[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Fri, 30 May 2025 13:30:48 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
d6b5bb4b by security tracker role at 2025-05-30T20:12:42+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,131 @@
+CVE-2025-5361 (A vulnerability, which was classified as critical, has been 
found in C ...)
+       TODO: check
+CVE-2025-5360 (A vulnerability classified as critical was found in Campcodes 
Online H ...)
+       TODO: check
+CVE-2025-5359 (A vulnerability classified as critical has been found in 
Campcodes Onl ...)
+       TODO: check
+CVE-2025-5358 (A vulnerability was found in PHPGurukul/Campcodes Cyber Cafe 
Managemen ...)
+       TODO: check
+CVE-2025-5357 (A vulnerability was found in FreeFloat FTP Server 1.0. It has 
been dec ...)
+       TODO: check
+CVE-2025-5356 (A vulnerability was found in FreeFloat FTP Server 1.0. It has 
been cla ...)
+       TODO: check
+CVE-2025-5235 (The OpenSheetMusicDisplay plugin for WordPress is vulnerable to 
Stored ...)
+       TODO: check
+CVE-2025-5190 (The Browse As plugin for WordPress is vulnerable to 
authentication byp ...)
+       TODO: check
+CVE-2025-5142 (The Simple Page Access Restriction plugin for WordPress is 
vulnerable  ...)
+       TODO: check
+CVE-2025-4992 (A stored Cross-site Scripting (XSS) vulnerability affecting 
Service It ...)
+       TODO: check
+CVE-2025-4991 (A stored Cross-site Scripting (XSS) vulnerability affecting 3D 
Markup  ...)
+       TODO: check
+CVE-2025-4990 (A stored Cross-site Scripting (XSS) vulnerability affecting 
Change Gov ...)
+       TODO: check
+CVE-2025-4989 (A stored Cross-site Scripting (XSS) vulnerability affecting 
Requiremen ...)
+       TODO: check
+CVE-2025-4988 (A stored Cross-site Scripting (XSS) vulnerability affecting 
Results An ...)
+       TODO: check
+CVE-2025-4986 (A stored Cross-site Scripting (XSS) vulnerability affecting 
Model Defi ...)
+       TODO: check
+CVE-2025-4985 (A stored Cross-site Scripting (XSS) vulnerability affecting 
Risk Manag ...)
+       TODO: check
+CVE-2025-4984 (A stored Cross-site Scripting (XSS) vulnerability affecting 
City Disco ...)
+       TODO: check
+CVE-2025-4983 (A stored Cross-site Scripting (XSS) vulnerability affecting 
City Refer ...)
+       TODO: check
+CVE-2025-4944 (The LA-Studio Element Kit for Elementor plugin for WordPress is 
vulner ...)
+       TODO: check
+CVE-2025-4636 (Due to excessive privileges granted to the web user running the 
airpoi ...)
+       TODO: check
+CVE-2025-4635 (A malicious user with administrative privileges in the web 
portal woul ...)
+       TODO: check
+CVE-2025-4634 (The web portal on airpointer 2.4.107-2 was vulnerable local 
file inclu ...)
+       TODO: check
+CVE-2025-4633 (Default credentials were present in the web portal for 
Airpointer 2.4. ...)
+       TODO: check
+CVE-2025-4597 (The Woo Slider Pro \u2013 Drag Drop Slider Builder For 
WooCommerce plu ...)
+       TODO: check
+CVE-2025-4433 (Improper access control in user group management in Devolutions 
Server ...)
+       TODO: check
+CVE-2025-48949 (Navidrome is an open source web-based music collection server 
and stre ...)
+       TODO: check
+CVE-2025-48948 (Navidrome is an open source web-based music collection server 
and stre ...)
+       TODO: check
+CVE-2025-48946 (liboqs is a C-language cryptographic library that provides 
implementat ...)
+       TODO: check
+CVE-2025-48944 (vLLM is an inference and serving engine for large language 
models (LLM ...)
+       TODO: check
+CVE-2025-48943 (vLLM is an inference and serving engine for large language 
models (LLM ...)
+       TODO: check
+CVE-2025-48942 (vLLM is an inference and serving engine for large language 
models (LLM ...)
+       TODO: check
+CVE-2025-48938 (go-gh is a collection of Go modules to make authoring GitHub 
CLI exten ...)
+       TODO: check
+CVE-2025-48912 (An authenticated malicious actor using specially crafted 
requests coul ...)
+       TODO: check
+CVE-2025-48887 (vLLM, an inference and serving engine for large language 
models (LLMs) ...)
+       TODO: check
+CVE-2025-48885 (application-urlshortener create shortened URLs for XWiki 
pages. Versio ...)
+       TODO: check
+CVE-2025-48883 (Chrome PHP allows users to start playing with chrome/chromium 
in headl ...)
+       TODO: check
+CVE-2025-48882 (PHPOffice Math is a library that provides a set of classes to 
manipula ...)
+       TODO: check
+CVE-2025-48874
+       REJECTED
+CVE-2025-48873
+       REJECTED
+CVE-2025-48872
+       REJECTED
+CVE-2025-48871
+       REJECTED
+CVE-2025-48870
+       REJECTED
+CVE-2025-48334 (Missing Authorization vulnerability in BinaryCarpenter Woo 
Slider Pro  ...)
+       TODO: check
+CVE-2025-48331 (Insertion of Sensitive Information Into Sent Data 
vulnerability in Van ...)
+       TODO: check
+CVE-2025-3611 (Mattermost versions 10.7.x <= 10.7.0, 10.5.x <= 10.5.3, 9.11.x 
<= 9.11 ...)
+       TODO: check
+CVE-2025-3230 (Mattermost versions 10.7.x <= 10.7.0, 10.6.x <= 10.6.2, 10.5.x 
<= 10.5 ...)
+       TODO: check
+CVE-2025-2571 (Mattermost versions 10.7.x <= 10.7.0, 10.6.x <= 10.6.2, 10.5.x 
<= 10.5 ...)
+       TODO: check
+CVE-2025-2503 (An improper permission handling vulnerability was reported in 
Lenovo P ...)
+       TODO: check
+CVE-2025-2502 (An improper default permissions vulnerability was reported in 
Lenovo P ...)
+       TODO: check
+CVE-2025-2501 (An untrusted search path vulnerability was reported in Lenovo 
PC Manag ...)
+       TODO: check
+CVE-2025-2500 (A vulnerability exists in the SOAP Web services of the Asset  
Suite ve ...)
+       TODO: check
+CVE-2025-1792 (Mattermost versions 10.7.x <= 10.7.0, 10.5.x <= 10.5.3, 9.11.x 
<= 9.11 ...)
+       TODO: check
+CVE-2025-1763 (An issue has been discovered in GitLab EE that allows for 
cross-site-s ...)
+       TODO: check
+CVE-2025-1484 (A vulnerability exists in the media upload component of the 
Asset  Sui ...)
+       TODO: check
+CVE-2025-1479 (An open debug interface was reported in the Legion Space 
software incl ...)
+       TODO: check
+CVE-2025-0602 (A stored Cross-site Scripting (XSS) vulnerability affecting 
Compare in ...)
+       TODO: check
+CVE-2024-7097 (An incorrect authorization vulnerability exists in multiple 
WSO2 produ ...)
+       TODO: check
+CVE-2024-7096 (A privilege escalation vulnerability exists in multiple [Vendor 
Name]  ...)
+       TODO: check
+CVE-2024-42191 (HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a 
COM hija ...)
+       TODO: check
+CVE-2024-42190 (HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a 
DLL hija ...)
+       TODO: check
+CVE-2024-23589 (Due to outdated Hash algorithm, HCL Glovius Cloud could allow 
attacker ...)
+       TODO: check
+CVE-2024-13917 (Anapplication "com.pri.applock", which is pre-loaded 
onKruger&Matz sma ...)
+       TODO: check
+CVE-2024-13916 (Anapplication "com.pri.applock", which is pre-loaded 
onKruger&Matz sma ...)
+       TODO: check
+CVE-2024-13915 (Android based smartphones from vendors such as Ulefone 
andKr\xfcger&Ma ...)
+       TODO: check
 CVE-2025-5332 (A vulnerability was found in 1000 Projects Online Notice Board 
1.0 and ...)
        NOT-FOR-US: 1000 Projects Online Notice Board
 CVE-2025-5331 (A vulnerability has been found in PCMan FTP Server 2.0.7 and 
classifie ...)
@@ -284,7 +412,7 @@ CVE-2025-37993 (In the Linux kernel, the following 
vulnerability has been resolv
        [bookworm] - linux <not-affected> (Vulnerable code not present)
        [bullseye] - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/dcaeeb8ae84c5506ebc574732838264f3887738c (6.15-rc6)
-CVE-2025-4598
+CVE-2025-4598 (A vulnerability was found in systemd-coredump. This flaw allows 
an att ...)
        {DSA-5931-1}
        - systemd 257.6-1 (bug #1106785)
        NOTE: 
https://www.qualys.com/2025/05/29/apport-coredump/apport-coredump.txt
@@ -308,7 +436,7 @@ CVE-2025-4598
        NOTE: Fixed by: 
https://github.com/systemd/systemd-stable/commit/7fc7aa5a4d28d7768dfd1eb85be385c3ea949168
 (v254.26)
        NOTE: Fixed by: 
https://github.com/systemd/systemd-stable/commit/19b228662e0fcc6596c0395a0af8486a4b3f1627
 (v253.33)
        NOTE: Fixed by: 
https://github.com/systemd/systemd-stable/commit/2eb46dce078334805c547cbcf5e6462cf9d2f9f0
 (v252.38)
-CVE-2025-5054
+CVE-2025-5054 (Race condition in Canonical apport up to and including 2.32.0 
allows a ...)
        NOT-FOR-US: Apport
 CVE-2025-27464
        NOT-FOR-US: Windows XenBus WinPVDriver
@@ -564,7 +692,7 @@ CVE-2025-5063 (Use after free in Compositing in Google 
Chrome prior to 137.0.715
        - chromium 137.0.7151.55-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2025-5283 (Use after free in libvpx in Google Chrome prior to 
137.0.7151.55 allow ...)
-       {DSA-5929-1 DSA-5928-1 DSA-5926-1 DLA-4191-1}
+       {DSA-5932-1 DSA-5929-1 DSA-5928-1 DSA-5926-1 DLA-4194-1 DLA-4191-1}
        - chromium 137.0.7151.55-1
        [bullseye] - chromium <end-of-life> (see #1061268)
        - firefox 139.0-1
@@ -661,13 +789,13 @@ CVE-2025-5272 (Memory safety bugs present in Firefox 138 
and Thunderbird 138. So
        - firefox 139.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-42/#CVE-2025-5272
 CVE-2025-5269 (Memory safety bug present in Firefox ESR 128.10, and 
Thunderbird 128.1 ...)
-       {DSA-5926-1 DLA-4191-1}
+       {DSA-5932-1 DSA-5926-1 DLA-4194-1 DLA-4191-1}
        - firefox-esr 128.11.0esr-1
        - thunderbird 1:128.11.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-44/#CVE-2025-5269
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-46/#CVE-2025-5269
 CVE-2025-5268 (Memory safety bugs present in Firefox 138, Thunderbird 138, 
Firefox ES ...)
-       {DSA-5926-1 DLA-4191-1}
+       {DSA-5932-1 DSA-5926-1 DLA-4194-1 DLA-4191-1}
        - firefox 139.0-1
        - firefox-esr 128.11.0esr-1
        - thunderbird 1:128.11.0esr-1
@@ -675,7 +803,7 @@ CVE-2025-5268 (Memory safety bugs present in Firefox 138, 
Thunderbird 138, Firef
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-44/#CVE-2025-5268
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-46/#CVE-2025-5268
 CVE-2025-5267 (A clickjacking vulnerability could have been used to trick a 
user into ...)
-       {DSA-5926-1 DLA-4191-1}
+       {DSA-5932-1 DSA-5926-1 DLA-4194-1 DLA-4191-1}
        - firefox 139.0-1
        - firefox-esr 128.11.0esr-1
        - thunderbird 1:128.11.0esr-1
@@ -689,7 +817,7 @@ CVE-2025-5270 (In certain cases, SNI could have been sent 
unencrypted even when
        - firefox 139.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-42/#CVE-2025-5270
 CVE-2025-5266 (Script elements loading cross-origin resources generated load 
and erro ...)
-       {DSA-5926-1 DLA-4191-1}
+       {DSA-5932-1 DSA-5926-1 DLA-4194-1 DLA-4191-1}
        - firefox 139.0-1
        - firefox-esr 128.11.0esr-1
        - thunderbird 1:128.11.0esr-1
@@ -704,7 +832,7 @@ CVE-2025-5265 (Due to insufficient escaping of the 
ampersand character in the \u
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-44/#CVE-2025-5265
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-46/#CVE-2025-5265
 CVE-2025-5264 (Due to insufficient escaping of the newline character in the 
\u201cCop ...)
-       {DSA-5926-1 DLA-4191-1}
+       {DSA-5932-1 DSA-5926-1 DLA-4194-1 DLA-4191-1}
        - firefox 139.0-1
        - firefox-esr 128.11.0esr-1
        - thunderbird 1:128.11.0esr-1
@@ -712,7 +840,7 @@ CVE-2025-5264 (Due to insufficient escaping of the newline 
character in the \u20
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-44/#CVE-2025-5264
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-46/#CVE-2025-5264
 CVE-2025-5263 (Error handling for script execution was incorrectly isolated 
from web  ...)
-       {DSA-5926-1 DLA-4191-1}
+       {DSA-5932-1 DSA-5926-1 DLA-4194-1 DLA-4191-1}
        - firefox 139.0-1
        - firefox-esr 128.11.0esr-1
        - thunderbird 1:128.11.0esr-1
@@ -1489,7 +1617,7 @@ CVE-2018-25110 (Marked prior to version 0.3.17 is 
vulnerable to a Regular Expres
        NOTE: https://github.com/markedjs/marked/pull/1083
        NOTE: Fixed by: 
https://github.com/markedjs/marked/commit/b15e42b67cec9ded8505e9d68bb8741ad7a9590d
 (v0.3.18)
        NOTE: Fixed by: 
https://github.com/markedjs/marked/commit/2846212bb025d483690b95a007994d0d027ed056
 (v0.3.18)
-CVE-2025-40909 [Thread creation while a directory handle is open does a 
fchdir, affecting other threads (race condition)]
+CVE-2025-40909 (Perl threads have a working directory race condition where 
file operat ...)
        - perl <unfixed> (bug #1098226)
        [bookworm] - perl <no-dsa> (Minor issue; Perl maintainer will fix it 
via point release)
        [bullseye] - perl <postponed> (Minor issue, revisit when fixed upstream)
@@ -3204,7 +3332,7 @@ CVE-2025-4867 (A vulnerability was found in Tenda A15 
15.13.07.13. It has been d
 CVE-2025-48219 (O2 UK before 2025-05-19 allows subscribers to determine the 
Cell ID of ...)
        NOT-FOR-US: O2 UK
 CVE-2025-4919 (An attacker was able to perform an out-of-bounds read or write 
on a Ja ...)
-       {DSA-5922-1 DLA-4172-1}
+       {DSA-5932-1 DSA-5922-1 DLA-4194-1 DLA-4172-1}
        - firefox 138.0.4-1
        - firefox-esr 128.10.1esr-1
        - thunderbird 1:128.11.0esr-1
@@ -3213,7 +3341,7 @@ CVE-2025-4919 (An attacker was able to perform an 
out-of-bounds read or write on
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-38/#CVE-2025-4919
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-40/#CVE-2025-4919
 CVE-2025-4918 (An attacker was able to perform an out-of-bounds read or write 
on a Ja ...)
-       {DSA-5922-1 DLA-4172-1}
+       {DSA-5932-1 DSA-5922-1 DLA-4194-1 DLA-4172-1}
        - firefox 138.0.4-1
        - firefox-esr 128.10.1esr-1
        - thunderbird 1:128.11.0esr-1
@@ -4268,9 +4396,9 @@ CVE-2025-4698 (A vulnerability classified as critical has 
been found in PHPGuruk
        NOT-FOR-US: PHPGurukul
 CVE-2025-4697 (A vulnerability was found in PHPGurukul Directory Management 
System 2. ...)
        NOT-FOR-US: PHPGurukul
-CVE-2025-4696 (A vulnerability was found in PHPGurukul Cyber Cafe Management 
System 1 ...)
+CVE-2025-4696 (A vulnerability was found in PHPGurukul/Campcodes Cyber Cafe 
Managemen ...)
        NOT-FOR-US: PHPGurukul
-CVE-2025-4695 (A vulnerability was found in PHPGurukul Cyber Cafe Management 
System 1 ...)
+CVE-2025-4695 (A vulnerability was found in PHPGurukul/Campcodes Cyber Cafe 
Managemen ...)
        NOT-FOR-US: PHPGurukul
 CVE-2025-4564 (The TicketBAI Facturas para WooCommerce plugin for WordPress is 
vulner ...)
        NOT-FOR-US: WordPress plugin
@@ -8003,7 +8131,7 @@ CVE-2025-4237 (A vulnerability was found in PCMan FTP 
Server 2.0.7 and classifie
        NOT-FOR-US: PCMan FTP Server
 CVE-2025-4236 (A vulnerability has been found in PCMan FTP Server 2.0.7 and 
classifie ...)
        NOT-FOR-US: PCMan FTP Server
-CVE-2025-4226 (A vulnerability classified as critical has been found in 
PHPGurukul Cy ...)
+CVE-2025-4226 (A vulnerability classified as critical has been found in 
PHPGurukul/Ca ...)
        NOT-FOR-US: PHPGurukul
 CVE-2025-1838 (IBM Cloud Pak for Business Automation   24.0.0 and 24.0.1 
through 24.0 ...)
        NOT-FOR-US: IBM
@@ -14739,6 +14867,7 @@ CVE-2025-3589 (A vulnerability, which was classified as 
critical, was found in S
 CVE-2025-3588 (A vulnerability, which was classified as problematic, has been 
found i ...)
        NOT-FOR-US: joelittlejohn jsonschema2pojo
 CVE-2025-3576 (A vulnerability in the MIT Kerberos implementation allows 
GSSAPI-prote ...)
+       {DLA-4195-1}
        - krb5 1.21.2-1 (bug #1103525)
        [bookworm] - krb5 <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2359465
@@ -68355,6 +68484,7 @@ CVE-2024-45802 (Squid is an open source caching proxy 
for the Web supporting HTT
 CVE-2024-9162 (The All-in-One WP Migration and Backup plugin for WordPress is 
vulnera ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-50624 (ispdbservice.cpp in KDE Kmail before 6.2.0 allows 
man-in-the-middle at ...)
+       {DLA-4196-1}
        [experimental] - kmail-account-wizard 4:24.08.0-1
        - kmail-account-wizard 4:24.12.0-2 (bug #1086198)
        [bookworm] - kmail-account-wizard <no-dsa> (Minor issue)
@@ -201563,8 +201693,8 @@ CVE-2023-26228
        RESERVED
 CVE-2023-26227
        RESERVED
-CVE-2023-26226
-       RESERVED
+CVE-2023-26226 (A use after free memory corruption issue exists in Yandex 
Browser for  ...)
+       TODO: check
 CVE-2023-26225
        RESERVED
 CVE-2023-26224



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6b5bb4bcfe532c3facefaf7443405d4da15a490

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6b5bb4bcfe532c3facefaf7443405d4da15a490
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to