Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6f0cdae0 by security tracker role at 2025-04-03T20:12:38+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,230 @@
-CVE-2025-31115 [Threaded decoder frees memory too early]
+CVE-2025-3190
+ REJECTED
+CVE-2025-3177 (A vulnerability was found in FastCMS 0.1.5. It has been
declared as cr ...)
+ TODO: check
+CVE-2025-3176 (A vulnerability was found in Project Worlds Online Lawyer
Management S ...)
+ TODO: check
+CVE-2025-3175 (A vulnerability was found in Project Worlds Online Lawyer
Management S ...)
+ TODO: check
+CVE-2025-3174 (A vulnerability has been found in Project Worlds Online Lawyer
Managem ...)
+ TODO: check
+CVE-2025-3173 (A vulnerability, which was classified as critical, was found in
Projec ...)
+ TODO: check
+CVE-2025-3172 (A vulnerability, which was classified as critical, has been
found in P ...)
+ TODO: check
+CVE-2025-3171 (A vulnerability classified as critical was found in Project
Worlds Onl ...)
+ TODO: check
+CVE-2025-3170 (A vulnerability classified as critical has been found in
Project World ...)
+ TODO: check
+CVE-2025-3169 (A vulnerability was found in Projeqtor up to 12.0.2. It has
been rated ...)
+ TODO: check
+CVE-2025-3168 (A vulnerability was found in PHPGurukul Time Table Generator
System 1. ...)
+ TODO: check
+CVE-2025-3167 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2025-3166 (A vulnerability classified as critical was found in
code-projects Prod ...)
+ TODO: check
+CVE-2025-3165 (A vulnerability classified as critical has been found in
thu-pacman ch ...)
+ TODO: check
+CVE-2025-3164 (A vulnerability was found in Tencent Music Entertainment
SuperSonic up ...)
+ TODO: check
+CVE-2025-3163 (A vulnerability was found in InternLM LMDeploy up to 0.7.1. It
has bee ...)
+ TODO: check
+CVE-2025-3162 (A vulnerability was found in InternLM LMDeploy up to 0.7.1. It
has bee ...)
+ TODO: check
+CVE-2025-3161 (A vulnerability was found in Tenda AC10 16.03.10.13 and
classified as ...)
+ TODO: check
+CVE-2025-3160 (A vulnerability has been found in Open Asset Import Library
Assimp 5.4 ...)
+ TODO: check
+CVE-2025-3159 (A vulnerability, which was classified as critical, was found in
Open A ...)
+ TODO: check
+CVE-2025-3158 (A vulnerability, which was classified as critical, has been
found in O ...)
+ TODO: check
+CVE-2025-3157 (A vulnerability was found in Intelbras WRN 150 1.0.15_pt_ITB01.
It has ...)
+ TODO: check
+CVE-2025-3155 (A flaw was found in Yelp. The Gnome user help application
allows the h ...)
+ TODO: check
+CVE-2025-32054 (In JetBrains IntelliJ IDEA before 2024.3, 2024.2.4 source code
could b ...)
+ TODO: check
+CVE-2025-32052 (A flaw was found in libsoup. A vulnerability in the
sniff_unknown() fu ...)
+ TODO: check
+CVE-2025-32051 (A flaw was found in libsoup. The libsoup
soup_uri_decode_data_uri() fu ...)
+ TODO: check
+CVE-2025-32050 (A flaw was found in libsoup. The libsoup append_param_quoted()
functio ...)
+ TODO: check
+CVE-2025-32049 (A flaw was found in libsoup. The SoupWebsocketConnection may
accept a ...)
+ TODO: check
+CVE-2025-31911 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-31909 (Missing Authorization vulnerability in NotFound Apptivo
Business Site ...)
+ TODO: check
+CVE-2025-31907 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-31905 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-31903 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-31902 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-31901 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-31900 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-31899 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-31898 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-31896 (Missing Authorization vulnerability in istmoplugins
GetBookingsWP allo ...)
+ TODO: check
+CVE-2025-31893 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-31876 (Missing Authorization vulnerability in gunnarpayday Payday
allows Expl ...)
+ TODO: check
+CVE-2025-31858 (Missing Authorization vulnerability in matthewrubin Local
Magic allows ...)
+ TODO: check
+CVE-2025-31841 (Missing Authorization vulnerability in Frank P. Walentynowicz
FPW Cate ...)
+ TODO: check
+CVE-2025-31827 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2025-31825 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2025-31800 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2025-31795 (Missing Authorization vulnerability in Plugin Devs Shopify to
WooComme ...)
+ TODO: check
+CVE-2025-31794 (Missing Authorization vulnerability in Web Ready Now WR Price
List Man ...)
+ TODO: check
+CVE-2025-31789 (Missing Authorization vulnerability in Matat Technologies
TextMe SMS a ...)
+ TODO: check
+CVE-2025-31768 (Missing Authorization vulnerability in OTWthemes Widget
Manager Light ...)
+ TODO: check
+CVE-2025-31758 (Missing Authorization vulnerability in BinaryCarpenter Free
Woocommerc ...)
+ TODO: check
+CVE-2025-31746 (Missing Authorization vulnerability in Think201 Clients allows
Exploit ...)
+ TODO: check
+CVE-2025-31739 (Missing Authorization vulnerability in Manuel Schmalstieg
Minimalistic ...)
+ TODO: check
+CVE-2025-31736 (Missing Authorization vulnerability in richtexteditor Rich
Text Editor ...)
+ TODO: check
+CVE-2025-31729 (Missing Authorization vulnerability in jeffikus WooTumblog
allows Expl ...)
+ TODO: check
+CVE-2025-31626 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-31622 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-31582 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-31581 (Missing Authorization vulnerability in Sandeep Kumar WP Video
Playlist ...)
+ TODO: check
+CVE-2025-31573 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-31558 (Insertion of Sensitive Information into Externally-Accessible
File or ...)
+ TODO: check
+CVE-2025-31554 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2025-31541 (Missing Authorization vulnerability in turitop TuriTop Booking
System ...)
+ TODO: check
+CVE-2025-31536 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-31489 (MinIO is a High Performance Object Storage released under GNU
Affero G ...)
+ TODO: check
+CVE-2025-31487 (The XWiki JIRA extension provides various integration points
between X ...)
+ TODO: check
+CVE-2025-31486 (Vite is a frontend tooling framework for javascript. The
contents of a ...)
+ TODO: check
+CVE-2025-31485 (API Platform Core is a system to create hypermedia-driven REST
and Gra ...)
+ TODO: check
+CVE-2025-31483 (Miniflux is a feed reader. Due to a weak Content Security
Policy on th ...)
+ TODO: check
+CVE-2025-31481 (API Platform Core is a system to create hypermedia-driven REST
and Gra ...)
+ TODO: check
+CVE-2025-31468 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-31467 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-31442 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-31436 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-31161 (CrushFTP 10 before 10.8.4 and 11 before 11.3.1 allows
authentication b ...)
+ TODO: check
+CVE-2025-31127 (Element X Android is a Matrix Android Client provided by
element.io. I ...)
+ TODO: check
+CVE-2025-31126 (Element X iOS is a Matrix iOS Client provided by Element. In
Element X ...)
+ TODO: check
+CVE-2025-31119 (generator-jhipster-entity-audit is a JHipster module to enable
entity ...)
+ TODO: check
+CVE-2025-31098 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-31091 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-30916 (Missing Authorization vulnerability in enituretechnology
Residential A ...)
+ TODO: check
+CVE-2025-30915 (Missing Authorization vulnerability in enituretechnology Small
Package ...)
+ TODO: check
+CVE-2025-30908 (Cross-Site Request Forgery (CSRF) vulnerability in Shamalli
Web Direct ...)
+ TODO: check
+CVE-2025-30889 (Deserialization of Untrusted Data vulnerability in PickPlugins
Testimo ...)
+ TODO: check
+CVE-2025-30858 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-30616 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-30611 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-30596 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2025-30406 (Gladinet CentreStack through 16.1.10296.56315 (fixed in
16.4.10315.563 ...)
+ TODO: check
+CVE-2025-2946 (pgAdmin <= 9.1 is affected by a security vulnerability with
Cross-Site ...)
+ TODO: check
+CVE-2025-2945 (Remote Code Execution security vulnerability in pgAdmin 4
(Query Tool ...)
+ TODO: check
+CVE-2025-2299 (The LuckyWP Table of Contents plugin for WordPress is
vulnerable to Cr ...)
+ TODO: check
+CVE-2025-29987 (Dell PowerProtect Data Domain with Data Domain Operating
System (DD OS ...)
+ TODO: check
+CVE-2025-29647 (SeaCMS v13.3 has a SQL injection vulnerability in the
component admin_ ...)
+ TODO: check
+CVE-2025-29570 (An issue in Shenzhen Libituo Technology Co., Ltd LBT-T300-T400
v3.2 al ...)
+ TODO: check
+CVE-2025-29504 (Insecure Permission vulnerability in student-manage 1 allows a
local a ...)
+ TODO: check
+CVE-2025-29462 (A buffer overflow vulnerability has been discovered in Tenda
Ac15 V15. ...)
+ TODO: check
+CVE-2025-29369 (Code-Projects Matrimonial Site V1.0 is vulnerable to SQL
Injection in ...)
+ TODO: check
+CVE-2025-29064 (An issue in TOTOLINK x18 v.9.1.0cu.2024_B20220329 allows a
remote atta ...)
+ TODO: check
+CVE-2025-26818 (Netwrix Password Secure through 9.2 allows command injection.)
+ TODO: check
+CVE-2025-26817 (Netwrix Password Secure 9.2.0.32454 allows OS command
injection.)
+ TODO: check
+CVE-2025-22931 (An insecure direct object reference (IDOR) in the component
/assets/st ...)
+ TODO: check
+CVE-2025-22930 (OS4ED openSIS v7.0 to v9.1 was discovered to contain a SQL
injection v ...)
+ TODO: check
+CVE-2025-22929 (OS4ED openSIS v7.0 to v9.1 was discovered to contain a SQL
injection v ...)
+ TODO: check
+CVE-2025-22928 (OS4ED openSIS v7.0 to v9.1 was discovered to contain a SQL
injection v ...)
+ TODO: check
+CVE-2025-22927 (An issue in OS4ED openSIS v8.0 through v9.1 allows attackers
to execut ...)
+ TODO: check
+CVE-2025-22926 (An issue in OS4ED openSIS v8.0 through v9.1 allows attackers
to execut ...)
+ TODO: check
+CVE-2025-22457 (A stack-based buffer overflow in Ivanti Connect Secure before
version ...)
+ TODO: check
+CVE-2025-0272 (HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection.
This v ...)
+ TODO: check
+CVE-2024-9416 (The Modula Image Gallery plugin for WordPress is vulnerable to
Stored ...)
+ TODO: check
+CVE-2024-45198 (insightsoftware Spark JDBC 2.6.21 has a remote code execution
vulnerab ...)
+ TODO: check
+CVE-2024-22611 (OpenEMR 7.0.2 is vulnerable to SQL Injection via
\openemr\library\clas ...)
+ TODO: check
+CVE-2023-47639 (API Platform Core is a system to create hypermedia-driven REST
and Gra ...)
+ TODO: check
+CVE-2025-31115 (XZ Utils provide a general-purpose data-compression library
plus comma ...)
- xz-utils <unfixed>
[bullseye] - xz-utils <not-affected> (Vulnerable code introduce later)
NOTE: https://www.openwall.com/lists/oss-security/2025/04/03/1
@@ -100,7 +326,7 @@ CVE-2025-2784 (A flaw was found in libsoup. The package is
vulnerable to a heap
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/libsoup/-/commit/c415ad0b6771992e66c70edf373566c6e247089d
(3.6.5)
NOTE: Depends on:
https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/435
NOTE:
https://gitlab.gnome.org/GNOME/libsoup/-/commit/242a10fbb12dbdc12d254bd8fc8669a0ac055304
(3.6.5)
-CVE-2025-32053
+CVE-2025-32053 (A flaw was found in libsoup. A vulnerability in
sniff_feed_or_html() a ...)
- libsoup3 3.6.1-1
- libsoup2.4 <unfixed>
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/issues/426
@@ -190,7 +416,7 @@ CVE-2024-37917 (Pexip Infinity before 35.0 has improper
input validation that al
NOT-FOR-US: Pexip Infinity
CVE-2024-13673 (The Big Boom Directory plugin for WordPress is vulnerable to
Stored Cr ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-53868 [request smuggling via chunked messages]
+CVE-2024-53868 (Apache Traffic Server allows request smuggling if chunked
messages are ...)
- trafficserver <unfixed> (bug #1101996)
NOTE: https://www.openwall.com/lists/oss-security/2025/04/02/4
NOTE:
https://github.com/apache/trafficserver/commit/f266206adb95951436a21850cef2ad8e9e4a28cf
@@ -1283,7 +1509,7 @@ CVE-2025-3034 (Memory safety bugs present in Firefox 136
and Thunderbird 136. So
- firefox 137.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-20/#CVE-2025-3034
CVE-2025-3030 (Memory safety bugs present in Firefox 136, Thunderbird 136,
Firefox ES ...)
- {DSA-5889-1 DLA-4110-1 DLA-4109-1}
+ {DSA-5891-1 DSA-5889-1 DLA-4110-1 DLA-4109-1}
- firefox 137.0-1
- firefox-esr 128.9.0esr-1
- thunderbird 1:128.9.0esr-1
@@ -1297,7 +1523,7 @@ CVE-2025-3035 (By first using the AI chatbot in one tab
and later activating it
- firefox 137.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-20/#CVE-2025-3035
CVE-2025-3029 (A crafted URL containing specific Unicode characters could have
hidden ...)
- {DSA-5889-1 DLA-4110-1 DLA-4109-1}
+ {DSA-5891-1 DSA-5889-1 DLA-4110-1 DLA-4109-1}
- firefox 137.0-1
- firefox-esr 128.9.0esr-1
- thunderbird 1:128.9.0esr-1
@@ -1311,7 +1537,7 @@ CVE-2025-3031 (An attacker could read 32 bits of values
spilled onto the stack i
- firefox 137.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-20/#CVE-2025-3031
CVE-2025-3028 (JavaScript code running while transforming a document with the
XSLTPro ...)
- {DSA-5889-1 DLA-4110-1 DLA-4109-1}
+ {DSA-5891-1 DSA-5889-1 DLA-4110-1 DLA-4109-1}
- firefox 137.0-1
- firefox-esr 128.9.0esr-1
- thunderbird 1:128.9.0esr-1
@@ -4960,6 +5186,7 @@ CVE-2024-13737 (The Motors \u2013 Car Dealer, Classifieds
& Listing plugin for W
CVE-2025-26796 (** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of
Input Durin ...)
NOT-FOR-US: Apache Oozie
CVE-2025-30349 (Horde IMP through 6.2.27, as used with Horde Application
Framework thr ...)
+ {DLA-4113-1}
- php-horde-imp <unfixed> (bug #1102003)
[bookworm] - php-horde-imp <ignored> (Horde in Bookworm is broken due
to PHP 8 issues and will be removed in the next point release)
NOTE:
https://web.archive.org/web/20250321152616/https://lists.horde.org/archives/imp/Week-of-Mon-20250317/057781.html
@@ -80600,7 +80827,7 @@ CVE-2024-5594 (OpenVPN before 2.6.11 does not santize
PUSH_REPLY messages proper
- openvpn 2.6.11-1 (bug #1074488)
[bookworm] - openvpn <no-dsa> (Minor issue)
NOTE:
https://github.com/OpenVPN/openvpn/commit/90e7a858e5594d9a019ad2b4ac6154124986291a
(v2.6.11)
-CVE-2024-4877
+CVE-2024-4877 (OpenVPN version 2.4.0 through 2.6.10 on Windows allows an
external, le ...)
- openvpn <not-affected> (Only affects Windows)
CVE-2024-6269 (A vulnerability has been found in Ruijie RG-UAC 1.0 and
classified as ...)
NOT-FOR-US: Ruijie RG-UAC
@@ -181998,7 +182225,7 @@ CVE-2023-26544 (In the Linux kernel 6.0.8, there is a
use-after-free in run_unpa
NOTE: NTFS3 driver not enabled in Debian.
CVE-2023-1031 (MonicaHQ version 4.0.0 allows an authenticated remote attacker
to exec ...)
NOT-FOR-US: MonicaHQ
-CVE-2023-1030 (A vulnerability has been found in SourceCodester Online Boat
Reservati ...)
+CVE-2023-1030 (A vulnerability has been found in SourceCodester/code-projects
Online ...)
NOT-FOR-US: SourceCodester Online BoatReservation System
CVE-2023-1029 (The WP Meta SEO plugin for WordPress is vulnerable to
Cross-Site Reque ...)
NOT-FOR-US: WP Meta SEO plugin for WordPress
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f0cdae0ff2d6084a2954ab15b70605269c23004
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f0cdae0ff2d6084a2954ab15b70605269c23004
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
