Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
66ccc089 by security tracker role at 2025-06-09T20:12:37+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,263 @@
+CVE-2025-5918 (A vulnerability has been identified in the libarchive library.
This fl ...)
+ TODO: check
+CVE-2025-5917 (A vulnerability has been identified in the libarchive library.
This fl ...)
+ TODO: check
+CVE-2025-5916 (A vulnerability has been identified in the libarchive library.
This fl ...)
+ TODO: check
+CVE-2025-5915 (A vulnerability has been identified in the libarchive library.
This fl ...)
+ TODO: check
+CVE-2025-5914 (A vulnerability has been identified in the libarchive library,
specifi ...)
+ TODO: check
+CVE-2025-5895 (A vulnerability was found in Metabase 54.10. It has been
classified as ...)
+ TODO: check
+CVE-2025-5892 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2025-5891 (A vulnerability classified as problematic was found in Unitech
pm2 up ...)
+ TODO: check
+CVE-2025-5890 (A vulnerability classified as problematic has been found in
actions to ...)
+ TODO: check
+CVE-2025-5889 (A vulnerability was found in juliangruber brace-expansion up to
1.1.11 ...)
+ TODO: check
+CVE-2025-5888 (A vulnerability was found in jsnjfz WebStack-Guns 1.0. It has
been dec ...)
+ TODO: check
+CVE-2025-5887 (A vulnerability was found in jsnjfz WebStack-Guns 1.0. It has
been cla ...)
+ TODO: check
+CVE-2025-5886 (A vulnerability was found in Emlog up to 2.5.7 and classified
as probl ...)
+ TODO: check
+CVE-2025-5885 (A vulnerability has been found in Konica Minolta bizhub up to
20250202 ...)
+ TODO: check
+CVE-2025-5884 (A vulnerability, which was classified as problematic, was found
in Kon ...)
+ TODO: check
+CVE-2025-5881 (A vulnerability was found in code-projects Chat System up to
1.0 and c ...)
+ TODO: check
+CVE-2025-5880 (A vulnerability has been found in Whistle 2.9.98 and classified
as pro ...)
+ TODO: check
+CVE-2025-5879 (A vulnerability, which was classified as problematic, was found
in WuK ...)
+ TODO: check
+CVE-2025-5877 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2025-5876 (A vulnerability classified as problematic was found in Lucky
LM-520-SC ...)
+ TODO: check
+CVE-2025-5875 (A vulnerability classified as critical has been found in
TP-Link TL-IP ...)
+ TODO: check
+CVE-2025-5874 (A vulnerability was found in Redash up to 10.1.0/25.1.0. It has
been r ...)
+ TODO: check
+CVE-2025-5873 (A vulnerability was found in eCharge Hardy Barth Salia PLCC
2.2.0. It ...)
+ TODO: check
+CVE-2025-5872 (A vulnerability was found in eGauge EG3000 Energy Monitor
3.6.3. It ha ...)
+ TODO: check
+CVE-2025-5871 (A vulnerability was found in Papendorf SOL Connect Center
3.3.0.0 and ...)
+ TODO: check
+CVE-2025-5870 (A vulnerability has been found in TRENDnet TV-IP121W 1.1.1
Build 36 an ...)
+ TODO: check
+CVE-2025-5869 (A vulnerability, which was classified as critical, was found in
RT-Thr ...)
+ TODO: check
+CVE-2025-5868 (A vulnerability, which was classified as critical, has been
found in R ...)
+ TODO: check
+CVE-2025-49653 (Exposure of sensitive data in active sessions in Lablup's
BackendAI al ...)
+ TODO: check
+CVE-2025-49652 (Missing Authentication in the registration feature of Lablup's
Backend ...)
+ TODO: check
+CVE-2025-49651 (Missing Authorization in Lablup's BackendAI allows attackers
to takeov ...)
+ TODO: check
+CVE-2025-49297 (Path Traversal vulnerability in Mikado-Themes Grill and Chow
allows PH ...)
+ TODO: check
+CVE-2025-49296 (Path Traversal vulnerability in Mikado-Themes GrandPrix allows
PHP Loc ...)
+ TODO: check
+CVE-2025-49295 (Path Traversal vulnerability in Mikado-Themes MediClinic
allows PHP Lo ...)
+ TODO: check
+CVE-2025-49282 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-49281 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-49280 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-49279 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-49278 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-49277 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-49276 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-49275 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-49265 (Missing Authorization vulnerability in WP Swings Membership
For WooCom ...)
+ TODO: check
+CVE-2025-49136 (listmonk is a standalone, self-hosted, newsletter and mailing
list man ...)
+ TODO: check
+CVE-2025-49131 (FastGPT is an open-source project that provides a platform for
buildin ...)
+ TODO: check
+CVE-2025-49130 (Laravel Translation Manager is a package to manage Laravel
translation ...)
+ TODO: check
+CVE-2025-49013 (WilderForge is a Wildermyth coremodding API. A critical
vulnerability ...)
+ TODO: check
+CVE-2025-49006 (Wasp (Web Application Specification) is a Rails-like framework
for Rea ...)
+ TODO: check
+CVE-2025-48877 (Discourse is an open-source discussion platform. Prior to
version 3.4. ...)
+ TODO: check
+CVE-2025-48281 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-48279 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-48267 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2025-48261 (Insertion of Sensitive Information Into Sent Data
vulnerability in Mul ...)
+ TODO: check
+CVE-2025-48147 (Missing Authorization vulnerability in Crypto Cloud
CryptoCloud - Cryp ...)
+ TODO: check
+CVE-2025-48143 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-48141 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-48140 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
+ TODO: check
+CVE-2025-48139 (Missing Authorization vulnerability in relentlo StyleAI allows
Accessi ...)
+ TODO: check
+CVE-2025-48130 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2025-48129 (Incorrect Privilege Assignment vulnerability in Holest
Engineering Spr ...)
+ TODO: check
+CVE-2025-48126 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-48125 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-48124 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2025-48123 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
+ TODO: check
+CVE-2025-48122 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-48062 (Discourse is an open-source discussion platform. Prior to
version 3.4. ...)
+ TODO: check
+CVE-2025-48053 (Discourse is an open-source discussion platform. Prior to
version 3.4. ...)
+ TODO: check
+CVE-2025-47651 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-47608 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-47598 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-47561 (Incorrect Privilege Assignment vulnerability in RomanCode
MapSVG allow ...)
+ TODO: check
+CVE-2025-47527 (Missing Authorization vulnerability in Icegram Icegram Collect
\u2013 ...)
+ TODO: check
+CVE-2025-47511 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2025-47487 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-47477 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-47463 (Missing Authorization vulnerability in Fahad Mahmood Stock
Locations f ...)
+ TODO: check
+CVE-2025-46178 (Cross-Site Scripting (XSS) vulnerability exists in
askquery.php via th ...)
+ TODO: check
+CVE-2025-46041 (A stored cross-site scripting (XSS) vulnerability in Anchor
CMS v0.12. ...)
+ TODO: check
+CVE-2025-45055 (Silverpeas 6.4.2 contains a stored cross-site scripting (XSS)
vulnerab ...)
+ TODO: check
+CVE-2025-45002 (Vigybag v1.0 and before is vulnerable to Cross Site Scripting
(XSS) vi ...)
+ TODO: check
+CVE-2025-45001 (react-native-keys 0.7.11 is vulnerable to sensitive
information disclo ...)
+ TODO: check
+CVE-2025-41444 (Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are
vulnera ...)
+ TODO: check
+CVE-2025-41437 (Zohocorp ManageEngineOpManager,NetFlow Analyzer,Network
Configuration ...)
+ TODO: check
+CVE-2025-40675 (A Reflected Cross-Site Scripting (XSS) vulnerability has been
found in ...)
+ TODO: check
+CVE-2025-40670 (Incorrect authorization vulnerability in TCMAN's GIM v11. This
vulnera ...)
+ TODO: check
+CVE-2025-40669 (Incorrect authorization vulnerability in TCMAN's GIM v11. This
vulnera ...)
+ TODO: check
+CVE-2025-40668 (Incorrect authorization vulnerability in TCMAN's GIM v11. This
vulnera ...)
+ TODO: check
+CVE-2025-3835 (Zohocorp ManageEngineExchange Reporter Plus versions5721 and
prior are ...)
+ TODO: check
+CVE-2025-39539 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-39476 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-39475 (Path Traversal vulnerability in Frenify Arlo allows PHP Local
File Inc ...)
+ TODO: check
+CVE-2025-39473 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2025-36528 (Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are
vulnera ...)
+ TODO: check
+CVE-2025-32595 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-32308 (Missing Authorization vulnerability in looks_awesome Team
Builder allo ...)
+ TODO: check
+CVE-2025-32305 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-32291 (Unrestricted Upload of File with Dangerous Type vulnerability
in Fanta ...)
+ TODO: check
+CVE-2025-31925 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-31920 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-31917 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-31638 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-31635 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2025-31429 (Deserialization of Untrusted Data vulnerability in themeton
PressGrid ...)
+ TODO: check
+CVE-2025-31426 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-31424 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-31398 (Deserialization of Untrusted Data vulnerability in themeton
PIMP - Cre ...)
+ TODO: check
+CVE-2025-31396 (Deserialization of Untrusted Data vulnerability in themeton
FLAP - Bus ...)
+ TODO: check
+CVE-2025-31061 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-31059 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-31058 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-31057 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-31052 (Deserialization of Untrusted Data vulnerability in themeton
The Fashio ...)
+ TODO: check
+CVE-2025-31050 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2025-31045 (Exposure of Sensitive System Information to an Unauthorized
Control Sp ...)
+ TODO: check
+CVE-2025-31039 (Improper Restriction of XML External Entity Reference
vulnerability in ...)
+ TODO: check
+CVE-2025-31022 (Authentication Bypass Using an Alternate Path or Channel
vulnerability ...)
+ TODO: check
+CVE-2025-31019 (Authentication Bypass Using an Alternate Path or Channel
vulnerability ...)
+ TODO: check
+CVE-2025-29627 (An issue in KeeperChat IOS Application v.5.8.8 allows a
physically pro ...)
+ TODO: check
+CVE-2025-28992 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-28945 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-28944 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-28888 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-27709 (Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are
vulnera ...)
+ TODO: check
+CVE-2025-27362 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-26592 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-24770 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-24768 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-24767 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-23974 (Incorrect Privilege Assignment vulnerability in ifkooo
One-Login allow ...)
+ TODO: check
+CVE-2024-46452 (A Host Header injection vulnerability in the password reset
function o ...)
+ TODO: check
CVE-2025-5894 (Smart Parking Management System from Honding Technology has a
Missing ...)
NOT-FOR-US: Honding Technology
CVE-2025-5893 (Smart Parking Management System from Honding Technology has an
Exposur ...)
@@ -1597,7 +1857,7 @@ CVE-2025-23107 (An issue was discovered in Samsung Mobile
Processor Exynos 1480
NOT-FOR-US: Samsung
CVE-2025-23103 (An issue was discovered in Samsung Mobile Processor Exynos
1480 and 24 ...)
NOT-FOR-US: Samsung
-CVE-2025-23102 (An issue was discovered in Samsung Mobile Processor Exynos
9820, 9825, ...)
+CVE-2025-23102 (An issue was discovered in Samsung Mobile Processor Exynos
980, 990, 1 ...)
NOT-FOR-US: Samsung
CVE-2025-23100 (An issue was discovered in Samsung Mobile Processor Exynos
1280, 2200, ...)
NOT-FOR-US: Samsung
@@ -1635,7 +1895,7 @@ CVE-2024-12718 (Allows modifying some file metadata (e.g.
last modified) with fi
NOTE: Fixed by:
https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a
(3.14)
NOTE: Fixed by:
https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01
(v3.13.4)
NOTE: Fixed by:
https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da
(v3.12.11)
-CVE-2024-47081
+CVE-2024-47081 (Requests is a HTTP library. Due to a URL parsing issue,
Requests relea ...)
- requests <unfixed> (bug #1107368)
[bookworm] - requests <postponed> (Minor issue; revisit when fixed
upstream)
[bullseye] - requests <postponed> (Minor issue; revisit when fixed
upstream)
@@ -1782,7 +2042,7 @@ CVE-2025-48941 (MyBB is free and open source forum
software. Prior to version 1.
CVE-2025-48940 (MyBB is free and open source forum software. Prior to version
1.8.39, ...)
NOT-FOR-US: MyBB
CVE-2025-48866 (ModSecurity is an open source, cross platform web application
firewall ...)
- {DSA-5940-1}
+ {DSA-5940-1 DLA-4212-1}
- modsecurity-apache 2.9.10-1 (bug #1107196)
NOTE:
https://github.com/owasp-modsecurity/ModSecurity/security/advisories/GHSA-f82j-8pp7-cw2w
NOTE: Fixed by:
https://github.com/owasp-modsecurity/ModSecurity/commit/3a54ccea62d3f7151bb08cb78d60c5e90b53ca2e
(v2.9.10)
@@ -1852,7 +2112,7 @@ CVE-2025-26396 (The SolarWinds Dameware Mini Remote
Control was determined to be
NOT-FOR-US: SolarWinds
CVE-2025-23105 (An issue was discovered in Samsung Mobile Processor Exynos
2200, 1480, ...)
NOT-FOR-US: Samsung
-CVE-2025-23104 (An issue was discovered in Samsung Mobile Processor Exynos
2200, 1480, ...)
+CVE-2025-23104 (An issue was discovered in Samsung Mobile Processor Exynos
2200. A Use ...)
NOT-FOR-US: Samsung
CVE-2025-23099 (An issue was discovered in Samsung Mobile Processor Exynos
1480 and 24 ...)
NOT-FOR-US: Samsung
@@ -23324,7 +23584,7 @@ CVE-2025-26890 (Improper Control of Filename for
Include/Require Statement in PH
NOT-FOR-US: WordPress plugin or theme
CVE-2025-26874 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
-CVE-2025-26873 (Deserialization of Untrusted Data vulnerability in Shinetheme
Traveler ...)
+CVE-2025-26873 (Deserialization of Untrusted Data vulnerability in Shine theme
Travele ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-26733 (Missing Authorization vulnerability in Shinetheme
Traveler.This issue ...)
NOT-FOR-US: WordPress plugin or theme
@@ -204699,8 +204959,8 @@ CVE-2023-26007
RESERVED
CVE-2023-26006
RESERVED
-CVE-2023-26005
- RESERVED
+CVE-2023-26005 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
CVE-2023-26004
RESERVED
CVE-2023-26003 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
@@ -204711,8 +204971,8 @@ CVE-2023-26001 (Improper Neutralization of Input
During Web Page Generation ('Cr
NOT-FOR-US: WordPress plugin
CVE-2023-26000 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-25999
- RESERVED
+CVE-2023-25999 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
CVE-2023-25998
RESERVED
CVE-2023-25997 (Missing Authorization vulnerability in SolaPlugins Sola
Support Ticket ...)
@@ -397255,7 +397515,7 @@ CVE-2020-21516 (There is an arbitrary file upload
vulnerability in FeehiCMS 2.0.
NOT-FOR-US: FeehiCMS
CVE-2020-21515
RESERVED
-CVE-2020-21514 (An issue was discovered in Fluent Fluentd v.1.8.0 and
Fluent-ui v.1.2. ...)
+CVE-2020-21514 (An issue was discovered in Fluent-ui v.1.2.2 allows attackers
to gain ...)
NOT-FOR-US: Fluentd
CVE-2020-21513
RESERVED
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/66ccc089dd64eeeca0b2c67d884084964e95ca37
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/66ccc089dd64eeeca0b2c67d884084964e95ca37
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
