[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jun 12 09:12:39 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6d75569a by security tracker role at 2025-06-12T08:12:32+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,43 @@
+CVE-2025-6009 (A vulnerability was found in kiCode111 like-girl 5.2.0 and classified  ...)
+	TODO: check
+CVE-2025-6008 (A vulnerability has been found in kiCode111 like-girl 5.2.0 and classi ...)
+	TODO: check
+CVE-2025-6007 (A vulnerability, which was classified as critical, was found in kiCode ...)
+	TODO: check
+CVE-2025-6006 (A vulnerability, which was classified as critical, has been found in k ...)
+	TODO: check
+CVE-2025-6005 (A vulnerability classified as critical was found in kiCode111 like-gir ...)
+	TODO: check
+CVE-2025-5301 (ONLYOFFICE Docs (DocumentServer) in versions equal and below 8.3.1 are ...)
+	TODO: check
+CVE-2025-5012 (The Workreap plugin for WordPress, used by the Workreap - Freelance Ma ...)
+	TODO: check
+CVE-2025-4973 (The Workreap plugin for WordPress, used by the Workreap - Freelance Ma ...)
+	TODO: check
+CVE-2025-49822
+	REJECTED
+CVE-2025-49821
+	REJECTED
+CVE-2025-49820
+	REJECTED
+CVE-2025-49819
+	REJECTED
+CVE-2025-49818
+	REJECTED
+CVE-2025-49817
+	REJECTED
+CVE-2025-49816
+	REJECTED
+CVE-2025-49815
+	REJECTED
+CVE-2025-49814
+	REJECTED
+CVE-2025-35978 (Improper restriction of communication channel to intended endpoints is ...)
+	TODO: check
+CVE-2023-36636
+	REJECTED
+CVE-2022-4976 (Archive::Unzip::Burst from 0.01 through 0.09 for Perl contains a bundl ...)
+	TODO: check
 CVE-2025-6002 (An unrestricted file upload vulnerability exists in the Product Image  ...)
 	TODO: check
 CVE-2025-6001 (A Cross-Site Request Forgery (CSRF) vulnerability exists in the produc ...)
@@ -630,9 +670,11 @@ CVE-2025-49091 (KDE Konsole before 25.04.2 allows remote code execution in a cer
 	NOTE: https://kde.org/info/security/advisory-20250609-1.txt
 	NOTE: Fixed by: https://invent.kde.org/utilities/konsole/-/commit/09d20dea109050b4c02fb73095f327b5642a2b75 (v25.04.2)
 CVE-2025-5958 (Use after free in Media in Google Chrome prior to 137.0.7151.103 allow ...)
+	{DSA-5942-1}
 	- chromium 137.0.7151.103-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2025-5959 (Type Confusion in V8 in Google Chrome prior to 137.0.7151.103 allowed  ...)
+	{DSA-5942-1}
 	- chromium 137.0.7151.103-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2025-5977 (A vulnerability was found in code-projects School Fees Payment System  ...)
@@ -3267,6 +3309,7 @@ CVE-2025-48495 (Gokapi is a self-hosted file sharing server with automatic expir
 CVE-2025-48494 (Gokapi is a self-hosted file sharing server with automatic expiration  ...)
 	NOT-FOR-US: Gokapi
 CVE-2025-48387 (tar-fs provides filesystem bindings for tar-stream. Versions prior to  ...)
+	{DLA-4214-1}
 	- node-tar-fs 3.0.9+~cs2.0.4-1
 	NOTE: https://github.com/mafintosh/tar-fs/security/advisories/GHSA-8cj5-5rvv-wf4v
 	NOTE: Fixed by: https://github.com/mafintosh/tar-fs/commit/647447b572bc135c41035e82ca7b894f02b17f0f (v3.0.9)
@@ -11821,6 +11864,7 @@ CVE-2025-4222 (The Database Toolset plugin for WordPress is vulnerable to Sensit
 CVE-2025-4218 (A vulnerability was found in handrew browserpilot up to 0.2.51. It has ...)
 	NOT-FOR-US: handrew browserpilot
 CVE-2025-4215 (A vulnerability was found in gorhill uBlock Origin up to 1.63.3b16. It ...)
+	{DLA-4215-1}
 	- ublock-origin 1.62.0+dfsg-2 (bug #1104635)
 	[bookworm] - ublock-origin <no-dsa> (Minor issue)
 	NOTE: https://github.com/gorhill/uBlock/commit/eaedaf5b10d2f7857c6b77fbf7d4a80681d4d46c (1.63.3b17)
@@ -25310,6 +25354,7 @@ CVE-2024-55072 (A Broken Object Level Authorization vulnerability in the compone
 CVE-2024-55070 (A Broken Object Level Authorization vulnerability in the component /ho ...)
 	NOT-FOR-US: hay-kot mealie
 CVE-2024-12905 (An Improper Link Resolution Before File Access ("Link Following") and  ...)
+	{DLA-4214-1}
 	- node-tar-fs 3.0.8+~cs2.0.4-1 (bug #1101501)
 	[bookworm] - node-tar-fs <no-dsa> (Minor issue)
 	NOTE: https://github.com/advisories/GHSA-pq67-2wwv-3xjx



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d75569a353eb8b24a3d3e895ac901a562c09b54

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d75569a353eb8b24a3d3e895ac901a562c09b54
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250612/4f447800/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list