[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu May 29 21:21:46 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d2f28b3c by security tracker role at 2025-05-29T20:21:38+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,28 +1,128 @@
-CVE-2025-37999 [fs/erofs/fileio: call erofs_onlinefolio_split() after bio_add_folio()]
+CVE-2025-5334 (Exposure of private personal information to an unauthorized actor in t ...)
+ TODO: check
+CVE-2025-5326 (A vulnerability was found in zhilink \u667a\u4e92\u8054(\u6df1\u5733)\ ...)
+ TODO: check
+CVE-2025-5325 (A vulnerability has been found in zhilink \u667a\u4e92\u8054(\u6df1\u5 ...)
+ TODO: check
+CVE-2025-5324 (A vulnerability, which was classified as problematic, was found in Tec ...)
+ TODO: check
+CVE-2025-5323 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2025-5321 (A vulnerability classified as critical was found in aimhubio aim up to ...)
+ TODO: check
+CVE-2025-5320 (A vulnerability classified as problematic has been found in gradio-app ...)
+ TODO: check
+CVE-2025-5286 (The Bold Page Builder plugin for WordPress is vulnerable to Stored Cro ...)
+ TODO: check
+CVE-2025-5122 (The Map Block Leaflet plugin for WordPress is vulnerable to Stored Cro ...)
+ TODO: check
+CVE-2025-4967 (Esri Portal for ArcGIS 11.4 and prior allows a remote, unauthenticated ...)
+ TODO: check
+CVE-2025-4687 (In Teltonika Networks Remote Management System (RMS), it is possible t ...)
+ TODO: check
+CVE-2025-4670 (The Easy Digital Downloads \u2013 eCommerce Payments and Subscriptions ...)
+ TODO: check
+CVE-2025-4081 (Use of entitlement "com.apple.security.cs.disable-library-validation" ...)
+ TODO: check
+CVE-2025-48748 (Netwrix Directory Manager (formerly Imanami GroupID) through v.10.0.77 ...)
+ TODO: check
+CVE-2025-48475 (FreeScout is a free self-hosted help desk and shared mailbox. Prior to ...)
+ TODO: check
+CVE-2025-48474 (FreeScout is a free self-hosted help desk and shared mailbox. Prior to ...)
+ TODO: check
+CVE-2025-48473 (FreeScout is a free self-hosted help desk and shared mailbox. Prior to ...)
+ TODO: check
+CVE-2025-48472 (FreeScout is a free self-hosted help desk and shared mailbox. Prior to ...)
+ TODO: check
+CVE-2025-48471 (FreeScout is a free self-hosted help desk and shared mailbox. Prior to ...)
+ TODO: check
+CVE-2025-48390 (FreeScout is a free self-hosted help desk and shared mailbox. Prior to ...)
+ TODO: check
+CVE-2025-48389 (FreeScout is a free self-hosted help desk and shared mailbox. Prior to ...)
+ TODO: check
+CVE-2025-48388 (FreeScout is a free self-hosted help desk and shared mailbox. Prior to ...)
+ TODO: check
+CVE-2025-48336 (Deserialization of Untrusted Data vulnerability in ThimPress Course Bu ...)
+ TODO: check
+CVE-2025-48047 (An authenticated user can perform command injection via unsanitized in ...)
+ TODO: check
+CVE-2025-48046 (An authenticated user can disclose the cleartext password of a configu ...)
+ TODO: check
+CVE-2025-48045 (An unauthenticated HTTP GET request to the /client.php endpoint will d ...)
+ TODO: check
+CVE-2025-47933 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...)
+ TODO: check
+CVE-2025-47288 (Discourse Policy plugin gives the ability to confirm users have seen o ...)
+ TODO: check
+CVE-2025-46823 (openmrs-module-fhir2 provides the FHIR REST API and related services f ...)
+ TODO: check
+CVE-2025-46722 (vLLM is an inference and serving engine for large language models (LLM ...)
+ TODO: check
+CVE-2025-46701 (Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's ...)
+ TODO: check
+CVE-2025-46570 (vLLM is an inference and serving engine for large language models (LLM ...)
+ TODO: check
+CVE-2025-46080 (HuoCMS V3.5.1 has a File Upload Vulnerability. An attacker can exploit ...)
+ TODO: check
+CVE-2025-46078 (HuoCMS V3.5.1 and before is vulnerable to file upload, which allows at ...)
+ TODO: check
+CVE-2025-45474 (maccms10 v2025.1000.4047 is vulnerable to Server-side request forgery ...)
+ TODO: check
+CVE-2025-3913 (Mattermost versions 10.7.x <= 10.7.0, 10.6.x <= 10.6.2, 10.5.x <= 10.5 ...)
+ TODO: check
+CVE-2025-3050 (IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 ...)
+ TODO: check
+CVE-2025-33043 (APTIOV contains a vulnerability in BIOS where an attacker may cause an ...)
+ TODO: check
+CVE-2025-32752 (Dell ThinOS 2502 and prior contain a Cleartext Storage of Sensitive In ...)
+ TODO: check
+CVE-2025-2518 (IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 ...)
+ TODO: check
+CVE-2025-29632 (Buffer Overflow vulnerability in Free5gc v.4.0.0 allows a remote attac ...)
+ TODO: check
+CVE-2025-27151 (Redis is an open source, in-memory database that persists on disk. In ...)
+ TODO: check
+CVE-2024-54952 (MikroTik RouterOS 6.40.5, the SMB service contains a memory corruption ...)
+ TODO: check
+CVE-2024-53423 (An issue in Open Network Foundation ONOS v2.7.0 allows attackers to ca ...)
+ TODO: check
+CVE-2024-52588 (Strapi is an open-source content management system. Prior to version 4 ...)
+ TODO: check
+CVE-2024-51392 (An issue in OpenKnowledgeMaps Headstart v7 allows a remote attacker to ...)
+ TODO: check
+CVE-2024-49350 (IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 ...)
+ TODO: check
+CVE-2024-22654 (tcpreplay v4.4.4 was discovered to contain an infinite loop via the tc ...)
+ TODO: check
+CVE-2024-22653 (yasm commit 9defefae was discovered to contain a NULL pointer derefere ...)
+ TODO: check
+CVE-2023-41591 (An issue in Open Network Foundation ONOS v2.7.0 allows attackers to cr ...)
+ TODO: check
+CVE-2025-37999 (In the Linux kernel, the following vulnerability has been resolved: f ...)
- linux 6.12.29-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/bbfe756dc3062c1e934f06e5ba39c239aa953b92 (6.15-rc6)
-CVE-2025-37998 [openvswitch: Fix unsafe attribute parsing in output_userspace()]
+CVE-2025-37998 (In the Linux kernel, the following vulnerability has been resolved: o ...)
- linux 6.12.29-1
[bookworm] - linux 6.1.139-1
NOTE: https://git.kernel.org/linus/6beb6835c1fbb3f676aebb51a5fee6b77fed9308 (6.15-rc6)
-CVE-2025-37997 [netfilter: ipset: fix region locking in hash types]
+CVE-2025-37997 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.12.29-1
[bookworm] - linux 6.1.139-1
NOTE: https://git.kernel.org/linus/8478a729c0462273188263136880480729e9efca (6.15-rc6)
-CVE-2025-37996 [KVM: arm64: Fix uninitialized memcache pointer in user_mem_abort()]
+CVE-2025-37996 (In the Linux kernel, the following vulnerability has been resolved: K ...)
- linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/157dbc4a321f5bb6f8b6c724d12ba720a90f1a7c (6.15-rc6)
-CVE-2025-37995 [module: ensure that kobject_put() is safe for module type kobjects]
+CVE-2025-37995 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.12.29-1
[bookworm] - linux 6.1.139-1
NOTE: https://git.kernel.org/linus/a6aeb739974ec73e5217c75a7c008a688d3d5cf1 (6.15-rc6)
-CVE-2025-37994 [usb: typec: ucsi: displayport: Fix NULL pointer access]
+CVE-2025-37994 (In the Linux kernel, the following vulnerability has been resolved: u ...)
- linux 6.12.29-1
[bookworm] - linux 6.1.139-1
NOTE: https://git.kernel.org/linus/312d79669e71283d05c05cc49a1a31e59e3d9e0e (6.15-rc6)
-CVE-2025-37993 [can: m_can: m_can_class_allocate_dev(): initialize spin lock on device probe]
+CVE-2025-37993 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux 6.12.29-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -268,28 +368,35 @@ CVE-2025-5278 (A flaw was found in GNU Coreutils. The sort utility's begfield()
NOTE: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=78507
NOTE: Crash in CLI tool, no security impact
CVE-2025-5067 (Inappropriate implementation in Tab Strip in Google Chrome prior to 13 ...)
+ {DSA-5929-1}
- chromium 137.0.7151.55-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-5281 (Inappropriate implementation in BFCache in Google Chrome prior to 137. ...)
+ {DSA-5929-1}
- chromium 137.0.7151.55-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-5066 (Inappropriate implementation in Messages in Google Chrome on Android p ...)
+ {DSA-5929-1}
- chromium 137.0.7151.55-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-5065 (Inappropriate implementation in FileSystemAccess API in Google Chrome ...)
+ {DSA-5929-1}
- chromium 137.0.7151.55-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-5064 (Inappropriate implementation in Background Fetch API in Google Chrome ...)
+ {DSA-5929-1}
- chromium 137.0.7151.55-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-5280 (Out of bounds write in V8 in Google Chrome prior to 137.0.7151.55 allo ...)
+ {DSA-5929-1}
- chromium 137.0.7151.55-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-5063 (Use after free in Compositing in Google Chrome prior to 137.0.7151.55 ...)
+ {DSA-5929-1}
- chromium 137.0.7151.55-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-5283 (Use after free in libvpx in Google Chrome prior to 137.0.7151.55 allow ...)
- {DSA-5928-1}
+ {DSA-5929-1 DSA-5928-1 DSA-5926-1}
- chromium 137.0.7151.55-1
[bullseye] - chromium <end-of-life> (see #1061268)
- firefox 139.0-1
@@ -535,7 +642,7 @@ CVE-2025-48744 (In SIGB PMB before 8.0.1.2, attackers can achieve Local File Inc
NOT-FOR-US: SIGB PMB
CVE-2025-48743 (SIGB PMB before 8.0.1.2 allows SQL injection.)
NOT-FOR-US: SIGB PMB
-CVE-2025-48742 (The installer in SIGB PMB before 8.0.1.2 allows remote code execution.)
+CVE-2025-48742 (The installer in SIGB PMB before and fixed in v.8.0.1.2 allows remote ...)
NOT-FOR-US: SIGB PMB
CVE-2025-48382 (Fess is a deployable Enterprise Search Server. Prior to version 14.19. ...)
NOT-FOR-US: Fess
@@ -3482,13 +3589,13 @@ CVE-2025-4209
CVE-2025-4169 (The Posts per Cat [Unmaintained plugin for WordPress is vulnerable to ...)
NOT-FOR-US: WordPress plugin
CVE-2025-48175 (In libavif before 1.3.0, avifImageRGBToYUV in reformat.c has integer o ...)
- {DLA-4179-1}
+ {DSA-5930-1 DLA-4179-1}
- libavif 1.2.1-1.1 (bug #1105883)
NOTE: https://github.com/AOMediaCodec/libavif/security/advisories/GHSA-762c-2538-h844
NOTE: https://github.com/AOMediaCodec/libavif/pull/2769
NOTE: https://github.com/AOMediaCodec/libavif/commit/64d956ed5a602f78cebf29da023280944ee92efd (v1.3.0)
CVE-2025-48174 (In libavif before 1.3.0, makeRoom in stream.c has an integer overflow ...)
- {DLA-4179-1}
+ {DSA-5930-1 DLA-4179-1}
- libavif 1.2.1-1.1 (bug #1105885)
NOTE: https://github.com/AOMediaCodec/libavif/pull/2768
NOTE: https://github.com/AOMediaCodec/libavif/commit/e5fdefe7d1776e6c4cf1703c163a8c0535599029 (v1.3.0)
@@ -10103,7 +10210,7 @@ CVE-2025-30087 (Best Practical RT (Request Tracker) 4.4 through 4.4.7 and 5.0 th
NOTE: Fixed by: https://github.com/bestpractical/rt/commit/e144e90f6a5ad2accad2dde1fef17187939b7110 (rt-4.4.8)
NOTE: Fixed by: https://github.com/bestpractical/rt/commit/367359e56a599b72c8e38e177eaba9d32e9a5471 (rt-5.0.8)
NOTE: Fixed by: https://github.com/bestpractical/rt/commit/e24ca3b0a63ce9c2b5d4e01cc419af5056deb346 (rt-5.0.8)
-CVE-2025-2545 (Vulnerability in Best Practical Solutions, LLC's Request Tracker v5.0. ...)
+CVE-2025-2545 (Vulnerability in Best Practical Solutions, LLC's Request Tracker prior ...)
{DSA-5911-1 DSA-5909-1 DLA-4157-1}
- request-tracker5 5.0.7+dfsg-3 (bug #1104422)
- request-tracker4 <unfixed> (bug #1104424)
@@ -11776,6 +11883,7 @@ CVE-2025-3820 (A vulnerability was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.
CVE-2025-3819 (A vulnerability has been found in PHPGurukul Men Salon Management Syst ...)
NOT-FOR-US: PHPGurukul
CVE-2025-3818 (A vulnerability, which was classified as critical, was found in webpy ...)
+ {DLA-4189-1}
- webpy 1:0.62-6 (bug #1103780)
NOTE: https://noppgwz8if.feishu.cn/docx/TxjpddUpTokyBwxibSgcTRr7nUf
NOTE: https://github.com/webpy/webpy/issues/806
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d2f28b3c231f6969ff0f7f5a9d437adae1fb82fc
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d2f28b3c231f6969ff0f7f5a9d437adae1fb82fc
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250529/2b8dd761/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list