[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Jun 23 21:12:06 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b2d70077 by security tracker role at 2025-06-23T20:12:00+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,109 @@
+CVE-2025-6547 (Improper Input Validation vulnerability in pbkdf2 allows Signature Spo ...)
+ TODO: check
+CVE-2025-6545 (Improper Input Validation vulnerability in pbkdf2 allows Signature Spo ...)
+ TODO: check
+CVE-2025-6518 (A vulnerability was found in PySpur-Dev pyspur up to 0.1.18. It has be ...)
+ TODO: check
+CVE-2025-6517 (A vulnerability was found in Dromara MaxKey up to 4.1.7 and classified ...)
+ TODO: check
+CVE-2025-6516 (A vulnerability has been found in HDF5 up to 1.14.6 and classified as ...)
+ TODO: check
+CVE-2025-6513 (Standard Windows users can access the configuration file for database ...)
+ TODO: check
+CVE-2025-6512 (On a client with a non-admin user, a script can be integrated into a r ...)
+ TODO: check
+CVE-2025-6511 (A vulnerability classified as critical has been found in Netgear EX615 ...)
+ TODO: check
+CVE-2025-6510 (A vulnerability was found in Netgear EX6100 1.0.2.28_1.1.138. It has b ...)
+ TODO: check
+CVE-2025-6509 (A vulnerability was found in seaswalker spring-analysis up to 4379cce8 ...)
+ TODO: check
+CVE-2025-52969 (ClickHouse 25.7.1.557 allows low-privileged users to execute shell com ...)
+ TODO: check
+CVE-2025-52968 (xdg-open in xdg-utils through 1.2.1 can send requests containing SameS ...)
+ TODO: check
+CVE-2025-52967 (gateway_proxy_handler in MLflow before 3.1.0 lacks gateway_path valida ...)
+ TODO: check
+CVE-2025-52939 (Out-of-bounds Write vulnerability in dail8859 NotepadNext (src/lua/src ...)
+ TODO: check
+CVE-2025-52938 (Out-of-bounds Read vulnerability in dail8859 NotepadNext (src/lua/src ...)
+ TODO: check
+CVE-2025-52937 (Vulnerability in PointCloudLibrary PCL (surface/src/3rdparty/opennurbs ...)
+ TODO: check
+CVE-2025-52936 (Improper Link Resolution Before File Access ('Link Following') vulnera ...)
+ TODO: check
+CVE-2025-52935 (Integer Overflow or Wraparound vulnerability in dragonflydb dragonfly ...)
+ TODO: check
+CVE-2025-52922 (Innoshop through 0.4.1 allows directory traversal via FileManager API ...)
+ TODO: check
+CVE-2025-52921 (In Innoshop through 0.4.1, an authenticated attacker could exploit the ...)
+ TODO: check
+CVE-2025-52920 (Innoshop through 0.4.1 allows Insecure Direct Object Reference (IDOR) ...)
+ TODO: check
+CVE-2025-52879 (In JetBrains TeamCity before 2025.03.3 reflected XSS in the NPM Regist ...)
+ TODO: check
+CVE-2025-52878 (In JetBrains TeamCity before 2025.03.3 usernames were exposed to the u ...)
+ TODO: check
+CVE-2025-52877 (In JetBrains TeamCity before 2025.03.3 reflected XSS on diskUsageBuild ...)
+ TODO: check
+CVE-2025-52876 (In JetBrains TeamCity before 2025.03.3 reflected XSS on the favoriteIc ...)
+ TODO: check
+CVE-2025-52875 (In JetBrains TeamCity before 2025.03.3 a DOM-based XSS at the Performa ...)
+ TODO: check
+CVE-2025-52542
+ REJECTED
+CVE-2025-50349 (PHPGurukul Pre-School Enrollment System Project V1.0 is vulnerable to ...)
+ TODO: check
+CVE-2025-50348 (PHPGurukul Pre-School Enrollment System Project V1.0 is vulnerable to ...)
+ TODO: check
+CVE-2025-49574 (Quarkus is a Cloud Native, (Linux) Container First framework for writi ...)
+ TODO: check
+CVE-2025-49144 (Notepad++ is a free and open-source source code editor. In versions 8. ...)
+ TODO: check
+CVE-2025-49126 (Visionatrix is an AI Media processing tool using ComfyUI. In versions ...)
+ TODO: check
+CVE-2025-48700 (An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0 a ...)
+ TODO: check
+CVE-2025-48026 (A vulnerability in the WebApl component of Mitel OpenScape Xpressions ...)
+ TODO: check
+CVE-2025-46101 (SQL Injection vulnerability in Beakon Software Beakon Learning Managem ...)
+ TODO: check
+CVE-2025-44528 (An issue in Texas Instruments LP-CC2652RB SimpleLink CC13XX CC26XX SDK ...)
+ TODO: check
+CVE-2025-2172 (Aviatrix Controller versions prior to 7.1.4208, 7.2.5090, and 8.0.0 fa ...)
+ TODO: check
+CVE-2025-2171 (Aviatrix Controller versions prior to 7.1.4208, 7.2.5090, and 8.0.0 do ...)
+ TODO: check
+CVE-2025-27387 (OPPO Clone Phone uses a weak password WiFi hotspot to transfer files, ...)
+ TODO: check
+CVE-2025-23049 (Meridian Technique Materialise OrthoView through 7.5.1 allows OS Comma ...)
+ TODO: check
+CVE-2024-45347 (An unauthorized access vulnerability exists in the Xiaomi Mi Connect S ...)
+ TODO: check
+CVE-2024-3511 (An incorrect authorization vulnerability exists in multiple WSO2 produ ...)
+ TODO: check
+CVE-2023-50450 (An issue was discovered in Sensopart VISOR Vision Sensors before 2.10. ...)
+ TODO: check
+CVE-2023-48978 (An issue in NCR ITM Web terminal v.4.4.0 and v.4.4.4 allows a remote a ...)
+ TODO: check
+CVE-2023-47298 (An issue in NCR Terminal Handler 1.5.1 allows a low-level privileged a ...)
+ TODO: check
+CVE-2023-47297 (A settings manipulation vulnerability in NCR Terminal Handler v1.5.1 a ...)
+ TODO: check
+CVE-2023-47295 (A CSV injection vulnerability in NCR Terminal Handler v1.5.1 allows at ...)
+ TODO: check
+CVE-2023-47294 (An issue in NCR Terminal Handler v1.5.1 allows low-level privileged au ...)
+ TODO: check
+CVE-2023-47032 (Password Vulnerability in NCR Terminal Handler v.1.5.1 allows a remote ...)
+ TODO: check
+CVE-2023-47031 (An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to e ...)
+ TODO: check
+CVE-2023-47030 (An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to e ...)
+ TODO: check
+CVE-2023-47029 (An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to e ...)
+ TODO: check
+CVE-2021-47688 (In WhiteBeam 0.2.0 through 0.2.1 before 0.2.2, a user with local acces ...)
+ TODO: check
CVE-2025-6503 (A vulnerability was found in code-projects Inventory Management System ...)
NOT-FOR-US: code-projects
CVE-2025-6502 (A vulnerability has been found in code-projects Inventory Management S ...)
@@ -681,7 +787,7 @@ CVE-2025-47293 (PowSyBl (Power System Blocks) is a framework to build power syst
NOT-FOR-US: PowSyBl (Power System Blocks)
CVE-2025-5416 (A vulnerability has been identified in Keycloak that could lead to una ...)
- keycloak <itp> (bug #1088287)
-CVE-2025-4563
+CVE-2025-4563 (A vulnerability exists in the NodeRestriction admission controller whe ...)
- kubernetes 1.20.5+really1.20.2-1
NOTE: Server components no longer built since 1.20.5+really1.20.2-1, marking that as fixed version
NOTE: The source package itself it still vulnerable, but custom rebuilds are not really a usecase here
@@ -2355,7 +2461,7 @@ CVE-2025-48945 (pycares is a Python module which provides an interface to c-ares
NOTE: https://github.com/saghul/pycares/security/advisories/GHSA-5qpg-rh4j-qp35
NOTE: Fixed by: https://github.com/saghul/pycares/commit/ebfd7d71eb8e74bc1057a361ea79a5906db510d4 (v4.9.0)
CVE-2025-6199 (A flaw was found in the GIF parser of GdkPixbuf\u2019s LZW decoder. Wh ...)
- {DSA-5946-1}
+ {DSA-5946-1 DLA-4225-1}
- gdk-pixbuf 2.42.12+dfsg-3 (bug #1107994)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2373147
NOTE: https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/257
@@ -2638,33 +2744,39 @@ CVE-2025-6191 (Integer overflow in V8 in Google Chrome prior to 137.0.7151.119 a
- chromium 137.0.7151.119-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-49180 (A flaw was found in the RandR extension, where the RRChangeProviderPro ...)
+ {DSA-5947-1}
- xorg-server 2:21.1.16-1.2
- xwayland <unfixed>
[bookworm] - xwayland <ignored> (Minor issue; Xwayland shouldn't be running as root)
NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/3c3a4b767b16174d3213055947ea7f4f88e10ec6
NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/0235121c6a7a6eb247e2addb3b41ed6ef566853d
CVE-2025-49179 (A flaw was found in the X Record extension. The RecordSanityCheckRegis ...)
+ {DSA-5947-1}
- xorg-server 2:21.1.16-1.2
- xwayland <unfixed>
[bookworm] - xwayland <ignored> (Minor issue; Xwayland shouldn't be running as root)
NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/2bde9ca49a8fd9a1e6697d5e7ef837870d66f5d4
CVE-2025-49178 (A flaw was found in the X server's request handling. Non-zero 'bytes t ...)
+ {DSA-5947-1}
- xorg-server 2:21.1.16-1.2
- xwayland <unfixed>
[bookworm] - xwayland <ignored> (Minor issue; Xwayland shouldn't be running as root)
NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/d55c54cecb5e83eaa2d56bed5cc4461f9ba318c2
CVE-2025-49177 (A flaw was found in the XFIXES extension. The XFixesSetClientDisconnec ...)
+ {DSA-5947-1}
- xorg-server 2:21.1.16-1.2
- xwayland <unfixed>
[bookworm] - xwayland <ignored> (Minor issue; Xwayland shouldn't be running as root)
NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/ab02fb96b1c701c3bb47617d965522c34befa6af
CVE-2025-49176 (A flaw was found in the Big Requests extension. The request length is ...)
+ {DSA-5947-1}
- xorg-server 2:21.1.16-1.3 (bug #1108073)
- xwayland <unfixed>
[bookworm] - xwayland <ignored> (Minor issue; Xwayland shouldn't be running as root)
NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/03731b326a80b582e48d939fe62cb1e2b10400d9
NOTE: Followup: https://gitlab.freedesktop.org/xorg/xserver/-/commit/4fc4d76b2c7aaed61ed2653f997783a3714c4fe1
CVE-2025-49175 (A flaw was found in the X Rendering extension's handling of animated c ...)
+ {DSA-5947-1}
- xorg-server 2:21.1.16-1.2
- xwayland <unfixed>
[bookworm] - xwayland <ignored> (Minor issue; Xwayland shouldn't be running as root)
@@ -87665,6 +87777,7 @@ CVE-2024-43800 (serve-static serves static files. serve-static passes untrusted
NOTE: https://github.com/expressjs/serve-static/commit/0c11fad159898cdc69fd9ab63269b72468ecaf6b (1.16.0)
NOTE: https://github.com/expressjs/serve-static/commit/ce730896fddce1588111d9ef6fdf20896de5c6fa (2.1.0)
CVE-2024-43799 (Send is a library for streaming files from the file system as a http r ...)
+ {DLA-4224-1}
- node-send 1.1.0+~cs1.19.4-1 (bug #1081483)
[bookworm] - node-send 0.18.0+~cs1.19.1-3+deb12u1
NOTE: https://github.com/pillarjs/send/security/advisories/GHSA-m6fv-jmcg-4jfg
@@ -327848,7 +327961,7 @@ CVE-2021-38489
RESERVED
CVE-2021-38488 (Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to ...)
NOT-FOR-US: Delta Electronics DIALink
-CVE-2021-38487 (RTI Connext DDS Professional, Connext DDS Secure versions 4.2x to 6.1. ...)
+CVE-2021-38487 (RTI Connext Professional versions 4.1 to 6.1.0, and Connext Micro vers ...)
NOT-FOR-US: RTI Connext DDS
CVE-2021-38486 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 cl ...)
NOT-FOR-US: InHand Networks IR615 Router
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b2d700777c44ee25772749a14458cff21fef6b9f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b2d700777c44ee25772749a14458cff21fef6b9f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250623/95fe6026/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list