[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Jun 9 21:12:44 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
66ccc089 by security tracker role at 2025-06-09T20:12:37+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,263 @@
+CVE-2025-5918 (A vulnerability has been identified in the libarchive library. This fl ...)
+	TODO: check
+CVE-2025-5917 (A vulnerability has been identified in the libarchive library. This fl ...)
+	TODO: check
+CVE-2025-5916 (A vulnerability has been identified in the libarchive library. This fl ...)
+	TODO: check
+CVE-2025-5915 (A vulnerability has been identified in the libarchive library. This fl ...)
+	TODO: check
+CVE-2025-5914 (A vulnerability has been identified in the libarchive library, specifi ...)
+	TODO: check
+CVE-2025-5895 (A vulnerability was found in Metabase 54.10. It has been classified as ...)
+	TODO: check
+CVE-2025-5892 (A vulnerability, which was classified as problematic, has been found i ...)
+	TODO: check
+CVE-2025-5891 (A vulnerability classified as problematic was found in Unitech pm2 up  ...)
+	TODO: check
+CVE-2025-5890 (A vulnerability classified as problematic has been found in actions to ...)
+	TODO: check
+CVE-2025-5889 (A vulnerability was found in juliangruber brace-expansion up to 1.1.11 ...)
+	TODO: check
+CVE-2025-5888 (A vulnerability was found in jsnjfz WebStack-Guns 1.0. It has been dec ...)
+	TODO: check
+CVE-2025-5887 (A vulnerability was found in jsnjfz WebStack-Guns 1.0. It has been cla ...)
+	TODO: check
+CVE-2025-5886 (A vulnerability was found in Emlog up to 2.5.7 and classified as probl ...)
+	TODO: check
+CVE-2025-5885 (A vulnerability has been found in Konica Minolta bizhub up to 20250202 ...)
+	TODO: check
+CVE-2025-5884 (A vulnerability, which was classified as problematic, was found in Kon ...)
+	TODO: check
+CVE-2025-5881 (A vulnerability was found in code-projects Chat System up to 1.0 and c ...)
+	TODO: check
+CVE-2025-5880 (A vulnerability has been found in Whistle 2.9.98 and classified as pro ...)
+	TODO: check
+CVE-2025-5879 (A vulnerability, which was classified as problematic, was found in WuK ...)
+	TODO: check
+CVE-2025-5877 (A vulnerability, which was classified as problematic, has been found i ...)
+	TODO: check
+CVE-2025-5876 (A vulnerability classified as problematic was found in Lucky LM-520-SC ...)
+	TODO: check
+CVE-2025-5875 (A vulnerability classified as critical has been found in TP-Link TL-IP ...)
+	TODO: check
+CVE-2025-5874 (A vulnerability was found in Redash up to 10.1.0/25.1.0. It has been r ...)
+	TODO: check
+CVE-2025-5873 (A vulnerability was found in eCharge Hardy Barth Salia PLCC 2.2.0. It  ...)
+	TODO: check
+CVE-2025-5872 (A vulnerability was found in eGauge EG3000 Energy Monitor 3.6.3. It ha ...)
+	TODO: check
+CVE-2025-5871 (A vulnerability was found in Papendorf SOL Connect Center 3.3.0.0 and  ...)
+	TODO: check
+CVE-2025-5870 (A vulnerability has been found in TRENDnet TV-IP121W 1.1.1 Build 36 an ...)
+	TODO: check
+CVE-2025-5869 (A vulnerability, which was classified as critical, was found in RT-Thr ...)
+	TODO: check
+CVE-2025-5868 (A vulnerability, which was classified as critical, has been found in R ...)
+	TODO: check
+CVE-2025-49653 (Exposure of sensitive data in active sessions in Lablup's BackendAI al ...)
+	TODO: check
+CVE-2025-49652 (Missing Authentication in the registration feature of Lablup's Backend ...)
+	TODO: check
+CVE-2025-49651 (Missing Authorization in Lablup's BackendAI allows attackers to takeov ...)
+	TODO: check
+CVE-2025-49297 (Path Traversal vulnerability in Mikado-Themes Grill and Chow allows PH ...)
+	TODO: check
+CVE-2025-49296 (Path Traversal vulnerability in Mikado-Themes GrandPrix allows PHP Loc ...)
+	TODO: check
+CVE-2025-49295 (Path Traversal vulnerability in Mikado-Themes MediClinic allows PHP Lo ...)
+	TODO: check
+CVE-2025-49282 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+	TODO: check
+CVE-2025-49281 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+	TODO: check
+CVE-2025-49280 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+	TODO: check
+CVE-2025-49279 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+	TODO: check
+CVE-2025-49278 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+	TODO: check
+CVE-2025-49277 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+	TODO: check
+CVE-2025-49276 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+	TODO: check
+CVE-2025-49275 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+	TODO: check
+CVE-2025-49265 (Missing Authorization vulnerability in WP Swings Membership For WooCom ...)
+	TODO: check
+CVE-2025-49136 (listmonk is a standalone, self-hosted, newsletter and mailing list man ...)
+	TODO: check
+CVE-2025-49131 (FastGPT is an open-source project that provides a platform for buildin ...)
+	TODO: check
+CVE-2025-49130 (Laravel Translation Manager is a package to manage Laravel translation ...)
+	TODO: check
+CVE-2025-49013 (WilderForge is a Wildermyth coremodding API. A critical vulnerability  ...)
+	TODO: check
+CVE-2025-49006 (Wasp (Web Application Specification) is a Rails-like framework for Rea ...)
+	TODO: check
+CVE-2025-48877 (Discourse is an open-source discussion platform. Prior to version 3.4. ...)
+	TODO: check
+CVE-2025-48281 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2025-48279 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-48267 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+	TODO: check
+CVE-2025-48261 (Insertion of Sensitive Information Into Sent Data vulnerability in Mul ...)
+	TODO: check
+CVE-2025-48147 (Missing Authorization vulnerability in Crypto Cloud CryptoCloud - Cryp ...)
+	TODO: check
+CVE-2025-48143 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-48141 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2025-48140 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
+	TODO: check
+CVE-2025-48139 (Missing Authorization vulnerability in relentlo StyleAI allows Accessi ...)
+	TODO: check
+CVE-2025-48130 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+	TODO: check
+CVE-2025-48129 (Incorrect Privilege Assignment vulnerability in Holest Engineering Spr ...)
+	TODO: check
+CVE-2025-48126 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+	TODO: check
+CVE-2025-48125 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+	TODO: check
+CVE-2025-48124 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+	TODO: check
+CVE-2025-48123 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
+	TODO: check
+CVE-2025-48122 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2025-48062 (Discourse is an open-source discussion platform. Prior to version 3.4. ...)
+	TODO: check
+CVE-2025-48053 (Discourse is an open-source discussion platform. Prior to version 3.4. ...)
+	TODO: check
+CVE-2025-47651 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2025-47608 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2025-47598 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-47561 (Incorrect Privilege Assignment vulnerability in RomanCode MapSVG allow ...)
+	TODO: check
+CVE-2025-47527 (Missing Authorization vulnerability in Icegram Icegram Collect \u2013  ...)
+	TODO: check
+CVE-2025-47511 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+	TODO: check
+CVE-2025-47487 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-47477 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-47463 (Missing Authorization vulnerability in Fahad Mahmood Stock Locations f ...)
+	TODO: check
+CVE-2025-46178 (Cross-Site Scripting (XSS) vulnerability exists in askquery.php via th ...)
+	TODO: check
+CVE-2025-46041 (A stored cross-site scripting (XSS) vulnerability in Anchor CMS v0.12. ...)
+	TODO: check
+CVE-2025-45055 (Silverpeas 6.4.2 contains a stored cross-site scripting (XSS) vulnerab ...)
+	TODO: check
+CVE-2025-45002 (Vigybag v1.0 and before is vulnerable to Cross Site Scripting (XSS) vi ...)
+	TODO: check
+CVE-2025-45001 (react-native-keys 0.7.11 is vulnerable to sensitive information disclo ...)
+	TODO: check
+CVE-2025-41444 (Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnera ...)
+	TODO: check
+CVE-2025-41437 (Zohocorp ManageEngineOpManager,NetFlow Analyzer,Network Configuration  ...)
+	TODO: check
+CVE-2025-40675 (A Reflected Cross-Site Scripting (XSS) vulnerability has been found in ...)
+	TODO: check
+CVE-2025-40670 (Incorrect authorization vulnerability in TCMAN's GIM v11. This vulnera ...)
+	TODO: check
+CVE-2025-40669 (Incorrect authorization vulnerability in TCMAN's GIM v11. This vulnera ...)
+	TODO: check
+CVE-2025-40668 (Incorrect authorization vulnerability in TCMAN's GIM v11. This vulnera ...)
+	TODO: check
+CVE-2025-3835 (Zohocorp ManageEngineExchange Reporter Plus versions5721 and prior are ...)
+	TODO: check
+CVE-2025-39539 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-39476 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+	TODO: check
+CVE-2025-39475 (Path Traversal vulnerability in Frenify Arlo allows PHP Local File Inc ...)
+	TODO: check
+CVE-2025-39473 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+	TODO: check
+CVE-2025-36528 (Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnera ...)
+	TODO: check
+CVE-2025-32595 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+	TODO: check
+CVE-2025-32308 (Missing Authorization vulnerability in looks_awesome Team Builder allo ...)
+	TODO: check
+CVE-2025-32305 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-32291 (Unrestricted Upload of File with Dangerous Type vulnerability in Fanta ...)
+	TODO: check
+CVE-2025-31925 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-31920 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2025-31917 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-31638 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-31635 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+	TODO: check
+CVE-2025-31429 (Deserialization of Untrusted Data vulnerability in themeton PressGrid  ...)
+	TODO: check
+CVE-2025-31426 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-31424 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2025-31398 (Deserialization of Untrusted Data vulnerability in themeton PIMP - Cre ...)
+	TODO: check
+CVE-2025-31396 (Deserialization of Untrusted Data vulnerability in themeton FLAP - Bus ...)
+	TODO: check
+CVE-2025-31061 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-31059 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2025-31058 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-31057 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-31052 (Deserialization of Untrusted Data vulnerability in themeton The Fashio ...)
+	TODO: check
+CVE-2025-31050 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+	TODO: check
+CVE-2025-31045 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
+	TODO: check
+CVE-2025-31039 (Improper Restriction of XML External Entity Reference vulnerability in ...)
+	TODO: check
+CVE-2025-31022 (Authentication Bypass Using an Alternate Path or Channel vulnerability ...)
+	TODO: check
+CVE-2025-31019 (Authentication Bypass Using an Alternate Path or Channel vulnerability ...)
+	TODO: check
+CVE-2025-29627 (An issue in KeeperChat IOS Application v.5.8.8 allows a physically pro ...)
+	TODO: check
+CVE-2025-28992 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+	TODO: check
+CVE-2025-28945 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+	TODO: check
+CVE-2025-28944 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+	TODO: check
+CVE-2025-28888 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+	TODO: check
+CVE-2025-27709 (Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnera ...)
+	TODO: check
+CVE-2025-27362 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+	TODO: check
+CVE-2025-26592 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+	TODO: check
+CVE-2025-24770 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+	TODO: check
+CVE-2025-24768 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+	TODO: check
+CVE-2025-24767 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2025-23974 (Incorrect Privilege Assignment vulnerability in ifkooo One-Login allow ...)
+	TODO: check
+CVE-2024-46452 (A Host Header injection vulnerability in the password reset function o ...)
+	TODO: check
 CVE-2025-5894 (Smart Parking Management System from Honding Technology has a Missing  ...)
 	NOT-FOR-US: Honding Technology
 CVE-2025-5893 (Smart Parking Management System from Honding Technology has an Exposur ...)
@@ -1597,7 +1857,7 @@ CVE-2025-23107 (An issue was discovered in Samsung Mobile Processor Exynos 1480
 	NOT-FOR-US: Samsung
 CVE-2025-23103 (An issue was discovered in Samsung Mobile Processor Exynos 1480 and 24 ...)
 	NOT-FOR-US: Samsung
-CVE-2025-23102 (An issue was discovered in Samsung Mobile Processor Exynos 9820, 9825, ...)
+CVE-2025-23102 (An issue was discovered in Samsung Mobile Processor Exynos 980, 990, 1 ...)
 	NOT-FOR-US: Samsung
 CVE-2025-23100 (An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, ...)
 	NOT-FOR-US: Samsung
@@ -1635,7 +1895,7 @@ CVE-2024-12718 (Allows modifying some file metadata (e.g. last modified) with fi
 	NOTE: Fixed by: https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a (3.14)
 	NOTE: Fixed by: https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01 (v3.13.4)
 	NOTE: Fixed by: https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da (v3.12.11)
-CVE-2024-47081
+CVE-2024-47081 (Requests is a HTTP library. Due to a URL parsing issue, Requests relea ...)
 	- requests <unfixed> (bug #1107368)
 	[bookworm] - requests <postponed> (Minor issue; revisit when fixed upstream)
 	[bullseye] - requests <postponed> (Minor issue; revisit when fixed upstream)
@@ -1782,7 +2042,7 @@ CVE-2025-48941 (MyBB is free and open source forum software. Prior to version 1.
 CVE-2025-48940 (MyBB is free and open source forum software. Prior to version 1.8.39,  ...)
 	NOT-FOR-US: MyBB
 CVE-2025-48866 (ModSecurity is an open source, cross platform web application firewall ...)
-	{DSA-5940-1}
+	{DSA-5940-1 DLA-4212-1}
 	- modsecurity-apache 2.9.10-1 (bug #1107196)
 	NOTE: https://github.com/owasp-modsecurity/ModSecurity/security/advisories/GHSA-f82j-8pp7-cw2w
 	NOTE: Fixed by: https://github.com/owasp-modsecurity/ModSecurity/commit/3a54ccea62d3f7151bb08cb78d60c5e90b53ca2e (v2.9.10)
@@ -1852,7 +2112,7 @@ CVE-2025-26396 (The SolarWinds Dameware Mini Remote Control was determined to be
 	NOT-FOR-US: SolarWinds
 CVE-2025-23105 (An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, ...)
 	NOT-FOR-US: Samsung
-CVE-2025-23104 (An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, ...)
+CVE-2025-23104 (An issue was discovered in Samsung Mobile Processor Exynos 2200. A Use ...)
 	NOT-FOR-US: Samsung
 CVE-2025-23099 (An issue was discovered in Samsung Mobile Processor Exynos 1480 and 24 ...)
 	NOT-FOR-US: Samsung
@@ -23324,7 +23584,7 @@ CVE-2025-26890 (Improper Control of Filename for Include/Require Statement in PH
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-26874 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin or theme
-CVE-2025-26873 (Deserialization of Untrusted Data vulnerability in Shinetheme Traveler ...)
+CVE-2025-26873 (Deserialization of Untrusted Data vulnerability in Shine theme Travele ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-26733 (Missing Authorization vulnerability in Shinetheme Traveler.This issue  ...)
 	NOT-FOR-US: WordPress plugin or theme
@@ -204699,8 +204959,8 @@ CVE-2023-26007
 	RESERVED
 CVE-2023-26006
 	RESERVED
-CVE-2023-26005
-	RESERVED
+CVE-2023-26005 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+	TODO: check
 CVE-2023-26004
 	RESERVED
 CVE-2023-26003 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
@@ -204711,8 +204971,8 @@ CVE-2023-26001 (Improper Neutralization of Input During Web Page Generation ('Cr
 	NOT-FOR-US: WordPress plugin
 CVE-2023-26000 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2023-25999
-	RESERVED
+CVE-2023-25999 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+	TODO: check
 CVE-2023-25998
 	RESERVED
 CVE-2023-25997 (Missing Authorization vulnerability in SolaPlugins Sola Support Ticket ...)
@@ -397255,7 +397515,7 @@ CVE-2020-21516 (There is an arbitrary file upload vulnerability in FeehiCMS 2.0.
 	NOT-FOR-US: FeehiCMS
 CVE-2020-21515
 	RESERVED
-CVE-2020-21514 (An issue was discovered in Fluent Fluentd v.1.8.0 and Fluent-ui v.1.2. ...)
+CVE-2020-21514 (An issue was discovered in Fluent-ui v.1.2.2 allows attackers to gain  ...)
 	NOT-FOR-US: Fluentd
 CVE-2020-21513
 	RESERVED



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/66ccc089dd64eeeca0b2c67d884084964e95ca37

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/66ccc089dd64eeeca0b2c67d884084964e95ca37
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250609/9bc9823b/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list