[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Thu, 10 Apr 2025 13:12:56 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
b09f2604 by security tracker role at 2025-04-10T20:12:37+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,14 +1,156 @@
-CVE-2025-32700
+CVE-2025-32755 (In jenkins/ssh-slave Docker images based on Debian, SSH host 
keys are  ...)
+       TODO: check
+CVE-2025-32754 (In jenkins/ssh-agent Docker images 6.11.1 and earlier, SSH 
host keys a ...)
+       TODO: check
+CVE-2025-32743 (In ConnMan through 1.44, the lookup string in ns_resolv in 
dnsproxy.c  ...)
+       TODO: check
+CVE-2025-32687 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+       TODO: check
+CVE-2025-32668 (Improper Control of Filename for Include/Require Statement in 
PHP Prog ...)
+       TODO: check
+CVE-2025-32395 (Vite is a frontend tooling framework for javascript. Prior to 
6.2.6, 6 ...)
+       TODO: check
+CVE-2025-32391 (HedgeDoc is an open source, real-time, collaborative, markdown 
notes a ...)
+       TODO: check
+CVE-2025-32383 (MaxKB (Max Knowledge Base) is an open source knowledge base 
question-a ...)
+       TODO: check
+CVE-2025-32382 (Metabase is an open source Business Intelligence and Embedded 
Analytic ...)
+       TODO: check
+CVE-2025-32282 (Cross-Site Request Forgery (CSRF) vulnerability in ShareThis 
ShareThis ...)
+       TODO: check
+CVE-2025-32275 (Authentication Bypass by Spoofing vulnerability in Ays Pro 
Survey Make ...)
+       TODO: check
+CVE-2025-32260 (Missing Authorization vulnerability in Detheme DethemeKit For 
Elemento ...)
+       TODO: check
+CVE-2025-32259 (Missing Authorization vulnerability in Alimir WP ULike. This 
issue aff ...)
+       TODO: check
+CVE-2025-32244 (Missing Authorization vulnerability in QuantumCloud SEO Help 
allows Ex ...)
+       TODO: check
+CVE-2025-32243 (Missing Authorization vulnerability in Toast Plugins Internal 
Link Opt ...)
+       TODO: check
+CVE-2025-32242 (Missing Authorization vulnerability in Hive Support Hive 
Support allow ...)
+       TODO: check
+CVE-2025-32240 (Missing Authorization vulnerability in NotFound Site Notify 
allows Exp ...)
+       TODO: check
+CVE-2025-32236 (Missing Authorization vulnerability in Vagonic Woocommerce 
Products Re ...)
+       TODO: check
+CVE-2025-32230 (Improper Neutralization of Script-Related HTML Tags in a Web 
Page (Bas ...)
+       TODO: check
+CVE-2025-32228 (Exposure of Sensitive System Information to an Unauthorized 
Control Sp ...)
+       TODO: check
+CVE-2025-32227 (Authentication Bypass by Spoofing vulnerability in Asgaros 
Asgaros For ...)
+       TODO: check
+CVE-2025-32221 (Missing Authorization vulnerability in Spider Themes EazyDocs 
allows E ...)
+       TODO: check
+CVE-2025-32216 (Missing Authorization vulnerability in Spider Themes Spider 
Elements \ ...)
+       TODO: check
+CVE-2025-32215 (Unrestricted Upload of File with Dangerous Type vulnerability 
in Abili ...)
+       TODO: check
+CVE-2025-32214 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-32213 (Missing Authorization vulnerability in flothemesplugins Flo 
Forms allo ...)
+       TODO: check
+CVE-2025-32212 (Missing Authorization vulnerability in Specia Theme Specia 
Companion a ...)
+       TODO: check
+CVE-2025-32210 (Missing Authorization vulnerability in CreativeMindsSolutions 
CM Regis ...)
+       TODO: check
+CVE-2025-32209 (Improper Limitation of a Pathname to a Restricted Directory 
('Path Tra ...)
+       TODO: check
+CVE-2025-32208 (Missing Authorization vulnerability in Hive Support Hive 
Support allow ...)
+       TODO: check
+CVE-2025-32206 (Unrestricted Upload of File with Dangerous Type vulnerability 
in LABCA ...)
+       TODO: check
+CVE-2025-32205 (Improper Limitation of a Pathname to a Restricted Directory 
('Path Tra ...)
+       TODO: check
+CVE-2025-32202 (Unrestricted Upload of File with Dangerous Type vulnerability 
in Brian ...)
+       TODO: check
+CVE-2025-32199 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-32198 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-32160 (Improper Control of Filename for Include/Require Statement in 
PHP Prog ...)
+       TODO: check
+CVE-2025-32158 (Improper Control of Filename for Include/Require Statement in 
PHP Prog ...)
+       TODO: check
+CVE-2025-32145 (Deserialization of Untrusted Data vulnerability in 
magepeopleteam WpEv ...)
+       TODO: check
+CVE-2025-32140 (Unrestricted Upload of File with Dangerous Type vulnerability 
in Nirma ...)
+       TODO: check
+CVE-2025-32139 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-32128 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+       TODO: check
+CVE-2025-32119 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+       TODO: check
+CVE-2025-32116 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-32115 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-32114 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-32027 (Yii is an open source PHP web framework. Prior to 1.1.31, 
yiisoft/yii  ...)
+       TODO: check
+CVE-2025-31524 (Incorrect Privilege Assignment vulnerability in NotFound WP 
User Profi ...)
+       TODO: check
+CVE-2025-31411 (Improper Limitation of a Pathname to a Restricted Directory 
('Path Tra ...)
+       TODO: check
+CVE-2025-30582 (Improper Limitation of a Pathname to a Restricted Directory 
('Path Tra ...)
+       TODO: check
+CVE-2025-30148 (Silverstripe Framework is a PHP framework which powers the 
Silverstrip ...)
+       TODO: check
+CVE-2025-29150 (BlueCMS 1.6 suffers from Arbitrary File Deletion via the id 
parameter  ...)
+       TODO: check
+CVE-2025-29088 (An issue in sqlite v.3.49.0 allows an attacker to cause a 
denial of se ...)
+       TODO: check
+CVE-2025-29017 (A Remote Code Execution (RCE) vulnerability exists in Code 
Astro Inter ...)
+       TODO: check
+CVE-2025-27813 (MSI Center before 2.0.52.0 has Missing PE Signature 
Validation.)
+       TODO: check
+CVE-2025-27812 (MSI Center before 2.0.52.0 allows TOCTOU Local Privilege 
Escalation.)
+       TODO: check
+CVE-2025-27350 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-27081 (A potential security vulnerability in HPE NonStop OSM Service 
Connecti ...)
+       TODO: check
+CVE-2025-25197 (Silverstripe Elemental extends a page type to swap the content 
area fo ...)
+       TODO: check
+CVE-2025-24866 (Mattermost versions 9.11.x <= 9.11.8 fail to enforce proper 
access con ...)
+       TODO: check
+CVE-2025-23386 (A Incorrect Default Permissions vulnerability in the openSUSE 
Tumblewe ...)
+       TODO: check
+CVE-2025-23010 (An Improper Link Resolution Before File Access ('Link 
Following') vuln ...)
+       TODO: check
+CVE-2025-23009 (A local privilege escalation vulnerability in SonicWall 
NetExtender Wi ...)
+       TODO: check
+CVE-2025-23008 (An improper privilege management vulnerability in the 
SonicWall NetExt ...)
+       TODO: check
+CVE-2025-22375 (An authentication bypass vulnerability was found in Videx's 
CyberAudit ...)
+       TODO: check
+CVE-2025-22374 (A Server-Side Request Forgery (SSRF) vulnerability was 
discovered in t ...)
+       TODO: check
+CVE-2025-22279 (Improper Control of Filename for Include/Require Statement in 
PHP Prog ...)
+       TODO: check
+CVE-2025-22232 (Spring Cloud Config Server may not use Vault token sent by 
clients usi ...)
+       TODO: check
+CVE-2025-1073 (Panasonic IR Control Hub (IR Blaster) versions 1.17 and earlier 
may al ...)
+       TODO: check
+CVE-2023-43037 (IBM Maximo Application Suite 8.11 and 9.0 could allow an 
authenticated ...)
+       TODO: check
+CVE-2023-43035 (IBM Sterling Control Center 6.2.1, 6.3.1, and 6.4.0 allows web 
pages t ...)
+       TODO: check
+CVE-2023-42007 (IBM Sterling Control Center 6.2.1, 6.3.1, and 6.4.0 is 
vulnerable to c ...)
+       TODO: check
+CVE-2025-32700 (Exposure of Sensitive Information to an Unauthorized Actor 
vulnerabili ...)
        - mediawiki 1:1.43.1+dfsg-1
-CVE-2025-32699
+CVE-2025-32699 (Vulnerability in Wikimedia Foundation MediaWiki, Wikimedia 
Foundation  ...)
        - mediawiki 1:1.43.1+dfsg-1
-CVE-2025-32698
+CVE-2025-32698 (Exposure of Sensitive Information to an Unauthorized Actor 
vulnerabili ...)
        - mediawiki 1:1.43.1+dfsg-1
-CVE-2025-32697
+CVE-2025-32697 (Improper Preservation of Permissions vulnerability in 
Wikimedia Founda ...)
        - mediawiki 1:1.43.1+dfsg-1
-CVE-2025-32696
+CVE-2025-32696 (Improper Preservation of Permissions vulnerability in 
Wikimedia Founda ...)
        - mediawiki 1:1.43.1+dfsg-1
-CVE-2025-3469
+CVE-2025-3469 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
        - mediawiki 1:1.43.1+dfsg-1
 CVE-2025-3489 (A vulnerability was found in Nababur 
Simple-User-Management-System 1.0 ...)
        NOT-FOR-US: Nababur Simple-User-Management-System
@@ -86,15 +228,15 @@ CVE-2025-2760 [GIMP XWD File Parsing Integer Overflow 
Remote Code Execution Vuln
        - gimp 3.0.0-1
        NOTE: https://www.zerodayinitiative.com/advisories/ZDI-25-203/
        NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/12790
-CVE-2025-2469
+CVE-2025-2469 (An issue has been discovered in GitLab CE/EE affecting all 
versions fr ...)
        - gitlab <not-affected> (Vulnerable code introduced later)
-CVE-2024-11129
+CVE-2024-11129 (An issue has been discovered in GitLab EE affecting all 
versions from  ...)
        - gitlab <not-affected> (Specific to EE)
-CVE-2025-2408
+CVE-2025-2408 (An issue has been discovered in GitLab CE/EE affecting all 
versions fr ...)
        - gitlab <unfixed>
-CVE-2025-0362
+CVE-2025-0362 (An issue has been discovered in GitLab CE/EE affecting all 
versions fr ...)
        - gitlab <unfixed>
-CVE-2025-1677
+CVE-2025-1677 (A Denial of Service (DoS) issue has been discovered in GitLab 
CE/EE af ...)
        - gitlab <unfixed>
 CVE-2025-3475 (Allocation of Resources Without Limits or Throttling, Incorrect 
Author ...)
        NOT-FOR-US: Drupal core and addons
@@ -7437,7 +7579,7 @@ CVE-2025-30472 (Corosync through 3.1.9, if encryption is 
disabled or the attacke
        NOTE: https://github.com/corosync/corosync/issues/778
        NOTE: https://github.com/corosync/corosync/pull/779
        NOTE: 
https://github.com/corosync/corosync/commit/7839990f9cdf34e55435ed90109e82709032466a
-CVE-2025-30204 (golang-jwt is a Go implementation of JSON Web Tokens. Prior to 
 5.2.2  ...)
+CVE-2025-30204 (golang-jwt is a Go implementation of JSON Web Tokens. Starting 
in vers ...)
        - golang-github-golang-jwt-jwt-v5 5.2.2-1
        - golang-github-golang-jwt-jwt 5.0.0+really4.5.2-1
        [bookworm] - golang-github-golang-jwt-jwt <no-dsa> (Minor issue)
@@ -7868,7 +8010,8 @@ CVE-2024-9056 (BentoML version v1.3.4post1 is vulnerable 
to a Denial of Service
        NOT-FOR-US: bentoml/bentoml
 CVE-2024-9053 (vllm-project vllm version 0.6.0 contains a vulnerability in the 
AsyncE ...)
        - vllm <itp> (bug #1095237)
-CVE-2024-9052 (vllm-project vllm version 0.6.0 contains a vulnerability in the 
distri ...)
+CVE-2024-9052
+       REJECTED
        - vllm <itp> (bug #1095237)
 CVE-2024-9016 (man-group dtale version <= 3.13.1 contains a vulnerability 
where the q ...)
        NOT-FOR-US: man-group/dtale
@@ -8667,7 +8810,7 @@ CVE-2025-29917 [decode_base64: signature can do large 
memory allocation]
        [bookworm] - suricata <no-dsa> (Minor issue)
        NOTE: Fixed by: 
https://github.com/OISF/suricata/commit/32d0bd2bbb4d486623dec85a94952fde2515f2f0
 (master)
        NOTE: Fixed by: 
https://github.com/OISF/suricata/commit/bab716776ba3561cfbfd1a57fc18ff1f6859f019
 (suricata-7.0.9)
-CVE-2025-29916 [datasets: hashsize setting via rules can cause high memory 
usage]
+CVE-2025-29916 (Suricata is a network Intrusion Detection System, Intrusion 
Prevention ...)
        - suricata 1:7.0.9-1
        [bookworm] - suricata <no-dsa> (Minor issue)
        NOTE: Fixed by: 
https://github.com/OISF/suricata/commit/d32a39ca4b53d7f659f4f0a2a5c162ef97dc4797
 (master)
@@ -8675,7 +8818,7 @@ CVE-2025-29916 [datasets: hashsize setting via rules can 
cause high memory usage
        NOTE: Fixed by: 
https://github.com/OISF/suricata/commit/2f432c99a9734ea3a75c9218f35060e11a7a39ad
 (suricata-7.0.9)
        NOTE: Fixed by: 
https://github.com/OISF/suricata/commit/e28c8c655a324a18932655a2c2b8f0d5aa1c55d7
 (suricata-7.0.9)
        NOTE: Fixed by: 
https://github.com/OISF/suricata/commit/d86c5f9f0c75736d4fce93e27c0773fcb27e1047
 (suricata-7.0.9)
-CVE-2025-29915 [af-packet: defrag option can lead to truncated packets]
+CVE-2025-29915 (Suricata is a network Intrusion Detection System, Intrusion 
Prevention ...)
        - suricata 1:7.0.9-1
        [bookworm] - suricata <no-dsa> (Minor issue)
        NOTE: Fixed by: 
https://github.com/OISF/suricata/commit/25d0fba91274e8d26e804f278c281a5c9f5309e9
 (master)
@@ -9680,7 +9823,7 @@ CVE-2025-24974 (DataEase is an open source business 
intelligence and data visual
        NOT-FOR-US: DataEase
 CVE-2025-24053 (Improper authentication in Microsoft Dataverse allows an 
authorized at ...)
        NOT-FOR-US: Microsoft
-CVE-2025-21104 (Dell NetWorker, 19.11.0.3 and below versions, contain(s) an 
Open Redir ...)
+CVE-2025-21104 (Dell NetWorker, versions prior to 19.12.0.1 and versions prior 
to 19.1 ...)
        NOT-FOR-US: Dell / EMC
 CVE-2025-1767 (This CVE only affects Kubernetes clusters that utilize the 
in-tree git ...)
        - kubernetes 1.20.5+really1.20.2-1
@@ -13050,7 +13193,7 @@ CVE-2024-51963 (There is a stored Cross-site Scripting 
vulnerability in ArcGIS S
        NOT-FOR-US: Esri
 CVE-2024-51962 (A SQL injection vulnerability in ArcGIS Server allows an 
EDIToperation ...)
        NOT-FOR-US: Esri
-CVE-2024-51961 (There is a local file inclusion vulnerability in ArcGIS Server 
10.9.1  ...)
+CVE-2024-51961 (There is a local file inclusion vulnerability in ArcGIS Server 
11.3 an ...)
        NOT-FOR-US: Esri
 CVE-2024-51960 (There is a stored Cross-site Scripting vulnerability in ArcGIS 
Server  ...)
        NOT-FOR-US: Esri
@@ -13062,7 +13205,7 @@ CVE-2024-51957 (There is a stored Cross-site Scripting 
vulnerability in ArcGIS S
        NOT-FOR-US: Esri
 CVE-2024-51956 (There is a stored Cross-site Scripting vulnerability in ArcGIS 
Server  ...)
        NOT-FOR-US: Esri
-CVE-2024-51954 (There is an improper access control issue in ArcGIS Server 
versions 10 ...)
+CVE-2024-51954 (There is an improper access control issue in ArcGIS Server 
versions 11 ...)
        NOT-FOR-US: Esri
 CVE-2024-51953 (There is a stored Cross-site Scripting vulnerability in ArcGIS 
Server  ...)
        NOT-FOR-US: Esri
@@ -77021,7 +77164,7 @@ CVE-2023-7272 (In Eclipse Parsson before 1.0.4 and 
1.1.3, a document with a larg
        NOT-FOR-US: Eclipse Parsson
 CVE-2023-52291 (In streampark, the project module integrates Maven's 
compilation capab ...)
        NOT-FOR-US: Apache StreamPark
-CVE-2023-4976 (A flaw exists in Purity//FB whereby a local account is 
permitted to au ...)
+CVE-2023-4976 (A flaw exists in FlashBlade whereby a local account is 
permitted to au ...)
        NOT-FOR-US: Purity//FB
 CVE-2023-42010 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 
6.1.2.5 a ...)
        NOT-FOR-US: IBM
@@ -111205,7 +111348,7 @@ CVE-2024-25709 (There is a stored Cross-site 
Scripting vulnerability in Esri Por
        NOT-FOR-US: Esri Portal
 CVE-2024-25708 (There is a stored Cross-site Scripting vulnerability in Esri 
Portal fo ...)
        NOT-FOR-US: Esri Portal
-CVE-2024-25706 (There is an HTML injection vulnerability in Esri Portal for 
ArcGIS <=1 ...)
+CVE-2024-25706 (There is an HTML injection vulnerability in Esri Portal for 
ArcGIS 11. ...)
        NOT-FOR-US: Esri Portal
 CVE-2024-25705 (There is a cross site scripting vulnerability in the Esri 
Portal for A ...)
        NOT-FOR-US: Esri Portal
@@ -111213,8 +111356,8 @@ CVE-2024-25704
        REJECTED
 CVE-2024-25703
        REJECTED
-CVE-2024-25700
-       REJECTED
+CVE-2024-25700 (There is a stored Cross-site Scripting vulnerability in Esri 
Portal fo ...)
+       TODO: check
 CVE-2024-25699 (There is a difficult to exploit improper authentication issue 
in the H ...)
        NOT-FOR-US: Esri Portal
 CVE-2024-25698 (There is a reflected cross site scripting vulnerability in the 
home ap ...)
@@ -186669,7 +186812,7 @@ CVE-2023-25838 (There is SQL injection 
vulnerabilityin Esri ArcGIS Insights 2022
        NOT-FOR-US: Esri ArcGIS
 CVE-2023-25837 (There is a Cross-site Scripting vulnerabilityin Esri ArcGIS 
Enterprise ...)
        NOT-FOR-US: Esri
-CVE-2023-25836 (There is a Cross-site Scripting vulnerabilityin Esri Portal 
Sites in v ...)
+CVE-2023-25836 (There is a Cross-site Scripting vulnerabilityin Esri Portal 
for ArcGIS ...)
        NOT-FOR-US: Esri
 CVE-2023-25835 (There is a stored Cross-site Scripting vulnerabilityin Esri 
Portal for ...)
        NOT-FOR-US: Esri



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b09f260402bd32c1e839f22f44f1d38abe1f6a39

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b09f260402bd32c1e839f22f44f1d38abe1f6a39
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to