[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon May 19 09:12:12 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
24c0d983 by security tracker role at 2025-05-19T08:12:05+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,100 @@
-CVE-2025-37891 [ALSA: ump: Fix buffer overflow at UMP SysEx message conversion]
+CVE-2025-4923 (A vulnerability, which was classified as critical, has been found in S ...)
+ TODO: check
+CVE-2025-4917 (A vulnerability classified as critical has been found in PHPGurukul Au ...)
+ TODO: check
+CVE-2025-4916 (A vulnerability was found in PHPGurukul Auto Taxi Stand Management Sys ...)
+ TODO: check
+CVE-2025-4915 (A vulnerability was found in PHPGurukul Auto Taxi Stand Management Sys ...)
+ TODO: check
+CVE-2025-4914 (A vulnerability was found in PHPGurukul Auto Taxi Stand Management Sys ...)
+ TODO: check
+CVE-2025-4913 (A vulnerability was found in PHPGurukul Auto Taxi Stand Management Sys ...)
+ TODO: check
+CVE-2025-4912 (A vulnerability has been found in SourceCodester Student Result Manage ...)
+ TODO: check
+CVE-2025-4911 (A vulnerability, which was classified as critical, was found in PHPGur ...)
+ TODO: check
+CVE-2025-4910 (A vulnerability, which was classified as critical, has been found in P ...)
+ TODO: check
+CVE-2025-4909 (A vulnerability classified as critical was found in SourceCodester Cli ...)
+ TODO: check
+CVE-2025-4908 (A vulnerability classified as critical has been found in PHPGurukul Da ...)
+ TODO: check
+CVE-2025-4907 (A vulnerability was found in PHPGurukul Daily Expense Tracker System 1 ...)
+ TODO: check
+CVE-2025-4906 (A vulnerability was found in PHPGurukul Notice Board System 1.0. It ha ...)
+ TODO: check
+CVE-2025-4905 (A vulnerability was found in iop-apl-uw basestation3 up to 3.0.4 and c ...)
+ TODO: check
+CVE-2025-4904 (A vulnerability has been found in D-Link DI-7003GV2 24.04.18D1 R(68125 ...)
+ TODO: check
+CVE-2025-4903 (A vulnerability, which was classified as critical, was found in D-Link ...)
+ TODO: check
+CVE-2025-4902 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2025-4901 (A vulnerability classified as problematic was found in D-Link DI-7003G ...)
+ TODO: check
+CVE-2025-4900 (A vulnerability classified as critical has been found in Campcodes Sal ...)
+ TODO: check
+CVE-2025-4899 (A vulnerability was found in Campcodes Sales and Inventory System 1.0. ...)
+ TODO: check
+CVE-2025-4898 (A vulnerability was found in SourceCodester Student Result Management ...)
+ TODO: check
+CVE-2025-4897 (A vulnerability was found in Tenda A15 15.13.07.09/15.13.07.13. It has ...)
+ TODO: check
+CVE-2025-4896 (A vulnerability was found in Tenda AC10 16.03.10.13 and classified as ...)
+ TODO: check
+CVE-2025-4895 (A vulnerability, which was classified as critical, has been found in S ...)
+ TODO: check
+CVE-2025-4477 (The ThreatSonar Anti-Ransomware from TeamT5 has a Privilege Escalation ...)
+ TODO: check
+CVE-2025-47760 (V-SFT v6.2.5.0 and earlier contains an issue with stack-based buffer o ...)
+ TODO: check
+CVE-2025-47759 (V-SFT v6.2.5.0 and earlier contains an issue with stack-based buffer o ...)
+ TODO: check
+CVE-2025-47758 (V-SFT v6.2.5.0 and earlier contains an issue with stack-based buffer o ...)
+ TODO: check
+CVE-2025-47757 (V-SFT v6.2.5.0 and earlier contains an issue with out-of-bounds read i ...)
+ TODO: check
+CVE-2025-47756 (V-SFT v6.2.5.0 and earlier contains an issue with out-of-bounds read i ...)
+ TODO: check
+CVE-2025-47755 (V-SFT v6.2.5.0 and earlier contains an issue with out-of-bounds read i ...)
+ TODO: check
+CVE-2025-47754 (V-SFT v6.2.5.0 and earlier contains an issue with out-of-bounds read i ...)
+ TODO: check
+CVE-2025-47753 (V-SFT v6.2.5.0 and earlier contains an issue with out-of-bounds read i ...)
+ TODO: check
+CVE-2025-47752 (V-SFT v6.2.5.0 and earlier contains an issue with out-of-bounds write ...)
+ TODO: check
+CVE-2025-47751 (V-SFT v6.2.5.0 and earlier contains an issue with out-of-bounds write ...)
+ TODO: check
+CVE-2025-47750 (V-SFT v6.2.5.0 and earlier contains an issue with out-of-bounds write ...)
+ TODO: check
+CVE-2025-47749 (V-SFT v6.2.5.0 and earlier contains an issue with free of pointer not ...)
+ TODO: check
+CVE-2025-46801 (Pgpool-II provided by PgPool Global Development Group contains an auth ...)
+ TODO: check
+CVE-2025-2892 (The All in One SEO \u2013 Powerful SEO Plugin to Boost SEO Rankings & ...)
+ TODO: check
+CVE-2025-2561 (The Ninja Forms WordPress plugin before 3.10.1 does not sanitise and ...)
+ TODO: check
+CVE-2025-2560 (The Ninja Forms WordPress plugin before 3.10.1 does not sanitise and ...)
+ TODO: check
+CVE-2025-2524 (The Ninja Forms WordPress plugin before 3.10.1 does not sanitise and ...)
+ TODO: check
+CVE-2025-23164 (A misconfigured access token mechanism in the Unifi Protect Applicatio ...)
+ TODO: check
+CVE-2025-23123 (A malicious actor with access to the management network could execute ...)
+ TODO: check
+CVE-2025-23122 (In Node.js, the `ReadFileUtf8` internal binding leaks memory due to a ...)
+ TODO: check
+CVE-2025-1627 (The Qi Blocks WordPress plugin before 1.4 does not validate and escape ...)
+ TODO: check
+CVE-2025-1626 (The Qi Blocks WordPress plugin before 1.4 does not validate and escape ...)
+ TODO: check
+CVE-2025-1625 (The Qi Blocks WordPress plugin before 1.4 does not validate and escape ...)
+ TODO: check
+CVE-2025-37891 (In the Linux kernel, the following vulnerability has been resolved: A ...)
- linux 6.12.29-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -54,12 +150,14 @@ CVE-2025-4867 (A vulnerability was found in Tenda A15 15.13.07.13. It has been d
CVE-2025-48219 (O2 UK through 2025-05-17 allows subscribers to determine the Cell ID o ...)
NOT-FOR-US: O2 UK
CVE-2025-4919 (An attacker was able to perform an out-of-bounds read or write on a Ja ...)
+ {DSA-5922-1}
- firefox 138.0.4-1
- firefox-esr 128.10.1esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-36/#CVE-2025-4919
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-37/#CVE-2025-4919
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-38/#CVE-2025-4919
CVE-2025-4918 (An attacker was able to perform an out-of-bounds read or write on a Ja ...)
+ {DSA-5922-1}
- firefox 138.0.4-1
- firefox-esr 128.10.1esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-36/#CVE-2025-4918
@@ -1298,18 +1396,18 @@ CVE-2025-4478 (A flaw was found in the gnome-remote-desktop used by Anaconda's r
[bullseye] - gnome-remote-desktop <ignored> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2365232
NOTE: Related: https://gitlab.gnome.org/GNOME/gnome-remote-desktop/-/issues/196
-CVE-2025-23165 [Corrupted pointer in node::fs::ReadFileUtf8(const FunctionCallbackInfo<Value>& args) when args[0] is a string]
+CVE-2025-23165 (In Node.js, the `ReadFileUtf8` internal binding leaks memory due to a ...)
- nodejs 20.19.2+dfsg-1 (bug #1105832)
[bullseye] - nodejs <not-affected> (The vulnerable code was introduced later)
NOTE: https://nodejs.org/en/blog/vulnerability/may-2025-security-releases#corrupted-pointer-in-nodefsreadfileutf8const-functioncallbackinfovalue-args-when-args0-is-a-string-cve-2025-23165---low
NOTE: https://github.com/nodejs/node/issues/57800
NOTE: Fixed by https://github.com/nodejs/node/commit/6a7b005a07a0912260e328c6397317b5b862ffde
-CVE-2025-23167 [Improper HTTP header block termination in llhttp]
+CVE-2025-23167 (A flaw in Node.js 20's HTTP parser allows improper termination of HTTP ...)
- node-undici <unfixed> (bug #1105919)
[bookworm] - node-undici <no-dsa> (Minor issue)
- llhttp <itp> (bug #977716)
NOTE: https://nodejs.org/en/blog/vulnerability/may-2025-security-releases#improper-http-header-block-termination-in-llhttp-cve-2025-23167---medium
-CVE-2025-23166 [Improper error handling in async cryptographic operations crashes process]
+CVE-2025-23166 (The C++ method SignTraits::DeriveBits() may incorrectly call ThrowExce ...)
- nodejs 20.19.2+dfsg-1 (bug #1105832)
[bullseye] - nodejs <not-affected> (The vulnerable code was introduced later)
NOTE: https://nodejs.org/en/blog/vulnerability/may-2025-security-releases#improper-error-handling-in-async-cryptographic-operations-crashes-process-cve-2025-23166---high
@@ -61467,7 +61565,7 @@ CVE-2024-36062 (The com.callassistant.android (aka AI Call Assistant & Screener)
NOT-FOR-US: com.callassistant.android (aka AI Call Assistant & Screener) application
CVE-2024-24409 (Zohocorp ManageEngine ADManager Plus versions 7203 and prior are vulne ...)
NOT-FOR-US: Zoho ManageEngine
-CVE-2024-21538 (Versions of the package cross-spawn before 7.0.5 are vulnerable to Reg ...)
+CVE-2024-21538 (Versions of the package cross-spawn before 6.0.6, from 7.0.0 and befor ...)
NOT-FOR-US: Node cross-spawn
CVE-2024-11000 (A vulnerability classified as problematic was found in CodeAstro Real ...)
NOT-FOR-US: CodeAstro Real Estate Management System
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/24c0d983669e1c5d701ba8fad1c050268087a920
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/24c0d983669e1c5d701ba8fad1c050268087a920
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250519/fc8baf03/attachment.htm>
More information about the debian-security-tracker-commits
mailing list