Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
40f6051e by security tracker role at 2025-05-27T20:11:59+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,46 +1,113 @@
-CVE-2025-5272
+CVE-2025-5252 (A vulnerability was found in PHPGurukul News Portal Project
4.1. It ha ...)
+ TODO: check
+CVE-2025-5251 (A vulnerability was found in PHPGurukul News Portal Project
4.1. It ha ...)
+ TODO: check
+CVE-2025-5250 (A vulnerability was found in PHPGurukul News Portal Project 4.1
and cl ...)
+ TODO: check
+CVE-2025-5249 (A vulnerability has been found in PHPGurukul News Portal
Project 4.1 a ...)
+ TODO: check
+CVE-2025-5248 (A vulnerability, which was classified as critical, was found in
PHPGur ...)
+ TODO: check
+CVE-2025-5247 (A vulnerability, which was classified as critical, has been
found in G ...)
+ TODO: check
+CVE-2025-5246 (A vulnerability classified as critical was found in Campcodes
Online H ...)
+ TODO: check
+CVE-2025-5245 (A vulnerability classified as critical has been found in GNU
Binutils ...)
+ TODO: check
+CVE-2025-5244 (A vulnerability was found in GNU Binutils up to 2.44. It has
been rate ...)
+ TODO: check
+CVE-2025-5117 (The Property plugin for WordPress is vulnerable to Privilege
Escalatio ...)
+ TODO: check
+CVE-2025-4412 (On macOS systems, by utilizing a Launch Agent and loading the
viscosit ...)
+ TODO: check
+CVE-2025-48383 (Django-Select2 is a Django integration for Select2. Prior to
version 8 ...)
+ TODO: check
+CVE-2025-48370 (auth-js is an isomorphic Javascript library for Supabase Auth.
Prior t ...)
+ TODO: check
+CVE-2025-48057 (Icinga 2 is a monitoring system which checks the availability
of netwo ...)
+ TODO: check
+CVE-2025-46173 (code-projects Online Exam Mastering System 1.0 is vulnerable
to Cross ...)
+ TODO: check
+CVE-2025-45529 (An arbitrary file read vulnerability in the
ReadTextAsynchronous funct ...)
+ TODO: check
+CVE-2025-45475 (maccms10 v2025.1000.4047 is vulnerable to Server-Side request
forgery ...)
+ TODO: check
+CVE-2025-41653 (An unauthenticated remote attacker can exploit a
denial-of-service vul ...)
+ TODO: check
+CVE-2025-41652 (The devices are vulnerable to an authentication bypass due to
flaws in ...)
+ TODO: check
+CVE-2025-41651 (Due to missing authentication on a critical function of the
devices an ...)
+ TODO: check
+CVE-2025-41650 (An unauthenticated remote attacker can exploit input
validation in cmd ...)
+ TODO: check
+CVE-2025-41649 (An unauthenticated remote attacker can exploit insufficient
input vali ...)
+ TODO: check
+CVE-2025-3704 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-2872
+ REJECTED
+CVE-2025-2236 (Exposure of Sensitive System Information to an Unauthorized
Control Sp ...)
+ TODO: check
+CVE-2025-27701 (In the function process_crypto_cmd, the values of ptrs[i] can
be poten ...)
+ TODO: check
+CVE-2025-27700 (There is a possible bypass of carrier restrictions due to an
unusual r ...)
+ TODO: check
+CVE-2025-23247 (NVIDIA CUDA Toolkit for all platforms contains a vulnerability
in the ...)
+ TODO: check
+CVE-2025-22377 (An issue was discovered in Samsung Mobile Processor, Wearable
Processo ...)
+ TODO: check
+CVE-2024-56193 (There is a possible disclosure of Bluetooth adapter details
due to a p ...)
+ TODO: check
+CVE-2024-49197 (An issue was discovered in Wi-Fi in Samsung Mobile Processor
and Weara ...)
+ TODO: check
+CVE-2024-49196 (An issue was discovered in the GPU in Samsung Mobile Processor
Exynos ...)
+ TODO: check
+CVE-2024-13966 (ZKTeco BioTime allows unauthenticated attackers to enumerate
usernames ...)
+ TODO: check
+CVE-2025-5272 (Memory safety bugs present in Firefox 138 and Thunderbird 138.
Some of ...)
- firefox <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-42/#CVE-2025-5272
-CVE-2025-5269
+CVE-2025-5269 (Memory safety bug present in Firefox ESR 128.10, and
Thunderbird 128.1 ...)
- firefox-esr <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-44/#CVE-2025-5269
-CVE-2025-5268
+CVE-2025-5268 (Memory safety bugs present in Firefox 138, Thunderbird 138,
Firefox ES ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-42/#CVE-2025-5268
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-44/#CVE-2025-5268
-CVE-2025-5267
+CVE-2025-5267 (A clickjacking vulnerability could have been used to trick a
user into ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-42/#CVE-2025-5267
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-44/#CVE-2025-5267
-CVE-2025-5271
+CVE-2025-5271 (Previewing a response in Devtools ignored CSP headers, which
could hav ...)
- firefox <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-42/#CVE-2025-5271
-CVE-2025-5270
+CVE-2025-5270 (In certain cases, SNI could have been sent unencrypted even
when encry ...)
- firefox <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-42/#CVE-2025-5270
-CVE-2025-5266
+CVE-2025-5266 (Script elements loading cross-origin resources generated load
and erro ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-42/#CVE-2025-5266
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-44/#CVE-2025-5266
-CVE-2025-5265
+CVE-2025-5265 (Due to insufficient escaping of the ampersand character in the
\u201cC ...)
- firefox <not-affected> (Only affects Firefox on Windows)
- firefox-esr <not-affected> (Only affects Firefox ESR on Windows)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-42/#CVE-2025-5265
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-44/#CVE-2025-5265
-CVE-2025-5264
+CVE-2025-5264 (Due to insufficient escaping of the newline character in the
\u201cCop ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-42/#CVE-2025-5264
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-44/#CVE-2025-5264
-CVE-2025-5263
+CVE-2025-5263 (Error handling for script execution was incorrectly isolated
from web ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-42/#CVE-2025-5263
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-44/#CVE-2025-5263
CVE-2025-5262
+ REJECTED
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-42/#CVE-2025-5262
@@ -157,13 +224,13 @@ CVE-2024-38866 (Improper neutralization of input in
Nagvis before version 1.9.47
CVE-2025-5222 [Stack buffer overflow in the SRBRoot::addTag function]
- icu <unfixed> (bug #1106684)
NOTE: https://unicode-org.atlassian.net/browse/ICU-22957
-CVE-2025-48796 [Stack-based buffer overflows in file-ico]
+CVE-2025-48796 (A flaw was found in GIMP. The GIMP ani_load_image() function
is vulner ...)
- gimp 3.0.0~RC1-4
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2368559
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/9257
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/merge_requests/879
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/gimp/-/commit/0dc98936a0d9f5a70025f4e9cf321d1118ea500e
(GIMP_2_99_16)
-CVE-2025-48797 [Multiple heap buffer overflows in TGA parser]
+CVE-2025-48797 (A flaw was found in GIMP when processing certain TGA image
files. If a ...)
- gimp 3.0.0~RC1-4
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2368558
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/11822
@@ -171,7 +238,7 @@ CVE-2025-48797 [Multiple heap buffer overflows in TGA
parser]
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/gimp/-/commit/723d383e57e8f599c4a44ab8541ea6902e29579e
(GIMP_3_0_0_RC1)
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/gimp/-/commit/2ba35e5b3d43d881b0623f47b8068d9ee19d1d70
(GIMP_3_0_0_RC1)
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/gimp/-/commit/1f062867172d5c68b858a6efa3011686aa32bb38
(GIMP_3_0_0_RC1)
-CVE-2025-48798 [Multiple use after free in XCF parser]
+CVE-2025-48798 (A flaw was found in GIMP when processing XCF image files. If a
user op ...)
- gimp 3.0.0~RC1-4
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2368557
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/11822
@@ -232,7 +299,7 @@ CVE-2025-41655 (An unauthenticated remote attacker can
access a URL which causes
NOT-FOR-US: Pepperl+Fuchs SE
CVE-2025-41654 (An unauthenticated remote attacker can access information
about runnin ...)
NOT-FOR-US: Pepperl+Fuchs SE
-CVE-2025-40672 (A Privilege Escalation vulnerability has been found in
ProactivaNet v3 ...)
+CVE-2025-40672 (A Privilege Escalation vulnerability has been found in
Panloader compo ...)
NOT-FOR-US: ProactivaNet
CVE-2025-40671 (SQL injection vulnerability in AES Multimedia's Gestnet v1.07.
This vu ...)
NOT-FOR-US: AES Multimedia's Gestnet
@@ -2691,6 +2758,7 @@ CVE-2025-4807 (A vulnerability, which was classified as
problematic, was found i
CVE-2025-4806 (A vulnerability, which was classified as critical, has been
found in S ...)
NOT-FOR-US: SourceCodester
CVE-2025-4802 (Untrusted LD_LIBRARY_PATH environment variable vulnerability in
the GN ...)
+ {DLA-4181-1}
- glibc 2.39-4
[bookworm] - glibc <no-dsa> (Minor issue)
NOTE: Introduced with:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=10e93d968716ab82931d593bada121c17c0a4b93
(glibc-2.27)
@@ -184695,10 +184763,10 @@ CVE-2023-2610 (Integer Overflow or Wraparound in
GitHub repository vim/vim prior
[bookworm] - vim 2:9.0.1378-2+deb12u1
NOTE: https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d
NOTE:
https://github.com/vim/vim/commit/ab9a2d884b3a4abe319606ea95a5a6d6b01cd73a
(v9.0.1532)
-CVE-2023-32216 (Memory safety bugs present in Firefox 112. Some of these bugs
showed ...)
+CVE-2023-32216 (Mozilla developers and community members Ronald Crane, Andrew
McCreigh ...)
- firefox 113.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-16/#CVE-2023-32216
-CVE-2023-32215 (Memory safety bugs present in Firefox 112 and Firefox ESR
102.10. Some ...)
+CVE-2023-32215 (Mozilla developers and community members Gabriele Svelto,
Andrew Osmon ...)
{DSA-5403-1 DSA-5400-1 DLA-3421-1 DLA-3417-1}
- firefox 113.0-1
- firefox-esr 102.11.0esr-1
@@ -184721,7 +184789,7 @@ CVE-2023-32213 (When reading a file, an uninitialized
value could have been used
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-16/#CVE-2023-32213
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-17/#CVE-2023-32213
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-18/#CVE-2023-32213
-CVE-2023-32212 (An attacker could have positioned a <code>datalist</code>
element to o ...)
+CVE-2023-32212 (An attacker could have positioned a `datalist` element to
obscure the ...)
{DSA-5403-1 DSA-5400-1 DLA-3421-1 DLA-3417-1}
- firefox 113.0-1
- firefox-esr 102.11.0esr-1
@@ -303673,7 +303741,7 @@ CVE-2022-21151 (Processor optimization removal or
modification of security-criti
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00617.html
NOTE:
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20220510
CVE-2022-21138
- RESERVED
+ REJECTED
CVE-2022-21136 (Improper input validation for some Intel(R) Xeon(R) Processors
may all ...)
NOT-FOR-US: Intel
CVE-2022-21131 (Improper access control for some Intel(R) Xeon(R) Processors
may allow ...)
@@ -307918,7 +307986,7 @@ CVE-2022-0005 (Sensitive information accessible by
physical probing of JTAG inte
CVE-2022-0004 (Hardware debug modes and processor INIT setting that allow
override of ...)
NOT-FOR-US: Intel
CVE-2022-0003
- RESERVED
+ REJECTED
CVE-2022-0002 (Non-transparent sharing of branch predictor within a context in
some I ...)
{DSA-5096-1 DSA-5095-1 DLA-2941-1 DLA-2940-1}
- linux 5.16.12-1
@@ -382882,7 +382950,7 @@ CVE-2020-26274 (In systeminformation (npm package)
before version 4.31.1 there i
NOT-FOR-US: Node systeminformation
CVE-2020-26273 (osquery is a SQL powered operating system instrumentation,
monitoring, ...)
- osquery <itp> (bug #803502)
-CVE-2020-26272 (The Electron framework lets you write cross-platform desktop
applicati ...)
+CVE-2020-26272 (The Electron framework lets users write cross-platform desktop
applica ...)
- electron <itp> (bug #842420)
CVE-2020-26271 (In affected versions of TensorFlow under certain cases,
loading a save ...)
- tensorflow <itp> (bug #804612)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/40f6051e3594a4a4a6fae3c7de1b35ab816df147
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/40f6051e3594a4a4a6fae3c7de1b35ab816df147
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
