Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7e73986f by security tracker role at 2025-05-26T20:12:46+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,72 @@
-CVE-2025-37992 [net_sched: Flush gso_skb list too during ->change()]
+CVE-2025-5203 (A vulnerability was found in Open Asset Import Library Assimp
5.4.3. I ...)
+ TODO: check
+CVE-2025-5202 (A vulnerability was found in Open Asset Import Library Assimp
5.4.3. I ...)
+ TODO: check
+CVE-2025-5201 (A vulnerability was found in Open Asset Import Library Assimp
5.4.3. I ...)
+ TODO: check
+CVE-2025-5200 (A vulnerability was found in Open Asset Import Library Assimp
5.4.3 an ...)
+ TODO: check
+CVE-2025-5196 (A vulnerability has been found in Wing FTP Server up to 7.4.3
and clas ...)
+ TODO: check
+CVE-2025-5186 (A vulnerability was found in thinkgem JeeSite up to 5.11.1. It
has bee ...)
+ TODO: check
+CVE-2025-5185 (A vulnerability was found in Summer Pearl Group Vacation Rental
Manage ...)
+ TODO: check
+CVE-2025-5184 (A vulnerability was found in Summer Pearl Group Vacation Rental
Manage ...)
+ TODO: check
+CVE-2025-5183 (A vulnerability was found in Summer Pearl Group Vacation Rental
Manage ...)
+ TODO: check
+CVE-2025-5182 (A vulnerability has been found in Summer Pearl Group Vacation
Rental M ...)
+ TODO: check
+CVE-2025-5181 (A vulnerability, which was classified as problematic, was found
in Sum ...)
+ TODO: check
+CVE-2025-5180 (A vulnerability, which was classified as critical, has been
found in W ...)
+ TODO: check
+CVE-2025-5179 (A vulnerability classified as problematic was found in Realce
Tecnolog ...)
+ TODO: check
+CVE-2025-5178 (A vulnerability classified as critical has been found in Realce
Tecnol ...)
+ TODO: check
+CVE-2025-5177 (A vulnerability was found in Realce Tecnologia Queue Ticket
Kiosk up t ...)
+ TODO: check
+CVE-2025-5176 (A vulnerability was found in Realce Tecnologia Queue Ticket
Kiosk up t ...)
+ TODO: check
+CVE-2025-4057 (A flaw was found in ActiveMQ Artemis. The password generated by
active ...)
+ TODO: check
+CVE-2025-4053 (The datastored inBe-Tech Mifare Classic cardis stored in
cleartext.An ...)
+ TODO: check
+CVE-2025-41655 (An unauthenticated remote attacker can access a URL which
causes the d ...)
+ TODO: check
+CVE-2025-41654 (An unauthenticated remote attacker can access information
about runnin ...)
+ TODO: check
+CVE-2025-40672 (A Privilege Escalation vulnerability has been found in
ProactivaNet v3 ...)
+ TODO: check
+CVE-2025-40671 (SQL injection vulnerability in AES Multimedia's Gestnet v1.07.
This vu ...)
+ TODO: check
+CVE-2025-40667 (Missing authorization vulnerability in TCMAN's GIM v11. This
allows an ...)
+ TODO: check
+CVE-2025-40666 (Time-based blind SQL injection vulnerabilities in TCMAN's GIM
v11. The ...)
+ TODO: check
+CVE-2025-40665 (Time-based blind SQL injection vulnerabilities in TCMAN's GIM
v11. The ...)
+ TODO: check
+CVE-2025-40664 (Missing authentication vulnerability in TCMAN GIM v11. This
allows an ...)
+ TODO: check
+CVE-2025-40663 (Stored Cross-Site Scripting (XSS) vulnerability in i2A-Cronos
version ...)
+ TODO: check
+CVE-2025-40653 (User enumeration vulnerability in M3M Printer Server Web. This
issue o ...)
+ TODO: check
+CVE-2025-40652 (Stored Cross-Site Scripting (XSS) vulnerability in the
CoverManager bo ...)
+ TODO: check
+CVE-2025-40650 (Insecure Direct Object Reference (IDOR) vulnerability in
Clickedu. Thi ...)
+ TODO: check
+CVE-2025-39498 (Insertion of Sensitive Information Into Sent Data
vulnerability in Spo ...)
+ TODO: check
+CVE-2025-23394 (A UNIX Symbolic Link (Symlink) Following vulnerability in
openSUSE Tum ...)
+ TODO: check
+CVE-2025-23392 (A Improper Neutralization of Script-Related HTML Tags in a Web
Page (B ...)
+ TODO: check
+CVE-2025-1985 (Due to improper neutralization of input during web page
generation (XS ...)
+ TODO: check
+CVE-2025-37992 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux <unfixed>
[bookworm] - linux 6.1.140-1
NOTE:
https://git.kernel.org/linus/2d3cbfd6d54a2c39ce3244f33f85c595844bd7b8 (6.15-rc7)
@@ -66,7 +134,7 @@ CVE-2025-41441 (Mailform Pro CGI prior to 4.3.4 generates
error messages contain
NOT-FOR-US: Mailform Pro CGI
CVE-2025-2146 (Buffer overflow in WebService Authentication processing of
Small Offic ...)
NOT-FOR-US: Canon
-CVE-2025-35003
+CVE-2025-35003 (Improper Restriction of Operations within the Bounds of a
Memory Buffe ...)
NOT-FOR-US: Apache NuttX RTOS
CVE-2025-5155 (A vulnerability has been found in qianfox FoxCMS 1.2.5 and
classified ...)
NOT-FOR-US: FoxCMS
@@ -4678,29 +4746,29 @@ CVE-2024-28956 (Exposure of Sensitive Information in
Shared Microarchitectural S
NOTE:
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/indirect-target-selection.html
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01153.html
NOTE:
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250512
-CVE-2025-46805
+CVE-2025-46805 (Screen version 5.0.0 and older version 4 releases have a
TOCTOU race ...)
- screen 4.9.1-3 (unimportant)
NOTE: Fixed by:
https://git.savannah.gnu.org/cgit/screen.git/commit/?id=161f85b98b7e1d5e4893aeed20f4cdb5e3dfaaa4
NOTE: https://www.openwall.com/lists/oss-security/2025/05/12/1
NOTE: screen in Debian not installed setuid or setgid
-CVE-2025-46804
+CVE-2025-46804 (A minor information leak when running Screen with setuid-root
privileg ...)
- screen 4.9.1-3 (unimportant)
NOTE: Fixed by:
https://git.savannah.gnu.org/cgit/screen.git/commit/?id=e0eef5aac453fa98a2664416a56c50ad1d00cb30
NOTE: https://www.openwall.com/lists/oss-security/2025/05/12/1
NOTE: screen in Debian not installed setuid or setgid
-CVE-2025-46803
+CVE-2025-46803 (The default mode of pseudo terminals (PTYs) allocated by
Screen was ch ...)
- screen <not-affected> (Vulnerable code only introduced in Scren v5
branch)
NOTE: Introduced with:
https://git.savannah.gnu.org/cgit/screen.git/commit/?id=78a961188f7da528c7cefcc63e07f35f04e69a93
(v.5.0.0)
NOTE: Fixed by:
https://git.savannah.gnu.org/cgit/screen.git/commit/?id=d5d7bf43f3842e8b62d5f34eb4b031de7c8098c1
NOTE: https://www.openwall.com/lists/oss-security/2025/05/12/1
-CVE-2025-46802
+CVE-2025-46802 (For a short time they PTY is set to mode 666, allowing any
user on the ...)
- screen 4.9.1-3 (unimportant; bug #1105191)
NOTE: Fixed by:
https://git.savannah.gnu.org/cgit/screen.git/commit/?id=049b26b22e197ba3be9c46e5c193032e01a4724a
NOTE: https://www.openwall.com/lists/oss-security/2025/05/12/1
NOTE: Has potential to break some reattach use cases, but the specific
use case
NOTE: was broken already before.
NOTE: screen in Debian not installed setuid or setgid
-CVE-2025-23395
+CVE-2025-23395 (Screen 5.0.0 when it runs with setuid-root privileges does not
drop pr ...)
- screen <not-affected> (Vulnerable code only introduced in Scren v5
branch)
NOTE: Introduced with:
https://git.savannah.gnu.org/cgit/screen.git/commit/?id=441bca708bd197ae15d031ccfd2b42077eeebedc
(v.5.0.0)
NOTE: Fixed by:
https://git.savannah.gnu.org/cgit/screen.git/commit/?id=e894caeffccdb62f9c644989a936dc7ec83cc747
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e73986f574665fa4b9d9355b86fa856c331ab4d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e73986f574665fa4b9d9355b86fa856c331ab4d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
