[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue May 6 09:12:44 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0340897d by security tracker role at 2025-05-06T08:12:37+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,141 @@
+CVE-2025-4340 (A vulnerability classified as critical has been found in D-Link DIR-89 ...)
+	TODO: check
+CVE-2025-4337 (The AHAthat Plugin plugin for WordPress is vulnerable to Cross-Site Re ...)
+	TODO: check
+CVE-2025-4333 (A vulnerability was found in feng_ha_ha/megagao ssm-erp and production ...)
+	TODO: check
+CVE-2025-4332 (A vulnerability was found in PHPGurukul Company Visitor Management Sys ...)
+	TODO: check
+CVE-2025-4331 (A vulnerability classified as critical was found in SourceCodester Onl ...)
+	TODO: check
+CVE-2025-4329 (A vulnerability was found in 74CMS up to 3.33.0. It has been rated as  ...)
+	TODO: check
+CVE-2025-4328 (A vulnerability was found in fp2952 spring-cloud-base up to 7f050dc6db ...)
+	TODO: check
+CVE-2025-4327 (A vulnerability was found in MRCMS 3.1.2. It has been classified as pr ...)
+	TODO: check
+CVE-2025-4326 (A vulnerability was found in MRCMS 3.1.2 and classified as problematic ...)
+	TODO: check
+CVE-2025-4325 (A vulnerability has been found in MRCMS 3.1.2 and classified as proble ...)
+	TODO: check
+CVE-2025-4324 (A vulnerability, which was classified as problematic, was found in MRC ...)
+	TODO: check
+CVE-2025-4323 (A vulnerability, which was classified as problematic, has been found i ...)
+	TODO: check
+CVE-2025-4314 (A vulnerability has been found in SourceCodester Advanced Web Store 1. ...)
+	TODO: check
+CVE-2025-4313 (A vulnerability, which was classified as critical, was found in Source ...)
+	TODO: check
+CVE-2025-4312 (A vulnerability, which was classified as critical, has been found in S ...)
+	TODO: check
+CVE-2025-4311 (A vulnerability classified as critical was found in itsourcecode Conte ...)
+	TODO: check
+CVE-2025-4310 (A vulnerability classified as critical has been found in itsourcecode  ...)
+	TODO: check
+CVE-2025-4309 (A vulnerability was found in PHPGurukul Art Gallery Management System  ...)
+	TODO: check
+CVE-2025-4308 (A vulnerability was found in PHPGurukul Art Gallery Management System  ...)
+	TODO: check
+CVE-2025-4307 (A vulnerability was found in PHPGurukul Art Gallery Management System  ...)
+	TODO: check
+CVE-2025-4306 (A vulnerability was found in PHPGurukul Nipah Virus Testing Management ...)
+	TODO: check
+CVE-2025-4305 (A vulnerability has been found in kefaming mayi up to 1.3.9 and classi ...)
+	TODO: check
+CVE-2025-4304 (A vulnerability, which was classified as critical, was found in PHPGur ...)
+	TODO: check
+CVE-2025-4303 (A vulnerability, which was classified as critical, has been found in P ...)
+	TODO: check
+CVE-2025-4301 (A vulnerability classified as critical was found in itsourcecode Conte ...)
+	TODO: check
+CVE-2025-4300 (A vulnerability classified as critical has been found in itsourcecode  ...)
+	TODO: check
+CVE-2025-4299 (A vulnerability was found in Tenda AC1206 up to 15.03.06.23. It has be ...)
+	TODO: check
+CVE-2025-4298 (A vulnerability was found in Tenda AC1206 up to 15.03.06.23. It has be ...)
+	TODO: check
+CVE-2025-4297 (A vulnerability was found in PHPGurukul Men Salon Management System 2. ...)
+	TODO: check
+CVE-2025-4293 (A vulnerability was found in MRCMS 3.1.3 and classified as problematic ...)
+	TODO: check
+CVE-2025-4292 (A vulnerability has been found in MRCMS 3.1.3 and classified as proble ...)
+	TODO: check
+CVE-2025-4291 (A vulnerability, which was classified as critical, was found in IdeaCM ...)
+	TODO: check
+CVE-2025-4290 (A vulnerability, which was classified as critical, has been found in P ...)
+	TODO: check
+CVE-2025-4289 (A vulnerability classified as critical was found in PCMan FTP Server 2 ...)
+	TODO: check
+CVE-2025-4288 (A vulnerability classified as critical has been found in PCMan FTP Ser ...)
+	TODO: check
+CVE-2025-47303
+	REJECTED
+CVE-2025-47302
+	REJECTED
+CVE-2025-47301
+	REJECTED
+CVE-2025-47300
+	REJECTED
+CVE-2025-47299
+	REJECTED
+CVE-2025-47298
+	REJECTED
+CVE-2025-47297
+	REJECTED
+CVE-2025-47296
+	REJECTED
+CVE-2025-46728 (cpp-httplib is a C++ header-only HTTP/HTTPS server and client library. ...)
+	TODO: check
+CVE-2025-46593 (Process residence vulnerability in abnormal scenarios in the print mod ...)
+	TODO: check
+CVE-2025-46592 (Null pointer dereference vulnerability in the USB HDI driver module Im ...)
+	TODO: check
+CVE-2025-46591 (Out-of-bounds data read vulnerability in the authorization module Impa ...)
+	TODO: check
+CVE-2025-46590 (Bypass vulnerability in the network search instruction authentication  ...)
+	TODO: check
+CVE-2025-46589 (Vulnerability of unauthorized access in the app lock module Impact: Su ...)
+	TODO: check
+CVE-2025-46588 (Vulnerability of unauthorized access in the app lock module Impact: Su ...)
+	TODO: check
+CVE-2025-46587 (Permission control vulnerability in the media library module Impact: S ...)
+	TODO: check
+CVE-2025-46586 (Permission control vulnerability in the contacts module Impact: Succes ...)
+	TODO: check
+CVE-2025-46585 (Out-of-bounds array read/write vulnerability in the kernel module Impa ...)
+	TODO: check
+CVE-2025-46584 (Vulnerability of improper authentication logic implementation in the f ...)
+	TODO: check
+CVE-2025-44074 (SeaCMS v13.3 was discovered to contain a SQL injection vulnerability v ...)
+	TODO: check
+CVE-2025-44072 (SeaCMS v13.3 was discovered to contain a SQL injection vulnerability v ...)
+	TODO: check
+CVE-2025-44071 (SeaCMS v13.3 was discovered to contain a remote code execution (RCE) v ...)
+	TODO: check
+CVE-2025-3610 (The Reales WP STPT plugin for WordPress is vulnerable to privilege esc ...)
+	TODO: check
+CVE-2025-3609 (The Reales WP STPT plugin for WordPress is vulnerable to unauthorized  ...)
+	TODO: check
+CVE-2025-3281 (The User Registration & Membership \u2013 Custom Registration Form, Lo ...)
+	TODO: check
+CVE-2025-3020 (An low privileged remote Attacker can execute arbitrary web scripts or ...)
+	TODO: check
+CVE-2025-2802 (The LayoutBoxx plugin for WordPress is vulnerable to arbitrary shortco ...)
+	TODO: check
+CVE-2025-2509 (Out-of-Bounds Read in Virglrenderer in ChromeOS  16093.57.0 allows a m ...)
+	TODO: check
+CVE-2025-1493 (IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 12.1 ...)
+	TODO: check
+CVE-2025-1000 (IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 ...)
+	TODO: check
+CVE-2025-0915 (IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 ...)
+	TODO: check
+CVE-2024-58252 (Vulnerability of insufficient information protection in the media libr ...)
+	TODO: check
+CVE-2024-39442 (In sprd ssense service, there is a possible missing permission check.  ...)
+	TODO: check
+CVE-2023-46716
+	REJECTED
 CVE-2025-4318 (The AWS Amplify Studio UI component property expressions in the aws-am ...)
 	NOT-FOR-US: Amazon
 CVE-2025-4316 (Improper access control in PAM feature in Devolutions Server 2025.1.6. ...)
@@ -5275,7 +5413,7 @@ CVE-2025-2903 (An attacker with knowledge of creating user accounts during VM de
 	NOT-FOR-US: Perforce
 CVE-2025-2400
 	REJECTED
-CVE-2025-2073 (Out-of-Bounds Read in ip_set_bitmap_ip.c in Google ChromeOS Kernel Ver ...)
+CVE-2025-2073 (Out-of-Bounds Read in netfilter/ipset in Linux Kernel ChromeOS [6.1, 5 ...)
 	NOT-FOR-US: ChromeOS
 CVE-2025-29710 (SourceCodester Company Website CMS 1.0 is vulnerable to Cross Site Scr ...)
 	NOT-FOR-US: SourceCodester
@@ -5307,7 +5445,7 @@ CVE-2025-24907 (Overview         The product uses external input to construct a
 	NOT-FOR-US: Hitachi Vantara Pentaho Data Integration & Analytics
 CVE-2025-1704 (ComponentInstaller Modification in ComponentInstaller in Google Chrome ...)
 	NOT-FOR-US: ChromeOS
-CVE-2025-1568 (Access Control Vulnerability in Gerrit chromiumos project configuratio ...)
+CVE-2025-1568 (or other security impacts via manipulating IPSET_ATTR_CIDR Netlink att ...)
 	NOT-FOR-US: ChromeOS
 CVE-2025-1566 (DNS Leak in Native System VPN in Google ChromeOS Dev Channel on Chrome ...)
 	NOT-FOR-US: ChromeOS
@@ -6846,7 +6984,7 @@ CVE-2025-1688 (Milestone Systems has discovered a security vulnerability in Mile
 	NOT-FOR-US: Milestone XProtect installer
 CVE-2025-1292 (Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 122.0 ...)
 	NOT-FOR-US: ChromeOS
-CVE-2025-1122 (Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 122.0 ...)
+CVE-2025-1122 (Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 15753 ...)
 	NOT-FOR-US: ChromeOS
 CVE-2024-50960 (A command injection vulnerability in the Nmap diagnostic tool in the a ...)
 	NOT-FOR-US: Extron
@@ -299383,7 +299521,7 @@ CVE-2021-43071 (A heap-based buffer overflow in Fortinet FortiWeb version 6.4.1
 CVE-2021-43070 (Multiple relative path traversal vulnerabilities [CWE-23] in FortiWLM  ...)
 	NOT-FOR-US: FortiGuard
 CVE-2021-43069
-	RESERVED
+	REJECTED
 CVE-2021-43068 (A improper authentication in Fortinet FortiAuthenticator version 6.4.0 ...)
 	NOT-FOR-US: FortiGuard
 CVE-2021-43067 (A exposure of sensitive information to an unauthorized actor in Fortin ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0340897dbb5d9988cf15820e1eb7dbbe7e9b44a5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0340897dbb5d9988cf15820e1eb7dbbe7e9b44a5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250506/987c960e/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list