Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
757d9645 by security tracker role at 2025-06-01T20:12:09+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,28 @@
-CVE-2025-40908 [uses 2-args open, allowing existing files to be modified]
+CVE-2025-5406 (A vulnerability, which was classified as critical, was found in
chaita ...)
+ TODO: check
+CVE-2025-5405 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2025-5404 (A vulnerability classified as problematic was found in
chaitak-gorai B ...)
+ TODO: check
+CVE-2025-5403 (A vulnerability classified as critical has been found in
chaitak-gorai ...)
+ TODO: check
+CVE-2025-5402 (A vulnerability was found in chaitak-gorai Blogbook up to
92f5cf90f8a7 ...)
+ TODO: check
+CVE-2025-5401 (A vulnerability was found in chaitak-gorai Blogbook up to
92f5cf90f8a7 ...)
+ TODO: check
+CVE-2025-5400 (A vulnerability was found in chaitak-gorai Blogbook up to
92f5cf90f8a7 ...)
+ TODO: check
+CVE-2025-33005 (IBM Planning Analytics Local 2.0 and 2.1 does not invalidate
session a ...)
+ TODO: check
+CVE-2025-33004 (IBM Planning Analytics Local 2.0 and 2.1 could allow a
privileged user ...)
+ TODO: check
+CVE-2025-2896 (IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to
cross-site s ...)
+ TODO: check
+CVE-2025-25044 (IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to
cross-site s ...)
+ TODO: check
+CVE-2025-1499 (IBM InfoSphere Information Server 11.7 stores credential
information f ...)
+ TODO: check
+CVE-2025-40908 (YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open,
allowing exis ...)
- libyaml-libyaml-perl 0.903.0+ds-1
[bookworm] - libyaml-libyaml-perl <no-dsa> (Minor issue)
NOTE: https://lists.security.metacpan.org/cve-announce/msg/30071726/
@@ -4602,6 +4626,7 @@ CVE-2025-2527 (Mattermost versions 10.5.x <= 10.5.2,
9.11.x <= 9.11.11 failed to
CVE-2025-26481 (Dell PowerScale OneFS, versions 9.4.0.0 through 9.9.0.0,
contains an u ...)
NOT-FOR-US: Dell / EMC
CVE-2025-1647 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ {DLA-4204-1}
- twitter-bootstrap4 <not-affected> (Only affects 3.x)
- twitter-bootstrap3 <unfixed> (bug #1105899)
[bookworm] - twitter-bootstrap3 <no-dsa> (Minor issue)
@@ -12407,7 +12432,7 @@ CVE-2024-13926 (The WP-Syntax WordPress plugin through
1.2 does not properly han
CVE-2021-4455 (The Wordpress Plugin Smart Product Review plugin for WordPress
is vuln ...)
NOT-FOR-US: WordPress plugin
CVE-2025-2866 (Improper Verification of Cryptographic Signature vulnerability
in Libr ...)
- {DSA-5908-1}
+ {DSA-5908-1 DLA-4205-1}
- libreoffice 4:25.2.2-1
NOTE:
https://www.libreoffice.org/about-us/security/advisories/cve-2025-2866/
NOTE: Fixed by: https://gerrit.libreoffice.org/c/core/+/183059
(25.8.0.0.alpha0+)
@@ -28279,7 +28304,7 @@ CVE-2025-1260 (On affected platforms running Arista EOS
with OpenConfig configur
CVE-2025-1259 (On affected platforms running Arista EOS with OpenConfig
configured, a ...)
NOT-FOR-US: Arista Networks
CVE-2025-1080 (LibreOffice supports Office URI Schemes to enable browser
integration ...)
- {DSA-5873-1}
+ {DSA-5873-1 DLA-4205-1}
- libreoffice 4:24.8.5-1
NOTE:
https://www.libreoffice.org/about-us/security/advisories/cve-2025-1080
NOTE: https://gerrit.libreoffice.org/c/core/+/181016
@@ -51673,22 +51698,22 @@ CVE-2024-53164 (In the Linux kernel, the following
vulnerability has been resolv
[bookworm] - linux 6.1.123-1
NOTE:
https://git.kernel.org/linus/5eb7de8cd58e73851cd37ff8d0666517d9926948 (6.13-rc2)
CVE-2024-56527 (An issue was discovered in TCPDF before 6.8.0. The Error
function lack ...)
- {DLA-4199-1}
+ {DSA-5933-1 DLA-4199-1}
- tcpdf 6.8.0+dfsg-1 (bug #1091689)
NOTE: Fixed by:
https://github.com/tecnickcom/TCPDF/commit/11778aaa2d9e30a9ae1c1ee97ff349344f0ad6e1
(6.8.0)
CVE-2024-56522 (An issue was discovered in TCPDF before 6.8.0.
unserializeTCPDFtag use ...)
- {DLA-4199-1}
+ {DSA-5933-1 DLA-4199-1}
- tcpdf 6.8.0+dfsg-1 (bug #1091688)
NOTE: Fixed by:
https://github.com/tecnickcom/TCPDF/commit/d54b97cec33f4f1a5ad81119a82085cad93cec89
(6.8.0)
CVE-2024-56521 (An issue was discovered in TCPDF before 6.8.0. If libcurl is
used, CUR ...)
- tcpdf 6.8.0+dfsg-1 (bug #1091687)
NOTE: Fixed by:
https://github.com/tecnickcom/TCPDF/commit/aab43ab0a824e956276141a28a24c7c0be20f554
(6.8.0)
CVE-2024-56520 (An issue was discovered in tc-lib-pdf-font before 2.6.4, as
used in TC ...)
- {DLA-4199-1}
+ {DSA-5933-1 DLA-4199-1}
- tcpdf 6.8.0+dfsg-1 (bug #1091686)
NOTE: Fixed by:
https://github.com/tecnickcom/TCPDF/commit/a0a02efe487cc39bd5223359e916dbeafb5cd6fe
(6.8.0)
CVE-2024-56519 (An issue was discovered in TCPDF before 6.8.0. setSVGStyles
does not s ...)
- {DLA-4199-1}
+ {DSA-5933-1 DLA-4199-1}
- tcpdf 6.8.0+dfsg-1 (bug #1091685)
NOTE: Fixed by:
https://github.com/tecnickcom/TCPDF/commit/c9f41cbb84880bdb4fc3e0a9d287214d1ac4d7f4
(6.8.0)
CVE-2024-56510 (@marp-team/marp-core is the core for Marp, which is the
ecosystem to w ...)
@@ -58638,6 +58663,7 @@ CVE-2024-52336 (A script injection vulnerability was
identified in the Tuned pac
CVE-2024-52008 (Fides is an open-source privacy engineering platform. The user
invite ...)
NOT-FOR-US: Fides
CVE-2024-51058 (Local File Inclusion (LFI) vulnerability has been discovered
in TCPDF ...)
+ {DSA-5933-1}
- tcpdf 6.7.7+dfsg-1 (bug #1088332)
NOTE:
https://github.com/tecnickcom/TCPDF/commit/bfa7d2b6d455ebf72ebe3d48fbd487ee5a1f6f3b
(6.7.6)
CVE-2024-50377 (A CWE-798 "Use of Hard-coded Credentials" was discovered
affecting the ...)
@@ -106735,7 +106761,7 @@ CVE-2024-23580 (HCL DRYiCE Optibot Reset Station is
impacted byinsecure encrypti
CVE-2024-23579 (HCL DRYiCE Optibot Reset Station is impacted by insecure
encryption of ...)
NOT-FOR-US: HCL
CVE-2024-22641 (TCPDF version 6.6.5 and before is vulnerable to ReDoS (Regular
Express ...)
- {DLA-4199-1}
+ {DSA-5933-1 DLA-4199-1}
- tcpdf 6.7.7+dfsg-1 (bug #1072528)
NOTE: https://github.com/tecnickcom/TCPDF/issues/724
NOTE: Fixed by:
https://github.com/tecnickcom/TCPDF/commit/17fe9597fb31d3d08c0f02a03338928ab8bcf0b5
(6.7.7)
@@ -124365,7 +124391,7 @@ CVE-2024-3701 (The system application
(com.transsion.kolun.aiservice) component
CVE-2024-3505 (JFrog Artifactory Self-Hosted versions below 7.77.3, are
vulnerable to ...)
NOT-FOR-US: JFrog Artifactory Self-Hosted
CVE-2024-32489 (TCPDF before 6.7.4 mishandles calls that use HTML syntax.)
- {DLA-4199-1}
+ {DSA-5933-1 DLA-4199-1}
- tcpdf 6.7.4+dfsg-1
NOTE: Fixed by:
https://github.com/tecnickcom/TCPDF/commit/51cd1b39de5643836e62661d162c472d63167df7
NOTE: Fixed by:
https://github.com/tecnickcom/TCPDF/commit/82fc97bf1c74c8dbe62b1d3cc6d10fa4b87e0262
(6.7.4)
@@ -145685,7 +145711,7 @@ CVE-2024-23055 (An issue in Plone Docker Official
Image 5.2.13 (5221) open-sourc
CVE-2024-22922 (An issue in Projectworlds Vistor Management Systemin PHP v.1.0
allows ...)
NOT-FOR-US: Projectworlds Vistor Management Systemin PHP
CVE-2024-22640 (TCPDF version <=6.6.5 is vulnerable to ReDoS (Regular
Expression Denia ...)
- {DLA-4199-1}
+ {DSA-5933-1 DLA-4199-1}
- tcpdf 6.7.5+dfsg-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2276090
NOTE: https://github.com/zunak/CVE-2024-22640
@@ -239086,6 +239112,7 @@ CVE-2022-3266 (An out-of-bounds read can occur when
decoding H264 video. This re
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-41/#CVE-2022-3266
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-42/#CVE-2022-3266
CVE-2022-41322 (In Kitty before 0.26.2, insufficient validation in the desktop
notific ...)
+ {DLA-4203-1}
- kitty 0.21.2-2 (bug #1020582)
[buster] - kitty <no-dsa> (Minor issue)
NOTE:
https://github.com/kovidgoyal/kitty/commit/f05783e64d5fa62e1aed603e8d69aced5e49824f
(v0.26.2)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/757d96454cea78a44f4c4999ea230aca940a648e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/757d96454cea78a44f4c4999ea230aca940a648e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
