Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
37a992e5 by security tracker role at 2025-05-28T08:12:43+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,10 +1,66 @@
+CVE-2025-5279 (When the Amazon Redshift Python Connector is configured with
the Brows ...)
+ TODO: check
+CVE-2025-5082 (The WP Attachments plugin for WordPress is vulnerable to
Reflected Cro ...)
+ TODO: check
+CVE-2025-4800 (The MasterStudy LMS Pro plugin for WordPress is vulnerable to
arbitrar ...)
+ TODO: check
+CVE-2025-4009 (The Evertz SVDN 3080ipx-10G is a High Bandwidth Ethernet
Switching Fab ...)
+ TODO: check
+CVE-2025-48848
+ REJECTED
+CVE-2025-48847
+ REJECTED
+CVE-2025-48846
+ REJECTED
+CVE-2025-48845
+ REJECTED
+CVE-2025-48844
+ REJECTED
+CVE-2025-48843
+ REJECTED
+CVE-2025-48842
+ REJECTED
+CVE-2025-48841
+ REJECTED
+CVE-2025-47295 (A buffer over-read in Fortinet FortiOS versions 7.4.0 through
7.4.3, v ...)
+ TODO: check
+CVE-2025-47294 (A integer overflow or wraparound in Fortinet FortiOS versions
7.2.0 th ...)
+ TODO: check
+CVE-2025-46777 (A insertion of sensitive information into log file in Fortinet
FortiPo ...)
+ TODO: check
+CVE-2025-32440 (NetAlertX is a network, presence scanner and alert framework.
Prior to ...)
+ TODO: check
+CVE-2025-2826 (n affected platforms running Arista EOS, ACL policies may not
be enfor ...)
+ TODO: check
+CVE-2025-2796 (On affected platforms with hardware IPSec support running
Arista EOS w ...)
+ TODO: check
+CVE-2025-25251 (An Incorrect Authorization vulnerability [CWE-863] in
FortiClient Mac ...)
+ TODO: check
+CVE-2025-25029 (IBM Security Guardium 12.0 could allow a privileged user to
download a ...)
+ TODO: check
+CVE-2025-25026 (IBM Security Guardium 12.0 could allow an authenticated user
to obtain ...)
+ TODO: check
+CVE-2025-25025 (IBM Security Guardium 12.0 could allow a remote attacker to
obtain sen ...)
+ TODO: check
+CVE-2025-24473 (A exposure of sensitive system information to an unauthorized
control ...)
+ TODO: check
+CVE-2025-22252 (A missing authentication for critical function in Fortinet
FortiProxy ...)
+ TODO: check
+CVE-2024-54020 (A missing authorization in Fortinet FortiManager versions
7.2.0 throug ...)
+ TODO: check
+CVE-2024-45094 (IBM DS8900F and DS8A00 Hardware Management Console (HMC)is
vulnerable ...)
+ TODO: check
+CVE-2024-11185 (On affected platforms running Arista EOS, ingress traffic on
Layer 2 p ...)
+ TODO: check
+CVE-2023-41839
+ REJECTED
CVE-2025-27528
NOT-FOR-US: Apache InLong
CVE-2025-27526
NOT-FOR-US: Apache InLong
CVE-2025-27522
NOT-FOR-US: Apache InLong
-CVE-2025-5025
+CVE-2025-5025 (libcurl supports *pinning* of the server certificate public key
for HT ...)
- curl <unfixed> (unimportant)
[bookworm] - curl <not-affected> (Vulnerable code not present)
[bullseye] - curl <not-affected> (Vulnerable code not present)
@@ -12,7 +68,7 @@ CVE-2025-5025
NOTE: Introduced by:
https://github.com/curl/curl/commit/5f78cf503c786a1d48d13528dde038bccfa6c67c
(curl-8_5_0)
NOTE: Fixed by:
https://github.com/curl/curl/commit/e1f65937a96a451292e9231339672797da86ecc5
(curl-8_14_0)
NOTE: curl in Debian not built with wolfSSL support
-CVE-2025-4947
+CVE-2025-4947 (libcurl accidentally skips the certificate verification for
QUIC conne ...)
- curl <unfixed> (unimportant)
[bookworm] - curl <not-affected> (Vulnerable code not present)
[bullseye] - curl <not-affected> (Vulnerable code not present)
@@ -20,38 +76,38 @@ CVE-2025-4947
NOTE: Introduced by:
https://github.com/curl/curl/commit/4c46e277b2a0c0489de0e0fcb91f315c62f0369c
(curl-8_8_0)
NOTE: Fixed by:
https://github.com/curl/curl/commit/a85f1df4803bbd272905c9e712537b41afeafbd3
(rc-8_14_0)
NOTE: curl in Debian not built with wolfSSL support
-CVE-2025-40911
+CVE-2025-40911 (Net::CIDR::Set versions 0.10 through 0.13 for Perl does not
properly h ...)
- libnet-cidr-set-perl <unfixed> (bug #1106699)
NOTE: https://lists.security.metacpan.org/cve-announce/msg/29942240/
NOTE: Fixed by:
https://github.com/robrwo/perl-Net-CIDR-Set/commit/be7d91e8446ad8013b08b4be313d666dab003a8a
(v0.14)
-CVE-2025-5278
+CVE-2025-5278 (A flaw was found in GNU Coreutils. The sort utility's
begfield() funct ...)
- coreutils <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2368764
NOTE:
https://lists.gnu.org/archive/html/bug-coreutils/2025-05/msg00036.html
NOTE:
https://lists.gnu.org/archive/html/bug-coreutils/2025-05/msg00040.html
NOTE:
https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633
-CVE-2025-5067
+CVE-2025-5067 (Inappropriate implementation in Tab Strip in Google Chrome
prior to 13 ...)
- chromium 137.0.7151.55-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-5281
+CVE-2025-5281 (Inappropriate implementation in BFCache in Google Chrome prior
to 137. ...)
- chromium 137.0.7151.55-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-5066
+CVE-2025-5066 (Inappropriate implementation in Messages in Google Chrome on
Android p ...)
- chromium 137.0.7151.55-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-5065
+CVE-2025-5065 (Inappropriate implementation in FileSystemAccess API in Google
Chrome ...)
- chromium 137.0.7151.55-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-5064
+CVE-2025-5064 (Inappropriate implementation in Background Fetch API in Google
Chrome ...)
- chromium 137.0.7151.55-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-5280
+CVE-2025-5280 (Out of bounds write in V8 in Google Chrome prior to
137.0.7151.55 allo ...)
- chromium 137.0.7151.55-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-5063
+CVE-2025-5063 (Use after free in Compositing in Google Chrome prior to
137.0.7151.55 ...)
- chromium 137.0.7151.55-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2025-5283 [double-free in vpx_codec_enc_init_multi]
+CVE-2025-5283 (Use after free in libvpx in Google Chrome prior to
137.0.7151.55 allow ...)
- chromium 137.0.7151.55-1
[bullseye] - chromium <end-of-life> (see #1061268)
- firefox 139.0-1
@@ -310,7 +366,7 @@ CVE-2024-47090 (Improper neutralization of input in Nagvis
before version 1.9.47
CVE-2024-38866 (Improper neutralization of input in Nagvis before version
1.9.47 which ...)
- nagvis 1:1.9.47-1 (bug #1106686)
NOTE:
https://github.com/NagVis/nagvis/commit/6493722cf52436dbafb2b9f1c20c3ab8b663ad0f
(nagvis-1.9.47)
-CVE-2025-5222 [Stack buffer overflow in the SRBRoot::addTag function]
+CVE-2025-5222 (A stack buffer overflow was found in Internationl components
for unico ...)
- icu <unfixed> (bug #1106684)
NOTE: https://unicode-org.atlassian.net/browse/ICU-22957
CVE-2025-48796 (A flaw was found in GIMP. The GIMP ani_load_image() function
is vulner ...)
@@ -334,7 +390,7 @@ CVE-2025-48798 (A flaw was found in GIMP when processing
XCF image files. If a u
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/gimp/-/commit/7d949423ed2231dd463968d86b58e0a3e01e6266
(GIMP_3_0_0_RC1)
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/gimp/-/commit/fe26086e16943860f3852120f546ce913a7a73ee
(GIMP_3_0_0_RC1)
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/gimp/-/commit/e7523ed41271e48a909011b8598d496c1be642e2
(GIMP_3_0_0_RC2)
-CVE-2025-5198
+CVE-2025-5198 (A flaw was found in Stackrox, where it is vulnerable to
Cross-site scr ...)
NOT-FOR-US: Stackrox
CVE-2025-5203 (A vulnerability was found in Open Asset Import Library Assimp
5.4.3. I ...)
- assimp <unfixed>
@@ -6678,6 +6734,7 @@ CVE-2025-20137 (A vulnerability in the access control
list (ACL) programming of
CVE-2025-20122 (A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager,
formerly ...)
NOT-FOR-US: Cisco
CVE-2024-47619 (syslog-ng is an enhanced log daemo. Prior to version 4.8.2,
`tls_wildc ...)
+ {DLA-4182-1}
- syslog-ng 4.8.1-5 (bug #1104890)
[bookworm] - syslog-ng <no-dsa> (Minor issue)
NOTE:
https://github.com/syslog-ng/syslog-ng/security/advisories/GHSA-xr54-gx74-fghg
@@ -299336,7 +299393,7 @@ CVE-2022-21156 (Access of uninitialized pointer in
the Intel(R) Trace Analyzer a
CVE-2022-21152 (Improper access control in the Intel(R) Edge Insights for
Industrial s ...)
NOT-FOR-US: Intel
CVE-2022-21150
- RESERVED
+ REJECTED
CVE-2022-21148 (Improper access control in the Intel(R) Edge Insights for
Industrial s ...)
NOT-FOR-US: Intel
CVE-2022-21135
@@ -303817,7 +303874,7 @@ CVE-2022-21216 (Insufficient granularity of access
control in out-of-band manage
CVE-2022-21204 (Improper permissions for Intel(R) Quartus(R) Prime Pro Edition
before ...)
NOT-FOR-US: Intel
CVE-2022-21200
- RESERVED
+ REJECTED
CVE-2022-21174 (Improper access control in a third-party component of Intel(R)
Quartus ...)
NOT-FOR-US: Intel
CVE-2022-21157 (Improper access control in the Intel(R) Smart Campus Android
applicati ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/37a992e5ea84a6a7306acfd16d5324f5c7812071
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/37a992e5ea84a6a7306acfd16d5324f5c7812071
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
