[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed May 28 09:12:50 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
37a992e5 by security tracker role at 2025-05-28T08:12:43+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,10 +1,66 @@
+CVE-2025-5279 (When the Amazon Redshift Python Connector is configured with the Brows ...)
+	TODO: check
+CVE-2025-5082 (The WP Attachments plugin for WordPress is vulnerable to Reflected Cro ...)
+	TODO: check
+CVE-2025-4800 (The MasterStudy LMS Pro plugin for WordPress is vulnerable to arbitrar ...)
+	TODO: check
+CVE-2025-4009 (The Evertz SVDN 3080ipx-10G is a High Bandwidth Ethernet Switching Fab ...)
+	TODO: check
+CVE-2025-48848
+	REJECTED
+CVE-2025-48847
+	REJECTED
+CVE-2025-48846
+	REJECTED
+CVE-2025-48845
+	REJECTED
+CVE-2025-48844
+	REJECTED
+CVE-2025-48843
+	REJECTED
+CVE-2025-48842
+	REJECTED
+CVE-2025-48841
+	REJECTED
+CVE-2025-47295 (A buffer over-read in Fortinet FortiOS versions 7.4.0 through 7.4.3, v ...)
+	TODO: check
+CVE-2025-47294 (A integer overflow or wraparound in Fortinet FortiOS versions 7.2.0 th ...)
+	TODO: check
+CVE-2025-46777 (A insertion of sensitive information into log file in Fortinet FortiPo ...)
+	TODO: check
+CVE-2025-32440 (NetAlertX is a network, presence scanner and alert framework. Prior to ...)
+	TODO: check
+CVE-2025-2826 (n affected platforms running Arista EOS, ACL policies may not be enfor ...)
+	TODO: check
+CVE-2025-2796 (On affected platforms with hardware IPSec support running Arista EOS w ...)
+	TODO: check
+CVE-2025-25251 (An Incorrect Authorization vulnerability [CWE-863] in FortiClient Mac  ...)
+	TODO: check
+CVE-2025-25029 (IBM Security Guardium 12.0 could allow a privileged user to download a ...)
+	TODO: check
+CVE-2025-25026 (IBM Security Guardium 12.0 could allow an authenticated user to obtain ...)
+	TODO: check
+CVE-2025-25025 (IBM Security Guardium 12.0 could allow a remote attacker to obtain sen ...)
+	TODO: check
+CVE-2025-24473 (A exposure of sensitive system information to an unauthorized control  ...)
+	TODO: check
+CVE-2025-22252 (A missing authentication for critical function in Fortinet FortiProxy  ...)
+	TODO: check
+CVE-2024-54020 (A missing authorization in Fortinet FortiManager versions 7.2.0 throug ...)
+	TODO: check
+CVE-2024-45094 (IBM DS8900F and DS8A00 Hardware Management Console (HMC)is vulnerable  ...)
+	TODO: check
+CVE-2024-11185 (On affected platforms running Arista EOS, ingress traffic on Layer 2 p ...)
+	TODO: check
+CVE-2023-41839
+	REJECTED
 CVE-2025-27528
 	NOT-FOR-US: Apache InLong
 CVE-2025-27526
 	NOT-FOR-US: Apache InLong
 CVE-2025-27522
 	NOT-FOR-US: Apache InLong
-CVE-2025-5025
+CVE-2025-5025 (libcurl supports *pinning* of the server certificate public key for HT ...)
 	- curl <unfixed> (unimportant)
 	[bookworm] - curl <not-affected> (Vulnerable code not present)
 	[bullseye] - curl <not-affected> (Vulnerable code not present)
@@ -12,7 +68,7 @@ CVE-2025-5025
 	NOTE: Introduced by: https://github.com/curl/curl/commit/5f78cf503c786a1d48d13528dde038bccfa6c67c (curl-8_5_0)
 	NOTE: Fixed by: https://github.com/curl/curl/commit/e1f65937a96a451292e9231339672797da86ecc5 (curl-8_14_0)
 	NOTE: curl in Debian not built with wolfSSL support
-CVE-2025-4947
+CVE-2025-4947 (libcurl accidentally skips the certificate verification for QUIC conne ...)
 	- curl <unfixed> (unimportant)
 	[bookworm] - curl <not-affected> (Vulnerable code not present)
 	[bullseye] - curl <not-affected> (Vulnerable code not present)
@@ -20,38 +76,38 @@ CVE-2025-4947
 	NOTE: Introduced by: https://github.com/curl/curl/commit/4c46e277b2a0c0489de0e0fcb91f315c62f0369c (curl-8_8_0)
 	NOTE: Fixed by: https://github.com/curl/curl/commit/a85f1df4803bbd272905c9e712537b41afeafbd3 (rc-8_14_0)
 	NOTE: curl in Debian not built with wolfSSL support
-CVE-2025-40911
+CVE-2025-40911 (Net::CIDR::Set versions 0.10 through 0.13 for Perl does not properly h ...)
 	- libnet-cidr-set-perl <unfixed> (bug #1106699)
 	NOTE: https://lists.security.metacpan.org/cve-announce/msg/29942240/
 	NOTE: Fixed by: https://github.com/robrwo/perl-Net-CIDR-Set/commit/be7d91e8446ad8013b08b4be313d666dab003a8a (v0.14)
-CVE-2025-5278
+CVE-2025-5278 (A flaw was found in GNU Coreutils. The sort utility's begfield() funct ...)
 	- coreutils <unfixed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2368764
 	NOTE: https://lists.gnu.org/archive/html/bug-coreutils/2025-05/msg00036.html
 	NOTE: https://lists.gnu.org/archive/html/bug-coreutils/2025-05/msg00040.html
 	NOTE: https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633
-CVE-2025-5067
+CVE-2025-5067 (Inappropriate implementation in Tab Strip in Google Chrome prior to 13 ...)
 	- chromium 137.0.7151.55-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-5281
+CVE-2025-5281 (Inappropriate implementation in BFCache in Google Chrome prior to 137. ...)
 	- chromium 137.0.7151.55-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-5066
+CVE-2025-5066 (Inappropriate implementation in Messages in Google Chrome on Android p ...)
 	- chromium 137.0.7151.55-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-5065
+CVE-2025-5065 (Inappropriate implementation in FileSystemAccess API in Google Chrome  ...)
 	- chromium 137.0.7151.55-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-5064
+CVE-2025-5064 (Inappropriate implementation in Background Fetch API in Google Chrome  ...)
 	- chromium 137.0.7151.55-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-5280
+CVE-2025-5280 (Out of bounds write in V8 in Google Chrome prior to 137.0.7151.55 allo ...)
 	- chromium 137.0.7151.55-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-5063
+CVE-2025-5063 (Use after free in Compositing in Google Chrome prior to 137.0.7151.55  ...)
 	- chromium 137.0.7151.55-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-5283 [double-free in vpx_codec_enc_init_multi]
+CVE-2025-5283 (Use after free in libvpx in Google Chrome prior to 137.0.7151.55 allow ...)
 	- chromium 137.0.7151.55-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
 	- firefox 139.0-1
@@ -310,7 +366,7 @@ CVE-2024-47090 (Improper neutralization of input in Nagvis before version 1.9.47
 CVE-2024-38866 (Improper neutralization of input in Nagvis before version 1.9.47 which ...)
 	- nagvis 1:1.9.47-1 (bug #1106686)
 	NOTE: https://github.com/NagVis/nagvis/commit/6493722cf52436dbafb2b9f1c20c3ab8b663ad0f (nagvis-1.9.47)
-CVE-2025-5222 [Stack buffer overflow in the SRBRoot::addTag function]
+CVE-2025-5222 (A stack buffer overflow was found in Internationl components for unico ...)
 	- icu <unfixed> (bug #1106684)
 	NOTE: https://unicode-org.atlassian.net/browse/ICU-22957
 CVE-2025-48796 (A flaw was found in GIMP. The GIMP ani_load_image() function is vulner ...)
@@ -334,7 +390,7 @@ CVE-2025-48798 (A flaw was found in GIMP when processing XCF image files. If a u
 	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gimp/-/commit/7d949423ed2231dd463968d86b58e0a3e01e6266 (GIMP_3_0_0_RC1)
 	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gimp/-/commit/fe26086e16943860f3852120f546ce913a7a73ee (GIMP_3_0_0_RC1)
 	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gimp/-/commit/e7523ed41271e48a909011b8598d496c1be642e2 (GIMP_3_0_0_RC2)
-CVE-2025-5198
+CVE-2025-5198 (A flaw was found in Stackrox, where it is vulnerable to Cross-site scr ...)
 	NOT-FOR-US: Stackrox
 CVE-2025-5203 (A vulnerability was found in Open Asset Import Library Assimp 5.4.3. I ...)
 	- assimp <unfixed>
@@ -6678,6 +6734,7 @@ CVE-2025-20137 (A vulnerability in the access control list (ACL) programming of
 CVE-2025-20122 (A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly  ...)
 	NOT-FOR-US: Cisco
 CVE-2024-47619 (syslog-ng is an enhanced log daemo. Prior to version 4.8.2, `tls_wildc ...)
+	{DLA-4182-1}
 	- syslog-ng 4.8.1-5 (bug #1104890)
 	[bookworm] - syslog-ng <no-dsa> (Minor issue)
 	NOTE: https://github.com/syslog-ng/syslog-ng/security/advisories/GHSA-xr54-gx74-fghg
@@ -299336,7 +299393,7 @@ CVE-2022-21156 (Access of uninitialized pointer in the Intel(R) Trace Analyzer a
 CVE-2022-21152 (Improper access control in the Intel(R) Edge Insights for Industrial s ...)
 	NOT-FOR-US: Intel
 CVE-2022-21150
-	RESERVED
+	REJECTED
 CVE-2022-21148 (Improper access control in the Intel(R) Edge Insights for Industrial s ...)
 	NOT-FOR-US: Intel
 CVE-2022-21135
@@ -303817,7 +303874,7 @@ CVE-2022-21216 (Insufficient granularity of access control in out-of-band manage
 CVE-2022-21204 (Improper permissions for Intel(R) Quartus(R) Prime Pro Edition before  ...)
 	NOT-FOR-US: Intel
 CVE-2022-21200
-	RESERVED
+	REJECTED
 CVE-2022-21174 (Improper access control in a third-party component of Intel(R) Quartus ...)
 	NOT-FOR-US: Intel
 CVE-2022-21157 (Improper access control in the Intel(R) Smart Campus Android applicati ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/37a992e5ea84a6a7306acfd16d5324f5c7812071

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/37a992e5ea84a6a7306acfd16d5324f5c7812071
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250528/c39b0779/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list