[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun May 18 21:12:45 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3229dcc1 by security tracker role at 2025-05-18T20:12:35+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,53 @@
+CVE-2025-4894 (A vulnerability classified as problematic was found in calmkart Django ...)
+	TODO: check
+CVE-2025-4893 (A vulnerability classified as critical has been found in jammy928 Coin ...)
+	TODO: check
+CVE-2025-4892 (A vulnerability was found in code-projects Police Station Management S ...)
+	TODO: check
+CVE-2025-4891 (A vulnerability was found in code-projects Police Station Management S ...)
+	TODO: check
+CVE-2025-4890 (A vulnerability was found in code-projects Tourism Management System 1 ...)
+	TODO: check
+CVE-2025-4889 (A vulnerability has been found in code-projects Tourism Management Sys ...)
+	TODO: check
+CVE-2025-4888 (A vulnerability, which was classified as critical, was found in code-p ...)
+	TODO: check
+CVE-2025-4887 (A vulnerability, which was classified as problematic, has been found i ...)
+	TODO: check
+CVE-2025-4886 (A vulnerability classified as critical was found in itsourcecode Sales ...)
+	TODO: check
+CVE-2025-4885 (A vulnerability classified as critical has been found in itsourcecode  ...)
+	TODO: check
+CVE-2025-4884 (A vulnerability was found in itsourcecode Restaurant Management System ...)
+	TODO: check
+CVE-2025-4883 (A vulnerability was found in D-Link DI-8100 16.07.26A1. It has been de ...)
+	TODO: check
+CVE-2025-4882 (A vulnerability was found in itsourcecode Restaurant Management System ...)
+	TODO: check
+CVE-2025-4881 (A vulnerability was found in itsourcecode Restaurant Management System ...)
+	TODO: check
+CVE-2025-4880 (A vulnerability has been found in PHPGurukul News Portal 4.1 and class ...)
+	TODO: check
+CVE-2025-4875 (A vulnerability was found in Campcodes Online Shopping Portal 1.0. It  ...)
+	TODO: check
+CVE-2025-4874 (A vulnerability was found in PHPGurukul News Portal Project 4.1 and cl ...)
+	TODO: check
+CVE-2025-4873 (A vulnerability has been found in PHPGurukul News Portal 4.1 and class ...)
+	TODO: check
+CVE-2025-4872 (A vulnerability, which was classified as critical, was found in FreeFl ...)
+	TODO: check
+CVE-2025-4871 (A vulnerability, which was classified as critical, has been found in P ...)
+	TODO: check
+CVE-2025-4870 (A vulnerability classified as critical was found in itsourcecode Resta ...)
+	TODO: check
+CVE-2025-4869 (A vulnerability classified as critical has been found in itsourcecode  ...)
+	TODO: check
+CVE-2025-4868 (A vulnerability was found in merikbest ecommerce-spring-reactjs up to  ...)
+	TODO: check
+CVE-2025-4867 (A vulnerability was found in Tenda A15 15.13.07.13. It has been declar ...)
+	TODO: check
+CVE-2025-48219 (O2 UK through 2025-05-17 allows subscribers to determine the Cell ID o ...)
+	TODO: check
 CVE-2025-4919 (An attacker was able to perform an out-of-bounds read or write on a Ja ...)
 	- firefox-esr <not-affected> (Only affects the 115 series of Firefox ESR)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-38/#CVE-2025-4919
@@ -54,12 +104,16 @@ CVE-2025-4837 (A vulnerability classified as critical has been found in projectw
 	NOT-FOR-US: Project Worlds
 CVE-2025-3715 (The Bold Page Builder plugin for WordPress is vulnerable to Stored Cro ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2025-4921 (An attacker was able to perform an out-of-bounds read or write on a Ja ...)
+CVE-2025-4921
+	REJECTED
+	{DSA-5922-1}
 	- firefox 138.0.4-1
 	- firefox-esr 128.10.1esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-36/#CVE-2025-4921
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-37/#CVE-2025-4921
-CVE-2025-4920 (An attacker was able to perform an out-of-bounds read or write on a Ja ...)
+CVE-2025-4920
+	REJECTED
+	{DSA-5922-1}
 	- firefox 138.0.4-1
 	- firefox-esr 128.10.1esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-36/#CVE-2025-4920
@@ -1249,6 +1303,7 @@ CVE-2025-23166 [Improper error handling in async cryptographic operations crashe
 	- nodejs 20.19.2+dfsg-1 (bug #1105832)
 	NOTE: https://nodejs.org/en/blog/vulnerability/may-2025-security-releases#improper-error-handling-in-async-cryptographic-operations-crashes-process-cve-2025-23166---high
 CVE-2025-46836 (net-tools is a collection of programs that form the base set of the NE ...)
+	{DSA-5923-1}
 	- net-tools 2.10-1.2 (bug #1105806)
 	NOTE: https://github.com/ecki/net-tools/security/advisories/GHSA-pfwf-h6m3-63wf
 	NOTE: Fixed by: https://github.com/ecki/net-tools/commit/7a8f42fb20013a1493d8cae1c43436f85e656f2d
@@ -2356,36 +2411,44 @@ CVE-2024-55466 (An arbitrary file upload vulnerability in the Image Gallery of T
 CVE-2023-34732 (An issue in the userId parameter in the change password function of Fl ...)
 	NOT-FOR-US: Flytxt NEON-dX
 CVE-2025-20054 (Uncaught exception in the core management mechanism for some Intel(R)  ...)
+	{DLA-4170-1}
 	- intel-microcode 3.20250512.1 (bug #1105172)
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01244.html
 	NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250512
 CVE-2025-20103 (Insufficient resource pool in the core management mechanism for some I ...)
+	{DLA-4170-1}
 	- intel-microcode 3.20250512.1 (bug #1105172)
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01244.html
 	NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250512
 CVE-2024-45332 (Exposure of sensitive information caused by shared microarchitectural  ...)
+	{DLA-4170-1}
 	- intel-microcode 3.20250512.1 (bug #1105172)
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01247.html
 	NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250512
 	NOTE: https://comsec.ethz.ch/research/microarch/branch-privilege-injection/
 	NOTE: https://comsec.ethz.ch/wp-content/files/bprc_sec25.pdf
 CVE-2025-20623 (Exposure of sensitive information caused by shared microarchitectural  ...)
+	{DLA-4170-1}
 	- intel-microcode 3.20250512.1 (bug #1105172)
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01247.html
 	NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250512
 CVE-2024-43420 (Exposure of sensitive information caused by shared microarchitectural  ...)
+	{DLA-4170-1}
 	- intel-microcode 3.20250512.1 (bug #1105172)
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01247.html
 	NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250512
 CVE-2025-20012 (Incorrect behavior order for some Intel(R) Core\u2122 Ultra Processors ...)
+	{DLA-4170-1}
 	- intel-microcode 3.20250512.1 (bug #1105172)
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01322.html
 	NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250512
 CVE-2025-24495 (Incorrect initialization of resource in the branch prediction unit for ...)
+	{DLA-4170-1}
 	- intel-microcode 3.20250512.1 (bug #1105172)
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01322.html
 	NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250512
 CVE-2024-28956 (Exposure of Sensitive Information in Shared Microarchitectural Structu ...)
+	{DLA-4170-1}
 	- intel-microcode 3.20250512.1 (bug #1105172)
 	- linux 6.12.29-1
 	- xen <unfixed> (bug #1105193)
@@ -48158,7 +48221,7 @@ CVE-2024-12952 (A vulnerability classified as critical was found in melMass comf
 	NOT-FOR-US: melMass/comfy_mtb
 CVE-2024-12951 (A vulnerability classified as critical has been found in 1000 Projects ...)
 	NOT-FOR-US: 1000 Projects Portfolio Management System MCA
-CVE-2024-12950 (A vulnerability was found in code-projects Travel Management System 1. ...)
+CVE-2024-12950 (A vulnerability was found in code-projects/projectworlds Travel Manage ...)
 	NOT-FOR-US: code-projects Travel Management System
 CVE-2024-12949 (A vulnerability was found in code-projects Travel Management System 1. ...)
 	NOT-FOR-US: code-projects Travel Management System



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3229dcc1ab7605a890162f40fc7a591584c9df47

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3229dcc1ab7605a890162f40fc7a591584c9df47
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250518/857fe9ad/attachment.htm>

More information about the debian-security-tracker-commits mailing list