Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
dc508707 by security tracker role at 2025-10-14T20:13:00+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,76 +1,730 @@
+CVE-2025-9437 (A security issue exists within the Studio 5000 Logix Designer
add-on p ...)
+ TODO: check
+CVE-2025-9178 (A denial-of-service security issue exists in the affected
product and ...)
+ TODO: check
+CVE-2025-9177 (A denial-of-service security issue exists in the affected
product and ...)
+ TODO: check
+CVE-2025-9124 (A denial-of-service security issue in the affected product. The
securi ...)
+ TODO: check
+CVE-2025-9068 (A security issue exists within the Rockwell Automation Driver
Package ...)
+ TODO: check
+CVE-2025-9067 (A security issue exists within the x86 Microsoft Installer File
(MSI), ...)
+ TODO: check
+CVE-2025-9066 (A security issue was discovered within FactoryTalk\xae
ViewPoint, allo ...)
+ TODO: check
+CVE-2025-9064 (A path traversal security issue exists within FactoryTalk View
Machine ...)
+ TODO: check
+CVE-2025-9063 (An authentication bypass security issue exists within
FactoryTalk View ...)
+ TODO: check
+CVE-2025-8459 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2025-8430 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2025-8429 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2025-8428 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2025-7330 (A cross-site request forgery security issue exists in the
product and ...)
+ TODO: check
+CVE-2025-7329 (A Stored Cross-Site Scripting security issue exists in the
affected pr ...)
+ TODO: check
+CVE-2025-7328 (Multiple Broken Authentication security issues exist in the
affected p ...)
+ TODO: check
+CVE-2025-62366 (mailgen is a Node.js package that generates responsive HTML
e-mails fo ...)
+ TODO: check
+CVE-2025-62172 (Home Assistant is open source home automation software that
puts local ...)
+ TODO: check
+CVE-2025-62157 (Argo Workflows is an open source container-native workflow
engine for ...)
+ TODO: check
+CVE-2025-62156 (Argo Workflows is an open source container-native workflow
engine for ...)
+ TODO: check
+CVE-2025-61807 (Substance3D - Stager versions 3.1.4 and earlier are affected
by an Int ...)
+ TODO: check
+CVE-2025-61806 (Substance3D - Stager versions 3.1.4 and earlier are affected
by an out ...)
+ TODO: check
+CVE-2025-61805 (Substance3D - Stager versions 3.1.4 and earlier are affected
by an out ...)
+ TODO: check
+CVE-2025-61803 (Substance3D - Stager versions 3.1.4 and earlier are affected
by an Int ...)
+ TODO: check
+CVE-2025-61802 (Substance3D - Stager versions 3.1.4 and earlier are affected
by a Use ...)
+ TODO: check
+CVE-2025-61801 (Dimension versions 4.1.4 and earlier are affected by a Use
After Free ...)
+ TODO: check
+CVE-2025-61800 (Dimension versions 4.1.4 and earlier are affected by an
Integer Overfl ...)
+ TODO: check
+CVE-2025-61799 (Dimension versions 4.1.4 and earlier are affected by an
out-of-bounds ...)
+ TODO: check
+CVE-2025-61798 (Dimension versions 4.1.4 and earlier are affected by an
out-of-bounds ...)
+ TODO: check
+CVE-2025-61678 (FreePBX Endpoint Manager is a module for managing telephony
endpoints ...)
+ TODO: check
+CVE-2025-61675 (FreePBX Endpoint Manager is a module for managing telephony
endpoints ...)
+ TODO: check
+CVE-2025-60540 (karakeep v0.26.0 to v0.7.0 was discovered to contain a
Server-Side Req ...)
+ TODO: check
+CVE-2025-60537 (Improper input validation in the component
/kafka/ui/serdes/CustomSerd ...)
+ TODO: check
+CVE-2025-60536 (An issue in the Configure New Cluster interface of kafka-ui
v0.6.0 to ...)
+ TODO: check
+CVE-2025-60535 (A Cross-Site Request Forgery (CSRF) in the component
/endpoints/curren ...)
+ TODO: check
+CVE-2025-60374 (Stored Cross-Site Scripting (XSS) in Perfex CRM chatbot before
3.3.1 a ...)
+ TODO: check
+CVE-2025-5946 (Improper Neutralization of Special Elements used in an OS
Command ('OS ...)
+ TODO: check
+CVE-2025-59921 (An exposure of sensitive information to an unauthorized actor
vulnerab ...)
+ TODO: check
+CVE-2025-59502 (Uncontrolled resource consumption in Windows Remote Procedure
Call all ...)
+ TODO: check
+CVE-2025-59497 (Time-of-check time-of-use (toctou) race condition in Microsoft
Defende ...)
+ TODO: check
+CVE-2025-59494 (Improper access control in Azure Monitor Agent allows an
authorized at ...)
+ TODO: check
+CVE-2025-59429 (FreePBX is an open source GUI for managing Asterisk. In
versions prior ...)
+ TODO: check
+CVE-2025-59428 (EspoCRM is an open source customer relationship management
application ...)
+ TODO: check
+CVE-2025-59295 (Heap-based buffer overflow in Internet Explorer allows an
unauthorized ...)
+ TODO: check
+CVE-2025-59294 (Exposure of sensitive information to an unauthorized actor in
Windows ...)
+ TODO: check
+CVE-2025-59292 (External control of file name or path in Confidential Azure
Container ...)
+ TODO: check
+CVE-2025-59291 (External control of file name or path in Confidential Azure
Container ...)
+ TODO: check
+CVE-2025-59290 (Use after free in Windows Bluetooth Service allows an
authorized attac ...)
+ TODO: check
+CVE-2025-59289 (Double free in Windows Bluetooth Service allows an authorized
attacker ...)
+ TODO: check
+CVE-2025-59288 (Improper verification of cryptographic signature in GitHub
allows an u ...)
+ TODO: check
+CVE-2025-59287 (Deserialization of untrusted data in Windows Server Update
Service all ...)
+ TODO: check
+CVE-2025-59285 (Deserialization of untrusted data in Azure Monitor Agent
allows an aut ...)
+ TODO: check
+CVE-2025-59284 (Exposure of sensitive information to an unauthorized actor in
Windows ...)
+ TODO: check
+CVE-2025-59282 (Concurrent execution using shared resource with improper
synchronizati ...)
+ TODO: check
+CVE-2025-59281 (Improper link resolution before file access ('link following')
in XBox ...)
+ TODO: check
+CVE-2025-59280 (Improper authentication in Windows SMB Client allows an
unauthorized a ...)
+ TODO: check
+CVE-2025-59278 (Improper validation of specified type of input in Windows
Authenticati ...)
+ TODO: check
+CVE-2025-59277 (Improper validation of specified type of input in Windows
Authenticati ...)
+ TODO: check
+CVE-2025-59275 (Improper validation of specified type of input in Windows
Authenticati ...)
+ TODO: check
+CVE-2025-59261 (Time-of-check time-of-use (toctou) race condition in Microsoft
Graphic ...)
+ TODO: check
+CVE-2025-59260 (Exposure of sensitive information to an unauthorized actor in
Microsof ...)
+ TODO: check
+CVE-2025-59259 (Improper validation of specified type of input in Windows
Local Sessio ...)
+ TODO: check
+CVE-2025-59258 (Insertion of sensitive information into log file in Active
Directory F ...)
+ TODO: check
+CVE-2025-59257 (Improper validation of specified type of input in Windows
Local Sessio ...)
+ TODO: check
+CVE-2025-59255 (Heap-based buffer overflow in Windows DWM Core Library allows
an autho ...)
+ TODO: check
+CVE-2025-59254 (Heap-based buffer overflow in Windows DWM Core Library allows
an autho ...)
+ TODO: check
+CVE-2025-59253 (Improper access control in Microsoft Windows Search Component
allows a ...)
+ TODO: check
+CVE-2025-59250 (Improper input validation in JDBC Driver for SQL Server allows
an unau ...)
+ TODO: check
+CVE-2025-59249 (Weak authentication in Microsoft Exchange Server allows an
authorized ...)
+ TODO: check
+CVE-2025-59248 (Improper input validation in Microsoft Exchange Server allows
an unaut ...)
+ TODO: check
+CVE-2025-59244 (External control of file name or path in Windows Core Shell
allows an ...)
+ TODO: check
+CVE-2025-59243 (Use after free in Microsoft Office Excel allows an
unauthorized attack ...)
+ TODO: check
+CVE-2025-59242 (Heap-based buffer overflow in Windows Ancillary Function
Driver for Wi ...)
+ TODO: check
+CVE-2025-59241 (Improper link resolution before file access ('link following')
in Wind ...)
+ TODO: check
+CVE-2025-59238 (Use after free in Microsoft Office PowerPoint allows an
unauthorized a ...)
+ TODO: check
+CVE-2025-59237 (Deserialization of untrusted data in Microsoft Office
SharePoint allow ...)
+ TODO: check
+CVE-2025-59236 (Use after free in Microsoft Office Excel allows an
unauthorized attack ...)
+ TODO: check
+CVE-2025-59235 (Out-of-bounds read in Microsoft Office Excel allows an
unauthorized at ...)
+ TODO: check
+CVE-2025-59234 (Use after free in Microsoft Office allows an unauthorized
attacker to ...)
+ TODO: check
+CVE-2025-59233 (Access of resource using incompatible type ('type confusion')
in Micro ...)
+ TODO: check
+CVE-2025-59232 (Out-of-bounds read in Microsoft Office Excel allows an
unauthorized at ...)
+ TODO: check
+CVE-2025-59231 (Access of resource using incompatible type ('type confusion')
in Micro ...)
+ TODO: check
+CVE-2025-59230 (Improper access control in Windows Remote Access Connection
Manager al ...)
+ TODO: check
+CVE-2025-59229 (Uncaught exception in Microsoft Office allows an unauthorized
attacker ...)
+ TODO: check
+CVE-2025-59228 (Improper input validation in Microsoft Office SharePoint
allows an aut ...)
+ TODO: check
+CVE-2025-59227 (Use after free in Microsoft Office allows an unauthorized
attacker to ...)
+ TODO: check
+CVE-2025-59226 (Use after free in Microsoft Office Visio allows an
unauthorized attack ...)
+ TODO: check
+CVE-2025-59225 (Use after free in Microsoft Office Excel allows an
unauthorized attack ...)
+ TODO: check
+CVE-2025-59224 (Use after free in Microsoft Office Excel allows an
unauthorized attack ...)
+ TODO: check
+CVE-2025-59223 (Use after free in Microsoft Office Excel allows an
unauthorized attack ...)
+ TODO: check
+CVE-2025-59222 (Use after free in Microsoft Office Word allows an unauthorized
attacke ...)
+ TODO: check
+CVE-2025-59221 (Use after free in Microsoft Office Word allows an unauthorized
attacke ...)
+ TODO: check
+CVE-2025-59214 (Exposure of sensitive information to an unauthorized actor in
Windows ...)
+ TODO: check
+CVE-2025-59213 (Improper neutralization of special elements used in an sql
command ('s ...)
+ TODO: check
+CVE-2025-59211 (Exposure of sensitive information to an unauthorized actor in
Windows ...)
+ TODO: check
+CVE-2025-59210 (Windows Resilient File System (ReFS) Deduplication Service
Elevation o ...)
+ TODO: check
+CVE-2025-59209 (Exposure of sensitive information to an unauthorized actor in
Windows ...)
+ TODO: check
+CVE-2025-59208 (Out-of-bounds read in Windows MapUrlToZone allows an
unauthorized atta ...)
+ TODO: check
+CVE-2025-59207 (Untrusted pointer dereference in Windows Kernel allows an
authorized a ...)
+ TODO: check
+CVE-2025-59206 (Windows Resilient File System (ReFS) Deduplication Service
Elevation o ...)
+ TODO: check
+CVE-2025-59205 (Concurrent execution using shared resource with improper
synchronizati ...)
+ TODO: check
+CVE-2025-59204 (Use of uninitialized resource in Windows Management Services
allows an ...)
+ TODO: check
+CVE-2025-59203 (Insertion of sensitive information into log file in Windows
StateRepos ...)
+ TODO: check
+CVE-2025-59202 (Use after free in Windows Remote Desktop Services allows an
authorized ...)
+ TODO: check
+CVE-2025-59201 (Improper access control in Network Connection Status Indicator
(NCSI) ...)
+ TODO: check
+CVE-2025-59200 (Concurrent execution using shared resource with improper
synchronizati ...)
+ TODO: check
+CVE-2025-59199 (Improper access control in Software Protection Platform (SPP)
allows a ...)
+ TODO: check
+CVE-2025-59198 (Improper input validation in Microsoft Windows Search
Component allows ...)
+ TODO: check
+CVE-2025-59197 (Insertion of sensitive information into log file in Windows
ETL Channe ...)
+ TODO: check
+CVE-2025-59196 (Concurrent execution using shared resource with improper
synchronizati ...)
+ TODO: check
+CVE-2025-59195 (Concurrent execution using shared resource with improper
synchronizati ...)
+ TODO: check
+CVE-2025-59194 (Use of uninitialized resource in Windows Kernel allows an
authorized a ...)
+ TODO: check
+CVE-2025-59193 (Concurrent execution using shared resource with improper
synchronizati ...)
+ TODO: check
+CVE-2025-59192 (Buffer over-read in Storport.sys Driver allows an authorized
attacker ...)
+ TODO: check
+CVE-2025-59191 (Heap-based buffer overflow in Connected Devices Platform
Service (Cdps ...)
+ TODO: check
+CVE-2025-59190 (Improper input validation in Microsoft Windows Search
Component allows ...)
+ TODO: check
+CVE-2025-59189 (Use after free in Microsoft Brokering File System allows an
unauthoriz ...)
+ TODO: check
+CVE-2025-59188 (Exposure of sensitive information to an unauthorized actor in
Windows ...)
+ TODO: check
+CVE-2025-59187 (Improper input validation in Windows Kernel allows an
authorized attac ...)
+ TODO: check
+CVE-2025-59186 (Exposure of sensitive information to an unauthorized actor in
Windows ...)
+ TODO: check
+CVE-2025-59185 (External control of file name or path in Windows Core Shell
allows an ...)
+ TODO: check
+CVE-2025-59184 (Exposure of sensitive information to an unauthorized actor in
Windows ...)
+ TODO: check
+CVE-2025-59051 (The FreePBX Endpoint Manager module includes a Network
Scanning featur ...)
+ TODO: check
+CVE-2025-58903 (An Unchecked Return Value vulnerability [CWE-252] in Fortinet
FortiOS ...)
+ TODO: check
+CVE-2025-58739 (Exposure of sensitive information to an unauthorized actor in
Windows ...)
+ TODO: check
+CVE-2025-58738 (Use after free in Inbox COM Objects allows an unauthorized
attacker to ...)
+ TODO: check
+CVE-2025-58737 (Use after free in Windows Remote Desktop allows an
unauthorized attack ...)
+ TODO: check
+CVE-2025-58736 (Use after free in Inbox COM Objects allows an unauthorized
attacker to ...)
+ TODO: check
+CVE-2025-58735 (Use after free in Inbox COM Objects allows an unauthorized
attacker to ...)
+ TODO: check
+CVE-2025-58734 (Use after free in Inbox COM Objects allows an unauthorized
attacker to ...)
+ TODO: check
+CVE-2025-58733 (Use after free in Inbox COM Objects allows an unauthorized
attacker to ...)
+ TODO: check
+CVE-2025-58732 (Use after free in Inbox COM Objects allows an unauthorized
attacker to ...)
+ TODO: check
+CVE-2025-58731 (Use after free in Inbox COM Objects allows an unauthorized
attacker to ...)
+ TODO: check
+CVE-2025-58730 (Use after free in Inbox COM Objects allows an unauthorized
attacker to ...)
+ TODO: check
+CVE-2025-58729 (Improper validation of specified type of input in Windows
Local Sessio ...)
+ TODO: check
+CVE-2025-58728 (Use after free in Windows Bluetooth Service allows an
authorized attac ...)
+ TODO: check
+CVE-2025-58727 (Concurrent execution using shared resource with improper
synchronizati ...)
+ TODO: check
+CVE-2025-58726 (Improper access control in Windows SMB Server allows an
authorized att ...)
+ TODO: check
+CVE-2025-58725 (Heap-based buffer overflow in Windows COM allows an authorized
attacke ...)
+ TODO: check
+CVE-2025-58724 (Improper access control in Azure Connected Machine Agent
allows an aut ...)
+ TODO: check
+CVE-2025-58722 (Heap-based buffer overflow in Windows DWM allows an authorized
attacke ...)
+ TODO: check
+CVE-2025-58720 (Use of a cryptographic primitive with a risky implementation
in Window ...)
+ TODO: check
+CVE-2025-58719 (Use after free in Connected Devices Platform Service (Cdpsvc)
allows a ...)
+ TODO: check
+CVE-2025-58718 (Use after free in Remote Desktop Client allows an unauthorized
attacke ...)
+ TODO: check
+CVE-2025-58717 (Out-of-bounds read in Windows Routing and Remote Access
Service (RRAS) ...)
+ TODO: check
+CVE-2025-58716 (Improper input validation in Microsoft Windows Speech allows
an author ...)
+ TODO: check
+CVE-2025-58715 (Integer overflow or wraparound in Microsoft Windows Speech
allows an a ...)
+ TODO: check
+CVE-2025-58714 (Improper access control in Windows Ancillary Function Driver
for WinSo ...)
+ TODO: check
+CVE-2025-58325 (An Incorrect Provision of Specified Functionality
vulnerability [CWE-6 ...)
+ TODO: check
+CVE-2025-58324 (An improper neutralization of input during web page generation
vulnera ...)
+ TODO: check
+CVE-2025-57741 (An Incorrect Permission Assignment for Critical Resource
vulnerability ...)
+ TODO: check
+CVE-2025-57740 (An Heap-based Buffer Overflow vulnerability [CWE-122] in
FortiOS versi ...)
+ TODO: check
+CVE-2025-57716 (An Uncontrolled Search Path Element vulnerability [CWE-427] in
FortiCl ...)
+ TODO: check
+CVE-2025-57618 (A path traversal vulnerability in FastX3 thru 3.3.67 allows an
unauthe ...)
+ TODO: check
+CVE-2025-57563 (A path traversal in StarNet Communications Corporation FastX
v.4 throu ...)
+ TODO: check
+CVE-2025-56747 (Creativeitem Academy LMS up to and including 5.13 contains a
privilege ...)
+ TODO: check
+CVE-2025-55701 (Improper validation of specified type of input in Microsoft
Windows al ...)
+ TODO: check
+CVE-2025-55700 (Out-of-bounds read in Windows Routing and Remote Access
Service (RRAS) ...)
+ TODO: check
+CVE-2025-55699 (Exposure of sensitive information to an unauthorized actor in
Windows ...)
+ TODO: check
+CVE-2025-55698 (Null pointer dereference in Windows DirectX allows an
authorized attac ...)
+ TODO: check
+CVE-2025-55697 (Heap-based buffer overflow in Azure Local allows an authorized
attacke ...)
+ TODO: check
+CVE-2025-55696 (Time-of-check time-of-use (toctou) race condition in
NtQueryInformatio ...)
+ TODO: check
+CVE-2025-55695 (Out-of-bounds read in Windows WLAN Auto Config Service allows
an autho ...)
+ TODO: check
+CVE-2025-55694 (Improper access control in Windows Error Reporting allows an
authorize ...)
+ TODO: check
+CVE-2025-55693 (Use after free in Windows Kernel allows an unauthorized
attacker to el ...)
+ TODO: check
+CVE-2025-55692 (Improper input validation in Windows Error Reporting allows an
authori ...)
+ TODO: check
+CVE-2025-55691 (Use after free in Windows PrintWorkflowUserSvc allows an
authorized at ...)
+ TODO: check
+CVE-2025-55690 (Use after free in Windows PrintWorkflowUserSvc allows an
authorized at ...)
+ TODO: check
+CVE-2025-55689 (Use after free in Windows PrintWorkflowUserSvc allows an
authorized at ...)
+ TODO: check
+CVE-2025-55688 (Use after free in Windows PrintWorkflowUserSvc allows an
authorized at ...)
+ TODO: check
+CVE-2025-55687 (Concurrent execution using shared resource with improper
synchronizati ...)
+ TODO: check
+CVE-2025-55686 (Use after free in Windows PrintWorkflowUserSvc allows an
authorized at ...)
+ TODO: check
+CVE-2025-55685 (Use after free in Windows PrintWorkflowUserSvc allows an
authorized at ...)
+ TODO: check
+CVE-2025-55684 (Use after free in Windows PrintWorkflowUserSvc allows an
authorized at ...)
+ TODO: check
+CVE-2025-55683 (Exposure of sensitive information to an unauthorized actor in
Windows ...)
+ TODO: check
+CVE-2025-55682 (Improper enforcement of behavioral workflow in Windows
BitLocker allow ...)
+ TODO: check
+CVE-2025-55681 (Out-of-bounds read in Windows DWM allows an authorized
attacker to ele ...)
+ TODO: check
+CVE-2025-55680 (Time-of-check time-of-use (toctou) race condition in Windows
Cloud Fil ...)
+ TODO: check
+CVE-2025-55679 (Improper input validation in Windows Kernel allows an
unauthorized att ...)
+ TODO: check
+CVE-2025-55678 (Use after free in Windows DirectX allows an authorized
attacker to ele ...)
+ TODO: check
+CVE-2025-55677 (Untrusted pointer dereference in Windows Device Association
Broker ser ...)
+ TODO: check
+CVE-2025-55676 (Generation of error message containing sensitive information
in Window ...)
+ TODO: check
+CVE-2025-55340 (Improper authentication in Windows Remote Desktop Protocol
allows an a ...)
+ TODO: check
+CVE-2025-55339 (Out-of-bounds read in Windows NDIS allows an authorized
attacker to el ...)
+ TODO: check
+CVE-2025-55338 (Missing Ability to Patch ROM Code in Windows BitLocker allows
an unaut ...)
+ TODO: check
+CVE-2025-55337 (Improper enforcement of behavioral workflow in Windows
BitLocker allow ...)
+ TODO: check
+CVE-2025-55336 (Exposure of sensitive information to an unauthorized actor in
Windows ...)
+ TODO: check
+CVE-2025-55335 (Use after free in Windows NTFS allows an unauthorized attacker
to elev ...)
+ TODO: check
+CVE-2025-55334 (Cleartext storage of sensitive information in Windows Kernel
allows an ...)
+ TODO: check
+CVE-2025-55333 (Incomplete comparison with missing factors in Windows
BitLocker allows ...)
+ TODO: check
+CVE-2025-55332 (Improper enforcement of behavioral workflow in Windows
BitLocker allow ...)
+ TODO: check
+CVE-2025-55331 (Use after free in Windows PrintWorkflowUserSvc allows an
authorized at ...)
+ TODO: check
+CVE-2025-55330 (Improper enforcement of behavioral workflow in Windows
BitLocker allow ...)
+ TODO: check
+CVE-2025-55328 (Concurrent execution using shared resource with improper
synchronizati ...)
+ TODO: check
+CVE-2025-55326 (Use after free in Connected Devices Platform Service (Cdpsvc)
allows a ...)
+ TODO: check
+CVE-2025-55325 (Buffer over-read in Windows Storage Management Provider allows
an auth ...)
+ TODO: check
+CVE-2025-55320 (Improper neutralization of special elements used in an sql
command ('s ...)
+ TODO: check
+CVE-2025-55315 (Inconsistent interpretation of http requests ('http
request/response s ...)
+ TODO: check
+CVE-2025-55248 (Inadequate encryption strength in .NET, .NET Framework, Visual
Studio ...)
+ TODO: check
+CVE-2025-55247 (Improper link resolution before file access ('link following')
in .NET ...)
+ TODO: check
+CVE-2025-55240 (Improper access control in Visual Studio allows an authorized
attacker ...)
+ TODO: check
+CVE-2025-54973 (A concurrent execution using shared resource with improper
synchroniza ...)
+ TODO: check
+CVE-2025-54893 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2025-54892 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2025-54891 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2025-54889 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2025-54822 (An improper authorization vulnerability [CWE-285] in Fortinet
FortiOS ...)
+ TODO: check
+CVE-2025-54603 (An incorrect OIDC authentication flow in Claroty Secure Access
3.3.0 t ...)
+ TODO: check
+CVE-2025-54284 (Illustrator versions 29.7, 28.7.9 and earlier are affected by
an out-o ...)
+ TODO: check
+CVE-2025-54283 (Illustrator versions 29.7, 28.7.9 and earlier are affected by
an out-o ...)
+ TODO: check
+CVE-2025-54282 (Adobe Framemaker versions 2020.9, 2022.7 and earlier are
affected by a ...)
+ TODO: check
+CVE-2025-54281 (Adobe Framemaker versions 2020.9, 2022.7 and earlier are
affected by a ...)
+ TODO: check
+CVE-2025-54280 (Substance3D - Viewer versions 0.25.2 and earlier are affected
by an ou ...)
+ TODO: check
+CVE-2025-54276 (Substance3D - Modeler versions 1.22.3 and earlier are affected
by an o ...)
+ TODO: check
+CVE-2025-54275 (Substance3D - Viewer versions 0.25.2 and earlier are affected
by an ou ...)
+ TODO: check
+CVE-2025-54274 (Substance3D - Viewer versions 0.25.2 and earlier are affected
by a Sta ...)
+ TODO: check
+CVE-2025-54273 (Substance3D - Viewer versions 0.25.2 and earlier are affected
by an ou ...)
+ TODO: check
+CVE-2025-53845 (An improper authentication vulnerability [CWE-287] in Fortinet
FortiAn ...)
+ TODO: check
+CVE-2025-53782 (Incorrect implementation of authentication algorithm in
Microsoft Exch ...)
+ TODO: check
+CVE-2025-53768 (Use after free in Xbox allows an authorized attacker to
elevate privil ...)
+ TODO: check
+CVE-2025-53717 (Reliance on untrusted inputs in a security decision in Windows
Virtual ...)
+ TODO: check
+CVE-2025-53150 (Use after free in Windows Digital Media allows an authorized
attacker ...)
+ TODO: check
+CVE-2025-53139 (Cleartext transmission of sensitive information in Windows
Hello allow ...)
+ TODO: check
+CVE-2025-50175 (Use after free in Windows Digital Media allows an authorized
attacker ...)
+ TODO: check
+CVE-2025-50174 (Use after free in Windows Device Association Broker service
allows an ...)
+ TODO: check
+CVE-2025-50152 (Out-of-bounds read in Windows Kernel allows an authorized
attacker to ...)
+ TODO: check
+CVE-2025-49708 (Use after free in Microsoft Graphics Component allows an
authorized at ...)
+ TODO: check
+CVE-2025-49201 (A weak authentication in Fortinet FortiPAM 1.5.0, 1.4.0
through 1.4.2, ...)
+ TODO: check
+CVE-2025-48813 (Use of a key past its expiration date in Virtual Secure Mode
allows an ...)
+ TODO: check
+CVE-2025-48004 (Use after free in Microsoft Brokering File System allows an
unauthoriz ...)
+ TODO: check
+CVE-2025-47989 (Improper access control in Azure Connected Machine Agent
allows an aut ...)
+ TODO: check
+CVE-2025-47979 (Insertion of sensitive information into log file in Windows
Failover C ...)
+ TODO: check
+CVE-2025-47890 (An URL Redirection to Untrusted Site vulnerabilities [CWE-601]
in Fort ...)
+ TODO: check
+CVE-2025-47856 (Two improper neutralization of special elements used in an OS
command ...)
+ TODO: check
+CVE-2025-46774 (An Improper Verification of Cryptographic Signature
vulnerability [CWE ...)
+ TODO: check
+CVE-2025-46581 (ZTE's ZXCDN product is affected by a Struts remote code
execution (RC ...)
+ TODO: check
+CVE-2025-41718 (A cleartext transmission of sensitive information
vulnerability in the ...)
+ TODO: check
+CVE-2025-41707 (The websocket handler is vulnerable to a denial of service
condition. ...)
+ TODO: check
+CVE-2025-41706 (The webserver is vulnerable to a denial of service condition.
An unaut ...)
+ TODO: check
+CVE-2025-41705 (An unauthenticated remote attacker (MITM) can intercept the
websocket ...)
+ TODO: check
+CVE-2025-41704 (An unauthanticated remote attacker can perform a DoS of the
Modbus ser ...)
+ TODO: check
+CVE-2025-41703 (An unauthenticated remote attacker can cause a Denial of
Service by tu ...)
+ TODO: check
+CVE-2025-41699 (An low privileged remote attacker with an account for the
Web-based ma ...)
+ TODO: check
+CVE-2025-40812 (A vulnerability has been identified in Solid Edge SE2024 (All
versions ...)
+ TODO: check
+CVE-2025-40811 (A vulnerability has been identified in Solid Edge SE2024 (All
versions ...)
+ TODO: check
+CVE-2025-40810 (A vulnerability has been identified in Solid Edge SE2024 (All
versions ...)
+ TODO: check
+CVE-2025-40809 (A vulnerability has been identified in Solid Edge SE2024 (All
versions ...)
+ TODO: check
+CVE-2025-40774 (A vulnerability has been identified in SiPass integrated (All
versions ...)
+ TODO: check
+CVE-2025-40773 (A vulnerability has been identified in SiPass integrated (All
versions ...)
+ TODO: check
+CVE-2025-40772 (A vulnerability has been identified in SiPass integrated (All
versions ...)
+ TODO: check
+CVE-2025-40771 (A vulnerability has been identified in SIMATIC CP 1542SP-1
(6GK7542-6U ...)
+ TODO: check
+CVE-2025-40765 (A vulnerability has been identified in TeleControl Server
Basic V3.1 ( ...)
+ TODO: check
+CVE-2025-40755 (A vulnerability has been identified in SINEC NMS (All versions
< V4.0 ...)
+ TODO: check
+CVE-2025-37149 (A potential out-of-bound reads vulnerability in HPE ProLiant
RL300 G ...)
+ TODO: check
+CVE-2025-37148 (A vulnerability in the parsing of ethernet frames in AOS-8
Instant and ...)
+ TODO: check
+CVE-2025-37147 (A Secure Boot Bypass Vulnerability exists in affected Access
Points th ...)
+ TODO: check
+CVE-2025-37146 (A vulnerability in the web-based management interface of
network acces ...)
+ TODO: check
+CVE-2025-37145 (Arbitrary file download vulnerabilities exist in a low-level
interface ...)
+ TODO: check
+CVE-2025-37144 (Arbitrary file download vulnerabilities exist in a low-level
interface ...)
+ TODO: check
+CVE-2025-37143 (An arbitrary file download vulnerability exists in the
web-based manag ...)
+ TODO: check
+CVE-2025-37142 (Arbitrary file download vulnerabilities exist in the CLI
binary of AOS ...)
+ TODO: check
+CVE-2025-37141 (Arbitrary file download vulnerabilities exist in the CLI
binary of AOS ...)
+ TODO: check
+CVE-2025-37140 (Arbitrary file download vulnerabilities exist in the CLI
binary of AOS ...)
+ TODO: check
+CVE-2025-37139 (A vulnerability in an AOS firmware binary allows an
authenticated mali ...)
+ TODO: check
+CVE-2025-37138 (An authenticated command injection vulnerability exists in the
command ...)
+ TODO: check
+CVE-2025-37137 (Arbitrary file deletion vulnerabilities have been identified
in the co ...)
+ TODO: check
+CVE-2025-37136 (Arbitrary file deletion vulnerabilities have been identified
in the co ...)
+ TODO: check
+CVE-2025-37135 (Arbitrary file deletion vulnerabilities have been identified
in the co ...)
+ TODO: check
+CVE-2025-37134 (An authenticated command injection vulnerability exists in the
CLI bin ...)
+ TODO: check
+CVE-2025-37133 (An authenticated command injection vulnerability exists in the
CLI bin ...)
+ TODO: check
+CVE-2025-37132 (An arbitrary file write vulnerability exists in the web-based
manageme ...)
+ TODO: check
+CVE-2025-36730 (A prompt injection vulnerability exists in Windsurft version
1.10.7 in ...)
+ TODO: check
+CVE-2025-34267 (Flowise v3.0.1 < 3.0.8 and all versions after with
'ALLOW_BUILTIN_DEP' ...)
+ TODO: check
+CVE-2025-33182 (NVIDIA Jetson Linux contains a vulnerability in UEFI, where
improper a ...)
+ TODO: check
+CVE-2025-33177 (NVIDIA Jetson Linux and IGX OS contain a vulnerability in
NvMap, where ...)
+ TODO: check
+CVE-2025-33044 (APTIOV contains a vulnerability in BIOS where an attacker may
cause an ...)
+ TODO: check
+CVE-2025-31514 (An Insertion of Sensitive Information into Log File
vulnerability [CWE ...)
+ TODO: check
+CVE-2025-31366 (An Improper Neutralization of Input During Web Page Generation
vulnera ...)
+ TODO: check
+CVE-2025-31365 (An Improper Control of Generation of Code ('Code Injection')
vulnerabi ...)
+ TODO: check
+CVE-2025-27906 (IBM Content Navigator 3.0.11, 3.0.15, 3.1.0, and 3.2.0 could
expose th ...)
+ TODO: check
+CVE-2025-25255 (An Improperly Implemented Security Check for Standard
vulnerability [C ...)
+ TODO: check
+CVE-2025-25253 (An Improper Validation of Certificate with Host Mismatch
vulnerability ...)
+ TODO: check
+CVE-2025-25252 (An Insufficient Session Expiration vulnerability [CWE-613] in
FortiOS ...)
+ TODO: check
+CVE-2025-25004 (Improper access control in Microsoft PowerShell allows an
authorized a ...)
+ TODO: check
+CVE-2025-24990 (Microsoft is aware of vulnerabilities in the third party Agere
Modem d ...)
+ TODO: check
+CVE-2025-24052 (Microsoft is aware of vulnerabilities in the third party Agere
Modem d ...)
+ TODO: check
+CVE-2025-23356 (NVIDIA Isaac Lab contains a vulnerability in SB3 configuration
parsing ...)
+ TODO: check
+CVE-2025-22833 (APTIOV contains a vulnerability in BIOS where an attacker may
cause a ...)
+ TODO: check
+CVE-2025-22832 (APTIOV contains a vulnerability in BIOS where an attacker may
cause an ...)
+ TODO: check
+CVE-2025-22831 (APTIOV contains a vulnerability in BIOS where an attacker may
cause an ...)
+ TODO: check
+CVE-2025-22258 (A heap-based buffer overflow in Fortinet FortiSRA 1.5.0, 1.4.0
through ...)
+ TODO: check
+CVE-2025-20724 (In wlan AP driver, there is a possible out of bounds read due
to an in ...)
+ TODO: check
+CVE-2025-20723 (In gnss driver, there is a possible out of bounds write due to
an inco ...)
+ TODO: check
+CVE-2025-20722 (In gnss driver, there is a possible out of bounds read due to
an integ ...)
+ TODO: check
+CVE-2025-20721 (In imgsensor, there is a possible out of bounds write due to a
missing ...)
+ TODO: check
+CVE-2025-20720 (In wlan AP driver, there is a possible out of bounds write due
to an i ...)
+ TODO: check
+CVE-2025-20719 (In wlan AP driver, there is a possible out of bounds write due
to an i ...)
+ TODO: check
+CVE-2025-20718 (In wlan AP driver, there is a possible out of bounds write due
to an i ...)
+ TODO: check
+CVE-2025-20717 (In wlan AP driver, there is a possible out of bounds write due
to an i ...)
+ TODO: check
+CVE-2025-20716 (In wlan AP driver, there is a possible out of bounds write due
to an i ...)
+ TODO: check
+CVE-2025-20715 (In wlan AP driver, there is a possible out of bounds write due
to an i ...)
+ TODO: check
+CVE-2025-20714 (In wlan AP driver, there is a possible out of bounds write due
to an i ...)
+ TODO: check
+CVE-2025-20713 (In wlan AP driver, there is a possible out of bounds write due
to an i ...)
+ TODO: check
+CVE-2025-20712 (In wlan AP driver, there is a possible out of bounds write due
to an i ...)
+ TODO: check
+CVE-2025-20711 (In wlan AP driver, there is a possible out of bounds write due
to an i ...)
+ TODO: check
+CVE-2025-20710 (In wlan AP driver, there is a possible out of bounds write due
to an i ...)
+ TODO: check
+CVE-2025-20709 (In wlan AP driver, there is a possible out of bounds write due
to an i ...)
+ TODO: check
+CVE-2025-11736 (A flaw has been found in itsourcecode Online Examination
System 1.0. A ...)
+ TODO: check
+CVE-2025-11577 (Clevo\u2019s UEFI firmware update packages, including
B10717.exe, inad ...)
+ TODO: check
+CVE-2025-11548 (A remote, unauthenticated privilege escalation in ibi WebFOCUS
allows ...)
+ TODO: check
+CVE-2025-11498 (An Improper Neutralization of Formula Elements in a CSV File
vulnerabi ...)
+ TODO: check
+CVE-2025-10986 (Path traversal in the admin panel of Ivanti EPMM before
version 12.6.0 ...)
+ TODO: check
+CVE-2025-10985 (OS command injection in the admin panel of Ivanti EPMM before
version ...)
+ TODO: check
+CVE-2025-10610 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-10243 (OS command injection in the admin panel of Ivanti EPMM before
version ...)
+ TODO: check
+CVE-2025-10242 (OS command injection in the admin panel of Ivanti EPMM before
version ...)
+ TODO: check
+CVE-2025-10228 (Session Fixation vulnerability in Rolantis Information
Technologies Ag ...)
+ TODO: check
+CVE-2025-0033 (Improper access control within AMD SEV-SNP could allow an admin
privil ...)
+ TODO: check
+CVE-2024-50571 (A heap-based buffer overflow in Fortinet FortiOS 7.6.0 through
7.6.1, ...)
+ TODO: check
+CVE-2024-48891 (An Improper Neutralization of Special Elements used in an OS
Command ( ...)
+ TODO: check
+CVE-2024-47569 (A insertion of sensitive information into sent data in
Fortinet FortiM ...)
+ TODO: check
+CVE-2024-44088 (Malicious script injection ('Cross-site Scripting')
vulnerability in A ...)
+ TODO: check
+CVE-2024-33507 (An insufficient session expiration vulnerability [CWE-613] and
an inco ...)
+ TODO: check
+CVE-2024-26008 (An improper check or handling of exceptional conditions
vulnerability ...)
+ TODO: check
+CVE-2023-46718 (A stack-based buffer overflow in Fortinet FortiOS version
7.4.0 throug ...)
+ TODO: check
+CVE-2011-20002 (A vulnerability has been identified in SIMATIC S7-1200 CPU V1
family ( ...)
+ TODO: check
+CVE-2011-20001 (A vulnerability has been identified in SIMATIC S7-1200 CPU V1
family ( ...)
+ TODO: check
CVE-2025-11687
- gi-docgen <unfixed>
NOTE: https://gitlab.gnome.org/GNOME/gi-docgen/-/issues/228
NOTE: https://gitlab.gnome.org/GNOME/gi-docgen/-/merge_requests/254
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/gi-docgen/-/commit/c53d2640bfa5823bbdf33683d95c160267c0ec68
(2025.5)
-CVE-2025-11721
+CVE-2025-11721 (Memory safety bug present in Firefox 143 and Thunderbird 143.
This bug ...)
- firefox <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-81/#CVE-2025-11721
-CVE-2025-11715
+CVE-2025-11715 (Memory safety bugs present in Firefox ESR 140.3, Thunderbird
ESR 140.3 ...)
- firefox <unfixed>
- firefox-esr <unfixed>
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-81/#CVE-2025-11715
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-83/#CVE-2025-11715
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-85/#CVE-2025-11715
-CVE-2025-11714
+CVE-2025-11714 (Memory safety bugs present in Firefox ESR 115.28, Firefox ESR
140.3, T ...)
- firefox <unfixed>
- firefox-esr <unfixed>
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-81/#CVE-2025-11714
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-83/#CVE-2025-11714
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-85/#CVE-2025-11714
-CVE-2025-11720
+CVE-2025-11720 (The Firefox and Firefox Focus UI for the Android custom tab
feature on ...)
- firefox <not-affected> (Only affects Firefox on Android)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-81/#CVE-2025-11720
-CVE-2025-11719
+CVE-2025-11719 (Starting in Firefox 143, the use of the native messaging API
by web ex ...)
- firefox <not-affected> (Only affects Firefox on Windows)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-81/#CVE-2025-11719
-CVE-2025-11713
+CVE-2025-11713 (Insufficient escaping in the \u201cCopy as cURL\u201d feature
could ha ...)
- firefox <not-affected> (Only affects Firefox on Windows)
- firefox-esr <not-affected> (Only affects Firefox ESR on Windows)
- thunderbird <not-affected> (Only affects Thunderbird on Windows)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-81/#CVE-2025-11713
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-83/#CVE-2025-11713
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-85/#CVE-2025-11713
-CVE-2025-11718
+CVE-2025-11718 (When the address bar was hidden due to scrolling on Android, a
malicio ...)
- firefox <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-81/#CVE-2025-11718
-CVE-2025-11712
+CVE-2025-11712 (A malicious page could have used the type attribute of an
OBJECT tag t ...)
- firefox <unfixed>
- firefox-esr <unfixed>
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-81/#CVE-2025-11712
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-83/#CVE-2025-11712
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-85/#CVE-2025-11712
-CVE-2025-11717
+CVE-2025-11717 (When switching between Android apps using the card carousel
Firefox sh ...)
- firefox <not-affected> (Only affects Firefox on Android)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-81/#CVE-2025-11717
-CVE-2025-11716
+CVE-2025-11716 (Links in a sandboxed iframe could open an external app on
Android with ...)
- firefox <not-affected> (Only affects Firefox on Android)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-81/#CVE-2025-11716
-CVE-2025-11711
+CVE-2025-11711 (There was a way to change the value of JavaScript Object
properties th ...)
- firefox <unfixed>
- firefox-esr <unfixed>
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-81/#CVE-2025-11711
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-83/#CVE-2025-11711
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-85/#CVE-2025-11711
-CVE-2025-11710
+CVE-2025-11710 (A compromised web process using malicious IPC messages could
have caus ...)
- firefox <unfixed>
- firefox-esr <unfixed>
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-81/#CVE-2025-11710
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-83/#CVE-2025-11710
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-85/#CVE-2025-11710
-CVE-2025-11709
+CVE-2025-11709 (A compromised web process was able to trigger out of bounds
reads and ...)
- firefox <unfixed>
- firefox-esr <unfixed>
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-81/#CVE-2025-11709
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-83/#CVE-2025-11709
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-85/#CVE-2025-11709
-CVE-2025-11708
+CVE-2025-11708 (Use-after-free in MediaTrackGraphImpl::GetInstance() This
vulnerabilit ...)
- firefox <unfixed>
- firefox-esr <unfixed>
- thunderbird <unfixed>
@@ -72542,7 +73196,7 @@ CVE-2024-13892 (Smartwares camerasCIP-37210AT
andC724IP, as well as others which
NOT-FOR-US: Smartwares
CVE-2024-12742 (A deserialization of untrusted data vulnerability exists in NI
G Web D ...)
NOT-FOR-US: NI
-CVE-2024-12146 (Improper Validation of Syntactic Correctness of Input
vulnerability in ...)
+CVE-2024-12146 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: Finder Fire Safety Finder ERP/CRM (New System)
CVE-2024-12144 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: Finder Fire Safety Finder ERP/CRM (Old System)
@@ -81091,7 +81745,7 @@ CVE-2024-13791 (Bit Assist plugin for WordPress is
vulnerable to Path Traversal
NOT-FOR-US: WordPress plugin
CVE-2024-13735 (The HurryTimer \u2013 An Scarcity and Urgency Countdown Timer
for Word ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-13152 (Authorization Bypass Through User-Controlled SQL Primary Key
vulnerabi ...)
+CVE-2024-13152 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: BSS Software Mobuy Online Machinery Monitoring Panel
CVE-2024-12651 (Exposed Dangerous Method or Function vulnerability in PTT Inc.
HGS Mob ...)
NOT-FOR-US: PTT Inc. HGS Mobile App
@@ -102051,7 +102705,7 @@ CVE-2024-8962 (The WPBITS Addons For Elementor Page
Builder plugin for WordPress
NOT-FOR-US: WordPress plugin
CVE-2024-8894 (Out-of-bounds Writevulnerability was discovered in Open Design
Allianc ...)
NOT-FOR-US: Open Design Alliance Drawings SDK
-CVE-2024-7488 (Improper Input Validation vulnerability in RestApp Inc. Online
Orderin ...)
+CVE-2024-7488 (Integer Overflow or Wraparound, Improper Validation of
Specified Quant ...)
NOT-FOR-US: RestApp Inc. Online Ordering System
CVE-2024-5020 (Multiple plugins for WordPress are vulnerable to Stored
Cross-Site Scr ...)
NOT-FOR-US: WordPress plugin
@@ -105531,7 +106185,7 @@ CVE-2024-11409 (The Grid View Gallery plugin for
WordPress is vulnerable to PHP
NOT-FOR-US: WordPress plugin
CVE-2024-11406 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
NOT-FOR-US: Django CMS
-CVE-2024-11404 (Unrestricted Upload of File with Dangerous Type, Improper
Input Valida ...)
+CVE-2024-11404 (Unrestricted Upload of File with Dangerous Type, Improper
Neutralizati ...)
NOT-FOR-US: Django CMS
CVE-2024-11400 (The HUSKY \u2013 Products Filter Professional for WooCommerce
plugin f ...)
NOT-FOR-US: WordPress plugin
@@ -108468,7 +109122,7 @@ CVE-2024-8534 (Memory safety vulnerability leading to
memory corruption and Deni
NOT-FOR-US: Citrix
CVE-2024-8495 (A null pointer dereference in Ivanti Connect Secure before
version 22. ...)
NOT-FOR-US: Ivanti
-CVE-2024-8074 (Improper Privilege Management vulnerability in Nomysoft
Informatics No ...)
+CVE-2024-8074 (Missing Authentication for Critical Function, Missing
Authorization vu ...)
NOT-FOR-US: Nomysoft Informatics Nomysem
CVE-2024-8069 (Limited remote code execution with privilege of a
NetworkService Accou ...)
NOT-FOR-US: Citrix
@@ -111668,7 +112322,7 @@ CVE-2024-10523 (This vulnerability exists in TP-Link
IoT Smart Hub due to storag
NOT-FOR-US: TP-Link
CVE-2024-10389 (There exists a Path Traversal vulnerability in Safearchive on
Platform ...)
NOT-FOR-US: Safearchive
-CVE-2024-10035 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
+CVE-2024-10035 (Improper Control of Generation of Code ('Code Injection'),
Improper Ne ...)
NOT-FOR-US: BG-TEK Informatics Security Technologies CoslatV3
CVE-2024-23590 (Session Fixation vulnerability in Apache Kylin. This issue
affects Ap ...)
NOT-FOR-US: Apache Kylin (different from Kylin desktop environment)
@@ -119056,7 +119710,7 @@ CVE-2024-6530 (A cross-site scripting issue has been
discovered in GitLab affect
- gitlab 17.3.5-2
CVE-2024-6157 (An attacker who successfully exploited these vulnerabilities
could cau ...)
NOT-FOR-US: ABB
-CVE-2024-4658 (SQL Injection: Hibernate vulnerability in TE Informatics Nova
CMS allo ...)
+CVE-2024-4658 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: Nova CMS
CVE-2024-48902 (In JetBrains YouTrack before 2024.3.46677 improper access
control allo ...)
NOT-FOR-US: JetBrains YouTrack
@@ -120646,7 +121300,7 @@ CVE-2024-8148 (There is an unvalidated redirect
vulnerability in Esri Portal for
NOT-FOR-US: Esri Portal for ArcGIS
CVE-2024-7801 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: Microchip
-CVE-2024-6400 (Cleartext Storage of Sensitive Information vulnerability in
Finrota Ne ...)
+CVE-2024-6400 (Cleartext Storage of Sensitive Information, Exposure of
Sensitive Info ...)
NOT-FOR-US: Finrota Netahsilat
CVE-2024-47790 (** UNSUPPORTED WHEN ASSIGNED ** This vulnerability exists in
D3D Secur ...)
NOT-FOR-US: D3D Security IP Camera
@@ -123276,7 +123930,7 @@ CVE-2024-6877 (Improper Neutralization of Input
During Web Page Generation (XSS
NOT-FOR-US: Eliz Software Panel
CVE-2024-6641 (The WP Hardening \u2013 Fix Your WordPress Security plugin for
WordPre ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-6406 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+CVE-2024-6406 (Missing Authentication for Critical Function, Missing
Authorization vu ...)
NOT-FOR-US: Yordam Information Technology Mobile Library Application
CVE-2024-5960 (Plaintext Storage of a Password vulnerability in Eliz Software
Panel a ...)
NOT-FOR-US: Eliz Software Panel
@@ -125179,7 +125833,7 @@ CVE-2024-40457 (No-IP Dynamic Update Client (DUC)
v3.x uses cleartext credential
NOT-FOR-US: No-IP Dynamic Update Client (DUC)
CVE-2024-3306 (Authorization Bypass Through User-Controlled Key vulnerability
in Utar ...)
NOT-FOR-US: Utarit Information SoliClub
-CVE-2024-3305 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+CVE-2024-3305 (Authorization Bypass Through User-Controlled Key, Missing
Authorizatio ...)
NOT-FOR-US: Utarit Information SoliClub
CVE-2024-3163 (The Easy Property Listings WordPress plugin before 3.5.4 does
not have ...)
NOT-FOR-US: WordPress plugin
@@ -125892,7 +126546,7 @@ CVE-2024-35282 (A cleartext storage of sensitive
information in memory vulnerabi
NOT-FOR-US: Fortinet
CVE-2024-34831 (cross-site scripting (XSS) vulnerability in Gibbon Core
v26.0.00 allow ...)
NOT-FOR-US: Gibbon Core
-CVE-2024-33698 (A vulnerability has been identified in Opcenter Execution
Foundation ( ...)
+CVE-2024-33698 (A vulnerability has been identified in Opcenter Quality (All
versions ...)
NOT-FOR-US: Siemens
CVE-2024-33508 (An improper neutralization of special elements used in a
command('Comm ...)
NOT-FOR-US: Fortinet
@@ -126062,7 +126716,7 @@ CVE-2024-7318 (A vulnerability was found in Keycloak.
Expired OTP codes are stil
- keycloak <itp> (bug #1088287)
CVE-2024-7260 (An open redirect vulnerability was found in Keycloak. A
specially craf ...)
- keycloak <itp> (bug #1088287)
-CVE-2024-7015 (Improper Authentication, Missing Authentication for Critical
Function, ...)
+CVE-2024-7015 (Missing Authentication for Critical Function vulnerability in
Profelis ...)
NOT-FOR-US: Profelis Informatics and Consulting PassBox
CVE-2024-6796 (In Baxter Connex health portal released before 8/30/2024, an
improper ...)
NOT-FOR-US: Baxter Connex health portal
@@ -126410,7 +127064,7 @@ CVE-2024-21898 (An OS command injection vulnerability
has been reported to affec
NOT-FOR-US: QNAP
CVE-2024-21897 (A cross-site scripting (XSS) vulnerability has been reported
to affect ...)
NOT-FOR-US: QNAP
-CVE-2024-1744 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+CVE-2024-1744 (Authorization Bypass Through User-Controlled Key, Missing
Authorizatio ...)
NOT-FOR-US: Ariva Computer Accord ORS
CVE-2023-51368 (A NULL pointer dereference vulnerability has been reported to
affect s ...)
NOT-FOR-US: QNAP
@@ -127300,7 +127954,7 @@ CVE-2024-6473 (Yandex Browser for Desktop before
24.7.1.380 has a DLL Hijacking
NOT-FOR-US: Yandex Browser for Desktop
CVE-2024-4629 (A vulnerability was found in Keycloak. This flaw allows
attackers to b ...)
- keycloak <itp> (bug #1088287)
-CVE-2024-4259 (Improper Privilege Management vulnerability in SAMPA\u015e
Holding AKO ...)
+CVE-2024-4259 (Missing Authorization vulnerability in SAMPA\u015e Holding AKOS
(AkosC ...)
NOT-FOR-US: SAMPAS Holding AKOS
CVE-2024-45678 (Yubico YubiKey 5 Series devices with firmware before 5.7.0 and
YubiHSM ...)
NOT-FOR-US: YubiKeys
@@ -128152,7 +128806,7 @@ CVE-2024-5857 (The Interactive Contact Form and Multi
Step Form Builder with Dra
NOT-FOR-US: WordPress plugin
CVE-2024-5417 (The Gutentor WordPress plugin before 3.3.6 does not validate
and esca ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-4428 (Improper Privilege Management vulnerability in Menulux
Information Tec ...)
+CVE-2024-4428 (Missing Authentication for Critical Function, Missing
Authorization vu ...)
NOT-FOR-US: Menulux Information Technologies Managment Portal
CVE-2024-45440 (core/authorize.php in Drupal 11.x-dev allows Full Path
Disclosure (eve ...)
- drupal7 <removed>
@@ -141785,7 +142439,7 @@ CVE-2024-6163 (Certain http endpoints of Checkmk in
Checkmk < 2.3.0p10 < 2.2.0p3
- check-mk <removed>
CVE-2024-4882 (The user may be redirected to an arbitrary site in Sitefinity
15.1.832 ...)
NOT-FOR-US: Sitefinity
-CVE-2024-4341 (Improper Privilege Management vulnerability in Ekstrem Bir
Bilgisayar ...)
+CVE-2024-4341 (Authorization Bypass Through User-Controlled Key, Missing
Authorizatio ...)
NOT-FOR-US: Ekstrem Bir Bilgisayar Danismanlik Ic Ve Dis Ticaret Ltd.
Sti. Extreme XDS
CVE-2024-39896 (Directus is a real-time API and App dashboard for managing SQL
databas ...)
NOT-FOR-US: Directus
@@ -143595,11 +144249,11 @@ CVE-2024-24792 (Parsing a corrupt or malicious
image with invalid color indices
NOTE: https://github.com/golang/go/issues/67624
NOTE: https://go-review.googlesource.com/c/image/+/588115
NOTE: Fixed by:
https://github.com/golang/image/commit/3bbf4a659e56fde394e7214ddd17673223aca672
(v0.18.0)
-CVE-2024-1153 (Improper Access Control vulnerability in Talya Informatics
Travel APPS ...)
+CVE-2024-1153 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: Talya Informatics Travel APPS
CVE-2024-1107 (Authorization Bypass Through User-Controlled Key vulnerability
in Taly ...)
NOT-FOR-US: Talya Informatics Travel APPS
-CVE-2024-0949 (Improper Access Control, Missing Authorization, Incorrect
Authorizatio ...)
+CVE-2024-0949 (Missing Authentication, Files or Directories Accessible to
External Pa ...)
NOT-FOR-US: Elektraweb
CVE-2024-0947 (Reliance on Cookies without Validation and Integrity Checking
vulnerab ...)
NOT-FOR-US: Talya Informatics Elektraweb
@@ -150166,7 +150820,7 @@ CVE-2024-20405 (A vulnerability in the web-based
management interface of Cisco F
NOT-FOR-US: Cisco
CVE-2024-20404 (A vulnerability in the web-based management interface of Cisco
Finesse ...)
NOT-FOR-US: Cisco
-CVE-2024-1662 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+CVE-2024-1662 (Missing Authentication for Critical Function, Missing
Authorization vu ...)
NOT-FOR-US: PORTY Smart Tech Technology Joint Stock Company PowerBank
Application
CVE-2024-1272 (Inclusion of Sensitive Information in Source Code vulnerability
in TNB ...)
NOT-FOR-US: TNB Mobile Solutions Cockpit Software
@@ -150715,7 +151369,7 @@ CVE-2024-23360 (Memory corruption while creating a
LPAC client as LPAC engine wa
NOT-FOR-US: Qualcomm
CVE-2024-21478 (transient DOS when setting up a fence callback to free a KGSL
memory e ...)
NOT-FOR-US: Qualcomm
-CVE-2024-0336 (Improper Access Control vulnerability in EMTA Grup PDKS allows
Exploit ...)
+CVE-2024-0336 (Missing Authentication for Critical Function vulnerability in
EMTA Gru ...)
NOT-FOR-US: EMTA Grup PDKS
CVE-2023-52162 (Mercusys MW325R EU V3 (Firmware MW325R(EU)_V3_1.11.0 Build
221019) is ...)
NOT-FOR-US: Mercusys MW325R EU V3
@@ -458686,6 +459340,7 @@ CVE-2020-13757 (Python-RSA before 4.1 ignores leading
'\0' bytes during decrypti
NOTE: https://github.com/sybrenstuvel/python-rsa/issues/146
NOTE:
https://github.com/sybrenstuvel/python-rsa/commit/93af6f2f89a9bf28361e67716c4240e691520f30
(version-4.1)
CVE-2020-13756 (Sabberworm PHP CSS Parser before 8.3.1 calls eval on
uncontrolled data ...)
+ {DLA-4333-1}
- php-horde-css-parser 1.0.11-8.1 (bug #1104702)
[bookworm] - php-horde-css-parser <ignored> (Horde is non-functional in
Bookworm)
NOTE:
https://github.com/MyIntervals/PHP-CSS-Parser/commit/2ebf59e8bfbf6cfc1653a5f0ed743b95062c62a4
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dc50870704564b06276e75ee5e7e2b28e0ba5a03
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dc50870704564b06276e75ee5e7e2b28e0ba5a03
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
