Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1c05a70b by security tracker role at 2025-04-25T08:11:59+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,79 @@
+CVE-2025-46617 (Quantum StorNext Web GUI API before 7.2.4 grants access to
internal St ...)
+ TODO: check
+CVE-2025-46616 (Quantum StorNext Web GUI API before 7.2.4 allows potential
Arbitrary R ...)
+ TODO: check
+CVE-2025-46613 (OpenPLC 3 through 64f9c11 has server.cpp Memory Corruption
because a t ...)
+ TODO: check
+CVE-2025-46599 (CNCF K3s 1.32 before 1.32.4-rc1+k3s1 has a Kubernetes kubelet
configur ...)
+ TODO: check
+CVE-2025-46595 (An XSS issue was discovered in the Flag module before
1.x-3.6.2 for Ba ...)
+ TODO: check
+CVE-2025-46547 (In Sherpa Orchestrator 141851, the web application lacks
protection ag ...)
+ TODO: check
+CVE-2025-46546 (In Sherpa Orchestrator 141851, multiple time-based blind SQL
injection ...)
+ TODO: check
+CVE-2025-46545 (In Sherpa Orchestrator 141851, the functionality for adding or
updatin ...)
+ TODO: check
+CVE-2025-46544 (In Sherpa Orchestrator 141851, a low-privileged user can
elevate their ...)
+ TODO: check
+CVE-2025-46482 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-46275 (WGS-80HPT-V2 and WGS-4215-8T2S are missing authentication that
could ...)
+ TODO: check
+CVE-2025-46274 (UNI-NMS-Lite uses hard-coded credentials that could allow an
unauthen ...)
+ TODO: check
+CVE-2025-46273 (UNI-NMS-Lite uses hard-coded credentials that could allow an
unauthen ...)
+ TODO: check
+CVE-2025-46272 (WGS-80HPT-V2 and WGS-4215-8T2S are vulnerable to a command
injection ...)
+ TODO: check
+CVE-2025-46271 (UNI-NMS-Lite is vulnerable to a command injection attack that
could a ...)
+ TODO: check
+CVE-2025-43865 (React Router is a router for React. In versions on the 7.0
branch prio ...)
+ TODO: check
+CVE-2025-43864 (React Router is a router for React. Starting in version 7.2.0
and prio ...)
+ TODO: check
+CVE-2025-43861 (ManageWiki is a MediaWiki extension allowing users to manage
wikis. Pr ...)
+ TODO: check
+CVE-2025-3923 (The Prevent Direct Access \u2013 Protect WordPress Files plugin
for Wo ...)
+ TODO: check
+CVE-2025-3868 (The Custom Admin-Bar Favorites plugin for WordPress is
vulnerable to R ...)
+ TODO: check
+CVE-2025-3867 (The Ajax Comment Form CST plugin for WordPress is vulnerable to
Cross- ...)
+ TODO: check
+CVE-2025-3866 (The Add Google +1 (Plus one) social share Button plugin for
WordPress ...)
+ TODO: check
+CVE-2025-3861 (The Prevent Direct Access \u2013 Protect WordPress Files plugin
for Wo ...)
+ TODO: check
+CVE-2025-3775 (The ShopLentor \u2013 WooCommerce Builder for Elementor &
Gutenberg +2 ...)
+ TODO: check
+CVE-2025-3752 (The Able Player, accessible HTML5 media player plugin for
WordPress is ...)
+ TODO: check
+CVE-2025-3749 (The Breeze Display plugin for WordPress is vulnerable to Stored
Cross- ...)
+ TODO: check
+CVE-2025-3743 (The Upsell Funnel Builder for WooCommerce plugin for WordPress
is vuln ...)
+ TODO: check
+CVE-2025-3606 (Vestel AC Charger version 3.75.0 contains a vulnerability
that cou ...)
+ TODO: check
+CVE-2025-3511 (Improper Validation of Specified Quantity in Input
vulnerability in Mi ...)
+ TODO: check
+CVE-2025-2580 (The Contact Form by Bit Form plugin for WordPress is vulnerable
to Sto ...)
+ TODO: check
+CVE-2025-2238 (The Vikinger theme for WordPress is vulnerable to privilege in
all ver ...)
+ TODO: check
+CVE-2025-2185 (ALBEDO Telecom Net.Time - PTP/NTP clock (Serial No. NBC0081P)
software ...)
+ TODO: check
+CVE-2025-29529 (ITC Systems Multiplan/Matrix OneCard platform v3.7.4.1002 was
discover ...)
+ TODO: check
+CVE-2025-25777 (Insecure Direct Object Reference (IDOR) in Codeastro Bus
Ticket Bookin ...)
+ TODO: check
+CVE-2025-1294 (The eForm - WordPress Form Builder plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2025-0671 (The Icegram Express WordPress plugin before 5.7.50 does not
sanitise ...)
+ TODO: check
+CVE-2024-30127 (Missing "no cache" headers in HCL Leap permits sensitive data
to be ca ...)
+ TODO: check
+CVE-2023-37516 (Missing "no cache" headers in HCL Leap permits user directory
informat ...)
+ TODO: check
CVE-2025-3454
- grafana <removed>
CVE-2025-46542 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
@@ -92833,7 +92909,7 @@ CVE-2024-36774 (An arbitrary file upload vulnerability
in Monstra CMS v3.0.4 all
NOT-FOR-US: Monstra CMS
CVE-2024-36082 (SQL injection vulnerability in Music Store - WordPress
eCommerce versi ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-32752 (Under certain circumstances communications between the ICU
tool and an ...)
+CVE-2024-32752 (The iSTAR door controllers running firmware prior to version
6.6.B, do ...)
NOT-FOR-US: Johnsin Controls Software House iSTAR
CVE-2024-24199 (smartdns commit 54b4dc was discovered to contain a misaligned
address ...)
NOT-FOR-US: smartdns
@@ -214742,10 +214818,10 @@ CVE-2022-44762
RESERVED
CVE-2022-44761
RESERVED
-CVE-2022-44760
- RESERVED
-CVE-2022-44759
- RESERVED
+CVE-2022-44760 (Unsafe default file type filter policy in HCL Leap allows
execution of ...)
+ TODO: check
+CVE-2022-44759 (Improper sanitization of SVG files in HCL Leap allows
client-side scri ...)
+ TODO: check
CVE-2022-44758 (BigFix Insights/IVR fixlet uses improper credential handling
within ce ...)
NOT-FOR-US: HCL
CVE-2022-44757 (BigFix Insights for Vulnerability Remediation (IVR) uses weak
cryptogr ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c05a70be74e21f421ac2d6c154ed02e7f41dc37
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c05a70be74e21f421ac2d6c154ed02e7f41dc37
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
