[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jun 5 09:12:26 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f96fe0d4 by security tracker role at 2025-06-05T08:12:20+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,96 @@
-CVE-2025-49466
+CVE-2025-5690 (PostgreSQL Anonymizer v2.0 and v2.1 contain a vulnerability that allow ...)
+	TODO: check
+CVE-2025-5683 (When loading a specifically crafted ICNS format image file in QImage t ...)
+	TODO: check
+CVE-2025-5646 (A vulnerability has been found in Radare2 5.9.9 and classified as prob ...)
+	TODO: check
+CVE-2025-5645 (A vulnerability, which was classified as problematic, was found in Rad ...)
+	TODO: check
+CVE-2025-5644 (A vulnerability, which was classified as problematic, has been found i ...)
+	TODO: check
+CVE-2025-5643 (A vulnerability classified as problematic was found in Radare2 5.9.9.  ...)
+	TODO: check
+CVE-2025-5642 (A vulnerability classified as problematic has been found in Radare2 5. ...)
+	TODO: check
+CVE-2025-5641 (A vulnerability was found in Radare2 5.9.9. It has been rated as probl ...)
+	TODO: check
+CVE-2025-5640 (A vulnerability was found in PX4-Autopilot 1.12.3. It has been classif ...)
+	TODO: check
+CVE-2025-5639 (A vulnerability was found in PHPGurukul Notice Board System 1.0 and cl ...)
+	TODO: check
+CVE-2025-5638 (A vulnerability has been found in PHPGurukul Notice Board System 1.0 a ...)
+	TODO: check
+CVE-2025-5637 (A vulnerability, which was classified as critical, was found in PCMan  ...)
+	TODO: check
+CVE-2025-5636 (A vulnerability, which was classified as critical, has been found in P ...)
+	TODO: check
+CVE-2025-5635 (A vulnerability classified as critical was found in PCMan FTP Server 2 ...)
+	TODO: check
+CVE-2025-5634 (A vulnerability classified as critical has been found in PCMan FTP Ser ...)
+	TODO: check
+CVE-2025-5633 (A vulnerability was found in code-projects/anirbandutta9 Content Manag ...)
+	TODO: check
+CVE-2025-5632 (A vulnerability was found in code-projects/anirbandutta9 Content Manag ...)
+	TODO: check
+CVE-2025-5631 (A vulnerability was found in code-projects/anirbandutta9 Content Manag ...)
+	TODO: check
+CVE-2025-5630 (A vulnerability has been found in D-Link DIR-816 1.10CNB05 and classif ...)
+	TODO: check
+CVE-2025-5629 (A vulnerability, which was classified as critical, was found in Tenda  ...)
+	TODO: check
+CVE-2025-5628 (A vulnerability, which was classified as problematic, has been found i ...)
+	TODO: check
+CVE-2025-5627 (A vulnerability classified as critical was found in code-projects Pati ...)
+	TODO: check
+CVE-2025-5626 (A vulnerability classified as critical has been found in Campcodes Onl ...)
+	TODO: check
+CVE-2025-5625 (A vulnerability was found in Campcodes Online Teacher Record Managemen ...)
+	TODO: check
+CVE-2025-5624 (A vulnerability was found in D-Link DIR-816 1.10CNB05. It has been dec ...)
+	TODO: check
+CVE-2025-5623 (A vulnerability was found in D-Link DIR-816 1.10CNB05. It has been cla ...)
+	TODO: check
+CVE-2025-5622 (A vulnerability was found in D-Link DIR-816 1.10CNB05 and classified a ...)
+	TODO: check
+CVE-2025-5621 (A vulnerability has been found in D-Link DIR-816 1.10CNB05 and classif ...)
+	TODO: check
+CVE-2025-5620 (A vulnerability, which was classified as critical, was found in D-Link ...)
+	TODO: check
+CVE-2025-5619 (A vulnerability, which was classified as critical, has been found in T ...)
+	TODO: check
+CVE-2025-5618 (A vulnerability classified as critical was found in PHPGurukul Online  ...)
+	TODO: check
+CVE-2025-5617 (A vulnerability classified as critical has been found in PHPGurukul On ...)
+	TODO: check
+CVE-2025-5616 (A vulnerability was found in PHPGurukul Online Fire Reporting System 1 ...)
+	TODO: check
+CVE-2025-5615 (A vulnerability was found in PHPGurukul Online Fire Reporting System 1 ...)
+	TODO: check
+CVE-2025-5614 (A vulnerability was found in PHPGurukul Online Fire Reporting System 1 ...)
+	TODO: check
+CVE-2025-5613 (A vulnerability was found in PHPGurukul Online Fire Reporting System 1 ...)
+	TODO: check
+CVE-2025-5612 (A vulnerability has been found in PHPGurukul Online Fire Reporting Sys ...)
+	TODO: check
+CVE-2025-5611 (A vulnerability, which was classified as critical, was found in CodeAs ...)
+	TODO: check
+CVE-2025-5610 (A vulnerability, which was classified as critical, has been found in C ...)
+	TODO: check
+CVE-2025-49008 (Atheos is a self-hosted browser-based cloud integrated development env ...)
+	TODO: check
+CVE-2025-49007 (Rack is a modular Ruby web server interface. Starting in version 3.1.0 ...)
+	TODO: check
+CVE-2025-48947 (The Auth0 Next.js SDK is a library for implementing user authenticatio ...)
+	TODO: check
+CVE-2025-46341 (FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2 ...)
+	TODO: check
+CVE-2025-3055 (The WP User Frontend Pro plugin for WordPress is vulnerable to arbitra ...)
+	TODO: check
+CVE-2025-3054 (The WP User Frontend Pro plugin for WordPress is vulnerable to arbitra ...)
+	TODO: check
+CVE-2025-1793 (Multiple vector store integrations in run-llama/llama_index version v0 ...)
+	TODO: check
+CVE-2025-49466 (aerc before 93bec0d allows directory traversal in commands/msgview/ope ...)
 	- earc 0.20.0-2
 	NOTE: Fixed by: https://git.sr.ht/~rjarry/aerc/commit/93bec0de8ed5ab3d6b1f01026fe2ef20fa154329
 	NOTE: Regression fix: https://git.sr.ht/~rjarry/aerc/commit/2bbe75fe0bc87ab4c1e16c5a18c6200224391629
@@ -136,7 +228,7 @@ CVE-2024-13967 (This vulnerability allows the successful attacker to gain unauth
 	NOT-FOR-US: ABB group
 CVE-2018-25112 (An unauthenticated remote attacker may use an uncontrolled resource co ...)
 	NOT-FOR-US: IEC 61131
-CVE-2025-48432 [Potential log injection via unescaped request path]
+CVE-2025-48432 (An issue was discovered in Django 5.2 before 5.2.2, 5.1 before 5.1.10, ...)
 	- python-django 3:4.2.22-1 (bug #1107282)
 	NOTE: https://www.djangoproject.com/weblog/2025/jun/04/security-releases/
 	NOTE: Fixed by: https://github.com/django/django/commit/ac03c5e7df8680c61cdb0d3bdb8be9095dba841e (4.2.22)
@@ -8519,9 +8611,9 @@ CVE-2025-4355 (A vulnerability was found in Tenda DAP-1520 1.10B04_BETA02. It ha
 	NOT-FOR-US: Tenda
 CVE-2025-4354 (A vulnerability was found in Tenda DAP-1520 1.10B04_BETA02 and classif ...)
 	NOT-FOR-US: Tenda
-CVE-2025-4353 (A vulnerability, which was classified as critical, was found in Golden ...)
+CVE-2025-4353 (A vulnerability, which was classified as critical, was found in Brilli ...)
 	NOT-FOR-US: Golden Link Secondary System
-CVE-2025-4352 (A vulnerability, which was classified as critical, has been found in G ...)
+CVE-2025-4352 (A vulnerability, which was classified as critical, has been found in B ...)
 	NOT-FOR-US: Golden Link Secondary System
 CVE-2025-4350 (A vulnerability classified as critical was found in D-Link DIR-600L up ...)
 	NOT-FOR-US: D-Link
@@ -407197,7 +407289,7 @@ CVE-2020-16248 (Prometheus Blackbox Exporter through 0.17.0 allows /probe?target
 	NOTE: https://www.openwall.com/lists/oss-security/2020/08/08/3
 	NOTE: Upstream of the project did disputed the CVE. Upstream position is
 	NOTE: that the refererred behaviour is intended functionality.
-CVE-2020-16247 (Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. Th ...)
+CVE-2020-16247 (Philips Clinical Collaboration Platform, Versions 12.2.1 and prior,    ...)
 	NOT-FOR-US: Philips
 CVE-2020-16246 (The affected Reason S20 Ethernet Switch is vulnerable to cross-site sc ...)
 	NOT-FOR-US: Reason S20 Ethernet Switch
@@ -407209,15 +407301,15 @@ CVE-2020-16243 (Multiple buffer overflow vulnerabilities exist when LeviStudioU
 	NOT-FOR-US: LeviStudioU
 CVE-2020-16242 (The affected Reason S20 Ethernet Switch is vulnerable to cross-site sc ...)
 	NOT-FOR-US: General Electric
-CVE-2020-16241 (Philips SureSigns VS4, A.07.107 and prior. The software does not restr ...)
+CVE-2020-16241 (Philips SureSigns VS4, A.07.107 and prior  does not restrict or incorr ...)
 	NOT-FOR-US: Philips SureSigns
 CVE-2020-16240 (GE Digital APM Classic, Versions 4.4 and prior. An insecure direct obj ...)
 	NOT-FOR-US: GE Digital APM Classic
-CVE-2020-16239 (Philips SureSigns VS4, A.07.107 and prior. When an actor claims to hav ...)
+CVE-2020-16239 (When an actor claims to have a given identity,   Philips SureSigns VS4 ...)
 	NOT-FOR-US: Philips SureSigns
 CVE-2020-16238 (A vulnerability in the configuration import mechanism of the B. Braun  ...)
 	NOT-FOR-US: B. Braun Melsungen AG
-CVE-2020-16237 (Philips SureSigns VS4, A.07.107 and prior. The product receives input  ...)
+CVE-2020-16237 (Philips SureSigns VS4, A.07.107 and prior receives input or data, but  ...)
 	NOT-FOR-US: Philips SureSigns
 CVE-2020-16236 (FPWIN Pro is vulnerable to an out-of-bounds read vulnerability when a  ...)
 	NOT-FOR-US: FPWIN Pro
@@ -407291,11 +407383,11 @@ CVE-2020-16202 (WebAccess Node (All versions prior to 9.0.1) has incorrect permi
 	NOT-FOR-US: WebAccess Node
 CVE-2020-16201 (Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.23 and ...)
 	NOT-FOR-US: Delta Industrial Automation
-CVE-2020-16200 (Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. Th ...)
+CVE-2020-16200 (Philips Clinical Collaboration Platform, Versions 12.2.1 and prior,    ...)
 	NOT-FOR-US: Philips
 CVE-2020-16199 (Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.23 and ...)
 	NOT-FOR-US: Delta Industrial Automation
-CVE-2020-16198 (Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. Wh ...)
+CVE-2020-16198 (When an attacker claims to have a given identity,   Philips Clinical C ...)
 	NOT-FOR-US: Philips
 CVE-2020-16197 (An issue was discovered in Octopus Deploy 3.4. A deployment target can ...)
 	NOT-FOR-US: Octopus Deploy
@@ -411708,7 +411800,7 @@ CVE-2020-14527 (Vulnerability in the Primavera Portfolio Management product of O
 	NOT-FOR-US: Oracle
 CVE-2020-14526
 	RESERVED
-CVE-2020-14525 (Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. Th ...)
+CVE-2020-14525 (Philips Clinical Collaboration Platform, Versions 12.2.1 and prior, do ...)
 	NOT-FOR-US: Philips
 CVE-2020-14524 (Softing Industrial Automation all versions prior to the latest build o ...)
 	NOT-FOR-US: Softing Industrial Automation



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f96fe0d490aa81f64537a126ac1fa68c797927fd

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f96fe0d490aa81f64537a126ac1fa68c797927fd
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250605/dafcae01/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list