO: check
CVE-2025-53510 (A memory corruption vulnerability exists in the PSD Image
Decoding fun ...)
- TODO: check
+ - sail <unfixed>
+ NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2025-2218
CVE-2025-53120 (A path traversal vulnerability in unauthenticated upload
functionality ...)
TODO: check
CVE-2025-53119 (An unauthenticated unrestricted file upload vulnerability
allows an at ...)
@@ -115,11 +116,14 @@ CVE-2025-53119 (An unauthenticated unrestricted file
upload vulnerability allows
CVE-2025-53118 (An authentication bypass vulnerability exists which allows an
unauthen ...)
TODO: check
CVE-2025-53085 (A memory corruption vulnerability exists in the PSD RLE
Decoding funct ...)
- TODO: check
+ - sail <unfixed>
+ NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2025-2219
CVE-2025-52930 (A memory corruption vulnerability exists in the BMPv3 RLE
Decoding fun ...)
- TODO: check
+ - sail <unfixed>
+ NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2025-2221
CVE-2025-52456 (A memory corruption vulnerability exists in the WebP Image
Decoding fu ...)
- TODO: check
+ - sail <unfixed>
+ NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2025-2224
CVE-2025-52130 (File upload vulnerability in WebErpMesv2 1.17 in the
app/Http/Controll ...)
TODO: check
CVE-2025-51281 (D-Link DI-8100 16.07.26A1 is vulnerable to Buffer Overflow via
the en` ...)
@@ -131,11 +135,13 @@ CVE-2025-50722 (Insecure Permissions vulnerability in
sparkshop v.1.1.7 allows a
CVE-2025-50383 (alextselegidis Easy!Appointments v1.5.1 was discovered to
contain a SQ ...)
TODO: check
CVE-2025-50129 (A memory corruption vulnerability exists in the PCX Image
Decoding fun ...)
- TODO: check
+ - sail <unfixed>
+ NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2025-2220
CVE-2025-48303 (Cross-Site Request Forgery (CSRF) vulnerability in Kevin
Langley Jr. P ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-46407 (A memory corruption vulnerability exists in the BMPv3 Palette
Decoding ...)
- TODO: check
+ - sail <unfixed>
+ NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2025-2215
CVE-2025-45968 (An issue in System PDV v1.0 allows a remote attacker to obtain
sensiti ...)
TODO: check
CVE-2025-44179 (Hitron CGNF-TWN 3.1.1.43-TWN-pre3 contains a command injection
vulnera ...)
@@ -149,9 +155,11 @@ CVE-2025-3478 (A Stored Cross-Site Scripting (XSS)
vulnerability has been identi
CVE-2025-3456 (On affected platforms running Arista EOS, the global common
encryption ...)
NOT-FOR-US: Arista Networks
CVE-2025-35984 (A memory corruption vulnerability exists in the PCX Image
Decoding fun ...)
- TODO: check
+ - sail <unfixed>
+ NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2025-2217
CVE-2025-32468 (A memory corruption vulnerability exists in the BMPv3 Image
Decoding f ...)
- TODO: check
+ - sail <unfixed>
+ NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2025-2216
CVE-2025-29525 (DASAN GPON ONU H660WM OS version H660WMR210825 Hardware
version DS-E5- ...)
TODO: check
CVE-2025-29524 (Incorrect access control in the component
/cgi-bin/system_diagnostic_m ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/723678b2b793b624c9f0db53020f64855876a2ef
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/723678b2b793b624c9f0db53020f64855876a2ef
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
