[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Apr 30 09:11:57 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
cd5d0cb7 by security tracker role at 2025-04-30T08:11:50+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,60 +1,210 @@
-CVE-2025-4093
+CVE-2025-4095 (Registry Access Management (RAM) is a security feature allowing admini ...)
+ TODO: check
+CVE-2025-4080 (A vulnerability has been found in PHPGurukul Online Nurse Hiring Syste ...)
+ TODO: check
+CVE-2025-4079 (A vulnerability, which was classified as critical, was found in PCMan ...)
+ TODO: check
+CVE-2025-4078 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2025-4077 (A vulnerability classified as critical was found in code-projects Scho ...)
+ TODO: check
+CVE-2025-4076 (A vulnerability classified as critical has been found in LB-LINK BL-AC ...)
+ TODO: check
+CVE-2025-4075 (A vulnerability was found in VMSMan up to 20250416. It has been rated ...)
+ TODO: check
+CVE-2025-4074 (A vulnerability was found in PHPGurukul Curfew e-Pass Management Syste ...)
+ TODO: check
+CVE-2025-4073 (A vulnerability was found in PHPGurukul Student Record System 3.20. It ...)
+ TODO: check
+CVE-2025-4072 (A vulnerability was found in PHPGurukul Online Nurse Hiring System 1.0 ...)
+ TODO: check
+CVE-2025-4071 (A vulnerability has been found in PHPGurukul COVID19 Testing Managemen ...)
+ TODO: check
+CVE-2025-4070 (A vulnerability, which was classified as critical, was found in PHPGur ...)
+ TODO: check
+CVE-2025-4069 (A vulnerability, which was classified as critical, has been found in c ...)
+ TODO: check
+CVE-2025-4068 (A vulnerability classified as critical was found in code-projects Simp ...)
+ TODO: check
+CVE-2025-4067 (A vulnerability classified as critical has been found in ScriptAndTool ...)
+ TODO: check
+CVE-2025-4066 (A vulnerability was found in ScriptAndTools Online-Travling-System 1.0 ...)
+ TODO: check
+CVE-2025-4065 (A vulnerability was found in ScriptAndTools Online-Travling-System 1.0 ...)
+ TODO: check
+CVE-2025-4064 (A vulnerability was found in ScriptAndTools Online-Travling-System 1.0 ...)
+ TODO: check
+CVE-2025-4063 (A vulnerability was found in code-projects Student Information Managem ...)
+ TODO: check
+CVE-2025-4062 (A vulnerability has been found in code-projects Theater Seat Booking S ...)
+ TODO: check
+CVE-2025-4061 (A vulnerability, which was classified as critical, was found in code-p ...)
+ TODO: check
+CVE-2025-4060 (A vulnerability, which was classified as critical, has been found in P ...)
+ TODO: check
+CVE-2025-4059 (A vulnerability classified as critical was found in code-projects Pris ...)
+ TODO: check
+CVE-2025-4058 (A vulnerability classified as critical has been found in Projectworlds ...)
+ TODO: check
+CVE-2025-46782
+ REJECTED
+CVE-2025-46781
+ REJECTED
+CVE-2025-46780
+ REJECTED
+CVE-2025-46779
+ REJECTED
+CVE-2025-46778
+ REJECTED
+CVE-2025-46560 (vLLM is a high-throughput and memory-efficient inference and serving e ...)
+ TODO: check
+CVE-2025-46552 (KHC-INVITATION-AUTOMATION is a GitHub automation script that automatic ...)
+ TODO: check
+CVE-2025-46550 (YesWiki is a wiki system written in PHP. Prior to version 4.5.4, the ` ...)
+ TODO: check
+CVE-2025-46549 (YesWiki is a wiki system written in PHP. Prior to version 4.5.4, an at ...)
+ TODO: check
+CVE-2025-46350 (YesWiki is a wiki system written in PHP. Prior to version 4.5.4, an at ...)
+ TODO: check
+CVE-2025-46349 (YesWiki is a wiki system written in PHP. Prior to version 4.5.4, YesWi ...)
+ TODO: check
+CVE-2025-46348 (YesWiki is a wiki system written in PHP. Prior to version 4.5.4, the r ...)
+ TODO: check
+CVE-2025-46347 (YesWiki is a wiki system written in PHP. Prior to version 4.5.4, YesWi ...)
+ TODO: check
+CVE-2025-46346 (YesWiki is a wiki system written in PHP. Prior to version 4.5.4, a sto ...)
+ TODO: check
+CVE-2025-46344 (The Auth0 Next.js SDK is a library for implementing user authenticatio ...)
+ TODO: check
+CVE-2025-45956 (A SQL injection vulnerability in manage_damage.php in Sourcecodester C ...)
+ TODO: check
+CVE-2025-40619 (Bookgy does not provide for proper authorisation control in multiple a ...)
+ TODO: check
+CVE-2025-40618 (SQL injection vulnerability in Bookgy. This vulnerability could allow ...)
+ TODO: check
+CVE-2025-40617 (SQL injection vulnerability in Bookgy. This vulnerability could allow ...)
+ TODO: check
+CVE-2025-40616 (Reflected Cross-Site Scripting (XSS) vulnerability in Bookgy. This vul ...)
+ TODO: check
+CVE-2025-40615 (Reflected Cross-Site Scripting (XSS) vulnerability in Bookgy. This vul ...)
+ TODO: check
+CVE-2025-3953 (The WP Statistics \u2013 The Most Popular Privacy-Friendly Analytics P ...)
+ TODO: check
+CVE-2025-3929 (An XSS issue was discovered in MDaemon Email Server version 25.0.1 and ...)
+ TODO: check
+CVE-2025-3911 (Recording of environment variables, configured for running containers, ...)
+ TODO: check
+CVE-2025-3910 (A flaw was found in Keycloak. The org.keycloak.authorization package m ...)
+ TODO: check
+CVE-2025-3891 (A flaw was found in the mod_auth_openidc module for Apache httpd. This ...)
+ TODO: check
+CVE-2025-3501 (A flaw was found in Keycloak. By setting a verification policy to 'ALL ...)
+ TODO: check
+CVE-2025-3471 (The SureForms WordPress plugin before 1.4.4 does not have proper auth ...)
+ TODO: check
+CVE-2025-3452 (The SecuPress Free \u2014 WordPress Security plugin for WordPress is v ...)
+ TODO: check
+CVE-2025-3358
+ REJECTED
+CVE-2025-3301 (DPA countermeasures are unavailable for ECDH key agreement and EdDSA s ...)
+ TODO: check
+CVE-2025-32444 (vLLM is a high-throughput and memory-efficient inference and serving e ...)
+ TODO: check
+CVE-2025-32354 (In Zimbra Collaboration (ZCS) 9.0 through 10.1, a Cross-Site Request F ...)
+ TODO: check
+CVE-2025-30202 (vLLM is a high-throughput and memory-efficient inference and serving e ...)
+ TODO: check
+CVE-2025-29906 (Finit is a fast init for Linux systems. Versions starting from 3.0-rc1 ...)
+ TODO: check
+CVE-2025-25962 (An issue in Coresmartcontracts Uniswap v.3.0 and fixed in v.4.0 allows ...)
+ TODO: check
+CVE-2025-25403 (Slims (Senayan Library Management Systems) 9 Bulian V9.6.1 is vulnerab ...)
+ TODO: check
+CVE-2025-23181 (CWE-250: Execution with Unnecessary Privileges)
+ TODO: check
+CVE-2025-23180 (CWE-250: Execution with Unnecessary Privileges)
+ TODO: check
+CVE-2025-23179 (CWE-798: Use of Hard-coded Credentials)
+ TODO: check
+CVE-2025-23178 (CWE-923: Improper Restriction of Communication Channel to Intended End ...)
+ TODO: check
+CVE-2025-23177 (CWE-427: Uncontrolled Search Path Element)
+ TODO: check
+CVE-2025-22884 (Delta Electronics ISPSoft version 3.20 is vulnerable to a Stack-Based ...)
+ TODO: check
+CVE-2025-22883 (Delta Electronics ISPSoft version 3.20 is vulnerable to anOut-Of-Bound ...)
+ TODO: check
+CVE-2025-22882 (Delta Electronics ISPSoft version 3.20 is vulnerable to a Stack-Based ...)
+ TODO: check
+CVE-2025-1551 (IBM Operational Decision Manager 8.11.0.1, 8.11.1.0, 8.12.0.1, and 9.0 ...)
+ TODO: check
+CVE-2025-1194 (A Regular Expression Denial of Service (ReDoS) vulnerability was ident ...)
+ TODO: check
+CVE-2025-0716 (Improper sanitization of the value of the 'href' and 'xlink:href' attr ...)
+ TODO: check
+CVE-2025-0520 (An unrestricted file upload vulnerability in ShowDoc caused by imprope ...)
+ TODO: check
+CVE-2024-57698 (An issue in modernwms v.1.0 allows an attacker view the MD5 hash of th ...)
+ TODO: check
+CVE-2023-4377
+ REJECTED
+CVE-2025-4093 (Memory safety bug present in Firefox ESR 128.9, and Thunderbird 128.9. ...)
- firefox-esr 128.10.0esr-1
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-29/#CVE-2025-4093
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-32/#CVE-2025-4093
-CVE-2025-4092
+CVE-2025-4092 (Memory safety bugs present in Firefox 137 and Thunderbird 137. Some of ...)
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-28/#CVE-2025-4092
-CVE-2025-4091
+CVE-2025-4091 (Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ES ...)
- firefox <unfixed>
- firefox-esr 128.10.0esr-1
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-28/#CVE-2025-4091
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-29/#CVE-2025-4091
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-32/#CVE-2025-4091
-CVE-2025-4090
+CVE-2025-4090 (A vulnerability existed in Firefox for Android where potentially sensi ...)
- firefox <not-affected> (Only affects Firefox on Android)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-28/#CVE-2025-4090
-CVE-2025-4089
+CVE-2025-4089 (Due to insufficient escaping of special characters in the "copy as cUR ...)
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-28/#CVE-2025-4089
-CVE-2025-4088
+CVE-2025-4088 (A security vulnerability in Firefox allowed malicious sites to use red ...)
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-28/#CVE-2025-4088
-CVE-2025-4087
+CVE-2025-4087 (A vulnerability was identified in Firefox where XPath parsing could tr ...)
- firefox <unfixed>
- firefox-esr 128.10.0esr-1
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-28/#CVE-2025-4087
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-29/#CVE-2025-4087
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-32/#CVE-2025-4087
-CVE-2025-4086
+CVE-2025-4086 (A specially crafted filename containing a large number of encoded newl ...)
- firefox <not-affected> (Only affects Firefox on Android)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-28/#CVE-2025-4086
-CVE-2025-4085
+CVE-2025-4085 (An attacker with control over a content process could potentially leve ...)
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-28/#CVE-2025-4085
-CVE-2025-4084
+CVE-2025-4084 (Due to insufficient escaping of the special characters in the "copy as ...)
- firefox-esr <not-affected> (Only affects Firefox on Windows)
- thunderbird <not-affected> (Only affects Thunderbird on Windows)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-29/#CVE-2025-4084
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-32/#CVE-2025-4084
-CVE-2025-4083
+CVE-2025-4083 (A process isolation vulnerability in Firefox stemmed from improper han ...)
- firefox <unfixed>
- firefox-esr 128.10.0esr-1
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-28/#CVE-2025-4083
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-29/#CVE-2025-4083
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-32/#CVE-2025-4083
-CVE-2025-4082
+CVE-2025-4082 (Modification of specific WebGL shader attributes could trigger an out- ...)
- firefox <not-affected> (Only affects Firefox on MacOS)
- firefox-esr <not-affected> (Only affects Firefox on MacOS)
- thunderbird <not-affected> (Only affects Thunderbird on MacOS)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-28/#CVE-2025-4082
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-29/#CVE-2025-4082
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-32/#CVE-2025-4082
-CVE-2025-2817
+CVE-2025-2817 (Mozilla Firefox's update mechanism allowed a medium-integrity user pro ...)
- firefox <not-affected> (Only affects Firefox Updater on Windows)
- firefox-esr <not-affected> (Only affects Firefox ESR Updater on Windows)
- thunderbird <not-affected> (Only affects Thunderbird Updater on Windows)
@@ -78,12 +228,12 @@ CVE-2025-31501 [Cross Site Scripting via JavaScript injection in an Asset name]
- request-tracker5 <unfixed> (bug #1104422)
CVE-2025-31500 [Cross Site Scripting via JavaScript injection in an RT permalink]
- request-tracker5 <unfixed> (bug #1104422)
-CVE-2024-58099 [vmxnet3: Fix packet corruption in vmxnet3_xdp_xmit_frame]
+CVE-2024-58099 (In the Linux kernel, the following vulnerability has been resolved: v ...)
- linux 6.11.6-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/4678adf94da4a9e9683817b246b58ce15fb81782 (6.12-rc4)
-CVE-2025-30194
+CVE-2025-30194 (When DNSdist is configured to provide DoH via the nghttp2 provider, an ...)
- dnsdist 1.9.9-1 (bug #1104351)
[bookworm] - dnsdist <not-affected> (Introduced in 1.9.0)
[bullseye] - dnsdist <not-affected> (Introduced in 1.9.0)
@@ -160,7 +310,7 @@ CVE-2024-11922 (Missing input validation in certain features of the Web Client o
NOT-FOR-US: Fortra
CVE-2024-10635 (Enterprise Protection contains an improper input validation vulnerabil ...)
NOT-FOR-US: Proofpoint
-CVE-2025-4035
+CVE-2025-4035 (A flaw was found in libsoup. When handling cookies, libsoup clients mi ...)
- libsoup3 <unfixed> (bug #1104414)
- libsoup2.4 <unfixed> (bug #1104415)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2362651
@@ -1625,18 +1775,22 @@ CVE-2025-43966 (libheif before 1.19.6 has a NULL pointer dereference in ImageIte
- libheif 1.19.7-1
NOTE: Fixed by: https://github.com/strukturag/libheif/commit/b38555387e4b5dcf036fe45b0c440aca19b7b69c (v1.19.6)
CVE-2025-43964 (In LibRaw before 0.21.4, tag 0x412 processing in phase_one_correct in ...)
+ {DLA-4142-1}
- libraw 0.21.4-1 (bug #1103783)
[bookworm] - libraw <no-dsa> (Minor issue)
NOTE: Fixed by: https://github.com/LibRaw/LibRaw/commit/a50dc3f1127d2e37a9b39f57ad9bb2ebb60f18c0 (0.21.4)
CVE-2025-43963 (In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cp ...)
+ {DLA-4142-1}
- libraw 0.21.4-1 (bug #1103782)
[bookworm] - libraw <no-dsa> (Minor issue)
NOTE: Fixed by: https://github.com/LibRaw/LibRaw/commit/be26e7639ecf8beb55f124ce780e99842de2e964 (0.21.4)
CVE-2025-43962 (In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cp ...)
+ {DLA-4142-1}
- libraw 0.21.4-1 (bug #1103781)
[bookworm] - libraw <no-dsa> (Minor issue)
NOTE: Fixed by: https://github.com/LibRaw/LibRaw/commit/66fe663e02a4dd610b4e832f5d9af326709336c2 (0.21.4)
CVE-2025-43961 (In LibRaw before 0.21.4, metadata/tiff.cpp has an out-of-bounds read i ...)
+ {DLA-4142-1}
- libraw 0.21.4-1 (bug #1103781)
[bookworm] - libraw <no-dsa> (Minor issue)
NOTE: Fixed by: https://github.com/LibRaw/LibRaw/commit/66fe663e02a4dd610b4e832f5d9af326709336c2 (0.21.4)
@@ -31615,6 +31769,7 @@ CVE-2025-0611 (Object corruption in V8 in Google Chrome prior to 132.0.6834.110
CVE-2025-0604 (A flaw was found in Keycloak. When an Active Directory user resets the ...)
- keycloak <itp> (bug #1088287)
CVE-2025-0395 (When the assert() function in the GNU C Library versions 2.13 to 2.40 ...)
+ {DLA-4143-1}
- glibc 2.40-6
[bookworm] - glibc 2.36-9+deb12u10
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=32582
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd5d0cb7572bfa9fe5d79fba7bf4dfa73313e26c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd5d0cb7572bfa9fe5d79fba7bf4dfa73313e26c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250430/0745354e/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list