[Git][security-tracker-team/security-tracker][master] automatic update

Wed May 21 09:12:38 BST 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
89bcd1f2 by security tracker role at 2025-05-21T08:12:31+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,83 @@
+CVE-2025-5013 (A vulnerability, which was classified as problematic, was found in HkC ...)
+	TODO: check
+CVE-2025-5011 (A vulnerability classified as problematic was found in moonlightL hexo ...)
+	TODO: check
+CVE-2025-5010 (A vulnerability classified as problematic has been found in moonlightL ...)
+	TODO: check
+CVE-2025-5008 (A vulnerability was found in projectworlds Online Time Table Generator ...)
+	TODO: check
+CVE-2025-5007 (A vulnerability was found in Part-DB up to 1.17.0. It has been declare ...)
+	TODO: check
+CVE-2025-5006 (A vulnerability was found in Campcodes Online Shopping Portal 1.0. It  ...)
+	TODO: check
+CVE-2025-5004 (A vulnerability was found in projectworlds Online Time Table Generator ...)
+	TODO: check
+CVE-2025-5003 (A vulnerability has been found in projectworlds Online Time Table Gene ...)
+	TODO: check
+CVE-2025-5002 (A vulnerability, which was classified as critical, was found in Source ...)
+	TODO: check
+CVE-2025-5001 (A vulnerability was found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108 ...)
+	TODO: check
+CVE-2025-5000 (A vulnerability was found in Linksys FGW3000-AH and FGW3000-HK up to 1 ...)
+	TODO: check
+CVE-2025-4999 (A vulnerability was found in Linksys FGW3000-AH and FGW3000-HK up to 1 ...)
+	TODO: check
+CVE-2025-4998 (A vulnerability has been found in H3C Magic R200G up to 100R002 and cl ...)
+	TODO: check
+CVE-2025-4969 (A vulnerability was found in the libsoup package. This flaw stems from ...)
+	TODO: check
+CVE-2025-4949 (In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestP ...)
+	TODO: check
+CVE-2025-4524 (The Madara \u2013 Responsive and modern WordPress theme for manga site ...)
+	TODO: check
+CVE-2025-4436
+	REJECTED
+CVE-2025-4094 (The DIGITS: WordPress Mobile Number Signup and Login WordPress plugin  ...)
+	TODO: check
+CVE-2025-48427
+	REJECTED
+CVE-2025-48426
+	REJECTED
+CVE-2025-48425
+	REJECTED
+CVE-2025-48424
+	REJECTED
+CVE-2025-48423
+	REJECTED
+CVE-2025-48422
+	REJECTED
+CVE-2025-48421
+	REJECTED
+CVE-2025-48420
+	REJECTED
+CVE-2025-48419
+	REJECTED
+CVE-2025-44898 (FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow ...)
+	TODO: check
+CVE-2025-44897 (FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow ...)
+	TODO: check
+CVE-2025-44896 (FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow ...)
+	TODO: check
+CVE-2025-44894 (FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow ...)
+	TODO: check
+CVE-2025-44891 (FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow ...)
+	TODO: check
+CVE-2025-44888 (FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow ...)
+	TODO: check
+CVE-2025-44887 (FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow ...)
+	TODO: check
+CVE-2025-44886 (FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow ...)
+	TODO: check
+CVE-2025-44884 (FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow ...)
+	TODO: check
+CVE-2025-44883 (FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow ...)
+	TODO: check
+CVE-2025-44882 (A command injection vulnerability in the component /cgi-bin/firewall.c ...)
+	TODO: check
+CVE-2025-44881 (A command injection vulnerability in the component /cgi-bin/qos.cgi of ...)
+	TODO: check
+CVE-2025-44880 (A command injection vulnerability in the component /cgi-bin/adm.cgi of ...)
+	TODO: check
 CVE-2025-4997 (A vulnerability, which was classified as problematic, was found in H3C ...)
 	NOT-FOR-US: H3C R2+ProG
 CVE-2025-4996 (A vulnerability, which was classified as problematic, has been found i ...)
@@ -993,7 +1073,8 @@ CVE-2025-23164 (A misconfigured access token mechanism in the Unifi Protect Appl
 	NOT-FOR-US: UniFi Protect
 CVE-2025-23123 (A malicious actor with access to the management network could execute  ...)
 	NOT-FOR-US: UniFi Protect
-CVE-2025-23122 (In Node.js, the `ReadFileUtf8` internal binding leaks memory due to a  ...)
+CVE-2025-23122
+	REJECTED
 	NOTE: Duplicate of CVE-2025-23165 (CNA contacted for rejection)
 CVE-2025-1627 (The Qi Blocks WordPress plugin before 1.4 does not validate and escape ...)
 	NOT-FOR-US: WordPress plugin
@@ -12813,7 +12894,7 @@ CVE-2025-29834 (Out-of-bounds read in Microsoft Edge (Chromium-based) allows an
 	NOT-FOR-US: Microsoft
 CVE-2025-29803 (Uncontrolled search path element in Visual Studio Tools for Applicatio ...)
 	NOT-FOR-US: Microsoft
-CVE-2025-0129 (Prisma Access Browser: Inappropriate control behavior in Prisma Access ...)
+CVE-2025-0129 (An improper exception check in Palo Alto Networks Prisma Access Browse ...)
 	NOT-FOR-US: Palo Alto Networks
 CVE-2024-13338 (The Clearfy Cache \u2013 WordPress optimization plugin, Minify HTML, C ...)
 	NOT-FOR-US: WordPress plugin
@@ -64591,7 +64672,7 @@ CVE-2024-6479 (The SIP Reviews Shortcode for WooCommerce plugin for WordPress is
 	NOT-FOR-US: WordPress plugin
 CVE-2024-49501 (Sysmac Studio provided by OMRON Corporation contains an incorrect auth ...)
 	NOT-FOR-US: OMROM
-CVE-2024-47939 (Stack-based buffer overflow vulnerability exists in multiple Ricoh las ...)
+CVE-2024-47939 (Stack-based buffer overflow vulnerability exists in multiple laser pri ...)
 	NOT-FOR-US: Ricoh
 CVE-2024-21510 (Versions of the package sinatra from 0.0.0 are vulnerable to Reliance  ...)
 	[experimental] - ruby-sinatra 4.1.1-1
@@ -352224,8 +352305,8 @@ CVE-2021-25264 (In multiple versions of Sophos Endpoint products for MacOS, a lo
 	NOT-FOR-US: Sophos
 CVE-2021-25263 (Local privilege vulnerability in Yandex Browser for Windows prior to 2 ...)
 	NOT-FOR-US: Yandex Browser
-CVE-2021-25262
-	RESERVED
+CVE-2021-25262 (Yandex Browser for Android prior to version 21.3.0 allows remote attac ...)
+	TODO: check
 CVE-2021-25261 (Local privilege vulnerability in Yandex Browser for Windows prior to 2 ...)
 	NOT-FOR-US: Yandex Browser
 CVE-2021-25260
@@ -352238,10 +352319,10 @@ CVE-2021-25257
 	RESERVED
 CVE-2021-25256
 	RESERVED
-CVE-2021-25255
-	RESERVED
-CVE-2021-25254
-	RESERVED
+CVE-2021-25255 (Yandex Browser Lite for Android prior to version 21.1.0 allows remote  ...)
+	TODO: check
+CVE-2021-25254 (Yandex Browser Lite for Android before 21.1.0 allows remote attackers  ...)
+	TODO: check
 CVE-2021-25253 (An improper access control vulnerability in Trend Micro Apex One, Tren ...)
 	NOT-FOR-US: Trend Micro
 CVE-2021-25252 (Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine ( ...)
@@ -455674,8 +455755,8 @@ CVE-2014-10396 (The epic theme through 2014-09-07 for WordPress allows arbitrary
 	NOT-FOR-US: epic theme for WordPress
 CVE-2019-16537
 	RESERVED
-CVE-2019-16536
-	RESERVED
+CVE-2019-16536 (Stack overflow leading to DoS can be triggered by a malicious authenti ...)
+	TODO: check
 CVE-2019-16535 (In all versions of ClickHouse before 19.14, an OOB read, OOB write and ...)
 	NOT-FOR-US: ClickHouse
 CVE-2019-16534 (On DrayTek Vigor2925 devices with firmware 3.8.4.3, XSS exists via a c ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89bcd1f24f63252b9437561fa61502c49a60d925

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89bcd1f24f63252b9437561fa61502c49a60d925
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250521/834aba05/attachment.htm>
