[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sun Jun 1 21:12:16 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
757d9645 by security tracker role at 2025-06-01T20:12:09+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,28 @@
-CVE-2025-40908 [uses 2-args open, allowing existing files to be modified]
+CVE-2025-5406 (A vulnerability, which was classified as critical, was found in chaita ...)
+ TODO: check
+CVE-2025-5405 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2025-5404 (A vulnerability classified as problematic was found in chaitak-gorai B ...)
+ TODO: check
+CVE-2025-5403 (A vulnerability classified as critical has been found in chaitak-gorai ...)
+ TODO: check
+CVE-2025-5402 (A vulnerability was found in chaitak-gorai Blogbook up to 92f5cf90f8a7 ...)
+ TODO: check
+CVE-2025-5401 (A vulnerability was found in chaitak-gorai Blogbook up to 92f5cf90f8a7 ...)
+ TODO: check
+CVE-2025-5400 (A vulnerability was found in chaitak-gorai Blogbook up to 92f5cf90f8a7 ...)
+ TODO: check
+CVE-2025-33005 (IBM Planning Analytics Local 2.0 and 2.1 does not invalidate session a ...)
+ TODO: check
+CVE-2025-33004 (IBM Planning Analytics Local 2.0 and 2.1 could allow a privileged user ...)
+ TODO: check
+CVE-2025-2896 (IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site s ...)
+ TODO: check
+CVE-2025-25044 (IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site s ...)
+ TODO: check
+CVE-2025-1499 (IBM InfoSphere Information Server 11.7 stores credential information f ...)
+ TODO: check
+CVE-2025-40908 (YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing exis ...)
- libyaml-libyaml-perl 0.903.0+ds-1
[bookworm] - libyaml-libyaml-perl <no-dsa> (Minor issue)
NOTE: https://lists.security.metacpan.org/cve-announce/msg/30071726/
@@ -4602,6 +4626,7 @@ CVE-2025-2527 (Mattermost versions 10.5.x <= 10.5.2, 9.11.x <= 9.11.11 failed to
CVE-2025-26481 (Dell PowerScale OneFS, versions 9.4.0.0 through 9.9.0.0, contains an u ...)
NOT-FOR-US: Dell / EMC
CVE-2025-1647 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ {DLA-4204-1}
- twitter-bootstrap4 <not-affected> (Only affects 3.x)
- twitter-bootstrap3 <unfixed> (bug #1105899)
[bookworm] - twitter-bootstrap3 <no-dsa> (Minor issue)
@@ -12407,7 +12432,7 @@ CVE-2024-13926 (The WP-Syntax WordPress plugin through 1.2 does not properly han
CVE-2021-4455 (The Wordpress Plugin Smart Product Review plugin for WordPress is vuln ...)
NOT-FOR-US: WordPress plugin
CVE-2025-2866 (Improper Verification of Cryptographic Signature vulnerability in Libr ...)
- {DSA-5908-1}
+ {DSA-5908-1 DLA-4205-1}
- libreoffice 4:25.2.2-1
NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2025-2866/
NOTE: Fixed by: https://gerrit.libreoffice.org/c/core/+/183059 (25.8.0.0.alpha0+)
@@ -28279,7 +28304,7 @@ CVE-2025-1260 (On affected platforms running Arista EOS with OpenConfig configur
CVE-2025-1259 (On affected platforms running Arista EOS with OpenConfig configured, a ...)
NOT-FOR-US: Arista Networks
CVE-2025-1080 (LibreOffice supports Office URI Schemes to enable browser integration ...)
- {DSA-5873-1}
+ {DSA-5873-1 DLA-4205-1}
- libreoffice 4:24.8.5-1
NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2025-1080
NOTE: https://gerrit.libreoffice.org/c/core/+/181016
@@ -51673,22 +51698,22 @@ CVE-2024-53164 (In the Linux kernel, the following vulnerability has been resolv
[bookworm] - linux 6.1.123-1
NOTE: https://git.kernel.org/linus/5eb7de8cd58e73851cd37ff8d0666517d9926948 (6.13-rc2)
CVE-2024-56527 (An issue was discovered in TCPDF before 6.8.0. The Error function lack ...)
- {DLA-4199-1}
+ {DSA-5933-1 DLA-4199-1}
- tcpdf 6.8.0+dfsg-1 (bug #1091689)
NOTE: Fixed by: https://github.com/tecnickcom/TCPDF/commit/11778aaa2d9e30a9ae1c1ee97ff349344f0ad6e1 (6.8.0)
CVE-2024-56522 (An issue was discovered in TCPDF before 6.8.0. unserializeTCPDFtag use ...)
- {DLA-4199-1}
+ {DSA-5933-1 DLA-4199-1}
- tcpdf 6.8.0+dfsg-1 (bug #1091688)
NOTE: Fixed by: https://github.com/tecnickcom/TCPDF/commit/d54b97cec33f4f1a5ad81119a82085cad93cec89 (6.8.0)
CVE-2024-56521 (An issue was discovered in TCPDF before 6.8.0. If libcurl is used, CUR ...)
- tcpdf 6.8.0+dfsg-1 (bug #1091687)
NOTE: Fixed by: https://github.com/tecnickcom/TCPDF/commit/aab43ab0a824e956276141a28a24c7c0be20f554 (6.8.0)
CVE-2024-56520 (An issue was discovered in tc-lib-pdf-font before 2.6.4, as used in TC ...)
- {DLA-4199-1}
+ {DSA-5933-1 DLA-4199-1}
- tcpdf 6.8.0+dfsg-1 (bug #1091686)
NOTE: Fixed by: https://github.com/tecnickcom/TCPDF/commit/a0a02efe487cc39bd5223359e916dbeafb5cd6fe (6.8.0)
CVE-2024-56519 (An issue was discovered in TCPDF before 6.8.0. setSVGStyles does not s ...)
- {DLA-4199-1}
+ {DSA-5933-1 DLA-4199-1}
- tcpdf 6.8.0+dfsg-1 (bug #1091685)
NOTE: Fixed by: https://github.com/tecnickcom/TCPDF/commit/c9f41cbb84880bdb4fc3e0a9d287214d1ac4d7f4 (6.8.0)
CVE-2024-56510 (@marp-team/marp-core is the core for Marp, which is the ecosystem to w ...)
@@ -58638,6 +58663,7 @@ CVE-2024-52336 (A script injection vulnerability was identified in the Tuned pac
CVE-2024-52008 (Fides is an open-source privacy engineering platform. The user invite ...)
NOT-FOR-US: Fides
CVE-2024-51058 (Local File Inclusion (LFI) vulnerability has been discovered in TCPDF ...)
+ {DSA-5933-1}
- tcpdf 6.7.7+dfsg-1 (bug #1088332)
NOTE: https://github.com/tecnickcom/TCPDF/commit/bfa7d2b6d455ebf72ebe3d48fbd487ee5a1f6f3b (6.7.6)
CVE-2024-50377 (A CWE-798 "Use of Hard-coded Credentials" was discovered affecting the ...)
@@ -106735,7 +106761,7 @@ CVE-2024-23580 (HCL DRYiCE Optibot Reset Station is impacted byinsecure encrypti
CVE-2024-23579 (HCL DRYiCE Optibot Reset Station is impacted by insecure encryption of ...)
NOT-FOR-US: HCL
CVE-2024-22641 (TCPDF version 6.6.5 and before is vulnerable to ReDoS (Regular Express ...)
- {DLA-4199-1}
+ {DSA-5933-1 DLA-4199-1}
- tcpdf 6.7.7+dfsg-1 (bug #1072528)
NOTE: https://github.com/tecnickcom/TCPDF/issues/724
NOTE: Fixed by: https://github.com/tecnickcom/TCPDF/commit/17fe9597fb31d3d08c0f02a03338928ab8bcf0b5 (6.7.7)
@@ -124365,7 +124391,7 @@ CVE-2024-3701 (The system application (com.transsion.kolun.aiservice) component
CVE-2024-3505 (JFrog Artifactory Self-Hosted versions below 7.77.3, are vulnerable to ...)
NOT-FOR-US: JFrog Artifactory Self-Hosted
CVE-2024-32489 (TCPDF before 6.7.4 mishandles calls that use HTML syntax.)
- {DLA-4199-1}
+ {DSA-5933-1 DLA-4199-1}
- tcpdf 6.7.4+dfsg-1
NOTE: Fixed by: https://github.com/tecnickcom/TCPDF/commit/51cd1b39de5643836e62661d162c472d63167df7
NOTE: Fixed by: https://github.com/tecnickcom/TCPDF/commit/82fc97bf1c74c8dbe62b1d3cc6d10fa4b87e0262 (6.7.4)
@@ -145685,7 +145711,7 @@ CVE-2024-23055 (An issue in Plone Docker Official Image 5.2.13 (5221) open-sourc
CVE-2024-22922 (An issue in Projectworlds Vistor Management Systemin PHP v.1.0 allows ...)
NOT-FOR-US: Projectworlds Vistor Management Systemin PHP
CVE-2024-22640 (TCPDF version <=6.6.5 is vulnerable to ReDoS (Regular Expression Denia ...)
- {DLA-4199-1}
+ {DSA-5933-1 DLA-4199-1}
- tcpdf 6.7.5+dfsg-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2276090
NOTE: https://github.com/zunak/CVE-2024-22640
@@ -239086,6 +239112,7 @@ CVE-2022-3266 (An out-of-bounds read can occur when decoding H264 video. This re
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-41/#CVE-2022-3266
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-42/#CVE-2022-3266
CVE-2022-41322 (In Kitty before 0.26.2, insufficient validation in the desktop notific ...)
+ {DLA-4203-1}
- kitty 0.21.2-2 (bug #1020582)
[buster] - kitty <no-dsa> (Minor issue)
NOTE: https://github.com/kovidgoyal/kitty/commit/f05783e64d5fa62e1aed603e8d69aced5e49824f (v0.26.2)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/757d96454cea78a44f4c4999ea230aca940a648e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/757d96454cea78a44f4c4999ea230aca940a648e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250601/78c66202/attachment.htm>
More information about the debian-security-tracker-commits
mailing list