Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
cd5d0cb7 by security tracker role at 2025-04-30T08:11:50+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,60 +1,210 @@
-CVE-2025-4093
+CVE-2025-4095 (Registry Access Management (RAM) is a security feature allowing
admini ...)
+ TODO: check
+CVE-2025-4080 (A vulnerability has been found in PHPGurukul Online Nurse
Hiring Syste ...)
+ TODO: check
+CVE-2025-4079 (A vulnerability, which was classified as critical, was found in
PCMan ...)
+ TODO: check
+CVE-2025-4078 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2025-4077 (A vulnerability classified as critical was found in
code-projects Scho ...)
+ TODO: check
+CVE-2025-4076 (A vulnerability classified as critical has been found in
LB-LINK BL-AC ...)
+ TODO: check
+CVE-2025-4075 (A vulnerability was found in VMSMan up to 20250416. It has been
rated ...)
+ TODO: check
+CVE-2025-4074 (A vulnerability was found in PHPGurukul Curfew e-Pass
Management Syste ...)
+ TODO: check
+CVE-2025-4073 (A vulnerability was found in PHPGurukul Student Record System
3.20. It ...)
+ TODO: check
+CVE-2025-4072 (A vulnerability was found in PHPGurukul Online Nurse Hiring
System 1.0 ...)
+ TODO: check
+CVE-2025-4071 (A vulnerability has been found in PHPGurukul COVID19 Testing
Managemen ...)
+ TODO: check
+CVE-2025-4070 (A vulnerability, which was classified as critical, was found in
PHPGur ...)
+ TODO: check
+CVE-2025-4069 (A vulnerability, which was classified as critical, has been
found in c ...)
+ TODO: check
+CVE-2025-4068 (A vulnerability classified as critical was found in
code-projects Simp ...)
+ TODO: check
+CVE-2025-4067 (A vulnerability classified as critical has been found in
ScriptAndTool ...)
+ TODO: check
+CVE-2025-4066 (A vulnerability was found in ScriptAndTools
Online-Travling-System 1.0 ...)
+ TODO: check
+CVE-2025-4065 (A vulnerability was found in ScriptAndTools
Online-Travling-System 1.0 ...)
+ TODO: check
+CVE-2025-4064 (A vulnerability was found in ScriptAndTools
Online-Travling-System 1.0 ...)
+ TODO: check
+CVE-2025-4063 (A vulnerability was found in code-projects Student Information
Managem ...)
+ TODO: check
+CVE-2025-4062 (A vulnerability has been found in code-projects Theater Seat
Booking S ...)
+ TODO: check
+CVE-2025-4061 (A vulnerability, which was classified as critical, was found in
code-p ...)
+ TODO: check
+CVE-2025-4060 (A vulnerability, which was classified as critical, has been
found in P ...)
+ TODO: check
+CVE-2025-4059 (A vulnerability classified as critical was found in
code-projects Pris ...)
+ TODO: check
+CVE-2025-4058 (A vulnerability classified as critical has been found in
Projectworlds ...)
+ TODO: check
+CVE-2025-46782
+ REJECTED
+CVE-2025-46781
+ REJECTED
+CVE-2025-46780
+ REJECTED
+CVE-2025-46779
+ REJECTED
+CVE-2025-46778
+ REJECTED
+CVE-2025-46560 (vLLM is a high-throughput and memory-efficient inference and
serving e ...)
+ TODO: check
+CVE-2025-46552 (KHC-INVITATION-AUTOMATION is a GitHub automation script that
automatic ...)
+ TODO: check
+CVE-2025-46550 (YesWiki is a wiki system written in PHP. Prior to version
4.5.4, the ` ...)
+ TODO: check
+CVE-2025-46549 (YesWiki is a wiki system written in PHP. Prior to version
4.5.4, an at ...)
+ TODO: check
+CVE-2025-46350 (YesWiki is a wiki system written in PHP. Prior to version
4.5.4, an at ...)
+ TODO: check
+CVE-2025-46349 (YesWiki is a wiki system written in PHP. Prior to version
4.5.4, YesWi ...)
+ TODO: check
+CVE-2025-46348 (YesWiki is a wiki system written in PHP. Prior to version
4.5.4, the r ...)
+ TODO: check
+CVE-2025-46347 (YesWiki is a wiki system written in PHP. Prior to version
4.5.4, YesWi ...)
+ TODO: check
+CVE-2025-46346 (YesWiki is a wiki system written in PHP. Prior to version
4.5.4, a sto ...)
+ TODO: check
+CVE-2025-46344 (The Auth0 Next.js SDK is a library for implementing user
authenticatio ...)
+ TODO: check
+CVE-2025-45956 (A SQL injection vulnerability in manage_damage.php in
Sourcecodester C ...)
+ TODO: check
+CVE-2025-40619 (Bookgy does not provide for proper authorisation control in
multiple a ...)
+ TODO: check
+CVE-2025-40618 (SQL injection vulnerability in Bookgy. This vulnerability
could allow ...)
+ TODO: check
+CVE-2025-40617 (SQL injection vulnerability in Bookgy. This vulnerability
could allow ...)
+ TODO: check
+CVE-2025-40616 (Reflected Cross-Site Scripting (XSS) vulnerability in Bookgy.
This vul ...)
+ TODO: check
+CVE-2025-40615 (Reflected Cross-Site Scripting (XSS) vulnerability in Bookgy.
This vul ...)
+ TODO: check
+CVE-2025-3953 (The WP Statistics \u2013 The Most Popular Privacy-Friendly
Analytics P ...)
+ TODO: check
+CVE-2025-3929 (An XSS issue was discovered in MDaemon Email Server version
25.0.1 and ...)
+ TODO: check
+CVE-2025-3911 (Recording of environment variables, configured for running
containers, ...)
+ TODO: check
+CVE-2025-3910 (A flaw was found in Keycloak. The org.keycloak.authorization
package m ...)
+ TODO: check
+CVE-2025-3891 (A flaw was found in the mod_auth_openidc module for Apache
httpd. This ...)
+ TODO: check
+CVE-2025-3501 (A flaw was found in Keycloak. By setting a verification policy
to 'ALL ...)
+ TODO: check
+CVE-2025-3471 (The SureForms WordPress plugin before 1.4.4 does not have
proper auth ...)
+ TODO: check
+CVE-2025-3452 (The SecuPress Free \u2014 WordPress Security plugin for
WordPress is v ...)
+ TODO: check
+CVE-2025-3358
+ REJECTED
+CVE-2025-3301 (DPA countermeasures are unavailable for ECDH key agreement and
EdDSA s ...)
+ TODO: check
+CVE-2025-32444 (vLLM is a high-throughput and memory-efficient inference and
serving e ...)
+ TODO: check
+CVE-2025-32354 (In Zimbra Collaboration (ZCS) 9.0 through 10.1, a Cross-Site
Request F ...)
+ TODO: check
+CVE-2025-30202 (vLLM is a high-throughput and memory-efficient inference and
serving e ...)
+ TODO: check
+CVE-2025-29906 (Finit is a fast init for Linux systems. Versions starting from
3.0-rc1 ...)
+ TODO: check
+CVE-2025-25962 (An issue in Coresmartcontracts Uniswap v.3.0 and fixed in
v.4.0 allows ...)
+ TODO: check
+CVE-2025-25403 (Slims (Senayan Library Management Systems) 9 Bulian V9.6.1 is
vulnerab ...)
+ TODO: check
+CVE-2025-23181 (CWE-250: Execution with Unnecessary Privileges)
+ TODO: check
+CVE-2025-23180 (CWE-250: Execution with Unnecessary Privileges)
+ TODO: check
+CVE-2025-23179 (CWE-798: Use of Hard-coded Credentials)
+ TODO: check
+CVE-2025-23178 (CWE-923: Improper Restriction of Communication Channel to
Intended End ...)
+ TODO: check
+CVE-2025-23177 (CWE-427: Uncontrolled Search Path Element)
+ TODO: check
+CVE-2025-22884 (Delta Electronics ISPSoft version 3.20 is vulnerable to a
Stack-Based ...)
+ TODO: check
+CVE-2025-22883 (Delta Electronics ISPSoft version 3.20 is vulnerable to
anOut-Of-Bound ...)
+ TODO: check
+CVE-2025-22882 (Delta Electronics ISPSoft version 3.20 is vulnerable to a
Stack-Based ...)
+ TODO: check
+CVE-2025-1551 (IBM Operational Decision Manager 8.11.0.1, 8.11.1.0, 8.12.0.1,
and 9.0 ...)
+ TODO: check
+CVE-2025-1194 (A Regular Expression Denial of Service (ReDoS) vulnerability
was ident ...)
+ TODO: check
+CVE-2025-0716 (Improper sanitization of the value of the 'href' and
'xlink:href' attr ...)
+ TODO: check
+CVE-2025-0520 (An unrestricted file upload vulnerability in ShowDoc caused by
imprope ...)
+ TODO: check
+CVE-2024-57698 (An issue in modernwms v.1.0 allows an attacker view the MD5
hash of th ...)
+ TODO: check
+CVE-2023-4377
+ REJECTED
+CVE-2025-4093 (Memory safety bug present in Firefox ESR 128.9, and Thunderbird
128.9. ...)
- firefox-esr 128.10.0esr-1
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-29/#CVE-2025-4093
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-32/#CVE-2025-4093
-CVE-2025-4092
+CVE-2025-4092 (Memory safety bugs present in Firefox 137 and Thunderbird 137.
Some of ...)
- firefox <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-28/#CVE-2025-4092
-CVE-2025-4091
+CVE-2025-4091 (Memory safety bugs present in Firefox 137, Thunderbird 137,
Firefox ES ...)
- firefox <unfixed>
- firefox-esr 128.10.0esr-1
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-28/#CVE-2025-4091
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-29/#CVE-2025-4091
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-32/#CVE-2025-4091
-CVE-2025-4090
+CVE-2025-4090 (A vulnerability existed in Firefox for Android where
potentially sensi ...)
- firefox <not-affected> (Only affects Firefox on Android)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-28/#CVE-2025-4090
-CVE-2025-4089
+CVE-2025-4089 (Due to insufficient escaping of special characters in the "copy
as cUR ...)
- firefox <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-28/#CVE-2025-4089
-CVE-2025-4088
+CVE-2025-4088 (A security vulnerability in Firefox allowed malicious sites to
use red ...)
- firefox <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-28/#CVE-2025-4088
-CVE-2025-4087
+CVE-2025-4087 (A vulnerability was identified in Firefox where XPath parsing
could tr ...)
- firefox <unfixed>
- firefox-esr 128.10.0esr-1
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-28/#CVE-2025-4087
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-29/#CVE-2025-4087
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-32/#CVE-2025-4087
-CVE-2025-4086
+CVE-2025-4086 (A specially crafted filename containing a large number of
encoded newl ...)
- firefox <not-affected> (Only affects Firefox on Android)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-28/#CVE-2025-4086
-CVE-2025-4085
+CVE-2025-4085 (An attacker with control over a content process could
potentially leve ...)
- firefox <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-28/#CVE-2025-4085
-CVE-2025-4084
+CVE-2025-4084 (Due to insufficient escaping of the special characters in the
"copy as ...)
- firefox-esr <not-affected> (Only affects Firefox on Windows)
- thunderbird <not-affected> (Only affects Thunderbird on Windows)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-29/#CVE-2025-4084
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-32/#CVE-2025-4084
-CVE-2025-4083
+CVE-2025-4083 (A process isolation vulnerability in Firefox stemmed from
improper han ...)
- firefox <unfixed>
- firefox-esr 128.10.0esr-1
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-28/#CVE-2025-4083
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-29/#CVE-2025-4083
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-32/#CVE-2025-4083
-CVE-2025-4082
+CVE-2025-4082 (Modification of specific WebGL shader attributes could trigger
an out- ...)
- firefox <not-affected> (Only affects Firefox on MacOS)
- firefox-esr <not-affected> (Only affects Firefox on MacOS)
- thunderbird <not-affected> (Only affects Thunderbird on MacOS)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-28/#CVE-2025-4082
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-29/#CVE-2025-4082
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-32/#CVE-2025-4082
-CVE-2025-2817
+CVE-2025-2817 (Mozilla Firefox's update mechanism allowed a medium-integrity
user pro ...)
- firefox <not-affected> (Only affects Firefox Updater on Windows)
- firefox-esr <not-affected> (Only affects Firefox ESR Updater on
Windows)
- thunderbird <not-affected> (Only affects Thunderbird Updater on
Windows)
@@ -78,12 +228,12 @@ CVE-2025-31501 [Cross Site Scripting via JavaScript
injection in an Asset name]
- request-tracker5 <unfixed> (bug #1104422)
CVE-2025-31500 [Cross Site Scripting via JavaScript injection in an RT
permalink]
- request-tracker5 <unfixed> (bug #1104422)
-CVE-2024-58099 [vmxnet3: Fix packet corruption in vmxnet3_xdp_xmit_frame]
+CVE-2024-58099 (In the Linux kernel, the following vulnerability has been
resolved: v ...)
- linux 6.11.6-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/4678adf94da4a9e9683817b246b58ce15fb81782 (6.12-rc4)
-CVE-2025-30194
+CVE-2025-30194 (When DNSdist is configured to provide DoH via the nghttp2
provider, an ...)
- dnsdist 1.9.9-1 (bug #1104351)
[bookworm] - dnsdist <not-affected> (Introduced in 1.9.0)
[bullseye] - dnsdist <not-affected> (Introduced in 1.9.0)
@@ -160,7 +310,7 @@ CVE-2024-11922 (Missing input validation in certain
features of the Web Client o
NOT-FOR-US: Fortra
CVE-2024-10635 (Enterprise Protection contains an improper input validation
vulnerabil ...)
NOT-FOR-US: Proofpoint
-CVE-2025-4035
+CVE-2025-4035 (A flaw was found in libsoup. When handling cookies, libsoup
clients mi ...)
- libsoup3 <unfixed> (bug #1104414)
- libsoup2.4 <unfixed> (bug #1104415)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2362651
@@ -1625,18 +1775,22 @@ CVE-2025-43966 (libheif before 1.19.6 has a NULL
pointer dereference in ImageIte
- libheif 1.19.7-1
NOTE: Fixed by:
https://github.com/strukturag/libheif/commit/b38555387e4b5dcf036fe45b0c440aca19b7b69c
(v1.19.6)
CVE-2025-43964 (In LibRaw before 0.21.4, tag 0x412 processing in
phase_one_correct in ...)
+ {DLA-4142-1}
- libraw 0.21.4-1 (bug #1103783)
[bookworm] - libraw <no-dsa> (Minor issue)
NOTE: Fixed by:
https://github.com/LibRaw/LibRaw/commit/a50dc3f1127d2e37a9b39f57ad9bb2ebb60f18c0
(0.21.4)
CVE-2025-43963 (In LibRaw before 0.21.4, phase_one_correct in
decoders/load_mfbacks.cp ...)
+ {DLA-4142-1}
- libraw 0.21.4-1 (bug #1103782)
[bookworm] - libraw <no-dsa> (Minor issue)
NOTE: Fixed by:
https://github.com/LibRaw/LibRaw/commit/be26e7639ecf8beb55f124ce780e99842de2e964
(0.21.4)
CVE-2025-43962 (In LibRaw before 0.21.4, phase_one_correct in
decoders/load_mfbacks.cp ...)
+ {DLA-4142-1}
- libraw 0.21.4-1 (bug #1103781)
[bookworm] - libraw <no-dsa> (Minor issue)
NOTE: Fixed by:
https://github.com/LibRaw/LibRaw/commit/66fe663e02a4dd610b4e832f5d9af326709336c2
(0.21.4)
CVE-2025-43961 (In LibRaw before 0.21.4, metadata/tiff.cpp has an
out-of-bounds read i ...)
+ {DLA-4142-1}
- libraw 0.21.4-1 (bug #1103781)
[bookworm] - libraw <no-dsa> (Minor issue)
NOTE: Fixed by:
https://github.com/LibRaw/LibRaw/commit/66fe663e02a4dd610b4e832f5d9af326709336c2
(0.21.4)
@@ -31615,6 +31769,7 @@ CVE-2025-0611 (Object corruption in V8 in Google Chrome
prior to 132.0.6834.110
CVE-2025-0604 (A flaw was found in Keycloak. When an Active Directory user
resets the ...)
- keycloak <itp> (bug #1088287)
CVE-2025-0395 (When the assert() function in the GNU C Library versions 2.13
to 2.40 ...)
+ {DLA-4143-1}
- glibc 2.40-6
[bookworm] - glibc 2.36-9+deb12u10
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=32582
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd5d0cb7572bfa9fe5d79fba7bf4dfa73313e26c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd5d0cb7572bfa9fe5d79fba7bf4dfa73313e26c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
