[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue May 27 21:12:09 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
40f6051e by security tracker role at 2025-05-27T20:11:59+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,46 +1,113 @@
-CVE-2025-5272
+CVE-2025-5252 (A vulnerability was found in PHPGurukul News Portal Project 4.1. It ha ...)
+ TODO: check
+CVE-2025-5251 (A vulnerability was found in PHPGurukul News Portal Project 4.1. It ha ...)
+ TODO: check
+CVE-2025-5250 (A vulnerability was found in PHPGurukul News Portal Project 4.1 and cl ...)
+ TODO: check
+CVE-2025-5249 (A vulnerability has been found in PHPGurukul News Portal Project 4.1 a ...)
+ TODO: check
+CVE-2025-5248 (A vulnerability, which was classified as critical, was found in PHPGur ...)
+ TODO: check
+CVE-2025-5247 (A vulnerability, which was classified as critical, has been found in G ...)
+ TODO: check
+CVE-2025-5246 (A vulnerability classified as critical was found in Campcodes Online H ...)
+ TODO: check
+CVE-2025-5245 (A vulnerability classified as critical has been found in GNU Binutils ...)
+ TODO: check
+CVE-2025-5244 (A vulnerability was found in GNU Binutils up to 2.44. It has been rate ...)
+ TODO: check
+CVE-2025-5117 (The Property plugin for WordPress is vulnerable to Privilege Escalatio ...)
+ TODO: check
+CVE-2025-4412 (On macOS systems, by utilizing a Launch Agent and loading the viscosit ...)
+ TODO: check
+CVE-2025-48383 (Django-Select2 is a Django integration for Select2. Prior to version 8 ...)
+ TODO: check
+CVE-2025-48370 (auth-js is an isomorphic Javascript library for Supabase Auth. Prior t ...)
+ TODO: check
+CVE-2025-48057 (Icinga 2 is a monitoring system which checks the availability of netwo ...)
+ TODO: check
+CVE-2025-46173 (code-projects Online Exam Mastering System 1.0 is vulnerable to Cross ...)
+ TODO: check
+CVE-2025-45529 (An arbitrary file read vulnerability in the ReadTextAsynchronous funct ...)
+ TODO: check
+CVE-2025-45475 (maccms10 v2025.1000.4047 is vulnerable to Server-Side request forgery ...)
+ TODO: check
+CVE-2025-41653 (An unauthenticated remote attacker can exploit a denial-of-service vul ...)
+ TODO: check
+CVE-2025-41652 (The devices are vulnerable to an authentication bypass due to flaws in ...)
+ TODO: check
+CVE-2025-41651 (Due to missing authentication on a critical function of the devices an ...)
+ TODO: check
+CVE-2025-41650 (An unauthenticated remote attacker can exploit input validation in cmd ...)
+ TODO: check
+CVE-2025-41649 (An unauthenticated remote attacker can exploit insufficient input vali ...)
+ TODO: check
+CVE-2025-3704 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-2872
+ REJECTED
+CVE-2025-2236 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
+ TODO: check
+CVE-2025-27701 (In the function process_crypto_cmd, the values of ptrs[i] can be poten ...)
+ TODO: check
+CVE-2025-27700 (There is a possible bypass of carrier restrictions due to an unusual r ...)
+ TODO: check
+CVE-2025-23247 (NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the ...)
+ TODO: check
+CVE-2025-22377 (An issue was discovered in Samsung Mobile Processor, Wearable Processo ...)
+ TODO: check
+CVE-2024-56193 (There is a possible disclosure of Bluetooth adapter details due to a p ...)
+ TODO: check
+CVE-2024-49197 (An issue was discovered in Wi-Fi in Samsung Mobile Processor and Weara ...)
+ TODO: check
+CVE-2024-49196 (An issue was discovered in the GPU in Samsung Mobile Processor Exynos ...)
+ TODO: check
+CVE-2024-13966 (ZKTeco BioTime allows unauthenticated attackers to enumerate usernames ...)
+ TODO: check
+CVE-2025-5272 (Memory safety bugs present in Firefox 138 and Thunderbird 138. Some of ...)
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-42/#CVE-2025-5272
-CVE-2025-5269
+CVE-2025-5269 (Memory safety bug present in Firefox ESR 128.10, and Thunderbird 128.1 ...)
- firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-44/#CVE-2025-5269
-CVE-2025-5268
+CVE-2025-5268 (Memory safety bugs present in Firefox 138, Thunderbird 138, Firefox ES ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-42/#CVE-2025-5268
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-44/#CVE-2025-5268
-CVE-2025-5267
+CVE-2025-5267 (A clickjacking vulnerability could have been used to trick a user into ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-42/#CVE-2025-5267
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-44/#CVE-2025-5267
-CVE-2025-5271
+CVE-2025-5271 (Previewing a response in Devtools ignored CSP headers, which could hav ...)
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-42/#CVE-2025-5271
-CVE-2025-5270
+CVE-2025-5270 (In certain cases, SNI could have been sent unencrypted even when encry ...)
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-42/#CVE-2025-5270
-CVE-2025-5266
+CVE-2025-5266 (Script elements loading cross-origin resources generated load and erro ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-42/#CVE-2025-5266
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-44/#CVE-2025-5266
-CVE-2025-5265
+CVE-2025-5265 (Due to insufficient escaping of the ampersand character in the \u201cC ...)
- firefox <not-affected> (Only affects Firefox on Windows)
- firefox-esr <not-affected> (Only affects Firefox ESR on Windows)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-42/#CVE-2025-5265
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-44/#CVE-2025-5265
-CVE-2025-5264
+CVE-2025-5264 (Due to insufficient escaping of the newline character in the \u201cCop ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-42/#CVE-2025-5264
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-44/#CVE-2025-5264
-CVE-2025-5263
+CVE-2025-5263 (Error handling for script execution was incorrectly isolated from web ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-42/#CVE-2025-5263
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-44/#CVE-2025-5263
CVE-2025-5262
+ REJECTED
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-42/#CVE-2025-5262
@@ -157,13 +224,13 @@ CVE-2024-38866 (Improper neutralization of input in Nagvis before version 1.9.47
CVE-2025-5222 [Stack buffer overflow in the SRBRoot::addTag function]
- icu <unfixed> (bug #1106684)
NOTE: https://unicode-org.atlassian.net/browse/ICU-22957
-CVE-2025-48796 [Stack-based buffer overflows in file-ico]
+CVE-2025-48796 (A flaw was found in GIMP. The GIMP ani_load_image() function is vulner ...)
- gimp 3.0.0~RC1-4
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2368559
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/9257
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/merge_requests/879
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gimp/-/commit/0dc98936a0d9f5a70025f4e9cf321d1118ea500e (GIMP_2_99_16)
-CVE-2025-48797 [Multiple heap buffer overflows in TGA parser]
+CVE-2025-48797 (A flaw was found in GIMP when processing certain TGA image files. If a ...)
- gimp 3.0.0~RC1-4
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2368558
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/11822
@@ -171,7 +238,7 @@ CVE-2025-48797 [Multiple heap buffer overflows in TGA parser]
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gimp/-/commit/723d383e57e8f599c4a44ab8541ea6902e29579e (GIMP_3_0_0_RC1)
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gimp/-/commit/2ba35e5b3d43d881b0623f47b8068d9ee19d1d70 (GIMP_3_0_0_RC1)
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gimp/-/commit/1f062867172d5c68b858a6efa3011686aa32bb38 (GIMP_3_0_0_RC1)
-CVE-2025-48798 [Multiple use after free in XCF parser]
+CVE-2025-48798 (A flaw was found in GIMP when processing XCF image files. If a user op ...)
- gimp 3.0.0~RC1-4
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2368557
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/11822
@@ -232,7 +299,7 @@ CVE-2025-41655 (An unauthenticated remote attacker can access a URL which causes
NOT-FOR-US: Pepperl+Fuchs SE
CVE-2025-41654 (An unauthenticated remote attacker can access information about runnin ...)
NOT-FOR-US: Pepperl+Fuchs SE
-CVE-2025-40672 (A Privilege Escalation vulnerability has been found in ProactivaNet v3 ...)
+CVE-2025-40672 (A Privilege Escalation vulnerability has been found in Panloader compo ...)
NOT-FOR-US: ProactivaNet
CVE-2025-40671 (SQL injection vulnerability in AES Multimedia's Gestnet v1.07. This vu ...)
NOT-FOR-US: AES Multimedia's Gestnet
@@ -2691,6 +2758,7 @@ CVE-2025-4807 (A vulnerability, which was classified as problematic, was found i
CVE-2025-4806 (A vulnerability, which was classified as critical, has been found in S ...)
NOT-FOR-US: SourceCodester
CVE-2025-4802 (Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GN ...)
+ {DLA-4181-1}
- glibc 2.39-4
[bookworm] - glibc <no-dsa> (Minor issue)
NOTE: Introduced with: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=10e93d968716ab82931d593bada121c17c0a4b93 (glibc-2.27)
@@ -184695,10 +184763,10 @@ CVE-2023-2610 (Integer Overflow or Wraparound in GitHub repository vim/vim prior
[bookworm] - vim 2:9.0.1378-2+deb12u1
NOTE: https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d
NOTE: https://github.com/vim/vim/commit/ab9a2d884b3a4abe319606ea95a5a6d6b01cd73a (v9.0.1532)
-CVE-2023-32216 (Memory safety bugs present in Firefox 112. Some of these bugs showed ...)
+CVE-2023-32216 (Mozilla developers and community members Ronald Crane, Andrew McCreigh ...)
- firefox 113.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-16/#CVE-2023-32216
-CVE-2023-32215 (Memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some ...)
+CVE-2023-32215 (Mozilla developers and community members Gabriele Svelto, Andrew Osmon ...)
{DSA-5403-1 DSA-5400-1 DLA-3421-1 DLA-3417-1}
- firefox 113.0-1
- firefox-esr 102.11.0esr-1
@@ -184721,7 +184789,7 @@ CVE-2023-32213 (When reading a file, an uninitialized value could have been used
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-16/#CVE-2023-32213
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-17/#CVE-2023-32213
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-18/#CVE-2023-32213
-CVE-2023-32212 (An attacker could have positioned a <code>datalist</code> element to o ...)
+CVE-2023-32212 (An attacker could have positioned a `datalist` element to obscure the ...)
{DSA-5403-1 DSA-5400-1 DLA-3421-1 DLA-3417-1}
- firefox 113.0-1
- firefox-esr 102.11.0esr-1
@@ -303673,7 +303741,7 @@ CVE-2022-21151 (Processor optimization removal or modification of security-criti
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00617.html
NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20220510
CVE-2022-21138
- RESERVED
+ REJECTED
CVE-2022-21136 (Improper input validation for some Intel(R) Xeon(R) Processors may all ...)
NOT-FOR-US: Intel
CVE-2022-21131 (Improper access control for some Intel(R) Xeon(R) Processors may allow ...)
@@ -307918,7 +307986,7 @@ CVE-2022-0005 (Sensitive information accessible by physical probing of JTAG inte
CVE-2022-0004 (Hardware debug modes and processor INIT setting that allow override of ...)
NOT-FOR-US: Intel
CVE-2022-0003
- RESERVED
+ REJECTED
CVE-2022-0002 (Non-transparent sharing of branch predictor within a context in some I ...)
{DSA-5096-1 DSA-5095-1 DLA-2941-1 DLA-2940-1}
- linux 5.16.12-1
@@ -382882,7 +382950,7 @@ CVE-2020-26274 (In systeminformation (npm package) before version 4.31.1 there i
NOT-FOR-US: Node systeminformation
CVE-2020-26273 (osquery is a SQL powered operating system instrumentation, monitoring, ...)
- osquery <itp> (bug #803502)
-CVE-2020-26272 (The Electron framework lets you write cross-platform desktop applicati ...)
+CVE-2020-26272 (The Electron framework lets users write cross-platform desktop applica ...)
- electron <itp> (bug #842420)
CVE-2020-26271 (In affected versions of TensorFlow under certain cases, loading a save ...)
- tensorflow <itp> (bug #804612)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/40f6051e3594a4a4a6fae3c7de1b35ab816df147
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/40f6051e3594a4a4a6fae3c7de1b35ab816df147
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250527/c62587b0/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list