Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
004abf46 by security tracker role at 2025-06-03T20:13:38+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,8 +1,158 @@
+CVE-2025-5525 (A vulnerability was found in Jrohy trojan up to 2.15.3. It has
been de ...)
+ TODO: check
+CVE-2025-5523 (A vulnerability classified as problematic has been found in
enilu web- ...)
+ TODO: check
+CVE-2025-5522 (A vulnerability was found in jack0240 \u9b4f bskms
\u84dd\u5929\u5e7c\ ...)
+ TODO: check
+CVE-2025-5521 (A vulnerability was found in WuKongOpenSource WukongCRM 9.0. It
has be ...)
+ TODO: check
+CVE-2025-5520 (A vulnerability was found in Open5GS up to 2.7.3. It has been
classifi ...)
+ TODO: check
+CVE-2025-5516 (A vulnerability, which was classified as problematic, was found
in TOT ...)
+ TODO: check
+CVE-2025-5515 (A vulnerability, which was classified as critical, has been
found in T ...)
+ TODO: check
+CVE-2025-5513 (A vulnerability has been found in quequnlong shiyi-blog up to
1.2.1 an ...)
+ TODO: check
+CVE-2025-5512 (A vulnerability, which was classified as critical, was found in
quequn ...)
+ TODO: check
+CVE-2025-5511 (A vulnerability, which was classified as critical, has been
found in q ...)
+ TODO: check
+CVE-2025-5510 (A vulnerability classified as critical was found in quequnlong
shiyi-b ...)
+ TODO: check
+CVE-2025-5509 (A vulnerability classified as critical has been found in
quequnlong sh ...)
+ TODO: check
+CVE-2025-5508 (A vulnerability was found in TOTOLINK A3002RU
2.1.1-B20230720.1011. It ...)
+ TODO: check
+CVE-2025-5507 (A vulnerability was found in TOTOLINK A3002RU
2.1.1-B20230720.1011. It ...)
+ TODO: check
+CVE-2025-5506 (A vulnerability was found in TOTOLINK A3002RU
2.1.1-B20230720.1011. It ...)
+ TODO: check
+CVE-2025-5505 (A vulnerability was found in TOTOLINK A3002RU
2.1.1-B20230720.1011 and ...)
+ TODO: check
+CVE-2025-5504 (A vulnerability has been found in TOTOLINK X2000R
1.0.0-B20230726.1108 ...)
+ TODO: check
+CVE-2025-5503 (A vulnerability, which was classified as critical, was found in
TOTOLI ...)
+ TODO: check
+CVE-2025-5502 (A vulnerability, which was classified as critical, has been
found in T ...)
+ TODO: check
+CVE-2025-5501 (A vulnerability classified as problematic was found in Open5GS
up to 2 ...)
+ TODO: check
+CVE-2025-5499 (A vulnerability classified as critical has been found in
slackero phpw ...)
+ TODO: check
+CVE-2025-5498 (A vulnerability was found in slackero phpwcms up to
1.9.45/1.10.8. It ...)
+ TODO: check
+CVE-2025-5497 (A vulnerability was found in slackero phpwcms up to
1.9.45/1.10.8. It ...)
+ TODO: check
+CVE-2025-5495 (A vulnerability was found in Netgear WNR614 1.1.0.28_1.0.1WW.
It has b ...)
+ TODO: check
+CVE-2025-5493 (A vulnerability was found in Baison Channel Middleware Product
2.0.1 a ...)
+ TODO: check
+CVE-2025-5492 (A vulnerability has been found in D-Link DI-500WF-WT up to
20250511 an ...)
+ TODO: check
+CVE-2025-5340 (The Music Player for Elementor plugin for WordPress is
vulnerable to S ...)
+ TODO: check
+CVE-2025-5116 (The WP Plugin Info Card plugin for WordPress is vulnerable to
Stored C ...)
+ TODO: check
+CVE-2025-5103 (The Ultimate Gift Cards for WooCommerce plugin for WordPress is
vulner ...)
+ TODO: check
+CVE-2025-4671 (The Profile Builder plugin for WordPress is vulnerable to
Stored Cross ...)
+ TODO: check
+CVE-2025-4517 (Allows arbitrary filesystem writes outside the extraction
directory du ...)
+ TODO: check
+CVE-2025-4435 (When using a TarFile.errorlevel = 0and extracting with a filter
the do ...)
+ TODO: check
+CVE-2025-4420 (The Vayu Blocks \u2013 Gutenberg Blocks for WordPress &
WooCommerce pl ...)
+ TODO: check
+CVE-2025-4392 (The Shared Files \u2013 Frontend File Upload Form & Secure File
Sharin ...)
+ TODO: check
+CVE-2025-4330 (Allows the extraction filter to be ignored, allowing symlink
targets t ...)
+ TODO: check
+CVE-2025-4205 (The Popup Maker plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
+ TODO: check
+CVE-2025-4138 (Allows the extraction filter to be ignored, allowing symlink
targets t ...)
+ TODO: check
+CVE-2025-48998 (DataEase is an open source business intelligence and data
visualizatio ...)
+ TODO: check
+CVE-2025-48997 (Multer is a node.js middleware for handling
`multipart/form-data`. A v ...)
+ TODO: check
+CVE-2025-48953 (Umbraco is an ASP.NET content management system (CMS).
Starting in ver ...)
+ TODO: check
+CVE-2025-48950 (MaxKB is an open-source AI assistant for enterprise. Prior to
version ...)
+ TODO: check
+CVE-2025-46355 (Incorrect default permissions issue in PC Time Tracer prior to
5.2. If ...)
+ TODO: check
+CVE-2025-46154 (Foxcms v1.25 has a SQL time injection in the $_POST['dbname']
paramete ...)
+ TODO: check
+CVE-2025-45855 (An arbitrary file upload vulnerability in the component
/upload/GoodsC ...)
+ TODO: check
+CVE-2025-45854 (An arbitrary file upload vulnerability in the component
/server/execut ...)
+ TODO: check
+CVE-2025-44148 (Cross Site Scripting (XSS) vulnerability in MailEnable before
v10 allo ...)
+ TODO: check
+CVE-2025-43925 (An issue was discovered in Unicom Focal Point 7.6.1. The
database is e ...)
+ TODO: check
+CVE-2025-43924 (Cross Site Scripting vulnerability was discovered in Unicom
Focal Poin ...)
+ TODO: check
+CVE-2025-43923 (An issue was discovered in ReportController in Unicom Focal
Point 7.6. ...)
+ TODO: check
+CVE-2025-41428 (Improper limitation of a pathname to a restricted directory
('Path Tra ...)
+ TODO: check
+CVE-2025-36564 (Dell Encryption Admin Utilities versions prior to 11.10.2
contain an I ...)
+ TODO: check
+CVE-2025-35036 (Hibernate Validator before 6.2.0 and 7.0.0, by default and
depending h ...)
+ TODO: check
+CVE-2025-32106 (In Audiocodes Mediapack MP-11x through 6.60A.369.002, a
crafted POST r ...)
+ TODO: check
+CVE-2025-32105 (A buffer overflow in the the Sangoma IMG2020 HTTP server
through 2.3.9 ...)
+ TODO: check
+CVE-2025-31359 (A directory traversal vulnerability exists in the PVMP package
unpacki ...)
+ TODO: check
+CVE-2025-30360 (webpack-dev-server allows users to use webpack with a
development serv ...)
+ TODO: check
+CVE-2025-30359 (webpack-dev-server allows users to use webpack with a
development serv ...)
+ TODO: check
+CVE-2025-30167 (Jupyter Core is a package for the core common functionality of
Jupyter ...)
+ TODO: check
+CVE-2025-25022 (IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM
Cloud Pak ...)
+ TODO: check
+CVE-2025-25021 (IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM
Cloud Pak ...)
+ TODO: check
+CVE-2025-25020 (IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM
Cloud Pak ...)
+ TODO: check
+CVE-2025-25019 (IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM
Cloud Pak ...)
+ TODO: check
+CVE-2025-23107 (An issue was discovered in Samsung Mobile Processor Exynos
1480 and 24 ...)
+ TODO: check
+CVE-2025-23103 (An issue was discovered in Samsung Mobile Processor Exynos
1480 and 24 ...)
+ TODO: check
+CVE-2025-23102 (An issue was discovered in Samsung Mobile Processor Exynos
9820, 9825, ...)
+ TODO: check
+CVE-2025-23100 (An issue was discovered in Samsung Mobile Processor Exynos
1280, 2200, ...)
+ TODO: check
+CVE-2025-23098 (An issue was discovered in Samsung Mobile Processor Exynos
980, 990, 1 ...)
+ TODO: check
+CVE-2025-23097 (An issue was discovered in Samsung Mobile Processor Exynos
1380. The l ...)
+ TODO: check
+CVE-2025-1725 (The Bit File Manager \u2013 100% Free & Open Source File
Manager and C ...)
+ TODO: check
+CVE-2025-1334 (IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM
Cloud Pak ...)
+ TODO: check
+CVE-2024-54189 (A privilege escalation vulnerability exists in the Snapshot
functional ...)
+ TODO: check
+CVE-2024-52561 (A privilege escalation vulnerability exists in the Snapshot
functional ...)
+ TODO: check
+CVE-2024-45655 (IBM Application Gateway 19.12 through 24.09 could allow a
local privil ...)
+ TODO: check
+CVE-2024-36486 (A privilege escalation vulnerability exists in the virtual
machine arc ...)
+ TODO: check
+CVE-2024-12718 (Allows modifying some file metadata (e.g. last modified) with
filter=" ...)
+ TODO: check
CVE-2024-47081
- requests <unfixed>
[bookworm] - requests <postponed> (Minor issue; revisit when fixed
upstream)
NOTE: https://www.openwall.com/lists/oss-security/2025/06/03/9
-CVE-2025-46548
+CVE-2025-46548 (If you enable Basic Authentication in Pekko Management using
the Java ...)
NOT-FOR-US: Apache Pekko Management
CVE-2025-0620
- samba <unfixed> (bug #1107248)
@@ -59077,7 +59227,7 @@ CVE-2024-52336 (A script injection vulnerability was
identified in the Tuned pac
CVE-2024-52008 (Fides is an open-source privacy engineering platform. The user
invite ...)
NOT-FOR-US: Fides
CVE-2024-51058 (Local File Inclusion (LFI) vulnerability has been discovered
in TCPDF ...)
- {DSA-5933-1}
+ {DSA-5933-1 DLA-4199-1}
- tcpdf 6.7.7+dfsg-1 (bug #1088332)
NOTE:
https://github.com/tecnickcom/TCPDF/commit/bfa7d2b6d455ebf72ebe3d48fbd487ee5a1f6f3b
(6.7.6)
CVE-2024-50377 (A CWE-798 "Use of Hard-coded Credentials" was discovered
affecting the ...)
@@ -154489,7 +154639,7 @@ CVE-2023-49743 (Improper Neutralization of Input
During Web Page Generation ('Cr
NOT-FOR-US: WordPress plugin
CVE-2023-49740 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-49739 ([PROBLEMTYPE] in [COMPONENT] in [VENDOR] [PRODUCT] [VERSION]
on [PLATF ...)
+CVE-2023-49739 (Vulnerability in IdeaBox Creations PowerPack Pro for
Elementor.This is ...)
NOT-FOR-US: WordPress plugin
CVE-2023-49708 (SQLi vulnerability in Starshop component for Joomla.)
NOT-FOR-US: Starshop component for Joomla
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/004abf46119c802c9d948f6c083cc6aea92d46ca
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/004abf46119c802c9d948f6c083cc6aea92d46ca
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
