[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Jun 20 21:12:56 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
832c0c2e by security tracker role at 2025-06-20T20:12:50+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,354 @@
-CVE-2025-38083 [net_sched: prio: fix a race in prio_tune()]
+CVE-2025-6363 (A vulnerability, which was classified as critical, was found in code-p ...)
+ TODO: check
+CVE-2025-6362 (A vulnerability, which was classified as critical, has been found in c ...)
+ TODO: check
+CVE-2025-6361 (A vulnerability classified as critical was found in code-projects Simp ...)
+ TODO: check
+CVE-2025-6360 (A vulnerability classified as critical has been found in code-projects ...)
+ TODO: check
+CVE-2025-6359 (A vulnerability was found in code-projects Simple Pizza Ordering Syste ...)
+ TODO: check
+CVE-2025-6358 (A vulnerability was found in code-projects Simple Pizza Ordering Syste ...)
+ TODO: check
+CVE-2025-6357 (A vulnerability was found in code-projects Simple Pizza Ordering Syste ...)
+ TODO: check
+CVE-2025-6356 (A vulnerability was found in code-projects Simple Pizza Ordering Syste ...)
+ TODO: check
+CVE-2025-6355 (A vulnerability has been found in SourceCodester Online Hotel Reservat ...)
+ TODO: check
+CVE-2025-6354 (A vulnerability, which was classified as critical, has been found in c ...)
+ TODO: check
+CVE-2025-6353 (A vulnerability classified as problematic was found in code-projects R ...)
+ TODO: check
+CVE-2025-6352 (A vulnerability classified as problematic has been found in code-proje ...)
+ TODO: check
+CVE-2025-6351 (A vulnerability was found in itsourcecode Employee Record Management S ...)
+ TODO: check
+CVE-2025-6347 (A vulnerability was found in code-projects Responsive Blog 1.0/1.12.4/ ...)
+ TODO: check
+CVE-2025-6346 (A vulnerability was found in SourceCodester Advance Charity Management ...)
+ TODO: check
+CVE-2025-6345 (A vulnerability was found in SourceCodester My Food Recipe 1.0 and cla ...)
+ TODO: check
+CVE-2025-6344 (A vulnerability has been found in code-projects Online Shoe Store 1.0 ...)
+ TODO: check
+CVE-2025-6343 (A vulnerability, which was classified as critical, was found in code-p ...)
+ TODO: check
+CVE-2025-6342 (A vulnerability, which was classified as critical, has been found in c ...)
+ TODO: check
+CVE-2025-6341 (A vulnerability classified as problematic was found in code-projects S ...)
+ TODO: check
+CVE-2025-6340 (A vulnerability classified as problematic has been found in code-proje ...)
+ TODO: check
+CVE-2025-6339 (A vulnerability was found in ponaravindb Hospital Management System 1. ...)
+ TODO: check
+CVE-2025-6337 (A vulnerability was found in TOTOLINK A3002R and A3002RU 3.0.0-B202308 ...)
+ TODO: check
+CVE-2025-6336 (A vulnerability was found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. ...)
+ TODO: check
+CVE-2025-6335 (A vulnerability was found in DedeCMS up to 5.7.2 and classified as cri ...)
+ TODO: check
+CVE-2025-6334 (A vulnerability has been found in D-Link DIR-867 1.0 and classified as ...)
+ TODO: check
+CVE-2025-6333 (A vulnerability, which was classified as critical, was found in PHPGur ...)
+ TODO: check
+CVE-2025-6332 (A vulnerability, which was classified as critical, has been found in P ...)
+ TODO: check
+CVE-2025-6331 (A vulnerability classified as critical was found in PHPGurukul Directo ...)
+ TODO: check
+CVE-2025-6330 (A vulnerability classified as critical has been found in PHPGurukul Di ...)
+ TODO: check
+CVE-2025-6329 (A vulnerability was found in ScriptAndTools Real Estate Management Sys ...)
+ TODO: check
+CVE-2025-6328 (A vulnerability was found in D-Link DIR-815 1.01. It has been declared ...)
+ TODO: check
+CVE-2025-6323 (A vulnerability was found in PHPGurukul Pre-School Enrollment System 1 ...)
+ TODO: check
+CVE-2025-6322 (A vulnerability was found in PHPGurukul Pre-School Enrollment System 1 ...)
+ TODO: check
+CVE-2025-6321 (A vulnerability has been found in PHPGurukul Pre-School Enrollment Sys ...)
+ TODO: check
+CVE-2025-6320 (A vulnerability, which was classified as critical, was found in PHPGur ...)
+ TODO: check
+CVE-2025-6257 (The Euro FxRef Currency Converter plugin for WordPress is vulnerable t ...)
+ TODO: check
+CVE-2025-6193 (A command injection vulnerability was discovered in the TrustyAI Expla ...)
+ TODO: check
+CVE-2025-5963 (The Postbox's configuration on macOS, specifically the presence of ent ...)
+ TODO: check
+CVE-2025-5255 (The Phoenix Code's configuration on macOS, specifically the presence o ...)
+ TODO: check
+CVE-2025-5121 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
+ TODO: check
+CVE-2025-52825 (Cross-Site Request Forgery (CSRF) vulnerability in Rameez Iqbal Real E ...)
+ TODO: check
+CVE-2025-52822 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-52821 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-52802 (Missing Authorization vulnerability in enguerranws Import YouTube vide ...)
+ TODO: check
+CVE-2025-52795 (Cross-Site Request Forgery (CSRF) vulnerability in aharonyan WP Front ...)
+ TODO: check
+CVE-2025-52794 (Cross-Site Request Forgery (CSRF) vulnerability in Creative-Solutions ...)
+ TODO: check
+CVE-2025-52793 (Cross-Site Request Forgery (CSRF) vulnerability in Esselink.nu Esselin ...)
+ TODO: check
+CVE-2025-52792 (Cross-Site Request Forgery (CSRF) vulnerability in vgstef WP User Styl ...)
+ TODO: check
+CVE-2025-52791 (Cross-Site Request Forgery (CSRF) vulnerability in devfelixmoira Knowl ...)
+ TODO: check
+CVE-2025-52790 (Cross-Site Request Forgery (CSRF) vulnerability in r-win WP-DownloadCo ...)
+ TODO: check
+CVE-2025-52789 (Cross-Site Request Forgery (CSRF) vulnerability in George Lewe Lewe Ch ...)
+ TODO: check
+CVE-2025-52784 (Cross-Site Request Forgery (CSRF) vulnerability in hideoguchi Bluff Po ...)
+ TODO: check
+CVE-2025-52783 (Cross-Site Request Forgery (CSRF) vulnerability in themelocation Chang ...)
+ TODO: check
+CVE-2025-52782 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-52781 (Cross-Site Request Forgery (CSRF) vulnerability in Beee TinyNav allows ...)
+ TODO: check
+CVE-2025-52780 (Cross-Site Request Forgery (CSRF) vulnerability in Mohammad Parsa Logo ...)
+ TODO: check
+CVE-2025-52772 (Cross-Site Request Forgery (CSRF) vulnerability in Adnan Haque (a11n) ...)
+ TODO: check
+CVE-2025-52733 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-52719 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
+ TODO: check
+CVE-2025-52715 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-52713 (Server-Side Request Forgery (SSRF) vulnerability in BoldGrid Post and ...)
+ TODO: check
+CVE-2025-52711 (Cross-Site Request Forgery (CSRF) vulnerability in BoldGrid Post and P ...)
+ TODO: check
+CVE-2025-52710 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-52708 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-52707 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-52484 (RISC Zero is a general computing platform based on zk-STARKs and the R ...)
+ TODO: check
+CVE-2025-50051 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-50050 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-50049 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-50048 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-50047 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-50046 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-50045 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-50044 (Cross-Site Request Forgery (CSRF) vulnerability in Rameez Iqbal Real E ...)
+ TODO: check
+CVE-2025-50043 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-50042 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-50041 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-50038 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-50037 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-50036 (Cross-Site Request Forgery (CSRF) vulnerability in Yamna Khawaja Maili ...)
+ TODO: check
+CVE-2025-50035 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-50034 (Missing Authorization vulnerability in Mahmudul Hasan Arif Enhanced Bl ...)
+ TODO: check
+CVE-2025-50033 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-50030 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-50027 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-50026 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-50025 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-50024 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-50023 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-50022 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-50021 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-50020 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-50019 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-50018 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-50017 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-50016 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-50015 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-50014 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-50013 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-50012 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-50011 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-50010 (Missing Authorization vulnerability in Zapier Zapier for WordPress all ...)
+ TODO: check
+CVE-2025-50009 (Missing Authorization vulnerability in Climax Themes Kata Plus allows ...)
+ TODO: check
+CVE-2025-50008 (Missing Authorization vulnerability in cscode WooCommerce Manager R ...)
+ TODO: check
+CVE-2025-4981 (Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10. ...)
+ TODO: check
+CVE-2025-4102 (The Beaver Builder Plugin (Starter Version) plugin for WordPress is vu ...)
+ TODO: check
+CVE-2025-49998 (Missing Authorization vulnerability in Wetail WooCommerce Fortnox Inte ...)
+ TODO: check
+CVE-2025-49997 (Missing Authorization vulnerability in Syed Balkhi Giveaways and Conte ...)
+ TODO: check
+CVE-2025-49996 (Missing Authorization vulnerability in osama.esh WP Visitor Statistics ...)
+ TODO: check
+CVE-2025-49995 (Authorization Bypass Through User-Controlled Key vulnerability in dFac ...)
+ TODO: check
+CVE-2025-49993 (Missing Authorization vulnerability in Cookie Script Cookie-Script.com ...)
+ TODO: check
+CVE-2025-49991 (Missing Authorization vulnerability in tggfref WP-Recall allows Access ...)
+ TODO: check
+CVE-2025-49990 (Missing Authorization vulnerability in contentstudio ContentStudio all ...)
+ TODO: check
+CVE-2025-49989 (Missing Authorization vulnerability in App Cheap App Builder allows Ex ...)
+ TODO: check
+CVE-2025-49988 (Missing Authorization vulnerability in Renzo Contact Form 7 AWeber Ext ...)
+ TODO: check
+CVE-2025-49987 (Missing Authorization vulnerability in WPFactory CRM ERP Business Solu ...)
+ TODO: check
+CVE-2025-49986 (Missing Authorization vulnerability in thanhtungtnt Video List Manager ...)
+ TODO: check
+CVE-2025-49985 (Server-Side Request Forgery (SSRF) vulnerability in Ali Irani Auto Upl ...)
+ TODO: check
+CVE-2025-49984 (Server-Side Request Forgery (SSRF) vulnerability in Angelo Mandato Pow ...)
+ TODO: check
+CVE-2025-49983 (Server-Side Request Forgery (SSRF) vulnerability in Joe Hoyle WPThumb ...)
+ TODO: check
+CVE-2025-49982 (Missing Authorization vulnerability in aguilatechnologies WP Customer ...)
+ TODO: check
+CVE-2025-49981 (Missing Authorization vulnerability in mahabub81 User Roles and Capabi ...)
+ TODO: check
+CVE-2025-49980 (Missing Authorization vulnerability in WP Event Manager WP User Profil ...)
+ TODO: check
+CVE-2025-49979 (Missing Authorization vulnerability in slui Media Hygiene allows Explo ...)
+ TODO: check
+CVE-2025-49978 (Authorization Bypass Through User-Controlled Key vulnerability in eyec ...)
+ TODO: check
+CVE-2025-49977 (Cross-Site Request Forgery (CSRF) vulnerability in WP Inventory WP Inv ...)
+ TODO: check
+CVE-2025-49976 (Missing Authorization vulnerability in WANotifier WANotifier allows Ex ...)
+ TODO: check
+CVE-2025-49975 (Cross-Site Request Forgery (CSRF) vulnerability in Hossni Mubarak JobW ...)
+ TODO: check
+CVE-2025-49974 (Missing Authorization vulnerability in upstreamplugin UpStream: a Proj ...)
+ TODO: check
+CVE-2025-49973 (Missing Authorization vulnerability in GrandPlugins Image Sizes Contro ...)
+ TODO: check
+CVE-2025-49972 (Cross-Site Request Forgery (CSRF) vulnerability in David Wood TM Repla ...)
+ TODO: check
+CVE-2025-49971 (Missing Authorization vulnerability in aThemeArt Translations eDS Resp ...)
+ TODO: check
+CVE-2025-49970 (Missing Authorization vulnerability in sparklewpthemes Hello FSE Blog ...)
+ TODO: check
+CVE-2025-49969 (Missing Authorization vulnerability in Zara 4 Zara 4 Image Compression ...)
+ TODO: check
+CVE-2025-49968 (Cross-Site Request Forgery (CSRF) vulnerability in Oganro XML Travel P ...)
+ TODO: check
+CVE-2025-49967 (Cross-Site Request Forgery (CSRF) vulnerability in marcusjansen Live S ...)
+ TODO: check
+CVE-2025-49966 (Cross-Site Request Forgery (CSRF) vulnerability in Oganro Oganro Trave ...)
+ TODO: check
+CVE-2025-49965 (Cross-Site Request Forgery (CSRF) vulnerability in Oganro PixelBeds Ch ...)
+ TODO: check
+CVE-2025-49964 (Cross-Site Request Forgery (CSRF) vulnerability in indgeek ClipLink al ...)
+ TODO: check
+CVE-2025-49873 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-49132 (Pterodactyl is a free, open-source game server management panel. Prior ...)
+ TODO: check
+CVE-2025-48706 (An issue was discovered in COROS PACE 3 through 3.0808.0. Due to an ou ...)
+ TODO: check
+CVE-2025-48705 (An issue was discovered in COROS PACE 3 through 3.0808.0. Due to a NUL ...)
+ TODO: check
+CVE-2025-48059 (PowSyBl (Power System Blocks) is a framework to build power system ori ...)
+ TODO: check
+CVE-2025-46179 (A SQL Injection vulnerability was discovered in the askquery.php file ...)
+ TODO: check
+CVE-2025-46158 (An issue in redoxOS kernel before commit 5d41cd7c allows a local attac ...)
+ TODO: check
+CVE-2025-45890 (Directory Traversal vulnerability in novel plus before v.5.1.0 allows ...)
+ TODO: check
+CVE-2025-45331 (brplot v420.69.1 contains a Null Pointer Dereference (NPD) vulnerabili ...)
+ TODO: check
+CVE-2025-44635 (There are multiple unauthorized remote command execution vulnerabiliti ...)
+ TODO: check
+CVE-2025-44203 (In HotelDruid 3.0.7, an unauthenticated attacker can exploit verbose S ...)
+ TODO: check
+CVE-2025-3319 (IBM Spectrum Protect Server 8.1 through 8.1.26 could allow attacker to ...)
+ TODO: check
+CVE-2025-3228 (Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10. ...)
+ TODO: check
+CVE-2025-3227 (Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10. ...)
+ TODO: check
+CVE-2025-34030 (An OS command injection vulnerability exists in sar2html version 3.2.2 ...)
+ TODO: check
+CVE-2025-34029 (An OS command injection vulnerability exists in the Edimax EW-7438RPn ...)
+ TODO: check
+CVE-2025-34024 (An OS command injection vulnerability exists in the Edimax EW-7438RPn ...)
+ TODO: check
+CVE-2025-34023 (A path traversal vulnerability exists in the Karel IP1211 IP Phone's w ...)
+ TODO: check
+CVE-2025-34022 (A path traversal vulnerability exists in multiple models of Selea Targ ...)
+ TODO: check
+CVE-2025-34021 (A server-side request forgery (SSRF) vulnerability exists in multiple ...)
+ TODO: check
+CVE-2025-32880 (An issue was discovered on COROS PACE 3 devices through 3.0808.0. It i ...)
+ TODO: check
+CVE-2025-32879 (An issue was discovered on COROS PACE 3 devices through 3.0808.0. It s ...)
+ TODO: check
+CVE-2025-32878 (An issue was discovered on COROS PACE 3 devices through 3.0808.0. It i ...)
+ TODO: check
+CVE-2025-32877 (An issue was discovered on COROS PACE 3 devices through 3.0808.0. It i ...)
+ TODO: check
+CVE-2025-32876 (An issue was discovered on COROS PACE 3 devices through 3.0808.0. The ...)
+ TODO: check
+CVE-2025-32875 (An issue was discovered in the COROS application through 3.8.12 for An ...)
+ TODO: check
+CVE-2025-32753 (Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.0.1, contains an ...)
+ TODO: check
+CVE-2025-2443 (An issue has been discovered in GitLab EE that allows for cross-site-s ...)
+ TODO: check
+CVE-2025-25038 (An OS command injection vulnerability exists in MiniDVBLinux version 5 ...)
+ TODO: check
+CVE-2025-25037 (An information disclosure vulnerability exists in Aquatronica Controll ...)
+ TODO: check
+CVE-2025-25034 (A PHP object injection vulnerability exists in SugarCRM versions prior ...)
+ TODO: check
+CVE-2024-7586 (An issue was discovered in GitLab EE affecting all versions starting f ...)
+ TODO: check
+CVE-2024-53298 (Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.0.1, contains a m ...)
+ TODO: check
+CVE-2024-4994 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
+ TODO: check
+CVE-2024-4025 (A Denial of Service (DoS) condition has been discovered in GitLab CE/E ...)
+ TODO: check
+CVE-2025-38083 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/d35acc1be3480505b5931f17e4ea9b7617fea4d3 (6.16-rc2)
CVE-2025-6384 (Improper Control of Dynamically-Managed Code Resources vulnerability i ...)
@@ -95,7 +445,7 @@ CVE-2025-47771 (PowSyBl (Power System Blocks) is a framework to build power syst
TODO: check
CVE-2025-47293 (PowSyBl (Power System Blocks) is a framework to build power system ori ...)
TODO: check
-CVE-2025-5416
+CVE-2025-5416 (A vulnerability has been identified in Keycloak that could lead to una ...)
- keycloak <itp> (bug #1088287)
CVE-2025-4563
- kubernetes 1.20.5+really1.20.2-1
@@ -254,9 +604,9 @@ CVE-2025-36048 (IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 c
NOT-FOR-US: IBM
CVE-2025-29646 (An issue in upf in open5gs 2.7.2 and earlier allows a remote attacker ...)
- open5gs <itp> (bug #1094791)
-CVE-2025-26199 (An issue in CloudClassroom PHP Project v.1.0 allows a remote attacker ...)
+CVE-2025-26199 (CloudClassroom-PHP-Project v1.0 is affected by an insecure credential ...)
NOT-FOR-US: CloudClassroom PHP Project
-CVE-2025-26198 (CloudClassroom-PHP-Project v.1.0 is vulnerable to SQL Injection in log ...)
+CVE-2025-26198 (CloudClassroom-PHP-Project v1.0 contains a critical SQL Injection vuln ...)
NOT-FOR-US: CloudClassroom PHP Project
CVE-2025-23999 (Missing Authorization vulnerability in Cloudways Breeze allows Exploit ...)
NOT-FOR-US: WordPress plugin or theme
@@ -1762,7 +2112,7 @@ CVE-2025-23252 (The NVIDIA NVDebug tool contains a vulnerability that may allow
NOT-FOR-US: NVDebug
CVE-2025-1562 (The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, ...)
NOT-FOR-US: WordPress plugin
-CVE-2025-48945
+CVE-2025-48945 (pycares is a Python module which provides an interface to c-ares. c-ar ...)
- pycares <unfixed>
[bookworm] - pycares <no-dsa> (Minor issue, too intrusive to backport)
[bullseye] - pycares <postponed> (Minor issue; can be fixed in next update)
@@ -1973,7 +2323,7 @@ CVE-2025-45878 (A cross-site scripting (XSS) vulnerability in the report manager
NOT-FOR-US: Miliaris Amigdala
CVE-2025-45526 (A denial of service (DoS) vulnerability has been identified in the Jav ...)
NOT-FOR-US: microlight
-CVE-2025-45525 (A null pointer dereference vulnerability was discovered in microlight. ...)
+CVE-2025-45525 (A NULL pointer dereference vulnerability has been identified in the Ja ...)
NOT-FOR-US: microlight
CVE-2025-40674 (Reflected Cross-Site Scripting (XSS) in osCommerce v4. This vulnerabil ...)
NOT-FOR-US: osCommerce
@@ -3521,7 +3871,7 @@ CVE-2025-49709 (Certain canvas operations could have lead to memory corruption.
- firefox 139.0.4-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-47/#CVE-2025-49709
CVE-2025-49091 (KDE Konsole before 25.04.2 allows remote code execution in a certain s ...)
- {DLA-4220-1}
+ {DSA-5945-1 DLA-4220-1}
- konsole 4:25.04.0-2 (bug #1107672)
NOTE: https://www.openwall.com/lists/oss-security/2025/06/10/5
NOTE: https://kde.org/info/security/advisory-20250609-1.txt
@@ -27594,7 +27944,8 @@ CVE-2025-2909 (The lack of encryption in the DuoxMe (formerly Blue) application
NOT-FOR-US: DuoxMe
CVE-2025-2908 (The exposure of credentials in the call forwarding configuration modul ...)
NOT-FOR-US: MeetMe
-CVE-2025-2901 (A flaw was found in the JBoss EAP Management Console, where a stored C ...)
+CVE-2025-2901
+ REJECTED
NOT-FOR-US: JBoss EAP Management Console
CVE-2025-2877 (A flaw was found in the Ansible Automation Platform's Event-Driven Ans ...)
NOT-FOR-US: Red Hat Ansible Automation Platform
@@ -168112,7 +168463,7 @@ CVE-2023-5831 (An issue has been discovered in GitLab CE/EE affecting all versio
- gitlab 16.4.4+ds2-2
CVE-2023-4700 (An authorization issue affecting GitLab EE affecting all versions from ...)
- gitlab <not-affected> (Specific to EE)
-CVE-2023-5600
+CVE-2023-5600 (An issue has been discovered in GitLab EE affecting all versions start ...)
- gitlab <not-affected> (Specific to EE)
CVE-2023-3246 (An issue has been discovered in GitLab EE/CE affecting all versions st ...)
- gitlab 16.4.4+ds2-2
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/832c0c2ed30cbe67b3da48f51a87fcd352f5b31d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/832c0c2ed30cbe67b3da48f51a87fcd352f5b31d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250620/3c97f6e5/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list