[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu May 15 09:12:11 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
19869bad by security tracker role at 2025-05-15T08:12:04+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,71 @@
+CVE-2025-4737 (Insufficient encryption vulnerability in the mobile application (com.t ...)
+	TODO: check
+CVE-2025-4591 (The Weluka Lite plugin for WordPress is vulnerable to Stored Cross-Sit ...)
+	TODO: check
+CVE-2025-4589 (The Bon Toolkit plugin for WordPress is vulnerable to Stored Cross-Sit ...)
+	TODO: check
+CVE-2025-4579 (The WP Content Security Plugin plugin for WordPress is vulnerable to S ...)
+	TODO: check
+CVE-2025-4126 (The EG-Series plugin for WordPress is vulnerable to Stored Cross-Site  ...)
+	TODO: check
+CVE-2025-48027 (The HttpAuth plugin in pGina.Fork through 3.9.9.12 allows authenticati ...)
+	TODO: check
+CVE-2025-48024 (In BlueWave Checkmate before 2.1, an authenticated regular user can ac ...)
+	TODO: check
+CVE-2025-47889 (In Jenkins WSO2 Oauth Plugin 1.0 and earlier, authentication claims ar ...)
+	TODO: check
+CVE-2025-47888 (Jenkins DingTalk Plugin 2.7.3 and earlier unconditionally disables SSL ...)
+	TODO: check
+CVE-2025-47887 (Missing permission checks in Jenkins Cadence vManager Plugin 4.0.1-286 ...)
+	TODO: check
+CVE-2025-47886 (A cross-site request forgery (CSRF) vulnerability in Jenkins Cadence v ...)
+	TODO: check
+CVE-2025-47885 (Jenkins Health Advisor by CloudBees Plugin 374.v194b_d4f0c8c8 and earl ...)
+	TODO: check
+CVE-2025-47884 (In Jenkins OpenID Connect Provider Plugin 96.vee8ed882ec4d and earlier ...)
+	TODO: check
+CVE-2025-47783 (Label Studio is a multi-type data labeling and annotation tool. A vuln ...)
+	TODO: check
+CVE-2025-44879 (WS-WN572HP3 V230525 was discovered to contain a buffer overflow in the ...)
+	TODO: check
+CVE-2025-44024 (Cross-Site Scripting (XSS) vulnerability was discovered in the Pichome ...)
+	TODO: check
+CVE-2025-3917 (The \u767e\u5ea6\u7ad9\u957fSEO\u5408\u96c6(\u652f\u6301\u767e\u5ea6/\ ...)
+	TODO: check
+CVE-2025-3742 (The Responsive Lightbox & Gallery WordPress plugin before 2.5.1 does n ...)
+	TODO: check
+CVE-2025-3053 (The UiPress lite | Effortless custom dashboards, admin themes and page ...)
+	TODO: check
+CVE-2025-32421 (Next.js is a React framework for building full-stack web applications. ...)
+	TODO: check
+CVE-2025-29691 (A cross-site scripting (XSS) vulnerability in OA System before v2025.0 ...)
+	TODO: check
+CVE-2025-29690 (A cross-site scripting (XSS) vulnerability in OA System before v2025.0 ...)
+	TODO: check
+CVE-2025-29689 (A cross-site scripting (XSS) vulnerability in OA System before v2025.0 ...)
+	TODO: check
+CVE-2025-29688 (A cross-site scripting (XSS) vulnerability in OA System before v2025.0 ...)
+	TODO: check
+CVE-2025-29686 (A cross-site scripting (XSS) vulnerability in OA System before v2025.0 ...)
+	TODO: check
+CVE-2025-27891 (An issue was discovered in Samsung Mobile Processor, Wearable Processo ...)
+	TODO: check
+CVE-2025-27525 (Information Exposure vulnerability in Hitachi JP1/IT Desktop Managemen ...)
+	TODO: check
+CVE-2025-27524 (Weak encryption vulnerability in Hitachi JP1/IT Desktop Management 2 - ...)
+	TODO: check
+CVE-2025-27523 (XXE vulnerability in Hitachi JP1/IT Desktop Management 2 - Smart Devic ...)
+	TODO: check
+CVE-2025-26783 (An issue was discovered in RRC in Samsung Mobile Processor, Wearable P ...)
+	TODO: check
+CVE-2024-56427 (An issue was discovered in Samsung Mobile Processor and Wearable Proce ...)
+	TODO: check
+CVE-2024-55569 (An issue was discovered in Samsung Mobile Processor, Wearable Processo ...)
+	TODO: check
+CVE-2024-45067 (Incorrect default permissions in some Intel(R) Gaudi(R) software insta ...)
+	TODO: check
+CVE-2024-13914 (The File Manager Advanced Shortcode WordPress plugin for WordPress is  ...)
+	TODO: check
 CVE-2025-4478
 	- gnome-remote-desktop <unfixed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2365232
@@ -11,7 +79,7 @@ CVE-2025-23167 [Improper HTTP header block termination in llhttp]
 CVE-2025-23166 [Improper error handling in async cryptographic operations crashes process]
 	- nodejs <unfixed>
 	NOTE: https://nodejs.org/en/blog/vulnerability/may-2025-security-releases#improper-error-handling-in-async-cryptographic-operations-crashes-process-cve-2025-23166---high
-CVE-2025-46836 [Stack-based Buffer Overflow in net-tools (get_name)]
+CVE-2025-46836 (net-tools is a collection of programs that form the base set of the NE ...)
 	- net-tools <unfixed> (bug #1105806)
 	NOTE: https://github.com/ecki/net-tools/security/advisories/GHSA-pfwf-h6m3-63wf
 	NOTE: Fixed by: https://github.com/ecki/net-tools/commit/7a8f42fb20013a1493d8cae1c43436f85e656f2d
@@ -1155,7 +1223,7 @@ CVE-2025-23395
 	NOTE: Fixed by: https://git.savannah.gnu.org/cgit/screen.git/commit/?id=e894caeffccdb62f9c644989a936dc7ec83cc747
 	NOTE: https://www.openwall.com/lists/oss-security/2025/05/12/1
 CVE-2025-22247 (VMware Tools contains an insecure file handling vulnerability.A malici ...)
-	{DLA-4165-1}
+	{DSA-5919-1 DLA-4165-1}
 	- open-vm-tools 2:12.5.0-2 (bug #1105159)
 	NOTE: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25683
 	NOTE: Patches: https://github.com/vmware/open-vm-tools/tree/CVE-2025-22247.patch
@@ -6773,8 +6841,8 @@ CVE-2025-46419 (Westermo WeOS 5 through 5.23.0 allows a reboot via a malformed E
 	NOT-FOR-US: Westermo WeOS
 CVE-2025-46417 (The unsafe globals in Picklescan before 0.0.25 do not include ssl. Con ...)
 	NOT-FOR-US: Picklescan
-CVE-2025-46400
-	REJECTED
+CVE-2025-46400 (In xfig diagramming tool, a segmentation fault while running fig2dev a ...)
+	TODO: check
 CVE-2025-46399
 	REJECTED
 CVE-2025-46398



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/19869bada5d41eb8e6e71faebf26ae8d5b39bd14

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/19869bada5d41eb8e6e71faebf26ae8d5b39bd14
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250515/cbfea081/attachment.htm>

More information about the debian-security-tracker-commits mailing list