[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Sat, 17 May 2025 01:13:01 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
a7c08042 by security tracker role at 2025-05-17T08:12:27+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,47 @@
+CVE-2025-4819 (A vulnerability classified as problematic has been found in 
y_project  ...)
+       TODO: check
+CVE-2025-4818 (A vulnerability was found in SourceCodester Doctor's 
Appointment Syste ...)
+       TODO: check
+CVE-2025-4817 (A vulnerability was found in Sourcecodester Doctor's 
Appointment Syste ...)
+       TODO: check
+CVE-2025-4816 (A vulnerability was found in SourceCodester Doctor's 
Appointment Syste ...)
+       TODO: check
+CVE-2025-4815 (A vulnerability was found in Campcodes Sales and Inventory 
System 1.0  ...)
+       TODO: check
+CVE-2025-4814 (A vulnerability has been found in Campcodes Sales and Inventory 
System ...)
+       TODO: check
+CVE-2025-4813 (A vulnerability, which was classified as critical, was found in 
PHPGur ...)
+       TODO: check
+CVE-2025-4812 (A vulnerability, which was classified as critical, has been 
found in P ...)
+       TODO: check
+CVE-2025-4811 (A vulnerability was found in CodeAstro Pharmacy Management 
System 1.0. ...)
+       TODO: check
+CVE-2025-4810 (A vulnerability was found in Tenda AC7 15.03.06.44. It has been 
declar ...)
+       TODO: check
+CVE-2025-4805 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
+       TODO: check
+CVE-2025-4804 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
+       TODO: check
+CVE-2025-4391 (The Echo RSS Feed Post Generator plugin for WordPress is 
vulnerable to ...)
+       TODO: check
+CVE-2025-4389 (The Crawlomatic Multipage Scraper Post Generator plugin for 
WordPress  ...)
+       TODO: check
+CVE-2025-4194 (The AlT Monitoring plugin for WordPress is vulnerable to 
Cross-Site Re ...)
+       TODO: check
+CVE-2025-4190 (The CSV Mass Importer WordPress plugin through 1.2 does not 
properly v ...)
+       TODO: check
+CVE-2025-4189 (The Audio Comments Plugin plugin for WordPress is vulnerable to 
Cross- ...)
+       TODO: check
+CVE-2025-48188 (libpspp-core.a in GNU PSPP through 2.0.1 has an incorrect call 
from fi ...)
+       TODO: check
+CVE-2025-3812 (The WPBot Pro Wordpress Chatbot plugin for WordPress is 
vulnerable to  ...)
+       TODO: check
+CVE-2025-32407 (Samsung Internet for Galaxy Watch version 5.0.9, available up 
until Sa ...)
+       TODO: check
+CVE-2025-1706 (Software installed and run as a non-privileged user may conduct 
improp ...)
+       TODO: check
+CVE-2024-47893 (Kernel software installed and running inside a Guest VM may 
exploit me ...)
+       TODO: check
 CVE-2025-4809 (A vulnerability was found in Tenda AC7 15.03.06.44. It has been 
classi ...)
        NOT-FOR-US: Tenda
 CVE-2025-4808 (A vulnerability was found in PHPGurukul Park Ticketing 
Management Syst ...)
@@ -1138,21 +1182,21 @@ CVE-2025-44184 (SourceCodester Best Employee Management 
System V1.0 is vulnerabl
 CVE-2025-40595 (A Server-side request forgery (SSRF) vulnerability has been 
identified ...)
        NOT-FOR-US: SonicWall
 CVE-2025-3932 (It was possible to craft an email that showed a tracking link 
as an at ...)
-       {DSA-5921-1}
+       {DSA-5921-1 DLA-4167-1}
        - thunderbird 1:128.10.1esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-34/#CVE-2025-3932
 CVE-2025-3931 (A flaw was found in Yggdrasil, which acts as a system broker, 
allowing ...)
        NOT-FOR-US: Red Hat Yggdrasil, different from src:yggdrasil
 CVE-2025-3909 (Thunderbird's handling of the X-Mozilla-External-Attachment-URL 
header ...)
-       {DSA-5921-1}
+       {DSA-5921-1 DLA-4167-1}
        - thunderbird 1:128.10.1esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-34/#CVE-2025-3909
 CVE-2025-3877 (A crafted HTML email using mailbox:/// links can trigger 
automatic, un ...)
-       {DSA-5921-1}
+       {DSA-5921-1 DLA-4167-1}
        - thunderbird 1:128.10.1esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-34/#CVE-2025-3877
 CVE-2025-3875 (Thunderbird parses addresses in a way that can allow sender 
spoofing i ...)
-       {DSA-5921-1}
+       {DSA-5921-1 DLA-4167-1}
        - thunderbird 1:128.10.1esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-34/#CVE-2025-3875
 CVE-2025-3834 (Zohocorp ManageEngineADAudit Plus versions8510and prior are 
vulnerable ...)
@@ -216242,8 +216286,8 @@ CVE-2022-4365 (An issue has been discovered in GitLab 
CE/EE affecting all versio
        - gitlab 15.10.8+ds1-2
 CVE-2022-4364 (A vulnerability classified as critical has been found in 
Teledyne FLIR ...)
        NOT-FOR-US: Teledyne
-CVE-2022-4363
-       RESERVED
+CVE-2022-4363 (The Wholesale Market WordPress plugin before 2.2.2, Wholesale 
Market f ...)
+       TODO: check
 CVE-2022-4362 (The Popup Maker WordPress plugin before 1.16.9 does not 
validate and e ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-4361 (Keycloak, an open-source identity and access management 
solution, has  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a7c080425f895ae34348dcf4492e038bf38ebd02

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a7c080425f895ae34348dcf4492e038bf38ebd02
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to