Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
cd2cce9a by security tracker role at 2025-04-08T08:11:48+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,181 @@
+CVE-2025-3431 (The ZoomSounds - WordPress Wave Audio Player with Playlist
plugin for ...)
+ TODO: check
+CVE-2025-3430 (The 3DPrint Lite plugin for WordPress is vulnerable to SQL
Injection v ...)
+ TODO: check
+CVE-2025-3429 (The 3DPrint Lite plugin for WordPress is vulnerable to SQL
Injection v ...)
+ TODO: check
+CVE-2025-3428 (The 3DPrint Lite plugin for WordPress is vulnerable to SQL
Injection v ...)
+ TODO: check
+CVE-2025-3427 (The 3DPrint Lite plugin for WordPress is vulnerable to SQL
Injection v ...)
+ TODO: check
+CVE-2025-3413 (A vulnerability has been found in opplus springboot-admin up to
a2d531 ...)
+ TODO: check
+CVE-2025-3412 (A vulnerability, which was classified as critical, was found in
mymagi ...)
+ TODO: check
+CVE-2025-3411 (A vulnerability, which was classified as critical, has been
found in m ...)
+ TODO: check
+CVE-2025-3410 (A vulnerability classified as critical was found in
mymagicpower AIAS ...)
+ TODO: check
+CVE-2025-3409 (A vulnerability classified as critical has been found in
Nothings stb ...)
+ TODO: check
+CVE-2025-3408 (A vulnerability was found in Nothings stb up to f056911. It has
been r ...)
+ TODO: check
+CVE-2025-3407 (A vulnerability was found in Nothings stb up to f056911. It has
been d ...)
+ TODO: check
+CVE-2025-3406 (A vulnerability was found in Nothings stb up to f056911. It has
been c ...)
+ TODO: check
+CVE-2025-3405 (A vulnerability was found in FCJ Venture Builder appclientefiel
3.0.27 ...)
+ TODO: check
+CVE-2025-3403 (A vulnerability was found in Vivotek NVR ND8422P, NVR ND9525P
and NVR ...)
+ TODO: check
+CVE-2025-3402 (A vulnerability was found in Seeyon Zhiyuan Interconnect FE
Collaborat ...)
+ TODO: check
+CVE-2025-3401 (A vulnerability has been found in ESAFENET CDG
5.6.3.154.205_20250114 ...)
+ TODO: check
+CVE-2025-3400 (A vulnerability, which was classified as critical, was found in
ESAFEN ...)
+ TODO: check
+CVE-2025-3399 (A vulnerability, which was classified as critical, has been
found in E ...)
+ TODO: check
+CVE-2025-3398 (A vulnerability classified as critical was found in lenve VBlog
up to ...)
+ TODO: check
+CVE-2025-3397 (A vulnerability classified as problematic has been found in
YzmCMS 7.1 ...)
+ TODO: check
+CVE-2025-3393 (A vulnerability was found in mrcen springboot-ucan-admin up to
5f35162 ...)
+ TODO: check
+CVE-2025-3392 (A vulnerability was found in hailey888 oa_system up to
2025.01.01 and ...)
+ TODO: check
+CVE-2025-3391 (A vulnerability has been found in hailey888 oa_system up to
2025.01.01 ...)
+ TODO: check
+CVE-2025-3390 (A vulnerability, which was classified as problematic, was found
in hai ...)
+ TODO: check
+CVE-2025-3389 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2025-3388 (A vulnerability classified as problematic was found in
hailey888 oa_sy ...)
+ TODO: check
+CVE-2025-3387 (A vulnerability classified as problematic has been found in
renrenio r ...)
+ TODO: check
+CVE-2025-3386 (A vulnerability was found in LinZhaoguan pb-cms 2.0. It has
been rated ...)
+ TODO: check
+CVE-2025-3385 (A vulnerability was found in LinZhaoguan pb-cms 2.0. It has
been decla ...)
+ TODO: check
+CVE-2025-3384 (A vulnerability was found in 1000 Projects Human Resource
Management S ...)
+ TODO: check
+CVE-2025-3383 (A vulnerability was found in SourceCodester Web-based Pharmacy
Product ...)
+ TODO: check
+CVE-2025-3364 (The SSH service of PowerStation from HGiga has a Chroot Escape
vulnera ...)
+ TODO: check
+CVE-2025-3363 (The web service of iSherlock from HGiga has an OS Command
Injection vu ...)
+ TODO: check
+CVE-2025-3362 (The web service of iSherlock from HGiga has an OS Command
Injection vu ...)
+ TODO: check
+CVE-2025-3361 (The web service of iSherlock from HGiga has an OS Command
Injection vu ...)
+ TODO: check
+CVE-2025-32414 (In libxml2 before 2.13.8 and 2.14.x before 2.14.2,
out-of-bounds memor ...)
+ TODO: check
+CVE-2025-32413 (Vulnerability-Lookup before 2.7.1 allows stored XSS via a user
bio in ...)
+ TODO: check
+CVE-2025-32409 (Ratta SuperNote A6 X2 Nomad before December 2024 allows remote
code ex ...)
+ TODO: check
+CVE-2025-32034 (The Apollo Router Core is a configurable, high-performance
graph route ...)
+ TODO: check
+CVE-2025-32033 (The Apollo Router Core is a configurable, high-performance
graph route ...)
+ TODO: check
+CVE-2025-32032 (The Apollo Router Core is a configurable, high-performance
graph route ...)
+ TODO: check
+CVE-2025-32031 (Apollo Gateway provides utilities for combining multiple
GraphQL micro ...)
+ TODO: check
+CVE-2025-32030 (Apollo Gateway provides utilities for combining multiple
GraphQL micro ...)
+ TODO: check
+CVE-2025-32029 (ts-asn1-der is a collection of utility classes to encode ASN.1
data fo ...)
+ TODO: check
+CVE-2025-31496 (apollo-compiler is a query-based compiler for the GraphQL
query langua ...)
+ TODO: check
+CVE-2025-31333 (SAP S4CORE OData meta-data property is vulnerable to data
tampering, d ...)
+ TODO: check
+CVE-2025-31332 (Due to insecure file permissions in SAP BusinessObjects
Business Intel ...)
+ TODO: check
+CVE-2025-31331 (SAP NetWeaver allows an attacker to bypass authorization
checks, enabl ...)
+ TODO: check
+CVE-2025-31330 (SAP Landscape Transformation (SLT) allows an attacker with
user privil ...)
+ TODO: check
+CVE-2025-30017 (Due to a missing authorization check, an authenticated
attacker could ...)
+ TODO: check
+CVE-2025-30016 (SAP Financial Consolidation allows an unauthenticated attacker
to gain ...)
+ TODO: check
+CVE-2025-30015 (Due to incorrect memory address handling in ABAP SQL of SAP
NetWeaver ...)
+ TODO: check
+CVE-2025-30014 (SAP Capital Yield Tax Management has directory traversal
vulnerability ...)
+ TODO: check
+CVE-2025-30013 (SAP ERP BW Business Content is vulnerable to OS Command
Injection thro ...)
+ TODO: check
+CVE-2025-2882 (The GreenPay(tm) by Green.Money plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2025-2526 (The Streamit theme for WordPress is vulnerable to privilege
escalation ...)
+ TODO: check
+CVE-2025-2525 (The Streamit theme for WordPress is vulnerable to arbitrary
file uploa ...)
+ TODO: check
+CVE-2025-2519 (The Sreamit theme for WordPress is vulnerable to arbitrary file
downlo ...)
+ TODO: check
+CVE-2025-2004 (The Simple WP Events plugin for WordPress is vulnerable to
arbitrary f ...)
+ TODO: check
+CVE-2025-27437 (A Missing Authorization Check vulnerability exists in the
Virus Scanne ...)
+ TODO: check
+CVE-2025-27435 (Under specific conditions and prerequisites, an
unauthenticated attack ...)
+ TODO: check
+CVE-2025-27429 (SAP S/4HANA allows an attacker with user privileges to exploit
a vulne ...)
+ TODO: check
+CVE-2025-27428 (Due to directory traversal vulnerability, an authorized
attacker could ...)
+ TODO: check
+CVE-2025-26657 (SAP KMC WPC allows an unauthenticated attacker to remotely
retrieve us ...)
+ TODO: check
+CVE-2025-26654 (SAP Commerce Cloud (Public Cloud) does not allow to disable
unencrypte ...)
+ TODO: check
+CVE-2025-26653 (SAP NetWeaver Application Server ABAP does not sufficiently
encode use ...)
+ TODO: check
+CVE-2025-23186 (In certain conditions, SAP NetWeaver Application Server ABAP
allows an ...)
+ TODO: check
+CVE-2025-20951 (Improper verification of intent by broadcast receiver
vulnerability in ...)
+ TODO: check
+CVE-2025-20950 (Use of implicit intent for sensitive communication in
SamsungNotes pri ...)
+ TODO: check
+CVE-2025-20948 (Out-of-bounds read in enrollment with cdsp frame secfr
trustlet prior ...)
+ TODO: check
+CVE-2025-20947 (Improper handling of insufficient permission or privileges in
Clipboar ...)
+ TODO: check
+CVE-2025-20946 (Improper handling of exceptional conditions in pairing
specific blueto ...)
+ TODO: check
+CVE-2025-20945 (Improper access control in Galaxy Watch prior to SMR Apr-2025
Release ...)
+ TODO: check
+CVE-2025-20944 (Out-of-bounds read in parsing audio data in libsavsac.so prior
to SMR ...)
+ TODO: check
+CVE-2025-20943 (Out-of-bounds write in secfr trustlet prior to SMR Apr-2025
Release 1 ...)
+ TODO: check
+CVE-2025-20942 (Improper Verification of Intent by Broadcast Receiver in
DeviceIdServi ...)
+ TODO: check
+CVE-2025-20941 (Improper access control in InputManager to SMR Apr-2025
Release 1 allo ...)
+ TODO: check
+CVE-2025-20940 (Improper handling of insufficient permission in Samsung Device
Health ...)
+ TODO: check
+CVE-2025-20939 (Improper authorization in wireless download protocol in Galaxy
Watch p ...)
+ TODO: check
+CVE-2025-20938 (Improper access control in SamsungContacts prior to SMR
Apr-2025 Relea ...)
+ TODO: check
+CVE-2025-20936 (Improper access control in HDCP trustlet prior to SMR Apr-2025
Release ...)
+ TODO: check
+CVE-2025-20935 (Improper handling of insufficient permission or privileges in
Clipboar ...)
+ TODO: check
+CVE-2025-20934 (Improper access control in Sticker Center prior to SMR
Apr-2025 Releas ...)
+ TODO: check
+CVE-2025-0942 (The DB chooser functionality inJalios JPlatform 10 SP6 before
10.0.6 i ...)
+ TODO: check
+CVE-2025-0361 (During an annual penetration test conducted on behalf of Axis
Communic ...)
+ TODO: check
+CVE-2024-47261 (51l3nc3, a member of the AXIS OS Bug Bounty Program, has found
that th ...)
+ TODO: check
+CVE-2024-13820 (The Melhor Envio plugin for WordPress is vulnerable to
Sensitive Infor ...)
+ TODO: check
+CVE-2019-25223 (The Team Circle Image Slider With Lightbox plugin for
WordPress is vul ...)
+ TODO: check
CVE-2025-3426 (We observed that Intellispace Portal binaries doesn\u2019t have
any pr ...)
NOT-FOR-US: Intellispace Portal
CVE-2025-3425 (The IntelliSpace portal application utilizes .NET Remoting for
its fun ...)
@@ -207,6 +385,7 @@ CVE-2025-30195 (An attacker can publish a zone containing
specific Resource Reco
NOTE: https://www.openwall.com/lists/oss-security/2025/04/07/1
NOTE:
https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2025-01.html
CVE-2025-31510 [XSS/HTML Injection through tab parameter when using "Choice"
authentication module]
+ {DLA-4119-1}
- lemonldap-ng 2.21.0+ds-1
NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3341
NOTE: Fixed by:
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/a790b15e94f1435d9dfe1fe30750f35d54ed072a
(v2.16.5)
@@ -3510,7 +3689,8 @@ CVE-2025-2973 (A vulnerability, which was classified as
critical, was found in c
NOT-FOR-US: code-projects
CVE-2025-2972
REJECTED
-CVE-2025-2971 (A vulnerability classified as problematic was found in
ConcreteCMS up ...)
+CVE-2025-2971
+ REJECTED
NOT-FOR-US: ConcreteCMS
CVE-2025-2970
REJECTED
@@ -32227,6 +32407,7 @@ CVE-2024-56826 (A flaw was found in the OpenJPEG
project. A heap buffer overflow
CVE-2025-22214 (Landray EIS 2001 through 2006 allows
Message/fi_message_receiver.aspx? ...)
NOT-FOR-US: WordPress pluginEIS
CVE-2024-56830 (The Net::EasyTCP package 0.15 through 0.26 for Perl uses
Perl's builti ...)
+ {DLA-4120-1}
- libnet-easytcp-perl <removed>
NOTE: https://github.com/briandfoy/cpan-security-advisory/issues/184
NOTE: Related to CVE-2002-20002 (direct use of rand for version before
< 0.15)
@@ -50278,27 +50459,27 @@ CVE-2025-27833 (An issue was discovered in Artifex
Ghostscript before 10.05.0. A
NOTE:
https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=a82738e387bbb44c7c4698404776dca53f62b158
(ghostpdl-10.05.0)
NOTE: Introduced by:
https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=316c3a08269212f1005709da64efcb383f8f5ce0
(ghostpdl-9.55.0rc1)
CVE-2025-27830 (An issue was discovered in Artifex Ghostscript before 10.05.0.
A buffe ...)
- {DSA-5888-1}
+ {DSA-5888-1 DLA-4118-1}
- ghostscript 10.05.0~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=708241
NOTE:
https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=8474e1d6b896e35741d3c608ea5c21deeec1078f
(ghostpdl-10.05.0)
CVE-2025-27836 (An issue was discovered in Artifex Ghostscript before 10.05.0.
The BJ1 ...)
- {DSA-5888-1}
+ {DSA-5888-1 DLA-4118-1}
- ghostscript 10.05.0~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=708192
NOTE:
https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=8b6d19b2b4079da6863ef25f2370f25d4b054919
(ghostpdl-10.05.0)
CVE-2025-27831 (An issue was discovered in Artifex Ghostscript before 10.05.0.
The DOC ...)
- {DSA-5888-1}
+ {DSA-5888-1 DLA-4118-1}
- ghostscript 10.05.0~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=708132
NOTE:
https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=d6e713dda4f8d75c6a4ed8c7568a0d4f532dcb17
(ghostpdl-10.05.0)
CVE-2025-27832 (An issue was discovered in Artifex Ghostscript before 10.05.0.
The NPD ...)
- {DSA-5888-1}
+ {DSA-5888-1 DLA-4118-1}
- ghostscript 10.05.0~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=708133
NOTE:
https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=57291c846334f1585552010faa42d7cb2cbd5c41
(ghostpdl-10.05.0)
CVE-2025-27835 (An issue was discovered in Artifex Ghostscript before 10.05.0.
A buffe ...)
- {DSA-5888-1}
+ {DSA-5888-1 DLA-4118-1}
- ghostscript 10.05.0~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=708131
NOTE:
https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=de900010a6f2310d1fd54e99eeba466693da0e13
(ghostpdl-10.05.0)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd2cce9af560773e94ee9f9f55d2b146947282b5
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd2cce9af560773e94ee9f9f55d2b146947282b5
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
