[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Sun, 18 May 2025 01:13:00 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
f5d38f72 by security tracker role at 2025-05-18T08:12:35+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,9 +1,63 @@
-CVE-2025-4921
+CVE-2025-4919 (An attacker was able to perform an out-of-bounds read or write 
on a Ja ...)
+       TODO: check
+CVE-2025-4918 (An attacker was able to perform an out-of-bounds read or write 
on a Ja ...)
+       TODO: check
+CVE-2025-4866 (A vulnerability was found in weibocom rill-flow 0.1.18. It has 
been cl ...)
+       TODO: check
+CVE-2025-4865 (A vulnerability was found in itsourcecode Restaurant Management 
System ...)
+       TODO: check
+CVE-2025-4864 (A vulnerability has been found in itsourcecode Restaurant 
Management S ...)
+       TODO: check
+CVE-2025-4863 (A vulnerability, which was classified as critical, was found in 
Advaya ...)
+       TODO: check
+CVE-2025-4862 (A vulnerability, which was classified as problematic, has been 
found i ...)
+       TODO: check
+CVE-2025-4861 (A vulnerability classified as critical was found in PHPGurukul 
Beauty  ...)
+       TODO: check
+CVE-2025-4860 (A vulnerability classified as problematic has been found in 
D-Link DAP ...)
+       TODO: check
+CVE-2025-4859 (A vulnerability was found in D-Link DAP-2695 
120b36r137_ALL_en_2021052 ...)
+       TODO: check
+CVE-2025-4858 (A vulnerability was found in D-Link DAP-2695 
120b36r137_ALL_en_2021052 ...)
+       TODO: check
+CVE-2025-4852 (A vulnerability, which was classified as problematic, has been 
found i ...)
+       TODO: check
+CVE-2025-4851 (A vulnerability classified as critical was found in TOTOLINK 
N300RH 6. ...)
+       TODO: check
+CVE-2025-4850 (A vulnerability classified as critical has been found in 
TOTOLINK N300 ...)
+       TODO: check
+CVE-2025-4849 (A vulnerability was found in TOTOLINK N300RH 
6.1c.1390_B20191101. It h ...)
+       TODO: check
+CVE-2025-4848 (A vulnerability was found in FreeFloat FTP Server 1.0 and 
classified a ...)
+       TODO: check
+CVE-2025-4847 (A vulnerability has been found in FreeFloat FTP Server 1.0 and 
classif ...)
+       TODO: check
+CVE-2025-4846 (A vulnerability, which was classified as critical, was found in 
FreeFl ...)
+       TODO: check
+CVE-2025-4845 (A vulnerability, which was classified as critical, has been 
found in F ...)
+       TODO: check
+CVE-2025-4844 (A vulnerability classified as critical was found in FreeFloat 
FTP Serv ...)
+       TODO: check
+CVE-2025-4843 (A vulnerability was found in D-Link DCS-932L 2.18.01. It has 
been clas ...)
+       TODO: check
+CVE-2025-4842 (A vulnerability was found in D-Link DCS-932L 2.18.01. It has 
been decl ...)
+       TODO: check
+CVE-2025-4841 (A vulnerability was found in D-Link DCS-932L 2.18.01 and 
classified as ...)
+       TODO: check
+CVE-2025-4839 (A vulnerability has been found in itwanger paicoding 
1.0.0/1.0.1/1.0.2 ...)
+       TODO: check
+CVE-2025-4838 (A vulnerability, which was classified as problematic, was found 
in kan ...)
+       TODO: check
+CVE-2025-4837 (A vulnerability classified as critical has been found in 
projectworlds ...)
+       TODO: check
+CVE-2025-3715 (The Bold Page Builder plugin for WordPress is vulnerable to 
Stored Cro ...)
+       TODO: check
+CVE-2025-4921 (An attacker was able to perform an out-of-bounds read or write 
on a Ja ...)
        - firefox 138.0.4-1
        - firefox-esr 128.10.1esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-36/#CVE-2025-4921
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-37/#CVE-2025-4921
-CVE-2025-4920
+CVE-2025-4920 (An attacker was able to perform an out-of-bounds read or write 
on a Ja ...)
        - firefox 138.0.4-1
        - firefox-esr 128.10.1esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-36/#CVE-2025-4920
@@ -3701,6 +3755,7 @@ CVE-2025-47439 (Improper Control of Filename for 
Include/Require Statement in PH
 CVE-2025-47423 (Personal Weather Station Dashboard 12_lts allows 
unauthenticated remot ...)
        NOT-FOR-US: Personal Weather Station Dashboard
 CVE-2025-47203 (dbclient in Dropbear SSH before 2025.88 allows command 
injection via a ...)
+       {DLA-4169-1}
        - dropbear 2025.88-1
        [bookworm] - dropbear <no-dsa> (Minor issue)
        NOTE: Fixed by: 
https://github.com/mkj/dropbear/commit/e5a0ef27c227f7ae69d9a9fec98a056494409b9b 
(DROPBEAR_2025.88)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f5d38f72d850d3157aea4ee96e7ad7df91487be6

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f5d38f72d850d3157aea4ee96e7ad7df91487be6
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to