[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu May 15 21:12:13 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
53875b0f by security tracker role at 2025-05-15T20:12:06+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,145 @@
+CVE-2025-4762 (Insecure Direct Object Reference (IDOR) vulnerability in the eSignaVie ...)
+ TODO: check
+CVE-2025-4717 (A vulnerability, which was classified as critical, was found in PHPGur ...)
+ TODO: check
+CVE-2025-4716 (A vulnerability was found in Campcodes Sales and Inventory System 1.0. ...)
+ TODO: check
+CVE-2025-4715 (A vulnerability was found in Campcodes Sales and Inventory System 1.0. ...)
+ TODO: check
+CVE-2025-4714 (A vulnerability was found in Campcodes Sales and Inventory System 1.0. ...)
+ TODO: check
+CVE-2025-4713 (A vulnerability was found in Campcodes Sales and Inventory System 1.0 ...)
+ TODO: check
+CVE-2025-4712 (A vulnerability has been found in Campcodes Sales and Inventory System ...)
+ TODO: check
+CVE-2025-4711 (A vulnerability, which was classified as critical, was found in Campco ...)
+ TODO: check
+CVE-2025-4710 (A vulnerability, which was classified as critical, has been found in C ...)
+ TODO: check
+CVE-2025-4709 (A vulnerability classified as critical was found in Campcodes Sales an ...)
+ TODO: check
+CVE-2025-4708 (A vulnerability classified as critical has been found in Campcodes Sal ...)
+ TODO: check
+CVE-2025-4707 (A vulnerability was found in Campcodes Sales and Inventory System 1.0. ...)
+ TODO: check
+CVE-2025-4706 (A vulnerability was found in projectworlds Online Examination System 1 ...)
+ TODO: check
+CVE-2025-4705 (A vulnerability was found in PHPGurukul Vehicle Parking Management Sys ...)
+ TODO: check
+CVE-2025-4704 (A vulnerability was found in PHPGurukul Vehicle Parking Management Sys ...)
+ TODO: check
+CVE-2025-4703 (A vulnerability has been found in PHPGurukul Vehicle Parking Managemen ...)
+ TODO: check
+CVE-2025-4702 (A vulnerability, which was classified as critical, was found in PHPGur ...)
+ TODO: check
+CVE-2025-4701 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2025-4699 (A vulnerability classified as critical was found in PHPGurukul Apartme ...)
+ TODO: check
+CVE-2025-4698 (A vulnerability classified as critical has been found in PHPGurukul Di ...)
+ TODO: check
+CVE-2025-4697 (A vulnerability was found in PHPGurukul Directory Management System 2. ...)
+ TODO: check
+CVE-2025-4696 (A vulnerability was found in PHPGurukul Cyber Cafe Management System 1 ...)
+ TODO: check
+CVE-2025-4695 (A vulnerability was found in PHPGurukul Cyber Cafe Management System 1 ...)
+ TODO: check
+CVE-2025-4564 (The TicketBAI Facturas para WooCommerce plugin for WordPress is vulner ...)
+ TODO: check
+CVE-2025-4516 (There is an issue in CPython when using `bytes.decode("unicode_escape" ...)
+ TODO: check
+CVE-2025-48051 (powertip.ts in Lila (for Lichess) before ab0beaf allows XSS in some ap ...)
+ TODO: check
+CVE-2025-48050 (In DOMPurify through 3.2.5 before 6bc6d60, scripts/server.js does not ...)
+ TODO: check
+CVE-2025-47789 (Horilla is a free and open source Human Resource Management System (HR ...)
+ TODO: check
+CVE-2025-47788 (Atheos is a self-hosted browser-based cloud IDE. Prior to v602, simila ...)
+ TODO: check
+CVE-2025-47787 (Emlog is an open source website building system. Emlog Pro prior to ve ...)
+ TODO: check
+CVE-2025-47786 (Emlog is an open source website building system. Version 2.5.13 has a ...)
+ TODO: check
+CVE-2025-47785 (Emlog is an open source website building system. In versions up to and ...)
+ TODO: check
+CVE-2025-47784 (Emlog is an open source website building system. Versions 2.5.13 and p ...)
+ TODO: check
+CVE-2025-47774 (Vyper is the Pythonic Programming Language for the Ethereum Virtual Ma ...)
+ TODO: check
+CVE-2025-47580 (Missing Authorization vulnerability in Rustaurius Front End Users allo ...)
+ TODO: check
+CVE-2025-47285 (Vyper is the Pythonic Programming Language for the Ethereum Virtual Ma ...)
+ TODO: check
+CVE-2025-47279 (Undici is an HTTP/1.1 client for Node.js. Prior to versions 5.29.0, 6. ...)
+ TODO: check
+CVE-2025-47161 (Microsoft Defender for Endpoint Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2025-46834 (Alchemy's Modular Account is a smart contract account that is compatib ...)
+ TODO: check
+CVE-2025-46053 (A SQL Injection vulnerability in WebERP v4.15.2 allows attackers to ex ...)
+ TODO: check
+CVE-2025-46052 (An error-based SQL Injection (SQLi) vulnerability in WebERP v4.15.2 al ...)
+ TODO: check
+CVE-2025-44185 (SourceCodester Best Employee Management System V1.0 is vulnerable to C ...)
+ TODO: check
+CVE-2025-44183 (Phpgurukul Vehicle Record Management System v1.0 is vulnerable to Cros ...)
+ TODO: check
+CVE-2025-44182 (Phpgurukul Vehicle Record Management System v1.0 is vulnerable to Cros ...)
+ TODO: check
+CVE-2025-44181 (Phpgurukul Vehicle Record Management System v1.0 is vulnerable to Cros ...)
+ TODO: check
+CVE-2025-44180 (Phpgurukul Vehicle Record Management System v1.0 is vulnerable to Cros ...)
+ TODO: check
+CVE-2025-44110 (FluxBB 1.5.11 is vulnerable to Cross Site Scripting (XSS) in via the F ...)
+ TODO: check
+CVE-2025-43853 (The WebAssembly Micro Runtime's (WAMR) iwasm package is the executable ...)
+ TODO: check
+CVE-2025-3446 (Mattermost versions 10.6.x <= 10.6.1, 10.5.x <= 10.5.2, 10.4.x <= 10.4 ...)
+ TODO: check
+CVE-2025-3440 (IBM Security Guardium 11.5 is vulnerable to stored cross-site scriptin ...)
+ TODO: check
+CVE-2025-32922 (Cross-Site Request Forgery (CSRF) vulnerability in Tobias WP2LEADS all ...)
+ TODO: check
+CVE-2025-32738 (Missing authentication for critical function issue exists in I-O DATA ...)
+ TODO: check
+CVE-2025-32002 (Improper neutralization of special elements used in an OS command ('OS ...)
+ TODO: check
+CVE-2025-31947 (Mattermost versions 10.6.x <= 10.6.1, 10.5.x <= 10.5.2, 10.4.x <= 10.4 ...)
+ TODO: check
+CVE-2025-30476 (Dell PowerScale InsightIQ, version 5.2, contains an uncontrolled resou ...)
+ TODO: check
+CVE-2025-30475 (Dell PowerScale InsightIQ, versions 5.0 through 5.2, contains an impro ...)
+ TODO: check
+CVE-2025-30421 (There is a memory corruption vulnerability due to a stack-based buffer ...)
+ TODO: check
+CVE-2025-30420 (There is a memory corruption vulnerability due to an out of bounds rea ...)
+ TODO: check
+CVE-2025-30419 (There is a memory corruption vulnerability due to an out of bounds rea ...)
+ TODO: check
+CVE-2025-30418 (There is a memory corruption vulnerability due to an out of bounds wri ...)
+ TODO: check
+CVE-2025-30417 (There is a memory corruption vulnerability due to an out of bounds wri ...)
+ TODO: check
+CVE-2025-2570 (Mattermost versions 10.5.x <= 10.5.3, 9.11.x <= 9.11.11 fail to check ...)
+ TODO: check
+CVE-2025-2527 (Mattermost versions 10.5.x <= 10.5.2, 9.11.x <= 9.11.11 failed to prop ...)
+ TODO: check
+CVE-2025-26481 (Dell PowerScale OneFS, versions 9.4.0.0 through 9.9.0.0, contains an u ...)
+ TODO: check
+CVE-2025-1647 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-56006 (Missing Authorization vulnerability in Automattic Jetpack Debug Tools. ...)
+ TODO: check
+CVE-2024-52880 (An issue was discovered in Insyde InsydeH2O kernel 5.2 before version ...)
+ TODO: check
+CVE-2024-52879 (An issue was discovered in Insyde InsydeH2O kernel 5.2 before version ...)
+ TODO: check
+CVE-2024-52878 (An issue was discovered in Insyde InsydeH2O kernel 5.2 before version ...)
+ TODO: check
+CVE-2024-52877 (An issue was discovered in Insyde InsydeH2O kernel 5.2 before version ...)
+ TODO: check
+CVE-2024-51666 (Missing Authorization vulnerability in Automattic Tours.This issue aff ...)
+ TODO: check
CVE-2025-4737 (Insufficient encryption vulnerability in the mobile application (com.t ...)
TODO: check
CVE-2025-4591 (The Weluka Lite plugin for WordPress is vulnerable to Stored Cross-Sit ...)
@@ -244,9 +386,11 @@ CVE-2024-10865 (Improper Input validation leads to XSS or Cross-site Scripting v
CVE-2024-10864 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: OpenText
CVE-2025-4609
+ {DSA-5920-1}
- chromium 136.0.7103.113-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-4664 (Insufficient policy enforcement in Loader in Google Chrome prior to 13 ...)
+ {DSA-5920-1}
- chromium 136.0.7103.113-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2023-53146 (In the Linux kernel, the following vulnerability has been resolved: m ...)
@@ -6874,12 +7018,12 @@ CVE-2025-46400 (In xfig diagramming tool, a segmentation fault while running fig
NOTE: Error covered with: https://sourceforge.net/p/mcj/fig2dev/ci/1e5515a1ea2ec8651cf85ab5000d026bb962492a/
NOTE: Fixed by: https://sourceforge.net/p/mcj/fig2dev/ci/c4465e0d9af89d9738aad31c2d0873ac1fa03c96/
NOTE: Crash in CLI tool, no security impact
-CVE-2025-46399
- REJECTED
-CVE-2025-46398
- REJECTED
-CVE-2025-46397
- REJECTED
+CVE-2025-46399 (In xfig diagramming tool, a segmentation fault in fig2dev allows memor ...)
+ TODO: check
+CVE-2025-46398 (In xfig diagramming tool, a stack-overflow while running fig2dev allow ...)
+ TODO: check
+CVE-2025-46397 (In xfig diagramming tool, a stack-overflowwhile running fig2dev allows ...)
+ TODO: check
CVE-2025-46381
REJECTED
CVE-2025-46380
@@ -10732,6 +10876,7 @@ CVE-2023-42977 (A path handling issue was addressed with improved validation. Th
CVE-2023-42973 (Private Browsing tabs may be accessed without authentication. This iss ...)
NOT-FOR-US: Apple
CVE-2023-42970 (A use-after-free issue was addressed with improved memory management. ...)
+ {DSA-5527-1}
- webkit2gtk 2.42.0-1
- wpewebkit 2.42.0-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
@@ -10742,6 +10887,7 @@ CVE-2023-42969 (An app may be able to break out of its sandbox. This issue is fi
CVE-2023-42961 (A path handling issue was addressed with improved validation. This iss ...)
NOT-FOR-US: Apple
CVE-2023-42875 (Processing web content may lead to arbitrary code execution. This issu ...)
+ {DSA-5527-1}
- webkit2gtk 2.42.0-1
- wpewebkit 2.42.0-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
@@ -47538,7 +47684,7 @@ CVE-2024-12840
REJECTED
CVE-2024-12677 (Delta Electronics DTM Soft deserializes objects, which could allow an ...)
NOT-FOR-US: Delta Electronics
-CVE-2024-12014 (Path Traversal and Insecure Direct Object Reference (IDOR) vulnerabili ...)
+CVE-2024-12014 (Path Traversal vulnerability in the eSignaViewer component in eSigna p ...)
NOT-FOR-US: eSigna
CVE-2024-10385 (Ticket management system in DirectAdmin Evolution Skin is vulnerable t ...)
NOT-FOR-US: DirectAdmin Evolution Skin
@@ -139208,7 +139354,7 @@ CVE-2023-7077 (Sharp NEC Displays (P403, P463, P553, P703, P801, X554UN, X464UN,
NOT-FOR-US: Sharp
CVE-2023-5800 (Vintage, member of the AXIS OS Bug Bounty Program, has found that the ...)
NOT-FOR-US: AXIS
-CVE-2023-5677 (Brandon Rothel from QED Secure Solutions has found that the VAPIX API ...)
+CVE-2023-5677 (Brandon Rothel from QED Secure Solutions and Sam Hanson of Dragos have ...)
NOT-FOR-US: AXIS
CVE-2023-51504 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/53875b0f6e7954a04ff865062f37e588f7187654
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/53875b0f6e7954a04ff865062f37e588f7187654
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250515/983d71b1/attachment.htm>
More information about the debian-security-tracker-commits
mailing list