[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue May 20 09:12:31 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1a13215c by security tracker role at 2025-05-20T08:12:24+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,21 @@
+CVE-2025-4971 (Broadcom Automic Automation Agent Unix versions < 24.3.0 HF4 and < 21. ...)
+ TODO: check
+CVE-2025-4322 (The Motors theme for WordPress is vulnerable to privilege escalation v ...)
+ TODO: check
+CVE-2025-48340 (Cross-Site Request Forgery (CSRF) vulnerability in Danny Vink User Pro ...)
+ TODO: check
+CVE-2025-3223 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2025-3079 (A passback vulnerability which relates to office/small office multifun ...)
+ TODO: check
+CVE-2025-3078 (A passback vulnerability which relates to production printers and offi ...)
+ TODO: check
+CVE-2025-2929 (The Order Delivery Date WordPress plugin before 12.4.0 does not saniti ...)
+ TODO: check
+CVE-2025-1308 (A vulnerability exists in PX Backup whereby sensitive information may ...)
+ TODO: check
+CVE-2024-5878 (Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scr ...)
+ TODO: check
CVE-2025-4948 (A flaw was found in the soup_multipart_new_from_message() function of ...)
- libsoup3 <unfixed>
- libsoup2.4 <unfixed>
@@ -546,14 +564,14 @@ CVE-2025-4867 (A vulnerability was found in Tenda A15 15.13.07.13. It has been d
CVE-2025-48219 (O2 UK before 2025-05-19 allows subscribers to determine the Cell ID of ...)
NOT-FOR-US: O2 UK
CVE-2025-4919 (An attacker was able to perform an out-of-bounds read or write on a Ja ...)
- {DSA-5922-1}
+ {DSA-5922-1 DLA-4172-1}
- firefox 138.0.4-1
- firefox-esr 128.10.1esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-36/#CVE-2025-4919
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-37/#CVE-2025-4919
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-38/#CVE-2025-4919
CVE-2025-4918 (An attacker was able to perform an out-of-bounds read or write on a Ja ...)
- {DSA-5922-1}
+ {DSA-5922-1 DLA-4172-1}
- firefox 138.0.4-1
- firefox-esr 128.10.1esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-36/#CVE-2025-4918
@@ -7571,7 +7589,7 @@ CVE-2024-57698 (An issue in modernwms v.1.0 allows an attacker view the MD5 hash
CVE-2023-4377
REJECTED
CVE-2025-4093 (Memory safety bug present in Firefox ESR 128.9, and Thunderbird 128.9. ...)
- {DSA-5912-1 DSA-5910-1 DLA-4167-1}
+ {DSA-5912-1 DSA-5910-1 DLA-4172-1 DLA-4167-1}
- firefox-esr 128.10.0esr-1
- thunderbird 1:128.10.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-29/#CVE-2025-4093
@@ -7580,7 +7598,7 @@ CVE-2025-4092 (Memory safety bugs present in Firefox 137 and Thunderbird 137. So
- firefox 138.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-28/#CVE-2025-4092
CVE-2025-4091 (Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ES ...)
- {DSA-5912-1 DSA-5910-1 DLA-4167-1}
+ {DSA-5912-1 DSA-5910-1 DLA-4172-1 DLA-4167-1}
- firefox 138.0-1
- firefox-esr 128.10.0esr-1
- thunderbird 1:128.10.0esr-1
@@ -7597,7 +7615,7 @@ CVE-2025-4088 (A security vulnerability in Thunderbird allowed malicious sites t
- firefox 138.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-28/#CVE-2025-4088
CVE-2025-4087 (A vulnerability was identified in Thunderbird where XPath parsing coul ...)
- {DSA-5912-1 DSA-5910-1 DLA-4167-1}
+ {DSA-5912-1 DSA-5910-1 DLA-4172-1 DLA-4167-1}
- firefox 138.0-1
- firefox-esr 128.10.0esr-1
- thunderbird 1:128.10.0esr-1
@@ -7616,7 +7634,7 @@ CVE-2025-4084 (Due to insufficient escaping of the special characters in the "co
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-29/#CVE-2025-4084
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-32/#CVE-2025-4084
CVE-2025-4083 (A process isolation vulnerability in Thunderbird stemmed from improper ...)
- {DSA-5912-1 DSA-5910-1 DLA-4167-1}
+ {DSA-5912-1 DSA-5910-1 DLA-4172-1 DLA-4167-1}
- firefox 138.0-1
- firefox-esr 128.10.0esr-1
- thunderbird 1:128.10.0esr-1
@@ -11494,7 +11512,7 @@ CVE-2025-30700 (Vulnerability in the Oracle Solaris product of Oracle Systems (c
CVE-2025-30699 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 8.0.42-1 (bug #1103385)
CVE-2025-30698 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
- {DSA-5913-1}
+ {DSA-5913-1 DLA-4174-1 DLA-4173-1}
- openjdk-8 8u452-ga-1 (bug #1103900)
- openjdk-11 11.0.27+6-1 (bug #1103899)
- openjdk-17 17.0.15+6-1 (bug #1103898)
@@ -11524,7 +11542,7 @@ CVE-2025-30693 (Vulnerability in the MySQL Server product of Oracle MySQL (compo
CVE-2025-30692 (Vulnerability in the Oracle iSupplier Portal product of Oracle E-Busin ...)
NOT-FOR-US: Oracle
CVE-2025-30691 (Vulnerability in Oracle Java SE (component: Compiler). Supported vers ...)
- {DSA-5913-1}
+ {DSA-5913-1 DLA-4174-1 DLA-4173-1}
- openjdk-8 8u452-ga-1 (bug #1103900)
- openjdk-11 11.0.27+6-1 (bug #1103899)
- openjdk-17 17.0.15+6-1 (bug #1103898)
@@ -11670,7 +11688,7 @@ CVE-2025-22263 (Improper Neutralization of Input During Web Page Generation ('Cr
CVE-2025-21588 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 <not-affected> (Only affects 8.4 and later)
CVE-2025-21587 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
- {DSA-5913-1}
+ {DSA-5913-1 DLA-4174-1 DLA-4173-1}
- openjdk-8 8u452-ga-1 (bug #1103900)
- openjdk-11 11.0.27+6-1 (bug #1103899)
- openjdk-17 17.0.15+6-1 (bug #1103898)
@@ -172560,9 +172578,9 @@ CVE-2023-39343 (Sulu is an open-source PHP content management system based on th
NOT-FOR-US: Sulu
CVE-2023-38991 (An issue in the delete function in the ActModelController class of jee ...)
NOT-FOR-US: jeesite
-CVE-2023-38952 (Insecure access control in ZKTeco BioTime v8.5.5 allows unauthenticate ...)
+CVE-2023-38952 (Insecure access control in ZKTeco BioTime through 9.0.1 allows authent ...)
NOT-FOR-US: ZKTeco BioTime
-CVE-2023-38951 (A path traversal vulnerability in ZKTeco BioTime v8.5.5 allows attacke ...)
+CVE-2023-38951 (ZKTeco BioTime version 8.5.5 through 9.0.1 allows authenticated attack ...)
NOT-FOR-US: ZKTeco BioTime
CVE-2023-38950 (A path traversal vulnerability in the iclock API of ZKTeco BioTime v8. ...)
NOT-FOR-US: ZKTeco BioTime
@@ -268505,7 +268523,7 @@ CVE-2022-29625
RESERVED
CVE-2022-29624 (An arbitrary file upload vulnerability in the Add File function of TPC ...)
NOT-FOR-US: TPCMS
-CVE-2022-29623 (An arbitrary file upload vulnerability in the file upload module of Co ...)
+CVE-2022-29623 (An arbitrary file upload vulnerability in the file upload module of Ex ...)
NOT-FOR-US: expressjs/connect-multiparty
CVE-2022-29622 (An arbitrary file upload vulnerability in formidable v3.1.4 allows att ...)
- node-formidable 3.2.4+20220519git81dd350+~cs4.0.9-1 (unimportant; bug #1011341)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a13215c22cb50451884106588f7a7f8313c6c68
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a13215c22cb50451884106588f7a7f8313c6c68
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250520/8acb975f/attachment.htm>
More information about the debian-security-tracker-commits
mailing list