[Git][security-tracker-team/security-tracker][master] automatic update

Mon May 26 21:12:53 BST 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7e73986f by security tracker role at 2025-05-26T20:12:46+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,72 @@
-CVE-2025-37992 [net_sched: Flush gso_skb list too during ->change()]
+CVE-2025-5203 (A vulnerability was found in Open Asset Import Library Assimp 5.4.3. I ...)
+	TODO: check
+CVE-2025-5202 (A vulnerability was found in Open Asset Import Library Assimp 5.4.3. I ...)
+	TODO: check
+CVE-2025-5201 (A vulnerability was found in Open Asset Import Library Assimp 5.4.3. I ...)
+	TODO: check
+CVE-2025-5200 (A vulnerability was found in Open Asset Import Library Assimp 5.4.3 an ...)
+	TODO: check
+CVE-2025-5196 (A vulnerability has been found in Wing FTP Server up to 7.4.3 and clas ...)
+	TODO: check
+CVE-2025-5186 (A vulnerability was found in thinkgem JeeSite up to 5.11.1. It has bee ...)
+	TODO: check
+CVE-2025-5185 (A vulnerability was found in Summer Pearl Group Vacation Rental Manage ...)
+	TODO: check
+CVE-2025-5184 (A vulnerability was found in Summer Pearl Group Vacation Rental Manage ...)
+	TODO: check
+CVE-2025-5183 (A vulnerability was found in Summer Pearl Group Vacation Rental Manage ...)
+	TODO: check
+CVE-2025-5182 (A vulnerability has been found in Summer Pearl Group Vacation Rental M ...)
+	TODO: check
+CVE-2025-5181 (A vulnerability, which was classified as problematic, was found in Sum ...)
+	TODO: check
+CVE-2025-5180 (A vulnerability, which was classified as critical, has been found in W ...)
+	TODO: check
+CVE-2025-5179 (A vulnerability classified as problematic was found in Realce Tecnolog ...)
+	TODO: check
+CVE-2025-5178 (A vulnerability classified as critical has been found in Realce Tecnol ...)
+	TODO: check
+CVE-2025-5177 (A vulnerability was found in Realce Tecnologia Queue Ticket Kiosk up t ...)
+	TODO: check
+CVE-2025-5176 (A vulnerability was found in Realce Tecnologia Queue Ticket Kiosk up t ...)
+	TODO: check
+CVE-2025-4057 (A flaw was found in ActiveMQ Artemis. The password generated by active ...)
+	TODO: check
+CVE-2025-4053 (The datastored inBe-Tech Mifare Classic cardis stored in cleartext.An  ...)
+	TODO: check
+CVE-2025-41655 (An unauthenticated remote attacker can access a URL which causes the d ...)
+	TODO: check
+CVE-2025-41654 (An unauthenticated remote attacker can access information about runnin ...)
+	TODO: check
+CVE-2025-40672 (A Privilege Escalation vulnerability has been found in ProactivaNet v3 ...)
+	TODO: check
+CVE-2025-40671 (SQL injection vulnerability in AES Multimedia's Gestnet v1.07. This vu ...)
+	TODO: check
+CVE-2025-40667 (Missing authorization vulnerability in TCMAN's GIM v11. This allows an ...)
+	TODO: check
+CVE-2025-40666 (Time-based blind SQL injection vulnerabilities in TCMAN's GIM v11. The ...)
+	TODO: check
+CVE-2025-40665 (Time-based blind SQL injection vulnerabilities in TCMAN's GIM v11. The ...)
+	TODO: check
+CVE-2025-40664 (Missing authentication vulnerability in TCMAN GIM v11. This allows an  ...)
+	TODO: check
+CVE-2025-40663 (Stored Cross-Site Scripting (XSS) vulnerability in i2A-Cronos version  ...)
+	TODO: check
+CVE-2025-40653 (User enumeration vulnerability in M3M Printer Server Web. This issue o ...)
+	TODO: check
+CVE-2025-40652 (Stored Cross-Site Scripting (XSS) vulnerability in the CoverManager bo ...)
+	TODO: check
+CVE-2025-40650 (Insecure Direct Object Reference (IDOR) vulnerability in Clickedu. Thi ...)
+	TODO: check
+CVE-2025-39498 (Insertion of Sensitive Information Into Sent Data vulnerability in Spo ...)
+	TODO: check
+CVE-2025-23394 (A UNIX Symbolic Link (Symlink) Following vulnerability in openSUSE Tum ...)
+	TODO: check
+CVE-2025-23392 (A Improper Neutralization of Script-Related HTML Tags in a Web Page (B ...)
+	TODO: check
+CVE-2025-1985 (Due to improper neutralization of input during web page generation (XS ...)
+	TODO: check
+CVE-2025-37992 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
 	- linux <unfixed>
 	[bookworm] - linux 6.1.140-1
 	NOTE: https://git.kernel.org/linus/2d3cbfd6d54a2c39ce3244f33f85c595844bd7b8 (6.15-rc7)
@@ -66,7 +134,7 @@ CVE-2025-41441 (Mailform Pro CGI prior to 4.3.4 generates error messages contain
 	NOT-FOR-US: Mailform Pro CGI
 CVE-2025-2146 (Buffer overflow in WebService Authentication processing of Small Offic ...)
 	NOT-FOR-US: Canon
-CVE-2025-35003
+CVE-2025-35003 (Improper Restriction of Operations within the Bounds of a Memory Buffe ...)
 	NOT-FOR-US: Apache NuttX RTOS
 CVE-2025-5155 (A vulnerability has been found in qianfox FoxCMS 1.2.5 and classified  ...)
 	NOT-FOR-US: FoxCMS
@@ -4678,29 +4746,29 @@ CVE-2024-28956 (Exposure of Sensitive Information in Shared Microarchitectural S
 	NOTE: https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/indirect-target-selection.html
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01153.html
 	NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250512
-CVE-2025-46805
+CVE-2025-46805 (Screen version 5.0.0 and older version 4 releases have  a TOCTOU race  ...)
 	- screen 4.9.1-3 (unimportant)
 	NOTE: Fixed by: https://git.savannah.gnu.org/cgit/screen.git/commit/?id=161f85b98b7e1d5e4893aeed20f4cdb5e3dfaaa4
 	NOTE: https://www.openwall.com/lists/oss-security/2025/05/12/1
 	NOTE: screen in Debian not installed setuid or setgid
-CVE-2025-46804
+CVE-2025-46804 (A minor information leak when running Screen with setuid-root privileg ...)
 	- screen 4.9.1-3 (unimportant)
 	NOTE: Fixed by: https://git.savannah.gnu.org/cgit/screen.git/commit/?id=e0eef5aac453fa98a2664416a56c50ad1d00cb30
 	NOTE: https://www.openwall.com/lists/oss-security/2025/05/12/1
 	NOTE: screen in Debian not installed setuid or setgid
-CVE-2025-46803
+CVE-2025-46803 (The default mode of pseudo terminals (PTYs) allocated by Screen was ch ...)
 	- screen <not-affected> (Vulnerable code only introduced in Scren v5 branch)
 	NOTE: Introduced with: https://git.savannah.gnu.org/cgit/screen.git/commit/?id=78a961188f7da528c7cefcc63e07f35f04e69a93 (v.5.0.0)
 	NOTE: Fixed by: https://git.savannah.gnu.org/cgit/screen.git/commit/?id=d5d7bf43f3842e8b62d5f34eb4b031de7c8098c1
 	NOTE: https://www.openwall.com/lists/oss-security/2025/05/12/1
-CVE-2025-46802
+CVE-2025-46802 (For a short time they PTY is set to mode 666, allowing any user on the ...)
 	- screen 4.9.1-3 (unimportant; bug #1105191)
 	NOTE: Fixed by: https://git.savannah.gnu.org/cgit/screen.git/commit/?id=049b26b22e197ba3be9c46e5c193032e01a4724a
 	NOTE: https://www.openwall.com/lists/oss-security/2025/05/12/1
 	NOTE: Has potential to break some reattach use cases, but the specific use case
 	NOTE: was broken already before.
 	NOTE: screen in Debian not installed setuid or setgid
-CVE-2025-23395
+CVE-2025-23395 (Screen 5.0.0 when it runs with setuid-root privileges does not drop pr ...)
 	- screen <not-affected> (Vulnerable code only introduced in Scren v5 branch)
 	NOTE: Introduced with: https://git.savannah.gnu.org/cgit/screen.git/commit/?id=441bca708bd197ae15d031ccfd2b42077eeebedc (v.5.0.0)
 	NOTE: Fixed by: https://git.savannah.gnu.org/cgit/screen.git/commit/?id=e894caeffccdb62f9c644989a936dc7ec83cc747



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e73986f574665fa4b9d9355b86fa856c331ab4d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e73986f574665fa4b9d9355b86fa856c331ab4d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250526/f84ba331/attachment-0001.htm>
