Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
89bcd1f2 by security tracker role at 2025-05-21T08:12:31+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,83 @@
+CVE-2025-5013 (A vulnerability, which was classified as problematic, was found
in HkC ...)
+ TODO: check
+CVE-2025-5011 (A vulnerability classified as problematic was found in
moonlightL hexo ...)
+ TODO: check
+CVE-2025-5010 (A vulnerability classified as problematic has been found in
moonlightL ...)
+ TODO: check
+CVE-2025-5008 (A vulnerability was found in projectworlds Online Time Table
Generator ...)
+ TODO: check
+CVE-2025-5007 (A vulnerability was found in Part-DB up to 1.17.0. It has been
declare ...)
+ TODO: check
+CVE-2025-5006 (A vulnerability was found in Campcodes Online Shopping Portal
1.0. It ...)
+ TODO: check
+CVE-2025-5004 (A vulnerability was found in projectworlds Online Time Table
Generator ...)
+ TODO: check
+CVE-2025-5003 (A vulnerability has been found in projectworlds Online Time
Table Gene ...)
+ TODO: check
+CVE-2025-5002 (A vulnerability, which was classified as critical, was found in
Source ...)
+ TODO: check
+CVE-2025-5001 (A vulnerability was found in GNU PSPP
82fb509fb2fedd33e7ac0c46ca99e108 ...)
+ TODO: check
+CVE-2025-5000 (A vulnerability was found in Linksys FGW3000-AH and FGW3000-HK
up to 1 ...)
+ TODO: check
+CVE-2025-4999 (A vulnerability was found in Linksys FGW3000-AH and FGW3000-HK
up to 1 ...)
+ TODO: check
+CVE-2025-4998 (A vulnerability has been found in H3C Magic R200G up to 100R002
and cl ...)
+ TODO: check
+CVE-2025-4969 (A vulnerability was found in the libsoup package. This flaw
stems from ...)
+ TODO: check
+CVE-2025-4949 (In Eclipse JGit versions 7.2.0.202503040940-r and older, the
ManifestP ...)
+ TODO: check
+CVE-2025-4524 (The Madara \u2013 Responsive and modern WordPress theme for
manga site ...)
+ TODO: check
+CVE-2025-4436
+ REJECTED
+CVE-2025-4094 (The DIGITS: WordPress Mobile Number Signup and Login WordPress
plugin ...)
+ TODO: check
+CVE-2025-48427
+ REJECTED
+CVE-2025-48426
+ REJECTED
+CVE-2025-48425
+ REJECTED
+CVE-2025-48424
+ REJECTED
+CVE-2025-48423
+ REJECTED
+CVE-2025-48422
+ REJECTED
+CVE-2025-48421
+ REJECTED
+CVE-2025-48420
+ REJECTED
+CVE-2025-48419
+ REJECTED
+CVE-2025-44898 (FW-WGS-804HPT v1.305b241111 was discovered to contain a stack
overflow ...)
+ TODO: check
+CVE-2025-44897 (FW-WGS-804HPT v1.305b241111 was discovered to contain a stack
overflow ...)
+ TODO: check
+CVE-2025-44896 (FW-WGS-804HPT v1.305b241111 was discovered to contain a stack
overflow ...)
+ TODO: check
+CVE-2025-44894 (FW-WGS-804HPT v1.305b241111 was discovered to contain a stack
overflow ...)
+ TODO: check
+CVE-2025-44891 (FW-WGS-804HPT v1.305b241111 was discovered to contain a stack
overflow ...)
+ TODO: check
+CVE-2025-44888 (FW-WGS-804HPT v1.305b241111 was discovered to contain a stack
overflow ...)
+ TODO: check
+CVE-2025-44887 (FW-WGS-804HPT v1.305b241111 was discovered to contain a stack
overflow ...)
+ TODO: check
+CVE-2025-44886 (FW-WGS-804HPT v1.305b241111 was discovered to contain a stack
overflow ...)
+ TODO: check
+CVE-2025-44884 (FW-WGS-804HPT v1.305b241111 was discovered to contain a stack
overflow ...)
+ TODO: check
+CVE-2025-44883 (FW-WGS-804HPT v1.305b241111 was discovered to contain a stack
overflow ...)
+ TODO: check
+CVE-2025-44882 (A command injection vulnerability in the component
/cgi-bin/firewall.c ...)
+ TODO: check
+CVE-2025-44881 (A command injection vulnerability in the component
/cgi-bin/qos.cgi of ...)
+ TODO: check
+CVE-2025-44880 (A command injection vulnerability in the component
/cgi-bin/adm.cgi of ...)
+ TODO: check
CVE-2025-4997 (A vulnerability, which was classified as problematic, was found
in H3C ...)
NOT-FOR-US: H3C R2+ProG
CVE-2025-4996 (A vulnerability, which was classified as problematic, has been
found i ...)
@@ -993,7 +1073,8 @@ CVE-2025-23164 (A misconfigured access token mechanism in
the Unifi Protect Appl
NOT-FOR-US: UniFi Protect
CVE-2025-23123 (A malicious actor with access to the management network could
execute ...)
NOT-FOR-US: UniFi Protect
-CVE-2025-23122 (In Node.js, the `ReadFileUtf8` internal binding leaks memory
due to a ...)
+CVE-2025-23122
+ REJECTED
NOTE: Duplicate of CVE-2025-23165 (CNA contacted for rejection)
CVE-2025-1627 (The Qi Blocks WordPress plugin before 1.4 does not validate and
escape ...)
NOT-FOR-US: WordPress plugin
@@ -12813,7 +12894,7 @@ CVE-2025-29834 (Out-of-bounds read in Microsoft Edge
(Chromium-based) allows an
NOT-FOR-US: Microsoft
CVE-2025-29803 (Uncontrolled search path element in Visual Studio Tools for
Applicatio ...)
NOT-FOR-US: Microsoft
-CVE-2025-0129 (Prisma Access Browser: Inappropriate control behavior in Prisma
Access ...)
+CVE-2025-0129 (An improper exception check in Palo Alto Networks Prisma Access
Browse ...)
NOT-FOR-US: Palo Alto Networks
CVE-2024-13338 (The Clearfy Cache \u2013 WordPress optimization plugin, Minify
HTML, C ...)
NOT-FOR-US: WordPress plugin
@@ -64591,7 +64672,7 @@ CVE-2024-6479 (The SIP Reviews Shortcode for
WooCommerce plugin for WordPress is
NOT-FOR-US: WordPress plugin
CVE-2024-49501 (Sysmac Studio provided by OMRON Corporation contains an
incorrect auth ...)
NOT-FOR-US: OMROM
-CVE-2024-47939 (Stack-based buffer overflow vulnerability exists in multiple
Ricoh las ...)
+CVE-2024-47939 (Stack-based buffer overflow vulnerability exists in multiple
laser pri ...)
NOT-FOR-US: Ricoh
CVE-2024-21510 (Versions of the package sinatra from 0.0.0 are vulnerable to
Reliance ...)
[experimental] - ruby-sinatra 4.1.1-1
@@ -352224,8 +352305,8 @@ CVE-2021-25264 (In multiple versions of Sophos
Endpoint products for MacOS, a lo
NOT-FOR-US: Sophos
CVE-2021-25263 (Local privilege vulnerability in Yandex Browser for Windows
prior to 2 ...)
NOT-FOR-US: Yandex Browser
-CVE-2021-25262
- RESERVED
+CVE-2021-25262 (Yandex Browser for Android prior to version 21.3.0 allows
remote attac ...)
+ TODO: check
CVE-2021-25261 (Local privilege vulnerability in Yandex Browser for Windows
prior to 2 ...)
NOT-FOR-US: Yandex Browser
CVE-2021-25260
@@ -352238,10 +352319,10 @@ CVE-2021-25257
RESERVED
CVE-2021-25256
RESERVED
-CVE-2021-25255
- RESERVED
-CVE-2021-25254
- RESERVED
+CVE-2021-25255 (Yandex Browser Lite for Android prior to version 21.1.0 allows
remote ...)
+ TODO: check
+CVE-2021-25254 (Yandex Browser Lite for Android before 21.1.0 allows remote
attackers ...)
+ TODO: check
CVE-2021-25253 (An improper access control vulnerability in Trend Micro Apex
One, Tren ...)
NOT-FOR-US: Trend Micro
CVE-2021-25252 (Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan
Engine ( ...)
@@ -455674,8 +455755,8 @@ CVE-2014-10396 (The epic theme through 2014-09-07 for
WordPress allows arbitrary
NOT-FOR-US: epic theme for WordPress
CVE-2019-16537
RESERVED
-CVE-2019-16536
- RESERVED
+CVE-2019-16536 (Stack overflow leading to DoS can be triggered by a malicious
authenti ...)
+ TODO: check
CVE-2019-16535 (In all versions of ClickHouse before 19.14, an OOB read, OOB
write and ...)
NOT-FOR-US: ClickHouse
CVE-2019-16534 (On DrayTek Vigor2925 devices with firmware 3.8.4.3, XSS exists
via a c ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89bcd1f24f63252b9437561fa61502c49a60d925
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89bcd1f24f63252b9437561fa61502c49a60d925
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
