[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri May 30 21:12:49 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d6b5bb4b by security tracker role at 2025-05-30T20:12:42+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,131 @@
+CVE-2025-5361 (A vulnerability, which was classified as critical, has been found in C ...)
+ TODO: check
+CVE-2025-5360 (A vulnerability classified as critical was found in Campcodes Online H ...)
+ TODO: check
+CVE-2025-5359 (A vulnerability classified as critical has been found in Campcodes Onl ...)
+ TODO: check
+CVE-2025-5358 (A vulnerability was found in PHPGurukul/Campcodes Cyber Cafe Managemen ...)
+ TODO: check
+CVE-2025-5357 (A vulnerability was found in FreeFloat FTP Server 1.0. It has been dec ...)
+ TODO: check
+CVE-2025-5356 (A vulnerability was found in FreeFloat FTP Server 1.0. It has been cla ...)
+ TODO: check
+CVE-2025-5235 (The OpenSheetMusicDisplay plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2025-5190 (The Browse As plugin for WordPress is vulnerable to authentication byp ...)
+ TODO: check
+CVE-2025-5142 (The Simple Page Access Restriction plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2025-4992 (A stored Cross-site Scripting (XSS) vulnerability affecting Service It ...)
+ TODO: check
+CVE-2025-4991 (A stored Cross-site Scripting (XSS) vulnerability affecting 3D Markup ...)
+ TODO: check
+CVE-2025-4990 (A stored Cross-site Scripting (XSS) vulnerability affecting Change Gov ...)
+ TODO: check
+CVE-2025-4989 (A stored Cross-site Scripting (XSS) vulnerability affecting Requiremen ...)
+ TODO: check
+CVE-2025-4988 (A stored Cross-site Scripting (XSS) vulnerability affecting Results An ...)
+ TODO: check
+CVE-2025-4986 (A stored Cross-site Scripting (XSS) vulnerability affecting Model Defi ...)
+ TODO: check
+CVE-2025-4985 (A stored Cross-site Scripting (XSS) vulnerability affecting Risk Manag ...)
+ TODO: check
+CVE-2025-4984 (A stored Cross-site Scripting (XSS) vulnerability affecting City Disco ...)
+ TODO: check
+CVE-2025-4983 (A stored Cross-site Scripting (XSS) vulnerability affecting City Refer ...)
+ TODO: check
+CVE-2025-4944 (The LA-Studio Element Kit for Elementor plugin for WordPress is vulner ...)
+ TODO: check
+CVE-2025-4636 (Due to excessive privileges granted to the web user running the airpoi ...)
+ TODO: check
+CVE-2025-4635 (A malicious user with administrative privileges in the web portal woul ...)
+ TODO: check
+CVE-2025-4634 (The web portal on airpointer 2.4.107-2 was vulnerable local file inclu ...)
+ TODO: check
+CVE-2025-4633 (Default credentials were present in the web portal for Airpointer 2.4. ...)
+ TODO: check
+CVE-2025-4597 (The Woo Slider Pro \u2013 Drag Drop Slider Builder For WooCommerce plu ...)
+ TODO: check
+CVE-2025-4433 (Improper access control in user group management in Devolutions Server ...)
+ TODO: check
+CVE-2025-48949 (Navidrome is an open source web-based music collection server and stre ...)
+ TODO: check
+CVE-2025-48948 (Navidrome is an open source web-based music collection server and stre ...)
+ TODO: check
+CVE-2025-48946 (liboqs is a C-language cryptographic library that provides implementat ...)
+ TODO: check
+CVE-2025-48944 (vLLM is an inference and serving engine for large language models (LLM ...)
+ TODO: check
+CVE-2025-48943 (vLLM is an inference and serving engine for large language models (LLM ...)
+ TODO: check
+CVE-2025-48942 (vLLM is an inference and serving engine for large language models (LLM ...)
+ TODO: check
+CVE-2025-48938 (go-gh is a collection of Go modules to make authoring GitHub CLI exten ...)
+ TODO: check
+CVE-2025-48912 (An authenticated malicious actor using specially crafted requests coul ...)
+ TODO: check
+CVE-2025-48887 (vLLM, an inference and serving engine for large language models (LLMs) ...)
+ TODO: check
+CVE-2025-48885 (application-urlshortener create shortened URLs for XWiki pages. Versio ...)
+ TODO: check
+CVE-2025-48883 (Chrome PHP allows users to start playing with chrome/chromium in headl ...)
+ TODO: check
+CVE-2025-48882 (PHPOffice Math is a library that provides a set of classes to manipula ...)
+ TODO: check
+CVE-2025-48874
+ REJECTED
+CVE-2025-48873
+ REJECTED
+CVE-2025-48872
+ REJECTED
+CVE-2025-48871
+ REJECTED
+CVE-2025-48870
+ REJECTED
+CVE-2025-48334 (Missing Authorization vulnerability in BinaryCarpenter Woo Slider Pro ...)
+ TODO: check
+CVE-2025-48331 (Insertion of Sensitive Information Into Sent Data vulnerability in Van ...)
+ TODO: check
+CVE-2025-3611 (Mattermost versions 10.7.x <= 10.7.0, 10.5.x <= 10.5.3, 9.11.x <= 9.11 ...)
+ TODO: check
+CVE-2025-3230 (Mattermost versions 10.7.x <= 10.7.0, 10.6.x <= 10.6.2, 10.5.x <= 10.5 ...)
+ TODO: check
+CVE-2025-2571 (Mattermost versions 10.7.x <= 10.7.0, 10.6.x <= 10.6.2, 10.5.x <= 10.5 ...)
+ TODO: check
+CVE-2025-2503 (An improper permission handling vulnerability was reported in Lenovo P ...)
+ TODO: check
+CVE-2025-2502 (An improper default permissions vulnerability was reported in Lenovo P ...)
+ TODO: check
+CVE-2025-2501 (An untrusted search path vulnerability was reported in Lenovo PC Manag ...)
+ TODO: check
+CVE-2025-2500 (A vulnerability exists in the SOAP Web services of the Asset Suite ve ...)
+ TODO: check
+CVE-2025-1792 (Mattermost versions 10.7.x <= 10.7.0, 10.5.x <= 10.5.3, 9.11.x <= 9.11 ...)
+ TODO: check
+CVE-2025-1763 (An issue has been discovered in GitLab EE that allows for cross-site-s ...)
+ TODO: check
+CVE-2025-1484 (A vulnerability exists in the media upload component of the Asset Sui ...)
+ TODO: check
+CVE-2025-1479 (An open debug interface was reported in the Legion Space software incl ...)
+ TODO: check
+CVE-2025-0602 (A stored Cross-site Scripting (XSS) vulnerability affecting Compare in ...)
+ TODO: check
+CVE-2024-7097 (An incorrect authorization vulnerability exists in multiple WSO2 produ ...)
+ TODO: check
+CVE-2024-7096 (A privilege escalation vulnerability exists in multiple [Vendor Name] ...)
+ TODO: check
+CVE-2024-42191 (HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a COM hija ...)
+ TODO: check
+CVE-2024-42190 (HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a DLL hija ...)
+ TODO: check
+CVE-2024-23589 (Due to outdated Hash algorithm, HCL Glovius Cloud could allow attacker ...)
+ TODO: check
+CVE-2024-13917 (Anapplication "com.pri.applock", which is pre-loaded onKruger&Matz sma ...)
+ TODO: check
+CVE-2024-13916 (Anapplication "com.pri.applock", which is pre-loaded onKruger&Matz sma ...)
+ TODO: check
+CVE-2024-13915 (Android based smartphones from vendors such as Ulefone andKr\xfcger&Ma ...)
+ TODO: check
CVE-2025-5332 (A vulnerability was found in 1000 Projects Online Notice Board 1.0 and ...)
NOT-FOR-US: 1000 Projects Online Notice Board
CVE-2025-5331 (A vulnerability has been found in PCMan FTP Server 2.0.7 and classifie ...)
@@ -284,7 +412,7 @@ CVE-2025-37993 (In the Linux kernel, the following vulnerability has been resolv
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/dcaeeb8ae84c5506ebc574732838264f3887738c (6.15-rc6)
-CVE-2025-4598
+CVE-2025-4598 (A vulnerability was found in systemd-coredump. This flaw allows an att ...)
{DSA-5931-1}
- systemd 257.6-1 (bug #1106785)
NOTE: https://www.qualys.com/2025/05/29/apport-coredump/apport-coredump.txt
@@ -308,7 +436,7 @@ CVE-2025-4598
NOTE: Fixed by: https://github.com/systemd/systemd-stable/commit/7fc7aa5a4d28d7768dfd1eb85be385c3ea949168 (v254.26)
NOTE: Fixed by: https://github.com/systemd/systemd-stable/commit/19b228662e0fcc6596c0395a0af8486a4b3f1627 (v253.33)
NOTE: Fixed by: https://github.com/systemd/systemd-stable/commit/2eb46dce078334805c547cbcf5e6462cf9d2f9f0 (v252.38)
-CVE-2025-5054
+CVE-2025-5054 (Race condition in Canonical apport up to and including 2.32.0 allows a ...)
NOT-FOR-US: Apport
CVE-2025-27464
NOT-FOR-US: Windows XenBus WinPVDriver
@@ -564,7 +692,7 @@ CVE-2025-5063 (Use after free in Compositing in Google Chrome prior to 137.0.715
- chromium 137.0.7151.55-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-5283 (Use after free in libvpx in Google Chrome prior to 137.0.7151.55 allow ...)
- {DSA-5929-1 DSA-5928-1 DSA-5926-1 DLA-4191-1}
+ {DSA-5932-1 DSA-5929-1 DSA-5928-1 DSA-5926-1 DLA-4194-1 DLA-4191-1}
- chromium 137.0.7151.55-1
[bullseye] - chromium <end-of-life> (see #1061268)
- firefox 139.0-1
@@ -661,13 +789,13 @@ CVE-2025-5272 (Memory safety bugs present in Firefox 138 and Thunderbird 138. So
- firefox 139.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-42/#CVE-2025-5272
CVE-2025-5269 (Memory safety bug present in Firefox ESR 128.10, and Thunderbird 128.1 ...)
- {DSA-5926-1 DLA-4191-1}
+ {DSA-5932-1 DSA-5926-1 DLA-4194-1 DLA-4191-1}
- firefox-esr 128.11.0esr-1
- thunderbird 1:128.11.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-44/#CVE-2025-5269
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-46/#CVE-2025-5269
CVE-2025-5268 (Memory safety bugs present in Firefox 138, Thunderbird 138, Firefox ES ...)
- {DSA-5926-1 DLA-4191-1}
+ {DSA-5932-1 DSA-5926-1 DLA-4194-1 DLA-4191-1}
- firefox 139.0-1
- firefox-esr 128.11.0esr-1
- thunderbird 1:128.11.0esr-1
@@ -675,7 +803,7 @@ CVE-2025-5268 (Memory safety bugs present in Firefox 138, Thunderbird 138, Firef
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-44/#CVE-2025-5268
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-46/#CVE-2025-5268
CVE-2025-5267 (A clickjacking vulnerability could have been used to trick a user into ...)
- {DSA-5926-1 DLA-4191-1}
+ {DSA-5932-1 DSA-5926-1 DLA-4194-1 DLA-4191-1}
- firefox 139.0-1
- firefox-esr 128.11.0esr-1
- thunderbird 1:128.11.0esr-1
@@ -689,7 +817,7 @@ CVE-2025-5270 (In certain cases, SNI could have been sent unencrypted even when
- firefox 139.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-42/#CVE-2025-5270
CVE-2025-5266 (Script elements loading cross-origin resources generated load and erro ...)
- {DSA-5926-1 DLA-4191-1}
+ {DSA-5932-1 DSA-5926-1 DLA-4194-1 DLA-4191-1}
- firefox 139.0-1
- firefox-esr 128.11.0esr-1
- thunderbird 1:128.11.0esr-1
@@ -704,7 +832,7 @@ CVE-2025-5265 (Due to insufficient escaping of the ampersand character in the \u
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-44/#CVE-2025-5265
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-46/#CVE-2025-5265
CVE-2025-5264 (Due to insufficient escaping of the newline character in the \u201cCop ...)
- {DSA-5926-1 DLA-4191-1}
+ {DSA-5932-1 DSA-5926-1 DLA-4194-1 DLA-4191-1}
- firefox 139.0-1
- firefox-esr 128.11.0esr-1
- thunderbird 1:128.11.0esr-1
@@ -712,7 +840,7 @@ CVE-2025-5264 (Due to insufficient escaping of the newline character in the \u20
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-44/#CVE-2025-5264
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-46/#CVE-2025-5264
CVE-2025-5263 (Error handling for script execution was incorrectly isolated from web ...)
- {DSA-5926-1 DLA-4191-1}
+ {DSA-5932-1 DSA-5926-1 DLA-4194-1 DLA-4191-1}
- firefox 139.0-1
- firefox-esr 128.11.0esr-1
- thunderbird 1:128.11.0esr-1
@@ -1489,7 +1617,7 @@ CVE-2018-25110 (Marked prior to version 0.3.17 is vulnerable to a Regular Expres
NOTE: https://github.com/markedjs/marked/pull/1083
NOTE: Fixed by: https://github.com/markedjs/marked/commit/b15e42b67cec9ded8505e9d68bb8741ad7a9590d (v0.3.18)
NOTE: Fixed by: https://github.com/markedjs/marked/commit/2846212bb025d483690b95a007994d0d027ed056 (v0.3.18)
-CVE-2025-40909 [Thread creation while a directory handle is open does a fchdir, affecting other threads (race condition)]
+CVE-2025-40909 (Perl threads have a working directory race condition where file operat ...)
- perl <unfixed> (bug #1098226)
[bookworm] - perl <no-dsa> (Minor issue; Perl maintainer will fix it via point release)
[bullseye] - perl <postponed> (Minor issue, revisit when fixed upstream)
@@ -3204,7 +3332,7 @@ CVE-2025-4867 (A vulnerability was found in Tenda A15 15.13.07.13. It has been d
CVE-2025-48219 (O2 UK before 2025-05-19 allows subscribers to determine the Cell ID of ...)
NOT-FOR-US: O2 UK
CVE-2025-4919 (An attacker was able to perform an out-of-bounds read or write on a Ja ...)
- {DSA-5922-1 DLA-4172-1}
+ {DSA-5932-1 DSA-5922-1 DLA-4194-1 DLA-4172-1}
- firefox 138.0.4-1
- firefox-esr 128.10.1esr-1
- thunderbird 1:128.11.0esr-1
@@ -3213,7 +3341,7 @@ CVE-2025-4919 (An attacker was able to perform an out-of-bounds read or write on
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-38/#CVE-2025-4919
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-40/#CVE-2025-4919
CVE-2025-4918 (An attacker was able to perform an out-of-bounds read or write on a Ja ...)
- {DSA-5922-1 DLA-4172-1}
+ {DSA-5932-1 DSA-5922-1 DLA-4194-1 DLA-4172-1}
- firefox 138.0.4-1
- firefox-esr 128.10.1esr-1
- thunderbird 1:128.11.0esr-1
@@ -4268,9 +4396,9 @@ CVE-2025-4698 (A vulnerability classified as critical has been found in PHPGuruk
NOT-FOR-US: PHPGurukul
CVE-2025-4697 (A vulnerability was found in PHPGurukul Directory Management System 2. ...)
NOT-FOR-US: PHPGurukul
-CVE-2025-4696 (A vulnerability was found in PHPGurukul Cyber Cafe Management System 1 ...)
+CVE-2025-4696 (A vulnerability was found in PHPGurukul/Campcodes Cyber Cafe Managemen ...)
NOT-FOR-US: PHPGurukul
-CVE-2025-4695 (A vulnerability was found in PHPGurukul Cyber Cafe Management System 1 ...)
+CVE-2025-4695 (A vulnerability was found in PHPGurukul/Campcodes Cyber Cafe Managemen ...)
NOT-FOR-US: PHPGurukul
CVE-2025-4564 (The TicketBAI Facturas para WooCommerce plugin for WordPress is vulner ...)
NOT-FOR-US: WordPress plugin
@@ -8003,7 +8131,7 @@ CVE-2025-4237 (A vulnerability was found in PCMan FTP Server 2.0.7 and classifie
NOT-FOR-US: PCMan FTP Server
CVE-2025-4236 (A vulnerability has been found in PCMan FTP Server 2.0.7 and classifie ...)
NOT-FOR-US: PCMan FTP Server
-CVE-2025-4226 (A vulnerability classified as critical has been found in PHPGurukul Cy ...)
+CVE-2025-4226 (A vulnerability classified as critical has been found in PHPGurukul/Ca ...)
NOT-FOR-US: PHPGurukul
CVE-2025-1838 (IBM Cloud Pak for Business Automation 24.0.0 and 24.0.1 through 24.0 ...)
NOT-FOR-US: IBM
@@ -14739,6 +14867,7 @@ CVE-2025-3589 (A vulnerability, which was classified as critical, was found in S
CVE-2025-3588 (A vulnerability, which was classified as problematic, has been found i ...)
NOT-FOR-US: joelittlejohn jsonschema2pojo
CVE-2025-3576 (A vulnerability in the MIT Kerberos implementation allows GSSAPI-prote ...)
+ {DLA-4195-1}
- krb5 1.21.2-1 (bug #1103525)
[bookworm] - krb5 <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2359465
@@ -68355,6 +68484,7 @@ CVE-2024-45802 (Squid is an open source caching proxy for the Web supporting HTT
CVE-2024-9162 (The All-in-One WP Migration and Backup plugin for WordPress is vulnera ...)
NOT-FOR-US: WordPress plugin
CVE-2024-50624 (ispdbservice.cpp in KDE Kmail before 6.2.0 allows man-in-the-middle at ...)
+ {DLA-4196-1}
[experimental] - kmail-account-wizard 4:24.08.0-1
- kmail-account-wizard 4:24.12.0-2 (bug #1086198)
[bookworm] - kmail-account-wizard <no-dsa> (Minor issue)
@@ -201563,8 +201693,8 @@ CVE-2023-26228
RESERVED
CVE-2023-26227
RESERVED
-CVE-2023-26226
- RESERVED
+CVE-2023-26226 (A use after free memory corruption issue exists in Yandex Browser for ...)
+ TODO: check
CVE-2023-26225
RESERVED
CVE-2023-26224
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6b5bb4bcfe532c3facefaf7443405d4da15a490
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6b5bb4bcfe532c3facefaf7443405d4da15a490
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250530/58d50fc6/attachment.htm>
More information about the debian-security-tracker-commits
mailing list