Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8eb29a43 by security tracker role at 2025-04-14T20:11:58+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,105 @@
+CVE-2025-3587 (A vulnerability classified as critical was found in
ZeroWdd/code-proje ...)
+ TODO: check
+CVE-2025-3585 (A vulnerability classified as critical has been found in
westboy Cicad ...)
+ TODO: check
+CVE-2025-3571 (A vulnerability was found in Fannuo Enterprise Content
Management Syst ...)
+ TODO: check
+CVE-2025-3570 (A vulnerability was found in JamesZBL/code-projects
db-hospital-drug 1 ...)
+ TODO: check
+CVE-2025-3569 (A vulnerability was found in JamesZBL/code-projects
db-hospital-drug 1 ...)
+ TODO: check
+CVE-2025-3568 (A vulnerability has been found in Webkul Krayin CRM up to 2.1.0
and cl ...)
+ TODO: check
+CVE-2025-3567 (A vulnerability, which was classified as problematic, was found
in vea ...)
+ TODO: check
+CVE-2025-3566 (A vulnerability, which was classified as critical, has been
found in v ...)
+ TODO: check
+CVE-2025-3565 (A vulnerability classified as critical was found in
huanfenz/code-proj ...)
+ TODO: check
+CVE-2025-3564 (A vulnerability classified as problematic has been found in
huanfenz/c ...)
+ TODO: check
+CVE-2025-3563 (A vulnerability was found in WuzhiCMS 4.1. It has been rated as
critic ...)
+ TODO: check
+CVE-2025-3562 (A vulnerability was found in Yonyou YonBIP MA2.7. It has been
declared ...)
+ TODO: check
+CVE-2025-3561 (A vulnerability was found in ghostxbh uzy-ssm-mall 1.0.0. It
has been ...)
+ TODO: check
+CVE-2025-3560 (A vulnerability was found in ghostxbh uzy-ssm-mall 1.0.0 and
classifie ...)
+ TODO: check
+CVE-2025-3559 (A vulnerability has been found in ghostxbh uzy-ssm-mall 1.0.0
and clas ...)
+ TODO: check
+CVE-2025-3558 (A vulnerability, which was classified as critical, was found in
ghostx ...)
+ TODO: check
+CVE-2025-3557 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2025-3277 (An integer overflow can be triggered in SQLite\u2019s
`concat_ws()` fu ...)
+ TODO: check
+CVE-2025-32931 (DevDojo Voyager 1.4.0 through 1.8.0, when Laravel 8 or later
is used, ...)
+ TODO: check
+CVE-2025-32930
+ REJECTED
+CVE-2025-32914 (A flaw was found in libsoup, where the
soup_multipart_new_from_message ...)
+ TODO: check
+CVE-2025-32913 (A flaw was found in libsoup, where the
soup_message_headers_get_conten ...)
+ TODO: check
+CVE-2025-32912 (A flaw was found in libsoup, where SoupAuthDigest is
vulnerable to a N ...)
+ TODO: check
+CVE-2025-32910 (A flaw was found in libsoup, where
soup_auth_digest_authenticate() is ...)
+ TODO: check
+CVE-2025-32909 (A flaw was found in libsoup. SoupContentSniffer may be
vulnerable to a ...)
+ TODO: check
+CVE-2025-32908 (A flaw was found in libsoup. The HTTP/2 server in libsoup may
not full ...)
+ TODO: check
+CVE-2025-32907 (A flaw was found in libsoup. The implementation of HTTP range
requests ...)
+ TODO: check
+CVE-2025-32906 (A flaw was found in libsoup, where the
soup_headers_parse_request() fu ...)
+ TODO: check
+CVE-2025-2572 (In WhatsUp Gold versions released before 2024.0.3, a database
manipu ...)
+ TODO: check
+CVE-2025-2475 (Mattermost versions 10.5.x <= 10.5.1, 10.4.x <= 10.4.3, 9.11.x
<= 9.11 ...)
+ TODO: check
+CVE-2025-2424 (Mattermost versions 10.5.x <= 10.5.1, 9.11.x <= 9.11.9 fail to
check i ...)
+ TODO: check
+CVE-2025-2161 (Pega Platform versions 7.2.1 to Infinity 24.2.1 are affected by
an XSS ...)
+ TODO: check
+CVE-2025-2160 (Pega Platform versions 8.4.3 to Infinity 24.2.1 are affected by
an XSS ...)
+ TODO: check
+CVE-2025-29720 (Dify v1.0 was discovered to contain a Server-Side Request
Forgery (SSR ...)
+ TODO: check
+CVE-2025-27009 (Cross-Site Request Forgery (CSRF) vulnerability in wphocus My
auctions ...)
+ TODO: check
+CVE-2025-22373 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2025-22372 (Insufficiently Protected Credentials vulnerability in
SicommNet BASEC ...)
+ TODO: check
+CVE-2025-22371 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-1782 (In HylaFAX Enterprise Web Interface and AvantFAX, the language
form el ...)
+ TODO: check
+CVE-2024-49825 (IBM Robotic Process Automation and Robotic Process Automation
for Clou ...)
+ TODO: check
+CVE-2024-49709 (Internet Starter, one of SoftCOM iKSORIS system modules,allows
for set ...)
+ TODO: check
+CVE-2024-49708 (Internet Starter, one of SoftCOM iKSORIS system modules, is
vulnerable ...)
+ TODO: check
+CVE-2024-49707 (Internet Starter, one of SoftCOM iKSORIS system modules, is
vulnerable ...)
+ TODO: check
+CVE-2024-49706 (Internet Starter, one of SoftCOM iKSORIS system modules, is
vulnerable ...)
+ TODO: check
+CVE-2024-49705 (Internet Starter, one of SoftCOM iKSORIS system modules, is
vulnerable ...)
+ TODO: check
+CVE-2024-13598 (Internet Starter, one of SoftCOM iKSORIS system modules, is
vulnerabl ...)
+ TODO: check
+CVE-2024-13597 (Internet Starter, one of SoftCOMiKSORIS system modules,is
vulnerable t ...)
+ TODO: check
+CVE-2024-10090 (Internet Starter, one of SoftCOM iKSORIS system modules, is
vulnerable ...)
+ TODO: check
+CVE-2024-10089 (Internet Starter, one of SoftCOM iKSORIS system modules, is
vulnerable ...)
+ TODO: check
+CVE-2024-10088 (Internet Starter, one of SoftCOM iKSORIS system modules, is
vulnerable ...)
+ TODO: check
+CVE-2024-10087 (Internet Starter, one of SoftCOM iKSORIS system modules, is
vulnerable ...)
+ TODO: check
CVE-2025-3572 (SmartRobot from INTUMIT has a Server-Side Request Forgery
vulnerabilit ...)
NOT-FOR-US: INTUMIT
CVE-2025-3556 (A vulnerability classified as problematic was found in
ScriptAndTools ...)
@@ -68,7 +170,7 @@ CVE-2025-3423 (IBM Aspera Faspex 5.0.0 through 5.0.11 is
vulnerable to cross-sit
NOT-FOR-US: IBM
CVE-2025-32896
NOT-FOR-US: Apache SeaTunnel
-CVE-2025-24859
+CVE-2025-24859 (A session management vulnerability exists in Apache Roller
before vers ...)
NOT-FOR-US: Apache Roller
CVE-2024-56406 (A heap buffer overflow vulnerability was discovered in Perl.
Release ...)
{DSA-5902-1}
@@ -516,7 +618,7 @@ CVE-2025-30148 (Silverstripe Framework is a PHP framework
which powers the Silve
NOT-FOR-US: Silverstripe Framework
CVE-2025-29150 (BlueCMS 1.6 suffers from Arbitrary File Deletion via the id
parameter ...)
NOT-FOR-US: BlueCMS
-CVE-2025-29088 (An issue in sqlite v.3.49.0 allows an attacker to cause a
denial of se ...)
+CVE-2025-29088 (In SQLite 3.49.0 before 3.49.1, certain argument values to
sqlite3_db_ ...)
- sqlite3 <unfixed> (bug #1102670)
[bookworm] - sqlite3 <no-dsa> (Minor issue)
NOTE:
https://github.com/sqlite/sqlite/commit/56d2fd008b108109f489339f5fd55212bb50afd4
@@ -1935,7 +2037,7 @@ CVE-2025-29479
REJECTED
CVE-2025-29478 (An issue in fluent-bit v.3.7.2 allows a local attacker to
cause a deni ...)
NOT-FOR-US: fluent-bit
-CVE-2025-29087 (Sqlite 3.49.0 is susceptible to integer overflow through the
concat fu ...)
+CVE-2025-29087 (In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concat_ws()
SQL fun ...)
- sqlite3 3.46.1-3 (bug #1102411)
[bookworm] - sqlite3 <not-affected> (Vulnerable code not present)
[bullseye] - sqlite3 <not-affected> (Vulnerable code not present)
@@ -2476,7 +2578,8 @@ CVE-2025-32203 (Improper Neutralization of Special
Elements used in an SQL Comma
NOT-FOR-US: WordPress plugin or theme
CVE-2025-32201 (Missing Authorization vulnerability in Xpro Xpro Theme Builder
allows ...)
NOT-FOR-US: WordPress plugin or theme
-CVE-2025-32200 (Improper Neutralization of Script-Related HTML Tags in a Web
Page (Bas ...)
+CVE-2025-32200
+ REJECTED
NOT-FOR-US: WordPress plugin or theme
CVE-2025-32197 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8eb29a4392beea9859e08a883ee9bf5fa8b584f0
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8eb29a4392beea9859e08a883ee9bf5fa8b584f0
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
