[Git][security-tracker-team/security-tracker][master] automatic update

Tue Jun 3 09:12:07 BST 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f4d6b4b4 by security tracker role at 2025-06-03T08:12:01+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,71 @@
-CVE-2025-5068
+CVE-2025-4797 (The Golo - City Travel Guide WordPress Theme theme for WordPress is vu ...)
+	TODO: check
+CVE-2025-4567 (The Post Slider and Post Carousel with Post Vertical Scrolling Widget  ...)
+	TODO: check
+CVE-2025-4224 (The wpForo + wpForo Advanced Attachments plugin for WordPress is vulne ...)
+	TODO: check
+CVE-2025-4047 (The Broken Link Checker plugin for WordPress is vulnerable to unauthor ...)
+	TODO: check
+CVE-2025-49164 (Arris VIP1113 devices through 2025-05-30 with KreaTV SDK have a firmwa ...)
+	TODO: check
+CVE-2025-49163 (Arris VIP1113 devices through 2025-05-30 with KreaTV SDK allow booting ...)
+	TODO: check
+CVE-2025-49162 (Arris VIP1113 devices through 2025-05-30 with KreaTV SDK allow file ov ...)
+	TODO: check
+CVE-2025-3919 (The WordPress Comments Import & Export plugin for WordPress is vulnera ...)
+	TODO: check
+CVE-2025-3662 (The FancyBox for WordPress plugin before 3.3.6 does not escape caption ...)
+	TODO: check
+CVE-2025-3584 (The Newsletter  WordPress plugin before 8.8.2 does not sanitise and es ...)
+	TODO: check
+CVE-2025-31712 (In cplog service, there is a possible out of bounds write due to a mis ...)
+	TODO: check
+CVE-2025-31711 (In cplog service, there is a possible system crash due to null pointer ...)
+	TODO: check
+CVE-2025-31710 (In engineermode service, there is a possible command injection due to  ...)
+	TODO: check
+CVE-2025-2939 (The Ninja Tables \u2013 Easy Data Table Builder plugin for WordPress i ...)
+	TODO: check
+CVE-2025-27038 (Memory corruption while rendering graphics using Adreno GPU drivers in ...)
+	TODO: check
+CVE-2025-27031 (memory corruption while processing IOCTL commands, when the buffer in  ...)
+	TODO: check
+CVE-2025-27029 (Transient DOS while processing the tone measurement response buffer wh ...)
+	TODO: check
+CVE-2025-21486 (Memory corruption during dynamic process creation call when client is  ...)
+	TODO: check
+CVE-2025-21485 (Memory corruption while processing INIT and multimode invoke IOCTL cal ...)
+	TODO: check
+CVE-2025-21480 (Memory corruption due to unauthorized command execution in GPU microno ...)
+	TODO: check
+CVE-2025-21479 (Memory corruption due to unauthorized command execution in GPU microno ...)
+	TODO: check
+CVE-2025-21463 (Transient DOS while processing the EHT operation IE in the received be ...)
+	TODO: check
+CVE-2024-53026 (Information disclosure when an invalid RTCP packet is received during  ...)
+	TODO: check
+CVE-2024-53021 (Information disclosure may occur while processing goodbye RTCP packet  ...)
+	TODO: check
+CVE-2024-53020 (Information disclosure may occur while decoding the RTP packet with in ...)
+	TODO: check
+CVE-2024-53019 (Information disclosure may occur while decoding the RTP packet with im ...)
+	TODO: check
+CVE-2024-53018 (Memory corruption may occur while processing the OIS packet parser.)
+	TODO: check
+CVE-2024-53017 (Memory corruption while handling test pattern generator IOCTL command.)
+	TODO: check
+CVE-2024-53016 (Memory corruption while processing I2C settings in Camera driver.)
+	TODO: check
+CVE-2024-53015 (Memory corruption while processing IOCTL command to handle buffers ass ...)
+	TODO: check
+CVE-2024-53013 (Memory corruption may occur while processing voice call registration w ...)
+	TODO: check
+CVE-2024-53010 (Memory corruption may occur while attaching VM when the HLOS retains a ...)
+	TODO: check
+CVE-2025-5068 (Use after free in Blink in Google Chrome prior to 137.0.7151.68 allowe ...)
 	- chromium <unfixed>
 	[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-5419
+CVE-2025-5419 (Out of bounds read and write in V8 in Google Chrome prior to 137.0.715 ...)
 	- chromium <unfixed>
 	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2025-5455 (An issue was found in the private API function qDecodeDataUrl() in QtC ...)
@@ -230,6 +294,7 @@ CVE-2025-5113 (The Diviotec professional series exposes a web interface. One end
 CVE-2025-4010 (The Netcom NTC 6200 and NWL 222 series expose a web interface to be co ...)
 	NOT-FOR-US: Netcom NTC 6200 and NWL 222 series
 CVE-2025-49113 (Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote  ...)
+	{DSA-5934-1}
 	- roundcube 1.6.11+dfsg-1 (bug #1107073)
 	NOTE: https://roundcube.net/news/2025/06/01/security-updates-1.6.11-and-1.5.10
 	NOTE: https://github.com/roundcube/roundcubemail/pull/9865



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f4d6b4b448516f8b1a73c24ed4c3692266f02b9d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f4d6b4b448516f8b1a73c24ed4c3692266f02b9d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250603/422c16af/attachment.htm>
