[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Thu, 12 Jun 2025 01:12:53 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
6d75569a by security tracker role at 2025-06-12T08:12:32+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,43 @@
+CVE-2025-6009 (A vulnerability was found in kiCode111 like-girl 5.2.0 and 
classified  ...)
+       TODO: check
+CVE-2025-6008 (A vulnerability has been found in kiCode111 like-girl 5.2.0 and 
classi ...)
+       TODO: check
+CVE-2025-6007 (A vulnerability, which was classified as critical, was found in 
kiCode ...)
+       TODO: check
+CVE-2025-6006 (A vulnerability, which was classified as critical, has been 
found in k ...)
+       TODO: check
+CVE-2025-6005 (A vulnerability classified as critical was found in kiCode111 
like-gir ...)
+       TODO: check
+CVE-2025-5301 (ONLYOFFICE Docs (DocumentServer) in versions equal and below 
8.3.1 are ...)
+       TODO: check
+CVE-2025-5012 (The Workreap plugin for WordPress, used by the Workreap - 
Freelance Ma ...)
+       TODO: check
+CVE-2025-4973 (The Workreap plugin for WordPress, used by the Workreap - 
Freelance Ma ...)
+       TODO: check
+CVE-2025-49822
+       REJECTED
+CVE-2025-49821
+       REJECTED
+CVE-2025-49820
+       REJECTED
+CVE-2025-49819
+       REJECTED
+CVE-2025-49818
+       REJECTED
+CVE-2025-49817
+       REJECTED
+CVE-2025-49816
+       REJECTED
+CVE-2025-49815
+       REJECTED
+CVE-2025-49814
+       REJECTED
+CVE-2025-35978 (Improper restriction of communication channel to intended 
endpoints is ...)
+       TODO: check
+CVE-2023-36636
+       REJECTED
+CVE-2022-4976 (Archive::Unzip::Burst from 0.01 through 0.09 for Perl contains 
a bundl ...)
+       TODO: check
 CVE-2025-6002 (An unrestricted file upload vulnerability exists in the Product 
Image  ...)
        TODO: check
 CVE-2025-6001 (A Cross-Site Request Forgery (CSRF) vulnerability exists in the 
produc ...)
@@ -630,9 +670,11 @@ CVE-2025-49091 (KDE Konsole before 25.04.2 allows remote 
code execution in a cer
        NOTE: https://kde.org/info/security/advisory-20250609-1.txt
        NOTE: Fixed by: 
https://invent.kde.org/utilities/konsole/-/commit/09d20dea109050b4c02fb73095f327b5642a2b75
 (v25.04.2)
 CVE-2025-5958 (Use after free in Media in Google Chrome prior to 
137.0.7151.103 allow ...)
+       {DSA-5942-1}
        - chromium 137.0.7151.103-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2025-5959 (Type Confusion in V8 in Google Chrome prior to 137.0.7151.103 
allowed  ...)
+       {DSA-5942-1}
        - chromium 137.0.7151.103-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2025-5977 (A vulnerability was found in code-projects School Fees Payment 
System  ...)
@@ -3267,6 +3309,7 @@ CVE-2025-48495 (Gokapi is a self-hosted file sharing 
server with automatic expir
 CVE-2025-48494 (Gokapi is a self-hosted file sharing server with automatic 
expiration  ...)
        NOT-FOR-US: Gokapi
 CVE-2025-48387 (tar-fs provides filesystem bindings for tar-stream. Versions 
prior to  ...)
+       {DLA-4214-1}
        - node-tar-fs 3.0.9+~cs2.0.4-1
        NOTE: 
https://github.com/mafintosh/tar-fs/security/advisories/GHSA-8cj5-5rvv-wf4v
        NOTE: Fixed by: 
https://github.com/mafintosh/tar-fs/commit/647447b572bc135c41035e82ca7b894f02b17f0f
 (v3.0.9)
@@ -11821,6 +11864,7 @@ CVE-2025-4222 (The Database Toolset plugin for 
WordPress is vulnerable to Sensit
 CVE-2025-4218 (A vulnerability was found in handrew browserpilot up to 0.2.51. 
It has ...)
        NOT-FOR-US: handrew browserpilot
 CVE-2025-4215 (A vulnerability was found in gorhill uBlock Origin up to 
1.63.3b16. It ...)
+       {DLA-4215-1}
        - ublock-origin 1.62.0+dfsg-2 (bug #1104635)
        [bookworm] - ublock-origin <no-dsa> (Minor issue)
        NOTE: 
https://github.com/gorhill/uBlock/commit/eaedaf5b10d2f7857c6b77fbf7d4a80681d4d46c
 (1.63.3b17)
@@ -25310,6 +25354,7 @@ CVE-2024-55072 (A Broken Object Level Authorization 
vulnerability in the compone
 CVE-2024-55070 (A Broken Object Level Authorization vulnerability in the 
component /ho ...)
        NOT-FOR-US: hay-kot mealie
 CVE-2024-12905 (An Improper Link Resolution Before File Access ("Link 
Following") and  ...)
+       {DLA-4214-1}
        - node-tar-fs 3.0.8+~cs2.0.4-1 (bug #1101501)
        [bookworm] - node-tar-fs <no-dsa> (Minor issue)
        NOTE: https://github.com/advisories/GHSA-pq67-2wwv-3xjx



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d75569a353eb8b24a3d3e895ac901a562c09b54

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d75569a353eb8b24a3d3e895ac901a562c09b54
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to