[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jun 3 21:13:45 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
004abf46 by security tracker role at 2025-06-03T20:13:38+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,8 +1,158 @@
+CVE-2025-5525 (A vulnerability was found in Jrohy trojan up to 2.15.3. It has been de ...)
+ TODO: check
+CVE-2025-5523 (A vulnerability classified as problematic has been found in enilu web- ...)
+ TODO: check
+CVE-2025-5522 (A vulnerability was found in jack0240 \u9b4f bskms \u84dd\u5929\u5e7c\ ...)
+ TODO: check
+CVE-2025-5521 (A vulnerability was found in WuKongOpenSource WukongCRM 9.0. It has be ...)
+ TODO: check
+CVE-2025-5520 (A vulnerability was found in Open5GS up to 2.7.3. It has been classifi ...)
+ TODO: check
+CVE-2025-5516 (A vulnerability, which was classified as problematic, was found in TOT ...)
+ TODO: check
+CVE-2025-5515 (A vulnerability, which was classified as critical, has been found in T ...)
+ TODO: check
+CVE-2025-5513 (A vulnerability has been found in quequnlong shiyi-blog up to 1.2.1 an ...)
+ TODO: check
+CVE-2025-5512 (A vulnerability, which was classified as critical, was found in quequn ...)
+ TODO: check
+CVE-2025-5511 (A vulnerability, which was classified as critical, has been found in q ...)
+ TODO: check
+CVE-2025-5510 (A vulnerability classified as critical was found in quequnlong shiyi-b ...)
+ TODO: check
+CVE-2025-5509 (A vulnerability classified as critical has been found in quequnlong sh ...)
+ TODO: check
+CVE-2025-5508 (A vulnerability was found in TOTOLINK A3002RU 2.1.1-B20230720.1011. It ...)
+ TODO: check
+CVE-2025-5507 (A vulnerability was found in TOTOLINK A3002RU 2.1.1-B20230720.1011. It ...)
+ TODO: check
+CVE-2025-5506 (A vulnerability was found in TOTOLINK A3002RU 2.1.1-B20230720.1011. It ...)
+ TODO: check
+CVE-2025-5505 (A vulnerability was found in TOTOLINK A3002RU 2.1.1-B20230720.1011 and ...)
+ TODO: check
+CVE-2025-5504 (A vulnerability has been found in TOTOLINK X2000R 1.0.0-B20230726.1108 ...)
+ TODO: check
+CVE-2025-5503 (A vulnerability, which was classified as critical, was found in TOTOLI ...)
+ TODO: check
+CVE-2025-5502 (A vulnerability, which was classified as critical, has been found in T ...)
+ TODO: check
+CVE-2025-5501 (A vulnerability classified as problematic was found in Open5GS up to 2 ...)
+ TODO: check
+CVE-2025-5499 (A vulnerability classified as critical has been found in slackero phpw ...)
+ TODO: check
+CVE-2025-5498 (A vulnerability was found in slackero phpwcms up to 1.9.45/1.10.8. It ...)
+ TODO: check
+CVE-2025-5497 (A vulnerability was found in slackero phpwcms up to 1.9.45/1.10.8. It ...)
+ TODO: check
+CVE-2025-5495 (A vulnerability was found in Netgear WNR614 1.1.0.28_1.0.1WW. It has b ...)
+ TODO: check
+CVE-2025-5493 (A vulnerability was found in Baison Channel Middleware Product 2.0.1 a ...)
+ TODO: check
+CVE-2025-5492 (A vulnerability has been found in D-Link DI-500WF-WT up to 20250511 an ...)
+ TODO: check
+CVE-2025-5340 (The Music Player for Elementor plugin for WordPress is vulnerable to S ...)
+ TODO: check
+CVE-2025-5116 (The WP Plugin Info Card plugin for WordPress is vulnerable to Stored C ...)
+ TODO: check
+CVE-2025-5103 (The Ultimate Gift Cards for WooCommerce plugin for WordPress is vulner ...)
+ TODO: check
+CVE-2025-4671 (The Profile Builder plugin for WordPress is vulnerable to Stored Cross ...)
+ TODO: check
+CVE-2025-4517 (Allows arbitrary filesystem writes outside the extraction directory du ...)
+ TODO: check
+CVE-2025-4435 (When using a TarFile.errorlevel = 0and extracting with a filter the do ...)
+ TODO: check
+CVE-2025-4420 (The Vayu Blocks \u2013 Gutenberg Blocks for WordPress & WooCommerce pl ...)
+ TODO: check
+CVE-2025-4392 (The Shared Files \u2013 Frontend File Upload Form & Secure File Sharin ...)
+ TODO: check
+CVE-2025-4330 (Allows the extraction filter to be ignored, allowing symlink targets t ...)
+ TODO: check
+CVE-2025-4205 (The Popup Maker plugin for WordPress is vulnerable to Stored Cross-Sit ...)
+ TODO: check
+CVE-2025-4138 (Allows the extraction filter to be ignored, allowing symlink targets t ...)
+ TODO: check
+CVE-2025-48998 (DataEase is an open source business intelligence and data visualizatio ...)
+ TODO: check
+CVE-2025-48997 (Multer is a node.js middleware for handling `multipart/form-data`. A v ...)
+ TODO: check
+CVE-2025-48953 (Umbraco is an ASP.NET content management system (CMS). Starting in ver ...)
+ TODO: check
+CVE-2025-48950 (MaxKB is an open-source AI assistant for enterprise. Prior to version ...)
+ TODO: check
+CVE-2025-46355 (Incorrect default permissions issue in PC Time Tracer prior to 5.2. If ...)
+ TODO: check
+CVE-2025-46154 (Foxcms v1.25 has a SQL time injection in the $_POST['dbname'] paramete ...)
+ TODO: check
+CVE-2025-45855 (An arbitrary file upload vulnerability in the component /upload/GoodsC ...)
+ TODO: check
+CVE-2025-45854 (An arbitrary file upload vulnerability in the component /server/execut ...)
+ TODO: check
+CVE-2025-44148 (Cross Site Scripting (XSS) vulnerability in MailEnable before v10 allo ...)
+ TODO: check
+CVE-2025-43925 (An issue was discovered in Unicom Focal Point 7.6.1. The database is e ...)
+ TODO: check
+CVE-2025-43924 (Cross Site Scripting vulnerability was discovered in Unicom Focal Poin ...)
+ TODO: check
+CVE-2025-43923 (An issue was discovered in ReportController in Unicom Focal Point 7.6. ...)
+ TODO: check
+CVE-2025-41428 (Improper limitation of a pathname to a restricted directory ('Path Tra ...)
+ TODO: check
+CVE-2025-36564 (Dell Encryption Admin Utilities versions prior to 11.10.2 contain an I ...)
+ TODO: check
+CVE-2025-35036 (Hibernate Validator before 6.2.0 and 7.0.0, by default and depending h ...)
+ TODO: check
+CVE-2025-32106 (In Audiocodes Mediapack MP-11x through 6.60A.369.002, a crafted POST r ...)
+ TODO: check
+CVE-2025-32105 (A buffer overflow in the the Sangoma IMG2020 HTTP server through 2.3.9 ...)
+ TODO: check
+CVE-2025-31359 (A directory traversal vulnerability exists in the PVMP package unpacki ...)
+ TODO: check
+CVE-2025-30360 (webpack-dev-server allows users to use webpack with a development serv ...)
+ TODO: check
+CVE-2025-30359 (webpack-dev-server allows users to use webpack with a development serv ...)
+ TODO: check
+CVE-2025-30167 (Jupyter Core is a package for the core common functionality of Jupyter ...)
+ TODO: check
+CVE-2025-25022 (IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak ...)
+ TODO: check
+CVE-2025-25021 (IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak ...)
+ TODO: check
+CVE-2025-25020 (IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak ...)
+ TODO: check
+CVE-2025-25019 (IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak ...)
+ TODO: check
+CVE-2025-23107 (An issue was discovered in Samsung Mobile Processor Exynos 1480 and 24 ...)
+ TODO: check
+CVE-2025-23103 (An issue was discovered in Samsung Mobile Processor Exynos 1480 and 24 ...)
+ TODO: check
+CVE-2025-23102 (An issue was discovered in Samsung Mobile Processor Exynos 9820, 9825, ...)
+ TODO: check
+CVE-2025-23100 (An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, ...)
+ TODO: check
+CVE-2025-23098 (An issue was discovered in Samsung Mobile Processor Exynos 980, 990, 1 ...)
+ TODO: check
+CVE-2025-23097 (An issue was discovered in Samsung Mobile Processor Exynos 1380. The l ...)
+ TODO: check
+CVE-2025-1725 (The Bit File Manager \u2013 100% Free & Open Source File Manager and C ...)
+ TODO: check
+CVE-2025-1334 (IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak ...)
+ TODO: check
+CVE-2024-54189 (A privilege escalation vulnerability exists in the Snapshot functional ...)
+ TODO: check
+CVE-2024-52561 (A privilege escalation vulnerability exists in the Snapshot functional ...)
+ TODO: check
+CVE-2024-45655 (IBM Application Gateway 19.12 through 24.09 could allow a local privil ...)
+ TODO: check
+CVE-2024-36486 (A privilege escalation vulnerability exists in the virtual machine arc ...)
+ TODO: check
+CVE-2024-12718 (Allows modifying some file metadata (e.g. last modified) with filter=" ...)
+ TODO: check
CVE-2024-47081
- requests <unfixed>
[bookworm] - requests <postponed> (Minor issue; revisit when fixed upstream)
NOTE: https://www.openwall.com/lists/oss-security/2025/06/03/9
-CVE-2025-46548
+CVE-2025-46548 (If you enable Basic Authentication in Pekko Management using the Java ...)
NOT-FOR-US: Apache Pekko Management
CVE-2025-0620
- samba <unfixed> (bug #1107248)
@@ -59077,7 +59227,7 @@ CVE-2024-52336 (A script injection vulnerability was identified in the Tuned pac
CVE-2024-52008 (Fides is an open-source privacy engineering platform. The user invite ...)
NOT-FOR-US: Fides
CVE-2024-51058 (Local File Inclusion (LFI) vulnerability has been discovered in TCPDF ...)
- {DSA-5933-1}
+ {DSA-5933-1 DLA-4199-1}
- tcpdf 6.7.7+dfsg-1 (bug #1088332)
NOTE: https://github.com/tecnickcom/TCPDF/commit/bfa7d2b6d455ebf72ebe3d48fbd487ee5a1f6f3b (6.7.6)
CVE-2024-50377 (A CWE-798 "Use of Hard-coded Credentials" was discovered affecting the ...)
@@ -154489,7 +154639,7 @@ CVE-2023-49743 (Improper Neutralization of Input During Web Page Generation ('Cr
NOT-FOR-US: WordPress plugin
CVE-2023-49740 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-49739 ([PROBLEMTYPE] in [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] on [PLATF ...)
+CVE-2023-49739 (Vulnerability in IdeaBox Creations PowerPack Pro for Elementor.This is ...)
NOT-FOR-US: WordPress plugin
CVE-2023-49708 (SQLi vulnerability in Starshop component for Joomla.)
NOT-FOR-US: Starshop component for Joomla
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/004abf46119c802c9d948f6c083cc6aea92d46ca
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/004abf46119c802c9d948f6c083cc6aea92d46ca
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250603/aa7c86b8/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list