[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Sun, 18 May 2025 13:13:06 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
3229dcc1 by security tracker role at 2025-05-18T20:12:35+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,53 @@
+CVE-2025-4894 (A vulnerability classified as problematic was found in calmkart 
Django ...)
+       TODO: check
+CVE-2025-4893 (A vulnerability classified as critical has been found in 
jammy928 Coin ...)
+       TODO: check
+CVE-2025-4892 (A vulnerability was found in code-projects Police Station 
Management S ...)
+       TODO: check
+CVE-2025-4891 (A vulnerability was found in code-projects Police Station 
Management S ...)
+       TODO: check
+CVE-2025-4890 (A vulnerability was found in code-projects Tourism Management 
System 1 ...)
+       TODO: check
+CVE-2025-4889 (A vulnerability has been found in code-projects Tourism 
Management Sys ...)
+       TODO: check
+CVE-2025-4888 (A vulnerability, which was classified as critical, was found in 
code-p ...)
+       TODO: check
+CVE-2025-4887 (A vulnerability, which was classified as problematic, has been 
found i ...)
+       TODO: check
+CVE-2025-4886 (A vulnerability classified as critical was found in 
itsourcecode Sales ...)
+       TODO: check
+CVE-2025-4885 (A vulnerability classified as critical has been found in 
itsourcecode  ...)
+       TODO: check
+CVE-2025-4884 (A vulnerability was found in itsourcecode Restaurant Management 
System ...)
+       TODO: check
+CVE-2025-4883 (A vulnerability was found in D-Link DI-8100 16.07.26A1. It has 
been de ...)
+       TODO: check
+CVE-2025-4882 (A vulnerability was found in itsourcecode Restaurant Management 
System ...)
+       TODO: check
+CVE-2025-4881 (A vulnerability was found in itsourcecode Restaurant Management 
System ...)
+       TODO: check
+CVE-2025-4880 (A vulnerability has been found in PHPGurukul News Portal 4.1 
and class ...)
+       TODO: check
+CVE-2025-4875 (A vulnerability was found in Campcodes Online Shopping Portal 
1.0. It  ...)
+       TODO: check
+CVE-2025-4874 (A vulnerability was found in PHPGurukul News Portal Project 4.1 
and cl ...)
+       TODO: check
+CVE-2025-4873 (A vulnerability has been found in PHPGurukul News Portal 4.1 
and class ...)
+       TODO: check
+CVE-2025-4872 (A vulnerability, which was classified as critical, was found in 
FreeFl ...)
+       TODO: check
+CVE-2025-4871 (A vulnerability, which was classified as critical, has been 
found in P ...)
+       TODO: check
+CVE-2025-4870 (A vulnerability classified as critical was found in 
itsourcecode Resta ...)
+       TODO: check
+CVE-2025-4869 (A vulnerability classified as critical has been found in 
itsourcecode  ...)
+       TODO: check
+CVE-2025-4868 (A vulnerability was found in merikbest ecommerce-spring-reactjs 
up to  ...)
+       TODO: check
+CVE-2025-4867 (A vulnerability was found in Tenda A15 15.13.07.13. It has been 
declar ...)
+       TODO: check
+CVE-2025-48219 (O2 UK through 2025-05-17 allows subscribers to determine the 
Cell ID o ...)
+       TODO: check
 CVE-2025-4919 (An attacker was able to perform an out-of-bounds read or write 
on a Ja ...)
        - firefox-esr <not-affected> (Only affects the 115 series of Firefox 
ESR)
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-38/#CVE-2025-4919
@@ -54,12 +104,16 @@ CVE-2025-4837 (A vulnerability classified as critical has 
been found in projectw
        NOT-FOR-US: Project Worlds
 CVE-2025-3715 (The Bold Page Builder plugin for WordPress is vulnerable to 
Stored Cro ...)
        NOT-FOR-US: WordPress plugin
-CVE-2025-4921 (An attacker was able to perform an out-of-bounds read or write 
on a Ja ...)
+CVE-2025-4921
+       REJECTED
+       {DSA-5922-1}
        - firefox 138.0.4-1
        - firefox-esr 128.10.1esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-36/#CVE-2025-4921
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-37/#CVE-2025-4921
-CVE-2025-4920 (An attacker was able to perform an out-of-bounds read or write 
on a Ja ...)
+CVE-2025-4920
+       REJECTED
+       {DSA-5922-1}
        - firefox 138.0.4-1
        - firefox-esr 128.10.1esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-36/#CVE-2025-4920
@@ -1249,6 +1303,7 @@ CVE-2025-23166 [Improper error handling in async 
cryptographic operations crashe
        - nodejs 20.19.2+dfsg-1 (bug #1105832)
        NOTE: 
https://nodejs.org/en/blog/vulnerability/may-2025-security-releases#improper-error-handling-in-async-cryptographic-operations-crashes-process-cve-2025-23166---high
 CVE-2025-46836 (net-tools is a collection of programs that form the base set 
of the NE ...)
+       {DSA-5923-1}
        - net-tools 2.10-1.2 (bug #1105806)
        NOTE: 
https://github.com/ecki/net-tools/security/advisories/GHSA-pfwf-h6m3-63wf
        NOTE: Fixed by: 
https://github.com/ecki/net-tools/commit/7a8f42fb20013a1493d8cae1c43436f85e656f2d
@@ -2356,36 +2411,44 @@ CVE-2024-55466 (An arbitrary file upload vulnerability 
in the Image Gallery of T
 CVE-2023-34732 (An issue in the userId parameter in the change password 
function of Fl ...)
        NOT-FOR-US: Flytxt NEON-dX
 CVE-2025-20054 (Uncaught exception in the core management mechanism for some 
Intel(R)  ...)
+       {DLA-4170-1}
        - intel-microcode 3.20250512.1 (bug #1105172)
        NOTE: 
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01244.html
        NOTE: 
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250512
 CVE-2025-20103 (Insufficient resource pool in the core management mechanism 
for some I ...)
+       {DLA-4170-1}
        - intel-microcode 3.20250512.1 (bug #1105172)
        NOTE: 
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01244.html
        NOTE: 
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250512
 CVE-2024-45332 (Exposure of sensitive information caused by shared 
microarchitectural  ...)
+       {DLA-4170-1}
        - intel-microcode 3.20250512.1 (bug #1105172)
        NOTE: 
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01247.html
        NOTE: 
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250512
        NOTE: 
https://comsec.ethz.ch/research/microarch/branch-privilege-injection/
        NOTE: https://comsec.ethz.ch/wp-content/files/bprc_sec25.pdf
 CVE-2025-20623 (Exposure of sensitive information caused by shared 
microarchitectural  ...)
+       {DLA-4170-1}
        - intel-microcode 3.20250512.1 (bug #1105172)
        NOTE: 
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01247.html
        NOTE: 
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250512
 CVE-2024-43420 (Exposure of sensitive information caused by shared 
microarchitectural  ...)
+       {DLA-4170-1}
        - intel-microcode 3.20250512.1 (bug #1105172)
        NOTE: 
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01247.html
        NOTE: 
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250512
 CVE-2025-20012 (Incorrect behavior order for some Intel(R) Core\u2122 Ultra 
Processors ...)
+       {DLA-4170-1}
        - intel-microcode 3.20250512.1 (bug #1105172)
        NOTE: 
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01322.html
        NOTE: 
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250512
 CVE-2025-24495 (Incorrect initialization of resource in the branch prediction 
unit for ...)
+       {DLA-4170-1}
        - intel-microcode 3.20250512.1 (bug #1105172)
        NOTE: 
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01322.html
        NOTE: 
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250512
 CVE-2024-28956 (Exposure of Sensitive Information in Shared Microarchitectural 
Structu ...)
+       {DLA-4170-1}
        - intel-microcode 3.20250512.1 (bug #1105172)
        - linux 6.12.29-1
        - xen <unfixed> (bug #1105193)
@@ -48158,7 +48221,7 @@ CVE-2024-12952 (A vulnerability classified as critical 
was found in melMass comf
        NOT-FOR-US: melMass/comfy_mtb
 CVE-2024-12951 (A vulnerability classified as critical has been found in 1000 
Projects ...)
        NOT-FOR-US: 1000 Projects Portfolio Management System MCA
-CVE-2024-12950 (A vulnerability was found in code-projects Travel Management 
System 1. ...)
+CVE-2024-12950 (A vulnerability was found in code-projects/projectworlds 
Travel Manage ...)
        NOT-FOR-US: code-projects Travel Management System
 CVE-2024-12949 (A vulnerability was found in code-projects Travel Management 
System 1. ...)
        NOT-FOR-US: code-projects Travel Management System



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3229dcc1ab7605a890162f40fc7a591584c9df47

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3229dcc1ab7605a890162f40fc7a591584c9df47
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to