[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Jun 16 21:12:50 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8afdcd51 by security tracker role at 2025-06-16T20:12:42+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,114 @@
-CVE-2025-40916
+CVE-2025-6179 (Permissions Bypass in Extension Management in Google ChromeOS ...)
+ TODO: check
+CVE-2025-6177 (Privilege Escalation in MiniOS in Google ChromeOS (16063.45.2 and pote ...)
+ TODO: check
+CVE-2025-6172 (Permission vulnerability in the mobile application (com.afmobi.boompla ...)
+ TODO: check
+CVE-2025-6170 (A flaw was found in the interactive shell of the xmllint command-line ...)
+ TODO: check
+CVE-2025-6137 (A vulnerability classified as critical has been found in TOTOLINK T10 ...)
+ TODO: check
+CVE-2025-6136 (A vulnerability was found in Projectworlds Life Insurance Management S ...)
+ TODO: check
+CVE-2025-6135 (A vulnerability was found in Projectworlds Life Insurance Management S ...)
+ TODO: check
+CVE-2025-6134 (A vulnerability was found in Projectworlds Life Insurance Management S ...)
+ TODO: check
+CVE-2025-6133 (A vulnerability was found in Projectworlds Life Insurance Management S ...)
+ TODO: check
+CVE-2025-6132 (A vulnerability has been found in Chanjet CRM 1.0 and classified as cr ...)
+ TODO: check
+CVE-2025-6131 (A vulnerability, which was classified as problematic, was found in Cod ...)
+ TODO: check
+CVE-2025-6130 (A vulnerability, which was classified as critical, has been found in T ...)
+ TODO: check
+CVE-2025-6129 (A vulnerability classified as critical was found in TOTOLINK EX1200T 4 ...)
+ TODO: check
+CVE-2025-6128 (A vulnerability classified as critical has been found in TOTOLINK EX12 ...)
+ TODO: check
+CVE-2025-6127 (A vulnerability was found in PHPGurukul Nipah Virus Testing Management ...)
+ TODO: check
+CVE-2025-6126 (A vulnerability was found in PHPGurukul Rail Pass Management System 1. ...)
+ TODO: check
+CVE-2025-6125 (A vulnerability was found in PHPGurukul Rail Pass Management System 1. ...)
+ TODO: check
+CVE-2025-6124 (A vulnerability was found in code-projects Restaurant Order System 1.0 ...)
+ TODO: check
+CVE-2025-6123 (A vulnerability has been found in code-projects Restaurant Order Syste ...)
+ TODO: check
+CVE-2025-6122 (A vulnerability, which was classified as critical, was found in code-p ...)
+ TODO: check
+CVE-2025-6121 (A vulnerability, which was classified as critical, has been found in D ...)
+ TODO: check
+CVE-2025-6120 (A vulnerability classified as critical was found in Open Asset Import ...)
+ TODO: check
+CVE-2025-6119 (A vulnerability classified as critical has been found in Open Asset Im ...)
+ TODO: check
+CVE-2025-6118 (A vulnerability was found in Das Parking Management System \u505c\u8f6 ...)
+ TODO: check
+CVE-2025-6117 (A vulnerability was found in Das Parking Management System \u505c\u8f6 ...)
+ TODO: check
+CVE-2025-6116 (A vulnerability was found in Das Parking Management System \u505c\u8f6 ...)
+ TODO: check
+CVE-2025-6115 (A vulnerability was found in D-Link DIR-619L 2.06B01 and classified as ...)
+ TODO: check
+CVE-2025-6114 (A vulnerability has been found in D-Link DIR-619L 2.06B01 and classifi ...)
+ TODO: check
+CVE-2025-6113 (A vulnerability, which was classified as critical, was found in Tenda ...)
+ TODO: check
+CVE-2025-6087 (A Server-Side Request Forgery (SSRF) vulnerability was identified in t ...)
+ TODO: check
+CVE-2025-5689 (A flaw was found in the temporary user record that authd uses in the p ...)
+ TODO: check
+CVE-2025-5309 (The chat feature within Remote Support (RS) and Privileged Remote Acce ...)
+ TODO: check
+CVE-2025-4748 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2025-4565 (Any project that uses Protobuf Pure-Python backendto parse untrusted P ...)
+ TODO: check
+CVE-2025-49125 (Authentication Bypass Using an Alternate Path or Channel vulnerability ...)
+ TODO: check
+CVE-2025-49124 (Untrusted Search Path vulnerability in Apache Tomcat installer for Win ...)
+ TODO: check
+CVE-2025-48988 (Allocation of Resources Without Limits or Throttling vulnerability in ...)
+ TODO: check
+CVE-2025-48976 (Allocation of resources for multipart headers with insufficient limits ...)
+ TODO: check
+CVE-2025-46710 (Possible kernel exceptions caused by reading and writing kernel heap d ...)
+ TODO: check
+CVE-2025-40729 (Reflected Cross-Site Scripting (XSS) in /customer_support/index.php in ...)
+ TODO: check
+CVE-2025-40728 (SQL injection vulnerability in Customer Support System v1.0. This vuln ...)
+ TODO: check
+CVE-2025-40727 (A Reflected Cross Site Scripting (XSS) vulnerability was found in '/se ...)
+ TODO: check
+CVE-2025-40726 (Reflected Cross-Site Scripting (XSS) vulnerability in /pages/search-re ...)
+ TODO: check
+CVE-2025-3602 (Liferay Portal 7.4.0 through 7.4.3.97, and Liferay DXP 2023.Q3.1 throu ...)
+ TODO: check
+CVE-2025-3594 (Path traversal vulnerability with the downloading and installation of ...)
+ TODO: check
+CVE-2025-3526 (SessionClicks in Liferay Portal 7.0.0 through 7.4.3.21, and Liferay DX ...)
+ TODO: check
+CVE-2025-3464 (A race condition vulnerability exists in Armoury Crate. This vulnerabi ...)
+ TODO: check
+CVE-2025-36632 (In Tenable Agent versions prior to 10.8.5 on a Windows host, it was fo ...)
+ TODO: check
+CVE-2025-32798 (Conda-build contains commands and tools to build conda packages. Prior ...)
+ TODO: check
+CVE-2025-32797 (Conda-build contains commands and tools to build conda packages. Prior ...)
+ TODO: check
+CVE-2025-2327 (A flaw exists in FlashArray whereby the Key Encryption Key (KEK) is lo ...)
+ TODO: check
+CVE-2025-2091 (An open redirection vulnerability in M-Files mobile applications for A ...)
+ TODO: check
+CVE-2025-25265 (A web application for configuring the controller is accessible at a sp ...)
+ TODO: check
+CVE-2025-25264 (An unauthenticated remote attacker can take advantage of the current o ...)
+ TODO: check
+CVE-2025-24388 (A vulnerability in the OTRS Admin Interface and Agent Interface (versi ...)
+ TODO: check
+CVE-2025-40916 (Mojolicious::Plugin::CaptchaPNG version 1.05 for Perl uses a weak rand ...)
NOT-FOR-US: Mojolicious-Plugin-CaptchaPNG
CVE-2025-6169 (The WIMP website co-construction management platform from HAMASTAR Tec ...)
NOT-FOR-US: HAMASTAR Technology
@@ -66,9 +176,9 @@ CVE-2025-1411 (IBM Security Verify Directory Container 10.0.0.0 through 10.0.3.1
NOT-FOR-US: IBM
CVE-2024-25573 (Unsanitized user-supplied data saved in the PingFederate Administrativ ...)
NOT-FOR-US: PingFederate
-CVE-2025-47869
+CVE-2025-47869 (Improper Restriction of Operations within the Bounds of a Memory Buffe ...)
NOT-FOR-US: Apache NuttX RTOS
-CVE-2025-47868
+CVE-2025-47868 (Out-of-bounds Write resulting in possible Heap-based Buffer Overflow v ...)
NOT-FOR-US: Apache NuttX RTOS
CVE-2025-6070 (The Restrict File Access plugin for WordPress is vulnerable to Directo ...)
NOT-FOR-US: WordPress plugin
@@ -333,15 +443,15 @@ CVE-2024-38823 (Salt's request server is vulnerable to replay attacks when not u
- salt <removed>
CVE-2024-38822 (Multiple methods in the salt master skip minion token validation. Ther ...)
- salt <removed>
-CVE-2025-49794
+CVE-2025-49794 (A use-after-free vulnerability was found in libxml2. This issue occurs ...)
- libxml2 <unfixed> (bug #1107755)
[bookworm] - libxml2 <postponed> (Minor issue; revisit when fixed upstream)
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/931
-CVE-2025-49795
+CVE-2025-49795 (A NULL pointer dereference vulnerability was found in libxml2 when pro ...)
- libxml2 <unfixed> (bug #1107753)
[bookworm] - libxml2 <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/932
-CVE-2025-49796
+CVE-2025-49796 (A vulnerability was found in libxml2. Processing certain sch:name elem ...)
- libxml2 <unfixed> (bug #1107752)
[bookworm] - libxml2 <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/933
@@ -9645,7 +9755,7 @@ CVE-2025-31259 (The issue was addressed with improved input sanitization. This i
CVE-2025-31258 (This issue was addressed by removing the vulnerable code. This issue i ...)
NOT-FOR-US: Apple
CVE-2025-31257 (This issue was addressed with improved memory handling. This issue is ...)
- {DSA-5937-1}
+ {DSA-5937-1 DLA-4218-1}
- webkit2gtk 2.48.2-1
- wpewebkit 2.48.2-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
@@ -9716,7 +9826,7 @@ CVE-2025-31218 (This issue was addressed by removing the vulnerable code. This i
CVE-2025-31217 (The issue was addressed with improved input validation. This issue is ...)
NOT-FOR-US: Apple
CVE-2025-31215 (The issue was addressed with improved checks. This issue is fixed in w ...)
- {DSA-5937-1}
+ {DSA-5937-1 DLA-4218-1}
- webkit2gtk 2.48.2-1
- wpewebkit 2.48.2-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
@@ -9737,14 +9847,14 @@ CVE-2025-31208 (The issue was addressed with improved checks. This issue is fixe
CVE-2025-31207 (A logic issue was addressed with improved checks. This issue is fixed ...)
NOT-FOR-US: Apple
CVE-2025-31206 (A type confusion issue was addressed with improved state handling. Thi ...)
- {DSA-5937-1}
+ {DSA-5937-1 DLA-4218-1}
- webkit2gtk 2.48.2-1
- wpewebkit 2.48.2-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
[bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be sensibly backported)
NOTE: https://webkitgtk.org/security/WSA-2025-0004.html
CVE-2025-31205 (The issue was addressed with improved checks. This issue is fixed in w ...)
- {DSA-5937-1}
+ {DSA-5937-1 DLA-4218-1}
- webkit2gtk 2.48.2-1
- wpewebkit 2.48.2-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
@@ -9752,7 +9862,7 @@ CVE-2025-31205 (The issue was addressed with improved checks. This issue is fixe
NOTE: https://webkitgtk.org/security/WSA-2025-0004.html
NOTE: https://project-zero.issues.chromium.org/issues/408172161
CVE-2025-31204 (The issue was addressed with improved memory handling. This issue is f ...)
- {DSA-5937-1}
+ {DSA-5937-1 DLA-4218-1}
- webkit2gtk 2.48.2-1
- wpewebkit 2.48.2-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
@@ -9791,7 +9901,7 @@ CVE-2025-24258 (A permissions issue was addressed with additional restrictions.
CVE-2025-24225 (An injection issue was addressed with improved input validation. This ...)
NOT-FOR-US: Apple
CVE-2025-24223 (The issue was addressed with improved memory handling. This issue is f ...)
- {DSA-5937-1}
+ {DSA-5937-1 DLA-4218-1}
- webkit2gtk 2.48.2-1
- wpewebkit 2.48.2-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
@@ -24207,7 +24317,7 @@ CVE-2025-30429 (A path handling issue was addressed with improved validation. Th
CVE-2025-30428 (This issue was addressed through improved state management. This issue ...)
NOT-FOR-US: Apple
CVE-2025-30427 (A use-after-free issue was addressed with improved memory management. ...)
- {DSA-5899-1}
+ {DSA-5899-1 DLA-4218-1}
- webkit2gtk 2.48.1-1
- wpewebkit 2.48.1-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
@@ -24258,7 +24368,7 @@ CVE-2025-24266 (A buffer overflow was addressed with improved bounds checking. T
CVE-2025-24265 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
NOT-FOR-US: Apple
CVE-2025-24264 (The issue was addressed with improved memory handling. This issue is f ...)
- {DSA-5899-1}
+ {DSA-5899-1 DLA-4218-1}
- webkit2gtk 2.48.1-1
- wpewebkit 2.48.1-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
@@ -24339,7 +24449,7 @@ CVE-2025-24218 (A privacy issue was addressed with improved private data redacti
CVE-2025-24217 (This issue was addressed with improved redaction of sensitive informat ...)
NOT-FOR-US: Apple
CVE-2025-24216 (The issue was addressed with improved memory handling. This issue is f ...)
- {DSA-5899-1}
+ {DSA-5899-1 DLA-4218-1}
- webkit2gtk 2.48.1-1
- wpewebkit 2.48.1-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
@@ -24350,7 +24460,7 @@ CVE-2025-24215 (The issue was addressed with improved checks. This issue is fixe
CVE-2025-24214 (A privacy issue was addressed by not logging contents of text fields. ...)
NOT-FOR-US: Apple
CVE-2025-24213 (This issue was addressed with improved handling of floats. This issue ...)
- {DSA-5899-1}
+ {DSA-5899-1 DLA-4218-1}
- webkit2gtk 2.48.1-1
- wpewebkit 2.48.1-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
@@ -24363,14 +24473,14 @@ CVE-2025-24211 (This issue was addressed with improved memory handling. This iss
CVE-2025-24210 (A logic error was addressed with improved error handling. This issue i ...)
NOT-FOR-US: Apple
CVE-2025-24209 (A buffer overflow issue was addressed with improved memory handling. T ...)
- {DSA-5899-1}
+ {DSA-5899-1 DLA-4218-1}
- webkit2gtk 2.48.1-1
- wpewebkit 2.48.1-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
[bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be sensibly backported)
NOTE: https://webkitgtk.org/security/WSA-2025-0003.html
CVE-2025-24208 (A permissions issue was addressed with additional restrictions. This i ...)
- {DSA-5899-1}
+ {DSA-5899-1 DLA-4218-1}
- webkit2gtk 2.48.1-1
- wpewebkit 2.48.1-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
@@ -27777,7 +27887,7 @@ CVE-2025-25758 (An issue in KukuFM Android v1.12.7 (11207) allows attackers to a
CVE-2024-54564 (This issue was addressed through improved state management. This issue ...)
NOT-FOR-US: Apple
CVE-2024-54551 (The issue was addressed with improved memory handling. This issue is f ...)
- {DSA-5899-1}
+ {DSA-5899-1 DLA-4218-1}
- webkit2gtk 2.48.1-1
- wpewebkit 2.48.1-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
@@ -30633,7 +30743,7 @@ CVE-2025-24439 (Substance3D - Sampler versions 4.5.2 and earlier are affected by
CVE-2025-24431 (Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and e ...)
NOT-FOR-US: Adobe
CVE-2025-24201 (An out-of-bounds write issue was addressed with improved checks to pre ...)
- {DSA-5885-1 DSA-5877-1}
+ {DSA-5885-1 DSA-5877-1 DLA-4218-1}
- webkit2gtk 2.48.0-1
- wpewebkit 2.48.0-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
@@ -31120,7 +31230,7 @@ CVE-2024-54473 (This issue was addressed with improved redaction of sensitive in
CVE-2024-54469 (The issue was addressed with improved checks. This issue is fixed in m ...)
NOT-FOR-US: Apple
CVE-2024-54467 (A cookie management issue was addressed with improved state management ...)
- {DSA-5885-1}
+ {DSA-5885-1 DLA-4218-1}
- webkit2gtk 2.48.0-1
- wpewebkit 2.48.0-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
@@ -31139,7 +31249,7 @@ CVE-2024-47109 (IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 th
CVE-2024-44227 (The issue was addressed with improved memory handling. This issue is f ...)
NOT-FOR-US: Apple
CVE-2024-44192 (The issue was addressed with improved checks. This issue is fixed in w ...)
- {DSA-5885-1}
+ {DSA-5885-1 DLA-4218-1}
- webkit2gtk 2.48.0-1
- wpewebkit 2.48.0-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8afdcd51c0a3d17d431efd32d58a3d57e99ae070
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8afdcd51c0a3d17d431efd32d58a3d57e99ae070
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250616/de3afa88/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list