[Git][security-tracker-team/security-tracker][master] automatic update

Sat Jun 7 09:12:27 BST 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b9e8f77f by security tracker role at 2025-06-07T08:12:20+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,10 +1,18 @@
+CVE-2025-5814 (The Profiler \u2013 What Slowing Down Your WP plugin for WordPress is  ...)
+	TODO: check
+CVE-2025-49128 (Jackson-core contains core low-level incremental ("streaming") parser  ...)
+	TODO: check
+CVE-2025-49127 (Kafbat UI is a web user interface for managing Apache Kafka clusters.  ...)
+	TODO: check
+CVE-2025-47601 (Missing Authorization vulnerability in Christiaan Pieterse MaxiBlocks  ...)
+	TODO: check
 CVE-2025-5806 (Jenkins Gatling Plugin 136.vb_9009b_3d33a_e serves Gatling reports in  ...)
 	NOT-FOR-US: Jenkins (core or plugin)
 CVE-2025-5799 (A vulnerability was found in Tenda AC8 16.03.34.09. It has been declar ...)
 	NOT-FOR-US: Tenda
 CVE-2025-5798 (A vulnerability was found in Tenda AC8 16.03.34.09. It has been classi ...)
 	NOT-FOR-US: Tenda
-CVE-2025-5797 (A vulnerability was found in Laundry Laundry System 1.0 and classified ...)
+CVE-2025-5797 (A vulnerability was found in code-projects Laundry System 1.0 and clas ...)
 	NOT-FOR-US: Laundry Laundry System
 CVE-2025-5796 (A vulnerability has been found in code-projects Laundry System 1.0 and ...)
 	NOT-FOR-US: code-projects
@@ -278,7 +286,7 @@ CVE-2025-48329 (Improper Neutralization of Input During Web Page Generation ('Cr
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-48328 (Cross-Site Request Forgery (CSRF) vulnerability in Daman Jeet Real Tim ...)
 	NOT-FOR-US: WordPress plugin or theme
-CVE-2025-47950 (CoreDNS is a DNS server that chains plugins. In versions prior to 1.21 ...)
+CVE-2025-47950 (CoreDNS is a DNS server that chains plugins. In versions prior to 1.12 ...)
 	- coredns <itp> (bug #880676)
 CVE-2025-47586 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
 	NOT-FOR-US: WordPress plugin or theme
@@ -1232,7 +1240,7 @@ CVE-2025-20981 (Improper access control in AudioService prior to SMR Jun-2025 Re
 	NOT-FOR-US: Samsung Mobile
 CVE-2024-31127 (An improper verification of a loaded library in Zscaler Client Connect ...)
 	NOT-FOR-US: Zscaler Client Connector on Mac
-CVE-2025-5399 [WebSocket endless loop]
+CVE-2025-5399 (Due to a mistake in libcurl's WebSocket code, a malicious server can s ...)
 	- curl 8.14.1-1
 	[bookworm] - curl <not-affected> (Vulnerable code not present)
 	[bullseye] - curl <not-affected> (Vulnerable code not present)
@@ -8846,7 +8854,8 @@ CVE-2025-37801 (In the Linux kernel, the following vulnerability has been resolv
 CVE-2025-37800 (In the Linux kernel, the following vulnerability has been resolved:  d ...)
 	- linux 6.12.27-1
 	NOTE: https://git.kernel.org/linus/18daa52418e7e4629ed1703b64777294209d2622 (6.15-rc4)
-CVE-2025-5473 [ZDI-CAN-26752]
+CVE-2025-5473 (GIMP ICO File Parsing Integer Overflow Remote Code Execution Vulnerabi ...)
+	{DSA-5939-1}
 	- gimp 3.0.2-3.1 (bug #1105005)
 	NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/13910
 	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gimp/-/commit/c855d1df60ebaf5ef8d02807d448eb088f147a2b



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b9e8f77fe8e8a5e7d4d38e1c248ef77da0e6c307

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b9e8f77fe8e8a5e7d4d38e1c248ef77da0e6c307
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250607/0a5ff430/attachment.htm>
