[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat May 17 09:12:34 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a7c08042 by security tracker role at 2025-05-17T08:12:27+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,47 @@
+CVE-2025-4819 (A vulnerability classified as problematic has been found in y_project  ...)
+	TODO: check
+CVE-2025-4818 (A vulnerability was found in SourceCodester Doctor's Appointment Syste ...)
+	TODO: check
+CVE-2025-4817 (A vulnerability was found in Sourcecodester Doctor's Appointment Syste ...)
+	TODO: check
+CVE-2025-4816 (A vulnerability was found in SourceCodester Doctor's Appointment Syste ...)
+	TODO: check
+CVE-2025-4815 (A vulnerability was found in Campcodes Sales and Inventory System 1.0  ...)
+	TODO: check
+CVE-2025-4814 (A vulnerability has been found in Campcodes Sales and Inventory System ...)
+	TODO: check
+CVE-2025-4813 (A vulnerability, which was classified as critical, was found in PHPGur ...)
+	TODO: check
+CVE-2025-4812 (A vulnerability, which was classified as critical, has been found in P ...)
+	TODO: check
+CVE-2025-4811 (A vulnerability was found in CodeAstro Pharmacy Management System 1.0. ...)
+	TODO: check
+CVE-2025-4810 (A vulnerability was found in Tenda AC7 15.03.06.44. It has been declar ...)
+	TODO: check
+CVE-2025-4805 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2025-4804 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2025-4391 (The Echo RSS Feed Post Generator plugin for WordPress is vulnerable to ...)
+	TODO: check
+CVE-2025-4389 (The Crawlomatic Multipage Scraper Post Generator plugin for WordPress  ...)
+	TODO: check
+CVE-2025-4194 (The AlT Monitoring plugin for WordPress is vulnerable to Cross-Site Re ...)
+	TODO: check
+CVE-2025-4190 (The CSV Mass Importer WordPress plugin through 1.2 does not properly v ...)
+	TODO: check
+CVE-2025-4189 (The Audio Comments Plugin plugin for WordPress is vulnerable to Cross- ...)
+	TODO: check
+CVE-2025-48188 (libpspp-core.a in GNU PSPP through 2.0.1 has an incorrect call from fi ...)
+	TODO: check
+CVE-2025-3812 (The WPBot Pro Wordpress Chatbot plugin for WordPress is vulnerable to  ...)
+	TODO: check
+CVE-2025-32407 (Samsung Internet for Galaxy Watch version 5.0.9, available up until Sa ...)
+	TODO: check
+CVE-2025-1706 (Software installed and run as a non-privileged user may conduct improp ...)
+	TODO: check
+CVE-2024-47893 (Kernel software installed and running inside a Guest VM may exploit me ...)
+	TODO: check
 CVE-2025-4809 (A vulnerability was found in Tenda AC7 15.03.06.44. It has been classi ...)
 	NOT-FOR-US: Tenda
 CVE-2025-4808 (A vulnerability was found in PHPGurukul Park Ticketing Management Syst ...)
@@ -1138,21 +1182,21 @@ CVE-2025-44184 (SourceCodester Best Employee Management System V1.0 is vulnerabl
 CVE-2025-40595 (A Server-side request forgery (SSRF) vulnerability has been identified ...)
 	NOT-FOR-US: SonicWall
 CVE-2025-3932 (It was possible to craft an email that showed a tracking link as an at ...)
-	{DSA-5921-1}
+	{DSA-5921-1 DLA-4167-1}
 	- thunderbird 1:128.10.1esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-34/#CVE-2025-3932
 CVE-2025-3931 (A flaw was found in Yggdrasil, which acts as a system broker, allowing ...)
 	NOT-FOR-US: Red Hat Yggdrasil, different from src:yggdrasil
 CVE-2025-3909 (Thunderbird's handling of the X-Mozilla-External-Attachment-URL header ...)
-	{DSA-5921-1}
+	{DSA-5921-1 DLA-4167-1}
 	- thunderbird 1:128.10.1esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-34/#CVE-2025-3909
 CVE-2025-3877 (A crafted HTML email using mailbox:/// links can trigger automatic, un ...)
-	{DSA-5921-1}
+	{DSA-5921-1 DLA-4167-1}
 	- thunderbird 1:128.10.1esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-34/#CVE-2025-3877
 CVE-2025-3875 (Thunderbird parses addresses in a way that can allow sender spoofing i ...)
-	{DSA-5921-1}
+	{DSA-5921-1 DLA-4167-1}
 	- thunderbird 1:128.10.1esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-34/#CVE-2025-3875
 CVE-2025-3834 (Zohocorp ManageEngineADAudit Plus versions8510and prior are vulnerable ...)
@@ -216242,8 +216286,8 @@ CVE-2022-4365 (An issue has been discovered in GitLab CE/EE affecting all versio
 	- gitlab 15.10.8+ds1-2
 CVE-2022-4364 (A vulnerability classified as critical has been found in Teledyne FLIR ...)
 	NOT-FOR-US: Teledyne
-CVE-2022-4363
-	RESERVED
+CVE-2022-4363 (The Wholesale Market WordPress plugin before 2.2.2, Wholesale Market f ...)
+	TODO: check
 CVE-2022-4362 (The Popup Maker WordPress plugin before 1.16.9 does not validate and e ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-4361 (Keycloak, an open-source identity and access management solution, has  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a7c080425f895ae34348dcf4492e038bf38ebd02

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a7c080425f895ae34348dcf4492e038bf38ebd02
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250517/a9e01e59/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list