Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b9e8f77f by security tracker role at 2025-06-07T08:12:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,10 +1,18 @@
+CVE-2025-5814 (The Profiler \u2013 What Slowing Down Your WP plugin for
WordPress is ...)
+ TODO: check
+CVE-2025-49128 (Jackson-core contains core low-level incremental ("streaming")
parser ...)
+ TODO: check
+CVE-2025-49127 (Kafbat UI is a web user interface for managing Apache Kafka
clusters. ...)
+ TODO: check
+CVE-2025-47601 (Missing Authorization vulnerability in Christiaan Pieterse
MaxiBlocks ...)
+ TODO: check
CVE-2025-5806 (Jenkins Gatling Plugin 136.vb_9009b_3d33a_e serves Gatling
reports in ...)
NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-5799 (A vulnerability was found in Tenda AC8 16.03.34.09. It has been
declar ...)
NOT-FOR-US: Tenda
CVE-2025-5798 (A vulnerability was found in Tenda AC8 16.03.34.09. It has been
classi ...)
NOT-FOR-US: Tenda
-CVE-2025-5797 (A vulnerability was found in Laundry Laundry System 1.0 and
classified ...)
+CVE-2025-5797 (A vulnerability was found in code-projects Laundry System 1.0
and clas ...)
NOT-FOR-US: Laundry Laundry System
CVE-2025-5796 (A vulnerability has been found in code-projects Laundry System
1.0 and ...)
NOT-FOR-US: code-projects
@@ -278,7 +286,7 @@ CVE-2025-48329 (Improper Neutralization of Input During Web
Page Generation ('Cr
NOT-FOR-US: WordPress plugin or theme
CVE-2025-48328 (Cross-Site Request Forgery (CSRF) vulnerability in Daman Jeet
Real Tim ...)
NOT-FOR-US: WordPress plugin or theme
-CVE-2025-47950 (CoreDNS is a DNS server that chains plugins. In versions prior
to 1.21 ...)
+CVE-2025-47950 (CoreDNS is a DNS server that chains plugins. In versions prior
to 1.12 ...)
- coredns <itp> (bug #880676)
CVE-2025-47586 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
NOT-FOR-US: WordPress plugin or theme
@@ -1232,7 +1240,7 @@ CVE-2025-20981 (Improper access control in AudioService
prior to SMR Jun-2025 Re
NOT-FOR-US: Samsung Mobile
CVE-2024-31127 (An improper verification of a loaded library in Zscaler Client
Connect ...)
NOT-FOR-US: Zscaler Client Connector on Mac
-CVE-2025-5399 [WebSocket endless loop]
+CVE-2025-5399 (Due to a mistake in libcurl's WebSocket code, a malicious
server can s ...)
- curl 8.14.1-1
[bookworm] - curl <not-affected> (Vulnerable code not present)
[bullseye] - curl <not-affected> (Vulnerable code not present)
@@ -8846,7 +8854,8 @@ CVE-2025-37801 (In the Linux kernel, the following
vulnerability has been resolv
CVE-2025-37800 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 6.12.27-1
NOTE:
https://git.kernel.org/linus/18daa52418e7e4629ed1703b64777294209d2622 (6.15-rc4)
-CVE-2025-5473 [ZDI-CAN-26752]
+CVE-2025-5473 (GIMP ICO File Parsing Integer Overflow Remote Code Execution
Vulnerabi ...)
+ {DSA-5939-1}
- gimp 3.0.2-3.1 (bug #1105005)
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/13910
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/gimp/-/commit/c855d1df60ebaf5ef8d02807d448eb088f147a2b
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b9e8f77fe8e8a5e7d4d38e1c248ef77da0e6c307
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b9e8f77fe8e8a5e7d4d38e1c248ef77da0e6c307
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
