Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6aecc422 by security tracker role at 2025-03-31T20:12:29+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,306 @@
-CVE-2025-21893 [keys: Fix UAF in key_put()]
+CVE-2025-3048 (After completing a build with AWS Serverless Application Model
Command ...)
+ TODO: check
+CVE-2025-3047 (When running the AWS Serverless Application Model Command Line
Interfa ...)
+ TODO: check
+CVE-2025-3027 (The vulnerability exists in the EJBCA service, version 8.0
Enterprise. ...)
+ TODO: check
+CVE-2025-3026 (The vulnerability exists in the EJBCA service, version 8.0
Enterprise. ...)
+ TODO: check
+CVE-2025-3022 (Os command injection vulnerability in e-solutions e-management.
This v ...)
+ TODO: check
+CVE-2025-3021 (Path Traversal vulnerability in e-solutions e-management. This
vulnera ...)
+ TODO: check
+CVE-2025-3010 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2025-3009 (A vulnerability classified as critical was found in Jinher
Network OA ...)
+ TODO: check
+CVE-2025-3008 (A vulnerability classified as critical has been found in
Novastar CX40 ...)
+ TODO: check
+CVE-2025-3007 (A vulnerability was found in Novastar CX40 up to 2.44.0. It has
been r ...)
+ TODO: check
+CVE-2025-3006 (A vulnerability was found in PHPGurukul e-Diary Management
System 1.0. ...)
+ TODO: check
+CVE-2025-3005 (A vulnerability was found in Sayski ForestBlog up to 20250321
and clas ...)
+ TODO: check
+CVE-2025-3004 (A vulnerability has been found in Sayski ForestBlog up to
20250321 and ...)
+ TODO: check
+CVE-2025-3003 (A vulnerability, which was classified as critical, was found in
ESAFEN ...)
+ TODO: check
+CVE-2025-3002 (A vulnerability, which was classified as critical, has been
found in D ...)
+ TODO: check
+CVE-2025-3001 (A vulnerability classified as critical was found in PyTorch
2.6.0. Thi ...)
+ TODO: check
+CVE-2025-3000 (A vulnerability classified as critical has been found in
PyTorch 2.6.0 ...)
+ TODO: check
+CVE-2025-31629 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-31627 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-31625 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-31624 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-31623 (Cross-Site Request Forgery (CSRF) vulnerability in
richtexteditor Rich ...)
+ TODO: check
+CVE-2025-31621 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-31620 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-31618 (Missing Authorization vulnerability in Jaap Jansma Connector
to CiviCR ...)
+ TODO: check
+CVE-2025-31617 (Cross-Site Request Forgery (CSRF) vulnerability in Gagan Deep
Singh Po ...)
+ TODO: check
+CVE-2025-31616 (Cross-Site Request Forgery (CSRF) vulnerability in AdminGeekZ
Varnish ...)
+ TODO: check
+CVE-2025-31615 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-31614 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-31613 (Cross-Site Request Forgery (CSRF) vulnerability in Aboobacker.
AB Goog ...)
+ TODO: check
+CVE-2025-31611 (Missing Authorization vulnerability in Shaharia Azam Auto Post
After I ...)
+ TODO: check
+CVE-2025-31610 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-31609 (Missing Authorization vulnerability in Arni Cinco WPCargo
Track & Trac ...)
+ TODO: check
+CVE-2025-31608 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-31607 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-31606 (Missing Authorization vulnerability in softpulseinfotech SP
Blog Desig ...)
+ TODO: check
+CVE-2025-31605 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-31604 (Improper Neutralization of Script-Related HTML Tags in a Web
Page (Bas ...)
+ TODO: check
+CVE-2025-31603 (Missing Authorization vulnerability in moshensky CF7
Spreadsheets allo ...)
+ TODO: check
+CVE-2025-31602 (Cross-Site Request Forgery (CSRF) vulnerability in
apimofficiel Apimo ...)
+ TODO: check
+CVE-2025-31601 (Cross-Site Request Forgery (CSRF) vulnerability in appointy
Appointy A ...)
+ TODO: check
+CVE-2025-31600 (Cross-Site Request Forgery (CSRF) vulnerability in designnbuy
DesignO ...)
+ TODO: check
+CVE-2025-31598 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-31597 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-31596 (Missing Authorization vulnerability in Chatwee Chat by Chatwee
allows ...)
+ TODO: check
+CVE-2025-31595 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-31593 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-31592 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-31591 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-31590 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-31589 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-31588 (Cross-Site Request Forgery (CSRF) vulnerability in elfsight
Elfsight T ...)
+ TODO: check
+CVE-2025-31587 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-31586 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-31585 (Cross-Site Request Forgery (CSRF) vulnerability in leadfox
Leadfox for ...)
+ TODO: check
+CVE-2025-31584 (Missing Authorization vulnerability in elfsight Elfsight
Testimonials ...)
+ TODO: check
+CVE-2025-31583 (Cross-Site Request Forgery (CSRF) vulnerability in Ashish
Ajani WP Cop ...)
+ TODO: check
+CVE-2025-31577 (Unrestricted Upload of File with Dangerous Type vulnerability
in appoi ...)
+ TODO: check
+CVE-2025-31576 (Missing Authorization vulnerability in Gagan Deep Singh
PostmarkApp Em ...)
+ TODO: check
+CVE-2025-31575 (Improper Neutralization of Script-Related HTML Tags in a Web
Page (Bas ...)
+ TODO: check
+CVE-2025-31574 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-31572 (Cross-Site Request Forgery (CSRF) vulnerability in v20202020
Multi Day ...)
+ TODO: check
+CVE-2025-31570 (Cross-Site Request Forgery (CSRF) vulnerability in wp-buy
Related Post ...)
+ TODO: check
+CVE-2025-31569 (Cross-Site Request Forgery (CSRF) vulnerability in wp-buy
wordpress re ...)
+ TODO: check
+CVE-2025-31567 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-31566 (Cross-Site Request Forgery (CSRF) vulnerability in riosisgroup
Rio Vid ...)
+ TODO: check
+CVE-2025-31562 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-31559 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-31557 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-31556 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-31555 (Missing Authorization vulnerability in ContentMX ContentMX
Content Pub ...)
+ TODO: check
+CVE-2025-31549 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-31547 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-31546 (Missing Authorization vulnerability in WP Messiah Swiss
Toolkit For WP ...)
+ TODO: check
+CVE-2025-31545 (Missing Authorization vulnerability in WP Messiah Safe Ai
Malware Prot ...)
+ TODO: check
+CVE-2025-31544 (Missing Authorization vulnerability in WP Messiah Swiss
Toolkit For WP ...)
+ TODO: check
+CVE-2025-31543 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-31542 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-31540 (Missing Authorization vulnerability in acmemediakits ACME Divi
Modules ...)
+ TODO: check
+CVE-2025-31539 (Missing Authorization vulnerability in Blocksera
Cryptocurrency Widget ...)
+ TODO: check
+CVE-2025-31538 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-31535 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-31533 (Missing Authorization vulnerability in Salesmate.io Salesmate
Add-On f ...)
+ TODO: check
+CVE-2025-31532 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-31530 (Missing Authorization vulnerability in smackcoders Google SEO
Pressor ...)
+ TODO: check
+CVE-2025-31529 (Missing Authorization vulnerability in Rashid Slider Path for
Elemento ...)
+ TODO: check
+CVE-2025-31528 (Missing Authorization vulnerability in wokamoto StaticPress
allows Exp ...)
+ TODO: check
+CVE-2025-31527 (Server-Side Request Forgery (SSRF) vulnerability in Kishan WP
Link Pre ...)
+ TODO: check
+CVE-2025-31526 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-31419 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-31410 (Cross-Site Request Forgery (CSRF) vulnerability in Ashish
Ajani WP Chu ...)
+ TODO: check
+CVE-2025-31406 (Subscriber Broken Access Control in ELEX WooCommerce Request a
Quote < ...)
+ TODO: check
+CVE-2025-31386 (Missing Authorization vulnerability in Simplepress
Simple:Press allows ...)
+ TODO: check
+CVE-2025-31376 (Missing Authorization vulnerability in Mayeenul Islam
NanoSupport allo ...)
+ TODO: check
+CVE-2025-31129 (Jooby is a web framework for Java and Kotlin. The pac4j
io.jooby.inter ...)
+ TODO: check
+CVE-2025-31128 (gifplayer is a customizable jquery plugin to play and stop
animated gi ...)
+ TODO: check
+CVE-2025-31125 (Vite is a frontend tooling framework for javascript. Vite
exposes cont ...)
+ TODO: check
+CVE-2025-31124 (Zitadel is open-source identity infrastructure software.
ZITADEL admin ...)
+ TODO: check
+CVE-2025-31123 (Zitadel is open-source identity infrastructure software. A
vulnerabili ...)
+ TODO: check
+CVE-2025-31122 (scratch-coding-hut.github.io is the website for Coding Hut. In
1.0-bet ...)
+ TODO: check
+CVE-2025-31117 (OpenEMR is a free and open source electronic health records
and medica ...)
+ TODO: check
+CVE-2025-31116 (Mobile Security Framework (MobSF) is a pen-testing, malware
analysis a ...)
+ TODO: check
+CVE-2025-30963 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-30961 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-30369 (Zulip is an open-source team collaboration tool. The API for
deleting ...)
+ TODO: check
+CVE-2025-30368 (Zulip is an open-source team collaboration tool. The API for
deleting ...)
+ TODO: check
+CVE-2025-30223 (Beego is an open-source web framework for the Go programming
language. ...)
+ TODO: check
+CVE-2025-30209 (Tuleap is an Open Source Suite to improve management of
software devel ...)
+ TODO: check
+CVE-2025-30203 (Tuleap is an Open Source Suite to improve management of
software devel ...)
+ TODO: check
+CVE-2025-30161 (OpenEMR is a free and open source electronic health records
and medica ...)
+ TODO: check
+CVE-2025-30155 (Tuleap is an Open Source Suite to improve management of
software devel ...)
+ TODO: check
+CVE-2025-30149 (OpenEMR is a free and open source electronic health records
and medica ...)
+ TODO: check
+CVE-2025-30095 (VyOS 1.3 through 1.5 or any Debian-based system using dropbear
in comb ...)
+ TODO: check
+CVE-2025-30006 (Xorcom CompletePBX is vulnerable to a reflected cross-site
scripting ( ...)
+ TODO: check
+CVE-2025-30005 (Xorcom CompletePBX is vulnerable to a path traversal via the
Diagnosti ...)
+ TODO: check
+CVE-2025-30004 (Xorcom CompletePBX is vulnerable to command injection in the
administr ...)
+ TODO: check
+CVE-2025-2999 (A vulnerability was found in PyTorch 2.6.0. It has been rated
as criti ...)
+ TODO: check
+CVE-2025-2998 (A vulnerability was found in PyTorch 2.6.0. It has been
declared as cr ...)
+ TODO: check
+CVE-2025-2997 (A vulnerability was found in zhangyanbo2007 youkefu 4.2.0. It
has been ...)
+ TODO: check
+CVE-2025-2996 (A vulnerability was found in Tenda FH1202 1.2.0.14(408) and
classified ...)
+ TODO: check
+CVE-2025-2995 (A vulnerability has been found in Tenda FH1202 1.2.0.14(408)
and class ...)
+ TODO: check
+CVE-2025-2994 (A vulnerability, which was classified as critical, was found in
Tenda ...)
+ TODO: check
+CVE-2025-2993 (A vulnerability, which was classified as critical, has been
found in T ...)
+ TODO: check
+CVE-2025-2992 (A vulnerability classified as critical was found in Tenda
FH1202 1.2.0 ...)
+ TODO: check
+CVE-2025-2991 (A vulnerability classified as critical has been found in Tenda
FH1202 ...)
+ TODO: check
+CVE-2025-2990 (A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has
been r ...)
+ TODO: check
+CVE-2025-2989 (A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has
been d ...)
+ TODO: check
+CVE-2025-2985 (A vulnerability was found in code-projects Payroll Management
System 1 ...)
+ TODO: check
+CVE-2025-2984 (A vulnerability was found in code-projects Payroll Management
System 1 ...)
+ TODO: check
+CVE-2025-2794 (An unsafe reflection vulnerability in Kentico Xperience allows
an unau ...)
+ TODO: check
+CVE-2025-2586 (A flaw was found in the OpenShift Lightspeed Service, which is
vulnera ...)
+ TODO: check
+CVE-2025-2292 (Xorcom CompletePBX is vulnerable to an authenticated path
traversal, a ...)
+ TODO: check
+CVE-2025-2072 (A Reflected Cross-Site Scripting (XSS) vulnerability has been
discover ...)
+ TODO: check
+CVE-2025-2071 (A critical OS Command Injection vulnerability has been
identified in t ...)
+ TODO: check
+CVE-2025-29929 (Tuleap is an Open Source Suite to improve management of
software devel ...)
+ TODO: check
+CVE-2025-29908 (Netty QUIC codec is a QUIC codec for netty which makes use of
quiche. ...)
+ TODO: check
+CVE-2025-29772 (OpenEMR is a free and open source electronic health records
and medica ...)
+ TODO: check
+CVE-2025-29766 (Tuleap is an Open Source Suite to improve management of
software devel ...)
+ TODO: check
+CVE-2025-29266 (Unraid 7.0.0 before 7.0.1 allows remote users to access the
Unraid Web ...)
+ TODO: check
+CVE-2025-27149 (Zulip server provides an open-source team chat that helps
teams stay p ...)
+ TODO: check
+CVE-2025-27095 (JumpServer is an open source bastion host and an operation and
mainten ...)
+ TODO: check
+CVE-2025-23995 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-22941 (A command injection vulnerability in the web interface of
Adtran 411 O ...)
+ TODO: check
+CVE-2025-22940 (Incorrect access control in Adtran 411 ONT L80.00.0011.M2
allows unaut ...)
+ TODO: check
+CVE-2025-22939 (A command injection vulnerability in the telnet service of
Adtran 411 ...)
+ TODO: check
+CVE-2025-22938 (Adtran 411 ONT L80.00.0011.M2 was discovered to contain weak
default p ...)
+ TODO: check
+CVE-2025-22937 (An issue in Adtran 411 ONT vL80.00.0011.M2 allows attackers to
escalat ...)
+ TODO: check
+CVE-2025-1449 (A vulnerability exists in the Rockwell Automation Verve Asset
Manager ...)
+ TODO: check
+CVE-2024-55093 (phpIPAM through 1.7.3 has a reflected Cross-Site Scripting
(XSS) vulne ...)
+ TODO: check
+CVE-2024-12021 (Coverity versions prior to 2024.9.0 are vulnerable to stored
cross-sit ...)
+ TODO: check
+CVE-2023-33302 (A buffer copy without checking size of input ('classic buffer
overflow ...)
+ TODO: check
+CVE-2025-21893 (In the Linux kernel, the following vulnerability has been
resolved: k ...)
- linux 6.12.21-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -537,6 +839,7 @@ CVE-2025-22739 (Missing Authorization vulnerability in
ThimPress LearnPress allo
CVE-2025-22398 (Dell Unity, version(s) 5.4 and prior, contain(s) an Improper
Neutraliz ...)
NOT-FOR-US: Dell / EMC
CVE-2025-1860 (Data::Entropy for Perl 0.007 and earlier use the rand()
function as th ...)
+ {DLA-4100-1}
- libdata-entropy-perl 0.008-1 (bug #1101503)
[bookworm] - libdata-entropy-perl <no-dsa> (Minor issue)
NOTE: https://lists.security.metacpan.org/cve-announce/msg/28284586/
@@ -65935,7 +66238,7 @@ CVE-2024-42259 (In the Linux kernel, the following
vulnerability has been resolv
NOTE:
https://git.kernel.org/linus/8bdd9ef7e9b1b2a73e394712b72b22055e0e26c3 (6.11-rc3)
NOTE: https://project-zero.issues.chromium.org/issues/42451707
CVE-2024-42472 (Flatpak is a Linux application sandboxing and distribution
framework. ...)
- {DSA-5749-1}
+ {DSA-5749-1 DLA-4099-1}
- flatpak 1.14.10-1 (bug #1082927)
NOTE: https://github.com/flatpak/flatpak/releases/tag/1.14.10
NOTE: Requisite:
https://github.com/flatpak/flatpak/commit/8a18137d7e80f0575e8defabf677d81e5cc3a788
(1.14.10)
@@ -111144,7 +111447,7 @@ CVE-2024-28231 (eprosima Fast DDS is a C++
implementation of the Data Distributi
NOTE:
https://github.com/eProsima/Fast-DDS/commit/355706386f4af9ce74125eeec3c449b06113112b
(v2.14.0)
CVE-2024-28179 (Jupyter Server Proxy allows users to run arbitrary external
processes ...)
NOT-FOR-US: Jupyter Server Proxy
-CVE-2024-27286 (Zulip is an open-source team collaboration. When a user moves
a Zulip ...)
+CVE-2024-27286 (Zulip is an open-source team collaboration tool. When a user
moves a Z ...)
- zulip-server <itp> (bug #800052)
CVE-2024-27105 (Frappe is a full-stack web application framework. Prior to
versions 14 ...)
NOT-FOR-US: Frappe Framework
@@ -181476,8 +181779,8 @@ CVE-2023-22329 (Improper input validation in the BIOS
firmware for some Intel(R)
NOT-FOR-US: Intel
CVE-2023-0882 (Improper Input Validation, Authorization Bypass Through
User-Controlle ...)
NOT-FOR-US: Kron Tech Single Connect
-CVE-2023-0881
- RESERVED
+CVE-2023-0881 (Running DDoS on tcp port 22 will trigger a kernel crash. This
issue is ...)
+ TODO: check
CVE-2023-0880 (Misinterpretation of Input in GitHub repository
thorsten/phpmyfaq prio ...)
NOT-FOR-US: phpmyfaq
CVE-2023-0879 (Cross-site Scripting (XSS) - Stored in GitHub repository
btcpayserver/ ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6aecc4224d29c6cbd548a389b54c7f1d11e73255
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6aecc4224d29c6cbd548a389b54c7f1d11e73255
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
