[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jun 18 09:12:12 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b2fb3988 by security tracker role at 2025-06-18T08:12:04+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,59 @@
+CVE-2025-51381 (An authentication bypass vulnerability exists in KCM3100 Ver1.4.2 and ...)
+ TODO: check
+CVE-2025-50202 (Lychee is a free photo-management tool. In versions starting from 6.6. ...)
+ TODO: check
+CVE-2025-4955 (The tarteaucitron.io WordPress plugin before 1.9.5 uses query paramete ...)
+ TODO: check
+CVE-2025-4413 (The Pixabay Images plugin for WordPress is vulnerable to arbitrary fil ...)
+ TODO: check
+CVE-2025-49843 (conda-smithy is a tool for combining a conda recipe with configuration ...)
+ TODO: check
+CVE-2025-49825 (Teleport provides connectivity, authentication, access controls and au ...)
+ TODO: check
+CVE-2025-49824 (conda-smithy is a tool for combining a conda recipe with configuration ...)
+ TODO: check
+CVE-2025-49593 (Portainer Community Edition is a lightweight service delivery platform ...)
+ TODO: check
+CVE-2025-49385 (Trend Micro Security 17.8 (Consumer) is vulnerable to a link following ...)
+ TODO: check
+CVE-2025-49384 (Trend Micro Security 17.8 (Consumer) is vulnerable to a link following ...)
+ TODO: check
+CVE-2025-49218 (A post-auth SQL injection vulnerability in the Trend Micro Endpoint En ...)
+ TODO: check
+CVE-2025-49217 (An insecure deserialization operation in the Trend Micro Endpoint Encr ...)
+ TODO: check
+CVE-2025-49216 (An authentication bypass vulnerability in the Trend Micro Endpoint Enc ...)
+ TODO: check
+CVE-2025-49215 (A post-auth SQL injection vulnerability in the Trend Micro Endpoint En ...)
+ TODO: check
+CVE-2025-49214 (An insecure deserialization operation in the Trend Micro Endpoint Encr ...)
+ TODO: check
+CVE-2025-49213 (An insecure deserialization operation in the Trend Micro Endpoint Encr ...)
+ TODO: check
+CVE-2025-49212 (An insecure deserialization operation in the Trend Micro Endpoint Encr ...)
+ TODO: check
+CVE-2025-49211 (A SQL injection vulnerability in the Trend Micro Endpoint Encryption P ...)
+ TODO: check
+CVE-2025-49149 (Dify is an open-source LLM app development platform. In version 1.2.0, ...)
+ TODO: check
+CVE-2025-48443 (Trend Micro Password Manager (Consumer) version 5.0.0.1266 and below i ...)
+ TODO: check
+CVE-2025-41413 (Fuji Electric Smart Editoris vulnerable to an out-of-bounds write, whi ...)
+ TODO: check
+CVE-2025-41388 (Fuji Electric Smart Editor is vulnerable to a stack-based buffer overf ...)
+ TODO: check
+CVE-2025-32412 (Fuji Electric Smart Editoris vulnerable to an out-of-bounds read, whic ...)
+ TODO: check
+CVE-2025-30642 (A link following vulnerability in Trend Micro Deep Security 20.0 agent ...)
+ TODO: check
+CVE-2025-30641 (A link following vulnerability in the anti-malware solution portion of ...)
+ TODO: check
+CVE-2025-30640 (A link following vulnerability in Trend Micro Deep Security 20.0 agent ...)
+ TODO: check
+CVE-2025-23252 (The NVIDIA NVDebug tool contains a vulnerability that may allow an act ...)
+ TODO: check
+CVE-2025-1562 (The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, ...)
+ TODO: check
CVE-2025-48945
- pycares <unfixed>
NOTE: https://github.com/saghul/pycares/security/advisories/GHSA-5qpg-rh4j-qp35
@@ -252,6 +308,7 @@ CVE-2025-0320 (Local Privilege escalation allows a low-privileged user to gain S
CVE-2024-40570 (SQL Injection vulnerability in SeaCMS v.12.9 allows a remote attacker ...)
NOT-FOR-US: SeaCMS
CVE-2025-6019 [LPE from allow_active to root in libblockdev via udisks]
+ {DSA-5943-1 DLA-4221-1}
- libblockdev 3.3.0-2.1
NOTE: https://www.openwall.com/lists/oss-security/2025/06/17/4
NOTE: https://www.qualys.com/2025/06/17/suse15-pam-udisks-lpe.txt
@@ -1728,6 +1785,7 @@ CVE-2025-49709 (Certain canvas operations could have lead to memory corruption.
- firefox 139.0.4-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-47/#CVE-2025-49709
CVE-2025-49091 (KDE Konsole before 25.04.2 allows remote code execution in a certain s ...)
+ {DLA-4220-1}
- konsole 4:25.04.0-2 (bug #1107672)
NOTE: https://www.openwall.com/lists/oss-security/2025/06/10/5
NOTE: https://kde.org/info/security/advisory-20250609-1.txt
@@ -2712,7 +2770,7 @@ CVE-2025-5528 (The Social Sharing Plugin \u2013 Sassy Social Share plugin for Wo
NOT-FOR-US: WordPress plugin
CVE-2025-5303 (The LTL Freight Quotes \u2013 Freightview Edition, LTL Freight Quotes ...)
NOT-FOR-US: WordPress plugin
-CVE-2025-49619 (Skyvern through 0.1.85 has a Jinja runtime leak in sdk/workflow/models ...)
+CVE-2025-49619 (Skyvern through 0.1.85 is vulnerable to server-side template injection ...)
NOT-FOR-US: Skyvern
CVE-2024-9994 (The Essential Addons for Elementor \u2013 Best Elementor Addon, Templa ...)
NOT-FOR-US: WordPress plugin
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b2fb39881e09e3c52156423756cc9bfebd263384
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b2fb39881e09e3c52156423756cc9bfebd263384
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250618/97373e4d/attachment.htm>
More information about the debian-security-tracker-commits
mailing list