[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jun 19 21:12:46 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3afcabc2 by security tracker role at 2025-06-19T20:12:39+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,47 @@
+CVE-2025-6276 (A vulnerability was found in Brilliance Golden Link Secondary System u ...)
+	TODO: check
+CVE-2025-6275 (A vulnerability was found in WebAssembly wabt up to 1.0.37. It has bee ...)
+	TODO: check
+CVE-2025-6274 (A vulnerability was found in WebAssembly wabt up to 1.0.37. It has bee ...)
+	TODO: check
+CVE-2025-6273 (A vulnerability was found in WebAssembly wabt up to 1.0.37 and classif ...)
+	TODO: check
+CVE-2025-6272 (A vulnerability has been found in wasm3 0.5.0 and classified as proble ...)
+	TODO: check
+CVE-2025-6271 (A vulnerability, which was classified as problematic, was found in swf ...)
+	TODO: check
+CVE-2025-6270 (A vulnerability, which was classified as critical, has been found in H ...)
+	TODO: check
+CVE-2025-6269 (A vulnerability classified as critical was found in HDF5 up to 1.14.6. ...)
+	TODO: check
+CVE-2025-6268 (A vulnerability classified as problematic has been found in Luna Imagi ...)
+	TODO: check
+CVE-2025-6267 (A vulnerability was found in zhilink \u667a\u4e92\u8054(\u6df1\u5733)\ ...)
+	TODO: check
+CVE-2025-6266 (A vulnerability was found in FLIR AX8 up to 1.46. It has been declared ...)
+	TODO: check
+CVE-2025-5234 (The Gutenverse News plugin for WordPress is vulnerable to Stored Cross ...)
+	TODO: check
+CVE-2025-5071 (The AI Engine plugin for WordPress is vulnerable to unauthorized modif ...)
+	TODO: check
+CVE-2025-52464 (Meshtastic is an open source mesh networking solution. In versions fro ...)
+	TODO: check
+CVE-2025-50200 (RabbitMQ is a messaging and streaming broker. In versions 3.13.7 and p ...)
+	TODO: check
+CVE-2025-4738 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2025-49014 (jq is a command-line JSON processor. In version 1.8.0 a heap use after ...)
+	TODO: check
+CVE-2025-48886 (Hydra is a layer-two scalability solution for Cardano. Prior to versio ...)
+	TODO: check
+CVE-2025-36050 (IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 stores potentially ...)
+	TODO: check
+CVE-2025-33121 (IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12  is vulnerable to  ...)
+	TODO: check
+CVE-2025-33117 (IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12  could allow a pri ...)
+	TODO: check
+CVE-2024-24916 (Untrusted DLLs in the installer's directory may be loaded and executed ...)
+	TODO: check
 CVE-2025-6201 (The Pixel Manager for WooCommerce \u2013 Track Conversions and Analyti ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-5524 (The OceanWP theme for WordPress is vulnerable to Stored Cross-Site Scr ...)
@@ -1518,12 +1562,12 @@ CVE-2025-38005 (In the Linux kernel, the following vulnerability has been resolv
 	- linux 6.12.30-1
 	[bookworm] - linux 6.1.140-1
 	NOTE: https://git.kernel.org/linus/fca280992af8c2fbd511bc43f65abb4a17363f2f (6.15-rc7)
-CVE-2025-31698 [ATS: Client IP address from PROXY protocol is not used for ACL]
+CVE-2025-31698 (ACL configured in ip_allow.config or remap.config does not use IP addr ...)
 	- trafficserver <unfixed> (bug #1108044)
 	NOTE: https://www.openwall.com/lists/oss-security/2025/06/17/7
 	NOTE: https://github.com/apache/trafficserver/commit/ce942e0acacd5cc9f38bd07565a1dfc5ffed0e33 (9.2.11-rc0)
 	NOTE: https://github.com/apache/trafficserver/commit/91a654dfa4de0c48aa222b87bfb909f9f21b03e0 (master)
-CVE-2025-49763 [ATS: Remote DoS via memory exhaustion in ESI Plugin]
+CVE-2025-49763 (ESI plugin does not have the limit for maximum inclusion depth, and th ...)
 	- trafficserver <unfixed> (bug #1108044)
 	NOTE: https://www.openwall.com/lists/oss-security/2025/06/17/7
 	NOTE: https://github.com/apache/trafficserver/commit/2db8b8dc96e57fc292850f77b9783630cc9590b9 (9.2.11-rc0)
@@ -1849,7 +1893,7 @@ CVE-2025-0320 (Local Privilege escalation allows a low-privileged user to gain S
 	NOT-FOR-US: Citrix
 CVE-2024-40570 (SQL Injection vulnerability in SeaCMS v.12.9 allows a remote attacker  ...)
 	NOT-FOR-US: SeaCMS
-CVE-2025-6019 [LPE from allow_active to root in libblockdev via udisks]
+CVE-2025-6019 (A Local Privilege Escalation (LPE) vulnerability was found in libblock ...)
 	{DSA-5943-1 DLA-4221-1}
 	- libblockdev 3.3.0-2.1
 	NOTE: https://www.openwall.com/lists/oss-security/2025/06/17/4
@@ -13856,6 +13900,7 @@ CVE-2025-0649 (Incorrect JSON input stringificationin Google's Tensorflow servin
 CVE-2024-12120 (The Royal Elementor Addons and Templates plugin for WordPress is vulne ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-27533 (Memory Allocation with Excessive Size Value vulnerability in Apache Ac ...)
+	{DLA-4222-1}
 	- activemq 5.17.6+dfsg-2 (bug #1104933)
 	NOTE: https://issues.apache.org/jira/browse/AMQ-6596
 	NOTE: Fixed by https://github.com/apache/activemq/pull/1399
@@ -21592,7 +21637,7 @@ CVE-2025-3533 (A vulnerability, which was classified as problematic, has been fo
 	NOT-FOR-US: YouDianCMS
 CVE-2025-3423 (IBM Aspera Faspex 5.0.0 through 5.0.11 is vulnerable to cross-site scr ...)
 	NOT-FOR-US: IBM
-CVE-2025-32896
+CVE-2025-32896 (# Summary  Unauthorized users can perform Arbitrary File Read and Dese ...)
 	NOT-FOR-US: Apache SeaTunnel
 CVE-2025-24859 (A session management vulnerability exists in Apache Roller before vers ...)
 	NOT-FOR-US: Apache Roller
@@ -639415,7 +639460,7 @@ CVE-2016-3401 (Unspecified vulnerability in Zimbra Collaboration before 8.7.0 al
 CVE-2016-3400 (NetApp Data ONTAP 8.1 and 8.2, when operating in 7-Mode, allows man-in ...)
 	NOT-FOR-US: NetApp Data ONTAP
 CVE-2016-3399
-	RESERVED
+	REJECTED
 CVE-2016-3398
 	RESERVED
 CVE-2014-9768 (IBM Tivoli NetView Access Services (NVAS) allows remote authenticated  ...)
@@ -823366,7 +823411,7 @@ CVE-2006-2360 (SQL injection vulnerability in charts.php in the Chart mod for ph
 CVE-2006-2359 (Cross-site scripting (XSS) vulnerability in charts.php in the Chart mo ...)
 	NOT-FOR-US: phpbb mod
 CVE-2006-2192
-	RESERVED
+	REJECTED
 CVE-2005-4803 (graphviz before 2.2.1 allows local users to overwrite arbitrary files  ...)
 	{DSA-857-1}
 	- graphviz 2.2.1-1sarge1 (bug #336985; low)
@@ -835991,7 +836036,7 @@ CVE-2005-2357 (Directory traversal vulnerability in EMC Navisphere Manager 6.4.1
 CVE-2005-2355
 	REJECTED
 CVE-2005-2347
-	RESERVED
+	REJECTED
 CVE-2005-2346 (Buffer overflow in Novell GroupWise 6.5 Client allows remote attackers ...)
 	NOT-FOR-US: Novell
 CVE-2005-2345



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3afcabc2af4d0d3322ad5a63a8f390197183a0e0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3afcabc2af4d0d3322ad5a63a8f390197183a0e0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250619/ceaf34bf/attachment.htm>

More information about the debian-security-tracker-commits mailing list