Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f96fe0d4 by security tracker role at 2025-06-05T08:12:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,96 @@
-CVE-2025-49466
+CVE-2025-5690 (PostgreSQL Anonymizer v2.0 and v2.1 contain a vulnerability
that allow ...)
+ TODO: check
+CVE-2025-5683 (When loading a specifically crafted ICNS format image file in
QImage t ...)
+ TODO: check
+CVE-2025-5646 (A vulnerability has been found in Radare2 5.9.9 and classified
as prob ...)
+ TODO: check
+CVE-2025-5645 (A vulnerability, which was classified as problematic, was found
in Rad ...)
+ TODO: check
+CVE-2025-5644 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2025-5643 (A vulnerability classified as problematic was found in Radare2
5.9.9. ...)
+ TODO: check
+CVE-2025-5642 (A vulnerability classified as problematic has been found in
Radare2 5. ...)
+ TODO: check
+CVE-2025-5641 (A vulnerability was found in Radare2 5.9.9. It has been rated
as probl ...)
+ TODO: check
+CVE-2025-5640 (A vulnerability was found in PX4-Autopilot 1.12.3. It has been
classif ...)
+ TODO: check
+CVE-2025-5639 (A vulnerability was found in PHPGurukul Notice Board System 1.0
and cl ...)
+ TODO: check
+CVE-2025-5638 (A vulnerability has been found in PHPGurukul Notice Board
System 1.0 a ...)
+ TODO: check
+CVE-2025-5637 (A vulnerability, which was classified as critical, was found in
PCMan ...)
+ TODO: check
+CVE-2025-5636 (A vulnerability, which was classified as critical, has been
found in P ...)
+ TODO: check
+CVE-2025-5635 (A vulnerability classified as critical was found in PCMan FTP
Server 2 ...)
+ TODO: check
+CVE-2025-5634 (A vulnerability classified as critical has been found in PCMan
FTP Ser ...)
+ TODO: check
+CVE-2025-5633 (A vulnerability was found in code-projects/anirbandutta9
Content Manag ...)
+ TODO: check
+CVE-2025-5632 (A vulnerability was found in code-projects/anirbandutta9
Content Manag ...)
+ TODO: check
+CVE-2025-5631 (A vulnerability was found in code-projects/anirbandutta9
Content Manag ...)
+ TODO: check
+CVE-2025-5630 (A vulnerability has been found in D-Link DIR-816 1.10CNB05 and
classif ...)
+ TODO: check
+CVE-2025-5629 (A vulnerability, which was classified as critical, was found in
Tenda ...)
+ TODO: check
+CVE-2025-5628 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2025-5627 (A vulnerability classified as critical was found in
code-projects Pati ...)
+ TODO: check
+CVE-2025-5626 (A vulnerability classified as critical has been found in
Campcodes Onl ...)
+ TODO: check
+CVE-2025-5625 (A vulnerability was found in Campcodes Online Teacher Record
Managemen ...)
+ TODO: check
+CVE-2025-5624 (A vulnerability was found in D-Link DIR-816 1.10CNB05. It has
been dec ...)
+ TODO: check
+CVE-2025-5623 (A vulnerability was found in D-Link DIR-816 1.10CNB05. It has
been cla ...)
+ TODO: check
+CVE-2025-5622 (A vulnerability was found in D-Link DIR-816 1.10CNB05 and
classified a ...)
+ TODO: check
+CVE-2025-5621 (A vulnerability has been found in D-Link DIR-816 1.10CNB05 and
classif ...)
+ TODO: check
+CVE-2025-5620 (A vulnerability, which was classified as critical, was found in
D-Link ...)
+ TODO: check
+CVE-2025-5619 (A vulnerability, which was classified as critical, has been
found in T ...)
+ TODO: check
+CVE-2025-5618 (A vulnerability classified as critical was found in PHPGurukul
Online ...)
+ TODO: check
+CVE-2025-5617 (A vulnerability classified as critical has been found in
PHPGurukul On ...)
+ TODO: check
+CVE-2025-5616 (A vulnerability was found in PHPGurukul Online Fire Reporting
System 1 ...)
+ TODO: check
+CVE-2025-5615 (A vulnerability was found in PHPGurukul Online Fire Reporting
System 1 ...)
+ TODO: check
+CVE-2025-5614 (A vulnerability was found in PHPGurukul Online Fire Reporting
System 1 ...)
+ TODO: check
+CVE-2025-5613 (A vulnerability was found in PHPGurukul Online Fire Reporting
System 1 ...)
+ TODO: check
+CVE-2025-5612 (A vulnerability has been found in PHPGurukul Online Fire
Reporting Sys ...)
+ TODO: check
+CVE-2025-5611 (A vulnerability, which was classified as critical, was found in
CodeAs ...)
+ TODO: check
+CVE-2025-5610 (A vulnerability, which was classified as critical, has been
found in C ...)
+ TODO: check
+CVE-2025-49008 (Atheos is a self-hosted browser-based cloud integrated
development env ...)
+ TODO: check
+CVE-2025-49007 (Rack is a modular Ruby web server interface. Starting in
version 3.1.0 ...)
+ TODO: check
+CVE-2025-48947 (The Auth0 Next.js SDK is a library for implementing user
authenticatio ...)
+ TODO: check
+CVE-2025-46341 (FreshRSS is a self-hosted RSS feed aggregator. Prior to
version 1.26.2 ...)
+ TODO: check
+CVE-2025-3055 (The WP User Frontend Pro plugin for WordPress is vulnerable to
arbitra ...)
+ TODO: check
+CVE-2025-3054 (The WP User Frontend Pro plugin for WordPress is vulnerable to
arbitra ...)
+ TODO: check
+CVE-2025-1793 (Multiple vector store integrations in run-llama/llama_index
version v0 ...)
+ TODO: check
+CVE-2025-49466 (aerc before 93bec0d allows directory traversal in
commands/msgview/ope ...)
- earc 0.20.0-2
NOTE: Fixed by:
https://git.sr.ht/~rjarry/aerc/commit/93bec0de8ed5ab3d6b1f01026fe2ef20fa154329
NOTE: Regression fix:
https://git.sr.ht/~rjarry/aerc/commit/2bbe75fe0bc87ab4c1e16c5a18c6200224391629
@@ -136,7 +228,7 @@ CVE-2024-13967 (This vulnerability allows the successful
attacker to gain unauth
NOT-FOR-US: ABB group
CVE-2018-25112 (An unauthenticated remote attacker may use an uncontrolled
resource co ...)
NOT-FOR-US: IEC 61131
-CVE-2025-48432 [Potential log injection via unescaped request path]
+CVE-2025-48432 (An issue was discovered in Django 5.2 before 5.2.2, 5.1 before
5.1.10, ...)
- python-django 3:4.2.22-1 (bug #1107282)
NOTE:
https://www.djangoproject.com/weblog/2025/jun/04/security-releases/
NOTE: Fixed by:
https://github.com/django/django/commit/ac03c5e7df8680c61cdb0d3bdb8be9095dba841e
(4.2.22)
@@ -8519,9 +8611,9 @@ CVE-2025-4355 (A vulnerability was found in Tenda
DAP-1520 1.10B04_BETA02. It ha
NOT-FOR-US: Tenda
CVE-2025-4354 (A vulnerability was found in Tenda DAP-1520 1.10B04_BETA02 and
classif ...)
NOT-FOR-US: Tenda
-CVE-2025-4353 (A vulnerability, which was classified as critical, was found in
Golden ...)
+CVE-2025-4353 (A vulnerability, which was classified as critical, was found in
Brilli ...)
NOT-FOR-US: Golden Link Secondary System
-CVE-2025-4352 (A vulnerability, which was classified as critical, has been
found in G ...)
+CVE-2025-4352 (A vulnerability, which was classified as critical, has been
found in B ...)
NOT-FOR-US: Golden Link Secondary System
CVE-2025-4350 (A vulnerability classified as critical was found in D-Link
DIR-600L up ...)
NOT-FOR-US: D-Link
@@ -407197,7 +407289,7 @@ CVE-2020-16248 (Prometheus Blackbox Exporter through
0.17.0 allows /probe?target
NOTE: https://www.openwall.com/lists/oss-security/2020/08/08/3
NOTE: Upstream of the project did disputed the CVE. Upstream position is
NOTE: that the refererred behaviour is intended functionality.
-CVE-2020-16247 (Philips Clinical Collaboration Platform, Versions 12.2.1 and
prior. Th ...)
+CVE-2020-16247 (Philips Clinical Collaboration Platform, Versions 12.2.1 and
prior, ...)
NOT-FOR-US: Philips
CVE-2020-16246 (The affected Reason S20 Ethernet Switch is vulnerable to
cross-site sc ...)
NOT-FOR-US: Reason S20 Ethernet Switch
@@ -407209,15 +407301,15 @@ CVE-2020-16243 (Multiple buffer overflow
vulnerabilities exist when LeviStudioU
NOT-FOR-US: LeviStudioU
CVE-2020-16242 (The affected Reason S20 Ethernet Switch is vulnerable to
cross-site sc ...)
NOT-FOR-US: General Electric
-CVE-2020-16241 (Philips SureSigns VS4, A.07.107 and prior. The software does
not restr ...)
+CVE-2020-16241 (Philips SureSigns VS4, A.07.107 and prior does not restrict
or incorr ...)
NOT-FOR-US: Philips SureSigns
CVE-2020-16240 (GE Digital APM Classic, Versions 4.4 and prior. An insecure
direct obj ...)
NOT-FOR-US: GE Digital APM Classic
-CVE-2020-16239 (Philips SureSigns VS4, A.07.107 and prior. When an actor
claims to hav ...)
+CVE-2020-16239 (When an actor claims to have a given identity, Philips
SureSigns VS4 ...)
NOT-FOR-US: Philips SureSigns
CVE-2020-16238 (A vulnerability in the configuration import mechanism of the
B. Braun ...)
NOT-FOR-US: B. Braun Melsungen AG
-CVE-2020-16237 (Philips SureSigns VS4, A.07.107 and prior. The product
receives input ...)
+CVE-2020-16237 (Philips SureSigns VS4, A.07.107 and prior receives input or
data, but ...)
NOT-FOR-US: Philips SureSigns
CVE-2020-16236 (FPWIN Pro is vulnerable to an out-of-bounds read vulnerability
when a ...)
NOT-FOR-US: FPWIN Pro
@@ -407291,11 +407383,11 @@ CVE-2020-16202 (WebAccess Node (All versions prior
to 9.0.1) has incorrect permi
NOT-FOR-US: WebAccess Node
CVE-2020-16201 (Delta Industrial Automation CNCSoft ScreenEditor, Versions
1.01.23 and ...)
NOT-FOR-US: Delta Industrial Automation
-CVE-2020-16200 (Philips Clinical Collaboration Platform, Versions 12.2.1 and
prior. Th ...)
+CVE-2020-16200 (Philips Clinical Collaboration Platform, Versions 12.2.1 and
prior, ...)
NOT-FOR-US: Philips
CVE-2020-16199 (Delta Industrial Automation CNCSoft ScreenEditor, Versions
1.01.23 and ...)
NOT-FOR-US: Delta Industrial Automation
-CVE-2020-16198 (Philips Clinical Collaboration Platform, Versions 12.2.1 and
prior. Wh ...)
+CVE-2020-16198 (When an attacker claims to have a given identity, Philips
Clinical C ...)
NOT-FOR-US: Philips
CVE-2020-16197 (An issue was discovered in Octopus Deploy 3.4. A deployment
target can ...)
NOT-FOR-US: Octopus Deploy
@@ -411708,7 +411800,7 @@ CVE-2020-14527 (Vulnerability in the Primavera
Portfolio Management product of O
NOT-FOR-US: Oracle
CVE-2020-14526
RESERVED
-CVE-2020-14525 (Philips Clinical Collaboration Platform, Versions 12.2.1 and
prior. Th ...)
+CVE-2020-14525 (Philips Clinical Collaboration Platform, Versions 12.2.1 and
prior, do ...)
NOT-FOR-US: Philips
CVE-2020-14524 (Softing Industrial Automation all versions prior to the latest
build o ...)
NOT-FOR-US: Softing Industrial Automation
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f96fe0d490aa81f64537a126ac1fa68c797927fd
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f96fe0d490aa81f64537a126ac1fa68c797927fd
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
