[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun May 18 09:12:42 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f5d38f72 by security tracker role at 2025-05-18T08:12:35+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,9 +1,63 @@
-CVE-2025-4921
+CVE-2025-4919 (An attacker was able to perform an out-of-bounds read or write on a Ja ...)
+	TODO: check
+CVE-2025-4918 (An attacker was able to perform an out-of-bounds read or write on a Ja ...)
+	TODO: check
+CVE-2025-4866 (A vulnerability was found in weibocom rill-flow 0.1.18. It has been cl ...)
+	TODO: check
+CVE-2025-4865 (A vulnerability was found in itsourcecode Restaurant Management System ...)
+	TODO: check
+CVE-2025-4864 (A vulnerability has been found in itsourcecode Restaurant Management S ...)
+	TODO: check
+CVE-2025-4863 (A vulnerability, which was classified as critical, was found in Advaya ...)
+	TODO: check
+CVE-2025-4862 (A vulnerability, which was classified as problematic, has been found i ...)
+	TODO: check
+CVE-2025-4861 (A vulnerability classified as critical was found in PHPGurukul Beauty  ...)
+	TODO: check
+CVE-2025-4860 (A vulnerability classified as problematic has been found in D-Link DAP ...)
+	TODO: check
+CVE-2025-4859 (A vulnerability was found in D-Link DAP-2695 120b36r137_ALL_en_2021052 ...)
+	TODO: check
+CVE-2025-4858 (A vulnerability was found in D-Link DAP-2695 120b36r137_ALL_en_2021052 ...)
+	TODO: check
+CVE-2025-4852 (A vulnerability, which was classified as problematic, has been found i ...)
+	TODO: check
+CVE-2025-4851 (A vulnerability classified as critical was found in TOTOLINK N300RH 6. ...)
+	TODO: check
+CVE-2025-4850 (A vulnerability classified as critical has been found in TOTOLINK N300 ...)
+	TODO: check
+CVE-2025-4849 (A vulnerability was found in TOTOLINK N300RH 6.1c.1390_B20191101. It h ...)
+	TODO: check
+CVE-2025-4848 (A vulnerability was found in FreeFloat FTP Server 1.0 and classified a ...)
+	TODO: check
+CVE-2025-4847 (A vulnerability has been found in FreeFloat FTP Server 1.0 and classif ...)
+	TODO: check
+CVE-2025-4846 (A vulnerability, which was classified as critical, was found in FreeFl ...)
+	TODO: check
+CVE-2025-4845 (A vulnerability, which was classified as critical, has been found in F ...)
+	TODO: check
+CVE-2025-4844 (A vulnerability classified as critical was found in FreeFloat FTP Serv ...)
+	TODO: check
+CVE-2025-4843 (A vulnerability was found in D-Link DCS-932L 2.18.01. It has been clas ...)
+	TODO: check
+CVE-2025-4842 (A vulnerability was found in D-Link DCS-932L 2.18.01. It has been decl ...)
+	TODO: check
+CVE-2025-4841 (A vulnerability was found in D-Link DCS-932L 2.18.01 and classified as ...)
+	TODO: check
+CVE-2025-4839 (A vulnerability has been found in itwanger paicoding 1.0.0/1.0.1/1.0.2 ...)
+	TODO: check
+CVE-2025-4838 (A vulnerability, which was classified as problematic, was found in kan ...)
+	TODO: check
+CVE-2025-4837 (A vulnerability classified as critical has been found in projectworlds ...)
+	TODO: check
+CVE-2025-3715 (The Bold Page Builder plugin for WordPress is vulnerable to Stored Cro ...)
+	TODO: check
+CVE-2025-4921 (An attacker was able to perform an out-of-bounds read or write on a Ja ...)
 	- firefox 138.0.4-1
 	- firefox-esr 128.10.1esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-36/#CVE-2025-4921
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-37/#CVE-2025-4921
-CVE-2025-4920
+CVE-2025-4920 (An attacker was able to perform an out-of-bounds read or write on a Ja ...)
 	- firefox 138.0.4-1
 	- firefox-esr 128.10.1esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-36/#CVE-2025-4920
@@ -3701,6 +3755,7 @@ CVE-2025-47439 (Improper Control of Filename for Include/Require Statement in PH
 CVE-2025-47423 (Personal Weather Station Dashboard 12_lts allows unauthenticated remot ...)
 	NOT-FOR-US: Personal Weather Station Dashboard
 CVE-2025-47203 (dbclient in Dropbear SSH before 2025.88 allows command injection via a ...)
+	{DLA-4169-1}
 	- dropbear 2025.88-1
 	[bookworm] - dropbear <no-dsa> (Minor issue)
 	NOTE: Fixed by: https://github.com/mkj/dropbear/commit/e5a0ef27c227f7ae69d9a9fec98a056494409b9b (DROPBEAR_2025.88)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f5d38f72d850d3157aea4ee96e7ad7df91487be6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f5d38f72d850d3157aea4ee96e7ad7df91487be6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250518/86290ad4/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list