[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue May 27 09:12:36 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
653757a4 by security tracker role at 2025-05-27T08:12:29+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,105 @@
+CVE-2025-5232 (A vulnerability, which was classified as critical, has been found in P ...)
+	TODO: check
+CVE-2025-5231 (A vulnerability classified as critical was found in PHPGurukul Company ...)
+	TODO: check
+CVE-2025-5230 (A vulnerability classified as critical has been found in PHPGurukul On ...)
+	TODO: check
+CVE-2025-5229 (A vulnerability was found in Campcodes Online Hospital Management Syst ...)
+	TODO: check
+CVE-2025-5228 (A vulnerability was found in D-Link DI-8100 up to 20250523. It has bee ...)
+	TODO: check
+CVE-2025-5227 (A vulnerability was found in PHPGurukul Small CRM 3.0 and classified a ...)
+	TODO: check
+CVE-2025-5226 (A vulnerability has been found in PHPGurukul Small CRM 3.0 and classif ...)
+	TODO: check
+CVE-2025-5225 (A vulnerability, which was classified as critical, was found in Campco ...)
+	TODO: check
+CVE-2025-5224 (A vulnerability classified as critical has been found in Campcodes Onl ...)
+	TODO: check
+CVE-2025-5221 (A vulnerability was found in FreeFloat FTP Server 1.0.0. It has been c ...)
+	TODO: check
+CVE-2025-5220 (A vulnerability was found in FreeFloat FTP Server 1.0.0 and classified ...)
+	TODO: check
+CVE-2025-5219 (A vulnerability has been found in FreeFloat FTP Server 1.0.0 and class ...)
+	TODO: check
+CVE-2025-5218 (A vulnerability, which was classified as critical, was found in FreeFl ...)
+	TODO: check
+CVE-2025-5217 (A vulnerability, which was classified as critical, has been found in F ...)
+	TODO: check
+CVE-2025-5216 (A vulnerability classified as critical was found in PHPGurukul Student ...)
+	TODO: check
+CVE-2025-5215 (A vulnerability classified as critical has been found in D-Link DCS-50 ...)
+	TODO: check
+CVE-2025-5214 (A vulnerability was found in Kashipara Responsive Online Learing Platf ...)
+	TODO: check
+CVE-2025-5213 (A vulnerability was found in projectworlds Responsive E-Learning Syste ...)
+	TODO: check
+CVE-2025-5212 (A vulnerability was found in PHPGurukul Employee Record Management Sys ...)
+	TODO: check
+CVE-2025-5211 (A vulnerability was found in PHPGurukul Employee Record Management Sys ...)
+	TODO: check
+CVE-2025-5210 (A vulnerability has been found in PHPGurukul Employee Record Managemen ...)
+	TODO: check
+CVE-2025-5208 (A vulnerability, which was classified as critical, was found in Source ...)
+	TODO: check
+CVE-2025-5207 (A vulnerability, which was classified as critical, has been found in S ...)
+	TODO: check
+CVE-2025-5206 (A vulnerability classified as critical was found in Pixelimity 1.0. Af ...)
+	TODO: check
+CVE-2025-5205 (A vulnerability classified as critical has been found in 1000 Projects ...)
+	TODO: check
+CVE-2025-5204 (A vulnerability classified as problematic has been found in Open Asset ...)
+	TODO: check
+CVE-2025-4783 (The Exclusive Addons for Elementor plugin for WordPress is vulnerable  ...)
+	TODO: check
+CVE-2025-4683 (The MStore API \u2013 Create Native Android & iOS Apps On The Cloud pl ...)
+	TODO: check
+CVE-2025-4682 (The Essential Blocks \u2013 Page Builder Gutenberg Blocks, Patterns &  ...)
+	TODO: check
+CVE-2025-48828 (Certain vBulletin versions might allow attackers to execute arbitrary  ...)
+	TODO: check
+CVE-2025-48827 (vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 allows unauthent ...)
+	TODO: check
+CVE-2025-48794
+	REJECTED
+CVE-2025-48793
+	REJECTED
+CVE-2025-48792
+	REJECTED
+CVE-2025-48791
+	REJECTED
+CVE-2025-48790
+	REJECTED
+CVE-2025-48789
+	REJECTED
+CVE-2025-48788
+	REJECTED
+CVE-2025-48787
+	REJECTED
+CVE-2025-48786
+	REJECTED
+CVE-2025-48744 (In SIGB PMB before 8.0.1.2, attackers can achieve Local File Inclusion ...)
+	TODO: check
+CVE-2025-48743 (SIGB PMB before 8.0.1.2 allows SQL injection.)
+	TODO: check
+CVE-2025-48742 (The installer in SIGB PMB before 8.0.1.2 allows remote code execution.)
+	TODO: check
+CVE-2025-48382 (Fess is a deployable Enterprise Search Server. Prior to version 14.19. ...)
+	TODO: check
+CVE-2025-48054 (Radashi is a TypeScript utility toolkit. Prior to version 12.5.1, the  ...)
+	TODO: check
+CVE-2025-33079 (IBM Controller 11.0.0, 11.0.1, and 11.1.0 application could allow an a ...)
+	TODO: check
+CVE-2025-2407 (Missing Authentication & Authorization in Web-API in Mobatime AMX MTAP ...)
+	TODO: check
+CVE-2025-26211 (Gibbon before 29.0.00 allows CSRF.)
+	TODO: check
+CVE-2025-23393 (A Improper Neutralization of Script-Related HTML Tags in a Web Page (B ...)
+	TODO: check
+CVE-2024-47090 (Improper neutralization of input in Nagvis before version 1.9.47 which ...)
+	TODO: check
+CVE-2024-38866 (Improper neutralization of input in Nagvis before version 1.9.47 which ...)
+	TODO: check
 CVE-2025-5222 [Stack buffer overflow in the SRBRoot::addTag function]
 	- icu <unfixed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2368600
@@ -2896,11 +2998,13 @@ CVE-2025-4209
 CVE-2025-4169 (The Posts per Cat [Unmaintained plugin for WordPress is vulnerable to  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-48175 (In libavif before 1.3.0, avifImageRGBToYUV in reformat.c has integer o ...)
+	{DLA-4179-1}
 	- libavif 1.2.1-1.1 (bug #1105883)
 	NOTE: https://github.com/AOMediaCodec/libavif/security/advisories/GHSA-762c-2538-h844
 	NOTE: https://github.com/AOMediaCodec/libavif/pull/2769
 	NOTE: https://github.com/AOMediaCodec/libavif/commit/64d956ed5a602f78cebf29da023280944ee92efd (v1.3.0)
 CVE-2025-48174 (In libavif before 1.3.0, makeRoom in stream.c has an integer overflow  ...)
+	{DLA-4179-1}
 	- libavif 1.2.1-1.1 (bug #1105885)
 	NOTE: https://github.com/AOMediaCodec/libavif/pull/2768
 	NOTE: https://github.com/AOMediaCodec/libavif/commit/e5fdefe7d1776e6c4cf1703c163a8c0535599029 (v1.3.0)
@@ -12575,6 +12679,7 @@ CVE-2025-30002 (A vulnerability has been identified in TeleControl Server Basic
 CVE-2025-2564 (Mattermost versions 10.5.x <= 10.5.1, 10.4.x <= 10.4.3, 9.11.x <= 9.11 ...)
 	- mattermost-server <itp> (bug #823556)
 CVE-2025-2291 (Password can be used past expiry in PgBouncer due to auth_query not ta ...)
+	{DLA-4180-1}
 	- pgbouncer 1.24.1-1 (bug #1103394)
 	NOTE: Fixed by: https://github.com/pgbouncer/pgbouncer/commit/9912ee7f1af2e1b81d4d624a0da1cb49075ee78a (pgbouncer_1_24_1)
 CVE-2025-29905 (A vulnerability has been identified in TeleControl Server Basic (All v ...)
@@ -304227,7 +304332,7 @@ CVE-2021-3937
 CVE-2021-3936
 	RESERVED
 CVE-2021-3935 (When PgBouncer is configured to use "cert" authentication, a man-in-th ...)
-	{DLA-2922-1}
+	{DLA-4180-1 DLA-2922-1}
 	- pgbouncer 1.16.1-1
 	[buster] - pgbouncer <no-dsa> (Minor issue; can be fixed via point release)
 	NOTE: https://www.pgbouncer.org/2021/11/pgbouncer-1-16-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/653757a4bc55c0e8b47d23ad7ac2992b436ce868

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/653757a4bc55c0e8b47d23ad7ac2992b436ce868
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250527/c7adee13/attachment.htm>

More information about the debian-security-tracker-commits mailing list